omnibus 6.1.9 → 8.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +0 -4
- data/README.md +54 -13
- data/bin/omnibus +1 -1
- data/lib/omnibus.rb +2 -2
- data/lib/omnibus/build_version.rb +1 -1
- data/lib/omnibus/build_version_dsl.rb +5 -7
- data/lib/omnibus/builder.rb +4 -4
- data/lib/omnibus/cleaner.rb +1 -1
- data/lib/omnibus/cli.rb +2 -2
- data/lib/omnibus/cli/changelog.rb +1 -1
- data/lib/omnibus/compressor.rb +2 -2
- data/lib/omnibus/compressors/base.rb +2 -2
- data/lib/omnibus/compressors/dmg.rb +5 -2
- data/lib/omnibus/compressors/tgz.rb +2 -2
- data/lib/omnibus/config.rb +13 -3
- data/lib/omnibus/core_extensions/open_uri.rb +1 -1
- data/lib/omnibus/digestable.rb +2 -2
- data/lib/omnibus/download_helpers.rb +6 -2
- data/lib/omnibus/fetchers/file_fetcher.rb +1 -1
- data/lib/omnibus/fetchers/net_fetcher.rb +1 -1
- data/lib/omnibus/fetchers/path_fetcher.rb +1 -1
- data/lib/omnibus/file_syncer.rb +1 -1
- data/lib/omnibus/generator.rb +2 -2
- data/lib/omnibus/generator_files/README.md.erb +20 -16
- data/lib/omnibus/generator_files/config/software/preparation.rb.erb +1 -1
- data/lib/omnibus/generator_files/omnibus.rb.erb +5 -4
- data/lib/omnibus/git_cache.rb +2 -2
- data/lib/omnibus/health_check.rb +2 -0
- data/lib/omnibus/licensing.rb +3 -3
- data/lib/omnibus/logger.rb +1 -1
- data/lib/omnibus/manifest.rb +1 -1
- data/lib/omnibus/metadata.rb +3 -3
- data/lib/omnibus/ohai.rb +1 -1
- data/lib/omnibus/package.rb +1 -1
- data/lib/omnibus/packager.rb +6 -14
- data/lib/omnibus/packagers/base.rb +1 -1
- data/lib/omnibus/packagers/msi.rb +1 -1
- data/lib/omnibus/packagers/pkg.rb +122 -3
- data/lib/omnibus/packagers/solaris.rb +1 -1
- data/lib/omnibus/project.rb +2 -2
- data/lib/omnibus/publishers/artifactory_publisher.rb +2 -2
- data/lib/omnibus/publishers/s3_publisher.rb +6 -4
- data/lib/omnibus/s3_cache.rb +4 -2
- data/lib/omnibus/s3_helpers.rb +7 -7
- data/lib/omnibus/software.rb +52 -34
- data/lib/omnibus/sugarable.rb +5 -14
- data/lib/omnibus/templating.rb +1 -1
- data/lib/omnibus/thread_pool.rb +0 -2
- data/lib/omnibus/util.rb +1 -1
- data/lib/omnibus/version.rb +1 -1
- data/lib/omnibus/whitelist.rb +24 -1
- data/omnibus.gemspec +7 -8
- data/resources/ips/doc-transform.erb +1 -0
- data/resources/msi/CustomActionFastMsi.CA.dll +0 -0
- data/resources/msi/source.wxs.erb +2 -10
- data/resources/rpm/signing.erb +7 -10
- data/spec/support/path_helpers.rb +2 -2
- data/spec/unit/compressor_spec.rb +1 -1
- data/spec/unit/compressors/dmg_spec.rb +5 -2
- data/spec/unit/metadata_spec.rb +6 -6
- data/spec/unit/packager_spec.rb +6 -13
- data/spec/unit/packagers/ips_spec.rb +1 -0
- data/spec/unit/packagers/pkg_spec.rb +354 -0
- data/spec/unit/packagers/rpm_spec.rb +5 -5
- data/spec/unit/project_spec.rb +5 -5
- data/spec/unit/s3_cacher_spec.rb +17 -0
- data/spec/unit/s3_helpers_spec.rb +20 -1
- data/spec/unit/software_spec.rb +58 -119
- metadata +22 -22
data/lib/omnibus/file_syncer.rb
CHANGED
data/lib/omnibus/generator.rb
CHANGED
@@ -14,7 +14,7 @@
|
|
14
14
|
# limitations under the License.
|
15
15
|
#
|
16
16
|
|
17
|
-
require "thor"
|
17
|
+
require "thor" unless defined?(Thor)
|
18
18
|
|
19
19
|
module Omnibus
|
20
20
|
class Generator < Thor::Group
|
@@ -73,7 +73,7 @@ module Omnibus
|
|
73
73
|
class << self
|
74
74
|
# Set the source root for Thor
|
75
75
|
def source_root
|
76
|
-
File.expand_path("
|
76
|
+
File.expand_path("generator_files", __dir__)
|
77
77
|
end
|
78
78
|
end
|
79
79
|
|
@@ -47,8 +47,8 @@ $ bin/omnibus clean <%= config[:name] %> --purge
|
|
47
47
|
### Publish
|
48
48
|
|
49
49
|
Omnibus has a built-in mechanism for releasing to a variety of "backends", such
|
50
|
-
as Amazon S3. You must set the proper credentials in your
|
51
|
-
file or specify them via the command line.
|
50
|
+
as Amazon S3. You must set the proper credentials in your
|
51
|
+
[`omnibus.rb`](omnibus.rb) config file or specify them via the command line.
|
52
52
|
|
53
53
|
```shell
|
54
54
|
$ bin/omnibus publish path/to/*.deb --backend s3
|
@@ -82,37 +82,41 @@ version of every software definition.
|
|
82
82
|
|
83
83
|
Kitchen-based Build Environment
|
84
84
|
-------------------------------
|
85
|
-
Every Omnibus project ships
|
86
|
-
[Berksfile](https://docs.chef.io/berkshelf.html) that will allow you to build
|
87
|
-
|
88
|
-
|
85
|
+
Every Omnibus project ships with a project-specific
|
86
|
+
[Berksfile](https://docs.chef.io/berkshelf.html) that will allow you to build
|
87
|
+
your omnibus projects on all of the platforms listed in the
|
88
|
+
[`.kitchen.yml`](.kitchen.yml). You can add/remove additional platforms as
|
89
|
+
needed by changing the list found in the [`.kitchen.yml`](.kitchen.yml)
|
90
|
+
`platforms` YAML stanza.
|
89
91
|
|
90
92
|
This build environment is designed to get you up-and-running quickly. However,
|
91
|
-
there is nothing that restricts you
|
92
|
-
the [omnibus cookbook](https://github.com/chef-cookbooks/omnibus) to setup
|
93
|
-
|
93
|
+
there is nothing that restricts you from building on other platforms. Simply use
|
94
|
+
the [omnibus cookbook](https://github.com/chef-cookbooks/omnibus) to setup your
|
95
|
+
desired platform and execute the build steps listed above.
|
94
96
|
|
95
97
|
The default build environment requires Test Kitchen and VirtualBox for local
|
96
98
|
development. Test Kitchen also exposes the ability to provision instances using
|
97
99
|
various cloud providers like AWS, DigitalOcean, or OpenStack. For more
|
98
100
|
information, please see the [Test Kitchen documentation](https://kitchen.ci/).
|
99
101
|
|
100
|
-
Once you have tweaked your `.kitchen.yml`
|
101
|
-
liking, you can bring up an
|
102
|
-
command.
|
102
|
+
Once you have tweaked your [`.kitchen.yml`](.kitchen.yml) (or
|
103
|
+
[`.kitchen.local.yml`](.kitchen.local.yml)) to your liking, you can bring up an
|
104
|
+
individual build environment using the `kitchen` command.
|
105
|
+
|
103
106
|
|
104
107
|
```shell
|
105
|
-
$ bin/kitchen converge ubuntu-
|
108
|
+
$ bin/kitchen converge ubuntu-1804
|
106
109
|
```
|
107
110
|
|
108
111
|
Then login to the instance and build the project as described in the Usage
|
109
112
|
section:
|
110
113
|
|
111
114
|
```shell
|
112
|
-
$
|
113
|
-
[vagrant@ubuntu...] $
|
115
|
+
$ bin/kitchen login ubuntu-1804
|
116
|
+
[vagrant@ubuntu...] $ . load-omnibus-toolchain.sh
|
117
|
+
[vagrant@ubuntu...] $ [ -e .bundle ] && sudo chown -R vagrant:vagrant .bundle
|
118
|
+
[vagrant@ubuntu...] $ cd <%= config[:name] %> # or 'cd <%= config[:name] %>/omnibus' if your omnibus project is embedded in your main project
|
114
119
|
[vagrant@ubuntu...] $ bundle install
|
115
|
-
[vagrant@ubuntu...] $ ...
|
116
120
|
[vagrant@ubuntu...] $ bin/omnibus build <%= config[:name] %>
|
117
121
|
```
|
118
122
|
|
@@ -31,10 +31,11 @@
|
|
31
31
|
# Enable S3 asset caching
|
32
32
|
# ------------------------------
|
33
33
|
# use_s3_caching true
|
34
|
-
# s3_access_key
|
35
|
-
# s3_secret_key
|
36
|
-
# s3_profile
|
37
|
-
#
|
34
|
+
# s3_access_key ENV['AWS_ACCESS_KEY_ID']
|
35
|
+
# s3_secret_key ENV['AWS_SECRET_ACCESS_KEY']
|
36
|
+
# s3_profile ENV['AWS_S3_PROFILE']
|
37
|
+
# s3_iam_role_arn ENV['S3_IAM_ROLE_ARN']
|
38
|
+
# s3_bucket ENV['AWS_S3_BUCKET']
|
38
39
|
|
39
40
|
# Customize compiler bits
|
40
41
|
# ------------------------------
|
data/lib/omnibus/git_cache.rb
CHANGED
data/lib/omnibus/health_check.rb
CHANGED
data/lib/omnibus/licensing.rb
CHANGED
@@ -14,8 +14,8 @@
|
|
14
14
|
# limitations under the License.
|
15
15
|
#
|
16
16
|
|
17
|
-
require "uri"
|
18
|
-
require "fileutils"
|
17
|
+
require "uri" unless defined?(URI)
|
18
|
+
require "fileutils" unless defined?(FileUtils)
|
19
19
|
require "omnibus/download_helpers"
|
20
20
|
require "license_scout/collector"
|
21
21
|
require "license_scout/reporter"
|
@@ -439,7 +439,7 @@ module Omnibus
|
|
439
439
|
|
440
440
|
if Config.fatal_transitive_dependency_licensing_warnings && !transitive_dependency_licensing_warnings.empty?
|
441
441
|
warnings_to_raise << transitive_dependency_licensing_warnings
|
442
|
-
warnings_to_raise << "If you are encountering missing license or missing license file errors for **transitive** dependencies, you can provide overrides for the missing information at https://github.com/chef/license_scout/blob/
|
442
|
+
warnings_to_raise << "If you are encountering missing license or missing license file errors for **transitive** dependencies, you can provide overrides for the missing information at https://github.com/chef/license_scout/blob/1-stable/lib/license_scout/overrides.rb#L93. \n Promote license_scout to Rubygems with `/expeditor promote chef/license_scout:1-stable X.Y.Z` in slack."
|
443
443
|
end
|
444
444
|
|
445
445
|
warnings_to_raise.flatten!
|
data/lib/omnibus/logger.rb
CHANGED
data/lib/omnibus/manifest.rb
CHANGED
data/lib/omnibus/metadata.rb
CHANGED
@@ -14,7 +14,7 @@
|
|
14
14
|
# limitations under the License.
|
15
15
|
#
|
16
16
|
|
17
|
-
require "ffi_yajl"
|
17
|
+
require "ffi_yajl" unless defined?(FFI_Yajl)
|
18
18
|
|
19
19
|
module Omnibus
|
20
20
|
class Metadata
|
@@ -83,7 +83,7 @@ module Omnibus
|
|
83
83
|
data = File.read(path_for(package))
|
84
84
|
hash = FFI_Yajl::Parser.parse(data, symbolize_names: true)
|
85
85
|
|
86
|
-
|
86
|
+
# Ensure Platform version has been truncated
|
87
87
|
if hash[:platform_version] && hash[:platform]
|
88
88
|
hash[:platform_version] = truncate_platform_version(hash[:platform_version], hash[:platform])
|
89
89
|
end
|
@@ -170,7 +170,7 @@ module Omnibus
|
|
170
170
|
# rubocop:disable Lint/DuplicateCaseCondition
|
171
171
|
def truncate_platform_version(platform_version, platform)
|
172
172
|
case platform
|
173
|
-
when "centos", "debian", "el", "fedora", "freebsd", "omnios", "pidora", "raspbian", "rhel", "sles", "suse", "smartos"
|
173
|
+
when "centos", "cumulus", "debian", "el", "fedora", "freebsd", "omnios", "pidora", "raspbian", "rhel", "sles", "suse", "smartos"
|
174
174
|
# Only want MAJOR (e.g. Debian 7, OmniOS r151006, SmartOS 20120809T221258Z)
|
175
175
|
platform_version.split(".").first
|
176
176
|
when "aix", "alpine", "mac_os_x", "openbsd", "slackware", "solaris2", "opensuse", "opensuseleap", "ubuntu", "amazon"
|
data/lib/omnibus/ohai.rb
CHANGED
data/lib/omnibus/package.rb
CHANGED
data/lib/omnibus/packager.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
#
|
2
|
-
# Copyright 2014-
|
2
|
+
# Copyright 2014-2020, Chef Software Inc.
|
3
3
|
#
|
4
4
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
5
|
# you may not use this file except in compliance with the License.
|
@@ -46,6 +46,7 @@ module Omnibus
|
|
46
46
|
"amazon" => RPM,
|
47
47
|
"aix" => BFF,
|
48
48
|
"solaris" => Solaris,
|
49
|
+
"omnios" => IPS,
|
49
50
|
"ips" => IPS,
|
50
51
|
"windows" => [MSI, APPX],
|
51
52
|
"mac_os_x" => PKG,
|
@@ -65,25 +66,16 @@ module Omnibus
|
|
65
66
|
family = Ohai["platform_family"]
|
66
67
|
version = Ohai["platform_version"]
|
67
68
|
|
68
|
-
if family == "solaris2" &&
|
69
|
+
if family == "solaris2" && ChefUtils::VersionString.new(version).satisfies?(">= 5.11")
|
69
70
|
family = "ips"
|
70
|
-
elsif family == "solaris2" &&
|
71
|
+
elsif family == "solaris2" && ChefUtils::VersionString.new(version).satisfies?(">= 5.10")
|
71
72
|
family = "solaris"
|
72
73
|
end
|
73
74
|
if klass = PLATFORM_PACKAGER_MAP[family]
|
74
|
-
|
75
|
-
|
76
|
-
if package_types.include?(APPX) &&
|
77
|
-
!Chef::Sugar::Constraints::Version.new(version).satisfies?(">= 6.2")
|
78
|
-
log.warn(log_key) { "APPX generation is only supported on Windows versions 2012 and above" }
|
79
|
-
package_types -= [APPX]
|
80
|
-
end
|
81
|
-
|
82
|
-
package_types
|
75
|
+
klass.is_a?(Array) ? klass : [ klass ]
|
83
76
|
else
|
84
77
|
log.warn(log_key) do
|
85
|
-
"Could not determine packager for `#{family}
|
86
|
-
"to `makeself'!"
|
78
|
+
"Could not determine packager for `#{family}`, defaulting to `makeself`!"
|
87
79
|
end
|
88
80
|
[Makeself]
|
89
81
|
end
|
@@ -64,6 +64,8 @@ module Omnibus
|
|
64
64
|
build do
|
65
65
|
write_scripts
|
66
66
|
|
67
|
+
sign_software_libs_and_bins
|
68
|
+
|
67
69
|
build_component_pkg
|
68
70
|
|
69
71
|
write_distribution_file
|
@@ -177,6 +179,67 @@ module Omnibus
|
|
177
179
|
end
|
178
180
|
end
|
179
181
|
|
182
|
+
def sign_software_libs_and_bins
|
183
|
+
if signing_identity
|
184
|
+
log.info(log_key) { "Finding libraries and binaries that require signing." }
|
185
|
+
|
186
|
+
bin_dirs = Set[]
|
187
|
+
lib_dirs = Set[]
|
188
|
+
binaries = Set[]
|
189
|
+
libraries = Set[]
|
190
|
+
|
191
|
+
# Capture lib_dirs and bin_dirs from each software
|
192
|
+
project.softwares.each do |software|
|
193
|
+
lib_dirs.merge(software.lib_dirs)
|
194
|
+
bin_dirs.merge(software.bin_dirs)
|
195
|
+
end
|
196
|
+
|
197
|
+
# Find all binaries in each bind_dir
|
198
|
+
bin_dirs.each do |dir|
|
199
|
+
binaries.merge Dir["#{dir}/*"]
|
200
|
+
end
|
201
|
+
# Filter out symlinks, non-files, and non-executables
|
202
|
+
log.debug(log_key) { " Filtering non-binary files:" }
|
203
|
+
binaries.select! { |bin| is_binary?(bin) }
|
204
|
+
|
205
|
+
# Use otool to find all libries that are used by our binaries
|
206
|
+
binaries.each do |bin|
|
207
|
+
libraries.merge find_linked_libs bin
|
208
|
+
end
|
209
|
+
|
210
|
+
# Find all libraries in each lib_dir and add any we missed with otool
|
211
|
+
lib_dirs.each do |dir|
|
212
|
+
libraries.merge Dir["#{dir}/*"]
|
213
|
+
end
|
214
|
+
|
215
|
+
# Filter Mach-O libraries and bundles
|
216
|
+
log.debug(log_key) { " Filtering non-library files:" }
|
217
|
+
libraries.select! { |lib| is_macho?(lib) }
|
218
|
+
|
219
|
+
# Use otool to find all libries that are used by our libraries
|
220
|
+
otool_libs = Set[]
|
221
|
+
libraries.each do |lib|
|
222
|
+
otool_libs.merge find_linked_libs lib
|
223
|
+
end
|
224
|
+
|
225
|
+
# Filter Mach-O libraries and bundles
|
226
|
+
otool_libs.select! { |lib| is_macho?(lib) }
|
227
|
+
libraries.merge otool_libs
|
228
|
+
|
229
|
+
log.info(log_key) { " Signing libraries:" } unless libraries.empty?
|
230
|
+
libraries.each do |library|
|
231
|
+
log.debug(log_key) { " Signing: #{library}" }
|
232
|
+
sign_library(library)
|
233
|
+
end
|
234
|
+
|
235
|
+
log.info(log_key) { " Signing binaries:" } unless binaries.empty?
|
236
|
+
binaries.each do |binary|
|
237
|
+
log.debug(log_key) { " Signing: #{binary}" }
|
238
|
+
sign_binary(binary, true)
|
239
|
+
end
|
240
|
+
end
|
241
|
+
end
|
242
|
+
|
180
243
|
#
|
181
244
|
# Construct the intermediate build product. It can be installed with the
|
182
245
|
# Installer.app, but doesn't contain the data needed to customize the
|
@@ -185,16 +248,20 @@ module Omnibus
|
|
185
248
|
# @return [void]
|
186
249
|
#
|
187
250
|
def build_component_pkg
|
188
|
-
command =
|
251
|
+
command = <<~EOH
|
189
252
|
pkgbuild \\
|
190
253
|
--identifier "#{safe_identifier}" \\
|
191
254
|
--version "#{safe_version}" \\
|
192
255
|
--scripts "#{scripts_dir}" \\
|
193
256
|
--root "#{project.install_dir}" \\
|
194
257
|
--install-location "#{project.install_dir}" \\
|
195
|
-
|
258
|
+
--preserve-xattr \\
|
196
259
|
EOH
|
197
260
|
|
261
|
+
command << %Q{ --sign "#{signing_identity}" \\\n} if signing_identity
|
262
|
+
command << %Q{ "#{component_pkg}"}
|
263
|
+
command << %Q{\n}
|
264
|
+
|
198
265
|
Dir.chdir(staging_dir) do
|
199
266
|
shellout!(command)
|
200
267
|
end
|
@@ -229,7 +296,7 @@ module Omnibus
|
|
229
296
|
# @return [void]
|
230
297
|
#
|
231
298
|
def build_product_pkg
|
232
|
-
command =
|
299
|
+
command = <<~EOH
|
233
300
|
productbuild \\
|
234
301
|
--distribution "#{staging_dir}/Distribution" \\
|
235
302
|
--resources "#{resources_dir}" \\
|
@@ -320,5 +387,57 @@ module Omnibus
|
|
320
387
|
converted
|
321
388
|
end
|
322
389
|
end
|
390
|
+
|
391
|
+
#
|
392
|
+
# Given a file path return any linked libraries.
|
393
|
+
#
|
394
|
+
# @param [String] file_path
|
395
|
+
# The path to a file
|
396
|
+
# @return [Array<String>]
|
397
|
+
# The linked libs
|
398
|
+
#
|
399
|
+
def find_linked_libs(file_path)
|
400
|
+
# Find all libaries for each bin
|
401
|
+
command = "otool -L #{file_path}"
|
402
|
+
|
403
|
+
stdout = shellout!(command).stdout
|
404
|
+
stdout.slice!(file_path)
|
405
|
+
stdout.scan(/#{install_dir}\S*/)
|
406
|
+
end
|
407
|
+
|
408
|
+
def sign_library(lib)
|
409
|
+
sign_binary(lib)
|
410
|
+
end
|
411
|
+
|
412
|
+
def sign_binary(bin, hardened_runtime = false)
|
413
|
+
command = "codesign -s '#{signing_identity}' '#{bin}'"
|
414
|
+
command << %q{ --options=runtime} if hardened_runtime
|
415
|
+
command << %Q{ --entitlements #{resource_path("entitlements.plist")}} if File.exist?(resource_path("entitlements.plist")) && hardened_runtime
|
416
|
+
## Force re-signing to deal with binaries that have the same sha.
|
417
|
+
command << %q{ --force}
|
418
|
+
command << %Q{\n}
|
419
|
+
|
420
|
+
shellout!(command)
|
421
|
+
end
|
422
|
+
|
423
|
+
def is_binary?(bin)
|
424
|
+
is_binary = File.file?(bin) &&
|
425
|
+
File.executable?(bin) &&
|
426
|
+
!File.symlink?(bin)
|
427
|
+
log.debug(log_key) { " removing non-binary file from signing: #{bin}" } unless is_binary
|
428
|
+
is_binary
|
429
|
+
end
|
430
|
+
|
431
|
+
def is_macho?(lib)
|
432
|
+
is_macho = false
|
433
|
+
if is_binary?(lib)
|
434
|
+
command = "file #{lib}"
|
435
|
+
|
436
|
+
stdout = shellout!(command).stdout
|
437
|
+
is_macho = stdout.match?(/Mach-O.*(library|bundle)/)
|
438
|
+
end
|
439
|
+
log.debug(log_key) { " removing non-Mach-O library file from signing: #{lib}" } unless is_macho
|
440
|
+
is_macho
|
441
|
+
end
|
323
442
|
end
|
324
443
|
end
|