Merge branch 'main' into patch-2

CHANGELOG.md

@@ -1,31 +1,36 @@
 <!-- usage documentation: https://expeditor.chef.io/docs/reference/changelog/ -->
-<!-- latest_release 24.4.1064 -->
-## [24.4.1064](https://github.com/chef/chef-workstation/tree/24.4.1064) (2024-04-23)
+<!-- latest_release 24.5.1065 -->
+## [24.5.1065](https://github.com/chef/chef-workstation/tree/24.5.1065) (2024-05-14)
 
 #### Merged Pull Requests
-- Updated the dependencies for the 24.04 release [#3222](https://github.com/chef/chef-workstation/pull/3222) ([ashiqueps](https://github.com/ashiqueps))
+- [CHEF-8498] Ruby implementation of c_rehash script  [#3234](https://github.com/chef/chef-workstation/pull/3234) ([ashiqueps](https://github.com/ashiqueps))
 <!-- latest_release -->
 
-<!-- release_rollup since=24.2.1058 -->
+<!-- release_rollup since=24.4.1064 -->
 ### Changes not yet released to stable
 
 #### Merged Pull Requests
-- Updated the dependencies for the 24.04 release [#3222](https://github.com/chef/chef-workstation/pull/3222) ([ashiqueps](https://github.com/ashiqueps)) <!-- 24.4.1064 -->
-- Modified the steps to install the FIPS provider for OpenSSL [#3203](https://github.com/chef/chef-workstation/pull/3203) ([ashiqueps](https://github.com/ashiqueps)) <!-- 24.4.1063 -->
-- Bump artifactory from 3.0.15 to 3.0.17 in /omnibus [#3211](https://github.com/chef/chef-workstation/pull/3211) ([dependabot[bot]](https://github.com/dependabot[bot])) <!-- 24.4.1062 -->
-- Bump omnibus-software from `9d0fd56` to `4ea194c` in /omnibus [#3219](https://github.com/chef/chef-workstation/pull/3219) ([dependabot[bot]](https://github.com/dependabot[bot])) <!-- 24.4.1061 -->
-- Update Netlify docs deploy method [#3217](https://github.com/chef/chef-workstation/pull/3217) ([IanMadd](https://github.com/IanMadd)) <!-- 24.4.1060 -->
-- Updated chef-client to 18.4.2 [#3205](https://github.com/chef/chef-workstation/pull/3205) ([nikhil2611](https://github.com/nikhil2611)) <!-- 24.4.1059 -->
+- [CHEF-8498] Ruby implementation of c_rehash script  [#3234](https://github.com/chef/chef-workstation/pull/3234) ([ashiqueps](https://github.com/ashiqueps)) <!-- 24.5.1065 -->
 <!-- release_rollup -->
 
 <!-- latest_stable_release -->
+## [24.4.1064](https://github.com/chef/chef-workstation/tree/24.4.1064) (2024-04-30)
+
+#### Merged Pull Requests
+- Updated chef-client to 18.4.2 [#3205](https://github.com/chef/chef-workstation/pull/3205) ([nikhil2611](https://github.com/nikhil2611))
+- Update Netlify docs deploy method [#3217](https://github.com/chef/chef-workstation/pull/3217) ([IanMadd](https://github.com/IanMadd))
+- Bump omnibus-software from `9d0fd56` to `4ea194c` in /omnibus [#3219](https://github.com/chef/chef-workstation/pull/3219) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Bump artifactory from 3.0.15 to 3.0.17 in /omnibus [#3211](https://github.com/chef/chef-workstation/pull/3211) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Modified the steps to install the FIPS provider for OpenSSL [#3203](https://github.com/chef/chef-workstation/pull/3203) ([ashiqueps](https://github.com/ashiqueps))
+- Updated the dependencies for the 24.04 release [#3222](https://github.com/chef/chef-workstation/pull/3222) ([ashiqueps](https://github.com/ashiqueps))
+<!-- latest_stable_release -->
+
 ## [24.2.1058](https://github.com/chef/chef-workstation/tree/24.2.1058) (2024-02-20)
 
 #### Merged Pull Requests
 - Bump omnibus-software from `d357d5c` to `86649fa` in /omnibus [#3196](https://github.com/chef/chef-workstation/pull/3196) ([dependabot[bot]](https://github.com/dependabot[bot]))
 - chef-Workstation 24.2 release [#3198](https://github.com/chef/chef-workstation/pull/3198) ([nikhil2611](https://github.com/nikhil2611))
 - Adding Amazon linux 2023 to the release pipeline [#3143](https://github.com/chef/chef-workstation/pull/3143) ([nikhil2611](https://github.com/nikhil2611))
-<!-- latest_stable_release -->
 
 ## [23.12.1055](https://github.com/chef/chef-workstation/tree/23.12.1055) (2023-12-07)
 

Dockerfile

@@ -2,7 +2,7 @@ FROM ubuntu:22.04
 LABEL maintainer="Chef Software, Inc. <[email protected]>"
 
 ARG CHANNEL=stable
-ARG VERSION=24.2.1058
+ARG VERSION=24.4.1064
 ENV DEBIAN_FRONTEND=noninteractive \
     GEM_HOME=/root/.chefdk/gem/ruby/3.0.0 \
     PATH=/opt/chef-workstation/bin:/opt/chef-workstation/embedded/bin:/root/.chefdk/gem/ruby/3.0.0/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

VERSION

@@ -1 +1 @@
-24.4.1064
+24.5.1065

components/rehash/c_rehash.rb

@@ -0,0 +1,211 @@
+#!/opt/chef-workstation/embedded/bin/ruby
+
+require "openssl"
+require "digest/md5"
+require "optparse"
+require "ostruct"
+
+class CHashDir
+  include Enumerable
+
+  def initialize(dirpath)
+    @dirpath = dirpath
+    @fingerprint_cache = @cert_cache = @crl_cache = nil
+  end
+
+  def hash_dir(silent = false)
+    # ToDo: Should lock the directory...
+    @silent = silent
+    @fingerprint_cache = {}
+    @cert_cache = {}
+    @crl_cache = {}
+    do_hash_dir
+  end
+
+  def get_certs(name = nil)
+    if name
+      @cert_cache[hash_name(name)]
+    else
+      @cert_cache.values.flatten
+    end
+  end
+
+  def get_crls(name = nil)
+    if name
+      @crl_cache[hash_name(name)]
+    else
+      @crl_cache.values.flatten
+    end
+  end
+
+  def delete_crl(crl)
+    File.unlink(crl_filename(crl))
+    hash_dir(true)
+  end
+
+  def add_crl(crl)
+    File.open(crl_filename(crl), "w") do |f|
+      f << crl.to_pem
+    end
+    hash_dir(true)
+  end
+
+  def load_pem_file(filepath)
+    str = File.read(filepath)
+    begin
+      OpenSSL::X509::Certificate.new(str)
+    rescue
+      begin
+        OpenSSL::X509::CRL.new(str)
+      rescue
+        begin
+          OpenSSL::X509::Request.new(str)
+        rescue
+          nil
+        end
+      end
+    end
+  end
+
+  private
+
+  def crl_filename(crl)
+    path(hash_name(crl.issuer)) + ".pem"
+  end
+
+  def do_hash_dir
+    Dir.chdir(@dirpath) do
+      delete_symlink
+      Dir.glob("*.pem") do |pemfile|
+        cert = load_pem_file(pemfile)
+        case cert
+        when OpenSSL::X509::Certificate
+          link_hash_cert(pemfile, cert)
+        when OpenSSL::X509::CRL
+          link_hash_crl(pemfile, cert)
+        else
+          STDERR.puts("WARNING: #{pemfile} does not contain a certificate or CRL: skipping") unless @silent
+        end
+      end
+    end
+  rescue Errno::ENOENT
+    STDERR.puts("Cannot chdir into #{@dirpath}")
+  end
+
+  def delete_symlink
+    Dir.entries(".").each do |entry|
+      next unless /^[\da-f]+\.r{0,1}\d+$/ =~ entry
+
+      File.unlink(entry) if FileTest.symlink?(entry)
+    end
+  end
+
+  def link_hash_cert(org_filename, cert)
+    name_hash = hash_name(cert.subject)
+    fingerprint = fingerprint(cert.to_der)
+    filepath = link_hash(org_filename, name_hash, fingerprint) { |idx|
+      "#{name_hash}.#{idx}"
+    }
+    unless filepath
+      unless @silent
+        STDERR.puts("WARNING: Skipping duplicate certificate #{org_filename}")
+      end
+    else
+      (@cert_cache[name_hash] ||= []) << path(filepath)
+    end
+  end
+
+  def link_hash_crl(org_filename, crl)
+    name_hash = hash_name(crl.issuer)
+    fingerprint = fingerprint(crl.to_der)
+    filepath = link_hash(org_filename, name_hash, fingerprint) { |idx|
+      "#{name_hash}.r#{idx}"
+    }
+    unless filepath
+      unless @silent
+        STDERR.puts("WARNING: Skipping duplicate CRL #{org_filename}")
+      end
+    else
+      (@crl_cache[name_hash] ||= []) << path(filepath)
+    end
+  end
+
+  def link_hash(org_filename, name, fingerprint)
+    idx = 0
+    filepath = nil
+    loop do
+      filepath = yield(idx)
+      break unless FileTest.symlink?(filepath) || FileTest.exist?(filepath)
+      if @fingerprint_cache[filepath] == fingerprint
+        return false
+      end
+
+      idx += 1
+    end
+    STDOUT.puts("#{org_filename} => #{filepath}") unless @silent
+    symlink(org_filename, filepath)
+    @fingerprint_cache[filepath] = fingerprint
+    filepath
+  end
+
+  def symlink(from, to)
+    File.symlink(from, to)
+  rescue
+    File.open(to, "w") do |f|
+      f << File.read(from)
+    end
+  end
+
+  def path(filename)
+    File.join(@dirpath, filename)
+  end
+
+  def hash_name(name)
+    sprintf("%x", name.hash)
+  end
+
+  def fingerprint(der)
+    Digest::MD5.hexdigest(der).upcase
+  end
+end
+
+options = OpenStruct.new
+options.help = false
+options.dirs = []
+
+opt_parser = OptionParser.new do |opts|
+  opts.banner = "Usage: #{File.basename($PROGRAM_NAME)} [options] [dir1 dir2 ...]"
+
+  opts.on("-h", "--help", "Show this help message") do
+    options.help = true
+  end
+
+  opts.on("-d", "--dirs DIRS", Array, "List of directories") do |dirs|
+    options.dirs += dirs
+  end
+end
+
+def parse_args!(opt_parser, options)
+  begin
+    opt_parser.parse!
+  rescue OptionParser::InvalidOption, OptionParser::MissingArgument
+    puts $!.to_s
+    puts
+    puts opt_parser
+    exit
+  end
+
+  if options.help || options.dirs.empty?
+    puts opt_parser
+    exit
+  end
+end
+
+if $0 == __FILE__
+  parse_args!(opt_parser, options)
+
+  dirlist = options.dirs
+  dirlist.each do |dir|
+    CHashDir.new(dir).hash_dir
+  end
+end

omnibus/config/projects/chef-workstation.rb

@@ -59,6 +59,8 @@
   dependency "git-custom-bindir"
 end
 
+dependency "c_rehash_ruby" unless windows?
+
 # This internal component (source in components/gems)
 # builds all gems that we ship with Workstation.
 # No gems get shipped that are not declared in components/gems/Gemfile

omnibus/config/software/c_rehash_ruby.rb

@@ -0,0 +1,29 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name "c_rehash_ruby"
+default_version "main"
+license "Apache-2.0"
+license_file "LICENSE"
+
+source path: File.join("#{project.files_path}", "../../components/rehash")
+
+build do
+  # Copy the file from the source to the bin directory
+  copy "#{project_dir}/c_rehash.rb", "#{install_dir}/embedded/bin/c_rehash_ruby"
+  # Set the executable permission for the script
+  command("chmod +x #{install_dir}/embedded/bin/c_rehash_ruby")
+end

omnibus/config/software/chef-workstation-app.rb

@@ -22,8 +22,8 @@
 
 # These three lines are updated automatically by Expeditor
 default_version "0.2.191"
-source sha1: "bffbd043df0cf99fa68457802f70aa481dd23e50" if windows?
-source sha1: "7b1ccd580b27d87dd99e688758b0c2137270c0f0" if linux?
+source sha1: "626695935f339114adfdfe29ac4b68f4088096f7" if windows?
+source sha1: "a13ba6239fbc839daeb5a6800bac87bcb74c257f" if linux?
 
 platform_name = if macos?
                   if arm?