| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Lance Albertson <lance@osuosl.org>
|
| |
|
|
|
| |
Signed-off-by: Marc Chamberland <chamberland.marc@gmail.com>
Signed-off-by: Lance Albertson <lance@osuosl.org>
|
| |
|
|
| |
Signed-off-by: mwrock <matt@mattwrock.com>
|
| |
|
|
| |
Signed-off-by: Tim Smith <tsmith@chef.io>
|
| |
|
|
|
|
|
|
| |
Legally incredibly dubious, particularly since we don't follow it
strictly as policy, and we have git history instead, which does it right.
This is just a waste of time and a cargo cult.
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
|
| |
|
|
|
|
| |
since we use double quotes, be consistent everywhere.
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
|
| |
|
|
|
|
|
| |
given how many regexps we have with /'s in the match this seems like
a very good one.
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
|
| |
|
|
| |
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
|
| |
|
|
|
|
|
| |
i like this one, gives visual priority to returns or raises that are
buried in the middle of things.
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
|
| |
|
|
| |
Signed-off-by: Marc Chamberland <mchamberland@pbsc.com>
|
| |
|
|
|
|
|
| |
This gives a speed boost since rubygems does not have to scan through
every gem in the gemset in order to find the file.
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
to_hash on a lot of these objects should go away, but even eliminating
all our calls to to_hash on these objects internally is difficult.
(e.g. converting the knife ui code to call #to_h means we wind up
calling nil#to_h which "helpfully" becomes '{}' which is hilarious and
i don't know why someone thought that was a good idea).
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
|
| |
|
|
| |
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
|
| |
|
|
|
|
| |
department of redundancy department
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
|
| |
|
|
| |
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
4174 Style/SpaceInsideHashLiteralBraces
1860 Style/SpaceAroundOperators
1336 Style/SpaceInsideBlockBraces
1292 Style/AlignHash
997 Style/SpaceAfterComma
860 Style/SpaceAroundEqualsInParameterDefault
310 Style/EmptyLines
294 Style/IndentationConsistency
267 Style/TrailingWhitespace
238 Style/ExtraSpacing
212 Style/SpaceBeforeBlockBraces
166 Style/MultilineOperationIndentation
144 Style/TrailingBlankLines
120 Style/EmptyLineBetweenDefs
101 Style/IndentationWidth
82 Style/SpaceAroundBlockParameters
40 Style/EmptyLinesAroundMethodBody
29 Style/EmptyLinesAroundAccessModifier
1 Style/RescueEnsureAlignment
|
| |
|
| |
Generated via git ls-files | xargs perl -pi -e "s/(Author.*?<[^@]+@)(?:opscode\\.com|getchef\\.com)(>)/\\1chef.io\\2/gi"
|
| |
|
| |
Created via git ls-files | xargs perl -pi -e "s/(Copyright.*?), Opscode(,)? Inc(\.)?/\\1, Chef Software Inc./gi"
|
| |
|
| |
Generated via git ls-files | xargs perl -pi -e "s/[Cc]opyright (?:\([Cc]\) )?((?\!$(date +%Y))\\d{4})(-\\d{4})?([, ][ \d]+)*(,|(?= ))/Copyright \\1-$(date +%Y),/g"
|
| |
|
|
|
|
|
| |
This is an entirely mechanically generated (chefstyle -a) change, to go
along with chef/chefstyle#5 . We should pick something and use it
consistently, and my opinion is that double quotes are the appropriate
thing.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
secret
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* Add an option to configure the version used when encrypting data bag
items. This allows users to opt-in to newer encrypted data bag formats
while the default remains compatible with earlier chef versions.
* Add an option to set a minimum valid encrypted data bag item format.
This is useful on the client so that, for example, a MITM attacker
cannot downgrade a v2 EDBI to v1.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Authenticated encryption data bag items will be version 2 of the
encrypted data bag item format instead of tacked on to the version 1
format.
Authenticated encryption via OpenSSL cipher was considered, but older
openssl versions do not have, e.g., aes-256-gcm, so we are implementing
encrypt-then-mac with hmac-sha256 on top of existing aes cipher.
Code passes tests but is not yet exposed in configuration. TODO:
* Allow user to set desired version for encrypt.
* Allow user to set minimum required version for decrypt. Without this
change, a MITM could simply change the format version to 1 to bypass
the hmac.
|
| |
|
|
|
|
|
|
|
|
| |
In Ci, we occasionally see test failures when decryption with an
incorrect key does not raise an error, but instead returns garbage.
This fixes that issue by adding an HMAC-SHA2-256 of the encrypted data
to the version 1 format. For backwards compatibility, decryption will
continue if the hmac is missing; therefore, this does not increase the
security of encrypted data bag items.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Remove references to DEFAULT_SECRET_FILE from
`Chef::EncryptedDataBagItem`.
* Add new `:encrypted_data_bag_secret` value to `Chef::Config`
* Ensure Chef::Config[:encrypted_data_bag_secret] is nil if the secret
does not exist at the default path.
* Updated test coverage in `config_spec` and
`encrypted_data_bag_item_spec`.
|
| |
|
|
| |
File.exists? was deprecated in Ruby 1.9
|
| |
|
|
|
|
| |
Adds "cipher" to the metadata fields for encrypted data bag items. This
enables user-configurable ciphers in the future. Cipher is still
hard-coded to aes-256-cbc for now.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
* Use JSON instead of YAML to serialize encrypted data bag values before
encrypting.
* Use a random IV for each encrypted value for resilience against some
types of crypto attacks. Fixes CHEF-3480.
|
|
|
The opscode/chef repository now only contains the core Chef library code
used by chef-client, knife and chef-solo!
|
