(PA-6886) Add Digicert to Solaris images

.rubocop.yml

@@ -5,29 +5,15 @@ require:
 - rubocop-rspec
 
 AllCops:
-  TargetRubyVersion: 2.3
+  TargetRubyVersion: 2.7
+  NewCops: enable
   Exclude:
   - "**/*.erb"
   - spec/**/*
   - vendor/**/*
   - examples/**/*
   - lib/vanagon/platform/defaults/*
 
-Capybara/MatchStyle:
-  Enabled: true
-
-Capybara/NegationMatcher:
-  Enabled: true
-
-Capybara/SpecificActions:
-  Enabled: true
-
-Capybara/SpecificFinders:
-  Enabled: true
-
-Capybara/SpecificMatcher:
-  Enabled: true
-
 Gemspec/DeprecatedAttributeAssignment:
   Enabled: true
 
@@ -395,15 +381,6 @@ RSpec/DuplicatedMetadata:
 RSpec/ExcessiveDocstringSpacing:
   Enabled: true
 
-RSpec/FactoryBot/ConsistentParenthesesStyle:
-  Enabled: true
-
-RSpec/FactoryBot/FactoryNameStyle:
-  Enabled: true
-
-RSpec/FactoryBot/SyntaxMethods:
-  Enabled: true
-
 RSpec/IdenticalEqualityAssertion:
   Enabled: true
 
@@ -416,21 +393,6 @@ RSpec/NoExpectationExample:
 RSpec/PendingWithoutReason:
   Enabled: true
 
-RSpec/Rails/AvoidSetupHook:
-  Enabled: true
-
-RSpec/Rails/HaveHttpStatus:
-  Enabled: true
-
-RSpec/Rails/InferredSpecType:
-  Enabled: true
-
-RSpec/Rails/MinitestAssertions:
-  Enabled: true
-
-RSpec/Rails/TravelAround:
-  Enabled: true
-
 RSpec/RedundantAround:
   Enabled: true
 
@@ -446,16 +408,16 @@ RSpec/SubjectDeclaration:
 RSpec/VerifiedDoubleReference:
   Enabled: true
 
-Rspec/BeforeAfterAll:
+RSpec/BeforeAfterAll:
   Enabled: false
 
-Rspec/ExampleLength:
+RSpec/ExampleLength:
   Enabled: false
 
-Rspec/HookArgument:
+RSpec/HookArgument:
   Enabled: false
 
-Rspec/MultipleMemoizedHelpers:
+RSpec/MultipleMemoizedHelpers:
   Enabled: false
 
 Security/CompoundHash:

CHANGELOG.md

@@ -3,8 +3,12 @@ All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](https://semver.org).
 
 This changelog adheres to [Keep a CHANGELOG](https://keepachangelog.com).
-
+### Changed
 ## [Unreleased]
+- Bump minimum ruby requirement to 2.7
+
+### Added
+- Add DigiCertGlobalRootG2 cert as part of Solaris default
 
 ## [0.52.0] - 2024-06-03
 ### Added

lib/vanagon/cli/build.rb

@@ -71,7 +71,7 @@ def options_translate(docopt_options)
           '<platforms>' => :platforms,
           '<targets>' => :targets
         }
-        return docopt_options.map { |k, v| [translations[k], v] }.to_h
+        return docopt_options.transform_keys { |k| translations[k] }
       end
 
       def options_validate(options)

lib/vanagon/cli/build_host_info.rb

@@ -51,7 +51,7 @@ def options_translate(docopt_options)
           '<platforms>' => :platforms,
           '<targets>' => :targets
         }
-        return docopt_options.map { |k, v| [translations[k], v] }.to_h
+        return docopt_options.transform_keys { |k| translations[k] }
       end
     end
   end

lib/vanagon/cli/build_requirements.rb

@@ -39,9 +39,8 @@ def run(options) # rubocop:disable Metrics/AbcSize
 
         components = driver.project.components
         component_names = components.map(&:name)
-        build_requirements = []
-        components.each do |component|
-          build_requirements << component.build_requires.reject do |requirement|
+        build_requirements = components.map do |component|
+          component.build_requires.reject do |requirement|
             # only include external requirements: i.e. those that do not match
             # other components in the project
             component_names.include?(requirement)
@@ -61,7 +60,7 @@ def options_translate(docopt_options)
           '<project-name>' => :project_name,
           '<platform>' => :platform,
         }
-        return docopt_options.map { |k, v| [translations[k], v] }.to_h
+        return docopt_options.transform_keys { |k| translations[k] }
       end
     end
   end

lib/vanagon/cli/completion.rb

@@ -37,7 +37,7 @@ def options_translate(docopt_options)
         translations = {
           '--shell' => :shell,
         }
-        return docopt_options.map { |k, v| [translations[k], v] }.to_h
+        return docopt_options.transform_keys { |k| translations[k] }
       end
     end
   end

lib/vanagon/cli/dependencies.rb

@@ -35,12 +35,10 @@ def run(options)
 
         projects.each do |project|
           platforms.each do |platform|
-            begin
-              artifact = Vanagon::Driver.new(platform, project, options)
-              artifact.dependencies
-            rescue RuntimeError => e
-              failures.push("#{project}, #{platform}: #{e}")
-            end
+            artifact = Vanagon::Driver.new(platform, project, options)
+            artifact.dependencies
+          rescue RuntimeError => e
+            failures.push("#{project}, #{platform}: #{e}")
           end
         end
 
@@ -92,7 +90,7 @@ def options_translate(docopt_options)
           '<project-name>' => :project_name,
           '<platforms>' => :platforms
         }
-        return docopt_options.map { |k, v| [translations[k], v] }.to_h
+        return docopt_options.transform_keys { |k| translations[k] }
       end
     end
   end

lib/vanagon/cli/inspect.rb

@@ -56,7 +56,7 @@ def options_translate(docopt_options)
           '<project-name>' => :project_name,
           '<platforms>' => :platforms
         }
-        return docopt_options.map { |k, v| [translations[k], v] }.to_h
+        return docopt_options.transform_keys { |k| translations[k] }
       end
 
       def options_validate(options)

lib/vanagon/cli/list.rb

@@ -87,7 +87,7 @@ def options_translate(docopt_options)
           '--projects' => :projects,
           '--use-spaces' => :use_spaces,
         }
-        return docopt_options.map { |k, v| [translations[k], v] }.to_h
+        return docopt_options.transform_keys { |k| translations[k] }
       end
     end
   end

lib/vanagon/cli/render.rb

@@ -53,7 +53,7 @@ def options_translate(docopt_options)
           '<project-name>' => :project_name,
           '<platforms>' => :platforms,
         }
-        return docopt_options.map { |k, v| [translations[k], v] }.to_h
+        return docopt_options.transform_keys { |k| translations[k] }
       end
     end
   end

lib/vanagon/cli/ship.rb

@@ -22,7 +22,7 @@ def parse(argv)
       def run(_)
         ENV['PROJECT_ROOT'] = Dir.pwd
 
-        if Dir['output/**/*'].select { |entry| File.file?(entry) }.empty?
+        if Dir['output/**/*'].none? { |entry| File.file?(entry) }
           VanagonLogger.error 'vanagon: Error: No packages to ship in the "output" directory. Maybe build some first?'
           exit 1
         end

lib/vanagon/cli/sign.rb

@@ -21,7 +21,7 @@ def parse(argv)
 
       def run(_)
         ENV['PROJECT_ROOT'] = Dir.pwd
-        if Dir['output/**/*'].select { |entry| File.file?(entry) }.empty?
+        if Dir['output/**/*'].none? { |entry| File.file?(entry) }
           VanagonLogger.error 'sign: Error: No packages to sign in the "output" directory. Maybe build some first?'
           exit 1
         end

lib/vanagon/common/user.rb

@@ -15,10 +15,10 @@ def initialize(name, group = nil, shell = nil, is_system = false, homedir = nil)
       #
       # @return [true, false] true if all attributes have equal values. false otherwise.
       def ==(other)
-        other.name == self.name && \
-          other.group == self.group && \
-          other.shell == self.shell && \
-          other.is_system == self.is_system && \
+        other.name == self.name &&
+          other.group == self.group &&
+          other.shell == self.shell &&
+          other.is_system == self.is_system &&
           other.homedir == self.homedir
       end
     end

lib/vanagon/component.rb

@@ -260,27 +260,25 @@ def mirrors # rubocop:disable Lint/DuplicateMethods
     #   if #fetch is successful.
     def fetch_mirrors(options)
       mirrors.to_a.shuffle.each do |mirror|
-        begin
-          VanagonLogger.info %(Attempting to fetch from mirror URL "#{mirror}")
-          @source = Vanagon::Component::Source.source(mirror, **options)
-          return true if source.fetch
-        rescue Vanagon::InvalidSource
-          # This means that the URL was not a git repo or a valid downloadable file,
-          # which means either the URL is incorrect, or we don't have access to that
-          # resource. Return false, so that the pkg.url value can be used instead.
-          VanagonLogger.error %(Invalid source "#{mirror}")
-        rescue SocketError
-          # SocketError means that there was no DNS/name resolution
-          # for whatever remote protocol the mirror tried to use.
-          VanagonLogger.error %(Unable to resolve mirror URL "#{mirror}")
-        rescue StandardError
-          # Source retrieval does not consistently return a meaningful
-          # namespaced error message, which means we're brute-force rescuing
-          # StandardError. Also, we want to handle other unexpected things when
-          # we try reaching out to the URL, so that we can gracefully return
-          # false and fall back to fetching the pkg.url value instead.
-          VanagonLogger.error %(Unable to retrieve mirror URL "#{mirror}")
-        end
+        VanagonLogger.info %(Attempting to fetch from mirror URL "#{mirror}")
+        @source = Vanagon::Component::Source.source(mirror, **options)
+        return true if source.fetch
+      rescue Vanagon::InvalidSource
+        # This means that the URL was not a git repo or a valid downloadable file,
+        # which means either the URL is incorrect, or we don't have access to that
+        # resource. Return false, so that the pkg.url value can be used instead.
+        VanagonLogger.error %(Invalid source "#{mirror}")
+      rescue SocketError
+        # SocketError means that there was no DNS/name resolution
+        # for whatever remote protocol the mirror tried to use.
+        VanagonLogger.error %(Unable to resolve mirror URL "#{mirror}")
+      rescue StandardError
+        # Source retrieval does not consistently return a meaningful
+        # namespaced error message, which means we're brute-force rescuing
+        # StandardError. Also, we want to handle other unexpected things when
+        # we try reaching out to the URL, so that we can gracefully return
+        # false and fall back to fetching the pkg.url value instead.
+        VanagonLogger.error %(Unable to retrieve mirror URL "#{mirror}")
       end
       false
     end

lib/vanagon/engine/docker.rb

@@ -140,12 +140,10 @@ def docker_cp_globs_from(globs, host_path)
       # @return [void]
       def wait_for_ssh
         Vanagon::Utilities.retry_with_timeout(5, 5) do
-          begin
-            Vanagon::Utilities.remote_ssh_command("#{@target_user}@#{@target}", 'exit', @target_port)
-          rescue StandardError => e
-            sleep(1) # Give SSHD some time to start.
-            raise e
-          end
+          Vanagon::Utilities.remote_ssh_command("#{@target_user}@#{@target}", 'exit', @target_port)
+        rescue StandardError => e
+          sleep(1) # Give SSHD some time to start.
+          raise e
         end
       rescue StandardError => e
         raise Vanagon::Error.wrap(e, "SSH was not up in the container after 5 seconds.")

lib/vanagon/logger.rb

@@ -22,7 +22,7 @@ def self.error(msg)
   end
 
   def initialize(output = $stdout)
-    super(output)
+    super
     self.level = ::Logger::INFO
     self.formatter = proc do |severity, datetime, progname, msg|
       "#{msg}\n"

lib/vanagon/platform/deb.rb

@@ -144,7 +144,7 @@ def initialize(name)
         @num_cores = "/usr/bin/nproc"
         @curl = "curl --silent --show-error --fail --location"
         @valid_operators = ['<', '>', '<=', '>=', '=', '<<', '>>']
-        super(name)
+        super
       end
     end
   end

lib/vanagon/platform/defaults/solaris-11-i386.rb

@@ -1,9 +1,44 @@
 platform "solaris-11-i386" do |plat|
+
+# Source: https://www.digicert.com/kb/digicert-root-certificates.htm 
+# Valid until: 15/Jan/2038
+# Serial #: 03:3A:F1:E6:A7:11:A9:A0:BB:28:64:B1:1D:09:FA:E5
+# SHA256 Fingerprint: CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F  
+# https://perforce.atlassian.net/browse/RE-16540 for long term fix for this
+# Required by Vanagon while on Solaris 11.1 (solaris-11-x86_64 in our local vmpooler)
+DigiCertGlobalRootG2 = <<-STRING
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
+MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
+2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
+1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
+q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
+tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
+vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV
+5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY
+1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
+NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
+Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
+8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
+pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
+MrY=
+-----END CERTIFICATE-----
+STRING
   plat.servicedir "/lib/svc/manifest"
   plat.defaultdir "/lib/svc/method"
   plat.servicetype "smf"
-
+  
   plat.vmpooler_template "solaris-11-x86_64"
+  plat.provision_with "echo '#{DigiCertGlobalRootG2}'> /etc/openssl/certs/DigiCertGlobalRootG2.pem"
+  plat.provision_with 'chmod a+r /etc/openssl/certs/DigiCertGlobalRootG2.pem'
+  plat.provision_with 'ln -s /etc/openssl/certs/DigiCertGlobalRootG2.pem /etc/openssl/certs/607986c7.0'
+  plat.provision_with '/usr/sbin/svcadm restart /system/ca-certificates'
   plat.add_build_repository "http://solaris-11-reposync.delivery.puppetlabs.net:81", "puppetlabs.com"
   plat.install_build_dependencies_with "pkg install ", " || [[ $? -eq 4 ]]"
 end

lib/vanagon/platform/dsl.rb

@@ -247,7 +247,7 @@ def servicedir(dir)
         @platform.servicedir = dir
 
         # Add to the servicetypes array if we haven't already
-        if @platform.servicetype && @platform.servicedir && @platform.servicetypes.select { |s| s.servicetype == @platform.servicetype }.empty?
+        if @platform.servicetype && @platform.servicedir && @platform.servicetypes.none? { |s| s.servicetype == @platform.servicetype }
           @platform.servicetypes << OpenStruct.new(:servicetype => @platform.servicetype, :servicedir => @platform.servicedir)
         end
       end
@@ -263,15 +263,15 @@ def defaultdir(dir)
       #
       # @param type [String] service type for the platform ('sysv' for example)
       # @param servicedir [String] service dir for this platform and service type ('/etc/init.d' for example). Optional.
-      def servicetype(type, servicedir: nil) # rubocop:disable Metrics/AbcSize
+      def servicetype(type, servicedir: nil)
         if servicedir
           @platform.servicetypes << OpenStruct.new(:servicetype => type, :servicedir => servicedir)
         else
           @platform.servicetype = type
         end
 
         # Add to the servicetypes array if we haven't already
-        if @platform.servicetype && @platform.servicedir && @platform.servicetypes.select { |s| s.servicetype == @platform.servicetype }.empty?
+        if @platform.servicetype && @platform.servicedir && @platform.servicetypes.none? { |s| s.servicetype == @platform.servicetype }
           @platform.servicetypes << OpenStruct.new(:servicetype => @platform.servicetype, :servicedir => @platform.servicedir)
         end
       end