chef 16.0.257-universal-mingw32 → 16.2.44-universal-mingw32

data/lib/chef/provider/package/windows.rb

@@ -36,6 +36,13 @@ class Chef
         require "chef/provider/package/windows/registry_uninstall_entry.rb"
 
         def define_resource_requirements
+          if new_resource.checksum
+            requirements.assert(:install) do |a|
+              a.assertion { new_resource.checksum == checksum(source_location) }
+              a.failure_message Chef::Exceptions::Package, "Checksum on resource (#{short_cksum(new_resource.checksum)}) does not match checksum on content (#{short_cksum(source_location)})"
+            end
+          end
+
           requirements.assert(:install) do |a|
             a.assertion { new_resource.source || msi? }
             a.failure_message Chef::Exceptions::NoWindowsPackageSource, "Source for package #{new_resource.package_name} must be specified in the resource's source property for package to be installed because the package_name property is used to test for the package installation state for this package type."
@@ -50,27 +57,15 @@ class Chef
           end
         end
 
-        # load_current_resource is run in Chef::Provider#run_action when not in whyrun_mode?
         def load_current_resource
-          @current_resource = Chef::Resource::WindowsPackage.new(new_resource.name)
-          if downloadable_file_missing?
-            logger.trace("We do not know the version of #{new_resource.source} because the file is not downloaded")
-            # FIXME: this label should not be used.  It could be set to nil.  Probably what should happen is that
-            # if the file hasn't been downloaded then load_current_resource must download the file here, and then
-            # the else clause to set current_resource.version can always be run.  Relying on a side-effect here
-            # produces at least less readable code, if not outright buggy...  (and I'm assuming that this isn't
-            # wholly just a bug -- since if we only need the package_name to determine if its installed then we
-            # need this, so I'm assuming we need to download the file to pull out the name in order to check
-            # the registry -- which it still feels like we get wrong in the sense we're forcing always downloading
-            # and then always installing(?) which violates idempotency -- and I'm having to think way too hard
-            # about this and would need to go surfing around the code to determine what actually happens, probably
-            # in every different package_provider...)
-            current_resource.version(:unknown.to_s)
-          else
-            current_resource.version(package_provider.installed_version)
-            new_resource.version(package_provider.package_version) if package_provider.package_version
+          if uri_scheme?(new_resource.source) && action == :install
+            download_source_file
           end
 
+          @current_resource = Chef::Resource::WindowsPackage.new(new_resource.name)
+          current_resource.version(package_provider.installed_version)
+          new_resource.version(package_provider.package_version) if package_provider.package_version
+
           current_resource
         end
 
@@ -139,17 +134,6 @@ class Chef
           end
         end
 
-        action :install do
-          if uri_scheme?(new_resource.source)
-            download_source_file
-            load_current_resource
-          else
-            validate_content!
-          end
-
-          super
-        end
-
         # Chef::Provider::Package action_install + action_remove call install_package + remove_package
         # Pass those calls to the correct sub-provider
         def install_package(name, version)
@@ -185,7 +169,7 @@ class Chef
         # is not multipackage.  The existing implementation of package_provider.installed_version should probably
         # be what `uninstall_version_array` is, and then that list should be sorted and last/first'd into the
         # current_resource.version.  The current_version_array method was not intended to be overwritten by
-        # sublasses (but ruby provides no feature to block doing so -- it is already marked as private).
+        # subclasses (but ruby provides no feature to block doing so -- it is already marked as private).
         #
         def current_version_array
           [ current_resource.version ]
@@ -245,6 +229,7 @@ class Chef
         end
 
         def resource_for_provider
+          # XXX: this is crazy
           @resource_for_provider = Chef::Resource::WindowsPackage.new(new_resource.name).tap do |r|
             r.source(Chef::Util::PathHelper.validate_path(source_location)) unless source_location.nil?
             r.cookbook_name = new_resource.cookbook_name
@@ -257,23 +242,22 @@ class Chef
         end
 
         def download_source_file
-          source_resource.run_action(:create)
-          logger.trace("#{new_resource} fetched source file to #{source_resource.path}")
-        end
-
-        def source_resource
-          @source_resource ||= Chef::Resource::RemoteFile.new(default_download_cache_path, run_context).tap do |r|
-            r.source(new_resource.source)
-            r.cookbook_name = new_resource.cookbook_name
-            r.checksum(new_resource.checksum)
-            r.backup(false)
+          # It seems correct that this is a build_resource rather than declare_resource/DSL use since updating should not trigger a notification
+          # unless the downloaded file is actually installed.  The case where the remote_file downloads the package but the package is already
+          # installed on the target should not trigger a notification since the running state did not change.
+          build_resource(:remote_file, default_download_cache_path) do
+            source(new_resource.source)
+            cookbook_name = new_resource.cookbook_name
+            checksum(new_resource.checksum)
+            backup(false)
 
             if new_resource.remote_file_attributes
               new_resource.remote_file_attributes.each do |(k, v)|
-                r.send(k.to_sym, v)
+                send(k.to_sym, v)
               end
             end
-          end
+          end.run_action(:create)
+          logger.trace("#{new_resource} fetched source file to #{default_download_cache_path}")
         end
 
         def default_download_cache_path
@@ -287,22 +271,13 @@ class Chef
           if new_resource.source.nil?
             nil
           elsif uri_scheme?(new_resource.source)
-            source_resource.path
+            default_download_cache_path
           else
             new_source = Chef::Util::PathHelper.cleanpath(new_resource.source)
             ::File.exist?(new_source) ? new_source : nil
           end
         end
 
-        def validate_content!
-          if new_resource.checksum
-            source_checksum = checksum(source_location)
-            if new_resource.checksum.downcase != source_checksum
-              raise Chef::Exceptions::ChecksumMismatch.new(short_cksum(new_resource.checksum), short_cksum(source_checksum))
-            end
-          end
-        end
-
         def msi?
           return true if new_resource.installer_type == :msi
 

data/lib/chef/provider/package/windows/msi.rb

@@ -18,7 +18,7 @@
 
 # TODO: Allow new_resource.source to be a Product Code as a GUID for uninstall / network install
 
-require_relative "../../../win32/api/installer" if RUBY_PLATFORM =~ /mswin|mingw32|windows/
+require_relative "../../../win32/api/installer" if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
 require_relative "../../../mixin/shell_out"
 
 class Chef
@@ -26,7 +26,7 @@ class Chef
     class Package
       class Windows
         class MSI
-          include Chef::ReservedNames::Win32::API::Installer if RUBY_PLATFORM =~ /mswin|mingw32|windows/
+          include Chef::ReservedNames::Win32::API::Installer if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
           include Chef::Mixin::ShellOut
 
           def initialize(resource, uninstall_entries)
@@ -84,7 +84,7 @@ class Chef
                 .map(&:uninstall_string).uniq.each do |uninstall_string|
                   uninstall_string = "msiexec /x #{uninstall_string.match(/{.*}/)}"
                   uninstall_string += expand_options(new_resource.options)
-                  uninstall_string += " /q" unless uninstall_string.downcase =~ %r{ /q}
+                  uninstall_string += " /q" unless %r{ /q}.match?(uninstall_string.downcase)
                   logger.trace("#{new_resource} removing MSI package version using '#{uninstall_string}'")
                   shell_out!(uninstall_string, default_env: false, timeout: new_resource.timeout, returns: new_resource.returns)
                 end

data/lib/chef/provider/package/windows/registry_uninstall_entry.rb

@@ -17,7 +17,7 @@
 # limitations under the License.
 #
 
-require "win32/registry" if RUBY_PLATFORM =~ /mswin|mingw32|windows/
+require "win32/registry" if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
 
 class Chef
   class Provider

data/lib/chef/provider/package/yum.rb

@@ -100,7 +100,7 @@ class Chef
 
             # If this is a package like the kernel that can be installed multiple times, we'll skip over this logic
             if new_resource.allow_downgrade && version_gt?(iv.version_with_arch, av.version_with_arch) && !python_helper.install_only_packages(name)
-              # We allow downgrading only in the evenit of single-package
+              # We allow downgrading only in the event of single-package
               # rules where the user explicitly allowed it
               method = "downgrade"
             end

data/lib/chef/provider/package/yum/yum_cache.rb

@@ -22,7 +22,7 @@ require "singleton" unless defined?(Singleton)
 
 #
 # These are largely historical APIs, the YumCache object no longer exists and this is a
-# fascade over the python helper class.  It should be considered deprecated-lite and
+# facade over the python helper class.  It should be considered deprecated-lite and
 # no new APIs should be added and should be added to the python_helper instead.
 #
 

data/lib/chef/provider/powershell_script.rb

@@ -26,19 +26,12 @@ class Chef
 
       provides :powershell_script
 
-      def initialize(new_resource, run_context)
-        super(new_resource, run_context, ".ps1")
-        add_exit_status_wrapper
-      end
-
       action :run do
         validate_script_syntax!
         super()
       end
 
       def command
-        basepath = is_forced_32bit ? wow64_directory : run_context.node["kernel"]["os_info"]["system_directory"]
-
         # Powershell.exe is always in "v1.0" folder (for backwards compatibility)
         interpreter_path = Chef::Util::PathHelper.join(basepath, "WindowsPowerShell", "v1.0", interpreter)
 
@@ -48,21 +41,19 @@ class Chef
         # error status of a failed Windows process that ran at the
         # end of the script, it gets changed to '1'.
         #
-        "\"#{interpreter_path}\" #{new_resource.flags} -File \"#{script_file.path}\""
+        "\"#{interpreter_path}\" #{new_resource.flags} -File \"#{script_file_path}\""
       end
 
       protected
 
-      # Process exit codes are strange with PowerShell and require
-      # special handling to cover common use cases.
-      def add_exit_status_wrapper
-        self.code = wrapper_script
+      def code
+        code = wrapper_script
         logger.trace("powershell_script provider called with script code:\n\n#{new_resource.code}\n")
         logger.trace("powershell_script provider will execute transformed code:\n\n#{code}\n")
+        code
       end
 
       def validate_script_syntax!
-        interpreter_arguments = new_resource.flags
         Tempfile.open(["chef_powershell_script-user-code", ".ps1"]) do |user_script_file|
           # Wrap the user's code in a PowerShell script block so that
           # it isn't executed. However, syntactically invalid script
@@ -80,7 +71,7 @@ class Chef
           # written to the file system at this point, which is required since
           # the intent is to execute the code just written to it.
           user_script_file.close
-          validation_command = "\"#{interpreter}\" #{interpreter_arguments} -Command \". '#{user_script_file.path}'\""
+          validation_command = "\"#{interpreter}\" #{new_resource.flags} -Command \". '#{user_script_file.path}'\""
 
           # Note that other script providers like bash allow syntax errors
           # to be suppressed by setting 'returns' to a value that the
@@ -94,11 +85,13 @@ class Chef
           # means a non-zero return and thus a syntactically invalid script.
 
           with_os_architecture(node, architecture: new_resource.architecture) do
-            shell_out!(validation_command, { returns: [0] })
+            shell_out!(validation_command, returns: [0])
           end
         end
       end
 
+      # Process exit codes are strange with PowerShell and require
+      # special handling to cover common use cases.
       # A wrapper script is used to launch user-supplied script while
       # still obtaining useful process exit codes. Unless you
       # explicitly call exit in PowerShell, the powershell.exe
@@ -182,6 +175,9 @@ class Chef
         EOH
       end
 
+      def script_extension
+        ".ps1"
+      end
     end
   end
 end

data/lib/chef/provider/remote_directory.rb

@@ -147,7 +147,7 @@ class Chef
         new_resource.updated_by_last_action(true) if res.updated?
       end
 
-      # Get the files to tranfer.  This returns files in lexicographical sort order.
+      # Get the files to transfer.  This returns files in lexicographical sort order.
       #
       # FIXME: it should do breadth-first, see CHEF-5080 (please use a performant sort)
       #
@@ -245,7 +245,7 @@ class Chef
         res = Chef::Resource::Directory.new(dir, run_context)
         res.cookbook_name = resource_cookbook
         if ChefUtils.windows? && rights
-          # rights are only meant to be applied to the toppest-level directory;
+          # rights are only meant to be applied to the most top-level directory;
           # Windows will handle inheritance.
           if dir == path
             rights.each do |r|

data/lib/chef/provider/remote_file/http.rb

@@ -130,10 +130,13 @@ class Chef
           # which tricks Chef::REST into decompressing the response body. In this
           # case you'd end up with a tar archive (no gzip) named, e.g., foo.tgz,
           # which is not what you wanted.
-          if uri.to_s =~ /gz$/
+          if /gz$/.match?(uri.to_s)
             logger.trace("Turning gzip compression off due to filename ending in gz")
             opts[:disable_gzip] = true
           end
+          if new_resource.ssl_verify_mode
+            opts[:ssl_verify_mode] = new_resource.ssl_verify_mode
+          end
           opts
         end
 

data/lib/chef/provider/script.rb

@@ -16,9 +16,7 @@
 # limitations under the License.
 #
 
-require "tempfile" unless defined?(Tempfile)
 require_relative "execute"
-require_relative "../win32/security" if ChefUtils.windows?
 require "forwardable" unless defined?(Forwardable)
 
 class Chef
@@ -34,84 +32,15 @@ class Chef
       provides :ruby
       provides :script
 
-      def_delegators :new_resource, :interpreter, :flags
-
-      attr_accessor :code
-
-      def initialize(new_resource, run_context)
-        super
-        self.code = new_resource.code
-      end
+      def_delegators :new_resource, :interpreter, :flags, :code
 
       def command
-        "\"#{interpreter}\" #{flags} \"#{script_file.path}\""
-      end
-
-      def load_current_resource
-        super
-      end
-
-      action :run do
-        script_file.puts(code)
-        script_file.close
-
-        set_owner_and_group
-
-        super()
-
-        unlink_script_file
-      end
-
-      def set_owner_and_group
-        if ChefUtils.windows?
-          # And on Windows also this is a no-op if there is no user specified.
-          grant_alternate_user_read_access
-        else
-          # FileUtils itself implements a no-op if +user+ or +group+ are nil
-          # You can prove this by running FileUtils.chown(nil,nil,'/tmp/file')
-          # as an unprivileged user.
-          FileUtils.chown(new_resource.user, new_resource.group, script_file.path)
-        end
+        "\"#{interpreter}\" #{flags}"
       end
 
-      def grant_alternate_user_read_access
-        # Do nothing if an alternate user isn't specified -- the file
-        # will already have the correct permissions for the user as part
-        # of the default ACL behavior on Windows.
-        return if new_resource.user.nil?
-
-        # Duplicate the script file's existing DACL
-        # so we can add an ACE later
-        securable_object = Chef::ReservedNames::Win32::Security::SecurableObject.new(script_file.path)
-        aces = securable_object.security_descriptor.dacl.reduce([]) { |result, current| result.push(current) }
-
-        username = new_resource.user
-
-        if new_resource.domain
-          username = new_resource.domain + '\\' + new_resource.user
-        end
-
-        # Create an ACE that allows the alternate user read access to the script
-        # file so it can be read and executed.
-        user_sid = Chef::ReservedNames::Win32::Security::SID.from_account(username)
-        read_ace = Chef::ReservedNames::Win32::Security::ACE.access_allowed(user_sid, Chef::ReservedNames::Win32::API::Security::GENERIC_READ | Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE, 0)
-        aces.push(read_ace)
-        acl = Chef::ReservedNames::Win32::Security::ACL.create(aces)
-
-        # This actually applies the modified DACL to the file
-        # Use parentheses to bypass RuboCop / ChefStyle warning
-        # about useless setter
-        (securable_object.dacl = acl)
+      def input
+        code
       end
-
-      def script_file
-        @script_file ||= Tempfile.open("chef-script")
-      end
-
-      def unlink_script_file
-        script_file && script_file.close!
-      end
-
     end
   end
 end

data/lib/chef/provider/service/arch.rb

@@ -33,7 +33,7 @@ class Chef::Provider::Service::Arch < Chef::Provider::Service::Init
 
   def load_current_resource
     raise Chef::Exceptions::Service, "Could not find /etc/rc.conf" unless ::File.exists?("/etc/rc.conf")
-    raise Chef::Exceptions::Service, "No DAEMONS found in /etc/rc.conf" unless ::File.read("/etc/rc.conf") =~ /DAEMONS=\((.*)\)/m
+    raise Chef::Exceptions::Service, "No DAEMONS found in /etc/rc.conf" unless /DAEMONS=\((.*)\)/m.match?(::File.read("/etc/rc.conf"))
 
     super
 
@@ -42,7 +42,7 @@ class Chef::Provider::Service::Arch < Chef::Provider::Service::Init
   end
 
   # Get list of all daemons from the file '/etc/rc.conf'.
-  # Mutiple lines and background form are supported. Example:
+  # Multiple lines and background form are supported. Example:
   #   DAEMONS=(\
   #     foobar \
   #     @example \

data/lib/chef/provider/service/debian.rb

@@ -76,9 +76,9 @@ class Chef
 
           in_info = false
           ::File.readlines(path).each_with_object([]) do |line, acc|
-            if line =~ /^### BEGIN INIT INFO/
+            if /^### BEGIN INIT INFO/.match?(line)
               in_info = true
-            elsif line =~ /^### END INIT INFO/
+            elsif /^### END INIT INFO/.match?(line)
               break acc
             elsif in_info
               if line =~ /Default-(Start|Stop):\s+(\d.*)/

data/lib/chef/provider/service/macosx.rb

@@ -56,8 +56,10 @@ class Chef
           if @console_user
             @console_user = Etc.getpwuid(::File.stat("/dev/console").uid).name
             logger.trace("#{new_resource} console_user: '#{@console_user}'")
-            cmd = "su -l"
-            @base_user_cmd = cmd + "#{@console_user} -c"
+
+            @base_user_cmd = "su -l #{@console_user} -c"
+            logger.trace("#{new_resource} base_user_cmd: '#{@base_user_cmd}'")
+
             # Default LaunchAgent session should be Aqua
             @session_type = "Aqua" if @session_type.nil?
           end
@@ -140,6 +142,15 @@ class Chef
         #
         # This makes some sense on macOS since launchctl is an "init"-style
         # supervisor that will restart daemons that are crashing, etc.
+        #
+        # FIXME: Does this make any sense at all?  The difference between enabled and
+        # running as state would seem to only be useful for completely broken
+        # services (enabled, not restarting, but not running => totally broken?).
+        #
+        # It seems like otherwise :enable is equivalent to :start, and :disable is
+        # equivalent to :stop?  But just with strangely different behavior in the
+        # face of a broken service?
+        #
         def enable_service
           if @current_resource.enabled
             logger.trace("#{@new_resource} already enabled, not enabling")