Skip to content

Commit

Permalink
Merge branch 'puppetlabs:master' into gems
Browse files Browse the repository at this point in the history
  • Loading branch information
@alex501212
alex501212 authored Oct 17, 2024
2 parents 68df29c + 903be86 commit f9f67d4
Show file tree
Hide file tree
Showing 18 changed files with 304 additions and 23 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/component_diff_check.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
cat ./output/text
- name: Upload artifacts
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v4
with:
name: artifacts
path: output/
4 changes: 3 additions & 1 deletion configs/components/_base-rubygem.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,11 @@
# in its component file rubygem-<compoment>, before the instance_eval of this file.
gem_install_options = settings["#{pkg.get_name}_gem_install_options".to_sym]
remove_older_versions = settings["#{pkg.get_name}_remove_older_versions".to_sym]
# Set a default gem_uninstall
gem_uninstall = settings[:gem_uninstall] || "#{settings[:host_gem]} uninstall --all --ignore-dependencies"
pkg.install do
steps = []
steps << "#{settings[:gem_uninstall]} #{name}" if remove_older_versions
steps << "#{gem_uninstall} #{name}" if remove_older_versions
steps << if gem_install_options.nil?
"#{settings[:gem_install]} #{name}-#{version}.gem"
else
Expand Down
7 changes: 4 additions & 3 deletions configs/components/curl.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@
case version
when '7.88.1'
pkg.sha256sum 'cdb38b72e36bc5d33d5b8810f8018ece1baa29a8f215b4495e495ded82bbf3c7'
when '8.9.1'
pkg.sha256sum '291124a007ee5111997825940b3876b3048f7d31e73e9caa681b80fe48b2dcd5'
when '8.10.1'
pkg.sha256sum 'd15ebab765d793e2e96db090f0e172d127859d78ca6f6391d7eafecfd894bbc0'
else
raise "curl version #{version} has not been configured; Cannot continue."
end
Expand Down Expand Up @@ -49,10 +49,11 @@
pkg.apply_patch 'resources/patches/curl/CVE-2024-2004.patch'
pkg.apply_patch 'resources/patches/curl/CVE-2024-2398.patch'
pkg.apply_patch 'resources/patches/curl/CVE-2024-7264.patch'
pkg.apply_patch 'resources/patches/curl/CVE-2024-8096.patch'
end

configure_options = []
configure_options << "--with-ssl=#{settings[:prefix]}"
configure_options << "--with-ssl=#{settings[:prefix]} --without-libpsl"

# OpenSSL version 3.0 & up no longer ships by default the insecure algorithms
# that curl's ntlm module depends on (md4 & des).
Expand Down
4 changes: 2 additions & 2 deletions configs/components/libxml2.rb
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
component "libxml2" do |pkg, settings, platform|
pkg.version '2.12.6'
pkg.sha256sum '889c593a881a3db5fdd96cc9318c87df34eb648edfc458272ad46fd607353fbb'
pkg.version '2.13.4'
pkg.sha256sum '65d042e1c8010243e617efb02afda20b85c2160acdbfbcb5b26b80cec6515650'

libxml2_version_y = pkg.get_version.gsub(/(\d+)\.(\d+)\.(\d+)/, '\1.\2')
pkg.url "https://download.gnome.org/sources/libxml2/#{libxml2_version_y}/libxml2-#{pkg.get_version}.tar.xz"
Expand Down
4 changes: 2 additions & 2 deletions configs/components/libxslt.rb
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
component "libxslt" do |pkg, settings, platform|
pkg.version '1.1.39'
pkg.sha256sum '2a20ad621148339b0759c4d4e96719362dee64c9a096dbba625ba053846349f0'
pkg.version '1.1.42'
pkg.sha256sum '85ca62cac0d41fc77d3f6033da9df6fd73d20ea2fc18b0a3609ffb4110e1baeb'

libxslt_version_y = pkg.get_version.gsub(/(\d+)\.(\d+)\.(\d+)/, '\1.\2')
pkg.url "https://download.gnome.org/sources/libxslt/#{libxslt_version_y}/libxslt-#{pkg.get_version}.tar.xz"
Expand Down
9 changes: 3 additions & 6 deletions configs/components/openssl-3.0.rb
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
component 'openssl' do |pkg, settings, platform|
pkg.version '3.0.14'
pkg.sha256sum 'eeca035d4dd4e84fc25846d952da6297484afa0650a6f84c682e39df3a4123ca'
pkg.url "https://openssl.org/source/openssl-#{pkg.get_version}.tar.gz"
pkg.version '3.0.15'
pkg.sha256sum '23c666d0edf20f14249b3d8f0368acaee9ab585b09e1de82107c66e1f3ec9533'
pkg.url "https://github.com/openssl/openssl/releases/download/openssl-#{pkg.get_version}/openssl-#{pkg.get_version}.tar.gz"
pkg.mirror "#{settings[:buildsources_url]}/openssl-#{pkg.get_version}.tar.gz"

#############################
Expand Down Expand Up @@ -121,9 +121,6 @@
'no-whirlpool'
]

# Remove this in 3.0.15 or later
pkg.apply_patch 'resources/patches/openssl/CVE-2024-5535.patch'

if settings[:use_legacy_openssl_algos]
pkg.apply_patch 'resources/patches/openssl/openssl-3-activate-legacy-algos.patch'
else
Expand Down
6 changes: 6 additions & 0 deletions configs/components/rubygem-faraday-follow_redirects.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
component 'rubygem-faraday-follow_redirects' do |pkg, settings, platform|
pkg.version '0.3.0'
pkg.md5sum '75fa678fa40b54a94e51efc1600a6461'

instance_eval File.read('configs/components/_base-rubygem.rb')
end
14 changes: 12 additions & 2 deletions configs/components/rubygem-faraday-net_http.rb
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,16 @@
component 'rubygem-faraday-net_http' do |pkg, settings, platform|
pkg.version '1.0.2'
pkg.md5sum 'b8e560b8cd7c008a7fd1686143428337'
version = settings[:rubygem_faraday_net_http_version] || '1.0.2'

case version
when '1.0.2'
pkg.version '1.0.2'
pkg.md5sum 'b8e560b8cd7c008a7fd1686143428337'
when '3.3.0'
pkg.version '3.3.0'
pkg.md5sum '7e6378aaa271587dd4109795c0a05769'
else
raise "rubygem-faraday-net_http version #{version} is not supported"
end

instance_eval File.read('configs/components/_base-rubygem.rb')
end
14 changes: 12 additions & 2 deletions configs/components/rubygem-faraday.rb
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,16 @@
component 'rubygem-faraday' do |pkg, settings, platform|
pkg.version '1.10.3'
pkg.md5sum 'c7b56130721c0b055c071bec593e2446'
version = settings[:rubygem_faraday_version] || '1.10.3'

case version
when '1.10.3'
pkg.version '1.10.3'
pkg.md5sum 'c7b56130721c0b055c071bec593e2446'
when '2.12.0'
pkg.version '2.12.0'
pkg.md5sum 'c0248b00a32c46b64cd2a172c96409ec'
else
raise "rubygem-faraday version #{version} is not supported"
end

instance_eval File.read('configs/components/_base-rubygem.rb')
end
15 changes: 13 additions & 2 deletions configs/components/rubygem-puppet_forge.rb
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,17 @@
component 'rubygem-puppet_forge' do |pkg, settings, platform|
pkg.version '3.2.0'
pkg.md5sum '501d5f9f742007504d0d60ce6cf0c27f'
version = settings[:rubygem_puppet_forge_version] || '3.2.0'
pkg.version version

case version
when '3.2.0'
pkg.version '3.2.0'
pkg.md5sum '501d5f9f742007504d0d60ce6cf0c27f'
when '5.0.4'
pkg.version '5.0.4'
pkg.md5sum '04a2ca2f027ed41d9142ced587b71bd7'
else
raise "rubygem-puppet_forge version #{version} is not supported"
end

instance_eval File.read('configs/components/_base-rubygem.rb')
end
5 changes: 5 additions & 0 deletions configs/projects/_pdk-components.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,10 @@
proj.component 'rubygem-fast_gettext'
proj.component 'rubygem-gettext-setup'
proj.component 'rubygem-minitar'
proj.component 'rubygem-faraday'
proj.component 'rubygem-faraday-follow_redirects'
proj.component 'rubygem-semantic_puppet'
proj.component 'rubygem-faraday-net_http'

# Bundler
proj.component 'rubygem-bundler'
Expand Down Expand Up @@ -99,5 +103,6 @@
proj.component 'rubygem-json_pure'
proj.component 'rubygem-diff-lcs'
proj.component 'rubygem-pathspec'
proj.component 'rubygem-puppet_forge'

proj.component 'ansicon' if platform.is_windows?
2 changes: 1 addition & 1 deletion configs/projects/agent-runtime-main.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
proj.setting :augeas_version, '1.14.1'
end

proj.setting :curl_version, '8.9.1'
proj.setting :curl_version, '8.10.1'

########
# Load shared agent settings
Expand Down
6 changes: 6 additions & 0 deletions configs/projects/client-tools-runtime-2023.8.x.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
project 'client-tools-runtime-2023.8.x' do |proj|
proj.setting(:openssl_version, '3.0')

# Common settings
instance_eval File.read(File.join(File.dirname(__FILE__), '_shared-client-tools-runtime.rb'))
end
3 changes: 3 additions & 0 deletions configs/projects/pdk-runtime.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@
proj.setting(:rubygem_fast_gettext_version, '1.1.2')
proj.setting(:rubygem_gettext_version, '3.2.2')
proj.setting(:rubygem_gettext_setup_version, '0.34')
proj.setting(:rubygem_puppet_forge_version, '5.0.4')
proj.setting(:rubygem_faraday_version, '2.12.0')
proj.setting(:rubygem_faraday_net_http_version, '3.3.0')

platform = proj.get_platform

Expand Down
28 changes: 28 additions & 0 deletions configs/projects/pe-bolt-server-runtime-2023.8.x.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
project 'pe-bolt-server-runtime-2023.8.x' do |proj|
proj.setting(:pe_version, '2023.8')
proj.setting(:rubygem_puppet_version, '8.8.1')
# We build bolt server with the ruby installed in the puppet-agent dep. For ruby 2.7 we need to use a --no-document flag
# for gem installs instead of --no-ri --no-rdoc. This setting allows us to use this while we support both ruby 2.5 and 2.7
# Once we are no longer using ruby 2.5 we can update.
proj.setting(:no_doc, true)

proj.setting(:ruby_version, '3.2.5')
proj.setting(:openssl_version, '3.0')

# We enable legacy algorithms for winrm transport. Currently the winrm transport
# does not work on FIPS, so in order to stay compliant we do not enable legacy algorithms
# on fips builds.
if proj.get_platform.name =~ /^redhatfips/
proj.setting(:use_legacy_openssl_algos, false)
else
proj.setting(:use_legacy_openssl_algos, true)
end

instance_eval File.read(File.join(File.dirname(__FILE__), '_shared-pe-bolt-server_with_ruby.rb'))
# These are ruby 3/puppet 8 specific gems. Some of them are "default/standard" gems. There
# is a very annoying issue where default gems can be loaded by MRI but not jruby.
# We explicitly pacakge up some default gems where we have explicit dependencies for jruby
proj.component 'rubygem-prime'
proj.component 'rubygem-rexml'
proj.component 'rubygem-getoptlong'
end
13 changes: 13 additions & 0 deletions configs/projects/pe-installer-runtime-2023.8.x.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
project 'pe-installer-runtime-2023.8.x' do |proj|
proj.setting(:ruby_version, '3.2.5')
proj.setting(:openssl_version, '3.0')
# NLTM uses MD4 unconditionally in its protocol, so legacy algos must be
# enabled in OpenSSL >= 3.0 for Bolt's WinRM transport to work.
# We DO NOT WANT legacy algos enabled for the Puppet Agent runtime.
proj.setting(:use_legacy_openssl_algos, true)

# rubygem-net-ssh included in shared-agent-components
proj.setting(:rubygem_net_ssh_version, '7.2.3')
proj.setting(:rubygem_puppet_version, '8.8.1')
instance_eval File.read(File.join(File.dirname(__FILE__), '_shared-pe-installer-runtime.rb'))
end
Loading

0 comments on commit f9f67d4

Please sign in to comment.