conjur-debify 1.11.5 → 1.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 58a50a072fd2700fa612ac0a6113f2a6227787ed67ac732767443dc26a6f9e72
-  data.tar.gz: ba642699eb85c6506091ccdb8c82779a1f4daf9b5e00f45e071f910b889883e5
+  metadata.gz: 0b5fa10a6d866735c45f5edfd2a9defcc685ebe502c8950b219b6a8bc22ed232
+  data.tar.gz: 169e5c66e12fe3533c778255b337ad64b323f35cbc298f8e39c00e7abe765b7f
 SHA512:
-  metadata.gz: 3674127fd6cc68ee9696f552edac2a089efe2c9ab6e1b0ac212ee78b4b282735e03ec65f15c7502592e2c31702a182756e6744c8a3bbc90a2e04b1c06ad6ffeb
-  data.tar.gz: 31b3d6dd4a7c414ea09ea97e98ef1a56963d4724b4bd637fbd0379f7f53db0c9d0be22981a1de2de748aa8925a5b15d82b6551e4eb7b4edf6c68579c7f5b9d3b
+  metadata.gz: f9326cdb7fd4efafc3db3dda92e6a313cfc504dc34a24450be1076078cc8124b93c8f8ab781f59434cf625c4a37e2a1e8e6b1ead7466a7df00c2de7e3c3cca30
+  data.tar.gz: 8aae92edeacc8a8ffecaa7bbe4bf09cbb0a0f797b40c4cc8e52e4b9999cd7f607a58a913334e5f82cdcabfe07cc94ab2803bce65b3e99e0b84a0ed23d56824d6

data/.gitignore

@@ -16,5 +16,6 @@ features/reports
 results.html
 mkmf.log
 *.deb
+*.rpm
 *.gem
 docker-debify

data/CHANGELOG.md

@@ -1,3 +1,19 @@
+## [Unreleased]
+
+# 1.12.0
+
+### Added
+- Debify now packages and publishes an RPM file, alongside a debian file.
+  [conjurinc/debify#49](https://github.com/conjurinc/debify/pull/49)
+- `debify package` now offers an `--additional-files` flag to provide a comma
+  separated list of files to include in the FPM build that are not provided
+  automatically by `git ls-files`.
+  [conjurinc/debify#52](https://github.com/conjurinc/debify/pull/52)
+
+### Fixed
+- Bug causing `all` files in the git repo to be added to the debian file.
+  [conjurinc/debify#50](https://github.com/conjurinc/debify/pull/50)
+
 # 1.11.5
 
 ### Changed

data/Jenkinsfile

@@ -66,7 +66,6 @@ pipeline {
     }
 
     stage('Publish to RubyGems') {
-      agent { label 'releaser-v2' }
       when {
         allOf {
           branch 'master'

data/README.md

@@ -1,5 +1,10 @@
 # Debify
 
+Debify is a tool used for building and testing DAP appliance packages.
+It is mainly used to package and publish debian packages that are consumed into the
+appliance image in its build stage. However, it also packages and publishes an
+RPM package whenever it does so for a debian.
+
 ## Installation
 
 There are two different ways of installing debify: as a gem, or as a Docker image.

data/VERSION

@@ -1 +1 @@
-1.11.5
+1.12.0

data/debify.gemspec

@@ -6,8 +6,8 @@ require 'conjur/debify/version'
 Gem::Specification.new do |spec|
   spec.name          = "conjur-debify"
   spec.version       = Conjur::Debify::VERSION
-  spec.authors       = ["Kevin Gilpin"]
-  spec.email         = ["kgilpin@conjur.net"]
+  spec.authors       = ["CyberArk Software, Inc."]
+  spec.email         = ["conj_maintainers@cyberark.com"]
   spec.summary       = %q{Utility commands to build and package Conjur services as Debian packages}
   spec.homepage      = "https://github.com/conjurinc/debify"
   spec.license       = "MIT"

data/features/package.feature

@@ -2,16 +2,21 @@
 Feature: Packaging
 
   Background:
-    Given I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example -v 0.0.1 example -- --post-install /distrib/postinstall.sh`
+    # We use version 0.0.1-suffix to verify that RPM converts dashes to underscores
+    # in the version as we expect
+    Given I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example -v 0.0.1-suffix example -- --post-install /distrib/postinstall.sh`
 
   Scenario: 'example' project can be packaged successfully
-    Then the stdout should contain "conjur-example_0.0.1_amd64.deb"
-    And the stdout should contain "conjur-example-dev_0.0.1_amd64.deb"
+    Then the stdout should contain "conjur-example_0.0.1-suffix_amd64.deb"
+    And the stdout should contain "conjur-example-dev_0.0.1-suffix_amd64.deb"
+    And the stdout should contain "conjur-example-0.0.1_suffix-1.x86_64.rpm"
+    And the stdout should contain "conjur-example-dev-0.0.1_suffix-1.x86_64.rpm"
 
   Scenario: 'clean' command will delete non-Git-managed files
     When I successfully run `env DEBUG=true GLI_DEBUG=true debify clean -d ../../example --force`
     And I successfully run `find ../../example`
-    Then the stdout from "find ../../example" should not contain "conjur-example_0.0.1_amd64.deb"
-    
+    Then the stdout from "find ../../example" should not contain "conjur-example_0.0.1-suffix_amd64.deb"
+    And the stdout from "find ../../example" should not contain "conjur-example-0.0.1_suffix-1.x86_64.rpm"
+
   Scenario: 'example' project can be published
-    When I successfully run `env DEBUG=true GLI_DEBUG=true debify publish -v 0.0.1 -d ../../example 4.9 example`
+    When I successfully run `env DEBUG=true GLI_DEBUG=true debify publish -v 0.0.1-suffix -d ../../example 4.9 example`

data/lib/conjur/debify.rb

@@ -4,6 +4,7 @@ require 'fileutils'
 require 'gli'
 require 'json'
 require 'base64'
+require 'tmpdir'
 
 require 'conjur/debify/utils'
 
@@ -196,6 +197,17 @@ command "clean" do |c|
   end
 end
 
+def copy_packages_from_container(container, package_name, dev_package_name)
+  Conjur::Debify::Utils.copy_from_container container, "/src/#{package_name}"
+  puts "#{package_name}"
+  begin
+    Conjur::Debify::Utils.copy_from_container container, "/dev-pkg/#{dev_package_name}"
+    puts "#{dev_package_name}"
+  rescue Docker::Error::NotFoundError
+    warn "#{dev_package_name} not found. The package might not have any development dependencies."
+  end
+end
+
 desc "Build a debian package for a project"
 long_desc <<DESC
 The package is built using fpm (https://github.com/jordansissel/fpm).
@@ -228,6 +240,9 @@ command "package" do |c|
   c.desc "Specify a custom Dockerfile.fpm"
   c.flag [ :dockerfile]
 
+  c.desc "Specify files to add to the FPM image that are not included from the git repo"
+  c.flag [ :'additional-files' ]
+
   c.action do |global_options,cmd_options,args|
     raise "project-name is required" unless project_name = args.shift
 
@@ -241,25 +256,41 @@ command "package" do |c|
     dir = cmd_options[:dir] || '.'
     pwd = File.dirname(__FILE__)
 
+    additional_files = []
+    if cmd_options[:'additional-files']
+      additional_files = cmd_options[:'additional-files'].split(',').map(&:strip)
+    end
+
     fpm_image = Docker::Image.build_from_dir File.expand_path('fpm', File.dirname(__FILE__)), tag: "debify-fpm", &DebugMixin::DOCKER
     DebugMixin.debug_write "Built base fpm image '#{fpm_image.id}'\n"
     dir = File.expand_path(dir)
+
     Dir.chdir dir do
       version = cmd_options[:version] || detect_version
-      dockerfile_path = cmd_options[:dockerfile] || File.expand_path("debify/Dockerfile.fpm", pwd)
-      dockerfile = File.read(dockerfile_path)
 
-      output = StringIO.new
-      Gem::Package::TarWriter.new(output) do |tar|
-        git_files.each do |fname|
-          stat = File.stat(fname)
-          tar.add_file(fname, stat.mode) { |tar_file| tar_file.write(File.read(fname)) }
-        end
-        tar.add_file('Dockerfile', 0640) { |tar_file| tar_file.write dockerfile.gsub("@@image@@", fpm_image.id) }
+      # move git files and Dockerfile to temp dir to make deb from
+      # we do this to avoid adding "non-git" files
+      # that aren't mentioned in the dockerignore to the deb
+      temp_dir = Dir.mktmpdir
+      DebugMixin.debug_write "Copying git files to tmp dir '#{temp_dir}'\n"
+      (git_files + additional_files).each do |fname|
+        original_file = File.join(dir, fname)
+        destination_path = File.join(temp_dir, fname)
+        FileUtils.mkdir_p(File.dirname(destination_path))
+        FileUtils.cp(original_file, destination_path)
       end
-      output.rewind
+      
+      # rename specified dockerfile to 'Dockerfile' during copy, incase name is different
+      dockerfile_path = cmd_options[:dockerfile] || File.expand_path("debify/Dockerfile.fpm", pwd)
+      temp_dockerfile = File.join(temp_dir, "Dockerfile")
+      
+      # change image variable in specified Dockerfile
+      dockerfile = File.read(dockerfile_path)
+      replace_image = dockerfile.gsub("@@image@@", fpm_image.id)
+      File.open(temp_dockerfile, "w") {|file| file.puts replace_image}
 
-      image = Docker::Image.build_from_tar output, &DebugMixin::DOCKER
+      # build image from project being debified dir
+      image = Docker::Image.build_from_dir temp_dir, &DebugMixin::DOCKER
 
       DebugMixin.debug_write "Built fpm image '#{image.id}' for project #{project_name}\n"
 
@@ -276,16 +307,21 @@ command "package" do |c|
         status = container.wait
         raise "Failed to package #{project_name}" unless status['StatusCode'] == 0
 
-        pkg = "conjur-#{project_name}_#{version}_amd64.deb"
-        dev_pkg = "conjur-#{project_name}-dev_#{version}_amd64.deb"
-        Conjur::Debify::Utils.copy_from_container container, "/src/#{pkg}"
-        puts "#{pkg}"
-        begin
-          Conjur::Debify::Utils.copy_from_container container, "/dev-pkg/#{dev_pkg}"
-          puts "#{dev_pkg}"
-        rescue Docker::Error::NotFoundError
-          warn "#{dev_pkg} not found. The package might not have any development dependencies."
-        end
+        # Copy deb packages
+        copy_packages_from_container(
+          container,
+          "conjur-#{project_name}_#{version}_amd64.deb",
+          "conjur-#{project_name}-dev_#{version}_amd64.deb"
+        )
+
+        # Copy rpm packages
+        # The rpm builder replaces dashes with underscores in the version
+        rpm_version = version.tr('-', '_')
+        copy_packages_from_container(
+          container,
+          "conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm",
+          "conjur-#{project_name}-dev-#{rpm_version}-1.x86_64.rpm"
+        )
       ensure
         container.delete(force: true)
       end
@@ -309,7 +345,7 @@ end
 def network_options(cmd)
   cmd.desc "Specify link for test container"
   cmd.flag [ :l, :link ], :multiple => true
-  
+
   cmd.desc 'Attach to the specified network'
   cmd.flag [ :n, :net ]
 end
@@ -401,7 +437,7 @@ command "test" do |c|
   c.flag [ :'volumes-from' ], :multiple => true
 
   network_options(c)
-  
+
   c.action do |global_options,cmd_options,args|
     raise "project-name is required" unless project_name = args.shift
     raise "test-script is required" unless test_script = args.shift
@@ -488,12 +524,12 @@ RUN touch /etc/service/conjur/down
         }
       }
       host_config = options['HostConfig']
-      
+
       host_config['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
       host_config['VolumesFrom'] = cmd_options[:'volumes-from'] if cmd_options[:'volumes-from'] && !cmd_options[:'volumes-from'].empty?
 
       add_network_config(options, cmd_options)
-      
+
       if global_options[:'local-bundle']
         host_config['Binds']
           .push([ vendor_dir, "/src/#{project_name}/vendor" ].join(':'))
@@ -590,7 +626,7 @@ command "sandbox" do |c|
 
   c.desc 'A command to run in the sandbox'
   c.flag [ :c, :command ]
-  
+
   c.action do |global_options,cmd_options,args|
     raise "Received extra command-line arguments" if args.shift
 
@@ -647,7 +683,7 @@ command "sandbox" do |c|
 
       host_config['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
       host_config['VolumesFrom'] = cmd_options[:'volumes-from'] unless cmd_options[:'volumes-from'].empty?
-      
+
       add_network_config(options, cmd_options)
 
       unless cmd_options[:port].empty?
@@ -716,6 +752,10 @@ command "publish" do |c|
   c.default_value "debian-private"
   c.flag [ :r, :repo]
 
+  c.desc "Artifactory RPM repo to publish package to"
+  c.default_value "redhat-private"
+  c.flag ['rpm-repo']
+
   c.action do |global_options,cmd_options,args|
     require 'conjur/debify/action/publish'
     raise "distribution is required" unless distribution = args.shift

data/lib/conjur/debify/action/publish.rb

@@ -25,14 +25,12 @@ module Conjur::Debify
 
         Dir.chdir dir do
           version = cmd_options[:version] || detect_version
-          component = cmd_options[:component] || detect_component
-          package_name = "conjur-#{project_name}_#{version}_amd64.deb"
 
           publish_image = create_image
           DebugMixin.debug_write "Built base publish image '#{publish_image.id}'\n"
 
           art_url = cmd_options[:url]
-          art_repo = cmd_options[:repo]
+          deb_art_repo = cmd_options[:repo]
 
           art_user = ENV['ARTIFACTORY_USER']
           art_password = ENV['ARTIFACTORY_PASSWORD']
@@ -40,23 +38,35 @@ module Conjur::Debify
             art_user, art_password = fetch_art_creds
           end
 
-          options = {
-            'Image' => publish_image.id,
-            'Cmd' => [
-              "jfrog", "rt", "upload",
-              "--url", art_url,
-              "--user", art_user,
-              "--password", art_password,
-              "--deb", "#{distribution}/#{component}/amd64",
-              package_name, "#{art_repo}/"
-            ],
-            'Binds' => [
-              [ dir, "/src" ].join(':')
-            ]
-          }
-          options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
-
-          publish(options)
+          # Publish deb package
+          component = cmd_options[:component] || detect_component
+          deb_info = "#{distribution}/#{component}/amd64"
+          package_name = "conjur-#{project_name}_#{version}_amd64.deb"
+          publish_package(
+            publish_image: publish_image,
+            art_url: art_url,
+            art_user: art_user,
+            art_password: art_password,
+            art_repo: deb_art_repo,
+            package_name: package_name,
+            dir: dir,
+            deb_info: deb_info
+          )
+
+          # Publish RPM package
+          # The rpm builder replaces dashes with underscores in the version
+          rpm_version = version.tr('-', '_')
+          package_name = "conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm"
+          rpm_art_repo = cmd_options['rpm-repo']
+          publish_package(
+            publish_image: publish_image,
+            art_url: art_url,
+            art_user: art_user,
+            art_password: art_password,
+            art_repo: rpm_art_repo,
+            package_name: package_name,
+            dir: dir
+          )
         end
       end
 
@@ -77,6 +87,39 @@ module Conjur::Debify
         [conjur.resource(username_var).value, conjur.resource(password_var).value]
       end
 
+      def publish_package(
+        publish_image:,
+        art_url:,
+        art_user:,
+        art_password:,
+        art_repo:,
+        package_name:,
+        dir:,
+        deb_info: nil
+      )
+
+        cmd_args = [
+          "jfrog", "rt", "upload",
+          "--url", art_url,
+          "--user", art_user,
+          "--password", art_password,
+        ]
+
+        cmd_args += ["--deb", deb_info] if deb_info
+        cmd_args += [package_name, "#{art_repo}/"]
+
+        options = {
+          'Image' => publish_image.id,
+          'Cmd' => cmd_args,
+          'Binds' => [
+            [ dir, "/src" ].join(':')
+          ]
+        }
+        options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
+
+        publish(options)
+      end
+
       def publish(options)
         container = Docker::Container.create(options)
         begin

data/lib/conjur/fpm/Dockerfile

@@ -5,7 +5,8 @@ RUN apt-get update -y && \
     apt-get dist-upgrade -y && \
     apt-get install -y build-essential \
                        git \
-                       libffi-dev 
+                       libffi-dev \
+                       rpm
 
 RUN gem install --no-document bundler:1.17.3 \
                               fpm

data/lib/conjur/fpm/package.sh

@@ -16,11 +16,7 @@ if [ -z "$version" ]; then
 	exit 1
 fi
 
-package_name=conjur-"$project_name"_"$version"_amd64.deb
-dev_package_name=conjur-"$project_name"-dev_"$version"_amd64.deb
-
 # Build dev package first
-echo Building $dev_package_name
 prefix=/src/opt/conjur/project
 cp -al $prefix /dev-pkg
 cd $prefix
@@ -34,21 +30,29 @@ bundle_clean
 if [ `ls | wc -l` -eq 0 ]; then
   echo No dev dependencies, skipping dev package
 else
-  fpm -s dir -t deb -n conjur-$project_name-dev -v $version -C . \
-    --maintainer "Conjur Inc." \
-    --vendor "Conjur Inc." \
+  for file_type in deb rpm
+  do
+    echo "Building conjur-$project_name-dev $file_type package"
+
+    fpm \
+    -s dir \
+    -t $file_type \
+    -n conjur-$project_name-dev \
+    -v $version \
+    -C . \
+    --maintainer "CyberArk Software, Inc." \
+    --vendor "CyberArk Software, Inc." \
     --license "Proprietary" \
-    --url "https://www.conjur.net" \
+    --url "https://www.cyberark.com" \
     --deb-no-default-config-files \
-    --deb-user conjur \
-    --deb-group conjur \
+    --$file_type-user conjur \
+    --$file_type-group conjur \
     --depends "conjur-$project_name = $version" \
     --prefix /opt/conjur/$project_name \
     --description "Conjur $project_name service - development files"
+  done
 fi
 
-echo Building $package_name
-
 mv /src/opt/conjur/project /src/opt/conjur/$project_name
 
 cd /src/opt/conjur/$project_name
@@ -63,16 +67,26 @@ mkdir -p opt/conjur/etc
 
 [ -d opt/conjur/"$project_name"/distrib ] && mv opt/conjur/"$project_name"/distrib /
 
-fpm -s dir -t deb -n conjur-$project_name -v $version -C . \
-	--maintainer "Conjur Inc." \
-	--vendor "Conjur Inc." \
+for file_type in deb rpm
+do
+  echo "Building conjur-$project_name-dev $file_type package"
+
+  fpm \
+  -s dir \
+  -t $file_type \
+  -n conjur-$project_name \
+  -v $version \
+  -C . \
+	--maintainer "CyberArk Software, Inc." \
+	--vendor "CyberArk Software, Inc." \
 	--license "Proprietary" \
-	--url "https://www.conjur.net" \
-	--deb-no-default-config-files \
+	--url "https://www.cyberark.com" \
 	--config-files opt/conjur/etc \
-	--deb-user conjur \
-	--deb-group conjur \
+	--deb-no-default-config-files \
+	--$file_type-user conjur \
+	--$file_type-group conjur \
 	--description "Conjur $project_name service" \
 	"$@"
+done
 
-ls -al *.deb
+ls -al *.{deb,rpm}

data/spec/action/publish_spec.rb

@@ -31,8 +31,8 @@ describe Conjur::Debify::Action::Publish do
     end
     
     it 'runs' do
-      expect(action).to receive(:publish)
-      
+      expect(action).to receive(:publish).twice
+
       action.run
     end
     
@@ -42,8 +42,8 @@ describe Conjur::Debify::Action::Publish do
 
     it 'runs' do
       expect(action).to receive(:fetch_art_creds)
-      expect(action).to receive(:publish)
-      
+      expect(action).to receive(:publish).twice
+
       action.run
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: conjur-debify
 version: !ruby/object:Gem::Version
-  version: 1.11.5
+  version: 1.12.0
 platform: ruby
 authors:
-- Kevin Gilpin
+- CyberArk Software, Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-06-14 00:00:00.000000000 Z
+date: 2020-11-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gli
@@ -166,7 +166,7 @@ dependencies:
         version: '1.0'
 description: 
 email:
-- kgilpin@conjur.net
+- conj_maintainers@cyberark.com
 executables:
 - debify
 extensions: []