RubyGems - packaging - Versions diffs - 0.107.0 → 0.107.2 - Mend

packaging 0.107.0 → 0.107.2

Files changed (7) hide show

checksums.yaml +4 -4
data/lib/packaging/config/params.rb +4 -0
data/lib/packaging/platforms.rb +8 -0
data/lib/packaging/sign/msi.rb +3 -2
data/lib/packaging/sign/rpm.rb +30 -2
data/tasks/jenkins.rake +8 -0
metadata +16 -16

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a52b5e4526f37d1bf4ebacf7a4c8de7c8b6cf2fb96ababbc1873384381e42903
-  data.tar.gz: 626f5a46015f53bac68d7dc29fd712efa5a5e7180079444c7f6aecda91ce520c
+  metadata.gz: 58c36fb031eb51f2a6a48a7ceca4813c5b2f144000885489e3d1119be3ec0f98
+  data.tar.gz: f71d81c0fdf37a931a7d25361ed5fa01ede3993afd6c0dafab651db5b38a916c
 SHA512:
-  metadata.gz: cf0029e52dd115687b71974542ab056555ebaa5d0f8886c4a01ff14f072b6dea4cd3ad509ea66b8dd8ea0c36bf324b27e5cdb289e86202c0c15bd8c7d64cb890
-  data.tar.gz: 4e8cde5da7d1fe12d6677582419c4b7e15a0fbe9d499fbfb29fc6e0e82e6c41583ca254d7c4ca861e959d22d1ed5f0a1270b02c0899ae58c230addc9d3015eba
+  metadata.gz: 146a581e6b6d1bc657d3f86174721e96797a274c563370c3543aae7aceab9bf403ae99ccceefdec67479bd6ad0155fb6ea7fc0b977cf3725ab7633f7ed05ec31
+  data.tar.gz: 20f9df21502521ba2c07fb7a0b9679f87f02a127960bdd1694ee423591f777a97544487867400d5fd27b96ebee3cf87ae09708e58c1c6dcaa4f609f32ac1c8da

data/lib/packaging/config/params.rb CHANGED Viewed

@@ -55,6 +55,8 @@ module Pkg::Params
                   foss_platforms
                   freight_archive_path
                   freight_conf
+                  gcp_signed_bucket
+                  gcp_tosign_bucket
                   gem_default_executables
                   gem_dependencies
                   gem_description
@@ -228,6 +230,8 @@ module Pkg::Params
               { :var => :foss_only,               :envvar => :FOSS_ONLY,       :type => :bool },
               { :var => :foss_platforms,          :envvar => :FOSS_PLATFORMS,  :type => :array },
               { :var => :freight_archive_path,    :envvar => :FREIGHT_ARCHIVE_PATH },
+              { :var => :gcp_signed_bucket,       :envvar => :GCP_SIGNED_BUCKET },
+              { :var => :gcp_tosign_bucket,       :envvar => :GCP_TOSIGN_BUCKET },
               { :var => :gem_host,                :envvar => :GEM_HOST },
               { :var => :gpg_key,                 :envvar => :GPG_KEY },
               { :var => :gpg_name,                :envvar => :GPG_NAME },

data/lib/packaging/platforms.rb CHANGED Viewed

@@ -99,6 +99,14 @@ module Pkg
           signature_format: 'v4',
           repo: true,
         },
+        '36' => {
+          architectures: ['x86_64'],
+          source_architecture: 'SRPMS',
+          package_format: 'rpm',
+          source_package_formats: ['src.rpm'],
+          signature_format: 'v4',
+          repo: true,
+        },
       },
       'osx' => {

data/lib/packaging/sign/msi.rb CHANGED Viewed

@@ -26,8 +26,9 @@ module Pkg::Sign::Msi
       project_id: 'puppet-release-engineering',
       credentials: gcp_service_account_credentials
     )
-    tosign_bucket = gcp_storage.bucket('windows-tosign-bucket')
-    signed_bucket = gcp_storage.bucket('windows-signed-bucket')
+    tosign_bucket = gcp_storage.bucket(Pkg::Config.gcp_tosign_bucket)
+    signed_bucket = gcp_storage.bucket(Pkg::Config.gcp_signed_bucket)
     service_uri = URI.parse(signing_service_url)
     headers = { 'Content-Type': 'application/json', 'Authorization': "Bearer #{gcp_auth_token}" }

data/lib/packaging/sign/rpm.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Pkg::Sign::Rpm
     # To enable support for wrappers around rpm and thus support for gpg-agent
     # rpm signing, we have to be able to tell the packaging repo what binary to
     # use as the rpm signing tool.
-    rpm_command = ENV['RPM'] || Pkg::Util::Tool.find_tool('rpm')
+    rpm_executable = ENV['RPM'] || Pkg::Util::Tool.find_tool('rpm')
     # If we're using the gpg agent for rpm signing, we don't want to specify the
     # input for the passphrase, which is what '--passphrase-fd 3' does. However,
@@ -20,12 +20,34 @@ module Pkg::Sign::Rpm
       input_flag = "--passphrase-fd 3"
     end
+    # If gpg version is >=2.1, use the gpg1 binary to sign. Otherwise, use the standard sign command.
+    gpg_executable = if gpg_version_greater_than_21?
+                       "%__gpg /usr/bin/gpg1' --define '%__gpg_sign_cmd %{__gpg} gpg1"
+                     else
+                       '%__gpg_sign_cmd %{__gpg} gpg'
+                     end
+    # rubocop:disable Lint/NestedPercentLiteral
+    gpg_signing_macro = %W[
+      #{gpg_executable} #{sign_flags} #{input_flag}
+      --batch --no-verbose --no-armor
+      --no-secmem-warning -u %{_gpg_name}
+      -sbo %{__signature_filename} %{__plaintext_filename}
+    ].join(' ')
+    # rubocop:enable Lint/NestedPercentLiteral
+    sign_command = %W[
+      #{rpm_executable} #{gpg_check_command}
+      --define '%_gpg_name #{Pkg::Util::Gpg.key}'
+      --define '#{gpg_signing_macro}' --addsign #{rpm}
+    ].join(' ')
     # Try this up to 5 times, to allow for incorrect passwords
     Pkg::Util::Execution.retry_on_fail(:times => 5) do
       # This definition of %__gpg_sign_cmd is the default on modern rpm. We
       # accept extra flags to override certain signing behavior for older
       # versions of rpm, e.g. specifying V3 signatures instead of V4.
-      Pkg::Util::Execution.capture3("#{rpm_command} #{gpg_check_command} --define '%_gpg_name #{Pkg::Util::Gpg.key}' --define '%__gpg_sign_cmd %{__gpg} gpg #{sign_flags} #{input_flag} --batch --no-verbose --no-armor --no-secmem-warning -u %{_gpg_name} -sbo %{__signature_filename} %{__plaintext_filename}' --addsign #{rpm}")
+      Pkg::Util::Execution.capture3(sign_command)
     end
   end
@@ -112,4 +134,10 @@ module Pkg::Sign::Rpm
       end
     end
   end
+  def gpg_version_greater_than_21?
+    gpg_version_output = %x(gpg --version)
+    gpg_version = gpg_version_output.split(' ')[2]
+    Gem::Version.new(gpg_version) >= Gem::Version.new('2.1.0')
+  end
 end

data/tasks/jenkins.rake CHANGED Viewed

@@ -314,6 +314,14 @@ namespace :pl do
       Rake::Task['pl:remote:update_foss_repos'].invoke
       Rake::Task['pl:remote:deploy_final_builds_to_s3'].invoke
       Rake::Task['pl:remote:deploy_to_rsync_server'].invoke
+      # This serves as a cheap feature toggle to avoid things not ready to
+      # use it. It should be removed in future versions.
+      if ENV['STABLE_SHIP_TO_GCP']
+        ## apt.repos.puppet.com
+        Rake::Task['pl:stage_stable_debs'].invoke
+        Rake::Task['pl:remote:sync_apt_repo_to_gcp'].invoke
+      end
     end
     task :stage_release_packages => "pl:fetch" do

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: packaging
 version: !ruby/object:Gem::Version
-  version: 0.107.0
+  version: 0.107.2
 platform: ruby
 authors:
 - Puppet Labs
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-06-14 00:00:00.000000000 Z
+date: 2022-09-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pry
@@ -324,27 +324,27 @@ specification_version: 4
 summary: Puppet Labs' packaging automation
 test_files:
 - spec/lib/packaging/gem_spec.rb
-- spec/lib/packaging/retrieve_spec.rb
-- spec/lib/packaging/repo_spec.rb
-- spec/lib/packaging/tar_spec.rb
-- spec/lib/packaging/deb/repo_spec.rb
 - spec/lib/packaging/platforms_spec.rb
 - spec/lib/packaging/artifactory_spec.rb
-- spec/lib/packaging/sign_spec.rb
+- spec/lib/packaging/tar_spec.rb
 - spec/lib/packaging/config_spec.rb
-- spec/lib/packaging/paths_spec.rb
 - spec/lib/packaging/deb_spec.rb
-- spec/lib/packaging/rpm/repo_spec.rb
+- spec/lib/packaging/deb/repo_spec.rb
+- spec/lib/packaging/repo_spec.rb
+- spec/lib/packaging/retrieve_spec.rb
+- spec/lib/packaging/sign_spec.rb
+- spec/lib/packaging/paths_spec.rb
 - spec/lib/packaging/util/git_tag_spec.rb
-- spec/lib/packaging/util/execution_spec.rb
-- spec/lib/packaging/util/version_spec.rb
-- spec/lib/packaging/util/misc_spec.rb
+- spec/lib/packaging/util/os_spec.rb
+- spec/lib/packaging/util/jenkins_spec.rb
+- spec/lib/packaging/util/gpg_spec.rb
 - spec/lib/packaging/util/net_spec.rb
-- spec/lib/packaging/util/rake_utils_spec.rb
 - spec/lib/packaging/util/ship_spec.rb
+- spec/lib/packaging/util/rake_utils_spec.rb
+- spec/lib/packaging/util/execution_spec.rb
+- spec/lib/packaging/util/misc_spec.rb
 - spec/lib/packaging/util/file_spec.rb
-- spec/lib/packaging/util/os_spec.rb
-- spec/lib/packaging/util/jenkins_spec.rb
 - spec/lib/packaging/util/git_spec.rb
-- spec/lib/packaging/util/gpg_spec.rb
+- spec/lib/packaging/util/version_spec.rb
+- spec/lib/packaging/rpm/repo_spec.rb
 - spec/lib/packaging_spec.rb