conjur-debify 3.0.3.pre.216 → 3.0.3.pre.1914

data/lib/conjur/debify.rb

@@ -1,11 +1,10 @@
-require 'conjur/debify/version'
+require "conjur/debify/version"
 require 'docker'
 require 'fileutils'
 require 'gli'
 require 'json'
 require 'base64'
 require 'tmpdir'
-require 'rbconfig'
 
 require 'conjur/debify/utils'
 
@@ -14,53 +13,56 @@ require 'active_support/core_ext'
 
 include GLI::App
 
-DEFAULT_FILE_TYPE = 'deb'
+DEFAULT_FILE_TYPE = "deb"
 
 config_file '.debifyrc'
 
 desc 'Set an environment variable (e.g. TERM=xterm) when starting a container'
-flag [:env], multiple: true
+flag [:env], :multiple => true
 
 desc 'Mount local bundle to reuse gems from previous installation'
 default_value true
 switch [:'local-bundle']
 
+
 Docker.options[:read_timeout] = 300
 
 # This is used to turn on DEBUG notices.
 module DebugMixin
   DEBUG = ENV['DEBUG'].nil? ? true : ENV['DEBUG'].downcase == 'true'
 
-  def debug(* a)
-    DebugMixin.debug(*a)
+  def debug *a
+    DebugMixin.debug *a
   end
 
-  def self.debug(* a)
-    warn(*a) if DEBUG
+  def self.debug *a
+    $stderr.puts *a if DEBUG
   end
 
-  def debug_write(* a)
-    DebugMixin.debug_write(*a)
+  def debug_write *a
+    DebugMixin.debug_write *a
   end
 
-  def self.debug_write(* a)
-    $stderr.write(*a) if DEBUG
+  def self.debug_write *a
+    $stderr.write *a if DEBUG
   end
 
   # you can give this to various docker methods to print output if debug is on
-  def self.docker_debug(* a)
+  def self.docker_debug *a
     if a.length == 2 && a[0].is_a?(Symbol)
       debug a.last
     else
       a.each do |line|
-        line = JSON.parse(line)
-        line.keys.each do |k|
-          debug line[k]
+        begin
+          line = JSON.parse(line)
+          line.keys.each do |k|
+            debug line[k]
+          end
+        rescue JSON::ParserError
+          # Docker For Mac is spitting out invalid JSON, so just print
+          # out the line if parsing fails.
+          debug line
         end
-      rescue JSON::ParserError
-        # Docker For Mac is spitting out invalid JSON, so just print
-        # out the line if parsing fails.
-        debug line
       end
     end
   end
@@ -76,38 +78,20 @@ subcommand_option_handling :normal
 arguments :strict
 
 def detect_version
-  if File.exist?('VERSION') && !(base_commit = `git log --pretty='%h' VERSION | head -n 1`.strip).empty?
-    base_version = File.read('VERSION').strip
+  if File.exist?("VERSION") && !(base_commit = `git log --pretty='%h' VERSION | head -n 1`.strip).empty?
+    base_version = File.read("VERSION").strip
     commits_since = `git log #{base_commit}..HEAD --pretty='%h'`.split("\n").size
     hash = `git rev-parse --short HEAD`.strip
-    [[base_version, commits_since].join('.'), hash].join('-')
+    [[base_version, commits_since].join('.'), hash].join("-")
   else
     `git describe --long --tags --abbrev=7 --match 'v*.*.*' | sed -e 's/^v//'`.strip.tap do |version|
-      raise 'No Git version (tag) for project' if version.empty?
+      raise "No Git version (tag) for project" if version.empty?
     end
   end
 end
 
-def detect_architecture
-  architecture = RbConfig::CONFIG['arch']
-  result_map = {}
-
-  case architecture
-  when /x86_64|amd64/
-    result_map['deb'] = 'amd64'
-    result_map['rpm'] = 'x86_64'
-  when /arm64|aarch64/
-    result_map['deb'] = 'arm64'
-    result_map['rpm'] = 'aarch64'
-  else
-    raise "Unsupported architecture type: #{architecture}"
-  end
-
-  result_map
-end
-
 def git_files
-  files = (`git ls-files -z`.split("\x0") + %w[Gemfile.lock VERSION]).uniq
+  files = (`git ls-files -z`.split("\x0") + ['Gemfile.lock', 'VERSION']).uniq
   # Since submodule directories are listed, but are not files, we remove them.
   # Currently, `conjur-project-config` is the only submodule in Conjur, and it
   # can safely be removed because it's a developer-only tool.  If we add another
@@ -118,46 +102,46 @@ end
 
 def login_to_registry(appliance_image_id)
   config_file = File.expand_path('~/.docker/config.json')
-  return unless File.exist? config_file
-
-  json_config = JSON.parse(File.read(config_file))
-  registry = appliance_image_id.split('/')[0]
-
-  json_auth = json_config['auths'][registry]['auth']
-  return unless json_auth
-
-  username, password = Base64.decode64(json_auth).split(':')
-  Docker.authenticate! username:, password:, serveraddress: registry
+  if File.exist? config_file
+    json_config = JSON.parse(File.read(config_file))
+    registry = appliance_image_id.split('/')[0]
+
+    json_auth = json_config['auths'][registry]['auth']
+    if json_auth
+      username, password = Base64.decode64(json_auth).split(':')
+      Docker.authenticate! username: username, password: password, serveraddress: registry
+    end
+  end
 end
 
-desc 'Clean current working directory of non-Git-managed files'
-long_desc <<~DESC
-  Reliable builds depend on having a clean working directory.
+desc "Clean current working directory of non-Git-managed files"
+long_desc <<DESC
+Reliable builds depend on having a clean working directory.
 
-  Because debify runs some commands in volume-mounted Docker containers,
-  it is capable of creating root-owned files.
+Because debify runs some commands in volume-mounted Docker containers,
+it is capable of creating root-owned files.
 
-  This command will delete all files in the working directory that are not
-  git-managed. The command is designed to run in Jenkins. Therefore, it will
-  only perform file deletion if:
+This command will delete all files in the working directory that are not
+git-managed. The command is designed to run in Jenkins. Therefore, it will
+only perform file deletion if:
 
-  * The current user, as provided by Etc.getlogin, is 'jenkins'
-  * The BUILD_NUMBER environment variable is set
+* The current user, as provided by Etc.getlogin, is 'jenkins'
+* The BUILD_NUMBER environment variable is set
 
-  File deletion can be compelled using the "force" option.
+File deletion can be compelled using the "force" option.
 DESC
-arg_name 'project-name -- <fpm-arguments>'
-command 'clean' do |c|
-  c.desc 'Set the current working directory'
-  c.flag [:d, 'dir']
+arg_name "project-name -- <fpm-arguments>"
+command "clean" do |c|
+  c.desc "Set the current working directory"
+  c.flag [:d, "dir"]
 
   c.desc "Ignore (don't delete) a file or directory"
-  c.flag %i[i ignore]
+  c.flag [:i, :ignore]
 
   c.desc "Force file deletion even if if this doesn't look like a Jenkins environment"
   c.switch [:force]
 
-  c.action do |_, cmd_options, _|
+  c.action do |global_options, cmd_options, args|
     def looks_like_jenkins?
       require 'etc'
       Etc.getlogin == 'jenkins' && ENV['BUILD_NUMBER']
@@ -165,10 +149,12 @@ command 'clean' do |c|
 
     require 'set'
     perform_deletion = cmd_options[:force] || looks_like_jenkins?
-    warn "No --force, and this doesn't look like Jenkins. I won't actually delete anything" unless perform_deletion
-    @ignore_list = Array(cmd_options[:ignore]) + %w[. .. .git]
+    if !perform_deletion
+      $stderr.puts "No --force, and this doesn't look like Jenkins. I won't actually delete anything"
+    end
+    @ignore_list = Array(cmd_options[:ignore]) + ['.', '..', '.git']
 
-    def ignore_file?(f)
+    def ignore_file? f
       @ignore_list.find { |ignore| f.index(ignore) == 0 }
     end
 
@@ -182,16 +168,16 @@ command 'clean' do |c|
       end
       find_files.compact!
       delete_files = (find_files - git_files)
-      delete_files.delete_if do |file|
+      delete_files.delete_if { |file|
         File.directory?(file) || ignore_file?(file)
-      end
+      }
       if perform_deletion
-        image = Docker::Image.create 'fromImage' => 'alpine:3.19.0'
+        image = Docker::Image.create 'fromImage' => "alpine:3.3"
         options = {
-          'Cmd' => ['sh', '-c', 'while true; do sleep 1; done'],
+          'Cmd' => ["sh", "-c", "while true; do sleep 1; done"],
           'Image' => image.id,
           'Binds' => [
-            [dir, '/src'].join(':')
+            [dir, "/src"].join(':'),
           ]
         }
         options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
@@ -202,10 +188,10 @@ command 'clean' do |c|
             puts file
 
             file = "/src/#{file}"
-            cmd = ['rm', '-f', file]
+            cmd = ["rm", "-f", file]
 
-            _, _, status = container.exec cmd, &DebugMixin::DOCKER
-            warn "Failed to delete #{file}" unless status == 0
+            stdout, stderr, status = container.exec cmd, &DebugMixin::DOCKER
+            $stderr.puts "Failed to delete #{file}" unless status == 0
           end
         ensure
           container.delete force: true
@@ -230,77 +216,80 @@ def copy_packages_from_container(container, package_name, dev_package_name)
   end
 end
 
-desc 'Build a debian package for a project'
-long_desc <<~DESC
-  The package is built using fpm (https://github.com/jordansissel/fpm).
+desc "Build a debian package for a project"
+long_desc <<DESC
+The package is built using fpm (https://github.com/jordansissel/fpm).
 
-  The project directory is required to contain:
+The project directory is required to contain:
 
-  * A Gemfile and Gemfile.lock
-  * A shell script called debify.sh
+* A Gemfile and Gemfile.lock
+* A shell script called debify.sh
 
-  debify.sh is invoked by the package build process to create any custom
-  files, other than the project source tree. For example, config files can be
-  created in /opt/conjur/etc.
+debify.sh is invoked by the package build process to create any custom
+files, other than the project source tree. For example, config files can be
+created in /opt/conjur/etc.
 
-  The distrib folder in the project source tree is intended to create scripts
-  for package pre-install, post-install etc. The distrib folder is not included
-  in the deb package, so its contents should be copied to the file system or
-  packaged using fpm arguments.
+The distrib folder in the project source tree is intended to create scripts
+for package pre-install, post-install etc. The distrib folder is not included
+in the deb package, so its contents should be copied to the file system or
+packaged using fpm arguments.
 
-  All arguments to this command which follow the double-dash are propagated to
-  the fpm command.
+All arguments to this command which follow the double-dash are propagated to
+the fpm command.
 DESC
-arg_name 'project-name -- <fpm-arguments>'
-command 'package' do |c|
-  c.desc 'Set the current working directory'
-  c.flag [:d, 'dir']
+arg_name "project-name -- <fpm-arguments>"
+command "package" do |c|
+  c.desc "Set the current working directory"
+  c.flag [:d, "dir"]
 
-  c.desc 'Set the output file type of the fpm command (e.g rpm)'
-  c.flag %i[o output]
+  c.desc "Set the output file type of the fpm command (e.g rpm)"
+  c.flag [:o, :output]
 
   c.desc "Specify the deb version; by default, it's read from the VERSION file"
-  c.flag %i[v version]
+  c.flag [:v, :version]
 
-  c.desc 'Specify a custom Dockerfile.fpm'
+  c.desc "Specify a custom Dockerfile.fpm"
   c.flag [:dockerfile]
 
-  c.desc 'Specify files to add to the FPM image that are not included from the git repo'
+  c.desc "Specify files to add to the FPM image that are not included from the git repo"
   c.flag [:'additional-files']
 
-  c.desc 'Image name'
-  c.default_value 'cyberark/ubuntu-ruby-builder'
-  c.flag %i[i image]
+  c.desc "Image name"
+  c.default_value "cyberark/phusion-ruby-fips"
+  c.flag [:i, :image]
 
-  c.desc 'Image tag, e.g. 4.5-stable, 4.6-stable'
-  c.default_value 'latest'
-  c.flag %i[t image-tag]
+  c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
+  c.default_value "latest"
+  c.flag [:t, :'image-tag']
 
-  c.action do |_, cmd_options, args|
-    raise 'project-name is required' unless (project_name = args.shift)
+  c.action do |global_options, cmd_options, args|
+    raise "project-name is required" unless project_name = args.shift
 
     fpm_args = []
-    raise "Unexpected argument '#{delimeter}'" unless (delimeter = args.shift) == '--'
-
-    fpm_args = args.dup
+    if (delimeter = args.shift) == '--'
+      fpm_args = args.dup
+    else
+      raise "Unexpected argument '#{delimeter}'"
+    end
 
     dir = cmd_options[:dir] || '.'
     pwd = File.dirname(__FILE__)
 
     additional_files = []
-    additional_files = cmd_options[:'additional-files'].split(',').map(&:strip) if cmd_options[:'additional-files']
+    if cmd_options[:'additional-files']
+      additional_files = cmd_options[:'additional-files'].split(',').map(&:strip)
+    end
 
     dockerfile = File.read(File.expand_path('fpm/Dockerfile.template', File.dirname(__FILE__)))
-    replace_image = dockerfile.gsub('@@image@@', cmd_options[:image] + ':' + cmd_options[:'image-tag'])
-    File.open(File.expand_path('fpm/Dockerfile', File.dirname(__FILE__)), 'w') { |file| file.puts replace_image }
+    replace_image = dockerfile.gsub("@@image@@", cmd_options[:'image'] + ":" + cmd_options[:'image-tag'])
+    File.open(File.expand_path('fpm/Dockerfile', File.dirname(__FILE__)), "w") { |file| file.puts replace_image }
 
     begin
       tries ||= 2
-      fpm_image = Docker::Image.build_from_dir File.expand_path('fpm', File.dirname(__FILE__)),
-                                               architecture: 'x86_64', tag: 'debify-fpm', &DebugMixin::DOCKER
-    rescue StandardError
+      fpm_image = Docker::Image.build_from_dir File.expand_path('fpm', File.dirname(__FILE__)), architecture: "x86_64", tag: "debify-fpm", &DebugMixin::DOCKER
+    rescue
       image_id = File.readlines(File.expand_path('fpm/Dockerfile', File.dirname(__FILE__)))
-                     .find { |line| line =~ /^FROM/ }
+                     .find { | line | line =~ /^FROM/ }
                      .split(' ')
                      .last
       login_to_registry image_id
@@ -325,13 +314,13 @@ command 'package' do |c|
       end
 
       # rename specified dockerfile to 'Dockerfile' during copy, incase name is different
-      dockerfile_path = cmd_options[:dockerfile] || File.expand_path('debify/Dockerfile.fpm', pwd)
-      temp_dockerfile = File.join(temp_dir, 'Dockerfile')
+      dockerfile_path = cmd_options[:dockerfile] || File.expand_path("debify/Dockerfile.fpm", pwd)
+      temp_dockerfile = File.join(temp_dir, "Dockerfile")
 
       # change image variable in specified Dockerfile
       dockerfile = File.read(dockerfile_path)
-      replace_image = dockerfile.gsub('@@image@@', fpm_image.id)
-      File.open(temp_dockerfile, 'w') { |file| file.puts replace_image }
+      replace_image = dockerfile.gsub("@@image@@", fpm_image.id)
+      File.open(temp_dockerfile, "w") { |file| file.puts replace_image }
 
       # build image from project being debified dir
       image = Docker::Image.build_from_dir temp_dir, &DebugMixin::DOCKER
@@ -350,22 +339,30 @@ command 'package' do |c|
       }
       options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
 
-      file_path, dev_file_path = determine_file_path(file_type, detect_architecture, project_name, version)
-
       container = Docker::Container.create options
       begin
         DebugMixin.debug_write "Packaging #{project_name} in container #{container.id}\n"
-        container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) do |_, chunk|
-          warn "#{chunk}"
-        end
+        container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) { |stream, chunk| $stderr.puts "#{chunk}" }
         status = container.wait
         raise "Failed to package #{project_name}" unless status['StatusCode'] == 0
 
-        copy_packages_from_container(
-          container,
-          file_path,
-          dev_file_path
-        )
+        if file_type == "deb"
+          # Copy deb packages
+          copy_packages_from_container(
+            container,
+            "conjur-#{project_name}_#{version}_amd64.deb",
+            "conjur-#{project_name}-dev_#{version}_amd64.deb"
+          )
+        elsif file_type == "rpm"
+          # Copy rpm packages
+          # The rpm builder replaces dashes with underscores in the version
+          rpm_version = version.tr('-', '_')
+          copy_packages_from_container(
+            container,
+            "conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm",
+            "conjur-#{project_name}-dev-#{rpm_version}-1.x86_64.rpm"
+          )
+        end
       ensure
         container.delete(force: true)
       end
@@ -373,50 +370,30 @@ command 'package' do |c|
   end
 end
 
-def determine_file_path(file_type, architecture_map, project_name, version)
-  if file_type == 'deb'
-    architecture = architecture_map[file_type]
-    file_path = "conjur-#{project_name}_#{version}_#{architecture}.#{file_type}"
-    dev_file_path = "conjur-#{project_name}-dev_#{version}_#{architecture}.#{file_type}"
-  elsif file_type == 'rpm'
-    architecture = architecture_map[file_type]
-
-    # The rpm builder replaces dashes with underscores in the version
-    version = version.tr('-', '_')
-
-    file_path = "conjur-#{project_name}-#{version}-1.#{architecture}.#{file_type}"
-    dev_file_path = "conjur-#{project_name}-dev-#{version}-1.#{architecture}.#{file_type}"
-  else
-    raise "Unrecognized file type: #{file_type}, must be one of the following: deb, rpm"
-  end
-
-  [file_path, dev_file_path]
-end
-
-def container_command(container, *args)
-  stdout, _, exitcode = container.exec args, &DebugMixin::DOCKER
+def container_command container, *args
+  stdout, stderr, exitcode = container.exec args, &DebugMixin::DOCKER
   exit_now! "Command failed : #{args.join(' ')}", exitcode unless exitcode == 0
   stdout
 end
 
-def wait_for_conjur(container)
+def wait_for_conjur appliance_image, container
   container_command container, '/opt/conjur/evoke/bin/wait_for_conjur'
-rescue StandardError
-  warn container.logs(stdout: true, stderr: true)
+rescue
+  $stderr.puts container.logs(stdout: true, stderr: true)
   raise
 end
 
 def network_options(cmd)
-  cmd.desc 'Specify link for test container'
-  cmd.flag %i[l link], multiple: true
+  cmd.desc "Specify link for test container"
+  cmd.flag [:l, :link], :multiple => true
 
   cmd.desc 'Attach to the specified network'
-  cmd.flag %i[n net]
+  cmd.flag [:n, :net]
 end
 
 def short_id(id)
   if id =~ /\A[0-9a-f]{64}\z/ # 64 hex digits, docker only allows lower case letters in ids
-    warn "Warning: found full container id, using short id instead (#{id[0..11]} for #{id})"
+    $stderr.puts "Warning: found full container id, using short id instead (#{id[0..11]} for #{id})"
     id[0..11]
   else
     id
@@ -453,59 +430,59 @@ def add_network_config(container_config, cmd_options)
   end
 end
 
-desc 'Test a Conjur debian package in a Conjur appliance container'
-long_desc <<~DESC
-  First, a Conjur appliance container is created and started. By default, the
-  container image is registry.tld/conjur-appliance-cuke-master. An image tag
-  MUST be supplied. This image is configured with all the CONJUR_ environment
-  variables setup for the local environment (appliance URL, cert path, admin username and
-  password, etc). The project source tree is also mounted into the container, at
-  /src/<project-name>.
+desc "Test a Conjur debian package in a Conjur appliance container"
+long_desc <<DESC
+First, a Conjur appliance container is created and started. By default, the
+container image is registry.tld/conjur-appliance-cuke-master. An image tag
+MUST be supplied. This image is configured with all the CONJUR_ environment
+variables setup for the local environment (appliance URL, cert path, admin username and
+password, etc). The project source tree is also mounted into the container, at
+/src/<project-name>.
 
-  This command then waits for Conjur to initialize and be healthy. It proceeds by
-  installing the conjur-<project-name>_<version>_amd64.deb from the project working directory.
+This command then waits for Conjur to initialize and be healthy. It proceeds by
+installing the conjur-<project-name>_<version>_amd64.deb from the project working directory.
 
-  Then the evoke "test-install" command is used to install the test code in the
-  /src/<project-name>. Basically, the development bundle is installed and the database
-  configuration (if any) is setup.
+Then the evoke "test-install" command is used to install the test code in the
+/src/<project-name>. Basically, the development bundle is installed and the database
+configuration (if any) is setup.
 
-  Finally, a test script from the project source tree is run, again with the container
-  id as the program argument.
+Finally, a test script from the project source tree is run, again with the container
+id as the program argument.
 
-  Then the Conjur container is deleted (use --keep to leave it running).
+Then the Conjur container is deleted (use --keep to leave it running).
 DESC
-arg_name 'project-name test-script'
-command 'test' do |c|
-  c.desc 'Set the current working directory'
-  c.flag %i[d dir]
+arg_name "project-name test-script"
+command "test" do |c|
+  c.desc "Set the current working directory"
+  c.flag [:d, :dir]
 
-  c.desc 'Keep the Conjur appliance container after the command finishes'
+  c.desc "Keep the Conjur appliance container after the command finishes"
   c.default_value false
-  c.switch %i[k keep]
+  c.switch [:k, :keep]
 
-  c.desc 'Image name'
-  c.default_value 'registry.tld/conjur-appliance-cuke-master'
-  c.flag %i[i image]
+  c.desc "Image name"
+  c.default_value "registry.tld/conjur-appliance-cuke-master"
+  c.flag [:i, :image]
 
-  c.desc 'Image tag, e.g. 4.5-stable, 4.6-stable'
-  c.flag [:t, 'image-tag']
+  c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
+  c.flag [:t, "image-tag"]
 
   c.desc "'docker pull' the Conjur container image"
   c.default_value true
   c.switch [:pull]
 
   c.desc "Specify the deb version; by default, it's read from the VERSION file"
-  c.flag %i[v version]
+  c.flag [:v, :version]
 
-  c.desc 'Specify volume for test container'
-  c.flag [:'volumes-from'], multiple: true
+  c.desc "Specify volume for test container"
+  c.flag [:'volumes-from'], :multiple => true
 
   network_options(c)
 
   c.action do |global_options, cmd_options, args|
-    raise 'project-name is required' unless (project_name = args.shift)
-    raise 'test-script is required' unless (test_script = args.shift)
-    raise 'Received extra command-line arguments' if args.shift
+    raise "project-name is required" unless project_name = args.shift
+    raise "test-script is required" unless test_script = args.shift
+    raise "Received extra command-line arguments" if args.shift
 
     dir = cmd_options[:dir] || '.'
     dir = File.expand_path(dir)
@@ -514,8 +491,8 @@ command 'test' do |c|
     raise "Directory #{dir} does not contain a .deb file" unless Dir["#{dir}/*.deb"].length >= 1
 
     Dir.chdir dir do
-      image_tag = cmd_options['image-tag'] or raise 'image-tag is required'
-      appliance_image_id = [cmd_options[:image], image_tag].join(':')
+      image_tag = cmd_options["image-tag"] or raise "image-tag is required"
+      appliance_image_id = [cmd_options[:image], image_tag].join(":")
       version = cmd_options[:version] || detect_version
       package_name = "conjur-#{project_name}_#{version}_amd64.deb"
       dev_package_name = "conjur-#{project_name}-dev_#{version}_amd64.deb"
@@ -525,23 +502,24 @@ command 'test' do |c|
       begin
         tries ||= 2
         Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
-      rescue StandardError
+      rescue
         login_to_registry appliance_image_id
         retry unless (tries -= 1).zero?
       end
 
+
       def build_test_image(appliance_image_id, project_name, packages)
-        packages = packages.join ' '
-        dockerfile = <<~DOCKERFILE
-          FROM #{appliance_image_id}
+        packages = packages.join " "
+        dockerfile = <<-DOCKERFILE
+FROM #{appliance_image_id}
 
-          COPY #{packages} /tmp/
+COPY #{packages} /tmp/
 
-          RUN if dpkg --list | grep conjur-#{project_name}; then dpkg --force all --purge conjur-#{project_name}; fi
-          RUN if [ -f /opt/conjur/etc/#{project_name}.conf ]; then rm /opt/conjur/etc/#{project_name}.conf; fi
-          RUN cd /tmp; dpkg --install #{packages}
+RUN if dpkg --list | grep conjur-#{project_name}; then dpkg --force all --purge conjur-#{project_name}; fi
+RUN if [ -f /opt/conjur/etc/#{project_name}.conf ]; then rm /opt/conjur/etc/#{project_name}.conf; fi
+RUN cd /tmp; dpkg --install #{packages}
 
-          RUN touch /etc/service/conjur/down
+RUN touch /etc/service/conjur/down
         DOCKERFILE
         Dir.mktmpdir do |tmpdir|
           tmpfile = Tempfile.new('Dockerfile', tmpdir)
@@ -550,7 +528,7 @@ command 'test' do |c|
           tar_cmd = "tar -cvzh -C #{tmpdir} #{dockerfile_name} -C #{Dir.pwd} #{packages}"
           tar = open("| #{tar_cmd}")
           begin
-            Docker::Image.build_from_tar(tar, dockerfile: dockerfile_name, &DebugMixin::DOCKER)
+            Docker::Image.build_from_tar(tar, :dockerfile => dockerfile_name, &DebugMixin::DOCKER)
           ensure
             tar.close
           end
@@ -563,7 +541,7 @@ command 'test' do |c|
       begin
         tries ||= 2
         appliance_image = build_test_image(appliance_image_id, project_name, packages)
-      rescue StandardError
+      rescue
         login_to_registry appliance_image_id
         retry unless (tries -= 1).zero?
       end
@@ -575,11 +553,11 @@ command 'test' do |c|
       options = {
         'Image' => appliance_image.id,
         'name' => project_name,
-        'Env' => %w[
-          CONJUR_AUTHN_LOGIN=admin
-          CONJUR_ENV=appliance
-          CONJUR_AUTHN_API_KEY=SEcret12!!!!
-          CONJUR_ADMIN_PASSWORD=SEcret12!!!!
+        'Env' => [
+          "CONJUR_AUTHN_LOGIN=admin",
+          "CONJUR_ENV=appliance",
+          "CONJUR_AUTHN_API_KEY=SEcret12!!!!",
+          "CONJUR_ADMIN_PASSWORD=SEcret12!!!!",
         ] + global_options[:env],
         'HostConfig' => {
           'Binds' => [
@@ -590,10 +568,7 @@ command 'test' do |c|
       host_config = options['HostConfig']
 
       host_config['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
-      if cmd_options[:'volumes-from'] && !cmd_options[:'volumes-from'].empty?
-        host_config['VolumesFrom'] =
-          cmd_options[:'volumes-from']
-      end
+      host_config['VolumesFrom'] = cmd_options[:'volumes-from'] if cmd_options[:'volumes-from'] && !cmd_options[:'volumes-from'].empty?
 
       add_network_config(options, cmd_options)
 
@@ -603,24 +578,21 @@ command 'test' do |c|
           .push([dot_bundle_dir, "/src/#{project_name}/.bundle"].join(':'))
       end
 
-      container = Docker::Container.create(options.tap do |o|
-                                             DebugMixin.debug_write "creating container with options #{o.inspect}"
-                                           end)
+      container = Docker::Container.create(options.tap { |o| DebugMixin.debug_write "creating container with options #{o.inspect}" })
 
       begin
         DebugMixin.debug_write "Testing #{project_name} in container #{container.id}\n"
 
-        spawn("docker logs -f #{container.id}", %i[out err] => $stderr).tap do |pid|
+        spawn("docker logs -f #{container.id}", [:out, :err] => $stderr).tap do |pid|
           Process.detach pid
         end
         container.start!
 
         # Wait for pg/main so that migrations can run
         30.times do
-          stdout, _, exitcode = container.exec %w[sv status pg/main], &DebugMixin::DOCKER
+          stdout, stderr, exitcode = container.exec %w(sv status pg/main), &DebugMixin::DOCKER
           status = stdout.join
-          break if exitcode == 0 && status =~ /^run/
-
+          break if exitcode == 0 && status =~ /^run\:/
           sleep 1
         end
 
@@ -633,15 +605,15 @@ command 'test' do |c|
 
         DebugMixin.debug_write "Starting conjur\n"
 
-        container_command container, 'rm', '/etc/service/conjur/down'
-        container_command container, 'sv', 'start', 'conjur'
-        wait_for_conjur container
+        container_command container, "rm", "/etc/service/conjur/down"
+        container_command container, "sv", "start", "conjur"
+        wait_for_conjur appliance_image, container
 
         system "./#{test_script} #{container.id}"
         exit_now! "#{test_script} failed with exit code #{$?.exitstatus}", $?.exitstatus unless $?.exitstatus == 0
       ensure
         unless cmd_options[:keep] || ENV['KEEP_CONTAINERS']
-          DebugMixin.debug_write 'deleting container'
+          DebugMixin.debug_write "deleting container"
           container.delete(force: true)
         end
       end
@@ -649,30 +621,30 @@ command 'test' do |c|
   end
 end
 
-desc 'Setup a development sandbox for a Conjur debian package in a Conjur appliance container'
-long_desc <<~DESC
-  First, a Conjur appliance container is created and started. By default, the
-  container image is registry.tld/conjur-appliance-cuke-master. An image tag
-  MUST be supplied. This image is configured with all the CONJUR_ environment
-  variables setup for the local environment (appliance URL, cert path, admin username and
-  password, etc). The project source tree is also mounted into the container, at
-  /src/<project-name>, where <project-name> is taken from the name of the current working directory.
+desc "Setup a development sandbox for a Conjur debian package in a Conjur appliance container"
+long_desc <<DESC
+First, a Conjur appliance container is created and started. By default, the
+container image is registry.tld/conjur-appliance-cuke-master. An image tag
+MUST be supplied. This image is configured with all the CONJUR_ environment
+variables setup for the local environment (appliance URL, cert path, admin username and
+password, etc). The project source tree is also mounted into the container, at
+/src/<project-name>, where <project-name> is taken from the name of the current working directory.
 
-  Once in the container, use "/opt/conjur/evoke/bin/dev-install" to install the development bundle of your project.
+Once in the container, use "/opt/conjur/evoke/bin/dev-install" to install the development bundle of your project.
 DESC
-command 'sandbox' do |c|
-  c.desc 'Set the current working directory'
-  c.flag %i[d dir]
+command "sandbox" do |c|
+  c.desc "Set the current working directory"
+  c.flag [:d, :dir]
 
-  c.desc 'Image name'
-  c.default_value 'registry.tld/conjur-appliance-cuke-master'
-  c.flag %i[i image]
+  c.desc "Image name"
+  c.default_value "registry.tld/conjur-appliance-cuke-master"
+  c.flag [:i, :image]
 
-  c.desc 'Image tag, e.g. 4.5-stable, 4.6-stable'
-  c.flag [:t, 'image-tag']
+  c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
+  c.flag [:t, "image-tag"]
 
-  c.desc 'Bind another source directory into the container. Use <src>:<dest>, where both are full paths.'
-  c.flag [:bind], multiple: true
+  c.desc "Bind another source directory into the container. Use <src>:<dest>, where both are full paths."
+  c.flag [:"bind"], :multiple => true
 
   c.desc "'docker pull' the Conjur container image"
   c.default_value false
@@ -680,11 +652,11 @@ command 'sandbox' do |c|
 
   network_options(c)
 
-  c.desc 'Specify volume for container'
-  c.flag [:'volumes-from'], multiple: true
+  c.desc "Specify volume for container"
+  c.flag [:'volumes-from'], :multiple => true
 
-  c.desc 'Expose a port from the container to host. Use <host>:<container>.'
-  c.flag %i[p port], multiple: true
+  c.desc "Expose a port from the container to host. Use <host>:<container>."
+  c.flag [:p, :port], :multiple => true
 
   c.desc 'Run dev-install in /src/<project-name>'
   c.default_value false
@@ -695,10 +667,10 @@ command 'sandbox' do |c|
   c.switch [:kill]
 
   c.desc 'A command to run in the sandbox'
-  c.flag %i[c command]
+  c.flag [:c, :command]
 
   c.action do |global_options, cmd_options, args|
-    raise 'Received extra command-line arguments' if args.shift
+    raise "Received extra command-line arguments" if args.shift
 
     dir = cmd_options[:dir] || '.'
     dir = File.expand_path(dir)
@@ -706,23 +678,20 @@ command 'sandbox' do |c|
     raise "Directory #{dir} does not exist or is not a directory" unless File.directory?(dir)
 
     Dir.chdir dir do
-      image_tag = cmd_options['image-tag'] or raise 'image-tag is required'
-      appliance_image_id = [cmd_options[:image], image_tag].join(':')
+      image_tag = cmd_options["image-tag"] or raise "image-tag is required"
+      appliance_image_id = [cmd_options[:image], image_tag].join(":")
 
       appliance_image = if cmd_options[:pull]
-                          begin
-                            tries ||= 2
-                            if cmd_options[:pull]
-                              Docker::Image.create 'fromImage' => appliance_image_id,
-&DebugMixin::DOCKER
-                            end
-                          rescue StandardError
-                            login_to_registry appliance_image_id
-                            retry unless (tries -= 1).zero?
-                          end
-                        else
-                          Docker::Image.get appliance_image_id
-                        end
+        begin
+          tries ||= 2
+          Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
+        rescue
+          login_to_registry appliance_image_id
+          retry unless (tries -= 1).zero?
+        end
+      else
+        Docker::Image.get appliance_image_id
+      end
 
       project_name = File.basename(Dir.getwd)
       vendor_dir = File.expand_path("tmp/debify/#{project_name}/vendor", ENV['HOME'])
@@ -734,18 +703,18 @@ command 'sandbox' do |c|
         'name' => "#{project_name}-sandbox",
         'Image' => appliance_image.id,
         'WorkingDir' => "/src/#{project_name}",
-        'Env' => %w[
-          CONJUR_AUTHN_LOGIN=admin
-          CONJUR_ENV=appliance
-          CONJUR_AUTHN_API_KEY=SEcret12!!!!
-          CONJUR_ADMIN_PASSWORD=SEcret12!!!!
+        'Env' => [
+          "CONJUR_AUTHN_LOGIN=admin",
+          "CONJUR_ENV=appliance",
+          "CONJUR_AUTHN_API_KEY=SEcret12!!!!",
+          "CONJUR_ADMIN_PASSWORD=SEcret12!!!!",
         ] + global_options[:env]
       }
 
       options['HostConfig'] = host_config = {}
       host_config['Binds'] = [
-        [File.expand_path('.ssh/id_rsa', ENV['HOME']), '/root/.ssh/id_rsa', 'ro'].join(':'),
-        [dir, "/src/#{project_name}"].join(':')
+        [File.expand_path(".ssh/id_rsa", ENV['HOME']), "/root/.ssh/id_rsa", 'ro'].join(':'),
+        [dir, "/src/#{project_name}"].join(':'),
       ] + Array(cmd_options[:bind])
 
       if global_options[:'local-bundle']
@@ -763,92 +732,88 @@ command 'sandbox' do |c|
         port_bindings = Hash.new({})
         cmd_options[:port].each do |mapping|
           hport, cport = mapping.split(':')
-          port_bindings["#{cport}/tcp"] = [{ 'HostPort' => hport }]
+          port_bindings["#{cport}/tcp"] = [{'HostPort' => hport}]
         end
         host_config['PortBindings'] = port_bindings
       end
 
       if cmd_options[:kill]
-        previous = begin
-          Docker::Container.get(options['name'])
-        rescue StandardError
-          nil
-        end
-        previous.delete(force: true) if previous
+        previous = Docker::Container.get(options['name']) rescue nil
+        previous.delete(:force => true) if previous
       end
 
-      container = Docker::Container.create(options.tap do |o|
-                                             DebugMixin.debug_write "creating container with options #{o.inspect}"
-                                           end)
+      container = Docker::Container.create(options.tap { |o| DebugMixin.debug_write "creating container with options #{o.inspect}" })
       $stdout.puts container.id
       container.start!
 
-      wait_for_conjur container
+      wait_for_conjur appliance_image, container
 
       if cmd_options[:'dev-install']
-        container_command(container, '/opt/conjur/evoke/bin/dev-install', project_name)
+        container_command(container, "/opt/conjur/evoke/bin/dev-install", project_name)
         container_command(container, 'sv', 'restart', "conjur/#{project_name}")
       end
 
-      container_command(container, '/bin/bash', '-c', cmd_options[:command]) if cmd_options[:command]
+      if cmd_options[:command]
+        container_command(container, '/bin/bash', '-c', cmd_options[:command])
+      end
     end
   end
 end
 
-desc 'Publish a debian package to apt repository'
-long_desc <<~DESC
-  Publishes a deb created with `debify package` to our private apt repository.
+desc "Publish a debian package to apt repository"
+long_desc <<DESC
+Publishes a deb created with `debify package` to our private apt repository.
 
-  "distribution" should match the major/minor version of the Conjur appliance you want to install to.
+"distribution" should match the major/minor version of the Conjur appliance you want to install to.
 
-  The package name is a required option. The package version can be specified as a CLI option, or it will
-  be auto-detected from Git.
+The package name is a required option. The package version can be specified as a CLI option, or it will
+be auto-detected from Git.
 
-  --component should be 'stable' if run after package tests pass or 'testing' if the package is not yet ready for release.
-  If you don't specify the component, it will be set to 'testing' unless the current git branch is 'master' or 'origin/master'.
-  The git branch is first detected from the env var GIT_BRANCH or BRANCH_NAME, and then by checking `git rev-parse --abbrev-ref HEAD`
-  (which won't give you the answer you want when detached).
+--component should be 'stable' if run after package tests pass or 'testing' if the package is not yet ready for release.
+If you don't specify the component, it will be set to 'testing' unless the current git branch is 'master' or 'origin/master'.
+The git branch is first detected from the env var GIT_BRANCH or BRANCH_NAME, and then by checking `git rev-parse --abbrev-ref HEAD`
+(which won't give you the answer you want when detached).
 
 DESC
-arg_name 'distribution project-name'
-command 'publish' do |c|
-  c.desc 'Set the current working directory'
-  c.flag %i[d dir]
+arg_name "distribution project-name"
+command "publish" do |c|
+  c.desc "Set the current working directory"
+  c.flag [:d, :dir]
 
   c.desc "Specify the deb package version; by default, it's computed automatically"
-  c.flag %i[v version]
+  c.flag [:v, :version]
 
   c.desc "Component to publish to, either 'stable' or the name of the git branch"
-  c.flag %i[c component]
+  c.flag [:c, :component]
 
-  c.desc 'Artifactory URL to publish to'
-  c.default_value 'https://conjurinc.jfrog.io/conjurinc'
-  c.flag %i[u url]
+  c.desc "Artifactory URL to publish to"
+  c.default_value "https://conjurinc.jfrog.io/conjurinc"
+  c.flag [:u, :url]
 
-  c.desc 'Artifactory Debian repo to publish package to'
-  c.default_value 'debian-private'
-  c.flag %i[r repo]
+  c.desc "Artifactory Debian repo to publish package to"
+  c.default_value "debian-private"
+  c.flag [:r, :repo]
 
-  c.desc 'Artifactory RPM repo to publish package to'
-  c.default_value 'redhat-private'
+  c.desc "Artifactory RPM repo to publish package to"
+  c.default_value "redhat-private"
   c.flag ['rpm-repo']
 
-  c.action do |_, cmd_options, args|
+  c.action do |global_options, cmd_options, args|
     require 'conjur/debify/action/publish'
-    raise 'distribution is required' unless (distribution = args.shift)
-    raise 'project-name is required' unless (project_name = args.shift)
-    raise 'Received extra command-line arguments' if args.shift
+    raise "distribution is required" unless distribution = args.shift
+    raise "project-name is required" unless project_name = args.shift
+    raise "Received extra command-line arguments" if args.shift
 
     Conjur::Debify::Action::Publish.new(distribution, project_name, cmd_options).run
   end
 end
 
-desc 'Auto-detect and print the repository version'
-command 'detect-version' do |c|
-  c.desc 'Set the current working directory'
-  c.flag %i[d dir]
-  c.action do |_, cmd_options, args|
-    raise 'Received extra command-line arguments' if args.shift
+desc "Auto-detect and print the repository version"
+command "detect-version" do |c|
+  c.desc "Set the current working directory"
+  c.flag [:d, :dir]
+  c.action do |global_options, cmd_options, args|
+    raise "Received extra command-line arguments" if args.shift
 
     dir = cmd_options[:dir] || '.'
     dir = File.expand_path(dir)
@@ -865,11 +830,33 @@ desc 'Show the given configuration'
 arg_name 'configuration'
 command 'config' do |c|
   c.action do |_, _, args|
-    raise 'no configuration provided' unless (config = args.shift)
-    raise 'Received extra command-line arguments' if args.shift
+    raise 'no configuration provided' unless config = args.shift
+    raise "Received extra command-line arguments" if args.shift
 
     File.open(File.join('distrib', config)).each do |line|
       puts line.gsub(/@@DEBIFY_VERSION@@/, Conjur::Debify::VERSION)
     end
   end
 end
+
+
+pre do |global, command, options, args|
+  # Pre logic here
+  # Return true to proceed; false to abort and not call the
+  # chosen command
+  # Use skips_pre before a command to skip this block
+  # on that command only
+  true
+end
+
+post do |global, command, options, args|
+  # Post logic here
+  # Use skips_post before a command to skip this
+  # block on that command only
+end
+
+on_error do |exception|
+  # Error logic here
+  # return false to skip default error handling
+  true
+end