packaging 0.106.1 → 0.107.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: db83755518bc81f835ca1c1b64cb4fa7febab19049e584aabcc77ddf049a0baa
-  data.tar.gz: 16139b7c1e409444034c8eda4481c96fdb2b63a0a46fa1a2aeed3d50951fae15
+  metadata.gz: a52b5e4526f37d1bf4ebacf7a4c8de7c8b6cf2fb96ababbc1873384381e42903
+  data.tar.gz: 626f5a46015f53bac68d7dc29fd712efa5a5e7180079444c7f6aecda91ce520c
 SHA512:
-  metadata.gz: d33084fee800fe837b891703dbdf2bc404e1aabb23a965704ea5275c0c08a397daabc20aab2cce63babb9040088de855a4dbc3846b0ec78e96cab13c89299768
-  data.tar.gz: 3cd7163d6acc73d96f062924938a31ec46dafecf717f0fcbceb4d1c56e4ae6d2a9af05fdc0904f4a790673a30d3a2c3f85772c5137ffd4e4d80fc9efbbc5c597
+  metadata.gz: cf0029e52dd115687b71974542ab056555ebaa5d0f8886c4a01ff14f072b6dea4cd3ad509ea66b8dd8ea0c36bf324b27e5cdb289e86202c0c15bd8c7d64cb890
+  data.tar.gz: 4e8cde5da7d1fe12d6677582419c4b7e15a0fbe9d499fbfb29fc6e0e82e6c41583ca254d7c4ca861e959d22d1ed5f0a1270b02c0899ae58c230addc9d3015eba

data/lib/packaging/config/params.rb

@@ -101,10 +101,8 @@ module Pkg::Params
                   msi_host
                   msi_name
                   msi_path
-                  msi_signing_cert
-                  msi_signing_cert_pw
-                  msi_signing_server
-                  msi_signing_ssh_key
+                  msi_signing_gcp_service_account_credentials
+                  msi_signing_service_url
                   msi_staging_server
                   name
                   nonfinal_apt_repo_command
@@ -244,10 +242,8 @@ module Pkg::Params
               { :var => :ips_signing_ssh_key,     :envvar => :IPS_SIGNING_SSH_KEY },
               { :var => :msi_host,                :envvar => :MSI_HOST },
               { :var => :msi_path,                :envvar => :MSI_PATH },
-              { :var => :msi_signing_cert,        :envvar => :MSI_SIGNING_CERT },
-              { :var => :msi_signing_cert_pw,     :envvar => :MSI_SIGNING_CERT_PW },
-              { :var => :msi_signing_server,      :envvar => :MSI_SIGNING_SERVER },
-              { :var => :msi_signing_ssh_key,     :envvar => :MSI_SIGNING_SSH_KEY },
+              { :var => :msi_signing_gcp_service_account_credentials, :envvar => :MSI_SIGNING_GCP_SERVICE_ACCOUNT_CREDENTIALS },
+              { :var => :msi_signing_service_url, :envvar => :MSI_SIGNING_SERVICE_URL },
               { :var => :msi_staging_server,      :envvar => :MSI_STAGING_SERVER },
               { :var => :nonfinal_apt_repo_command, :envvar => :NONFINAL_APT_REPO_COMMAND },
               { :var => :nonfinal_apt_repo_path, :envvar => :NONFINAL_APT_REPO_PATH },
@@ -328,8 +324,6 @@ module Pkg::Params
               { :var => :ips_inter_cert,          :val => '$IPS_INTER_CERT' },
               { :var => :ips_root_cert,           :val => '$IPS_ROOT_CERT' },
               { :var => :ips_signing_key,         :val => '$IPS_SIGNING_KEY' },
-              { :var => :msi_signing_cert,        :val => '$MSI_SIGNING_CERT' },
-              { :var => :msi_signing_cert_pw,     :val => '$MSI_SIGNING_CERT_PW' },
               { :var => :pe_feature_branch,       :val => false },
               { :var => :pe_release_branch,       :val => false },
               { :var => :s3_ship,                 :val => false },

data/lib/packaging/platforms.rb

@@ -211,6 +211,14 @@ module Pkg
           source_package_formats: DEBIAN_SOURCE_FORMATS,
           repo: true,
         },
+        '22.04' => {
+          codename: 'jammy',
+          architectures: ['amd64', 'aarch64'],
+          source_architecture: 'source',
+          package_format: 'deb',
+          source_package_formats: DEBIAN_SOURCE_FORMATS,
+          repo: true,
+        },
       },
 
       'windows' => {

data/lib/packaging/sign/msi.rb

@@ -2,123 +2,95 @@ module Pkg::Sign::Msi
   module_function
 
   def sign(target_dir = 'pkg')
-    use_identity = "-i #{Pkg::Config.msi_signing_ssh_key}" if Pkg::Config.msi_signing_ssh_key
+    require 'google/cloud/storage'
+    require 'googleauth'
+    require 'json'
+    require 'net/http'
+    require 'uri'
 
-    ssh_host_string = "#{use_identity} Administrator@#{Pkg::Config.msi_signing_server}"
-    rsync_host_string = "-e 'ssh #{use_identity}' Administrator@#{Pkg::Config.msi_signing_server}"
+    gcp_service_account_credentials = Pkg::Config.msi_signing_gcp_service_account_credentials
+    signing_service_url = Pkg::Config.msi_signing_service_url
 
-    work_dir = "Windows/Temp/#{Pkg::Util.rand_string}"
-    Pkg::Util::Net.remote_execute(ssh_host_string, "mkdir -p C:/#{work_dir}")
-    msis = Dir.glob("#{target_dir}/windows*/**/*.msi")
-    Pkg::Util::Net.rsync_to(msis.join(" "), rsync_host_string, "/cygdrive/c/#{work_dir}",
-                           extra_flags: ["--ignore-existing --relative"])
+    begin
+      authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
+        json_key_io: File.open(gcp_service_account_credentials),
+        target_audience: signing_service_url
+      )
+    rescue StandardError => e
+      fail "msis can only be signed by jenkins.\n#{e}"
+    end
 
-    # Please Note:
-    # We are currently adding two signatures to the msi.
-    #
-    # Microsoft compatable Signatures are composed of three different
-    # elements.
-    #   1) The Certificate used to sign the package. This is the element that
-    #     is attached to organization. The certificate has an associated
-    #     algorithm. We recently (February 2016) had to switch from a sha1 to
-    #     a sha256 certificate. Sha1 was deprecated by many Microsoft
-    #     elements on 2016-01-01, which forced us to switch to a sha256 cert.
-    #     This sha256 certificate is recognized by all currently supported
-    #     windows platforms (Windows 8/Vista forward).
-    #   2) The signature used to attach the certificate to the package. This
-    #     can be a done with a variety of digest algorithms. Older platforms
-    #     (i.e., Windows 8 and Windows Vista) don't recognize later
-    #     algorithms like sha256.
-    #   3) The timestamp used to validate when the package was signed. This
-    #     comes from an external source and can be delivered with a variety
-    #     of digest algorithms. Older platforms do not recognize newer
-    #     algorithms like sha256.
-    #
-    # We could have only one signature with the Sha256 Cert, Sha1 Signature,
-    # and Sha1 Timestamp, but that would be too easy. The sha256 signature
-    # and timestamp add more security to our packages. We can't have only
-    # sha256 elements in our package signature, though, because Windows 8
-    # and Windows Vista just don't recognize them at all.
-    #
-    # In order to add two signatures to an MSI, we also need to change the
-    # tool we use to sign packages with. Previously, we were using SignTool
-    # which is the Microsoft blessed program used to sign packages. However,
-    # this tool isn't able to add two signatures to an MSI specifically. It
-    # can dual-sign an exe, just not an MSI. In order to get the dual-signed
-    # packages, we decided to switch over to using osslsigncode. The original
-    # project didn't have support to compile on a windows system, so we
-    # decided to use this fork. The binaries on the signer were pulled from
-    # https://sourceforge.net/u/keeely/osslsigncode/ci/master/tree/
-    #
-    # These are our signatures:
-    # The first signature:
-    #   * Sha256 Certificate
-    #   * Sha1 Signature
-    #   * Sha1 Timestamp
-    #
-    # The second signature:
-    #   * Sha256 Certificate
-    #   * Sha256 Signature
-    #   * Sha256 Timestamp
-    #
-    # Once we no longer support Windows 8/Windows Vista, we can remove the
-    # first Sha1 signature.
-    sign_command = <<~CMD
-      for msipath in #{msis.join(' ')}; do
-        msi="$(basename $msipath)"
-        msidir="C:/#{work_dir}/$(dirname $msipath)"
-        if "/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe" verify -in "$msidir/$msi" ; then
-          echo "$msi is already signed, skipping . . ." ;
-        else
-          tries=5
-          sha1Servers=(http://timestamp.digicert.com/sha1/timestamp
-          http://timestamp.comodoca.com/authenticode)
-          for timeserver in "${sha1Servers[@]}"; do
-            for ((try=1; try<=$tries; try++)) do
-              ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
-                -n "Puppet" -i "http://www.puppet.com" \
-                -h sha1 \
-                -pkcs12 "#{Pkg::Config.msi_signing_cert}" \
-                -pass "#{Pkg::Config.msi_signing_cert_pw}" \
-                -t "$timeserver" \
-                -in "$msidir/$msi" \
-                -out "$msidir/signed-$msi")
-              if [[ $ret == *"Succeeded"* ]]; then break; fi
-            done;
-            if [[ $ret == *"Succeeded"* ]]; then break; fi
-          done;
-          echo $ret
-          if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
-          sha256Servers=(http://timestamp.digicert.com/sha256/timestamp
-            http://timestamp.comodoca.com?td=sha256)
-          for timeserver in "${sha256Servers[@]}"; do
-            for ((try=1; try<=$tries; try++)) do
-              ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
-                -n "Puppet" -i "http://www.puppet.com" \
-                -nest -h sha256 \
-                -pkcs12 "#{Pkg::Config.msi_signing_cert}" \
-                -pass "#{Pkg::Config.msi_signing_cert_pw}" \
-                -ts "$timeserver" \
-                -in "$msidir/signed-$msi" \
-                -out "$msidir/$msi")
-              if [[ $ret == *"Succeeded"* ]]; then break; fi
-            done;
-            if [[ $ret == *"Succeeded"* ]]; then break; fi
-          done;
-          echo $ret
-          if [[ $ret != *"Succeeded"* ]]; then exit 1; fi
-        fi
-      done
-    CMD
+    gcp_auth_token = authorizer.fetch_access_token!['id_token']
 
-    Pkg::Util::Net.remote_execute(
-      ssh_host_string,
-      sign_command,
-      { fail_fast: false }
+    gcp_storage = Google::Cloud::Storage.new(
+      project_id: 'puppet-release-engineering',
+      credentials: gcp_service_account_credentials
     )
+    tosign_bucket = gcp_storage.bucket('windows-tosign-bucket')
+    signed_bucket = gcp_storage.bucket('windows-signed-bucket')
+
+    service_uri = URI.parse(signing_service_url)
+    headers = { 'Content-Type': 'application/json', 'Authorization': "Bearer #{gcp_auth_token}" }
+    http = Net::HTTP.new(service_uri.host, service_uri.port)
+    http.use_ssl = true
+    request = Net::HTTP::Post.new(service_uri.request_uri, headers)
+
+    # Create hash to keep track of the signed msis
+    signed_msis = {}
+
+    msis = Dir.glob("#{target_dir}/windows*/**/*.msi")
+
+    # Upload msis to GCP and sign them
+    msis.each do |msi|
+      begin
+        tosign_bucket.create_file(msi, msi)
+      rescue StandardError => e
+        delete_tosign_msis(tosign_bucket, msis)
+        fail "There was an error uploading #{msi} to the windows-tosign-bucket gcp bucket.\n#{e}"
+      end
+      msi_json = { 'Path': msi }
+      request.body = msi_json.to_json
+      begin
+        response = http.request(request)
+        response_body = JSON.parse(JSON.parse(response.body.to_json), :quirks_mode => true)
+      rescue StandardError => e
+        delete_tosign_msis(tosign_bucket, msis)
+        delete_signed_msis(signed_bucket, signed_msis)
+        fail "There was an error signing #{msi}.\n#{e}"
+      end
+      # Store location of signed msi
+      signed_msi = response_body['Path']
+      signed_msis[msi] = signed_msi
+    end
+
+    # Download the signed msis
     msis.each do |msi|
-      Pkg::Util::Net.rsync_from("/cygdrive/c/#{work_dir}/#{msi}", rsync_host_string, File.dirname(msi))
+      begin
+        signed_msi = signed_bucket.file(signed_msis[msi])
+        signed_msi.download(msi)
+      rescue StandardError => e
+        delete_tosign_msis(tosign_bucket, msis)
+        delete_signed_msis(signed_bucket, signed_msis)
+        fail "There was an error retrieving the signed msi:#{msi}.\n#{e}"
+      end
+    end
+
+    # Cleanup buckets
+    delete_tosign_msis(tosign_bucket, msis)
+    delete_signed_msis(signed_bucket, signed_msis)
+  end
+
+  def delete_tosign_msis(bucket, msis)
+    msis.each do |msi|
+      tosign_msi = bucket.file(msi)
+      tosign_msi.delete unless tosign_msi.nil?
+    end
+  end
+
+  def delete_signed_msis(bucket, signed_msis)
+    signed_msis.each do |msi, temp_name|
+      signed_msi = bucket.file(temp_name)
+      signed_msi.delete unless signed_msi.nil?
     end
-    Pkg::Util::Net.remote_execute(ssh_host_string, "if [ -d '/cygdrive/c/#{work_dir}' ]; then rm -rf '/cygdrive/c/#{work_dir}'; fi")
   end
 end

data/lib/packaging/util/net.rb

@@ -394,9 +394,10 @@ module Pkg::Util::Net
     end
 
     def remote_bundle_install_command
+      rvm_ruby_version = ENV['RVM_RUBY_VERSION'] || '2.7.5'
       export_packaging_location = "export PACKAGING_LOCATION='#{ENV['PACKAGING_LOCATION']}';" if ENV['PACKAGING_LOCATION'] && !ENV['PACKAGING_LOCATION'].empty?
       export_vanagon_location = "export VANAGON_LOCATION='#{ENV['VANAGON_LOCATION']}';" if ENV['VANAGON_LOCATION'] && !ENV['VANAGON_LOCATION'].empty?
-      "source /usr/local/rvm/scripts/rvm; rvm use ruby-2.5.1; #{export_packaging_location} #{export_vanagon_location} bundle install --path .bundle/gems ;"
+      "source /usr/local/rvm/scripts/rvm; rvm use ruby-#{rvm_ruby_version}; #{export_packaging_location} #{export_vanagon_location} bundle install --path .bundle/gems ;"
     end
 
     # Given a BuildInstance object and a host, send its params to the host. Return

data/spec/lib/packaging/paths_spec.rb

@@ -147,6 +147,10 @@ describe 'Pkg::Paths' do
         expect(Pkg::Paths.artifacts_path('ubuntu-20.04-amd64'))
           .to eq('artifacts/FUTURE-puppet7/focal')
       end
+      it 'should be correct for jammy' do
+        expect(Pkg::Paths.artifacts_path('ubuntu-22.04-amd64'))
+          .to eq('artifacts/FUTURE-puppet7/jammy')
+      end
     end
   end
 
@@ -328,6 +332,8 @@ describe 'Pkg::Paths' do
           .to eq('/opt/repository/apt/FUTURE-puppet7/pool/bionic/p/puppet-agent')
         expect(Pkg::Paths.apt_package_base_path('ubuntu-20.04-amd64', 'FUTURE-puppet7', 'puppet-agent'))
           .to eq('/opt/repository/apt/FUTURE-puppet7/pool/focal/p/puppet-agent')
+        expect(Pkg::Paths.apt_package_base_path('ubuntu-22.04-amd64', 'FUTURE-puppet7', 'puppet-agent'))
+          .to eq('/opt/repository/apt/FUTURE-puppet7/pool/jammy/p/puppet-agent')
       end
       it 'returns the appropriate nonfinal repo path' do
         allow(Pkg::Paths).to receive(:remote_repo_base).and_return('/opt/repository-nightlies/apt')

data/spec/lib/packaging/platforms_spec.rb

@@ -36,7 +36,7 @@ describe 'Pkg::Platforms' do
 
   describe '#codenames' do
     it 'should return all codenames for a given platform' do
-      codenames = ['focal', 'bionic', 'bullseye', 'buster', 'stretch', 'trusty', 'xenial']
+      codenames = ['focal', 'bionic', 'bullseye', 'buster', 'stretch', 'trusty', 'xenial', 'jammy']
       expect(Pkg::Platforms.codenames).to match_array(codenames)
     end
   end
@@ -46,6 +46,10 @@ describe 'Pkg::Platforms' do
       expect(Pkg::Platforms.codename_to_platform_version('xenial')).to eq(['ubuntu', '16.04'])
     end
 
+    it 'should return the platform and version corresponding to a given codename' do
+      expect(Pkg::Platforms.codename_to_platform_version('jammy')).to eq(['ubuntu', '22.04'])
+    end
+
     it 'should fail if given nil as a codename' do
       expect{Pkg::Platforms.codename_to_platform_version(nil)}.to raise_error
     end
@@ -53,7 +57,7 @@ describe 'Pkg::Platforms' do
 
   describe '#codename_for_platform_version' do
     it 'should return the codename corresponding to a given platform and version' do
-      expect(Pkg::Platforms.codename_for_platform_version('ubuntu', '16.04')).to eq('xenial')
+      expect(Pkg::Platforms.codename_for_platform_version('ubuntu', '22.04')).to eq('jammy')
     end
   end
 

data/tasks/ship.rake

@@ -243,62 +243,82 @@ namespace :pl do
     S3_REPO_SYNC = 'sudo /usr/local/bin/s3_repo_sync.sh'
     GCP_REPO_SYNC = '/usr/local/bin/gcp_repo_sync'
 
-    desc "Sync signed apt repos from #{Pkg::Config.apt_signing_server} to AWS S3"
+    desc "Sync signed apt repos from #{Pkg::Config.apt_signing_server} to S3 and GCP"
     task :deploy_apt_repo_to_s3 => 'pl:fetch' do
-      sync_command = "#{S3_REPO_SYNC} apt.puppetlabs.com"
-      puts "Sync apt repos from #{Pkg::Config.apt_signing_server} to AWS S3? [y,n]"
+      s3_sync_command = "#{S3_REPO_SYNC} apt.puppetlabs.com"
+      gcp_sync_command = "#{GCP_REPO_SYNC} apt.puppetlabs.com"
+
+      puts "Sync apt repos from #{Pkg::Config.apt_signing_server} to S3 and GCP? [y,n]"
       next unless Pkg::Util.ask_yes_or_no
 
       Pkg::Util::Execution.retry_on_fail(times: 3) do
-        Pkg::Util::Net.remote_execute(Pkg::Config.apt_signing_server, sync_command)
+        Pkg::Util::Net.remote_execute(Pkg::Config.apt_signing_server, s3_sync_command)
+      end
+
+      Pkg::Util::Execution.retry_on_fail(times: 3) do
+        Pkg::Util::Net.remote_execute(Pkg::Config.apt_signing_server, gcp_sync_command)
       end
     end
 
-    desc "Sync signed yum repos from #{Pkg::Config.yum_staging_server} to AWS S3"
+    desc "Sync signed yum repos from #{Pkg::Config.yum_staging_server} to S3 and GCP"
     task :deploy_yum_repo_to_s3 => 'pl:fetch' do
-      sync_command = "#{S3_REPO_SYNC} yum.puppetlabs.com"
-      puts "Sync yum repos from #{Pkg::Config.yum_staging_server} to AWS S3? [y,n]"
+      s3_sync_command = "#{S3_REPO_SYNC} yum.puppetlabs.com"
+      gcp_sync_command = "#{GCP_REPO_SYNC} yum.puppetlabs.com"
+      puts "Sync yum repos from #{Pkg::Config.yum_staging_server} to S3 and GCP? [y,n]"
       next unless Pkg::Util.ask_yes_or_no
       Pkg::Util::Execution.retry_on_fail(times: 3) do
-        Pkg::Util::Net.remote_execute(Pkg::Config.yum_staging_server, sync_command)
+        Pkg::Util::Net.remote_execute(Pkg::Config.yum_staging_server, s3_sync_command)
+      end
+
+      Pkg::Util::Execution.retry_on_fail(times: 3) do
+        Pkg::Util::Net.remote_execute(Pkg::Config.yum_staging_server, gcp_sync_command)
       end
     end
 
-    desc "Sync downloads.puppetlabs.com from #{Pkg::Config.staging_server} to AWS S3"
+    desc "Sync downloads.puppetlabs.com from #{Pkg::Config.staging_server} to S3 and GCP"
     task :deploy_downloads_to_s3 => 'pl:fetch' do
-      sync_command = "#{S3_REPO_SYNC} downloads.puppetlabs.com"
-      puts "Sync downloads.puppetlabs.com from #{Pkg::Config.staging_server} to AWS S3? [y,n]"
+      s3_sync_command = "#{S3_REPO_SYNC} downloads.puppetlabs.com"
+      gcp_sync_command = "#{GCP_REPO_SYNC} downloads.puppetlabs.com"
+      puts "Sync downloads.puppetlabs.com from #{Pkg::Config.staging_server} to S3 and GCP? [y,n]"
       next unless Pkg::Util.ask_yes_or_no
       Pkg::Util::Execution.retry_on_fail(times: 3) do
-        Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, sync_command)
+        Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, s3_sync_command)
+      end
+
+      Pkg::Util::Execution.retry_on_fail(times: 3) do
+        Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, gcp_sync_command)
       end
     end
 
-    desc "Sync nightlies.puppet.com from #{Pkg::Config.staging_server} to AWS S3"
+    desc "Sync nightlies.puppet.com from #{Pkg::Config.staging_server} to S3 and GCP"
     task :deploy_nightlies_to_s3 => 'pl:fetch' do
-      sync_command = "#{S3_REPO_SYNC} nightlies.puppet.com"
-      puts "Syncing nightly builds from #{Pkg::Config.staging_server} to AWS S3"
+      s3_sync_command = "#{S3_REPO_SYNC} nightlies.puppet.com"
+      gcp_sync_command = "#{S3_REPO_SYNC} nightlies.puppet.com"
+      puts "Syncing nightly builds from #{Pkg::Config.staging_server} to S3 and GCP"
+      Pkg::Util::Execution.retry_on_fail(times: 3) do
+        Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, s3_sync_command)
+      end
+
       Pkg::Util::Execution.retry_on_fail(times: 3) do
-        Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, sync_command)
+        Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, gcp_sync_command)
       end
     end
 
     desc "Sync signed apt repos from #{Pkg::Config.apt_signing_server} to Google Cloud Platform"
     task :sync_apt_repo_to_gcp => 'pl:fetch' do
-      ssh = Pkg::Util::Tool.check_tool('ssh')
-      target_site = 'apt.repos.puppetlabs.com'
-      sync_command_puppet_6 = "#{GCP_REPO_SYNC} apt.repos.puppet.com puppet6"
-      sync_command_puppet_7 = "#{GCP_REPO_SYNC} apt.repos.puppet.com puppet7"
+      target_site = 'apt.repos.puppet.com'
+      sync_command_puppet_6 = "#{GCP_REPO_SYNC} #{target_site} puppet6"
+      sync_command_puppet_7 = "#{GCP_REPO_SYNC} #{target_site} puppet7"
       print "Sync apt repos from #{Pkg::Config.apt_signing_server} to #{target_site}? [y,n] "
       next unless Pkg::Util.ask_yes_or_no
       puts
 
       Pkg::Util::Execution.retry_on_fail(times: 3) do
-        %x(#{ssh} #{Pkg::Config.apt_signing_server} '/bin/bash -l -c "#{sync_command_puppet_6}"')
+        Pkg::Util::Net.remote_execute(Pkg::Config.apt_signing_server, sync_command_puppet_6)
       end
 
       Pkg::Util::Execution.retry_on_fail(times: 3) do
-        %x(#{ssh} #{Pkg::Config.apt_signing_server} '/bin/bash -l -c "#{sync_command_puppet_7}"')
+        Pkg::Util::Net.remote_execute(Pkg::Config.apt_signing_server, sync_command_puppet_7)
       end
     end
     # Keep 'deploy' for backward compatibility

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: packaging
 version: !ruby/object:Gem::Version
-  version: 0.106.1
+  version: 0.107.0
 platform: ruby
 authors:
 - Puppet Labs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-04-12 00:00:00.000000000 Z
+date: 2022-06-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pry
@@ -108,6 +108,34 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 3.1.5
+- !ruby/object:Gem::Dependency
+  name: googleauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: google-cloud-storage
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -295,28 +323,28 @@ signing_key:
 specification_version: 4
 summary: Puppet Labs' packaging automation
 test_files:
-- spec/lib/packaging_spec.rb
+- spec/lib/packaging/gem_spec.rb
 - spec/lib/packaging/retrieve_spec.rb
-- spec/lib/packaging/paths_spec.rb
-- spec/lib/packaging/platforms_spec.rb
-- spec/lib/packaging/config_spec.rb
-- spec/lib/packaging/tar_spec.rb
 - spec/lib/packaging/repo_spec.rb
+- spec/lib/packaging/tar_spec.rb
+- spec/lib/packaging/deb/repo_spec.rb
+- spec/lib/packaging/platforms_spec.rb
 - spec/lib/packaging/artifactory_spec.rb
+- spec/lib/packaging/sign_spec.rb
+- spec/lib/packaging/config_spec.rb
+- spec/lib/packaging/paths_spec.rb
 - spec/lib/packaging/deb_spec.rb
-- spec/lib/packaging/deb/repo_spec.rb
-- spec/lib/packaging/util/git_spec.rb
-- spec/lib/packaging/util/version_spec.rb
-- spec/lib/packaging/util/os_spec.rb
-- spec/lib/packaging/util/execution_spec.rb
-- spec/lib/packaging/util/file_spec.rb
+- spec/lib/packaging/rpm/repo_spec.rb
 - spec/lib/packaging/util/git_tag_spec.rb
+- spec/lib/packaging/util/execution_spec.rb
+- spec/lib/packaging/util/version_spec.rb
+- spec/lib/packaging/util/misc_spec.rb
+- spec/lib/packaging/util/net_spec.rb
 - spec/lib/packaging/util/rake_utils_spec.rb
 - spec/lib/packaging/util/ship_spec.rb
+- spec/lib/packaging/util/file_spec.rb
+- spec/lib/packaging/util/os_spec.rb
 - spec/lib/packaging/util/jenkins_spec.rb
-- spec/lib/packaging/util/net_spec.rb
-- spec/lib/packaging/util/misc_spec.rb
+- spec/lib/packaging/util/git_spec.rb
 - spec/lib/packaging/util/gpg_spec.rb
-- spec/lib/packaging/rpm/repo_spec.rb
-- spec/lib/packaging/sign_spec.rb
-- spec/lib/packaging/gem_spec.rb
+- spec/lib/packaging_spec.rb