packaging 0.108.0 → 0.108.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/packaging/rpm/repo.rb +26 -8
- data/lib/packaging/sign/rpm.rb +113 -53
- data/spec/lib/packaging/rpm/repo_spec.rb +129 -72
- data/spec/lib/packaging/sign_spec.rb +82 -55
- metadata +19 -47
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f3fd1a48b6b204c719549f2d857edefc600eb504da996e5ec68c0298a11734c0
|
4
|
+
data.tar.gz: 2ccdf98e53f9cea5aaa92346517679e5c468bcc32f6ed6f81c22144906f8b1fe
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ef6517a8347b83b2adbe306302a4a6274a8854731b582f3ec0a1d1a7f6066e7655ad7bf953c40db9cdf359346068a4ebe4e0ebd9cb1cfac733533a1a7c27fe5f
|
7
|
+
data.tar.gz: e359e1e2c06be60e2cb668c2dd478cad89321e8bde6718968d697829dd6987d7800dde683c17325eb1c3be21470d8de497711da9f0610995ac7ea1aecde12697
|
data/lib/packaging/rpm/repo.rb
CHANGED
@@ -8,17 +8,35 @@ module Pkg::Rpm::Repo
|
|
8
8
|
"http://#{Pkg::Config.builds_server}/#{Pkg::Config.project}/#{Pkg::Config.ref}"
|
9
9
|
end
|
10
10
|
|
11
|
-
def ship_repo_configs(
|
12
|
-
|
13
|
-
|
11
|
+
def ship_repo_configs(repo_configs_directory = 'repo_configs')
|
12
|
+
local_repos_path = File.join('pkg', repo_configs_directory, 'rpm')
|
13
|
+
|
14
|
+
remote_repos_path = File.join(
|
15
|
+
Pkg::Config.jenkins_repo_path,
|
16
|
+
Pkg::Config.project,
|
17
|
+
Pkg::Config.ref,
|
18
|
+
repo_configs_directory,
|
19
|
+
'rpm'
|
20
|
+
)
|
21
|
+
|
22
|
+
if !Dir.exist?(local_repos_path) || Dir.empty?(local_repos_path)
|
23
|
+
warn "No repo_configs found in \"#{Dir.pwd}/#{local_repos_path}\". " \
|
24
|
+
'Skipping repo shipping.'
|
14
25
|
return
|
15
26
|
end
|
16
27
|
|
17
|
-
Pkg::Util::RakeUtils.invoke_task(
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
28
|
+
Pkg::Util::RakeUtils.invoke_task('pl:fetch')
|
29
|
+
Pkg::Util::Net.remote_execute(
|
30
|
+
Pkg::Config.distribution_server,
|
31
|
+
"mkdir -p #{remote_repos_path}"
|
32
|
+
)
|
33
|
+
|
34
|
+
Pkg::Util::Execution.retry_on_fail(times: 3) do
|
35
|
+
Pkg::Util::Net.rsync_to(
|
36
|
+
"#{local_repos_path}/",
|
37
|
+
Pkg::Config.distribution_server,
|
38
|
+
remote_repos_path
|
39
|
+
)
|
22
40
|
end
|
23
41
|
end
|
24
42
|
|
data/lib/packaging/sign/rpm.rb
CHANGED
@@ -1,72 +1,130 @@
|
|
1
1
|
module Pkg::Sign::Rpm
|
2
2
|
module_function
|
3
3
|
|
4
|
-
|
4
|
+
# For rpm v4-style signing, we have old (gpg < v2.1) style and new-style
|
5
|
+
# Dispatch those cases.
|
6
|
+
def sign(rpm_path, signing_version = :v4)
|
7
|
+
unless %i[v3 v4].include?(signing_version)
|
8
|
+
fail "Unknown signing version: #{signing_version}. Only ':v3' and ':v4' are supported"
|
9
|
+
end
|
10
|
+
|
11
|
+
if gpg_version_older_than_21?
|
12
|
+
sign_gpg_1(rpm_path, signing_version)
|
13
|
+
else
|
14
|
+
sign_gpg_2(rpm_path, signing_version)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
# Support old, old v3 RPM signing
|
19
|
+
def v3_sign(rpm)
|
20
|
+
sign(rpm, :v3)
|
21
|
+
end
|
22
|
+
alias :legacy_sign :v3_sign
|
23
|
+
|
24
|
+
# Construct GPG configuration, then call 'rpm --addsign' with it.
|
25
|
+
def sign_gpg_2(rpm_path, signing_version)
|
5
26
|
# To enable support for wrappers around rpm and thus support for gpg-agent
|
6
27
|
# rpm signing, we have to be able to tell the packaging repo what binary to
|
7
28
|
# use as the rpm signing tool.
|
29
|
+
rpm_executable = Pkg::Util::Tool.find_tool('rpm')
|
30
|
+
|
31
|
+
sign_command = %W[
|
32
|
+
#{rpm_executable} --addsign #{rpm_path}
|
33
|
+
#{define_gpg_name}
|
34
|
+
#{define_gpg_sign_cmd(signing_version)}
|
35
|
+
].join(' ')
|
36
|
+
|
37
|
+
Pkg::Util::Execution.capture3(sign_command, true)
|
38
|
+
end
|
39
|
+
|
40
|
+
def sign_gpg_1(rpm_path, signing_version)
|
41
|
+
# This allows for old-style wrapping of rpmsign with an expect script
|
8
42
|
rpm_executable = ENV['RPM'] || Pkg::Util::Tool.find_tool('rpm')
|
9
43
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
44
|
+
sign_command = %W[
|
45
|
+
#{rpm_executable} --addsign #{rpm_path}
|
46
|
+
#{define_gpg_check_password_cmd}
|
47
|
+
#{define_gpg_name}
|
48
|
+
#{define_gpg_sign_cmd(signing_version)}
|
49
|
+
].join(' ')
|
50
|
+
Pkg::Util::Execution.capture3(sign_command, true)
|
51
|
+
end
|
52
|
+
|
53
|
+
def define_gpg_name
|
54
|
+
"--define '%_gpg_name #{Pkg::Util::Gpg.key}'"
|
55
|
+
end
|
22
56
|
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
57
|
+
def define_gpg_sign_cmd(signing_version)
|
58
|
+
"--define '%__gpg_sign_cmd #{gpg_sign_cmd_macro(signing_version)}'"
|
59
|
+
end
|
60
|
+
|
61
|
+
def gpg_sign_cmd_macro(signing_version)
|
62
|
+
gpg_executable = Pkg::Util::Tool.find_tool('gpg')
|
29
63
|
|
30
64
|
# rubocop:disable Lint/NestedPercentLiteral
|
31
|
-
|
32
|
-
#{gpg_executable}
|
33
|
-
|
34
|
-
|
35
|
-
-
|
65
|
+
%W[
|
66
|
+
#{gpg_executable} --sign --detach-sign
|
67
|
+
#{signing_version_flags(signing_version)}
|
68
|
+
#{passphrase_fd_flag}
|
69
|
+
--batch --no-armor --no-secmem-warning
|
70
|
+
--local-user %{_gpg_name}
|
71
|
+
--output %{__signature_filename}
|
72
|
+
%{__plaintext_filename}
|
36
73
|
].join(' ')
|
37
74
|
# rubocop:enable Lint/NestedPercentLiteral
|
75
|
+
end
|
38
76
|
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
--
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
# This definition of %__gpg_sign_cmd is the default on modern rpm. We
|
48
|
-
# accept extra flags to override certain signing behavior for older
|
49
|
-
# versions of rpm, e.g. specifying V3 signatures instead of V4.
|
50
|
-
Pkg::Util::Execution.capture3(sign_command)
|
77
|
+
def signing_version_flags(signing_version)
|
78
|
+
case signing_version
|
79
|
+
when :v3
|
80
|
+
'--force-v3-sigs --digest-algo=sha1'
|
81
|
+
when :v4
|
82
|
+
''
|
83
|
+
else
|
84
|
+
fail "Unrecognized signing_version: '#{signing_version}'"
|
51
85
|
end
|
52
86
|
end
|
53
87
|
|
54
|
-
def
|
55
|
-
|
88
|
+
def passphrase_fd_flag
|
89
|
+
# We use passphrase caching on GPG >= 2.1, so no passphrase-fd is needed.
|
90
|
+
return '' unless gpg_version_older_than_21?
|
91
|
+
|
92
|
+
# If the user has provided us their gpg agent setup, don't muck with it.
|
93
|
+
return '' if Pkg::Util.boolean_value(ENV['RPM_GPG_AGENT'])
|
94
|
+
|
95
|
+
# Assume our old setup where expect is providing input on fd 3
|
96
|
+
return '--passphrase-fd 3'
|
56
97
|
end
|
57
98
|
|
58
|
-
def
|
99
|
+
def define_gpg_check_password_cmd
|
100
|
+
if Pkg::Util.boolean_value(ENV['RPM_GPG_AGENT'])
|
101
|
+
"--define '%__gpg_check_password_cmd /bin/true'"
|
102
|
+
else
|
103
|
+
''
|
104
|
+
end
|
105
|
+
end
|
106
|
+
|
107
|
+
def signed?(rpm)
|
59
108
|
# This should allow the `Pkg::Util::Gpg.key` method to fail if gpg_key is
|
60
109
|
# not set, before shelling out. We also only want the short key, all
|
61
110
|
# lowercase, since that's what the `rpm -Kv` output uses.
|
62
111
|
key = Pkg::Util::Gpg.key.downcase.chars.last(8).join
|
63
112
|
signature_check_output = %x(rpm --checksig --verbose #{rpm})
|
113
|
+
|
64
114
|
# If the signing key has not been loaded on the system this is running on,
|
65
115
|
# the check will exit 1, even if the rpm is signed, so we can't use capture3,
|
66
116
|
# which bails out with non-0 exit codes. Instead, check that the output
|
67
117
|
# looks more-or-less how we expect it to.
|
68
|
-
|
69
|
-
|
118
|
+
unless signature_check_output.include? "Header"
|
119
|
+
fail "Something went wrong checking the signature of #{rpm}."
|
120
|
+
end
|
121
|
+
|
122
|
+
signature_check_output.include? "key ID #{key}"
|
123
|
+
end
|
124
|
+
|
125
|
+
# For backwards compatibility
|
126
|
+
def has_sig?(rpm)
|
127
|
+
signed?(rpm)
|
70
128
|
end
|
71
129
|
|
72
130
|
def sign_all(rpm_directory)
|
@@ -97,8 +155,8 @@ module Pkg::Sign::Rpm
|
|
97
155
|
# We don't sign AIX rpms
|
98
156
|
next if platform_tag.include?('aix')
|
99
157
|
|
100
|
-
if
|
101
|
-
puts "#{rpm} is already signed
|
158
|
+
if signed?(rpm)
|
159
|
+
puts "#{rpm} is already signed. Skipping."
|
102
160
|
next
|
103
161
|
end
|
104
162
|
|
@@ -113,13 +171,13 @@ module Pkg::Sign::Rpm
|
|
113
171
|
end
|
114
172
|
|
115
173
|
unless v3_rpms.empty?
|
116
|
-
puts "Signing legacy (v3) rpms
|
117
|
-
|
174
|
+
puts "Signing legacy (v3) rpms:"
|
175
|
+
sign(v3_rpms.join(' '), :v3)
|
118
176
|
end
|
119
177
|
|
120
178
|
unless v4_rpms.empty?
|
121
|
-
puts "Signing modern (v4) rpms
|
122
|
-
sign(v4_rpms.join(' '))
|
179
|
+
puts "Signing modern (v4) rpms:"
|
180
|
+
sign(v4_rpms.join(' '), :v4)
|
123
181
|
end
|
124
182
|
|
125
183
|
# Using the map of paths to basenames, we re-hardlink the rpms we deleted.
|
@@ -128,16 +186,18 @@ module Pkg::Sign::Rpm
|
|
128
186
|
FileUtils.mkdir_p(File.dirname(link_path))
|
129
187
|
# Find paths where the signed rpm has the same basename, but different
|
130
188
|
# full path, as the one we need to link.
|
131
|
-
paths_to_link_to = rpms_to_sign.select
|
189
|
+
paths_to_link_to = rpms_to_sign.select do |rpm|
|
190
|
+
File.basename(rpm) == rpm_filename && rpm != link_path
|
191
|
+
end
|
132
192
|
paths_to_link_to.each do |path|
|
133
|
-
FileUtils.ln(path, link_path, :
|
193
|
+
FileUtils.ln(path, link_path, force: true, verbose: true)
|
134
194
|
end
|
135
195
|
end
|
136
196
|
end
|
137
197
|
|
138
|
-
def
|
139
|
-
|
140
|
-
gpg_version =
|
141
|
-
Gem::Version.new(gpg_version)
|
198
|
+
def gpg_version_older_than_21?
|
199
|
+
gpg_executable = Pkg::Util::Tool.find_tool('gpg')
|
200
|
+
gpg_version = %x(#{gpg_executable} --version).split(' ')[2]
|
201
|
+
Gem::Version.new(gpg_version) < Gem::Version.new('2.1.0')
|
142
202
|
end
|
143
203
|
end
|
@@ -1,20 +1,22 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
describe
|
4
|
-
let(:wget) {
|
5
|
-
let(:builds_server) {
|
6
|
-
let(:project) {
|
7
|
-
let(:ref) {
|
3
|
+
describe 'Pkg::Rpm::Repo' do
|
4
|
+
let(:wget) { '/opt/tools/bin/wget' }
|
5
|
+
let(:builds_server) { 'saturn.puppetlabs.net' }
|
6
|
+
let(:project) { 'rpm_repos' }
|
7
|
+
let(:ref) { '1234abcd' }
|
8
8
|
let(:base_url) { "http://#{builds_server}/#{project}/#{ref}" }
|
9
|
-
let(:mocks) { [
|
10
|
-
let(:wget_results)
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
let(:wget_garbage)
|
17
|
-
let(:repo_configs)
|
9
|
+
let(:mocks) { %w[el-5-i386 el-5-x86_64 el-5-SRPMS] }
|
10
|
+
let(:wget_results) do
|
11
|
+
mocks.map do |mock|
|
12
|
+
dist, version, arch = mock.split('-')
|
13
|
+
"http://#{builds_server}/#{project}/#{ref}/repos/#{dist}/#{version}/products/#{arch}/repodata/"
|
14
|
+
end.join("\n")
|
15
|
+
end
|
16
|
+
let(:wget_garbage) { "\nother things\n and an index\nhttp://somethingelse.com" }
|
17
|
+
let(:repo_configs) do
|
18
|
+
mocks.map { |mock| "pkg/repo_configs/rpm/pl-#{project}-#{ref}-#{mock}.repo" }
|
19
|
+
end
|
18
20
|
|
19
21
|
# Setup and tear down for the tests
|
20
22
|
around do |example|
|
@@ -34,99 +36,154 @@ describe "Pkg::Rpm::Repo" do
|
|
34
36
|
Pkg::Config.jenkins_repo_path = orig_repo_path
|
35
37
|
end
|
36
38
|
|
37
|
-
describe
|
38
|
-
it
|
39
|
-
Pkg::Util::Tool
|
40
|
-
|
39
|
+
describe '#generate_repo_configs' do
|
40
|
+
it 'fails if wget isn\'t available' do
|
41
|
+
allow(Pkg::Util::Tool)
|
42
|
+
.to receive(:find_tool)
|
43
|
+
.with('wget', { required: true })
|
44
|
+
.and_return(false)
|
45
|
+
expect { Pkg::Rpm::Repo.generate_repo_configs }.to raise_error(RuntimeError)
|
41
46
|
end
|
42
47
|
|
43
|
-
it
|
44
|
-
Pkg::Util::Tool
|
45
|
-
|
46
|
-
|
48
|
+
it 'warns if there are no rpm repos available for the build' do
|
49
|
+
expect(Pkg::Util::Tool)
|
50
|
+
.to receive(:find_tool)
|
51
|
+
.with('wget', { required: true })
|
52
|
+
.and_return(wget)
|
53
|
+
expect(Pkg::Util::Execution)
|
54
|
+
.to receive(:capture3)
|
55
|
+
.with("#{wget} --spider -r -l 5 --no-parent #{base_url}/repos/ 2>&1")
|
56
|
+
.and_return('')
|
57
|
+
expect(Pkg::Rpm::Repo)
|
58
|
+
.to receive(:warn)
|
59
|
+
.with("No rpm repos were found to generate configs from!")
|
47
60
|
Pkg::Rpm::Repo.generate_repo_configs
|
48
61
|
end
|
49
62
|
|
50
|
-
it
|
51
|
-
Pkg::Util::Tool
|
52
|
-
|
63
|
+
it 'writes the expected repo configs to disk' do
|
64
|
+
expect(Pkg::Util::Tool)
|
65
|
+
.to receive(:find_tool)
|
66
|
+
.with("wget", { required: true })
|
67
|
+
.and_return(wget)
|
68
|
+
expect(Pkg::Util::Execution)
|
69
|
+
.to receive(:capture3)
|
70
|
+
.with("#{wget} --spider -r -l 5 --no-parent #{base_url}/repos/ 2>&1")
|
71
|
+
.and_return(wget_results + wget_garbage)
|
53
72
|
wget_results.split.each do |result|
|
54
73
|
cur_result = result.chomp('repodata/')
|
55
|
-
Pkg::Util::Execution
|
74
|
+
expect(Pkg::Util::Execution)
|
75
|
+
.to receive(:capture3)
|
76
|
+
.with("#{wget} --spider -r -l 1 --no-parent #{cur_result} 2>&1")
|
77
|
+
.and_return("#{cur_result}/thing.rpm")
|
56
78
|
end
|
57
|
-
FileUtils.
|
79
|
+
expect(FileUtils).to receive(:mkdir_p).with('pkg/repo_configs/rpm')
|
58
80
|
config = []
|
59
81
|
repo_configs.each_with_index do |repo_config, i|
|
60
|
-
Pkg::Paths.
|
61
|
-
Pkg::Platforms.
|
82
|
+
expect(Pkg::Paths).to receive(:tag_from_artifact_path).and_return(mocks[i])
|
83
|
+
expect(Pkg::Platforms).to receive(:parse_platform_tag).and_return(mocks[i].split('-'))
|
62
84
|
config[i] = double(File)
|
63
|
-
File.
|
64
|
-
config[i].
|
85
|
+
expect(File).to receive(:open).with(repo_config, 'w').and_yield(config[i])
|
86
|
+
expect(config[i]).to receive(:puts)
|
65
87
|
end
|
66
88
|
Pkg::Rpm::Repo.generate_repo_configs
|
67
89
|
end
|
68
90
|
end
|
69
91
|
|
70
|
-
describe
|
71
|
-
it
|
72
|
-
Pkg::Util::Tool
|
73
|
-
|
92
|
+
describe '#retrieve_repo_configs' do
|
93
|
+
it 'fails if wget isn\'t available' do
|
94
|
+
allow(Pkg::Util::Tool)
|
95
|
+
.to receive(:find_tool)
|
96
|
+
.with('wget', { required: true })
|
97
|
+
.and_return(false)
|
98
|
+
expect { Pkg::Rpm::Repo.generate_repo_configs }.to raise_error(RuntimeError)
|
74
99
|
end
|
75
100
|
|
76
|
-
it
|
77
|
-
Pkg::Util::Tool
|
78
|
-
|
79
|
-
|
80
|
-
|
101
|
+
it 'fails if there are no deb repos available for the build' do
|
102
|
+
expect(Pkg::Util::Tool)
|
103
|
+
.to receive(:find_tool)
|
104
|
+
.with('wget', { required: true })
|
105
|
+
.and_return(wget)
|
106
|
+
expect(FileUtils)
|
107
|
+
.to receive(:mkdir_p)
|
108
|
+
.with('pkg/repo_configs')
|
109
|
+
.and_return(true)
|
110
|
+
expect(Pkg::Util::Execution)
|
111
|
+
.to receive(:capture3)
|
112
|
+
.with("#{wget} -r -np -nH --cut-dirs 3 -P pkg/repo_configs --reject 'index*' #{base_url}/repo_configs/rpm/")
|
113
|
+
.and_raise(RuntimeError)
|
114
|
+
expect { Pkg::Rpm::Repo.retrieve_repo_configs }
|
115
|
+
.to raise_error(RuntimeError, /Couldn't retrieve rpm yum repo configs/)
|
81
116
|
end
|
82
117
|
end
|
83
118
|
|
84
|
-
describe
|
85
|
-
let(:command) {
|
86
|
-
let(:target_directory) {
|
119
|
+
describe '#create_local_repos' do
|
120
|
+
let(:command) { '/usr/bin/make some repos' }
|
121
|
+
let(:target_directory) { '/tmp/dir/thing' }
|
87
122
|
|
88
|
-
it
|
89
|
-
Pkg::Rpm::Repo
|
90
|
-
|
123
|
+
it 'makes a repo in the target directory' do
|
124
|
+
expect(Pkg::Rpm::Repo)
|
125
|
+
.to receive(:repo_creation_command)
|
126
|
+
.with(target_directory)
|
127
|
+
.and_return("run this thing")
|
128
|
+
expect(Pkg::Util::Execution)
|
129
|
+
.to receive(:capture3)
|
130
|
+
.with("bash -c 'run this thing'")
|
91
131
|
Pkg::Rpm::Repo.create_local_repos(target_directory)
|
92
132
|
end
|
93
133
|
end
|
94
134
|
|
95
|
-
describe
|
96
|
-
let(:command) {
|
97
|
-
let(:artifact_directory) {
|
135
|
+
describe '#create_remote_repos' do
|
136
|
+
let(:command) { '/usr/bin/make some repos' }
|
137
|
+
let(:artifact_directory) { '/tmp/dir/thing' }
|
98
138
|
let(:pkg_directories) { ['el-6-i386', 'el/7/x86_64'] }
|
99
139
|
|
100
|
-
it
|
101
|
-
File.
|
102
|
-
Pkg::Repo.
|
103
|
-
Pkg::Repo.
|
104
|
-
Pkg::Rpm::Repo.
|
105
|
-
Pkg::Util::Net
|
106
|
-
|
107
|
-
|
108
|
-
Pkg::
|
140
|
+
it 'makes a repo in the target directory' do
|
141
|
+
allow(File).to receive(:join).and_return(artifact_directory)
|
142
|
+
expect(Pkg::Repo).to receive(:directories_that_contain_packages).and_return(pkg_directories)
|
143
|
+
expect(Pkg::Repo).to receive(:populate_repo_directory)
|
144
|
+
expect(Pkg::Rpm::Repo).to receive(:repo_creation_command).and_return(command)
|
145
|
+
expect(Pkg::Util::Net)
|
146
|
+
.to receive(:remote_execute)
|
147
|
+
.with(Pkg::Config.distribution_server, command)
|
148
|
+
expect(Pkg::Rpm::Repo).to receive(:generate_repo_configs)
|
149
|
+
expect(Pkg::Rpm::Repo).to receive(:ship_repo_configs)
|
150
|
+
expect(Pkg::Util::Net)
|
151
|
+
.to receive(:remote_execute)
|
152
|
+
.with(Pkg::Config.distribution_server, "rm -f #{artifact_directory}/repos/.lock")
|
109
153
|
Pkg::Rpm::Repo.create_remote_repos
|
110
154
|
end
|
111
155
|
end
|
112
156
|
|
113
|
-
describe
|
114
|
-
it
|
115
|
-
Pkg::
|
116
|
-
|
157
|
+
describe '#ship_repo_configs' do
|
158
|
+
it 'warn if there are no repo configs to ship' do
|
159
|
+
Pkg::Config.jenkins_repo_path = '/a/b/c/d'
|
160
|
+
expect(Dir).to receive(:exist?).with("pkg/repo_configs/rpm").and_return(false)
|
161
|
+
expect(Pkg::Rpm::Repo).to receive(:warn)
|
162
|
+
expect(Pkg::Util::RakeUtils).not_to receive(:invoke_task)
|
117
163
|
Pkg::Rpm::Repo.ship_repo_configs
|
118
164
|
end
|
119
165
|
|
120
|
-
it
|
121
|
-
Pkg::Config.jenkins_repo_path =
|
122
|
-
Pkg::Config.project =
|
123
|
-
Pkg::Config.ref =
|
124
|
-
Pkg::Config.distribution_server =
|
125
|
-
repo_dir =
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
166
|
+
it 'ships repo configs to the build server' do
|
167
|
+
Pkg::Config.jenkins_repo_path = '/a/b/c/d'
|
168
|
+
Pkg::Config.project = 'thing2'
|
169
|
+
Pkg::Config.ref = 'abcd1234'
|
170
|
+
Pkg::Config.distribution_server = 'a.host.that.wont.exist'
|
171
|
+
repo_dir = File.join(
|
172
|
+
Pkg::Config.jenkins_repo_path,
|
173
|
+
Pkg::Config.project,
|
174
|
+
Pkg::Config.ref,
|
175
|
+
'repo_configs',
|
176
|
+
'rpm'
|
177
|
+
)
|
178
|
+
expect(Dir).to receive(:exist?).with('pkg/repo_configs/rpm').and_return(true)
|
179
|
+
expect(Dir).to receive(:empty?).with('pkg/repo_configs/rpm').and_return(false)
|
180
|
+
expect(Pkg::Util::RakeUtils).to receive(:invoke_task).with('pl:fetch')
|
181
|
+
expect(Pkg::Util::Net)
|
182
|
+
.to receive(:remote_execute)
|
183
|
+
.with(Pkg::Config.distribution_server, "mkdir -p #{repo_dir}")
|
184
|
+
expect(Pkg::Util::Net)
|
185
|
+
.to receive(:rsync_to)
|
186
|
+
.with('pkg/repo_configs/rpm/', Pkg::Config.distribution_server, repo_dir)
|
130
187
|
Pkg::Rpm::Repo.ship_repo_configs
|
131
188
|
end
|
132
189
|
end
|
@@ -3,91 +3,118 @@ require 'packaging/sign'
|
|
3
3
|
|
4
4
|
describe 'Pkg::Sign' do
|
5
5
|
describe 'Pkg::Sign::Rpm' do
|
6
|
-
|
7
6
|
before :each do
|
8
7
|
allow(Pkg::Config).to receive(:gpg_key).and_return('7F438280EF8D349F')
|
9
8
|
end
|
10
9
|
|
11
|
-
describe '#
|
10
|
+
describe '#signed?' do
|
12
11
|
let(:rpm) { 'foo.rpm' }
|
13
|
-
let(:el7_signed_response)
|
14
|
-
|
15
|
-
Header
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
12
|
+
let(:el7_signed_response) do
|
13
|
+
<<~DOC
|
14
|
+
Header V4 RSA/SHA256 Signature, key ID ef8d349f: NOKEY
|
15
|
+
Header SHA1 digest: OK (3cb7e9861e8bc09783a1b6c8d88243a3c16daa81)
|
16
|
+
V4 RSA/SHA256 Signature, key ID ef8d349f: NOKEY
|
17
|
+
MD5 digest: OK (d5f06ba2a9053de532326d0659ec0d11)
|
18
|
+
DOC
|
19
|
+
end
|
20
|
+
|
21
|
+
let(:sles12_signed_response) do
|
22
|
+
<<~DOC
|
23
|
+
Header V4 RSA/SHA256 Signature, key ID ef8d349f: NOKEY
|
24
|
+
Header SHA1 digest: OK (e713487cf21ebeb933aefd5ec9211a34603233d2)
|
25
|
+
V4 RSA/SHA256 Signature, key ID ef8d349f: NOKEY
|
26
|
+
MD5 digest: OK (3093a09ac39bc17751f913e19ca74432)
|
27
|
+
DOC
|
28
|
+
end
|
29
|
+
|
30
|
+
let(:unsigned_response) do
|
31
|
+
<<~DOC
|
32
|
+
Header SHA1 digest: OK (f9404cc95f200568c2dbb1fd24e1119e3e4a40a9)
|
33
|
+
MD5 digest: OK (816095f3cee145091c3fa07a0915ce85)
|
34
|
+
DOC
|
35
|
+
end
|
36
|
+
|
32
37
|
it 'returns true if rpm has been signed (el7)' do
|
33
38
|
allow(Pkg::Sign::Rpm).to receive(:`).and_return(el7_signed_response)
|
34
|
-
expect(Pkg::Sign::Rpm.
|
39
|
+
expect(Pkg::Sign::Rpm.signed?(rpm)).to be true
|
35
40
|
end
|
36
41
|
it 'returns true if rpm has been signed (sles12)' do
|
37
42
|
allow(Pkg::Sign::Rpm).to receive(:`).and_return(sles12_signed_response)
|
38
|
-
expect(Pkg::Sign::Rpm.
|
43
|
+
expect(Pkg::Sign::Rpm.signed?(rpm)).to be true
|
39
44
|
end
|
40
45
|
it 'returns false if rpm has not been signed' do
|
41
46
|
allow(Pkg::Sign::Rpm).to receive(:`).and_return(unsigned_response)
|
42
|
-
expect(Pkg::Sign::Rpm.
|
47
|
+
expect(Pkg::Sign::Rpm.signed?(rpm)).to be false
|
43
48
|
end
|
44
49
|
it 'fails with unexpected output' do
|
45
|
-
allow(Pkg::Sign::Rpm)
|
46
|
-
|
50
|
+
allow(Pkg::Sign::Rpm)
|
51
|
+
.to receive(:`)
|
52
|
+
.and_return('something that is definitely not a normal response')
|
53
|
+
expect { Pkg::Sign::Rpm.signed?(rpm) }
|
54
|
+
.to raise_error(RuntimeError, /Something went wrong checking the signature/)
|
47
55
|
end
|
48
56
|
it 'fails if gpg_key is not set' do
|
49
57
|
allow(Pkg::Config).to receive(:gpg_key).and_return(nil)
|
50
|
-
expect { Pkg::Sign::Rpm.
|
58
|
+
expect { Pkg::Sign::Rpm.signed?(rpm) }
|
59
|
+
.to raise_error(RuntimeError, /You need to set `gpg_key` in your build defaults./)
|
51
60
|
end
|
52
61
|
end
|
53
62
|
|
54
63
|
describe '#sign_all' do
|
55
64
|
let(:rpm_directory) { Dir.mktmpdir }
|
56
|
-
let(:rpms_not_to_sign)
|
57
|
-
"#{rpm_directory}/aix/7.1/PC1/ppc/puppet-agent-5.5.3-1.aix7.1.ppc.rpm"
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
+
let(:rpms_not_to_sign) do
|
66
|
+
["#{rpm_directory}/aix/7.1/PC1/ppc/puppet-agent-5.5.3-1.aix7.1.ppc.rpm"]
|
67
|
+
end
|
68
|
+
|
69
|
+
let(:v3_rpms) do
|
70
|
+
["#{rpm_directory}/sles/11/PC1/x86_64/puppet-agent-5.5.3-1.sles11.x86_64.rpm"]
|
71
|
+
end
|
72
|
+
|
73
|
+
let(:v4_rpms) do
|
74
|
+
["#{rpm_directory}/el/7/PC1/aarch64/puppet-agent-5.5.3-1.el7.aarch64.rpm"]
|
75
|
+
end
|
76
|
+
|
65
77
|
let(:rpms) { rpms_not_to_sign + v3_rpms + v4_rpms }
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
78
|
+
|
79
|
+
let(:already_signed_rpms) do
|
80
|
+
["#{rpm_directory}/el/6/PC1/x86_64/puppet-agent-5.5.3-1.el6.x86_64.rpm"]
|
81
|
+
end
|
82
|
+
|
83
|
+
let(:noarch_rpms) do
|
84
|
+
[
|
85
|
+
"#{rpm_directory}/el/6/puppet5/i386/puppetserver-5.3.3-1.el6.noarch.rpm",
|
86
|
+
"#{rpm_directory}/el/6/puppet5/x86_64/puppetserver-5.3.3-1.el6.noarch.rpm",
|
87
|
+
"#{rpm_directory}/el/7/puppet5/i386/puppetserver-5.3.3-1.el7.noarch.rpm",
|
88
|
+
"#{rpm_directory}/el/7/puppet5/x86_64/puppetserver-5.3.3-1.el7.noarch.rpm",
|
89
|
+
"#{rpm_directory}/sles/12/puppet5/i386/puppetserver-5.3.3-1.sles12.noarch.rpm",
|
90
|
+
"#{rpm_directory}/sles/12/puppet5/x86_64/puppetserver-5.3.3-1.sles12.noarch.rpm"
|
91
|
+
]
|
92
|
+
end
|
77
93
|
|
78
94
|
it 'signs both v3 and v4 rpms' do
|
79
95
|
allow(Dir).to receive(:[]).with("#{rpm_directory}/**/*.rpm").and_return(rpms)
|
80
96
|
rpms.each do |rpm|
|
81
|
-
allow(Pkg::Sign::Rpm).to receive(:
|
97
|
+
allow(Pkg::Sign::Rpm).to receive(:signed?).and_return(false)
|
82
98
|
end
|
83
|
-
|
84
|
-
|
99
|
+
|
100
|
+
v3_items = v3_rpms.length
|
101
|
+
v4_items = v4_rpms.length
|
102
|
+
|
103
|
+
expect(Pkg::Sign::Rpm)
|
104
|
+
.to receive(:sign)
|
105
|
+
.with(v3_rpms.join(' '), :v3)
|
106
|
+
.exactly(v3_items).times
|
107
|
+
expect(Pkg::Sign::Rpm)
|
108
|
+
.to receive(:sign)
|
109
|
+
.with(v4_rpms.join(' '), :v4)
|
110
|
+
.exactly(v4_items).times
|
111
|
+
|
85
112
|
Pkg::Sign::Rpm.sign_all(rpm_directory)
|
86
113
|
end
|
87
114
|
|
88
115
|
it 'does not sign AIX rpms' do
|
89
116
|
allow(Dir).to receive(:[]).with("#{rpm_directory}/**/*.rpm").and_return(rpms_not_to_sign)
|
90
|
-
allow(Pkg::Sign::Rpm).to receive(:
|
117
|
+
allow(Pkg::Sign::Rpm).to receive(:signed?)
|
91
118
|
expect(Pkg::Sign::Rpm).to_not receive(:legacy_sign)
|
92
119
|
expect(Pkg::Sign::Rpm).to_not receive(:sign)
|
93
120
|
Pkg::Sign::Rpm.sign_all(rpm_directory)
|
@@ -96,7 +123,7 @@ DOC
|
|
96
123
|
it 'does not sign already-signed rpms' do
|
97
124
|
allow(Dir).to receive(:[]).with("#{rpm_directory}/**/*.rpm").and_return(already_signed_rpms)
|
98
125
|
already_signed_rpms.each do |rpm|
|
99
|
-
allow(Pkg::Sign::Rpm).to receive(:
|
126
|
+
allow(Pkg::Sign::Rpm).to receive(:signed?).and_return(true)
|
100
127
|
end
|
101
128
|
expect(Pkg::Sign::Rpm).to_not receive(:legacy_sign)
|
102
129
|
expect(Pkg::Sign::Rpm).to_not receive(:sign)
|
@@ -106,9 +133,9 @@ DOC
|
|
106
133
|
it 'deletes and relinks rpms with the same basename' do
|
107
134
|
allow(Dir).to receive(:[]).with("#{rpm_directory}/**/*.rpm").and_return(noarch_rpms)
|
108
135
|
allow(Pkg::Sign::Rpm).to receive(:sign)
|
109
|
-
allow(Pkg::Sign::Rpm).to receive(:
|
110
|
-
expect(FileUtils).to receive(:rm).exactly(noarch_rpms.count/2).times
|
111
|
-
expect(FileUtils).to receive(:ln).exactly(noarch_rpms.count/2).times
|
136
|
+
allow(Pkg::Sign::Rpm).to receive(:signed?)
|
137
|
+
expect(FileUtils).to receive(:rm).exactly(noarch_rpms.count / 2).times
|
138
|
+
expect(FileUtils).to receive(:ln).exactly(noarch_rpms.count / 2).times
|
112
139
|
Pkg::Sign::Rpm.sign_all(rpm_directory)
|
113
140
|
end
|
114
141
|
|
metadata
CHANGED
@@ -1,43 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: packaging
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.108.
|
4
|
+
version: 0.108.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Puppet Labs
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-02-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
-
- !ruby/object:Gem::Dependency
|
14
|
-
name: pry
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
16
|
-
requirements:
|
17
|
-
- - ">="
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: '0'
|
20
|
-
type: :development
|
21
|
-
prerelease: false
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
23
|
-
requirements:
|
24
|
-
- - ">="
|
25
|
-
- !ruby/object:Gem::Version
|
26
|
-
version: '0'
|
27
|
-
- !ruby/object:Gem::Dependency
|
28
|
-
name: pry-byebug
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
30
|
-
requirements:
|
31
|
-
- - ">="
|
32
|
-
- !ruby/object:Gem::Version
|
33
|
-
version: '0'
|
34
|
-
type: :development
|
35
|
-
prerelease: false
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
37
|
-
requirements:
|
38
|
-
- - ">="
|
39
|
-
- !ruby/object:Gem::Version
|
40
|
-
version: '0'
|
41
13
|
- !ruby/object:Gem::Dependency
|
42
14
|
name: rspec
|
43
15
|
requirement: !ruby/object:Gem::Requirement
|
@@ -323,28 +295,28 @@ signing_key:
|
|
323
295
|
specification_version: 4
|
324
296
|
summary: Puppet Labs' packaging automation
|
325
297
|
test_files:
|
298
|
+
- spec/lib/packaging/config_spec.rb
|
326
299
|
- spec/lib/packaging/platforms_spec.rb
|
327
|
-
- spec/lib/packaging/
|
328
|
-
- spec/lib/packaging/
|
329
|
-
- spec/lib/packaging/
|
330
|
-
- spec/lib/packaging/
|
331
|
-
- spec/lib/packaging/
|
332
|
-
- spec/lib/packaging/util/git_tag_spec.rb
|
333
|
-
- spec/lib/packaging/util/net_spec.rb
|
334
|
-
- spec/lib/packaging/util/os_spec.rb
|
300
|
+
- spec/lib/packaging/gem_spec.rb
|
301
|
+
- spec/lib/packaging/sign_spec.rb
|
302
|
+
- spec/lib/packaging/paths_spec.rb
|
303
|
+
- spec/lib/packaging/deb/repo_spec.rb
|
304
|
+
- spec/lib/packaging/rpm/repo_spec.rb
|
335
305
|
- spec/lib/packaging/util/git_spec.rb
|
306
|
+
- spec/lib/packaging/util/os_spec.rb
|
307
|
+
- spec/lib/packaging/util/gpg_spec.rb
|
336
308
|
- spec/lib/packaging/util/execution_spec.rb
|
309
|
+
- spec/lib/packaging/util/git_tag_spec.rb
|
310
|
+
- spec/lib/packaging/util/net_spec.rb
|
311
|
+
- spec/lib/packaging/util/ship_spec.rb
|
312
|
+
- spec/lib/packaging/util/rake_utils_spec.rb
|
313
|
+
- spec/lib/packaging/util/file_spec.rb
|
337
314
|
- spec/lib/packaging/util/version_spec.rb
|
338
315
|
- spec/lib/packaging/util/misc_spec.rb
|
339
|
-
- spec/lib/packaging/util/
|
340
|
-
- spec/lib/packaging/
|
341
|
-
- spec/lib/packaging/deb/repo_spec.rb
|
316
|
+
- spec/lib/packaging/util/jenkins_spec.rb
|
317
|
+
- spec/lib/packaging/deb_spec.rb
|
342
318
|
- spec/lib/packaging/tar_spec.rb
|
343
|
-
- spec/lib/packaging/gem_spec.rb
|
344
|
-
- spec/lib/packaging/paths_spec.rb
|
345
|
-
- spec/lib/packaging/config_spec.rb
|
346
|
-
- spec/lib/packaging/rpm/repo_spec.rb
|
347
|
-
- spec/lib/packaging/sign_spec.rb
|
348
319
|
- spec/lib/packaging/repo_spec.rb
|
349
|
-
- spec/lib/packaging/
|
320
|
+
- spec/lib/packaging/artifactory_spec.rb
|
321
|
+
- spec/lib/packaging/retrieve_spec.rb
|
350
322
|
- spec/lib/packaging_spec.rb
|