From 0fa2a0334a0a54c0cd3a64d4f0b904765402e7aa Mon Sep 17 00:00:00 2001 From: Josh Cooper Date: Tue, 6 Aug 2024 23:45:55 -0700 Subject: [PATCH 1/2] (PA-6885) Add DigiCert Global Root CA G2 for puppetlabs.net rubygems commands started failing on Windows due to a recent infrastructure change, because ruby does not integrate with the Windows trust store. Add the DigiCert cert as we've done in the past. $ openssl x509 -in resources/files/rubygems/DigiCertGlobalRootG2.pem -fingerprint -sha256 -noout SHA256 Fingerprint=CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F --- configs/components/ruby-2.7.8.rb | 3 +++ configs/components/ruby-3.2.5.rb | 3 +++ .../files/rubygems/DigiCertGlobalRootG2.pem | 22 +++++++++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 resources/files/rubygems/DigiCertGlobalRootG2.pem diff --git a/configs/components/ruby-2.7.8.rb b/configs/components/ruby-2.7.8.rb index 6e1aff2eb..5346e3988 100644 --- a/configs/components/ruby-2.7.8.rb +++ b/configs/components/ruby-2.7.8.rb @@ -260,6 +260,9 @@ pkg.add_source('file://resources/files/rubygems/GlobalSignRootCA_R3.pem') pkg.install_file '../GlobalSignRootCA_R3.pem', File.join(certs_dir, 'GlobalSignRootCA_R3.pem') + pkg.add_source('file://resources/files/rubygems/DigiCertGlobalRootG2.pem') + pkg.install_file '../DigiCertGlobalRootG2.pem', File.join(certs_dir, 'DigiCertGlobalRootG2.pem') + if rbconfig_changes.any? pkg.install do [ diff --git a/configs/components/ruby-3.2.5.rb b/configs/components/ruby-3.2.5.rb index bb680327c..2ddfd6dfa 100644 --- a/configs/components/ruby-3.2.5.rb +++ b/configs/components/ruby-3.2.5.rb @@ -291,6 +291,9 @@ pkg.add_source('file://resources/files/rubygems/GlobalSignRootCA_R3.pem') pkg.install_file '../GlobalSignRootCA_R3.pem', File.join(certs_dir, 'GlobalSignRootCA_R3.pem') + pkg.add_source('file://resources/files/rubygems/DigiCertGlobalRootG2.pem') + pkg.install_file '../DigiCertGlobalRootG2.pem', File.join(certs_dir, 'DigiCertGlobalRootG2.pem') + if rbconfig_changes.any? pkg.install do [ diff --git a/resources/files/rubygems/DigiCertGlobalRootG2.pem b/resources/files/rubygems/DigiCertGlobalRootG2.pem new file mode 100644 index 000000000..798e00275 --- /dev/null +++ b/resources/files/rubygems/DigiCertGlobalRootG2.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH +MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI +2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx +1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ +q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz +tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ +vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV +5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY +1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 +NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG +Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 +8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe +pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl +MrY= +-----END CERTIFICATE----- From 9bd66268c011d5bb5883a191c569707d2ef1bce6 Mon Sep 17 00:00:00 2001 From: donoghuc Date: Wed, 7 Aug 2024 11:54:42 -0700 Subject: [PATCH 2/2] (PE-38998) Revert ffi bump The puppet gem constrians ffi to < 1.17 for now. This commit reverts the 1.17 bump. --- configs/components/rubygem-ffi.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/configs/components/rubygem-ffi.rb b/configs/components/rubygem-ffi.rb index fba3a3717..86a6fd9a4 100644 --- a/configs/components/rubygem-ffi.rb +++ b/configs/components/rubygem-ffi.rb @@ -11,8 +11,8 @@ pkg.version '1.13.1' pkg.sha256sum '4e15f52ee45af7c5674d656041855448adbb5022618be252cd602d81b8e2978a' else - pkg.version '1.17.0' - pkg.sha256sum '51630e43425078311c056ca75f961bb3bda1641ab36e44ad4c455e0b0e4a231c' + pkg.version '1.16.3' + pkg.sha256sum '6d3242ff10c87271b0675c58d68d3f10148fabc2ad6da52a18123f06078871fb' end rb_major_minor_version = settings[:ruby_version].to_f @@ -37,8 +37,8 @@ case pkg.get_version when '1.9.25' pkg.sha256sum '5473ac958b78f271f53e9a88197c35cd3e990fbe625d21e525c56d62ae3750da' - when '1.17.0' - pkg.sha256sum '63c9b1c847036550c655237526c151ee535dbbeb638e70d9dd3ccbc6104c713b' + when '1.16.3' + pkg.sha256sum '6ec709011e3955e97033fa77907a8ab89a9150137d4c45c82c77399b909c9259' end pkg.url "https://rubygems.org/downloads/ffi-#{pkg.get_version}-x64-mingw32.gem" @@ -48,8 +48,8 @@ case pkg.get_version when '1.9.25' pkg.sha256sum '43d357732a6a0e3e41dc7e28a9c9c5112ac66f4a6ed9e1de40afba9ffcb836c1' - when '1.17.0' - pkg.sha256sum 'e6f55971b8d4909d95c19647adb1f9e8abfa5461d62deaaa1f69b8dccaf6c932' + when '1.16.3' + pkg.sha256sum '6344ea0da65decec0d4454dfcf080e3ab39213e76f0bed6aed5b0eeb1073c501' end pkg.url "https://rubygems.org/downloads/ffi-#{pkg.get_version}-x86-mingw32.gem"