From 2cb2672862aaa13a5731089a9b5a475e5b77f944 Mon Sep 17 00:00:00 2001 From: samuel40791765 Date: Tue, 9 Apr 2024 18:47:47 +0000 Subject: [PATCH] fix postgres CI; patch RSA-PSS ssl usage --- .../postgres_patch/aws-lc-postgres.patch | 33 +++++++++++++++++++ .../integration/run_postgres_integration.sh | 5 +++ 2 files changed, 38 insertions(+) create mode 100644 tests/ci/integration/postgres_patch/aws-lc-postgres.patch diff --git a/tests/ci/integration/postgres_patch/aws-lc-postgres.patch b/tests/ci/integration/postgres_patch/aws-lc-postgres.patch new file mode 100644 index 0000000000..6ba8b59473 --- /dev/null +++ b/tests/ci/integration/postgres_patch/aws-lc-postgres.patch @@ -0,0 +1,33 @@ +diff --git a/src/test/ssl/t/002_scram.pl b/src/test/ssl/t/002_scram.pl +index dd93224124..44f570c8e2 100644 +--- a/src/test/ssl/t/002_scram.pl ++++ b/src/test/ssl/t/002_scram.pl +@@ -155,14 +155,18 @@ $node->connect_ok( + # Now test with a server certificate that uses the RSA-PSS algorithm. + # This checks that the certificate can be loaded and that channel binding + # works. (see bug #17760) +-if ($supports_rsapss_certs) +-{ +- switch_server_cert($node, certfile => 'server-rsapss'); +- $node->connect_ok( +- "$common_connstr user=ssltestuser channel_binding=require", +- "SCRAM with SSL and channel_binding=require, server certificate uses 'rsassaPss'", +- log_like => [ +- qr/connection authenticated: identity="ssltestuser" method=scram-sha-256/ +- ]); +-} ++# ++# AWS-LC does not support RSA-PSS certificates in libssl. If there is a relevant ++# feature request for this, cut an issue to our public repository. ++# ++# if ($supports_rsapss_certs) ++# { ++# switch_server_cert($node, certfile => 'server-rsapss'); ++# $node->connect_ok( ++# "$common_connstr user=ssltestuser channel_binding=require", ++# "SCRAM with SSL and channel_binding=require, server certificate uses 'rsassaPss'", ++# log_like => [ ++# qr/connection authenticated: identity="ssltestuser" method=scram-sha-256/ ++# ]); ++# } + done_testing(); diff --git a/tests/ci/integration/run_postgres_integration.sh b/tests/ci/integration/run_postgres_integration.sh index 20aa6f7603..506208bf48 100755 --- a/tests/ci/integration/run_postgres_integration.sh +++ b/tests/ci/integration/run_postgres_integration.sh @@ -17,6 +17,7 @@ source tests/ci/common_posix_setup.sh SCRATCH_FOLDER=${SRC_ROOT}/"POSTGRES_BUILD_ROOT" POSTGRES_SRC_FOLDER="${SCRATCH_FOLDER}/postgres" POSTGRES_BUILD_FOLDER="${SCRATCH_FOLDER}/postgres/build" +POSTGRES_PATCH_FOLDER="${SRC_ROOT}/tests/ci/integration/postgres_patch" AWS_LC_BUILD_FOLDER="${SCRATCH_FOLDER}/aws-lc-build" AWS_LC_INSTALL_FOLDER="${POSTGRES_SRC_FOLDER}/aws-lc-install" @@ -47,6 +48,10 @@ function postgres_patch() { for i in "${!POSTGRES_ERROR_STRING[@]}"; do find ./ -type f -name "001_ssltests.pl" | xargs sed -i -e "s|${POSTGRES_ERROR_STRING[$i]}|${AWS_LC_EXPECTED_ERROR_STRING[$i]}|g" done + for patchfile in $(find -L "${POSTGRES_PATCH_FOLDER}" -type f -name '*.patch'); do + echo "Apply patch $patchfile..." + patch -p1 --quiet -i "$patchfile" + done } # Get latest postgres version.