omnibus 6.1.7 → 8.0.9

data/spec/unit/changelogprinter_spec.rb

@@ -16,16 +16,18 @@ module Omnibus
 
       let(:changelog) do
         double(ChangeLog,
-                               changelog_entries: %w{entry1 entry2},
-                               authors: %w{alice bob}) end
+          changelog_entries: %w{entry1 entry2},
+          authors: %w{alice bob})
+      end
       let(:git_changelog) do
         double(ChangeLog,
-                                   changelog_entries:
-                                   %w{sub-entry1 sub-entry2}) end
+          changelog_entries:
+          %w{sub-entry1 sub-entry2})
+      end
       let(:now) { double(Time) }
       let(:emptydiff) { EmptyManifestDiff.new }
       let(:old_manifest) do
-        m = Manifest.new()
+        m = Manifest.new
         m.add("updated-comp", manifest_entry_for("updated-comp", "v9", "v9"))
         m.add("updated-comp-2", manifest_entry_for("updated-comp-2", "someref0", "someref0", :git))
         m.add("removed-comp", manifest_entry_for("removed-comp", "v9", "v9"))
@@ -33,7 +35,7 @@ module Omnibus
         m
       end
       let(:new_manifest) do
-        m = Manifest.new()
+        m = Manifest.new
         m.add("updated-comp", manifest_entry_for("updated-comp", "v10", "v10"))
         m.add("updated-comp-2", manifest_entry_for("updated-comp-2", "someotherref", "someotherref", :git))
         m.add("added-comp", manifest_entry_for("added-comp", "v100", "v100"))

data/spec/unit/compressor_spec.rb

@@ -4,17 +4,17 @@ module Omnibus
   describe Compressor do
     describe ".for_current_system" do
       context "on Mac OS X" do
-        before { stub_ohai(platform: "mac_os_x", version: "10.12") }
+        before { stub_ohai(platform: "mac_os_x", version: "10.15") }
 
         context "when :dmg is activated" do
           it "prefers dmg" do
-            expect(described_class.for_current_system([:tgz, :dmg])).to eq(Compressor::DMG)
+            expect(described_class.for_current_system(%i{tgz dmg})).to eq(Compressor::DMG)
           end
         end
 
         context "when :dmg is not activated" do
           it "prefers tgz" do
-            expect(described_class.for_current_system([:tgz, :foo])).to eq(Compressor::TGZ)
+            expect(described_class.for_current_system(%i{tgz foo})).to eq(Compressor::TGZ)
           end
         end
 
@@ -30,7 +30,7 @@ module Omnibus
 
         context "when :tgz activated" do
           it "prefers tgz" do
-            expect(described_class.for_current_system([:tgz, :foo])).to eq(Compressor::TGZ)
+            expect(described_class.for_current_system(%i{tgz foo})).to eq(Compressor::TGZ)
           end
         end
 

data/spec/unit/compressors/dmg_spec.rb

@@ -219,8 +219,11 @@ module Omnibus
             sync
             hdiutil unmount "#{device}"
             # Give some time to the system so unmount dmg
-            sleep 5
-            hdiutil detach "#{device}" &&\
+            ATTEMPTS=0
+            until [ $ATTEMPTS -eq 5 ] || hdiutil detach "/dev/sda1"; do
+              sleep 10
+              echo Attempt number $(( ATTEMPTS++ ))
+            done
             hdiutil convert \\
               "#{staging_dir}/project-writable.dmg" \\
               -format UDZO \\

data/spec/unit/fetchers/net_fetcher_spec.rb

@@ -11,10 +11,10 @@ module Omnibus
 
     let(:manifest_entry) do
       double(Omnibus::ManifestEntry,
-             name: "file",
-             locked_version: "1.2.3",
-             described_version: "1.2.3",
-             locked_source: source)
+        name: "file",
+        locked_version: "1.2.3",
+        described_version: "1.2.3",
+        locked_source: source)
     end
 
     let(:cache_dir) { "/cache" }
@@ -331,11 +331,10 @@ module Omnibus
       context "when the file is a .#{extension}" do
         let(:manifest_entry) do
           double(Omnibus::ManifestEntry,
-                 name: "file",
-                 locked_version: "1.2.3",
-                 described_version: "1.2.3",
-                 locked_source: { url: "https://get.example.com/file.#{extension}", md5: "abcd1234" }.merge(source_options)
-                )
+            name: "file",
+            locked_version: "1.2.3",
+            described_version: "1.2.3",
+            locked_source: { url: "https://get.example.com/file.#{extension}", md5: "abcd1234" }.merge(source_options))
         end
 
         subject { described_class.new(manifest_entry, project_dir, build_dir) }
@@ -361,10 +360,10 @@ module Omnibus
       context "when the downloaded file is a folder" do
         let(:manifest_entry) do
           double(Omnibus::ManifestEntry,
-                 name: "file",
-                 locked_version: "1.2.3",
-                 described_version: "1.2.3",
-                 locked_source: { url: "https://get.example.com/folder", md5: "abcd1234" })
+            name: "file",
+            locked_version: "1.2.3",
+            described_version: "1.2.3",
+            locked_source: { url: "https://get.example.com/folder", md5: "abcd1234" })
         end
 
         subject { described_class.new(manifest_entry, project_dir, build_dir) }
@@ -382,10 +381,10 @@ module Omnibus
       context "when the downloaded file is a regular file" do
         let(:manifest_entry) do
           double(Omnibus::ManifestEntry,
-                 name: "file",
-                 locked_version: "1.2.3",
-                 described_version: "1.2.3",
-                 locked_source: { url: "https://get.example.com/file", md5: "abcd1234" })
+            name: "file",
+            locked_version: "1.2.3",
+            described_version: "1.2.3",
+            locked_source: { url: "https://get.example.com/file", md5: "abcd1234" })
         end
 
         subject { described_class.new(manifest_entry, project_dir, build_dir) }

data/spec/unit/health_check_spec.rb

@@ -8,9 +8,7 @@ module Omnibus
         name: "chefdk",
         install_dir: "/opt/chefdk",
         library: double(Library,
-          components: []
-        )
-      )
+          components: []))
     end
 
     def mkdump(base, size, x64 = false)
@@ -19,9 +17,7 @@ module Omnibus
         x64?: x64,
         ioh: double(x64 ? PEdump::IMAGE_OPTIONAL_HEADER64 : PEdump::IMAGE_OPTIONAL_HEADER32,
           ImageBase: base,
-          SizeOfImage: size
-        )
-      )
+          SizeOfImage: size))
       expect(dump).to receive(:pe).and_return(pe)
       dump
     end

data/spec/unit/library_spec.rb

@@ -125,7 +125,8 @@ module Omnibus
               erchef, # project dep
               chef, # project dep
               chefdk, # project dep
-           ])
+           ]
+          )
         end
       end
     end

data/spec/unit/manifest_diff_spec.rb

@@ -12,7 +12,7 @@ module Omnibus
     end
 
     let(:manifest_one) do
-      m = Omnibus::Manifest.new()
+      m = Omnibus::Manifest.new
       m.add("foo", manifest_entry_for("foo", "1.2.4", "deadbeef"))
       m.add("bar", manifest_entry_for("bar", "1.2.4", "deadbeef"))
       m.add("baz", manifest_entry_for("baz", "1.2.4", "deadbeef"))
@@ -20,7 +20,7 @@ module Omnibus
     end
 
     let(:manifest_two) do
-      m = Omnibus::Manifest.new()
+      m = Omnibus::Manifest.new
       m.add("foo", manifest_entry_for("foo", "1.2.5", "deadbea0"))
       m.add("baz", manifest_entry_for("baz", "1.2.4", "deadbeef"))
       m.add("quux", manifest_entry_for("quux", "1.2.4", "deadbeef"))

data/spec/unit/manifest_spec.rb

@@ -45,7 +45,7 @@ module Omnibus
         second = ManifestEntry.new("wombat", {})
         subject.add("foobar", first)
         subject.add("wombat", second)
-        expect(subject.entry_names).to eq([:foobar, :wombat])
+        expect(subject.entry_names).to eq(%i{foobar wombat})
       end
     end
 

data/spec/unit/metadata_spec.rb

@@ -16,8 +16,7 @@ module Omnibus
         md5:    "abc123",
         sha1:   "abc123",
         sha256: "abcd1234",
-        sha512: "abcdef123456"
-      )
+        sha512: "abcdef123456")
     end
 
     let(:project) do
@@ -29,15 +28,13 @@ module Omnibus
         build_iteration:  "1",
         license:          "Apache-2.0",
         built_manifest:    double(Manifest,
-                                  to_hash: {
-                                    manifest_format: 2,
-                                    build_version: "1.2.3",
-                                    build_git_revision: "SHA",
-                                    license: "Apache-2.0",
-                                  }
-                                ),
-        license_file_path: license_path
-      )
+          to_hash: {
+            manifest_format: 2,
+            build_version: "1.2.3",
+            build_git_revision: "SHA",
+            license: "Apache-2.0",
+          }),
+        license_file_path: license_path)
     end
 
     let(:data) { { foo: "bar" } }
@@ -180,17 +177,17 @@ module Omnibus
 
     describe ".platform_shortname" do
       it "returns el on rhel" do
-        stub_ohai(platform: "redhat", version: "6.9")
+        stub_ohai(platform: "redhat", version: "6")
         expect(described_class.platform_shortname).to eq("el")
       end
 
       it "returns sles on suse" do
-        stub_ohai(platform: "suse", version: "12.2")
+        stub_ohai(platform: "suse", version: "12")
         expect(described_class.platform_shortname).to eq("sles")
       end
 
       it "returns .platform on all other systems" do
-        stub_ohai(platform: "ubuntu", version: "16.04")
+        stub_ohai(platform: "ubuntu", version: "20.04")
         expect(described_class.platform_shortname).to eq("ubuntu")
       end
     end
@@ -199,7 +196,7 @@ module Omnibus
       shared_examples "a version manipulator" do |platform_shortname, version, expected|
         context "on #{platform_shortname}-#{version}" do
           it "returns the correct value" do
-            stub_ohai(platform: "ubuntu", version: "16.04") do |data|
+            stub_ohai(platform: "ubuntu", version: "20.04") do |data|
               data["platform"] = platform_shortname
               data["platform_version"] = version
             end
@@ -248,7 +245,7 @@ module Omnibus
 
       context "given an unknown platform" do
         before do
-          stub_ohai(platform: "ubuntu", version: "16.04") do |data|
+          stub_ohai(platform: "ubuntu", version: "20.04") do |data|
             data["platform"] = "bacon"
             data["platform_version"] = "1.crispy"
           end
@@ -262,7 +259,7 @@ module Omnibus
 
       context "given an unknown windows platform version" do
         before do
-          stub_ohai(platform: "ubuntu", version: "16.04") do |data|
+          stub_ohai(platform: "ubuntu", version: "20.04") do |data|
             data["platform"] = "windows"
             data["platform_version"] = "1.2.3"
           end

data/spec/unit/omnibus_spec.rb

@@ -15,7 +15,7 @@ describe Omnibus do
 
     Omnibus::Config.project_root(File.join(tmp_path, "/foo/bar"))
     Omnibus::Config.local_software_dirs([File.join(tmp_path, "/local"), File.join(tmp_path, "/other")])
-    Omnibus::Config.software_gems(["omnibus-software", "custom-omnibus-software"])
+    Omnibus::Config.software_gems(%w{omnibus-software custom-omnibus-software})
   end
 
   describe "#which" do

data/spec/unit/packager_spec.rb

@@ -4,26 +4,19 @@ module Omnibus
   describe Packager do
     describe ".for_current_system" do
       context "on Mac OS X" do
-        before { stub_ohai(platform: "mac_os_x", version: "10.13") }
+        before { stub_ohai(platform: "mac_os_x", version: "10.15") }
         it "prefers PKG" do
           expect(described_class.for_current_system).to eq([Packager::PKG])
         end
       end
 
-      context "on Windows 2012 R2" do
+      context "on Windows" do
         before { stub_ohai(platform: "windows", version: "2012R2") }
         it "prefers MSI and APPX" do
           expect(described_class.for_current_system).to eq([Packager::MSI, Packager::APPX])
         end
       end
 
-      context "on Windows 2008 R2" do
-        before { stub_ohai(platform: "windows", version: "2008R2") }
-        it "prefers MSI only" do
-          expect(described_class.for_current_system).to eq([Packager::MSI])
-        end
-      end
-
       context "on Solaris 11" do
         before { stub_ohai(platform: "solaris2", version: "5.11") }
         it "prefers IPS" do
@@ -32,14 +25,14 @@ module Omnibus
       end
 
       context "on AIX" do
-        before { stub_ohai(platform: "aix", version: "7.1") }
+        before { stub_ohai(platform: "aix", version: "7") }
         it "prefers BFF" do
           expect(described_class.for_current_system).to eq([Packager::BFF])
         end
       end
 
       context "on Fedora" do
-        before { stub_ohai(platform: "fedora", version: "28") }
+        before { stub_ohai(platform: "fedora", version: "31") }
         it "prefers RPM" do
           expect(described_class.for_current_system).to eq([Packager::RPM])
         end
@@ -53,14 +46,14 @@ module Omnibus
       end
 
       context "on Debian" do
-        before { stub_ohai(platform: "debian", version: "8.11") }
+        before { stub_ohai(platform: "debian", version: "10") }
         it "prefers RPM" do
           expect(described_class.for_current_system).to eq([Packager::DEB])
         end
       end
 
       context "on SLES" do
-        before { stub_ohai(platform: "suse", version: "12.3") }
+        before { stub_ohai(platform: "suse", version: "15") }
         it "prefers RPM" do
           expect(described_class.for_current_system).to eq([Packager::RPM])
         end

data/spec/unit/packagers/bff_spec.rb

@@ -301,7 +301,7 @@ module Omnibus
         # A note - the /opt/ here is essentially project.install_dir one level up.
         # There is nothing magical about 'opt' as a directory.
         expect(subject).to receive(:shellout!)
-          .with(/chown -Rh 0:0 #{staging_dir}\/opt$/)
+          .with(%r{chown -Rh 0:0 #{staging_dir}/opt$})
         subject.create_bff_file
       end
 
@@ -312,7 +312,7 @@ module Omnibus
 
       it "uses the correct command" do
         expect(subject).to receive(:shellout!)
-          .with(/\/usr\/sbin\/mkinstallp -d/)
+          .with(%r{/usr/sbin/mkinstallp -d})
         subject.create_bff_file
       end
 

data/spec/unit/packagers/ips_spec.rb

@@ -155,6 +155,7 @@ module Omnibus
         expect(transform_file_contents).to include("<transform file depend -> edit pkg.debug.depend.file ruby env>")
         expect(transform_file_contents).to include("<transform file depend -> edit pkg.debug.depend.file make env>")
         expect(transform_file_contents).to include("<transform file depend -> edit pkg.debug.depend.file perl env>")
+        expect(transform_file_contents).to include("<transform file depend -> edit pkg.debug.depend.path usr/local/bin usr/bin>")
       end
     end
 

data/spec/unit/packagers/msi_spec.rb

@@ -419,7 +419,7 @@ module Omnibus
         end
 
         it "outputs a source.wxs file to the staging directory" do
-          expect(subject.candle_command).to include("#{subject.windows_safe_path(staging_dir, 'source.wxs')}")
+          expect(subject.candle_command).to include("#{subject.windows_safe_path(staging_dir, "source.wxs")}")
         end
       end
 
@@ -433,7 +433,7 @@ module Omnibus
         end
 
         it "outputs a bundle.wxs file to the staging directory" do
-          expect(subject.candle_command(is_bundle: true)).to include("#{subject.windows_safe_path(staging_dir, 'bundle.wxs')}")
+          expect(subject.candle_command(is_bundle: true)).to include("#{subject.windows_safe_path(staging_dir, "bundle.wxs")}")
         end
       end
     end

data/spec/unit/packagers/pkg_spec.rb

@@ -109,6 +109,158 @@ module Omnibus
       end
     end
 
+    describe "#sign_software_libs_and_bins" do
+      context "when pkg signing is disabled" do
+        it "does not sign anything" do
+          expect(subject).not_to receive(:sign_binary)
+          expect(subject).not_to receive(:sign_library)
+          subject.sign_software_libs_and_bins
+        end
+
+        it "returns an empty set" do
+          expect(subject.sign_software_libs_and_bins).to be_nil
+        end
+      end
+
+      context "when pkg signing is enabled" do
+        before do
+          subject.signing_identity("My Special Identity")
+        end
+
+        context "without software" do
+          it "does not sign anything" do
+            expect(subject).not_to receive(:sign_binary)
+            expect(subject).not_to receive(:sign_library)
+            subject.sign_software_libs_and_bins
+          end
+
+          it "returns an empty set" do
+            expect(subject.sign_software_libs_and_bins).to eq(Set.new)
+          end
+        end
+
+        context "project with software" do
+          let(:software) do
+            Software.new(project).tap do |software|
+              software.name("software-full-name")
+            end
+          end
+
+          before do
+            allow(project).to receive(:softwares).and_return([software])
+          end
+
+          context "with empty bin_dirs and lib_dirs" do
+            before do
+              allow(software).to receive(:lib_dirs).and_return([])
+              allow(software).to receive(:bin_dirs).and_return([])
+            end
+
+            it "does not sign anything" do
+              expect(subject).not_to receive(:sign_binary)
+              expect(subject).not_to receive(:sign_library)
+              subject.sign_software_libs_and_bins
+            end
+
+            it "returns an empty set" do
+              expect(subject.sign_software_libs_and_bins).to eq(Set.new)
+            end
+          end
+
+          context "with default bin_dirs and lib_dirs" do
+            context "with binaries" do
+              let(:bin) { "/opt/#{project.name}/bin/test_bin" }
+              let(:embedded_bin) { "/opt/#{project.name}/embedded/bin/test_bin" }
+              before do
+                allow(Dir).to receive(:[]).with("/opt/#{project.name}/bin/*").and_return([bin])
+                allow(Dir).to receive(:[]).with("/opt/#{project.name}/embedded/bin/*").and_return([embedded_bin])
+                allow(Dir).to receive(:[]).with("/opt/#{project.name}/embedded/lib/*").and_return([])
+                allow(subject).to receive(:is_binary?).with(bin).and_return(true)
+                allow(subject).to receive(:is_binary?).with(embedded_bin).and_return(true)
+                allow(subject).to receive(:find_linked_libs).with(bin).and_return([])
+                allow(subject).to receive(:find_linked_libs).with(embedded_bin).and_return([])
+                allow(subject).to receive(:sign_binary).with(bin, true)
+                allow(subject).to receive(:sign_binary).with(embedded_bin, true)
+              end
+
+              it "signs the binaries" do
+                expect(subject).to receive(:sign_binary).with(bin, true)
+                expect(subject).to receive(:sign_binary).with(embedded_bin, true)
+                subject.sign_software_libs_and_bins
+              end
+
+              it "returns a set with the signed binaries" do
+                expect(subject.sign_software_libs_and_bins).to eq(Set.new [bin, embedded_bin])
+              end
+            end
+
+            context "with library" do
+              let(:lib) { "/opt/#{project.name}/embedded/lib/test_lib" }
+              before do
+                allow(Dir).to receive(:[]).with("/opt/#{project.name}/bin/*").and_return([])
+                allow(Dir).to receive(:[]).with("/opt/#{project.name}/embedded/bin/*").and_return([])
+                allow(Dir).to receive(:[]).with("/opt/#{project.name}/embedded/lib/*").and_return([lib])
+                allow(subject).to receive(:is_macho?).with(lib).and_return(true)
+                allow(subject).to receive(:find_linked_libs).with(lib).and_return([])
+                allow(subject).to receive(:sign_library).with(lib)
+              end
+
+              it "signs the library" do
+                expect(subject).to receive(:sign_library).with(lib)
+                subject.sign_software_libs_and_bins
+              end
+            end
+
+            context "with binaries and libraries with linked libs" do
+              let(:bin) { "/opt/#{project.name}/bin/test_bin" }
+              let(:bin2) { "/opt/#{project.name}/bin/test_bin2" }
+              let(:embedded_bin) { "/opt/#{project.name}/embedded/bin/test_bin" }
+              let(:lib) { "/opt/#{project.name}/embedded/lib/test_lib" }
+              let(:lib2) { "/opt/#{project.name}/embedded/lib/test_lib2" }
+              before do
+                allow(Dir).to receive(:[]).with("/opt/#{project.name}/bin/*").and_return([bin, bin2])
+                allow(Dir).to receive(:[]).with("/opt/#{project.name}/embedded/bin/*").and_return([embedded_bin])
+                allow(Dir).to receive(:[]).with("/opt/#{project.name}/embedded/lib/*").and_return([lib])
+                allow(subject).to receive(:is_binary?).with(bin).and_return(true)
+                allow(subject).to receive(:is_binary?).with(bin2).and_return(true)
+                allow(subject).to receive(:is_binary?).with(embedded_bin).and_return(true)
+                allow(subject).to receive(:is_macho?).with(lib).and_return(true)
+                allow(subject).to receive(:is_macho?).with(lib2).and_return(true)
+                allow(subject).to receive(:find_linked_libs).with(bin).and_return([lib2])
+                allow(subject).to receive(:find_linked_libs).with(bin2).and_return([])
+                allow(subject).to receive(:find_linked_libs).with(embedded_bin).and_return([])
+                allow(subject).to receive(:find_linked_libs).with(lib).and_return([])
+                allow(subject).to receive(:find_linked_libs).with(lib2).and_return([])
+                allow(subject).to receive(:sign_binary).with(bin, true)
+                allow(subject).to receive(:sign_binary).with(bin2, true)
+                allow(subject).to receive(:sign_binary).with(embedded_bin, true)
+                allow(subject).to receive(:sign_library).with(lib)
+                allow(subject).to receive(:sign_library).with(lib2)
+                allow(Digest::SHA256).to receive(:file).with(bin).and_return(Digest::SHA256.new.update(bin))
+                allow(Digest::SHA256).to receive(:file).with(bin2).and_return(Digest::SHA256.new.update(bin2))
+                allow(Digest::SHA256).to receive(:file).with(embedded_bin).and_return(Digest::SHA256.new.update(embedded_bin))
+                allow(Digest::SHA256).to receive(:file).with(lib).and_return(Digest::SHA256.new.update(lib))
+                allow(Digest::SHA256).to receive(:file).with(lib2).and_return(Digest::SHA256.new.update(lib2))
+              end
+
+              it "signs the binaries" do
+                expect(subject).to receive(:sign_binary).with(bin, true)
+                expect(subject).to receive(:sign_binary).with(bin2, true)
+                expect(subject).to receive(:sign_binary).with(embedded_bin, true)
+                subject.sign_software_libs_and_bins
+              end
+
+              it "signs the libraries" do
+                expect(subject).to receive(:sign_library).with(lib)
+                expect(subject).to receive(:sign_library).with(lib2)
+                subject.sign_software_libs_and_bins
+              end
+            end
+          end
+        end
+      end
+    end
+
     describe "#build_component_pkg" do
       it "executes the pkgbuild command" do
         expect(subject).to receive(:shellout!).with <<-EOH.gsub(/^ {10}/, "")
@@ -118,6 +270,7 @@ module Omnibus
             --scripts "#{staging_dir}/Scripts" \\
             --root "/opt/project-full-name" \\
             --install-location "/opt/project-full-name" \\
+            --preserve-xattr \\
             "project-full-name-core.pkg"
         EOH
 
@@ -267,5 +420,206 @@ module Omnibus
         end
       end
     end
+
+    describe "#find_linked_libs" do
+      context "with linked libs" do
+        let(:file) { "/opt/#{project.name}/embedded/bin/test_bin" }
+        let(:stdout) do
+          <<~EOH
+            /opt/#{project.name}/embedded/bin/test_bin:
+                      /opt/#{project.name}/embedded/lib/lib.dylib (compatibility version 7.0.0, current version 7.4.0)
+                      /opt/#{project.name}/embedded/lib/lib.6.dylib (compatibility version 7.0.0, current version 7.4.0)
+                      /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1281.0.0)
+          EOH
+        end
+        let(:shellout) { Mixlib::ShellOut.new }
+
+        before do
+          allow(shellout).to receive(:run_command)
+          allow(shellout).to receive(:stdout)
+            .and_return(stdout)
+          allow(subject).to receive(:shellout!)
+            .with("otool -L #{file}")
+            .and_return(shellout)
+        end
+
+        it "returns empty array" do
+          expect(subject.find_linked_libs(file)).to eq([
+            "/opt/#{project.name}/embedded/lib/lib.dylib",
+            "/opt/#{project.name}/embedded/lib/lib.6.dylib",
+          ])
+        end
+      end
+
+      context "with only system linked libs" do
+        let(:file) { "/opt/#{project.name}/embedded/lib/lib.dylib" }
+        let(:stdout) do
+          <<~EOH
+            /opt/#{project.name}/embedded/lib/lib.dylib:
+                      /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1281.0.0)
+          EOH
+        end
+        let(:shellout) { Mixlib::ShellOut.new }
+        before do
+          allow(shellout).to receive(:run_command)
+          allow(shellout).to receive(:stdout)
+            .and_return(stdout)
+          allow(subject).to receive(:shellout!)
+            .with("otool -L #{file}")
+            .and_return(shellout)
+        end
+
+        it "returns empty array" do
+          expect(subject.find_linked_libs(file)).to eq([])
+        end
+      end
+
+      context "file is just a file" do
+        let(:file) { "/opt/#{project.name}/embedded/lib/file.rb" }
+        let(:shellout) { Mixlib::ShellOut.new }
+        before do
+          allow(shellout).to receive(:run_command)
+          allow(shellout).to receive(:stdout)
+            .and_return("#{file}: is not an object file")
+          allow(subject).to receive(:shellout!)
+            .with("otool -L #{file}")
+            .and_return(shellout)
+        end
+
+        it "returns empty array" do
+          expect(subject.find_linked_libs(file)).to eq([])
+        end
+      end
+    end
+
+    describe "#is_binary?" do
+      context "when is a file, executable, and not a symlink" do
+        before do
+          allow(File).to receive(:file?).with("file").and_return(true)
+          allow(File).to receive(:executable?).with("file").and_return(true)
+          allow(File).to receive(:symlink?).with("file").and_return(false)
+        end
+
+        it "returns true" do
+          expect(subject.is_binary?("file")).to be true
+        end
+      end
+
+      context "when not a file" do
+        before do
+          allow(File).to receive(:file?).with("file").and_return(false)
+          allow(File).to receive(:executable?).with("file").and_return(true)
+          allow(File).to receive(:symlink?).with("file").and_return(false)
+        end
+
+        it "returns false" do
+          expect(subject.is_binary?("file")).to be false
+        end
+      end
+
+      context "when not an executable" do
+        it "returns false" do
+          allow(File).to receive(:file?).with("file").and_return(true)
+          allow(File).to receive(:executable?).with("file").and_return(false)
+          allow(File).to receive(:symlink?).with("file").and_return(false)
+          expect(subject.is_binary?("file")).to be false
+        end
+      end
+
+      context "when is symlink" do
+        it "returns false" do
+          allow(File).to receive(:file?).with("file").and_return(true)
+          allow(File).to receive(:executable?).with("file").and_return(true)
+          allow(File).to receive(:symlink?).with("file").and_return(true)
+          expect(subject.is_binary?("file")).to be false
+        end
+      end
+    end
+
+    describe "#is_macho?" do
+      let(:shellout) { Mixlib::ShellOut.new }
+
+      context "when is a Mach-O library" do
+        before do
+          allow(subject).to receive(:is_binary?).with("file").and_return(true)
+          expect(subject).to receive(:shellout!).with("file file").and_return(shellout)
+          allow(shellout).to receive(:stdout)
+            .and_return("file: Mach-O 64-bit dynamically linked shared library x86_64")
+        end
+
+        it "returns true" do
+          expect(subject.is_macho?("file")).to be true
+        end
+      end
+
+      context "when is a Mach-O Bundle" do
+        before do
+          allow(subject).to receive(:is_binary?).with("file").and_return(true)
+          expect(subject).to receive(:shellout!).with("file file").and_return(shellout)
+          allow(shellout).to receive(:stdout)
+            .and_return("file: Mach-O 64-bit bundle x86_64")
+        end
+
+        it "returns true" do
+          expect(subject.is_macho?("file")).to be true
+        end
+      end
+
+      context "when is not a Mach-O Bundle or Mach-O library" do
+        before do
+          allow(subject).to receive(:is_binary?).with("file").and_return(true)
+          expect(subject).to receive(:shellout!).with("file file").and_return(shellout)
+          allow(shellout).to receive(:stdout)
+            .and_return("file: ASCII text")
+        end
+
+        it "returns true" do
+          expect(subject.is_macho?("file")).to be false
+        end
+      end
+    end
+
+    describe "#sign_library" do
+      before do
+        subject.signing_identity("My Special Identity")
+      end
+
+      it "calls sign_binary without hardened runtime" do
+        expect(subject).to receive(:sign_binary).with("file")
+        subject.sign_library("file")
+      end
+    end
+
+    describe "#sign_binary" do
+      before do
+        subject.signing_identity("My Special Identity")
+      end
+
+      it "it signs the binary without hardened runtime" do
+        expect(subject).to receive(:shellout!)
+          .with("codesign -s '#{subject.signing_identity}' 'file' --force\n")
+        subject.sign_binary("file")
+      end
+
+      context "with hardened runtime" do
+        it "it signs the binary with hardened runtime" do
+          expect(subject).to receive(:shellout!)
+            .with("codesign -s '#{subject.signing_identity}' 'file' --options=runtime --force\n")
+          subject.sign_binary("file", true)
+        end
+
+        context "with entitlements" do
+          let(:entitlements_file) { File.join(tmp_path, "project-full-name/resources/project-full-name/pkg/entitlements.plist") }
+
+          it "it signs the binary with the entitlements" do
+            allow(subject).to receive(:resource_path).with("entitlements.plist").and_return(entitlements_file)
+            allow(File).to receive(:exist?).with(entitlements_file).and_return(true)
+            expect(subject).to receive(:shellout!)
+              .with("codesign -s '#{subject.signing_identity}' 'file' --options=runtime --entitlements #{entitlements_file} --force\n")
+            subject.sign_binary("file", true)
+          end
+        end
+      end
+    end
   end
 end