vagrant-unbundled 2.2.14.0 → 2.2.16.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 66676a3a6dbd082059b30ec7f0e605c435d33bc9854a2db0184457ba735939b0
-  data.tar.gz: 742ad824c94d7329205e98578cb6fcd4c6c756919e09966c9a83ea23a13fd32f
+  metadata.gz: 84c5c51fc0678552529c308c36ba4c93114e71aee93c062b7993ad7bc4bab6d8
+  data.tar.gz: 7ad1f71440d48b09436fde379347a1008fc32ad7e9378187750bb3421b94e202
 SHA512:
-  metadata.gz: 88acd31085bcda4390bc37d58078a2be3b6b16f09cd4605c34d9874cbd92ac2b73d36f5e8f9761b5d4396338555aae682baeeaf7603c46f9f6643277a5bfd330
-  data.tar.gz: d31c929eb5c9f55ee68e1d11b96704bb75193b2f8314edd1515e793a20338d2b650f05da038d4efa27802d0e5b5f193d9083b6b5a761dc4af02bb33830a9ee0a
+  metadata.gz: c643c0795943406343de52a7db6e85e9114336133cdc89105abcaee498c9547efc9530788bfc797df2b893240dbdeff3f57c6a65622cf335b255e1bbe09d2b26
+  data.tar.gz: 2ef84ae4bd47a7e4a0026be3f60d86369c95103659bfdc32ecee8f340191643b8518e0a948e5d446b982af6bfa3230ecbd388166ba4334c3d8e310f56cb003d3

data/CHANGELOG.md

@@ -1,8 +1,56 @@
+## 2.2.16 (April 29, 2021)
+
+IMPROVEMENTS:
+
+- guest/linux: Detect in process shutdown in reboot capability [GH-12302]
+- util/powershell: Support `pwsh` executable in new versions of powershell [GH-12335]
+
+BUG FIXES:
+
+- core: Add box directly with authed urls [GH-12278]
+- communicator/ssh: Properly handle authentication with RSA keys [GH-12298]
+- guest/fedora: Import guest detection module [GH-12275]
+- guest/linux: Fix SMB folder mount name capability call [GH-12281]
+- provider/docker: Properly handle updated buildkit build output [GH-12300]
+
+## 2.2.15 (March 30, 2021)
+
+IMPROVEMENTS:
+
+- command/cloud: Remove access token URL parameter by default [GH-12234]
+- command/cloud: Add VAGRANT_SERVER_ACCESS_TOKEN_BY_URL to revert access token behavior [GH-12252]
+- core: Bump vagrant_cloud dependency to 3.0.3 [GH-12200]
+- core: Bump listen gem version and remove ruby_dep [GH-12148]
+- core: Bump vagrant_cloud dependency to 3.0.4 [GH-12242]
+- core/bundler: Update resolution handling when outside of installer and bundler [GH-12225]
+- core/plugin: Provide friendlier error messages on install fail when possible [GH-12225]
+- guest/openwrt: Add support for OpenWrt guests [GH-11791]
+- guest/freebsd: FreeBSD updated ansible to py37-ansible [GH-12201]
+- provider/virtualbox: Get default dhcp ip from a matching host ip [GH-12211]
+- util/downloader: Prevent redirect notification for default store [GH-12235]
+
+BUG FIXES:
+
+- command/cloud: Automatically disable direct uploads when file is too large [GH-12250]
+- core: Make shell script for loop shell agnostic [GH-12205]
+- core: Raise error if downloading box metadata fails [GH-12189]
+- core: Apply download options to metadata requests [GH-12177]
+- core: Don't try to find "" by prefix in the machine index [GH-12188]
+- core: Don't count not created machines as declined when destroying [GH-12186]
+- core: Bump bcrypt_pbkdf version [GH-12216]
+- core: Remove all space from checksums [GH-12168]
+- core/bundler: Do not include default gems as pinned constraints [GH-12253]
+- core/synced_folders: Extract os friendly mount name for vbox shared folders [GH-12184]
+- guest/alpine: Check if interface exists before shutting it down [GH-12181]
+- guest/nixos: Fix network config for recent NixOS releases [GH-12152]
+- guest/fedora: Detect fedora using os-releases id [GH-12230]
+
 ## 2.2.14 (November 20, 2020)
 
 IMPROVEMENTS:
 
 - host/windows: Update filesystem type matching on WSL2 [GH-12056]
+- provisioner/salt: Modernize Salt bootstrap script [GH-12135]
 
 BUG FIXES:
 
@@ -3363,6 +3411,10 @@ BACKWARDS INCOMPATIBILITIES:
     format, but this is _opt-in_. Old Vagrantfile format continues to be supported,
     as promised. To use the new features that will be introduced throughout
     the 1.x series, you'll have to upgrade at some point.
+  - The .vagrant file is no longer supported and has been replaced by
+    a .vagrant directory. Running vagrant will automatically upgrade
+    to the new style directory format, after which old versions of
+    Vagrant will not be able to see or control your VM.
 
 FEATURES:
 

data/bin/vagrant

@@ -23,9 +23,9 @@ if idx = argv.index("--")
   argv = argv.slice(0, idx)
 end
 
+require_relative "../lib/vagrant/version"
 # Fast path the version of Vagrant
 if argv.include?("-v") || argv.include?("--version")
-  require_relative "../lib/vagrant/version"
   puts "Vagrant #{Vagrant::VERSION}"
   exit 0
 end
@@ -82,6 +82,29 @@ end
 $stdout.sync = true
 $stderr.sync = true
 
+# Before we start activate all our dependencies
+# so we can provide correct resolutions later
+builtin_specs = []
+
+vagrant_spec = Gem::Specification.find_all_by_name("vagrant").detect do |spec|
+  spec.version == Gem::Version.new(Vagrant::VERSION)
+end
+
+dep_activator = proc do |spec|
+  spec.runtime_dependencies.each do |dep|
+    gem(dep.name, *dep.requirement.as_list)
+    dep_spec = Gem::Specification.find_all_by_name(dep.name).detect(&:activated?)
+    if dep_spec
+      builtin_specs << dep_spec
+      dep_activator.call(dep_spec)
+    end
+  end
+end
+
+if vagrant_spec
+  dep_activator.call(vagrant_spec)
+end
+
 env = nil
 begin
   require 'log4r'
@@ -91,6 +114,9 @@ begin
   require 'vagrant/util/platform'
   require 'vagrant/util/experimental'
 
+  # Set our list of builtin specs
+  Vagrant::Bundler.instance.builtin_specs = builtin_specs
+
   # Schedule the cleanup of things
   at_exit(&Vagrant::Bundler.instance.method(:deinit))
 

data/contrib/README.md

@@ -14,4 +14,4 @@ for each item will be kept below.
   starting machines.
 * `vim` - Contains a `.vim` file for enabling Ruby syntax highlighting
   for `Vagrantfile`s in `vim`.
-  * `zsh` - Contains a zsh script for improving autocompletion with zsh.
+* `zsh` - Contains a zsh script for improving autocompletion with zsh.

data/lib/vagrant.rb

@@ -9,6 +9,8 @@ class Log4r::BasicFormatter
   end
 end
 
+# Add our patches to net-ssh
+require "vagrant/patches/net-ssh"
 
 require "optparse"
 
@@ -79,7 +81,7 @@ if ENV["VAGRANT_LOG"] && ENV["VAGRANT_LOG"] != ""
     # See https://github.com/rest-client/rest-client/issues/34#issuecomment-290858
     # for more information
     class VagrantLogger < Log4r::Logger
-      def << (msg)
+      def << msg
         debug(msg.strip)
       end
     end

data/lib/vagrant/action/builtin/box_add.rb

@@ -108,6 +108,14 @@ module Vagrant
             end
           end
 
+          is_error = is_metadata_results.find do |b|
+            b.is_a?(Errors::DownloaderError)
+          end
+          if is_error
+            raise Errors::BoxMetadataDownloadError,  
+              message: is_error.extra_data[:message]
+          end
+
           is_metadata = is_metadata_results.any? { |b| b === true }
           if is_metadata && url.length > 1
             raise Errors::BoxAddMetadataMultiURL,
@@ -118,7 +126,7 @@ module Vagrant
             url = [url.first, authed_urls.first]
             add_from_metadata(url, env, expanded)
           else
-            add_direct(url, env)
+            add_direct(authed_urls, env)
           end
 
           @app.call(env)
@@ -538,11 +546,13 @@ module Vagrant
           !!(match.last.chomp =~ /application\/json/)
         end
 
-        def validate_checksum(checksum_type, checksum, path)
+        def validate_checksum(checksum_type, _checksum, path)
+          checksum = _checksum.strip()
           @logger.info("Validating checksum with #{checksum_type}")
           @logger.info("Expected checksum: #{checksum}")
 
-          actual = FileChecksum.new(path, checksum_type).checksum
+          _actual = FileChecksum.new(path, checksum_type).checksum
+          actual = _actual.strip()
           @logger.info("Actual checksum: #{actual}")
           if actual.casecmp(checksum) != 0
             raise Errors::BoxChecksumMismatch,

data/lib/vagrant/action/builtin/box_check_outdated.rb

@@ -46,7 +46,8 @@ module Vagrant
             client_cert: env[:client_cert] ||
                            machine.config.vm.box_download_client_cert,
             insecure: !env[:insecure].nil? ?
-                        env[:insecure] : machine.config.vm.box_download_insecure
+                        env[:insecure] : machine.config.vm.box_download_insecure,
+            box_extra_download_options: env[:box_extra_download_options] || machine.config.vm.box_extra_download_options,
           }
 
           env[:ui].output(I18n.t(

data/lib/vagrant/bundler.rb

@@ -189,8 +189,11 @@ module Vagrant
     attr_reader :env_plugin_gem_path
     # @return [Pathname] Vagrant environment data path
     attr_reader :environment_data_path
+    # @return [Array<Gem::Specification>, nil] List of builtin specs
+    attr_accessor :builtin_specs
 
     def initialize
+      @builtin_specs = []
       @plugin_gem_path = Vagrant.user_data_path.join("gems", RUBY_VERSION).freeze
       @logger = Log4r::Logger.new("vagrant::bundler")
     end
@@ -287,7 +290,6 @@ module Vagrant
         # Never allow dependencies to be remotely satisfied during init
         request_set.remote = false
 
-        repair_result = nil
         begin
           @logger.debug("resolving solution from available specification set")
           # Resolve the request set to ensure proper activation order
@@ -514,6 +516,9 @@ module Vagrant
         @logger.debug("Enabling strict dependency enforcement")
         plugin_deps += vagrant_internal_specs.map do |spec|
           next if system_plugins.include?(spec.name)
+          # If this spec is for a default plugin included in
+          # the ruby stdlib, ignore it
+          next if spec.default_gem?
           # If we are not running within the installer and
           # we are not within a bundler environment then we
           # only want activated specs
@@ -647,7 +652,6 @@ module Vagrant
         self_spec.activate
         @logger.info("Activated vagrant specification version - #{self_spec.version}")
       end
-      self_spec.runtime_dependencies.each { |d| gem d.name, *d.requirement.as_list }
       # discover all the gems we have available
       list = {}
       if Gem.respond_to?(:default_specifications_dir)
@@ -656,10 +660,16 @@ module Vagrant
         spec_dir = Gem::Specification.default_specifications_dir
       end
       directories = [spec_dir]
-      Gem::Specification.find_all{true}.each do |spec|
-        list[spec.full_name] = spec
+      if Vagrant.in_bundler?
+        Gem::Specification.find_all{true}.each do |spec|
+          list[spec.full_name] = spec
+        end
+      else
+        builtin_specs.each do |spec|
+          list[spec.full_name] = spec
+        end
       end
-      if(!Object.const_defined?(:Bundler))
+      if Vagrant.in_installer?
         directories += Gem::Specification.dirs.find_all do |path|
           !path.start_with?(Gem.user_dir)
         end

data/lib/vagrant/environment.rb

@@ -517,6 +517,7 @@ module Vagrant
     # @param [Action::Runner] action_runner A custom action runner for running hooks.
     def hook(name, opts=nil)
       @logger.info("Running hook: #{name}")
+
       opts ||= {}
       opts[:callable] ||= Action::Builder.new
       opts[:runner] ||= action_runner

data/lib/vagrant/errors.rb

@@ -636,6 +636,18 @@ module Vagrant
       error_key(:provisioner_winrm_unsupported)
     end
 
+    class PluginNeedsDeveloperTools < VagrantError
+      error_key(:plugin_needs_developer_tools)
+    end
+
+    class PluginMissingLibrary < VagrantError
+      error_key(:plugin_missing_library)
+    end
+
+    class PluginMissingRubyDev < VagrantError
+      error_key(:plugin_missing_ruby_dev)
+    end
+
     class PluginGemNotFound < VagrantError
       error_key(:plugin_gem_not_found)
     end

data/lib/vagrant/machine_index.rb

@@ -263,7 +263,7 @@ module Vagrant
     #
     # @return [Hash]
     def find_by_prefix(prefix)
-      return if !prefix
+      return if !prefix || prefix == ""
       @machines.each do |uuid, data|
         return data.merge("id" => uuid) if uuid.start_with?(prefix)
       end

data/lib/vagrant/patches/net-ssh.rb

@@ -0,0 +1,186 @@
+require "net/ssh"
+
+# Only patch if we have version 6.1.0 loaded as
+# these patches pull 6.1.0 up to the as of now
+# current 6.2.0 beta
+if Net::SSH::Version::STRING == "6.1.0"
+  require "net/ssh/authentication/methods/publickey"
+  Net::SSH::Authentication::Methods::Publickey.class_eval do
+    def rsa_compat_build_request(pub_key, *args)
+      s_ver_str = session.transport.server_version.version.match(/OpenSSH_(?<version>\d+\.\d+)/)[:version]
+      begin
+        s_ver = Gem::Version.new(s_ver_str)
+        if s_ver >= Gem::Version.new("7.2") && pub_key.is_a?(OpenSSL::PKey::RSA)
+          pub_key.deprecated_ssh_rsa = true
+          debug { "public key has been marked for deprecated ssh-rsa SHA1 behavior" }
+          info = key_manager.known_identities[pub_key]
+          if info && info[:key]
+            info[:key].deprecated_ssh_rsa = true
+            debug { "private key has been marked for deprecated ssh-rsa SHA1 behavior" }
+          else
+            warn { "cannot deprecate ssh rsa on private key, not loaded (#{info[:file]})" }
+          end
+        end
+      rescue ArgumentError
+        warn { "failed to parse OpenSSH version (raw: #{session.transport.server_version.version} attempted: #{s_ver_str}" }
+      end
+      _raw_build_request(pub_key, *args)
+    end
+    alias_method :_raw_build_request, :build_request
+    alias_method :build_request, :rsa_compat_build_request
+  end
+
+  require "net/ssh/authentication/agent"
+  # net/ssh/authentication/agent
+  Net::SSH::Authentication::Agent.class_eval do
+    SSH2_AGENT_LOCK = 22
+    SSH2_AGENT_UNLOCK = 23
+
+    # lock the ssh agent with password
+    def lock(password)
+      type, = send_and_wait(SSH2_AGENT_LOCK, :string, password)
+      raise AgentError, "could not lock agent" if type != SSH_AGENT_SUCCESS
+    end
+
+    # unlock the ssh agent with password
+    def unlock(password)
+      type, = send_and_wait(SSH2_AGENT_UNLOCK, :string, password)
+      raise AgentError, "could not unlock agent" if type != SSH_AGENT_SUCCESS
+    end
+  end
+
+  require "net/ssh/authentication/certificate"
+  # net/ssh/authentication/certificate
+  Net::SSH::Authentication::Certificate.class_eval do
+    def ssh_do_verify(sig, data, options = {})
+      key.ssh_do_verify(sig, data, options)
+    end
+  end
+
+  require "net/ssh/authentication/ed25519"
+  # net/ssh/authentication/ed25519
+  Net::SSH::Authentication::ED25519::PubKey.class_eval do
+    def ssh_do_verify(sig, data, options = {})
+      @verify_key.verify(sig,data)
+    end
+  end
+
+  require "net/ssh/transport/algorithms"
+  # net/ssh/transport/algorithms
+  Net::SSH::Transport::Algorithms::DEFAULT_ALGORITHMS[:host_key].push("rsa-sha2-256").push("rsa-sha2-512")
+
+  require "net/ssh/transport/cipher_factory"
+  # net/ssh/transport/cipher_factory
+  Net::SSH::Transport::CipherFactory::SSH_TO_OSSL["aes256-ctr"] = ::OpenSSL::Cipher.ciphers.include?("aes-256-ctr") ? "aes-256-ctr" : "aes-256-ecb"
+  Net::SSH::Transport::CipherFactory::SSH_TO_OSSL["aes192-ctr"] = ::OpenSSL::Cipher.ciphers.include?("aes-192-ctr") ? "aes-192-ctr" : "aes-192-ecb"
+  Net::SSH::Transport::CipherFactory::SSH_TO_OSSL["aes128-ctr"] = ::OpenSSL::Cipher.ciphers.include?("aes-128-ctr") ? "aes-128-ctr" : "aes-128-ecb"
+
+  require "net/ssh/transport/kex/abstract"
+  # net/ssh/transport/kex/abstract
+  Net::SSH::Transport::Kex::Abstract.class_eval do
+    def matching?(key_ssh_type, host_key_alg)
+      return true if key_ssh_type == host_key_alg
+      return true if key_ssh_type == 'ssh-rsa' && ['rsa-sha2-512', 'rsa-sha2-256'].include?(host_key_alg)
+    end
+
+    def verify_server_key(key) #:nodoc:
+      unless matching?(key.ssh_type, algorithms.host_key)
+        raise Net::SSH::Exception, "host key algorithm mismatch '#{key.ssh_type}' != '#{algorithms.host_key}'"
+      end
+
+      blob, fingerprint = generate_key_fingerprint(key)
+
+      unless connection.host_key_verifier.verify(key: key, key_blob: blob, fingerprint: fingerprint, session: connection)
+        raise Net::SSH::Exception, 'host key verification failed'
+      end
+    end
+
+    def verify_signature(result) #:nodoc:
+      response = build_signature_buffer(result)
+
+      hash = digester.digest(response.to_s)
+
+      server_key = result[:server_key]
+      server_sig = result[:server_sig]
+      unless connection.host_key_verifier.verify_signature { server_key.ssh_do_verify(server_sig, hash, host_key: algorithms.host_key) }
+        raise Net::SSH::Exception, 'could not verify server signature'
+      end
+
+      hash
+    end
+  end
+
+  require "net/ssh/transport/openssl"
+  # net/ssh/transport/openssl
+  OpenSSL::PKey::RSA.class_eval do
+    attr_accessor :deprecated_ssh_rsa
+
+    def ssh_do_verify(sig, data, options = {})
+      digester =
+        if options[:host_key] == "rsa-sha2-512"
+          OpenSSL::Digest::SHA512.new
+        elsif options[:host_key] == "rsa-sha2-256"
+          OpenSSL::Digest::SHA256.new
+        else
+          OpenSSL::Digest::SHA1.new
+        end
+
+      verify(digester, sig, data)
+    end
+
+    def ssh_type
+      deprecated_ssh_rsa ? signature_algorithm : "ssh-rsa"
+    end
+
+    def signature_algorithm
+      "rsa-sha2-256"
+    end
+
+    def ssh_do_sign(data)
+      if deprecated_ssh_rsa
+        sign(OpenSSL::Digest::SHA256.new, data)
+      else
+        sign(OpenSSL::Digest::SHA1.new, data)
+      end
+    end
+  end
+
+  OpenSSL::PKey::DSA.class_eval do
+    def ssh_do_verify(sig, data, options = {})
+      sig_r = sig[0,20].unpack("H*")[0].to_i(16)
+      sig_s = sig[20,20].unpack("H*")[0].to_i(16)
+      a1sig = OpenSSL::ASN1::Sequence([
+        OpenSSL::ASN1::Integer(sig_r),
+        OpenSSL::ASN1::Integer(sig_s)
+      ])
+      return verify(OpenSSL::Digest::SHA1.new, a1sig.to_der, data)
+    end
+  end
+
+  OpenSSL::PKey::EC.class_eval do
+    def ssh_do_verify(sig, data, options = {})
+      digest = digester.digest(data)
+      a1sig = nil
+
+      begin
+        sig_r_len = sig[0, 4].unpack('H*')[0].to_i(16)
+        sig_l_len = sig[4 + sig_r_len, 4].unpack('H*')[0].to_i(16)
+
+        sig_r = sig[4, sig_r_len].unpack('H*')[0]
+        sig_s = sig[4 + sig_r_len + 4, sig_l_len].unpack('H*')[0]
+
+        a1sig = OpenSSL::ASN1::Sequence([
+          OpenSSL::ASN1::Integer(sig_r.to_i(16)),
+          OpenSSL::ASN1::Integer(sig_s.to_i(16))
+        ])
+      rescue StandardError
+      end
+
+      if a1sig.nil?
+        return false
+      else
+        dsa_verify_asn1(digest, a1sig.to_der)
+      end
+    end
+  end
+end