chef 18.6.2 → 18.7.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9758afdcd61880d10d2e6fcbd0097a3dc94ead3ce67004ba317ed1754cf529d2
-  data.tar.gz: 2ea4ff22776735a4ec71531e3c188769328e3dab07f1930ab4f59c6c2032a9b4
+  metadata.gz: cd6c311d620e980620e3c1933de98f896da522386e84cee0c0fa92ea8615c3b3
+  data.tar.gz: 8799e439771a8061aa5fada7f5b94c76001e4cab27ebf081741664db1b0dbeb4
 SHA512:
-  metadata.gz: 6f54220fa4591d43a562055250981453252a30db5bed94473ba0350b4d147ae0eb517da7ab371ef5963b8c7675b06206a5366585a86234ef0ede60a2d92ebf28
-  data.tar.gz: d096c1a73764313a572382cb45963efac685f4a33655225b447b8f58f9dbcfb4abf732da9c7bd2c855bf526a28d195a2a3af49e36029b9f7941bbe4b2ad6682b
+  metadata.gz: 224fe24ecc76d00d1bded47e7007225cc21479080582e25c6d792aa6d12b988a86d5205de3a3be29eb362f7880cdc884f6c746aee037ce0afec10402b49297d0
+  data.tar.gz: 16ef3b5a6b8c9c0ecb206d41b8353c63e2e1cf94240cfae67290f964d6bbd5f0b3578bb11322fdc617e28e502b1106cf9438ca897f8eecfbd0788153cb893af4

data/Gemfile

@@ -7,7 +7,7 @@ gem "ohai", git: "https://github.com/chef/ohai.git", branch: "18-stable"
 # Nwed to file a bug with rest-client. In the meantime, we can use this until they accept the update.
 gem "rest-client", git: "https://github.com/chef/rest-client", branch: "jfm/ucrt_update1"
 
-gem "ffi", ">= 1.15.5"
+gem "ffi", ">= 1.15.5", "<= 1.17.0"
 gem "chef-utils", path: File.expand_path("chef-utils", __dir__) if File.exist?(File.expand_path("chef-utils", __dir__))
 gem "chef-config", path: File.expand_path("chef-config", __dir__) if File.exist?(File.expand_path("chef-config", __dir__))
 
@@ -16,8 +16,6 @@ install_if -> { RUBY_PLATFORM !~ /darwin/ } do
   gem "openssl", "= 3.2.0"
 end
 
-gem "rdoc", "~> 6.4.1" # 6.4.1.1 required for CVE-2024-27281, allow patch upgrades
-
 if File.exist?(File.expand_path("chef-bin", __dir__))
   # bundling in a git checkout
   gem "chef-bin", path: File.expand_path("chef-bin", __dir__)
@@ -46,8 +44,10 @@ end
 
 # Everything except AIX and Windows
 group(:ruby_shadow) do
-  # if ruby-shadow does a release that supports ruby-3.0 this can be removed
-  gem "ruby-shadow", git: "https://github.com/chef/ruby-shadow", branch: "lcg/ruby-3.0", platforms: :ruby unless RUBY_PLATFORM == "x64-mingw-ucrt"
+  install_if -> { !RUBY_PLATFORM.match?(/mingw/) } do
+    # if ruby-shadow does a release that supports ruby-3.0 this can be removed
+    gem "ruby-shadow", git: "https://github.com/chef/ruby-shadow", branch: "lcg/ruby-3.0", platforms: :ruby
+  end
 end
 
 # deps that cannot be put in the knife gem because they require a compiler and fail on windows nodes

data/chef.gemspec

@@ -1,10 +1,13 @@
-$:.unshift(File.dirname(__FILE__) + "/lib")
+# on Windows, the directory location starts with "(eval at " because it's
+# being evaled in
+file_directory = File.dirname(__FILE__).gsub(/\(eval at /, "")
+$:.unshift(File.join(file_directory, "lib"))
 vs_path = File.expand_path("chef-utils/lib/chef-utils/version_string.rb", __dir__)
 
 if File.exist?(vs_path)
   # include chef-utils/lib in the path if we're inside of chef vs. chef-utils gem
   # but add it to the end of the search path
-  $: << (File.dirname(__FILE__) + "/chef-utils/lib")
+  $: << File.join(file_directory, "chef-utils", "lib")
 end
 # if the path doesn't exist then we're just in the wild gem and not in the git repo
 require "chef-utils/version_string"
@@ -14,7 +17,7 @@ Gem::Specification.new do |s|
   s.name = "chef"
   s.version = Chef::VERSION
   s.platform = Gem::Platform::RUBY
-  s.extra_rdoc_files = ["README.md", "LICENSE" ]
+  s.extra_rdoc_files = ["README.md", "LICENSE"]
   s.summary = "A systems integration framework, built to bring the benefits of configuration management to your entire infrastructure."
   s.description = s.summary
   s.license = "Apache-2.0"
@@ -31,12 +34,12 @@ Gem::Specification.new do |s|
   s.add_dependency "chef-config", "= #{Chef::VERSION}"
   s.add_dependency "chef-utils", "= #{Chef::VERSION}"
   s.add_dependency "train-core", "~> 3.10", "<= 3.12.7"
-  s.add_dependency "train-winrm", ">= 0.2.5"
+  s.add_dependency "train-winrm", "~> 0.2.17"
   s.add_dependency "train-rest", ">= 0.4.1" # target mode with rest APIs
 
   s.add_dependency "license-acceptance", ">= 1.0.5", "< 3"
   s.add_dependency "mixlib-cli", ">= 2.1.1", "< 3.0"
-  s.add_dependency "mixlib-log", ">= 2.0.3", "< 4.0"
+  s.add_dependency "mixlib-log", ">= 2.0.3", "<= 3.1.1"
   s.add_dependency "mixlib-authentication", ">= 2.1", "< 4"
   s.add_dependency "mixlib-shellout", ">= 3.1.1", "< 4.0"
   s.add_dependency "mixlib-archive", ">= 0.4", "< 2.0"
@@ -50,7 +53,7 @@ Gem::Specification.new do |s|
   s.add_dependency "erubis", "~> 2.7" # template resource / cookbook syntax check
   s.add_dependency "diff-lcs", ">= 1.2.4", "!= 1.4.0", "< 1.6.0" # 1.4 breaks output. Used in lib/chef/util/diff
   s.add_dependency "ffi-libarchive", "~> 1.0", ">= 1.0.3" # archive_file resource
-  s.add_dependency "chef-zero", ">= 14.0.11"
+  s.add_dependency "chef-zero", ">= 15.0.17"
   s.add_dependency "chef-vault" # chef-vault resources and helpers
 
   s.add_dependency "plist", "~> 3.2" # launchd, dscl/mac user, macos_userdefaults, osx_profile and plist resources
@@ -66,8 +69,9 @@ Gem::Specification.new do |s|
   s.add_dependency "aws-sdk-s3", "~> 1.91" # s3 recipe-url support
   s.add_dependency "aws-sdk-secretsmanager", "~> 1.46"
   s.add_dependency "vault", "~> 0.18.2" # hashi vault official client gem
-  s.bindir       = "bin"
-  s.executables  = %w{ }
+
+  s.bindir = "bin"
+  s.executables = %w{ }
 
   s.require_paths = %w{ lib }
   s.files = %w{Gemfile Rakefile LICENSE README.md} +
@@ -76,11 +80,11 @@ Gem::Specification.new do |s|
     Dir.glob("tasks/rspec.rb")
 
   s.metadata = {
-    "bug_tracker_uri"   => "https://github.com/chef/chef/issues",
-    "changelog_uri"     => "https://github.com/chef/chef/blob/main/CHANGELOG.md",
+    "bug_tracker_uri" => "https://github.com/chef/chef/issues",
+    "changelog_uri" => "https://github.com/chef/chef/blob/main/CHANGELOG.md",
     "documentation_uri" => "https://docs.chef.io/",
-    "homepage_uri"      => "https://www.chef.io",
-    "mailing_list_uri"  => "https://discourse.chef.io/",
-    "source_code_uri"   => "https://github.com/chef/chef/",
+    "homepage_uri" => "https://www.chef.io",
+    "mailing_list_uri" => "https://discourse.chef.io/",
+    "source_code_uri" => "https://github.com/chef/chef/",
   }
 end

data/lib/chef/compliance/default_attributes.rb

@@ -38,8 +38,8 @@ class Chef
       # Allow for connections to HTTPS endpoints using self-signed ssl certificates.
       "insecure" => nil,
 
-      # Controls verbosity of Chef InSpec runner. See less output when true.
-      "quiet" => true,
+      # When set to true, it will suppress CLI output for compliance phase.
+      "quiet" => false,
 
       # Chef Inspec Compliance profiles to be used for scan of node.
       # See Compliance Phase documentation for further details:

data/lib/chef/compliance/runner.rb

@@ -368,7 +368,12 @@ class Chef
       end
 
       def requested_reporters
-        (Array(node["audit"]["reporter"]) + ["cli"]).uniq
+        if node["audit"]["quiet"]
+          logger.info "node[\"audit\"][\"quiet\"] is set to true, skipping cli reporter"
+          Array(node["audit"]["reporter"]).uniq - ["cli"]
+        else
+          (Array(node["audit"]["reporter"]) + ["cli"]).uniq
+        end
       end
 
       def create_timestamp_file

data/lib/chef/cookbook/metadata.rb

@@ -391,7 +391,7 @@ class Chef
       def recipes_from_cookbook_version(cookbook)
         cookbook.fully_qualified_recipe_names.map do |recipe_name|
           unqualified_name =
-            if /::default$/.match?(recipe_name)
+            if recipe_name.end_with?("::default")
               name.to_s
             else
               recipe_name

data/lib/chef/cookbook/remote_file_vendor.rb

@@ -43,10 +43,7 @@ class Chef
           raise "get_filename: Cannot determine segment/filename for incoming filename #{filename}"
         end
 
-        files_for_segment = @manifest.files_for(segment)
-        raise "No such segment #{segment} in cookbook #{@cookbook_name}" unless files_for_segment
-
-        found_manifest_record = files_for_segment.find { |manifest_record| manifest_record[:path] == filename }
+        found_manifest_record = @manifest.manifest_records_by_path[filename]
         raise "No such file #{filename} in #{@cookbook_name}" unless found_manifest_record
 
         cache_filename = File.join("cookbooks", @cookbook_name, found_manifest_record["path"])

data/lib/chef/event_dispatch/dispatcher.rb

@@ -90,7 +90,6 @@ class Chef
       def process_events_until_done
         call_subscribers(*event_list.shift) until event_list.empty?
       end
-
     end
   end
 end

data/lib/chef/provider/package/dnf/dnf_helper.py

@@ -92,6 +92,13 @@ def query(command):
     q = subj.get_best_query(sack, with_provides=True)
 
     if command['action'] == "whatinstalled":
+        # When attempting to figure out what is installed, we should ignore any
+        # excludes that are configured, otherwise the "best" query for a given
+        # subject may refer to a package that is installed that provides that
+        # subject, but we really want to know if a package by that name exists
+        # in any available repository
+        q = subj.get_best_query(sack, with_provides=True, query=sack.query(flags=hawkey.IGNORE_EXCLUDES))
+
         q = q.installed()
 
     if command['action'] == "whatavailable":

data/lib/chef/provider/package/snap.rb

@@ -223,7 +223,7 @@ class Chef
             when "Do", "Doing", "Undoing", "Undo"
               # Continue
             when "Abort", "Hold", "Error"
-              raise result
+              raise "#{result["result"]["summary"]} - #{result["result"]["status"]} - #{result["result"]["err"]}"
             when "Done"
               waiting = false
             else

data/lib/chef/provider/registry_key.rb

@@ -51,9 +51,14 @@ class Chef
         current_resource.recursive(new_resource.recursive)
         if registry.key_exists?(new_resource.key)
           current_registry_values = registry.get_values(new_resource.key) || []
+
+          if new_resource.only_record_changes
+            current_registry_values.select! { |v| new_resource.values.any? { |nv| nv[:name] == v[:name] } }
+          end
           current_resource.values(current_registry_values)
         end
         values_to_hash(current_resource.unscrubbed_values)
+
         current_resource
       end
 
@@ -122,6 +127,7 @@ class Chef
             registry.create_key(new_resource.key, new_resource.recursive)
           end
         end
+
         new_resource.unscrubbed_values.each do |value|
           if @name_hash.key?(value[:name].downcase)
             current_value = @name_hash[value[:name].downcase]

data/lib/chef/resource/apt_repository.rb

@@ -164,6 +164,10 @@ class Chef
       property :key_proxy, [String, nil, FalseClass],
         description: "If set, a specified proxy is passed to GPG via `http-proxy=`."
 
+      property :signed_by, [String, true, false, nil],
+        description: "If a string, specify the file and/or fingerprint the repo is signed with. If true, set Signed-With to use the specified key",
+        default: true
+
       property :cookbook, [String, nil, FalseClass],
         description: "If key should be a cookbook_file, specify a cookbook where the key is located for files/default. Default value is nil, so it will use the cookbook where the resource is used.",
         desired_state: false
@@ -233,6 +237,17 @@ class Chef
           valid
         end
 
+        # validate the key against the a gpg keyring to see if that version is expired
+        # @param [String] key
+        #
+        # @return [Boolean] is the key valid or not
+        def keyring_key_is_valid?(keyring, key)
+          valid = shell_out("gpg", "--no-default-keyring", "--keyring", keyring, "--list-public-keys", key).stdout.each_line.none?(/\[(expired|revoked):/)
+
+          logger.debug "key #{key} #{valid ? "is valid" : "is not valid"}"
+          valid
+        end
+
         # return the specified cookbook name or the cookbook containing the
         # resource.
         #
@@ -279,6 +294,10 @@ class Chef
           end
         end
 
+        def keyring_path
+          "/etc/apt/keyrings/#{new_resource.repo_name}.gpg"
+        end
+
         # Fetch the key using either cookbook_file or remote_file, validate it,
         # and install it with apt-key add
         # @param [String] key the key to install
@@ -288,11 +307,19 @@ class Chef
         # @return [void]
         def install_key_from_uri(key)
           key_name = key.gsub(/[^0-9A-Za-z\-]/, "_")
-          cached_keyfile = ::File.join(Chef::Config[:file_cache_path], key_name)
-          tmp_dir = Dir.mktmpdir(".gpg")
-          at_exit { FileUtils.remove_entry(tmp_dir) }
+          keyfile_path = ::File.join(Chef::Config[:file_cache_path], key_name)
+          tmp_dir = TargetIO::Dir.mktmpdir(".gpg")
+          at_exit { TargetIO::FileUtils.remove_entry(tmp_dir) }
 
-          declare_resource(key_type(key), cached_keyfile) do
+          if new_resource.signed_by
+            keyfile_path = keyring_path
+
+            directory "/etc/apt/keyrings" do
+              mode "0755"
+            end
+          end
+
+          declare_resource(key_type(key), keyfile_path) do
             source key
             mode "0644"
             sensitive new_resource.sensitive
@@ -300,13 +327,17 @@ class Chef
             verify "gpg --homedir #{tmp_dir} %{path}"
           end
 
-          execute "apt-key add #{cached_keyfile}" do
-            command [ "apt-key", "add", cached_keyfile ]
-            default_env true
-            sensitive new_resource.sensitive
-            action :run
-            not_if { no_new_keys?(cached_keyfile) }
-            notifies :run, "execute[apt-cache gencaches]", :immediately
+          # If signed by is true, then we don't need to
+          # add to the default keyring
+          unless new_resource.signed_by
+            execute "apt-key add #{keyfile_path}" do
+              command [ "apt-key", "add", keyfile_path ]
+              default_env true
+              sensitive new_resource.sensitive
+              action :run
+              not_if { no_new_keys?(keyfile_path) }
+              notifies :run, "execute[apt-cache gencaches]", :immediately
+            end
           end
         end
 
@@ -336,6 +367,10 @@ class Chef
         #
         # @return [void]
         def install_key_from_keyserver(key, keyserver = new_resource.keyserver)
+          if new_resource.signed_by
+            install_key_from_keyserver_to_keyring(key, keyserver, keyring_path)
+            return
+          end
           execute "install-key #{key}" do
             command keyserver_install_cmd(key, keyserver)
             default_env true
@@ -352,6 +387,31 @@ class Chef
           raise "The key #{key} is invalid and cannot be used to verify an apt repository." unless key_is_valid?(key.upcase)
         end
 
+        # @param [String] key
+        # @param [String] keyserver
+        # @param [String] keyring
+        def install_key_from_keyserver_to_keyring(key, keyserver, keyring)
+          keyserver = "hkp://#{keyserver}:80" unless keyserver.start_with?("hkp://")
+
+          cmd = "gpg --no-default-keyring --keyring #{keyring}"
+          cmd << " --keyserver-options http-proxy=#{new_resource.key_proxy}" if new_resource.key_proxy
+          cmd << " --keyserver #{keyserver}"
+          cmd << " --recv #{key}"
+
+          execute "install-key #{key}" do
+            command cmd
+            default_env true
+            sensitive new_resource.sensitive
+            not_if do
+              present = shell_out(*%W{gpg --no-default-keyring --keyring #{keyring} --list-public-keys --with-fingerprint --with-colons #{key}}).exitstatus != 0
+              present && keyring_key_is_valid?(keyring, key.upcase)
+            end
+            notifies :run, "execute[apt-cache gencaches]", :immediately
+          end
+
+          raise "The key #{key} is invalid and cannot be used to verify an apt repository." unless keyring_key_is_valid?(keyring, key.upcase)
+        end
+
         # @param [String] owner
         # @param [String] repo
         #
@@ -405,11 +465,12 @@ class Chef
         # @param [Array] components
         # @param [Boolean] trusted
         # @param [String] arch
+        # @param [String] signed_by
         # @param [Array] options
         # @param [Boolean] add_src
         #
         # @return [String] complete repo config text
-        def build_repo(uri, distribution, components, trusted, arch, options, add_src = false)
+        def build_repo(uri, distribution, components, trusted, arch, signed_by, options, add_src = false)
           uri = make_ppa_url(uri) if is_ppa_url?(uri)
 
           uri = Addressable::URI.parse(uri)
@@ -417,6 +478,7 @@ class Chef
           options_list = []
           options_list << "arch=#{arch}" if arch
           options_list << "trusted=yes" if trusted
+          options_list << "signed-by=#{signed_by}" if signed_by
           options_list += options
           optstr = unless options_list.empty?
                      "[" + options_list.join(" ") + "]"
@@ -474,12 +536,18 @@ class Chef
 
         cleanup_legacy_file!
 
+        signed_by = new_resource.signed_by
+        if signed_by == true
+          signed_by = keyring_path
+        end
+
         repo = build_repo(
           new_resource.uri,
           new_resource.distribution,
           repo_components,
           new_resource.trusted,
           new_resource.arch,
+          signed_by,
           new_resource.options,
           new_resource.deb_src
         )
@@ -507,6 +575,11 @@ class Chef
               action :nothing
             end
 
+            file keyring_path do
+              sensitive new_resource.sensitive
+              action :delete
+            end
+
             file "/etc/apt/sources.list.d/#{new_resource.repo_name}.list" do
               sensitive new_resource.sensitive
               action :delete

data/lib/chef/resource/registry_key.rb

@@ -41,6 +41,19 @@ class Chef
       end
       ```
 
+      ```ruby
+      **Suppress reporting the sibling values of the values being updated in a registry key**
+      registry 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\Session Manager' do
+        values [{
+          name: 'ProtectionMode',
+          type: :dword,
+          data: 1
+        }]
+        only_record_changes true
+        action :create
+      end
+      ```
+
       **Create a registry key with binary data: "\x01\x02\x03"**:
 
       ```ruby
@@ -50,6 +63,7 @@ class Chef
           :type => :binary,
           :data => [0, 1, 2].map(&:chr).join
         }]
+
         action :create
       end
       ```
@@ -150,6 +164,10 @@ class Chef
       }
       property :recursive, [TrueClass, FalseClass], default: false
       property :architecture, Symbol, default: :machine, equal_to: %i{machine x86_64 i386}
+      property :only_record_changes, [TrueClass, FalseClass],
+               default: true,
+               introduced: "19.0",
+               description: "Suppress reporting of the current value of sibling values in a registry key. Setting this to false may result in a large number of values reported."
 
       # Some registry key data types may not be safely reported as json.
       # Example (CHEF-5323):

data/lib/chef/resource.rb

@@ -620,6 +620,7 @@ class Chef
       # Reporting endpoint doesn't accept a negative resource duration so set it to 0.
       # A negative value can occur when a resource changes the system time backwards
       @elapsed_time = 0 if @elapsed_time < 0
+
       events.resource_completed(self)
     end
 

data/lib/chef/resource_reporter.rb

@@ -190,6 +190,7 @@ class Chef
     def prepare_run_data
       run_data = {}
       run_data["action"] = "end"
+
       run_data["resources"] = updated_resources.map do |action_record|
         for_json(action_record)
       end

data/lib/chef/util/powershell/ps_credential.rb

@@ -31,9 +31,19 @@ class Chef
           "New-Object System.Management.Automation.PSCredential('#{@username}',('#{encrypt(@password)}' | ConvertTo-SecureString))"
         end
 
+        def to_plaintext
+          "#<Chef::Util::Powershell::PSCredential:#{object_id} @username=#{@username.inspect}>"
+        end
+
+        # These leak an encrypted password, however we can't rely on no-one using
+        # these assuming that behavior.
         alias to_s to_psobject
         alias to_text to_psobject
 
+        # Inspect has no business leaking anything but the username, and to be honest
+        # even that one could be dicey
+        alias inspect to_plaintext
+
         private
 
         def encrypt(str)

data/lib/chef/version.rb

@@ -23,7 +23,7 @@ require_relative "version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("..", __dir__)
-  VERSION = Chef::VersionString.new("18.6.2")
+  VERSION = Chef::VersionString.new("18.7.3")
 end
 
 #

data/lib/chef/win32/registry.rb

@@ -382,7 +382,6 @@ class Chef
         hive_name = reg_path.shift
         key = reg_path.join("\\")
       end
-
     end
   end
 end

data/spec/functional/assets/yumrepo-empty/repodata/repomd.xml

@@ -4,7 +4,7 @@
 <data type="filelists">
   <checksum type="sha256">401dc19bda88c82c403423fb835844d64345f7e95f5b9835888189c03834cc93</checksum>
   <open-checksum type="sha256">bf9808b81cb2dbc54b4b8e35adc584ddcaa73bd81f7088d73bf7dbbada961310</open-checksum>
-  <location href="repodata/401dc19bda88c82c403423fb835844d64345f7e95f5b9835888189c03834cc93-filelists.xml.gz"/>
+  <location href="repodata/401dc-filelists.xml.gz"/>
   <timestamp>1667508211</timestamp>
   <size>123</size>
   <open-size>125</open-size>
@@ -12,7 +12,7 @@
 <data type="primary">
   <checksum type="sha256">dabe2ce5481d23de1f4f52bdcfee0f9af98316c9e0de2ce8123adeefa0dd08b9</checksum>
   <open-checksum type="sha256">e1e2ffd2fb1ee76f87b70750d00ca5677a252b397ab6c2389137a0c33e7b359f</open-checksum>
-  <location href="repodata/dabe2ce5481d23de1f4f52bdcfee0f9af98316c9e0de2ce8123adeefa0dd08b9-primary.xml.gz"/>
+  <location href="repodata/dabe2-primary.xml.gz"/>
   <timestamp>1667508211</timestamp>
   <size>134</size>
   <open-size>167</open-size>
@@ -20,7 +20,7 @@
 <data type="primary_db">
   <checksum type="sha256">5dc1e6e73c84803f059bb3065e684e56adfc289a7e398946574d79dac6643945</checksum>
   <open-checksum type="sha256">f0d550414e8f2e960e82e704549364299ca9e3e8664ad4faffd208262c3b6d12</open-checksum>
-  <location href="repodata/5dc1e6e73c84803f059bb3065e684e56adfc289a7e398946574d79dac6643945-primary.sqlite.bz2"/>
+  <location href="repodata/5dc1e-primary.sqlite.bz2"/>
   <timestamp>1667508211</timestamp>
   <database_version>10</database_version>
   <size>1131</size>
@@ -29,7 +29,7 @@
 <data type="other_db">
   <checksum type="sha256">7c36572015e075add2b38b900837bcdbb8a504130ddff49b2351a7fc0affa3d4</checksum>
   <open-checksum type="sha256">4de0fe7c5dd2674849a7c63c326e42f33af0a0f46219bc6dd59f51dfa2ac8c68</open-checksum>
-  <location href="repodata/7c36572015e075add2b38b900837bcdbb8a504130ddff49b2351a7fc0affa3d4-other.sqlite.bz2"/>
+  <location href="repodata/7c365-other.sqlite.bz2"/>
   <timestamp>1667508211</timestamp>
   <database_version>10</database_version>
   <size>575</size>
@@ -38,7 +38,7 @@
 <data type="other">
   <checksum type="sha256">6bf9672d0862e8ef8b8ff05a2fd0208a922b1f5978e6589d87944c88259cb670</checksum>
   <open-checksum type="sha256">e0ed5e0054194df036cf09c1a911e15bf2a4e7f26f2a788b6f47d53e80717ccc</open-checksum>
-  <location href="repodata/6bf9672d0862e8ef8b8ff05a2fd0208a922b1f5978e6589d87944c88259cb670-other.xml.gz"/>
+  <location href="repodata/6bf96-other.xml.gz"/>
   <timestamp>1667508211</timestamp>
   <size>123</size>
   <open-size>121</open-size>
@@ -46,7 +46,7 @@
 <data type="filelists_db">
   <checksum type="sha256">01a3b489a465bcac22a43492163df43451dc6ce47d27f66de289756b91635523</checksum>
   <open-checksum type="sha256">c4211f57bdcbb142c9f93a6d32401539f775eb6a670ab7a423e13f435ce94689</open-checksum>
-  <location href="repodata/01a3b489a465bcac22a43492163df43451dc6ce47d27f66de289756b91635523-filelists.sqlite.bz2"/>
+  <location href="repodata/01a3b-filelists.sqlite.bz2"/>
   <timestamp>1667508211</timestamp>
   <database_version>10</database_version>
   <size>586</size>