omnibus 5.4.0 → 5.5.0

data/lib/omnibus/packagers/rpm.rb

@@ -21,18 +21,18 @@ module Omnibus
     # @return [Hash]
     SCRIPT_MAP = {
       # Default Omnibus naming
-      preinst:  'pre',
-      postinst: 'post',
-      prerm:    'preun',
-      postrm:   'postun',
+      preinst:  "pre",
+      postinst: "post",
+      prerm:    "preun",
+      postrm:   "postun",
       # Default RPM naming
-      pre:          'pre',
-      post:         'post',
-      preun:        'preun',
-      postun:       'postun',
-      verifyscript: 'verifyscript',
-      pretans:      'pretans',
-      posttrans:    'posttrans',
+      pre:          "pre",
+      post:         "post",
+      preun:        "preun",
+      postun:       "postun",
+      verifyscript: "verifyscript",
+      pretans:      "pretans",
+      posttrans:    "posttrans",
     }.freeze
 
     id :rpm
@@ -116,10 +116,10 @@ module Omnibus
     #
     def vendor(val = NULL)
       if null?(val)
-        @vendor || 'Omnibus <omnibus@getchef.com>'
+        @vendor || "Omnibus <omnibus@getchef.com>"
       else
         unless val.is_a?(String)
-          raise InvalidValue.new(:vendor, 'be a String')
+          raise InvalidValue.new(:vendor, "be a String")
         end
 
         @vendor = val
@@ -144,7 +144,7 @@ module Omnibus
         @license || project.license
       else
         unless val.is_a?(String)
-          raise InvalidValue.new(:license, 'be a String')
+          raise InvalidValue.new(:license, "be a String")
         end
 
         @license = val
@@ -166,10 +166,10 @@ module Omnibus
     #
     def priority(val = NULL)
       if null?(val)
-        @priority || 'extra'
+        @priority || "extra"
       else
         unless val.is_a?(String)
-          raise InvalidValue.new(:priority, 'be a String')
+          raise InvalidValue.new(:priority, "be a String")
         end
 
         @priority = val
@@ -191,10 +191,10 @@ module Omnibus
     #
     def category(val = NULL)
       if null?(val)
-        @category || 'default'
+        @category || "default"
       else
         unless val.is_a?(String)
-          raise InvalidValue.new(:category, 'be a String')
+          raise InvalidValue.new(:category, "be a String")
         end
 
         @category = val
@@ -248,7 +248,7 @@ module Omnibus
     # @return [String]
     #
     def build_dir
-      @build_dir ||= File.join(staging_dir, 'BUILD')
+      @build_dir ||= File.join(staging_dir, "BUILD")
     end
 
     #
@@ -267,7 +267,7 @@ module Omnibus
     # @return [Array]
     #
     def filesystem_directories
-      @filesystem_directories ||= IO.readlines(resource_path('filesystem_list')).map { |f| f.chomp }
+      @filesystem_directories ||= IO.readlines(resource_path("filesystem_list")).map { |f| f.chomp }
     end
 
     #
@@ -277,7 +277,7 @@ module Omnibus
     # @return [String]
     #
     def mark_filesystem_directories(fsdir)
-      if fsdir.eql?('/') || fsdir.eql?('/usr/lib') || fsdir.eql?('/usr/share/empty')
+      if fsdir.eql?("/") || fsdir.eql?("/usr/lib") || fsdir.eql?("/usr/share/empty")
         return "%dir %attr(0555,root,root) #{fsdir}"
       elsif filesystem_directories.include?(fsdir)
         return "%dir %attr(0755,root,root) #{fsdir}"
@@ -306,9 +306,9 @@ module Omnibus
 
       # Get a list of all files
       files = FileSyncer.glob("#{build_dir}/**/*")
-                .map    { |path| build_filepath(path) }
+                .map { |path| build_filepath(path) }
 
-      render_template(resource_path('spec.erb'),
+      render_template(resource_path("spec.erb"),
         destination: spec_file,
         variables: {
           name:            safe_base_package_name,
@@ -331,38 +331,38 @@ module Omnibus
           config_files:    config_files,
           files:           files,
           build_dir:       build_dir,
-          platform_family: Ohai['platform_family']
+          platform_family: Ohai["platform_family"],
         }
       )
     end
 
     #
-    # Generate the RPM file using +rpmbuild+.  The use of the +fakeroot+ command
-    # is required so that the package is owned by +root:root+, but the build
-    # user does not need to have sudo permissions.
+    # Generate the RPM file using +rpmbuild+. Unlike debian,the +fakeroot+
+    # command is not required for the package to be owned by +root:root+. The
+    # rpmuser specified in the spec file dictates this.
     #
     # @return [void]
     #
     def create_rpm_file
-      command =  %|fakeroot rpmbuild|
-      command << %| --target #{safe_architecture}|
-      command << %| -bb|
-      command << %| --buildroot #{staging_dir}/BUILD|
-      command << %| --define '_topdir #{staging_dir}'|
+      command =  %{rpmbuild}
+      command << %{ --target #{safe_architecture}}
+      command << %{ -bb}
+      command << %{ --buildroot #{staging_dir}/BUILD}
+      command << %{ --define '_topdir #{staging_dir}'}
 
       if signing_passphrase
         log.info(log_key) { "Signing enabled for .rpm file" }
 
         if File.exist?("#{ENV['HOME']}/.rpmmacros")
           log.info(log_key) { "Detected .rpmmacros file at `#{ENV['HOME']}'" }
-          home = ENV['HOME']
+          home = ENV["HOME"]
         else
           log.info(log_key) { "Using default .rpmmacros file from Omnibus" }
 
           # Generate a temporary home directory
           home = Dir.mktmpdir
 
-          render_template(resource_path('rpmmacros.erb'),
+          render_template(resource_path("rpmmacros.erb"),
             destination: "#{home}/.rpmmacros",
             variables: {
               gpg_name: project.maintainer,
@@ -376,7 +376,7 @@ module Omnibus
 
         with_rpm_signing do |signing_script|
           log.info(log_key) { "Creating .rpm file" }
-          shellout!("#{signing_script} \"#{command}\"", environment: { 'HOME' => home })
+          shellout!("#{signing_script} \"#{command}\"", environment: { "HOME" => home })
         end
       else
         log.info(log_key) { "Creating .rpm file" }
@@ -395,11 +395,11 @@ module Omnibus
     # @return [String]
     #
     def build_filepath(path)
-      filepath = rpm_safe('/' + path.gsub("#{build_dir}/", ''))
+      filepath = rpm_safe("/" + path.gsub("#{build_dir}/", ""))
       return if config_files.include?(filepath)
-      full_path = build_dir + filepath.gsub('[%]','%')
+      full_path = build_dir + filepath.gsub("[%]", "%")
       # FileSyncer.glob quotes pathnames that contain spaces, which is a problem on el7
-      full_path.gsub!('"', '')
+      full_path.delete!('"')
       # Mark directories with the %dir directive to prevent rpmbuild from counting their contents twice.
       return mark_filesystem_directories(filepath) if !File.symlink?(full_path) && File.directory?(full_path)
       filepath
@@ -428,7 +428,7 @@ module Omnibus
       directory   = Dir.mktmpdir
       destination = "#{directory}/sign-rpm"
 
-      render_template(resource_path('signing.erb'),
+      render_template(resource_path("signing.erb"),
         destination: destination,
         mode: 0700,
         variables: {
@@ -437,7 +437,7 @@ module Omnibus
       )
 
       # Yield the destination to the block
-      block.call(destination)
+      yield(destination)
     ensure
       remove_file(destination)
       remove_directory(directory)
@@ -474,7 +474,7 @@ module Omnibus
       if project.package_name =~ /\A[a-z0-9\.\+\-]+\z/
         project.package_name.dup
       else
-        converted = project.package_name.downcase.gsub(/[^a-z0-9\.\+\-]+/, '-')
+        converted = project.package_name.downcase.gsub(/[^a-z0-9\.\+\-]+/, "-")
 
         log.warn(log_key) do
           "The `name' component of RPM package names can only include " \
@@ -513,8 +513,8 @@ module Omnibus
       #   http://rpm.org/ticket/56
       #
       if version =~ /\-/
-        if Ohai['platform_family'] == 'wrlinux'
-          converted = version.gsub('-', '_') #WRL has an elderly RPM version
+        if Ohai["platform_family"] == "wrlinux"
+          converted = version.tr("-", "_") #WRL has an elderly RPM version
           log.warn(log_key) do
             "Omnibus replaces dashes (-) with tildes (~) so pre-release " \
             "versions get sorted earlier than final versions.  However, the " \
@@ -523,7 +523,7 @@ module Omnibus
             "`#{project.build_version}' to `#{converted}'."
           end
         else
-          converted = version.gsub('-', '~')
+          converted = version.tr("-", "~")
           log.warn(log_key) do
             "Tildes hold special significance in the RPM package versions. " \
             "They mark a version as lower priority in RPM's version compare " \
@@ -533,14 +533,13 @@ module Omnibus
           end
         end
 
-
         version = converted
       end
 
       if version =~ /\A[a-zA-Z0-9\.\+\~]+\z/
         version
       else
-        converted = version.gsub(/[^a-zA-Z0-9\.\+\~]+/, '_')
+        converted = version.gsub(/[^a-zA-Z0-9\.\+\~]+/, "_")
 
         log.warn(log_key) do
           "The `version' component of RPM package names can only include " \
@@ -559,17 +558,17 @@ module Omnibus
     # @return [String]
     #
     def safe_architecture
-      case Ohai['kernel']['machine']
-      when 'i686'
-        'i386'
-      when 'armv6l'
-        if Ohai['platform'] == 'pidora'
-          'armv6hl'
+      case Ohai["kernel"]["machine"]
+      when "i686"
+        "i386"
+      when "armv6l"
+        if Ohai["platform"] == "pidora"
+          "armv6hl"
         else
-          'armv6l'
+          "armv6l"
         end
       else
-        Ohai['kernel']['machine']
+        Ohai["kernel"]["machine"]
       end
     end
   end

data/lib/omnibus/packagers/solaris.rb

@@ -14,18 +14,18 @@
 # limitations under the License.
 #
 
-require 'socket'
+require "socket"
 
 module Omnibus
   class Packager::Solaris < Packager::Base
     # @return [Hash]
     SCRIPT_MAP = {
       # Default Omnibus naming
-      postinst:  'postinstall',
-      postrm: 'postremove',
+      postinst:  "postinstall",
+      postrm: "postremove",
       # Default Solaris naming
-      postinstall:  'postinstall',
-      postremove: 'postremove',
+      postinstall:  "postinstall",
+      postremove: "postremove",
     }.freeze
 
     id :solaris
@@ -82,8 +82,8 @@ module Omnibus
     def write_prototype_file
       shellout! "cd #{install_dirname} && find #{install_basename} -print > #{staging_dir_path('files')}"
 
-      File.open staging_dir_path('files.clean'), 'w+' do |fout|
-        File.open staging_dir_path('files') do |fin|
+      File.open staging_dir_path("files.clean"), "w+" do |fout|
+        File.open staging_dir_path("files") do |fin|
           fin.each_line do |line|
             if line.chomp =~ /\s/
               log.warn(log_key) { "Skipping packaging '#{line}' file due to whitespace in filename" }
@@ -95,8 +95,8 @@ module Omnibus
       end
 
       # generate list of control files
-      File.open staging_dir_path('Prototype'), 'w+' do |f|
-        f.write <<-EOF.gsub(/^ {10}/, '')
+      File.open staging_dir_path("Prototype"), "w+" do |f|
+        f.write <<-EOF.gsub(/^ {10}/, "")
           i pkginfo
           i postinstall
           i postremove
@@ -117,7 +117,7 @@ module Omnibus
       hostname = Socket.gethostname
 
       # http://docs.oracle.com/cd/E19683-01/816-0219/6m6njqbat/index.html
-      pkginfo_content = <<-EOF.gsub(/^ {8}/, '')
+      pkginfo_content = <<-EOF.gsub(/^ {8}/, "")
         CLASSES=none
         TZ=PST
         PATH=/sbin:/usr/sbin:/usr/bin:/usr/sadm/install/bin
@@ -132,7 +132,7 @@ module Omnibus
         EMAIL=#{project.maintainer}
         PSTAMP=#{hostname}#{Time.now.utc.iso8601}
       EOF
-      File.open staging_dir_path('pkginfo'), 'w+' do |f|
+      File.open staging_dir_path("pkginfo"), "w+" do |f|
         f.write pkginfo_content
       end
     end
@@ -156,11 +156,11 @@ module Omnibus
     def safe_architecture
       # The #i386? and #intel? helpers come from chef-sugar
       if intel?
-        'i386'
+        "i386"
       elsif sparc?
-        'sparc'
+        "sparc"
       else
-        Ohai['kernel']['machine']
+        Ohai["kernel"]["machine"]
       end
     end
   end

data/lib/omnibus/packagers/windows_base.rb

@@ -0,0 +1,192 @@
+#
+# Copyright 2016 Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module Omnibus
+  class Packager::WindowsBase < Packager::Base
+    DEFAULT_TIMESTAMP_SERVERS = ["http://timestamp.digicert.com",
+                                 "http://timestamp.verisign.com/scripts/timestamp.dll"]
+
+    #
+    # Set the signing certificate name
+    #
+    # @example
+    #   signing_identity 'FooCert'
+    #   signing_identity 'FooCert', store: 'BarStore'
+    #
+    # @param [String] thumbprint
+    #   the thumbprint of the certificate in the certificate store
+    # @param [Hash<Symbol, String>] params
+    #   an optional hash that defines the parameters for the singing identity
+    #
+    # @option params [String] :store (My)
+    #   The name of the certificate store which contains the certificate
+    # @option params [Array<String>, String] :timestamp_servers
+    #   A trusted timestamp server or a list of truested timestamp servers to
+    #   be tried. They are tried in the order provided.
+    # @option params [TrueClass, FalseClass] :machine_store (false)
+    #   If set to true, the local machine store will be searched for a valid
+    #   certificate. Otherwise, the current user store is used
+    #
+    #   Setting nothing will default to trying ['http://timestamp.digicert.com',
+    #   'http://timestamp.verisign.com/scripts/timestamp.dll']
+    #
+    # @return [Hash{:thumbprint => String, :store => String, :timestamp_servers => Array[String]}]
+    #
+    def signing_identity(thumbprint = NULL, params = NULL)
+      unless null?(thumbprint)
+        @signing_identity = {}
+        unless thumbprint.is_a?(String)
+          raise InvalidValue.new(:signing_identity, "be a String")
+        end
+
+        @signing_identity[:thumbprint] = thumbprint
+
+        if !null?(params)
+          unless params.is_a?(Hash)
+            raise InvalidValue.new(:params, "be a Hash")
+          end
+
+          valid_keys = [:store, :timestamp_servers, :machine_store, :algorithm]
+          invalid_keys = params.keys - valid_keys
+          unless invalid_keys.empty?
+            raise InvalidValue.new(:params, "contain keys from [#{valid_keys.join(', ')}]. "\
+                                   "Found invalid keys [#{invalid_keys.join(', ')}]")
+          end
+
+          if !params[:machine_store].nil? && !(
+             params[:machine_store].is_a?(TrueClass) ||
+             params[:machine_store].is_a?(FalseClass))
+            raise InvalidValue.new(:params, "contain key :machine_store of type TrueClass or FalseClass")
+          end
+        else
+          params = {}
+        end
+
+        @signing_identity[:store] = params[:store] || "My"
+        @signing_identity[:algorithm] = params[:algorithm] || "SHA1"
+        servers = params[:timestamp_servers] || DEFAULT_TIMESTAMP_SERVERS
+        @signing_identity[:timestamp_servers] = [servers].flatten
+        @signing_identity[:machine_store] = params[:machine_store] || false
+      end
+
+      @signing_identity
+    end
+    expose :signing_identity
+
+    def thumbprint
+      signing_identity[:thumbprint]
+    end
+
+    def algorithm
+      signing_identity[:algorithm]
+    end
+
+    def cert_store_name
+      signing_identity[:store]
+    end
+
+    def timestamp_servers
+      signing_identity[:timestamp_servers]
+    end
+
+    def machine_store?
+      signing_identity[:machine_store]
+    end
+
+    #
+    # Iterates through available timestamp servers and tries to sign
+    # the file with with each server, stopping after the first to succeed.
+    # If none succeed, an exception is raised.
+    #
+    def sign_package(package_file)
+      success = false
+      timestamp_servers.each do |ts|
+        success = try_sign(package_file, ts)
+        break if success
+      end
+      raise FailedToSignWindowsPackage.new if !success
+    end
+
+    def try_sign(package_file, url)
+      cmd = Array.new.tap do |arr|
+        arr << "signtool.exe"
+        arr << "sign /v"
+        arr << "/t #{url}"
+        arr << "/fd #{algorithm}"
+        arr << "/sm" if machine_store?
+        arr << "/s #{cert_store_name}"
+        arr << "/sha1 #{thumbprint}"
+        arr << "/d #{project.package_name}"
+        arr << "\"#{package_file}\""
+      end.join(" ")
+      status = shellout(cmd)
+      if status.exitstatus != 0
+        log.warn(log_key) do
+          <<-EOH.strip
+                Failed to add timestamp with timeserver #{url}
+
+                STDOUT
+                ------
+                #{status.stdout}
+
+                STDERR
+                ------
+                #{status.stderr}
+                EOH
+        end
+      end
+      status.exitstatus == 0
+    end
+
+    #
+    # Get the certificate subject of the signing identity
+    #
+    # @return [String]
+    #
+    def certificate_subject
+      return "CN=#{project.package_name}" unless signing_identity
+      store = machine_store? ? "LocalMachine" : "CurrentUser"
+      cmd = Array.new.tap do |arr|
+        arr << "powershell.exe"
+        arr << "-ExecutionPolicy Bypass"
+        arr << "-NoProfile"
+        arr << "-Command (Get-Item Cert:/#{store}/#{cert_store_name}/#{thumbprint}).Subject"
+      end.join(" ")
+
+      shellout!(cmd).stdout.strip
+    end
+
+    #
+    # Parse and return the version from the {Project#build_version}.
+    #
+    # A project's +build_version+ looks something like:
+    #
+    #     dev builds => 11.14.0-alpha.1+20140501194641.git.94.561b564
+    #                => 0.0.0+20140506165802.1
+    #
+    #     rel builds => 11.14.0.alpha.1 || 11.14.0
+    #
+    # The appx and msi version specs expects a version that looks like X.Y.Z.W where
+    # X, Y, Z & W are all 32 bit integers.
+    #
+    # @return [String]
+    #
+    def windows_package_version
+      major, minor, patch = project.build_version.split(/[.+-]/)
+      [major, minor, patch, project.build_iteration].join(".")
+    end
+  end
+end