packaging 0.104.0 → 0.106.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +4 -4
- data/lib/packaging/archive.rb +2 -2
- data/lib/packaging/artifactory/extensions.rb +1 -0
- data/lib/packaging/artifactory.rb +27 -23
- data/lib/packaging/config/params.rb +191 -193
- data/lib/packaging/config/validations.rb +0 -2
- data/lib/packaging/config.rb +8 -8
- data/lib/packaging/deb/repo.rb +11 -14
- data/lib/packaging/gem.rb +2 -2
- data/lib/packaging/metrics.rb +7 -7
- data/lib/packaging/nuget.rb +0 -1
- data/lib/packaging/paths.rb +11 -13
- data/lib/packaging/platforms.rb +14 -52
- data/lib/packaging/repo.rb +11 -12
- data/lib/packaging/retrieve.rb +1 -1
- data/lib/packaging/rpm/repo.rb +8 -8
- data/lib/packaging/sign/dmg.rb +8 -7
- data/lib/packaging/sign/ips.rb +64 -32
- data/lib/packaging/sign/msi.rb +48 -48
- data/lib/packaging/sign/rpm.rb +1 -1
- data/lib/packaging/sign.rb +0 -1
- data/lib/packaging/tar.rb +2 -4
- data/lib/packaging/util/date.rb +0 -1
- data/lib/packaging/util/distribution_server.rb +2 -2
- data/lib/packaging/util/execution.rb +2 -4
- data/lib/packaging/util/file.rb +81 -3
- data/lib/packaging/util/git.rb +1 -3
- data/lib/packaging/util/git_tags.rb +3 -3
- data/lib/packaging/util/gpg.rb +3 -4
- data/lib/packaging/util/jenkins.rb +0 -3
- data/lib/packaging/util/misc.rb +1 -1
- data/lib/packaging/util/net.rb +25 -23
- data/lib/packaging/util/repo.rb +17 -0
- data/lib/packaging/util/serialization.rb +1 -2
- data/lib/packaging/util/ship.rb +150 -3
- data/lib/packaging/util/sign.rb +47 -0
- data/lib/packaging/util/tool.rb +1 -4
- data/lib/packaging/util/version.rb +1 -5
- data/lib/packaging/util.rb +3 -1
- data/lib/packaging.rb +1 -2
- data/spec/lib/packaging/config_spec.rb +3 -3
- data/spec/lib/packaging/deb/repo_spec.rb +1 -1
- data/spec/lib/packaging/paths_spec.rb +2 -3
- data/spec/lib/packaging/platforms_spec.rb +6 -6
- data/spec/lib/packaging/sign_spec.rb +1 -13
- data/spec/lib/packaging/util/git_spec.rb +2 -2
- data/spec/lib/packaging/util/git_tag_spec.rb +5 -5
- data/spec/lib/packaging/util/ship_spec.rb +0 -2
- data/tasks/30_metrics.rake +2 -2
- data/tasks/apple.rake +8 -14
- data/tasks/archive.rake +1 -2
- data/tasks/deb.rake +7 -8
- data/tasks/deb_repos.rake +1 -0
- data/tasks/doc.rake +5 -3
- data/tasks/education.rake +2 -4
- data/tasks/fetch.rake +1 -0
- data/tasks/gem.rake +20 -12
- data/tasks/jenkins.rake +27 -15
- data/tasks/jenkins_dynamic.rake +10 -10
- data/tasks/load_extras.rake +1 -0
- data/tasks/mock.rake +8 -9
- data/tasks/nightly_repos.rake +14 -14
- data/tasks/pe_ship.rake +10 -17
- data/tasks/retrieve.rake +2 -2
- data/tasks/rpm.rake +1 -1
- data/tasks/rpm_repos.rake +1 -0
- data/tasks/ship.rake +24 -12
- data/tasks/sign.rake +6 -6
- data/tasks/tar.rake +2 -3
- data/tasks/update.rake +2 -2
- data/tasks/vendor_gems.rake +5 -7
- data/tasks/version.rake +2 -2
- metadata +42 -40
data/lib/packaging/sign/ips.rb
CHANGED
@@ -1,57 +1,89 @@
|
|
1
1
|
module Pkg::Sign::Ips
|
2
2
|
module_function
|
3
3
|
|
4
|
-
def sign(
|
5
|
-
|
4
|
+
def sign(packages_root = 'pkg')
|
5
|
+
identity_spec = ''
|
6
|
+
unless Pkg::Config.ips_signing_ssh_key.nil?
|
7
|
+
identity_spec = "-i #{Pkg::Config.ips_signing_ssh_key}"
|
8
|
+
end
|
9
|
+
|
10
|
+
signing_server_spec = Pkg::Config.ips_signing_server
|
11
|
+
unless Pkg::Config.ips_signing_server.match(%r{.+@.+})
|
12
|
+
signing_server_spec = "#{ENV['USER']}@#{Pkg::Config.ips_signing_server}"
|
13
|
+
end
|
6
14
|
|
7
|
-
|
8
|
-
|
15
|
+
ssh_host_spec = "#{identity_spec} #{signing_server_spec}"
|
16
|
+
rsync_host_spec = "-e 'ssh #{identity_spec}' #{signing_server_spec}"
|
9
17
|
|
10
|
-
|
18
|
+
packages = Dir.glob("#{packages_root}/solaris/11/**/*.p5p")
|
11
19
|
|
12
|
-
|
20
|
+
packages.each do |package|
|
13
21
|
work_dir = "/tmp/#{Pkg::Util.rand_string}"
|
14
22
|
unsigned_dir = "#{work_dir}/unsigned"
|
15
23
|
repo_dir = "#{work_dir}/repo"
|
16
24
|
signed_dir = "#{work_dir}/pkgs"
|
25
|
+
package_name = File.basename(package)
|
17
26
|
|
18
|
-
Pkg::Util::Net.remote_execute(
|
19
|
-
|
27
|
+
Pkg::Util::Net.remote_execute(
|
28
|
+
ssh_host_spec,
|
29
|
+
"mkdir -p #{repo_dir} #{unsigned_dir} #{signed_dir}"
|
30
|
+
)
|
31
|
+
Pkg::Util::Net.rsync_to(package, rsync_host_spec, unsigned_dir)
|
20
32
|
|
21
33
|
# Before we can get started with signing packages we need to create a repo
|
22
|
-
Pkg::Util::Net.remote_execute(
|
23
|
-
Pkg::Util::Net.remote_execute(
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
#
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
34
|
+
Pkg::Util::Net.remote_execute(ssh_host_spec, "sudo -E /usr/bin/pkgrepo create #{repo_dir}")
|
35
|
+
Pkg::Util::Net.remote_execute(
|
36
|
+
ssh_host_spec,
|
37
|
+
"sudo -E /usr/bin/pkgrepo set -s #{repo_dir} publisher/prefix=puppetlabs.com"
|
38
|
+
)
|
39
|
+
|
40
|
+
# Import all the packages into the repo.
|
41
|
+
Pkg::Util::Net.remote_execute(
|
42
|
+
ssh_host_spec,
|
43
|
+
"sudo -E /usr/bin/pkgrecv -s #{unsigned_dir}/#{package_name} -d #{repo_dir} '*'"
|
44
|
+
)
|
45
|
+
|
33
46
|
# We sign the entire repo
|
34
|
-
|
35
|
-
|
36
|
-
-i /root/signing/
|
37
|
-
-
|
47
|
+
# Paths to the .pem files should live elsewhere rather than hardcoded here.
|
48
|
+
sign_cmd = "sudo -E /usr/bin/pkgsign -c /root/signing/signing_cert_2022.pem \
|
49
|
+
-i /root/signing/DigiCert_Code_Signing_Certificate.pem \
|
50
|
+
-i /root/signing/DigiCert_Trusted_Root.pem \
|
51
|
+
-k /root/signing/signing_key_2022.pem \
|
38
52
|
-s 'file://#{work_dir}/repo' '*'"
|
39
|
-
puts "
|
40
|
-
Pkg::Util::Net.remote_execute(
|
41
|
-
|
42
|
-
|
53
|
+
puts "Signing #{package} with #{sign_cmd} in #{work_dir}"
|
54
|
+
Pkg::Util::Net.remote_execute(ssh_host_spec, sign_cmd.squeeze(' '))
|
55
|
+
|
56
|
+
# pkgrecv with -a will pull packages out of the repo, so we need
|
57
|
+
# to do that too to actually get the packages we signed
|
58
|
+
Pkg::Util::Net.remote_execute(
|
59
|
+
ssh_host_spec,
|
60
|
+
"sudo -E /usr/bin/pkgrecv -d #{signed_dir}/#{package_name} -a -s #{repo_dir} '*'"
|
61
|
+
)
|
43
62
|
begin
|
44
63
|
# lets make sure we actually signed something?
|
45
64
|
# **NOTE** if we're repeatedly trying to sign the same version this
|
46
65
|
# might explode because I don't know how to reset the IPS cache.
|
47
66
|
# Everything is amazing.
|
48
|
-
Pkg::Util::Net.remote_execute(
|
67
|
+
Pkg::Util::Net.remote_execute(
|
68
|
+
ssh_host_spec,
|
69
|
+
"sudo -E /usr/bin/pkg contents -m -g #{signed_dir}/#{package_name} '*' " \
|
70
|
+
"| grep '^signature '"
|
71
|
+
)
|
49
72
|
rescue RuntimeError
|
50
|
-
raise "
|
73
|
+
raise "Error: #{package_name} was not signed correctly."
|
51
74
|
end
|
52
|
-
|
53
|
-
|
54
|
-
Pkg::Util::Net.
|
75
|
+
|
76
|
+
# Pull the packages back.
|
77
|
+
Pkg::Util::Net.rsync_from(
|
78
|
+
"#{signed_dir}/#{package_name}",
|
79
|
+
rsync_host_spec,
|
80
|
+
File.dirname(package)
|
81
|
+
)
|
82
|
+
|
83
|
+
Pkg::Util::Net.remote_execute(
|
84
|
+
ssh_host_spec,
|
85
|
+
"if [ -e '#{work_dir}' ] ; then sudo rm -r '#{work_dir}' ; fi"
|
86
|
+
)
|
55
87
|
end
|
56
88
|
end
|
57
89
|
end
|
data/lib/packaging/sign/msi.rb
CHANGED
@@ -63,60 +63,60 @@ module Pkg::Sign::Msi
|
|
63
63
|
#
|
64
64
|
# Once we no longer support Windows 8/Windows Vista, we can remove the
|
65
65
|
# first Sha1 signature.
|
66
|
-
sign_command =
|
67
|
-
for msipath in #{msis.join(
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
done
|
112
|
-
CMD
|
66
|
+
sign_command = <<~CMD
|
67
|
+
for msipath in #{msis.join(' ')}; do
|
68
|
+
msi="$(basename $msipath)"
|
69
|
+
msidir="C:/#{work_dir}/$(dirname $msipath)"
|
70
|
+
if "/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe" verify -in "$msidir/$msi" ; then
|
71
|
+
echo "$msi is already signed, skipping . . ." ;
|
72
|
+
else
|
73
|
+
tries=5
|
74
|
+
sha1Servers=(http://timestamp.digicert.com/sha1/timestamp
|
75
|
+
http://timestamp.comodoca.com/authenticode)
|
76
|
+
for timeserver in "${sha1Servers[@]}"; do
|
77
|
+
for ((try=1; try<=$tries; try++)) do
|
78
|
+
ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
|
79
|
+
-n "Puppet" -i "http://www.puppet.com" \
|
80
|
+
-h sha1 \
|
81
|
+
-pkcs12 "#{Pkg::Config.msi_signing_cert}" \
|
82
|
+
-pass "#{Pkg::Config.msi_signing_cert_pw}" \
|
83
|
+
-t "$timeserver" \
|
84
|
+
-in "$msidir/$msi" \
|
85
|
+
-out "$msidir/signed-$msi")
|
86
|
+
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
87
|
+
done;
|
88
|
+
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
89
|
+
done;
|
90
|
+
echo $ret
|
91
|
+
if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
|
92
|
+
sha256Servers=(http://timestamp.digicert.com/sha256/timestamp
|
93
|
+
http://timestamp.comodoca.com?td=sha256)
|
94
|
+
for timeserver in "${sha256Servers[@]}"; do
|
95
|
+
for ((try=1; try<=$tries; try++)) do
|
96
|
+
ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
|
97
|
+
-n "Puppet" -i "http://www.puppet.com" \
|
98
|
+
-nest -h sha256 \
|
99
|
+
-pkcs12 "#{Pkg::Config.msi_signing_cert}" \
|
100
|
+
-pass "#{Pkg::Config.msi_signing_cert_pw}" \
|
101
|
+
-ts "$timeserver" \
|
102
|
+
-in "$msidir/signed-$msi" \
|
103
|
+
-out "$msidir/$msi")
|
104
|
+
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
105
|
+
done;
|
106
|
+
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
107
|
+
done;
|
108
|
+
echo $ret
|
109
|
+
if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
|
110
|
+
fi
|
111
|
+
done
|
112
|
+
CMD
|
113
113
|
|
114
114
|
Pkg::Util::Net.remote_execute(
|
115
115
|
ssh_host_string,
|
116
116
|
sign_command,
|
117
117
|
{ fail_fast: false }
|
118
118
|
)
|
119
|
-
msis.each do |
|
119
|
+
msis.each do |msi|
|
120
120
|
Pkg::Util::Net.rsync_from("/cygdrive/c/#{work_dir}/#{msi}", rsync_host_string, File.dirname(msi))
|
121
121
|
end
|
122
122
|
Pkg::Util::Net.remote_execute(ssh_host_string, "if [ -d '/cygdrive/c/#{work_dir}' ]; then rm -rf '/cygdrive/c/#{work_dir}'; fi")
|
data/lib/packaging/sign/rpm.rb
CHANGED
@@ -70,7 +70,7 @@ module Pkg::Sign::Rpm
|
|
70
70
|
v4_rpms = []
|
71
71
|
rpms_to_sign.each do |rpm|
|
72
72
|
platform_tag = Pkg::Paths.tag_from_artifact_path(rpm)
|
73
|
-
platform, version,
|
73
|
+
platform, version, = Pkg::Platforms.parse_platform_tag(platform_tag)
|
74
74
|
|
75
75
|
# We don't sign AIX rpms
|
76
76
|
next if platform_tag.include?('aix')
|
data/lib/packaging/sign.rb
CHANGED
data/lib/packaging/tar.rb
CHANGED
@@ -5,7 +5,6 @@ module Pkg
|
|
5
5
|
include FileUtils
|
6
6
|
|
7
7
|
attr_accessor :files, :project, :version, :excludes, :target, :templates
|
8
|
-
attr_reader :tar
|
9
8
|
|
10
9
|
def initialize
|
11
10
|
@tar = Pkg::Util::Tool.find_tool('tar', :required => true)
|
@@ -56,7 +55,7 @@ module Pkg
|
|
56
55
|
patterns =
|
57
56
|
case @files
|
58
57
|
when String
|
59
|
-
|
58
|
+
warn "warning: `files` should be an array, not a string"
|
60
59
|
@files.split(' ')
|
61
60
|
when Array
|
62
61
|
@files
|
@@ -137,7 +136,7 @@ module Pkg
|
|
137
136
|
def tar(target, source)
|
138
137
|
mkpath File.dirname(target)
|
139
138
|
cd File.dirname(source) do
|
140
|
-
%x(#{@tar} #{@excludes.map { |x|
|
139
|
+
%x(#{@tar} #{@excludes.map { |x| " --exclude #{x} " }.join if @excludes} -zcf '#{File.basename(target)}' '#{File.basename(source)}')
|
141
140
|
unless $?.success?
|
142
141
|
fail "Failed to create .tar.gz archive with #{@tar}. Please ensure the tar command in your path accepts the flags '-c', '-z', and '-f'"
|
143
142
|
end
|
@@ -157,7 +156,6 @@ module Pkg
|
|
157
156
|
self.tar(@target, workdir)
|
158
157
|
self.clean_up workdir
|
159
158
|
end
|
160
|
-
|
161
159
|
end
|
162
160
|
end
|
163
161
|
|
data/lib/packaging/util/date.rb
CHANGED
@@ -31,8 +31,8 @@ module Pkg::Util::DistributionServer
|
|
31
31
|
|
32
32
|
# If we just shipped a tagged version, we want to make it immutable
|
33
33
|
files = Dir.glob("#{local_source_directory}/**/*")
|
34
|
-
|
35
|
-
|
34
|
+
.select { |f| File.file?(f) and !f.include? "#{Pkg::Config.ref}.yaml" }
|
35
|
+
.map { |f| "#{remote_target_directory}/#{f.sub(/^#{local_source_directory}\//, '')}" }
|
36
36
|
|
37
37
|
Pkg::Util::Net.remote_set_ownership(Pkg::Config.distribution_server, 'root', 'release', files)
|
38
38
|
Pkg::Util::Net.remote_set_permissions(Pkg::Config.distribution_server, '0664', files)
|
@@ -1,9 +1,7 @@
|
|
1
1
|
# Utility methods for handling system calls and interactions
|
2
2
|
|
3
3
|
module Pkg::Util::Execution
|
4
|
-
|
5
4
|
class << self
|
6
|
-
|
7
5
|
# Alias to $?.success? that makes success? slightly easier to test and stub
|
8
6
|
# If immediately run, $? will not be instanciated, so only call success? if
|
9
7
|
# $? exists, otherwise return nil
|
@@ -23,7 +21,7 @@ module Pkg::Util::Execution
|
|
23
21
|
# while also raising an exception if a command does not succeed (ala `sh "cmd"`).
|
24
22
|
def ex(command, debug = false)
|
25
23
|
puts "Executing '#{command}'..." if debug
|
26
|
-
ret =
|
24
|
+
ret = %x(#{command})
|
27
25
|
unless Pkg::Util::Execution.success?
|
28
26
|
raise RuntimeError
|
29
27
|
end
|
@@ -71,7 +69,7 @@ module Pkg::Util::Execution
|
|
71
69
|
blk.call
|
72
70
|
success = true
|
73
71
|
break
|
74
|
-
rescue => err
|
72
|
+
rescue StandardError => err
|
75
73
|
puts "An error was encountered evaluating block. Retrying.."
|
76
74
|
exception = err.to_s + "\n" + err.backtrace.join("\n")
|
77
75
|
end
|
data/lib/packaging/util/file.rb
CHANGED
@@ -2,7 +2,6 @@
|
|
2
2
|
require 'fileutils'
|
3
3
|
|
4
4
|
module Pkg::Util::File
|
5
|
-
|
6
5
|
class << self
|
7
6
|
def exist?(file)
|
8
7
|
::File.exist?(file)
|
@@ -15,7 +14,7 @@ module Pkg::Util::File
|
|
15
14
|
|
16
15
|
def mktemp
|
17
16
|
mktemp = Pkg::Util::Tool.find_tool('mktemp', :required => true)
|
18
|
-
stdout,
|
17
|
+
stdout, = Pkg::Util::Execution.capture3("#{mktemp} -d -t pkgXXXXXX")
|
19
18
|
stdout.strip
|
20
19
|
end
|
21
20
|
|
@@ -79,7 +78,7 @@ module Pkg::Util::File
|
|
79
78
|
target_opts = "-C #{target}"
|
80
79
|
end
|
81
80
|
if file_exists?(source, :required => true)
|
82
|
-
stdout,
|
81
|
+
stdout, = Pkg::Util::Execution.capture3(%(#{tar} #{options} #{target_opts} -xf #{source}))
|
83
82
|
stdout
|
84
83
|
end
|
85
84
|
end
|
@@ -120,6 +119,85 @@ module Pkg::Util::File
|
|
120
119
|
end
|
121
120
|
Pkg::Util::Version.versionbump(workdir) if Pkg::Config.update_version_file
|
122
121
|
end
|
122
|
+
|
123
|
+
# The fetch method pulls down two files from the build-data repo that contain additional
|
124
|
+
# data specific to Puppet Labs release infrastructure intended to augment/override any
|
125
|
+
# defaults specified in the source project repo, e.g. in ext/build_defaults.yaml
|
126
|
+
#
|
127
|
+
# It uses curl to download the files, and places them in a temporary
|
128
|
+
# directory, e.g. /tmp/somedirectory/{project,team}/Pkg::Config.builder_data_file
|
129
|
+
#
|
130
|
+
# Retrieve build-data configurations to override/extend local build_defaults
|
131
|
+
def fetch
|
132
|
+
# Each team has a build-defaults file that specifies local infrastructure targets
|
133
|
+
# for things like builders, target locations for build artifacts, etc Since much
|
134
|
+
# of these don't change, one file can be maintained for the team. Each project
|
135
|
+
# also has a data file for information specific to it. If the project builds
|
136
|
+
# both PE and not PE, it has two files, one for PE, and the other for FOSS
|
137
|
+
#
|
138
|
+
data_repo = Pkg::Config.build_data_repo
|
139
|
+
|
140
|
+
if Pkg::Config.dev_build
|
141
|
+
puts "NOTICE: This is a dev build!"
|
142
|
+
project_data_branch = "#{Pkg::Config.project}-dev"
|
143
|
+
else
|
144
|
+
project_data_branch = Pkg::Config.project
|
145
|
+
end
|
146
|
+
team_data_branch = Pkg::Config.team
|
147
|
+
|
148
|
+
if Pkg::Config.build_pe
|
149
|
+
project_data_branch = 'pe-' + project_data_branch unless project_data_branch =~ /^pe-/
|
150
|
+
team_data_branch = 'pe-' + team_data_branch unless team_data_branch =~ /^pe-/
|
151
|
+
end
|
152
|
+
|
153
|
+
# Remove .packaging directory from old-style extras loading
|
154
|
+
FileUtils.rm_rf("#{ENV['HOME']}/.packaging") if File.directory?("#{ENV['HOME']}/.packaging")
|
155
|
+
|
156
|
+
# Touch the .packaging file which is allows packaging to present remote tasks
|
157
|
+
FileUtils.touch("#{ENV['HOME']}/.packaging")
|
158
|
+
|
159
|
+
begin
|
160
|
+
build_data_directory = Pkg::Util::File.mktemp
|
161
|
+
%x(git clone #{data_repo} #{build_data_directory})
|
162
|
+
unless $?.success?
|
163
|
+
fail 'Error: could not fetch the build-data repo. Maybe you do not have the correct permissions?'
|
164
|
+
end
|
165
|
+
|
166
|
+
Dir.chdir(build_data_directory) do
|
167
|
+
[team_data_branch, project_data_branch].each do |branch|
|
168
|
+
%x(git checkout #{branch})
|
169
|
+
unless $?.success?
|
170
|
+
warn "Warning: no build_defaults found in branch '#{branch}' of '#{data_repo}'. Skipping."
|
171
|
+
next
|
172
|
+
end
|
173
|
+
load_extras(build_data_directory)
|
174
|
+
end
|
175
|
+
end
|
176
|
+
ensure
|
177
|
+
FileUtils.rm_rf(build_data_directory)
|
178
|
+
end
|
179
|
+
|
180
|
+
Pkg::Config.perform_validations
|
181
|
+
end
|
182
|
+
|
183
|
+
# The load_extras method is intended to load variables
|
184
|
+
# from the extra yaml file downloaded by the pl:fetch task.
|
185
|
+
# The goal is to be able to augment/override settings in the
|
186
|
+
# source project's build_data.yaml and project_data.yaml with
|
187
|
+
# Puppet Labs-specific data, rather than having to clutter the
|
188
|
+
# generic tasks with data not generally useful outside the
|
189
|
+
# PL Release team
|
190
|
+
def load_extras(temp_directory)
|
191
|
+
unless ENV['PARAMS_FILE'] && ENV['PARAMS_FILE'] != ''
|
192
|
+
temp_directory = temp_directory
|
193
|
+
raise "load_extras requires a directory containing extras data" if temp_directory.nil?
|
194
|
+
Pkg::Config.config_from_yaml("#{temp_directory}/#{Pkg::Config.builder_data_file}")
|
195
|
+
|
196
|
+
# Environment variables take precedence over those loaded from configs,
|
197
|
+
# so we make sure that any we clobbered are reset.
|
198
|
+
Pkg::Config.load_envvars
|
199
|
+
end
|
200
|
+
end
|
123
201
|
end
|
124
202
|
end
|
125
203
|
|
data/lib/packaging/util/git.rb
CHANGED
@@ -22,7 +22,6 @@ module Pkg::Util::Git
|
|
22
22
|
end
|
23
23
|
|
24
24
|
# Git utility to create a new git bundle
|
25
|
-
# rubocop:disable Metrics/AbcSize
|
26
25
|
def bundle(treeish, appendix = Pkg::Util.rand_string, temp = Pkg::Util::File.mktemp)
|
27
26
|
fail_unless_repo
|
28
27
|
Pkg::Util::Execution.capture3("#{Pkg::Util::Tool::GIT} bundle create #{temp}/#{Pkg::Config.project}-#{Pkg::Config.version}-#{appendix} #{treeish} --tags")
|
@@ -113,13 +112,12 @@ module Pkg::Util::Git
|
|
113
112
|
end
|
114
113
|
end
|
115
114
|
|
116
|
-
# rubocop:disable Style/GuardClause
|
117
115
|
def fail_unless_repo
|
118
116
|
unless repo?
|
119
117
|
raise "Pkg::Config.project_root (#{Pkg::Config.project_root}) is not \
|
120
118
|
a valid git repository"
|
121
119
|
end
|
122
|
-
|
120
|
+
end
|
123
121
|
|
124
122
|
# Return the basename of the project repo
|
125
123
|
def project_name
|
@@ -1,6 +1,6 @@
|
|
1
1
|
module Pkg::Util
|
2
2
|
class Git_tag
|
3
|
-
attr_reader :address, :ref, :ref_name, :ref_type
|
3
|
+
attr_reader :address, :ref, :ref_name, :ref_type
|
4
4
|
|
5
5
|
GIT = Pkg::Util::Tool::GIT
|
6
6
|
DEVNULL = Pkg::Util::OS::DEVNULL
|
@@ -43,7 +43,7 @@ module Pkg::Util
|
|
43
43
|
# Fetch the full ref using ls-remote, this should raise an error if it returns non-zero
|
44
44
|
# because that means this ref doesn't exist in the repo
|
45
45
|
def fetch_full_ref
|
46
|
-
stdout,
|
46
|
+
stdout, = Pkg::Util::Execution.capture3("#{GIT} ls-remote --tags --heads --exit-code #{address} #{ref}")
|
47
47
|
stdout.split.last
|
48
48
|
rescue RuntimeError => e
|
49
49
|
raise "ERROR : Not a ref or sha!\n#{e}"
|
@@ -54,7 +54,7 @@ module Pkg::Util
|
|
54
54
|
end
|
55
55
|
|
56
56
|
def ref?
|
57
|
-
|
57
|
+
%x(#{GIT} check-ref-format #{ref} >#{DEVNULL} 2>&1)
|
58
58
|
$?.success?
|
59
59
|
end
|
60
60
|
|
data/lib/packaging/util/gpg.rb
CHANGED
@@ -1,6 +1,5 @@
|
|
1
1
|
module Pkg::Util::Gpg
|
2
2
|
class << self
|
3
|
-
|
4
3
|
# Please note that this method is not used in determining what key is used
|
5
4
|
# to sign the debian repos. That is defined in the freight config that
|
6
5
|
# lives on our internal repo staging host. The debian conf/distribution
|
@@ -31,14 +30,14 @@ module Pkg::Util::Gpg
|
|
31
30
|
|
32
31
|
def kill_keychain
|
33
32
|
if keychain
|
34
|
-
stdout,
|
33
|
+
stdout, = Pkg::Util::Execution.capture3("#{keychain} -k mine")
|
35
34
|
stdout
|
36
35
|
end
|
37
36
|
end
|
38
37
|
|
39
38
|
def start_keychain
|
40
39
|
if keychain
|
41
|
-
keychain_output,
|
40
|
+
keychain_output, = Pkg::Util::Execution.capture3("#{keychain} -q --agents gpg --eval #{key}")
|
42
41
|
keychain_output.chomp!
|
43
42
|
new_env = keychain_output.match(/GPG_AGENT_INFO=([^;]*)/)
|
44
43
|
ENV["GPG_AGENT_INFO"] = new_env[1]
|
@@ -56,7 +55,7 @@ module Pkg::Util::Gpg
|
|
56
55
|
return true
|
57
56
|
end
|
58
57
|
use_tty = "--no-tty --use-agent" if ENV['RPM_GPG_AGENT']
|
59
|
-
stdout,
|
58
|
+
stdout, = Pkg::Util::Execution.capture3("#{gpg} #{use_tty} --armor --detach-sign -u #{key} #{file}")
|
60
59
|
stdout
|
61
60
|
else
|
62
61
|
fail "No gpg available. Cannot sign #{file}."
|
@@ -3,9 +3,7 @@ require 'net/http'
|
|
3
3
|
require 'json'
|
4
4
|
|
5
5
|
module Pkg::Util::Jenkins
|
6
|
-
|
7
6
|
class << self
|
8
|
-
|
9
7
|
# Use the curl to create a jenkins job from a valid XML
|
10
8
|
# configuration file.
|
11
9
|
# Returns the URL to the job
|
@@ -90,6 +88,5 @@ module Pkg::Util::Jenkins
|
|
90
88
|
|
91
89
|
wait_for_build job_hash['lastBuild']['url']
|
92
90
|
end
|
93
|
-
|
94
91
|
end
|
95
92
|
end
|
data/lib/packaging/util/misc.rb
CHANGED
@@ -57,7 +57,7 @@ module Pkg::Util::Misc
|
|
57
57
|
def check_rubygems_ownership(gem_name)
|
58
58
|
require 'yaml'
|
59
59
|
credentials = YAML.load_file("#{ENV['HOME']}/.gem/credentials")
|
60
|
-
gems = YAML.
|
60
|
+
gems = YAML.safe_load(%x(curl -H 'Authorization:#{credentials[:rubygems_api_key]}' https://rubygems.org/api/v1/gems.yaml))
|
61
61
|
gems.each do |gem|
|
62
62
|
if gem['name'] == gem_name
|
63
63
|
return true
|