packaging 0.106.0 → 0.106.1

data/lib/packaging/sign/ips.rb

@@ -1,57 +1,89 @@
 module Pkg::Sign::Ips
   module_function
 
-  def sign(target_dir = 'pkg')
-    use_identity = "-i #{Pkg::Config.ips_signing_ssh_key}" unless Pkg::Config.ips_signing_ssh_key.nil?
+  def sign(packages_root = 'pkg')
+    identity_spec = ''
+    unless Pkg::Config.ips_signing_ssh_key.nil?
+      identity_spec = "-i #{Pkg::Config.ips_signing_ssh_key}"
+    end
+
+    signing_server_spec = Pkg::Config.ips_signing_server
+    unless Pkg::Config.ips_signing_server.match(%r{.+@.+})
+      signing_server_spec = "#{ENV['USER']}@#{Pkg::Config.ips_signing_server}"
+    end
 
-    ssh_host_string = "#{use_identity} #{ENV['USER']}@#{Pkg::Config.ips_signing_server}"
-    rsync_host_string = "-e 'ssh #{use_identity}' #{ENV['USER']}@#{Pkg::Config.ips_signing_server}"
+    ssh_host_spec = "#{identity_spec} #{signing_server_spec}"
+    rsync_host_spec = "-e 'ssh #{identity_spec}' #{signing_server_spec}"
 
-    p5ps = Dir.glob("#{target_dir}/solaris/11/**/*.p5p")
+    packages = Dir.glob("#{packages_root}/solaris/11/**/*.p5p")
 
-    p5ps.each do |p5p|
+    packages.each do |package|
       work_dir     = "/tmp/#{Pkg::Util.rand_string}"
       unsigned_dir = "#{work_dir}/unsigned"
       repo_dir     = "#{work_dir}/repo"
       signed_dir   = "#{work_dir}/pkgs"
+      package_name = File.basename(package)
 
-      Pkg::Util::Net.remote_execute(ssh_host_string, "mkdir -p #{repo_dir} #{unsigned_dir} #{signed_dir}")
-      Pkg::Util::Net.rsync_to(p5p, rsync_host_string, unsigned_dir)
+      Pkg::Util::Net.remote_execute(
+        ssh_host_spec,
+        "mkdir -p #{repo_dir} #{unsigned_dir} #{signed_dir}"
+      )
+      Pkg::Util::Net.rsync_to(package, rsync_host_spec, unsigned_dir)
 
       # Before we can get started with signing packages we need to create a repo
-      Pkg::Util::Net.remote_execute(ssh_host_string, "sudo -E /usr/bin/pkgrepo create #{repo_dir}")
-      Pkg::Util::Net.remote_execute(ssh_host_string, "sudo -E /usr/bin/pkgrepo set -s #{repo_dir} publisher/prefix=puppetlabs.com")
-      # And import all the packages into the repo.
-      Pkg::Util::Net.remote_execute(ssh_host_string, "sudo -E /usr/bin/pkgrecv -s #{unsigned_dir}/#{File.basename(p5p)} -d #{repo_dir} '*'")
-      # We are going to hard code the values for signing cert locations for now.
-      # This autmation will require an update to actually become reusable, but
-      # for now these values will stay this way so solaris signing will stop
-      # failing. Please update soon. 06/23/16
-      #
-      #            - Sean P. McDonald
-      #
+      Pkg::Util::Net.remote_execute(ssh_host_spec, "sudo -E /usr/bin/pkgrepo create #{repo_dir}")
+      Pkg::Util::Net.remote_execute(
+        ssh_host_spec,
+        "sudo -E /usr/bin/pkgrepo set -s #{repo_dir} publisher/prefix=puppetlabs.com"
+      )
+
+      # Import all the packages into the repo.
+      Pkg::Util::Net.remote_execute(
+        ssh_host_spec,
+        "sudo -E /usr/bin/pkgrecv -s #{unsigned_dir}/#{package_name} -d #{repo_dir} '*'"
+      )
+
       # We sign the entire repo
-      sign_cmd = "sudo -E /usr/bin/pkgsign -c /root/signing/signing_cert_2020.pem \
-                  -i /root/signing/Thawte_SHA256_Code_Signing_CA.pem \
-                  -i /root/signing/Thawte_Primary_Root_CA.pem \
-                  -k /root/signing/signing_key_2020.pem \
+      # Paths to the  .pem files should live elsewhere rather than hardcoded here.
+      sign_cmd = "sudo -E /usr/bin/pkgsign -c /root/signing/signing_cert_2022.pem \
+                  -i /root/signing/DigiCert_Code_Signing_Certificate.pem \
+                  -i /root/signing/DigiCert_Trusted_Root.pem \
+                  -k /root/signing/signing_key_2022.pem \
                   -s 'file://#{work_dir}/repo' '*'"
-      puts "About to sign #{p5p} with #{sign_cmd} in #{work_dir}"
-      Pkg::Util::Net.remote_execute(ssh_host_string, sign_cmd.squeeze(' '))
-      # pkgrecv with -a will pull packages out of the repo, so we need to do that too to actually get the packages we signed
-      Pkg::Util::Net.remote_execute(ssh_host_string, "sudo -E /usr/bin/pkgrecv -d #{signed_dir}/#{File.basename(p5p)} -a -s #{repo_dir} '*'")
+      puts "Signing #{package} with #{sign_cmd} in #{work_dir}"
+      Pkg::Util::Net.remote_execute(ssh_host_spec, sign_cmd.squeeze(' '))
+
+      # pkgrecv with -a will pull packages out of the repo, so we need
+      # to do that too to actually get the packages we signed
+      Pkg::Util::Net.remote_execute(
+        ssh_host_spec,
+        "sudo -E /usr/bin/pkgrecv -d #{signed_dir}/#{package_name} -a -s #{repo_dir} '*'"
+      )
       begin
         # lets make sure we actually signed something?
         # **NOTE** if we're repeatedly trying to sign the same version this
         # might explode because I don't know how to reset the IPS cache.
         # Everything is amazing.
-        Pkg::Util::Net.remote_execute(ssh_host_string, "sudo -E /usr/bin/pkg contents -m -g #{signed_dir}/#{File.basename(p5p)} '*' | grep '^signature '")
+        Pkg::Util::Net.remote_execute(
+          ssh_host_spec,
+          "sudo -E /usr/bin/pkg contents -m -g #{signed_dir}/#{package_name} '*' " \
+          "| grep '^signature '"
+        )
       rescue RuntimeError
-        raise "Looks like #{File.basename(p5p)} was not signed correctly, quitting!"
+        raise "Error: #{package_name} was not signed correctly."
       end
-      # and pull the packages back.
-      Pkg::Util::Net.rsync_from("#{signed_dir}/#{File.basename(p5p)}", rsync_host_string, File.dirname(p5p))
-      Pkg::Util::Net.remote_execute(ssh_host_string, "if [ -e '#{work_dir}' ] ; then sudo rm -r '#{work_dir}' ; fi")
+
+      # Pull the packages back.
+      Pkg::Util::Net.rsync_from(
+        "#{signed_dir}/#{package_name}",
+        rsync_host_spec,
+        File.dirname(package)
+      )
+
+      Pkg::Util::Net.remote_execute(
+        ssh_host_spec,
+        "if [ -e '#{work_dir}' ] ; then sudo rm -r '#{work_dir}' ; fi"
+      )
     end
   end
 end

data/lib/packaging/sign/msi.rb

@@ -63,60 +63,60 @@ module Pkg::Sign::Msi
     #
     # Once we no longer support Windows 8/Windows Vista, we can remove the
     # first Sha1 signature.
-    sign_command = <<-CMD
-for msipath in #{msis.join(" ")}; do
-  msi="$(basename $msipath)"
-  msidir="C:/#{work_dir}/$(dirname $msipath)"
-  if "/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe" verify -in "$msidir/$msi" ; then
-    echo "$msi is already signed, skipping . . ." ;
-  else
-    tries=5
-    sha1Servers=(http://timestamp.digicert.com/sha1/timestamp
-    http://timestamp.comodoca.com/authenticode)
-    for timeserver in "${sha1Servers[@]}"; do
-      for ((try=1; try<=$tries; try++)) do
-        ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
-          -n "Puppet" -i "http://www.puppet.com" \
-          -h sha1 \
-          -pkcs12 "#{Pkg::Config.msi_signing_cert}" \
-          -pass "#{Pkg::Config.msi_signing_cert_pw}" \
-          -t "$timeserver" \
-          -in "$msidir/$msi" \
-          -out "$msidir/signed-$msi")
-        if [[ $ret == *"Succeeded"* ]]; then break; fi
-      done;
-      if [[ $ret == *"Succeeded"* ]]; then break; fi
-    done;
-    echo $ret
-    if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
-    sha256Servers=(http://timestamp.digicert.com/sha256/timestamp
-      http://timestamp.comodoca.com?td=sha256)
-    for timeserver in "${sha256Servers[@]}"; do
-      for ((try=1; try<=$tries; try++)) do
-        ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
-          -n "Puppet" -i "http://www.puppet.com" \
-          -nest -h sha256 \
-          -pkcs12 "#{Pkg::Config.msi_signing_cert}" \
-          -pass "#{Pkg::Config.msi_signing_cert_pw}" \
-          -ts "$timeserver" \
-          -in "$msidir/signed-$msi" \
-          -out "$msidir/$msi")
-        if [[ $ret == *"Succeeded"* ]]; then break; fi
-      done;
-      if [[ $ret == *"Succeeded"* ]]; then break; fi
-    done;
-    echo $ret
-    if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
-  fi
-done
-CMD
+    sign_command = <<~CMD
+      for msipath in #{msis.join(' ')}; do
+        msi="$(basename $msipath)"
+        msidir="C:/#{work_dir}/$(dirname $msipath)"
+        if "/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe" verify -in "$msidir/$msi" ; then
+          echo "$msi is already signed, skipping . . ." ;
+        else
+          tries=5
+          sha1Servers=(http://timestamp.digicert.com/sha1/timestamp
+          http://timestamp.comodoca.com/authenticode)
+          for timeserver in "${sha1Servers[@]}"; do
+            for ((try=1; try<=$tries; try++)) do
+              ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
+                -n "Puppet" -i "http://www.puppet.com" \
+                -h sha1 \
+                -pkcs12 "#{Pkg::Config.msi_signing_cert}" \
+                -pass "#{Pkg::Config.msi_signing_cert_pw}" \
+                -t "$timeserver" \
+                -in "$msidir/$msi" \
+                -out "$msidir/signed-$msi")
+              if [[ $ret == *"Succeeded"* ]]; then break; fi
+            done;
+            if [[ $ret == *"Succeeded"* ]]; then break; fi
+          done;
+          echo $ret
+          if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
+          sha256Servers=(http://timestamp.digicert.com/sha256/timestamp
+            http://timestamp.comodoca.com?td=sha256)
+          for timeserver in "${sha256Servers[@]}"; do
+            for ((try=1; try<=$tries; try++)) do
+              ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
+                -n "Puppet" -i "http://www.puppet.com" \
+                -nest -h sha256 \
+                -pkcs12 "#{Pkg::Config.msi_signing_cert}" \
+                -pass "#{Pkg::Config.msi_signing_cert_pw}" \
+                -ts "$timeserver" \
+                -in "$msidir/signed-$msi" \
+                -out "$msidir/$msi")
+              if [[ $ret == *"Succeeded"* ]]; then break; fi
+            done;
+            if [[ $ret == *"Succeeded"* ]]; then break; fi
+          done;
+          echo $ret
+          if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
+        fi
+      done
+    CMD
 
     Pkg::Util::Net.remote_execute(
       ssh_host_string,
       sign_command,
       { fail_fast: false }
     )
-    msis.each do | msi |
+    msis.each do |msi|
       Pkg::Util::Net.rsync_from("/cygdrive/c/#{work_dir}/#{msi}", rsync_host_string, File.dirname(msi))
     end
     Pkg::Util::Net.remote_execute(ssh_host_string, "if [ -d '/cygdrive/c/#{work_dir}' ]; then rm -rf '/cygdrive/c/#{work_dir}'; fi")

data/lib/packaging/sign/rpm.rb

@@ -70,7 +70,7 @@ module Pkg::Sign::Rpm
     v4_rpms = []
     rpms_to_sign.each do |rpm|
       platform_tag = Pkg::Paths.tag_from_artifact_path(rpm)
-      platform, version, _ = Pkg::Platforms.parse_platform_tag(platform_tag)
+      platform, version, = Pkg::Platforms.parse_platform_tag(platform_tag)
 
       # We don't sign AIX rpms
       next if platform_tag.include?('aix')

data/lib/packaging/sign.rb

@@ -4,5 +4,4 @@ module Pkg::Sign
   require 'packaging/sign/ips'
   require 'packaging/sign/msi'
   require 'packaging/sign/rpm'
-  module_function
 end

data/lib/packaging/tar.rb

@@ -5,7 +5,6 @@ module Pkg
     include FileUtils
 
     attr_accessor :files, :project, :version, :excludes, :target, :templates
-    attr_reader :tar
 
     def initialize
       @tar      = Pkg::Util::Tool.find_tool('tar', :required => true)
@@ -56,7 +55,7 @@ module Pkg
       patterns =
         case @files
         when String
-          $stderr.puts "warning: `files` should be an array, not a string"
+          warn "warning: `files` should be an array, not a string"
           @files.split(' ')
         when Array
           @files
@@ -137,7 +136,7 @@ module Pkg
     def tar(target, source)
       mkpath File.dirname(target)
       cd File.dirname(source) do
-        %x(#{@tar} #{@excludes.map { |x| (" --exclude #{x} ") }.join if @excludes} -zcf '#{File.basename(target)}' '#{File.basename(source)}')
+        %x(#{@tar} #{@excludes.map { |x| " --exclude #{x} " }.join if @excludes} -zcf '#{File.basename(target)}' '#{File.basename(source)}')
         unless $?.success?
           fail "Failed to create .tar.gz archive with #{@tar}. Please ensure the tar command in your path accepts the flags '-c', '-z', and '-f'"
         end
@@ -157,7 +156,6 @@ module Pkg
       self.tar(@target, workdir)
       self.clean_up workdir
     end
-
   end
 end
 

data/lib/packaging/util/date.rb

@@ -1,7 +1,6 @@
 # Utilities for managing/querying date/time
 
 module Pkg::Util::Date
-
   class << self
     def timestamp(separator = nil)
       if s = separator

data/lib/packaging/util/distribution_server.rb

@@ -31,8 +31,8 @@ module Pkg::Util::DistributionServer
 
       # If we just shipped a tagged version, we want to make it immutable
       files = Dir.glob("#{local_source_directory}/**/*")
-                 .select { |f| File.file?(f) and !f.include? "#{Pkg::Config.ref}.yaml" }
-                 .map { |f| "#{remote_target_directory}/#{f.sub(/^#{local_source_directory}\//, '')}" }
+        .select { |f| File.file?(f) and !f.include? "#{Pkg::Config.ref}.yaml" }
+        .map { |f| "#{remote_target_directory}/#{f.sub(/^#{local_source_directory}\//, '')}" }
 
       Pkg::Util::Net.remote_set_ownership(Pkg::Config.distribution_server, 'root', 'release', files)
       Pkg::Util::Net.remote_set_permissions(Pkg::Config.distribution_server, '0664', files)

data/lib/packaging/util/execution.rb

@@ -1,9 +1,7 @@
 # Utility methods for handling system calls and interactions
 
 module Pkg::Util::Execution
-
   class << self
-
     # Alias to $?.success? that makes success? slightly easier to test and stub
     # If immediately run, $? will not be instanciated, so only call success? if
     # $? exists, otherwise return nil
@@ -23,7 +21,7 @@ module Pkg::Util::Execution
     # while also raising an exception if a command does not succeed (ala `sh "cmd"`).
     def ex(command, debug = false)
       puts "Executing '#{command}'..." if debug
-      ret = `#{command}`
+      ret = %x(#{command})
       unless Pkg::Util::Execution.success?
         raise RuntimeError
       end
@@ -71,7 +69,7 @@ module Pkg::Util::Execution
             blk.call
             success = true
             break
-          rescue => err
+          rescue StandardError => err
             puts "An error was encountered evaluating block. Retrying.."
             exception = err.to_s + "\n" + err.backtrace.join("\n")
           end

data/lib/packaging/util/file.rb

@@ -2,7 +2,6 @@
 require 'fileutils'
 
 module Pkg::Util::File
-
   class << self
     def exist?(file)
       ::File.exist?(file)
@@ -15,7 +14,7 @@ module Pkg::Util::File
 
     def mktemp
       mktemp = Pkg::Util::Tool.find_tool('mktemp', :required => true)
-      stdout, _, _ = Pkg::Util::Execution.capture3("#{mktemp} -d -t pkgXXXXXX")
+      stdout, = Pkg::Util::Execution.capture3("#{mktemp} -d -t pkgXXXXXX")
       stdout.strip
     end
 
@@ -79,7 +78,7 @@ module Pkg::Util::File
         target_opts = "-C #{target}"
       end
       if file_exists?(source, :required => true)
-        stdout, _, _ = Pkg::Util::Execution.capture3(%Q(#{tar} #{options} #{target_opts} -xf #{source}))
+        stdout, = Pkg::Util::Execution.capture3(%(#{tar} #{options} #{target_opts} -xf #{source}))
         stdout
       end
     end

data/lib/packaging/util/git.rb

@@ -22,7 +22,6 @@ module Pkg::Util::Git
     end
 
     # Git utility to create a new git bundle
-    # rubocop:disable Metrics/AbcSize
     def bundle(treeish, appendix = Pkg::Util.rand_string, temp = Pkg::Util::File.mktemp)
       fail_unless_repo
       Pkg::Util::Execution.capture3("#{Pkg::Util::Tool::GIT} bundle create #{temp}/#{Pkg::Config.project}-#{Pkg::Config.version}-#{appendix} #{treeish} --tags")
@@ -113,13 +112,12 @@ module Pkg::Util::Git
       end
     end
 
-    # rubocop:disable Style/GuardClause
     def fail_unless_repo
       unless repo?
         raise "Pkg::Config.project_root (#{Pkg::Config.project_root}) is not \
           a valid git repository"
       end
-    end
+end
 
     # Return the basename of the project repo
     def project_name

data/lib/packaging/util/git_tags.rb

@@ -1,6 +1,6 @@
 module Pkg::Util
   class Git_tag
-    attr_reader :address, :ref, :ref_name, :ref_type, :branch_name
+    attr_reader :address, :ref, :ref_name, :ref_type
 
     GIT = Pkg::Util::Tool::GIT
     DEVNULL = Pkg::Util::OS::DEVNULL
@@ -43,7 +43,7 @@ module Pkg::Util
     # Fetch the full ref using ls-remote, this should raise an error if it returns non-zero
     # because that means this ref doesn't exist in the repo
     def fetch_full_ref
-      stdout, _, _ = Pkg::Util::Execution.capture3("#{GIT} ls-remote --tags --heads --exit-code #{address} #{ref}")
+      stdout, = Pkg::Util::Execution.capture3("#{GIT} ls-remote --tags --heads --exit-code #{address} #{ref}")
       stdout.split.last
     rescue RuntimeError => e
       raise "ERROR : Not a ref or sha!\n#{e}"
@@ -54,7 +54,7 @@ module Pkg::Util
     end
 
     def ref?
-      `#{GIT} check-ref-format #{ref} >#{DEVNULL} 2>&1`
+      %x(#{GIT} check-ref-format #{ref} >#{DEVNULL} 2>&1)
       $?.success?
     end
 

data/lib/packaging/util/gpg.rb

@@ -1,6 +1,5 @@
 module Pkg::Util::Gpg
   class << self
-
     # Please note that this method is not used in determining what key is used
     # to sign the debian repos. That is defined in the freight config that
     # lives on our internal repo staging host. The debian conf/distribution
@@ -31,14 +30,14 @@ module Pkg::Util::Gpg
 
     def kill_keychain
       if keychain
-        stdout, _, _ = Pkg::Util::Execution.capture3("#{keychain} -k mine")
+        stdout, = Pkg::Util::Execution.capture3("#{keychain} -k mine")
         stdout
       end
     end
 
     def start_keychain
       if keychain
-        keychain_output, _, _ = Pkg::Util::Execution.capture3("#{keychain} -q --agents gpg --eval #{key}")
+        keychain_output, = Pkg::Util::Execution.capture3("#{keychain} -q --agents gpg --eval #{key}")
         keychain_output.chomp!
         new_env = keychain_output.match(/GPG_AGENT_INFO=([^;]*)/)
         ENV["GPG_AGENT_INFO"] = new_env[1]
@@ -56,7 +55,7 @@ module Pkg::Util::Gpg
           return true
         end
         use_tty = "--no-tty --use-agent" if ENV['RPM_GPG_AGENT']
-        stdout, _, _ = Pkg::Util::Execution.capture3("#{gpg} #{use_tty} --armor --detach-sign -u #{key} #{file}")
+        stdout, = Pkg::Util::Execution.capture3("#{gpg} #{use_tty} --armor --detach-sign -u #{key} #{file}")
         stdout
       else
         fail "No gpg available. Cannot sign #{file}."

data/lib/packaging/util/jenkins.rb

@@ -3,9 +3,7 @@ require 'net/http'
 require 'json'
 
 module Pkg::Util::Jenkins
-
   class << self
-
     # Use the curl to create a jenkins job from a valid XML
     # configuration file.
     # Returns the URL to the job
@@ -90,6 +88,5 @@ module Pkg::Util::Jenkins
 
       wait_for_build job_hash['lastBuild']['url']
     end
-
   end
 end

data/lib/packaging/util/misc.rb

@@ -57,7 +57,7 @@ module Pkg::Util::Misc
     def check_rubygems_ownership(gem_name)
       require 'yaml'
       credentials = YAML.load_file("#{ENV['HOME']}/.gem/credentials")
-      gems = YAML.load(%x(curl -H 'Authorization:#{credentials[:rubygems_api_key]}' https://rubygems.org/api/v1/gems.yaml))
+      gems = YAML.safe_load(%x(curl -H 'Authorization:#{credentials[:rubygems_api_key]}' https://rubygems.org/api/v1/gems.yaml))
       gems.each do |gem|
         if gem['name'] == gem_name
           return true

data/lib/packaging/util/net.rb

@@ -1,15 +1,13 @@
 # Utility methods for handling network calls and interactions
 
 module Pkg::Util::Net
-
   class << self
-
     # This simple method does an HTTP get of a URI and writes it to a file
     # in a slightly more platform agnostic way than curl/wget
     def fetch_uri(uri, target)
       require 'open-uri'
       if Pkg::Util::File.file_writable?(File.dirname(target))
-        File.open(target, 'w') { |f| f.puts(open(uri).read) }
+        File.open(target, 'w') { |f| f.puts(URI.open(uri).read) }
       end
     end
 
@@ -37,7 +35,7 @@ module Pkg::Util::Net
       Array(hosts).flatten.each do |host|
         begin
           remote_execute(host, 'exit', { extra_options: '-oBatchMode=yes' })
-        rescue
+        rescue StandardError
           errs << host
         end
       end
@@ -56,7 +54,7 @@ module Pkg::Util::Net
         begin
           remote_execute(host, "gpg --list-secret-keys #{gpg} > /dev/null 2&>1",
                          { extra_options: '-oBatchMode=yes' })
-        rescue
+        rescue StandardError
           errs << host
         end
       end
@@ -112,13 +110,14 @@ module Pkg::Util::Net
     ###
     ### Deprecated method implemented as a shim to the new `remote_execute` method
     ###
-    def remote_ssh_cmd(target, command, capture_output = false, extra_options = '', fail_fast = true, trace = false)  # rubocop:disable Style/ParameterLists
+    def remote_ssh_cmd(target, command, capture_output = false, extra_options = '', fail_fast = true, trace = false) # rubocop:disable Metrics/ParameterLists
       puts "Warn: \"remote_ssh_cmd\" call in packaging is deprecated. Use \"remote_execute\" instead."
       remote_execute(target, command, {
                        capture_output: capture_output,
                        extra_options: extra_options,
                        fail_fast: fail_fast,
-                       trace: trace })
+                       trace: trace
+})
     end
 
     # Construct a valid rsync command
@@ -149,7 +148,8 @@ module Pkg::Util::Net
         target_path: nil,
         target_host: nil,
         extra_flags: nil,
-        dryrun: false }.merge(opts)
+        dryrun: false
+}.merge(opts)
       origin = Pathname.new(origin_path)
       target = options[:target_path] || origin.parent
 
@@ -187,9 +187,10 @@ module Pkg::Util::Net
         target_path: nil,
         target_host: nil,
         extra_flags: nil,
-        dryrun: ENV['DRYRUN'] }.merge(opts.delete_if { |_, value| value.nil? })
+        dryrun: ENV['DRYRUN']
+}.merge(opts.delete_if { |_, value| value.nil? })
 
-      stdout, _, _ = Pkg::Util::Execution.capture3(rsync_cmd(source, options), true)
+      stdout, = Pkg::Util::Execution.capture3(rsync_cmd(source, options), true)
       stdout
     end
 
@@ -223,7 +224,7 @@ module Pkg::Util::Net
       s3cmd = Pkg::Util::Tool.check_tool('s3cmd')
 
       if Pkg::Util::File.file_exists?(File.join(ENV['HOME'], '.s3cfg'))
-        stdout, _, _ = Pkg::Util::Execution.capture3("#{s3cmd} sync #{flags.join(' ')} '#{source}' s3://#{target_bucket}/#{target_directory}/")
+        stdout, = Pkg::Util::Execution.capture3("#{s3cmd} sync #{flags.join(' ')} '#{source}' s3://#{target_bucket}/#{target_directory}/")
         stdout
       else
         fail "#{File.join(ENV['HOME'], '.s3cfg')} does not exist. It is required to ship files using s3cmd."
@@ -279,7 +280,7 @@ module Pkg::Util::Net
         '--write-out "%{http_code}"',
         '--output /dev/null'
       ]
-      stdout, _ = Pkg::Util::Net.curl_form_data(uri, data)
+      stdout, = Pkg::Util::Net.curl_form_data(uri, data)
       stdout
     end
 
@@ -292,18 +293,18 @@ module Pkg::Util::Net
     end
 
     def remote_set_ownership(host, owner, group, files)
-      remote_cmd = "for file in #{files.join(" ")}; do if [[ -d $file ]] || ! `lsattr $file | grep -q '\\-i\\-'`; then sudo chown #{owner}:#{group} $file; else echo \"$file is immutable\"; fi; done"
+      remote_cmd = "for file in #{files.join(' ')}; do if [[ -d $file ]] || ! `lsattr $file | grep -q '\\-i\\-'`; then sudo chown #{owner}:#{group} $file; else echo \"$file is immutable\"; fi; done"
       Pkg::Util::Net.remote_execute(host, remote_cmd)
     end
 
     def remote_set_permissions(host, permissions, files)
-      remote_cmd = "for file in #{files.join(" ")}; do if [[ -d $file ]] || ! `lsattr $file | grep -q '\\-i\\-'`; then sudo chmod #{permissions} $file; else echo \"$file is immutable\"; fi; done"
+      remote_cmd = "for file in #{files.join(' ')}; do if [[ -d $file ]] || ! `lsattr $file | grep -q '\\-i\\-'`; then sudo chmod #{permissions} $file; else echo \"$file is immutable\"; fi; done"
       Pkg::Util::Net.remote_execute(host, remote_cmd)
     end
 
     # Remotely set the immutable bit on a list of files
     def remote_set_immutable(host, files)
-      Pkg::Util::Net.remote_execute(host, "sudo chattr +i #{files.join(" ")}")
+      Pkg::Util::Net.remote_execute(host, "sudo chattr +i #{files.join(' ')}")
     end
 
     # Create a symlink indicating the latest version of a package
@@ -350,8 +351,9 @@ module Pkg::Util::Net
       CMD
 
       _, err = Pkg::Util::Net.remote_execute(
-           Pkg::Config.staging_server, cmd, { capture_output: true })
-      $stderr.puts err
+        Pkg::Config.staging_server, cmd, { capture_output: true }
+      )
+      warn err
     end
 
     def escape_html(uri)
@@ -383,17 +385,18 @@ module Pkg::Util::Net
       Pkg::Util::Net.rsync_to(tarball, host, '/tmp')
       appendix = Pkg::Util.rand_string
       git_bundle_directory = File.join('/tmp', "#{Pkg::Config.project}-#{appendix}")
-      command = <<-DOC
-#{tar} -zxvf /tmp/#{tarball_name}.tar.gz -C /tmp/ ;
-git clone --recursive /tmp/#{tarball_name} #{git_bundle_directory} ;
-DOC
+      command = <<~DOC
+        #{tar} -zxvf /tmp/#{tarball_name}.tar.gz -C /tmp/ ;
+        git clone --recursive /tmp/#{tarball_name} #{git_bundle_directory} ;
+      DOC
       Pkg::Util::Net.remote_execute(host, command)
       return git_bundle_directory
     end
 
     def remote_bundle_install_command
       export_packaging_location = "export PACKAGING_LOCATION='#{ENV['PACKAGING_LOCATION']}';" if ENV['PACKAGING_LOCATION'] && !ENV['PACKAGING_LOCATION'].empty?
-      "source /usr/local/rvm/scripts/rvm; rvm use ruby-2.5.1; #{export_packaging_location} bundle install --path .bundle/gems ;"
+      export_vanagon_location = "export VANAGON_LOCATION='#{ENV['VANAGON_LOCATION']}';" if ENV['VANAGON_LOCATION'] && !ENV['VANAGON_LOCATION'].empty?
+      "source /usr/local/rvm/scripts/rvm; rvm use ruby-2.5.1; #{export_packaging_location} #{export_vanagon_location} bundle install --path .bundle/gems ;"
     end
 
     # Given a BuildInstance object and a host, send its params to the host. Return

data/lib/packaging/util/repo.rb

@@ -2,7 +2,6 @@
 
 module Pkg::Util::Repo
   class << self
-
     # Create yum repositories of built RPM packages for this SHA on the distribution server
     def rpm_repos
       Pkg::Util::File.fetch

data/lib/packaging/util/serialization.rb

@@ -2,14 +2,13 @@
 
 module Pkg::Util::Serialization
   class << self
-
     # Given the path to a yaml file, load the yaml file into an object and return the object.
     def load_yaml(file)
       require 'yaml'
       file = File.expand_path(file)
       begin
         input_data = YAML.load_file(file) || {}
-      rescue => e
+      rescue StandardError => e
         fail "There was an error loading data from #{file}.\n#{e}"
       end
       input_data