puppet_forge 2.2.9 → 2.3.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 087cdfb02de51471d14bcba37ac3078357222548
4
- data.tar.gz: 2ef26cd5527d3fa26fcea35e08d1d4f582fb4d7a
2
+ SHA256:
3
+ metadata.gz: 64f21c02537bec3836cf2c243c266f884470e6bef0a2b8e210275b1b3a5c9114
4
+ data.tar.gz: 62e479ce167179d7a909340289a2f92a6ec94663556ce58e7de3dde2fe1f0a53
5
5
  SHA512:
6
- metadata.gz: 81308719c9f7f99699c59a6f5515a05851eccd2bd2255366be9ee513c2e475b50a59ec75aebab51b6c8ab8c1c9844f5e8f3992be5cf150b78fdee46a7cc9b3a1
7
- data.tar.gz: 52031222a7327eab0eb58edc12d6274c99b4ce5f6fb01d9f14e2f90eb7f9295b8b07e78b51857ce3303a353f52c4947dcb257dedddd6ddb31ce8e400e86f5bab
6
+ metadata.gz: 5cadd116c11b384a988be7383e4fd60b75fb3f73ca373bbca6bc72c5e2f3fbaa274199629276c798239ab04a5b27410fcb643bd373baa2e2ee928fd135eaa847
7
+ data.tar.gz: 158d1a6c08feecb61bc942b71907cea20c994daca341eec89bb43e50c0dd1e7290c6a3a33afe9c6cd6facb9b85f07fb966f5b6fb1ab177014351f604c9066ea9
data/.travis.yml ADDED
@@ -0,0 +1,22 @@
1
+ dist: xenial
2
+ language: ruby
3
+ rvm:
4
+ - 2.6
5
+ - 2.5
6
+ - 2.3
7
+ - 2.1
8
+ # TODO: enable integration testing
9
+ script: bundle exec rspec spec/unit
10
+ jobs:
11
+ include:
12
+ - stage: deploy
13
+ if: tag IS present
14
+ rvm: 2.6
15
+ script: echo "Deploying to rubygems.org..."
16
+ deploy:
17
+ on:
18
+ all_branches: true
19
+ provider: rubygems
20
+ gem: puppet_forge
21
+ api_key:
22
+ secure: 066s1nJoYzCPzujfTAZ1OiDbbHghLIfW2SxZ/xTom7SbtYlb4SVOUkzOr6dLMysUBAWLQRwiFvgNij+iWwHoNEPqNA+JeGZIiL32ShQI0NW+lTcjPzeAe8Ppy/1pxgXFSJAPHLzdpdgiK91eM4vMWHIaOqPeT/4+X2+kmWbg71E=
data/CHANGELOG.md CHANGED
@@ -3,6 +3,13 @@
3
3
  Starting with v2.0.0, all notable changes to this project will be documented in this file.
4
4
  This project adheres to [Semantic Versioning](http://semver.org/).
5
5
 
6
+ ## v2.3.0 - 2019-07-09
7
+
8
+ ### Changed
9
+
10
+ * Updated `PuppetForge::V3::Release#verify` method to use `file_sha256` checksum from Forge API when available.
11
+ * Added an `allow_md5` param to `PuppetForge::V3::Release#verify` method to control whether or not fallback to MD5 checksum will be allowed in cases where SHA-256 checksum is not available.
12
+
6
13
  ## v2.2.9 - 2017-12-01
7
14
 
8
15
  ### Changed
data/README.md CHANGED
@@ -227,6 +227,13 @@ to create a free account to add new tickets.
227
227
  4. Push to the branch (`git push origin my-new-feature`)
228
228
  5. Create a new Pull Request
229
229
 
230
+ ## Releasing
231
+
232
+ 1. Make sure version, changelog, etc. have been updated.
233
+ 1. Commit and tag with new version number: e.g. `v1.2.3`
234
+ 1. Push tag to Github: `git push upstream --tags` (where `upstream` is the remote name of the puppetlabs fork of this repo)
235
+ 1. Wait for Travis CI to test and push new release to Rubygems.
236
+
230
237
  ## Contributors
231
238
 
232
239
  * Pieter van de Bruggen, Puppet Labs
@@ -237,9 +244,4 @@ to create a free account to add new tickets.
237
244
 
238
245
  ## Maintenance
239
246
 
240
- Maintainers:
241
-
242
- * Jesse Scott, jesse@puppet.com
243
- * Anderson Mills, anderson@puppet.com
244
-
245
247
  Tickets: File at https://tickets.puppet.com/browse/FORGE
@@ -9,11 +9,19 @@ module PuppetForge
9
9
  @app.call(env)
10
10
  rescue Faraday::ConnectionFailed => e
11
11
  baseurl = env[:url].dup
12
- baseurl.path = ''
13
12
  if proxy = env[:request][:proxy]
14
- errmsg = _("Unable to connect to %{url} (using proxy %{proxy})") % {url: baseurl.to_s, proxy: proxy.uri.to_s}
13
+ errmsg = _("Unable to connect to %{scheme}://%{host} (using proxy %{proxy}) (for request %{path_query})") % {
14
+ scheme: baseurl.scheme,
15
+ host: baseurl.host,
16
+ proxy: proxy.uri.to_s,
17
+ path_query: baseurl.request_uri,
18
+ }
15
19
  else
16
- errmsg = _("Unable to connect to %{url}") % {url: baseurl.to_s}
20
+ errmsg = _("Unable to connect to %{scheme}://%{host} (for request %{path_query})") % {
21
+ scheme: baseurl.scheme,
22
+ host: baseurl.host,
23
+ path_query: baseurl.request_uri,
24
+ }
17
25
  end
18
26
  errmsg << ": #{e.message}"
19
27
  m = Faraday::ConnectionFailed.new(errmsg)
@@ -1,6 +1,8 @@
1
1
  require 'puppet_forge/v3/base'
2
2
  require 'puppet_forge/v3/module'
3
3
 
4
+ require 'digest'
5
+
4
6
  module PuppetForge
5
7
  module V3
6
8
 
@@ -36,21 +38,36 @@ module PuppetForge
36
38
  end
37
39
  end
38
40
 
39
- # Verify that a downloaded module matches the checksum in the metadata for this release.
41
+ # Verify that a downloaded module matches the best available checksum in the metadata for this release,
42
+ # validates SHA-256 checksum if available, otherwise validates MD5 checksum
40
43
  #
41
44
  # @param path [Pathname]
42
45
  # @return [void]
43
- def verify(path)
44
- expected_md5 = file_md5
45
- file_md5 = Digest::MD5.file(path).hexdigest
46
- if expected_md5 != file_md5
47
- raise ChecksumMismatch.new("Expected #{path} checksum to be #{expected_md5}, got #{file_md5}")
48
- end
46
+ def verify(path, allow_md5 = true)
47
+ checksum =
48
+ if self.respond_to?(:file_sha256) && !self.file_sha256.nil? && !self.file_sha256.size.zero?
49
+ {
50
+ type: "SHA-256",
51
+ expected: self.file_sha256,
52
+ actual: Digest::SHA256.file(path).hexdigest,
53
+ }
54
+ elsif allow_md5
55
+ {
56
+ type: "MD5",
57
+ expected: self.file_md5,
58
+ actual: Digest::MD5.file(path).hexdigest,
59
+ }
60
+ else
61
+ raise PuppetForge::Error.new("Cannot verify module release: SHA-256 checksum is not available in API response and fallback to MD5 has been forbidden.")
62
+ end
63
+
64
+ return if checksum[:expected] == checksum[:actual]
65
+
66
+ raise ChecksumMismatch.new("Unable to validate #{checksum[:type]} checksum for #{path}, download may be corrupt!")
49
67
  end
50
68
 
51
69
  class ChecksumMismatch < StandardError
52
70
  end
53
-
54
71
  end
55
72
  end
56
73
  end
@@ -1,3 +1,3 @@
1
1
  module PuppetForge
2
- VERSION = '2.2.9' # Library version
2
+ VERSION = '2.3.0.rc1' # Library version
3
3
  end
@@ -18,7 +18,7 @@ describe PuppetForge::Connection::ConnectionFailure do
18
18
  it "includes the base URL in the error message" do
19
19
  expect {
20
20
  subject.get('/connectfail')
21
- }.to raise_error(Faraday::ConnectionFailed, "Unable to connect to https://my-site.url: getaddrinfo: Name or service not known")
21
+ }.to raise_error(Faraday::ConnectionFailed, /unable to connect to.*\/connectfail.*name or service not known/i)
22
22
  end
23
23
 
24
24
  it "includes the proxy host in the error message when set" do
@@ -30,6 +30,6 @@ describe PuppetForge::Connection::ConnectionFailure do
30
30
 
31
31
  expect {
32
32
  subject.get('/connectfail')
33
- }.to raise_error(Faraday::ConnectionFailed, "Unable to connect to https://my-site.url (using proxy https://some-unreachable.proxy:3128): getaddrinfo: Name or service not known")
33
+ }.to raise_error(Faraday::ConnectionFailed, /unable to connect to.*using proxy.*\/connectfail.*name or service not known/i)
34
34
  end
35
35
  end
@@ -59,33 +59,56 @@ describe PuppetForge::V3::Base do
59
59
  end
60
60
 
61
61
  describe 'the host url setting' do
62
- before do
63
- end
62
+ context 'without a path prefix' do
63
+ before(:each) do
64
+ @orig_host = PuppetForge.host
65
+ PuppetForge.host = 'https://api.example.com'
64
66
 
65
- it 'should handle a host url with no path prefix' do
66
- stub_api_for(PuppetForge::V3::Base) do |stubs|
67
- stub_fixture(stubs, :get, '/v3/bases/puppet')
67
+ # Trigger connection reset
68
+ PuppetForge::V3::Base.conn = PuppetForge::Connection.default_connection
68
69
  end
69
70
 
70
- # Trigger connection reset
71
- PuppetForge::V3::Base.conn = PuppetForge::Connection.default_connection
71
+ after(:each) do
72
+ PuppetForge.host = @orig_host
73
+
74
+ # Trigger connection reset
75
+ PuppetForge::V3::Base.conn = PuppetForge::Connection.default_connection
76
+ end
72
77
 
73
- base = PuppetForge::V3::Base.find 'puppet'
74
- expect(base.username).to eq('foo')
78
+ it 'should work' do
79
+ stub_api_for(PuppetForge::V3::Base) do |stubs|
80
+ stub_fixture(stubs, :get, '/v3/bases/puppet')
81
+ end
82
+
83
+ base = PuppetForge::V3::Base.find 'puppet'
84
+ expect(base.username).to eq('foo')
85
+ end
75
86
  end
76
87
 
77
- it 'should handle a path prefix in the host' do
78
- PuppetForge.host = 'https://api.example.com/uri/prefix'
88
+ context 'with a path prefix' do
89
+ before(:each) do
90
+ @orig_host = PuppetForge.host
91
+ PuppetForge.host = 'https://api.example.com/uri/prefix'
79
92
 
80
- stub_api_for(PuppetForge::V3::Base, PuppetForge.host) do |stubs|
81
- stub_fixture(stubs, :get, '/uri/prefix/v3/bases/puppet')
93
+ # Trigger connection reset
94
+ PuppetForge::V3::Base.conn = PuppetForge::Connection.default_connection
82
95
  end
83
96
 
84
- # Trigger connection reset
85
- PuppetForge::V3::Base.conn = PuppetForge::Connection.default_connection
97
+ after(:each) do
98
+ PuppetForge.host = @orig_host
86
99
 
87
- base = PuppetForge::V3::Base.find 'puppet'
88
- expect(base.username).to eq('bar')
100
+ # Trigger connection reset
101
+ PuppetForge::V3::Base.conn = PuppetForge::Connection.default_connection
102
+ end
103
+
104
+ it 'should work' do
105
+ stub_api_for(PuppetForge::V3::Base, PuppetForge.host) do |stubs|
106
+ stub_fixture(stubs, :get, '/uri/prefix/v3/bases/puppet')
107
+ end
108
+
109
+ base = PuppetForge::V3::Base.find 'puppet'
110
+ expect(base.username).to eq('bar')
111
+ end
89
112
  end
90
113
  end
91
114
  end
@@ -149,6 +149,58 @@ describe PuppetForge::V3::Release do
149
149
  end
150
150
  end
151
151
 
152
+ describe '#verify' do
153
+ let(:release) { PuppetForge::V3::Release.find('puppetlabs-apache-0.0.1') }
154
+ let(:tarball) { "#{PROJECT_ROOT}/spec/tmp/module.tgz" }
155
+ let(:allow_md5) { true }
156
+
157
+ before(:each) do
158
+ FileUtils.rm tarball rescue nil
159
+ release.download(Pathname.new(tarball))
160
+ end
161
+
162
+ after(:each) { FileUtils.rm tarball rescue nil }
163
+
164
+ context 'file_sha256 is available' do
165
+ before(:each) do
166
+ allow(release).to receive(:file_sha256).and_return("810ff2fb242a5dee4220f2cb0e6a519891fb67f2f828a6cab4ef8894633b1f50")
167
+ end
168
+
169
+ let(:mock_sha256) { double(Digest::SHA256, hexdigest: release.file_sha256) }
170
+
171
+ it 'only verifies sha-256 checksum' do
172
+ expect(Digest::SHA256).to receive(:file).and_return(mock_sha256)
173
+ expect(Digest::MD5).not_to receive(:file)
174
+
175
+ release.verify(tarball, allow_md5)
176
+ end
177
+ end
178
+
179
+ context 'file_sha256 is not available' do
180
+ let(:mock_md5) { double(Digest::MD5, hexdigest: release.file_md5) }
181
+
182
+ it 'only verfies the md5 checksum' do
183
+ expect(Digest::SHA256).not_to receive(:file)
184
+ expect(Digest::MD5).to receive(:file).and_return(mock_md5)
185
+
186
+ release.verify(tarball, allow_md5)
187
+ end
188
+ end
189
+
190
+ context 'when allow_md5=false' do
191
+ let(:allow_md5) { false }
192
+
193
+ context 'file_sha256 is not available' do
194
+ it 'raises an appropriate error' do
195
+ expect(Digest::SHA256).not_to receive(:file)
196
+ expect(Digest::MD5).not_to receive(:file)
197
+
198
+ expect { release.verify(tarball, allow_md5) }.to raise_error(PuppetForge::Error, /cannot verify module release.*md5.*forbidden/i)
199
+ end
200
+ end
201
+ end
202
+ end
203
+
152
204
  describe '#metadata' do
153
205
  let(:release) { PuppetForge::V3::Release.find('puppetlabs-apache-0.0.1') }
154
206
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: puppet_forge
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.9
4
+ version: 2.3.0.rc1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Puppet Labs
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-12-01 00:00:00.000000000 Z
11
+ date: 2019-07-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday
@@ -213,6 +213,7 @@ extensions: []
213
213
  extra_rdoc_files: []
214
214
  files:
215
215
  - ".gitignore"
216
+ - ".travis.yml"
216
217
  - CHANGELOG.md
217
218
  - Gemfile
218
219
  - LICENSE.txt
@@ -306,12 +307,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
306
307
  version: 1.9.3
307
308
  required_rubygems_version: !ruby/object:Gem::Requirement
308
309
  requirements:
309
- - - ">="
310
+ - - ">"
310
311
  - !ruby/object:Gem::Version
311
- version: '0'
312
+ version: 1.3.1
312
313
  requirements: []
313
314
  rubyforge_project:
314
- rubygems_version: 2.6.8
315
+ rubygems_version: 2.7.7
315
316
  signing_key:
316
317
  specification_version: 4
317
318
  summary: Access the Puppet Forge API from Ruby for resource information and to download