From 0afae65fbcb272c47dc015f4b1f56b760f941c6a Mon Sep 17 00:00:00 2001
From: donoghuc <cas.donoghue@gmail.com>
Date: Thu, 20 Jul 2023 10:52:04 -0700
Subject: [PATCH 1/2] (PE-36344) Stop using fork of ntlm gem

We are now shipping openssl runtimes with the required crypto algorithms. This commit stops using the ntlm fork that provided a ruby implementation for the crypto algs.
---
 configs/components/rubygem-rubyntlm-fork.rb   | 20 -------------------
 configs/projects/_shared-pe-bolt-server.rb    |  1 +
 .../_shared-pe-bolt-server_with_ruby.rb       |  1 +
 .../pe-bolt-server-runtime-2021.7.x.rb        |  2 --
 .../projects/pe-bolt-server-runtime-main.rb   |  3 ---
 5 files changed, 2 insertions(+), 25 deletions(-)
 delete mode 100644 configs/components/rubygem-rubyntlm-fork.rb

diff --git a/configs/components/rubygem-rubyntlm-fork.rb b/configs/components/rubygem-rubyntlm-fork.rb
deleted file mode 100644
index 5c172045e..000000000
--- a/configs/components/rubygem-rubyntlm-fork.rb
+++ /dev/null
@@ -1,20 +0,0 @@
-component 'rubygem-rubyntlm-fork' do |pkg, settings, platform|
-    #until we solve https://tickets.puppetlabs.com/browse/PE-36078 ship this fork of ruby-ntlm
-    
-    # This is only needed when building the gem ourselves, as the
-    # gemspec file calls out to git for one of its values.
-    pkg.build_requires 'git'
-    pkg.environment "GEM_HOME", settings[:gem_home]
-    pkg.environment "GEM_PATH", settings[:gem_home]
-    pkg.url("https://github.com/nmburgan/rubyntlm.git")
-    pkg.ref("openssl-3-legacy")
-    pkg.build do
-      ["#{settings[:gem_build]} rubyntlm.gemspec"]
-    end
-  
-    pkg.install do
-      [
-      "#{settings[:gem_install]} rubyntlm-*.gem",
-      ]
-    end
-  end
\ No newline at end of file
diff --git a/configs/projects/_shared-pe-bolt-server.rb b/configs/projects/_shared-pe-bolt-server.rb
index 8b12bf763..844fd5f18 100644
--- a/configs/projects/_shared-pe-bolt-server.rb
+++ b/configs/projects/_shared-pe-bolt-server.rb
@@ -140,6 +140,7 @@
 proj.component('rubygem-net-scp')
 proj.component('rubygem-net-ssh')
 proj.component('rubygem-net-ssh-krb')
+proj.component('rubygem-rubyntlm')
 proj.component('rubygem-nori')
 proj.component('rubygem-orchestrator_client')
 proj.component('rubygem-public_suffix')
diff --git a/configs/projects/_shared-pe-bolt-server_with_ruby.rb b/configs/projects/_shared-pe-bolt-server_with_ruby.rb
index b0dd55ca2..a471eec39 100644
--- a/configs/projects/_shared-pe-bolt-server_with_ruby.rb
+++ b/configs/projects/_shared-pe-bolt-server_with_ruby.rb
@@ -176,6 +176,7 @@
 proj.component('rubygem-net-ssh')
 proj.component('rubygem-net-ssh-krb')
 proj.component('rubygem-nori')
+proj.component('rubygem-rubyntlm')
 proj.component('rubygem-orchestrator_client')
 proj.component('rubygem-public_suffix')
 proj.component('rubygem-paint')
diff --git a/configs/projects/pe-bolt-server-runtime-2021.7.x.rb b/configs/projects/pe-bolt-server-runtime-2021.7.x.rb
index 9a8c9b011..9f1cddb9e 100644
--- a/configs/projects/pe-bolt-server-runtime-2021.7.x.rb
+++ b/configs/projects/pe-bolt-server-runtime-2021.7.x.rb
@@ -8,7 +8,5 @@
   proj.setting(:no_doc, true)
 
   instance_eval File.read(File.join(File.dirname(__FILE__), '_shared-pe-bolt-server.rb'))
-  # TODO: Move ntml back to shared runtime when PE-36078 is done
-  proj.component('rubygem-rubyntlm')
   proj.component 'rubygem-prime'
 end
diff --git a/configs/projects/pe-bolt-server-runtime-main.rb b/configs/projects/pe-bolt-server-runtime-main.rb
index c1fdf853d..50df8a280 100644
--- a/configs/projects/pe-bolt-server-runtime-main.rb
+++ b/configs/projects/pe-bolt-server-runtime-main.rb
@@ -11,9 +11,6 @@
   proj.setting(:openssl_version, '3.0')
 
   instance_eval File.read(File.join(File.dirname(__FILE__), '_shared-pe-bolt-server_with_ruby.rb'))
-
-  # TODO: Work around PE-36078 by using forked non-optimal solution
-  proj.component('rubygem-rubyntlm-fork')
   proj.component 'rubygem-prime'
   proj.component 'rubygem-rexml'
 end

From 7bff91ec4500a2bae6ae85d288def4088cc146da Mon Sep 17 00:00:00 2001
From: donoghuc <cas.donoghue@gmail.com>
Date: Thu, 20 Jul 2023 11:28:59 -0700
Subject: [PATCH 2/2] (PE-36344) Enable legacy algorithms for winrm

---
 configs/projects/pe-installer-runtime-main.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/configs/projects/pe-installer-runtime-main.rb b/configs/projects/pe-installer-runtime-main.rb
index 9d0f4f45f..a62cdcee1 100644
--- a/configs/projects/pe-installer-runtime-main.rb
+++ b/configs/projects/pe-installer-runtime-main.rb
@@ -36,6 +36,8 @@
   ruby_base_version = proj.ruby_version.gsub(/(\d+)\.(\d+)\.(\d+)/, '\1.\2.0')
   proj.setting(:gem_home, File.join(proj.libdir, 'ruby', 'gems', ruby_base_version))
   proj.setting(:gem_install, "#{proj.host_gem} install --no-document --local --bindir=#{proj.ruby_bindir}")
+  # Enable legacy openssl agls for wirnm
+  proj.setting(:use_legacy_openssl_algos, true)
 
   proj.setting(:artifactory_url, "https://artifactory.delivery.puppetlabs.net/artifactory")
   proj.setting(:buildsources_url, "#{proj.artifactory_url}/generic/buildsources")