Set flag on RSA keys of deprecated RSA SHA1 support when loading
keys based on server version of the transport. This ensures keys
are properly flagged. Flag name has been updated to provide context
on usage.
Version matching on the OpenSSH server version has also been updated
to handle customized naming in the version string (as seen in the
Windows port) and to properly handle when no match is found.
Fixes#12344#12408#12381
Keep the constraint on net-ssh tight so we can be confident that the
patching will be successful and that a net-ssh release won't inadvertently
cause our local updates to become non-functional.
Fix patch to only update the behavior for RSA based keys when the server
is recent enough to include the signature changes
Modifies `OpenSSL::PKey::RSA` to provide a `#signature_algorithm`
method which provides the signature algorithm value expected by
OpenSSH. The `#ssh_do_sign` method is updated to use the set
algorithm (SHA256) and `#to_blob` is updated to include the
signature algorithm instead of the key type.
Parts of the stdlib which have been externalized but are still
included within Ruby introduce issues when pinning Vagrant's
dependencies to resolve plugin installs. When determining
Vagrant's dependency list prior to solution generation, check
the specification and ignore any default gems to prevent
pinning versions that are not actual dependencies.
When uploading box file, check if the size is greater than
5GB. If the size is larger and the direct to storage option
is enabled, disable the option due to current 5GB restriction
on direct uploads.
This also checks if the redirect notification has been displayed
before inspecting the source and location to prevent repeat checks
after the notification has been sent.
This sets the `authenticate_box_url` hook as deprecated and also
disables the cloud auth middleware from adding an access token
as a URL parameter by default. An environment variable has been
added which can be used for re-enabling the access token URL
parameter behavior if required for some legacy system which does
not support the authorization header.
When starting up, and before any loading, find our current
specification and activate all the internal dependencies
while also collecting the activated specifications. Store
these for later use when doing plugin resolutions. We bypass
the builtin list when running in bundler since they will
still show up as not activated, but we use the entire list
regardless.
Inspect the error message received when failing to install a
plugin. If it's something we can determine the cause, send
back a cleaner error message to the user on how to resolve.
To prevent resolution issues with the introduction
of a prerelease constraint, update the net-ssh constraint
to be a minimum at the latest release. Include monkey
patches to include support for wanted host key algos.
The monkey patches are only applied to the latest
net-ssh currently and will be ignored once the current
prerelease has been fully released.
Maintain the solution file persisting dependency information on
disk but update the runtime representation to
Gem::Resolver::DependencyRequest instances which are expected
by the sets when locating matches.
Properly abide by prerelease setting in customized sets and
force prerelease matching when in the builtin set. If a request
is matched on a prerelease, and the request itself is not set
to allow prereleases, update it to ensure successful resolution.
The raw action name tracking should be sufficient for preventing
multi-insertions where only a single modification should occur.
With action name, hooks _should_ be able to be applied in multiple
builder stacks as they are expanding.
Fixes#12035
The raw actions are used for applying the original trigger behavior
which can insert before and/or after the entire set of actions. When
processing the stack items, mark when the raw action has been applied
to prevent it from being applied again. Triggers around the raw actions
should only ever be applied _once_.
Fixes#12034
When initializing for internal plugin resolution inspect contraints
on all defined dependencies. If a prerelease constraint is detected,
automatically enable prerelease resolution.
When expanding stack track the origin action name and only apply
it once the stack has completed its expansion. The local env data
is marked with origin action to prevent it from being applied in
nested builders as they are expanded. The value of the stored action
name is checked and invalidated if another action is applied to the
same env in the future so hooks / triggers for that action are
applied as expected.
This PR is dependent on the 2.1.0 release of the vagrant_cloud
library. It updates the `cloud` command to use the new interface
for interacting with the Vagrant Cloud API. It also adds support
for direct to backend storage uploads, and defaults to this
method.
Also included is a bit of cleanup refactoring, addition of method
documentation, and fixing up some small issues around custom username
usage within the internal client for authentication.
