omnibus 6.1.9 → 8.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +0 -4
- data/README.md +54 -13
- data/bin/omnibus +1 -1
- data/lib/omnibus.rb +2 -2
- data/lib/omnibus/build_version.rb +1 -1
- data/lib/omnibus/build_version_dsl.rb +5 -7
- data/lib/omnibus/builder.rb +4 -4
- data/lib/omnibus/cleaner.rb +1 -1
- data/lib/omnibus/cli.rb +2 -2
- data/lib/omnibus/cli/changelog.rb +1 -1
- data/lib/omnibus/compressor.rb +2 -2
- data/lib/omnibus/compressors/base.rb +2 -2
- data/lib/omnibus/compressors/dmg.rb +5 -2
- data/lib/omnibus/compressors/tgz.rb +2 -2
- data/lib/omnibus/config.rb +13 -3
- data/lib/omnibus/core_extensions/open_uri.rb +1 -1
- data/lib/omnibus/digestable.rb +2 -2
- data/lib/omnibus/download_helpers.rb +6 -2
- data/lib/omnibus/fetchers/file_fetcher.rb +1 -1
- data/lib/omnibus/fetchers/net_fetcher.rb +1 -1
- data/lib/omnibus/fetchers/path_fetcher.rb +1 -1
- data/lib/omnibus/file_syncer.rb +1 -1
- data/lib/omnibus/generator.rb +2 -2
- data/lib/omnibus/generator_files/README.md.erb +20 -16
- data/lib/omnibus/generator_files/config/software/preparation.rb.erb +1 -1
- data/lib/omnibus/generator_files/omnibus.rb.erb +5 -4
- data/lib/omnibus/git_cache.rb +2 -2
- data/lib/omnibus/health_check.rb +2 -0
- data/lib/omnibus/licensing.rb +3 -3
- data/lib/omnibus/logger.rb +1 -1
- data/lib/omnibus/manifest.rb +1 -1
- data/lib/omnibus/metadata.rb +3 -3
- data/lib/omnibus/ohai.rb +1 -1
- data/lib/omnibus/package.rb +1 -1
- data/lib/omnibus/packager.rb +6 -14
- data/lib/omnibus/packagers/base.rb +1 -1
- data/lib/omnibus/packagers/msi.rb +1 -1
- data/lib/omnibus/packagers/pkg.rb +122 -3
- data/lib/omnibus/packagers/solaris.rb +1 -1
- data/lib/omnibus/project.rb +2 -2
- data/lib/omnibus/publishers/artifactory_publisher.rb +2 -2
- data/lib/omnibus/publishers/s3_publisher.rb +6 -4
- data/lib/omnibus/s3_cache.rb +4 -2
- data/lib/omnibus/s3_helpers.rb +7 -7
- data/lib/omnibus/software.rb +52 -34
- data/lib/omnibus/sugarable.rb +5 -14
- data/lib/omnibus/templating.rb +1 -1
- data/lib/omnibus/thread_pool.rb +0 -2
- data/lib/omnibus/util.rb +1 -1
- data/lib/omnibus/version.rb +1 -1
- data/lib/omnibus/whitelist.rb +24 -1
- data/omnibus.gemspec +7 -8
- data/resources/ips/doc-transform.erb +1 -0
- data/resources/msi/CustomActionFastMsi.CA.dll +0 -0
- data/resources/msi/source.wxs.erb +2 -10
- data/resources/rpm/signing.erb +7 -10
- data/spec/support/path_helpers.rb +2 -2
- data/spec/unit/compressor_spec.rb +1 -1
- data/spec/unit/compressors/dmg_spec.rb +5 -2
- data/spec/unit/metadata_spec.rb +6 -6
- data/spec/unit/packager_spec.rb +6 -13
- data/spec/unit/packagers/ips_spec.rb +1 -0
- data/spec/unit/packagers/pkg_spec.rb +354 -0
- data/spec/unit/packagers/rpm_spec.rb +5 -5
- data/spec/unit/project_spec.rb +5 -5
- data/spec/unit/s3_cacher_spec.rb +17 -0
- data/spec/unit/s3_helpers_spec.rb +20 -1
- data/spec/unit/software_spec.rb +58 -119
- metadata +22 -22
data/resources/rpm/signing.erb
CHANGED
@@ -11,25 +11,22 @@ require 'pty'
|
|
11
11
|
|
12
12
|
puts rpm_cmd
|
13
13
|
PTY.spawn(rpm_cmd) do |r, w, pid|
|
14
|
+
# Older versions of rpmsign will prompt right away for the passphrase
|
14
15
|
prompt = r.read(19)
|
15
16
|
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
STDERR.puts "unexpected output from `#{rpm_cmd}`: '#{prompt}'"
|
20
|
-
Process.kill(:KILL, pid)
|
21
|
-
exit 1
|
17
|
+
if prompt == 'Enter pass phrase: '
|
18
|
+
STDOUT.puts prompt
|
19
|
+
w.write("#{password}\n")
|
22
20
|
end
|
23
21
|
|
24
|
-
STDOUT.puts prompt
|
25
|
-
w.write("#{password}\n")
|
26
|
-
|
27
22
|
# Keep printing output unti the command exits
|
28
23
|
loop do
|
29
24
|
begin
|
30
25
|
line = r.gets
|
31
26
|
puts line
|
32
|
-
if
|
27
|
+
if line =~ /Please enter the passphrase to unlock the OpenPGP secret key:/
|
28
|
+
w.write("#{password}\n")
|
29
|
+
elsif (line =~ /failed/) && !(line =~ /warning:/)
|
33
30
|
STDERR.puts 'RPM signing failure'
|
34
31
|
exit 1
|
35
32
|
end
|
@@ -6,13 +6,13 @@ module Omnibus
|
|
6
6
|
end
|
7
7
|
|
8
8
|
def tmp_path
|
9
|
-
File.expand_path("
|
9
|
+
File.expand_path("../tmp", __dir__)
|
10
10
|
end
|
11
11
|
|
12
12
|
private
|
13
13
|
|
14
14
|
def fixtures_path
|
15
|
-
File.expand_path("
|
15
|
+
File.expand_path("../fixtures", __dir__)
|
16
16
|
end
|
17
17
|
end
|
18
18
|
end
|
@@ -4,7 +4,7 @@ module Omnibus
|
|
4
4
|
describe Compressor do
|
5
5
|
describe ".for_current_system" do
|
6
6
|
context "on Mac OS X" do
|
7
|
-
before { stub_ohai(platform: "mac_os_x", version: "10.
|
7
|
+
before { stub_ohai(platform: "mac_os_x", version: "10.15") }
|
8
8
|
|
9
9
|
context "when :dmg is activated" do
|
10
10
|
it "prefers dmg" do
|
@@ -219,8 +219,11 @@ module Omnibus
|
|
219
219
|
sync
|
220
220
|
hdiutil unmount "#{device}"
|
221
221
|
# Give some time to the system so unmount dmg
|
222
|
-
|
223
|
-
hdiutil detach "
|
222
|
+
ATTEMPTS=1
|
223
|
+
until [ $ATTEMPTS -eq 6 ] || hdiutil detach "/dev/sda1"; do
|
224
|
+
sleep 10
|
225
|
+
echo Attempt number $(( ATTEMPTS++ ))
|
226
|
+
done
|
224
227
|
hdiutil convert \\
|
225
228
|
"#{staging_dir}/project-writable.dmg" \\
|
226
229
|
-format UDZO \\
|
data/spec/unit/metadata_spec.rb
CHANGED
@@ -177,17 +177,17 @@ module Omnibus
|
|
177
177
|
|
178
178
|
describe ".platform_shortname" do
|
179
179
|
it "returns el on rhel" do
|
180
|
-
stub_ohai(platform: "redhat", version: "6
|
180
|
+
stub_ohai(platform: "redhat", version: "6")
|
181
181
|
expect(described_class.platform_shortname).to eq("el")
|
182
182
|
end
|
183
183
|
|
184
184
|
it "returns sles on suse" do
|
185
|
-
stub_ohai(platform: "suse", version: "12
|
185
|
+
stub_ohai(platform: "suse", version: "12")
|
186
186
|
expect(described_class.platform_shortname).to eq("sles")
|
187
187
|
end
|
188
188
|
|
189
189
|
it "returns .platform on all other systems" do
|
190
|
-
stub_ohai(platform: "ubuntu", version: "
|
190
|
+
stub_ohai(platform: "ubuntu", version: "20.04")
|
191
191
|
expect(described_class.platform_shortname).to eq("ubuntu")
|
192
192
|
end
|
193
193
|
end
|
@@ -196,7 +196,7 @@ module Omnibus
|
|
196
196
|
shared_examples "a version manipulator" do |platform_shortname, version, expected|
|
197
197
|
context "on #{platform_shortname}-#{version}" do
|
198
198
|
it "returns the correct value" do
|
199
|
-
stub_ohai(platform: "ubuntu", version: "
|
199
|
+
stub_ohai(platform: "ubuntu", version: "20.04") do |data|
|
200
200
|
data["platform"] = platform_shortname
|
201
201
|
data["platform_version"] = version
|
202
202
|
end
|
@@ -245,7 +245,7 @@ module Omnibus
|
|
245
245
|
|
246
246
|
context "given an unknown platform" do
|
247
247
|
before do
|
248
|
-
stub_ohai(platform: "ubuntu", version: "
|
248
|
+
stub_ohai(platform: "ubuntu", version: "20.04") do |data|
|
249
249
|
data["platform"] = "bacon"
|
250
250
|
data["platform_version"] = "1.crispy"
|
251
251
|
end
|
@@ -259,7 +259,7 @@ module Omnibus
|
|
259
259
|
|
260
260
|
context "given an unknown windows platform version" do
|
261
261
|
before do
|
262
|
-
stub_ohai(platform: "ubuntu", version: "
|
262
|
+
stub_ohai(platform: "ubuntu", version: "20.04") do |data|
|
263
263
|
data["platform"] = "windows"
|
264
264
|
data["platform_version"] = "1.2.3"
|
265
265
|
end
|
data/spec/unit/packager_spec.rb
CHANGED
@@ -4,26 +4,19 @@ module Omnibus
|
|
4
4
|
describe Packager do
|
5
5
|
describe ".for_current_system" do
|
6
6
|
context "on Mac OS X" do
|
7
|
-
before { stub_ohai(platform: "mac_os_x", version: "10.
|
7
|
+
before { stub_ohai(platform: "mac_os_x", version: "10.15") }
|
8
8
|
it "prefers PKG" do
|
9
9
|
expect(described_class.for_current_system).to eq([Packager::PKG])
|
10
10
|
end
|
11
11
|
end
|
12
12
|
|
13
|
-
context "on Windows
|
13
|
+
context "on Windows" do
|
14
14
|
before { stub_ohai(platform: "windows", version: "2012R2") }
|
15
15
|
it "prefers MSI and APPX" do
|
16
16
|
expect(described_class.for_current_system).to eq([Packager::MSI, Packager::APPX])
|
17
17
|
end
|
18
18
|
end
|
19
19
|
|
20
|
-
context "on Windows 2008 R2" do
|
21
|
-
before { stub_ohai(platform: "windows", version: "2008R2") }
|
22
|
-
it "prefers MSI only" do
|
23
|
-
expect(described_class.for_current_system).to eq([Packager::MSI])
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
20
|
context "on Solaris 11" do
|
28
21
|
before { stub_ohai(platform: "solaris2", version: "5.11") }
|
29
22
|
it "prefers IPS" do
|
@@ -32,14 +25,14 @@ module Omnibus
|
|
32
25
|
end
|
33
26
|
|
34
27
|
context "on AIX" do
|
35
|
-
before { stub_ohai(platform: "aix", version: "7
|
28
|
+
before { stub_ohai(platform: "aix", version: "7") }
|
36
29
|
it "prefers BFF" do
|
37
30
|
expect(described_class.for_current_system).to eq([Packager::BFF])
|
38
31
|
end
|
39
32
|
end
|
40
33
|
|
41
34
|
context "on Fedora" do
|
42
|
-
before { stub_ohai(platform: "fedora", version: "
|
35
|
+
before { stub_ohai(platform: "fedora", version: "31") }
|
43
36
|
it "prefers RPM" do
|
44
37
|
expect(described_class.for_current_system).to eq([Packager::RPM])
|
45
38
|
end
|
@@ -53,14 +46,14 @@ module Omnibus
|
|
53
46
|
end
|
54
47
|
|
55
48
|
context "on Debian" do
|
56
|
-
before { stub_ohai(platform: "debian", version: "
|
49
|
+
before { stub_ohai(platform: "debian", version: "10") }
|
57
50
|
it "prefers RPM" do
|
58
51
|
expect(described_class.for_current_system).to eq([Packager::DEB])
|
59
52
|
end
|
60
53
|
end
|
61
54
|
|
62
55
|
context "on SLES" do
|
63
|
-
before { stub_ohai(platform: "suse", version: "
|
56
|
+
before { stub_ohai(platform: "suse", version: "15") }
|
64
57
|
it "prefers RPM" do
|
65
58
|
expect(described_class.for_current_system).to eq([Packager::RPM])
|
66
59
|
end
|
@@ -155,6 +155,7 @@ module Omnibus
|
|
155
155
|
expect(transform_file_contents).to include("<transform file depend -> edit pkg.debug.depend.file ruby env>")
|
156
156
|
expect(transform_file_contents).to include("<transform file depend -> edit pkg.debug.depend.file make env>")
|
157
157
|
expect(transform_file_contents).to include("<transform file depend -> edit pkg.debug.depend.file perl env>")
|
158
|
+
expect(transform_file_contents).to include("<transform file depend -> edit pkg.debug.depend.path usr/local/bin usr/bin>")
|
158
159
|
end
|
159
160
|
end
|
160
161
|
|
@@ -109,6 +109,158 @@ module Omnibus
|
|
109
109
|
end
|
110
110
|
end
|
111
111
|
|
112
|
+
describe "#sign_software_libs_and_bins" do
|
113
|
+
context "when pkg signing is disabled" do
|
114
|
+
it "does not sign anything" do
|
115
|
+
expect(subject).not_to receive(:sign_binary)
|
116
|
+
expect(subject).not_to receive(:sign_library)
|
117
|
+
subject.sign_software_libs_and_bins
|
118
|
+
end
|
119
|
+
|
120
|
+
it "returns an empty set" do
|
121
|
+
expect(subject.sign_software_libs_and_bins).to be_nil
|
122
|
+
end
|
123
|
+
end
|
124
|
+
|
125
|
+
context "when pkg signing is enabled" do
|
126
|
+
before do
|
127
|
+
subject.signing_identity("My Special Identity")
|
128
|
+
end
|
129
|
+
|
130
|
+
context "without software" do
|
131
|
+
it "does not sign anything" do
|
132
|
+
expect(subject).not_to receive(:sign_binary)
|
133
|
+
expect(subject).not_to receive(:sign_library)
|
134
|
+
subject.sign_software_libs_and_bins
|
135
|
+
end
|
136
|
+
|
137
|
+
it "returns an empty set" do
|
138
|
+
expect(subject.sign_software_libs_and_bins).to eq(Set.new)
|
139
|
+
end
|
140
|
+
end
|
141
|
+
|
142
|
+
context "project with software" do
|
143
|
+
let(:software) do
|
144
|
+
Software.new(project).tap do |software|
|
145
|
+
software.name("software-full-name")
|
146
|
+
end
|
147
|
+
end
|
148
|
+
|
149
|
+
before do
|
150
|
+
allow(project).to receive(:softwares).and_return([software])
|
151
|
+
end
|
152
|
+
|
153
|
+
context "with empty bin_dirs and lib_dirs" do
|
154
|
+
before do
|
155
|
+
allow(software).to receive(:lib_dirs).and_return([])
|
156
|
+
allow(software).to receive(:bin_dirs).and_return([])
|
157
|
+
end
|
158
|
+
|
159
|
+
it "does not sign anything" do
|
160
|
+
expect(subject).not_to receive(:sign_binary)
|
161
|
+
expect(subject).not_to receive(:sign_library)
|
162
|
+
subject.sign_software_libs_and_bins
|
163
|
+
end
|
164
|
+
|
165
|
+
it "returns an empty set" do
|
166
|
+
expect(subject.sign_software_libs_and_bins).to eq(Set.new)
|
167
|
+
end
|
168
|
+
end
|
169
|
+
|
170
|
+
context "with default bin_dirs and lib_dirs" do
|
171
|
+
context "with binaries" do
|
172
|
+
let(:bin) { "/opt/#{project.name}/bin/test_bin" }
|
173
|
+
let(:embedded_bin) { "/opt/#{project.name}/embedded/bin/test_bin" }
|
174
|
+
before do
|
175
|
+
allow(Dir).to receive(:[]).with("/opt/#{project.name}/bin/*").and_return([bin])
|
176
|
+
allow(Dir).to receive(:[]).with("/opt/#{project.name}/embedded/bin/*").and_return([embedded_bin])
|
177
|
+
allow(Dir).to receive(:[]).with("/opt/#{project.name}/embedded/lib/*").and_return([])
|
178
|
+
allow(subject).to receive(:is_binary?).with(bin).and_return(true)
|
179
|
+
allow(subject).to receive(:is_binary?).with(embedded_bin).and_return(true)
|
180
|
+
allow(subject).to receive(:find_linked_libs).with(bin).and_return([])
|
181
|
+
allow(subject).to receive(:find_linked_libs).with(embedded_bin).and_return([])
|
182
|
+
allow(subject).to receive(:sign_binary).with(bin, true)
|
183
|
+
allow(subject).to receive(:sign_binary).with(embedded_bin, true)
|
184
|
+
end
|
185
|
+
|
186
|
+
it "signs the binaries" do
|
187
|
+
expect(subject).to receive(:sign_binary).with(bin, true)
|
188
|
+
expect(subject).to receive(:sign_binary).with(embedded_bin, true)
|
189
|
+
subject.sign_software_libs_and_bins
|
190
|
+
end
|
191
|
+
|
192
|
+
it "returns a set with the signed binaries" do
|
193
|
+
expect(subject.sign_software_libs_and_bins).to eq(Set.new [bin, embedded_bin])
|
194
|
+
end
|
195
|
+
end
|
196
|
+
|
197
|
+
context "with library" do
|
198
|
+
let(:lib) { "/opt/#{project.name}/embedded/lib/test_lib" }
|
199
|
+
before do
|
200
|
+
allow(Dir).to receive(:[]).with("/opt/#{project.name}/bin/*").and_return([])
|
201
|
+
allow(Dir).to receive(:[]).with("/opt/#{project.name}/embedded/bin/*").and_return([])
|
202
|
+
allow(Dir).to receive(:[]).with("/opt/#{project.name}/embedded/lib/*").and_return([lib])
|
203
|
+
allow(subject).to receive(:is_macho?).with(lib).and_return(true)
|
204
|
+
allow(subject).to receive(:find_linked_libs).with(lib).and_return([])
|
205
|
+
allow(subject).to receive(:sign_library).with(lib)
|
206
|
+
end
|
207
|
+
|
208
|
+
it "signs the library" do
|
209
|
+
expect(subject).to receive(:sign_library).with(lib)
|
210
|
+
subject.sign_software_libs_and_bins
|
211
|
+
end
|
212
|
+
end
|
213
|
+
|
214
|
+
context "with binaries and libraries with linked libs" do
|
215
|
+
let(:bin) { "/opt/#{project.name}/bin/test_bin" }
|
216
|
+
let(:bin2) { "/opt/#{project.name}/bin/test_bin2" }
|
217
|
+
let(:embedded_bin) { "/opt/#{project.name}/embedded/bin/test_bin" }
|
218
|
+
let(:lib) { "/opt/#{project.name}/embedded/lib/test_lib" }
|
219
|
+
let(:lib2) { "/opt/#{project.name}/embedded/lib/test_lib2" }
|
220
|
+
before do
|
221
|
+
allow(Dir).to receive(:[]).with("/opt/#{project.name}/bin/*").and_return([bin, bin2])
|
222
|
+
allow(Dir).to receive(:[]).with("/opt/#{project.name}/embedded/bin/*").and_return([embedded_bin])
|
223
|
+
allow(Dir).to receive(:[]).with("/opt/#{project.name}/embedded/lib/*").and_return([lib])
|
224
|
+
allow(subject).to receive(:is_binary?).with(bin).and_return(true)
|
225
|
+
allow(subject).to receive(:is_binary?).with(bin2).and_return(true)
|
226
|
+
allow(subject).to receive(:is_binary?).with(embedded_bin).and_return(true)
|
227
|
+
allow(subject).to receive(:is_macho?).with(lib).and_return(true)
|
228
|
+
allow(subject).to receive(:is_macho?).with(lib2).and_return(true)
|
229
|
+
allow(subject).to receive(:find_linked_libs).with(bin).and_return([lib2])
|
230
|
+
allow(subject).to receive(:find_linked_libs).with(bin2).and_return([])
|
231
|
+
allow(subject).to receive(:find_linked_libs).with(embedded_bin).and_return([])
|
232
|
+
allow(subject).to receive(:find_linked_libs).with(lib).and_return([])
|
233
|
+
allow(subject).to receive(:find_linked_libs).with(lib2).and_return([])
|
234
|
+
allow(subject).to receive(:sign_binary).with(bin, true)
|
235
|
+
allow(subject).to receive(:sign_binary).with(bin2, true)
|
236
|
+
allow(subject).to receive(:sign_binary).with(embedded_bin, true)
|
237
|
+
allow(subject).to receive(:sign_library).with(lib)
|
238
|
+
allow(subject).to receive(:sign_library).with(lib2)
|
239
|
+
allow(Digest::SHA256).to receive(:file).with(bin).and_return(Digest::SHA256.new.update(bin))
|
240
|
+
allow(Digest::SHA256).to receive(:file).with(bin2).and_return(Digest::SHA256.new.update(bin2))
|
241
|
+
allow(Digest::SHA256).to receive(:file).with(embedded_bin).and_return(Digest::SHA256.new.update(embedded_bin))
|
242
|
+
allow(Digest::SHA256).to receive(:file).with(lib).and_return(Digest::SHA256.new.update(lib))
|
243
|
+
allow(Digest::SHA256).to receive(:file).with(lib2).and_return(Digest::SHA256.new.update(lib2))
|
244
|
+
end
|
245
|
+
|
246
|
+
it "signs the binaries" do
|
247
|
+
expect(subject).to receive(:sign_binary).with(bin, true)
|
248
|
+
expect(subject).to receive(:sign_binary).with(bin2, true)
|
249
|
+
expect(subject).to receive(:sign_binary).with(embedded_bin, true)
|
250
|
+
subject.sign_software_libs_and_bins
|
251
|
+
end
|
252
|
+
|
253
|
+
it "signs the libraries" do
|
254
|
+
expect(subject).to receive(:sign_library).with(lib)
|
255
|
+
expect(subject).to receive(:sign_library).with(lib2)
|
256
|
+
subject.sign_software_libs_and_bins
|
257
|
+
end
|
258
|
+
end
|
259
|
+
end
|
260
|
+
end
|
261
|
+
end
|
262
|
+
end
|
263
|
+
|
112
264
|
describe "#build_component_pkg" do
|
113
265
|
it "executes the pkgbuild command" do
|
114
266
|
expect(subject).to receive(:shellout!).with <<-EOH.gsub(/^ {10}/, "")
|
@@ -118,6 +270,7 @@ module Omnibus
|
|
118
270
|
--scripts "#{staging_dir}/Scripts" \\
|
119
271
|
--root "/opt/project-full-name" \\
|
120
272
|
--install-location "/opt/project-full-name" \\
|
273
|
+
--preserve-xattr \\
|
121
274
|
"project-full-name-core.pkg"
|
122
275
|
EOH
|
123
276
|
|
@@ -267,5 +420,206 @@ module Omnibus
|
|
267
420
|
end
|
268
421
|
end
|
269
422
|
end
|
423
|
+
|
424
|
+
describe "#find_linked_libs" do
|
425
|
+
context "with linked libs" do
|
426
|
+
let(:file) { "/opt/#{project.name}/embedded/bin/test_bin" }
|
427
|
+
let(:stdout) do
|
428
|
+
<<~EOH
|
429
|
+
/opt/#{project.name}/embedded/bin/test_bin:
|
430
|
+
/opt/#{project.name}/embedded/lib/lib.dylib (compatibility version 7.0.0, current version 7.4.0)
|
431
|
+
/opt/#{project.name}/embedded/lib/lib.6.dylib (compatibility version 7.0.0, current version 7.4.0)
|
432
|
+
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1281.0.0)
|
433
|
+
EOH
|
434
|
+
end
|
435
|
+
let(:shellout) { Mixlib::ShellOut.new }
|
436
|
+
|
437
|
+
before do
|
438
|
+
allow(shellout).to receive(:run_command)
|
439
|
+
allow(shellout).to receive(:stdout)
|
440
|
+
.and_return(stdout)
|
441
|
+
allow(subject).to receive(:shellout!)
|
442
|
+
.with("otool -L #{file}")
|
443
|
+
.and_return(shellout)
|
444
|
+
end
|
445
|
+
|
446
|
+
it "returns empty array" do
|
447
|
+
expect(subject.find_linked_libs(file)).to eq([
|
448
|
+
"/opt/#{project.name}/embedded/lib/lib.dylib",
|
449
|
+
"/opt/#{project.name}/embedded/lib/lib.6.dylib",
|
450
|
+
])
|
451
|
+
end
|
452
|
+
end
|
453
|
+
|
454
|
+
context "with only system linked libs" do
|
455
|
+
let(:file) { "/opt/#{project.name}/embedded/lib/lib.dylib" }
|
456
|
+
let(:stdout) do
|
457
|
+
<<~EOH
|
458
|
+
/opt/#{project.name}/embedded/lib/lib.dylib:
|
459
|
+
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1281.0.0)
|
460
|
+
EOH
|
461
|
+
end
|
462
|
+
let(:shellout) { Mixlib::ShellOut.new }
|
463
|
+
before do
|
464
|
+
allow(shellout).to receive(:run_command)
|
465
|
+
allow(shellout).to receive(:stdout)
|
466
|
+
.and_return(stdout)
|
467
|
+
allow(subject).to receive(:shellout!)
|
468
|
+
.with("otool -L #{file}")
|
469
|
+
.and_return(shellout)
|
470
|
+
end
|
471
|
+
|
472
|
+
it "returns empty array" do
|
473
|
+
expect(subject.find_linked_libs(file)).to eq([])
|
474
|
+
end
|
475
|
+
end
|
476
|
+
|
477
|
+
context "file is just a file" do
|
478
|
+
let(:file) { "/opt/#{project.name}/embedded/lib/file.rb" }
|
479
|
+
let(:shellout) { Mixlib::ShellOut.new }
|
480
|
+
before do
|
481
|
+
allow(shellout).to receive(:run_command)
|
482
|
+
allow(shellout).to receive(:stdout)
|
483
|
+
.and_return("#{file}: is not an object file")
|
484
|
+
allow(subject).to receive(:shellout!)
|
485
|
+
.with("otool -L #{file}")
|
486
|
+
.and_return(shellout)
|
487
|
+
end
|
488
|
+
|
489
|
+
it "returns empty array" do
|
490
|
+
expect(subject.find_linked_libs(file)).to eq([])
|
491
|
+
end
|
492
|
+
end
|
493
|
+
end
|
494
|
+
|
495
|
+
describe "#is_binary?" do
|
496
|
+
context "when is a file, executable, and not a symlink" do
|
497
|
+
before do
|
498
|
+
allow(File).to receive(:file?).with("file").and_return(true)
|
499
|
+
allow(File).to receive(:executable?).with("file").and_return(true)
|
500
|
+
allow(File).to receive(:symlink?).with("file").and_return(false)
|
501
|
+
end
|
502
|
+
|
503
|
+
it "returns true" do
|
504
|
+
expect(subject.is_binary?("file")).to be true
|
505
|
+
end
|
506
|
+
end
|
507
|
+
|
508
|
+
context "when not a file" do
|
509
|
+
before do
|
510
|
+
allow(File).to receive(:file?).with("file").and_return(false)
|
511
|
+
allow(File).to receive(:executable?).with("file").and_return(true)
|
512
|
+
allow(File).to receive(:symlink?).with("file").and_return(false)
|
513
|
+
end
|
514
|
+
|
515
|
+
it "returns false" do
|
516
|
+
expect(subject.is_binary?("file")).to be false
|
517
|
+
end
|
518
|
+
end
|
519
|
+
|
520
|
+
context "when not an executable" do
|
521
|
+
it "returns false" do
|
522
|
+
allow(File).to receive(:file?).with("file").and_return(true)
|
523
|
+
allow(File).to receive(:executable?).with("file").and_return(false)
|
524
|
+
allow(File).to receive(:symlink?).with("file").and_return(false)
|
525
|
+
expect(subject.is_binary?("file")).to be false
|
526
|
+
end
|
527
|
+
end
|
528
|
+
|
529
|
+
context "when is symlink" do
|
530
|
+
it "returns false" do
|
531
|
+
allow(File).to receive(:file?).with("file").and_return(true)
|
532
|
+
allow(File).to receive(:executable?).with("file").and_return(true)
|
533
|
+
allow(File).to receive(:symlink?).with("file").and_return(true)
|
534
|
+
expect(subject.is_binary?("file")).to be false
|
535
|
+
end
|
536
|
+
end
|
537
|
+
end
|
538
|
+
|
539
|
+
describe "#is_macho?" do
|
540
|
+
let(:shellout) { Mixlib::ShellOut.new }
|
541
|
+
|
542
|
+
context "when is a Mach-O library" do
|
543
|
+
before do
|
544
|
+
allow(subject).to receive(:is_binary?).with("file").and_return(true)
|
545
|
+
expect(subject).to receive(:shellout!).with("file file").and_return(shellout)
|
546
|
+
allow(shellout).to receive(:stdout)
|
547
|
+
.and_return("file: Mach-O 64-bit dynamically linked shared library x86_64")
|
548
|
+
end
|
549
|
+
|
550
|
+
it "returns true" do
|
551
|
+
expect(subject.is_macho?("file")).to be true
|
552
|
+
end
|
553
|
+
end
|
554
|
+
|
555
|
+
context "when is a Mach-O Bundle" do
|
556
|
+
before do
|
557
|
+
allow(subject).to receive(:is_binary?).with("file").and_return(true)
|
558
|
+
expect(subject).to receive(:shellout!).with("file file").and_return(shellout)
|
559
|
+
allow(shellout).to receive(:stdout)
|
560
|
+
.and_return("file: Mach-O 64-bit bundle x86_64")
|
561
|
+
end
|
562
|
+
|
563
|
+
it "returns true" do
|
564
|
+
expect(subject.is_macho?("file")).to be true
|
565
|
+
end
|
566
|
+
end
|
567
|
+
|
568
|
+
context "when is not a Mach-O Bundle or Mach-O library" do
|
569
|
+
before do
|
570
|
+
allow(subject).to receive(:is_binary?).with("file").and_return(true)
|
571
|
+
expect(subject).to receive(:shellout!).with("file file").and_return(shellout)
|
572
|
+
allow(shellout).to receive(:stdout)
|
573
|
+
.and_return("file: ASCII text")
|
574
|
+
end
|
575
|
+
|
576
|
+
it "returns true" do
|
577
|
+
expect(subject.is_macho?("file")).to be false
|
578
|
+
end
|
579
|
+
end
|
580
|
+
end
|
581
|
+
|
582
|
+
describe "#sign_library" do
|
583
|
+
before do
|
584
|
+
subject.signing_identity("My Special Identity")
|
585
|
+
end
|
586
|
+
|
587
|
+
it "calls sign_binary without hardened runtime" do
|
588
|
+
expect(subject).to receive(:sign_binary).with("file")
|
589
|
+
subject.sign_library("file")
|
590
|
+
end
|
591
|
+
end
|
592
|
+
|
593
|
+
describe "#sign_binary" do
|
594
|
+
before do
|
595
|
+
subject.signing_identity("My Special Identity")
|
596
|
+
end
|
597
|
+
|
598
|
+
it "it signs the binary without hardened runtime" do
|
599
|
+
expect(subject).to receive(:shellout!)
|
600
|
+
.with("codesign -s '#{subject.signing_identity}' 'file' --force\n")
|
601
|
+
subject.sign_binary("file")
|
602
|
+
end
|
603
|
+
|
604
|
+
context "with hardened runtime" do
|
605
|
+
it "it signs the binary with hardened runtime" do
|
606
|
+
expect(subject).to receive(:shellout!)
|
607
|
+
.with("codesign -s '#{subject.signing_identity}' 'file' --options=runtime --force\n")
|
608
|
+
subject.sign_binary("file", true)
|
609
|
+
end
|
610
|
+
|
611
|
+
context "with entitlements" do
|
612
|
+
let(:entitlements_file) { File.join(tmp_path, "project-full-name/resources/project-full-name/pkg/entitlements.plist") }
|
613
|
+
|
614
|
+
it "it signs the binary with the entitlements" do
|
615
|
+
allow(subject).to receive(:resource_path).with("entitlements.plist").and_return(entitlements_file)
|
616
|
+
allow(File).to receive(:exist?).with(entitlements_file).and_return(true)
|
617
|
+
expect(subject).to receive(:shellout!)
|
618
|
+
.with("codesign -s '#{subject.signing_identity}' 'file' --options=runtime --entitlements #{entitlements_file} --force\n")
|
619
|
+
subject.sign_binary("file", true)
|
620
|
+
end
|
621
|
+
end
|
622
|
+
end
|
623
|
+
end
|
270
624
|
end
|
271
625
|
end
|