Merge pull request #13178 from chrisroberts/ssl-provider-load

Add helper for loading OpenSSL providers
2023-06-01 12:52:22 -07:00 · 2023-06-01 12:52:22 -07:00 · 30d215edc4
commit 30d215edc4
parent 5900771a88 f14883dc89
7 changed files with 94 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -73,3 +73,7 @@ __debug_bin

 # Ignore generated binaries
 bin/vagrant-go*
+
+# extension
+tmp*
+lib/vagrant/vagrant_ssl.so
--- a/5
+++ b/5
@ -1,11 +1,16 @@
 require 'rubygems'
 require 'bundler/setup'
+require "rake/extensiontask"

 # Immediately sync all stdout so that tools like buildbot can
 # immediately load in the output.
 $stdout.sync = true
 $stderr.sync = true

+Rake::ExtensionTask.new "vagrant_ssl" do |ext|
+  ext.lib_dir = "lib/vagrant"
+end
+
 # Load all the rake tasks from the "tasks" folder. This folder
 # allows us to nicely separate rake tasks into individual files
 # based on their role, which makes development and debugging easier
--- a/ext/vagrant_ssl/extconf.rb
+++ b/ext/vagrant_ssl/extconf.rb
@ -0,0 +1,21 @@
+#!/usr/bin/env ruby
+
+require "mkmf"
+require "shellwords"
+
+# If extra flags are included via the environment, append them
+append_cflags(Shellwords.shellwords(ENV["CFLAGS"])) if ENV["CFLAGS"]
+append_cppflags(Shellwords.shellwords(ENV["CPPFLAGS"])) if ENV["CPPFLAGS"]
+append_ldflags(Shellwords.shellwords(ENV["LDFLAGS"])) if ENV["LDFLAGS"]
+
+if have_header("openssl/opensslv.h")
+  append_ldflags(["-lssl", "-lcrypto"])
+  create_makefile("vagrant_ssl")
+else
+  # If the header file isn't found, just create a dummy
+  # Makefile and stub the library to make it a noop
+  File.open("Makefile", "wb") do |f|
+    f.write(dummy_makefile(__dir__).join("\n"))
+  end
+  FileUtils.touch("vagrant_ssl.so")
+end
--- a/ext/vagrant_ssl/vagrant_ssl.c
+++ b/ext/vagrant_ssl/vagrant_ssl.c
@ -0,0 +1,32 @@
+#include "vagrant_ssl.h"
+
+#if defined(_VAGRANT_SSL_PROVIDER_)
+
+static VALUE vagrant_ssl_load(VALUE self) {
+  OSSL_PROVIDER *legacy;
+  OSSL_PROVIDER *deflt;
+
+  legacy = OSSL_PROVIDER_load(NULL, "legacy");
+  if(legacy == NULL) {
+    rb_raise(rb_eStandardError, "Failed to load OpenSSL legacy provider");
+    return self;
+  }
+
+  deflt = OSSL_PROVIDER_load(NULL, "default");
+  if(deflt == NULL) {
+    rb_raise(rb_eStandardError, "Failed to load OpenSSL default provider");
+    return self;
+  }
+}
+
+void Init_vagrant_ssl(void) {
+  VALUE vagrant;
+  vagrant = rb_define_module("Vagrant");
+  rb_define_singleton_method(vagrant, "vagrant_ssl_load", vagrant_ssl_load, 0);
+}
+
+#else
+
+void Init_vagrant_ssl(void) {}
+
+#endif
--- a/ext/vagrant_ssl/vagrant_ssl.h
+++ b/ext/vagrant_ssl/vagrant_ssl.h
@ -0,0 +1,14 @@
+#if !defined(_VAGRANT_SSL_H_)
+#define _VAGRANT_SSL_H_
+
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER >= (3 << 28)
+#define _VAGRANT_SSL_PROVIDER_
+
+#include <ruby.h>
+#include <openssl/provider.h>
+#endif
+
+void Init_vagrant_ssl(void);
+
+#endif
--- a/lib/vagrant.rb
+++ b/lib/vagrant.rb
@ -121,6 +121,22 @@ ENV.each do |k, v|
  global_logger.info("#{k}=#{v.inspect}") if k.start_with?("VAGRANT_")
 end

+# If the vagrant_ssl library exists, a recent version
+# of openssl is in use and its needed to load all the
+# providers needed
+if File.exist?(File.expand_path("vagrant/vagrant_ssl.so", __dir__))
+  global_logger.debug("vagrant ssl helper found for loading ssl providers")
+  begin
+    require "vagrant/vagrant_ssl"
+    Vagrant.vagrant_ssl_load
+    global_logger.debug("ssl providers successfully loaded")
+  rescue LoadError => err
+    global_logger.warn("failed to load ssl providers, attempting to continue (#{err})")
+  rescue => err
+    global_logger.warn("unexpected failure loading ssl providers, attempting to continue (#{err})")
+  end
+end
+
 # We need these components always so instead of an autoload we
 # just require them explicitly here.
 require "vagrant/plugin"
--- a/vagrant.gemspec
+++ b/vagrant.gemspec
@ -49,6 +49,7 @@ Gem::Specification.new do |s|
  # Constraint rake to properly handle deprecated method usage
  # from within rspec
  s.add_development_dependency "rake", "~> 13.0"
+  s.add_development_dependency "rake-compiler"
  s.add_development_dependency "rspec", "~> 3.11"
  s.add_development_dependency "rspec-its", "~> 1.3.0"
  s.add_development_dependency "fake_ftp", "~> 0.3.0"
@ -104,5 +105,6 @@ Gem::Specification.new do |s|

  s.files         = unignored_files
  s.executables   = unignored_files.map { |f| f[/^bin\/(.*)/, 1] }.compact
+  s.extensions    = ["ext/vagrant_ssl/extconf.rb"]
  s.require_path  = 'lib'
 end