omnibus 5.6.1 → 5.6.6

data/lib/omnibus/fetcher.rb

@@ -193,6 +193,8 @@ module Omnibus
           GitFetcher
         elsif source[:path]
           PathFetcher
+        elsif source[:file]
+          FileFetcher
         end
       else
         NullFetcher

data/lib/omnibus/fetchers/file_fetcher.rb

@@ -0,0 +1,131 @@
+#
+# Copyright 2012-2014 Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "fileutils"
+
+module Omnibus
+  class FileFetcher < Fetcher
+    #
+    # Fetch if the local file checksum is different than the path file
+    # checksum.
+    #
+    # @return [true, false]
+    #
+    def fetch_required?
+      target_shasum != destination_shasum
+    end
+
+    #
+    # The version identifier for this file. This is computed using the file
+    # on disk to the source and the shasum of that file on disk.
+    #
+    # @return [String]
+    #
+    def version_guid
+      "file:#{source_file}"
+    end
+
+    #
+    # Clean the given path by removing the project directory.
+    #
+    # @return [true, false]
+    #   true if the directory was cleaned, false otherwise.
+    #   Since we do not currently use the cache to sync files and
+    #   always fetch from source, there is no need to clean anything.
+    #   The fetch step (which needs to be called before clean) would
+    #   have already removed anything extraneous.
+    #
+    def clean
+      true
+    end
+
+    #
+    # Fetch any new files by copying them to the +project_dir+.
+    #
+    # @return [void]
+    #
+    def fetch
+      log.info(log_key) { "Copying from `#{source_file}'" }
+
+      create_required_directories
+      FileUtils.cp(source_file, target_file)
+      # Reset target shasum on every fetch
+      @target_shasum = nil
+      target_shasum
+    end
+
+    #
+    # The version for this item in the cache. The is the shasum of the file
+    # on disk.
+    #
+    # This method is called *before* clean but *after* fetch. Since fetch
+    # automatically cleans, target vs. destination sha doesn't matter. Change this
+    # if that assumption changes.
+    #
+    # @return [String]
+    #
+    def version_for_cache
+      "file:#{source_file}|shasum:#{destination_shasum}"
+    end
+
+    #
+    # @return [String, nil]
+    #
+    def self.resolve_version(version, source)
+      version
+    end
+
+    private
+
+    #
+    # The path on disk to pull the file from.
+    #
+    # @return [String]
+    #
+    def source_file
+      source[:file]
+    end
+
+    #
+    # The path on disk where the file is stored.
+    #
+    # @return [String]
+    #
+    def target_file
+      File.join(project_dir, File.basename(source_file))
+    end
+
+    #
+    # The shasum of the file **inside** the project.
+    #
+    # @return [String, nil]
+    #
+    def target_shasum
+      @target_shasum ||= digest(target_file, :sha256)
+    rescue Errno::ENOENT
+      @target_shasum = nil
+    end
+
+    #
+    # The shasum of the file **outside** of the project.
+    #
+    # @return [String]
+    #
+    def destination_shasum
+      @destination_shasum ||= digest(source_file, :sha256)
+    end
+  end
+end

data/lib/omnibus/packagers/deb.rb

@@ -60,12 +60,37 @@ module Omnibus
 
       # Create the deb
       create_deb_file
+
+      # Sign the deb
+      sign_deb_file
     end
 
     #
     # @!group DSL methods
     # --------------------------------------------------
 
+    #
+    # Set or return the signing passphrase. If this value is provided,
+    # Omnibus will attempt to sign the DEB.
+    #
+    # @example
+    #   signing_passphrase "foo"
+    #
+    # @param [String] val
+    #   the passphrase to use when signing the DEB
+    #
+    # @return [String]
+    #   the DEB-signing passphrase
+    #
+    def signing_passphrase(val = NULL)
+      if null?(val)
+        @signing_passphrase
+      else
+        @signing_passphrase = val
+      end
+    end
+    expose :signing_passphrase
+
     #
     # Set or return the vendor who made this package.
     #
@@ -389,6 +414,62 @@ module Omnibus
       end
     end
 
+    #
+    # Sign the  +.deb+ file with gpg. This has to be done as separate steps
+    # from creating the +.deb+ file. See +debsigs+ source for behavior
+    # replicated here. +https://gitlab.com/debsigs/debsigs/blob/master/debsigs.txt#L103-124+
+    #
+    # @return [void]
+    def sign_deb_file
+      if !signing_passphrase
+        log.info(log_key) { "Signing not enabled for .deb file" }
+        return
+      end
+
+      log.info(log_key) { "Signing enabled for .deb file" }
+
+      # Check our dependencies and determine command for GnuPG. +Omnibus.which+ returns the path, or nil.
+      gpg = nil
+      if Omnibus.which("gpg2")
+        gpg = "gpg2"
+      elsif Omnibus.which("gpg")
+        gpg = "gpg"
+      end
+
+      if gpg && Omnibus.which("ar")
+        # Create a directory that will be cleaned when we leave the block
+        Dir.mktmpdir do |tmp_dir|
+          Dir.chdir(tmp_dir) do
+            # Extract the deb file contents
+            shellout!("ar x #{Config.package_dir}/#{package_name}")
+            # Concatenate contents, in order per +debsigs+ documentation.
+            shellout!("cat debian-binary control.tar.* data.tar.* > complete")
+            # Create signature (as +root+)
+            gpg_command =  "#{gpg} --armor --sign --detach-sign"
+            gpg_command << " --local-user '#{project.maintainer}'"
+            gpg_command << " --homedir #{ENV['HOME']}/.gnupg" # TODO: Make this configurable
+            ## pass the +signing_passphrase+ via +STDIN+
+            gpg_command << " --batch --no-tty"
+            ## Check `gpg` for the compatibility/need of pinentry-mode
+            # - We're calling gpg with the +--pinentry-mode+ argument, and +STDIN+ of +/dev/null+
+            # - This _will_ fail with exit code 2 no matter what. We want to check the +STDERR+
+            #   for the error message about the parameter. If it is _not present_ in the
+            #   output, then we _do_ want to add it. (If +grep -q+ is +1+, add parameter)
+            if shellout("#{gpg} --pinentry-mode loopback </dev/null 2>&1 | grep -q pinentry-mode").exitstatus == 1
+              gpg_command << " --pinentry-mode loopback"
+            end
+            gpg_command << " --passphrase-fd 0"
+            gpg_command << " -o _gpgorigin complete"
+            shellout!("fakeroot #{gpg_command}", input: signing_passphrase)
+            # Append +_gpgorigin+ to the +.deb+ file (as +root+)
+            shellout!("fakeroot ar rc #{Config.package_dir}/#{package_name} _gpgorigin")
+          end
+        end
+      else
+        log.info(log_key) { "Signing not possible. Ensure that GnuPG and GNU AR are available" }
+      end
+    end
+
     #
     # The size of this Debian package. This is dynamically calculated.
     #

data/lib/omnibus/packagers/ips.rb

@@ -213,18 +213,33 @@ module Omnibus
       )
     end
 
+    #
+    # The name of the project specific template if it exists
+    # The resource exists locally. For example for project omnibus-toolchain
+    # resource_path("#{safe_base_package_name}-symlinks.erb") #=>
+    # {"/path/to/omnibus-toolchain/resources/omnibus-toolchain/ips/omnibus-toolchain-symlinks.erb"}
+    # OR {"/path/to/omnibus-toolchain/resources/omnibus-toolchain/ips/symlinks.erb"}
+    #
+    # @return [String]
+    #
+    def symlinks_file
+      if File.exists?(resource_path("#{safe_base_package_name}-symlinks.erb"))
+        "#{safe_base_package_name}-symlinks.erb"
+      elsif File.exists?(resource_path("symlinks.erb"))
+        "symlinks.erb"
+      end
+    end
+
     #
     # A set of symbolic links to installed commands that
     #`pkgmogrify' will apply to the package manifest. Is called only when
-    # symlinks.erb template exists
-    # The resource exists locally. For example for project omnibus-toolchain
-    # resource_path("symlinks.erb") #=>
-    # {"/path/to/omnibus-toolchain/resources/omnibus-toolchain/ips/symlinks.erb"}
+    # "#{safe_base_package_name}-symlinks.erb" or "symlinks.erb" template resource
+    # exists locally
     #
     # @return [String]
     #
     def render_symlinks
-      render_template_content(resource_path("symlinks.erb"),
+      render_template_content(resource_path(symlinks_file),
         {
           projectdir: project.install_dir,
         }
@@ -250,8 +265,8 @@ module Omnibus
         }
       )
 
-      # Append the contents of symlinks.erb if it exists
-      if File.exists?(resource_path("symlinks.erb"))
+      # Append the contents of symlinks_file if it exists
+      if symlinks_file
         File.open(pkg_metadata_file, "a") do |symlink|
           symlink.write(render_symlinks)
         end

data/lib/omnibus/publishers/artifactory_publisher.rb

@@ -260,7 +260,7 @@ module Omnibus
     # and the package metadata.
     #
     # @example
-    #   chef/11.6.0/chef-11.6.0-1.el6.x86_64.rpm
+    #   com/getchef/chef/11.6.0/ubuntu/14.04/chef-11.6.0-1.el6.x86_64.rpm
     #
     # @param [Package] package
     #   the package to generate the remote path for
@@ -270,11 +270,7 @@ module Omnibus
     def remote_path_for(package)
       File.join(
         Config.artifactory_base_path,
-        package.metadata[:name],
-        package.metadata[:version],
-        package.metadata[:platform],
-        package.metadata[:platform_version],
-        package.metadata[:basename]
+        Config.artifactory_publish_pattern % package.metadata
       )
     end
   end

data/lib/omnibus/publishers/s3_publisher.rb

@@ -57,25 +57,27 @@ module Omnibus
         config[:access_key_id]      = Config.publish_s3_access_key
         config[:secret_access_key]  = Config.publish_s3_secret_key
       end
+
+      config
     end
 
     #
     # The unique upload key for this package. The additional "stuff" is
     # postfixed to the end of the path.
     #
+    # @example
+    #   'el/6/x86_64/chef-11.6.0-1.el6.x86_64.rpm/chef-11.6.0-1.el6.x86_64.rpm'
+    #
     # @param [Package] package
     #   the package this key is for
     # @param [Array<String>] stuff
-    #   the additional things to prepend
+    #   the additional things to append
     #
     # @return [String]
     #
     def key_for(package, *stuff)
       File.join(
-        package.metadata[:platform],
-        package.metadata[:platform_version],
-        package.metadata[:arch],
-        package.name,
+        Config.s3_publish_pattern % package.metadata,
         *stuff
       )
     end

data/lib/omnibus/s3_cache.rb

@@ -144,6 +144,7 @@ module Omnibus
           bucket_name:              Config.s3_bucket,
           endpoint:                 Config.s3_endpoint,
           use_accelerate_endpoint:  Config.s3_accelerate,
+          force_path_style:         Config.s3_force_path_style,
         }
 
         if Config.s3_profile

data/lib/omnibus/s3_helpers.rb

@@ -38,6 +38,7 @@ module Omnibus
       #     bucket_name:              Config.s3_bucket,
       #     endpoint:                 Config.s3_endpoint,
       #     use_accelerate_endpoint:  Config.s3_accelerate
+      #     force_path_style:         Config.s3_force_path_style
       #   }
       #
       # @return [Hash<String, String>]
@@ -68,6 +69,7 @@ module Omnibus
       def resource_params
         params = {
           use_accelerate_endpoint:  s3_configuration[:use_accelerate_endpoint],
+          force_path_style: s3_configuration[:force_path_style],
         }
 
         if s3_configuration[:use_accelerate_endpoint]

data/lib/omnibus/sugarable.rb

@@ -18,6 +18,7 @@ require "chef/sugar/architecture"
 require "chef/sugar/cloud"
 require "chef/sugar/constraints"
 require "chef/sugar/ip"
+require "chef/sugar/init"
 require "chef/sugar/platform"
 require "chef/sugar/platform_family"
 require "chef/sugar/ruby"

data/lib/omnibus/version.rb

@@ -15,5 +15,5 @@
 #
 
 module Omnibus
-  VERSION = "5.6.1"
+  VERSION = "5.6.6"
 end

data/lib/omnibus/whitelist.rb

@@ -126,6 +126,7 @@ MAC_WHITELIST_LIBS = [
   /Tcl$/,
   /Cocoa$/,
   /Carbon$/,
+  /Foundation/,
   /IOKit$/,
   /Tk$/,
   /libutil\.dylib/,

data/omnibus.gemspec

@@ -8,10 +8,10 @@ Gem::Specification.new do |gem|
   gem.version        = Omnibus::VERSION
   gem.license        = "Apache 2.0"
   gem.author         = "Chef Software, Inc."
-  gem.email          = "releng@getchef.com"
+  gem.email          = "releng@chef.io"
   gem.summary        = "Omnibus is a framework for building self-installing, full-stack software builds."
   gem.description    = gem.summary
-  gem.homepage       = "https://github.com/opscode/omnibus"
+  gem.homepage       = "https://github.com/chef/omnibus"
 
   gem.required_ruby_version = ">= 2.2"
 
@@ -40,7 +40,7 @@ Gem::Specification.new do |gem|
   gem.add_development_dependency "artifactory", "~> 2.0"
   gem.add_development_dependency "aruba",       "~> 0.5"
   gem.add_development_dependency "chefstyle"
-  gem.add_development_dependency "fauxhai",     "~> 3.2"
+  gem.add_development_dependency "fauxhai",     "~> 5.2"
   gem.add_development_dependency "rspec",       "~> 3.0"
   gem.add_development_dependency "rspec-json_expectations"
   gem.add_development_dependency "rspec-its"

data/resources/msi/source.wxs.erb

@@ -20,6 +20,13 @@
 
     <Media Id="1" Cabinet="Project.cab" EmbedCab="yes" CompressionLevel="high" />
 
+    <!--
+      Take advantage of Windows Installer 5.0 feature (if available) to disable 
+      checkpointing and other costings that take significant amounts of time 
+      ref: https://msdn.microsoft.com/en-us/library/windows/desktop/dd408005(v=vs.85).aspx
+    -->
+    <Property Id="MSIFASTINSTALL" Value="7" />
+
     <!--
       Uncomment launch condition below to check for minimum OS
       601 = Windows 7/Server 2008R2.

data/spec/functional/fetchers/file_fetcher_spec.rb

@@ -0,0 +1,92 @@
+require "spec_helper"
+
+module Omnibus
+  describe FileFetcher do
+    include_examples "a software"
+
+    let(:source_file) { File.join(tmp_path, "t", "software") }
+    let(:target_file) { File.join(project_dir, "software") }
+
+    let(:source) do
+      { file: source_file }
+    end
+
+    let(:manifest_entry) do
+      double(Omnibus::ManifestEntry,
+             name: "pathelogical",
+             locked_version: nil,
+             described_version: nil,
+             locked_source: source)
+    end
+
+    subject { described_class.new(manifest_entry, project_dir, build_dir) }
+
+    describe "#fetch_required?" do
+      context "when the files have different hashes" do
+        before do
+          create_file(source_file) { "different" }
+          create_file(target_file) { "same" }
+        end
+
+        it "return true" do
+          expect(subject.fetch_required?).to be_truthy
+        end
+      end
+
+      context "when the files have the same hash" do
+        before do
+          create_file(source_file) { "same" }
+          create_file(target_file) { "same" }
+        end
+
+        it "returns false" do
+          expect(subject.fetch_required?).to be(false)
+        end
+      end
+    end
+
+    describe "#version_guid" do
+      it "includes the source file" do
+        expect(subject.version_guid).to eq("file:#{source_file}")
+      end
+    end
+
+    describe "#fetch" do
+      before do
+        create_file(source_file)
+
+        remove_file(target_file)
+      end
+
+      it "fetches new files" do
+        subject.fetch
+
+        expect(target_file).to be_a_file
+      end
+    end
+
+    describe "#clean" do
+      it "returns true" do
+        expect(subject.clean).to be_truthy
+      end
+    end
+
+    describe "#version_for_cache" do
+      before do
+        create_file(source_file)
+      end
+
+      let(:sha) { "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" }
+
+      it "includes the source_file and shasum" do
+        expect(subject.version_for_cache).to eq("file:#{source_file}|shasum:#{sha}")
+      end
+    end
+
+    describe "#resolve_version" do
+      it "just returns the version" do
+        expect(NetFetcher.resolve_version("1.2.3", source)).to eq("1.2.3")
+      end
+    end
+  end
+end