diff options
| author | Dmitry Shestoperov <dmitrys@northernlight.com> | 2017-11-29 14:06:05 -0500 |
|---|---|---|
| committer | Dmitry Shestoperov <dmitrys@northernlight.com> | 2017-11-29 14:06:05 -0500 |
| commit | 6377c9f91c05a2282f825934b15020736aa8e32e (patch) | |
| tree | 0d70c7f6b430375841a2f1050b772bd240252b14 | |
| parent | 335de911e800a49b94565ea7cb56c50ed1ae39a6 (diff) | |
| parent | 493947028e8560e86a014aced4273f509a678c31 (diff) | |
| download | chef-6377c9f91c05a2282f825934b15020736aa8e32e.tar.gz | |
Merge branch 'master' of github.com:dimsh99/chef into fix_for_6242
| -rw-r--r-- | .mailmap | 4 | ||||
| -rw-r--r-- | CHANGELOG.md | 72 | ||||
| -rw-r--r-- | Dockerfile | 2 | ||||
| -rw-r--r-- | Gemfile.lock | 16 | ||||
| -rw-r--r-- | RELEASE_NOTES.md | 56 | ||||
| -rw-r--r-- | VERSION | 2 | ||||
| -rw-r--r-- | chef-config/lib/chef-config/path_helper.rb | 2 | ||||
| -rw-r--r-- | chef-config/lib/chef-config/version.rb | 2 | ||||
| -rw-r--r-- | lib/chef/client.rb | 2 | ||||
| -rw-r--r-- | lib/chef/provider/package.rb | 3 | ||||
| -rw-r--r-- | lib/chef/provider/package/apt.rb | 17 | ||||
| -rw-r--r-- | lib/chef/provider/package/dpkg.rb | 16 | ||||
| -rw-r--r-- | lib/chef/version.rb | 2 | ||||
| -rw-r--r-- | omnibus/Gemfile.lock | 44 | ||||
| -rw-r--r-- | omnibus_overrides.rb | 14 | ||||
| -rw-r--r-- | spec/functional/resource/user/useradd_spec.rb | 8 | ||||
| -rw-r--r-- | spec/functional/win32/security_spec.rb | 40 | ||||
| -rw-r--r-- | spec/support/shared/functional/execute_resource.rb | 2 | ||||
| -rw-r--r-- | spec/unit/client_spec.rb | 2 | ||||
| -rw-r--r-- | spec/unit/provider/package/apt_spec.rb | 34 |
20 files changed, 255 insertions, 85 deletions
@@ -168,3 +168,7 @@ Peter Burkholder <pburkholder@chef.io> Peter Burkholder <peterb@getchef.com> # JJ Ashgar JJ Asghar <jj@chef.io> JJ Asghar <jj@getchef.com> + +# Tim Smith +Tim Smith <tsmith@chef.io> Tim Smith <tim@cozy.co> +Tim Smith <tsmith@chef.io> Tim Smith <tsmith84@gmail.co> diff --git a/CHANGELOG.md b/CHANGELOG.md index 1e6bfeb0c9..66ca41ce14 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,39 +1,58 @@ <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ --> -<!-- latest_release 13.5.25 --> -## [v13.5.25](https://github.com/chef/chef/tree/v13.5.25) (2017-10-20) +<!-- latest_release 13.6.7 --> +## [v13.6.7](https://github.com/chef/chef/tree/v13.6.7) (2017-11-15) #### Merged Pull Requests -- Deprecate the deploy resource and family [#6468](https://github.com/chef/chef/pull/6468) ([coderanger](https://github.com/coderanger)) +- Change a useradd_spec test for RHEL >= 6.8 and >= 7.3 [#6555](https://github.com/chef/chef/pull/6555) ([jeremiahsnapp](https://github.com/jeremiahsnapp)) <!-- latest_release --> -<!-- release_rollup since=13.5.3 --> -### Changes since 13.5.3 release +<!-- release_rollup since=13.6.4 --> +### Changes since 13.6.4 release #### Merged Pull Requests -- Deprecate the deploy resource and family [#6468](https://github.com/chef/chef/pull/6468) ([coderanger](https://github.com/coderanger)) <!-- 13.5.25 --> -- Fix remote_file with UNC paths failing [#6510](https://github.com/chef/chef/pull/6510) ([tas50](https://github.com/tas50)) <!-- 13.5.24 --> -- Bump dependencies to pull in new InSpec [#6511](https://github.com/chef/chef/pull/6511) ([adamleff](https://github.com/adamleff)) <!-- 13.5.23 --> -- [MSYS-647] array support for choco pkg from artifactory [#6437](https://github.com/chef/chef/pull/6437) ([dheerajd-msys](https://github.com/dheerajd-msys)) <!-- 13.5.22 --> -- MSYS-684: Added parser for DSC configuration [#6473](https://github.com/chef/chef/pull/6473) ([piyushawasthi](https://github.com/piyushawasthi)) <!-- 13.5.21 --> -- fix rebooter for solaris and background reboots [#6497](https://github.com/chef/chef/pull/6497) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 13.5.20 --> -- Windows: Added :none frequency to windows_task resource [#6394](https://github.com/chef/chef/pull/6394) ([NAshwini](https://github.com/NAshwini)) <!-- 13.5.19 --> -- only rhel >= 8 and fedora >= 22 get dnf [#6490](https://github.com/chef/chef/pull/6490) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 13.5.18 --> -- Support new CriticalOhaiPlugins [#6486](https://github.com/chef/chef/pull/6486) ([jaymzh](https://github.com/jaymzh)) <!-- 13.5.17 --> -- Sleep for another interval after handling SIGHUP [#6461](https://github.com/chef/chef/pull/6461) ([grekasius](https://github.com/grekasius)) <!-- 13.5.16 --> -- Don't spin in powershell module that launches chef processes [#6481](https://github.com/chef/chef/pull/6481) ([ksubrama](https://github.com/ksubrama)) <!-- 13.5.15 --> -- Add allow_downgrade to zypper_package resource [#6476](https://github.com/chef/chef/pull/6476) ([yeoldegrove](https://github.com/yeoldegrove)) <!-- 13.5.14 --> -- Remove cookbook_artifacts from CHEF_11_OSS_STATIC_OBJECTS [#6478](https://github.com/chef/chef/pull/6478) ([itmustbejj](https://github.com/itmustbejj)) <!-- 13.5.13 --> -- Prevent creation of data bags named node, role, client or environment [#6469](https://github.com/chef/chef/pull/6469) ([sanditiffin](https://github.com/sanditiffin)) <!-- 13.5.12 --> -- dnf_resource: be more specific for rhel packages [#6435](https://github.com/chef/chef/pull/6435) ([NaomiReeves](https://github.com/NaomiReeves)) <!-- 13.5.11 --> -- Tweak the knife banners for multi-arg commands. [#6466](https://github.com/chef/chef/pull/6466) ([coderanger](https://github.com/coderanger)) <!-- 13.5.9 --> -- Fixes to package upgrade behaviour [#6428](https://github.com/chef/chef/pull/6428) ([jonlives](https://github.com/jonlives)) <!-- 13.5.8 --> -- Import the zypper GPG key before templating the repo [#6410](https://github.com/chef/chef/pull/6410) ([tas50](https://github.com/tas50)) <!-- 13.5.7 --> -- Only warn about skipping sync once [#6454](https://github.com/chef/chef/pull/6454) ([Happycoil](https://github.com/Happycoil)) <!-- 13.5.4 --> -- Force encoding to UTF_8 in chef-shell to prevent failures [#6447](https://github.com/chef/chef/pull/6447) ([tas50](https://github.com/tas50)) <!-- 13.5.5 --> -- Bump InSpec to v1.40.0 [#6460](https://github.com/chef/chef/pull/6460) ([adamleff](https://github.com/adamleff)) <!-- 13.5.6 --> +- Change a useradd_spec test for RHEL >= 6.8 and >= 7.3 [#6555](https://github.com/chef/chef/pull/6555) ([jeremiahsnapp](https://github.com/jeremiahsnapp)) <!-- 13.6.7 --> +- replace deprecated Dir.exists? with Dir.exist? [#6583](https://github.com/chef/chef/pull/6583) ([thomasdziedzic](https://github.com/thomasdziedzic)) <!-- 13.6.6 --> +- Add ohai_time to minimal_ohai filter [#6584](https://github.com/chef/chef/pull/6584) ([btm](https://github.com/btm)) <!-- 13.6.5 --> <!-- release_rollup --> <!-- latest_stable_release --> +## [v13.6.4](https://github.com/chef/chef/tree/v13.6.4) (2017-11-06) + +#### Merged Pull Requests +- [MSYS-492]Add missing functional tests for users [#6425](https://github.com/chef/chef/pull/6425) ([harikesh-kolekar](https://github.com/harikesh-kolekar)) +- Fix the invalid version comparison in apt/dpkg providers [#6558](https://github.com/chef/chef/pull/6558) ([tas50](https://github.com/tas50)) +- Fix the invalid version comparison of apt packages. [#6554](https://github.com/chef/chef/pull/6554) ([komazarari](https://github.com/komazarari)) +- Bump openssl and rubygems to latest [#6568](https://github.com/chef/chef/pull/6568) ([tas50](https://github.com/tas50)) +<!-- latest_stable_release --> + +## [v13.6.0](https://github.com/chef/chef/tree/v13.6.0) (2017-10-30) + +#### Merged Pull Requests +- Bump InSpec to v1.40.0 [#6460](https://github.com/chef/chef/pull/6460) ([adamleff](https://github.com/adamleff)) +- Force encoding to UTF_8 in chef-shell to prevent failures [#6447](https://github.com/chef/chef/pull/6447) ([tas50](https://github.com/tas50)) +- Only warn about skipping sync once [#6454](https://github.com/chef/chef/pull/6454) ([Happycoil](https://github.com/Happycoil)) +- Import the zypper GPG key before templating the repo [#6410](https://github.com/chef/chef/pull/6410) ([tas50](https://github.com/tas50)) +- Fixes to package upgrade behaviour [#6428](https://github.com/chef/chef/pull/6428) ([jonlives](https://github.com/jonlives)) +- Tweak the knife banners for multi-arg commands. [#6466](https://github.com/chef/chef/pull/6466) ([coderanger](https://github.com/coderanger)) +- dnf_resource: be more specific for rhel packages [#6435](https://github.com/chef/chef/pull/6435) ([NaomiReeves](https://github.com/NaomiReeves)) +- Prevent creation of data bags named node, role, client or environment [#6469](https://github.com/chef/chef/pull/6469) ([sanditiffin](https://github.com/sanditiffin)) +- Remove cookbook_artifacts from CHEF_11_OSS_STATIC_OBJECTS [#6478](https://github.com/chef/chef/pull/6478) ([itmustbejj](https://github.com/itmustbejj)) +- Add allow_downgrade to zypper_package resource [#6476](https://github.com/chef/chef/pull/6476) ([yeoldegrove](https://github.com/yeoldegrove)) +- Don't spin in powershell module that launches chef processes [#6481](https://github.com/chef/chef/pull/6481) ([ksubrama](https://github.com/ksubrama)) +- Sleep for another interval after handling SIGHUP [#6461](https://github.com/chef/chef/pull/6461) ([grekasius](https://github.com/grekasius)) +- Support new CriticalOhaiPlugins [#6486](https://github.com/chef/chef/pull/6486) ([jaymzh](https://github.com/jaymzh)) +- Package: only RHEL >= 8 and Fedora >= 22 get dnf [#6490](https://github.com/chef/chef/pull/6490) ([lamont-granquist](https://github.com/lamont-granquist)) +- Windows: Added :none frequency to windows_task resource [#6394](https://github.com/chef/chef/pull/6394) ([NAshwini](https://github.com/NAshwini)) +- Fix rebooter for solaris and background reboots [#6497](https://github.com/chef/chef/pull/6497) ([lamont-granquist](https://github.com/lamont-granquist)) +- Added parser for DSC configuration [#6473](https://github.com/chef/chef/pull/6473) ([piyushawasthi](https://github.com/piyushawasthi)) +- Add array support for choco pkg from artifactory [#6437](https://github.com/chef/chef/pull/6437) ([dheerajd-msys](https://github.com/dheerajd-msys)) +- Bump dependencies to pull in new InSpec [#6511](https://github.com/chef/chef/pull/6511) ([adamleff](https://github.com/adamleff)) +- Fix remote_file with UNC paths failing [#6510](https://github.com/chef/chef/pull/6510) ([tas50](https://github.com/tas50)) +- Deprecate the deploy resource and family [#6468](https://github.com/chef/chef/pull/6468) ([coderanger](https://github.com/coderanger)) +- Include Ohai 13.6 [#6521](https://github.com/chef/chef/pull/6521) ([btm](https://github.com/btm)) +- Use the latest libxml2, libxslt, libyaml, and openssl [#6520](https://github.com/chef/chef/pull/6520) ([tas50](https://github.com/tas50)) +- Pull in the latest libiconv and nokogiri [#6532](https://github.com/chef/chef/pull/6532) ([tas50](https://github.com/tas50)) + ## [v13.5.3](https://github.com/chef/chef/tree/v13.5.3) (2017-10-03) #### Merged Pull Requests @@ -47,7 +66,6 @@ - Remove unused requires in yum_repository [#6413](https://github.com/chef/chef/pull/6413) ([tas50](https://github.com/tas50)) - Quiet the output of the zypper refresh and add force [#6408](https://github.com/chef/chef/pull/6408) ([tas50](https://github.com/tas50)) - Replace which apt-get check with simple debian check in apt resources [#6409](https://github.com/chef/chef/pull/6409) ([tas50](https://github.com/tas50)) -<!-- latest_stable_release --> ## [v12.21.14](https://github.com/chef/chef/tree/v12.21.14) (2017-09-27) diff --git a/Dockerfile b/Dockerfile index 25e6b5ff0b..4b3c3f5e67 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM busybox MAINTAINER Chef Software, Inc. <docker@chef.io> ARG CHANNEL=stable -ARG VERSION=13.5.3 +ARG VERSION=13.6.4 RUN wget "http://packages.chef.io/files/${CHANNEL}/chef/${VERSION}/el/5/chef-${VERSION}-1.el5.x86_64.rpm" -O /tmp/chef-client.rpm && \ rpm2cpio /tmp/chef-client.rpm | cpio -idmv && \ diff --git a/Gemfile.lock b/Gemfile.lock index c868e9abf1..9f22780e2c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -17,10 +17,10 @@ GIT PATH remote: . specs: - chef (13.5.25) + chef (13.6.7) addressable bundler (>= 1.10) - chef-config (= 13.5.25) + chef-config (= 13.6.7) chef-zero (>= 13.0) diff-lcs (~> 1.2, >= 1.2.4) erubis (~> 2.7) @@ -47,10 +47,10 @@ PATH specinfra (~> 2.10) syslog-logger (~> 1.6) uuidtools (~> 2.1.5) - chef (13.5.25-universal-mingw32) + chef (13.6.7-universal-mingw32) addressable bundler (>= 1.10) - chef-config (= 13.5.25) + chef-config (= 13.6.7) chef-zero (>= 13.0) diff-lcs (~> 1.2, >= 1.2.4) erubis (~> 2.7) @@ -92,7 +92,7 @@ PATH PATH remote: chef-config specs: - chef-config (13.5.25) + chef-config (13.6.7) addressable fuzzyurl mixlib-config (~> 2.0) @@ -224,7 +224,7 @@ GEM nori (2.6.0) octokit (4.7.0) sawyer (~> 0.8.0, >= 0.5.3) - ohai (13.5.0) + ohai (13.6.0) chef-config (>= 12.5.0.alpha.1, < 14) ffi (~> 1.9) ffi-yajl (~> 2.2) @@ -300,7 +300,7 @@ GEM addressable (>= 2.3.5, < 2.6) faraday (~> 0.8, < 1.0) semverse (2.0.0) - serverspec (2.41.1) + serverspec (2.41.3) multi_json rspec (~> 3.0) rspec-its @@ -312,7 +312,7 @@ GEM simplecov-html (~> 0.10.0) simplecov-html (0.10.2) slop (3.6.0) - specinfra (2.72.0) + specinfra (2.72.1) net-scp net-ssh (>= 2.7, < 5.0) net-telnet diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 2d293a9b28..4265b87494 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,5 +1,16 @@ _This file holds "in progress" release notes for the current release under development and is intended for consumption by the Chef Documentation team. Please see <https://docs.chef.io/release_notes.html> for the official Chef release notes._ +# Chef Client Release Notes 13.6.4: + +## Bugfixes + + - Resolved a regression in 13.6.0 that prevented upgrading packages on Debian/Ubuntu when the package name contained a tilde. + +## Security Updates + +- OpenSSL has been upgraded to 1.0.2m to resolve CVE-2017-3735 and CVE-2017-3736 +- RubyGems has been upgraded to 2.6.14 to resolve CVE-2017-0903 + # Chef Client Release Notes 13.6: ## `deploy` Resource Is Deprecated @@ -11,6 +22,51 @@ cookbook will be available to help users migrate during the Chef 14 release cycle. See [the deprecation documentation](https://docs.chef.io/deprecations_deploy_resource.html) for more information. +## zypper\_package supports package downgrades + +`zypper_package` now supports downgrading installed packages with the +`allow_downgrade` property. + +## InSpec updated to 1.42.3 + +## Reserve certain Data Bag names + +It's no longer possible to create data bags named `node`, `role`, +`client`, or `environment`. Existing data bags will continue to work as +before. + +## Properly use yum on RHEL 7 + +If both dnf and yum were installed, in some circumstances the yum +provider might choose to run dnf, which is not what we intended it to +do. It now properly runs yum, all the time. + +## Ohai 13.6 Release Notes: + +### Critical Plugins + +Users can now specify a list of plugins which are `critical`. Critical plugins will cause Ohai to fail if they do not run successfully (and thus cause a Chef run using Ohai to fail). The syntax for this is: + +``` +ohai.critical_plugins << :Filesystem +``` + +### Filesystem now has a `allow_partial_data` configuration option + +The Filesystem plugin now has a `allow_partial_data` configuration option. If set, the filesystem will return whatever data it can even if some commands it ran failed. + +### Rackspace detection on Windows + +Windows nodes running on Rackspace will now properly detect themselves as running on Rackspace without a hint file. + +### Package data on Amazon Linux + +The Packages plugin now supports gathering packages data on Amazon Linux + +### Deprecation updates + +In Ohai 13 we replaced the filesystem and cloud plugins with the filesystem2 and cloud_v2 plugins. To maintain compatibility with users of the previous V2 plugins we write data to both locations. We had originally planned to continue writing data to both locations until Chef 15. Instead due to the large amount of duplicate node data this introduces we are updating OHAI-11 and OHAI-12 deprecations to remove node['cloud_v2'] and node['filesystem2'] with the release of Chef 14 in April 2018. + # Chef Client Release Notes 13.5: ## Mount's password property is now marked as sensitive @@ -1 +1 @@ -13.5.25
\ No newline at end of file +13.6.7
\ No newline at end of file diff --git a/chef-config/lib/chef-config/path_helper.rb b/chef-config/lib/chef-config/path_helper.rb index e8a576c84f..c011c4f18a 100644 --- a/chef-config/lib/chef-config/path_helper.rb +++ b/chef-config/lib/chef-config/path_helper.rb @@ -235,7 +235,7 @@ module ChefConfig paths = paths.map { |home_path| home_path.gsub(path_separator, ::File::SEPARATOR) if home_path } # Filter out duplicate paths and paths that don't exist. - valid_paths = paths.select { |home_path| home_path && Dir.exists?(home_path.force_encoding("utf-8")) } + valid_paths = paths.select { |home_path| home_path && Dir.exist?(home_path.force_encoding("utf-8")) } valid_paths = valid_paths.uniq # Join all optional path elements at the end. diff --git a/chef-config/lib/chef-config/version.rb b/chef-config/lib/chef-config/version.rb index 01ec2352b2..71a7611ca1 100644 --- a/chef-config/lib/chef-config/version.rb +++ b/chef-config/lib/chef-config/version.rb @@ -21,7 +21,7 @@ module ChefConfig CHEFCONFIG_ROOT = File.expand_path("../..", __FILE__) - VERSION = "13.5.25" + VERSION = "13.6.7" end # diff --git a/lib/chef/client.rb b/lib/chef/client.rb index ed55cd791d..1211e9425e 100644 --- a/lib/chef/client.rb +++ b/lib/chef/client.rb @@ -602,7 +602,7 @@ class Chef # @api private # def run_ohai - filter = Chef::Config[:minimal_ohai] ? %w{fqdn machinename hostname platform platform_version os os_version} : nil + filter = Chef::Config[:minimal_ohai] ? %w{fqdn machinename hostname platform platform_version ohai_time os os_version} : nil ohai.all_plugins(filter) events.ohai_completed(node) rescue Ohai::Exceptions::CriticalPluginFailure => e diff --git a/lib/chef/provider/package.rb b/lib/chef/provider/package.rb index 95d16dd666..7116bc9045 100644 --- a/lib/chef/provider/package.rb +++ b/lib/chef/provider/package.rb @@ -477,6 +477,9 @@ class Chef elsif candidate_version.nil? Chef::Log.debug("#{new_resource} #{package_name} has no candidate_version to upgrade to") target_version_array.push(nil) + elsif current_version.nil? + Chef::Log.debug("#{new_resource} has no existing installed version. Installing install #{candidate_version}") + target_version_array.push(candidate_version) elsif version_compare(current_version, candidate_version) == 1 && !new_resource.allow_downgrade Chef::Log.debug("#{new_resource} #{package_name} has installed version #{current_version}, which is newer than available version #{candidate_version}. Skipping...)") target_version_array.push(nil) diff --git a/lib/chef/provider/package/apt.rb b/lib/chef/provider/package/apt.rb index da86016621..3f32f9d380 100644 --- a/lib/chef/provider/package/apt.rb +++ b/lib/chef/provider/package/apt.rb @@ -127,11 +127,20 @@ class Chef private + # compare 2 versions to each other to see which is newer. + # this differs from the standard package method because we + # need to be able to parse debian version strings which contain + # tildes which Gem cannot properly parse + # + # @return [Integer] 1 if v1 > v2. 0 if they're equal. -1 if v1 < v2 def version_compare(v1, v2) - gem_v1 = v1.gsub(/[_+]/, "+" => "-", "_" => "-") unless v1.nil? - gem_v2 = v2.gsub(/[_+]/, "+" => "-", "_" => "-") unless v2.nil? - - Gem::Version.new(gem_v1) <=> Gem::Version.new(gem_v2) + if !shell_out_compact_timeout("dpkg", "--compare-versions", v1.to_s, "gt", v2.to_s).error? + 1 + elsif !shell_out_compact_timeout("dpkg", "--compare-versions", v1.to_s, "eq", v2.to_s).error? + 0 + else + -1 + end end # Runs command via shell_out with magic environment to disable diff --git a/lib/chef/provider/package/dpkg.rb b/lib/chef/provider/package/dpkg.rb index 89a57affac..cf92e6d3e7 100644 --- a/lib/chef/provider/package/dpkg.rb +++ b/lib/chef/provider/package/dpkg.rb @@ -106,6 +106,22 @@ class Chef private + # compare 2 versions to each other to see which is newer. + # this differs from the standard package method because we + # need to be able to parse debian version strings which contain + # tildes which Gem cannot properly parse + # + # @return [Integer] 1 if v1 > v2. 0 if they're equal. -1 if v1 < v2 + def version_compare(v1, v2) + if !shell_out_compact_timeout("dpkg", "--compare-versions", v1.to_s, "gt", v2.to_s).error? + 1 + elsif !shell_out_compact_timeout("dpkg", "--compare-versions", v1.to_s, "eq", v2.to_s).error? + 0 + else + -1 + end + end + def read_current_version_of_package(package_name) Chef::Log.debug("#{new_resource} checking install state of #{package_name}") status = shell_out_compact_timeout!("dpkg", "-s", package_name, returns: [0, 1]) diff --git a/lib/chef/version.rb b/lib/chef/version.rb index e4e21ac871..33f8b0cf00 100644 --- a/lib/chef/version.rb +++ b/lib/chef/version.rb @@ -23,7 +23,7 @@ require "chef/version_string" class Chef CHEF_ROOT = File.expand_path("../..", __FILE__) - VERSION = Chef::VersionString.new("13.5.25") + VERSION = Chef::VersionString.new("13.6.7") end # diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock index 2bfb0931e2..2365421c75 100644 --- a/omnibus/Gemfile.lock +++ b/omnibus/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: https://github.com/chef/license_scout - revision: 013b1f8b9663f76fd0d1cd0bb95c8fb5b5198f3f + revision: 11f5c3d644be622eb367fe104750dca4f10ce1e5 specs: license_scout (0.1.3) ffi-yajl (~> 2.2) @@ -9,7 +9,7 @@ GIT GIT remote: https://github.com/chef/omnibus - revision: 52393d7cab443b61790f94c62775d9032d283497 + revision: e3807801e61b9012ea2e0677a60c2bf72c0e4972 specs: omnibus (5.6.1) aws-sdk (~> 2) @@ -26,7 +26,7 @@ GIT GIT remote: https://github.com/chef/omnibus-software - revision: 23de2052e79b7a03d2b0a080d2f6e111ce4c760d + revision: 0f8723f83627b40dcf73052ac066baf8f643cce4 specs: omnibus-software (4.0.0) chef-sugar (>= 3.4.0) @@ -37,15 +37,14 @@ GEM specs: addressable (2.5.2) public_suffix (>= 2.0.2, < 4.0) - artifactory (2.8.2) awesome_print (1.8.0) - aws-sdk (2.10.54) - aws-sdk-resources (= 2.10.54) - aws-sdk-core (2.10.54) + aws-sdk (2.10.78) + aws-sdk-resources (= 2.10.78) + aws-sdk-core (2.10.78) aws-sigv4 (~> 1.0) jmespath (~> 1.0) - aws-sdk-resources (2.10.54) - aws-sdk-core (= 2.10.54) + aws-sdk-resources (2.10.78) + aws-sdk-core (= 2.10.78) aws-sigv4 (1.0.2) berkshelf (4.3.5) addressable (~> 2.3, >= 2.3.4) @@ -69,7 +68,7 @@ GEM faraday (~> 0.9.1) httpclient (~> 2.7.0) ridley (~> 4.5) - binding_of_caller (0.7.2) + binding_of_caller (0.7.3) debug_inspector (>= 0.0.1) buff-config (1.0.1) buff-extensions (~> 1.0) @@ -86,12 +85,12 @@ GEM celluloid-io (0.16.2) celluloid (>= 0.16.0) nio4r (>= 1.1.0) - chef-config (13.4.24) + chef-config (13.6.0) addressable fuzzyurl mixlib-config (~> 2.0) mixlib-shellout (~> 2.0) - chef-sugar (3.5.0) + chef-sugar (3.6.0) citrus (3.0.2) cleanroom (1.0.0) coderay (1.1.2) @@ -131,8 +130,7 @@ GEM mixlib-authentication (1.4.2) mixlib-cli (1.7.0) mixlib-config (2.2.4) - mixlib-install (2.1.12) - artifactory + mixlib-install (3.8.0) mixlib-shellout mixlib-versioning thor @@ -154,7 +152,7 @@ GEM nori (2.6.0) octokit (4.7.0) sawyer (~> 0.8.0, >= 0.5.3) - ohai (8.24.1) + ohai (8.25.0) chef-config (>= 12.5.0.alpha.1, < 14) ffi (~> 1.9) ffi-yajl (~> 2.2) @@ -174,7 +172,7 @@ GEM zhexdump (>= 0.0.2) plist (3.3.0) progressbar (1.9.0) - pry (0.11.1) + pry (0.11.2) coderay (~> 1.1.0) method_source (~> 0.9.0) pry-byebug (3.5.0) @@ -215,18 +213,21 @@ GEM molinillo (~> 0.4.2) semverse (~> 1.1) systemu (2.6.5) - test-kitchen (1.17.0) - mixlib-install (>= 1.2, < 3.0) + test-kitchen (1.19.0) + mixlib-install (~> 3.6) mixlib-shellout (>= 1.2, < 3.0) net-scp (~> 1.1) net-ssh (>= 2.9, < 5.0) net-ssh-gateway (~> 1.2) safe_yaml (~> 1.0) thor (~> 0.19, < 0.19.2) + winrm (~> 2.0) + winrm-elevated (~> 1.0) + winrm-fs (~> 1.0.2) thor (0.19.1) timers (4.0.4) hitimes - toml-rb (1.0.0) + toml-rb (1.1.0) citrus (~> 3.0, > 3.0) varia_model (0.4.1) buff-extensions (~> 1.0) @@ -242,6 +243,9 @@ GEM logging (>= 1.6.1, < 3.0) nori (~> 2.0) rubyntlm (~> 0.6.0, >= 0.6.1) + winrm-elevated (1.1.0) + winrm (~> 2.0) + winrm-fs (~> 1.0) winrm-fs (1.0.2) erubis (~> 2.7) logging (>= 1.6.1, < 3.0) @@ -269,4 +273,4 @@ DEPENDENCIES winrm-fs (~> 1.0) BUNDLED WITH - 1.15.4 + 1.16.0 diff --git a/omnibus_overrides.rb b/omnibus_overrides.rb index 5e2f1af4d9..a9b0bad56f 100644 --- a/omnibus_overrides.rb +++ b/omnibus_overrides.rb @@ -1,16 +1,16 @@ # THIS IS NOW HAND MANAGED, JUST EDIT THE THING # .travis.yml and appveyor.yml consume this, # try to keep it machine-parsable. -override :rubygems, version: "2.6.13" +override :rubygems, version: "2.6.14" override :bundler, version: "1.15.4" -override "nokogiri", version: "1.8.0" +override "nokogiri", version: "1.8.1" override "libffi", version: "3.2.1" -override "libiconv", version: "1.14" +override "libiconv", version: "1.15" override "liblzma", version: "5.2.3" override "libtool", version: "2.4.2" -override "libxml2", version: "2.9.4" -override "libxslt", version: "1.1.29" -override "libyaml", version: "0.1.6" +override "libxml2", version: "2.9.5" +override "libxslt", version: "1.1.30" +override "libyaml", version: "0.1.7" override "makedepend", version: "1.0.5" override "ncurses", version: "5.9" override "pkg-config-lite", version: "0.28-1" @@ -19,4 +19,4 @@ override "ruby-windows-devkit-bash", version: "3.1.23-4-msys-1.0.18" override "util-macros", version: "1.19.0" override "xproto", version: "7.0.28" override "zlib", version: "1.2.11" -override "openssl", version: "1.0.2j" +override "openssl", version: "1.0.2m" diff --git a/spec/functional/resource/user/useradd_spec.rb b/spec/functional/resource/user/useradd_spec.rb index e783356c9f..175809b5c0 100644 --- a/spec/functional/resource/user/useradd_spec.rb +++ b/spec/functional/resource/user/useradd_spec.rb @@ -646,10 +646,10 @@ describe Chef::Provider::User::Useradd, metadata do expect(@error.message).to include("Cannot unlock the password") end elsif %w{rhel}.include?(OHAI_SYSTEM["platform_family"]) && - OHAI_SYSTEM["platform_version"].to_f == 6.8 - # usermod -U returns following message for rhel68 on s390x platforms - # usermod: unlocking the user's password would result in a passwordless account. - #You should set a password with usermod -p to unlock this user's password. + (Chef::VersionConstraint.new("~> 6.8").include?(OHAI_SYSTEM["platform_version"].to_f) || Chef::VersionConstraint.new("~> 7.3").include?(OHAI_SYSTEM["platform_version"].to_f)) + # RHEL 6.8 and 7.3 ship with a fixed `usermod` command + # Reference: https://access.redhat.com/errata/RHBA-2016:0864 + # Reference: https://access.redhat.com/errata/RHBA-2016:2322 it "errors out trying to unlock the user" do expect(@error).to be_a(Mixlib::ShellOut::ShellCommandFailed) expect(@error.message).to include("You should set a password") diff --git a/spec/functional/win32/security_spec.rb b/spec/functional/win32/security_spec.rb index 40ae99bfa4..f3faf24c52 100644 --- a/spec/functional/win32/security_spec.rb +++ b/spec/functional/win32/security_spec.rb @@ -17,6 +17,8 @@ # require "spec_helper" +require "mixlib/shellout" +require "chef/mixin/user_context" if Chef::Platform.windows? require "chef/win32/security" end @@ -26,13 +28,37 @@ describe "Chef::Win32::Security", :windows_only do expect(Chef::ReservedNames::Win32::Security.has_admin_privileges?).to eq(true) end - # We've done some investigation adding a negative test and it turned - # out to be a lot of work since mixlib-shellout doesn't have user - # support for windows. - # - # TODO - Add negative tests once mixlib-shellout has user support - it "has_admin_privileges? returns false when running as non-admin" do - skip "requires user support in mixlib-shellout" + describe "running as non admin user" do + include Chef::Mixin::UserContext + let(:user) { "security_user" } + let(:password) { "Security@123" } + + let(:domain) do + whoami = Mixlib::ShellOut.new("whoami") + whoami.run_command + whoami.error! + whoami.stdout.split("\\")[0] + end + before do + allow_any_instance_of(Chef::Mixin::UserContext).to receive(:node).and_return({ "platform_family" => "windows" }) + allow(Chef::Platform).to receive(:windows_server_2003?).and_return(false) + allow(Chef::ReservedNames::Win32::Security).to receive(:OpenProcessToken).and_return(true) + add_user = Mixlib::ShellOut.new("net user #{user} #{password} /ADD") + add_user.run_command + add_user.error! + end + + after do + delete_user = Mixlib::ShellOut.new("net user #{user} /delete") + delete_user.run_command + delete_user.error! + end + it "has_admin_privileges? returns false" do + has_admin_privileges = with_user_context(user, password, domain) do + Chef::ReservedNames::Win32::Security.has_admin_privileges? + end + expect(has_admin_privileges).to eq(false) + end end describe "get_file_security" do diff --git a/spec/support/shared/functional/execute_resource.rb b/spec/support/shared/functional/execute_resource.rb index 4f7cea1cd1..1a14bb38c3 100644 --- a/spec/support/shared/functional/execute_resource.rb +++ b/spec/support/shared/functional/execute_resource.rb @@ -63,7 +63,7 @@ shared_context "a command that can be executed as an alternate user" do after do File.delete(script_output_path) if File.exists?(script_output_path) - Dir.rmdir(script_output_dir) if Dir.exists?(script_output_dir) + Dir.rmdir(script_output_dir) if Dir.exist?(script_output_dir) end end diff --git a/spec/unit/client_spec.rb b/spec/unit/client_spec.rb index 95f308d130..2aff7b2a71 100644 --- a/spec/unit/client_spec.rb +++ b/spec/unit/client_spec.rb @@ -38,7 +38,7 @@ describe Chef::Client do end it "runs ohai with only the minimum required plugins" do - expected_filter = %w{fqdn machinename hostname platform platform_version os os_version} + expected_filter = %w{fqdn machinename hostname platform platform_version ohai_time os os_version} expect(ohai_system).to receive(:all_plugins).with(expected_filter) client.run_ohai end diff --git a/spec/unit/provider/package/apt_spec.rb b/spec/unit/provider/package/apt_spec.rb index 46ae7fcadc..ff14edcffd 100644 --- a/spec/unit/provider/package/apt_spec.rb +++ b/spec/unit/provider/package/apt_spec.rb @@ -475,6 +475,40 @@ mpg123 1.12.1-0ubuntu1 end end + describe "#action_install" do + it "should run dpkg to compare versions if an existing version is installed" do + allow(@provider).to receive(:get_current_versions).and_return("1.4.0") + allow(@new_resource).to receive(:allow_downgrade).and_return(false) + expect(@provider).to receive(:shell_out_compact_timeout).with( + "dpkg", "--compare-versions", "1.4.0", "gt", "0.8.12-7" + ).and_return(double(error?: false)) + @provider.run_action(:upgrade) + end + + it "should install the package if the installed version is older" do + allow(@provider).to receive(:get_current_versions).and_return("0.4.0") + allow(@new_resource).to receive(:allow_downgrade).and_return(false) + expect(@provider).to receive(:version_compare).and_return(-1) + expect(@provider).to receive(:shell_out!).with( + "apt-get", "-q", "-y", "install", "irssi=0.8.12-7", + :env => { "DEBIAN_FRONTEND" => "noninteractive" }, + :timeout => @timeout + ) + @provider.run_action(:upgrade) + end + + it "should not compare versions if an existing version is not installed" do + allow(@provider).to receive(:get_current_versions).and_return(nil) + allow(@new_resource).to receive(:allow_downgrade).and_return(false) + expect(@provider).not_to receive(:version_compare) + expect(@provider).to receive(:shell_out!).with( + "apt-get", "-q", "-y", "install", "irssi=0.8.12-7", + :env => { "DEBIAN_FRONTEND" => "noninteractive" }, + :timeout => @timeout + ) + @provider.run_action(:upgrade) + end + end end end end |