From 0fa2a0334a0a54c0cd3a64d4f0b904765402e7aa Mon Sep 17 00:00:00 2001 From: Josh Cooper Date: Tue, 6 Aug 2024 23:45:55 -0700 Subject: [PATCH] (PA-6885) Add DigiCert Global Root CA G2 for puppetlabs.net rubygems commands started failing on Windows due to a recent infrastructure change, because ruby does not integrate with the Windows trust store. Add the DigiCert cert as we've done in the past. $ openssl x509 -in resources/files/rubygems/DigiCertGlobalRootG2.pem -fingerprint -sha256 -noout SHA256 Fingerprint=CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F --- configs/components/ruby-2.7.8.rb | 3 +++ configs/components/ruby-3.2.5.rb | 3 +++ .../files/rubygems/DigiCertGlobalRootG2.pem | 22 +++++++++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 resources/files/rubygems/DigiCertGlobalRootG2.pem diff --git a/configs/components/ruby-2.7.8.rb b/configs/components/ruby-2.7.8.rb index 6e1aff2eb..5346e3988 100644 --- a/configs/components/ruby-2.7.8.rb +++ b/configs/components/ruby-2.7.8.rb @@ -260,6 +260,9 @@ pkg.add_source('file://resources/files/rubygems/GlobalSignRootCA_R3.pem') pkg.install_file '../GlobalSignRootCA_R3.pem', File.join(certs_dir, 'GlobalSignRootCA_R3.pem') + pkg.add_source('file://resources/files/rubygems/DigiCertGlobalRootG2.pem') + pkg.install_file '../DigiCertGlobalRootG2.pem', File.join(certs_dir, 'DigiCertGlobalRootG2.pem') + if rbconfig_changes.any? pkg.install do [ diff --git a/configs/components/ruby-3.2.5.rb b/configs/components/ruby-3.2.5.rb index bb680327c..2ddfd6dfa 100644 --- a/configs/components/ruby-3.2.5.rb +++ b/configs/components/ruby-3.2.5.rb @@ -291,6 +291,9 @@ pkg.add_source('file://resources/files/rubygems/GlobalSignRootCA_R3.pem') pkg.install_file '../GlobalSignRootCA_R3.pem', File.join(certs_dir, 'GlobalSignRootCA_R3.pem') + pkg.add_source('file://resources/files/rubygems/DigiCertGlobalRootG2.pem') + pkg.install_file '../DigiCertGlobalRootG2.pem', File.join(certs_dir, 'DigiCertGlobalRootG2.pem') + if rbconfig_changes.any? pkg.install do [ diff --git a/resources/files/rubygems/DigiCertGlobalRootG2.pem b/resources/files/rubygems/DigiCertGlobalRootG2.pem new file mode 100644 index 000000000..798e00275 --- /dev/null +++ b/resources/files/rubygems/DigiCertGlobalRootG2.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH +MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI +2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx +1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ +q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz +tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ +vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV +5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY +1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 +NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG +Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 +8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe +pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl +MrY= +-----END CERTIFICATE-----