packaging 0.107.0 → 0.107.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/packaging/config/params.rb +4 -0
- data/lib/packaging/platforms.rb +8 -0
- data/lib/packaging/sign/msi.rb +3 -2
- data/lib/packaging/sign/rpm.rb +30 -2
- data/tasks/jenkins.rake +8 -0
- metadata +16 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 58c36fb031eb51f2a6a48a7ceca4813c5b2f144000885489e3d1119be3ec0f98
|
4
|
+
data.tar.gz: f71d81c0fdf37a931a7d25361ed5fa01ede3993afd6c0dafab651db5b38a916c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 146a581e6b6d1bc657d3f86174721e96797a274c563370c3543aae7aceab9bf403ae99ccceefdec67479bd6ad0155fb6ea7fc0b977cf3725ab7633f7ed05ec31
|
7
|
+
data.tar.gz: 20f9df21502521ba2c07fb7a0b9679f87f02a127960bdd1694ee423591f777a97544487867400d5fd27b96ebee3cf87ae09708e58c1c6dcaa4f609f32ac1c8da
|
@@ -55,6 +55,8 @@ module Pkg::Params
|
|
55
55
|
foss_platforms
|
56
56
|
freight_archive_path
|
57
57
|
freight_conf
|
58
|
+
gcp_signed_bucket
|
59
|
+
gcp_tosign_bucket
|
58
60
|
gem_default_executables
|
59
61
|
gem_dependencies
|
60
62
|
gem_description
|
@@ -228,6 +230,8 @@ module Pkg::Params
|
|
228
230
|
{ :var => :foss_only, :envvar => :FOSS_ONLY, :type => :bool },
|
229
231
|
{ :var => :foss_platforms, :envvar => :FOSS_PLATFORMS, :type => :array },
|
230
232
|
{ :var => :freight_archive_path, :envvar => :FREIGHT_ARCHIVE_PATH },
|
233
|
+
{ :var => :gcp_signed_bucket, :envvar => :GCP_SIGNED_BUCKET },
|
234
|
+
{ :var => :gcp_tosign_bucket, :envvar => :GCP_TOSIGN_BUCKET },
|
231
235
|
{ :var => :gem_host, :envvar => :GEM_HOST },
|
232
236
|
{ :var => :gpg_key, :envvar => :GPG_KEY },
|
233
237
|
{ :var => :gpg_name, :envvar => :GPG_NAME },
|
data/lib/packaging/platforms.rb
CHANGED
@@ -99,6 +99,14 @@ module Pkg
|
|
99
99
|
signature_format: 'v4',
|
100
100
|
repo: true,
|
101
101
|
},
|
102
|
+
'36' => {
|
103
|
+
architectures: ['x86_64'],
|
104
|
+
source_architecture: 'SRPMS',
|
105
|
+
package_format: 'rpm',
|
106
|
+
source_package_formats: ['src.rpm'],
|
107
|
+
signature_format: 'v4',
|
108
|
+
repo: true,
|
109
|
+
},
|
102
110
|
},
|
103
111
|
|
104
112
|
'osx' => {
|
data/lib/packaging/sign/msi.rb
CHANGED
@@ -26,8 +26,9 @@ module Pkg::Sign::Msi
|
|
26
26
|
project_id: 'puppet-release-engineering',
|
27
27
|
credentials: gcp_service_account_credentials
|
28
28
|
)
|
29
|
-
|
30
|
-
|
29
|
+
|
30
|
+
tosign_bucket = gcp_storage.bucket(Pkg::Config.gcp_tosign_bucket)
|
31
|
+
signed_bucket = gcp_storage.bucket(Pkg::Config.gcp_signed_bucket)
|
31
32
|
|
32
33
|
service_uri = URI.parse(signing_service_url)
|
33
34
|
headers = { 'Content-Type': 'application/json', 'Authorization': "Bearer #{gcp_auth_token}" }
|
data/lib/packaging/sign/rpm.rb
CHANGED
@@ -5,7 +5,7 @@ module Pkg::Sign::Rpm
|
|
5
5
|
# To enable support for wrappers around rpm and thus support for gpg-agent
|
6
6
|
# rpm signing, we have to be able to tell the packaging repo what binary to
|
7
7
|
# use as the rpm signing tool.
|
8
|
-
|
8
|
+
rpm_executable = ENV['RPM'] || Pkg::Util::Tool.find_tool('rpm')
|
9
9
|
|
10
10
|
# If we're using the gpg agent for rpm signing, we don't want to specify the
|
11
11
|
# input for the passphrase, which is what '--passphrase-fd 3' does. However,
|
@@ -20,12 +20,34 @@ module Pkg::Sign::Rpm
|
|
20
20
|
input_flag = "--passphrase-fd 3"
|
21
21
|
end
|
22
22
|
|
23
|
+
# If gpg version is >=2.1, use the gpg1 binary to sign. Otherwise, use the standard sign command.
|
24
|
+
gpg_executable = if gpg_version_greater_than_21?
|
25
|
+
"%__gpg /usr/bin/gpg1' --define '%__gpg_sign_cmd %{__gpg} gpg1"
|
26
|
+
else
|
27
|
+
'%__gpg_sign_cmd %{__gpg} gpg'
|
28
|
+
end
|
29
|
+
|
30
|
+
# rubocop:disable Lint/NestedPercentLiteral
|
31
|
+
gpg_signing_macro = %W[
|
32
|
+
#{gpg_executable} #{sign_flags} #{input_flag}
|
33
|
+
--batch --no-verbose --no-armor
|
34
|
+
--no-secmem-warning -u %{_gpg_name}
|
35
|
+
-sbo %{__signature_filename} %{__plaintext_filename}
|
36
|
+
].join(' ')
|
37
|
+
# rubocop:enable Lint/NestedPercentLiteral
|
38
|
+
|
39
|
+
sign_command = %W[
|
40
|
+
#{rpm_executable} #{gpg_check_command}
|
41
|
+
--define '%_gpg_name #{Pkg::Util::Gpg.key}'
|
42
|
+
--define '#{gpg_signing_macro}' --addsign #{rpm}
|
43
|
+
].join(' ')
|
44
|
+
|
23
45
|
# Try this up to 5 times, to allow for incorrect passwords
|
24
46
|
Pkg::Util::Execution.retry_on_fail(:times => 5) do
|
25
47
|
# This definition of %__gpg_sign_cmd is the default on modern rpm. We
|
26
48
|
# accept extra flags to override certain signing behavior for older
|
27
49
|
# versions of rpm, e.g. specifying V3 signatures instead of V4.
|
28
|
-
Pkg::Util::Execution.capture3(
|
50
|
+
Pkg::Util::Execution.capture3(sign_command)
|
29
51
|
end
|
30
52
|
end
|
31
53
|
|
@@ -112,4 +134,10 @@ module Pkg::Sign::Rpm
|
|
112
134
|
end
|
113
135
|
end
|
114
136
|
end
|
137
|
+
|
138
|
+
def gpg_version_greater_than_21?
|
139
|
+
gpg_version_output = %x(gpg --version)
|
140
|
+
gpg_version = gpg_version_output.split(' ')[2]
|
141
|
+
Gem::Version.new(gpg_version) >= Gem::Version.new('2.1.0')
|
142
|
+
end
|
115
143
|
end
|
data/tasks/jenkins.rake
CHANGED
@@ -314,6 +314,14 @@ namespace :pl do
|
|
314
314
|
Rake::Task['pl:remote:update_foss_repos'].invoke
|
315
315
|
Rake::Task['pl:remote:deploy_final_builds_to_s3'].invoke
|
316
316
|
Rake::Task['pl:remote:deploy_to_rsync_server'].invoke
|
317
|
+
|
318
|
+
# This serves as a cheap feature toggle to avoid things not ready to
|
319
|
+
# use it. It should be removed in future versions.
|
320
|
+
if ENV['STABLE_SHIP_TO_GCP']
|
321
|
+
## apt.repos.puppet.com
|
322
|
+
Rake::Task['pl:stage_stable_debs'].invoke
|
323
|
+
Rake::Task['pl:remote:sync_apt_repo_to_gcp'].invoke
|
324
|
+
end
|
317
325
|
end
|
318
326
|
|
319
327
|
task :stage_release_packages => "pl:fetch" do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: packaging
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.107.
|
4
|
+
version: 0.107.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Puppet Labs
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-09-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: pry
|
@@ -324,27 +324,27 @@ specification_version: 4
|
|
324
324
|
summary: Puppet Labs' packaging automation
|
325
325
|
test_files:
|
326
326
|
- spec/lib/packaging/gem_spec.rb
|
327
|
-
- spec/lib/packaging/retrieve_spec.rb
|
328
|
-
- spec/lib/packaging/repo_spec.rb
|
329
|
-
- spec/lib/packaging/tar_spec.rb
|
330
|
-
- spec/lib/packaging/deb/repo_spec.rb
|
331
327
|
- spec/lib/packaging/platforms_spec.rb
|
332
328
|
- spec/lib/packaging/artifactory_spec.rb
|
333
|
-
- spec/lib/packaging/
|
329
|
+
- spec/lib/packaging/tar_spec.rb
|
334
330
|
- spec/lib/packaging/config_spec.rb
|
335
|
-
- spec/lib/packaging/paths_spec.rb
|
336
331
|
- spec/lib/packaging/deb_spec.rb
|
337
|
-
- spec/lib/packaging/
|
332
|
+
- spec/lib/packaging/deb/repo_spec.rb
|
333
|
+
- spec/lib/packaging/repo_spec.rb
|
334
|
+
- spec/lib/packaging/retrieve_spec.rb
|
335
|
+
- spec/lib/packaging/sign_spec.rb
|
336
|
+
- spec/lib/packaging/paths_spec.rb
|
338
337
|
- spec/lib/packaging/util/git_tag_spec.rb
|
339
|
-
- spec/lib/packaging/util/
|
340
|
-
- spec/lib/packaging/util/
|
341
|
-
- spec/lib/packaging/util/
|
338
|
+
- spec/lib/packaging/util/os_spec.rb
|
339
|
+
- spec/lib/packaging/util/jenkins_spec.rb
|
340
|
+
- spec/lib/packaging/util/gpg_spec.rb
|
342
341
|
- spec/lib/packaging/util/net_spec.rb
|
343
|
-
- spec/lib/packaging/util/rake_utils_spec.rb
|
344
342
|
- spec/lib/packaging/util/ship_spec.rb
|
343
|
+
- spec/lib/packaging/util/rake_utils_spec.rb
|
344
|
+
- spec/lib/packaging/util/execution_spec.rb
|
345
|
+
- spec/lib/packaging/util/misc_spec.rb
|
345
346
|
- spec/lib/packaging/util/file_spec.rb
|
346
|
-
- spec/lib/packaging/util/os_spec.rb
|
347
|
-
- spec/lib/packaging/util/jenkins_spec.rb
|
348
347
|
- spec/lib/packaging/util/git_spec.rb
|
349
|
-
- spec/lib/packaging/util/
|
348
|
+
- spec/lib/packaging/util/version_spec.rb
|
349
|
+
- spec/lib/packaging/rpm/repo_spec.rb
|
350
350
|
- spec/lib/packaging_spec.rb
|