packaging 0.104.0 → 0.106.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (74) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +4 -4
  3. data/lib/packaging/archive.rb +2 -2
  4. data/lib/packaging/artifactory/extensions.rb +1 -0
  5. data/lib/packaging/artifactory.rb +27 -23
  6. data/lib/packaging/config/params.rb +191 -193
  7. data/lib/packaging/config/validations.rb +0 -2
  8. data/lib/packaging/config.rb +8 -8
  9. data/lib/packaging/deb/repo.rb +11 -14
  10. data/lib/packaging/gem.rb +2 -2
  11. data/lib/packaging/metrics.rb +7 -7
  12. data/lib/packaging/nuget.rb +0 -1
  13. data/lib/packaging/paths.rb +11 -13
  14. data/lib/packaging/platforms.rb +14 -52
  15. data/lib/packaging/repo.rb +11 -12
  16. data/lib/packaging/retrieve.rb +1 -1
  17. data/lib/packaging/rpm/repo.rb +8 -8
  18. data/lib/packaging/sign/dmg.rb +8 -7
  19. data/lib/packaging/sign/ips.rb +64 -32
  20. data/lib/packaging/sign/msi.rb +48 -48
  21. data/lib/packaging/sign/rpm.rb +1 -1
  22. data/lib/packaging/sign.rb +0 -1
  23. data/lib/packaging/tar.rb +2 -4
  24. data/lib/packaging/util/date.rb +0 -1
  25. data/lib/packaging/util/distribution_server.rb +2 -2
  26. data/lib/packaging/util/execution.rb +2 -4
  27. data/lib/packaging/util/file.rb +81 -3
  28. data/lib/packaging/util/git.rb +1 -3
  29. data/lib/packaging/util/git_tags.rb +3 -3
  30. data/lib/packaging/util/gpg.rb +3 -4
  31. data/lib/packaging/util/jenkins.rb +0 -3
  32. data/lib/packaging/util/misc.rb +1 -1
  33. data/lib/packaging/util/net.rb +25 -23
  34. data/lib/packaging/util/repo.rb +17 -0
  35. data/lib/packaging/util/serialization.rb +1 -2
  36. data/lib/packaging/util/ship.rb +150 -3
  37. data/lib/packaging/util/sign.rb +47 -0
  38. data/lib/packaging/util/tool.rb +1 -4
  39. data/lib/packaging/util/version.rb +1 -5
  40. data/lib/packaging/util.rb +3 -1
  41. data/lib/packaging.rb +1 -2
  42. data/spec/lib/packaging/config_spec.rb +3 -3
  43. data/spec/lib/packaging/deb/repo_spec.rb +1 -1
  44. data/spec/lib/packaging/paths_spec.rb +2 -3
  45. data/spec/lib/packaging/platforms_spec.rb +6 -6
  46. data/spec/lib/packaging/sign_spec.rb +1 -13
  47. data/spec/lib/packaging/util/git_spec.rb +2 -2
  48. data/spec/lib/packaging/util/git_tag_spec.rb +5 -5
  49. data/spec/lib/packaging/util/ship_spec.rb +0 -2
  50. data/tasks/30_metrics.rake +2 -2
  51. data/tasks/apple.rake +8 -14
  52. data/tasks/archive.rake +1 -2
  53. data/tasks/deb.rake +7 -8
  54. data/tasks/deb_repos.rake +1 -0
  55. data/tasks/doc.rake +5 -3
  56. data/tasks/education.rake +2 -4
  57. data/tasks/fetch.rake +1 -0
  58. data/tasks/gem.rake +20 -12
  59. data/tasks/jenkins.rake +27 -15
  60. data/tasks/jenkins_dynamic.rake +10 -10
  61. data/tasks/load_extras.rake +1 -0
  62. data/tasks/mock.rake +8 -9
  63. data/tasks/nightly_repos.rake +14 -14
  64. data/tasks/pe_ship.rake +10 -17
  65. data/tasks/retrieve.rake +2 -2
  66. data/tasks/rpm.rake +1 -1
  67. data/tasks/rpm_repos.rake +1 -0
  68. data/tasks/ship.rake +24 -12
  69. data/tasks/sign.rake +6 -6
  70. data/tasks/tar.rake +2 -3
  71. data/tasks/update.rake +2 -2
  72. data/tasks/vendor_gems.rake +5 -7
  73. data/tasks/version.rake +2 -2
  74. metadata +42 -40
@@ -1,57 +1,89 @@
1
1
  module Pkg::Sign::Ips
2
2
  module_function
3
3
 
4
- def sign(target_dir = 'pkg')
5
- use_identity = "-i #{Pkg::Config.ips_signing_ssh_key}" unless Pkg::Config.ips_signing_ssh_key.nil?
4
+ def sign(packages_root = 'pkg')
5
+ identity_spec = ''
6
+ unless Pkg::Config.ips_signing_ssh_key.nil?
7
+ identity_spec = "-i #{Pkg::Config.ips_signing_ssh_key}"
8
+ end
9
+
10
+ signing_server_spec = Pkg::Config.ips_signing_server
11
+ unless Pkg::Config.ips_signing_server.match(%r{.+@.+})
12
+ signing_server_spec = "#{ENV['USER']}@#{Pkg::Config.ips_signing_server}"
13
+ end
6
14
 
7
- ssh_host_string = "#{use_identity} #{ENV['USER']}@#{Pkg::Config.ips_signing_server}"
8
- rsync_host_string = "-e 'ssh #{use_identity}' #{ENV['USER']}@#{Pkg::Config.ips_signing_server}"
15
+ ssh_host_spec = "#{identity_spec} #{signing_server_spec}"
16
+ rsync_host_spec = "-e 'ssh #{identity_spec}' #{signing_server_spec}"
9
17
 
10
- p5ps = Dir.glob("#{target_dir}/solaris/11/**/*.p5p")
18
+ packages = Dir.glob("#{packages_root}/solaris/11/**/*.p5p")
11
19
 
12
- p5ps.each do |p5p|
20
+ packages.each do |package|
13
21
  work_dir = "/tmp/#{Pkg::Util.rand_string}"
14
22
  unsigned_dir = "#{work_dir}/unsigned"
15
23
  repo_dir = "#{work_dir}/repo"
16
24
  signed_dir = "#{work_dir}/pkgs"
25
+ package_name = File.basename(package)
17
26
 
18
- Pkg::Util::Net.remote_execute(ssh_host_string, "mkdir -p #{repo_dir} #{unsigned_dir} #{signed_dir}")
19
- Pkg::Util::Net.rsync_to(p5p, rsync_host_string, unsigned_dir)
27
+ Pkg::Util::Net.remote_execute(
28
+ ssh_host_spec,
29
+ "mkdir -p #{repo_dir} #{unsigned_dir} #{signed_dir}"
30
+ )
31
+ Pkg::Util::Net.rsync_to(package, rsync_host_spec, unsigned_dir)
20
32
 
21
33
  # Before we can get started with signing packages we need to create a repo
22
- Pkg::Util::Net.remote_execute(ssh_host_string, "sudo -E /usr/bin/pkgrepo create #{repo_dir}")
23
- Pkg::Util::Net.remote_execute(ssh_host_string, "sudo -E /usr/bin/pkgrepo set -s #{repo_dir} publisher/prefix=puppetlabs.com")
24
- # And import all the packages into the repo.
25
- Pkg::Util::Net.remote_execute(ssh_host_string, "sudo -E /usr/bin/pkgrecv -s #{unsigned_dir}/#{File.basename(p5p)} -d #{repo_dir} '*'")
26
- # We are going to hard code the values for signing cert locations for now.
27
- # This autmation will require an update to actually become reusable, but
28
- # for now these values will stay this way so solaris signing will stop
29
- # failing. Please update soon. 06/23/16
30
- #
31
- # - Sean P. McDonald
32
- #
34
+ Pkg::Util::Net.remote_execute(ssh_host_spec, "sudo -E /usr/bin/pkgrepo create #{repo_dir}")
35
+ Pkg::Util::Net.remote_execute(
36
+ ssh_host_spec,
37
+ "sudo -E /usr/bin/pkgrepo set -s #{repo_dir} publisher/prefix=puppetlabs.com"
38
+ )
39
+
40
+ # Import all the packages into the repo.
41
+ Pkg::Util::Net.remote_execute(
42
+ ssh_host_spec,
43
+ "sudo -E /usr/bin/pkgrecv -s #{unsigned_dir}/#{package_name} -d #{repo_dir} '*'"
44
+ )
45
+
33
46
  # We sign the entire repo
34
- sign_cmd = "sudo -E /usr/bin/pkgsign -c /root/signing/signing_cert_2020.pem \
35
- -i /root/signing/Thawte_SHA256_Code_Signing_CA.pem \
36
- -i /root/signing/Thawte_Primary_Root_CA.pem \
37
- -k /root/signing/signing_key_2020.pem \
47
+ # Paths to the .pem files should live elsewhere rather than hardcoded here.
48
+ sign_cmd = "sudo -E /usr/bin/pkgsign -c /root/signing/signing_cert_2022.pem \
49
+ -i /root/signing/DigiCert_Code_Signing_Certificate.pem \
50
+ -i /root/signing/DigiCert_Trusted_Root.pem \
51
+ -k /root/signing/signing_key_2022.pem \
38
52
  -s 'file://#{work_dir}/repo' '*'"
39
- puts "About to sign #{p5p} with #{sign_cmd} in #{work_dir}"
40
- Pkg::Util::Net.remote_execute(ssh_host_string, sign_cmd.squeeze(' '))
41
- # pkgrecv with -a will pull packages out of the repo, so we need to do that too to actually get the packages we signed
42
- Pkg::Util::Net.remote_execute(ssh_host_string, "sudo -E /usr/bin/pkgrecv -d #{signed_dir}/#{File.basename(p5p)} -a -s #{repo_dir} '*'")
53
+ puts "Signing #{package} with #{sign_cmd} in #{work_dir}"
54
+ Pkg::Util::Net.remote_execute(ssh_host_spec, sign_cmd.squeeze(' '))
55
+
56
+ # pkgrecv with -a will pull packages out of the repo, so we need
57
+ # to do that too to actually get the packages we signed
58
+ Pkg::Util::Net.remote_execute(
59
+ ssh_host_spec,
60
+ "sudo -E /usr/bin/pkgrecv -d #{signed_dir}/#{package_name} -a -s #{repo_dir} '*'"
61
+ )
43
62
  begin
44
63
  # lets make sure we actually signed something?
45
64
  # **NOTE** if we're repeatedly trying to sign the same version this
46
65
  # might explode because I don't know how to reset the IPS cache.
47
66
  # Everything is amazing.
48
- Pkg::Util::Net.remote_execute(ssh_host_string, "sudo -E /usr/bin/pkg contents -m -g #{signed_dir}/#{File.basename(p5p)} '*' | grep '^signature '")
67
+ Pkg::Util::Net.remote_execute(
68
+ ssh_host_spec,
69
+ "sudo -E /usr/bin/pkg contents -m -g #{signed_dir}/#{package_name} '*' " \
70
+ "| grep '^signature '"
71
+ )
49
72
  rescue RuntimeError
50
- raise "Looks like #{File.basename(p5p)} was not signed correctly, quitting!"
73
+ raise "Error: #{package_name} was not signed correctly."
51
74
  end
52
- # and pull the packages back.
53
- Pkg::Util::Net.rsync_from("#{signed_dir}/#{File.basename(p5p)}", rsync_host_string, File.dirname(p5p))
54
- Pkg::Util::Net.remote_execute(ssh_host_string, "if [ -e '#{work_dir}' ] ; then sudo rm -r '#{work_dir}' ; fi")
75
+
76
+ # Pull the packages back.
77
+ Pkg::Util::Net.rsync_from(
78
+ "#{signed_dir}/#{package_name}",
79
+ rsync_host_spec,
80
+ File.dirname(package)
81
+ )
82
+
83
+ Pkg::Util::Net.remote_execute(
84
+ ssh_host_spec,
85
+ "if [ -e '#{work_dir}' ] ; then sudo rm -r '#{work_dir}' ; fi"
86
+ )
55
87
  end
56
88
  end
57
89
  end
@@ -63,60 +63,60 @@ module Pkg::Sign::Msi
63
63
  #
64
64
  # Once we no longer support Windows 8/Windows Vista, we can remove the
65
65
  # first Sha1 signature.
66
- sign_command = <<-CMD
67
- for msipath in #{msis.join(" ")}; do
68
- msi="$(basename $msipath)"
69
- msidir="C:/#{work_dir}/$(dirname $msipath)"
70
- if "/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe" verify -in "$msidir/$msi" ; then
71
- echo "$msi is already signed, skipping . . ." ;
72
- else
73
- tries=5
74
- sha1Servers=(http://timestamp.digicert.com/sha1/timestamp
75
- http://timestamp.comodoca.com/authenticode)
76
- for timeserver in "${sha1Servers[@]}"; do
77
- for ((try=1; try<=$tries; try++)) do
78
- ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
79
- -n "Puppet" -i "http://www.puppet.com" \
80
- -h sha1 \
81
- -pkcs12 "#{Pkg::Config.msi_signing_cert}" \
82
- -pass "#{Pkg::Config.msi_signing_cert_pw}" \
83
- -t "$timeserver" \
84
- -in "$msidir/$msi" \
85
- -out "$msidir/signed-$msi")
86
- if [[ $ret == *"Succeeded"* ]]; then break; fi
87
- done;
88
- if [[ $ret == *"Succeeded"* ]]; then break; fi
89
- done;
90
- echo $ret
91
- if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
92
- sha256Servers=(http://timestamp.digicert.com/sha256/timestamp
93
- http://timestamp.comodoca.com?td=sha256)
94
- for timeserver in "${sha256Servers[@]}"; do
95
- for ((try=1; try<=$tries; try++)) do
96
- ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
97
- -n "Puppet" -i "http://www.puppet.com" \
98
- -nest -h sha256 \
99
- -pkcs12 "#{Pkg::Config.msi_signing_cert}" \
100
- -pass "#{Pkg::Config.msi_signing_cert_pw}" \
101
- -ts "$timeserver" \
102
- -in "$msidir/signed-$msi" \
103
- -out "$msidir/$msi")
104
- if [[ $ret == *"Succeeded"* ]]; then break; fi
105
- done;
106
- if [[ $ret == *"Succeeded"* ]]; then break; fi
107
- done;
108
- echo $ret
109
- if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
110
- fi
111
- done
112
- CMD
66
+ sign_command = <<~CMD
67
+ for msipath in #{msis.join(' ')}; do
68
+ msi="$(basename $msipath)"
69
+ msidir="C:/#{work_dir}/$(dirname $msipath)"
70
+ if "/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe" verify -in "$msidir/$msi" ; then
71
+ echo "$msi is already signed, skipping . . ." ;
72
+ else
73
+ tries=5
74
+ sha1Servers=(http://timestamp.digicert.com/sha1/timestamp
75
+ http://timestamp.comodoca.com/authenticode)
76
+ for timeserver in "${sha1Servers[@]}"; do
77
+ for ((try=1; try<=$tries; try++)) do
78
+ ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
79
+ -n "Puppet" -i "http://www.puppet.com" \
80
+ -h sha1 \
81
+ -pkcs12 "#{Pkg::Config.msi_signing_cert}" \
82
+ -pass "#{Pkg::Config.msi_signing_cert_pw}" \
83
+ -t "$timeserver" \
84
+ -in "$msidir/$msi" \
85
+ -out "$msidir/signed-$msi")
86
+ if [[ $ret == *"Succeeded"* ]]; then break; fi
87
+ done;
88
+ if [[ $ret == *"Succeeded"* ]]; then break; fi
89
+ done;
90
+ echo $ret
91
+ if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
92
+ sha256Servers=(http://timestamp.digicert.com/sha256/timestamp
93
+ http://timestamp.comodoca.com?td=sha256)
94
+ for timeserver in "${sha256Servers[@]}"; do
95
+ for ((try=1; try<=$tries; try++)) do
96
+ ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
97
+ -n "Puppet" -i "http://www.puppet.com" \
98
+ -nest -h sha256 \
99
+ -pkcs12 "#{Pkg::Config.msi_signing_cert}" \
100
+ -pass "#{Pkg::Config.msi_signing_cert_pw}" \
101
+ -ts "$timeserver" \
102
+ -in "$msidir/signed-$msi" \
103
+ -out "$msidir/$msi")
104
+ if [[ $ret == *"Succeeded"* ]]; then break; fi
105
+ done;
106
+ if [[ $ret == *"Succeeded"* ]]; then break; fi
107
+ done;
108
+ echo $ret
109
+ if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
110
+ fi
111
+ done
112
+ CMD
113
113
 
114
114
  Pkg::Util::Net.remote_execute(
115
115
  ssh_host_string,
116
116
  sign_command,
117
117
  { fail_fast: false }
118
118
  )
119
- msis.each do | msi |
119
+ msis.each do |msi|
120
120
  Pkg::Util::Net.rsync_from("/cygdrive/c/#{work_dir}/#{msi}", rsync_host_string, File.dirname(msi))
121
121
  end
122
122
  Pkg::Util::Net.remote_execute(ssh_host_string, "if [ -d '/cygdrive/c/#{work_dir}' ]; then rm -rf '/cygdrive/c/#{work_dir}'; fi")
@@ -70,7 +70,7 @@ module Pkg::Sign::Rpm
70
70
  v4_rpms = []
71
71
  rpms_to_sign.each do |rpm|
72
72
  platform_tag = Pkg::Paths.tag_from_artifact_path(rpm)
73
- platform, version, _ = Pkg::Platforms.parse_platform_tag(platform_tag)
73
+ platform, version, = Pkg::Platforms.parse_platform_tag(platform_tag)
74
74
 
75
75
  # We don't sign AIX rpms
76
76
  next if platform_tag.include?('aix')
@@ -4,5 +4,4 @@ module Pkg::Sign
4
4
  require 'packaging/sign/ips'
5
5
  require 'packaging/sign/msi'
6
6
  require 'packaging/sign/rpm'
7
- module_function
8
7
  end
data/lib/packaging/tar.rb CHANGED
@@ -5,7 +5,6 @@ module Pkg
5
5
  include FileUtils
6
6
 
7
7
  attr_accessor :files, :project, :version, :excludes, :target, :templates
8
- attr_reader :tar
9
8
 
10
9
  def initialize
11
10
  @tar = Pkg::Util::Tool.find_tool('tar', :required => true)
@@ -56,7 +55,7 @@ module Pkg
56
55
  patterns =
57
56
  case @files
58
57
  when String
59
- $stderr.puts "warning: `files` should be an array, not a string"
58
+ warn "warning: `files` should be an array, not a string"
60
59
  @files.split(' ')
61
60
  when Array
62
61
  @files
@@ -137,7 +136,7 @@ module Pkg
137
136
  def tar(target, source)
138
137
  mkpath File.dirname(target)
139
138
  cd File.dirname(source) do
140
- %x(#{@tar} #{@excludes.map { |x| (" --exclude #{x} ") }.join if @excludes} -zcf '#{File.basename(target)}' '#{File.basename(source)}')
139
+ %x(#{@tar} #{@excludes.map { |x| " --exclude #{x} " }.join if @excludes} -zcf '#{File.basename(target)}' '#{File.basename(source)}')
141
140
  unless $?.success?
142
141
  fail "Failed to create .tar.gz archive with #{@tar}. Please ensure the tar command in your path accepts the flags '-c', '-z', and '-f'"
143
142
  end
@@ -157,7 +156,6 @@ module Pkg
157
156
  self.tar(@target, workdir)
158
157
  self.clean_up workdir
159
158
  end
160
-
161
159
  end
162
160
  end
163
161
 
@@ -1,7 +1,6 @@
1
1
  # Utilities for managing/querying date/time
2
2
 
3
3
  module Pkg::Util::Date
4
-
5
4
  class << self
6
5
  def timestamp(separator = nil)
7
6
  if s = separator
@@ -31,8 +31,8 @@ module Pkg::Util::DistributionServer
31
31
 
32
32
  # If we just shipped a tagged version, we want to make it immutable
33
33
  files = Dir.glob("#{local_source_directory}/**/*")
34
- .select { |f| File.file?(f) and !f.include? "#{Pkg::Config.ref}.yaml" }
35
- .map { |f| "#{remote_target_directory}/#{f.sub(/^#{local_source_directory}\//, '')}" }
34
+ .select { |f| File.file?(f) and !f.include? "#{Pkg::Config.ref}.yaml" }
35
+ .map { |f| "#{remote_target_directory}/#{f.sub(/^#{local_source_directory}\//, '')}" }
36
36
 
37
37
  Pkg::Util::Net.remote_set_ownership(Pkg::Config.distribution_server, 'root', 'release', files)
38
38
  Pkg::Util::Net.remote_set_permissions(Pkg::Config.distribution_server, '0664', files)
@@ -1,9 +1,7 @@
1
1
  # Utility methods for handling system calls and interactions
2
2
 
3
3
  module Pkg::Util::Execution
4
-
5
4
  class << self
6
-
7
5
  # Alias to $?.success? that makes success? slightly easier to test and stub
8
6
  # If immediately run, $? will not be instanciated, so only call success? if
9
7
  # $? exists, otherwise return nil
@@ -23,7 +21,7 @@ module Pkg::Util::Execution
23
21
  # while also raising an exception if a command does not succeed (ala `sh "cmd"`).
24
22
  def ex(command, debug = false)
25
23
  puts "Executing '#{command}'..." if debug
26
- ret = `#{command}`
24
+ ret = %x(#{command})
27
25
  unless Pkg::Util::Execution.success?
28
26
  raise RuntimeError
29
27
  end
@@ -71,7 +69,7 @@ module Pkg::Util::Execution
71
69
  blk.call
72
70
  success = true
73
71
  break
74
- rescue => err
72
+ rescue StandardError => err
75
73
  puts "An error was encountered evaluating block. Retrying.."
76
74
  exception = err.to_s + "\n" + err.backtrace.join("\n")
77
75
  end
@@ -2,7 +2,6 @@
2
2
  require 'fileutils'
3
3
 
4
4
  module Pkg::Util::File
5
-
6
5
  class << self
7
6
  def exist?(file)
8
7
  ::File.exist?(file)
@@ -15,7 +14,7 @@ module Pkg::Util::File
15
14
 
16
15
  def mktemp
17
16
  mktemp = Pkg::Util::Tool.find_tool('mktemp', :required => true)
18
- stdout, _, _ = Pkg::Util::Execution.capture3("#{mktemp} -d -t pkgXXXXXX")
17
+ stdout, = Pkg::Util::Execution.capture3("#{mktemp} -d -t pkgXXXXXX")
19
18
  stdout.strip
20
19
  end
21
20
 
@@ -79,7 +78,7 @@ module Pkg::Util::File
79
78
  target_opts = "-C #{target}"
80
79
  end
81
80
  if file_exists?(source, :required => true)
82
- stdout, _, _ = Pkg::Util::Execution.capture3(%Q(#{tar} #{options} #{target_opts} -xf #{source}))
81
+ stdout, = Pkg::Util::Execution.capture3(%(#{tar} #{options} #{target_opts} -xf #{source}))
83
82
  stdout
84
83
  end
85
84
  end
@@ -120,6 +119,85 @@ module Pkg::Util::File
120
119
  end
121
120
  Pkg::Util::Version.versionbump(workdir) if Pkg::Config.update_version_file
122
121
  end
122
+
123
+ # The fetch method pulls down two files from the build-data repo that contain additional
124
+ # data specific to Puppet Labs release infrastructure intended to augment/override any
125
+ # defaults specified in the source project repo, e.g. in ext/build_defaults.yaml
126
+ #
127
+ # It uses curl to download the files, and places them in a temporary
128
+ # directory, e.g. /tmp/somedirectory/{project,team}/Pkg::Config.builder_data_file
129
+ #
130
+ # Retrieve build-data configurations to override/extend local build_defaults
131
+ def fetch
132
+ # Each team has a build-defaults file that specifies local infrastructure targets
133
+ # for things like builders, target locations for build artifacts, etc Since much
134
+ # of these don't change, one file can be maintained for the team. Each project
135
+ # also has a data file for information specific to it. If the project builds
136
+ # both PE and not PE, it has two files, one for PE, and the other for FOSS
137
+ #
138
+ data_repo = Pkg::Config.build_data_repo
139
+
140
+ if Pkg::Config.dev_build
141
+ puts "NOTICE: This is a dev build!"
142
+ project_data_branch = "#{Pkg::Config.project}-dev"
143
+ else
144
+ project_data_branch = Pkg::Config.project
145
+ end
146
+ team_data_branch = Pkg::Config.team
147
+
148
+ if Pkg::Config.build_pe
149
+ project_data_branch = 'pe-' + project_data_branch unless project_data_branch =~ /^pe-/
150
+ team_data_branch = 'pe-' + team_data_branch unless team_data_branch =~ /^pe-/
151
+ end
152
+
153
+ # Remove .packaging directory from old-style extras loading
154
+ FileUtils.rm_rf("#{ENV['HOME']}/.packaging") if File.directory?("#{ENV['HOME']}/.packaging")
155
+
156
+ # Touch the .packaging file which is allows packaging to present remote tasks
157
+ FileUtils.touch("#{ENV['HOME']}/.packaging")
158
+
159
+ begin
160
+ build_data_directory = Pkg::Util::File.mktemp
161
+ %x(git clone #{data_repo} #{build_data_directory})
162
+ unless $?.success?
163
+ fail 'Error: could not fetch the build-data repo. Maybe you do not have the correct permissions?'
164
+ end
165
+
166
+ Dir.chdir(build_data_directory) do
167
+ [team_data_branch, project_data_branch].each do |branch|
168
+ %x(git checkout #{branch})
169
+ unless $?.success?
170
+ warn "Warning: no build_defaults found in branch '#{branch}' of '#{data_repo}'. Skipping."
171
+ next
172
+ end
173
+ load_extras(build_data_directory)
174
+ end
175
+ end
176
+ ensure
177
+ FileUtils.rm_rf(build_data_directory)
178
+ end
179
+
180
+ Pkg::Config.perform_validations
181
+ end
182
+
183
+ # The load_extras method is intended to load variables
184
+ # from the extra yaml file downloaded by the pl:fetch task.
185
+ # The goal is to be able to augment/override settings in the
186
+ # source project's build_data.yaml and project_data.yaml with
187
+ # Puppet Labs-specific data, rather than having to clutter the
188
+ # generic tasks with data not generally useful outside the
189
+ # PL Release team
190
+ def load_extras(temp_directory)
191
+ unless ENV['PARAMS_FILE'] && ENV['PARAMS_FILE'] != ''
192
+ temp_directory = temp_directory
193
+ raise "load_extras requires a directory containing extras data" if temp_directory.nil?
194
+ Pkg::Config.config_from_yaml("#{temp_directory}/#{Pkg::Config.builder_data_file}")
195
+
196
+ # Environment variables take precedence over those loaded from configs,
197
+ # so we make sure that any we clobbered are reset.
198
+ Pkg::Config.load_envvars
199
+ end
200
+ end
123
201
  end
124
202
  end
125
203
 
@@ -22,7 +22,6 @@ module Pkg::Util::Git
22
22
  end
23
23
 
24
24
  # Git utility to create a new git bundle
25
- # rubocop:disable Metrics/AbcSize
26
25
  def bundle(treeish, appendix = Pkg::Util.rand_string, temp = Pkg::Util::File.mktemp)
27
26
  fail_unless_repo
28
27
  Pkg::Util::Execution.capture3("#{Pkg::Util::Tool::GIT} bundle create #{temp}/#{Pkg::Config.project}-#{Pkg::Config.version}-#{appendix} #{treeish} --tags")
@@ -113,13 +112,12 @@ module Pkg::Util::Git
113
112
  end
114
113
  end
115
114
 
116
- # rubocop:disable Style/GuardClause
117
115
  def fail_unless_repo
118
116
  unless repo?
119
117
  raise "Pkg::Config.project_root (#{Pkg::Config.project_root}) is not \
120
118
  a valid git repository"
121
119
  end
122
- end
120
+ end
123
121
 
124
122
  # Return the basename of the project repo
125
123
  def project_name
@@ -1,6 +1,6 @@
1
1
  module Pkg::Util
2
2
  class Git_tag
3
- attr_reader :address, :ref, :ref_name, :ref_type, :branch_name
3
+ attr_reader :address, :ref, :ref_name, :ref_type
4
4
 
5
5
  GIT = Pkg::Util::Tool::GIT
6
6
  DEVNULL = Pkg::Util::OS::DEVNULL
@@ -43,7 +43,7 @@ module Pkg::Util
43
43
  # Fetch the full ref using ls-remote, this should raise an error if it returns non-zero
44
44
  # because that means this ref doesn't exist in the repo
45
45
  def fetch_full_ref
46
- stdout, _, _ = Pkg::Util::Execution.capture3("#{GIT} ls-remote --tags --heads --exit-code #{address} #{ref}")
46
+ stdout, = Pkg::Util::Execution.capture3("#{GIT} ls-remote --tags --heads --exit-code #{address} #{ref}")
47
47
  stdout.split.last
48
48
  rescue RuntimeError => e
49
49
  raise "ERROR : Not a ref or sha!\n#{e}"
@@ -54,7 +54,7 @@ module Pkg::Util
54
54
  end
55
55
 
56
56
  def ref?
57
- `#{GIT} check-ref-format #{ref} >#{DEVNULL} 2>&1`
57
+ %x(#{GIT} check-ref-format #{ref} >#{DEVNULL} 2>&1)
58
58
  $?.success?
59
59
  end
60
60
 
@@ -1,6 +1,5 @@
1
1
  module Pkg::Util::Gpg
2
2
  class << self
3
-
4
3
  # Please note that this method is not used in determining what key is used
5
4
  # to sign the debian repos. That is defined in the freight config that
6
5
  # lives on our internal repo staging host. The debian conf/distribution
@@ -31,14 +30,14 @@ module Pkg::Util::Gpg
31
30
 
32
31
  def kill_keychain
33
32
  if keychain
34
- stdout, _, _ = Pkg::Util::Execution.capture3("#{keychain} -k mine")
33
+ stdout, = Pkg::Util::Execution.capture3("#{keychain} -k mine")
35
34
  stdout
36
35
  end
37
36
  end
38
37
 
39
38
  def start_keychain
40
39
  if keychain
41
- keychain_output, _, _ = Pkg::Util::Execution.capture3("#{keychain} -q --agents gpg --eval #{key}")
40
+ keychain_output, = Pkg::Util::Execution.capture3("#{keychain} -q --agents gpg --eval #{key}")
42
41
  keychain_output.chomp!
43
42
  new_env = keychain_output.match(/GPG_AGENT_INFO=([^;]*)/)
44
43
  ENV["GPG_AGENT_INFO"] = new_env[1]
@@ -56,7 +55,7 @@ module Pkg::Util::Gpg
56
55
  return true
57
56
  end
58
57
  use_tty = "--no-tty --use-agent" if ENV['RPM_GPG_AGENT']
59
- stdout, _, _ = Pkg::Util::Execution.capture3("#{gpg} #{use_tty} --armor --detach-sign -u #{key} #{file}")
58
+ stdout, = Pkg::Util::Execution.capture3("#{gpg} #{use_tty} --armor --detach-sign -u #{key} #{file}")
60
59
  stdout
61
60
  else
62
61
  fail "No gpg available. Cannot sign #{file}."
@@ -3,9 +3,7 @@ require 'net/http'
3
3
  require 'json'
4
4
 
5
5
  module Pkg::Util::Jenkins
6
-
7
6
  class << self
8
-
9
7
  # Use the curl to create a jenkins job from a valid XML
10
8
  # configuration file.
11
9
  # Returns the URL to the job
@@ -90,6 +88,5 @@ module Pkg::Util::Jenkins
90
88
 
91
89
  wait_for_build job_hash['lastBuild']['url']
92
90
  end
93
-
94
91
  end
95
92
  end
@@ -57,7 +57,7 @@ module Pkg::Util::Misc
57
57
  def check_rubygems_ownership(gem_name)
58
58
  require 'yaml'
59
59
  credentials = YAML.load_file("#{ENV['HOME']}/.gem/credentials")
60
- gems = YAML.load(%x(curl -H 'Authorization:#{credentials[:rubygems_api_key]}' https://rubygems.org/api/v1/gems.yaml))
60
+ gems = YAML.safe_load(%x(curl -H 'Authorization:#{credentials[:rubygems_api_key]}' https://rubygems.org/api/v1/gems.yaml))
61
61
  gems.each do |gem|
62
62
  if gem['name'] == gem_name
63
63
  return true