Run of fresh-snapshots for ruby-certificate-authority

Try this locally package):

debcheckout ruby-certificate-authority
cd ruby-certificate-authority
DEB_UPDATE_CHANGELOG=auto deb-new-upstream --snapshot --refresh-patches

Summary

DEB_UPDATE_CHANGELOG=auto deb-new-upstream --snapshot --refresh-patches

Diff

Branch: main

Diff is too long (more than 200 lines). Download the raw diff.

Branch: pristine-tar

diff --git a/ruby-certificate-authority_1.0.0+git20220128.1.1aa22d5.orig.tar.gz.delta b/ruby-certificate-authority_1.0.0+git20220128.1.1aa22d5.orig.tar.gz.delta
new file mode 100644
index 0000000..483c330
Binary files /dev/null and b/ruby-certificate-authority_1.0.0+git20220128.1.1aa22d5.orig.tar.gz.delta differ
diff --git a/ruby-certificate-authority_1.0.0+git20220128.1.1aa22d5.orig.tar.gz.id b/ruby-certificate-authority_1.0.0+git20220128.1.1aa22d5.orig.tar.gz.id
new file mode 100644
index 0000000..eb9a9a7
--- /dev/null
+++ b/ruby-certificate-authority_1.0.0+git20220128.1.1aa22d5.orig.tar.gz.id
@@ -0,0 +1 @@
+d1b03b85221a999668942c1e64cf77deed00687e

Branch: upstream

Tag: upstream/1.0.0+git20220128.1.1aa22d5
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..6226437
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,26 @@
+name: Tests
+
+on: [push, pull_request]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        ruby-version:
+          - '3.1'
+          - '3.0'
+          - '2.7'
+          - '2.6'
+          - '2.5'
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby ${{ matrix.ruby-version }}
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true # 'bundle install' and cache
+    - name: Run tests
+      run: bundle exec rake
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index 012a6c7..0000000
--- a/.travis.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-sudo: false
-language: ruby
-cache: bundler
-rvm:
-  - 2.5
-  - 2.6
-  - 2.7
-before_install: gem install bundler
-script:
-  - bundle exec rake
diff --git a/Gemfile.lock b/Gemfile.lock
index f303036..b6c52a6 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -26,7 +26,7 @@ GEM
       method_source (~> 1.0)
     rainbow (3.0.0)
     rake (13.0.1)
-    rexml (3.2.4)
+    rexml (3.2.5)
     rspec (3.9.0)
       rspec-core (~> 3.9.0)
       rspec-expectations (~> 3.9.0)
diff --git a/lib/certificate_authority/certificate.rb b/lib/certificate_authority/certificate.rb
index cdf432c..771631b 100644
--- a/lib/certificate_authority/certificate.rb
+++ b/lib/certificate_authority/certificate.rb
@@ -75,11 +75,6 @@ module CertificateAuthority
       openssl_cert.subject = self.distinguished_name.to_x509_name
       openssl_cert.issuer = parent.distinguished_name.to_x509_name
 
-      require 'tempfile'
-      t = Tempfile.new("bullshit_conf")
-      ## The config requires a file even though we won't use it
-      openssl_config = OpenSSL::Config.new(t.path)
-
       factory = OpenSSL::X509::ExtensionFactory.new
       factory.subject_certificate = openssl_cert
 
@@ -90,14 +85,7 @@ module CertificateAuthority
         factory.issuer_certificate = parent.openssl_body
       end
 
-      self.extensions.keys.each do |k|
-        config_extensions = extensions[k].config_extensions
-        openssl_config = merge_options(openssl_config,config_extensions)
-      end
-
-      # p openssl_config.sections
-
-      factory.config = openssl_config
+      factory.config = build_openssl_config
 
       # Order matters: e.g. for self-signed, subjectKeyIdentifier must come before authorityKeyIdentifier
       self.extensions.keys.sort{|a,b| b<=>a}.each do |k|
@@ -114,8 +102,6 @@ module CertificateAuthority
       end
 
       self.openssl_body = openssl_cert.sign(parent.key_material.private_key, digest)
-    ensure
-      t.close! if t # We can get rid of the ridiculous temp file
     end
 
     def is_signing_entity?
@@ -224,6 +210,55 @@ module CertificateAuthority
       extension_hash
     end
 
+    def build_openssl_config
+      OpenSSL::Config.parse(openssl_config_string)
+    end
+
+    def openssl_config_string
+      lines = openssl_config_without_multi_value + openssl_config_with_multi_value
+      return '' if lines.empty?
+      (["[extensions]" ]+ lines).join("\n")
+    end
+
+    def openssl_config_without_multi_value
+      no_multi_value_keys = self.extensions.keys.select { |k| extensions[k].config_extensions.empty? }
+
+      lines = no_multi_value_keys.map do |k|
+        value = extensions[k].to_s
+        value.empty? ? '' : "#{k} = #{value}"
+      end.reject(&:empty?)
+      lines
+    end
+
+    def openssl_config_with_multi_value
+      multi_value_keys = self.extensions.keys.reject { |k| extensions[k].config_extensions.empty? }
+      sections = {}
+
+      entries = multi_value_keys.map do |k|
+        sections.merge!(extensions[k].config_extensions)
+        value = comma_terminate(extensions[k]) + section_ref_str(extensions[k].config_extensions.keys)
+        "#{k} = #{value}"
+      end.reject(&:empty?)
+
+      section_lines = sections.keys.flat_map do |k|
+        section_lines(k, sections[k])
+      end 
+      entries + [''] + section_lines
+    end
+
+    def comma_terminate(val)
+      s = val.to_s
+      s.empty? ? s : "#{s},"
+    end
+
+    def section_ref_str(section_names)
+      section_names.map { |n| "@#{n}"}.join(',')
+    end
+
+    def section_lines(section_name, value_hash)
+      ["[#{section_name}]"] + value_hash.keys.map { |k| "#{k} = #{value_hash[k]}"} + ['']
+    end
+
     def merge_options(config,hash)
       hash.keys.each do |k|
         config[k] = hash[k]

Resulting package

The resulting binary packages can be installed (if you have the apt repository enabled) by running one of:

apt install -t fresh-snapshots ruby-certificate-authority

Lintian Result

Full worker log Full build log