1 files changed, 188 insertions, 0 deletions
diff --git a/lib/chef/provider/winget_source.rb b/lib/chef/provider/winget_source.rb
new file mode 100644
index 0000000000..61c920bfd0
--- /dev/null
+++ b/lib/chef/provider/winget_source.rb
@@ -0,0 +1,188 @@
+#
+# Author:: Tim Smith (<tsmith@chef.io>)
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../resource"
+require_relative "../dsl/declare_resource"
+require_relative "noop"
+# require "shellwords" unless defined?(Shellwords)
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
+
+class Chef
+  class Provider
+    class WingetSource < Chef::Provider
+      provides :winget_source, platform_family: "windows"
+
+      def load_current_resource; end
+
+      action :create do
+        if new_resource.gpgautoimportkeys
+          install_gpg_key(new_resource.gpgkey)
+        else
+          logger.debug("'gpgautoimportkeys' property is set to false. Skipping key import.")
+        end
+
+        declare_resource(:template, "/etc/zypp/repos.d/#{escaped_repo_name}.repo") do
+          if template_available?(new_resource.source)
+            source new_resource.source
+          else
+            source ::File.expand_path("support/zypper_repo.erb", __dir__)
+            local true
+          end
+          sensitive new_resource.sensitive
+          variables(config: new_resource)
+          mode new_resource.mode
+          notifies :refresh, new_resource, :immediately if new_resource.refresh_cache
+        end
+      end
+
+      action :delete do
+        declare_resource(:execute, "zypper --quiet --non-interactive removerepo #{escaped_repo_name}") do
+          only_if "zypper --quiet lr #{escaped_repo_name}"
+        end
+      end
+
+      action :refresh do
+        declare_resource(:execute, "zypper --quiet --non-interactive refresh --force #{escaped_repo_name}") do
+          only_if "zypper --quiet lr #{escaped_repo_name}"
+        end
+      end
+
+      alias_method :action_add, :action_create
+      alias_method :action_remove, :action_delete
+
+      # zypper repos are allowed to have spaces in the names
+      # @return [String] escaped repo string
+      def escaped_repo_name
+        Shellwords.escape(new_resource.repo_name)
+      end
+
+      # return the specified cookbook name or the cookbook containing the
+      # resource.
+      #
+      # @return [String] name of the cookbook
+      def cookbook_name
+        new_resource.cookbook || new_resource.cookbook_name
+      end
+
+      # determine if a template file is available in the current run
+      # @param [String] path the path to the template file
+      #
+      # @return [Boolean] template file exists or doesn't
+      def template_available?(path)
+        !path.nil? && run_context.has_template_in_cookbook?(cookbook_name, path)
+      end
+
+      # determine if a cookbook file is available in the run
+      # @param [String] fn the path to the template file
+      #
+      # @return [Boolean] cookbook file exists or doesn't
+      def has_cookbook_file?(fn)
+        run_context.has_cookbook_file_in_cookbook?(cookbook_name, fn)
+      end
+
+      # Given the provided key URI determine what kind of chef resource we need
+      # to fetch the key
+      # @param [String] uri the uri of the gpg key (local path or http URL)
+      #
+      # @raise [Chef::Exceptions::FileNotFound] Key isn't remote or found in the current run
+      #
+      # @return [Symbol] :remote_file or :cookbook_file
+      def key_type(uri)
+        if uri.start_with?("http")
+          logger.trace("Will use :remote_file resource to cache the gpg key locally")
+          :remote_file
+        elsif has_cookbook_file?(uri)
+          logger.trace("Will use :cookbook_file resource to cache the gpg key locally")
+          :cookbook_file
+        else
+          raise Chef::Exceptions::FileNotFound, "Cannot determine location of gpgkey. Must start with 'http' or be a file managed by #{ChefUtils::Dist::Infra::PRODUCT}."
+        end
+      end
+
+      # the version of gpg installed on the system
+      #
+      # @return [Gem::Version] the version of GPG
+      def gpg_version
+        so = shell_out!("gpg --version")
+        # matches 2.0 and 2.2 versions from SLES 12 and 15: https://rubular.com/r/e6D0WfGK6SXvUp
+        version = /gpg \(GnuPG\)\s*(.*)/.match(so.stdout)[1]
+        logger.trace("GPG package version is #{version}")
+        Gem::Version.new(version)
+      end
+
+      # is the provided key already installed
+      # @param [String] key_path the path to the key on the local filesystem
+      #
+      # @return [boolean] is the key already known by rpm
+      def key_installed?(key_path)
+        so = shell_out("/bin/rpm -qa gpg-pubkey*")
+        # expected output & match: http://rubular.com/r/RdF7EcXEtb
+        status = /gpg-pubkey-#{short_key_id(key_path)}/.match(so.stdout)
+        logger.trace("GPG key at #{key_path} is known by rpm? #{status ? "true" : "false"}")
+        status
+      end
+
+      # extract the gpg key's short key id from a local file. Learning moment: This 8 hex value ID
+      # is sometimes incorrectly called the fingerprint. The fingerprint is the full length value
+      # and googling for that will just result in sad times.
+      #
+      # @param [String] key_path the path to the key on the local filesystem
+      #
+      # @return [String] the short key id of the key
+      def short_key_id(key_path)
+        if gpg_version >= Gem::Version.new("2.2") # SLES 15+
+          so = shell_out!("gpg --import-options import-show --dry-run --import --with-colons #{key_path}")
+          # expected output and match: https://rubular.com/r/uXWJo3yfkli1qA
+          short_key_id = /fpr:*\h*(\h{8}):/.match(so.stdout)[1].downcase
+        else # SLES 12 and earlier
+          so = shell_out!("gpg --with-fingerprint #{key_path}")
+          # expected output and match: http://rubular.com/r/BpfMjxySQM
+          short_key_id = %r{pub\s*\S*/(\S*)}.match(so.stdout)[1].downcase
+        end
+        logger.trace("GPG short key ID of key at #{key_path} is #{short_key_id}")
+        short_key_id
+      end
+
+      # install the provided gpg key
+      # @param [String] uri the uri of the local or remote gpg key
+      def install_gpg_key(uri)
+        unless uri
+          logger.debug("'gpgkey' property not provided or set to nil. Skipping key import.")
+          return
+        end
+
+        cached_keyfile = ::File.join(Chef::Config[:file_cache_path], uri.split("/")[-1])
+
+        declare_resource(key_type(new_resource.gpgkey), cached_keyfile) do
+          source uri
+          mode "0644"
+          sensitive new_resource.sensitive
+          action :create
+        end
+
+        declare_resource(:execute, "import gpg key from #{new_resource.gpgkey}") do
+          command "/bin/rpm --import #{cached_keyfile}"
+          not_if { key_installed?(cached_keyfile) }
+          action :run
+        end
+      end
+    end
+  end
+end
+
+Chef::Provider::Noop.provides :winget_source