This ticket is a sub task of the https://bugs.ruby-lang.org/issues/22068.
Summary
This issue ticket is to manage Bundler specific things to add PQC support.
For RubyGems specific thing, you can see #9542.
Bundler has a HTTPS client feature to connect HTTPS RubyGems server. We need to test this part, and may modify the part.
Proof of concept
I prepared the proof-of-concept for Bundler in the following repository.
The testing matrix in the bundler.yml is below. For the explanation of each testnig case, you can check the #9542 - RubyGems server - Choice of the RubyGems server types
- RubyGems HTTPS client => HTTPS Ruby OpenSSL reverse proxy => RubyGems HTTP server
- RubyGems HTTPS client => HTTPS Nginx reverse proxy => RubyGems HTTP server
x
- a. PQC (single), non-PQC (single): Running a PQC server (ML-DSA-65 only) on port 18443 and a non-PQC server (RSA only) on port 18444 at the same time.
For Bundler to connect to the HTTPS PQC RubyGems server (https://pqc.rubygems.org), users need to set the following bundle config set commands. With the bundle config set mirror. setting, users can bypass the source 'https://rubygems.org/' written in Gemfile.
bundle config set --global ssl_ca_cert "/path/to/pqc_ca_file"
bundle config set --global mirror.https://rubygems.org https://pqc.rubygems.org
https://bundler.io/man/bundle-config.1.html - ssl_ca_cert
https://bundler.io/man/bundle-config.1.html#MIRRORS-OF-GEM-SOURCES
By the way, as bundle config set ssl_ca_cert didn't work, I am using OpenSSL's environment variable SSL_CERT_FILE in the testing script bundler/script/run_client.sh.
export SSL_CERT_FILE=/path/to/ca_file
https://docs.openssl.org/master/man7/openssl-env/ - SSL_CERT_FILE
Files to modify
Below is a list of the files that we may modify to support PQC.
lib/bundler/fetcher.rb
lib/bundler/shared_helpers.rb
spec/bundler/bundler/fetcher_spec.rb
spec/bundler/support/builders.rb
Let me know what you think.
This ticket is a sub task of the https://bugs.ruby-lang.org/issues/22068.
Summary
This issue ticket is to manage Bundler specific things to add PQC support.
For RubyGems specific thing, you can see #9542.
Bundler has a HTTPS client feature to connect HTTPS RubyGems server. We need to test this part, and may modify the part.
Proof of concept
I prepared the proof-of-concept for Bundler in the following repository.
The testing matrix in the bundler.yml is below. For the explanation of each testnig case, you can check the #9542 - RubyGems server - Choice of the RubyGems server types
x
For Bundler to connect to the HTTPS PQC RubyGems server (
https://pqc.rubygems.org), users need to set the followingbundle config setcommands. With thebundle config set mirror.setting, users can bypass thesource 'https://rubygems.org/'written inGemfile.https://bundler.io/man/bundle-config.1.html - ssl_ca_cert
https://bundler.io/man/bundle-config.1.html#MIRRORS-OF-GEM-SOURCES
By the way, as
bundle config set ssl_ca_certdidn't work, I am using OpenSSL's environment variableSSL_CERT_FILEin the testing scriptbundler/script/run_client.sh.https://docs.openssl.org/master/man7/openssl-env/ - SSL_CERT_FILE
Files to modify
Below is a list of the files that we may modify to support PQC.
Let me know what you think.