Bug#738330: bundler: Use /etc/ssl/certs for ssl validation

Sun, 09 Feb 2014 01:34:02 -0800 

Package: bundler
Version: 1.5.3+dfsg-1
Severity: normal
Tags: patch

Hello,

Bundler uses its own bundled ssl certs that validate rubygems.org, using
the system-wide /etc/ssl/certs CApath seems more appropriate.

This is important for us, as we maintain a custom gem server, with a
valid ssl cert, and we are getting validation errors on bundle install.

The attached patch attempts to fix this.

Thank you,
chris

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable'), (1, 'experimental'), (1, 
'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages bundler depends on:
ii  ruby                          1:1.9.3
ii  ruby-net-http-persistent      2.9-1
ii  ruby-thor                     0.18.1.git20140116-2
ii  ruby1.9.1 [ruby-interpreter]  1.9.3.484-1
ii  ruby2.0 [ruby-interpreter]    2.0.0.353-1

Versions of packages bundler recommends:
ii  build-essential       11.6
ii  less                  458-2
pn  ruby-dev              <none>
ii  rubygems-integration  1.4
ii  sudo                  1.8.9p4-1

bundler suggests no packages.

-- no debconf information

>From 1a223186cda873de5782769f2cf6b0a1bc314426 Mon Sep 17 00:00:00 2001
From: Christos Trochalakis <yati...@ideopolis.gr>
Date: Sun, 9 Feb 2014 10:44:31 +0200
Subject: [PATCH] Use /etc/ssl/certs for ssl validation

---
 .../0001-Use-etc-ssl-certs-CApath-by-default.patch | 37 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 38 insertions(+)
 create mode 100644 debian/patches/0001-Use-etc-ssl-certs-CApath-by-default.patch

diff --git a/debian/patches/0001-Use-etc-ssl-certs-CApath-by-default.patch b/debian/patches/0001-Use-etc-ssl-certs-CApath-by-default.patch
new file mode 100644
index 0000000..75edb3d
--- /dev/null
+++ b/debian/patches/0001-Use-etc-ssl-certs-CApath-by-default.patch
@@ -0,0 +1,37 @@
+From: Christos Trochalakis <yati...@ideopolis.gr>
+Date: Sun, 9 Feb 2014 10:32:33 +0200
+Subject: Use /etc/ssl/certs CApath by default
+
+Bundler uses its own bundled ssl certs that validate rubygems.org, using
+the system-wide /etc/ssl/certs CApath seems more appropriate.
+
+As a side effect, private gem servers, using valid ssl certs, now work
+as expected.
+---
+ lib/bundler/settings.rb | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/lib/bundler/settings.rb b/lib/bundler/settings.rb
+index 55218d9..d3ea9cb 100644
+--- a/lib/bundler/settings.rb
++++ b/lib/bundler/settings.rb
+@@ -1,5 +1,10 @@
+ module Bundler
+   class Settings
++
++    DEBIAN_DEFAULTS = {
++      'BUNDLE_SSL_CA_CERT' => '/etc/ssl/certs'
++    }
++
+     def initialize(root = nil)
+       @root          = root
+       @local_config  = load_config(local_config_file)
+@@ -8,7 +13,7 @@ module Bundler
+ 
+     def [](key)
+       the_key = key_for(key)
+-      value = (@local_config[the_key] || ENV[the_key] || @global_config[the_key])
++      value = (@local_config[the_key] || ENV[the_key] || @global_config[the_key] || DEBIAN_DEFAULTS[the_key])
+       is_bool(key) ? to_bool(value) : value
+     end
+ 
diff --git a/debian/patches/series b/debian/patches/series
index e69de29..663042d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -0,0 +1 @@
+0001-Use-etc-ssl-certs-CApath-by-default.patch
-- 
1.9.0.rc3

Reply via email to