class Chef::Provider::ZypperRepository

Public Instance Methods

escaped_repo_name() click to toggle source

zypper repos are allowed to have spaces in the names @return [String] escaped repo string

# File lib/chef/provider/zypper_repository.rb, line 70
def escaped_repo_name
  @escaped_repo_name ||= Shellwords.escape(new_resource.repo_name)
end
gpg_version() click to toggle source

the version of gpg installed on the system

@return [Gem::Version] the version of GPG

# File lib/chef/provider/zypper_repository.rb, line 112
def gpg_version
  so = shell_out!("gpg --version")
  # matches 2.0 and 2.2 versions from SLES 12 and 15: https://rubular.com/r/e6D0WfGK6SXvUp
  version = /gpg \(GnuPG\)\s*(.*)/.match(so.stdout)[1]
  logger.trace("GPG package version is #{version}")
  Gem::Version.new(version)
end
has_cookbook_file?(fn) click to toggle source

determine if a cookbook file is available in the run @param [String] fn the path to the template file

@return [Boolean] cookbook file exists or doesn’t

# File lib/chef/provider/zypper_repository.rb, line 86
def has_cookbook_file?(fn)
  run_context.has_cookbook_file_in_cookbook?(new_resource.cookbook, fn)
end
install_gpg_keys(uris) click to toggle source

install the provided gpg keys @param [String] uris the uri of the local or remote gpg key

# File lib/chef/provider/zypper_repository.rb, line 155
def install_gpg_keys(uris)
  if uris.empty?
    logger.debug("'gpgkey' property not provided or set. Skipping gpg key import.")
    return
  end

  # fetch each key to the cache dir either from the cookbook or by downloading it
  # and then import the key
  uris.each do |uri|
    cached_keyfile = ::File.join(Chef::Config[:file_cache_path], uri.split("/")[-1])

    declare_resource(key_type(uri), cached_keyfile) do
      source uri
      mode "0644"
      sensitive new_resource.sensitive
      action :create
    end

    execute "import gpg key from #{uri}" do
      command "/bin/rpm --import #{cached_keyfile}"
      not_if { key_installed?(cached_keyfile) }
      action :run
    end
  end
end
key_installed?(key_path) click to toggle source

is the provided key already installed @param [String] key_path the path to the key on the local filesystem

@return [boolean] is the key already known by rpm

# File lib/chef/provider/zypper_repository.rb, line 124
def key_installed?(key_path)
  so = shell_out("/bin/rpm -qa gpg-pubkey*")
  # expected output & match: http://rubular.com/r/RdF7EcXEtb
  status = /gpg-pubkey-#{short_key_id(key_path)}/.match(so.stdout)
  logger.trace("GPG key at #{key_path} is known by rpm? #{status ? "true" : "false"}")
  status
end
key_type(uri) click to toggle source

Given the provided key URI determine what kind of chef resource we need to fetch the key @param [String] uri the uri of the gpg key (local path or http URL)

@raise [Chef::Exceptions::FileNotFound] Key isn’t remote or found in the current run

@return [Symbol] :remote_file or :cookbook_file

# File lib/chef/provider/zypper_repository.rb, line 97
def key_type(uri)
  if uri.start_with?("http")
    logger.trace("Will use :remote_file resource to cache the gpg key locally")
    :remote_file
  elsif has_cookbook_file?(uri)
    logger.trace("Will use :cookbook_file resource to cache the gpg key locally")
    :cookbook_file
  else
    raise Chef::Exceptions::FileNotFound, "Cannot determine location of gpgkey. Must start with 'http' or be a file managed by #{ChefUtils::Dist::Infra::PRODUCT}."
  end
end
load_current_resource() click to toggle source
# File lib/chef/provider/zypper_repository.rb, line 30
def load_current_resource; end
short_key_id(key_path) click to toggle source

extract the gpg key’s short key id from a local file. Learning moment: This 8 hex value ID is sometimes incorrectly called the fingerprint. The fingerprint is the full length value and googling for that will just result in sad times.

@param [String] key_path the path to the key on the local filesystem

@return [String] the short key id of the key

# File lib/chef/provider/zypper_repository.rb, line 139
def short_key_id(key_path)
  if gpg_version >= Gem::Version.new("2.2") # SLES 15+
    so = shell_out!("gpg --import-options import-show --dry-run --import --with-colons #{key_path}")
    # expected output and match: https://rubular.com/r/uXWJo3yfkli1qA
    short_key_id = /fpr:*\h*(\h{8}):/.match(so.stdout)[1].downcase
  else # SLES 12 and earlier
    so = shell_out!("gpg --with-fingerprint #{key_path}")
    # expected output and match: http://rubular.com/r/BpfMjxySQM
    short_key_id = %r{pub\s*\S*/(\S*)}.match(so.stdout)[1].downcase
  end
  logger.trace("GPG short key ID of key at #{key_path} is #{short_key_id}")
  short_key_id
end
template_available?(path) click to toggle source

determine if a template file is available in the current run @param [String] path the path to the template file

@return [Boolean] template file exists or doesn’t

# File lib/chef/provider/zypper_repository.rb, line 78
def template_available?(path)
  !path.nil? && run_context.has_template_in_cookbook?(new_resource.cookbook, path)
end