omnibus 6.0.30 → 7.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +2 -1
- data/README.md +24 -8
- data/Rakefile +1 -1
- data/lib/omnibus/build_version_dsl.rb +1 -0
- data/lib/omnibus/builder.rb +6 -5
- data/lib/omnibus/changelog_printer.rb +7 -4
- data/lib/omnibus/cleaner.rb +3 -0
- data/lib/omnibus/cli.rb +1 -1
- data/lib/omnibus/cli/changelog.rb +24 -24
- data/lib/omnibus/cli/publish.rb +5 -5
- data/lib/omnibus/compressor.rb +2 -2
- data/lib/omnibus/compressors/base.rb +1 -1
- data/lib/omnibus/compressors/dmg.rb +45 -7
- data/lib/omnibus/config.rb +12 -2
- data/lib/omnibus/fetchers/git_fetcher.rb +1 -0
- data/lib/omnibus/fetchers/net_fetcher.rb +2 -3
- data/lib/omnibus/file_syncer.rb +2 -2
- data/lib/omnibus/generator_files/README.md.erb +18 -15
- data/lib/omnibus/generator_files/config/software/preparation.rb.erb +1 -1
- data/lib/omnibus/generator_files/omnibus.rb.erb +5 -4
- data/lib/omnibus/health_check.rb +1 -1
- data/lib/omnibus/licensing.rb +3 -4
- data/lib/omnibus/logger.rb +2 -1
- data/lib/omnibus/manifest.rb +1 -1
- data/lib/omnibus/metadata.rb +2 -2
- data/lib/omnibus/packagers/appx.rb +1 -2
- data/lib/omnibus/packagers/base.rb +1 -0
- data/lib/omnibus/packagers/bff.rb +6 -8
- data/lib/omnibus/packagers/deb.rb +7 -10
- data/lib/omnibus/packagers/ips.rb +3 -6
- data/lib/omnibus/packagers/makeself.rb +1 -2
- data/lib/omnibus/packagers/msi.rb +12 -11
- data/lib/omnibus/packagers/pkg.rb +125 -9
- data/lib/omnibus/packagers/rpm.rb +11 -12
- data/lib/omnibus/packagers/solaris.rb +4 -4
- data/lib/omnibus/packagers/windows_base.rb +7 -6
- data/lib/omnibus/project.rb +1 -0
- data/lib/omnibus/publisher.rb +14 -12
- data/lib/omnibus/publishers/s3_publisher.rb +6 -4
- data/lib/omnibus/s3_cache.rb +3 -1
- data/lib/omnibus/s3_helpers.rb +6 -6
- data/lib/omnibus/software.rb +66 -30
- data/lib/omnibus/templating.rb +1 -1
- data/lib/omnibus/util.rb +3 -2
- data/lib/omnibus/version.rb +1 -1
- data/lib/omnibus/whitelist.rb +6 -1
- data/omnibus.gemspec +6 -6
- data/resources/rpm/signing.erb +7 -10
- data/spec/functional/builder_spec.rb +2 -1
- data/spec/functional/fetchers/file_fetcher_spec.rb +4 -4
- data/spec/functional/fetchers/git_fetcher_spec.rb +4 -4
- data/spec/functional/fetchers/net_fetcher_spec.rb +5 -6
- data/spec/functional/fetchers/path_fetcher_spec.rb +4 -4
- data/spec/functional/file_syncer_spec.rb +42 -0
- data/spec/functional/licensing_spec.rb +5 -5
- data/spec/support/examples.rb +3 -4
- data/spec/unit/builder_spec.rb +9 -9
- data/spec/unit/changelogprinter_spec.rb +8 -6
- data/spec/unit/compressor_spec.rb +3 -3
- data/spec/unit/compressors/dmg_spec.rb +43 -4
- data/spec/unit/fetchers/net_fetcher_spec.rb +16 -17
- data/spec/unit/health_check_spec.rb +2 -6
- data/spec/unit/library_spec.rb +2 -1
- data/spec/unit/manifest_diff_spec.rb +2 -2
- data/spec/unit/manifest_spec.rb +1 -1
- data/spec/unit/metadata_spec.rb +9 -11
- data/spec/unit/omnibus_spec.rb +1 -1
- data/spec/unit/packagers/bff_spec.rb +2 -2
- data/spec/unit/packagers/msi_spec.rb +2 -2
- data/spec/unit/packagers/pkg_spec.rb +354 -0
- data/spec/unit/packagers/pkgsrc_spec.rb +1 -1
- data/spec/unit/packagers/solaris_spec.rb +7 -7
- data/spec/unit/project_spec.rb +2 -2
- data/spec/unit/publisher_spec.rb +8 -9
- data/spec/unit/publishers/artifactory_publisher_spec.rb +2 -4
- data/spec/unit/publishers/s3_publisher_spec.rb +2 -4
- data/spec/unit/s3_cacher_spec.rb +19 -6
- data/spec/unit/s3_helpers_spec.rb +22 -3
- data/spec/unit/software_spec.rb +72 -42
- data/spec/unit/util_spec.rb +1 -2
- metadata +17 -11
@@ -44,8 +44,7 @@ module Omnibus
|
|
44
44
|
maintainer: project.maintainer,
|
45
45
|
build_version: project.build_version,
|
46
46
|
package_name: project.package_name,
|
47
|
-
}
|
48
|
-
)
|
47
|
+
})
|
49
48
|
|
50
49
|
# Render the welcome template
|
51
50
|
render_template(resource_path("welcome.html.erb"),
|
@@ -56,8 +55,7 @@ module Omnibus
|
|
56
55
|
maintainer: project.maintainer,
|
57
56
|
build_version: project.build_version,
|
58
57
|
package_name: project.package_name,
|
59
|
-
}
|
60
|
-
)
|
58
|
+
})
|
61
59
|
|
62
60
|
# "Render" the assets
|
63
61
|
copy_file(resource_path("background.png"), "#{resources_dir}/background.png")
|
@@ -66,6 +64,8 @@ module Omnibus
|
|
66
64
|
build do
|
67
65
|
write_scripts
|
68
66
|
|
67
|
+
sign_software_libs_and_bins
|
68
|
+
|
69
69
|
build_component_pkg
|
70
70
|
|
71
71
|
write_distribution_file
|
@@ -179,6 +179,67 @@ module Omnibus
|
|
179
179
|
end
|
180
180
|
end
|
181
181
|
|
182
|
+
def sign_software_libs_and_bins
|
183
|
+
if signing_identity
|
184
|
+
log.info(log_key) { "Finding libraries and binaries that require signing." }
|
185
|
+
|
186
|
+
bin_dirs = Set[]
|
187
|
+
lib_dirs = Set[]
|
188
|
+
binaries = Set[]
|
189
|
+
libraries = Set[]
|
190
|
+
|
191
|
+
# Capture lib_dirs and bin_dirs from each software
|
192
|
+
project.softwares.each do |software|
|
193
|
+
lib_dirs.merge(software.lib_dirs)
|
194
|
+
bin_dirs.merge(software.bin_dirs)
|
195
|
+
end
|
196
|
+
|
197
|
+
# Find all binaries in each bind_dir
|
198
|
+
bin_dirs.each do |dir|
|
199
|
+
binaries.merge Dir["#{dir}/*"]
|
200
|
+
end
|
201
|
+
# Filter out symlinks, non-files, and non-executables
|
202
|
+
log.debug(log_key) { " Filtering non-binary files:" }
|
203
|
+
binaries.select! { |bin| is_binary?(bin) }
|
204
|
+
|
205
|
+
# Use otool to find all libries that are used by our binaries
|
206
|
+
binaries.each do |bin|
|
207
|
+
libraries.merge find_linked_libs bin
|
208
|
+
end
|
209
|
+
|
210
|
+
# Find all libraries in each lib_dir and add any we missed with otool
|
211
|
+
lib_dirs.each do |dir|
|
212
|
+
libraries.merge Dir["#{dir}/*"]
|
213
|
+
end
|
214
|
+
|
215
|
+
# Filter Mach-O libraries and bundles
|
216
|
+
log.debug(log_key) { " Filtering non-library files:" }
|
217
|
+
libraries.select! { |lib| is_macho?(lib) }
|
218
|
+
|
219
|
+
# Use otool to find all libries that are used by our libraries
|
220
|
+
otool_libs = Set[]
|
221
|
+
libraries.each do |lib|
|
222
|
+
otool_libs.merge find_linked_libs lib
|
223
|
+
end
|
224
|
+
|
225
|
+
# Filter Mach-O libraries and bundles
|
226
|
+
otool_libs.select! { |lib| is_macho?(lib) }
|
227
|
+
libraries.merge otool_libs
|
228
|
+
|
229
|
+
log.info(log_key) { " Signing libraries:" } unless libraries.empty?
|
230
|
+
libraries.each do |library|
|
231
|
+
log.debug(log_key) { " Signing: #{library}" }
|
232
|
+
sign_library(library)
|
233
|
+
end
|
234
|
+
|
235
|
+
log.info(log_key) { " Signing binaries:" } unless binaries.empty?
|
236
|
+
binaries.each do |binary|
|
237
|
+
log.debug(log_key) { " Signing: #{binary}" }
|
238
|
+
sign_binary(binary, true)
|
239
|
+
end
|
240
|
+
end
|
241
|
+
end
|
242
|
+
|
182
243
|
#
|
183
244
|
# Construct the intermediate build product. It can be installed with the
|
184
245
|
# Installer.app, but doesn't contain the data needed to customize the
|
@@ -187,16 +248,20 @@ module Omnibus
|
|
187
248
|
# @return [void]
|
188
249
|
#
|
189
250
|
def build_component_pkg
|
190
|
-
command =
|
251
|
+
command = <<~EOH
|
191
252
|
pkgbuild \\
|
192
253
|
--identifier "#{safe_identifier}" \\
|
193
254
|
--version "#{safe_version}" \\
|
194
255
|
--scripts "#{scripts_dir}" \\
|
195
256
|
--root "#{project.install_dir}" \\
|
196
257
|
--install-location "#{project.install_dir}" \\
|
197
|
-
|
258
|
+
--preserve-xattr \\
|
198
259
|
EOH
|
199
260
|
|
261
|
+
command << %Q{ --sign "#{signing_identity}" \\\n} if signing_identity
|
262
|
+
command << %Q{ "#{component_pkg}"}
|
263
|
+
command << %Q{\n}
|
264
|
+
|
200
265
|
Dir.chdir(staging_dir) do
|
201
266
|
shellout!(command)
|
202
267
|
end
|
@@ -221,8 +286,7 @@ module Omnibus
|
|
221
286
|
identifier: safe_identifier,
|
222
287
|
version: safe_version,
|
223
288
|
component_pkg: component_pkg,
|
224
|
-
}
|
225
|
-
)
|
289
|
+
})
|
226
290
|
end
|
227
291
|
|
228
292
|
#
|
@@ -232,7 +296,7 @@ module Omnibus
|
|
232
296
|
# @return [void]
|
233
297
|
#
|
234
298
|
def build_product_pkg
|
235
|
-
command =
|
299
|
+
command = <<~EOH
|
236
300
|
productbuild \\
|
237
301
|
--distribution "#{staging_dir}/Distribution" \\
|
238
302
|
--resources "#{resources_dir}" \\
|
@@ -323,5 +387,57 @@ module Omnibus
|
|
323
387
|
converted
|
324
388
|
end
|
325
389
|
end
|
390
|
+
|
391
|
+
#
|
392
|
+
# Given a file path return any linked libraries.
|
393
|
+
#
|
394
|
+
# @param [String] file_path
|
395
|
+
# The path to a file
|
396
|
+
# @return [Array<String>]
|
397
|
+
# The linked libs
|
398
|
+
#
|
399
|
+
def find_linked_libs(file_path)
|
400
|
+
# Find all libaries for each bin
|
401
|
+
command = "otool -L #{file_path}"
|
402
|
+
|
403
|
+
stdout = shellout!(command).stdout
|
404
|
+
stdout.slice!(file_path)
|
405
|
+
stdout.scan(/#{install_dir}\S*/)
|
406
|
+
end
|
407
|
+
|
408
|
+
def sign_library(lib)
|
409
|
+
sign_binary(lib)
|
410
|
+
end
|
411
|
+
|
412
|
+
def sign_binary(bin, hardened_runtime = false)
|
413
|
+
command = "codesign -s '#{signing_identity}' '#{bin}'"
|
414
|
+
command << %q{ --options=runtime} if hardened_runtime
|
415
|
+
command << %Q{ --entitlements #{resource_path("entitlements.plist")}} if File.exist?(resource_path("entitlements.plist")) && hardened_runtime
|
416
|
+
## Force re-signing to deal with binaries that have the same sha.
|
417
|
+
command << %q{ --force}
|
418
|
+
command << %Q{\n}
|
419
|
+
|
420
|
+
shellout!(command)
|
421
|
+
end
|
422
|
+
|
423
|
+
def is_binary?(bin)
|
424
|
+
is_binary = File.file?(bin) &&
|
425
|
+
File.executable?(bin) &&
|
426
|
+
!File.symlink?(bin)
|
427
|
+
log.debug(log_key) { " removing from signing: #{bin}" } unless is_binary
|
428
|
+
is_binary
|
429
|
+
end
|
430
|
+
|
431
|
+
def is_macho?(lib)
|
432
|
+
is_macho = false
|
433
|
+
if is_binary?(lib)
|
434
|
+
command = "file #{lib}"
|
435
|
+
|
436
|
+
stdout = shellout!(command).stdout
|
437
|
+
is_macho = stdout.match?(/Mach-O.*library/) || stdout.match?(/Mach-O.*bundle/)
|
438
|
+
end
|
439
|
+
log.debug(log_key) { " removing from signing: #{lib}" } unless is_macho
|
440
|
+
is_macho
|
441
|
+
end
|
326
442
|
end
|
327
443
|
end
|
@@ -243,7 +243,7 @@ module Omnibus
|
|
243
243
|
if null?(val)
|
244
244
|
@compression_type || :gzip
|
245
245
|
else
|
246
|
-
unless val.is_a?(Symbol) &&
|
246
|
+
unless val.is_a?(Symbol) && %i{gzip bzip2 xz}.member?(val)
|
247
247
|
raise InvalidValue.new(:compression_type, "be a Symbol (:gzip, :bzip2, or :xz)")
|
248
248
|
end
|
249
249
|
|
@@ -317,7 +317,7 @@ module Omnibus
|
|
317
317
|
# @return [Array]
|
318
318
|
#
|
319
319
|
def filesystem_directories
|
320
|
-
@filesystem_directories ||= IO.readlines(resource_path("filesystem_list")).map
|
320
|
+
@filesystem_directories ||= IO.readlines(resource_path("filesystem_list")).map(&:chomp)
|
321
321
|
end
|
322
322
|
|
323
323
|
#
|
@@ -356,7 +356,7 @@ module Omnibus
|
|
356
356
|
|
357
357
|
# Get a list of all files
|
358
358
|
files = FileSyncer.glob("#{build_dir}/**/*")
|
359
|
-
|
359
|
+
.map { |path| build_filepath(path) }
|
360
360
|
|
361
361
|
render_template(resource_path("spec.erb"),
|
362
362
|
destination: spec_file,
|
@@ -383,8 +383,7 @@ module Omnibus
|
|
383
383
|
build_dir: build_dir,
|
384
384
|
platform_family: Ohai["platform_family"],
|
385
385
|
compression: compression,
|
386
|
-
}
|
387
|
-
)
|
386
|
+
})
|
388
387
|
end
|
389
388
|
|
390
389
|
#
|
@@ -422,8 +421,8 @@ module Omnibus
|
|
422
421
|
if signing_passphrase
|
423
422
|
log.info(log_key) { "Signing enabled for .rpm file" }
|
424
423
|
|
425
|
-
if File.exist?("#{ENV[
|
426
|
-
log.info(log_key) { "Detected .rpmmacros file at `#{ENV[
|
424
|
+
if File.exist?("#{ENV["HOME"]}/.rpmmacros")
|
425
|
+
log.info(log_key) { "Detected .rpmmacros file at `#{ENV["HOME"]}'" }
|
427
426
|
home = ENV["HOME"]
|
428
427
|
else
|
429
428
|
log.info(log_key) { "Using default .rpmmacros file from Omnibus" }
|
@@ -435,9 +434,8 @@ module Omnibus
|
|
435
434
|
destination: "#{home}/.rpmmacros",
|
436
435
|
variables: {
|
437
436
|
gpg_name: project.maintainer,
|
438
|
-
gpg_path: "#{ENV[
|
439
|
-
}
|
440
|
-
)
|
437
|
+
gpg_path: "#{ENV["HOME"]}/.gnupg", # TODO: Make this configurable
|
438
|
+
})
|
441
439
|
end
|
442
440
|
|
443
441
|
command << " --sign"
|
@@ -466,11 +464,13 @@ module Omnibus
|
|
466
464
|
def build_filepath(path)
|
467
465
|
filepath = rpm_safe("/" + path.gsub("#{build_dir}/", ""))
|
468
466
|
return if config_files.include?(filepath)
|
467
|
+
|
469
468
|
full_path = build_dir + filepath.gsub("[%]", "%")
|
470
469
|
# FileSyncer.glob quotes pathnames that contain spaces, which is a problem on el7
|
471
470
|
full_path.delete!('"')
|
472
471
|
# Mark directories with the %dir directive to prevent rpmbuild from counting their contents twice.
|
473
472
|
return mark_filesystem_directories(filepath) if !File.symlink?(full_path) && File.directory?(full_path)
|
473
|
+
|
474
474
|
filepath
|
475
475
|
end
|
476
476
|
|
@@ -502,8 +502,7 @@ module Omnibus
|
|
502
502
|
mode: 0700,
|
503
503
|
variables: {
|
504
504
|
passphrase: signing_passphrase,
|
505
|
-
}
|
506
|
-
)
|
505
|
+
})
|
507
506
|
|
508
507
|
# Yield the destination to the block
|
509
508
|
yield(destination)
|
@@ -76,7 +76,7 @@ module Omnibus
|
|
76
76
|
# Generate a Prototype file for solaris build
|
77
77
|
#
|
78
78
|
def write_prototype_file
|
79
|
-
shellout! "cd #{install_dirname} && find #{install_basename} -print > #{staging_dir_path(
|
79
|
+
shellout! "cd #{install_dirname} && find #{install_basename} -print > #{staging_dir_path("files")}"
|
80
80
|
|
81
81
|
File.open staging_dir_path("files.clean"), "w+" do |fout|
|
82
82
|
File.open staging_dir_path("files") do |fin|
|
@@ -100,10 +100,10 @@ module Omnibus
|
|
100
100
|
end
|
101
101
|
|
102
102
|
# generate the prototype's file list
|
103
|
-
shellout! "cd #{install_dirname} && pkgproto < #{staging_dir_path(
|
103
|
+
shellout! "cd #{install_dirname} && pkgproto < #{staging_dir_path("files.clean")} > #{staging_dir_path("Prototype.files")}"
|
104
104
|
|
105
105
|
# fix up the user and group in the file list to root
|
106
|
-
shellout! "awk '{ $5 = \"root\"; $6 = \"root\"; print }' < #{staging_dir_path(
|
106
|
+
shellout! "awk '{ $5 = \"root\"; $6 = \"root\"; print }' < #{staging_dir_path("Prototype.files")} >> #{staging_dir_path("Prototype")}"
|
107
107
|
end
|
108
108
|
|
109
109
|
#
|
@@ -139,7 +139,7 @@ module Omnibus
|
|
139
139
|
# @return [void]
|
140
140
|
#
|
141
141
|
def create_solaris_file
|
142
|
-
shellout! "pkgmk -o -r #{install_dirname} -d #{staging_dir} -f #{staging_dir_path(
|
142
|
+
shellout! "pkgmk -o -r #{install_dirname} -d #{staging_dir} -f #{staging_dir_path("Prototype")}"
|
143
143
|
shellout! "pkgchk -vd #{staging_dir} #{project.package_name}"
|
144
144
|
shellout! "pkgtrans #{staging_dir} #{package_path} #{project.package_name}"
|
145
145
|
end
|
@@ -59,11 +59,11 @@ module Omnibus
|
|
59
59
|
raise InvalidValue.new(:params, "be a Hash")
|
60
60
|
end
|
61
61
|
|
62
|
-
valid_keys =
|
62
|
+
valid_keys = %i{store timestamp_servers machine_store algorithm}
|
63
63
|
invalid_keys = params.keys - valid_keys
|
64
64
|
unless invalid_keys.empty?
|
65
|
-
raise InvalidValue.new(:params, "contain keys from [#{valid_keys.join(
|
66
|
-
"Found invalid keys [#{invalid_keys.join(
|
65
|
+
raise InvalidValue.new(:params, "contain keys from [#{valid_keys.join(", ")}]. "\
|
66
|
+
"Found invalid keys [#{invalid_keys.join(", ")}]")
|
67
67
|
end
|
68
68
|
|
69
69
|
if !params[:machine_store].nil? && !(
|
@@ -117,11 +117,11 @@ module Omnibus
|
|
117
117
|
success = try_sign(package_file, ts)
|
118
118
|
break if success
|
119
119
|
end
|
120
|
-
raise FailedToSignWindowsPackage.new
|
120
|
+
raise FailedToSignWindowsPackage.new unless success
|
121
121
|
end
|
122
122
|
|
123
123
|
def try_sign(package_file, url)
|
124
|
-
cmd =
|
124
|
+
cmd = [].tap do |arr|
|
125
125
|
arr << "signtool.exe"
|
126
126
|
arr << "sign /v"
|
127
127
|
arr << "/t #{url}"
|
@@ -158,8 +158,9 @@ module Omnibus
|
|
158
158
|
#
|
159
159
|
def certificate_subject
|
160
160
|
return "CN=#{project.package_name}" unless signing_identity
|
161
|
+
|
161
162
|
store = machine_store? ? "LocalMachine" : "CurrentUser"
|
162
|
-
cmd =
|
163
|
+
cmd = [].tap do |arr|
|
163
164
|
arr << "powershell.exe"
|
164
165
|
arr << "-ExecutionPolicy Bypass"
|
165
166
|
arr << "-NoProfile"
|
data/lib/omnibus/project.rb
CHANGED
data/lib/omnibus/publisher.rb
CHANGED
@@ -44,10 +44,10 @@ module Omnibus
|
|
44
44
|
# mapping of build to publish platform(s)
|
45
45
|
# @example
|
46
46
|
# {
|
47
|
-
# 'ubuntu-10.04' => [
|
48
|
-
# 'ubuntu-10.04',
|
49
|
-
# 'ubuntu-12.04',
|
50
|
-
# 'ubuntu-14.04',
|
47
|
+
# 'ubuntu-10.04-x86_64' => [
|
48
|
+
# 'ubuntu-10.04-x86_64',
|
49
|
+
# 'ubuntu-12.04-x86_64',
|
50
|
+
# 'ubuntu-14.04-x86_64',
|
51
51
|
# ],
|
52
52
|
# }
|
53
53
|
#
|
@@ -69,39 +69,41 @@ module Omnibus
|
|
69
69
|
#
|
70
70
|
def packages
|
71
71
|
@packages ||= begin
|
72
|
-
publish_packages =
|
72
|
+
publish_packages = []
|
73
73
|
build_packages = FileSyncer.glob(@pattern).map { |path| Package.new(path) }
|
74
74
|
|
75
75
|
if @options[:platform_mappings]
|
76
76
|
# the platform map is a simple hash with publish to build platform mappings
|
77
77
|
@options[:platform_mappings].each_pair do |build_platform, publish_platforms|
|
78
|
-
# Splits `ubuntu-12.04` into `ubuntu
|
79
|
-
build_platform, build_platform_version = build_platform.
|
78
|
+
# Splits `ubuntu-12.04-x86_64` into `ubuntu`, `12.04` and `x86_64`
|
79
|
+
build_platform, build_platform_version, build_architecture = build_platform.split("-")
|
80
80
|
|
81
81
|
# locate the package for the build platform
|
82
82
|
packages = build_packages.select do |p|
|
83
83
|
p.metadata[:platform] == build_platform &&
|
84
|
-
p.metadata[:platform_version] == build_platform_version
|
84
|
+
p.metadata[:platform_version] == build_platform_version &&
|
85
|
+
p.metadata[:arch] == build_architecture
|
85
86
|
end
|
86
87
|
|
87
88
|
if packages.empty?
|
88
89
|
log.warn(log_key) do
|
89
|
-
"Could not locate a package for build platform #{build_platform}-#{build_platform_version}. " \
|
90
|
-
"Publishing will be skipped for: #{publish_platforms.join(
|
90
|
+
"Could not locate a package for build platform #{build_platform}-#{build_platform_version}-#{build_architecture}. " \
|
91
|
+
"Publishing will be skipped for: #{publish_platforms.join(", ")}"
|
91
92
|
end
|
92
93
|
end
|
93
94
|
|
94
95
|
publish_platforms.each do |publish_platform|
|
95
|
-
publish_platform, publish_platform_version = publish_platform.
|
96
|
+
publish_platform, publish_platform_version, publish_architecture = publish_platform.split("-")
|
96
97
|
|
97
98
|
packages.each do |p|
|
98
99
|
# create a copy of our package before mucking with its metadata
|
99
100
|
publish_package = p.dup
|
100
101
|
publish_metadata = p.metadata.dup.to_hash
|
101
102
|
|
102
|
-
# override the platform
|
103
|
+
# override the platform, platform version and architecture in the metadata
|
103
104
|
publish_metadata[:platform] = publish_platform
|
104
105
|
publish_metadata[:platform_version] = publish_platform_version
|
106
|
+
publish_metadata[:arch] = publish_architecture
|
105
107
|
|
106
108
|
# Set the updated metadata on the package object
|
107
109
|
publish_package.metadata = Metadata.new(publish_package, publish_metadata)
|
@@ -65,11 +65,13 @@ module Omnibus
|
|
65
65
|
bucket_name: @options[:bucket],
|
66
66
|
}
|
67
67
|
|
68
|
-
if Config.
|
69
|
-
config[:
|
68
|
+
if Config.publish_s3_iam_role_arn
|
69
|
+
config[:publish_s3_iam_role_arn] = Config.publish_s3_iam_role_arn
|
70
|
+
elsif Config.publish_s3_profile
|
71
|
+
config[:profile] = Config.publish_s3_profile
|
70
72
|
else
|
71
|
-
config[:access_key_id]
|
72
|
-
config[:secret_access_key]
|
73
|
+
config[:access_key_id] = Config.publish_s3_access_key
|
74
|
+
config[:secret_access_key] = Config.publish_s3_secret_key
|
73
75
|
end
|
74
76
|
|
75
77
|
config
|
data/lib/omnibus/s3_cache.rb
CHANGED
@@ -147,7 +147,9 @@ module Omnibus
|
|
147
147
|
force_path_style: Config.s3_force_path_style,
|
148
148
|
}
|
149
149
|
|
150
|
-
if Config.
|
150
|
+
if Config.s3_iam_role_arn
|
151
|
+
config[:iam_role_arn] = Config.s3_iam_role_arn
|
152
|
+
elsif Config.s3_profile
|
151
153
|
config[:profile] = Config.s3_profile
|
152
154
|
else
|
153
155
|
config[:access_key_id] = Config.s3_access_key
|
data/lib/omnibus/s3_helpers.rb
CHANGED
@@ -53,10 +53,7 @@ module Omnibus
|
|
53
53
|
# @return [Aws::S3::Resource]
|
54
54
|
#
|
55
55
|
def client
|
56
|
-
Aws.config.update(
|
57
|
-
region: s3_configuration[:region],
|
58
|
-
credentials: get_credentials
|
59
|
-
)
|
56
|
+
Aws.config.update(region: s3_configuration[:region])
|
60
57
|
|
61
58
|
@s3_client ||= Aws::S3::Resource.new(resource_params)
|
62
59
|
end
|
@@ -70,6 +67,7 @@ module Omnibus
|
|
70
67
|
params = {
|
71
68
|
use_accelerate_endpoint: s3_configuration[:use_accelerate_endpoint],
|
72
69
|
force_path_style: s3_configuration[:force_path_style],
|
70
|
+
credentials: get_credentials,
|
73
71
|
}
|
74
72
|
|
75
73
|
if s3_configuration[:use_accelerate_endpoint]
|
@@ -84,12 +82,14 @@ module Omnibus
|
|
84
82
|
end
|
85
83
|
|
86
84
|
#
|
87
|
-
# Create credentials object based on credential profile or access key
|
85
|
+
# Create credentials object based on AWS IAM role arn, credential profile or access key
|
88
86
|
# parameters for use by the client object.
|
89
87
|
#
|
90
88
|
# @return [Aws::SharedCredentials, Aws::Credentials]
|
91
89
|
def get_credentials
|
92
|
-
if s3_configuration[:
|
90
|
+
if s3_configuration[:iam_role_arn]
|
91
|
+
Aws::AssumeRoleCredentials.new(role_arn: s3_configuration[:iam_role_arn], role_session_name: "omnibus-assume-role-s3-access")
|
92
|
+
elsif s3_configuration[:profile]
|
93
93
|
Aws::SharedCredentials.new(profile_name: s3_configuration[:profile])
|
94
94
|
elsif s3_configuration[:access_key_id] && s3_configuration[:secret_access_key]
|
95
95
|
Aws::Credentials.new(s3_configuration[:access_key_id], s3_configuration[:secret_access_key])
|