packaging 0.106.1 → 0.107.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/packaging/config/params.rb +4 -10
- data/lib/packaging/platforms.rb +8 -0
- data/lib/packaging/sign/msi.rb +83 -111
- data/lib/packaging/util/net.rb +2 -1
- data/spec/lib/packaging/paths_spec.rb +6 -0
- data/spec/lib/packaging/platforms_spec.rb +6 -2
- data/tasks/ship.rake +42 -22
- metadata +46 -18
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a52b5e4526f37d1bf4ebacf7a4c8de7c8b6cf2fb96ababbc1873384381e42903
|
4
|
+
data.tar.gz: 626f5a46015f53bac68d7dc29fd712efa5a5e7180079444c7f6aecda91ce520c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cf0029e52dd115687b71974542ab056555ebaa5d0f8886c4a01ff14f072b6dea4cd3ad509ea66b8dd8ea0c36bf324b27e5cdb289e86202c0c15bd8c7d64cb890
|
7
|
+
data.tar.gz: 4e8cde5da7d1fe12d6677582419c4b7e15a0fbe9d499fbfb29fc6e0e82e6c41583ca254d7c4ca861e959d22d1ed5f0a1270b02c0899ae58c230addc9d3015eba
|
@@ -101,10 +101,8 @@ module Pkg::Params
|
|
101
101
|
msi_host
|
102
102
|
msi_name
|
103
103
|
msi_path
|
104
|
-
|
105
|
-
|
106
|
-
msi_signing_server
|
107
|
-
msi_signing_ssh_key
|
104
|
+
msi_signing_gcp_service_account_credentials
|
105
|
+
msi_signing_service_url
|
108
106
|
msi_staging_server
|
109
107
|
name
|
110
108
|
nonfinal_apt_repo_command
|
@@ -244,10 +242,8 @@ module Pkg::Params
|
|
244
242
|
{ :var => :ips_signing_ssh_key, :envvar => :IPS_SIGNING_SSH_KEY },
|
245
243
|
{ :var => :msi_host, :envvar => :MSI_HOST },
|
246
244
|
{ :var => :msi_path, :envvar => :MSI_PATH },
|
247
|
-
{ :var => :
|
248
|
-
{ :var => :
|
249
|
-
{ :var => :msi_signing_server, :envvar => :MSI_SIGNING_SERVER },
|
250
|
-
{ :var => :msi_signing_ssh_key, :envvar => :MSI_SIGNING_SSH_KEY },
|
245
|
+
{ :var => :msi_signing_gcp_service_account_credentials, :envvar => :MSI_SIGNING_GCP_SERVICE_ACCOUNT_CREDENTIALS },
|
246
|
+
{ :var => :msi_signing_service_url, :envvar => :MSI_SIGNING_SERVICE_URL },
|
251
247
|
{ :var => :msi_staging_server, :envvar => :MSI_STAGING_SERVER },
|
252
248
|
{ :var => :nonfinal_apt_repo_command, :envvar => :NONFINAL_APT_REPO_COMMAND },
|
253
249
|
{ :var => :nonfinal_apt_repo_path, :envvar => :NONFINAL_APT_REPO_PATH },
|
@@ -328,8 +324,6 @@ module Pkg::Params
|
|
328
324
|
{ :var => :ips_inter_cert, :val => '$IPS_INTER_CERT' },
|
329
325
|
{ :var => :ips_root_cert, :val => '$IPS_ROOT_CERT' },
|
330
326
|
{ :var => :ips_signing_key, :val => '$IPS_SIGNING_KEY' },
|
331
|
-
{ :var => :msi_signing_cert, :val => '$MSI_SIGNING_CERT' },
|
332
|
-
{ :var => :msi_signing_cert_pw, :val => '$MSI_SIGNING_CERT_PW' },
|
333
327
|
{ :var => :pe_feature_branch, :val => false },
|
334
328
|
{ :var => :pe_release_branch, :val => false },
|
335
329
|
{ :var => :s3_ship, :val => false },
|
data/lib/packaging/platforms.rb
CHANGED
@@ -211,6 +211,14 @@ module Pkg
|
|
211
211
|
source_package_formats: DEBIAN_SOURCE_FORMATS,
|
212
212
|
repo: true,
|
213
213
|
},
|
214
|
+
'22.04' => {
|
215
|
+
codename: 'jammy',
|
216
|
+
architectures: ['amd64', 'aarch64'],
|
217
|
+
source_architecture: 'source',
|
218
|
+
package_format: 'deb',
|
219
|
+
source_package_formats: DEBIAN_SOURCE_FORMATS,
|
220
|
+
repo: true,
|
221
|
+
},
|
214
222
|
},
|
215
223
|
|
216
224
|
'windows' => {
|
data/lib/packaging/sign/msi.rb
CHANGED
@@ -2,123 +2,95 @@ module Pkg::Sign::Msi
|
|
2
2
|
module_function
|
3
3
|
|
4
4
|
def sign(target_dir = 'pkg')
|
5
|
-
|
5
|
+
require 'google/cloud/storage'
|
6
|
+
require 'googleauth'
|
7
|
+
require 'json'
|
8
|
+
require 'net/http'
|
9
|
+
require 'uri'
|
6
10
|
|
7
|
-
|
8
|
-
|
11
|
+
gcp_service_account_credentials = Pkg::Config.msi_signing_gcp_service_account_credentials
|
12
|
+
signing_service_url = Pkg::Config.msi_signing_service_url
|
9
13
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
14
|
+
begin
|
15
|
+
authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
|
16
|
+
json_key_io: File.open(gcp_service_account_credentials),
|
17
|
+
target_audience: signing_service_url
|
18
|
+
)
|
19
|
+
rescue StandardError => e
|
20
|
+
fail "msis can only be signed by jenkins.\n#{e}"
|
21
|
+
end
|
15
22
|
|
16
|
-
|
17
|
-
# We are currently adding two signatures to the msi.
|
18
|
-
#
|
19
|
-
# Microsoft compatable Signatures are composed of three different
|
20
|
-
# elements.
|
21
|
-
# 1) The Certificate used to sign the package. This is the element that
|
22
|
-
# is attached to organization. The certificate has an associated
|
23
|
-
# algorithm. We recently (February 2016) had to switch from a sha1 to
|
24
|
-
# a sha256 certificate. Sha1 was deprecated by many Microsoft
|
25
|
-
# elements on 2016-01-01, which forced us to switch to a sha256 cert.
|
26
|
-
# This sha256 certificate is recognized by all currently supported
|
27
|
-
# windows platforms (Windows 8/Vista forward).
|
28
|
-
# 2) The signature used to attach the certificate to the package. This
|
29
|
-
# can be a done with a variety of digest algorithms. Older platforms
|
30
|
-
# (i.e., Windows 8 and Windows Vista) don't recognize later
|
31
|
-
# algorithms like sha256.
|
32
|
-
# 3) The timestamp used to validate when the package was signed. This
|
33
|
-
# comes from an external source and can be delivered with a variety
|
34
|
-
# of digest algorithms. Older platforms do not recognize newer
|
35
|
-
# algorithms like sha256.
|
36
|
-
#
|
37
|
-
# We could have only one signature with the Sha256 Cert, Sha1 Signature,
|
38
|
-
# and Sha1 Timestamp, but that would be too easy. The sha256 signature
|
39
|
-
# and timestamp add more security to our packages. We can't have only
|
40
|
-
# sha256 elements in our package signature, though, because Windows 8
|
41
|
-
# and Windows Vista just don't recognize them at all.
|
42
|
-
#
|
43
|
-
# In order to add two signatures to an MSI, we also need to change the
|
44
|
-
# tool we use to sign packages with. Previously, we were using SignTool
|
45
|
-
# which is the Microsoft blessed program used to sign packages. However,
|
46
|
-
# this tool isn't able to add two signatures to an MSI specifically. It
|
47
|
-
# can dual-sign an exe, just not an MSI. In order to get the dual-signed
|
48
|
-
# packages, we decided to switch over to using osslsigncode. The original
|
49
|
-
# project didn't have support to compile on a windows system, so we
|
50
|
-
# decided to use this fork. The binaries on the signer were pulled from
|
51
|
-
# https://sourceforge.net/u/keeely/osslsigncode/ci/master/tree/
|
52
|
-
#
|
53
|
-
# These are our signatures:
|
54
|
-
# The first signature:
|
55
|
-
# * Sha256 Certificate
|
56
|
-
# * Sha1 Signature
|
57
|
-
# * Sha1 Timestamp
|
58
|
-
#
|
59
|
-
# The second signature:
|
60
|
-
# * Sha256 Certificate
|
61
|
-
# * Sha256 Signature
|
62
|
-
# * Sha256 Timestamp
|
63
|
-
#
|
64
|
-
# Once we no longer support Windows 8/Windows Vista, we can remove the
|
65
|
-
# first Sha1 signature.
|
66
|
-
sign_command = <<~CMD
|
67
|
-
for msipath in #{msis.join(' ')}; do
|
68
|
-
msi="$(basename $msipath)"
|
69
|
-
msidir="C:/#{work_dir}/$(dirname $msipath)"
|
70
|
-
if "/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe" verify -in "$msidir/$msi" ; then
|
71
|
-
echo "$msi is already signed, skipping . . ." ;
|
72
|
-
else
|
73
|
-
tries=5
|
74
|
-
sha1Servers=(http://timestamp.digicert.com/sha1/timestamp
|
75
|
-
http://timestamp.comodoca.com/authenticode)
|
76
|
-
for timeserver in "${sha1Servers[@]}"; do
|
77
|
-
for ((try=1; try<=$tries; try++)) do
|
78
|
-
ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
|
79
|
-
-n "Puppet" -i "http://www.puppet.com" \
|
80
|
-
-h sha1 \
|
81
|
-
-pkcs12 "#{Pkg::Config.msi_signing_cert}" \
|
82
|
-
-pass "#{Pkg::Config.msi_signing_cert_pw}" \
|
83
|
-
-t "$timeserver" \
|
84
|
-
-in "$msidir/$msi" \
|
85
|
-
-out "$msidir/signed-$msi")
|
86
|
-
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
87
|
-
done;
|
88
|
-
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
89
|
-
done;
|
90
|
-
echo $ret
|
91
|
-
if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
|
92
|
-
sha256Servers=(http://timestamp.digicert.com/sha256/timestamp
|
93
|
-
http://timestamp.comodoca.com?td=sha256)
|
94
|
-
for timeserver in "${sha256Servers[@]}"; do
|
95
|
-
for ((try=1; try<=$tries; try++)) do
|
96
|
-
ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
|
97
|
-
-n "Puppet" -i "http://www.puppet.com" \
|
98
|
-
-nest -h sha256 \
|
99
|
-
-pkcs12 "#{Pkg::Config.msi_signing_cert}" \
|
100
|
-
-pass "#{Pkg::Config.msi_signing_cert_pw}" \
|
101
|
-
-ts "$timeserver" \
|
102
|
-
-in "$msidir/signed-$msi" \
|
103
|
-
-out "$msidir/$msi")
|
104
|
-
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
105
|
-
done;
|
106
|
-
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
107
|
-
done;
|
108
|
-
echo $ret
|
109
|
-
if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
|
110
|
-
fi
|
111
|
-
done
|
112
|
-
CMD
|
23
|
+
gcp_auth_token = authorizer.fetch_access_token!['id_token']
|
113
24
|
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
{ fail_fast: false }
|
25
|
+
gcp_storage = Google::Cloud::Storage.new(
|
26
|
+
project_id: 'puppet-release-engineering',
|
27
|
+
credentials: gcp_service_account_credentials
|
118
28
|
)
|
29
|
+
tosign_bucket = gcp_storage.bucket('windows-tosign-bucket')
|
30
|
+
signed_bucket = gcp_storage.bucket('windows-signed-bucket')
|
31
|
+
|
32
|
+
service_uri = URI.parse(signing_service_url)
|
33
|
+
headers = { 'Content-Type': 'application/json', 'Authorization': "Bearer #{gcp_auth_token}" }
|
34
|
+
http = Net::HTTP.new(service_uri.host, service_uri.port)
|
35
|
+
http.use_ssl = true
|
36
|
+
request = Net::HTTP::Post.new(service_uri.request_uri, headers)
|
37
|
+
|
38
|
+
# Create hash to keep track of the signed msis
|
39
|
+
signed_msis = {}
|
40
|
+
|
41
|
+
msis = Dir.glob("#{target_dir}/windows*/**/*.msi")
|
42
|
+
|
43
|
+
# Upload msis to GCP and sign them
|
44
|
+
msis.each do |msi|
|
45
|
+
begin
|
46
|
+
tosign_bucket.create_file(msi, msi)
|
47
|
+
rescue StandardError => e
|
48
|
+
delete_tosign_msis(tosign_bucket, msis)
|
49
|
+
fail "There was an error uploading #{msi} to the windows-tosign-bucket gcp bucket.\n#{e}"
|
50
|
+
end
|
51
|
+
msi_json = { 'Path': msi }
|
52
|
+
request.body = msi_json.to_json
|
53
|
+
begin
|
54
|
+
response = http.request(request)
|
55
|
+
response_body = JSON.parse(JSON.parse(response.body.to_json), :quirks_mode => true)
|
56
|
+
rescue StandardError => e
|
57
|
+
delete_tosign_msis(tosign_bucket, msis)
|
58
|
+
delete_signed_msis(signed_bucket, signed_msis)
|
59
|
+
fail "There was an error signing #{msi}.\n#{e}"
|
60
|
+
end
|
61
|
+
# Store location of signed msi
|
62
|
+
signed_msi = response_body['Path']
|
63
|
+
signed_msis[msi] = signed_msi
|
64
|
+
end
|
65
|
+
|
66
|
+
# Download the signed msis
|
119
67
|
msis.each do |msi|
|
120
|
-
|
68
|
+
begin
|
69
|
+
signed_msi = signed_bucket.file(signed_msis[msi])
|
70
|
+
signed_msi.download(msi)
|
71
|
+
rescue StandardError => e
|
72
|
+
delete_tosign_msis(tosign_bucket, msis)
|
73
|
+
delete_signed_msis(signed_bucket, signed_msis)
|
74
|
+
fail "There was an error retrieving the signed msi:#{msi}.\n#{e}"
|
75
|
+
end
|
76
|
+
end
|
77
|
+
|
78
|
+
# Cleanup buckets
|
79
|
+
delete_tosign_msis(tosign_bucket, msis)
|
80
|
+
delete_signed_msis(signed_bucket, signed_msis)
|
81
|
+
end
|
82
|
+
|
83
|
+
def delete_tosign_msis(bucket, msis)
|
84
|
+
msis.each do |msi|
|
85
|
+
tosign_msi = bucket.file(msi)
|
86
|
+
tosign_msi.delete unless tosign_msi.nil?
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
def delete_signed_msis(bucket, signed_msis)
|
91
|
+
signed_msis.each do |msi, temp_name|
|
92
|
+
signed_msi = bucket.file(temp_name)
|
93
|
+
signed_msi.delete unless signed_msi.nil?
|
121
94
|
end
|
122
|
-
Pkg::Util::Net.remote_execute(ssh_host_string, "if [ -d '/cygdrive/c/#{work_dir}' ]; then rm -rf '/cygdrive/c/#{work_dir}'; fi")
|
123
95
|
end
|
124
96
|
end
|
data/lib/packaging/util/net.rb
CHANGED
@@ -394,9 +394,10 @@ module Pkg::Util::Net
|
|
394
394
|
end
|
395
395
|
|
396
396
|
def remote_bundle_install_command
|
397
|
+
rvm_ruby_version = ENV['RVM_RUBY_VERSION'] || '2.7.5'
|
397
398
|
export_packaging_location = "export PACKAGING_LOCATION='#{ENV['PACKAGING_LOCATION']}';" if ENV['PACKAGING_LOCATION'] && !ENV['PACKAGING_LOCATION'].empty?
|
398
399
|
export_vanagon_location = "export VANAGON_LOCATION='#{ENV['VANAGON_LOCATION']}';" if ENV['VANAGON_LOCATION'] && !ENV['VANAGON_LOCATION'].empty?
|
399
|
-
"source /usr/local/rvm/scripts/rvm; rvm use ruby
|
400
|
+
"source /usr/local/rvm/scripts/rvm; rvm use ruby-#{rvm_ruby_version}; #{export_packaging_location} #{export_vanagon_location} bundle install --path .bundle/gems ;"
|
400
401
|
end
|
401
402
|
|
402
403
|
# Given a BuildInstance object and a host, send its params to the host. Return
|
@@ -147,6 +147,10 @@ describe 'Pkg::Paths' do
|
|
147
147
|
expect(Pkg::Paths.artifacts_path('ubuntu-20.04-amd64'))
|
148
148
|
.to eq('artifacts/FUTURE-puppet7/focal')
|
149
149
|
end
|
150
|
+
it 'should be correct for jammy' do
|
151
|
+
expect(Pkg::Paths.artifacts_path('ubuntu-22.04-amd64'))
|
152
|
+
.to eq('artifacts/FUTURE-puppet7/jammy')
|
153
|
+
end
|
150
154
|
end
|
151
155
|
end
|
152
156
|
|
@@ -328,6 +332,8 @@ describe 'Pkg::Paths' do
|
|
328
332
|
.to eq('/opt/repository/apt/FUTURE-puppet7/pool/bionic/p/puppet-agent')
|
329
333
|
expect(Pkg::Paths.apt_package_base_path('ubuntu-20.04-amd64', 'FUTURE-puppet7', 'puppet-agent'))
|
330
334
|
.to eq('/opt/repository/apt/FUTURE-puppet7/pool/focal/p/puppet-agent')
|
335
|
+
expect(Pkg::Paths.apt_package_base_path('ubuntu-22.04-amd64', 'FUTURE-puppet7', 'puppet-agent'))
|
336
|
+
.to eq('/opt/repository/apt/FUTURE-puppet7/pool/jammy/p/puppet-agent')
|
331
337
|
end
|
332
338
|
it 'returns the appropriate nonfinal repo path' do
|
333
339
|
allow(Pkg::Paths).to receive(:remote_repo_base).and_return('/opt/repository-nightlies/apt')
|
@@ -36,7 +36,7 @@ describe 'Pkg::Platforms' do
|
|
36
36
|
|
37
37
|
describe '#codenames' do
|
38
38
|
it 'should return all codenames for a given platform' do
|
39
|
-
codenames = ['focal', 'bionic', 'bullseye', 'buster', 'stretch', 'trusty', 'xenial']
|
39
|
+
codenames = ['focal', 'bionic', 'bullseye', 'buster', 'stretch', 'trusty', 'xenial', 'jammy']
|
40
40
|
expect(Pkg::Platforms.codenames).to match_array(codenames)
|
41
41
|
end
|
42
42
|
end
|
@@ -46,6 +46,10 @@ describe 'Pkg::Platforms' do
|
|
46
46
|
expect(Pkg::Platforms.codename_to_platform_version('xenial')).to eq(['ubuntu', '16.04'])
|
47
47
|
end
|
48
48
|
|
49
|
+
it 'should return the platform and version corresponding to a given codename' do
|
50
|
+
expect(Pkg::Platforms.codename_to_platform_version('jammy')).to eq(['ubuntu', '22.04'])
|
51
|
+
end
|
52
|
+
|
49
53
|
it 'should fail if given nil as a codename' do
|
50
54
|
expect{Pkg::Platforms.codename_to_platform_version(nil)}.to raise_error
|
51
55
|
end
|
@@ -53,7 +57,7 @@ describe 'Pkg::Platforms' do
|
|
53
57
|
|
54
58
|
describe '#codename_for_platform_version' do
|
55
59
|
it 'should return the codename corresponding to a given platform and version' do
|
56
|
-
expect(Pkg::Platforms.codename_for_platform_version('ubuntu', '
|
60
|
+
expect(Pkg::Platforms.codename_for_platform_version('ubuntu', '22.04')).to eq('jammy')
|
57
61
|
end
|
58
62
|
end
|
59
63
|
|
data/tasks/ship.rake
CHANGED
@@ -243,62 +243,82 @@ namespace :pl do
|
|
243
243
|
S3_REPO_SYNC = 'sudo /usr/local/bin/s3_repo_sync.sh'
|
244
244
|
GCP_REPO_SYNC = '/usr/local/bin/gcp_repo_sync'
|
245
245
|
|
246
|
-
desc "Sync signed apt repos from #{Pkg::Config.apt_signing_server} to
|
246
|
+
desc "Sync signed apt repos from #{Pkg::Config.apt_signing_server} to S3 and GCP"
|
247
247
|
task :deploy_apt_repo_to_s3 => 'pl:fetch' do
|
248
|
-
|
249
|
-
|
248
|
+
s3_sync_command = "#{S3_REPO_SYNC} apt.puppetlabs.com"
|
249
|
+
gcp_sync_command = "#{GCP_REPO_SYNC} apt.puppetlabs.com"
|
250
|
+
|
251
|
+
puts "Sync apt repos from #{Pkg::Config.apt_signing_server} to S3 and GCP? [y,n]"
|
250
252
|
next unless Pkg::Util.ask_yes_or_no
|
251
253
|
|
252
254
|
Pkg::Util::Execution.retry_on_fail(times: 3) do
|
253
|
-
Pkg::Util::Net.remote_execute(Pkg::Config.apt_signing_server,
|
255
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.apt_signing_server, s3_sync_command)
|
256
|
+
end
|
257
|
+
|
258
|
+
Pkg::Util::Execution.retry_on_fail(times: 3) do
|
259
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.apt_signing_server, gcp_sync_command)
|
254
260
|
end
|
255
261
|
end
|
256
262
|
|
257
|
-
desc "Sync signed yum repos from #{Pkg::Config.yum_staging_server} to
|
263
|
+
desc "Sync signed yum repos from #{Pkg::Config.yum_staging_server} to S3 and GCP"
|
258
264
|
task :deploy_yum_repo_to_s3 => 'pl:fetch' do
|
259
|
-
|
260
|
-
|
265
|
+
s3_sync_command = "#{S3_REPO_SYNC} yum.puppetlabs.com"
|
266
|
+
gcp_sync_command = "#{GCP_REPO_SYNC} yum.puppetlabs.com"
|
267
|
+
puts "Sync yum repos from #{Pkg::Config.yum_staging_server} to S3 and GCP? [y,n]"
|
261
268
|
next unless Pkg::Util.ask_yes_or_no
|
262
269
|
Pkg::Util::Execution.retry_on_fail(times: 3) do
|
263
|
-
Pkg::Util::Net.remote_execute(Pkg::Config.yum_staging_server,
|
270
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.yum_staging_server, s3_sync_command)
|
271
|
+
end
|
272
|
+
|
273
|
+
Pkg::Util::Execution.retry_on_fail(times: 3) do
|
274
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.yum_staging_server, gcp_sync_command)
|
264
275
|
end
|
265
276
|
end
|
266
277
|
|
267
|
-
desc "Sync downloads.puppetlabs.com from #{Pkg::Config.staging_server} to
|
278
|
+
desc "Sync downloads.puppetlabs.com from #{Pkg::Config.staging_server} to S3 and GCP"
|
268
279
|
task :deploy_downloads_to_s3 => 'pl:fetch' do
|
269
|
-
|
270
|
-
|
280
|
+
s3_sync_command = "#{S3_REPO_SYNC} downloads.puppetlabs.com"
|
281
|
+
gcp_sync_command = "#{GCP_REPO_SYNC} downloads.puppetlabs.com"
|
282
|
+
puts "Sync downloads.puppetlabs.com from #{Pkg::Config.staging_server} to S3 and GCP? [y,n]"
|
271
283
|
next unless Pkg::Util.ask_yes_or_no
|
272
284
|
Pkg::Util::Execution.retry_on_fail(times: 3) do
|
273
|
-
Pkg::Util::Net.remote_execute(Pkg::Config.staging_server,
|
285
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, s3_sync_command)
|
286
|
+
end
|
287
|
+
|
288
|
+
Pkg::Util::Execution.retry_on_fail(times: 3) do
|
289
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, gcp_sync_command)
|
274
290
|
end
|
275
291
|
end
|
276
292
|
|
277
|
-
desc "Sync nightlies.puppet.com from #{Pkg::Config.staging_server} to
|
293
|
+
desc "Sync nightlies.puppet.com from #{Pkg::Config.staging_server} to S3 and GCP"
|
278
294
|
task :deploy_nightlies_to_s3 => 'pl:fetch' do
|
279
|
-
|
280
|
-
|
295
|
+
s3_sync_command = "#{S3_REPO_SYNC} nightlies.puppet.com"
|
296
|
+
gcp_sync_command = "#{S3_REPO_SYNC} nightlies.puppet.com"
|
297
|
+
puts "Syncing nightly builds from #{Pkg::Config.staging_server} to S3 and GCP"
|
298
|
+
Pkg::Util::Execution.retry_on_fail(times: 3) do
|
299
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, s3_sync_command)
|
300
|
+
end
|
301
|
+
|
281
302
|
Pkg::Util::Execution.retry_on_fail(times: 3) do
|
282
|
-
Pkg::Util::Net.remote_execute(Pkg::Config.staging_server,
|
303
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, gcp_sync_command)
|
283
304
|
end
|
284
305
|
end
|
285
306
|
|
286
307
|
desc "Sync signed apt repos from #{Pkg::Config.apt_signing_server} to Google Cloud Platform"
|
287
308
|
task :sync_apt_repo_to_gcp => 'pl:fetch' do
|
288
|
-
|
289
|
-
|
290
|
-
|
291
|
-
sync_command_puppet_7 = "#{GCP_REPO_SYNC} apt.repos.puppet.com puppet7"
|
309
|
+
target_site = 'apt.repos.puppet.com'
|
310
|
+
sync_command_puppet_6 = "#{GCP_REPO_SYNC} #{target_site} puppet6"
|
311
|
+
sync_command_puppet_7 = "#{GCP_REPO_SYNC} #{target_site} puppet7"
|
292
312
|
print "Sync apt repos from #{Pkg::Config.apt_signing_server} to #{target_site}? [y,n] "
|
293
313
|
next unless Pkg::Util.ask_yes_or_no
|
294
314
|
puts
|
295
315
|
|
296
316
|
Pkg::Util::Execution.retry_on_fail(times: 3) do
|
297
|
-
|
317
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.apt_signing_server, sync_command_puppet_6)
|
298
318
|
end
|
299
319
|
|
300
320
|
Pkg::Util::Execution.retry_on_fail(times: 3) do
|
301
|
-
|
321
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.apt_signing_server, sync_command_puppet_7)
|
302
322
|
end
|
303
323
|
end
|
304
324
|
# Keep 'deploy' for backward compatibility
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: packaging
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.107.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Puppet Labs
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-06-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: pry
|
@@ -108,6 +108,34 @@ dependencies:
|
|
108
108
|
- - '='
|
109
109
|
- !ruby/object:Gem::Version
|
110
110
|
version: 3.1.5
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: googleauth
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - ">="
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
type: :runtime
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - ">="
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: google-cloud-storage
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - ">="
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '0'
|
132
|
+
type: :runtime
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - ">="
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '0'
|
111
139
|
- !ruby/object:Gem::Dependency
|
112
140
|
name: rake
|
113
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -295,28 +323,28 @@ signing_key:
|
|
295
323
|
specification_version: 4
|
296
324
|
summary: Puppet Labs' packaging automation
|
297
325
|
test_files:
|
298
|
-
- spec/lib/
|
326
|
+
- spec/lib/packaging/gem_spec.rb
|
299
327
|
- spec/lib/packaging/retrieve_spec.rb
|
300
|
-
- spec/lib/packaging/paths_spec.rb
|
301
|
-
- spec/lib/packaging/platforms_spec.rb
|
302
|
-
- spec/lib/packaging/config_spec.rb
|
303
|
-
- spec/lib/packaging/tar_spec.rb
|
304
328
|
- spec/lib/packaging/repo_spec.rb
|
329
|
+
- spec/lib/packaging/tar_spec.rb
|
330
|
+
- spec/lib/packaging/deb/repo_spec.rb
|
331
|
+
- spec/lib/packaging/platforms_spec.rb
|
305
332
|
- spec/lib/packaging/artifactory_spec.rb
|
333
|
+
- spec/lib/packaging/sign_spec.rb
|
334
|
+
- spec/lib/packaging/config_spec.rb
|
335
|
+
- spec/lib/packaging/paths_spec.rb
|
306
336
|
- spec/lib/packaging/deb_spec.rb
|
307
|
-
- spec/lib/packaging/
|
308
|
-
- spec/lib/packaging/util/git_spec.rb
|
309
|
-
- spec/lib/packaging/util/version_spec.rb
|
310
|
-
- spec/lib/packaging/util/os_spec.rb
|
311
|
-
- spec/lib/packaging/util/execution_spec.rb
|
312
|
-
- spec/lib/packaging/util/file_spec.rb
|
337
|
+
- spec/lib/packaging/rpm/repo_spec.rb
|
313
338
|
- spec/lib/packaging/util/git_tag_spec.rb
|
339
|
+
- spec/lib/packaging/util/execution_spec.rb
|
340
|
+
- spec/lib/packaging/util/version_spec.rb
|
341
|
+
- spec/lib/packaging/util/misc_spec.rb
|
342
|
+
- spec/lib/packaging/util/net_spec.rb
|
314
343
|
- spec/lib/packaging/util/rake_utils_spec.rb
|
315
344
|
- spec/lib/packaging/util/ship_spec.rb
|
345
|
+
- spec/lib/packaging/util/file_spec.rb
|
346
|
+
- spec/lib/packaging/util/os_spec.rb
|
316
347
|
- spec/lib/packaging/util/jenkins_spec.rb
|
317
|
-
- spec/lib/packaging/util/
|
318
|
-
- spec/lib/packaging/util/misc_spec.rb
|
348
|
+
- spec/lib/packaging/util/git_spec.rb
|
319
349
|
- spec/lib/packaging/util/gpg_spec.rb
|
320
|
-
- spec/lib/
|
321
|
-
- spec/lib/packaging/sign_spec.rb
|
322
|
-
- spec/lib/packaging/gem_spec.rb
|
350
|
+
- spec/lib/packaging_spec.rb
|