Skip to content

Commit

Permalink
Bump openssl gem to 3.2.0 for FIPS compatibility
Browse files Browse the repository at this point in the history
openssl 3.2.0 gem implements features necessary for running
OpenSSL-related code in Ruby in a FIPS environment. We've added this as
a minimum requirement for each gem that makes up the overall BOSH
Director code.

It should be possible to remove this requirement once we upgrade to Ruby
3.3, which ships with openssl 3.2.0 gem as a standard gem.

[#186608849] Add FIPS stemcell validation for BOSH director

Signed-off-by: Chris Selzo <cselzo@vmware.com>
  • Loading branch information
ystros authored and jpalermo committed Jan 11, 2024
1 parent a6a9e1c commit dcb90ac
Show file tree
Hide file tree
Showing 10 changed files with 24 additions and 2 deletions.
7 changes: 6 additions & 1 deletion src/Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@ gem 'bosh_common', path: 'bosh_common'

gem 'rake', '~>13.0.3'

# Bumping to openssl 3.2.0 while we are still on Ruby 3.2. This version
# implements features necessary to support running on a FIPS stemcell.
# If this is modified, it will need to be modified in the gemspecs for each
# gem.
gem 'openssl', '>=3.2.0'

# json version is hardcoded in release director and health_monitor
# when modified needs to be updated there as well
gem 'json', '2.6.3'
Expand Down Expand Up @@ -65,7 +71,6 @@ group :development, :test do

# for root level specs
gem 'nats-pure', '~>2.3'
gem 'openssl'
gem 'rest-client'

gem 'blue-shell'
Expand Down
10 changes: 9 additions & 1 deletion src/Gemfile.lock
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ PATH
remote: bosh-core
specs:
bosh-core (0.0.0)
openssl (>= 3.2.0)

PATH
remote: bosh-dev
Expand All @@ -26,13 +27,15 @@ PATH
bosh_common
bundler
logging
openssl (>= 3.2.0)

PATH
remote: bosh-director-core
specs:
bosh-director-core (0.0.0)
bosh-template (~> 0.0.0)
bosh_common (~> 0.0.0)
openssl (>= 3.2.0)

PATH
remote: bosh-director
Expand All @@ -51,6 +54,7 @@ PATH
membrane (~> 1.1.0)
nats-pure
netaddr (~> 1.5.3.dev.1)
openssl (>= 3.2.0)
prometheus-client (~> 2.1.0)
puma
rack-test
Expand All @@ -76,6 +80,7 @@ PATH
httpclient (~> 2.8.3)
logging (~> 2.2.2)
nats-pure
openssl (>= 3.2.0)
riemann-client (~> 0.2.6)
sinatra (~> 2.2.0)
thin
Expand All @@ -89,6 +94,7 @@ PATH
eventmachine (~> 1.3.0.dev.1)
logging (~> 2.2.2)
nats-pure
openssl (>= 3.2.0)
rest-client
sinatra (~> 2.2.0)
thin
Expand All @@ -98,13 +104,15 @@ PATH
specs:
bosh-template (0.0.0)
activesupport
openssl (>= 3.2.0)
semi_semantic (~> 1.2.0)

PATH
remote: bosh_common
specs:
bosh_common (0.0.0)
logging (~> 2.2.2)
openssl (>= 3.2.0)
semi_semantic (~> 1.2.0)

GEM
Expand Down Expand Up @@ -359,7 +367,7 @@ DEPENDENCIES
nats-pure (~> 2.3)
net-ssh
netaddr (~> 1.5.3.dev.1)!
openssl
openssl (>= 3.2.0)
parallel_tests (~> 2.0)
pg
pry-byebug
Expand Down
2 changes: 2 additions & 0 deletions src/bosh-core/bosh-core.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,6 @@ Gem::Specification.new do |spec|
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
spec.require_paths = %w[lib]

spec.add_dependency 'openssl', '>=3.2.0'
end
1 change: 1 addition & 0 deletions src/bosh-dev/bosh-dev.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,5 @@ Gem::Specification.new do |spec|
spec.add_dependency 'bosh-director'
spec.add_dependency 'bundler'
spec.add_dependency 'logging'
spec.add_dependency 'openssl', '>=3.2.0'
end
1 change: 1 addition & 0 deletions src/bosh-director-core/bosh-director-core.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,5 @@ Gem::Specification.new do |spec|

spec.add_dependency 'bosh_common', "~>#{version}"
spec.add_dependency 'bosh-template', "~>#{version}"
spec.add_dependency 'openssl', '>=3.2.0'
end
1 change: 1 addition & 0 deletions src/bosh-director/bosh-director.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ Gem::Specification.new do |spec|
spec.add_dependency 'membrane', '~>1.1.0'
spec.add_dependency 'nats-pure'
spec.add_dependency 'netaddr', '~>1.5.3.dev.1'
spec.add_dependency 'openssl', '>=3.2.0'
spec.add_dependency 'prometheus-client','~>2.1.0'
spec.add_dependency 'puma'
spec.add_dependency 'rack-test'
Expand Down
1 change: 1 addition & 0 deletions src/bosh-monitor/bosh-monitor.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ Gem::Specification.new do |spec|
spec.add_dependency 'logging', '~>2.2.2'
spec.add_dependency 'em-http-request'
spec.add_dependency 'nats-pure'
spec.add_dependency 'openssl', '>=3.2.0'
spec.add_dependency 'thin'
spec.add_dependency 'sinatra', '~>2.2.0'
spec.add_dependency 'dogapi', '~> 1.21.0'
Expand Down
1 change: 1 addition & 0 deletions src/bosh-nats-sync/bosh-nats-sync.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ Gem::Specification.new do |spec|
spec.add_dependency 'logging', '~>2.2.2'
spec.add_dependency 'em-http-request'
spec.add_dependency 'nats-pure'
spec.add_dependency 'openssl', '>=3.2.0'
spec.add_dependency 'thin'
spec.add_dependency 'sinatra', '~>2.2.0'
spec.add_dependency 'rest-client'
Expand Down
1 change: 1 addition & 0 deletions src/bosh-template/bosh-template.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,5 @@ Gem::Specification.new do |spec|

spec.add_dependency 'semi_semantic', '~>1.2.0'
spec.add_dependency 'activesupport'
spec.add_dependency 'openssl', '>=3.2.0'
end
1 change: 1 addition & 0 deletions src/bosh_common/bosh_common.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,5 @@ Gem::Specification.new do |spec|

spec.add_dependency 'semi_semantic', '~>1.2.0'
spec.add_dependency 'logging', '~>2.2.2'
spec.add_dependency 'openssl', '>=3.2.0'
end

0 comments on commit dcb90ac

Please sign in to comment.