RubyGems - rhoconnect - Versions diffs - 3.4.2 → 3.4.3 - Mend

rhoconnect 3.4.2 → 3.4.3

Files changed (9) hide show

data/CHANGELOG.md +5 -1
data/Gemfile.lock +30 -31
data/commands/execute.rb +7 -1
data/installer/utils/create_sha1.rb +10 -15
data/installer/utils/download_from_s3.rb +8 -10
data/installer/utils/verify_checksum.rb +27 -11
data/lib/rhoconnect/version.rb +1 -1
data/rhoconnect.gemspec +4 -2
metadata +21 -5

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,10 @@
+## 3.4.3 (2013-02-11)
+* Updated rack gem to latest release with important security fixes. Locked version of 'connection_pool' gem.
+* fixing 'rhoconnect spec' command in production env
 ## 3.4.2 (2012-11-8)
 * fixed `rhoconnect redis-start` and `rhoconnect redis-restart` commands on windows
-# D-04052 - Resque.after_fork hook wasn't initializing efficiently
+* D-04052 - Resque.after_fork hook wasn't initializing efficiently
 ## 3.4.1 (2012-11-6)
 * D-04031 - `rhoconnect startbg` and `startdebug` commands not working on windows

data/Gemfile.lock CHANGED Viewed

@@ -1,10 +1,11 @@
 PATH
   remote: .
   specs:
-    rhoconnect (3.4.2)
+    rhoconnect (3.4.3)
       bundler (~> 1.0)
-      connection_pool (>= 0.9.2)
+      connection_pool (= 0.9.2)
       json (~> 1.6.0)
+      rack (~> 1.5.2)
       rake (~> 0.9.2.2)
       redis (>= 3.0.1)
       resque (>= 1.22.0)
@@ -19,7 +20,7 @@ GEM
   remote: https://rubygems.org/
   specs:
     SystemTimer (1.2.3)
-    addressable (2.3.2)
+    addressable (2.3.3)
     arr-pm (0.0.7)
       cabin (> 0)
     async-rack (0.5.1)
@@ -30,27 +31,26 @@ GEM
       xml-simple
     backports (2.6.2)
     builder (3.1.4)
-    cabin (0.4.4)
-      json
-    childprocess (0.3.6)
-      ffi (~> 1.0, >= 1.0.6)
+    cabin (0.6.0)
+    childprocess (0.3.8)
+      ffi (~> 1.0, >= 1.0.11)
     clamp (0.3.1)
     coffee-script (2.2.0)
       coffee-script-source
       execjs
     coffee-script-source (1.4.0)
     connection_pool (0.9.2)
-    crack (0.3.1)
+    crack (0.3.2)
     daemons (1.1.9)
     diff-lcs (1.1.3)
     eventmachine (1.0.0)
-    excon (0.16.10)
+    excon (0.18.3)
     execjs (1.4.0)
       multi_json (~> 1.0)
-    extlib (0.9.15)
+    extlib (0.9.16)
     ffaker (1.14.0)
-    ffi (1.2.0)
-    fog (1.8.0)
+    ffi (1.4.0)
+    fog (1.9.0)
       builder
       excon (~> 0.14)
       formatador (~> 0.2.0)
@@ -61,12 +61,13 @@ GEM
       nokogiri (~> 1.5.0)
       ruby-hmac
     formatador (0.2.4)
-    fpm (0.4.24)
+    fpm (0.4.29)
       arr-pm (~> 0.0.7)
       backports (= 2.6.2)
-      cabin (~> 0.4.3)
+      cabin (>= 0.6.0)
       clamp (= 0.3.1)
       json (= 1.6.6)
+      open4
     highline (1.6.15)
     hike (1.2.1)
     jasmine (1.3.1)
@@ -82,18 +83,16 @@ GEM
       rainbow
       sprockets (~> 2)
     json (1.6.6)
-    libwebsocket (0.1.7.1)
-      addressable
-      websocket
-    mime-types (1.19)
-    multi_json (1.4.0)
+    mime-types (1.21)
+    multi_json (1.6.1)
     net-scp (1.0.4)
       net-ssh (>= 1.99.1)
-    net-ssh (2.6.2)
-    nokogiri (1.5.5)
-    rack (1.4.1)
+    net-ssh (2.6.5)
+    nokogiri (1.5.6)
+    open4 (1.3.0)
+    rack (1.5.2)
     rack-fiber_pool (0.9.2)
-    rack-protection (1.2.0)
+    rack-protection (1.3.2)
       rack
     rack-test (0.6.2)
       rack (>= 1.0)
@@ -120,25 +119,25 @@ GEM
     rspec-mocks (2.10.1)
     ruby-hmac (0.4.0)
     rubyzip (0.9.9)
-    selenium-webdriver (2.26.0)
+    selenium-webdriver (2.30.0)
       childprocess (>= 0.2.5)
-      libwebsocket (~> 0.1.3)
       multi_json (~> 1.0)
       rubyzip
+      websocket (~> 1.0.4)
     simplecov (0.7.1)
       multi_json (~> 1.0)
       simplecov-html (~> 0.7.1)
     simplecov-html (0.7.1)
-    sinatra (1.3.3)
-      rack (~> 1.3, >= 1.3.6)
-      rack-protection (~> 1.2)
+    sinatra (1.3.4)
+      rack (~> 1.4)
+      rack-protection (~> 1.3)
       tilt (~> 1.3, >= 1.3.3)
-    sprockets (2.8.1)
+    sprockets (2.8.2)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sqlite3 (1.3.6)
+    sqlite3 (1.3.7)
     templater (1.0.0)
       diff-lcs (>= 1.1.2)
       extlib (>= 0.9.5)
@@ -155,7 +154,7 @@ GEM
     webmock (1.8.11)
       addressable (>= 2.2.7)
       crack (>= 0.1.7)
-    websocket (1.0.4)
+    websocket (1.0.7)
     xml-simple (1.1.2)
 PLATFORMS

data/commands/execute.rb CHANGED Viewed

@@ -28,7 +28,13 @@ class Execute < Thor
     tasks << 'rhoconnect_attach' unless jruby?
   end
   tasks << if jruby? then "rhoconnect_war" else "rhoconnect_console" end
+  # 'rhoconnect spec' command is available only if it called from root of
+  # rhoconnect app and its bundle includes 'rspec' gem
+  if File.exists?(File.join(Dir.pwd,'Gemfile'))
+    require 'bundler'
+    tasks << 'rhoconnect_spec' if Bundler.load.specs.find{ |s| s.name == 'rspec' }
+  end
   tasks.each do |dir|
     Dir.glob(File.join(File.dirname(__FILE__), "#{dir}", "*.rb")) do |file|
       require file

data/installer/utils/create_sha1.rb CHANGED Viewed

@@ -1,26 +1,21 @@
 #!/usr/bin/env ruby
 require 'rubygems'
 require 'digest/sha1'
-require 'find'
+require 'yaml'
-if ARGV.length != 2 ||
-   !File.directory?(ARGV[0])
+if ARGV.length != 2 || !File.directory?(ARGV[0])
   puts "Usage: #{$0} directory_to_use location_for_SHA1_file"
   exit 1
-end #if
+end
 dir      = ARGV[0]
 dest_dir = ARGV[1]
-dir_digest = Digest::SHA1.new
-Find.find(dir) do |path|
-  if !File.directory?(path)
-    file_sha1 = Digest::SHA1.file(path).to_s
-    dir_digest << file_sha1
-  end #if
-end #do
+sha1_hash = {}
+Dir.glob(File.join("#{dir}", "**", "*")) do |path|
+  next if File.directory?(path)
+  file_sha1 = Digest::SHA1.file(path).to_s
+  sha1_hash["#{file_sha1}".to_sym] = path
+end
 Dir.mkdir(dest_dir) unless File.directory?(dest_dir)
-File.open("#{dest_dir}/checksum", 'w') { |f| f.write(dir_digest) }
+File.open("#{dest_dir}/sha1_hash", 'w') { |f| f.write(sha1_hash.to_yaml) }

data/installer/utils/download_from_s3.rb CHANGED Viewed

@@ -28,7 +28,6 @@ end #get_access_keys
 AWS::S3::Base.establish_connection!(get_access_keys)
 objects = Bucket.objects(bucket_name)
 objects.each do |obj|
   files << "#{obj.key}" if obj.key =~ /^#{channel}/
 end
@@ -39,17 +38,16 @@ cmd "rm -f #{channel}/SHA1/checksum" if File.exists?("#{channel}/SHA1/checksum")
 puts "Downloading S3 files"
 files.each do |file|
-  cmd = "wget -qx -P #{channel} \"http://#{bucket_name}.s3.amazonaws.com/#{file}\""
+  cmd = "wget -qx -t 3 -P #{channel} \"http://s3.amazonaws.com/#{bucket_name}/#{file}\""
   puts cmd
-  system(cmd)
-end #do
+  puts "Failed to download #{file}" unless system(cmd)
+end
 # The download increases the depth of the files by two folders.
 # Remove exess directory levels.
-cmd "mv -f #{channel}/#{bucket_name}.s3.amazonaws.com/#{channel}/* #{channel}"
-cmd "rm -rf #{channel}/#{bucket_name}.s3.amazonaws.com"
+cmd "mv -f #{channel}/s3.amazonaws.com/#{bucket_name}/#{channel}/* #{channel}"
+cmd "rm -rf #{channel}/s3.amazonaws.com"
-# Pull the SHA1 checksum out
-cmd "mv -f #{channel}/SHA1/checksum ."
-cmd "mv -f checksum old_checksum"
-cmd "rm -rf #{channel}/SHA1"
+# Pull the SHA1 checksum and hash out
+cmd "mv -f #{channel}/SHA1/sha1_hash ./old_sha1_hash"
+cmd "rm -rf #{channel}/SHA1"

data/installer/utils/verify_checksum.rb CHANGED Viewed

@@ -1,19 +1,26 @@
 #!/usr/bin/env ruby
 require 'rubygems'
 require 'digest/sha1'
+require 'yaml'
 if ARGV.length != 2
-  puts "Usage: #{$0} checksum_file directory_to_compare"
+  puts "Usage: #{$0} checksum_hash directory_to_compare"
   exit 1
-end #if
+end
 def cmd(cmd)
   puts cmd
   system(cmd)
-end #cmd
+end
+def checksum keys
+  sha1 = Digest::SHA1.new
+  # Order important!
+  keys.sort.each { |k| sha1 << k.to_s }
+  sha1
+end
-checksum_file  = ARGV[0]
+checksum_hash  = ARGV[0]
 dir_to_compare = ARGV[1]
 # Downoad Packages from S3
@@ -22,12 +29,21 @@ cmd "ruby ./installer/utils/download_from_s3.rb #{dir_to_compare}"
 # Create the checksum to compare against the one from the S3 repo
 cmd "ruby ./installer/utils/create_sha1.rb #{dir_to_compare} ."
-old_sha1 = File.open(checksum_file) { |f| f.readline }
-new_sha1 = File.open('./checksum')  { |f| f.readline }
+old_sha1_h = YAML.load(File.read(checksum_hash))
+new_sha1_h = YAML.load(File.read("./sha1_hash"))
-if !new_sha1.eql?(old_sha1)
+if checksum(old_sha1_h.keys) != checksum(new_sha1_h.keys)
   puts "Checksums do not match!"
+  puts "Expected sha1/file"
+  old_sha1_h = YAML.load(File.read(checksum_hash)).sort
+  old_sha1_h.each { |k,v| puts "#{k}: #{v}" }
+  puts "Got sha1/file"
+  new_sha1_h = YAML.load(File.read("./sha1_hash")).sort
+  new_sha1_h.each { |k,v| puts "#{k}: #{v}" }
   exit 2
-else
-  puts "Checksums match!"
-end #if
+end
+puts "Checksums match!"

data/lib/rhoconnect/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Rhoconnect
-  VERSION = '3.4.2'
+  VERSION = '3.4.3'
 end

data/rhoconnect.gemspec CHANGED Viewed

@@ -38,13 +38,15 @@ Gem::Specification.new do |s|
     "README.md"
   ]
-  s.add_dependency('bundler', '~> 1.0')
+  s.add_dependency('bundler', '~> 1.0')
+  s.add_dependency("rack", '~> 1.5.2')
   s.add_dependency("sinatra", '~> 1.3')
   s.add_dependency('rake', '~> 0.9.2.2')
   s.add_dependency('json', '~> 1.6.0')
   s.add_dependency('rubyzip', '~> 0.9.4')
   s.add_dependency('uuidtools', '>= 2.1.1')
-  s.add_dependency('connection_pool', '>= 0.9.2')
+  # Locked 'connection_pool' version because latest releases (>= 0.9.3) not compatible with MRI 1.8.7
+  s.add_dependency('connection_pool', '0.9.2')
   s.add_dependency('redis', '>= 3.0.1')
   s.add_dependency('resque', '>= 1.22.0')
   s.add_dependency('rest-client', '~> 1.6.1')

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rhoconnect
 version: !ruby/object:Gem::Version
-  version: 3.4.2
+  version: 3.4.3
   prerelease:
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-12-04 00:00:00.000000000 Z
+date: 2013-02-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -27,6 +27,22 @@ dependencies:
     - - ~>
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.5.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.5.2
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
@@ -112,7 +128,7 @@ dependencies:
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - '='
       - !ruby/object:Gem::Version
         version: 0.9.2
   type: :runtime
@@ -120,7 +136,7 @@ dependencies:
   version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - '='
       - !ruby/object:Gem::Version
         version: 0.9.2
 - !ruby/object:Gem::Dependency
@@ -718,7 +734,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 781878080452453246
+      hash: 4550760957355739491
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: