voxpupuli
Ruby 3.1/Psych 4 compatibility issues
WIth the work to support ruby 3 https://github.com/voxpupuli/beaker/commit/a32f4fdb161dfd68c60eef3cc6b266c44c504ebf permitted classes were enumerated to read from preserved hosts. This list appears to be incomplete when you have configured ssh for a particular preserved hosts: See below for some classes that are preserved on ssh config in the following snippet:
ssh: !ruby/hash:Beaker::Options::OptionsHash
:config: true
:verify_host_key: false
:auth_methods: &6
- publickey
:port: 22
:forward_agent: true
:keys: &7
- id_rsa_acceptance
- "/Users/cas.donoghue/.ssh/id_rsa-acceptance"
:user_known_hosts_file: "/Users/cas.donoghue/.ssh/known_hosts"
:keepalive: true
:logger: &8 !ruby/object:Logger
level: 4
progname:
default_formatter: !ruby/object:Logger::Formatter
datetime_format:
formatter:
logdev: !ruby/object:Logger::LogDevice
shift_period_suffix:
shift_size:
shift_age:
filename:
dev: !ruby/object:IO {}
mon_mutex: !ruby/object:Thread::Mutex {}
mon_mutex_owner_object_id: 70248041560740
mon_owner:
mon_count: 0
:password_prompt: &9 !ruby/object:Net::SSH::Prompt {}
:user: root
With beaker 4.35.0 and later when beaker attempts to read a hosts file with ssh config preserved it fails becuase the Logger and Net::SSH classes are not permitted to be safe loaded.
Would you recommend we add those all to the permitted classes list? Or is there some other way we need to handle this (maybe serializing the ssh config in a different way)?
To me the biggest questions is why Beaker serializes so much. It feels to me that it's serializing way too much. For example, a logger? A password prompt? Feels to me that they should be excluded from the file but I don't know beaker well enough to say.
Yeah marshaling the ruby objects to yaml seems... Not ideal. But refactoring that seems like a bit of an endeavor.
I think https://github.com/voxpupuli/beaker/pull/1758 should work until we fix the issue of serializing too much into this file.
