Skip to content

Openssl version matcher accounts for vanilla and os pecularities #248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Openssl version matcher accounts for vanilla and os pecularities #248

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5d4977c
openssl_version: Adjust regex to match more openssl version strings
sboyd-m Feb 10, 2025
99bd40e
tests: DRY out openssl_version fact tests
sboyd-m Feb 10, 2025
ebe7b6a
feat: Vanilla/upstream OpenSSL in test matrix
marcusdots Feb 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion lib/facter/openssl_version.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
setcode do
if Facter::Util::Resolution.which('openssl')
openssl_version = Facter::Util::Resolution.exec('openssl version 2>&1')
matches = %r{^OpenSSL ([\w.-]+)(\s+FIPS)?( +)([\d.]+)( +)([\w.]+)( +)([\d.]+)}.match(openssl_version)
# OracleLinux did some uppercase-lowercase-extras
matches = %r{^OpenSSL ([\w.]+)[ -]*(fips|FIPS|dev)? +([\d.]+) +([\w.]+) +([\d.]+) *(\([\w:. ]+\))?}.match(openssl_version)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not convinced yet that such a complicated regex is still required.

Facter::Util::Resolution.exec('openssl version 2>&1').split(' ')[1]

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the revision character has been included in the version for a while, that might be ok. However, doing so would miss the fips information. For example, OpenSSL 1.1.1k FIPS and OpenSSL 1.0.2k-fips. As I said in my PR, As an aside, it seems like we could be adding another fact based on FIPS mode, and possibly the library information for v3, but that is best left to another PR.

matches[1] if matches
end
end
Expand Down
125 changes: 84 additions & 41 deletions spec/unit/openssl_version_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,77 @@
require 'spec_helper'
require 'facter'

fact_matrix = {
'debian-11-x86_64' => {
return_string: 'OpenSSL 1.1.1w 11 Sep 2023',
version_string: '1.1.1w',
},
'debian-12-x86_64' => {
return_string: 'OpenSSL 3.0.15 3 Sep 2024 (Library: OpenSSL 3.0.15 3 Sep 2024)',
version_string: '3.0.15',
},
'ubuntu-20.04-x86_64' => {
return_string: 'OpenSSL 1.1.1f 31 Mar 2020',
version_string: '1.1.1f',
},
'ubuntu-22.04-x86_64' => {
return_string: 'OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)',
version_string: '3.0.2',
},
'ubuntu-24.04-x86_64' => {
return_string: 'OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)',
version_string: '3.0.13',
},
'redhat-8-legacy' => {
return_string: 'OpenSSL 1.1.1c FIPS 28 May 2019',
version_string: '1.1.1c',
},
'redhat-8-x86_64' => {
return_string: 'OpenSSL 1.1.1k FIPS 25 Mar 2021',
version_string: '1.1.1k',
},
'redhat-9-x86_64' => {
return_string: 'OpenSSL 9.9.9zzz FIPS 1 Jan 2099',
version_string: '9.9.9zzz',
},
'oraclelinux-8-x86_64' => {
return_string: 'OpenSSL 1.1.1k FIPS 25 Mar 2021',
version_string: '1.1.1k',
},
'oraclelinux-9-x86_64' => {
return_string: 'OpenSSL 3.2.2 4 Jun 2024 (Library: OpenSSL 3.2.2 4 Jun 2024)',
version_string: '3.2.2',
},
'rocky-8-x86_64' => {
return_string: 'OpenSSL 1.1.1k FIPS 25 Mar 2021',
version_string: '1.1.1k',
},
'rocky-9-x86_64' => {
return_string: 'OpenSSL 3.2.2 4 Jun 2024 (Library: OpenSSL 3.2.2 4 Jun 2024)',
version_string: '3.2.2',
},
'almalinux-8-x86_64' => {
return_string: 'OpenSSL 1.1.1k FIPS 25 Mar 2021',
version_string: '1.1.1k',
},
'almalinux-9-x86_64' => {
return_string: 'OpenSSL 3.2.2 4 Jun 2024 (Library: OpenSSL 3.2.2 4 Jun 2024)',
version_string: '3.2.2',
},
'centos-9-x86_64' => {
return_string: 'OpenSSL 1.0.2g 1 Mar 2016',
version_string: '1.0.2g',
},
'vanilla-openssl' => {
return_string: 'OpenSSL 3.5.0-dev (Library: OpenSSL 3.5.0-dev )',
version_string: '3.5.0-dev',
},
'legacy' => {
return_string: 'OpenSSL 0.9.8zg 14 July 2015',
version_string: '0.9.8zg',
},
}

describe Facter.fact(:openssl_version) do
on_supported_os.each do |os, facts|
context "on #{os}" do
Expand All @@ -16,11 +87,11 @@
context 'with value' do
before do
allow(Facter::Util::Resolution).to receive(:which).with('openssl').and_return(true)
allow(Facter::Util::Resolution).to receive(:exec).with('openssl version 2>&1').and_return('OpenSSL 0.9.8zg 14 July 2015')
allow(Facter::Util::Resolution).to receive(:exec).with('openssl version 2>&1').and_return(fact_matrix[os][:return_string])
end

it {
expect(Facter.value(:openssl_version)).to eq('0.9.8zg')
expect(Facter.value(:openssl_version)).to eq(fact_matrix[os][:version_string])
}
end

Expand All @@ -36,55 +107,27 @@
}
end
end
end
end

describe 'openssl_version rhel' do
context 'with value' do
before do
allow(Facter::Util::Resolution).to receive(:which).with('openssl').and_return(true)
allow(Facter::Util::Resolution).to receive(:exec).with('openssl version 2>&1').and_return('OpenSSL 1.0.1e-fips 11 Feb 2013')
end

it {
expect(Facter.value(:openssl_version)).to eq('1.0.1e-fips')
}
end
end

describe 'openssl_version centos' do
context 'with value' do
before do
allow(Facter::Util::Resolution).to receive(:which).with('openssl').and_return(true)
allow(Facter::Util::Resolution).to receive(:exec).with('openssl version 2>&1').and_return('OpenSSL 1.0.2g 1 Mar 2016')
end

it {
expect(Facter.value(:openssl_version)).to eq('1.0.2g')
}
end
end

describe 'openssl_version rhel8' do
context 'with value' do
before do
allow(Facter::Util::Resolution).to receive(:which).with('openssl').and_return(true)
allow(Facter::Util::Resolution).to receive(:exec).with('openssl version 2>&1').and_return('OpenSSL 1.1.1c FIPS 28 May 2019')
end
filler_facts = on_supported_os['redhat-9-x86_64']
['legacy', 'redhat-8-legacy'].each do |special_case|
context "on #{special_case}" do
let(:facts) { filler_facts }

it {
expect(Facter.value(:openssl_version)).to eq('1.1.1c')
}
end
before do
Facter.clear
end

describe 'openssl_version rhel8 latest' do
describe 'openssl_version' do
context 'with value' do
before do
allow(Facter::Util::Resolution).to receive(:which).with('openssl').and_return(true)
allow(Facter::Util::Resolution).to receive(:exec).with('openssl version 2>&1').and_return('OpenSSL 1.1.1k FIPS 25 Mar 2021')
allow(Facter::Util::Resolution).to receive(:exec).with('openssl version 2>&1').and_return(fact_matrix[special_case][:return_string])
end

it {
expect(Facter.value(:openssl_version)).to eq('1.1.1k')
expect(Facter.value(:openssl_version)).to eq(fact_matrix[special_case][:version_string])
}
end
end
Expand Down
Loading