packaging 0.106.0 → 0.106.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +4 -4
- data/lib/packaging/archive.rb +2 -2
- data/lib/packaging/artifactory/extensions.rb +1 -0
- data/lib/packaging/artifactory.rb +27 -23
- data/lib/packaging/config/params.rb +191 -193
- data/lib/packaging/config/validations.rb +0 -2
- data/lib/packaging/config.rb +8 -8
- data/lib/packaging/deb/repo.rb +11 -14
- data/lib/packaging/gem.rb +2 -2
- data/lib/packaging/metrics.rb +7 -7
- data/lib/packaging/nuget.rb +0 -1
- data/lib/packaging/paths.rb +11 -13
- data/lib/packaging/platforms.rb +10 -6
- data/lib/packaging/repo.rb +11 -12
- data/lib/packaging/retrieve.rb +1 -1
- data/lib/packaging/rpm/repo.rb +8 -8
- data/lib/packaging/sign/dmg.rb +8 -7
- data/lib/packaging/sign/ips.rb +64 -32
- data/lib/packaging/sign/msi.rb +48 -48
- data/lib/packaging/sign/rpm.rb +1 -1
- data/lib/packaging/sign.rb +0 -1
- data/lib/packaging/tar.rb +2 -4
- data/lib/packaging/util/date.rb +0 -1
- data/lib/packaging/util/distribution_server.rb +2 -2
- data/lib/packaging/util/execution.rb +2 -4
- data/lib/packaging/util/file.rb +2 -3
- data/lib/packaging/util/git.rb +1 -3
- data/lib/packaging/util/git_tags.rb +3 -3
- data/lib/packaging/util/gpg.rb +3 -4
- data/lib/packaging/util/jenkins.rb +0 -3
- data/lib/packaging/util/misc.rb +1 -1
- data/lib/packaging/util/net.rb +25 -22
- data/lib/packaging/util/repo.rb +0 -1
- data/lib/packaging/util/serialization.rb +1 -2
- data/lib/packaging/util/ship.rb +3 -3
- data/lib/packaging/util/sign.rb +8 -8
- data/lib/packaging/util/tool.rb +1 -4
- data/lib/packaging/util/version.rb +1 -5
- data/lib/packaging/util.rb +1 -1
- data/lib/packaging.rb +1 -2
- data/spec/lib/packaging/platforms_spec.rb +1 -1
- data/spec/lib/packaging/sign_spec.rb +1 -1
- data/spec/lib/packaging/util/git_spec.rb +2 -2
- data/spec/lib/packaging/util/git_tag_spec.rb +5 -5
- data/tasks/30_metrics.rake +2 -2
- data/tasks/apple.rake +8 -14
- data/tasks/archive.rake +1 -2
- data/tasks/deb.rake +7 -8
- data/tasks/doc.rake +5 -3
- data/tasks/education.rake +2 -4
- data/tasks/gem.rake +20 -12
- data/tasks/jenkins.rake +27 -15
- data/tasks/jenkins_dynamic.rake +10 -10
- data/tasks/mock.rake +8 -9
- data/tasks/nightly_repos.rake +14 -14
- data/tasks/pe_ship.rake +10 -17
- data/tasks/retrieve.rake +2 -2
- data/tasks/rpm.rake +1 -1
- data/tasks/ship.rake +6 -6
- data/tasks/sign.rake +5 -5
- data/tasks/tar.rake +2 -3
- data/tasks/update.rake +2 -2
- data/tasks/vendor_gems.rake +5 -7
- data/tasks/version.rake +2 -2
- metadata +42 -42
data/lib/packaging/sign/ips.rb
CHANGED
@@ -1,57 +1,89 @@
|
|
1
1
|
module Pkg::Sign::Ips
|
2
2
|
module_function
|
3
3
|
|
4
|
-
def sign(
|
5
|
-
|
4
|
+
def sign(packages_root = 'pkg')
|
5
|
+
identity_spec = ''
|
6
|
+
unless Pkg::Config.ips_signing_ssh_key.nil?
|
7
|
+
identity_spec = "-i #{Pkg::Config.ips_signing_ssh_key}"
|
8
|
+
end
|
9
|
+
|
10
|
+
signing_server_spec = Pkg::Config.ips_signing_server
|
11
|
+
unless Pkg::Config.ips_signing_server.match(%r{.+@.+})
|
12
|
+
signing_server_spec = "#{ENV['USER']}@#{Pkg::Config.ips_signing_server}"
|
13
|
+
end
|
6
14
|
|
7
|
-
|
8
|
-
|
15
|
+
ssh_host_spec = "#{identity_spec} #{signing_server_spec}"
|
16
|
+
rsync_host_spec = "-e 'ssh #{identity_spec}' #{signing_server_spec}"
|
9
17
|
|
10
|
-
|
18
|
+
packages = Dir.glob("#{packages_root}/solaris/11/**/*.p5p")
|
11
19
|
|
12
|
-
|
20
|
+
packages.each do |package|
|
13
21
|
work_dir = "/tmp/#{Pkg::Util.rand_string}"
|
14
22
|
unsigned_dir = "#{work_dir}/unsigned"
|
15
23
|
repo_dir = "#{work_dir}/repo"
|
16
24
|
signed_dir = "#{work_dir}/pkgs"
|
25
|
+
package_name = File.basename(package)
|
17
26
|
|
18
|
-
Pkg::Util::Net.remote_execute(
|
19
|
-
|
27
|
+
Pkg::Util::Net.remote_execute(
|
28
|
+
ssh_host_spec,
|
29
|
+
"mkdir -p #{repo_dir} #{unsigned_dir} #{signed_dir}"
|
30
|
+
)
|
31
|
+
Pkg::Util::Net.rsync_to(package, rsync_host_spec, unsigned_dir)
|
20
32
|
|
21
33
|
# Before we can get started with signing packages we need to create a repo
|
22
|
-
Pkg::Util::Net.remote_execute(
|
23
|
-
Pkg::Util::Net.remote_execute(
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
#
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
34
|
+
Pkg::Util::Net.remote_execute(ssh_host_spec, "sudo -E /usr/bin/pkgrepo create #{repo_dir}")
|
35
|
+
Pkg::Util::Net.remote_execute(
|
36
|
+
ssh_host_spec,
|
37
|
+
"sudo -E /usr/bin/pkgrepo set -s #{repo_dir} publisher/prefix=puppetlabs.com"
|
38
|
+
)
|
39
|
+
|
40
|
+
# Import all the packages into the repo.
|
41
|
+
Pkg::Util::Net.remote_execute(
|
42
|
+
ssh_host_spec,
|
43
|
+
"sudo -E /usr/bin/pkgrecv -s #{unsigned_dir}/#{package_name} -d #{repo_dir} '*'"
|
44
|
+
)
|
45
|
+
|
33
46
|
# We sign the entire repo
|
34
|
-
|
35
|
-
|
36
|
-
-i /root/signing/
|
37
|
-
-
|
47
|
+
# Paths to the .pem files should live elsewhere rather than hardcoded here.
|
48
|
+
sign_cmd = "sudo -E /usr/bin/pkgsign -c /root/signing/signing_cert_2022.pem \
|
49
|
+
-i /root/signing/DigiCert_Code_Signing_Certificate.pem \
|
50
|
+
-i /root/signing/DigiCert_Trusted_Root.pem \
|
51
|
+
-k /root/signing/signing_key_2022.pem \
|
38
52
|
-s 'file://#{work_dir}/repo' '*'"
|
39
|
-
puts "
|
40
|
-
Pkg::Util::Net.remote_execute(
|
41
|
-
|
42
|
-
|
53
|
+
puts "Signing #{package} with #{sign_cmd} in #{work_dir}"
|
54
|
+
Pkg::Util::Net.remote_execute(ssh_host_spec, sign_cmd.squeeze(' '))
|
55
|
+
|
56
|
+
# pkgrecv with -a will pull packages out of the repo, so we need
|
57
|
+
# to do that too to actually get the packages we signed
|
58
|
+
Pkg::Util::Net.remote_execute(
|
59
|
+
ssh_host_spec,
|
60
|
+
"sudo -E /usr/bin/pkgrecv -d #{signed_dir}/#{package_name} -a -s #{repo_dir} '*'"
|
61
|
+
)
|
43
62
|
begin
|
44
63
|
# lets make sure we actually signed something?
|
45
64
|
# **NOTE** if we're repeatedly trying to sign the same version this
|
46
65
|
# might explode because I don't know how to reset the IPS cache.
|
47
66
|
# Everything is amazing.
|
48
|
-
Pkg::Util::Net.remote_execute(
|
67
|
+
Pkg::Util::Net.remote_execute(
|
68
|
+
ssh_host_spec,
|
69
|
+
"sudo -E /usr/bin/pkg contents -m -g #{signed_dir}/#{package_name} '*' " \
|
70
|
+
"| grep '^signature '"
|
71
|
+
)
|
49
72
|
rescue RuntimeError
|
50
|
-
raise "
|
73
|
+
raise "Error: #{package_name} was not signed correctly."
|
51
74
|
end
|
52
|
-
|
53
|
-
|
54
|
-
Pkg::Util::Net.
|
75
|
+
|
76
|
+
# Pull the packages back.
|
77
|
+
Pkg::Util::Net.rsync_from(
|
78
|
+
"#{signed_dir}/#{package_name}",
|
79
|
+
rsync_host_spec,
|
80
|
+
File.dirname(package)
|
81
|
+
)
|
82
|
+
|
83
|
+
Pkg::Util::Net.remote_execute(
|
84
|
+
ssh_host_spec,
|
85
|
+
"if [ -e '#{work_dir}' ] ; then sudo rm -r '#{work_dir}' ; fi"
|
86
|
+
)
|
55
87
|
end
|
56
88
|
end
|
57
89
|
end
|
data/lib/packaging/sign/msi.rb
CHANGED
@@ -63,60 +63,60 @@ module Pkg::Sign::Msi
|
|
63
63
|
#
|
64
64
|
# Once we no longer support Windows 8/Windows Vista, we can remove the
|
65
65
|
# first Sha1 signature.
|
66
|
-
sign_command =
|
67
|
-
for msipath in #{msis.join(
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
done
|
112
|
-
CMD
|
66
|
+
sign_command = <<~CMD
|
67
|
+
for msipath in #{msis.join(' ')}; do
|
68
|
+
msi="$(basename $msipath)"
|
69
|
+
msidir="C:/#{work_dir}/$(dirname $msipath)"
|
70
|
+
if "/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe" verify -in "$msidir/$msi" ; then
|
71
|
+
echo "$msi is already signed, skipping . . ." ;
|
72
|
+
else
|
73
|
+
tries=5
|
74
|
+
sha1Servers=(http://timestamp.digicert.com/sha1/timestamp
|
75
|
+
http://timestamp.comodoca.com/authenticode)
|
76
|
+
for timeserver in "${sha1Servers[@]}"; do
|
77
|
+
for ((try=1; try<=$tries; try++)) do
|
78
|
+
ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
|
79
|
+
-n "Puppet" -i "http://www.puppet.com" \
|
80
|
+
-h sha1 \
|
81
|
+
-pkcs12 "#{Pkg::Config.msi_signing_cert}" \
|
82
|
+
-pass "#{Pkg::Config.msi_signing_cert_pw}" \
|
83
|
+
-t "$timeserver" \
|
84
|
+
-in "$msidir/$msi" \
|
85
|
+
-out "$msidir/signed-$msi")
|
86
|
+
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
87
|
+
done;
|
88
|
+
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
89
|
+
done;
|
90
|
+
echo $ret
|
91
|
+
if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
|
92
|
+
sha256Servers=(http://timestamp.digicert.com/sha256/timestamp
|
93
|
+
http://timestamp.comodoca.com?td=sha256)
|
94
|
+
for timeserver in "${sha256Servers[@]}"; do
|
95
|
+
for ((try=1; try<=$tries; try++)) do
|
96
|
+
ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
|
97
|
+
-n "Puppet" -i "http://www.puppet.com" \
|
98
|
+
-nest -h sha256 \
|
99
|
+
-pkcs12 "#{Pkg::Config.msi_signing_cert}" \
|
100
|
+
-pass "#{Pkg::Config.msi_signing_cert_pw}" \
|
101
|
+
-ts "$timeserver" \
|
102
|
+
-in "$msidir/signed-$msi" \
|
103
|
+
-out "$msidir/$msi")
|
104
|
+
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
105
|
+
done;
|
106
|
+
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
107
|
+
done;
|
108
|
+
echo $ret
|
109
|
+
if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
|
110
|
+
fi
|
111
|
+
done
|
112
|
+
CMD
|
113
113
|
|
114
114
|
Pkg::Util::Net.remote_execute(
|
115
115
|
ssh_host_string,
|
116
116
|
sign_command,
|
117
117
|
{ fail_fast: false }
|
118
118
|
)
|
119
|
-
msis.each do |
|
119
|
+
msis.each do |msi|
|
120
120
|
Pkg::Util::Net.rsync_from("/cygdrive/c/#{work_dir}/#{msi}", rsync_host_string, File.dirname(msi))
|
121
121
|
end
|
122
122
|
Pkg::Util::Net.remote_execute(ssh_host_string, "if [ -d '/cygdrive/c/#{work_dir}' ]; then rm -rf '/cygdrive/c/#{work_dir}'; fi")
|
data/lib/packaging/sign/rpm.rb
CHANGED
@@ -70,7 +70,7 @@ module Pkg::Sign::Rpm
|
|
70
70
|
v4_rpms = []
|
71
71
|
rpms_to_sign.each do |rpm|
|
72
72
|
platform_tag = Pkg::Paths.tag_from_artifact_path(rpm)
|
73
|
-
platform, version,
|
73
|
+
platform, version, = Pkg::Platforms.parse_platform_tag(platform_tag)
|
74
74
|
|
75
75
|
# We don't sign AIX rpms
|
76
76
|
next if platform_tag.include?('aix')
|
data/lib/packaging/sign.rb
CHANGED
data/lib/packaging/tar.rb
CHANGED
@@ -5,7 +5,6 @@ module Pkg
|
|
5
5
|
include FileUtils
|
6
6
|
|
7
7
|
attr_accessor :files, :project, :version, :excludes, :target, :templates
|
8
|
-
attr_reader :tar
|
9
8
|
|
10
9
|
def initialize
|
11
10
|
@tar = Pkg::Util::Tool.find_tool('tar', :required => true)
|
@@ -56,7 +55,7 @@ module Pkg
|
|
56
55
|
patterns =
|
57
56
|
case @files
|
58
57
|
when String
|
59
|
-
|
58
|
+
warn "warning: `files` should be an array, not a string"
|
60
59
|
@files.split(' ')
|
61
60
|
when Array
|
62
61
|
@files
|
@@ -137,7 +136,7 @@ module Pkg
|
|
137
136
|
def tar(target, source)
|
138
137
|
mkpath File.dirname(target)
|
139
138
|
cd File.dirname(source) do
|
140
|
-
%x(#{@tar} #{@excludes.map { |x|
|
139
|
+
%x(#{@tar} #{@excludes.map { |x| " --exclude #{x} " }.join if @excludes} -zcf '#{File.basename(target)}' '#{File.basename(source)}')
|
141
140
|
unless $?.success?
|
142
141
|
fail "Failed to create .tar.gz archive with #{@tar}. Please ensure the tar command in your path accepts the flags '-c', '-z', and '-f'"
|
143
142
|
end
|
@@ -157,7 +156,6 @@ module Pkg
|
|
157
156
|
self.tar(@target, workdir)
|
158
157
|
self.clean_up workdir
|
159
158
|
end
|
160
|
-
|
161
159
|
end
|
162
160
|
end
|
163
161
|
|
data/lib/packaging/util/date.rb
CHANGED
@@ -31,8 +31,8 @@ module Pkg::Util::DistributionServer
|
|
31
31
|
|
32
32
|
# If we just shipped a tagged version, we want to make it immutable
|
33
33
|
files = Dir.glob("#{local_source_directory}/**/*")
|
34
|
-
|
35
|
-
|
34
|
+
.select { |f| File.file?(f) and !f.include? "#{Pkg::Config.ref}.yaml" }
|
35
|
+
.map { |f| "#{remote_target_directory}/#{f.sub(/^#{local_source_directory}\//, '')}" }
|
36
36
|
|
37
37
|
Pkg::Util::Net.remote_set_ownership(Pkg::Config.distribution_server, 'root', 'release', files)
|
38
38
|
Pkg::Util::Net.remote_set_permissions(Pkg::Config.distribution_server, '0664', files)
|
@@ -1,9 +1,7 @@
|
|
1
1
|
# Utility methods for handling system calls and interactions
|
2
2
|
|
3
3
|
module Pkg::Util::Execution
|
4
|
-
|
5
4
|
class << self
|
6
|
-
|
7
5
|
# Alias to $?.success? that makes success? slightly easier to test and stub
|
8
6
|
# If immediately run, $? will not be instanciated, so only call success? if
|
9
7
|
# $? exists, otherwise return nil
|
@@ -23,7 +21,7 @@ module Pkg::Util::Execution
|
|
23
21
|
# while also raising an exception if a command does not succeed (ala `sh "cmd"`).
|
24
22
|
def ex(command, debug = false)
|
25
23
|
puts "Executing '#{command}'..." if debug
|
26
|
-
ret =
|
24
|
+
ret = %x(#{command})
|
27
25
|
unless Pkg::Util::Execution.success?
|
28
26
|
raise RuntimeError
|
29
27
|
end
|
@@ -71,7 +69,7 @@ module Pkg::Util::Execution
|
|
71
69
|
blk.call
|
72
70
|
success = true
|
73
71
|
break
|
74
|
-
rescue => err
|
72
|
+
rescue StandardError => err
|
75
73
|
puts "An error was encountered evaluating block. Retrying.."
|
76
74
|
exception = err.to_s + "\n" + err.backtrace.join("\n")
|
77
75
|
end
|
data/lib/packaging/util/file.rb
CHANGED
@@ -2,7 +2,6 @@
|
|
2
2
|
require 'fileutils'
|
3
3
|
|
4
4
|
module Pkg::Util::File
|
5
|
-
|
6
5
|
class << self
|
7
6
|
def exist?(file)
|
8
7
|
::File.exist?(file)
|
@@ -15,7 +14,7 @@ module Pkg::Util::File
|
|
15
14
|
|
16
15
|
def mktemp
|
17
16
|
mktemp = Pkg::Util::Tool.find_tool('mktemp', :required => true)
|
18
|
-
stdout,
|
17
|
+
stdout, = Pkg::Util::Execution.capture3("#{mktemp} -d -t pkgXXXXXX")
|
19
18
|
stdout.strip
|
20
19
|
end
|
21
20
|
|
@@ -79,7 +78,7 @@ module Pkg::Util::File
|
|
79
78
|
target_opts = "-C #{target}"
|
80
79
|
end
|
81
80
|
if file_exists?(source, :required => true)
|
82
|
-
stdout,
|
81
|
+
stdout, = Pkg::Util::Execution.capture3(%(#{tar} #{options} #{target_opts} -xf #{source}))
|
83
82
|
stdout
|
84
83
|
end
|
85
84
|
end
|
data/lib/packaging/util/git.rb
CHANGED
@@ -22,7 +22,6 @@ module Pkg::Util::Git
|
|
22
22
|
end
|
23
23
|
|
24
24
|
# Git utility to create a new git bundle
|
25
|
-
# rubocop:disable Metrics/AbcSize
|
26
25
|
def bundle(treeish, appendix = Pkg::Util.rand_string, temp = Pkg::Util::File.mktemp)
|
27
26
|
fail_unless_repo
|
28
27
|
Pkg::Util::Execution.capture3("#{Pkg::Util::Tool::GIT} bundle create #{temp}/#{Pkg::Config.project}-#{Pkg::Config.version}-#{appendix} #{treeish} --tags")
|
@@ -113,13 +112,12 @@ module Pkg::Util::Git
|
|
113
112
|
end
|
114
113
|
end
|
115
114
|
|
116
|
-
# rubocop:disable Style/GuardClause
|
117
115
|
def fail_unless_repo
|
118
116
|
unless repo?
|
119
117
|
raise "Pkg::Config.project_root (#{Pkg::Config.project_root}) is not \
|
120
118
|
a valid git repository"
|
121
119
|
end
|
122
|
-
|
120
|
+
end
|
123
121
|
|
124
122
|
# Return the basename of the project repo
|
125
123
|
def project_name
|
@@ -1,6 +1,6 @@
|
|
1
1
|
module Pkg::Util
|
2
2
|
class Git_tag
|
3
|
-
attr_reader :address, :ref, :ref_name, :ref_type
|
3
|
+
attr_reader :address, :ref, :ref_name, :ref_type
|
4
4
|
|
5
5
|
GIT = Pkg::Util::Tool::GIT
|
6
6
|
DEVNULL = Pkg::Util::OS::DEVNULL
|
@@ -43,7 +43,7 @@ module Pkg::Util
|
|
43
43
|
# Fetch the full ref using ls-remote, this should raise an error if it returns non-zero
|
44
44
|
# because that means this ref doesn't exist in the repo
|
45
45
|
def fetch_full_ref
|
46
|
-
stdout,
|
46
|
+
stdout, = Pkg::Util::Execution.capture3("#{GIT} ls-remote --tags --heads --exit-code #{address} #{ref}")
|
47
47
|
stdout.split.last
|
48
48
|
rescue RuntimeError => e
|
49
49
|
raise "ERROR : Not a ref or sha!\n#{e}"
|
@@ -54,7 +54,7 @@ module Pkg::Util
|
|
54
54
|
end
|
55
55
|
|
56
56
|
def ref?
|
57
|
-
|
57
|
+
%x(#{GIT} check-ref-format #{ref} >#{DEVNULL} 2>&1)
|
58
58
|
$?.success?
|
59
59
|
end
|
60
60
|
|
data/lib/packaging/util/gpg.rb
CHANGED
@@ -1,6 +1,5 @@
|
|
1
1
|
module Pkg::Util::Gpg
|
2
2
|
class << self
|
3
|
-
|
4
3
|
# Please note that this method is not used in determining what key is used
|
5
4
|
# to sign the debian repos. That is defined in the freight config that
|
6
5
|
# lives on our internal repo staging host. The debian conf/distribution
|
@@ -31,14 +30,14 @@ module Pkg::Util::Gpg
|
|
31
30
|
|
32
31
|
def kill_keychain
|
33
32
|
if keychain
|
34
|
-
stdout,
|
33
|
+
stdout, = Pkg::Util::Execution.capture3("#{keychain} -k mine")
|
35
34
|
stdout
|
36
35
|
end
|
37
36
|
end
|
38
37
|
|
39
38
|
def start_keychain
|
40
39
|
if keychain
|
41
|
-
keychain_output,
|
40
|
+
keychain_output, = Pkg::Util::Execution.capture3("#{keychain} -q --agents gpg --eval #{key}")
|
42
41
|
keychain_output.chomp!
|
43
42
|
new_env = keychain_output.match(/GPG_AGENT_INFO=([^;]*)/)
|
44
43
|
ENV["GPG_AGENT_INFO"] = new_env[1]
|
@@ -56,7 +55,7 @@ module Pkg::Util::Gpg
|
|
56
55
|
return true
|
57
56
|
end
|
58
57
|
use_tty = "--no-tty --use-agent" if ENV['RPM_GPG_AGENT']
|
59
|
-
stdout,
|
58
|
+
stdout, = Pkg::Util::Execution.capture3("#{gpg} #{use_tty} --armor --detach-sign -u #{key} #{file}")
|
60
59
|
stdout
|
61
60
|
else
|
62
61
|
fail "No gpg available. Cannot sign #{file}."
|
@@ -3,9 +3,7 @@ require 'net/http'
|
|
3
3
|
require 'json'
|
4
4
|
|
5
5
|
module Pkg::Util::Jenkins
|
6
|
-
|
7
6
|
class << self
|
8
|
-
|
9
7
|
# Use the curl to create a jenkins job from a valid XML
|
10
8
|
# configuration file.
|
11
9
|
# Returns the URL to the job
|
@@ -90,6 +88,5 @@ module Pkg::Util::Jenkins
|
|
90
88
|
|
91
89
|
wait_for_build job_hash['lastBuild']['url']
|
92
90
|
end
|
93
|
-
|
94
91
|
end
|
95
92
|
end
|
data/lib/packaging/util/misc.rb
CHANGED
@@ -57,7 +57,7 @@ module Pkg::Util::Misc
|
|
57
57
|
def check_rubygems_ownership(gem_name)
|
58
58
|
require 'yaml'
|
59
59
|
credentials = YAML.load_file("#{ENV['HOME']}/.gem/credentials")
|
60
|
-
gems = YAML.
|
60
|
+
gems = YAML.safe_load(%x(curl -H 'Authorization:#{credentials[:rubygems_api_key]}' https://rubygems.org/api/v1/gems.yaml))
|
61
61
|
gems.each do |gem|
|
62
62
|
if gem['name'] == gem_name
|
63
63
|
return true
|
data/lib/packaging/util/net.rb
CHANGED
@@ -1,15 +1,13 @@
|
|
1
1
|
# Utility methods for handling network calls and interactions
|
2
2
|
|
3
3
|
module Pkg::Util::Net
|
4
|
-
|
5
4
|
class << self
|
6
|
-
|
7
5
|
# This simple method does an HTTP get of a URI and writes it to a file
|
8
6
|
# in a slightly more platform agnostic way than curl/wget
|
9
7
|
def fetch_uri(uri, target)
|
10
8
|
require 'open-uri'
|
11
9
|
if Pkg::Util::File.file_writable?(File.dirname(target))
|
12
|
-
File.open(target, 'w') { |f| f.puts(open(uri).read) }
|
10
|
+
File.open(target, 'w') { |f| f.puts(URI.open(uri).read) }
|
13
11
|
end
|
14
12
|
end
|
15
13
|
|
@@ -37,7 +35,7 @@ module Pkg::Util::Net
|
|
37
35
|
Array(hosts).flatten.each do |host|
|
38
36
|
begin
|
39
37
|
remote_execute(host, 'exit', { extra_options: '-oBatchMode=yes' })
|
40
|
-
rescue
|
38
|
+
rescue StandardError
|
41
39
|
errs << host
|
42
40
|
end
|
43
41
|
end
|
@@ -56,7 +54,7 @@ module Pkg::Util::Net
|
|
56
54
|
begin
|
57
55
|
remote_execute(host, "gpg --list-secret-keys #{gpg} > /dev/null 2&>1",
|
58
56
|
{ extra_options: '-oBatchMode=yes' })
|
59
|
-
rescue
|
57
|
+
rescue StandardError
|
60
58
|
errs << host
|
61
59
|
end
|
62
60
|
end
|
@@ -112,13 +110,14 @@ module Pkg::Util::Net
|
|
112
110
|
###
|
113
111
|
### Deprecated method implemented as a shim to the new `remote_execute` method
|
114
112
|
###
|
115
|
-
def remote_ssh_cmd(target, command, capture_output = false, extra_options = '', fail_fast = true, trace = false)
|
113
|
+
def remote_ssh_cmd(target, command, capture_output = false, extra_options = '', fail_fast = true, trace = false) # rubocop:disable Metrics/ParameterLists
|
116
114
|
puts "Warn: \"remote_ssh_cmd\" call in packaging is deprecated. Use \"remote_execute\" instead."
|
117
115
|
remote_execute(target, command, {
|
118
116
|
capture_output: capture_output,
|
119
117
|
extra_options: extra_options,
|
120
118
|
fail_fast: fail_fast,
|
121
|
-
trace: trace
|
119
|
+
trace: trace
|
120
|
+
})
|
122
121
|
end
|
123
122
|
|
124
123
|
# Construct a valid rsync command
|
@@ -149,7 +148,8 @@ module Pkg::Util::Net
|
|
149
148
|
target_path: nil,
|
150
149
|
target_host: nil,
|
151
150
|
extra_flags: nil,
|
152
|
-
dryrun: false
|
151
|
+
dryrun: false
|
152
|
+
}.merge(opts)
|
153
153
|
origin = Pathname.new(origin_path)
|
154
154
|
target = options[:target_path] || origin.parent
|
155
155
|
|
@@ -187,9 +187,10 @@ module Pkg::Util::Net
|
|
187
187
|
target_path: nil,
|
188
188
|
target_host: nil,
|
189
189
|
extra_flags: nil,
|
190
|
-
dryrun: ENV['DRYRUN']
|
190
|
+
dryrun: ENV['DRYRUN']
|
191
|
+
}.merge(opts.delete_if { |_, value| value.nil? })
|
191
192
|
|
192
|
-
stdout,
|
193
|
+
stdout, = Pkg::Util::Execution.capture3(rsync_cmd(source, options), true)
|
193
194
|
stdout
|
194
195
|
end
|
195
196
|
|
@@ -223,7 +224,7 @@ module Pkg::Util::Net
|
|
223
224
|
s3cmd = Pkg::Util::Tool.check_tool('s3cmd')
|
224
225
|
|
225
226
|
if Pkg::Util::File.file_exists?(File.join(ENV['HOME'], '.s3cfg'))
|
226
|
-
stdout,
|
227
|
+
stdout, = Pkg::Util::Execution.capture3("#{s3cmd} sync #{flags.join(' ')} '#{source}' s3://#{target_bucket}/#{target_directory}/")
|
227
228
|
stdout
|
228
229
|
else
|
229
230
|
fail "#{File.join(ENV['HOME'], '.s3cfg')} does not exist. It is required to ship files using s3cmd."
|
@@ -279,7 +280,7 @@ module Pkg::Util::Net
|
|
279
280
|
'--write-out "%{http_code}"',
|
280
281
|
'--output /dev/null'
|
281
282
|
]
|
282
|
-
stdout,
|
283
|
+
stdout, = Pkg::Util::Net.curl_form_data(uri, data)
|
283
284
|
stdout
|
284
285
|
end
|
285
286
|
|
@@ -292,18 +293,18 @@ module Pkg::Util::Net
|
|
292
293
|
end
|
293
294
|
|
294
295
|
def remote_set_ownership(host, owner, group, files)
|
295
|
-
remote_cmd = "for file in #{files.join(
|
296
|
+
remote_cmd = "for file in #{files.join(' ')}; do if [[ -d $file ]] || ! `lsattr $file | grep -q '\\-i\\-'`; then sudo chown #{owner}:#{group} $file; else echo \"$file is immutable\"; fi; done"
|
296
297
|
Pkg::Util::Net.remote_execute(host, remote_cmd)
|
297
298
|
end
|
298
299
|
|
299
300
|
def remote_set_permissions(host, permissions, files)
|
300
|
-
remote_cmd = "for file in #{files.join(
|
301
|
+
remote_cmd = "for file in #{files.join(' ')}; do if [[ -d $file ]] || ! `lsattr $file | grep -q '\\-i\\-'`; then sudo chmod #{permissions} $file; else echo \"$file is immutable\"; fi; done"
|
301
302
|
Pkg::Util::Net.remote_execute(host, remote_cmd)
|
302
303
|
end
|
303
304
|
|
304
305
|
# Remotely set the immutable bit on a list of files
|
305
306
|
def remote_set_immutable(host, files)
|
306
|
-
Pkg::Util::Net.remote_execute(host, "sudo chattr +i #{files.join(
|
307
|
+
Pkg::Util::Net.remote_execute(host, "sudo chattr +i #{files.join(' ')}")
|
307
308
|
end
|
308
309
|
|
309
310
|
# Create a symlink indicating the latest version of a package
|
@@ -350,8 +351,9 @@ module Pkg::Util::Net
|
|
350
351
|
CMD
|
351
352
|
|
352
353
|
_, err = Pkg::Util::Net.remote_execute(
|
353
|
-
|
354
|
-
|
354
|
+
Pkg::Config.staging_server, cmd, { capture_output: true }
|
355
|
+
)
|
356
|
+
warn err
|
355
357
|
end
|
356
358
|
|
357
359
|
def escape_html(uri)
|
@@ -383,17 +385,18 @@ module Pkg::Util::Net
|
|
383
385
|
Pkg::Util::Net.rsync_to(tarball, host, '/tmp')
|
384
386
|
appendix = Pkg::Util.rand_string
|
385
387
|
git_bundle_directory = File.join('/tmp', "#{Pkg::Config.project}-#{appendix}")
|
386
|
-
command =
|
387
|
-
#{tar} -zxvf /tmp/#{tarball_name}.tar.gz -C /tmp/ ;
|
388
|
-
git clone --recursive /tmp/#{tarball_name} #{git_bundle_directory} ;
|
389
|
-
DOC
|
388
|
+
command = <<~DOC
|
389
|
+
#{tar} -zxvf /tmp/#{tarball_name}.tar.gz -C /tmp/ ;
|
390
|
+
git clone --recursive /tmp/#{tarball_name} #{git_bundle_directory} ;
|
391
|
+
DOC
|
390
392
|
Pkg::Util::Net.remote_execute(host, command)
|
391
393
|
return git_bundle_directory
|
392
394
|
end
|
393
395
|
|
394
396
|
def remote_bundle_install_command
|
395
397
|
export_packaging_location = "export PACKAGING_LOCATION='#{ENV['PACKAGING_LOCATION']}';" if ENV['PACKAGING_LOCATION'] && !ENV['PACKAGING_LOCATION'].empty?
|
396
|
-
|
398
|
+
export_vanagon_location = "export VANAGON_LOCATION='#{ENV['VANAGON_LOCATION']}';" if ENV['VANAGON_LOCATION'] && !ENV['VANAGON_LOCATION'].empty?
|
399
|
+
"source /usr/local/rvm/scripts/rvm; rvm use ruby-2.5.1; #{export_packaging_location} #{export_vanagon_location} bundle install --path .bundle/gems ;"
|
397
400
|
end
|
398
401
|
|
399
402
|
# Given a BuildInstance object and a host, send its params to the host. Return
|
data/lib/packaging/util/repo.rb
CHANGED
@@ -2,14 +2,13 @@
|
|
2
2
|
|
3
3
|
module Pkg::Util::Serialization
|
4
4
|
class << self
|
5
|
-
|
6
5
|
# Given the path to a yaml file, load the yaml file into an object and return the object.
|
7
6
|
def load_yaml(file)
|
8
7
|
require 'yaml'
|
9
8
|
file = File.expand_path(file)
|
10
9
|
begin
|
11
10
|
input_data = YAML.load_file(file) || {}
|
12
|
-
rescue => e
|
11
|
+
rescue StandardError => e
|
13
12
|
fail "There was an error loading data from #{file}.\n#{e}"
|
14
13
|
end
|
15
14
|
input_data
|