diff --git a/.gitignore b/.gitignore index 64f5725..373b232 100644 --- a/.gitignore +++ b/.gitignore @@ -40,3 +40,37 @@ /dotnet-8.0.3.tar.gz.sig /dotnet-8.0.4.tar.gz /dotnet-8.0.4.tar.gz.sig +/dotnet-8.0.5.tar.gz +/dotnet-8.0.5.tar.gz.sig +/dotnet-8.0.7.tar.gz +/dotnet-8.0.7.tar.gz.sig +/dotnet-8.0.8.tar.gz +/dotnet-8.0.8.tar.gz.sig +/dotnet-8.0.10.tar.gz +/dotnet-8.0.10.tar.gz.sig +/dotnet-8.0.11.tar.gz +/dotnet-8.0.11.tar.gz.sig +/dotnet-8.0.12.tar.gz +/dotnet-8.0.12.tar.gz.sig +/dotnet-8.0.13.tar.gz +/dotnet-8.0.13.tar.gz.sig +/dotnet-8.0.14.tar.gz +/dotnet-8.0.14.tar.gz.sig +/dotnet-8.0.15.tar.gz +/dotnet-8.0.15.tar.gz.sig +/dotnet-8.0.16.tar.gz +/dotnet-8.0.16.tar.gz.sig +/dotnet-8.0.17.tar.gz +/dotnet-8.0.17.tar.gz.sig +/dotnet-8.0.18.tar.gz +/dotnet-8.0.18.tar.gz.sig +/dotnet-8.0.119.tar.gz +/dotnet-8.0.119.tar.gz.sig +/dotnet-8.0.120.tar.gz +/dotnet-8.0.120.tar.gz.sig +/dotnet-8.0.121.tar.gz +/dotnet-8.0.121.tar.gz.sig +/dotnet-8.0.122.tar.gz +/dotnet-8.0.122.tar.gz.sig +/dotnet-8.0.123.tar.gz +/dotnet-8.0.123.tar.gz.sig diff --git a/dotnet8.0.spec b/dotnet8.0.spec index ca203d5..6cc1b3a 100644 --- a/dotnet8.0.spec +++ b/dotnet8.0.spec @@ -8,16 +8,20 @@ %global dotnetver 8.0 -%global host_version 8.0.4 -%global runtime_version 8.0.4 +# Only the package for the latest dotnet version should provide RPMs like +# dotnet-host and netstandard-targeting-pack-2.1 +%global is_latest_dotnet 0 + +%global host_version 8.0.23 +%global runtime_version 8.0.23 %global aspnetcore_runtime_version %{runtime_version} -%global sdk_version 8.0.104 +%global sdk_version 8.0.123 %global sdk_feature_band_version %(echo %{sdk_version} | cut -d '-' -f 1 | sed -e 's|[[:digit:]][[:digit:]]$|00|') %global templates_version %{runtime_version} #%%global templates_version %%(echo %%{runtime_version} | awk 'BEGIN { FS="."; OFS="." } {print $1, $2, $3+1 }') # upstream can produce releases with a different tag than the SDK version -%global upstream_tag v%{runtime_version} +%global upstream_tag v%{sdk_version} %global upstream_tag_without_v %(echo %{upstream_tag} | sed -e 's|^v||') %global host_rpm_version %{host_version} @@ -25,15 +29,7 @@ %global aspnetcore_runtime_rpm_version %{aspnetcore_runtime_version} %global sdk_rpm_version %{sdk_version} -%if 0%{?fedora} || 0%{?rhel} < 8 -%global use_bundled_libunwind 0 -%else %global use_bundled_libunwind 1 -%endif - -%ifarch aarch64 ppc64le s390x -%global use_bundled_libunwind 1 -%endif %ifarch aarch64 %global runtime_arch arm64 @@ -92,14 +88,25 @@ Patch2: vstest-intent-net8.0.patch Patch3: runtime-re-enable-implicit-rejection.patch # https://github.com/dotnet/msbuild/pull/9449 Patch4: msbuild-9449-exec-stop-setting-a-locale.patch -# https://github.com/dotnet/runtime/pull/100258 -Patch5: runtime-clang-18.patch +# We disable checking the signature of the last certificate in a chain if the certificate is supposedly self-signed. +# A side effect of not checking the self-signature of such a certificate is that disabled or unsupported message +# digests used for the signature are not treated as fatal errors. +# https://issues.redhat.com/browse/RHEL-25254 +Patch5: runtime-openssl-sha1.patch +# https://github.com/dotnet/runtime/issues/119706#issuecomment-3292624673 +Patch6: runtime-119706-clang-21.patch +# TODO send upstream +Patch7: runtime-clang-20-support.patch ExclusiveArch: aarch64 ppc64le s390x x86_64 +%if 0%{?fedora} >= 43 +BuildRequires: clang20 +%else BuildRequires: clang +%endif BuildRequires: cmake BuildRequires: coreutils %if %{without bootstrap} @@ -130,6 +137,9 @@ BuildRequires: lttng-ust-devel BuildRequires: make #BuildRequires: nodejs-devel BuildRequires: openssl-devel +%if 0%{?fedora} >= 41 +BuildRequires: openssl-devel-engine +%endif BuildRequires: python3 BuildRequires: tar BuildRequires: util-linux @@ -386,7 +396,9 @@ applications using the .NET SDK. %dotnet_targeting_pack dotnet-apphost-pack-%{dotnetver} %{runtime_rpm_version} Microsoft.NETCore.App %{dotnetver} Microsoft.NETCore.App.Host.%{runtime_id} %dotnet_targeting_pack dotnet-targeting-pack-%{dotnetver} %{runtime_rpm_version} Microsoft.NETCore.App %{dotnetver} Microsoft.NETCore.App.Ref %dotnet_targeting_pack aspnetcore-targeting-pack-%{dotnetver} %{aspnetcore_runtime_rpm_version} Microsoft.AspNetCore.App %{dotnetver} Microsoft.AspNetCore.App.Ref +%if %{is_latest_dotnet} %dotnet_targeting_pack netstandard-targeting-pack-2.1 %{sdk_rpm_version} NETStandard.Library 2.1 NETStandard.Library.Ref +%endif %package -n dotnet-sdk-%{dotnetver}-source-built-artifacts @@ -522,6 +534,14 @@ CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/ -march=z13//') CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/ -mtune=z14//') %endif +%if 0%{?rhel} >= 10 +# Workaround for https://github.com/dotnet/runtime/issues/109611 +# FIXME: Remove this, and replace with upstream fix +CFLAGS=$(echo $CFLAGS | sed -e 's/-march=x86-64-v3 //') +CXXFLAGS=$(echo $CXXFLAGS | sed -e 's/-march=x86-64-v3 //') +LDFLAGS=$(echo $LDFLAGS | sed -e 's/-march=x86-64-v3 //') +%endif + export EXTRA_CFLAGS="$CFLAGS" export EXTRA_CXXFLAGS="$CXXFLAGS" export EXTRA_LDFLAGS="$LDFLAGS" @@ -531,7 +551,29 @@ export EXTRA_LDFLAGS="$LDFLAGS" # suggested compile-time change doesn't work, unfortunately. export COMPlus_LTTng=0 -VERBOSE=1 ./build.sh \ +%ifarch ppc64le s390x +max_attempts=3 +%else +max_attempts=1 +%endif + +function retry_until_success { + local exit_code=1 + local tries=$1 + shift + set +e + while [[ $exit_code != 0 ]] && [[ $tries != 0 ]]; do + (( tries = tries - 1 )) + "$@" + exit_code=$? + done + set -e + return $exit_code +} + +VERBOSE=1 retry_until_success $max_attempts \ + timeout 5h \ + ./build.sh \ %if %{without bootstrap} --with-sdk previously-built-dotnet \ %endif @@ -592,6 +634,7 @@ find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.targets' -exec chmod -x {} find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.txt' -exec chmod -x {} \; find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.xml' -exec chmod -x {} \; +%if %{is_latest_dotnet} install -dm 0755 %{buildroot}%{_sysconfdir}/profile.d/ install dotnet.sh %{buildroot}%{_sysconfdir}/profile.d/ @@ -616,6 +659,7 @@ echo "%{_libdir}/dotnet" >> install_location install install_location %{buildroot}%{_sysconfdir}/dotnet/ echo "%{_libdir}/dotnet" >> install_location_%{runtime_arch} install install_location_%{runtime_arch} %{buildroot}%{_sysconfdir}/dotnet/ +%endif install -dm 0755 %{buildroot}%{_libdir}/dotnet/source-built-artifacts install -m 0644 artifacts/%{runtime_arch}/Release/Private.SourceBuilt.Artifacts.*.tar.gz %{buildroot}/%{_libdir}/dotnet/source-built-artifacts/ @@ -641,6 +685,22 @@ find %{buildroot}%{_libdir}/dotnet/sdk -type d | tail -n +2 | sed -E 's|%{buildr find %{buildroot}%{_libdir}/dotnet/sdk -type f -and -not -name '*.pdb' | sed -E 's|%{buildroot}||' >> dotnet-sdk-non-dbg-files find %{buildroot}%{_libdir}/dotnet/sdk -type f -name '*.pdb' | sed -E 's|%{buildroot}||' > dotnet-sdk-dbg-files +%if %{is_latest_dotnet} == 0 +# If this is an older version, self-test now, before we delete files. After we +# delete files, we will not have everything we need to self-test in %%check. +%{buildroot}%{_libdir}/dotnet/dotnet --info +%{buildroot}%{_libdir}/dotnet/dotnet --version + +# Provided by dotnet-host from another SRPM +rm %{buildroot}%{_libdir}/dotnet/LICENSE.txt +rm %{buildroot}%{_libdir}/dotnet/ThirdPartyNotices.txt +rm %{buildroot}%{_libdir}/dotnet/dotnet +# Provided by netstandard-targeting-pack-2.1 from another SRPM +rm -rf %{buildroot}%{_libdir}/dotnet/packs/NETStandard.Library.Ref/2.1.0 +rm %{buildroot}%{_rpmmacrodir}/macros.dotnet +%endif + + %check %if 0%{?fedora} > 35 @@ -648,8 +708,10 @@ find %{buildroot}%{_libdir}/dotnet/sdk -type f -name '*.pdb' | sed -E 's|%{buil export COMPlus_LTTng=0 %endif +%if %{is_latest_dotnet} %{buildroot}%{_libdir}/dotnet/dotnet --info %{buildroot}%{_libdir}/dotnet/dotnet --version +%endif %if ( 0%{?fedora} && 0%{?fedora} < 38 ) || ( 0%{?rhel} && 0%{?rhel} < 9 ) @@ -657,6 +719,7 @@ export COMPlus_LTTng=0 # empty package useful for dependencies %endif +%if %{is_latest_dotnet} %files -n dotnet-host %dir %{_libdir}/dotnet %{_libdir}/dotnet/dotnet @@ -673,6 +736,7 @@ export COMPlus_LTTng=0 %dir %{_datadir}/bash-completion/completions %{_datadir}/bash-completion/completions/dotnet %{_rpmmacrodir}/macros.dotnet +%endif %files -n dotnet-hostfxr-%{dotnetver} %dir %{_libdir}/dotnet/host/fxr @@ -702,7 +766,9 @@ export COMPlus_LTTng=0 %{_libdir}/dotnet/sdk-manifests/%{sdk_feature_band_version}* %{_libdir}/dotnet/metadata %dir %{_libdir}/dotnet/packs +%dir %{_libdir}/dotnet/packs/Microsoft.AspNetCore.App.Runtime.%{runtime_id} %{_libdir}/dotnet/packs/Microsoft.AspNetCore.App.Runtime.%{runtime_id}/%{aspnetcore_runtime_version} +%dir %{_libdir}/dotnet/packs/Microsoft.NETCore.App.Runtime.%{runtime_id} %{_libdir}/dotnet/packs/Microsoft.NETCore.App.Runtime.%{runtime_id}/%{runtime_version} %files -n dotnet-sdk-dbg-%{dotnetver} -f dotnet-sdk-dbg-files @@ -713,6 +779,79 @@ export COMPlus_LTTng=0 %changelog +* Tue Jan 13 2026 Omair Majid - 8.0.123-1 +- Update to .NET SDK 8.0.123 and Runtime 8.0.23 + +* Mon Nov 17 2025 Omair Majid - 8.0.122-1 +- Update to .NET SDK 8.0.122 and Runtime 8.0.22 + +* Thu Oct 30 2025 Omair Majid - 8.0.121-1 +- Update to .NET SDK 8.0.121 and Runtime 8.0.21 + +* Tue Oct 28 2025 Omair Majid - 8.0.120-2 +- Don't use clang 21 + +* Wed Sep 10 2025 Omair Majid - 8.0.120-1 +- Update to .NET SDK 8.0.120 and Runtime 8.0.20 + +* Wed Aug 06 2025 Omair Majid - 8.0.119-1 +- Update to .NET SDK 8.0.119 and Runtime 8.0.19 + +* Wed Jul 23 2025 Fedora Release Engineering - 8.0.118-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Tue Jul 08 2025 Omair Majid - 8.0.118-1 +- Update to .NET SDK 8.0.118 and Runtime 8.0.18 + +* Tue Jun 10 2025 Omair Majid - 8.0.117-1 +- Update to .NET SDK 8.0.117 and Runtime 8.0.17 + +* Tue May 13 2025 Omair Majid - 8.0.116-1 +- Update to .NET SDK 8.0.116 and Runtime 8.0.16 + +* Wed Apr 09 2025 Omair Majid - 8.0.115-1 +- Update to .NET SDK 8.0.115 and Runtime 8.0.15 + +* Tue Mar 11 2025 Omair Majid - 8.0.114-1 +- Update to .NET SDK 8.0.114 and Runtime 8.0.14 + +* Mon Feb 17 2025 Omair Majid - 8.0.113-1 +- Update to .NET SDK 8.0.113 and Runtime 8.0.13 + +* Thu Jan 16 2025 Omair Majid - 8.0.112-1 +- Update to .NET SDK 8.0.112 and Runtime 8.0.12 + +* Thu Jan 16 2025 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Tue Dec 10 2024 Omair Majid - 8.0.111-2 +- Fix ELN build +- Resolves: RHBZ#2321109 + +* Mon Nov 18 2024 Omair Majid - 8.0.111-1 +- Update to .NET SDK 8.0.111 and Runtime 8.0.11 + +* Fri Oct 11 2024 Omair Majid - 8.0.110-1 +- Update to .NET SDK 8.0.110 and Runtime 8.0.10 + +* Fri Sep 27 2024 Omair Majid - 8.0.108-2 +- Support building without ENGINE support in OpenSSL + +* Tue Aug 13 2024 Omair Majid - 8.0.108-1 +- Update to .NET SDK 8.0.108 and Runtime 8.0.8 + +* Wed Jul 17 2024 Fedora Release Engineering - 8.0.107-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Tue Jul 09 2024 Omair Majid - 8.0.107-1 +- Update to .NET SDK 8.0.107 and Runtime 8.0.7 + +* Wed Jul 03 2024 Omair Majid - 8.0.105-1 +- Fix ownership of some missed directories + +* Tue May 14 2024 Omair Majid - 8.0.105-1 +- Update to .NET SDK 8.0.105 and Runtime 8.0.5 + * Tue Apr 09 2024 Omair Majid - 8.0.104-1 - Update to .NET SDK 8.0.104 and Runtime 8.0.4 diff --git a/gating.yaml b/gating.yaml index b7ab3d1..6b6a8a9 100644 --- a/gating.yaml +++ b/gating.yaml @@ -20,4 +20,3 @@ product_versions: decision_context: osci_compose_gate rules: - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional} - - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.other-archs.functional} diff --git a/release.json b/release.json index 9a63353..15390f5 100644 --- a/release.json +++ b/release.json @@ -1,10 +1,10 @@ { - "release": "8.0.4", + "release": "8.0.23", "channel": "8.0", - "tag": "v8.0.4", - "sdkVersion": "8.0.104", - "runtimeVersion": "8.0.4", - "aspNetCoreVersion": "8.0.4", + "tag": "v8.0.123", + "sdkVersion": "8.0.123", + "runtimeVersion": "8.0.23", + "aspNetCoreVersion": "8.0.23", "sourceRepository": "https://github.com/dotnet/dotnet", - "sourceVersion": "83659133a1aa2b2d94f9c4ecebfa10d960e27706" + "sourceVersion": "fafff0660ef23ca2ece1444119524a76e0f4d4a4" } diff --git a/runtime-119706-clang-21.patch b/runtime-119706-clang-21.patch new file mode 100644 index 0000000..9d97b4a --- /dev/null +++ b/runtime-119706-clang-21.patch @@ -0,0 +1,24 @@ +diff --git dotnet/src/runtime/eng/native/configurecompiler.cmake dotnet/src/runtime/eng/native/configurecompiler.cmake +index d54d9b6803b..9438cb5af7e 100644 +--- dotnet/src/runtime/eng/native/configurecompiler.cmake ++++ dotnet/src/runtime/eng/native/configurecompiler.cmake +@@ -574,6 +574,7 @@ if (CLR_CMAKE_HOST_UNIX OR CLR_CMAKE_HOST_WASI) + add_compile_options(-Wno-unused-function) + add_compile_options(-Wno-tautological-compare) + add_compile_options(-Wno-unknown-pragmas) ++ add_compile_options(-Wno-c++-compat) + + # Explicitly enabled warnings + check_c_compiler_flag(-Wimplicit-fallthrough COMPILER_SUPPORTS_W_IMPLICIT_FALLTHROUGH) +diff --git dotnet/src/runtime/src/coreclr/pal/prebuilt/inc/cordebug.h dotnet/src/runtime/src/coreclr/pal/prebuilt/inc/cordebug.h +index 78b86c69ee9..1672d602d99 100644 +--- dotnet/src/runtime/src/coreclr/pal/prebuilt/inc/cordebug.h ++++ dotnet/src/runtime/src/coreclr/pal/prebuilt/inc/cordebug.h +@@ -10036,6 +10036,7 @@ EXTERN_C const IID IID_ICorDebugRegisterSet2; + typedef + enum CorDebugUserState + { ++ CORDEBUG_INVALID = -1, + USER_STOP_REQUESTED = 0x1, + USER_SUSPEND_REQUESTED = 0x2, + USER_BACKGROUND = 0x4, diff --git a/runtime-clang-18.patch b/runtime-clang-18.patch deleted file mode 100644 index 5eadcf6..0000000 --- a/runtime-clang-18.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 5ba9eb4aa57cbdc150e1cf7cd99f5b5bda74c959 Mon Sep 17 00:00:00 2001 -From: Omair Majid -Date: Mon, 25 Mar 2024 17:26:44 -0400 -Subject: [PATCH] Support building against clang 18 - -This is a targeted backport from a few other PRs that makes it possible -to build dotnet/runtme's 8.0 branch on Fedora 40 which includes clang -18. - -- https://github.com/dotnet/arcade/pull/14572 -- https://github.com/dotnet/runtime/pull/94782 -- https://github.com/dotnet/runtime/pull/99811 ---- - eng/common/native/init-compiler.sh | 2 +- - eng/native/configurecompiler.cmake | 3 +++ - src/coreclr/pal/src/include/pal/palinternal.h | 1 + - 3 files changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/runtime/eng/common/native/init-compiler.sh b/src/runtime/eng/common/native/init-compiler.sh -index f5c1ec7eafe..2d5660642b8 100644 ---- a/src/runtime/eng/common/native/init-compiler.sh -+++ b/src/runtime/eng/common/native/init-compiler.sh -@@ -63,7 +63,7 @@ if [ -z "$CLR_CC" ]; then - # Set default versions - if [ -z "$majorVersion" ]; then - # note: gcc (all versions) and clang versions higher than 6 do not have minor version in file name, if it is zero. -- if [ "$compiler" = "clang" ]; then versions="17 16 15 14 13 12 11 10 9 8 7 6.0 5.0 4.0 3.9 3.8 3.7 3.6 3.5" -+ if [ "$compiler" = "clang" ]; then versions="18 17 16 15 14 13 12 11 10 9 8 7 6.0 5.0 4.0 3.9 3.8 3.7 3.6 3.5" - elif [ "$compiler" = "gcc" ]; then versions="13 12 11 10 9 8 7 6 5 4.9"; fi - - for version in $versions; do -diff --git a/eng/native/configurecompiler.cmake b/eng/native/configurecompiler.cmake -index 18381101853..0e6ee88b245 100644 ---- a/src/runtime/eng/native/configurecompiler.cmake -+++ b/src/runtime/eng/native/configurecompiler.cmake -@@ -590,6 +590,9 @@ if (CLR_CMAKE_HOST_UNIX) - # other clang 16.0 suppressions - add_compile_options(-Wno-single-bit-bitfield-constant-conversion) - add_compile_options(-Wno-cast-function-type-strict) -+ -+ # clang 18.1 supressions -+ add_compile_options(-Wno-switch-default) - else() - add_compile_options(-Wno-uninitialized) - add_compile_options(-Wno-strict-aliasing) -diff --git a/src/coreclr/pal/src/include/pal/palinternal.h b/src/coreclr/pal/src/include/pal/palinternal.h -index a7c5ba129c9..3b8a55a9449 100644 ---- a/src/runtime/src/coreclr/pal/src/include/pal/palinternal.h -+++ b/src/runtime/src/coreclr/pal/src/include/pal/palinternal.h -@@ -426,6 +426,7 @@ function_name() to call the system's implementation - #undef va_start - #undef va_end - #undef va_copy -+#undef va_arg - #undef stdin - #undef stdout - #undef stderr --- -2.44.0 - diff --git a/runtime-clang-20-support.patch b/runtime-clang-20-support.patch new file mode 100644 index 0000000..bffcf79 --- /dev/null +++ b/runtime-clang-20-support.patch @@ -0,0 +1,22 @@ +--- a/eng/common/native/init-compiler.sh ++++ b/eng/common/native/init-compiler.sh +@@ -63,7 +63,7 @@ + # Set default versions + if [ -z "$majorVersion" ]; then + # note: gcc (all versions) and clang versions higher than 6 do not have minor version in file name, if it is zero. +- if [ "$compiler" = "clang" ]; then versions="18 17 16 15 14 13 12 11 10 9 8 7 6.0 5.0 4.0 3.9 3.8 3.7 3.6 3.5" ++ if [ "$compiler" = "clang" ]; then versions="20 19 18 17 16 15 14 13 12 11 10 9 8 7 6.0 5.0 4.0 3.9 3.8 3.7 3.6 3.5" + elif [ "$compiler" = "gcc" ]; then versions="13 12 11 10 9 8 7 6 5 4.9"; fi + + for version in $versions; do +--- a/src/runtime/eng/common/native/init-compiler.sh ++++ b/src/runtime/eng/common/native/init-compiler.sh +@@ -63,7 +63,7 @@ + # Set default versions + if [ -z "$majorVersion" ]; then + # note: gcc (all versions) and clang versions higher than 6 do not have minor version in file name, if it is zero. +- if [ "$compiler" = "clang" ]; then versions="18 17 16 15 14 13 12 11 10 9 8 7 6.0 5.0 4.0 3.9 3.8 3.7 3.6 3.5" ++ if [ "$compiler" = "clang" ]; then versions="20 19 18 17 16 15 14 13 12 11 10 9 8 7 6.0 5.0 4.0 3.9 3.8 3.7 3.6 3.5" + elif [ "$compiler" = "gcc" ]; then versions="13 12 11 10 9 8 7 6 5 4.9"; fi + + for version in $versions; do diff --git a/runtime-openssl-sha1.patch b/runtime-openssl-sha1.patch new file mode 100644 index 0000000..6e307ef --- /dev/null +++ b/runtime-openssl-sha1.patch @@ -0,0 +1,34 @@ +From d7805229ffe6906cd0832c0482b963caf4b4fd82 Mon Sep 17 00:00:00 2001 +From: Tom Deseyn +Date: Wed, 28 Feb 2024 14:08:15 +0100 +Subject: [PATCH] Allow certificate validation with SHA-1 signatures. + +RHEL OpenSSL builds disable SHA-1 signatures. This causes certificate +validation to fail when using the X509_V_FLAG_CHECK_SS_SIGNATURE flag +with a chain where the last certificate uses a SHA-1 signature. + +This removes X509_V_FLAG_CHECK_SS_SIGNATURE flag to have the default +OpenSSL behavior for certificate validation. +--- + .../libs/System.Security.Cryptography.Native/pal_x509.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c +index 04c6ba06cd..2cd3413dae 100644 +--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c ++++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c +@@ -272,11 +272,6 @@ int32_t CryptoNative_X509StoreCtxInit(X509_STORE_CTX* ctx, X509_STORE* store, X5 + + int32_t val = X509_STORE_CTX_init(ctx, store, x509, extraStore); + +- if (val != 0) +- { +- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_CHECK_SS_SIGNATURE); +- } +- + return val; + } + +-- +2.43.2 + diff --git a/runtime-re-enable-implicit-rejection.patch b/runtime-re-enable-implicit-rejection.patch index 841850f..a2e5614 100644 --- a/runtime-re-enable-implicit-rejection.patch +++ b/runtime-re-enable-implicit-rejection.patch @@ -47,33 +47,6 @@ index 39f3ebc82ec..5b97f468a42 100644 using (RSA rsa = RSAFactory.Create(TestData.RSA2048Params)) { void RoundtripEmpty(RSAEncryptionPadding paddingMode) -@@ -716,26 +725,6 @@ public void NotSupportedValueMethods() - } - } - -- [ConditionalTheory] -- [InlineData(new byte[] { 1, 2, 3, 4 })] -- [InlineData(new byte[0])] -- public void Decrypt_Pkcs1_ErrorsForInvalidPadding(byte[] data) -- { -- if (data.Length == 0 && !PlatformSupportsEmptyRSAEncryption) -- { -- throw new SkipTestException("Platform does not support RSA encryption of empty data."); -- } -- -- using (RSA rsa = RSAFactory.Create(TestData.RSA2048Params)) -- { -- byte[] encrypted = Encrypt(rsa, data, RSAEncryptionPadding.Pkcs1); -- encrypted[1] ^= 0xFF; -- -- // PKCS#1, the data, and the key are all deterministic so this should always throw an exception. -- Assert.ThrowsAny(() => Decrypt(rsa, encrypted, RSAEncryptionPadding.Pkcs1)); -- } -- } -- - [Fact] - public void Decrypt_Pkcs1_BadPadding() - { @@ -757,23 +746,5 @@ public static IEnumerable OaepPaddingModes } } diff --git a/sources b/sources index 689d2e3..c823863 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dotnet-8.0.4.tar.gz) = 4567be457201dce8c0c66de6ff29e1da114dab2d30444ff2e5899715286dbb076d9bbab9676c2d3cbd99010367fd011a19ad747c7bf861b75f78312885f505a5 -SHA512 (dotnet-8.0.4.tar.gz.sig) = 4ff8cda1dbeb41454a2069131fb14fb337201c5c564e980545ebb810b7f0580493918489e938e023367916f9355929943ae4421e0ad59f1f30c461878e121e9c +SHA512 (dotnet-8.0.123.tar.gz) = 650372d872a91945b5b1f45a72a0fad97a068eec66add2278ae2cfe1196ca109e1c5d02eab389a28790b38f7dcee4731c165fade6c93849c4551b0b40055618c +SHA512 (dotnet-8.0.123.tar.gz.sig) = d5e88940fb4768674629b5b8fd321cee0432331da72397b226069320312b69deb9b06663f443fd2509e9a983a8360e64ee6e08d20008c48c77bb9ae35044b318 diff --git a/tests/ci.fmf b/tests/ci.fmf index 16657b9..44ebb2c 100644 --- a/tests/ci.fmf +++ b/tests/ci.fmf @@ -1,7 +1,9 @@ summary: Basic smoke test provision: - disk: 20 - memory: 5120 + hardware: + disk: + - size: ">= 20 GiB" + memory: ">= 5120 MiB" prepare: how: install package: @@ -39,3 +41,7 @@ execute: - dotnet turkey/Turkey.dll --version - git clone "https://github.com/redhat-developer/dotnet-regular-tests.git" - dotnet turkey/Turkey.dll -l="$TMT_TEST_DATA" dotnet-regular-tests --timeout=1200 + - dnf remove -yq 'dotnet*' + - set -x; if command -v dotnet ; then exit 1; fi + - set -x; if [ -d /usr/lib64/dotnet ]; then exit 1; fi + - set -x; if man dotnet; then exit 1; fi diff --git a/update-release b/update-release index 78d84ee..36454b6 100755 --- a/update-release +++ b/update-release @@ -104,7 +104,7 @@ else cp -a "${user_provided_tarball_name}" "dotnet-${tag}.tar.gz" cp -a "${release_json}" release.json else - rm release.json + rm -f release.json spectool -g "$spec_file" fi fi