Merge branch 'maven-airgap' into 'master'v3.7.0

Install certificate bundle. See merge request gitlab-org/security-products/license-management!126
author: Can Eldem <celdem@gitlab.com> 2020-04-06 11:59:02 +0000
committer: Can Eldem <celdem@gitlab.com> 2020-04-06 11:59:02 +0000
commit: dda9e59a4a3ab471001998d0e68d67ab12b4ac69 (patch)
tree: ad7b589d18aec83d4f09d0e64b75e1581c85589b /lib/license
parent: 93a00df11d79c9f59141ff42ce05ab3b3d329375 (diff)
parent: 93f7c568e1104936de011626d3bd7f56ebe66355 (diff)
8 files changed, 39 insertions, 20 deletions
diff --git a/lib/license/finder/ext/go_modules.rb b/lib/license/finder/ext/go_modules.rb
index 2ef3aa2..d86f21a 100644
--- a/lib/license/finder/ext/go_modules.rb
+++ b/lib/license/finder/ext/go_modules.rb
@@ -25,10 +25,6 @@ module LicenseFinder
 
     private
 
-    def shell
-      @shell ||= ::License::Management::Shell.new
-    end
-
     def absolute_project_path
       @absolute_project_path ||= Pathname(project_path).cleanpath
     end
diff --git a/lib/license/finder/ext/pip.rb b/lib/license/finder/ext/pip.rb
index a55dba7..5ef6602 100644
--- a/lib/license/finder/ext/pip.rb
+++ b/lib/license/finder/ext/pip.rb
@@ -51,10 +51,6 @@ module LicenseFinder
       Dir.chdir(project_path) { yield }
     end
 
-    def shell
-      @shell ||= ::License::Management::Shell.new
-    end
-
     def pypi
       @pypi ||= Spandx::Python::PyPI.new(sources: [
         Spandx::Python::Source.new({
diff --git a/lib/license/finder/ext/pipenv.rb b/lib/license/finder/ext/pipenv.rb
index 075ddd9..d681cc2 100644
--- a/lib/license/finder/ext/pipenv.rb
+++ b/lib/license/finder/ext/pipenv.rb
@@ -5,8 +5,8 @@ module LicenseFinder
     def prepare
       return unless pipfile?
 
-      shell.execute([:pipenv, '--python', python.version])
-      shell.execute([:pipenv, :run, :pipenv, :sync, '--pypi-mirror', python.pip_index_url])
+      shell.execute([:pipenv, '--python', python.version], env: default_env)
+      shell.execute([:pipenv, :run, :pipenv, :sync, '--pypi-mirror', python.pip_index_url], env: default_env)
     end
 
     def current_packages
@@ -17,10 +17,6 @@ module LicenseFinder
 
     private
 
-    def shell
-      @shell ||= ::License::Management::Shell.new
-    end
-
     def python
       @python ||= ::License::Management::Python.new
     end
@@ -52,5 +48,12 @@ module LicenseFinder
     def lockfile_hash
       @lockfile_hash ||= JSON.parse(IO.read(detected_package_path))
     end
+
+    def default_env
+      return {} unless shell.custom_certificate_installed?
+      return {} if ENV['PIP_CERT']
+
+      { 'PIP_CERT' => shell.custom_certificate_path.to_s }
+    end
   end
 end
diff --git a/lib/license/finder/ext/shared_helpers.rb b/lib/license/finder/ext/shared_helpers.rb
index cee79ab..c3d6319 100644
--- a/lib/license/finder/ext/shared_helpers.rb
+++ b/lib/license/finder/ext/shared_helpers.rb
@@ -2,10 +2,13 @@
 
 module LicenseFinder
   module SharedHelpers
+    def shell
+      ::License::Management.shell
+    end
+
     class Cmd
       def self.run(command)
-        @shell ||= ::License::Management::Shell.new
-        @shell.execute(command)
+        ::License::Management.shell.execute(command)
       end
     end
   end
diff --git a/lib/license/management.rb b/lib/license/management.rb
index 9a40d4b..e156d42 100644
--- a/lib/license/management.rb
+++ b/lib/license/management.rb
@@ -26,5 +26,9 @@ module License
     def self.logger
       @logger ||= Logger.new(STDOUT, level: ENV.fetch('LOG_LEVEL', Logger::WARN))
     end
+
+    def self.shell
+      @shell ||= Shell.new
+    end
   end
 end
diff --git a/lib/license/management/python.rb b/lib/license/management/python.rb
index 8a1a81a..c5f7107 100644
--- a/lib/license/management/python.rb
+++ b/lib/license/management/python.rb
@@ -5,7 +5,7 @@ module License
     class Python
       attr_reader :shell
 
-      def initialize(shell: Shell.new)
+      def initialize(shell: ::License::Management.shell)
         @shell = shell
       end
 
diff --git a/lib/license/management/shell.rb b/lib/license/management/shell.rb
index a1a1412..691a8ea 100644
--- a/lib/license/management/shell.rb
+++ b/lib/license/management/shell.rb
@@ -3,10 +3,12 @@
 module License
   module Management
     class Shell
-      attr_reader :logger
+      attr_reader :custom_certificate_path, :logger
 
-      def initialize(logger: License::Management.logger)
+      def initialize(logger: License::Management.logger, certificate: ENV['ADDITIONAL_CA_CERT_BUNDLE'])
         @logger = logger
+        @custom_certificate_path = Pathname.new('/usr/local/share/ca-certificates/custom.crt')
+        trust!(certificate)
       end
 
       def execute(command, env: {})
@@ -24,11 +26,26 @@ module License
         execute("sh -c '#{expand(command)}'", env: env)
       end
 
+      def custom_certificate_installed?
+        present?(ENV['ADDITIONAL_CA_CERT_BUNDLE']) && custom_certificate_path.exist?
+      end
+
       private
 
       def expand(command)
         Array(command).map(&:to_s).join(' ')
       end
+
+      def trust!(certificate)
+        return unless present?(certificate)
+
+        custom_certificate_path.write(certificate)
+        execute('update-ca-certificates -v')
+      end
+
+      def present?(item)
+        !item.nil? && !item.empty?
+      end
     end
   end
 end
diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb
index edcabbd..b422fd6 100644
--- a/lib/license/management/version.rb
+++ b/lib/license/management/version.rb
@@ -2,6 +2,6 @@
 
 module License
   module Management
-    VERSION = '3.6.0'
+    VERSION = '3.7.0'
   end
 end
author	Can Eldem <celdem@gitlab.com>	2020-04-06 11:59:02 +0000
committer	Can Eldem <celdem@gitlab.com>	2020-04-06 11:59:02 +0000
commit	dda9e59a4a3ab471001998d0e68d67ab12b4ac69 (patch)
tree	ad7b589d18aec83d4f09d0e64b75e1581c85589b /lib/license
parent	93a00df11d79c9f59141ff42ce05ab3b3d329375 (diff)
parent	93f7c568e1104936de011626d3bd7f56ebe66355 (diff)