foreman_maintain 1.7.7 → 1.7.8
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8777c6bb442c0912407d6f30a576230c2c55308168b8303d0fb88acdf63ed5ed
|
4
|
+
data.tar.gz: 60f93fc85d0f78df89cad0a8de1a50cef4cfc31f171ca97cb84e38811868b5b8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8ca48978960dfacef447466bbdfcd8f346402591645b0e44ce01d7b00a6c0981a7528c0a066d193807ad503fef6c624c9f0f7d683561cc92f42d07df28cf638b
|
7
|
+
data.tar.gz: e318ca1d5e8816e1073068d373b862871dd2b0527c9c0c4de1839ae6ec1e9bbe04c381409350d599a6bce25890acbc21ceb7c0f48224e463ca8cf21c237b9c13
|
@@ -0,0 +1,27 @@
|
|
1
|
+
class Checks::CheckSha1CertificateAuthority < ForemanMaintain::Check
|
2
|
+
metadata do
|
3
|
+
label :check_sha1_certificate_authority
|
4
|
+
description 'Check if server certificate authority is sha1 signed'
|
5
|
+
|
6
|
+
confine do
|
7
|
+
feature(:katello) || feature(:foreman_proxy)
|
8
|
+
end
|
9
|
+
|
10
|
+
do_not_whitelist
|
11
|
+
end
|
12
|
+
|
13
|
+
def run
|
14
|
+
installer_answers = feature(:installer).answers
|
15
|
+
server_ca = installer_answers['certs']['server_ca_cert']
|
16
|
+
|
17
|
+
certificate = OpenSSL::X509::Certificate.new(File.read(server_ca))
|
18
|
+
|
19
|
+
msg = <<~MSG
|
20
|
+
Server CA certificate signed with sha1 which will break on upgrade.
|
21
|
+
Update the server CA certificate with one signed with sha256 or
|
22
|
+
stronger then proceed with the upgrade.
|
23
|
+
MSG
|
24
|
+
|
25
|
+
assert(certificate.signature_algorithm != 'sha1WithRSAEncryption', msg)
|
26
|
+
end
|
27
|
+
end
|
@@ -55,6 +55,7 @@ module Scenarios::Satellite
|
|
55
55
|
Checks::CheckIpv6Disable,
|
56
56
|
Checks::Disk::AvailableSpacePostgresql13,
|
57
57
|
Checks::CheckOrganizationContentAccessMode,
|
58
|
+
Checks::CheckSha1CertificateAuthority,
|
58
59
|
Checks::Repositories::Validate.new(:version => target_version),
|
59
60
|
)
|
60
61
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: foreman_maintain
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.7.
|
4
|
+
version: 1.7.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ivan Nečas
|
@@ -162,6 +162,7 @@ files:
|
|
162
162
|
- definitions/checks/candlepin/db_up.rb
|
163
163
|
- definitions/checks/check_hotfix_installed.rb
|
164
164
|
- definitions/checks/check_ipv6_disable.rb
|
165
|
+
- definitions/checks/check_sha1_certificate_authority.rb
|
165
166
|
- definitions/checks/check_tmout.rb
|
166
167
|
- definitions/checks/disk/available_space.rb
|
167
168
|
- definitions/checks/disk/available_space_candlepin.rb
|