$ rbenv install 2.5.0
$ gem install bundler
$ bundle update --source excon
Traceback (most recent call last):
2: from /home/zunda/.rbenv/versions/2.5.0/bin/bundle:23:in `<main>'
1: from /home/zunda/.rbenv/versions/2.5.0/lib/ruby/2.5.0/rubygems.rb:308:in `activate_bin_path'
/home/zunda/.rbenv/versions/2.5.0/lib/ruby/2.5.0/rubygems.rb:289:in `find_spec_for_exe': can't find gem bundler (>= 0.a) with executable bundle (Gem::GemNotFoundException)
どうするんだっけ…
$ gem install bundle
Fetching: bundle-0.0.1.gem (100%)
Successfully installed bundle-0.0.1
Parsing documentation for bundle-0.0.1
Installing ri documentation for bundle-0.0.1
Done installing documentation for bundle after 0 seconds
1 gem installed
$ bundle update --source excon
Traceback (most recent call last):
2: from /home/zunda/.rbenv/versions/2.5.0/bin/bundle:23:in `<main>'
1: from /home/zunda/.rbenv/versions/2.5.0/lib/ruby/2.5.0/rubygems.rb:308:in `activate_bin_path'
/home/zunda/.rbenv/versions/2.5.0/lib/ruby/2.5.0/rubygems.rb:289:in `find_spec_for_exe': can't find gem bundler (>= 0.a) with executable bundle (Gem::GemNotFoundException)
ぐぬぬ
$ sed -i '/RUBY VERSION/,$d' Gemfile.lock
$ bundle update --source excon
:
Fetching gem metadata from https://rubygems.org/.........
Resolving dependencies.....
Bundler could not find compatible versions for gem "bundler":
In Gemfile:
bundler-audit (~> 0.6) was resolved to 0.6.0, which depends on
bundler (~> 1.2)
rails (~> 5.1.4) was resolved to 5.1.4, which depends on
bundler (>= 1.3.0)
Current Bundler version:
bundler (2.3.6)
Your bundle requires a different version of Bundler than the one you're running.
Install the necessary version with `gem install bundler:1.17.3` and rerun
bundler using `bundle _1.17.3_ update --source excon`
すすんだw
$ gem install bundler:1.17.3
$ git checkout Gemfile.lock
Updated 1 path from the index
$ bundle update --source excon
Fetching gem metadata from https://rubygems.org/.........
Fetching gem metadata from https://rubygems.org/.
Resolving dependencies......
:
お
Installing nio4r 2.1.0 with native extensions
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.
:
compiling monitor.c
In file included from
/home/zunda/.rbenv/versions/2.5.0/include/ruby-2.5.0/ruby.h:33,
from nio4r.h:9,
from monitor.c:6:
monitor.c: In function ‘NIO_Monitor_symbol2interest’:
/home/zunda/.rbenv/versions/2.5.0/include/ruby-2.5.0/ruby/ruby.h:2469:9: error:
call to ‘rb_varargs_bad_length’ declared with attribute error: argument length
doesn't match
ぐぬぬ
$ bundle install --path=vendor/bundle
:
An error occurred while installing nio4r (2.1.0), and Bundler cannot
continue.
Make sure that `gem install nio4r -v '2.1.0' --source 'https://rubygems.org/'`
succeeds before bundling.
In Gemfile:
rails-settings-cached was resolved to 0.6.6, which depends on
rails was resolved to 5.1.4, which depends on
actioncable was resolved to 5.1.4, which depends on
nio4r
これでもいっしょよねえ
ざんぬん今宵は時間切れ
ひどいことをしたら通った
$ cd ~/.rbenv/versions/2.5.0/include/ruby-2.5.0/ruby
$ mv ruby.h ruby.h.orig
$ cp ~/.rbenv/versions/2.5.6/include/ruby-2.5.0/ruby/ruby.h .
次は
$ bundle install --path=vendor/bundle
:
Installing charlock_holmes 0.7.5 with native extensions
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.
:
transliterator.cpp:39:22: error: ‘id_list’ was not declared in this scope; did
you mean ‘va_list’?
39 | StringEnumeration *id_list;
| ^~~~~~~
| va_list
:
Results logged to
/home/zunda/c/src/github.com/increments/mastodon/vendor/bundle/ruby/2.5.0/extensions/x86_64-linux/2.5.0/charlock_holmes-0.7.5/gem_make.out
transliterator.cpp:39:3: error: ‘StringEnumeration’ was not declared in this scope; did you mean ‘icu_67::StringEnumeration’?
C++のスコープの何かなのかな #なんもわからん
libicu-devが新しすぎるとかかしら
古いlibicuを簡単には見つけられなかったのでGemfile*でcharlock_holmesを0.7.7にしちゃってみる。
Fetching charlock_holmes 0.7.7
Installing charlock_holmes 0.7.7 with native extensions
入るねえw
Bundle complete! 113 Gemfile dependencies, 263 gems now installed.
Bundled gems are installed into `./vendor/bundle`
有効期限切れのRoot CAを飲んでるのはexconの他にaws-sdk-coreがあった。
$ find vendor/bundle -type f -exec grep -l 'DST Root CA X3' {} +
vendor/bundle/ruby/2.5.0/gems/excon-0.59.0/data/cacert.pem
vendor/bundle/ruby/2.5.0/gems/aws-sdk-core-2.10.100/ca-bundle.crt
$ bundle update --source excon
:
Fetching excon 0.91.0 (was 0.59.0)
Installing excon 0.91.0 (was 0.59.0)
:
$ bundle update --source aws-sdk-core
:
Fetching aws-eventstream 1.2.0
Installing aws-eventstream 1.2.0
Fetching aws-sigv4 1.4.0 (was 1.0.2)
Installing aws-sigv4 1.4.0 (was 1.0.2)
Fetching jmespath 1.5.0 (was 1.3.1)
Installing jmespath 1.5.0 (was 1.3.1)
:
$ bundle clean
Removing excon (0.59.0)
Removing aws-sigv4 (1.0.2)
Removing jmespath (1.3.1)
Removing charlock_holmes (0.7.5)
$ find vendor/bundle -type f -exec grep -l 'DST Root CA X3' {} +
vendor/bundle/ruby/2.5.0/gems/aws-sdk-core-2.10.100/ca-bundle.crt
ありゃw
これテストできないよなあって思ってたんだけどDockerどっかーんすればなんとなるのかもか…めんどうだな…
$ docker build .
Command 'docker' not found, but can be installed with:
snap install docker # version 20.10.8, or
apt install docker.io # version 20.10.7-0ubuntu5.1
See 'snap info docker' for additional versions.
ですよねーw
$ sudo apt install docker.io
:
The following NEW packages will be installed:
bridge-utils containerd docker.io pigz runc ubuntu-fan
:
常用ユーザーで
$ docker build .
Got permission denied while trying to connect to the Docker daemon socket...
$ ls -l /var/run/docker.sock
srw-rw---- 1 root docker 0 Feb 8 19:46 /var/run/docker.sock
sudo vigrじゃなくてえーと
$ sudo usermod -a -G docker zunda
ログインしなおして
$ id
uid=1001(zunda) gid=1001(zunda) groups=1001(zunda),139(docker)
$ docker build .
Sending build context to Docker daemon 98.65MB
Step 1/23 : FROM ruby:2.4.3-alpine3.6
うし
:
Step 23/23 : ENTRYPOINT ["/sbin/tini", "--"]
---> Running in 3abffec573ac
Removing intermediate container 3abffec573ac
---> 871e120cf6af
Successfully built 871e120cf6af
$ docker run -it 871e120cf6af /bin/sh
> Request.new("get", "https://mastodon.zunda.ninja/api/v1/instance").perform
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed on https://mastodon.zunda.ninja/api/v1/instance
問題の再現に成功しましたよ
$ git diff
diff --git a/Gemfile.lock b/Gemfile.lock
index 632467c3..517ab5d3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -172,7 +172,7 @@ GEM
erubi (1.7.0)
et-orbi (1.0.8)
tzinfo
- excon (0.59.0)
+ excon (0.86.0)
fabrication (2.18.0)
faker (1.8.4)
i18n (~> 0.5)
これでどーじゃ
だめじゃん…
$ docker run -it 7299d740dead /bin/sh
~ $ RAILS_ENV=test bundle exec rails c
Chewy console strategy is `urgent`
Loading test environment (Rails 5.1.4)
irb(main):001:0> Request.new("get", "https://mastodon.zunda.ninja/api/v1/instance").perform{|r| r}
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed on https://mastodon.zunda.ninja/api/v1/instance
$ openssl s_client -connect mastodon.zunda.ninja:443 -servername mast
odon.zunda.ninja
CONNECTED(00000003)
depth=1 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
depth=1 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
---
:
そっちかー
(10/12) Upgrading ca-certificates (20161130-r2 -> 20161130-r3)
これわねー
$ git diff Dockerfile
diff --git a/Dockerfile b/Dockerfile
index ad5344de..ed167c84 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,6 +20,7 @@ WORKDIR /mastodon
RUN apk -U upgrade \
&& apk add --no-cache ca-certificates wget \
+ && rm /etc/ssl/certs/ca-cert-DST_Root_CA_X3.pem \
&& update-ca-certificates \
&& apk add -t build-dependencies \
build-base \
これでどーだ
$ docker run -it 65f68d637b42 /bin/sh
~ $ grep ISRG /etc/ssl/cert.pem
=== /C=US/O=Internet Security Research Group/CN=ISRG Root X1
Subject: C=US, O=Internet Security Research Group, CN=ISRG Root X1
~ $ grep DST /etc/ssl/cert.pem
=== /C=US/O=Digital Signature Trust/OU=DST ACES/CN=DST ACES CA X6
Subject: C=US, O=Digital Signature Trust, OU=DST ACES, CN=DST ACES CA X6
=== /O=Digital Signature Trust Co./CN=DST Root CA X3
Subject: O=Digital Signature Trust Co., CN=DST Root CA X3
まだ居るなあ
RAILS_ENV=test bundle exec rails c
したのが抜けてた
$ git diff
diff --git a/Dockerfile b/Dockerfile
index ad5344de..c2536e16 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,6 +20,10 @@ WORKDIR /mastodon
RUN apk -U upgrade \
&& apk add --no-cache ca-certificates wget \
+ && sed -i /DST_Root_CA_X3.crt/d /etc/ca-certificates.conf \
+ && rm /etc/ssl/certs/2e5ac55d.0 \
+ /etc/ssl/certs/ca-cert-DST_Root_CA_X3.pem \
+ /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt \
&& update-ca-certificates \
&& apk add -t build-dependencies \
build-base \
diff --git a/Gemfile.lock b/Gemfile.lock
index 632467c3..517ab5d3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -172,7 +172,7 @@ GEM
erubi (1.7.0)
et-orbi (1.0.8)
tzinfo
- excon (0.59.0)
+ excon (0.86.0)
fabrication (2.18.0)
faker (1.8.4)
i18n (~> 0.5)
して
$ docker run -it 11efa5f7beaa /bin/sh
~ $ RAILS_ENV=test bundle exec rails c
Chewy console strategy is `urgent`
Loading test environment (Rails 5.1.4)
irb(main):001:0> Request.new("get", "https://mastodon.zunda.ninja/api/v1/instance").perform{|r| r}
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed on https://mastodon.zunda.ninja/api/v1/instance
あれれれれ?
~ $ grep "DST Root" /etc/ssl/cert.pem
=== /O=Digital Signature Trust Co./CN=DST Root CA X3
Subject: O=Digital Signature Trust Co., CN=DST Root CA X3
ぐーぬぬー
libresslおまえだったのか
# apk info -L libressl
libressl-2.5.5-r2 contains:
etc/ssl/cert.pem
etc/ssl/x509v3.cnf
etc/ssl/openssl.cnf
usr/bin/openssl
usr/bin/ocspcheck
# grep "DST Root" /etc/ssl/cert.pem
=== /O=Digital Signature Trust Co./CN=DST Root CA X3
Subject: O=Digital Signature Trust Co., CN=DST Root CA X3
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,7 +20,6 @@
RUN apk -U upgrade \
&& apk add --no-cache ca-certificates wget \
- && update-ca-certificates \
&& apk add -t build-dependencies \
build-base \
icu-dev \
@@ -30,6 +29,12 @@
postgresql-dev \
protobuf-dev \
python \
+ && sed -i /DST_Root_CA_X3.crt/d /etc/ca-certificates.conf \
+ && sed -ine '/CN=DST Root CA X3/,/-----END CERTIFICATE-----/d' /etc/ssl/cert.pem \
+ && rm /etc/ssl/certs/2e5ac55d.0 \
+ /etc/ssl/certs/ca-cert-DST_Root_CA_X3.pem \
+ /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt \
+ && update-ca-certificates \
な感じで
$ docker run -it e8f3f7ea2d91 /bin/sh
# :| openssl s_client -connect mastodon.zunda.ninja:443 -servername ma
stodon.zunda.ninja
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = mastodon.zunda.ninja
verify return:1
---
つながったー
sed -ineだとcert.pemeとかいうバックアップができるんだw
できたっぽい!! PRつくろう。
$ docker run -it ba9d6416ba2d /bin/sh
~ $ RAILS_ENV=test bundle exec rails c
Chewy console strategy is `urgent`
Loading test environment (Rails 5.1.4)
irb(main):001:0> Request.new("get", "https://mastodon.zunda.ninja/api/v1/instance").perform{|r| r}
=> #<HTTP::Response/1.1 200 OK {"Connection"=>"close", "Server"=>"Mastodon", "X-Frame-Options"=>"DENY", "X-Content-Type-Options"=>"nosniff", "X-Xss-Protection"=>"0", "Permissions-Policy"=>"interest-cohort=()", "X-Ratelimit-Limit"=>"300", "X-Ratelimit-Remaining"=>"299", "X-Ratelimit-Reset"=>"2022-02-09T20:40:00.690062Z", "Date"=>"Wed, 09 Feb 2022 20:38:40 GMT", "Content-Type"=>"application/json; charset=utf-8", "Cache-Control"=>"max-age=180, public", "Vary"=>"Accept-Encoding, Origin", "Etag"=>"W/\"df2a160c2b5f864fa5ad58bc08660930\"", "X-Request-Id"=>"1324c838-d41a-488c-9142-9265ee7aec04", "X-Runtime"=>"0.008016", "Strict-Transport-Security"=>"max-age=63072000; includeSubDomains", "Transfer-Encoding"=>"chunked", "Via"=>"1.1 vegur"}>