boxen 3.0.0.beta1 → 3.1.0

data/lib/boxen/hook/web.rb

@@ -0,0 +1,56 @@
+require "boxen/hook"
+require "json"
+require "net/http"
+
+module Boxen
+  class Hook
+    class Web < Hook
+      def perform?
+        enabled?
+      end
+
+      private
+      def call
+        payload = {
+          :login  => config.user,
+          :sha    => checkout.sha,
+          :status => result.success? ? 'success' : 'failure',
+          :time   => "#{Time.now.utc.to_i}"
+        }
+
+        post_web_hook payload
+      end
+
+      def post_web_hook(payload)
+        headers = { 'Content-Type' => 'application/json' }
+
+        uri = URI.parse(URI.escape(ENV['BOXEN_WEB_HOOK_URL']))
+
+        user, pass, host, port, path = \
+          uri.user, uri.pass, uri.host, uri.port, uri.path
+
+        request = Net::HTTP::Post.new(path, initheader = headers)
+
+        if uri.scheme =~ /https/
+          http.use_ssl = true
+        end
+
+        if user && pass
+          request.basic_auth user, pass
+        end
+
+        request.body = payload.to_json
+
+        response = Net::HTTP.new(host, port).start do |http|
+          http.request(request)
+        end
+      end
+
+      def required_environment_variables
+        ['BOXEN_WEB_HOOK_URL']
+      end
+    end
+  end
+end
+
+Boxen::Hook.register Boxen::Hook::Web

data/lib/boxen/keychain.rb

@@ -44,7 +44,7 @@ module Boxen
     def set(service, token)
       cmd = shellescape(HELPER, service, login, token)
 
-      unless system(*cmd)
+      unless system *cmd
         raise Boxen::Error, "Can't save #{service} in the keychain."
       end
 

data/lib/boxen/postflight/env.rb

@@ -24,6 +24,6 @@ class Boxen::Postflight::Env < Boxen::Postflight
   end
 
   def run
-    warn "Source #{config.envfile} or restart your shell for new stuff!"
+    warn "Run source #{config.envfile} or restart your shell for new stuff!"
   end
 end

data/lib/boxen/preflight.rb

@@ -1,10 +1,13 @@
 require "boxen/check"
 
 module Boxen
+
+  # The superclass for preflight checks.
+
   class Preflight < Boxen::Check
-  end
-end
 
-Dir["#{File.expand_path('../preflight', __FILE__)}/*"].each do |f|
-  require "boxen/preflight/#{File.basename f}"
+    # Load all available preflight checks.
+
+    register File.expand_path("../preflight", __FILE__)
+  end
 end

data/lib/boxen/preflight/creds.rb

@@ -1,6 +1,8 @@
 require "boxen/preflight"
 require "highline"
 require "octokit"
+require "digest"
+require "socket"
 
 # HACK: Unless this is `false`, HighLine has some really bizarre
 # problems with empty/expended streams at bizarre intervals.
@@ -12,8 +14,6 @@ class Boxen::Preflight::Creds < Boxen::Preflight
   attr :password
 
   def ok?
-    return true if config.offline?
-
     if config.token && config.api.user
       # There was a period of time when login wasn't geting set on first run.
       # This should correct that.
@@ -70,12 +70,27 @@ class Boxen::Preflight::Creds < Boxen::Preflight
     fetch_login_and_password
     tokens = get_tokens
 
-    unless auth = tokens.detect { |a| a.note == "Boxen" }
-      auth = tmp_api.create_authorization \
-        :note => "Boxen",
-        :scopes => %w(repo user),
-        :headers => headers
-    end
+    # Boxen now supports the updated GitHub Authorizations API by using a unique
+    # `fingerprint` for each Boxen installation for a user. We delete any older
+    # authorization that does not make use of `fingerprint` so that the "legacy"
+    # authorization doesn't persist in the user's list of personal access
+    # tokens.
+    legacy_auth = tokens.detect { |a| a.note == "Boxen" && a.fingerprint == nil }
+    tmp_api.delete_authorization(legacy_auth.id, :headers => headers) if legacy_auth
+
+    # The updated GitHub authorizations API, in order to improve security, no
+    # longer returns a plaintext `token` for existing authorizations. So, if an
+    # authorization already exists for this machine we need to first delete it
+    # so that we can create a new one.
+    auth = tokens.detect { |a| a.note == note && a.fingerprint == fingerprint }
+    tmp_api.delete_authorization(auth.id, :headers => headers) if auth
+
+    auth = tmp_api.create_authorization(
+      :note => note,
+      :scopes => %w(repo user),
+      :fingerprint => fingerprint,
+      :headers => headers
+    )
 
     config.token = auth.token
 
@@ -107,4 +122,28 @@ class Boxen::Preflight::Creds < Boxen::Preflight
     warn "Oh, looks like you've provided your #{thing} as environmental variable..."
     found
   end
+
+  def fingerprint
+    @fingerprint ||= begin
+      # See Apple technical note TN1103, "Uniquely Identifying a Macintosh
+      # Computer."
+      serial_number_match_data = IO.popen(
+        ["ioreg", "-c", "IOPlatformExpertDevice", "-d", "2"]
+      ).read.match(/"IOPlatformSerialNumber" = "([[:alnum:]]+)"/)
+      if serial_number_match_data
+        # The fingerprint must be unique across all personal access tokens for a
+        # given user. We prefix the serial number with the application name to
+        # differentiate between any other personal access token that uses the
+        # Mac serial number for the fingerprint.
+        Digest::SHA256.hexdigest("Boxen: #{serial_number_match_data[1]}")
+      else
+        abort "Sorry, I was unable to obtain your Mac's serial number.",
+          "Boxen requires access to your Mac's serial number in order to generate a unique GitHub personal access token."
+      end
+    end
+  end
+
+  def note
+    @note ||= "Boxen: #{Socket.gethostname}"
+  end
 end

data/lib/boxen/preflight/identity.rb

@@ -2,8 +2,6 @@ require "boxen/preflight"
 
 class Boxen::Preflight::Identity < Boxen::Preflight
   def ok?
-    return true if config.offline?
-    
     !user || (config.email && config.name)
   end
 

data/lib/boxen/preflight/os.rb

@@ -1,10 +1,10 @@
 require "boxen/preflight"
 
 class Boxen::Preflight::OS < Boxen::Preflight
-  SUPPORTED_RELEASES = %w(10.8 10.9)
+  SUPPORTED_RELEASES = %w(10.8 10.9 10.10 10.11 10.12)
 
   def ok?
-    osx? && supported_release?
+    osx? && (skip_os_check? || supported_release?)
   end
 
   def run
@@ -26,4 +26,8 @@ class Boxen::Preflight::OS < Boxen::Preflight
   def current_release
     @current_release ||= `sw_vers -productVersion`
   end
+  
+  def skip_os_check?
+    ENV['SKIP_OS_CHECK'] == '1'
+  end
 end

data/lib/boxen/puppeteer.rb

@@ -0,0 +1,121 @@
+require "fileutils"
+require "boxen/util"
+
+module Boxen
+
+  # Manages an invocation of puppet.
+
+  class Puppeteer
+
+    class Status < Struct.new(:code)
+      # Puppet's detailed exit codes reserves 2 for a successful run with changes
+      def success?
+        [0,2].include?(code)
+      end
+    end
+
+    attr_reader :config
+
+    def initialize(config)
+      @config = config
+    end
+
+    def command
+      manifestdir = "#{config.repodir}/manifests"
+      puppet      = "#{config.repodir}/bin/puppet"
+
+      [puppet, "apply", flags, manifestdir].flatten
+    end
+
+    def hiera_config
+      if File.exist? "#{config.repodir}/config/hiera.yaml"
+        "#{config.repodir}/config/hiera.yaml"
+      else
+        "/dev/null"
+      end
+    end
+
+    def flags
+      flags = []
+      root  = File.expand_path "../../..", __FILE__
+
+      flags << ["--group",       "admin"]
+      flags << ["--confdir",     "#{config.puppetdir}/conf"]
+      flags << ["--vardir",      "#{config.puppetdir}/var"]
+      flags << ["--libdir",      "#{config.repodir}/lib"]#:#{root}/lib"]
+      flags << ["--libdir",      "#{root}/lib"]
+      flags << ["--modulepath",  "#{config.repodir}/modules:#{config.repodir}/shared"]
+
+      # Don't ever complain about Hiera to me
+      flags << ["--hiera_config", hiera_config]
+
+      # Log to both the console and a file.
+
+      flags << ["--logdest", config.logfile]
+      flags << ["--logdest", "console"]
+
+      # For some reason Puppet tries to set up a bunch of rrd stuff
+      # (user, group) unless reports are completely disabled.
+
+      flags << "--no-report" unless config.report?
+      flags << "--detailed-exitcodes"
+
+      flags << "--graph" if config.graph?
+
+      flags << "--show_diff"
+
+      if config.profile?
+        flags << "--evaltrace"
+        flags << "--summarize"
+      end
+
+      if config.future_parser?
+        flags << "--parser=future"
+      end
+
+      flags << "--debug" if config.debug?
+      flags << "--noop"  if config.pretend?
+
+      flags << "--color=false" unless config.color?
+
+      flags.flatten
+    end
+
+    def run
+      FileUtils.mkdir_p config.puppetdir
+
+      FileUtils.rm_f config.logfile
+
+      FileUtils.rm_rf "#{config.puppetdir}/var/reports" if config.report?
+
+      FileUtils.rm_rf "#{config.puppetdir}/var/state/graphs" if config.graph?
+
+      FileUtils.mkdir_p File.dirname config.logfile
+      FileUtils.touch config.logfile
+
+      if File.file? "Puppetfile"
+        librarian = "#{config.repodir}/bin/librarian-puppet"
+
+        unless config.enterprise?
+          # Set an environment variable for librarian-puppet's
+          # github_tarball source strategy.
+          ENV["GITHUB_API_TOKEN"] = config.token
+        end
+
+        librarian_command = [librarian, "install", "--path=#{config.repodir}/shared"]
+        librarian_command << "--verbose" if config.debug?
+
+        warn librarian_command.join(" ") if config.debug?
+        unless system *librarian_command
+          abort "Can't run Puppet, fetching dependencies with librarian failed."
+        end
+      end
+
+      warn command.join(" ") if config.debug?
+
+      Boxen::Util.sudo *command
+
+      Status.new($?.exitstatus)
+    end
+  end
+end

data/lib/boxen/runner.rb

@@ -0,0 +1,149 @@
+require "boxen/checkout"
+require "boxen/config"
+require "boxen/hook"
+require "boxen/flags"
+require "boxen/puppeteer"
+require "boxen/service"
+require "boxen/util"
+require "facter"
+
+module Boxen
+  class Runner
+    attr_reader :config
+    attr_reader :flags
+    attr_reader :puppet
+    attr_reader :checkout
+    attr_reader :hooks
+
+    def initialize(config, flags)
+      @config   = config
+      @flags    = flags
+      @puppet   = Boxen::Puppeteer.new(@config)
+      @checkout = Boxen::Checkout.new(@config)
+      @hooks    = Boxen::Hook.all
+    end
+
+    def process
+      # --env prints out the current BOXEN_ env vars.
+
+      exec "env | grep ^BOXEN_ | sort" if flags.env?
+
+      process_flags
+
+      process_args
+
+      # Actually run Puppet and return its result
+
+      puppet.run
+    end
+
+    def run
+      report(process)
+    end
+
+    def report(result)
+      hooks.each { |hook| hook.new(config, checkout, puppet, result).run }
+
+      result
+    end
+
+    def process_flags
+
+      # --projects prints a list of available projects and exits.
+
+      if flags.projects?
+        puts "You can install any of these projects with `#{$0} <project-name>`:\n"
+
+        config.projects.each do |project|
+          puts "  #{project.name}"
+        end
+
+        exit
+      end
+
+      # --disable-services stops all services
+
+      if flags.disable_services?
+        Boxen::Service.list.each do |service|
+          puts "Disabling #{service}..."
+          service.disable
+        end
+
+        exit
+      end
+
+      # --enable-services starts all services
+
+      if flags.enable_services?
+        Boxen::Service.list.each do |service|
+          puts "Enabling #{service}..."
+          service.enable
+        end
+
+        exit
+      end
+
+      # --disable-service [name] stops a service
+
+      if flags.disable_service?
+        service = Boxen::Service.new(flags.disable_service)
+        puts "Disabling #{service}..."
+        service.disable
+
+        exit
+      end
+
+      # --enable-service [name] starts a service
+
+      if flags.enable_service?
+        service = Boxen::Service.new(flags.enable_service)
+        puts "Enabling #{service}..."
+        service.enable
+
+        exit
+      end
+
+      # --restart-service [name] starts a service
+
+      if flags.restart_service?
+        service = Boxen::Service.new(flags.restart_service)
+        puts "Restarting #{service}..."
+        service.disable
+        service.enable
+
+        exit
+      end
+
+      # --list-services lists all services
+
+      if flags.list_services?
+        Boxen::Service.list.each do |service|
+          puts service
+        end
+
+        exit
+      end
+
+      # --restart-services restarts all services
+
+      if flags.restart_services?
+        Boxen::Service.list_enabled.each do |service|
+          puts "Restarting #{service}..."
+          service.disable
+          service.enable
+        end
+
+        exit
+      end
+
+    end
+
+    def process_args
+      projects = flags.args.join(',')
+      File.open("#{config.repodir}/.projects", "w+") do |f|
+        f.truncate 0
+        f.write projects
+      end
+    end
+  end
+end