vagrant-proxyconf 2.0.4 → 2.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: b3fb0eb7149c9d6f2428429c1b9aa483c7441b05
-  data.tar.gz: 93ec0d7d278519991fa1e6e94ec9915926eea50a
+SHA256:
+  metadata.gz: a7a1cd739f80a73e0310fcc60987e1c3fb2e41436078e2d5ffa6d88d95769877
+  data.tar.gz: 1d40a68b9ec904f7bc84ee8959ec861a5d22eb479d2be90c4fb2710ccd7040cc
 SHA512:
-  metadata.gz: da01327a34f53b3ba30471ebcbc0efa5de55005512b17bd20683721f051c1c350db7118fbd43b3ea7a18cf5cad98c8d44c36162d013bc453f6da4b30c2e88a4f
-  data.tar.gz: 671f0968893e0f819361846ef9338589e6cfbd614e37fa429c8e4d660e6455e974c969eecd7152d2bcaaa5596d84d38305f818108f91972c0904bb8afe6af939
+  metadata.gz: 96341ff59ad6ca3a2d4a4d3dd125b15496d805c48c0daa35941a2ca96cf0f4f5ebb8e6b915977943791b70171d7349fe9420b018ffa6129b4a7b98b727a62316
+  data.tar.gz: 560894fbc39dd0b14e1ac0df447c786c7e62f0a189f7b062415665cd87a394e89813eca9234591d740d0a05ece76109d22a9638c4db5b7a4b59daaaeb86d3b33

data/.travis.yml

@@ -17,8 +17,6 @@ matrix:
     - env: VAGRANT_VERSION=v2.2.2
     - env: VAGRANT_VERSION=v2.1.5
     - env: VAGRANT_VERSION=v2.0.4
-    - env: VAGRANT_VERSION=v1.9.8
-      rvm: 2.3.4
     - env: VAGRANT_VERSION=master
   allow_failures:
     - env: VAGRANT_VERSION=master

data/CHANGELOG.md

@@ -1,3 +1,89 @@
+# 2.0.6 / NOT_RELEASED_YET
+
+# 2.0.5 / 2019-07-27
+
+#### Deprecations:
+
+- Dropped support for vagrant 1.9.8 due to our tests failinging and it's more than 2 years old.
+
+#### Credits
+
+- Credit to this release goes to @greut. Thank you for your detailed information and for reporting a solution.
+
+This is a feature enhancement for the APT proxy configuration when using
+a proxy that is terminating SSL.  By default, these settings are left
+as-is and only enabled when a user wants to configure these settings.
+This feature supports enabling/disabling the follwoing settings
+
+#### file `/etc/apt/apt.conf.d/01proxy`
+
+```
+Acquire::https::Verify-Host
+Acquire::https::Verify-Peer
+```
+
+#### Configuration settings for `Acquire::https::Verify-Host` and `Acquire::https::Verify-Peer`
+
+  * The value for these settings must be a string.
+  * When `"true"` enable the setting
+  * When `"false"` disable the setting
+  * When `""` this setting is removed.
+
+#### Example Inside the Vagrantfile
+
+```
+Vagrant.configure("2") do |config|
+
+  config.vm.define 'apt_host' do |c|
+    c.vm.box = "bento/ubuntu-18.04"
+
+    if Vagrant.has_plugin?('vagrant-proxyconf')
+      c.proxy.http     = ENV['HTTP_PROXY']
+      c.proxy.https    = ENV['HTTPS_PROXY']
+      c.proxy.no_proxy = ENV['NO_PROXY']
+      c.apt_proxy.verify_host = "false"
+      c.apt_proxy.verify_peer = "false"
+
+      c.proxy.enabled = {
+        :apt => {
+          :enabled => true,
+          :skip    => false,
+        },
+        :env => {
+          :enabled => true,
+          :skip    => false,
+        },
+        :git => {
+          :enabled => true,
+          :skip    => false,
+        }
+      }
+    end
+  end
+
+end
+```
+
+#### Example setting the environment variables
+
+```
+export VAGRANT_APT_VERIFY_HOST="false"
+export VAGRANT_APT_VERIFY_PEER="false"
+vagrant up
+vagrant provision
+```
+
+**NOTE** If you change a setting in your `Vagrantfile` and the box is
+running, you can run `vagrant provision` or `vagrant reload` to adjust
+the settings.
+
+Supporting Issues:
+  - https://github.com/tmatilai/vagrant-proxyconf/issues/199
+
+Supporting Integration Tests:
+  - Look at the examples in directory [199](test/issues/199/)
+
+
 # 2.0.4 / 2019-07-24
 
 This is a bug fix release to address a logic issue for supporting docker

data/README.md

@@ -237,6 +237,8 @@ VAGRANT_APT_HTTP_PROXY="http://proxy.example.com:8080" vagrant up
 | apt       | `VAGRANT_APT_HTTP_PROXY`     | Configures APT http proxy     | Highest     |
 |           | `VAGRANT_APT_HTTPS_PROXY`    | Configures APT https proxy    | Highest     |
 |           | `VAGRANT_APT_FTP_PROXY`      | Configures APT ftp proxy      | Highest     |
+|           | `VAGRANT_APT_VERIFY_PEER`    | Configures APT Verify-Peer    | Highest     |
+|           | `VAGRANT_APT_VERIFY_HOST`    | Configures APT Verify-Host    | Highest     |
 | chef      | `VAGRANT_CHEF_HTTP_PROXY`    | Configures CHEF http proxy    | Highest     |
 |           | `VAGRANT_CHEF_HTTPS_PROXY`   | Configures CHEF https proxy   | Highest     |
 |           | `VAGRANT_CHEF_NO_PROXY`      | Configures CHEF no proxy      | Highest     |
@@ -330,3 +332,22 @@ unless ENV.key?('VAGRANT_INSTALLER_EMBEDDED_DIR')
     end
 end
 ```
+
+# Contributors
+
+* @tmatilai
+* @otahi
+* @jperville
+* @johnbellone
+* @SaschaGuenther
+* @mrsheepuk
+* @vboerchers
+* @rlaveycal
+* @pomeh
+* @mynamewastaken
+* @lawsonj2019
+* @jonekdahl
+* @hexmode
+* @craigmunro
+* @greut
+* @codylane

data/lib/vagrant-proxyconf/action/base.rb

@@ -87,13 +87,17 @@ module VagrantPlugins
           local_tmp = tempfile(config)
 
           logger.debug "Configuration (#{path}):\n#{config}"
+
           @machine.communicate.tap do |comm|
-            comm.sudo("rm -f #{tmp}", error_check: false)
             comm.upload(local_tmp.path, tmp)
-            comm.sudo("chmod #{opts[:mode] || '0644'} #{tmp}")
-            comm.sudo("chown #{opts[:owner] || 'root:root'} #{tmp}")
-            comm.sudo("mkdir -p #{File.dirname(path)}")
-            comm.sudo("mv -f #{tmp} #{path}")
+            if comm.test("command -v sudo")
+              comm.sudo("chmod #{opts[:mode] || '0644'} #{tmp}")
+              comm.sudo("chown #{opts[:owner] || 'root:root'} #{tmp}")
+              comm.sudo("mkdir -p #{File.dirname(path)}")
+              comm.sudo("mv -f #{tmp} #{path}")
+            else
+              raise Vagrant::Errors::CommandUnavailable.new(file: "sudo")
+            end
           end
         end
 

data/lib/vagrant-proxyconf/config/apt_proxy.rb

@@ -20,6 +20,12 @@ module VagrantPlugins
         # @return [String] the FTP proxy
         key :ftp, env_var: 'VAGRANT_APT_FTP_PROXY'
 
+        # @return [String] whether APT should verify peer certificate
+        key :verify_peer, env_var: 'VAGRANT_APT_VERIFY_PEER'
+
+        # @return [String] whether APT should verify that certificate name matches server name
+        key :verify_host, env_var: 'VAGRANT_APT_VERIFY_HOST'
+
         def finalize!
           super
 
@@ -33,7 +39,15 @@ module VagrantPlugins
 
         # (see KeyMixin#config_for)
         def config_for(key, value)
-          %Q{Acquire::#{key.name}::Proxy #{value.inspect};\n} if value
+          if value
+            if key.name == :verify_host
+              %Q{Acquire::https::Verify-Host #{value.inspect};\n}
+            elsif key.name == :verify_peer
+              %Q{Acquire::https::Verify-Peer #{value.inspect};\n}
+            else
+              %Q{Acquire::#{key.name}::Proxy #{value.inspect};\n}
+            end
+          end
         end
 
         def finalize_uri(key, value)
@@ -55,7 +69,8 @@ module VagrantPlugins
           end
 
           def to_s
-            direct || "#{prefix}#{value}#{suffix}"
+            # direct || "#{prefix}#{value}#{suffix}"
+            direct || verify || "#{prefix}#{value}#{suffix}"
           end
 
           private
@@ -64,6 +79,10 @@ module VagrantPlugins
             'DIRECT' if value.upcase == 'DIRECT'
           end
 
+          def verify
+            value if ["true", "false"].to_set.include? value
+          end
+
           # Hash of deprecation warning sentinels
           @@warned = {}
 

data/lib/vagrant-proxyconf/version.rb

@@ -1,5 +1,5 @@
 module VagrantPlugins
   module ProxyConf
-    VERSION = '2.0.4'
+    VERSION = '2.0.5'
   end
 end

data/spec/unit/support/shared/apt_proxy_config.rb

@@ -8,6 +8,10 @@ end
 def conf_line(proto, name, port = 3142)
   if name == :direct
     %Q{Acquire::#{proto}::Proxy "DIRECT";\n}
+  elsif proto == :verify_peer
+    %Q{Acquire::https::Verify-Peer "#{name}";\n}
+  elsif proto == :verify_host
+    %Q{Acquire::https::Verify-Host "#{name}";\n}
   else
     port = ":#{port}" if port
     %Q{Acquire::#{proto}::Proxy "#{proto}://#{name}#{port}";\n}
@@ -65,6 +69,14 @@ shared_examples "apt proxy config" do |proto|
       end
     end
 
+    [:verify_peer, :verify_host].each do |verify|
+      context "with #{verify.inspect}" do
+        subject        { config_with(verify => "false") }
+        its(:enabled?) { should be_truthy }
+        its(:to_s)     { should eq conf_line(verify, "false") }
+      end
+    end
+
     [false, ""].each do |unset|
       context "with #{unset.inspect}" do
         subject        { config_with(proto => unset) }

data/spec/unit/vagrant-proxyconf/action/configure_svn_proxy_spec.rb

@@ -4,6 +4,7 @@ require 'vagrant-proxyconf/action/configure_svn_proxy'
 def mock_write_config(machine)
   allow(machine).to receive_message_chain(:communicate, :sudo).with("rm -f /tmp/vagrant-proxyconf", error_check: false)
   allow(machine).to receive_message_chain(:communicate, :upload)
+  allow(machine).to receive_message_chain(:communicate, :test).with('command -v sudo').and_return(true)
   allow(machine).to receive_message_chain(:communicate, :sudo).with("chmod 0644 /tmp/vagrant-proxyconf")
   allow(machine).to receive_message_chain(:communicate, :sudo).with("chown root:root /tmp/vagrant-proxyconf")
   allow(machine).to receive_message_chain(:communicate, :sudo).with("mkdir -p /etc/subversion")

data/test/issues/172/README.md

@@ -10,7 +10,7 @@ bundle exec vagrant up default
 ## Expect
 
 
-### Box `default``
+### Box `default`
 
   - The box `default` is a docker container that will be a reverse
     proxy. It should provision itself and work without errors.
@@ -21,7 +21,7 @@ bundle exec vagrant up default
   - **NOTE**: You'll need to use `docker exec <hash> -it bash` to get into the container
 
 
-### Box `docker-host`
+### Box `docker_host`
 
   - Vagrant should automatically instally docker-ce.
   - The box should come up and provision itself with the proxy settings

data/test/issues/192/.rspec

@@ -0,0 +1,2 @@
+--color
+--format documentation

data/test/issues/192/Dockerfile

@@ -0,0 +1,47 @@
+FROM centos:7
+
+ENV CI_USERNAME vagrant
+ENV CI_PASSWORD vagrant
+ENV CI_HOMEDIR  /home/vagrant
+ENV CI_SHELL    /bin/bash
+
+EXPOSE 8888
+
+RUN yum clean all && \
+    yum makecache fast && \
+    yum -y install epel-release && \
+    yum clean expire-cache && \
+    yum -y install \
+      curl \
+      initscripts \
+      openssh-clients \
+      openssh-server \
+      sudo \
+      tinyproxy
+
+RUN /usr/sbin/sshd-keygen && \
+    mkdir -p /var/run/sshd && \
+    rm -f /usr/lib/tmpfiles.d/systemd-nologin.conf
+
+RUN if ! getent passwd $CI_USERNAME; then \
+      useradd -m -d ${CI_HOMEDIR} -s ${CI_SHELL} $CI_USERNAME; \
+    fi && \
+    echo "${CI_USERNAME}:${CI_PASSWORD}" | chpasswd && \
+    echo "${CI_USERNAME} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
+    mkdir -p /etc/sudoers.d && \
+    echo "${CI_USERNAME} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/${CI_USERNAME} && \
+    chmod 0440 /etc/sudoers.d/${CI_USERNAME} && \
+    mkdir -p ${CI_HOMEDIR}/.ssh && \
+    chown -R ${CI_USERNAME}:${CI_USERNAME} ${CI_HOMEDIR}/.ssh && \
+    chmod 0700 ${CI_HOMEDIR}/.ssh && \
+    curl -L https://raw.githubusercontent.com/hashicorp/vagrant/master/keys/vagrant.pub > ${CI_HOMEDIR}/.ssh/vagrant.pub && \
+    touch ${CI_HOMEDIR}/.ssh/authorized_keys && \
+    grep -q "$(cat ${CI_HOMEDIR}/.ssh/vagrant.pub | awk '{print $2}')" ${CI_HOMEDIR}/.ssh/authorized_keys || cat ${CI_HOMEDIR}/.ssh/vagrant.pub >> ${CI_HOMEDIR}/.ssh/authorized_keys && \
+    chown ${CI_USERNAME}:${CI_USERNAME} ${CI_HOMEDIR}/.ssh/authorized_keys && \
+    chmod 0600 ${CI_HOMEDIR}/.ssh/authorized_keys
+
+COPY tinyproxy.conf /etc/tinyproxy/tinyproxy.conf
+COPY entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
+CMD [ "start" ]

data/test/issues/192/Dockerfile.bionic

@@ -0,0 +1,40 @@
+FROM ubuntu:bionic
+
+ENV CI_USERNAME vagrant
+ENV CI_PASSWORD vagrant
+ENV CI_HOMEDIR  /home/vagrant
+ENV CI_SHELL    /bin/bash
+
+RUN apt-get -y update && \
+    mkdir -p /run/sshd && \
+    apt-get -y install \
+      apt-transport-https \
+      ca-certificates \
+      curl \
+      gnupg-agent \
+      openssh-client \
+      openssh-server \
+      software-properties-common \
+      sudo
+
+RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - && \
+    sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" && \
+    rm -f /usr/lib/tmpfiles.d/systemd-nologin.conf && \
+    if ! getent passwd $CI_USERNAME; then \
+      useradd -m -d ${CI_HOMEDIR} -s ${CI_SHELL} $CI_USERNAME; \
+    fi && \
+    echo "${CI_USERNAME}:${CI_PASSWORD}" | chpasswd && \
+    echo "${CI_USERNAME} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
+    mkdir -p /etc/sudoers.d && \
+    echo "${CI_USERNAME} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/${CI_USERNAME} && \
+    chmod 0440 /etc/sudoers.d/${CI_USERNAME} && \
+    mkdir -p ${CI_HOMEDIR}/.ssh && \
+    chown -R ${CI_USERNAME}:${CI_USERNAME} ${CI_HOMEDIR}/.ssh && \
+    chmod 0700 ${CI_HOMEDIR}/.ssh && \
+    curl -L https://raw.githubusercontent.com/hashicorp/vagrant/master/keys/vagrant.pub > ${CI_HOMEDIR}/.ssh/vagrant.pub && \
+    touch ${CI_HOMEDIR}/.ssh/authorized_keys && \
+    grep -q "$(cat ${CI_HOMEDIR}/.ssh/vagrant.pub | awk '{print $2}')" ${CI_HOMEDIR}/.ssh/authorized_keys || cat ${CI_HOMEDIR}/.ssh/vagrant.pub >> ${CI_HOMEDIR}/.ssh/authorized_keys && \
+    chown ${CI_USERNAME}:${CI_USERNAME} ${CI_HOMEDIR}/.ssh/authorized_keys && \
+    chmod 0600 ${CI_HOMEDIR}/.ssh/authorized_keys
+
+CMD [ "/usr/sbin/sshd", "-D" ]

data/test/issues/192/README.md

@@ -0,0 +1,29 @@
+Tests
+-----
+
+If you are testing the current release of this plugin via bundler
+
+```
+bundle exec vagrant up default
+```
+
+## Expect
+
+
+### Box `default`
+
+  - The box `default` is a docker container that will be a reverse
+    proxy. It should provision itself and work without errors.
+
+  - You can check that the proxy is working by
+    `tail -f /var/log/tinyproxy/tinyproxy.log` inside the container
+
+  - **NOTE**: You'll need to use `docker exec <hash> -it bash` to get into the container
+
+
+### Box `docker-host`
+
+  - Vagrant should automatically instally docker-ce.
+  - The box should come up and provision itself with the proxy settings
+    configured in your Vagrantfile.
+  - **NOTE**: You can use `ssh` to connect to this container.

data/test/issues/192/Rakefile

@@ -0,0 +1,27 @@
+require 'rake'
+require 'rspec/core/rake_task'
+
+task :spec    => 'spec:all'
+task :default => :spec
+
+namespace :spec do
+  targets = []
+  Dir.glob('./spec/*').each do |dir|
+    next unless File.directory?(dir)
+    target = File.basename(dir)
+    target = "_#{target}" if target == "default"
+    targets << target
+  end
+
+  task :all     => targets
+  task :default => :all
+
+  targets.each do |target|
+    original_target = target == "_default" ? target[1..-1] : target
+    desc "Run serverspec tests to #{original_target}"
+    RSpec::Core::RakeTask.new(target.to_sym) do |t|
+      ENV['TARGET_HOST'] = original_target
+      t.pattern = "spec/#{original_target}/*_spec.rb"
+    end
+  end
+end

data/test/issues/192/Vagrantfile

@@ -0,0 +1,64 @@
+# this should be the IP address of the :default box
+$PROXY_HOST ="172.17.0.1"
+$PROXY_PORT="8888"
+$PROXY_NO_PROXY=[
+  'localhost',
+]
+
+ENV['HTTP_PROXY']  = ENV.fetch('HTTP_PROXY',  "http://#{$PROXY_HOST}:#{$PROXY_PORT}")
+ENV['HTTPS_PROXY'] = ENV.fetch('HTTPS_PROXY', "http://#{$PROXY_HOST}:#{$PROXY_PORT}")
+ENV['NO_PROXY']    = ENV.fetch('NO_PROXY',    $PROXY_NO_PROXY.join(","))
+
+puts "HTTP_PROXY  = '#{ENV["HTTP_PROXY"]}'"
+puts "HTTPS_PROXY = '#{ENV["HTTPS_PROXY"]}'"
+puts "NO_PROXY    = '#{ENV["NO_PROXY"]}'"
+
+puts "vagrant-proxyconf is installed? #{Vagrant.has_plugin?('vagrant-proxyconf')}"
+
+
+Vagrant.configure("2") do |config|
+
+  config.vm.define 'default' do |c|
+    c.vm.box = nil
+
+    if Vagrant.has_plugin?('vagrant-proxyconf')
+      c.proxy.enabled = false
+    end
+
+    c.vm.provider "docker" do |d|
+      d.build_dir = "."
+      d.has_ssh = true
+      d.ports = [
+        "#{$PROXY_PORT}:#{$PROXY_PORT}",
+      ]
+    end
+  end
+
+  config.vm.define 'docker_host' do |c|
+    c.vm.box = nil
+
+   if Vagrant.has_plugin?('vagrant-proxyconf')
+      c.proxy.http     = ENV['HTTP_PROXY']
+      c.proxy.https    = ENV['HTTPS_PROXY']
+      c.proxy.no_proxy = ENV['NO_PROXY']
+      c.proxy.enabled = {
+        :apt => {
+          :enabled => true,
+          :skip    => false,
+        },
+        :env => {
+          :enabled => false,
+          :skip    => false,
+        }
+      }
+    end
+
+    c.vm.provider "docker" do |d|
+      d.build_dir = "."
+      d.dockerfile = "Dockerfile.bionic"
+      d.has_ssh = true
+    end
+
+  end
+
+end