packaging 0.106.0 → 0.106.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +4 -4
- data/lib/packaging/archive.rb +2 -2
- data/lib/packaging/artifactory/extensions.rb +1 -0
- data/lib/packaging/artifactory.rb +27 -23
- data/lib/packaging/config/params.rb +191 -193
- data/lib/packaging/config/validations.rb +0 -2
- data/lib/packaging/config.rb +8 -8
- data/lib/packaging/deb/repo.rb +11 -14
- data/lib/packaging/gem.rb +2 -2
- data/lib/packaging/metrics.rb +7 -7
- data/lib/packaging/nuget.rb +0 -1
- data/lib/packaging/paths.rb +11 -13
- data/lib/packaging/platforms.rb +10 -6
- data/lib/packaging/repo.rb +11 -12
- data/lib/packaging/retrieve.rb +1 -1
- data/lib/packaging/rpm/repo.rb +8 -8
- data/lib/packaging/sign/dmg.rb +8 -7
- data/lib/packaging/sign/ips.rb +64 -32
- data/lib/packaging/sign/msi.rb +48 -48
- data/lib/packaging/sign/rpm.rb +1 -1
- data/lib/packaging/sign.rb +0 -1
- data/lib/packaging/tar.rb +2 -4
- data/lib/packaging/util/date.rb +0 -1
- data/lib/packaging/util/distribution_server.rb +2 -2
- data/lib/packaging/util/execution.rb +2 -4
- data/lib/packaging/util/file.rb +2 -3
- data/lib/packaging/util/git.rb +1 -3
- data/lib/packaging/util/git_tags.rb +3 -3
- data/lib/packaging/util/gpg.rb +3 -4
- data/lib/packaging/util/jenkins.rb +0 -3
- data/lib/packaging/util/misc.rb +1 -1
- data/lib/packaging/util/net.rb +25 -22
- data/lib/packaging/util/repo.rb +0 -1
- data/lib/packaging/util/serialization.rb +1 -2
- data/lib/packaging/util/ship.rb +3 -3
- data/lib/packaging/util/sign.rb +8 -8
- data/lib/packaging/util/tool.rb +1 -4
- data/lib/packaging/util/version.rb +1 -5
- data/lib/packaging/util.rb +1 -1
- data/lib/packaging.rb +1 -2
- data/spec/lib/packaging/platforms_spec.rb +1 -1
- data/spec/lib/packaging/sign_spec.rb +1 -1
- data/spec/lib/packaging/util/git_spec.rb +2 -2
- data/spec/lib/packaging/util/git_tag_spec.rb +5 -5
- data/tasks/30_metrics.rake +2 -2
- data/tasks/apple.rake +8 -14
- data/tasks/archive.rake +1 -2
- data/tasks/deb.rake +7 -8
- data/tasks/doc.rake +5 -3
- data/tasks/education.rake +2 -4
- data/tasks/gem.rake +20 -12
- data/tasks/jenkins.rake +27 -15
- data/tasks/jenkins_dynamic.rake +10 -10
- data/tasks/mock.rake +8 -9
- data/tasks/nightly_repos.rake +14 -14
- data/tasks/pe_ship.rake +10 -17
- data/tasks/retrieve.rake +2 -2
- data/tasks/rpm.rake +1 -1
- data/tasks/ship.rake +6 -6
- data/tasks/sign.rake +5 -5
- data/tasks/tar.rake +2 -3
- data/tasks/update.rake +2 -2
- data/tasks/vendor_gems.rake +5 -7
- data/tasks/version.rake +2 -2
- metadata +42 -42
data/lib/packaging/sign/ips.rb
CHANGED
@@ -1,57 +1,89 @@
|
|
1
1
|
module Pkg::Sign::Ips
|
2
2
|
module_function
|
3
3
|
|
4
|
-
def sign(
|
5
|
-
|
4
|
+
def sign(packages_root = 'pkg')
|
5
|
+
identity_spec = ''
|
6
|
+
unless Pkg::Config.ips_signing_ssh_key.nil?
|
7
|
+
identity_spec = "-i #{Pkg::Config.ips_signing_ssh_key}"
|
8
|
+
end
|
9
|
+
|
10
|
+
signing_server_spec = Pkg::Config.ips_signing_server
|
11
|
+
unless Pkg::Config.ips_signing_server.match(%r{.+@.+})
|
12
|
+
signing_server_spec = "#{ENV['USER']}@#{Pkg::Config.ips_signing_server}"
|
13
|
+
end
|
6
14
|
|
7
|
-
|
8
|
-
|
15
|
+
ssh_host_spec = "#{identity_spec} #{signing_server_spec}"
|
16
|
+
rsync_host_spec = "-e 'ssh #{identity_spec}' #{signing_server_spec}"
|
9
17
|
|
10
|
-
|
18
|
+
packages = Dir.glob("#{packages_root}/solaris/11/**/*.p5p")
|
11
19
|
|
12
|
-
|
20
|
+
packages.each do |package|
|
13
21
|
work_dir = "/tmp/#{Pkg::Util.rand_string}"
|
14
22
|
unsigned_dir = "#{work_dir}/unsigned"
|
15
23
|
repo_dir = "#{work_dir}/repo"
|
16
24
|
signed_dir = "#{work_dir}/pkgs"
|
25
|
+
package_name = File.basename(package)
|
17
26
|
|
18
|
-
Pkg::Util::Net.remote_execute(
|
19
|
-
|
27
|
+
Pkg::Util::Net.remote_execute(
|
28
|
+
ssh_host_spec,
|
29
|
+
"mkdir -p #{repo_dir} #{unsigned_dir} #{signed_dir}"
|
30
|
+
)
|
31
|
+
Pkg::Util::Net.rsync_to(package, rsync_host_spec, unsigned_dir)
|
20
32
|
|
21
33
|
# Before we can get started with signing packages we need to create a repo
|
22
|
-
Pkg::Util::Net.remote_execute(
|
23
|
-
Pkg::Util::Net.remote_execute(
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
#
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
34
|
+
Pkg::Util::Net.remote_execute(ssh_host_spec, "sudo -E /usr/bin/pkgrepo create #{repo_dir}")
|
35
|
+
Pkg::Util::Net.remote_execute(
|
36
|
+
ssh_host_spec,
|
37
|
+
"sudo -E /usr/bin/pkgrepo set -s #{repo_dir} publisher/prefix=puppetlabs.com"
|
38
|
+
)
|
39
|
+
|
40
|
+
# Import all the packages into the repo.
|
41
|
+
Pkg::Util::Net.remote_execute(
|
42
|
+
ssh_host_spec,
|
43
|
+
"sudo -E /usr/bin/pkgrecv -s #{unsigned_dir}/#{package_name} -d #{repo_dir} '*'"
|
44
|
+
)
|
45
|
+
|
33
46
|
# We sign the entire repo
|
34
|
-
|
35
|
-
|
36
|
-
-i /root/signing/
|
37
|
-
-
|
47
|
+
# Paths to the .pem files should live elsewhere rather than hardcoded here.
|
48
|
+
sign_cmd = "sudo -E /usr/bin/pkgsign -c /root/signing/signing_cert_2022.pem \
|
49
|
+
-i /root/signing/DigiCert_Code_Signing_Certificate.pem \
|
50
|
+
-i /root/signing/DigiCert_Trusted_Root.pem \
|
51
|
+
-k /root/signing/signing_key_2022.pem \
|
38
52
|
-s 'file://#{work_dir}/repo' '*'"
|
39
|
-
puts "
|
40
|
-
Pkg::Util::Net.remote_execute(
|
41
|
-
|
42
|
-
|
53
|
+
puts "Signing #{package} with #{sign_cmd} in #{work_dir}"
|
54
|
+
Pkg::Util::Net.remote_execute(ssh_host_spec, sign_cmd.squeeze(' '))
|
55
|
+
|
56
|
+
# pkgrecv with -a will pull packages out of the repo, so we need
|
57
|
+
# to do that too to actually get the packages we signed
|
58
|
+
Pkg::Util::Net.remote_execute(
|
59
|
+
ssh_host_spec,
|
60
|
+
"sudo -E /usr/bin/pkgrecv -d #{signed_dir}/#{package_name} -a -s #{repo_dir} '*'"
|
61
|
+
)
|
43
62
|
begin
|
44
63
|
# lets make sure we actually signed something?
|
45
64
|
# **NOTE** if we're repeatedly trying to sign the same version this
|
46
65
|
# might explode because I don't know how to reset the IPS cache.
|
47
66
|
# Everything is amazing.
|
48
|
-
Pkg::Util::Net.remote_execute(
|
67
|
+
Pkg::Util::Net.remote_execute(
|
68
|
+
ssh_host_spec,
|
69
|
+
"sudo -E /usr/bin/pkg contents -m -g #{signed_dir}/#{package_name} '*' " \
|
70
|
+
"| grep '^signature '"
|
71
|
+
)
|
49
72
|
rescue RuntimeError
|
50
|
-
raise "
|
73
|
+
raise "Error: #{package_name} was not signed correctly."
|
51
74
|
end
|
52
|
-
|
53
|
-
|
54
|
-
Pkg::Util::Net.
|
75
|
+
|
76
|
+
# Pull the packages back.
|
77
|
+
Pkg::Util::Net.rsync_from(
|
78
|
+
"#{signed_dir}/#{package_name}",
|
79
|
+
rsync_host_spec,
|
80
|
+
File.dirname(package)
|
81
|
+
)
|
82
|
+
|
83
|
+
Pkg::Util::Net.remote_execute(
|
84
|
+
ssh_host_spec,
|
85
|
+
"if [ -e '#{work_dir}' ] ; then sudo rm -r '#{work_dir}' ; fi"
|
86
|
+
)
|
55
87
|
end
|
56
88
|
end
|
57
89
|
end
|
data/lib/packaging/sign/msi.rb
CHANGED
@@ -63,60 +63,60 @@ module Pkg::Sign::Msi
|
|
63
63
|
#
|
64
64
|
# Once we no longer support Windows 8/Windows Vista, we can remove the
|
65
65
|
# first Sha1 signature.
|
66
|
-
sign_command =
|
67
|
-
for msipath in #{msis.join(
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
done
|
112
|
-
CMD
|
66
|
+
sign_command = <<~CMD
|
67
|
+
for msipath in #{msis.join(' ')}; do
|
68
|
+
msi="$(basename $msipath)"
|
69
|
+
msidir="C:/#{work_dir}/$(dirname $msipath)"
|
70
|
+
if "/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe" verify -in "$msidir/$msi" ; then
|
71
|
+
echo "$msi is already signed, skipping . . ." ;
|
72
|
+
else
|
73
|
+
tries=5
|
74
|
+
sha1Servers=(http://timestamp.digicert.com/sha1/timestamp
|
75
|
+
http://timestamp.comodoca.com/authenticode)
|
76
|
+
for timeserver in "${sha1Servers[@]}"; do
|
77
|
+
for ((try=1; try<=$tries; try++)) do
|
78
|
+
ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
|
79
|
+
-n "Puppet" -i "http://www.puppet.com" \
|
80
|
+
-h sha1 \
|
81
|
+
-pkcs12 "#{Pkg::Config.msi_signing_cert}" \
|
82
|
+
-pass "#{Pkg::Config.msi_signing_cert_pw}" \
|
83
|
+
-t "$timeserver" \
|
84
|
+
-in "$msidir/$msi" \
|
85
|
+
-out "$msidir/signed-$msi")
|
86
|
+
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
87
|
+
done;
|
88
|
+
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
89
|
+
done;
|
90
|
+
echo $ret
|
91
|
+
if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
|
92
|
+
sha256Servers=(http://timestamp.digicert.com/sha256/timestamp
|
93
|
+
http://timestamp.comodoca.com?td=sha256)
|
94
|
+
for timeserver in "${sha256Servers[@]}"; do
|
95
|
+
for ((try=1; try<=$tries; try++)) do
|
96
|
+
ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
|
97
|
+
-n "Puppet" -i "http://www.puppet.com" \
|
98
|
+
-nest -h sha256 \
|
99
|
+
-pkcs12 "#{Pkg::Config.msi_signing_cert}" \
|
100
|
+
-pass "#{Pkg::Config.msi_signing_cert_pw}" \
|
101
|
+
-ts "$timeserver" \
|
102
|
+
-in "$msidir/signed-$msi" \
|
103
|
+
-out "$msidir/$msi")
|
104
|
+
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
105
|
+
done;
|
106
|
+
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
107
|
+
done;
|
108
|
+
echo $ret
|
109
|
+
if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
|
110
|
+
fi
|
111
|
+
done
|
112
|
+
CMD
|
113
113
|
|
114
114
|
Pkg::Util::Net.remote_execute(
|
115
115
|
ssh_host_string,
|
116
116
|
sign_command,
|
117
117
|
{ fail_fast: false }
|
118
118
|
)
|
119
|
-
msis.each do |
|
119
|
+
msis.each do |msi|
|
120
120
|
Pkg::Util::Net.rsync_from("/cygdrive/c/#{work_dir}/#{msi}", rsync_host_string, File.dirname(msi))
|
121
121
|
end
|
122
122
|
Pkg::Util::Net.remote_execute(ssh_host_string, "if [ -d '/cygdrive/c/#{work_dir}' ]; then rm -rf '/cygdrive/c/#{work_dir}'; fi")
|
data/lib/packaging/sign/rpm.rb
CHANGED
@@ -70,7 +70,7 @@ module Pkg::Sign::Rpm
|
|
70
70
|
v4_rpms = []
|
71
71
|
rpms_to_sign.each do |rpm|
|
72
72
|
platform_tag = Pkg::Paths.tag_from_artifact_path(rpm)
|
73
|
-
platform, version,
|
73
|
+
platform, version, = Pkg::Platforms.parse_platform_tag(platform_tag)
|
74
74
|
|
75
75
|
# We don't sign AIX rpms
|
76
76
|
next if platform_tag.include?('aix')
|
data/lib/packaging/sign.rb
CHANGED
data/lib/packaging/tar.rb
CHANGED
@@ -5,7 +5,6 @@ module Pkg
|
|
5
5
|
include FileUtils
|
6
6
|
|
7
7
|
attr_accessor :files, :project, :version, :excludes, :target, :templates
|
8
|
-
attr_reader :tar
|
9
8
|
|
10
9
|
def initialize
|
11
10
|
@tar = Pkg::Util::Tool.find_tool('tar', :required => true)
|
@@ -56,7 +55,7 @@ module Pkg
|
|
56
55
|
patterns =
|
57
56
|
case @files
|
58
57
|
when String
|
59
|
-
|
58
|
+
warn "warning: `files` should be an array, not a string"
|
60
59
|
@files.split(' ')
|
61
60
|
when Array
|
62
61
|
@files
|
@@ -137,7 +136,7 @@ module Pkg
|
|
137
136
|
def tar(target, source)
|
138
137
|
mkpath File.dirname(target)
|
139
138
|
cd File.dirname(source) do
|
140
|
-
%x(#{@tar} #{@excludes.map { |x|
|
139
|
+
%x(#{@tar} #{@excludes.map { |x| " --exclude #{x} " }.join if @excludes} -zcf '#{File.basename(target)}' '#{File.basename(source)}')
|
141
140
|
unless $?.success?
|
142
141
|
fail "Failed to create .tar.gz archive with #{@tar}. Please ensure the tar command in your path accepts the flags '-c', '-z', and '-f'"
|
143
142
|
end
|
@@ -157,7 +156,6 @@ module Pkg
|
|
157
156
|
self.tar(@target, workdir)
|
158
157
|
self.clean_up workdir
|
159
158
|
end
|
160
|
-
|
161
159
|
end
|
162
160
|
end
|
163
161
|
|
data/lib/packaging/util/date.rb
CHANGED
@@ -31,8 +31,8 @@ module Pkg::Util::DistributionServer
|
|
31
31
|
|
32
32
|
# If we just shipped a tagged version, we want to make it immutable
|
33
33
|
files = Dir.glob("#{local_source_directory}/**/*")
|
34
|
-
|
35
|
-
|
34
|
+
.select { |f| File.file?(f) and !f.include? "#{Pkg::Config.ref}.yaml" }
|
35
|
+
.map { |f| "#{remote_target_directory}/#{f.sub(/^#{local_source_directory}\//, '')}" }
|
36
36
|
|
37
37
|
Pkg::Util::Net.remote_set_ownership(Pkg::Config.distribution_server, 'root', 'release', files)
|
38
38
|
Pkg::Util::Net.remote_set_permissions(Pkg::Config.distribution_server, '0664', files)
|
@@ -1,9 +1,7 @@
|
|
1
1
|
# Utility methods for handling system calls and interactions
|
2
2
|
|
3
3
|
module Pkg::Util::Execution
|
4
|
-
|
5
4
|
class << self
|
6
|
-
|
7
5
|
# Alias to $?.success? that makes success? slightly easier to test and stub
|
8
6
|
# If immediately run, $? will not be instanciated, so only call success? if
|
9
7
|
# $? exists, otherwise return nil
|
@@ -23,7 +21,7 @@ module Pkg::Util::Execution
|
|
23
21
|
# while also raising an exception if a command does not succeed (ala `sh "cmd"`).
|
24
22
|
def ex(command, debug = false)
|
25
23
|
puts "Executing '#{command}'..." if debug
|
26
|
-
ret =
|
24
|
+
ret = %x(#{command})
|
27
25
|
unless Pkg::Util::Execution.success?
|
28
26
|
raise RuntimeError
|
29
27
|
end
|
@@ -71,7 +69,7 @@ module Pkg::Util::Execution
|
|
71
69
|
blk.call
|
72
70
|
success = true
|
73
71
|
break
|
74
|
-
rescue => err
|
72
|
+
rescue StandardError => err
|
75
73
|
puts "An error was encountered evaluating block. Retrying.."
|
76
74
|
exception = err.to_s + "\n" + err.backtrace.join("\n")
|
77
75
|
end
|
data/lib/packaging/util/file.rb
CHANGED
@@ -2,7 +2,6 @@
|
|
2
2
|
require 'fileutils'
|
3
3
|
|
4
4
|
module Pkg::Util::File
|
5
|
-
|
6
5
|
class << self
|
7
6
|
def exist?(file)
|
8
7
|
::File.exist?(file)
|
@@ -15,7 +14,7 @@ module Pkg::Util::File
|
|
15
14
|
|
16
15
|
def mktemp
|
17
16
|
mktemp = Pkg::Util::Tool.find_tool('mktemp', :required => true)
|
18
|
-
stdout,
|
17
|
+
stdout, = Pkg::Util::Execution.capture3("#{mktemp} -d -t pkgXXXXXX")
|
19
18
|
stdout.strip
|
20
19
|
end
|
21
20
|
|
@@ -79,7 +78,7 @@ module Pkg::Util::File
|
|
79
78
|
target_opts = "-C #{target}"
|
80
79
|
end
|
81
80
|
if file_exists?(source, :required => true)
|
82
|
-
stdout,
|
81
|
+
stdout, = Pkg::Util::Execution.capture3(%(#{tar} #{options} #{target_opts} -xf #{source}))
|
83
82
|
stdout
|
84
83
|
end
|
85
84
|
end
|
data/lib/packaging/util/git.rb
CHANGED
@@ -22,7 +22,6 @@ module Pkg::Util::Git
|
|
22
22
|
end
|
23
23
|
|
24
24
|
# Git utility to create a new git bundle
|
25
|
-
# rubocop:disable Metrics/AbcSize
|
26
25
|
def bundle(treeish, appendix = Pkg::Util.rand_string, temp = Pkg::Util::File.mktemp)
|
27
26
|
fail_unless_repo
|
28
27
|
Pkg::Util::Execution.capture3("#{Pkg::Util::Tool::GIT} bundle create #{temp}/#{Pkg::Config.project}-#{Pkg::Config.version}-#{appendix} #{treeish} --tags")
|
@@ -113,13 +112,12 @@ module Pkg::Util::Git
|
|
113
112
|
end
|
114
113
|
end
|
115
114
|
|
116
|
-
# rubocop:disable Style/GuardClause
|
117
115
|
def fail_unless_repo
|
118
116
|
unless repo?
|
119
117
|
raise "Pkg::Config.project_root (#{Pkg::Config.project_root}) is not \
|
120
118
|
a valid git repository"
|
121
119
|
end
|
122
|
-
|
120
|
+
end
|
123
121
|
|
124
122
|
# Return the basename of the project repo
|
125
123
|
def project_name
|
@@ -1,6 +1,6 @@
|
|
1
1
|
module Pkg::Util
|
2
2
|
class Git_tag
|
3
|
-
attr_reader :address, :ref, :ref_name, :ref_type
|
3
|
+
attr_reader :address, :ref, :ref_name, :ref_type
|
4
4
|
|
5
5
|
GIT = Pkg::Util::Tool::GIT
|
6
6
|
DEVNULL = Pkg::Util::OS::DEVNULL
|
@@ -43,7 +43,7 @@ module Pkg::Util
|
|
43
43
|
# Fetch the full ref using ls-remote, this should raise an error if it returns non-zero
|
44
44
|
# because that means this ref doesn't exist in the repo
|
45
45
|
def fetch_full_ref
|
46
|
-
stdout,
|
46
|
+
stdout, = Pkg::Util::Execution.capture3("#{GIT} ls-remote --tags --heads --exit-code #{address} #{ref}")
|
47
47
|
stdout.split.last
|
48
48
|
rescue RuntimeError => e
|
49
49
|
raise "ERROR : Not a ref or sha!\n#{e}"
|
@@ -54,7 +54,7 @@ module Pkg::Util
|
|
54
54
|
end
|
55
55
|
|
56
56
|
def ref?
|
57
|
-
|
57
|
+
%x(#{GIT} check-ref-format #{ref} >#{DEVNULL} 2>&1)
|
58
58
|
$?.success?
|
59
59
|
end
|
60
60
|
|
data/lib/packaging/util/gpg.rb
CHANGED
@@ -1,6 +1,5 @@
|
|
1
1
|
module Pkg::Util::Gpg
|
2
2
|
class << self
|
3
|
-
|
4
3
|
# Please note that this method is not used in determining what key is used
|
5
4
|
# to sign the debian repos. That is defined in the freight config that
|
6
5
|
# lives on our internal repo staging host. The debian conf/distribution
|
@@ -31,14 +30,14 @@ module Pkg::Util::Gpg
|
|
31
30
|
|
32
31
|
def kill_keychain
|
33
32
|
if keychain
|
34
|
-
stdout,
|
33
|
+
stdout, = Pkg::Util::Execution.capture3("#{keychain} -k mine")
|
35
34
|
stdout
|
36
35
|
end
|
37
36
|
end
|
38
37
|
|
39
38
|
def start_keychain
|
40
39
|
if keychain
|
41
|
-
keychain_output,
|
40
|
+
keychain_output, = Pkg::Util::Execution.capture3("#{keychain} -q --agents gpg --eval #{key}")
|
42
41
|
keychain_output.chomp!
|
43
42
|
new_env = keychain_output.match(/GPG_AGENT_INFO=([^;]*)/)
|
44
43
|
ENV["GPG_AGENT_INFO"] = new_env[1]
|
@@ -56,7 +55,7 @@ module Pkg::Util::Gpg
|
|
56
55
|
return true
|
57
56
|
end
|
58
57
|
use_tty = "--no-tty --use-agent" if ENV['RPM_GPG_AGENT']
|
59
|
-
stdout,
|
58
|
+
stdout, = Pkg::Util::Execution.capture3("#{gpg} #{use_tty} --armor --detach-sign -u #{key} #{file}")
|
60
59
|
stdout
|
61
60
|
else
|
62
61
|
fail "No gpg available. Cannot sign #{file}."
|
@@ -3,9 +3,7 @@ require 'net/http'
|
|
3
3
|
require 'json'
|
4
4
|
|
5
5
|
module Pkg::Util::Jenkins
|
6
|
-
|
7
6
|
class << self
|
8
|
-
|
9
7
|
# Use the curl to create a jenkins job from a valid XML
|
10
8
|
# configuration file.
|
11
9
|
# Returns the URL to the job
|
@@ -90,6 +88,5 @@ module Pkg::Util::Jenkins
|
|
90
88
|
|
91
89
|
wait_for_build job_hash['lastBuild']['url']
|
92
90
|
end
|
93
|
-
|
94
91
|
end
|
95
92
|
end
|
data/lib/packaging/util/misc.rb
CHANGED
@@ -57,7 +57,7 @@ module Pkg::Util::Misc
|
|
57
57
|
def check_rubygems_ownership(gem_name)
|
58
58
|
require 'yaml'
|
59
59
|
credentials = YAML.load_file("#{ENV['HOME']}/.gem/credentials")
|
60
|
-
gems = YAML.
|
60
|
+
gems = YAML.safe_load(%x(curl -H 'Authorization:#{credentials[:rubygems_api_key]}' https://rubygems.org/api/v1/gems.yaml))
|
61
61
|
gems.each do |gem|
|
62
62
|
if gem['name'] == gem_name
|
63
63
|
return true
|
data/lib/packaging/util/net.rb
CHANGED
@@ -1,15 +1,13 @@
|
|
1
1
|
# Utility methods for handling network calls and interactions
|
2
2
|
|
3
3
|
module Pkg::Util::Net
|
4
|
-
|
5
4
|
class << self
|
6
|
-
|
7
5
|
# This simple method does an HTTP get of a URI and writes it to a file
|
8
6
|
# in a slightly more platform agnostic way than curl/wget
|
9
7
|
def fetch_uri(uri, target)
|
10
8
|
require 'open-uri'
|
11
9
|
if Pkg::Util::File.file_writable?(File.dirname(target))
|
12
|
-
File.open(target, 'w') { |f| f.puts(open(uri).read) }
|
10
|
+
File.open(target, 'w') { |f| f.puts(URI.open(uri).read) }
|
13
11
|
end
|
14
12
|
end
|
15
13
|
|
@@ -37,7 +35,7 @@ module Pkg::Util::Net
|
|
37
35
|
Array(hosts).flatten.each do |host|
|
38
36
|
begin
|
39
37
|
remote_execute(host, 'exit', { extra_options: '-oBatchMode=yes' })
|
40
|
-
rescue
|
38
|
+
rescue StandardError
|
41
39
|
errs << host
|
42
40
|
end
|
43
41
|
end
|
@@ -56,7 +54,7 @@ module Pkg::Util::Net
|
|
56
54
|
begin
|
57
55
|
remote_execute(host, "gpg --list-secret-keys #{gpg} > /dev/null 2&>1",
|
58
56
|
{ extra_options: '-oBatchMode=yes' })
|
59
|
-
rescue
|
57
|
+
rescue StandardError
|
60
58
|
errs << host
|
61
59
|
end
|
62
60
|
end
|
@@ -112,13 +110,14 @@ module Pkg::Util::Net
|
|
112
110
|
###
|
113
111
|
### Deprecated method implemented as a shim to the new `remote_execute` method
|
114
112
|
###
|
115
|
-
def remote_ssh_cmd(target, command, capture_output = false, extra_options = '', fail_fast = true, trace = false)
|
113
|
+
def remote_ssh_cmd(target, command, capture_output = false, extra_options = '', fail_fast = true, trace = false) # rubocop:disable Metrics/ParameterLists
|
116
114
|
puts "Warn: \"remote_ssh_cmd\" call in packaging is deprecated. Use \"remote_execute\" instead."
|
117
115
|
remote_execute(target, command, {
|
118
116
|
capture_output: capture_output,
|
119
117
|
extra_options: extra_options,
|
120
118
|
fail_fast: fail_fast,
|
121
|
-
trace: trace
|
119
|
+
trace: trace
|
120
|
+
})
|
122
121
|
end
|
123
122
|
|
124
123
|
# Construct a valid rsync command
|
@@ -149,7 +148,8 @@ module Pkg::Util::Net
|
|
149
148
|
target_path: nil,
|
150
149
|
target_host: nil,
|
151
150
|
extra_flags: nil,
|
152
|
-
dryrun: false
|
151
|
+
dryrun: false
|
152
|
+
}.merge(opts)
|
153
153
|
origin = Pathname.new(origin_path)
|
154
154
|
target = options[:target_path] || origin.parent
|
155
155
|
|
@@ -187,9 +187,10 @@ module Pkg::Util::Net
|
|
187
187
|
target_path: nil,
|
188
188
|
target_host: nil,
|
189
189
|
extra_flags: nil,
|
190
|
-
dryrun: ENV['DRYRUN']
|
190
|
+
dryrun: ENV['DRYRUN']
|
191
|
+
}.merge(opts.delete_if { |_, value| value.nil? })
|
191
192
|
|
192
|
-
stdout,
|
193
|
+
stdout, = Pkg::Util::Execution.capture3(rsync_cmd(source, options), true)
|
193
194
|
stdout
|
194
195
|
end
|
195
196
|
|
@@ -223,7 +224,7 @@ module Pkg::Util::Net
|
|
223
224
|
s3cmd = Pkg::Util::Tool.check_tool('s3cmd')
|
224
225
|
|
225
226
|
if Pkg::Util::File.file_exists?(File.join(ENV['HOME'], '.s3cfg'))
|
226
|
-
stdout,
|
227
|
+
stdout, = Pkg::Util::Execution.capture3("#{s3cmd} sync #{flags.join(' ')} '#{source}' s3://#{target_bucket}/#{target_directory}/")
|
227
228
|
stdout
|
228
229
|
else
|
229
230
|
fail "#{File.join(ENV['HOME'], '.s3cfg')} does not exist. It is required to ship files using s3cmd."
|
@@ -279,7 +280,7 @@ module Pkg::Util::Net
|
|
279
280
|
'--write-out "%{http_code}"',
|
280
281
|
'--output /dev/null'
|
281
282
|
]
|
282
|
-
stdout,
|
283
|
+
stdout, = Pkg::Util::Net.curl_form_data(uri, data)
|
283
284
|
stdout
|
284
285
|
end
|
285
286
|
|
@@ -292,18 +293,18 @@ module Pkg::Util::Net
|
|
292
293
|
end
|
293
294
|
|
294
295
|
def remote_set_ownership(host, owner, group, files)
|
295
|
-
remote_cmd = "for file in #{files.join(
|
296
|
+
remote_cmd = "for file in #{files.join(' ')}; do if [[ -d $file ]] || ! `lsattr $file | grep -q '\\-i\\-'`; then sudo chown #{owner}:#{group} $file; else echo \"$file is immutable\"; fi; done"
|
296
297
|
Pkg::Util::Net.remote_execute(host, remote_cmd)
|
297
298
|
end
|
298
299
|
|
299
300
|
def remote_set_permissions(host, permissions, files)
|
300
|
-
remote_cmd = "for file in #{files.join(
|
301
|
+
remote_cmd = "for file in #{files.join(' ')}; do if [[ -d $file ]] || ! `lsattr $file | grep -q '\\-i\\-'`; then sudo chmod #{permissions} $file; else echo \"$file is immutable\"; fi; done"
|
301
302
|
Pkg::Util::Net.remote_execute(host, remote_cmd)
|
302
303
|
end
|
303
304
|
|
304
305
|
# Remotely set the immutable bit on a list of files
|
305
306
|
def remote_set_immutable(host, files)
|
306
|
-
Pkg::Util::Net.remote_execute(host, "sudo chattr +i #{files.join(
|
307
|
+
Pkg::Util::Net.remote_execute(host, "sudo chattr +i #{files.join(' ')}")
|
307
308
|
end
|
308
309
|
|
309
310
|
# Create a symlink indicating the latest version of a package
|
@@ -350,8 +351,9 @@ module Pkg::Util::Net
|
|
350
351
|
CMD
|
351
352
|
|
352
353
|
_, err = Pkg::Util::Net.remote_execute(
|
353
|
-
|
354
|
-
|
354
|
+
Pkg::Config.staging_server, cmd, { capture_output: true }
|
355
|
+
)
|
356
|
+
warn err
|
355
357
|
end
|
356
358
|
|
357
359
|
def escape_html(uri)
|
@@ -383,17 +385,18 @@ module Pkg::Util::Net
|
|
383
385
|
Pkg::Util::Net.rsync_to(tarball, host, '/tmp')
|
384
386
|
appendix = Pkg::Util.rand_string
|
385
387
|
git_bundle_directory = File.join('/tmp', "#{Pkg::Config.project}-#{appendix}")
|
386
|
-
command =
|
387
|
-
#{tar} -zxvf /tmp/#{tarball_name}.tar.gz -C /tmp/ ;
|
388
|
-
git clone --recursive /tmp/#{tarball_name} #{git_bundle_directory} ;
|
389
|
-
DOC
|
388
|
+
command = <<~DOC
|
389
|
+
#{tar} -zxvf /tmp/#{tarball_name}.tar.gz -C /tmp/ ;
|
390
|
+
git clone --recursive /tmp/#{tarball_name} #{git_bundle_directory} ;
|
391
|
+
DOC
|
390
392
|
Pkg::Util::Net.remote_execute(host, command)
|
391
393
|
return git_bundle_directory
|
392
394
|
end
|
393
395
|
|
394
396
|
def remote_bundle_install_command
|
395
397
|
export_packaging_location = "export PACKAGING_LOCATION='#{ENV['PACKAGING_LOCATION']}';" if ENV['PACKAGING_LOCATION'] && !ENV['PACKAGING_LOCATION'].empty?
|
396
|
-
|
398
|
+
export_vanagon_location = "export VANAGON_LOCATION='#{ENV['VANAGON_LOCATION']}';" if ENV['VANAGON_LOCATION'] && !ENV['VANAGON_LOCATION'].empty?
|
399
|
+
"source /usr/local/rvm/scripts/rvm; rvm use ruby-2.5.1; #{export_packaging_location} #{export_vanagon_location} bundle install --path .bundle/gems ;"
|
397
400
|
end
|
398
401
|
|
399
402
|
# Given a BuildInstance object and a host, send its params to the host. Return
|
data/lib/packaging/util/repo.rb
CHANGED
@@ -2,14 +2,13 @@
|
|
2
2
|
|
3
3
|
module Pkg::Util::Serialization
|
4
4
|
class << self
|
5
|
-
|
6
5
|
# Given the path to a yaml file, load the yaml file into an object and return the object.
|
7
6
|
def load_yaml(file)
|
8
7
|
require 'yaml'
|
9
8
|
file = File.expand_path(file)
|
10
9
|
begin
|
11
10
|
input_data = YAML.load_file(file) || {}
|
12
|
-
rescue => e
|
11
|
+
rescue StandardError => e
|
13
12
|
fail "There was an error loading data from #{file}.\n#{e}"
|
14
13
|
end
|
15
14
|
input_data
|