brianmario · sodabrew · Jan 31, 2023 · Dec 22, 2022 · junaruga · Dec 22, 2022
diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
@@ -16,7 +16,7 @@ jobs:
           # Fedora latest stable version
           - {distro: fedora, image: 'fedora:latest'}
           # Fedora development version
-          - {distro: fedora, image: 'fedora:rawhide'}
+          - {distro: fedora, image: 'fedora:rawhide', ssl_cert_dir: '/tmp/mysql2'}
       # On the fail-fast: true, it cancels all in-progress jobs
       # if any matrix job fails unlike Travis fast_finish.
       fail-fast: false
@@ -27,4 +27,10 @@ jobs:
       # as a temporary workaround to avoid the following issue
       # in the Fedora >= 34 containers.
       # https://bugzilla.redhat.com/show_bug.cgi?id=1900021
-      - run: docker run --add-host=mysql2gem.example.com:127.0.0.1 -t --cap-add=SYS_PTRACE --security-opt seccomp=unconfined mysql2
+      - run: |
+          docker run \
+            --add-host=mysql2gem.example.com:127.0.0.1 \
+            -t \
+            -e TEST_RUBY_MYSQL2_SSL_CERT_DIR="${{ matrix.ssl_cert_dir || '' }}" \
+            --cap-add=SYS_PTRACE --security-opt seccomp=unconfined \
+            mysql2
diff --git a/ci/ssl.sh b/ci/ssl.sh
@@ -2,19 +2,22 @@
 
 set -eux
 
+# TEST_RUBY_MYSQL2_SSL_CERT_DIR: custom SSL certs directory.
+SSL_CERT_DIR=${TEST_RUBY_MYSQL2_SSL_CERT_DIR:-/etc/mysql}
+
 # Make sure there is an /etc/mysql
-mkdir -p /etc/mysql
+mkdir -p "${SSL_CERT_DIR}"
 
 # Copy the local certs to /etc/mysql
-cp spec/ssl/*pem /etc/mysql/
+cp spec/ssl/*pem "${SSL_CERT_DIR}"
 
 # Wherever MySQL configs live, go there (this is for cross-platform)
 cd $(my_print_defaults --help | grep my.cnf | xargs find 2>/dev/null | xargs dirname)
 
 # Put the configs into the server
 echo "
 [mysqld]
-ssl-ca=/etc/mysql/ca-cert.pem
-ssl-cert=/etc/mysql/server-cert.pem
-ssl-key=/etc/mysql/server-key.pem
+ssl-ca=${SSL_CERT_DIR}/ca-cert.pem
+ssl-cert=${SSL_CERT_DIR}/server-cert.pem
+ssl-key=${SSL_CERT_DIR}/server-key.pem
 " >> my.cnf
diff --git a/spec/mysql2/client_spec.rb b/spec/mysql2/client_spec.rb
@@ -154,9 +154,9 @@ def connect(*args)
     let(:option_overrides) do
       {
         'host'     => 'mysql2gem.example.com', # must match the certificates
-        :sslkey    => '/etc/mysql/client-key.pem',
-        :sslcert   => '/etc/mysql/client-cert.pem',
-        :sslca     => '/etc/mysql/ca-cert.pem',
+        :sslkey    => "#{ssl_cert_dir}/client-key.pem",
+        :sslcert   => "#{ssl_cert_dir}/client-cert.pem",
+        :sslca     => "#{ssl_cert_dir}/ca-cert.pem",
         :sslcipher => 'DHE-RSA-AES256-SHA',
         :sslverify => true,
       }

diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
@@ -60,6 +60,19 @@ def clock_time
     end
   end
 
+  # A directory where SSL certificates pem files exist.
+  def ssl_cert_dir
+    return @ssl_cert_dir if @ssl_cert_dir
+
+    dir = ENV['TEST_RUBY_MYSQL2_SSL_CERT_DIR']
+    @ssl_cert_dir = if dir && !dir.empty?
+      dir
+    else
+      '/etc/mysql'
+    end
+    @ssl_cert_dir
+  end
+
   config.before(:suite) do
     begin
       new_client