gitlab-labkit 0.22.0 → 0.23.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +3 -0
- data/README.md +2 -1
- data/gitlab-labkit.gemspec +1 -1
- data/lib/gitlab-labkit.rb +1 -0
- data/lib/labkit/fips.rb +47 -0
- metadata +7 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 374f599a7aab8870d5294f5920d5f8563d8b694ea6788c1fa42ad7e8a50fd34a
|
|
4
|
+
data.tar.gz: f3d81d73ec48bf35b8faaf6cb8e5f43c27feb32a411acab08d1b5caddf112acb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: daf3ba2cc04096dbcfd4ce9acb9a719b4437eba9aa9b2e4d3a39885f5b47dbd8dd5dc2696e775ecfd961cc729426f8eca5b7abe978a9c023876d3aac9e29168f
|
|
7
|
+
data.tar.gz: fe9648bd7092ff6852fbda09f54ca6356c5b3c8eb3974ff16839b8bb7e9f28ffb3d145e626383ab8d09f1e19dc1b6b2b10fedc910296e74e9af82c5b39155c4f
|
data/.rubocop.yml
CHANGED
data/README.md
CHANGED
|
@@ -16,10 +16,11 @@ The changelog is available via [**tagged release notes**](https://gitlab.com/git
|
|
|
16
16
|
|
|
17
17
|
## Functionality
|
|
18
18
|
|
|
19
|
-
LabKit-Ruby provides functionality in
|
|
19
|
+
LabKit-Ruby provides functionality in a number of areas:
|
|
20
20
|
|
|
21
21
|
1. `Labkit::Context` used for providing context information to log messages.
|
|
22
22
|
1. `Labkit::Correlation` For accessing the correlation id. (Generated and propagated by `Labkit::Context`)
|
|
23
|
+
1. `Labkit::FIPS` for checking for FIPS mode and using FIPS-compliant algorithms.
|
|
23
24
|
1. `Labkit::Logging` for sanitizing log messages.
|
|
24
25
|
1. `Labkit::Tracing` for handling and propagating distributed traces.
|
|
25
26
|
|
data/gitlab-labkit.gemspec
CHANGED
|
@@ -30,7 +30,7 @@ Gem::Specification.new do |spec|
|
|
|
30
30
|
# Please maintain alphabetical order for dev dependencies
|
|
31
31
|
spec.add_development_dependency "excon", "~> 0.78.1"
|
|
32
32
|
spec.add_development_dependency "faraday", "~> 1.2.0"
|
|
33
|
-
spec.add_development_dependency "gitlab-dangerfiles"
|
|
33
|
+
spec.add_development_dependency "gitlab-dangerfiles", "~> 2.11.0"
|
|
34
34
|
spec.add_development_dependency "gitlab-styles", "~> 6.2.0"
|
|
35
35
|
spec.add_development_dependency "grpc-tools", ">= 1.37"
|
|
36
36
|
spec.add_development_dependency "httparty", "~> 0.17.3"
|
data/lib/gitlab-labkit.rb
CHANGED
data/lib/labkit/fips.rb
ADDED
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Labkit
|
|
4
|
+
module Digest
|
|
5
|
+
module SHA2
|
|
6
|
+
def new(*args, &block)
|
|
7
|
+
bitlen = args.first || 256
|
|
8
|
+
::OpenSSL::Digest.const_get("SHA#{bitlen}").new
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
class FIPS
|
|
14
|
+
OPENSSL_DIGESTS = %i[SHA1 SHA256 SHA384 SHA512].freeze
|
|
15
|
+
|
|
16
|
+
class << self
|
|
17
|
+
# Returns whether we should be running in FIPS mode or not
|
|
18
|
+
#
|
|
19
|
+
# @return [Boolean]
|
|
20
|
+
def enabled?
|
|
21
|
+
# Attempt to auto-detect FIPS mode from OpenSSL
|
|
22
|
+
return true if OpenSSL.fips_mode
|
|
23
|
+
|
|
24
|
+
# Otherwise allow it to be set manually via the env vars
|
|
25
|
+
return true if %w[1 true yes].include?(ENV["FIPS_MODE"])
|
|
26
|
+
|
|
27
|
+
false
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
# Swap Ruby's Digest::SHAx implementations for OpenSSL::Digest::SHAx.
|
|
31
|
+
def enable_fips_mode!
|
|
32
|
+
require "digest"
|
|
33
|
+
require "digest/sha2"
|
|
34
|
+
|
|
35
|
+
::Digest::SHA2.singleton_class.prepend(Labkit::Digest::SHA2)
|
|
36
|
+
OPENSSL_DIGESTS.each { |alg| use_openssl_digest(alg, alg) }
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
private
|
|
40
|
+
|
|
41
|
+
def use_openssl_digest(ruby_algorithm, openssl_algorithm)
|
|
42
|
+
::Digest.send(:remove_const, ruby_algorithm) # rubocop:disable GitlabSecurity/PublicSend
|
|
43
|
+
::Digest.const_set(ruby_algorithm, OpenSSL::Digest.const_get(openssl_algorithm, false))
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gitlab-labkit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.23.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Newdigate
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-06-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: actionpack
|
|
@@ -158,16 +158,16 @@ dependencies:
|
|
|
158
158
|
name: gitlab-dangerfiles
|
|
159
159
|
requirement: !ruby/object:Gem::Requirement
|
|
160
160
|
requirements:
|
|
161
|
-
- - "
|
|
161
|
+
- - "~>"
|
|
162
162
|
- !ruby/object:Gem::Version
|
|
163
|
-
version:
|
|
163
|
+
version: 2.11.0
|
|
164
164
|
type: :development
|
|
165
165
|
prerelease: false
|
|
166
166
|
version_requirements: !ruby/object:Gem::Requirement
|
|
167
167
|
requirements:
|
|
168
|
-
- - "
|
|
168
|
+
- - "~>"
|
|
169
169
|
- !ruby/object:Gem::Version
|
|
170
|
-
version:
|
|
170
|
+
version: 2.11.0
|
|
171
171
|
- !ruby/object:Gem::Dependency
|
|
172
172
|
name: gitlab-styles
|
|
173
173
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -381,6 +381,7 @@ files:
|
|
|
381
381
|
- lib/labkit/correlation/grpc/grpc_common.rb
|
|
382
382
|
- lib/labkit/correlation/grpc/server_interceptor.rb
|
|
383
383
|
- lib/labkit/excon_publisher.rb
|
|
384
|
+
- lib/labkit/fips.rb
|
|
384
385
|
- lib/labkit/httpclient_publisher.rb
|
|
385
386
|
- lib/labkit/logging.rb
|
|
386
387
|
- lib/labkit/logging/grpc.rb
|