Bug#743746: jruby: has poor cryptographic support

brian m. carlson sandals at crustytoothpaste.net
Sat Apr 5 21:52:25 UTC 2014 

Package: jruby
Version: 1.5.6-7
Severity: normal

JRuby has really bad cryptographic support.  First, many algorithms are
missing.  The output directs me to the jruby-openssl gem, but that isn't
packaged.  If JRuby requires that gem in order to be as functional as
MRI, then it needs to be packaged and be an appropriate dependency (at
least a Recommends, if not a Depends) of jruby.  In this era,
cryptography is not an optional component.

Second, JRuby uses the wrong names for algorithms.  Running the attached
program (I have snipped the huge traceback that happens every time jruby
runs):

  vauxhall ok % ruby /tmp/sha256.rb
  Digest supports 'SHA256'
  Digest doesn't support 'SHA-256'
  SHA256 object exists
  vauxhall ok % env -u TZ jruby /tmp/sha256.rb
  JRuby limited openssl loaded. http://jruby.org/openssl
  gem install jruby-openssl for full support.
  Digest doesn't support 'SHA256'
  Digest supports 'SHA-256'
  SHA256 object does not exist

Notice that for the same algorithm, JRuby uses a different name, and it
doesn't support the SHA256 class that MRI has since at least 1.8.7.
This makes it impossible to write a program that works on both.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-rc7-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages jruby depends on:
ii  default-jre [java6-runtime]    2:1.7-51
ii  libjffi-jni                    1.0.2-11
ii  openjdk-7-jre [java6-runtime]  7u51-2.4.6-1

Versions of packages jruby recommends:
pn  ri1.8  <none>

jruby suggests no packages.

-- no debconf information

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20140405/d20370d3/attachment.sig>

More information about the pkg-java-maintainers mailing list