conjur-debify 1.11.5 → 2.1.1.pre.957

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 58a50a072fd2700fa612ac0a6113f2a6227787ed67ac732767443dc26a6f9e72
-  data.tar.gz: ba642699eb85c6506091ccdb8c82779a1f4daf9b5e00f45e071f910b889883e5
+  metadata.gz: 900a9fd06b803b1a556d3b718cb8db6ac73b442eb78b414417af39764783d214
+  data.tar.gz: d634ed0e025e341cca3a0e085bdbd75dde1f965112dffcb2bdbf9c920209aa6b
 SHA512:
-  metadata.gz: 3674127fd6cc68ee9696f552edac2a089efe2c9ab6e1b0ac212ee78b4b282735e03ec65f15c7502592e2c31702a182756e6744c8a3bbc90a2e04b1c06ad6ffeb
-  data.tar.gz: 31b3d6dd4a7c414ea09ea97e98ef1a56963d4724b4bd637fbd0379f7f53db0c9d0be22981a1de2de748aa8925a5b15d82b6551e4eb7b4edf6c68579c7f5b9d3b
+  metadata.gz: a143de7e6c1b954d95ed224c96d477afdaa63cf4642019b7b01392b68f5e214246eb3c3a568d1dfc3d43b8d05c288f7b449dc9a8ad6500bf3ca2c45a516897e5
+  data.tar.gz: 154e6740f311f41038631cadc7aeff5a52922b6dbf150d7058cf0bb90fd6fc4b0119ecef507cc301cf6f10621ce132254189e39582de1e2897876d81842f0d0f

data/.gitignore

@@ -16,5 +16,6 @@ features/reports
 results.html
 mkmf.log
 *.deb
+*.rpm
 *.gem
 docker-debify

data/CHANGELOG.md

@@ -1,3 +1,35 @@
+## [2.1.1]
+### Changed
+
+- Update to use automated release process
+
+# 2.1.0
+### Changed
+
+- Refine bundler related steps in `debify package` flow: only `package.sh` file configures
+  and invokes bundler. `Dockerfile.fpm` only copies files and adjusts folder structure.
+- Remove bundler 1.* support 
+
+# 2.0.0
+### Changed
+- Debify now receives the flag `--output` as input to indicate the file type that it should package (e.g `rpm`). If this 
+  flag is not given, the default value is `deb`.
+  [conjurinc/debify#56](https://github.com/conjurinc/debify/issues/56)
+
+# 1.12.0
+
+### Added
+- Debify now packages and publishes an RPM file, alongside a debian file.
+  [conjurinc/debify#49](https://github.com/conjurinc/debify/pull/49)
+- `debify package` now offers an `--additional-files` flag to provide a comma
+  separated list of files to include in the FPM build that are not provided
+  automatically by `git ls-files`.
+  [conjurinc/debify#52](https://github.com/conjurinc/debify/pull/52)
+
+### Fixed
+- Bug causing `all` files in the git repo to be added to the debian file.
+  [conjurinc/debify#50](https://github.com/conjurinc/debify/pull/50)
+
 # 1.11.5
 
 ### Changed

data/Dockerfile

@@ -1,46 +1,33 @@
 FROM ruby:2.6-stretch
 
-### DockerInDocker support is take from
-### https://github.com/jpetazzo/dind/blob/master/Dockerfile . I
-### elected to base this image on ruby, then pull in the (slightly
-### outdated) support for DockerInDocker. Creation of the official
-### docker:dind image much more complicated and didn't lend itself to
-### also running ruby.
-
 RUN apt-get update -qq && \
     apt-get dist-upgrade -qqy && \
     apt-get install -qqy \
     apt-transport-https \
     ca-certificates \
-    curl \
-    lxc \
-    iptables
+    curl
     
-# Install Docker from Docker Inc. repositories.
-RUN curl -sSL https://get.docker.com/ | sh
-
-# Install the magic wrapper.
-RUN curl -sSL -o /usr/local/bin/wrapdocker https://raw.githubusercontent.com/jpetazzo/dind/master/wrapdocker
-RUN chmod +x /usr/local/bin/wrapdocker
-
-# Define additional metadata for our image.
-VOLUME /var/lib/docker
-
-### End of DockerInDocker support
+# Install Docker client tools
+ENV DOCKERVERSION=20.10.0
+RUN curl -fsSLO https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKERVERSION}.tgz \
+  && tar xzvf docker-${DOCKERVERSION}.tgz --strip 1 \
+                 -C /usr/local/bin docker/docker \
+  && rm docker-${DOCKERVERSION}.tgz
 
 RUN mkdir -p /debify
 WORKDIR /debify
 
 COPY . ./
 
+RUN gem install bundler:2.2.30
 RUN gem build debify.gemspec
 
 ARG VERSION
-RUN gem install -N conjur-debify-${VERSION}.gem
+RUN gem install -N conjur-debify-*.gem
 
 ARG CONJUR_APPLIANCE_URL
-ENV CONJUR_APPLIANCE_URL ${CONJUR_APPLIANCE_URL:-https://conjur-master-v2.itp.conjur.net/api}
+ENV CONJUR_APPLIANCE_URL ${CONJUR_APPLIANCE_URL:-https://conjurops.itp.conjur.net}
 ENV CONJUR_ACCOUNT ${CONJUR_ACCOUNT:-conjur}
-ENV CONJUR_VERSION ${CONJUR_VERSION:-4}
+ENV CONJUR_VERSION ${CONJUR_VERSION:-5}
 
 ENTRYPOINT ["/debify/distrib/entrypoint.sh"]

data/Jenkinsfile

@@ -1,5 +1,18 @@
 #!/usr/bin/env groovy
 
+// Automated release, promotion and dependencies
+properties([
+  release.addParams(),
+  dependencies(['cyberark/conjur-base-image'])
+])
+
+if (params.MODE == "PROMOTE") {
+  release.promote(params.VERSION_TO_PROMOTE) { sourceVersion, targetVersion, assetDirectory ->
+    sh './publish-rubygems.sh'
+  }
+  return
+}
+
 pipeline {
   agent { label 'executor-v2' }
 
@@ -13,8 +26,25 @@ pipeline {
     cron(getDailyCronString())
   }
 
+  environment {
+    MODE = release.canonicalizeMode()
+  }
+
   stages {
-    stage('Checkout') {
+    stage ("Skip build if triggering job didn't create a release") {
+      when {
+        expression {
+          MODE == "SKIP"
+        }
+      }
+      steps {
+        script {
+          currentBuild.result = 'ABORTED'
+          error("Aborting build because this build was triggered from upstream, but no release was built")
+        }
+      }
+    }
+    stage('Prepare') {
       steps {
         // One of our cukes tests to see if debify can correctly
         // determine the version for the package being created, based
@@ -24,6 +54,9 @@ pipeline {
         // I couldn't find any way to configure the plugin, so I used
         // the Snippet Generator to create this:
         checkout([$class: 'GitSCM', branches: [[name: env.BRANCH_NAME]], doGenerateSubmoduleConfigurations: false, extensions: [[$class: 'CloneOption', depth: 0, noTags: false, reference: '', shallow: false]], submoduleCfg: [], userRemoteConfigs: [[credentialsId: 'conjur-jenkins', url: 'git@github.com:conjurinc/debify.git']]])
+
+        // Initialize VERSION file
+        updateVersion("CHANGELOG.md", "${BUILD_NUMBER}")
       }
     }
     stage('Build docker image') {
@@ -42,10 +75,14 @@ pipeline {
             scanAndReport("debify:${VERSION}", "HIGH", false)
           }
         }
-        // No all report generated because it currently adds 10-12 minutes of
-        // build time just to write the trivy report. It'll be added once we've
-        // cleaned up and/or ignored enough issues to reduce the impact
-        // on build time.
+        stage('Scan Docker image for all issues') {
+          steps{
+            script {
+              VERSION = sh(returnStdout: true, script: 'cat VERSION')
+            }
+            scanAndReport("debify:${VERSION}", "NONE", true)
+          }
+        }
       }
     }
 
@@ -66,31 +103,16 @@ pipeline {
     }
 
     stage('Publish to RubyGems') {
-      agent { label 'releaser-v2' }
       when {
-        allOf {
-          branch 'master'
-          /* expression {
-            boolean publish = false
-
-            try {
-              timeout(time: 5, unit: 'MINUTES') {
-                input(message: 'Publish to RubyGems?')
-                publish = true
-              }
-            } catch (final ignore) {
-              publish = false
-            }
-
-            return publish
-          }*/
+        expression {
+          MODE == "RELEASE"
         }
       }
 
       steps {
-        checkout scm
-        sh './publish-rubygem.sh'
-        deleteDir()
+        release {
+          sh './publish-rubygem.sh'
+        }
       }
     }
   }

data/README.md

@@ -1,5 +1,10 @@
 # Debify
 
+Debify is a tool used for building and testing DAP appliance packages.
+It is mainly used to package and publish debian packages that are consumed into the
+appliance image in its build stage. However, it also packages and publishes an
+RPM package whenever it does so for a debian.
+
 ## Installation
 
 There are two different ways of installing debify: as a gem, or as a Docker image.
@@ -284,7 +289,7 @@ Start a sandbox, see that it can resolve the hostname `mydb`:
 
 ```sh-session
 
-example $ debify sandbox -t 4.9-stable --net testnet
+example $ debify sandbox -t 5.0-stable --net testnet
 example $ docker exec -it example-sandbox /bin/bash
 root@7d4217655332:/src/example# getent hosts mydb
 172.19.0.2      mydb

data/Rakefile

@@ -33,7 +33,8 @@ if cucumber?
   Cucumber::Rake::Task.new(:features) do |t|
     opts = "features --format junit -o #{CUKE_RESULTS} --format pretty -x"
     opts += " --tags #{ENV['TAGS']}" if ENV['TAGS']
-    t.cucumber_opts =  opts
+    opts += " --tags ~@skip"
+    t.cucumber_opts = opts
     t.fork = false
   end
 

data/VERSION

@@ -1 +1 @@
-1.11.5
+2.1.1-957

data/ci/test.sh

@@ -2,11 +2,6 @@
 
 bundle
 
-# Some tests need to be logged in to the registry, to pull a base
-# image if it's not already available. Have entrypoint.sh do something
-# simple, and log in as a side effect.
-/debify/distrib/entrypoint.sh detect-version
-
 for target in spec cucumber; do
   bundle exec rake $target
 done

data/debify.gemspec

@@ -6,32 +6,32 @@ require 'conjur/debify/version'
 Gem::Specification.new do |spec|
   spec.name          = "conjur-debify"
   spec.version       = Conjur::Debify::VERSION
-  spec.authors       = ["Kevin Gilpin"]
-  spec.email         = ["kgilpin@conjur.net"]
+  spec.authors       = ["CyberArk Software, Inc."]
+  spec.email         = ["conj_maintainers@cyberark.com"]
   spec.summary       = %q{Utility commands to build and package Conjur services as Debian packages}
   spec.homepage      = "https://github.com/conjurinc/debify"
   spec.license       = "MIT"
 
-  spec.files         = `git ls-files -z`.split("\x0")
+  spec.files         = `git ls-files -z`.split("\x0").append("VERSION")
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
   
   spec.add_dependency "gli"
-  spec.add_dependency "docker-api", "~> 1.33"
+  spec.add_dependency "docker-api", "~> 2.0"
   spec.add_dependency "conjur-cli" , "~> 6"
   spec.add_dependency "conjur-api", "~> 5"
 
-  spec.add_development_dependency "bundler", "~> 1.7"
+  spec.add_development_dependency "bundler", ">= 2.2.30"
   spec.add_development_dependency "fakefs", "~> 0"
-  spec.add_development_dependency "rake", "~> 12.3.3"
+  spec.add_development_dependency "rake", "~> 13.0"
   
   # Pin to cucumbe v2. cucumber v3 changes (breaks) the behavior of
   # unmatched capture groups with \(d+). In v3, the value of such a
   # group is 0 instead of nil, which breaks aruba's "I successfully
   # run...." steps.
   spec.add_development_dependency "cucumber", '~> 2'
-  spec.add_development_dependency "aruba", "~> 0.14"
+  spec.add_development_dependency "aruba", "~> 1.0"
   spec.add_development_dependency 'rspec', '~> 3'
   spec.add_development_dependency 'ci_reporter_rspec', '~> 1.0'
 end

data/distrib/docker-debify

@@ -39,10 +39,12 @@ docker run -i $tty --rm \
   -e CONJUR_APPLIANCE_URL -e CONJUR_SSL_CERTIFICATE \
   -e GIT_BRANCH -e BRANCH_NAME \
   -e ARTIFACTORY_USER -e ARTIFACTORY_PASSWORD \
+  -e HOME \
   ${envfile_arg} \
-  -v $PWD:$PWD -w $PWD \
+  -v "$PWD:$PWD" -w "$PWD" \
   -v /var/run/docker.sock:/var/run/docker.sock \
-  -v ${netrc}:/root/.netrc:ro \
+  -v "${HOME}:${HOME}" \
+  -v "${netrc}:${HOME}/.netrc:ro" \
   ${rc_arg} \
   ${DEBIFY_ENTRYPOINT+--entrypoint $DEBIFY_ENTRYPOINT} \
   ${DEBIFY_IMAGE-registry.tld/conjurinc/debify:@@DEBIFY_VERSION@@} "$@"

data/distrib/entrypoint.sh

@@ -6,17 +6,14 @@ set +x
 
 creds=( $(ruby /debify/distrib/conjur_creds.rb) )
 
-# If there are creds, use them to log in to the registry. Then, run
-# the magic DockerInDocker wrapper script so debify can interact with
-# the Docker daemon.
+# If there are creds, use them to log in to the registry.
 #
-# If there are no creds, just run debify itself. Any commands that do
+# If there are no creds, any commands that do
 # Docker stuff will fail, but the non-Docker commands (e.g. the config
 # subcommands) will work fine.
 if [[ ${#creds[*]} > 0 ]]; then
   echo -n "${creds[1]}" | docker login registry.tld -u ${creds[0]} --password-stdin >/dev/null 2>&1
-  exec wrapdocker debify "$@"
-else
-  exec debify "$@"
 fi
 
+exec debify "$@"
+

data/example/Gemfile.lock

@@ -29,4 +29,4 @@ DEPENDENCIES
   rspec
 
 BUNDLED WITH
-   1.16.1
+   2.1.4

data/example/net-test.sh

@@ -2,6 +2,6 @@
 
 cid=$1
 
-docker exec $cid ping -c1 other_host
+docker exec $cid curl -s http://other_host > /dev/null
 
 echo Test succeeded

data/features/package.feature

@@ -2,16 +2,22 @@
 Feature: Packaging
 
   Background:
-    Given I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example -v 0.0.1 example -- --post-install /distrib/postinstall.sh`
+    # We use version 0.0.1-suffix to verify that RPM converts dashes to underscores
+    # in the version as we expect
+    Given I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example -v 0.0.1-suffix example -- --post-install /distrib/postinstall.sh`
+    And I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example --output rpm  -v 0.0.1-suffix example  -- --post-install /distrib/postinstall.sh`
 
   Scenario: 'example' project can be packaged successfully
-    Then the stdout should contain "conjur-example_0.0.1_amd64.deb"
-    And the stdout should contain "conjur-example-dev_0.0.1_amd64.deb"
+    Then the stdout should contain "conjur-example_0.0.1-suffix_amd64.deb"
+    And the stdout should contain "conjur-example-dev_0.0.1-suffix_amd64.deb"
+    And the stdout should contain "conjur-example-0.0.1_suffix-1.x86_64.rpm"
+    And the stdout should contain "conjur-example-dev-0.0.1_suffix-1.x86_64.rpm"
 
   Scenario: 'clean' command will delete non-Git-managed files
     When I successfully run `env DEBUG=true GLI_DEBUG=true debify clean -d ../../example --force`
     And I successfully run `find ../../example`
-    Then the stdout from "find ../../example" should not contain "conjur-example_0.0.1_amd64.deb"
-    
+    Then the stdout from "find ../../example" should not contain "conjur-example_0.0.1-suffix_amd64.deb"
+    And the stdout from "find ../../example" should not contain "conjur-example-0.0.1_suffix-1.x86_64.rpm"
+
   Scenario: 'example' project can be published
-    When I successfully run `env DEBUG=true GLI_DEBUG=true debify publish -v 0.0.1 -d ../../example 4.9 example`
+    When I successfully run `env DEBUG=true GLI_DEBUG=true debify publish -v 0.0.1-suffix -d ../../example 5.0 example`

data/features/sandbox.feature

@@ -1,19 +1,23 @@
 @announce-output
 Feature: Running a sandbox
   Background:
-    Given I successfully run `docker pull registry.tld/conjur-appliance-cuke-master:4.9-stable`
+    Given I successfully run `docker pull registry.tld/conjur-appliance-cuke-master:5.0-stable`
+    # The extra containers will use the `alpine` image, so we need to pull it first on the
+    # host to use the authenticated DockerHub connection. This avoids hitting DockerHub
+    # rate limits.
+    And I successfully run `docker pull nginx`
 
   Scenario: sandbox for 'example' project be started
-    Given I successfully start a sandbox for "example" with arguments "-t 4.9-stable --no-pull"
+    Given I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull"
 
   Scenario: sandbox for 'example' project be started linked to another container
     Given I start a container named "other_host"
-    Then I successfully start a sandbox for "example" with arguments "-t 4.9-stable --no-pull --link other_host -c 'ping -c1 other_host'"
+    Then I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull --link other_host -c 'curl -s http://other_host > /dev/null'"
 
   Scenario: sandbox for 'example' project be started on a network other than the default
     Given I start a container named "other_host" on network "test-net"
-    Then I successfully start a sandbox for "example" with arguments "-t 4.9-stable --no-pull --net test-net -c 'ping -c1 other_host'"
+    Then I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull --net test-net -c 'curl -s http://other_host > /dev/null'"
 
   Scenario: sandbox for 'example' project be started on a network other than the default with a host aliased
     Given I start a container named "another_host" on network "test-net"
-    Then I successfully start a sandbox for "example" with arguments "-t 4.9-stable --no-pull --net test-net --link another_host:other_host -c 'ping -c1 other_host'"
+    Then I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull --net test-net --link another_host:other_host -c 'curl -s http://other_host > /dev/null'"

data/features/step_definitions/debify_steps.rb

@@ -12,11 +12,9 @@ When /^I start a container named "(.*?)"(?: on network "(.*?)")*$/ do |name, net
     networks << network
   end
   
-  alpine = Docker::Image.create('fromImage' => 'alpine')
   options = {
     'name' => name,
-    'Cmd' => [ "sh", "-c", "while true; do sleep 1; done" ],
-    'Image' => alpine.id
+    'Image' => 'nginx'
   }
   options['HostConfig'] = { 'NetworkMode' => net_name } if net_name
     

data/features/support/env.rb

@@ -6,5 +6,7 @@ LIB_DIR = File.join(File.expand_path(File.dirname(__FILE__)),'..','..','lib')
 
 Aruba.configure do |config|
   config.exit_timeout = 1200
+  # not a best practice from aruba's point of view
+  # but the only solution I've found to have docker credentials context
+  config.home_directory = ENV['HOME']
 end
-

data/features/test.feature

@@ -5,20 +5,20 @@ Feature: Testing
     Given I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example -v 0.0.1 example -- --post-install /distrib/postinstall.sh`
 
   Scenario: 'example' project can be tested successfully
-    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 4.9-stable -v 0.0.1 -d ../../example --no-pull example test.sh`
+    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull example test.sh`
     Then the stderr should contain "Test succeeded"
 
   Scenario: 'example' project can be tested when linked to another container
     Given I start a container named "other_host"
-    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 4.9-stable -v 0.0.1 -d ../../example --no-pull --link other_host example net-test.sh`
+    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull --link other_host example net-test.sh`
     Then the stderr should contain "Test succeeded"
 
   Scenario: 'example' project can be tested on a network other than the default
     Given I start a container named "other_host" on network "test-net"
-    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 4.9-stable -v 0.0.1 -d ../../example --no-pull --net test-net example net-test.sh`
+    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull --net test-net example net-test.sh`
     Then the stderr should contain "Test succeeded"
 
   Scenario: 'example' project can be tested on a network other than the default with a host aliased
     Given I start a container named "another_host" on network "test-net"
-    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 4.9-stable -v 0.0.1 -d ../../example --no-pull --link another_host:other_host --net test-net example net-test.sh`
+    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull --link another_host:other_host --net test-net example net-test.sh`
     Then the stderr should contain "Test succeeded"

data/lib/conjur/debify/Dockerfile.fpm

@@ -7,10 +7,6 @@ WORKDIR /src/opt/conjur/project
 COPY Gemfile ./
 COPY Gemfile.lock ./
 
-RUN bundle --deployment
-RUN mkdir -p .bundle
-RUN cp /usr/local/bundle/config .bundle/config
-
 COPY . .
 ADD debify.sh /
 

data/lib/conjur/debify/action/publish.rb

@@ -25,14 +25,12 @@ module Conjur::Debify
 
         Dir.chdir dir do
           version = cmd_options[:version] || detect_version
-          component = cmd_options[:component] || detect_component
-          package_name = "conjur-#{project_name}_#{version}_amd64.deb"
 
           publish_image = create_image
           DebugMixin.debug_write "Built base publish image '#{publish_image.id}'\n"
 
           art_url = cmd_options[:url]
-          art_repo = cmd_options[:repo]
+          deb_art_repo = cmd_options[:repo]
 
           art_user = ENV['ARTIFACTORY_USER']
           art_password = ENV['ARTIFACTORY_PASSWORD']
@@ -40,23 +38,35 @@ module Conjur::Debify
             art_user, art_password = fetch_art_creds
           end
 
-          options = {
-            'Image' => publish_image.id,
-            'Cmd' => [
-              "jfrog", "rt", "upload",
-              "--url", art_url,
-              "--user", art_user,
-              "--password", art_password,
-              "--deb", "#{distribution}/#{component}/amd64",
-              package_name, "#{art_repo}/"
-            ],
-            'Binds' => [
-              [ dir, "/src" ].join(':')
-            ]
-          }
-          options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
-
-          publish(options)
+          # Publish deb package
+          component = cmd_options[:component] || detect_component
+          deb_info = "#{distribution}/#{component}/amd64"
+          package_name = "conjur-#{project_name}_#{version}_amd64.deb"
+          publish_package(
+            publish_image: publish_image,
+            art_url: art_url,
+            art_user: art_user,
+            art_password: art_password,
+            art_repo: deb_art_repo,
+            package_name: package_name,
+            dir: dir,
+            deb_info: deb_info
+          )
+
+          # Publish RPM package
+          # The rpm builder replaces dashes with underscores in the version
+          rpm_version = version.tr('-', '_')
+          package_name = "conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm"
+          rpm_art_repo = cmd_options['rpm-repo']
+          publish_package(
+            publish_image: publish_image,
+            art_url: art_url,
+            art_user: art_user,
+            art_password: art_password,
+            art_repo: rpm_art_repo,
+            package_name: package_name,
+            dir: dir
+          )
         end
       end
 
@@ -77,6 +87,39 @@ module Conjur::Debify
         [conjur.resource(username_var).value, conjur.resource(password_var).value]
       end
 
+      def publish_package(
+        publish_image:,
+        art_url:,
+        art_user:,
+        art_password:,
+        art_repo:,
+        package_name:,
+        dir:,
+        deb_info: nil
+      )
+
+        cmd_args = [
+          "jfrog", "rt", "upload",
+          "--url", art_url,
+          "--user", art_user,
+          "--password", art_password,
+        ]
+
+        cmd_args += ["--deb", deb_info] if deb_info
+        cmd_args += [package_name, "#{art_repo}/"]
+
+        options = {
+          'Image' => publish_image.id,
+          'Cmd' => cmd_args,
+          'Binds' => [
+            [ dir, "/src" ].join(':')
+          ]
+        }
+        options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
+
+        publish(options)
+      end
+
       def publish(options)
         container = Docker::Container.create(options)
         begin

data/lib/conjur/debify/utils.rb

@@ -6,7 +6,7 @@ module Conjur::Debify::Utils
   # copy a file from container to the current working directory
   def copy_from_container container, path
     tar = StringIO.new
-    container.copy(path) { |chunk| tar.write chunk }
+    container.archive_out(path) { |chunk| tar.write chunk }
     tar.rewind
     Gem::Package::TarReader.new(tar).each do |entry|
       File.write entry.full_name, entry.read