puppet_forge 2.2.9 → 2.3.0.rc1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.travis.yml +22 -0
- data/CHANGELOG.md +7 -0
- data/README.md +7 -5
- data/lib/puppet_forge/connection/connection_failure.rb +11 -3
- data/lib/puppet_forge/v3/release.rb +25 -8
- data/lib/puppet_forge/version.rb +1 -1
- data/spec/unit/forge/connection/connection_failure_spec.rb +2 -2
- data/spec/unit/forge/v3/base_spec.rb +40 -17
- data/spec/unit/forge/v3/release_spec.rb +52 -0
- metadata +6 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 64f21c02537bec3836cf2c243c266f884470e6bef0a2b8e210275b1b3a5c9114
|
4
|
+
data.tar.gz: 62e479ce167179d7a909340289a2f92a6ec94663556ce58e7de3dde2fe1f0a53
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5cadd116c11b384a988be7383e4fd60b75fb3f73ca373bbca6bc72c5e2f3fbaa274199629276c798239ab04a5b27410fcb643bd373baa2e2ee928fd135eaa847
|
7
|
+
data.tar.gz: 158d1a6c08feecb61bc942b71907cea20c994daca341eec89bb43e50c0dd1e7290c6a3a33afe9c6cd6facb9b85f07fb966f5b6fb1ab177014351f604c9066ea9
|
data/.travis.yml
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
dist: xenial
|
2
|
+
language: ruby
|
3
|
+
rvm:
|
4
|
+
- 2.6
|
5
|
+
- 2.5
|
6
|
+
- 2.3
|
7
|
+
- 2.1
|
8
|
+
# TODO: enable integration testing
|
9
|
+
script: bundle exec rspec spec/unit
|
10
|
+
jobs:
|
11
|
+
include:
|
12
|
+
- stage: deploy
|
13
|
+
if: tag IS present
|
14
|
+
rvm: 2.6
|
15
|
+
script: echo "Deploying to rubygems.org..."
|
16
|
+
deploy:
|
17
|
+
on:
|
18
|
+
all_branches: true
|
19
|
+
provider: rubygems
|
20
|
+
gem: puppet_forge
|
21
|
+
api_key:
|
22
|
+
secure: 066s1nJoYzCPzujfTAZ1OiDbbHghLIfW2SxZ/xTom7SbtYlb4SVOUkzOr6dLMysUBAWLQRwiFvgNij+iWwHoNEPqNA+JeGZIiL32ShQI0NW+lTcjPzeAe8Ppy/1pxgXFSJAPHLzdpdgiK91eM4vMWHIaOqPeT/4+X2+kmWbg71E=
|
data/CHANGELOG.md
CHANGED
@@ -3,6 +3,13 @@
|
|
3
3
|
Starting with v2.0.0, all notable changes to this project will be documented in this file.
|
4
4
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
5
5
|
|
6
|
+
## v2.3.0 - 2019-07-09
|
7
|
+
|
8
|
+
### Changed
|
9
|
+
|
10
|
+
* Updated `PuppetForge::V3::Release#verify` method to use `file_sha256` checksum from Forge API when available.
|
11
|
+
* Added an `allow_md5` param to `PuppetForge::V3::Release#verify` method to control whether or not fallback to MD5 checksum will be allowed in cases where SHA-256 checksum is not available.
|
12
|
+
|
6
13
|
## v2.2.9 - 2017-12-01
|
7
14
|
|
8
15
|
### Changed
|
data/README.md
CHANGED
@@ -227,6 +227,13 @@ to create a free account to add new tickets.
|
|
227
227
|
4. Push to the branch (`git push origin my-new-feature`)
|
228
228
|
5. Create a new Pull Request
|
229
229
|
|
230
|
+
## Releasing
|
231
|
+
|
232
|
+
1. Make sure version, changelog, etc. have been updated.
|
233
|
+
1. Commit and tag with new version number: e.g. `v1.2.3`
|
234
|
+
1. Push tag to Github: `git push upstream --tags` (where `upstream` is the remote name of the puppetlabs fork of this repo)
|
235
|
+
1. Wait for Travis CI to test and push new release to Rubygems.
|
236
|
+
|
230
237
|
## Contributors
|
231
238
|
|
232
239
|
* Pieter van de Bruggen, Puppet Labs
|
@@ -237,9 +244,4 @@ to create a free account to add new tickets.
|
|
237
244
|
|
238
245
|
## Maintenance
|
239
246
|
|
240
|
-
Maintainers:
|
241
|
-
|
242
|
-
* Jesse Scott, jesse@puppet.com
|
243
|
-
* Anderson Mills, anderson@puppet.com
|
244
|
-
|
245
247
|
Tickets: File at https://tickets.puppet.com/browse/FORGE
|
@@ -9,11 +9,19 @@ module PuppetForge
|
|
9
9
|
@app.call(env)
|
10
10
|
rescue Faraday::ConnectionFailed => e
|
11
11
|
baseurl = env[:url].dup
|
12
|
-
baseurl.path = ''
|
13
12
|
if proxy = env[:request][:proxy]
|
14
|
-
errmsg = _("Unable to connect to %{
|
13
|
+
errmsg = _("Unable to connect to %{scheme}://%{host} (using proxy %{proxy}) (for request %{path_query})") % {
|
14
|
+
scheme: baseurl.scheme,
|
15
|
+
host: baseurl.host,
|
16
|
+
proxy: proxy.uri.to_s,
|
17
|
+
path_query: baseurl.request_uri,
|
18
|
+
}
|
15
19
|
else
|
16
|
-
errmsg = _("Unable to connect to %{
|
20
|
+
errmsg = _("Unable to connect to %{scheme}://%{host} (for request %{path_query})") % {
|
21
|
+
scheme: baseurl.scheme,
|
22
|
+
host: baseurl.host,
|
23
|
+
path_query: baseurl.request_uri,
|
24
|
+
}
|
17
25
|
end
|
18
26
|
errmsg << ": #{e.message}"
|
19
27
|
m = Faraday::ConnectionFailed.new(errmsg)
|
@@ -1,6 +1,8 @@
|
|
1
1
|
require 'puppet_forge/v3/base'
|
2
2
|
require 'puppet_forge/v3/module'
|
3
3
|
|
4
|
+
require 'digest'
|
5
|
+
|
4
6
|
module PuppetForge
|
5
7
|
module V3
|
6
8
|
|
@@ -36,21 +38,36 @@ module PuppetForge
|
|
36
38
|
end
|
37
39
|
end
|
38
40
|
|
39
|
-
# Verify that a downloaded module matches the checksum in the metadata for this release
|
41
|
+
# Verify that a downloaded module matches the best available checksum in the metadata for this release,
|
42
|
+
# validates SHA-256 checksum if available, otherwise validates MD5 checksum
|
40
43
|
#
|
41
44
|
# @param path [Pathname]
|
42
45
|
# @return [void]
|
43
|
-
def verify(path)
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
46
|
+
def verify(path, allow_md5 = true)
|
47
|
+
checksum =
|
48
|
+
if self.respond_to?(:file_sha256) && !self.file_sha256.nil? && !self.file_sha256.size.zero?
|
49
|
+
{
|
50
|
+
type: "SHA-256",
|
51
|
+
expected: self.file_sha256,
|
52
|
+
actual: Digest::SHA256.file(path).hexdigest,
|
53
|
+
}
|
54
|
+
elsif allow_md5
|
55
|
+
{
|
56
|
+
type: "MD5",
|
57
|
+
expected: self.file_md5,
|
58
|
+
actual: Digest::MD5.file(path).hexdigest,
|
59
|
+
}
|
60
|
+
else
|
61
|
+
raise PuppetForge::Error.new("Cannot verify module release: SHA-256 checksum is not available in API response and fallback to MD5 has been forbidden.")
|
62
|
+
end
|
63
|
+
|
64
|
+
return if checksum[:expected] == checksum[:actual]
|
65
|
+
|
66
|
+
raise ChecksumMismatch.new("Unable to validate #{checksum[:type]} checksum for #{path}, download may be corrupt!")
|
49
67
|
end
|
50
68
|
|
51
69
|
class ChecksumMismatch < StandardError
|
52
70
|
end
|
53
|
-
|
54
71
|
end
|
55
72
|
end
|
56
73
|
end
|
data/lib/puppet_forge/version.rb
CHANGED
@@ -18,7 +18,7 @@ describe PuppetForge::Connection::ConnectionFailure do
|
|
18
18
|
it "includes the base URL in the error message" do
|
19
19
|
expect {
|
20
20
|
subject.get('/connectfail')
|
21
|
-
}.to raise_error(Faraday::ConnectionFailed,
|
21
|
+
}.to raise_error(Faraday::ConnectionFailed, /unable to connect to.*\/connectfail.*name or service not known/i)
|
22
22
|
end
|
23
23
|
|
24
24
|
it "includes the proxy host in the error message when set" do
|
@@ -30,6 +30,6 @@ describe PuppetForge::Connection::ConnectionFailure do
|
|
30
30
|
|
31
31
|
expect {
|
32
32
|
subject.get('/connectfail')
|
33
|
-
}.to raise_error(Faraday::ConnectionFailed,
|
33
|
+
}.to raise_error(Faraday::ConnectionFailed, /unable to connect to.*using proxy.*\/connectfail.*name or service not known/i)
|
34
34
|
end
|
35
35
|
end
|
@@ -59,33 +59,56 @@ describe PuppetForge::V3::Base do
|
|
59
59
|
end
|
60
60
|
|
61
61
|
describe 'the host url setting' do
|
62
|
-
|
63
|
-
|
62
|
+
context 'without a path prefix' do
|
63
|
+
before(:each) do
|
64
|
+
@orig_host = PuppetForge.host
|
65
|
+
PuppetForge.host = 'https://api.example.com'
|
64
66
|
|
65
|
-
|
66
|
-
|
67
|
-
stub_fixture(stubs, :get, '/v3/bases/puppet')
|
67
|
+
# Trigger connection reset
|
68
|
+
PuppetForge::V3::Base.conn = PuppetForge::Connection.default_connection
|
68
69
|
end
|
69
70
|
|
70
|
-
|
71
|
-
|
71
|
+
after(:each) do
|
72
|
+
PuppetForge.host = @orig_host
|
73
|
+
|
74
|
+
# Trigger connection reset
|
75
|
+
PuppetForge::V3::Base.conn = PuppetForge::Connection.default_connection
|
76
|
+
end
|
72
77
|
|
73
|
-
|
74
|
-
|
78
|
+
it 'should work' do
|
79
|
+
stub_api_for(PuppetForge::V3::Base) do |stubs|
|
80
|
+
stub_fixture(stubs, :get, '/v3/bases/puppet')
|
81
|
+
end
|
82
|
+
|
83
|
+
base = PuppetForge::V3::Base.find 'puppet'
|
84
|
+
expect(base.username).to eq('foo')
|
85
|
+
end
|
75
86
|
end
|
76
87
|
|
77
|
-
|
78
|
-
|
88
|
+
context 'with a path prefix' do
|
89
|
+
before(:each) do
|
90
|
+
@orig_host = PuppetForge.host
|
91
|
+
PuppetForge.host = 'https://api.example.com/uri/prefix'
|
79
92
|
|
80
|
-
|
81
|
-
|
93
|
+
# Trigger connection reset
|
94
|
+
PuppetForge::V3::Base.conn = PuppetForge::Connection.default_connection
|
82
95
|
end
|
83
96
|
|
84
|
-
|
85
|
-
|
97
|
+
after(:each) do
|
98
|
+
PuppetForge.host = @orig_host
|
86
99
|
|
87
|
-
|
88
|
-
|
100
|
+
# Trigger connection reset
|
101
|
+
PuppetForge::V3::Base.conn = PuppetForge::Connection.default_connection
|
102
|
+
end
|
103
|
+
|
104
|
+
it 'should work' do
|
105
|
+
stub_api_for(PuppetForge::V3::Base, PuppetForge.host) do |stubs|
|
106
|
+
stub_fixture(stubs, :get, '/uri/prefix/v3/bases/puppet')
|
107
|
+
end
|
108
|
+
|
109
|
+
base = PuppetForge::V3::Base.find 'puppet'
|
110
|
+
expect(base.username).to eq('bar')
|
111
|
+
end
|
89
112
|
end
|
90
113
|
end
|
91
114
|
end
|
@@ -149,6 +149,58 @@ describe PuppetForge::V3::Release do
|
|
149
149
|
end
|
150
150
|
end
|
151
151
|
|
152
|
+
describe '#verify' do
|
153
|
+
let(:release) { PuppetForge::V3::Release.find('puppetlabs-apache-0.0.1') }
|
154
|
+
let(:tarball) { "#{PROJECT_ROOT}/spec/tmp/module.tgz" }
|
155
|
+
let(:allow_md5) { true }
|
156
|
+
|
157
|
+
before(:each) do
|
158
|
+
FileUtils.rm tarball rescue nil
|
159
|
+
release.download(Pathname.new(tarball))
|
160
|
+
end
|
161
|
+
|
162
|
+
after(:each) { FileUtils.rm tarball rescue nil }
|
163
|
+
|
164
|
+
context 'file_sha256 is available' do
|
165
|
+
before(:each) do
|
166
|
+
allow(release).to receive(:file_sha256).and_return("810ff2fb242a5dee4220f2cb0e6a519891fb67f2f828a6cab4ef8894633b1f50")
|
167
|
+
end
|
168
|
+
|
169
|
+
let(:mock_sha256) { double(Digest::SHA256, hexdigest: release.file_sha256) }
|
170
|
+
|
171
|
+
it 'only verifies sha-256 checksum' do
|
172
|
+
expect(Digest::SHA256).to receive(:file).and_return(mock_sha256)
|
173
|
+
expect(Digest::MD5).not_to receive(:file)
|
174
|
+
|
175
|
+
release.verify(tarball, allow_md5)
|
176
|
+
end
|
177
|
+
end
|
178
|
+
|
179
|
+
context 'file_sha256 is not available' do
|
180
|
+
let(:mock_md5) { double(Digest::MD5, hexdigest: release.file_md5) }
|
181
|
+
|
182
|
+
it 'only verfies the md5 checksum' do
|
183
|
+
expect(Digest::SHA256).not_to receive(:file)
|
184
|
+
expect(Digest::MD5).to receive(:file).and_return(mock_md5)
|
185
|
+
|
186
|
+
release.verify(tarball, allow_md5)
|
187
|
+
end
|
188
|
+
end
|
189
|
+
|
190
|
+
context 'when allow_md5=false' do
|
191
|
+
let(:allow_md5) { false }
|
192
|
+
|
193
|
+
context 'file_sha256 is not available' do
|
194
|
+
it 'raises an appropriate error' do
|
195
|
+
expect(Digest::SHA256).not_to receive(:file)
|
196
|
+
expect(Digest::MD5).not_to receive(:file)
|
197
|
+
|
198
|
+
expect { release.verify(tarball, allow_md5) }.to raise_error(PuppetForge::Error, /cannot verify module release.*md5.*forbidden/i)
|
199
|
+
end
|
200
|
+
end
|
201
|
+
end
|
202
|
+
end
|
203
|
+
|
152
204
|
describe '#metadata' do
|
153
205
|
let(:release) { PuppetForge::V3::Release.find('puppetlabs-apache-0.0.1') }
|
154
206
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: puppet_forge
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.3.0.rc1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Puppet Labs
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2019-07-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: faraday
|
@@ -213,6 +213,7 @@ extensions: []
|
|
213
213
|
extra_rdoc_files: []
|
214
214
|
files:
|
215
215
|
- ".gitignore"
|
216
|
+
- ".travis.yml"
|
216
217
|
- CHANGELOG.md
|
217
218
|
- Gemfile
|
218
219
|
- LICENSE.txt
|
@@ -306,12 +307,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
306
307
|
version: 1.9.3
|
307
308
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
308
309
|
requirements:
|
309
|
-
- - "
|
310
|
+
- - ">"
|
310
311
|
- !ruby/object:Gem::Version
|
311
|
-
version:
|
312
|
+
version: 1.3.1
|
312
313
|
requirements: []
|
313
314
|
rubyforge_project:
|
314
|
-
rubygems_version: 2.
|
315
|
+
rubygems_version: 2.7.7
|
315
316
|
signing_key:
|
316
317
|
specification_version: 4
|
317
318
|
summary: Access the Puppet Forge API from Ruby for resource information and to download
|