rpms / vagrant

Clone
Source Code
GIT

#31 Enable rubygem-ed25519 by default.
Merged a year ago by jackorp. Opened a year ago by jackorp.
rpms/ jackorp/vagrant ed25519  into  rawhide

file modified
+15 -6 
@@ -3,11 +3,11 @@ 
 

  %global vagrant_spec_commit 03d88fe2467716b072951c2b55d78223130851a6
 

  

  %bcond_without help2man
 

- %bcond_with ed25519
 

+ %bcond_without ed25519
 

  

  Name: vagrant
 

  Version: 2.2.19
 

- Release: 7%{?dist}
 

+ Release: 8%{?dist}
 

  Summary: Build and distribute virtualized development environments
 

  License: MIT
 

  URL: http://vagrantup.com
 
@@ -67,14 +67,16 @@ 
 

  Requires: %{_bindir}/ps
 

  

  Recommends: vagrant(vagrant-libvirt)
 

- Recommends: rubygem(bcrypt_pbkdf)
 

  Recommends: (podman-docker if podman)
 

  

  %if %{with ed25519}
 

  Requires: rubygem(ed25519)
 

+ Requires: rubygem(bcrypt_pbkdf)
 

  BuildRequires: rubygem(ed25519)
 

+ BuildRequires: rubygem(bcrypt_pbkdf)
 

  %else
 

  Recommends: rubygem(ed25519)
 

+ Recommends: rubygem(bcrypt_pbkdf)
 

  %endif
 

  

  BuildRequires: bsdtar
 
@@ -179,9 +181,6 @@ 
 

  %gemspec_remove_dep -s %{name}.gemspec -g net-ssh
 

  %gemspec_add_dep -s %{name}.gemspec -g net-ssh ['>= 5.2.0', '< 7']
 

  

- # Remove optional dependencies
 

- %gemspec_remove_dep -s %{name}.gemspec -g bcrypt_pbkdf
 

- 

  # Load missing dependency Vagrant::Util::MapCommandOptions
 

  # https://github.com/hashicorp/vagrant/pull/11609
 

  sed -i '/^\s*require..vagrant.util.experimental.\s*$/ a\require "vagrant/util/map_command_options"' \
 
@@ -192,10 +191,16 @@ 
 

    lib/vagrant/patches/net-ssh.rb
 

  

  %if %{without ed25519}
 

+ # Remove optional dependencies
 

+ %gemspec_remove_dep -s %{name}.gemspec -g bcrypt_pbkdf
 

+ 

  %gemspec_remove_dep -s %{name}.gemspec -g ed25519
 

  # Disable patch for ed25519
 

  sed -i '/^  require .net\/ssh\/authentication\/ed25519.$/,/^  end$/ s/^/#/' \
 

    lib/vagrant/patches/net-ssh.rb
 

+ %else
 

+ %gemspec_remove_dep -s %{name}.gemspec -g ed25519
 

+ %gemspec_add_dep -s %{name}.gemspec -g ed25519 ['>= 1.2.4', '< 1.4']
 

  %endif
 

  

  %build
 
@@ -512,6 +517,10 @@ 
 

  %{vagrant_plugin_instdir}/vagrant-spec.config.example.rb
 

  

  %changelog
 

+ * Mon Jan 09 2023 Jarek Prokop <jprokop@redhat.com> - 2.2.19-8
 

+ - Enable rubygem-ed25519 requires.
 

+   Resolves: rhbz#1962869
 

+ 

  * Fri Jan  6 2023 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.2.19-7
 

  - Replace regex match patch with the one by the upstream

The gem is now available in Fedora.

Group the bcrypt_pbkdf with ed25519
as the net-ssh's ed25519 implementation depends on that gem.

Resolves: rhbz#1962869

Tested manually, vagrant works as expected and allows ed25519 to connect to a custom vagrant box that uses such key for SSH.

rebased onto ee6b4276f64ee4322fe53219f172dc6fd0d8304e
a year ago

rebased onto c77f85086a106fea4e57b1102011edeba3f7ef4e
a year ago

rebased onto fb5d878
a year ago

Pull-Request has been merged by jackorp
a year ago

Sorry for replying lately. Just for record. I have some questions. The PR's purpose is that as the rubygem-ed25519 RPM is not available now, you added the gem's dependency right? 

- %bcond_with ed25519
+ %bcond_without ed25519

Tested manually, vagrant works as expected and allows ed25519 to connect to a custom vagrant box that uses such key for SSH.

So, it seems the feature with ed25519 is to enable vagrant to connect for SSH via ed25519 encrypted SSH keys?

Sorry for replying lately. Just for record. I have some questions. The PR's purpose is that as the rubygem-ed25519 RPM is not available now, you added the gem's dependency right?

The purpose is to install vagrant with rubygem-ed25519 by default as the required package was added into rawhide. There was a requirement from a Fedora user some time ago, see the attached Bugzilla issue. Since then, there was an ongoing effort for this enablement.

So far there was only a weak dependency on the gem in vagrant. This PR made this a "Require" dependency for Rawhide and forward as I feel it makes more sense to have it available in a default vagrant installation for the feature to be useful. Note that the overall picture of internal workings is a bit more complicated.

The net-ssh ruby gem is actually the place where the ed25519 gem is required and used for runtime. I have chosen to add only a "Recommends: rubygem(ed25519)" on the rubygem-net-ssh as the net-ssh gem works fine with the set of ciphers provided by default by rubygem-openssl.

So, it seems the feature with ed25519 is to enable vagrant to connect for SSH via ed25519 encrypted SSH keys?

Yes, namely it enables the ssh-ed25519. https://github.com/net-ssh/net-ssh#host-keys

To use it you provision a vagrant box with the ed25519 keys for SSH access. Then you can package that image into a new vagrant box and distribute it. Without rubygem-ed25519 available, vagrant fails on interactions with the box as it uses net-ssh under the hood for actions such as provisioning or the vagrant ssh command.

I plan to add a test that deals with ed25519 keys to the repository currently taken as a source for CI tests in vagrant PR#30. It will take some time before I get to that point, so contributions are welcome.

Thanks for the detailed explanation!

The purpose is to install vagrant with rubygem-ed25519 by default as the required package was added into rawhide. There was a requirement from a Fedora user some time ago, see the attached Bugzilla issue. Since then, there was an ongoing effort for this enablement.

OK. it was from the user's request: https://bugzilla.redhat.com/show_bug.cgi?id=1962869 . I should check it first.

So far there was only a weak dependency on the gem in vagrant. This PR made this a "Require" dependency for Rawhide and forward as I feel it makes more sense to have it available in a default vagrant installation for the feature to be useful. Note that the overall picture of internal workings is a bit more complicated.

The net-ssh ruby gem is actually the place where the ed25519 gem is required and used for runtime. I have chosen to add only a "Recommends: rubygem(ed25519)" on the rubygem-net-ssh as the net-ssh gem works fine with the set of ciphers provided by default by rubygem-openssl.

OK. I got it.

Yes, namely it enables the ssh-ed25519. https://github.com/net-ssh/net-ssh#host-keys

To use it you provision a vagrant box with the ed25519 keys for SSH access. Then you can package that image into a new vagrant box and distribute it. Without rubygem-ed25519 available, vagrant fails on interactions with the box as it uses net-ssh under the hood for actions such as provisioning or the vagrant ssh command.

OK. The vagrant's ssh-ed25519 feature requires ed25519 gem.

I plan to add a test that deals with ed25519 keys to the repository currently taken as a source for CI tests in vagrant PR#30. It will take some time before I get to that point, so contributions are welcome.

OK. That's nice to have the test case on the CI.
Thanks!
Metadata
None
No Tags
Changes Summary 1
+15 -6
file changed
vagrant.spec
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.