conjur-debify 1.8.2 → 1.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b0d2818e1da02a5e1b2d661d54e44a840fb344ed6aa79502a59aedf58beffde5
-  data.tar.gz: 0ec713918910b0b2334d0933d6326dd86f5cd14ae48d97cd438b6ba7039c0cee
+  metadata.gz: 88040281ebb6c9d449d4d1d76ad5a8336227ddf8c4fe5ec3753d413ff16b47d2
+  data.tar.gz: 98cc9d92be782db60c56ee85c6cdea1eff52733eded68543964f510f37a69e17
 SHA512:
-  metadata.gz: 1771c0a17107f3c56ae6b96d0a41d1b763cb859917e890b3efbdac4fe52e8e09584c2d411f3a62036d6aa5426def86127012a3932d4f0270b88cc1eb6f9890ce
-  data.tar.gz: ee94ac0a4d5009bed0bc54fdf57c6f9944a496772b525dc5e8942b3c1fce889cc8585c9ced383121eacc748563b1a821ae8fc19281164f860dc09930f70b8c47
+  metadata.gz: 5642578c564449462ec292c828a30fa0eeabee0e764bd47b7437564c4be3181808fda0f02fcd516d7aed617c98d50deb062a96b3fb9a5066fae5ba1e1eb130e1
+  data.tar.gz: 05e3bb4cac1d4188b19e84adf42b93e875efd300d725efa04177f0366c1da4de25960fbe417757420406b09a78b895c51a599d8dcd02a602d77218bd72f1e800

data/CHANGELOG.md

@@ -1,3 +1,17 @@
+# 1.10.0
+
+* add `--net` support to `test` and `sandbox` subcommands
+* Use Docker::Container.start! to start containers, to avoid
+  swallowing important errors.
+
+# 1.9.1
+
+* Make sure .bundle/config in the 'main' package excludes test and development groups.
+
+# 1.9.0
+
+* Build -dev package with development/test dependencies and use it on `debify test`.
+
 # 1.8.2
 
 * Install fpm dependency libffi-dev

data/README.md

@@ -242,6 +242,55 @@ root@7d4217655332:/src/authz# export RAILS_ENV=test
 root@7d4217655332:/src/authz# bundle exec rake db:migrate
 ```
 
+## Usage with docker-compose
+
+As of v1.10.0, both the `test` and `sandbox` subcommands support the `--net` switch. This allows you to specify a network to which the Conjur appliance container should be attached. 
+
+There are a variety of ways to make use of this feature. One
+possiblity is creating a network using `docker network create`, then
+attaching both the docker-compose services, as well as the Conjur
+appliance container created by debify, to it. 
+
+As a (somewhat contrived) example, create a new docker network:
+
+```sh-session
+$ docker network create testnet
+```
+
+Use a docker-compose file like [example/docker-compose.yml](example/docker-compose.yml)
+
+```yaml
+version: "2"
+networks:
+  svcnet:
+    external:
+      name: testnet
+services:
+  db:
+    image: postgres
+    container_name: mydb
+    networks:
+      - svcnet
+```
+
+Bring up the db service:
+
+```sh-session
+debify $ cd example
+example $ docker-compose up -d
+```
+
+Start a sandbox, see that it can resolve the hostname `mydb`:
+
+```sh-session
+
+example $ debify sandbox -t 4.9-stable --net testnet
+example $ docker exec -it example-sandbox /bin/bash
+root@7d4217655332:/src/example# getent hosts mydb
+172.19.0.2      mydb
+```
+
+
 ## Contributing
 
 1. Fork it ( https://github.com/[my-github-username]/debify/fork )

data/VERSION

@@ -1 +1 @@
-1.8.2
+1.10.0

data/ci/test.sh

@@ -2,6 +2,11 @@
 
 bundle
 
+# Some tests need to be logged in to the registry, to pull a base
+# image if it's not already available. Have entrypoint.sh do something
+# simple, and log in as a side effect.
+/debify/distrib/entrypoint.sh detect-version
+
 for target in spec cucumber; do
   bundle exec rake $target
 done

data/debify.gemspec

@@ -23,6 +23,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "conjur-api", "~> 4"
 
   spec.add_development_dependency "bundler", "~> 1.7"
+  spec.add_development_dependency "fakefs", "~> 0"
   spec.add_development_dependency "rake", "~> 10.0"
   
   # Pin to cucumbe v2. cucumber v3 changes (breaks) the behavior of

data/example/Gemfile

@@ -1 +1,9 @@
 source 'https://rubygems.org'
+
+group :development do
+  gem 'pry'
+end
+
+group :test do
+  gem 'rspec'
+end

data/example/Gemfile.lock

@@ -1,8 +1,32 @@
 GEM
   remote: https://rubygems.org/
   specs:
+    coderay (1.1.2)
+    diff-lcs (1.3)
+    method_source (0.9.0)
+    pry (0.11.3)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    rspec (3.7.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+    rspec-core (3.7.1)
+      rspec-support (~> 3.7.0)
+    rspec-expectations (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-mocks (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-support (3.7.1)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
+  pry
+  rspec
+
+BUNDLED WITH
+   1.16.1

data/example/docker-compose.yml

@@ -0,0 +1,11 @@
+version: "2"
+networks:
+  svcnet:
+    external:
+      name: testnet
+services:
+  db:
+    image: postgres
+    container_name: mydb
+    networks:
+      - svcnet

data/example/net-test.sh

@@ -0,0 +1,7 @@
+#!/bin/bash -ex
+
+cid=$1
+
+docker exec $cid ping -c1 other_host
+
+echo Test succeeded

data/example/test.sh

@@ -1,3 +1,4 @@
 #!/bin/bash -ex
 
+ruby -rrspec -e 'puts RSpec::Version::STRING'
 echo Test succeeded

data/features/package.feature

@@ -5,16 +5,13 @@ Feature: Packaging
     Given I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example -v 0.0.1 example -- --post-install /distrib/postinstall.sh`
 
   Scenario: 'example' project can be packaged successfully
-    Then the stdout should contain exactly "conjur-example_0.0.1_amd64.deb"
+    Then the stdout should contain "conjur-example_0.0.1_amd64.deb"
+    And the stdout should contain "conjur-example-dev_0.0.1_amd64.deb"
 
   Scenario: 'clean' command will delete non-Git-managed files
     When I successfully run `env DEBUG=true GLI_DEBUG=true debify clean -d ../../example --force`
     And I successfully run `find ../../example`
     Then the stdout from "find ../../example" should not contain "conjur-example_0.0.1_amd64.deb"
     
-  Scenario: 'example' project can be tested successfully
-    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 4.9-stable -v 0.0.1 -d ../../example --no-pull example test.sh`
-    Then the stderr should contain "Test succeeded"
-
   Scenario: 'example' project can be published
     When I successfully run `env DEBUG=true GLI_DEBUG=true debify publish -v 0.0.1 -d ../../example 4.9 example`

data/features/sandbox.feature

@@ -0,0 +1,19 @@
+@announce-output
+Feature: Running a sandbox
+  Background:
+    Given I successfully run `docker pull registry.tld/conjur-appliance-cuke-master:4.9-stable`
+
+  Scenario: sandbox for 'example' project be started
+    Given I successfully start a sandbox for "example" with arguments "-t 4.9-stable --no-pull"
+
+  Scenario: sandbox for 'example' project be started linked to another container
+    Given I start a container named "other_host"
+    Then I successfully start a sandbox for "example" with arguments "-t 4.9-stable --no-pull --link other_host -c 'ping -c1 other_host'"
+
+  Scenario: sandbox for 'example' project be started on a network other than the default
+    Given I start a container named "other_host" on network "test-net"
+    Then I successfully start a sandbox for "example" with arguments "-t 4.9-stable --no-pull --net test-net -c 'ping -c1 other_host'"
+
+  Scenario: sandbox for 'example' project be started on a network other than the default with a host aliased
+    Given I start a container named "another_host" on network "test-net"
+    Then I successfully start a sandbox for "example" with arguments "-t 4.9-stable --no-pull --net test-net --link another_host:other_host -c 'ping -c1 other_host'"

data/features/step_definitions/debify_steps.rb

@@ -1,6 +1,31 @@
+
 When /^I get help for "([^"]*)"$/ do |app_name|
   @app_name = app_name
   step %(I run `#{app_name} help`)
 end
 
 # Add more step definitions here
+
+When /^I start a container named "(.*?)"(?: on network "(.*?)")*$/ do |name, net_name|
+  if net_name
+    network =  Docker::Network.create(net_name)
+    networks << network
+  end
+  
+  alpine = Docker::Image.create('fromImage' => 'alpine')
+  options = {
+    'name' => name,
+    'Cmd' => [ "sh", "-c", "while true; do sleep 1; done" ],
+    'Image' => alpine.id
+  }
+  options['HostConfig'] = { 'NetworkMode' => net_name } if net_name
+    
+  container = Docker::Container.create(options)
+  container.start!
+  containers << container
+end
+
+When /^I successfully start a sandbox for "(.*?)" with arguments "(.*?)"$/ do |project, args|
+  step %Q{I successfully run `env DEBUG=true GLI_DEBUG=true debify sandbox -d ../../#{project} #{args}`}
+  containers << Docker::Container.get("#{project}-sandbox")
+end

data/features/support/env.rb

@@ -1,4 +1,5 @@
 require 'aruba/cucumber'
+require 'docker-api'
 
 ENV['PATH'] = "#{File.expand_path(File.dirname(__FILE__) + '/../../bin')}#{File::PATH_SEPARATOR}#{ENV['PATH']}"
 LIB_DIR = File.join(File.expand_path(File.dirname(__FILE__)),'..','..','lib')
@@ -7,13 +8,3 @@ Aruba.configure do |config|
   config.exit_timeout = 1200
 end
 
-Before do
-  # Using "announce" causes massive warnings on 1.9.2
-  @puts = true
-  @original_rubylib = ENV['RUBYLIB']
-  ENV['RUBYLIB'] = LIB_DIR + File::PATH_SEPARATOR + ENV['RUBYLIB'].to_s
-end
-
-After do
-  ENV['RUBYLIB'] = @original_rubylib
-end

data/features/support/hooks.rb

@@ -0,0 +1,29 @@
+Before do
+  # Using "announce" causes massive warnings on 1.9.2
+  @puts = true
+  @original_rubylib = ENV['RUBYLIB']
+  ENV['RUBYLIB'] = LIB_DIR + File::PATH_SEPARATOR + ENV['RUBYLIB'].to_s
+end
+
+After do
+  ENV['RUBYLIB'] = @original_rubylib
+end
+
+Around do |scenario, block|
+  # Note that self in an Around hook is the instance of the world
+  # (here, a DebifyWorld) for the current scenario.
+  initialize
+  begin
+    block.call
+  ensure
+    unless ENV['KEEP_CONTAINERS']
+      containers.each do |c|
+        c.remove(force: true)
+      end
+      
+      networks.each do |n|
+        n.remove
+      end
+    end
+  end
+end

data/features/support/world.rb

@@ -0,0 +1,10 @@
+module DebifyWorld
+  attr_accessor :containers, :networks
+
+  def initialize
+    @containers = []
+    @networks = []
+  end
+end
+
+World(DebifyWorld)

data/features/test.feature

@@ -0,0 +1,24 @@
+@announce-output
+Feature: Testing
+
+  Background:
+    Given I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example -v 0.0.1 example -- --post-install /distrib/postinstall.sh`
+
+  Scenario: 'example' project can be tested successfully
+    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 4.9-stable -v 0.0.1 -d ../../example --no-pull example test.sh`
+    Then the stderr should contain "Test succeeded"
+
+  Scenario: 'example' project can be tested when linked to another container
+    Given I start a container named "other_host"
+    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 4.9-stable -v 0.0.1 -d ../../example --no-pull --link other_host example net-test.sh`
+    Then the stderr should contain "Test succeeded"
+
+  Scenario: 'example' project can be tested on a network other than the default
+    Given I start a container named "other_host" on network "test-net"
+    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 4.9-stable -v 0.0.1 -d ../../example --no-pull --net test-net example net-test.sh`
+    Then the stderr should contain "Test succeeded"
+
+  Scenario: 'example' project can be tested on a network other than the default with a host aliased
+    Given I start a container named "another_host" on network "test-net"
+    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 4.9-stable -v 0.0.1 -d ../../example --no-pull --link another_host:other_host --net test-net example net-test.sh`
+    Then the stderr should contain "Test succeeded"

data/lib/conjur/debify.rb

@@ -5,6 +5,11 @@ require 'gli'
 require 'json'
 require 'base64'
 
+require 'conjur/debify/utils'
+
+require 'active_support'
+require 'active_support/core_ext'
+
 include GLI::App
 
 config_file '.debifyrc'
@@ -169,7 +174,7 @@ command "clean" do |c|
         options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
         container = Docker::Container.create options
         begin
-          container.start
+          container.start!
           delete_files.each do |file|
             puts file
 
@@ -244,8 +249,6 @@ command "package" do |c|
       dockerfile_path = cmd_options[:dockerfile] || File.expand_path("debify/Dockerfile.fpm", pwd)
       dockerfile = File.read(dockerfile_path)
 
-      package_name = "conjur-#{project_name}_#{version}_amd64.deb"
-
       output = StringIO.new
       Gem::Package::TarWriter.new(output) do |tar|
         git_files.each do |fname|
@@ -269,18 +272,19 @@ command "package" do |c|
       container = Docker::Container.create options
       begin
         DebugMixin.debug_write "Packaging #{project_name} in container #{container.id}\n"
-        container.tap(&:start).streaming_logs(follow: true, stdout: true, stderr: true) { |stream, chunk| $stderr.puts "#{chunk}" }
+        container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) { |stream, chunk| $stderr.puts "#{chunk}" }
         status = container.wait
         raise "Failed to package #{project_name}" unless status['StatusCode'] == 0
 
-        require 'rubygems/package'
-        deb = StringIO.new
-        container.copy("/src/#{package_name}") { |chunk| deb.write(chunk) }
-        deb.rewind
-        tar = Gem::Package::TarReader.new deb
-        tar.first.tap do |entry|
-          open(entry.full_name, 'wb') {|f| f.write(entry.read)}
-          puts entry.full_name
+        pkg = "conjur-#{project_name}_#{version}_amd64.deb"
+        dev_pkg = "conjur-#{project_name}-dev_#{version}_amd64.deb"
+        Conjur::Debify::Utils.copy_from_container container, "/src/#{pkg}"
+        puts "#{pkg}"
+        begin
+          Conjur::Debify::Utils.copy_from_container container, "/dev-pkg/#{dev_pkg}"
+          puts "#{dev_pkg}"
+        rescue Docker::Error::NotFoundError
+          warn "#{dev_pkg} not found. The package might not have any development dependencies."
         end
       ensure
         container.delete(force: true)
@@ -297,8 +301,57 @@ end
 
 def wait_for_conjur appliance_image, container
   container_command container, '/opt/conjur/evoke/bin/wait_for_conjur'
+rescue
+  $stderr.puts container.logs
+  raise
+end
+
+def network_options(cmd)
+  cmd.desc "Specify link for test container"
+  cmd.flag [ :l, :link ], :multiple => true
+  
+  cmd.desc 'Attach to the specified network'
+  cmd.flag [ :n, :net ]
 end
 
+def short_id(id)
+  if id =~ /\A[0-9a-f]{64}\z/ # 64 hex digits, docker only allows lower case letters in ids
+    $stderr.puts "Warning: found full container id, using short id instead (#{id[0..11]} for #{id})"
+    id[0..11]
+  else
+    id
+  end
+end
+
+# If the source of the link is a full container id, use the short id
+# instead. (Docker doesn't add full container ids as network aliases,
+# only short ids).
+def shorten_source_id(link)
+  src,dest = link.split(':')
+  src && dest ? "#{short_id(src)}:#{dest}" : link
+end
+
+def add_network_config(container_config, cmd_options)
+  host_config = container_config['HostConfig']
+  has_links = cmd_options[:link] && !cmd_options[:link].empty?
+  net_name = cmd_options[:net]
+  if net_name
+    host_config['NetworkMode'] = net_name
+    if has_links
+      container_config['NetworkingConfig'] ||= {}
+      container_config['NetworkingConfig'].deep_merge!(
+        'EndpointsConfig' => {
+          net_name => {
+            'Links' => cmd_options[:link].collect(&method(:shorten_source_id))
+          }
+        }
+      )
+    end
+  elsif has_links
+    # Don't shorten source ids here
+    host_config['Links'] = cmd_options[:link]
+  end
+end
 
 desc "Test a Conjur debian package in a Conjur appliance container"
 long_desc <<DESC
@@ -344,12 +397,11 @@ command "test" do |c|
   c.desc "Specify the deb version; by default, it's read from the VERSION file"
   c.flag [ :v, :version ]
 
-  c.desc "Specify link for test container"
-  c.flag [ :l, :link ], :multiple => true
-
   c.desc "Specify volume for test container"
   c.flag [ :'volumes-from' ], :multiple => true
 
+  network_options(c)
+  
   c.action do |global_options,cmd_options,args|
     raise "project-name is required" unless project_name = args.shift
     raise "test-script is required" unless test_script = args.shift
@@ -366,6 +418,7 @@ command "test" do |c|
       appliance_image_id = [ cmd_options[:image], image_tag ].join(":")
       version = cmd_options[:version] || detect_version
       package_name = "conjur-#{project_name}_#{version}_amd64.deb"
+      dev_package_name = "conjur-#{project_name}-dev_#{version}_amd64.deb"
 
       raise "#{test_script} does not exist or is not a file" unless File.file?(test_script)
 
@@ -378,15 +431,16 @@ command "test" do |c|
       end
 
 
-      def build_test_image(appliance_image_id, project_name, package_name)
+      def build_test_image(appliance_image_id, project_name, packages)
+        packages = packages.join " "
         dockerfile = <<-DOCKERFILE
 FROM #{appliance_image_id}
 
-COPY #{package_name} /tmp/
+COPY #{packages} /tmp/
 
 RUN if dpkg --list | grep conjur-#{project_name}; then dpkg --force all --purge conjur-#{project_name}; fi
 RUN if [ -f /opt/conjur/etc/#{project_name}.conf ]; then rm /opt/conjur/etc/#{project_name}.conf; fi
-RUN dpkg --install /tmp/#{package_name}
+RUN cd /tmp; dpkg --install #{packages}
 
 RUN touch /etc/service/conjur/down
         DOCKERFILE
@@ -394,7 +448,7 @@ RUN touch /etc/service/conjur/down
           tmpfile = Tempfile.new('Dockerfile', tmpdir)
           File.write(tmpfile, dockerfile)
           dockerfile_name = File.basename(tmpfile.path)
-          tar_cmd = "tar -cvzh -C #{tmpdir} #{dockerfile_name} -C #{Dir.pwd} #{package_name}"
+          tar_cmd = "tar -cvzh -C #{tmpdir} #{dockerfile_name} -C #{Dir.pwd} #{packages}"
           tar = open("| #{tar_cmd}")
           begin
             Docker::Image.build_from_tar(tar, :dockerfile => dockerfile_name, &DebugMixin::DOCKER)
@@ -404,9 +458,12 @@ RUN touch /etc/service/conjur/down
         end
       end
 
+      packages = [package_name]
+      packages << dev_package_name if File.exist? dev_package_name
+
       begin
         tries ||=2
-        appliance_image = build_test_image(appliance_image_id, project_name, package_name)
+        appliance_image = build_test_image(appliance_image_id, project_name, packages)
       rescue
         login_to_registry appliance_image_id
         retry unless (tries -= 1).zero?
@@ -424,20 +481,26 @@ RUN touch /etc/service/conjur/down
           "CONJUR_AUTHN_API_KEY=secret",
           "CONJUR_ADMIN_PASSWORD=secret",
         ],
-        'Binds' => [
-          [ dir, "/src/#{project_name}" ].join(':')
-        ]
+        'HostConfig' => {
+          'Binds' => [
+            [ dir, "/src/#{project_name}" ].join(':')
+          ]
+        }
       }
-      options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
-      options['Links'] = cmd_options[:link] if cmd_options[:link] && !cmd_options[:link].empty?
-      options['VolumesFrom'] = cmd_options[:'volumes-from'] if cmd_options[:'volumes-from'] && !cmd_options[:'volumes-from'].empty?
+      host_config = options['HostConfig']
+      
+      host_config['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
+      host_config['VolumesFrom'] = cmd_options[:'volumes-from'] if cmd_options[:'volumes-from'] && !cmd_options[:'volumes-from'].empty?
+
+      add_network_config(options, cmd_options)
+      
       if global_options[:'local-bundle']
-        options['Binds']
+        host_config['Binds']
           .push([ vendor_dir, "/src/#{project_name}/vendor" ].join(':'))
           .push([ dot_bundle_dir, "/src/#{project_name}/.bundle" ].join(':'))
       end
 
-      container = Docker::Container.create(options)
+      container = Docker::Container.create(options.tap {|o| DebugMixin.debug_write "creating container with options #{o.inspect}"})
 
       begin
         DebugMixin.debug_write "Testing #{project_name} in container #{container.id}\n"
@@ -445,7 +508,7 @@ RUN touch /etc/service/conjur/down
         spawn("docker logs -f #{container.id}", [ :out, :err ] => $stderr).tap do |pid|
           Process.detach pid
         end
-        container.start
+        container.start!
 
         # Wait for pg/main so that migrations can run
         30.times do
@@ -471,8 +534,10 @@ RUN touch /etc/service/conjur/down
         system "./#{test_script} #{container.id}"
         exit_now! "#{test_script} failed with exit code #{$?.exitstatus}", $?.exitstatus unless $?.exitstatus == 0
       ensure
-        DebugMixin.debug_write "deleting container"
-        container.delete(force: true) unless cmd_options[:keep]
+        unless cmd_options[:keep] || ENV['KEEP_CONTAINERS']
+          DebugMixin.debug_write "deleting container"
+          container.delete(force: true)
+        end
       end
     end
   end
@@ -507,8 +572,7 @@ command "sandbox" do |c|
   c.default_value false
   c.switch [ :pull ]
 
-  c.desc "Specify link for container"
-  c.flag [ :l, :link ], :multiple => true
+  network_options(c)
 
   c.desc "Specify volume for container"
   c.flag [ :'volumes-from' ], :multiple => true
@@ -524,6 +588,9 @@ command "sandbox" do |c|
   c.default_value false
   c.switch [:kill]
 
+  c.desc 'A command to run in the sandbox'
+  c.flag [ :c, :command ]
+  
   c.action do |global_options,cmd_options,args|
     raise "Received extra command-line arguments" if args.shift
 
@@ -579,8 +646,9 @@ command "sandbox" do |c|
       end
 
       host_config['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
-      host_config['Links'] = cmd_options[:link] unless cmd_options[:link].empty?
       host_config['VolumesFrom'] = cmd_options[:'volumes-from'] unless cmd_options[:'volumes-from'].empty?
+      
+      add_network_config(options, cmd_options)
 
       unless cmd_options[:port].empty?
         port_bindings = Hash.new({})
@@ -596,9 +664,9 @@ command "sandbox" do |c|
         previous.delete(:force => true) if previous
       end
 
-      container = Docker::Container.create(options)
+      container = Docker::Container.create(options.tap {|o| DebugMixin.debug_write "creating container with options #{o.inspect}"})
       $stdout.puts container.id
-      container.start
+      container.start!
 
       wait_for_conjur appliance_image, container
 
@@ -607,6 +675,9 @@ command "sandbox" do |c|
         container_command(container, 'sv', 'restart', "conjur/#{project_name}")
       end
 
+      if cmd_options[:command]
+        container_command(container, '/bin/bash', '-c', cmd_options[:command])
+      end
     end
   end
 end

data/lib/conjur/debify/Dockerfile.fpm

@@ -7,7 +7,7 @@ WORKDIR /src/opt/conjur/project
 COPY Gemfile ./
 COPY Gemfile.lock ./
 
-RUN bundle --deployment --without "test development"
+RUN bundle --deployment
 RUN mkdir -p .bundle
 RUN cp /usr/local/bundle/config .bundle/config
 

data/lib/conjur/debify/action/publish.rb

@@ -80,7 +80,7 @@ module Conjur::Debify
       def publish(options)
         container = Docker::Container.create(options)
         begin
-          container.tap(&:start).streaming_logs(follow: true, stdout: true, stderr: true) { |stream, chunk| puts "#{chunk}" }
+          container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) { |stream, chunk| puts "#{chunk}" }
           status = container.wait
           raise "Failed to publish package" unless status['StatusCode'] == 0
         ensure

data/lib/conjur/debify/utils.rb

@@ -0,0 +1,16 @@
+require 'rubygems/package'
+
+module Conjur::Debify::Utils
+  module_function
+
+  # copy a file from container to the current working directory
+  def copy_from_container container, path
+    tar = StringIO.new
+    container.copy(path) { |chunk| tar.write chunk }
+    tar.rewind
+    Gem::Package::TarReader.new(tar).each do |entry|
+      File.write entry.full_name, entry.read
+    end
+  end
+end
+

data/lib/conjur/fpm/Dockerfile

@@ -25,7 +25,8 @@ RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \
 
 RUN mkdir /src
 
+ENTRYPOINT [ "/package.sh" ]
+
 COPY debify_utils.sh /
 COPY package.sh      /
 
-ENTRYPOINT [ "/package.sh" ]

data/lib/conjur/fpm/debify_utils.sh

@@ -1,11 +1,11 @@
 function bundle_clean() {
   ruby_version="$(ruby -v | grep -o '[0-9]\.[0-9]\.[0-9]')"
 
-  chmod og+r -R vendor/bundle # some gems have broken perms
+  if [ -d vendor/bundle ]; then
+    chmod og+r -R vendor/bundle # some gems have broken perms
 
-  gem install bundler:1.11.2 --no-rdoc --no-ri --install-dir ./vendor/bundle/ruby/${ruby_version}
-
-  # some cleanup
-  rm -rf vendor/bundle/ruby/${ruby_version}/cache
-  rm -rf vendor/bundle/ruby/${ruby_version}/gems/*/{test,spec,examples,example,contrib,doc,ext,sample}
+    # some cleanup
+    rm -rf vendor/bundle/ruby/${ruby_version}/cache
+    rm -rf vendor/bundle/ruby/${ruby_version}/gems/*/{test,spec,examples,example,contrib,doc,ext,sample}
+  fi
 }

data/lib/conjur/fpm/package.sh

@@ -1,5 +1,7 @@
 #!/bin/bash -ex
 
+source /debify_utils.sh
+
 project_name=$1
 shift
 version=$1
@@ -15,6 +17,36 @@ if [ -z "$version" ]; then
 fi
 
 package_name=conjur-"$project_name"_"$version"_amd64.deb
+dev_package_name=conjur-"$project_name"-dev_"$version"_amd64.deb
+
+# Build dev package first
+echo Building $dev_package_name
+prefix=/src/opt/conjur/project
+cp -al $prefix /dev-pkg
+cd $prefix
+bundle --without development test
+bundle clean
+cp /usr/local/bundle/config .bundle/config # bundler for some reason stores config there...
+cd /dev-pkg
+find $prefix -type f | sed -e "s@^$prefix@.@" | xargs rm -f
+find . -type d -empty -delete
+bundle_clean
+
+if [ `ls | wc -l` -eq 0 ]; then
+  echo No dev dependencies, skipping dev package
+else
+  fpm -s dir -t deb -n conjur-$project_name-dev -v $version -C . \
+    --maintainer "Conjur Inc." \
+    --vendor "Conjur Inc." \
+    --license "Proprietary" \
+    --url "https://www.conjur.net" \
+    --deb-no-default-config-files \
+    --deb-user conjur \
+    --deb-group conjur \
+    --depends "conjur-$project_name = $version" \
+    --prefix /opt/conjur/$project_name \
+    --description "Conjur $project_name service - development files"
+fi
 
 echo Building $package_name
 
@@ -22,7 +54,6 @@ mv /src/opt/conjur/project /src/opt/conjur/$project_name
 
 cd /src/opt/conjur/$project_name
 
-source /debify_utils.sh
 bundle_clean
 
 cd /src

data/publish-rubygem.sh

@@ -4,7 +4,7 @@ docker pull registry.tld/conjurinc/publish-rubygem
 
 docker run -i --rm -v $PWD:/src -w /src alpine/git clean -fxd
 
-summon --yaml 'RUBYGEMS_API_KEY: !var rubygems/api-key' \
+summon --yaml "RUBYGEMS_API_KEY: !var rubygems/api-key" \
   docker run --rm --env-file @SUMMONENVFILE -v "$(pwd)":/opt/src \
   registry.tld/conjurinc/publish-rubygem debify
 

data/push-image.sh

@@ -1,6 +1,9 @@
 #!/bin/bash -ex
 
-TAG=$(< VERSION)
+IFS=. read MAJOR MINOR PATCH <VERSION
+
+TAGS="latest $(docker images --filter reference="registry.tld/conjurinc/debify:$MAJOR.$MINOR*" --format '{{.Tag}}')"
+for t in $TAGS; do
+  docker push registry.tld/conjurinc/debify:$t
+done
 
-docker push registry.tld/conjurinc/debify:$TAG
-docker push registry.tld/conjurinc/debify:latest

data/spec/data/Makefile

@@ -0,0 +1,5 @@
+test.tar:
+	echo "this is a test" > test.txt
+	tar cf test.tar test.txt
+	rm test.txt
+

data/spec/utils_spec.rb

@@ -0,0 +1,22 @@
+require 'fakefs/safe'
+
+require 'conjur/debify/utils'
+
+describe 'Conjur::Debify::Utils.copy_from_container' do
+  it "copies a file from the container to the current directory" do
+    tar = File.read "#{__dir__}/data/test.tar"
+    container = instance_double Docker::Container
+    allow(container).to receive(:copy).with "/tmp/test.tar" do |&b|
+      StringIO.new(tar).each(nil, 512) do |c|
+        # docker api sends three arguments, so emulate that
+        b[c, nil, nil]
+      end
+    end
+
+    FakeFS do
+      Conjur::Debify::Utils.copy_from_container container, "/tmp/test.tar"
+      expect(File.read 'test.txt').to eq "this is a test\n"
+    end
+  end
+end
+

data/tag-image.sh

@@ -1,5 +1,8 @@
 #!/bin/bash -ex
-TAG=$(< VERSION)
 
-docker tag debify:$TAG registry.tld/conjurinc/debify:$TAG
-docker tag debify:$TAG registry.tld/conjurinc/debify:latest
+IFS=. read MAJOR MINOR PATCH <VERSION
+TAG=$MAJOR.$MINOR.$PATCH
+
+for t in latest $TAG $MAJOR.$MINOR; do
+  docker tag debify:$TAG registry.tld/conjurinc/debify:$t
+done

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: conjur-debify
 version: !ruby/object:Gem::Version
-  version: 1.8.2
+  version: 1.10.0
 platform: ruby
 authors:
 - Kevin Gilpin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-02-07 00:00:00.000000000 Z
+date: 2018-03-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gli
@@ -80,6 +80,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: fakefs
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -184,14 +198,21 @@ files:
 - example/Gemfile.lock
 - example/debify.sh
 - example/distrib/postinstall.sh
+- example/docker-compose.yml
+- example/net-test.sh
 - example/test.sh
 - features/detect_version.feature
 - features/package.feature
+- features/sandbox.feature
 - features/step_definitions/debify_steps.rb
 - features/support/env.rb
+- features/support/hooks.rb
+- features/support/world.rb
+- features/test.feature
 - lib/conjur/debify.rb
 - lib/conjur/debify/Dockerfile.fpm
 - lib/conjur/debify/action/publish.rb
+- lib/conjur/debify/utils.rb
 - lib/conjur/debify/version.rb
 - lib/conjur/fpm/Dockerfile
 - lib/conjur/fpm/debify_utils.sh
@@ -201,7 +222,10 @@ files:
 - push-image.sh
 - secrets.yml
 - spec/action/publish_spec.rb
+- spec/data/Makefile
+- spec/data/test.tar
 - spec/spec_helper.rb
+- spec/utils_spec.rb
 - tag-image.sh
 - test.sh
 homepage: https://github.com/conjurinc/debify
@@ -224,14 +248,21 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.5
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Utility commands to build and package Conjur services as Debian packages
 test_files:
 - features/detect_version.feature
 - features/package.feature
+- features/sandbox.feature
 - features/step_definitions/debify_steps.rb
 - features/support/env.rb
+- features/support/hooks.rb
+- features/support/world.rb
+- features/test.feature
 - spec/action/publish_spec.rb
+- spec/data/Makefile
+- spec/data/test.tar
 - spec/spec_helper.rb
+- spec/utils_spec.rb