chef 15.11.8-universal-mingw32 → 15.16.2-universal-mingw32

data/lib/chef/provider/mount/solaris.rb

@@ -1,4 +1,3 @@
-# Encoding: utf-8
 # Author:: Hugo Fichter
 # Author:: Lamont Granquist (<lamont@chef.io>)
 # Author:: Joshua Timberman (<joshua@chef.io>)

data/lib/chef/provider/package/cab.rb

@@ -94,7 +94,7 @@ class Chef
             split_package_identity(p["package_identity"])
           end
           found_packages = existing_package_identities.select do |existing_package_ident|
-            existing_package_ident["name"] == package["name"]
+            existing_package_ident["version"] == package["version"].chomp && existing_package_ident["name"] == package["name"]
           end
           if found_packages.empty?
             nil

data/lib/chef/provider/package/chocolatey.rb

@@ -251,7 +251,7 @@ class Chef
         end
 
         # Helper to convert choco.exe list output to a Hash
-        # (names are downcased for case-insenstive matching)
+        # (names are downcased for case-insensitive matching)
         #
         # @param cmd [String] command to run
         # @return [Hash] list output converted to ruby Hash

data/lib/chef/provider/package/dnf/dnf_helper.py

@@ -101,6 +101,11 @@ while 1:
     if ppid == 1:
         sys.exit(0)
     line = sys.stdin.readline()
+
+    # only way to detect EOF in python
+    if line == "":
+        break
+
     command = json.loads(line)
     if command['action'] == "whatinstalled":
         query(command)

data/lib/chef/provider/package/freebsd/pkgng.rb

@@ -42,7 +42,9 @@ class Chef
           end
 
           def current_installed_version
-            pkg_info = shell_out!("pkg", "info", new_resource.package_name, env: nil, returns: [0, 70])
+            # pkgng up to version 1.15.99.7 returns 70 for pkg not found,
+            # later versions return 1
+            pkg_info = shell_out!("pkg", "info", new_resource.package_name, env: nil, returns: [0, 1, 70])
             pkg_info.stdout[/^Version +: (.+)$/, 1]
           end
 

data/lib/chef/provider/package/msu.rb

@@ -109,6 +109,7 @@ class Chef
           @cab_files.each do |cab_file|
             declare_resource(:cab_package, new_resource.name) do
               source cab_file
+              timeout new_resource.timeout
               action :install
             end
           end

data/lib/chef/provider/package/powershell.rb

@@ -53,6 +53,9 @@ class Chef
 
         # Installs the package specified with the version passed else latest version will be installed
         def install_package(names, versions)
+          # To enable tls 1.2, which is disabled by default in some OS
+          powershell_out("[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12")
+
           names.each_with_index do |name, index|
             cmd = powershell_out(build_powershell_package_command("Install-Package '#{name}'", versions[index]), timeout: new_resource.timeout)
             next if cmd.nil?
@@ -115,7 +118,8 @@ class Chef
           command = [command] unless command.is_a?(Array)
           cmdlet_name = command.first
           command.unshift("(")
-          %w{-Force -ForceBootstrap}.each do |arg|
+          # -WarningAction SilentlyContinue is used to suppress the warnings from stdout
+          %w{-Force -ForceBootstrap -WarningAction SilentlyContinue}.each do |arg|
             command.push(arg)
           end
           command.push("-RequiredVersion #{version}") if version

data/lib/chef/provider/package/snap.rb

@@ -59,15 +59,14 @@ class Chef
         def get_current_versions
           package_name_array.each_with_index.map do |pkg, i|
             installed_version(i)
-          end
+          end.compact
         end
 
         def install_package(names, versions)
           if new_resource.source
             install_snap_from_source(names, new_resource.source)
           else
-            resolved_names = names.each_with_index.map { |name, i| available_version(i).to_s unless name.nil? }
-            install_snaps(resolved_names)
+            install_snaps(names)
           end
         end
 
@@ -75,14 +74,16 @@ class Chef
           if new_resource.source
             install_snap_from_source(names, new_resource.source)
           else
-            resolved_names = names.each_with_index.map { |name, i| available_version(i).to_s unless name.nil? }
-            update_snaps(resolved_names)
+            if get_current_versions.empty?
+              install_snaps(names, versions)
+            else
+              update_snaps(names)
+            end
           end
         end
 
         def remove_package(names, versions)
-          resolved_names = names.each_with_index.map { |name, i| installed_version(i).to_s unless name.nil? }
-          uninstall_snaps(resolved_names)
+          uninstall_snaps(names)
         end
 
         alias purge_package remove_package
@@ -129,19 +130,73 @@ class Chef
             "Accept: application/json\r\n" +
             "Content-Type: application/json\r\n"
           if method == "POST"
-            request.concat("Content-Length: #{post_data.bytesize}\r\n\r\n#{post_data}")
+            pdata = post_data.to_json.to_s
+            request.concat("Content-Length: #{pdata.bytesize}\r\n\r\n#{pdata}")
           end
           request.concat("\r\n")
-          # While it is expected to allow clients to connect using HTTPS over a TCP socket,
-          # at this point only a UNIX socket is supported. The socket is /run/snapd.socket
-          # Note - UNIXSocket is not defined on windows systems
+
+          # while it is expected to allow clients to connect using https over
+          # a tcp socket, at this point only a unix socket is supported. the
+          # socket is /run/snapd.socket note - unixsocket is not defined on
+          # windows systems
           if defined?(::UNIXSocket)
             UNIXSocket.open("/run/snapd.socket") do |socket|
-              # Send request, read the response, split the response and parse the body
-              socket.print(request)
-              response = socket.read
-              headers, body = response.split("\r\n\r\n", 2)
-              JSON.parse(body)
+              # send request, read the response, split the response and parse
+              # the body
+              socket.write(request)
+
+              # WARNING!!! HERE BE DRAGONs
+              #
+              # So snapd doesn't return an EOF at the end of its body, so
+              # doing a normal read will just hang forever.
+              #
+              # Well, sort of. if, after it writes everything, you then send
+              # yet-another newline, it'll then send its EOF and promptly
+              # disconnect closing the pipe and preventing reading. so, you
+              # have to read first, and therein lies the EOF problem.
+              #
+              # So you can do non-blocking reads with selects, but it
+              # makes every read take about 5 seconds. If, instead, we
+              # read the last line char-by-char, it's about half a second.
+              #
+              # Reading a character at a time isn't efficient, and since we
+              # know that http headers always have a blank line after them,
+              # we can read lines until we find a blank line and *then* read
+              # a character at a time. snap returns all the json on a single
+              # line, so once you pass headers you must read a character a
+              # time.
+              #
+              # - jaymzh
+
+              Chef::Log.trace(
+                "snap_package[#{new_resource.package_name}]: reading headers"
+              )
+              loop do
+                response = socket.readline
+                break if response.strip.empty? # finished headers
+              end
+              Chef::Log.trace(
+                "snap_package[#{new_resource.package_name}]: past headers, " +
+                "onto the body..."
+              )
+              result = nil
+              body = ""
+              socket.each_char do |c|
+                body << c
+                # we know we're not done if we don't have a char that
+                # can end JSON
+                next unless ["}", "]"].include?(c)
+
+                begin
+                  result = JSON.parse(body)
+                  # if we get here, we were able to parse the json so we
+                  # are done reading
+                  break
+                rescue JSON::ParserError
+                  next
+                end
+              end
+              result
             end
           end
         end
@@ -211,20 +266,22 @@ class Chef
           response.error!
         end
 
-        def install_snaps(snap_names)
-          response = post_snaps(snap_names, "install", new_resource.channel, new_resource.options)
-          id = get_id_from_async_response(response)
-          wait_for_completion(id)
+        def install_snaps(snap_names, versions)
+          snap_names.each do |snap|
+            response = post_snap(snap, "install", new_resource.channel, new_resource.options)
+            id = get_id_from_async_response(response)
+            wait_for_completion(id)
+          end
         end
 
         def update_snaps(snap_names)
-          response = post_snaps(snap_names, "refresh", new_resource.channel, new_resource.options)
+          response = post_snaps(snap_names, "refresh", nil, new_resource.options)
           id = get_id_from_async_response(response)
           wait_for_completion(id)
         end
 
         def uninstall_snaps(snap_names)
-          response = post_snaps(snap_names, "remove", new_resource.channel, new_resource.options)
+          response = post_snaps(snap_names, "remove", nil, new_resource.options)
           id = get_id_from_async_response(response)
           wait_for_completion(id)
         end
@@ -278,18 +335,20 @@ class Chef
               "action" => action,
               "snaps" => snap_names,
           }
-          if %w{install refresh switch}.include?(action)
+          if %w{install refresh switch}.include?(action) && channel
             request["channel"] = channel
           end
 
           # No defensive handling of params
           # Snap will throw the proper exception if called improperly
           # And we can provide that exception to the end user
-          request["classic"] = true if options["classic"]
-          request["devmode"] = true if options["devmode"]
-          request["jailmode"] = true if options["jailmode"]
+          if options
+            request["classic"] = true if options.include?("classic")
+            request["devmode"] = true if options.include?("devmode")
+            request["jailmode"] = true if options.include?("jailmode")
+            request["ignore_validation"] = true if options.include?("ignore-validation")
+          end
           request["revision"] = revision unless revision.nil?
-          request["ignore_validation"] = true if options["ignore-validation"]
           request
         end
 
@@ -305,12 +364,22 @@ class Chef
           call_snap_api("POST", "/v2/snaps", json)
         end
 
+        def post_snap(snap_name, action, channel, options, revision = nil)
+          json = generate_snap_json(snap_name, action, channel, options, revision = nil)
+          json.delete("snaps")
+          call_snap_api("POST", "/v2/snaps/#{snap_name}", json)
+        end
+
         def get_latest_package_version(name, channel)
           json = call_snap_api("GET", "/v2/find?name=#{name}")
           if json["status-code"] != 200
             raise Chef::Exceptions::Package, json["result"], caller
           end
 
+          unless json["result"][0]["channels"]["latest/#{channel}"]
+            raise Chef::Exceptions::Package, "No version of #{name} in channel #{channel}", caller
+          end
+
           # Return the version matching the channel
           json["result"][0]["channels"]["latest/#{channel}"]["version"]
         end

data/lib/chef/provider/package/yum/yum_helper.py

@@ -196,6 +196,10 @@ try:
         setup_exit_handler()
         line = inpipe.readline()
 
+        # only way to detect EOF in python
+        if line == "":
+            break
+
         try:
             command = json.loads(line)
         except ValueError, e:

data/lib/chef/provider/package/zypper.rb

@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
 #
 # Authors:: Adam Jacob (<adam@chef.io>)
 #           Ionuț Arțăriși (<iartarisi@suse.cz>)

data/lib/chef/provider/service/arch.rb

@@ -32,8 +32,8 @@ class Chef::Provider::Service::Arch < Chef::Provider::Service::Init
   end
 
   def load_current_resource
-    raise Chef::Exceptions::Service, "Could not find /etc/rc.conf" unless ::File.exists?("/etc/rc.conf")
-    raise Chef::Exceptions::Service, "No DAEMONS found in /etc/rc.conf" unless ::File.read("/etc/rc.conf") =~ /DAEMONS=\((.*)\)/m
+    raise Chef::Exceptions::Service, "Could not find /etc/rc.conf" unless ::File.exist?("/etc/rc.conf")
+    raise Chef::Exceptions::Service, "No DAEMONS found in /etc/rc.conf" unless /DAEMONS=\((.*)\)/m.match?(::File.read("/etc/rc.conf"))
 
     super
 

data/lib/chef/provider/service/debian.rb

@@ -45,7 +45,7 @@ class Chef
           shared_resource_requirements
           requirements.assert(:all_actions) do |a|
             update_rcd = "/usr/sbin/update-rc.d"
-            a.assertion { ::File.exists? update_rcd }
+            a.assertion { ::File.exist? update_rcd }
             a.failure_message Chef::Exceptions::Service, "#{update_rcd} does not exist!"
             # no whyrun recovery - this is a base system component of debian
             # distros and must be present

data/lib/chef/provider/service/gentoo.rb

@@ -34,7 +34,7 @@ class Chef::Provider::Service::Gentoo < Chef::Provider::Service::Init
     @current_resource.enabled(
       Dir.glob("/etc/runlevels/**/#{Chef::Util::PathHelper.escape_glob_dir(@current_resource.service_name)}").any? do |file|
         @found_script = true
-        exists = ::File.exists? file
+        exists = ::File.exist? file
         readable = ::File.readable? file
         logger.trace "#{@new_resource} exists: #{exists}, readable: #{readable}"
         exists && readable
@@ -47,7 +47,7 @@ class Chef::Provider::Service::Gentoo < Chef::Provider::Service::Init
 
   def define_resource_requirements
     requirements.assert(:all_actions) do |a|
-      a.assertion { ::File.exists?("/sbin/rc-update") }
+      a.assertion { ::File.exist?("/sbin/rc-update") }
       a.failure_message Chef::Exceptions::Service, "/sbin/rc-update does not exist"
       # no whyrun recovery -t his is a core component whose presence is
       # unlikely to be affected by what we do in the course of a chef run

data/lib/chef/provider/service/macosx.rb

@@ -84,7 +84,7 @@ class Chef
           end
 
           requirements.assert(:all_actions) do |a|
-            a.assertion { ::File.exists?(@plist.to_s) }
+            a.assertion { ::File.exist?(@plist.to_s) }
             a.failure_message Chef::Exceptions::Service,
               "Could not find plist for #{@new_resource}"
           end
@@ -215,7 +215,7 @@ class Chef
           return nil if @plist.nil?
 
           # Plist must exist by this point
-          raise Chef::Exceptions::FileNotFound, "Cannot find #{@plist}!" unless ::File.exists?(@plist)
+          raise Chef::Exceptions::FileNotFound, "Cannot find #{@plist}!" unless ::File.exist?(@plist)
 
           # Most services have the same internal label as the name of the
           # plist file. However, there is no rule saying that *has* to be

data/lib/chef/provider/service/openbsd.rb

@@ -132,7 +132,7 @@ class Chef
         end
 
         def update_rcl(value)
-          FileUtils.touch RC_CONF_LOCAL_PATH unless ::File.exists? RC_CONF_LOCAL_PATH
+          FileUtils.touch RC_CONF_LOCAL_PATH unless ::File.exist? RC_CONF_LOCAL_PATH
           ::File.write(RC_CONF_LOCAL_PATH, value)
           @rc_conf_local = value
         end

data/lib/chef/provider/service/redhat.rb

@@ -56,7 +56,7 @@ class Chef
 
           requirements.assert(:all_actions) do |a|
             chkconfig_file = "/sbin/chkconfig"
-            a.assertion { ::File.exists? chkconfig_file  }
+            a.assertion { ::File.exist? chkconfig_file }
             a.failure_message Chef::Exceptions::Service, "#{chkconfig_file} does not exist!"
           end
 
@@ -80,7 +80,7 @@ class Chef
 
           super
 
-          if ::File.exists?("/sbin/chkconfig")
+          if ::File.exist?("/sbin/chkconfig")
             chkconfig = shell_out!("/sbin/chkconfig --list #{current_resource.service_name}", returns: [0, 1])
             unless run_levels.nil? || run_levels.empty?
               all_levels_match = true

data/lib/chef/provider/service/upstart.rb

@@ -135,7 +135,7 @@ class Chef
             end
           end
           # Get enabled/disabled state by reading job configuration file
-          if ::File.exists?("#{@upstart_job_dir}/#{@new_resource.service_name}#{@upstart_conf_suffix}")
+          if ::File.exist?("#{@upstart_job_dir}/#{@new_resource.service_name}#{@upstart_conf_suffix}")
             logger.trace("#{@new_resource} found #{@upstart_job_dir}/#{@new_resource.service_name}#{@upstart_conf_suffix}")
             ::File.open("#{@upstart_job_dir}/#{@new_resource.service_name}#{@upstart_conf_suffix}", "r") do |file|
               while line = file.gets

data/lib/chef/provider/yum_repository.rb

@@ -37,7 +37,7 @@ class Chef
           if template_available?(new_resource.source)
             source new_resource.source
           else
-            source ::File.expand_path("../support/yum_repo.erb", __FILE__)
+            source ::File.expand_path("support/yum_repo.erb", __dir__)
             local true
           end
           sensitive new_resource.sensitive

data/lib/chef/provider/zypper_repository.rb

@@ -41,7 +41,7 @@ class Chef
           if template_available?(new_resource.source)
             source new_resource.source
           else
-            source ::File.expand_path("../support/zypper_repo.erb", __FILE__)
+            source ::File.expand_path("support/zypper_repo.erb", __dir__)
             local true
           end
           sensitive new_resource.sensitive
@@ -115,28 +115,48 @@ class Chef
         end
       end
 
+      # the version of gpg installed on the system
+      #
+      # @return [Gem::Version] the version of GPG
+      def gpg_version
+        so = shell_out!("gpg --version")
+        # matches 2.0 and 2.2 versions from SLES 12 and 15: https://rubular.com/r/e6D0WfGK6SXvUp
+        version = /gpg \(GnuPG\)\s*(.*)/.match(so.stdout)[1]
+        logger.trace("GPG package version is #{version}")
+        Gem::Version.new(version)
+      end
+
       # is the provided key already installed
       # @param [String] key_path the path to the key on the local filesystem
       #
       # @return [boolean] is the key already known by rpm
       def key_installed?(key_path)
-        so = shell_out("rpm -qa gpg-pubkey*")
+        so = shell_out("/bin/rpm -qa gpg-pubkey*")
         # expected output & match: http://rubular.com/r/RdF7EcXEtb
-        status = /gpg-pubkey-#{key_fingerprint(key_path)}/.match(so.stdout)
+        status = /gpg-pubkey-#{short_key_id(key_path)}/.match(so.stdout)
         logger.trace("GPG key at #{key_path} is known by rpm? #{status ? "true" : "false"}")
         status
       end
 
-      # extract the gpg key fingerprint from a local file
+      # extract the gpg key's short key id from a local file. Learning moment: This 8 hex value ID
+      # is sometimes incorrectly called the fingerprint. The fingerprint is the full length value
+      # and googling for that will just result in sad times.
+      #
       # @param [String] key_path the path to the key on the local filesystem
       #
-      # @return [String] the fingerprint of the key
-      def key_fingerprint(key_path)
-        so = shell_out!("gpg --with-fingerprint #{key_path}")
-        # expected output and match: http://rubular.com/r/BpfMjxySQM
-        fingerprint = %r{pub\s*\S*/(\S*)}.match(so.stdout)[1].downcase
-        logger.trace("GPG fingerprint of key at #{key_path} is #{fingerprint}")
-        fingerprint
+      # @return [String] the short key id of the key
+      def short_key_id(key_path)
+        if gpg_version >= Gem::Version.new("2.2") # SLES 15+
+          so = shell_out!("gpg --import-options import-show --dry-run --import --with-colons #{key_path}")
+          # expected output and match: https://rubular.com/r/uXWJo3yfkli1qA
+          short_key_id = /fpr:*\h*(\h{8}):/.match(so.stdout)[1].downcase
+        else # SLES 12 and earlier
+          so = shell_out!("gpg --with-fingerprint #{key_path}")
+          # expected output and match: http://rubular.com/r/BpfMjxySQM
+          short_key_id = %r{pub\s*\S*/(\S*)}.match(so.stdout)[1].downcase
+        end
+        logger.trace("GPG short key ID of key at #{key_path} is #{short_key_id}")
+        short_key_id
       end
 
       # install the provided gpg key