diff --git a/configs/components/openssl-3.5.rb b/configs/components/openssl-3.5.rb new file mode 100644 index 00000000..f6c4d307 --- /dev/null +++ b/configs/components/openssl-3.5.rb @@ -0,0 +1,152 @@ +##### +# Component release information: +# https://github.com/openssl/openssl/releases +# 3.5 isn't latest openssl, but latest LTS: https://openssl-library.org/policies/releasestrat/index.html +##### +component 'openssl' do |pkg, settings, platform| + pkg.version '3.5.6' + pkg.sha256sum 'deae7c80cba99c4b4f940ecadb3c3338b13cb77418409238e57d7f31f2a3b736' + pkg.url "https://github.com/openssl/openssl/releases/download/openssl-#{pkg.get_version}/openssl-#{pkg.get_version}.tar.gz" + pkg.mirror "#{settings[:buildsources_url]}/openssl-#{pkg.get_version}.tar.gz" + + ############################# + # ENVIRONMENT, FLAGS, TARGETS + ############################# + + if platform.name =~ /^(amazon-|el-|redhat-|redhatfips-|fedora-)/ + pkg.build_requires 'perl-core' + pkg.build_requires 'perl' + end + + target = sslflags = '' + cflags = settings[:cflags] + ldflags = settings[:ldflags] + + if platform.is_windows? + pkg.environment 'PATH', "$(shell cygpath -u #{settings[:gcc_bindir]}):$(PATH)" + pkg.environment 'CYGWIN', settings[:cygwin] + pkg.environment 'MAKE', platform[:make] + + target = 'mingw64' + elsif platform.is_macos? + pkg.environment 'PATH', '$(PATH):/opt/homebrew/bin:/usr/local/bin' + pkg.environment 'CFLAGS', settings[:cflags] + pkg.environment 'CC', settings[:cc] + pkg.environment 'MACOSX_DEPLOYMENT_TARGET', settings[:deployment_target] + + target = if platform.architecture == 'arm64' + 'darwin64-arm64' + else + 'darwin64-x86_64' + end + elsif platform.is_linux? + pkg.environment 'PATH', '/opt/pl-build-tools/bin:$(PATH):/usr/local/bin' + + ldflags = "#{settings[:ldflags]} -Wl,-z,relro" + case platform.architecture + when /86$/ + target = 'linux-elf' + sslflags = '386' + when /aarch64$/ + target = 'linux-aarch64' + when /64$/ + target = 'linux-x86_64' + when 'armhf' + target = 'linux-armv4' + end + end + + #################### + # BUILD REQUIREMENTS + #################### + + pkg.build_requires "runtime-#{settings[:runtime_project]}" + + ########### + # CONFIGURE + ########### + + # Defining --libdir ensures that we avoid the multilib (lib/ vs. lib64/) problem, + # since configure uses the existence of a lib64 directory to determine + # if it should install its own libs into a multilib dir. Yay OpenSSL! + configure_flags = [ + "--prefix=#{settings[:prefix]}", + '--libdir=lib', + "--openssldir=#{settings[:prefix]}/ssl", + 'shared', + 'no-gost', + target, + sslflags, + 'no-camellia', + 'no-md2', + 'no-ssl3', + 'no-ssl3-method', + 'no-dtls1-method', + 'no-dtls1_2-method', + 'no-aria', + 'no-bf', + 'no-cast', + 'no-des', + 'no-rc5', + 'no-mdc2', + 'no-rmd160', + 'no-whirlpool' + ] + + if settings[:use_legacy_openssl_algos] + pkg.apply_patch 'resources/patches/openssl/openssl-3-activate-legacy-algos.patch' + else + configure_flags << 'no-legacy' << 'no-md4' + end + + # Individual projects may provide their own openssl configure flags: + project_flags = settings[:openssl_extra_configure_flags] || [] + configure_flags << project_flags + + pkg.environment 'CFLAGS', cflags + pkg.environment 'LDFLAGS', ldflags + pkg.configure do + ["./Configure #{configure_flags.join(' ')}"] + end + + ####### + # BUILD + ####### + + build_commands = [] + + if platform.is_windows? && platform.architecture == 'x86' + # mingw-w32 5.2.0 has a bug in include/winnt.h that declares GetCurrentFiber + # with __CRT_INLINE, which results in the function not being inlined and + # generates a linker error: undefined reference to `GetCurrentFiber'. + # This only affects 32-bit builds + # See https://github.com/openssl/openssl/issues/513 + # See https://github.com/mingw-w64/mingw-w64/commit/8da1aae7a7ff5bf996878dc8fe30a0e01e210e5a + pkg.add_source('file://resources/patches/windows/FORCEINLINE-i686-w64-mingw32-winnt.h') + build_commands << "#{platform.patch} --dir #{settings[:gcc_root]}/#{settings[:platform_triple]} --strip=2 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../FORCEINLINE-i686-w64-mingw32-winnt.h" + end + + build_commands << "#{platform[:make]} depend" + build_commands << platform[:make] + + pkg.build do + build_commands + end + + ######### + # INSTALL + ######### + + install_prefix = platform.is_windows? ? '' : 'INSTALL_PREFIX=/' + install_commands = [] + + # Skip man and html docs + install_commands << "#{platform[:make]} #{install_prefix} install_sw install_ssldirs" + install_commands << "rm -f #{settings[:prefix]}/bin/c_rehash" + + pkg.install do + install_commands + end + + pkg.install_file 'LICENSE.txt', "#{settings[:prefix]}/share/doc/openssl-#{pkg.get_version}/LICENSE" +end diff --git a/configs/components/ruby-4.0.rb b/configs/components/ruby-4.0.rb new file mode 100644 index 00000000..7e6c31d8 --- /dev/null +++ b/configs/components/ruby-4.0.rb @@ -0,0 +1,279 @@ +##### +# Component release information: +# https://github.com/ruby/ruby/releases +# https://www.ruby-lang.org/en/downloads/releases/ +# Notes: +# The file name of the ruby component must match the ruby_version +##### +component 'ruby-4.0' do |pkg, settings, platform| + pkg.version '4.0.3' + pkg.sha256sum '77964acc370d5c8375b9502e5ba6c13c03ef91ab9eb9f521c84fb42b9c9a6b0f' + + ruby_dir = settings[:ruby_dir] + ruby_bindir = settings[:ruby_bindir] + host_ruby = settings[:host_ruby] + + # rbconfig-update is used to munge rbconfigs after the fact. + pkg.add_source('file://resources/files/ruby/rbconfig-update.rb') + + # Most ruby configuration happens in the base ruby config: + instance_eval File.read('configs/components/_base-ruby.rb') + + ######### + # PATCHES + ######### + + # base = 'resources/patches/ruby_32' + + # pkg.apply_patch "#{base}/rbinstall_gem_path.patch" if platform.is_cross_compiled? + + # if platform.is_windows? + # pkg.apply_patch "#{base}/windows_mingw32_mkmf.patch" + # pkg.apply_patch "#{base}/ruby-faster-load_32.patch" + # pkg.apply_patch "#{base}/revert_speed_up_rebuilding_loaded_feature_index.patch" + # pkg.apply_patch "#{base}/revert-ruby-double-load-symlink.patch" + # pkg.apply_patch "#{base}/revert_ruby_utf8_default_encoding.patch" + # end + + # if platform.is_fips? + # # This is needed on Ruby < 3.3 until the fix is backported (if ever) + # # See: https://bugs.ruby-lang.org/issues/20000 + # pkg.apply_patch "#{base}/openssl3_fips.patch" + # end + + #################### + # ENVIRONMENT, FLAGS + #################### + + cflags = settings[:cflags] + cppflags = settings[:cppflags] + if platform.is_macos? + pkg.environment 'optflags', cflags + pkg.environment 'CFLAGS', cflags + pkg.environment 'CPPFLAGS', cppflags + pkg.environment 'LDFLAGS', settings[:ldflags] + pkg.environment 'CC', settings[:cc] + pkg.environment 'CXX', settings[:cxx] + pkg.environment 'MACOSX_DEPLOYMENT_TARGET', settings[:deployment_target] + pkg.environment 'PATH', '$(PATH):/opt/homebrew/bin:/usr/local/bin' + elsif platform.is_windows? + optflags = "#{cflags} -O3" + pkg.environment 'optflags', optflags + pkg.environment 'CFLAGS', optflags + pkg.environment 'MAKE', 'make' + elsif platform.is_cross_compiled? + pkg.environment 'CROSS_COMPILING', 'true' + else + pkg.environment 'optflags', '-O2' + end + + special_flags = " --prefix=#{ruby_dir} --with-opt-dir=#{settings[:prefix]} " + + if (platform.is_debian? && platform.os_version.to_i >= 13) || (platform.is_ubuntu? && platform.os_version.to_f >= 25.04 || platform.is_sles? && platform.os_version.to_i >= 16) + # A problem with --enable-dtrace, which I suspect may be because of GCC on the Trixie image. + # Check if this is still needed next time we bump Ruby and/or bump the Debian 13 + # container to the release version. + cflags += ' -Wno-error=implicit-function-declaration ' + end + + special_flags += " CFLAGS='#{cflags}' LDFLAGS='#{settings[:ldflags]}' CPPFLAGS='#{settings[:cppflags]}' " if settings[:supports_pie] + + # Ruby's build process requires a "base" ruby and we need a ruby to install + # gems into the /opt/puppetlabs/puppet/lib directory. + # + # For cross-compiles, the base ruby must be executable on the host we're + # building on (usually Intel), not the arch we're building for (such as + # SPARC). This is usually pl-ruby. + # + # For native compiles, we don't want ruby's build process to use whatever ruby + # is in the PATH, as it's probably too old to build ruby 3.2. And we don't + # want to use/maintain pl-ruby if we don't have to. Instead set baseruby to + # "no" which will force ruby to build and use miniruby. + special_flags += if platform.is_cross_compiled? + " --with-baseruby=#{host_ruby} " + else + ' --with-baseruby=no ' + end + + if platform.is_cross_compiled? && platform.is_macos? + # When the target arch is aarch64, ruby incorrectly selects the 'ucontext' coroutine + # implementation instead of 'arm64', so specify 'amd64' explicitly + # https://github.com/ruby/ruby/blob/c9c2245c0a25176072e02db9254f0e0c84c805cd/configure.ac#L2329-L2330 + special_flags += ' --with-coroutine=arm64 ' + elsif platform.is_windows? + # ruby's configure script guesses the build host is `cygwin`, because we're using + # cygwin opensshd & bash. So mkmf will convert compiler paths, e.g. -IC:/... to + # cygwin paths, -I/cygdrive/c/..., which confuses mingw-w64. So specify the build + # target explicitly. + special_flags += " CPPFLAGS='-DFD_SETSIZE=2048' debugflags=-g " + + special_flags += ' --build x86_64-w64-mingw32 ' + elsif platform.is_macos? + special_flags += " --with-openssl-dir=#{settings[:prefix]} " + end + + without_dtrace = [ + 'aix-7.2-ppc', + 'el-7-ppc64le', + 'macos-all-arm64', + 'macos-all-x86_64', + 'redhatfips-7-x86_64', + 'sles-12-ppc64le', + 'solaris-11-sparc', + 'solaris-113-sparc', + 'windows-all-x64', + 'windowsfips-2016-x64' + ] + + special_flags += ' --enable-dtrace ' unless without_dtrace.include? platform.name + + ########### + # CONFIGURE + ########### + pkg.configure { ['bash autogen.sh'] } + + # we want to provide the different just in time compilers where possible + # they require a modern rust version + # https://docs.ruby-lang.org/en/master/jit/zjit_md.html zjit: Rust 1.85.0 + # https://docs.ruby-lang.org/en/master/jit/yjit_md.html yjit: Rust 1.58.0 + platforms_without_rust = [ + 'debian-11-aarch64', + 'debian-11-amd64', + 'debian-12-aarch64', + 'debian-12-amd64', + 'debian-13-armhf', + 'macos-all-arm64', + 'macos-all-x86_64', + 'sles-15-x86_64', + 'sles-16-aarch64', + 'sles-16-x86_64', + 'ubuntu-22.04-aarch64', + 'ubuntu-22.04-amd64', + 'ubuntu-24.04-aarch64', + 'ubuntu-24.04-amd64', + 'ubuntu-24.04-armhf', + 'ubuntu-25.04-aarch64', + 'ubuntu-25.04-amd64', + 'ubuntu-25.04-armhf', + 'ubuntu-26.04-armhf', + 'windows-all-x64' + ] + if platforms_without_rust.include? platform.name + configure_flags = '' + else + pkg.build_requires 'rustc' + configure_flags = '--enable-yjit --enable-zjit' + end + pkg.configure do + [ + "bash configure \ + --enable-shared \ + --disable-install-doc \ + --disable-install-rdoc \ + #{settings[:host]} \ + #{special_flags} \ + #{configure_flags}" + ] + end + + ######### + # INSTALL + ######### + + if platform.is_windows? + # Ruby 3.2 copies bin/gem to $ruby_bindir/gem.cmd, but generates bat files for + # other gems like bundle.bat, irb.bat, etc. Just rename the cmd.cmd to cmd.bat + # as we used to in ruby 2.7 and earlier. + # + # Note that this step must happen after the install step above. + pkg.install do + %w[gem].map do |name| + "mv #{ruby_bindir}/#{name}.cmd #{ruby_bindir}/#{name}.bat" + end + end + + # Required when using `stack-protection-strong` and older versions of mingw-w64-gcc + pkg.install_file File.join(settings[:gcc_bindir], 'libssp-0.dll'), File.join(settings[:bindir], 'libssp-0.dll') + end + + target_doubles = { + 'powerpc-ibm-aix7.2.0.0' => 'powerpc-aix7.2.0.0', + 'aarch64-redhat-linux' => 'aarch64-linux', + 'ppc64-redhat-linux' => 'powerpc64-linux', + 'ppc64le-redhat-linux' => 'powerpc64le-linux', + 'powerpc64le-suse-linux' => 'powerpc64le-linux', + 'powerpc64le-linux-gnu' => 'powerpc64le-linux', + 'i386-pc-solaris2.10' => 'i386-solaris2.10', + 'sparc-sun-solaris2.10' => 'sparc-solaris2.10', + 'i386-pc-solaris2.11' => 'i386-solaris2.11', + 'sparc-sun-solaris2.11' => 'sparc-solaris2.11', + 'arm-linux-gnueabihf' => 'arm-linux-eabihf', + 'arm-linux-gnueabi' => 'arm-linux-eabi', + 'x86_64-w64-mingw32' => 'x64-mingw32', + 'i686-w64-mingw32' => 'i386-mingw32' + } + rbconfig_topdir = if target_doubles.key?(settings[:platform_triple]) + File.join(ruby_dir, 'lib', 'ruby', '4.0.0', target_doubles[settings[:platform_triple]]) + else + "$$(#{ruby_bindir}/ruby -e \"puts RbConfig::CONFIG[\\\"topdir\\\"]\")" + end + + # When cross compiling or building on non-linux, we sometimes need to patch + # the rbconfig.rb in the "host" ruby so that later when we try to build gems + # with native extensions, like ffi, the "host" ruby's mkmf will use the CC, + # etc specified below. For example, if we're building on mac Intel for ARM, + # then the CC override allows us to build ffi_c.so for ARM as well. The + # "host" ruby is configured in _shared-agent-settings + rbconfig_changes = {} + if platform.is_aix? + rbconfig_changes['CC'] = 'gcc' + elsif platform.is_cross_compiled? || (platform.is_solaris? && platform.architecture != 'sparc') + # REMIND: why are we overriding rbconfig for solaris intel? + rbconfig_changes['CC'] = 'gcc' + rbconfig_changes['warnflags'] = + '-Wall -Wextra -Wno-unused-parameter -Wno-parentheses -Wno-long-long -Wno-missing-field-initializers -Wno-tautological-compare -Wno-parentheses-equality -Wno-constant-logical-operand -Wno-self-assign -Wunused-variable -Wimplicit-int -Wpointer-arith -Wwrite-strings -Wdeclaration-after-statement -Wimplicit-function-declaration -Wdeprecated-declarations -Wno-packed-bitfield-compat -Wsuggest-attribute=noreturn -Wsuggest-attribute=format -Wno-maybe-uninitialized' + if platform.name =~ /el-7-ppc64/ + # EL 7 on POWER will fail with -Wl,--compress-debug-sections=zlib so this + # will remove that entry + # Matches both endians + rbconfig_changes['DLDFLAGS'] = + '-Wl,-rpath=/opt/puppetlabs/puppet/lib -L/opt/puppetlabs/puppet/lib -Wl,-rpath,/opt/puppetlabs/puppet/lib' + elsif platform.name =~ /sles-12-ppc64le/ + # the ancient gcc version on sles-12-ppc64le does not understand -fstack-protector-strong, so remove the `strong` part + rbconfig_changes['LDFLAGS'] = + '-L. -Wl,-rpath=/opt/puppetlabs/puppet/lib -fstack-protector -rdynamic -Wl,-export-dynamic -L/opt/puppetlabs/puppet/lib' + end + elsif platform.is_macos? + rbconfig_changes['CC'] = "#{settings[:cc]} #{cflags}" + elsif platform.is_windows? + rbconfig_changes['CC'] = 'x86_64-w64-mingw32-gcc' + end + + pkg.add_source('file://resources/files/ruby_vendor_gems/operating_system.rb') + defaults_dir = File.join(settings[:libdir], 'ruby/4.0.0/rubygems/defaults') + pkg.directory(defaults_dir) + pkg.install_file '../operating_system.rb', File.join(defaults_dir, 'operating_system.rb') + + certs_dir = File.join(settings[:libdir], 'ruby/4.0.0/rubygems/ssl_certs/puppetlabs.net') + pkg.directory(certs_dir) + + pkg.add_source('file://resources/files/rubygems/COMODO_RSA_Certification_Authority.pem') + pkg.install_file '../COMODO_RSA_Certification_Authority.pem', + File.join(certs_dir, 'COMODO_RSA_Certification_Authority.pem') + + pkg.add_source('file://resources/files/rubygems/GlobalSignRootCA_R3.pem') + pkg.install_file '../GlobalSignRootCA_R3.pem', File.join(certs_dir, 'GlobalSignRootCA_R3.pem') + + pkg.add_source('file://resources/files/rubygems/DigiCertGlobalRootG2.pem') + pkg.install_file '../DigiCertGlobalRootG2.pem', File.join(certs_dir, 'DigiCertGlobalRootG2.pem') + + if rbconfig_changes.any? + pkg.install do + [ + "#{host_ruby} ../rbconfig-update.rb \"#{rbconfig_changes.to_s.gsub('"', '\"')}\" #{rbconfig_topdir}", + "cp original_rbconfig.rb #{settings[:datadir]}/doc/rbconfig-#{pkg.get_version}-orig.rb", + "cp new_rbconfig.rb #{rbconfig_topdir}/rbconfig.rb" + ] + end + end +end diff --git a/configs/components/ruby-shadow-patched.json b/configs/components/ruby-shadow-patched.json new file mode 100644 index 00000000..cbf73ccb --- /dev/null +++ b/configs/components/ruby-shadow-patched.json @@ -0,0 +1,4 @@ +{ + "url": "https://github.com/voxpupuli/ruby-shadow", + "ref": "bc7752a9ddbde06c1418734d003a9607bafcc6df" +} diff --git a/configs/components/ruby-shadow-patched.rb b/configs/components/ruby-shadow-patched.rb new file mode 100644 index 00000000..7a7252a4 --- /dev/null +++ b/configs/components/ruby-shadow-patched.rb @@ -0,0 +1,34 @@ +##### +# Component release information: +# https://github.com/apalmblad/ruby-shadow/tags +# https://rubygems.org/gems/ruby-shadow +# contains https://github.com/apalmblad/ruby-shadow/pull/29 +# We are building https://github.com/voxpupuli/ruby-shadow/compare/patch-extconf +# * contains https://github.com/apalmblad/ruby-shadow/pull/29 +# * diff https://github.com/apalmblad/ruby-shadow/compare/master...bastelfreak:ruby-shadow:patch-extconf +##### +component 'ruby-shadow-patched' do |pkg, settings, platform| + pkg.load_from_json('configs/components/ruby-shadow-patched.json') + + pkg.build_requires "ruby-#{settings[:ruby_version]}" + + pkg.environment 'CONFIGURE_ARGS', '--vendor' + + if platform.is_cross_compiled? + pkg.environment 'RUBY', settings[:host_ruby] + ruby = "#{settings[:host_ruby]} -r#{settings[:datadir]}/doc/rbconfig-#{settings[:ruby_version]}-orig.rb" + else + ruby = File.join(settings[:ruby_bindir], 'ruby') + end + + pkg.build do + [ + "#{ruby} extconf.rb", + "#{platform[:make]} -e -j$(shell expr $(shell #{platform[:num_cores]}) + 1)" + ] + end + + pkg.install do + ["#{platform[:make]} -e -j$(shell expr $(shell #{platform[:num_cores]}) + 1) DESTDIR=/ install"] + end +end diff --git a/configs/components/runtime-agent.rb b/configs/components/runtime-agent.rb index e6eb3527..a94096f0 100644 --- a/configs/components/runtime-agent.rb +++ b/configs/components/runtime-agent.rb @@ -25,19 +25,7 @@ libdir = '/opt/pl-build-tools/lib64' end - # The runtime script uses readlink, which is in an odd place on Solaris systems: - pkg.environment 'PATH', '$(PATH):/opt/csw/gnu' if platform.is_solaris? - - if platform.is_aix? - pkg.install_file File.join(libdir, 'libstdc++.a'), '/opt/puppetlabs/puppet/lib/libstdc++.a' - pkg.install_file File.join(libdir, 'libgcc_s.a'), '/opt/puppetlabs/puppet/lib/libgcc_s.a' - pkg.install_file File.join(libdir, 'libatomic.a'), '/opt/puppetlabs/puppet/lib/libatomic.a' - pkg.install_file '/opt/freeware/lib/libiconv.a', '/opt/puppetlabs/puppet/lib/libiconv.a' - pkg.install_file '/opt/freeware/lib/libncurses.so.6.4.0', '/opt/puppetlabs/puppet/lib/libncurses.so.6.4.0' - pkg.link 'libncurses.so.6.4.0', '/opt/puppetlabs/puppet/lib/libncurses.so' - pkg.install_file '/opt/freeware/lib/libreadline.a', '/opt/puppetlabs/puppet/lib/libreadline.a' - pkg.install_file '/opt/freeware/lib/libz.a', '/opt/puppetlabs/puppet/lib/libz.a' - elsif platform.is_windows? + if platform.is_windows? lib_type = platform.architecture == 'x64' ? 'seh' : 'sjlj' pkg.install_file "#{settings[:gcc_bindir]}/libgcc_s_#{lib_type}-1.dll", "#{settings[:bindir]}/libgcc_s_#{lib_type}-1.dll" @@ -54,10 +42,5 @@ pkg.install_file "#{settings[:tools_root]}/bin/libgdbm_compat-4.dll", "#{settings[:ruby_bindir]}/libgdbm_compat-4.dll" pkg.install_file "#{settings[:tools_root]}/bin/libffi-6.dll", "#{settings[:ruby_bindir]}/libffi-6.dll" - elsif platform.is_solaris? || - platform.name =~ /redhatfips-7/ - pkg.install do - "bash runtime.sh #{libdir} puppet" - end end end diff --git a/configs/projects/_shared-agent-settings.rb b/configs/projects/_shared-agent-settings.rb index 96e4cc47..11c15b4c 100644 --- a/configs/projects/_shared-agent-settings.rb +++ b/configs/projects/_shared-agent-settings.rb @@ -148,8 +148,6 @@ # Load default compiler settings instance_eval File.read('configs/projects/_shared-compiler-settings.rb') -proj.setting(:openssl_version, '3.0') - if platform.is_windows? proj.setting(:gcc_root, '/usr/x86_64-w64-mingw32/sys-root/mingw') proj.setting(:gcc_bindir, "#{proj.gcc_root}/bin") diff --git a/configs/projects/agent-runtime-8.x.rb b/configs/projects/agent-runtime-8.x.rb index 2f3e370a..d78fbcb4 100644 --- a/configs/projects/agent-runtime-8.x.rb +++ b/configs/projects/agent-runtime-8.x.rb @@ -2,6 +2,7 @@ # Set preferred component versions if they differ from defaults: proj.setting :ruby_version, '3.2' # Leave the .Z out for Ruby 3.2 proj.setting :rubygem_highline_version, '3.0.1' + proj.setting :openssl_version, '3.0' ######## # Load shared agent settings diff --git a/configs/projects/agent-runtime-main.rb b/configs/projects/agent-runtime-main.rb index f9a254cc..45ef90a5 100644 --- a/configs/projects/agent-runtime-main.rb +++ b/configs/projects/agent-runtime-main.rb @@ -1,7 +1,8 @@ project 'agent-runtime-main' do |proj| # Set preferred component versions if they differ from defaults: - proj.setting :ruby_version, '3.2' # Leave the .Z out for Ruby 3.2 - proj.setting :rubygem_highline_version, '3.0.1' + proj.setting :ruby_version, '4.0' # Leave the .Z out + proj.setting :rubygem_highline_version, '3.1.2' + proj.setting :openssl_version, '3.5' ######## # Load shared agent settings @@ -41,10 +42,10 @@ proj.component 'libyaml' proj.component "openssl-#{proj.openssl_version}" - proj.component 'curl' proj.component 'puppet-ca-bundle' proj.component "ruby-#{proj.ruby_version}" + # needs to come before hiera-eyaml. Otherwise vanagon tries to install a deb/rpm called rubygem-base64 proj.component 'rubygem-base64' proj.component 'rubygem-concurrent-ruby' proj.component 'rubygem-deep_merge' @@ -56,7 +57,6 @@ proj.component 'rubygem-highline' proj.component 'rubygem-hocon' proj.component 'rubygem-locale' - proj.component 'rubygem-multi_json' # TODO: obsolete for openvox 9 - https://github.com/OpenVoxProject/openvox/pull/293 proj.component 'rubygem-net-ssh' proj.component 'rubygem-optimist' proj.component 'rubygem-semantic_puppet' @@ -81,7 +81,7 @@ end unless platform.is_aix? || platform.is_windows? - proj.component 'ruby-shadow' + proj.component 'ruby-shadow-patched' end # We only build ruby-selinux for EL, Fedora, Debian and Ubuntu (amd64/i386) diff --git a/configs/projects/openbolt-runtime.rb b/configs/projects/openbolt-runtime.rb index 450a822c..17b342db 100644 --- a/configs/projects/openbolt-runtime.rb +++ b/configs/projects/openbolt-runtime.rb @@ -175,6 +175,7 @@ proj.component 'rubygem-bindata' proj.component 'rubygem-builder' proj.component 'rubygem-CFPropertyList' + # needs to come before hiera-eyaml. Otherwise vanagon tries to install a deb/rpm called rubygem-base64 proj.component 'rubygem-base64' proj.component 'rubygem-rexml' proj.component 'rubygem-colored2' diff --git a/resources/patches/ruby_32/ruby-shadow-rbconfig.patch b/resources/patches/ruby_32/ruby-shadow-rbconfig.patch deleted file mode 100644 index 08c44732..00000000 --- a/resources/patches/ruby_32/ruby-shadow-rbconfig.patch +++ /dev/null @@ -1,28 +0,0 @@ -commit 737aefc9e2115d7f38faf44134cf5bb105cfbe33 -Author: Josh Cooper -Date: Tue Jan 10 15:03:41 2023 -0800 - - (maint) Update ruby-shadow for 3.2.0 - - See https://github.com/apalmblad/ruby-shadow/pull/27 - - See https://github.com/apalmblad/ruby-shadow/issues/30 - -diff --git a/extconf.rb b/extconf.rb -index ac54233..55dcff5 100644 ---- a/extconf.rb -+++ b/extconf.rb -@@ -10,11 +10,11 @@ require 'rbconfig' - $CFLAGS = case RUBY_VERSION - when /^1\.9/; '-DRUBY19' - when /^2\./; '-DRUBY19' -- when /^3\./; '-DRUBY19' -+ when /^3\./; RUBY_PLATFORM =~ /darwin/ ? '-DRUBY19 -fms-extensions' : '-DRUBY19' - else; '' - end - --implementation = case CONFIG['host_os'] -+implementation = case RbConfig::CONFIG['host_os'] - when /linux/i; 'shadow' - when /sunos|solaris/i; 'shadow' - when /freebsd|mirbsd|netbsd|openbsd/i; 'pwd' diff --git a/resources/patches/ruby_32/ruby-shadow-taint.patch b/resources/patches/ruby_32/ruby-shadow-taint.patch deleted file mode 100644 index 4c66e63f..00000000 --- a/resources/patches/ruby_32/ruby-shadow-taint.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 70330521b99e84c8f7445c213dfde0768f45a690 Mon Sep 17 00:00:00 2001 -From: Michael Hashizume -Date: Thu, 20 Oct 2022 13:28:09 -0700 -Subject: [PATCH] Removes taint checking functions - -Taint checking has been completely removed from Ruby as of Ruby -3.2.0. This commit removes taint checking functions from ruby- -shadow. - -See https://bugs.ruby-lang.org/issues/16131 ---- - pwd/shadow.c | 6 +++--- - shadow/shadow.c | 4 ++-- - 2 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/pwd/shadow.c b/pwd/shadow.c -index eeb96d4..46313d4 100644 ---- a/pwd/shadow.c -+++ b/pwd/shadow.c -@@ -56,8 +56,8 @@ static VALUE convert_pw_struct( struct passwd *entry ) - { - /* Hmm. Why custom pw_change instead of sp_lstchg? */ - return rb_struct_new(rb_sPasswdEntry, -- rb_tainted_str_new2(entry->pw_name), /* sp_namp */ -- rb_tainted_str_new2(entry->pw_passwd), /* sp_pwdp, encryped password */ -+ rb_str_new2(entry->pw_name), /* sp_namp */ -+ rb_str_new2(entry->pw_passwd), /* sp_pwdp, encryped password */ - Qnil, /* sp_lstchg, date when the password was last changed (in days since Jan 1, 1970) */ - Qnil, /* sp_min, days that password must stay same */ - Qnil, /* sp_max, days until password changes. */ -@@ -66,7 +66,7 @@ static VALUE convert_pw_struct( struct passwd *entry ) - INT2FIX(difftime(entry->pw_change, 0) / (24*60*60)), /* pw_change */ - INT2FIX(difftime(entry->pw_expire, 0) / (24*60*60)), /* sp_expire */ - Qnil, /* sp_flag */ -- rb_tainted_str_new2(entry->pw_class), /* sp_loginclass, user access class */ -+ rb_str_new2(entry->pw_class), /* sp_loginclass, user access class */ - NULL); - } - -diff --git a/shadow/shadow.c b/shadow/shadow.c -index 35a77a1..9a2ae70 100644 ---- a/shadow/shadow.c -+++ b/shadow/shadow.c -@@ -34,8 +34,8 @@ static VALUE rb_eFileLock; - static VALUE convert_pw_struct( struct spwd *entry ) - { - return rb_struct_new(rb_sPasswdEntry, -- rb_tainted_str_new2(entry->sp_namp), -- rb_tainted_str_new2(entry->sp_pwdp), -+ rb_str_new2(entry->sp_namp), -+ rb_str_new2(entry->sp_pwdp), - INT2FIX(entry->sp_lstchg), - INT2FIX(entry->sp_min), - INT2FIX(entry->sp_max),