When the reported architecture is unknown and the provider is listed as
the default architecture, add the box without architecture information
so it is installed without architecture information on the path within
the collection.
With the initial layout of `provider/architecture`, after installing a
box with architecture support downgrading Vagrant would result in it
being unable to process the box collection. Swapping the layout to be
`architecture/provider` allows downgrades to still properly process the
box collection.
When expanding the box url, prefer the API endpoint which is updated to
include provider architecture information. Test the API endpoint and the
legacy endpoint and use which ever is valid, with the API taking
precedence. This allows Vagrant to continue with non Vagrant Cloud
servers that do not implement the API endpoint.
When performing a request via curl on Windows using schannel, ssl
certificate revocation checks does not handle verification failures
gracefully when an error is encountered that is unrelated to the actual
revocation of a certificate.
A new option is available to perform best effort revocation checks on
curl, so this is enabled by default on the Windows platform. A new
config option (`box_download_disable_ssl_revoke_best_effort`) has also
been added which can be optionally enabled to restore previous behavior
which results in a hard error if any error is encountered.
Passwords are (and should) never stored be as part of folder data.
I think there is also a case to be made about desensitizes
information here can lead to leaking of credentials. For example if
an exported folder is named "vagrant" and the users password is
"vagrant", the synced_folder cache will show "****" in place of the
folder name, indicating that it is also password.
This includes updates for resolving all warnings provided by Ruby
for deprecations and/or removed methods. It also enables support
for Ruby 2.7 in the specification constraint as all 2.7 related
warnings are resolved with this changeset.
