foreman_maintain 1.7.9 → 1.7.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 74a80bff4334ff0e4d6a36e77200a71d94dd88f4083ac7f92d1cee35c5b77305
|
|
4
|
+
data.tar.gz: 26603e794c8c0ac12461c442511a15a2099630784df880fa5346f4a15b651707
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 218380fc4a8508cc557a43a4953bf98bd4b60a746296d7dc55d8182d3fad97961b471411e04cd50b8ba5df30e175326469d98ee061c5875b4026ccd609430277
|
|
7
|
+
data.tar.gz: c3e00eef89608fd03c4a7337ccf318914e06688049f2143919c1682947b744d7d7a68965dcb0298c120406b919f905f8fc276556adcd7199653accde87520089
|
|
@@ -16,14 +16,33 @@ class Checks::CheckSha1CertificateAuthority < ForemanMaintain::Check
|
|
|
16
16
|
|
|
17
17
|
return unless server_ca
|
|
18
18
|
|
|
19
|
-
|
|
19
|
+
begin
|
|
20
|
+
certificates = load_fullchain(server_ca)
|
|
21
|
+
rescue OpenSSL::X509::CertificateError
|
|
22
|
+
assert(false, "Error reading server CA certificate #{server_ca}.")
|
|
23
|
+
else
|
|
24
|
+
msg = <<~MSG
|
|
25
|
+
Server CA certificate #{server_ca} signed with sha1 which will break on upgrade.
|
|
26
|
+
Update the server CA certificate with one signed with sha256 or
|
|
27
|
+
stronger then proceed with the upgrade.
|
|
28
|
+
MSG
|
|
20
29
|
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
30
|
+
assert(
|
|
31
|
+
certificates.all? { |cert| cert.signature_algorithm != 'sha1WithRSAEncryption' },
|
|
32
|
+
msg
|
|
33
|
+
)
|
|
34
|
+
end
|
|
35
|
+
end
|
|
26
36
|
|
|
27
|
-
|
|
37
|
+
def load_fullchain(bundle_pem)
|
|
38
|
+
if OpenSSL::X509::Certificate.respond_to?(:load_file)
|
|
39
|
+
OpenSSL::X509::Certificate.load_file(bundle_pem)
|
|
40
|
+
else
|
|
41
|
+
# Can be removed when only Ruby with load_file support is supported
|
|
42
|
+
File.binread(bundle_pem).
|
|
43
|
+
lines.
|
|
44
|
+
slice_after(/END CERTIFICATE/).
|
|
45
|
+
map { |pem| OpenSSL::X509::Certificate.new(pem.join) }
|
|
46
|
+
end
|
|
28
47
|
end
|
|
29
48
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: foreman_maintain
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.7.
|
|
4
|
+
version: 1.7.10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ivan Nečas
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-12-
|
|
11
|
+
date: 2024-12-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: clamp
|
|
@@ -411,7 +411,7 @@ homepage: https://github.com/theforeman/foreman_maintain
|
|
|
411
411
|
licenses:
|
|
412
412
|
- GPL-3.0
|
|
413
413
|
metadata: {}
|
|
414
|
-
post_install_message:
|
|
414
|
+
post_install_message:
|
|
415
415
|
rdoc_options: []
|
|
416
416
|
require_paths:
|
|
417
417
|
- lib
|
|
@@ -430,7 +430,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
430
430
|
version: '0'
|
|
431
431
|
requirements: []
|
|
432
432
|
rubygems_version: 3.3.27
|
|
433
|
-
signing_key:
|
|
433
|
+
signing_key:
|
|
434
434
|
specification_version: 4
|
|
435
435
|
summary: Foreman maintenance tool belt
|
|
436
436
|
test_files: []
|