omnibus 6.1.9 → 7.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/README.md +16 -8
- data/lib/omnibus/compressor.rb +2 -2
- data/lib/omnibus/compressors/base.rb +1 -1
- data/lib/omnibus/config.rb +12 -2
- data/lib/omnibus/generator_files/README.md.erb +18 -15
- data/lib/omnibus/generator_files/config/software/preparation.rb.erb +1 -1
- data/lib/omnibus/generator_files/omnibus.rb.erb +5 -4
- data/lib/omnibus/licensing.rb +1 -1
- data/lib/omnibus/metadata.rb +1 -1
- data/lib/omnibus/packagers/pkg.rb +122 -3
- data/lib/omnibus/publishers/s3_publisher.rb +6 -4
- data/lib/omnibus/s3_cache.rb +3 -1
- data/lib/omnibus/s3_helpers.rb +6 -6
- data/lib/omnibus/software.rb +50 -21
- data/lib/omnibus/version.rb +1 -1
- data/lib/omnibus/whitelist.rb +3 -1
- data/omnibus.gemspec +5 -4
- data/resources/rpm/signing.erb +7 -10
- data/spec/unit/packagers/pkg_spec.rb +354 -0
- data/spec/unit/s3_cacher_spec.rb +17 -0
- data/spec/unit/s3_helpers_spec.rb +20 -1
- data/spec/unit/software_spec.rb +66 -36
- metadata +29 -9
    
        checksums.yaml
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            ---
         | 
| 2 2 | 
             
            SHA256:
         | 
| 3 | 
            -
              metadata.gz:  | 
| 4 | 
            -
              data.tar.gz:  | 
| 3 | 
            +
              metadata.gz: 426773f2a6ca96d0f7b36b5df60e01fb17b52bf747c2a19b040499e03737b20e
         | 
| 4 | 
            +
              data.tar.gz: 8045d8e96683fafa5fcc1357d83701515ebbcd160d16743e1903c5fcb964284c
         | 
| 5 5 | 
             
            SHA512:
         | 
| 6 | 
            -
              metadata.gz:  | 
| 7 | 
            -
              data.tar.gz:  | 
| 6 | 
            +
              metadata.gz: 427f1194c4141ff9ebd69a7bce99c2fb2f136a836e2fa3b99c842b3ae6d271698113027cf29ea25f7ac8a38a81b6448dd44a29faf2895e69f16ec537c0d789de
         | 
| 7 | 
            +
              data.tar.gz: 7ae973fddc3895fc2bad09fa17316e5bc58aefb7cfa19efb4630fb44dd6a0d1e479715bde34b4d3195b560f704f5d1f47fe8543efe140913694e9723b20cd187
         | 
    
        data/Gemfile
    CHANGED
    
    
    
        data/README.md
    CHANGED
    
    | @@ -84,11 +84,19 @@ use_git_caching false | |
| 84 84 | 
             
            # Enable S3 asset caching
         | 
| 85 85 | 
             
            # ------------------------------
         | 
| 86 86 | 
             
            use_s3_caching true
         | 
| 87 | 
            +
            s3_bucket      ENV['S3_BUCKET']
         | 
| 88 | 
            +
             | 
| 89 | 
            +
            # There are three ways to authenticate to the S3 bucket
         | 
| 90 | 
            +
             | 
| 91 | 
            +
            # 1. set `s3_access_key` and `s3_secret_key`
         | 
| 87 92 | 
             
            s3_access_key  ENV['S3_ACCESS_KEY']
         | 
| 88 93 | 
             
            s3_secret_key  ENV['S3_SECRET_KEY']
         | 
| 89 | 
            -
             | 
| 94 | 
            +
             | 
| 95 | 
            +
            # 2. set `s3_profile` to use an AWS profile in the Shared Credentials files
         | 
| 90 96 | 
             
            #s3_profile    ENV['S3_PROFILE']
         | 
| 91 | 
            -
             | 
| 97 | 
            +
             | 
| 98 | 
            +
            # 3. set `s3_iam_role_arn` to use an AWS IAM role
         | 
| 99 | 
            +
            #s3_iam_role_arn    ENV['S3_IAM_ROLE_ARN']
         | 
| 92 100 | 
             
            ```
         | 
| 93 101 |  | 
| 94 102 | 
             
            For more information, please see the [`Config` documentation](http://www.rubydoc.info/github/chef/omnibus/Omnibus/Config).
         | 
| @@ -253,7 +261,7 @@ For all of these paths, **order matters**, so it is possible to depend on local | |
| 253 261 | 
             
            $PWD/config/software/foo.rb
         | 
| 254 262 | 
             
            /path/to/software/config/software/foo.rb
         | 
| 255 263 | 
             
            /other/path/to/software/config/software/foo.rb
         | 
| 256 | 
            -
            /Users/sethvargo/.gems/.../my- | 
| 264 | 
            +
            /Users/sethvargo/.gems/.../my-company-omnibus-software/config/software/foo.rb
         | 
| 257 265 | 
             
            /Users/sethvargo/.gems/.../omnibus-software/config/software/foo.rb
         | 
| 258 266 | 
             
            ```
         | 
| 259 267 |  | 
| @@ -273,7 +281,7 @@ This will output a JSON-formatted manifest containing the resolved version of ev | |
| 273 281 |  | 
| 274 282 | 
             
            Sometimes a platform has libraries that need to be whitelisted so the healthcheck can pass. The whitelist found in the [healthcheck](https://github.com/chef/omnibus/blob/master/lib/omnibus/health_check.rb) code comprises the minimal required for successful builds on supported platforms.
         | 
| 275 283 |  | 
| 276 | 
            -
            To add your own whitelisted library, simply add  | 
| 284 | 
            +
            To add your own whitelisted library, simply add a regex to your software definition in your omnibus project as follows:
         | 
| 277 285 |  | 
| 278 286 | 
             
            ```
         | 
| 279 287 | 
             
            whitelist_file /libpcrecpp\.so\..+/
         | 
| @@ -289,11 +297,11 @@ STATUS: _EXPERIMENTAL_ | |
| 289 297 |  | 
| 290 298 | 
             
            `omnibus changelog generate` will generate a changelog for an omnibus project. This command currently assumes:
         | 
| 291 299 |  | 
| 292 | 
            -
            - version-manifest.json is checked into the project root
         | 
| 293 | 
            -
            -  | 
| 294 | 
            -
            -  | 
| 300 | 
            +
            - A version-manifest.json file is checked into the project root
         | 
| 301 | 
            +
            - The project is a git repository
         | 
| 302 | 
            +
            - Each version is tagged with a SemVer compliant annotated tag
         | 
| 295 303 | 
             
            - Any git-based sources are checked out at ../COMPONENT_NAME
         | 
| 296 | 
            -
            - Any commit message line prepended with ChangeLog-Entry: should be added to the changelog | 
| 304 | 
            +
            - Any commit message line prepended with ChangeLog-Entry: should be added to the changelog
         | 
| 297 305 |  | 
| 298 306 | 
             
            These assumptions _will_ change as we determine what works best for a number of our projects.
         | 
| 299 307 |  | 
    
        data/lib/omnibus/compressor.rb
    CHANGED
    
    
    
        data/lib/omnibus/config.rb
    CHANGED
    
    | @@ -285,7 +285,7 @@ module Omnibus | |
| 285 285 | 
             
                #
         | 
| 286 286 | 
             
                # @return [String, nil]
         | 
| 287 287 | 
             
                default(:s3_access_key) do
         | 
| 288 | 
            -
                  if s3_profile
         | 
| 288 | 
            +
                  if s3_profile || s3_iam_role_arn
         | 
| 289 289 | 
             
                    nil
         | 
| 290 290 | 
             
                  else
         | 
| 291 291 | 
             
                    raise MissingRequiredAttribute.new(self, :s3_access_key, "'ABCD1234'")
         | 
| @@ -296,7 +296,7 @@ module Omnibus | |
| 296 296 | 
             
                #
         | 
| 297 297 | 
             
                # @return [String, nil]
         | 
| 298 298 | 
             
                default(:s3_secret_key) do
         | 
| 299 | 
            -
                  if s3_profile
         | 
| 299 | 
            +
                  if s3_profile || s3_iam_role_arn
         | 
| 300 300 | 
             
                    nil
         | 
| 301 301 | 
             
                  else
         | 
| 302 302 | 
             
                    raise MissingRequiredAttribute.new(self, :s3_secret_key, "'EFGH5678'")
         | 
| @@ -308,6 +308,11 @@ module Omnibus | |
| 308 308 | 
             
                # @return [String, nil]
         | 
| 309 309 | 
             
                default(:s3_profile, nil)
         | 
| 310 310 |  | 
| 311 | 
            +
                # The AWS IAM role arn to use with S3 caching.
         | 
| 312 | 
            +
                #
         | 
| 313 | 
            +
                # @return [String, nil]
         | 
| 314 | 
            +
                default(:s3_iam_role_arn, nil)
         | 
| 315 | 
            +
             | 
| 311 316 | 
             
                # The region of the S3 bucket you want to cache software artifacts in.
         | 
| 312 317 | 
             
                # Defaults to 'us-east-1'
         | 
| 313 318 | 
             
                #
         | 
| @@ -455,6 +460,11 @@ module Omnibus | |
| 455 460 | 
             
                # @return [String, nil]
         | 
| 456 461 | 
             
                default(:publish_s3_profile, nil)
         | 
| 457 462 |  | 
| 463 | 
            +
                # The AWS IAM role arn to use with S3 publisher.
         | 
| 464 | 
            +
                #
         | 
| 465 | 
            +
                # @return [String, nil]
         | 
| 466 | 
            +
                default(:publish_s3_iam_role_arn, nil)
         | 
| 467 | 
            +
             | 
| 458 468 | 
             
                # Directory pattern for the S3 publisher.
         | 
| 459 469 | 
             
                # Interpolation of metadata keys is supported.
         | 
| 460 470 | 
             
                #
         | 
| @@ -47,8 +47,8 @@ $ bin/omnibus clean <%= config[:name] %> --purge | |
| 47 47 | 
             
            ### Publish
         | 
| 48 48 |  | 
| 49 49 | 
             
            Omnibus has a built-in mechanism for releasing to a variety of "backends", such
         | 
| 50 | 
            -
            as Amazon S3. You must set the proper credentials in your | 
| 51 | 
            -
            file or specify them via the command line.
         | 
| 50 | 
            +
            as Amazon S3. You must set the proper credentials in your
         | 
| 51 | 
            +
            [`omnibus.rb`](omnibus.rb) config file or specify them via the command line.
         | 
| 52 52 |  | 
| 53 53 | 
             
            ```shell
         | 
| 54 54 | 
             
            $ bin/omnibus publish path/to/*.deb --backend s3
         | 
| @@ -82,37 +82,40 @@ version of every software definition. | |
| 82 82 |  | 
| 83 83 | 
             
            Kitchen-based Build Environment
         | 
| 84 84 | 
             
            -------------------------------
         | 
| 85 | 
            -
            Every Omnibus project ships  | 
| 86 | 
            -
            [Berksfile](https://docs.chef.io/berkshelf.html) that will allow you to build | 
| 87 | 
            -
             | 
| 88 | 
            -
             | 
| 85 | 
            +
            Every Omnibus project ships with a project-specific
         | 
| 86 | 
            +
            [Berksfile](https://docs.chef.io/berkshelf.html) that will allow you to build
         | 
| 87 | 
            +
            your omnibus projects on all of the platforms listed in the
         | 
| 88 | 
            +
            [`.kitchen.yml`](.kitchen.yml). You can add/remove additional platforms as
         | 
| 89 | 
            +
            needed by changing the list found in the [`.kitchen.yml`](.kitchen.yml)
         | 
| 90 | 
            +
            `platforms` YAML stanza.
         | 
| 89 91 |  | 
| 90 92 | 
             
            This build environment is designed to get you up-and-running quickly. However,
         | 
| 91 | 
            -
            there is nothing that restricts you  | 
| 92 | 
            -
            the [omnibus cookbook](https://github.com/chef-cookbooks/omnibus) to setup
         | 
| 93 | 
            -
             | 
| 93 | 
            +
            there is nothing that restricts you from building on other platforms. Simply use
         | 
| 94 | 
            +
            the [omnibus cookbook](https://github.com/chef-cookbooks/omnibus) to setup your
         | 
| 95 | 
            +
            desired platform and execute the build steps listed above.
         | 
| 94 96 |  | 
| 95 97 | 
             
            The default build environment requires Test Kitchen and VirtualBox for local
         | 
| 96 98 | 
             
            development. Test Kitchen also exposes the ability to provision instances using
         | 
| 97 99 | 
             
            various cloud providers like AWS, DigitalOcean, or OpenStack. For more
         | 
| 98 100 | 
             
            information, please see the [Test Kitchen documentation](https://kitchen.ci/).
         | 
| 99 101 |  | 
| 100 | 
            -
            Once you have tweaked your `.kitchen.yml` | 
| 101 | 
            -
            liking, you can bring up an | 
| 102 | 
            -
            command.
         | 
| 102 | 
            +
            Once you have tweaked your [`.kitchen.yml`](.kitchen.yml) (or
         | 
| 103 | 
            +
            [`.kitchen.local.yml`](.kitchen.local.yml)) to your liking, you can bring up an
         | 
| 104 | 
            +
            individual build environment using the `kitchen` command.
         | 
| 105 | 
            +
             | 
| 103 106 |  | 
| 104 107 | 
             
            ```shell
         | 
| 105 | 
            -
            $ bin/kitchen converge ubuntu- | 
| 108 | 
            +
            $ bin/kitchen converge ubuntu-1804
         | 
| 106 109 | 
             
            ```
         | 
| 107 110 |  | 
| 108 111 | 
             
            Then login to the instance and build the project as described in the Usage
         | 
| 109 112 | 
             
            section:
         | 
| 110 113 |  | 
| 111 114 | 
             
            ```shell
         | 
| 112 | 
            -
            $  | 
| 115 | 
            +
            $ bin/kitchen login ubuntu-1804
         | 
| 116 | 
            +
            [vagrant@ubuntu...] $ .  load-omnibus-toolchain.sh
         | 
| 113 117 | 
             
            [vagrant@ubuntu...] $ cd <%= config[:name] %>
         | 
| 114 118 | 
             
            [vagrant@ubuntu...] $ bundle install
         | 
| 115 | 
            -
            [vagrant@ubuntu...] $ ...
         | 
| 116 119 | 
             
            [vagrant@ubuntu...] $ bin/omnibus build <%= config[:name] %>
         | 
| 117 120 | 
             
            ```
         | 
| 118 121 |  | 
| @@ -31,10 +31,11 @@ | |
| 31 31 | 
             
            # Enable S3 asset caching
         | 
| 32 32 | 
             
            # ------------------------------
         | 
| 33 33 | 
             
            # use_s3_caching true
         | 
| 34 | 
            -
            # s3_access_key | 
| 35 | 
            -
            # s3_secret_key | 
| 36 | 
            -
            # s3_profile | 
| 37 | 
            -
            #  | 
| 34 | 
            +
            # s3_access_key    ENV['AWS_ACCESS_KEY_ID']
         | 
| 35 | 
            +
            # s3_secret_key    ENV['AWS_SECRET_ACCESS_KEY']
         | 
| 36 | 
            +
            # s3_profile       ENV['AWS_S3_PROFILE']
         | 
| 37 | 
            +
            # s3_iam_role_arn  ENV['S3_IAM_ROLE_ARN']
         | 
| 38 | 
            +
            # s3_bucket        ENV['AWS_S3_BUCKET']
         | 
| 38 39 |  | 
| 39 40 | 
             
            # Customize compiler bits
         | 
| 40 41 | 
             
            # ------------------------------
         | 
    
        data/lib/omnibus/licensing.rb
    CHANGED
    
    | @@ -439,7 +439,7 @@ module Omnibus | |
| 439 439 |  | 
| 440 440 | 
             
                  if Config.fatal_transitive_dependency_licensing_warnings && !transitive_dependency_licensing_warnings.empty?
         | 
| 441 441 | 
             
                    warnings_to_raise << transitive_dependency_licensing_warnings
         | 
| 442 | 
            -
                    warnings_to_raise << "If you are encountering missing license or missing license file errors for **transitive** dependencies, you can provide overrides for the missing information at https://github.com/chef/license_scout/blob/ | 
| 442 | 
            +
                    warnings_to_raise << "If you are encountering missing license or missing license file errors for **transitive** dependencies, you can provide overrides for the missing information at https://github.com/chef/license_scout/blob/1-stable/lib/license_scout/overrides.rb#L93. \n Promote license_scout to Rubygems with `/expeditor promote chef/license_scout:1-stable X.Y.Z` in slack."
         | 
| 443 443 | 
             
                  end
         | 
| 444 444 |  | 
| 445 445 | 
             
                  warnings_to_raise.flatten!
         | 
    
        data/lib/omnibus/metadata.rb
    CHANGED
    
    | @@ -83,7 +83,7 @@ module Omnibus | |
| 83 83 | 
             
                    data = File.read(path_for(package))
         | 
| 84 84 | 
             
                    hash = FFI_Yajl::Parser.parse(data, symbolize_names: true)
         | 
| 85 85 |  | 
| 86 | 
            -
             | 
| 86 | 
            +
                    # Ensure Platform version has been truncated
         | 
| 87 87 | 
             
                    if hash[:platform_version] && hash[:platform]
         | 
| 88 88 | 
             
                      hash[:platform_version] = truncate_platform_version(hash[:platform_version], hash[:platform])
         | 
| 89 89 | 
             
                    end
         | 
| @@ -64,6 +64,8 @@ module Omnibus | |
| 64 64 | 
             
                build do
         | 
| 65 65 | 
             
                  write_scripts
         | 
| 66 66 |  | 
| 67 | 
            +
                  sign_software_libs_and_bins
         | 
| 68 | 
            +
             | 
| 67 69 | 
             
                  build_component_pkg
         | 
| 68 70 |  | 
| 69 71 | 
             
                  write_distribution_file
         | 
| @@ -177,6 +179,67 @@ module Omnibus | |
| 177 179 | 
             
                  end
         | 
| 178 180 | 
             
                end
         | 
| 179 181 |  | 
| 182 | 
            +
                def sign_software_libs_and_bins
         | 
| 183 | 
            +
                  if signing_identity
         | 
| 184 | 
            +
                    log.info(log_key) { "Finding libraries and binaries that require signing." }
         | 
| 185 | 
            +
             | 
| 186 | 
            +
                    bin_dirs = Set[]
         | 
| 187 | 
            +
                    lib_dirs = Set[]
         | 
| 188 | 
            +
                    binaries = Set[]
         | 
| 189 | 
            +
                    libraries = Set[]
         | 
| 190 | 
            +
             | 
| 191 | 
            +
                    # Capture lib_dirs and bin_dirs from each software
         | 
| 192 | 
            +
                    project.softwares.each do |software|
         | 
| 193 | 
            +
                      lib_dirs.merge(software.lib_dirs)
         | 
| 194 | 
            +
                      bin_dirs.merge(software.bin_dirs)
         | 
| 195 | 
            +
                    end
         | 
| 196 | 
            +
             | 
| 197 | 
            +
                    # Find all binaries in each bind_dir
         | 
| 198 | 
            +
                    bin_dirs.each do |dir|
         | 
| 199 | 
            +
                      binaries.merge Dir["#{dir}/*"]
         | 
| 200 | 
            +
                    end
         | 
| 201 | 
            +
                    # Filter out symlinks, non-files, and non-executables
         | 
| 202 | 
            +
                    log.debug(log_key) { "  Filtering non-binary files:" }
         | 
| 203 | 
            +
                    binaries.select! { |bin| is_binary?(bin) }
         | 
| 204 | 
            +
             | 
| 205 | 
            +
                    # Use otool to find all libries that are used by our binaries
         | 
| 206 | 
            +
                    binaries.each do |bin|
         | 
| 207 | 
            +
                      libraries.merge find_linked_libs bin
         | 
| 208 | 
            +
                    end
         | 
| 209 | 
            +
             | 
| 210 | 
            +
                    # Find all libraries in each lib_dir and add any we missed with otool
         | 
| 211 | 
            +
                    lib_dirs.each do |dir|
         | 
| 212 | 
            +
                      libraries.merge Dir["#{dir}/*"]
         | 
| 213 | 
            +
                    end
         | 
| 214 | 
            +
             | 
| 215 | 
            +
                    # Filter Mach-O libraries and bundles
         | 
| 216 | 
            +
                    log.debug(log_key) { "  Filtering non-library files:" }
         | 
| 217 | 
            +
                    libraries.select! { |lib| is_macho?(lib) }
         | 
| 218 | 
            +
             | 
| 219 | 
            +
                    # Use otool to find all libries that are used by our libraries
         | 
| 220 | 
            +
                    otool_libs = Set[]
         | 
| 221 | 
            +
                    libraries.each do |lib|
         | 
| 222 | 
            +
                      otool_libs.merge find_linked_libs lib
         | 
| 223 | 
            +
                    end
         | 
| 224 | 
            +
             | 
| 225 | 
            +
                    # Filter Mach-O libraries and bundles
         | 
| 226 | 
            +
                    otool_libs.select! { |lib| is_macho?(lib) }
         | 
| 227 | 
            +
                    libraries.merge otool_libs
         | 
| 228 | 
            +
             | 
| 229 | 
            +
                    log.info(log_key) { "  Signing libraries:" } unless libraries.empty?
         | 
| 230 | 
            +
                    libraries.each do |library|
         | 
| 231 | 
            +
                      log.debug(log_key) { "    Signing: #{library}" }
         | 
| 232 | 
            +
                      sign_library(library)
         | 
| 233 | 
            +
                    end
         | 
| 234 | 
            +
             | 
| 235 | 
            +
                    log.info(log_key) { "  Signing binaries:" } unless binaries.empty?
         | 
| 236 | 
            +
                    binaries.each do |binary|
         | 
| 237 | 
            +
                      log.debug(log_key) { "    Signing: #{binary}" }
         | 
| 238 | 
            +
                      sign_binary(binary, true)
         | 
| 239 | 
            +
                    end
         | 
| 240 | 
            +
                  end
         | 
| 241 | 
            +
                end
         | 
| 242 | 
            +
             | 
| 180 243 | 
             
                #
         | 
| 181 244 | 
             
                # Construct the intermediate build product. It can be installed with the
         | 
| 182 245 | 
             
                # Installer.app, but doesn't contain the data needed to customize the
         | 
| @@ -185,16 +248,20 @@ module Omnibus | |
| 185 248 | 
             
                # @return [void]
         | 
| 186 249 | 
             
                #
         | 
| 187 250 | 
             
                def build_component_pkg
         | 
| 188 | 
            -
                  command =  | 
| 251 | 
            +
                  command = <<~EOH
         | 
| 189 252 | 
             
                    pkgbuild \\
         | 
| 190 253 | 
             
                      --identifier "#{safe_identifier}" \\
         | 
| 191 254 | 
             
                      --version "#{safe_version}" \\
         | 
| 192 255 | 
             
                      --scripts "#{scripts_dir}" \\
         | 
| 193 256 | 
             
                      --root "#{project.install_dir}" \\
         | 
| 194 257 | 
             
                      --install-location "#{project.install_dir}" \\
         | 
| 195 | 
            -
                       | 
| 258 | 
            +
                      --preserve-xattr \\
         | 
| 196 259 | 
             
                  EOH
         | 
| 197 260 |  | 
| 261 | 
            +
                  command << %Q{  --sign "#{signing_identity}" \\\n} if signing_identity
         | 
| 262 | 
            +
                  command << %Q{  "#{component_pkg}"}
         | 
| 263 | 
            +
                  command << %Q{\n}
         | 
| 264 | 
            +
             | 
| 198 265 | 
             
                  Dir.chdir(staging_dir) do
         | 
| 199 266 | 
             
                    shellout!(command)
         | 
| 200 267 | 
             
                  end
         | 
| @@ -229,7 +296,7 @@ module Omnibus | |
| 229 296 | 
             
                # @return [void]
         | 
| 230 297 | 
             
                #
         | 
| 231 298 | 
             
                def build_product_pkg
         | 
| 232 | 
            -
                  command =  | 
| 299 | 
            +
                  command = <<~EOH
         | 
| 233 300 | 
             
                    productbuild \\
         | 
| 234 301 | 
             
                      --distribution "#{staging_dir}/Distribution" \\
         | 
| 235 302 | 
             
                      --resources "#{resources_dir}" \\
         | 
| @@ -320,5 +387,57 @@ module Omnibus | |
| 320 387 | 
             
                    converted
         | 
| 321 388 | 
             
                  end
         | 
| 322 389 | 
             
                end
         | 
| 390 | 
            +
             | 
| 391 | 
            +
                #
         | 
| 392 | 
            +
                # Given a file path return any linked libraries.
         | 
| 393 | 
            +
                #
         | 
| 394 | 
            +
                # @param [String] file_path
         | 
| 395 | 
            +
                #    The path to a file
         | 
| 396 | 
            +
                # @return [Array<String>]
         | 
| 397 | 
            +
                #    The linked libs
         | 
| 398 | 
            +
                #
         | 
| 399 | 
            +
                def find_linked_libs(file_path)
         | 
| 400 | 
            +
                  # Find all libaries for each bin
         | 
| 401 | 
            +
                  command = "otool -L #{file_path}"
         | 
| 402 | 
            +
             | 
| 403 | 
            +
                  stdout = shellout!(command).stdout
         | 
| 404 | 
            +
                  stdout.slice!(file_path)
         | 
| 405 | 
            +
                  stdout.scan(/#{install_dir}\S*/)
         | 
| 406 | 
            +
                end
         | 
| 407 | 
            +
             | 
| 408 | 
            +
                def sign_library(lib)
         | 
| 409 | 
            +
                  sign_binary(lib)
         | 
| 410 | 
            +
                end
         | 
| 411 | 
            +
             | 
| 412 | 
            +
                def sign_binary(bin, hardened_runtime = false)
         | 
| 413 | 
            +
                  command = "codesign -s '#{signing_identity}' '#{bin}'"
         | 
| 414 | 
            +
                  command << %q{ --options=runtime} if hardened_runtime
         | 
| 415 | 
            +
                  command << %Q{ --entitlements #{resource_path("entitlements.plist")}} if File.exist?(resource_path("entitlements.plist")) && hardened_runtime
         | 
| 416 | 
            +
                  ## Force re-signing to deal with binaries that have the same sha.
         | 
| 417 | 
            +
                  command << %q{ --force}
         | 
| 418 | 
            +
                  command << %Q{\n}
         | 
| 419 | 
            +
             | 
| 420 | 
            +
                  shellout!(command)
         | 
| 421 | 
            +
                end
         | 
| 422 | 
            +
             | 
| 423 | 
            +
                def is_binary?(bin)
         | 
| 424 | 
            +
                  is_binary = File.file?(bin) &&
         | 
| 425 | 
            +
                    File.executable?(bin) &&
         | 
| 426 | 
            +
                    !File.symlink?(bin)
         | 
| 427 | 
            +
                  log.debug(log_key) { "    removing from signing: #{bin}" } unless is_binary
         | 
| 428 | 
            +
                  is_binary
         | 
| 429 | 
            +
                end
         | 
| 430 | 
            +
             | 
| 431 | 
            +
                def is_macho?(lib)
         | 
| 432 | 
            +
                  is_macho = false
         | 
| 433 | 
            +
                  if is_binary?(lib)
         | 
| 434 | 
            +
                    command = "file #{lib}"
         | 
| 435 | 
            +
             | 
| 436 | 
            +
                    stdout = shellout!(command).stdout
         | 
| 437 | 
            +
                    is_macho = stdout.match?(/Mach-O.*library/) || stdout.match?(/Mach-O.*bundle/)
         | 
| 438 | 
            +
                  end
         | 
| 439 | 
            +
                  log.debug(log_key) { "    removing from signing: #{lib}" } unless is_macho
         | 
| 440 | 
            +
                  is_macho
         | 
| 441 | 
            +
                end
         | 
| 323 442 | 
             
              end
         | 
| 324 443 | 
             
            end
         | 
| @@ -65,11 +65,13 @@ module Omnibus | |
| 65 65 | 
             
                    bucket_name: @options[:bucket],
         | 
| 66 66 | 
             
                  }
         | 
| 67 67 |  | 
| 68 | 
            -
                  if Config. | 
| 69 | 
            -
                    config[: | 
| 68 | 
            +
                  if Config.publish_s3_iam_role_arn
         | 
| 69 | 
            +
                    config[:publish_s3_iam_role_arn] = Config.publish_s3_iam_role_arn
         | 
| 70 | 
            +
                  elsif Config.publish_s3_profile
         | 
| 71 | 
            +
                    config[:profile] = Config.publish_s3_profile
         | 
| 70 72 | 
             
                  else
         | 
| 71 | 
            -
                    config[:access_key_id] | 
| 72 | 
            -
                    config[:secret_access_key] | 
| 73 | 
            +
                    config[:access_key_id] = Config.publish_s3_access_key
         | 
| 74 | 
            +
                    config[:secret_access_key] = Config.publish_s3_secret_key
         | 
| 73 75 | 
             
                  end
         | 
| 74 76 |  | 
| 75 77 | 
             
                  config
         | 
    
        data/lib/omnibus/s3_cache.rb
    CHANGED
    
    | @@ -147,7 +147,9 @@ module Omnibus | |
| 147 147 | 
             
                      force_path_style: Config.s3_force_path_style,
         | 
| 148 148 | 
             
                    }
         | 
| 149 149 |  | 
| 150 | 
            -
                    if Config. | 
| 150 | 
            +
                    if Config.s3_iam_role_arn
         | 
| 151 | 
            +
                      config[:iam_role_arn] = Config.s3_iam_role_arn
         | 
| 152 | 
            +
                    elsif Config.s3_profile
         | 
| 151 153 | 
             
                      config[:profile] = Config.s3_profile
         | 
| 152 154 | 
             
                    else
         | 
| 153 155 | 
             
                      config[:access_key_id] = Config.s3_access_key
         |