chef 18.7.6 → 18.8.9

data/lib/chef/resource/apt_repository.rb

@@ -237,17 +237,28 @@ class Chef
           valid
         end
 
-        # validate the key against the a gpg keyring to see if that version is expired
+        # validate the key against the gpg keyring to see if that version is expired or revoked
         # @param [String] key
+        # @param [String] keyring
         #
-        # @return [Boolean] is the key valid or not
+        # @return [Boolean] if the key valid or not
         def keyring_key_is_valid?(keyring, key)
-          valid = shell_out("gpg", "--no-default-keyring", "--keyring", keyring, "--list-public-keys", key).stdout.each_line.none?(/\[(expired|revoked):/)
+          out = shell_out("gpg", "--no-default-keyring", "--keyring", keyring, "--list-public-keys", key)
+          valid = out.exitstatus == 0 && out.stdout.each_line.none?(/\[(expired|revoked):/)
 
           logger.debug "key #{key} #{valid ? "is valid" : "is not valid"}"
           valid
         end
 
+        # validate the key against the gpg keyring to see if the key is present
+        # @param [String] key
+        # @param [String] keyring
+        #
+        # @return [Boolean] if the key present
+        def keyring_key_is_present?(keyring, key)
+          shell_out(*%W{gpg --no-default-keyring --keyring #{keyring} --list-public-keys --with-fingerprint --with-colons #{key}}).exitstatus == 0
+        end
+
         # return the specified cookbook name or the cookbook containing the
         # resource.
         #
@@ -284,7 +295,7 @@ class Chef
         # @raise [Chef::Exceptions::FileNotFound] Key isn't remote or found in the current run
         #
         # @return [Symbol] :remote_file or :cookbook_file
-        def key_type(uri)
+        def key_resource_type(uri)
           if uri.start_with?("http")
             :remote_file
           elsif has_cookbook_file?(uri)
@@ -307,29 +318,46 @@ class Chef
         # @return [void]
         def install_key_from_uri(key)
           key_name = key.gsub(/[^0-9A-Za-z\-]/, "_")
-          keyfile_path = ::File.join(Chef::Config[:file_cache_path], key_name)
+          keyfile_tmp_path = ::File.join(Chef::Config[:file_cache_path], key_name)
+          keyfile_path = keyring_path
           tmp_dir = Dir.mktmpdir(".gpg")
           at_exit { FileUtils.remove_entry(tmp_dir) }
 
           if new_resource.signed_by
-            keyfile_path = keyring_path
-
             directory "/etc/apt/keyrings" do
               mode "0755"
             end
-          end
 
-          declare_resource(key_type(key), keyfile_path) do
-            source key
-            mode "0644"
-            sensitive new_resource.sensitive
-            action :create
-            verify "gpg --homedir #{tmp_dir} %{path}"
-          end
+            declare_resource(key_resource_type(key), keyfile_tmp_path) do
+              source key
+              mode "0644"
+              sensitive new_resource.sensitive
+              action :create
+              verify "gpg --homedir #{tmp_dir} %{path}"
+              notifies :delete, "file[#{keyfile_path}]", :immediately
+              notifies :run, "execute[dearmor #{keyfile_path}]", :immediately
+            end
+
+            execute "dearmor #{keyfile_path}" do
+              command [ "gpg", "--batch", "--yes", "--dearmor", "-o", keyfile_path, keyfile_tmp_path ]
+              default_env true
+              sensitive new_resource.sensitive
+              action :nothing
+              only_if { !::File.exist?(keyfile_path) || ::File.read(keyfile_path).include?("-----BEGIN PGP PUBLIC KEY BLOCK-----") }
+            end
+
+            file keyfile_path do
+              mode "0644"
+            end
+          else
+            declare_resource(key_resource_type(key), keyfile_path) do
+              source key
+              mode "0644"
+              sensitive new_resource.sensitive
+              action :create
+              verify "gpg --homedir #{tmp_dir} %{path}"
+            end
 
-          # If signed by is true, then we don't need to
-          # add to the default keyring
-          unless new_resource.signed_by
             execute "apt-key add #{keyfile_path}" do
               command [ "apt-key", "add", keyfile_path ]
               default_env true
@@ -403,8 +431,7 @@ class Chef
             default_env true
             sensitive new_resource.sensitive
             not_if do
-              present = shell_out(*%W{gpg --no-default-keyring --keyring #{keyring} --list-public-keys --with-fingerprint --with-colons #{key}}).exitstatus != 0
-              present && keyring_key_is_valid?(keyring, key.upcase)
+              keyring_key_is_present?(keyring, key.upcase) && keyring_key_is_valid?(keyring, key.upcase)
             end
             notifies :run, "execute[apt-cache gencaches]", :immediately
           end
@@ -420,7 +447,7 @@ class Chef
         # @return [void]
         def install_ppa_key(owner, repo)
           url = "https://launchpad.net/api/1.0/~#{owner}/+archive/#{repo}"
-          key_id = Chef::HTTP::Simple.new(url).get("signing_key_fingerprint").delete('"')
+          key_id = Chef::HTTP::Simple.new(url, {}).get("signing_key_fingerprint").delete('"')
           install_key_from_keyserver(key_id, "keyserver.ubuntu.com")
         rescue Net::HTTPClientException => e
           raise "Could not access Launchpad ppa API: #{e.message}"

data/lib/chef/resource/archive_file.rb

@@ -21,10 +21,57 @@
 require_relative "../resource"
 require "fileutils" unless defined?(FileUtils)
 begin
+  # The explicit call to FFI::DynamicLibrary.open was added to address an issue specific to the Habitat packaging of Chef Infra Client on windows.
+  # In the Habitat environment, the libarchive library (archive.dll) is installed in a non-standard location that is not included
+  # in the default search paths used by the FFI gem to locate dynamic libraries. The default search paths for FFI are:
+  #   - <system library path>
+  #   - /usr/lib
+  #   - /usr/local/lib
+  #   - /opt/local/lib
+  # These paths do not account for the Habitat package structure, where libraries are installed in isolated directories under
+  # the Habitat package path (e.g., C:/hab/pkgs/core/libarchive/<version>/bin on Windows).
+  #
+  # Without explicitly loading archive.dll using FFI::DynamicLibrary.open, the ffi-libarchive gem fails to locate and load the library,
+  # resulting in runtime errors when attempting to use the archive_file resource.
+  #
+  # This code dynamically determines the path to archive.dll using the Habitat CLI (`hab pkg path core/libarchive`) and explicitly
+  # loads the library using FFI::DynamicLibrary.open. This ensures that the library is correctly loaded in the Habitat environment.
+  #
+  # Note: This logic is gated by a check for Habitat-specific environment variables (HAB_CACHE_SRC_PATH or HAB_PKG_PATH) to ensure
+  # that it is only applied in Habitat runs. For other environments (e.g., Omnibus, plain gem installations, or git checkouts),
+  # the default behavior of FFI is sufficient, as the libraries are installed in standard locations or embedded paths that are
+  # included in the default search paths.
+  if RUBY_PLATFORM.match?(/mswin|mingw|windows/) && (ENV["HAB_CACHE_SRC_PATH"] || ENV["HAB_PKG_PATH"])
+    require "ffi" unless defined?(FFI)
+    require "open3" unless defined?(Open3)
+    # Dynamically determine the path to the core/libarchive package
+    stdout, stderr, status = Open3.capture3("hab pkg path core/libarchive")
+    unless status.success?
+      Chef::Log.debug("Failed to determine Habitat libarchive path: #{stderr}")
+      return
+    end
+
+    habitat_libarchive_path = File.join(stdout.strip.tr("\\", "/"), "bin")
+    unless Dir.exist?(habitat_libarchive_path)
+      Chef::Log.debug("Habitat libarchive path not found: #{habitat_libarchive_path}")
+      return
+    end
+
+    archive_dll_path = File.join(habitat_libarchive_path, "archive.dll")
+    unless File.exist?(archive_dll_path)
+      Chef::Log.debug("archive.dll not found in Habitat path: #{habitat_libarchive_path}")
+      return
+    end
+
+    FFI::DynamicLibrary.open(archive_dll_path, FFI::DynamicLibrary::RTLD_LAZY) # Explicitly load the DLL
+    Chef::Log.debug("Explicitly loaded archive.dll from Habitat path: #{archive_dll_path}")
+  end
+
   # ffi-libarchive must be eager loaded see: https://github.com/chef/chef/issues/12228
   require "ffi-libarchive" unless defined?(Archive::Reader)
-rescue LoadError
-  STDERR.puts "ffi-libarchive could not be loaded, libarchive is probably not installed on system, archive_file will not be available"
+rescue LoadError => e
+  STDERR.puts "ffi-libarchive could not be loaded: #{e.message}"
+  STDERR.puts "libarchive is probably not installed on system, archive_file will not be available"
 end
 
 class Chef

data/lib/chef/resource/dnf_package.rb

@@ -71,6 +71,11 @@ class Chef
         description: "Allow downgrading a package to satisfy requested version requirements.",
         default: true,
         desired_state: false
+
+      property :environment, Hash,
+        introduced: "18.8",
+        description: "A Hash of environment variables in the form of {'ENV_VARIABLE' => 'VALUE'} to be set before running the command.",
+        default: {}, desired_state: false
     end
   end
 end

data/lib/chef/resource/dpkg_package.rb

@@ -41,6 +41,11 @@ class Chef
               description: "Allow downgrading a package to satisfy requested version requirements.",
               default: true,
               desired_state: false
+
+      property :environment, Hash,
+        introduced: "18.8",
+        description: "A Hash of environment variables in the form of {'ENV_VARIABLE' => 'VALUE'} to be set before running the command.",
+        default: {}, desired_state: false
     end
   end
 end

data/lib/chef/resource/ohai.rb

@@ -84,6 +84,16 @@ class Chef
         converge_by("re-run ohai and merge results into node attributes") do
           ohai = ::Ohai::System.new
 
+          # Load any custom plugins from cookbooks if they exist
+          # This ensures that cookbook-provided Ohai plugins are available
+          # when the resource reloads Ohai data
+          ohai_plugin_path = Chef::Config[:ohai_segment_plugin_path]
+          if ohai_plugin_path && Dir.exist?(ohai_plugin_path) && !Dir.empty?(ohai_plugin_path)
+            # Configure Ohai to load plugins from the cookbook segment path
+            ohai.config[:plugin_path] << ohai_plugin_path
+            logger.trace("Added cookbook plugin path to ohai: #{ohai_plugin_path}")
+          end
+
           # If new_resource.plugin is nil, ohai will reload all the plugins
           # Otherwise it will only reload the specified plugin
           # Note that any changes to plugins, or new plugins placed on

data/lib/chef/resource/package.rb

@@ -60,6 +60,11 @@ class Chef
         description: "The amount of time (in seconds) to wait before timing out.",
         desired_state: false
 
+      property :environment, Hash,
+        introduced: "18.8",
+        description: "A Hash of environment variables in the form of {'ENV_VARIABLE' => 'VALUE'} to be set before running the command.",
+        desired_state: false
+
     end
   end
 end

data/lib/chef/resource/rpm_package.rb

@@ -39,6 +39,11 @@ class Chef
 
       property :version, String,
         description: "The version of a package to be installed or upgraded."
+
+      property :environment, Hash,
+        introduced: "18.8",
+        description: "A Hash of environment variables in the form of {'ENV_VARIABLE' => 'VALUE'} to be set before running the command.",
+        default: {}, desired_state: false
     end
   end
 end

data/lib/chef/resource/yum_package.rb

@@ -155,6 +155,11 @@ class Chef
 
       property :yum_binary, String,
         description: "The path to the yum binary."
+
+      property :environment, Hash,
+        introduced: "18.8",
+        description: "A Hash of environment variables in the form of {'ENV_VARIABLE' => 'VALUE'} to be set before running the command.",
+        default: {}, desired_state: false
     end
   end
 end

data/lib/chef/shell.rb

@@ -132,11 +132,20 @@ module Shell
     irb_conf[:IRB_RC] = lambda do |conf|
       m = conf.main
 
-      conf.prompt_c       = "#{ChefUtils::Dist::Infra::EXEC}#{leader(m)} > "
-      conf.return_format  = " => %s \n"
+      # remove this clause for any Chef version that has upgraded to ruby >= 3.3.0
+      if RUBY_VERSION >= "3.3.0"
+        conf.prompt_c       = "#{ChefUtils::Dist::Infra::EXEC}#{leader(m)} > "
+        conf.prompt_n       = "#{ChefUtils::Dist::Infra::EXEC}#{leader(m)} ?> "
+        conf.prompt_s       = "#{ChefUtils::Dist::Infra::EXEC}#{leader(m)}%l> "
+      else
+        # there's a bug if you use a left arrow and the alternative prompts
+        # ... looks like 3.1.0 < version < 3.3.0 have it, from my manual testing
+        conf.prompt_c       = "#{ChefUtils::Dist::Infra::EXEC}#{leader(m)} (#{Chef::VERSION})> "
+        conf.prompt_n       = "#{ChefUtils::Dist::Infra::EXEC}#{leader(m)}(#{Chef::VERSION})?> "
+        conf.prompt_s       = "#{ChefUtils::Dist::Infra::EXEC}#{leader(m)}(#{Chef::VERSION})%l> "
+      end
       conf.prompt_i       = "#{ChefUtils::Dist::Infra::EXEC}#{leader(m)} (#{Chef::VERSION})> "
-      conf.prompt_n       = "#{ChefUtils::Dist::Infra::EXEC}#{leader(m)} ?> "
-      conf.prompt_s       = "#{ChefUtils::Dist::Infra::EXEC}#{leader(m)}%l> "
+      conf.return_format  = " => %s \n"
       conf.use_tracer     = false
       conf.instance_variable_set(:@use_multiline, false)
       conf.instance_variable_set(:@use_singleline, false)

data/lib/chef/version.rb

@@ -23,7 +23,7 @@ require_relative "version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("..", __dir__)
-  VERSION = Chef::VersionString.new("18.7.6")
+  VERSION = Chef::VersionString.new("18.8.9")
 end
 
 #

data/lib/chef/win32/version.rb

@@ -49,7 +49,8 @@ class Chef
       private_class_method :method_name_from_marketing_name
 
       WIN_VERSIONS = {
-        "Windows Server 2022" => { major: 10, minor: 0, callable: lambda { |product_type, suite_mask, build_number| product_type != VER_NT_WORKSTATION && build_number >= 20348 } },
+        "Windows Server 2025" => { major: 10, minor: 0, callable: lambda { |product_type, suite_mask, build_number| product_type != VER_NT_WORKSTATION && build_number >= 25398 } },
+        "Windows Server 2022" => { major: 10, minor: 0, callable: lambda { |product_type, suite_mask, build_number| product_type != VER_NT_WORKSTATION && build_number >= 20348 && build_number < 25398 } },
         "Windows Server 2019" => { major: 10, minor: 0, callable: lambda { |product_type, suite_mask, build_number| product_type != VER_NT_WORKSTATION && build_number >= 17763 && build_number < 20348 } },
         "Windows 11" => { major: 10, minor: 0, callable: lambda { |product_type, suite_mask, build_number| product_type == VER_NT_WORKSTATION && build_number >= 22000 } },
         "Windows 10" => { major: 10, minor: 0, callable: lambda { |product_type, suite_mask, build_number| product_type == VER_NT_WORKSTATION && build_number >= 19044 && build_number < 22000 } },

data/spec/functional/resource/git_spec.rb

@@ -263,7 +263,8 @@ describe Chef::Resource::Git do
 
   context "when dealing with a repo with a degenerate tag named 'HEAD'" do
     before do
-      shell_out!("git", "tag", "-m\"degenerate tag\"", "HEAD", "ed181b3419b6f489bedab282348162a110d6d3a1", cwd: origin_repo)
+      shell_out!("git", "tag", "-m\"degenerate tag\"", "HEAD_TAG", "ed181b3419b6f489bedab282348162a110d6d3a1", cwd: origin_repo)
+      # The original tag name of 'HEAD' caused errors in new git clients since it's a reserved name.
     end
 
     it "checks out the (master) HEAD revision and ignores the tag" do

data/spec/integration/client/open_ssl_spec.rb

@@ -1,13 +1,14 @@
 require "spec_helper"
+require "openssl"
 
 describe "openssl checks" do
   let(:openssl_version_default) do
     if windows?
-      "3.0.9"
+      "3.2.4"
     elsif macos?
       "1.1.1m"
     else
-      "3.0.9"
+      "3.2.4"
     end
   end
 
@@ -17,4 +18,8 @@ describe "openssl checks" do
       expect(OpenSSL.const_get("OPENSSL_#{method.upcase}")).to match(openssl_version_default), "OpenSSL doesn't match omnibus_overrides.rb"
     end
   end
+
+  example "check SSL_ENV_HACK", windows_only: true, validate_only: true do
+    expect(defined?(::SSL_ENV_CACERT_PATCH)).to be_truthy, "SSL_ENV_CACERT_PATCH is not defined, did you forget to include the openssl-customization.rb file in your project?"
+  end
 end

data/spec/spec_helper.rb

@@ -180,6 +180,7 @@ RSpec.configure do |config|
   config.filter_run_excluding openssl_gte_101: true unless openssl_gte_101?
   config.filter_run_excluding openssl_lt_101: true unless openssl_lt_101?
   config.filter_run_excluding aes_256_gcm_only: true unless aes_256_gcm?
+  config.filter_run_excluding validate_only: true unless ENV["BUILDKITE_BUILD_URL"] =~ /validate/ && ENV.fetch("BUILDKITE_LABEL", "") !~ /(Integration |Functional |Unit )/
   config.filter_run_excluding broken: true
   config.filter_run_excluding not_wpar: true unless wpar?
   config.filter_run_excluding not_supported_on_s390x: true unless s390x?

data/spec/unit/cookbook_version_spec.rb

@@ -96,6 +96,45 @@ describe Chef::CookbookVersion do
     end
   end
 
+  describe "#recipe_json_filenames_by_name" do
+    let(:cookbook_version) { Chef::CookbookVersion.new("mycb", "/tmp/mycb") }
+
+    def files_for_recipe(extension)
+      [
+        { name: "recipes/default.#{extension}", full_path: "/home/user/repo/cookbooks/test/recipes/default.#{extension}" },
+        { name: "recipes/other.#{extension}", full_path: "/home/user/repo/cookbooks/test/recipes/other.#{extension}" },
+      ]
+    end
+
+    %w{json}.each do |extension|
+
+      context "and JSON files are present including a recipes/default.#{extension}" do
+        before(:each) do
+          allow(cookbook_version).to receive(:files_for).with("recipes").and_return(files_for_recipe(extension))
+        end
+
+        context "and manifest does not include a root_files/recipe.#{extension}" do
+          it "returns all JSON recipes with a correct default of default.#{extension}" do
+            expect(cookbook_version.recipe_json_filenames_by_name).to eq({ "default" => "/home/user/repo/cookbooks/test/recipes/default.#{extension}",
+                                                                        "other" => "/home/user/repo/cookbooks/test/recipes/other.#{extension}" })
+          end
+        end
+
+        context "and manifest also includes a root_files/recipe.#{extension}" do
+          let(:root_files) { [{ name: "root_files/recipe.#{extension}", full_path: "/home/user/repo/cookbooks/test/recipe.#{extension}" } ] }
+          before(:each) do
+            allow(cookbook_version.cookbook_manifest).to receive(:root_files).and_return(root_files)
+          end
+
+          it "returns all JSON recipes with a correct default of recipe.#{extension}" do
+            expect(cookbook_version.recipe_json_filenames_by_name).to eq({ "default" => "/home/user/repo/cookbooks/test/recipe.#{extension}",
+                                                                         "other" => "/home/user/repo/cookbooks/test/recipes/other.#{extension}" })
+          end
+        end
+      end
+    end
+  end
+
   describe "with a cookbook directory named tatft" do
     MD5 = /[0-9a-f]{32}/.freeze
 

data/spec/unit/node/attribute_spec.rb

@@ -1100,7 +1100,7 @@ describe Chef::Node::Attribute do
           "c" => 4,
       }
       attributes = Chef::Node::Attribute.new(nil, default_hash, override_hash, nil)
-      expect(attributes.to_s).to eq('{"a"=>1, "b"=>3, "c"=>4}')
+      expect(attributes).to match({ "a" => 1, "b" => 3, "c" => 4 })
     end
   end
 

data/spec/unit/provider/apt_repository_spec.rb

@@ -45,12 +45,33 @@ describe "Chef::Provider::AptRepository" do
     sub:-:2048:16:84080586D1CA74A1:2009-04-22::::
   EOF
 
+  # Output of the command:
+  # gpg --no-default-keyring --keyring ${keyring} --list-public-keys ${key}
+  APG_GPG_KEYS_EXPIRED = <<~EOF.freeze
+    pub   dsa1024 2009-04-22 [SC] [expired: 2018-02-22]
+          F36A89E33CC1BD0F71079007327574EE02A818DD
+    uid                      Cloudera Apt Repository
+    sub   elg2048 2009-04-22 [E] [expired: 2018-02-22]
+  EOF
+
+  # Output of the command:
+  # gpg --no-default-keyring --keyring ${keyring} --list-public-keys ${key}
+  APG_GPG_KEYS_REVOKED = <<~EOF.freeze
+    pub   dsa1024 2009-04-22 [SC] [revoked: 2018-02-22]
+          F36A89E33CC1BD0F71079007327574EE02A818DD
+    uid                      Cloudera Apt Repository
+    sub   elg2048 2009-04-22 [E] [revoked: 2018-02-22]
+  EOF
+
   let(:node) { Chef::Node.new }
   let(:events) { Chef::EventDispatch::Dispatcher.new }
   let(:run_context) { Chef::RunContext.new(node, {}, events) }
   let(:collection) { double("resource collection") }
   let(:new_resource) { Chef::Resource::AptRepository.new("multiverse", run_context) }
   let(:provider) { new_resource.provider_for_action(:add) }
+  let(:keyring) { "/etc/apt/keyrings/ring.gpg" }
+  let(:key) { "ASDF1234" }
+  let(:keyserver) { "keyserver.ubuntu.com" }
 
   let(:apt_key_finger_cmd) do
     %w{apt-key adv --list-public-keys --with-fingerprint --with-colons}
@@ -70,9 +91,17 @@ describe "Chef::Provider::AptRepository" do
   end
 
   let(:gpg_shell_out_failure) do
-    double("shell_out", stderr: "gpg: no valid OpenPGP data found.\n
-                                    gpg: processing message failed: eof",
-                        exitstatus: 1, error?: true)
+    double("shell_out", stderr: "gpg: keybox '/etc/apt/keyrings/ring.gpg' created\ngpg: error reading key: No public key\n",
+                        stdout: "",
+                        exitstatus: 2, error?: true)
+  end
+
+  let(:gpg_shell_out_expired) do
+    double("shell_out", stdout: APG_GPG_KEYS_EXPIRED, exitstatus: 0, error?: false)
+  end
+
+  let(:gpg_shell_out_revoked) do
+    double("shell_out", stdout: APG_GPG_KEYS_REVOKED, exitstatus: 0, error?: false)
   end
 
   let(:apt_fingerprints) do
@@ -141,6 +170,40 @@ C5986B4F1257FFA86632CBA746181433FBB75451
     end
   end
 
+  describe "#keyring_key_is_valid?" do
+    it "returns true for a valid key" do
+      expect(provider).to receive(:shell_out).and_return(gpg_shell_out_success)
+      expect(provider.keyring_key_is_valid?(keyring, key)).to eql(true)
+    end
+
+    it "returns false when the key does not exist" do
+      expect(provider).to receive(:shell_out).and_return(gpg_shell_out_failure)
+      expect(provider.keyring_key_is_valid?(keyring, key)).to eql(false)
+    end
+
+    it "returns false when the key is expired" do
+      expect(provider).to receive(:shell_out).and_return(gpg_shell_out_expired)
+      expect(provider.keyring_key_is_valid?(keyring, key)).to eql(false)
+    end
+
+    it "returns false when the key has been revoked" do
+      expect(provider).to receive(:shell_out).and_return(gpg_shell_out_revoked)
+      expect(provider.keyring_key_is_valid?(keyring, key)).to eql(false)
+    end
+  end
+
+  describe "#keyring_key_is_present?" do
+    it "returns true for a key that exists" do
+      expect(provider).to receive(:shell_out).and_return(gpg_shell_out_success)
+      expect(provider.keyring_key_is_present?(keyring, key)).to eql(true)
+    end
+
+    it "returns false when the key is not present in the keyring" do
+      expect(provider).to receive(:shell_out).and_return(gpg_shell_out_failure)
+      expect(provider.keyring_key_is_present?(keyring, key)).to eql(false)
+    end
+  end
+
   describe "#no_new_keys?" do
     before do
       allow(provider).to receive(:extract_public_keys_from_cmd).with(*apt_key_finger_cmd).and_return(apt_public_keys)
@@ -165,17 +228,17 @@ C5986B4F1257FFA86632CBA746181433FBB75451
 
   describe "#key_type" do
     it "returns :remote_file with an http URL" do
-      expect(provider.key_type("https://www.chef.io/key")).to eq(:remote_file)
+      expect(provider.key_resource_type("https://www.chef.io/key")).to eq(:remote_file)
     end
 
     it "returns :cookbook_file with a chef managed file" do
       expect(provider).to receive(:has_cookbook_file?).and_return(true)
-      expect(provider.key_type("/foo/bar.key")).to eq(:cookbook_file)
+      expect(provider.key_resource_type("/foo/bar.key")).to eq(:cookbook_file)
     end
 
     it "throws exception if an unknown file specified" do
       expect(provider).to receive(:has_cookbook_file?).and_return(false)
-      expect { provider.key_type("/foo/bar.key") }.to raise_error(Chef::Exceptions::FileNotFound)
+      expect { provider.key_resource_type("/foo/bar.key") }.to raise_error(Chef::Exceptions::FileNotFound)
     end
   end
 
@@ -223,6 +286,20 @@ C5986B4F1257FFA86632CBA746181433FBB75451
     end
   end
 
+  describe "#install_key_from_keyserver_to_keyring" do
+    it "does not raise an error when the key is valid" do
+      expect(provider).to receive(:execute).and_return(nil)
+      expect(provider).to receive(:keyring_key_is_valid?).and_return(true)
+      expect { provider.install_key_from_keyserver_to_keyring(key, keyserver, keyring) }.not_to raise_error
+    end
+
+    it "raises an error with the key is invalid" do
+      expect(provider).to receive(:execute).and_return(nil)
+      expect(provider).to receive(:keyring_key_is_valid?).and_return(false)
+      expect { provider.install_key_from_keyserver_to_keyring(key, keyserver, keyring) }.to raise_error(RuntimeError)
+    end
+  end
+
   describe "#install_ppa_key" do
     let(:url) { "https://launchpad.net/api/1.0/~chef/+archive/main" }
     let(:key) { "C5986B4F1257FFA86632CBA746181433FBB75451" }
@@ -230,8 +307,8 @@ C5986B4F1257FFA86632CBA746181433FBB75451
     it "gets a key" do
       simples = double("HTTP")
       allow(simples).to receive(:get).and_return("\"#{key}\"")
-      expect(Chef::HTTP::Simple).to receive(:new).with(url).and_return(simples)
-      expect(provider).to receive(:install_key_from_keyserver).with(key, "keyserver.ubuntu.com")
+      expect(Chef::HTTP::Simple).to receive(:new).with(url, {}).and_return(simples)
+      expect(provider).to receive(:install_key_from_keyserver).with(key, keyserver)
       provider.install_ppa_key("chef", "main")
     end
   end

data/spec/unit/provider/package/rpm_spec.rb

@@ -151,7 +151,7 @@ describe Chef::Provider::Package::Rpm do
 
           context "when at the desired version already" do
             it "does nothing when the correct version is installed" do
-              expect(provider).to_not receive(:shell_out_compacted!).with("rpm", "-i", "/tmp/imagemagick-c++-6.5.4.7-7.el6_5.x86_64.rpm", timeout: 900)
+              expect(provider).to_not receive(:shell_out_compacted!).with("rpm", "-i", "/tmp/imagemagick-c++-6.5.4.7-7.el6_5.x86_64.rpm", env: {}, timeout: 900)
 
               provider.action_install
             end
@@ -162,7 +162,7 @@ describe Chef::Provider::Package::Rpm do
             let(:rpm_q_stdout) { "imagemagick-c++ 0.5.4.7-7.el6_5" }
 
             it "runs rpm -u with the package source to upgrade" do
-              expect(provider).to receive(:shell_out_compacted!).with("rpm", "-U", "--oldpackage", "/tmp/ImageMagick-c++-6.5.4.7-7.el6_5.x86_64.rpm", timeout: 900)
+              expect(provider).to receive(:shell_out_compacted!).with("rpm", "-U", "--oldpackage", "/tmp/ImageMagick-c++-6.5.4.7-7.el6_5.x86_64.rpm", env: {}, timeout: 900)
               provider.action_install
             end
           end
@@ -177,7 +177,7 @@ describe Chef::Provider::Package::Rpm do
             let(:rpm_q_stdout) { "imagemagick-c++ 21.4-19.el6_5" }
 
             it "should run rpm -u --oldpackage with the package source to downgrade" do
-              expect(provider).to receive(:shell_out_compacted!).with("rpm", "-U", "--oldpackage", "/tmp/ImageMagick-c++-6.5.4.7-7.el6_5.x86_64.rpm", timeout: 900)
+              expect(provider).to receive(:shell_out_compacted!).with("rpm", "-U", "--oldpackage", "/tmp/ImageMagick-c++-6.5.4.7-7.el6_5.x86_64.rpm", env: {}, timeout: 900)
               provider.action_install
             end
 
@@ -208,7 +208,7 @@ describe Chef::Provider::Package::Rpm do
             let(:rpm_q_stdout) { "imagemagick-c++ 0.5.4.7-7.el6_5" }
 
             it "runs rpm -u with the package source to upgrade" do
-              expect(provider).to receive(:shell_out_compacted!).with("rpm", "-U", "--oldpackage", "/tmp/ImageMagick-c++-6.5.4.7-7.el6_5.x86_64.rpm", timeout: 900)
+              expect(provider).to receive(:shell_out_compacted!).with("rpm", "-U", "--oldpackage", "/tmp/ImageMagick-c++-6.5.4.7-7.el6_5.x86_64.rpm", env: {}, timeout: 900)
               provider.action_upgrade
             end
           end
@@ -224,7 +224,7 @@ describe Chef::Provider::Package::Rpm do
             let(:rpm_q_stdout) { "imagemagick-c++ 21.4-19.el6_5" }
 
             it "should run rpm -u --oldpackage with the package source to downgrade" do
-              expect(provider).to receive(:shell_out_compacted!).with("rpm", "-U", "--oldpackage", "/tmp/ImageMagick-c++-6.5.4.7-7.el6_5.x86_64.rpm", timeout: 900)
+              expect(provider).to receive(:shell_out_compacted!).with("rpm", "-U", "--oldpackage", "/tmp/ImageMagick-c++-6.5.4.7-7.el6_5.x86_64.rpm", env: {}, timeout: 900)
               provider.action_upgrade
             end
 
@@ -368,7 +368,7 @@ describe Chef::Provider::Package::Rpm do
         describe "action install" do
 
           it "installs the package" do
-            expect(provider).to receive(:shell_out_compacted!).with("rpm", "-i", package_source, timeout: 900)
+            expect(provider).to receive(:shell_out_compacted!).with("rpm", "-i", package_source, env: {}, timeout: 900)
 
             provider.action_install
           end
@@ -376,7 +376,7 @@ describe Chef::Provider::Package::Rpm do
           context "when custom resource options are given" do
             it "installs with custom options specified in the resource" do
               new_resource.options("--dbpath /var/lib/rpm")
-              expect(provider).to receive(:shell_out_compacted!).with("rpm", "--dbpath", "/var/lib/rpm", "-i", package_source, timeout: 900)
+              expect(provider).to receive(:shell_out_compacted!).with("rpm", "--dbpath", "/var/lib/rpm", "-i", package_source, env: {}, timeout: 900)
               provider.action_install
             end
           end
@@ -387,7 +387,7 @@ describe Chef::Provider::Package::Rpm do
           let(:action) { :upgrade }
 
           it "installs the package" do
-            expect(provider).to receive(:shell_out_compacted!).with("rpm", "-i", package_source, timeout: 900)
+            expect(provider).to receive(:shell_out_compacted!).with("rpm", "-i", package_source, env: {}, timeout: 900)
 
             provider.action_upgrade
           end
@@ -424,7 +424,7 @@ describe Chef::Provider::Package::Rpm do
     it "should install from a path when the package is a path and the source is nil" do
       expect(new_resource.source).to eq("/tmp/ImageMagick-c++-6.5.4.7-7.el6_5.x86_64.rpm")
       provider.current_resource = current_resource
-      expect(provider).to receive(:shell_out_compacted!).with("rpm", "-i", "/tmp/ImageMagick-c++-6.5.4.7-7.el6_5.x86_64.rpm", timeout: 900)
+      expect(provider).to receive(:shell_out_compacted!).with("rpm", "-i", "/tmp/ImageMagick-c++-6.5.4.7-7.el6_5.x86_64.rpm", env: {}, timeout: 900)
       provider.install_package("/tmp/ImageMagick-c++-6.5.4.7-7.el6_5.x86_64.rpm", "6.5.4.7-7.el6_5")
     end
 
@@ -432,7 +432,7 @@ describe Chef::Provider::Package::Rpm do
       expect(new_resource.source).to eq("/tmp/ImageMagick-c++-6.5.4.7-7.el6_5.x86_64.rpm")
       current_resource.version("21.4-19.el5")
       provider.current_resource = current_resource
-      expect(provider).to receive(:shell_out_compacted!).with("rpm", "-U", "--oldpackage", "/tmp/ImageMagick-c++-6.5.4.7-7.el6_5.x86_64.rpm", timeout: 900)
+      expect(provider).to receive(:shell_out_compacted!).with("rpm", "-U", "--oldpackage", "/tmp/ImageMagick-c++-6.5.4.7-7.el6_5.x86_64.rpm", env: {}, timeout: 900)
       provider.upgrade_package("/tmp/ImageMagick-c++-6.5.4.7-7.el6_5.x86_64.rpm", "6.5.4.7-7.el6_5")
     end
   end