packaging 0.88.77 → 0.99.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/README.md +128 -74
- data/lib/packaging/artifactory.rb +60 -433
- data/lib/packaging/config/params.rb +7 -28
- data/lib/packaging/config.rb +50 -150
- data/lib/packaging/deb/repo.rb +19 -20
- data/lib/packaging/gem.rb +83 -41
- data/lib/packaging/ips.rb +57 -0
- data/lib/packaging/msi.rb +89 -0
- data/lib/packaging/nuget.rb +1 -1
- data/lib/packaging/osx.rb +36 -0
- data/lib/packaging/paths.rb +87 -225
- data/lib/packaging/platforms.rb +416 -443
- data/lib/packaging/repo.rb +22 -122
- data/lib/packaging/retrieve.rb +7 -36
- data/lib/packaging/rpm/repo.rb +8 -5
- data/lib/packaging/tar.rb +0 -9
- data/lib/packaging/util/date.rb +0 -5
- data/lib/packaging/util/execution.rb +2 -2
- data/lib/packaging/util/git.rb +1 -1
- data/lib/packaging/util/gpg.rb +1 -5
- data/lib/packaging/util/net.rb +37 -79
- data/lib/packaging/util/rake_utils.rb +0 -1
- data/lib/packaging/util/ship.rb +13 -142
- data/lib/packaging/util/tool.rb +1 -1
- data/lib/packaging/util/version.rb +0 -8
- data/lib/packaging/util.rb +2 -2
- data/lib/packaging.rb +3 -3
- data/spec/fixtures/config/params.yaml +2 -0
- data/spec/lib/packaging/artifactory_spec.rb +16 -66
- data/spec/lib/packaging/config_spec.rb +29 -49
- data/spec/lib/packaging/deb/repo_spec.rb +7 -16
- data/spec/lib/packaging/paths_spec.rb +56 -321
- data/spec/lib/packaging/platforms_spec.rb +21 -46
- data/spec/lib/packaging/repo_spec.rb +40 -78
- data/spec/lib/packaging/retrieve_spec.rb +8 -47
- data/spec/lib/packaging/rpm/repo_spec.rb +4 -4
- data/spec/lib/packaging/tar_spec.rb +40 -34
- data/spec/lib/packaging/util/git_tag_spec.rb +1 -1
- data/spec/lib/packaging/util/gpg_spec.rb +1 -1
- data/spec/lib/packaging/util/net_spec.rb +15 -35
- data/spec/lib/packaging/util/ship_spec.rb +63 -145
- data/spec/spec_helper.rb +14 -0
- data/tasks/00_utils.rake +6 -4
- data/tasks/apple.rake +0 -2
- data/tasks/config.rake +0 -5
- data/tasks/education.rake +5 -5
- data/tasks/fetch.rake +14 -17
- data/tasks/gem.rake +121 -134
- data/tasks/jenkins.rake +7 -51
- data/tasks/nightly_repos.rake +69 -20
- data/tasks/pe_ship.rake +11 -16
- data/tasks/retrieve.rake +6 -13
- data/tasks/ship.rake +256 -196
- data/tasks/sign.rake +135 -63
- data/tasks/tar.rake +6 -0
- data/templates/packaging.xml.erb +7 -9
- data/templates/repo.xml.erb +3 -6
- metadata +27 -80
- data/lib/packaging/archive.rb +0 -126
- data/lib/packaging/artifactory/extensions.rb +0 -94
- data/lib/packaging/config/validations.rb +0 -13
- data/lib/packaging/metrics.rb +0 -15
- data/lib/packaging/sign/deb.rb +0 -9
- data/lib/packaging/sign/dmg.rb +0 -41
- data/lib/packaging/sign/ips.rb +0 -57
- data/lib/packaging/sign/msi.rb +0 -124
- data/lib/packaging/sign/rpm.rb +0 -115
- data/lib/packaging/sign.rb +0 -8
- data/spec/lib/packaging/gem_spec.rb +0 -86
- data/spec/lib/packaging/sign_spec.rb +0 -133
- data/tasks/archive.rake +0 -69
@@ -0,0 +1,57 @@
|
|
1
|
+
module Pkg::IPS
|
2
|
+
class << self
|
3
|
+
def sign(target_dir = 'pkg')
|
4
|
+
use_identity = "-i #{Pkg::Config.ips_signing_ssh_key}" unless Pkg::Config.ips_signing_ssh_key.nil?
|
5
|
+
|
6
|
+
ssh_host_string = "#{use_identity} #{ENV['USER']}@#{Pkg::Config.ips_signing_server}"
|
7
|
+
rsync_host_string = "-e 'ssh #{use_identity}' #{ENV['USER']}@#{Pkg::Config.ips_signing_server}"
|
8
|
+
|
9
|
+
p5ps = Dir.glob("#{target_dir}/solaris/11/**/*.p5p")
|
10
|
+
|
11
|
+
p5ps.each do |p5p|
|
12
|
+
work_dir = "/tmp/#{Pkg::Util.rand_string}"
|
13
|
+
unsigned_dir = "#{work_dir}/unsigned"
|
14
|
+
repo_dir = "#{work_dir}/repo"
|
15
|
+
signed_dir = "#{work_dir}/pkgs"
|
16
|
+
|
17
|
+
Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "mkdir -p #{repo_dir} #{unsigned_dir} #{signed_dir}")
|
18
|
+
Pkg::Util::Net.rsync_to(p5p, rsync_host_string, unsigned_dir)
|
19
|
+
|
20
|
+
# Before we can get started with signing packages we need to create a repo
|
21
|
+
Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "sudo -E /usr/bin/pkgrepo create #{repo_dir}")
|
22
|
+
Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "sudo -E /usr/bin/pkgrepo set -s #{repo_dir} publisher/prefix=puppetlabs.com")
|
23
|
+
# And import all the packages into the repo.
|
24
|
+
Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "sudo -E /usr/bin/pkgrecv -s #{unsigned_dir}/#{File.basename(p5p)} -d #{repo_dir} '*'")
|
25
|
+
# We are going to hard code the values for signing cert locations for now.
|
26
|
+
# This autmation will require an update to actually become reusable, but
|
27
|
+
# for now these values will stay this way so solaris signing will stop
|
28
|
+
# failing. Please update soon. 06/23/16
|
29
|
+
#
|
30
|
+
# - Sean P. McDonald
|
31
|
+
#
|
32
|
+
# We sign the entire repo
|
33
|
+
sign_cmd = "sudo -E /usr/bin/pkgsign -c /root/signing/signing_cert_interim_SHA1.pem \
|
34
|
+
-i /root/signing/Thawte_Code_Signing_Certificate_interim_SHA1.pem \
|
35
|
+
-i /root/signing/Thawte_Primary_Root_CA_interim_SHA1.pem \
|
36
|
+
-k /root/signing/signing_key_interim_SHA1.pem \
|
37
|
+
-s 'file://#{work_dir}/repo' '*'"
|
38
|
+
puts "About to sign #{p5p} with #{sign_cmd} in #{work_dir}"
|
39
|
+
Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, sign_cmd.squeeze(' '))
|
40
|
+
# pkgrecv with -a will pull packages out of the repo, so we need to do that too to actually get the packages we signed
|
41
|
+
Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "sudo -E /usr/bin/pkgrecv -d #{signed_dir}/#{File.basename(p5p)} -a -s #{repo_dir} '*'")
|
42
|
+
begin
|
43
|
+
# lets make sure we actually signed something?
|
44
|
+
# **NOTE** if we're repeatedly trying to sign the same version this
|
45
|
+
# might explode because I don't know how to reset the IPS cache.
|
46
|
+
# Everything is amazing.
|
47
|
+
Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "sudo -E /usr/bin/pkg contents -m -g #{signed_dir}/#{File.basename(p5p)} '*' | grep '^signature '")
|
48
|
+
rescue RuntimeError
|
49
|
+
raise "Looks like #{File.basename(p5p)} was not signed correctly, quitting!"
|
50
|
+
end
|
51
|
+
# and pull the packages back.
|
52
|
+
Pkg::Util::Net.rsync_from("#{signed_dir}/#{File.basename(p5p)}", rsync_host_string, File.dirname(p5p))
|
53
|
+
Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "if [ -e '#{work_dir}' ] ; then sudo rm -r '#{work_dir}' ; fi")
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
@@ -0,0 +1,89 @@
|
|
1
|
+
module Pkg::MSI
|
2
|
+
class << self
|
3
|
+
def sign(target_dir = 'pkg')
|
4
|
+
use_identity = "-i #{Pkg::Config.msi_signing_ssh_key}" if Pkg::Config.msi_signing_ssh_key
|
5
|
+
|
6
|
+
ssh_host_string = "#{use_identity} Administrator@#{Pkg::Config.msi_signing_server}"
|
7
|
+
rsync_host_string = "-e 'ssh #{use_identity}' Administrator@#{Pkg::Config.msi_signing_server}"
|
8
|
+
|
9
|
+
work_dir = "Windows/Temp/#{Pkg::Util.rand_string}"
|
10
|
+
Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "mkdir -p C:/#{work_dir}")
|
11
|
+
msis = Dir.glob("#{target_dir}/windows/**/*.msi")
|
12
|
+
Pkg::Util::Net.rsync_to(msis.join(" "), rsync_host_string, "/cygdrive/c/#{work_dir}")
|
13
|
+
|
14
|
+
# Please Note:
|
15
|
+
# We are currently adding two signatures to the msi.
|
16
|
+
#
|
17
|
+
# Microsoft compatable Signatures are composed of three different
|
18
|
+
# elements.
|
19
|
+
# 1) The Certificate used to sign the package. This is the element that
|
20
|
+
# is attached to organization. The certificate has an associated
|
21
|
+
# algorithm. We recently (February 2016) had to switch from a sha1 to
|
22
|
+
# a sha256 certificate. Sha1 was deprecated by many Microsoft
|
23
|
+
# elements on 2016-01-01, which forced us to switch to a sha256 cert.
|
24
|
+
# This sha256 certificate is recognized by all currently supported
|
25
|
+
# windows platforms (Windows 8/Vista forward).
|
26
|
+
# 2) The signature used to attach the certificate to the package. This
|
27
|
+
# can be a done with a variety of digest algorithms. Older platforms
|
28
|
+
# (i.e., Windows 8 and Windows Vista) don't recognize later
|
29
|
+
# algorithms like sha256.
|
30
|
+
# 3) The timestamp used to validate when the package was signed. This
|
31
|
+
# comes from an external source and can be delivered with a variety
|
32
|
+
# of digest algorithms. Older platforms do not recognize newer
|
33
|
+
# algorithms like sha256.
|
34
|
+
#
|
35
|
+
# We could have only one signature with the Sha256 Cert, Sha1 Signature,
|
36
|
+
# and Sha1 Timestamp, but that would be too easy. The sha256 signature
|
37
|
+
# and timestamp add more security to our packages. We can't have only
|
38
|
+
# sha256 elements in our package signature, though, because Windows 8
|
39
|
+
# and Windows Vista just don't recognize them at all.
|
40
|
+
#
|
41
|
+
# In order to add two signatures to an MSI, we also need to change the
|
42
|
+
# tool we use to sign packages with. Previously, we were using SignTool
|
43
|
+
# which is the Microsoft blessed program used to sign packages. However,
|
44
|
+
# this tool isn't able to add two signatures to an MSI specifically. It
|
45
|
+
# can dual-sign an exe, just not an MSI. In order to get the dual-signed
|
46
|
+
# packages, we decided to switch over to using osslsigncode. The original
|
47
|
+
# project didn't have support to compile on a windows system, so we
|
48
|
+
# decided to use this fork. The binaries on the signer were pulled from
|
49
|
+
# https://sourceforge.net/u/keeely/osslsigncode/ci/master/tree/
|
50
|
+
#
|
51
|
+
# These are our signatures:
|
52
|
+
# The first signature:
|
53
|
+
# * Sha256 Certificate
|
54
|
+
# * Sha1 Signature
|
55
|
+
# * Sha1 Timestamp
|
56
|
+
#
|
57
|
+
# The second signature:
|
58
|
+
# * Sha256 Certificate
|
59
|
+
# * Sha256 Signature
|
60
|
+
# * Sha256 Timestamp
|
61
|
+
#
|
62
|
+
# Once we no longer support Windows 8/Windows Vista, we can remove the
|
63
|
+
# first Sha1 signature.
|
64
|
+
Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, %Q(for msi in #{msis.map { |d| File.basename(d) }.join(" ")}; do
|
65
|
+
"/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe" sign \
|
66
|
+
-n "Puppet" -i "http://www.puppet.com" \
|
67
|
+
-h sha1 \
|
68
|
+
-pkcs12 "#{Pkg::Config.msi_signing_cert}" \
|
69
|
+
-pass "#{Pkg::Config.msi_signing_cert_pw}" \
|
70
|
+
-t "http://timestamp.verisign.com/scripts/timstamp.dll" \
|
71
|
+
-in "C:/#{work_dir}/$msi" \
|
72
|
+
-out "C:/#{work_dir}/signed-$msi"
|
73
|
+
"/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe" sign \
|
74
|
+
-n "Puppet" -i "http://www.puppet.com" \
|
75
|
+
-nest -h sha256 \
|
76
|
+
-pkcs12 "#{Pkg::Config.msi_signing_cert}" \
|
77
|
+
-pass "#{Pkg::Config.msi_signing_cert_pw}" \
|
78
|
+
-ts "http://sha256timestamp.ws.symantec.com/sha256/timestamp" \
|
79
|
+
-in "C:/#{work_dir}/signed-$msi" \
|
80
|
+
-out "C:/#{work_dir}/$msi"
|
81
|
+
rm "C:/#{work_dir}/signed-$msi"
|
82
|
+
done))
|
83
|
+
msis.each do | msi |
|
84
|
+
Pkg::Util::Net.rsync_from("/cygdrive/c/#{work_dir}/#{File.basename(msi)}", rsync_host_string, File.dirname(msi))
|
85
|
+
end
|
86
|
+
Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "if [ -d '/cygdrive/c/#{work_dir}' ]; then rm -rf '/cygdrive/c/#{work_dir}'; fi")
|
87
|
+
end
|
88
|
+
end
|
89
|
+
end
|
data/lib/packaging/nuget.rb
CHANGED
@@ -2,7 +2,7 @@ module Pkg::Nuget
|
|
2
2
|
class << self
|
3
3
|
def ship(packages)
|
4
4
|
#
|
5
|
-
# Support shipping of Nuget style packages to
|
5
|
+
# Support shipping of Nuget style packages to a nexus based nuget feed
|
6
6
|
# Using curl to submit the packages rather than windows based choco/mono.
|
7
7
|
# This approach gives more flexibility and fits in with the current Puppet
|
8
8
|
# release automation practices using linux/mac systems.
|
@@ -0,0 +1,36 @@
|
|
1
|
+
module Pkg::OSX
|
2
|
+
class << self
|
3
|
+
def sign(target_dir = 'pkg')
|
4
|
+
use_identity = "-i #{Pkg::Config.osx_signing_ssh_key}" unless Pkg::Config.osx_signing_ssh_key.nil?
|
5
|
+
|
6
|
+
if Pkg::Config.osx_signing_server =~ /@/
|
7
|
+
host_string = "#{Pkg::Config.osx_signing_server}"
|
8
|
+
else
|
9
|
+
host_string = "#{ENV['USER']}@#{Pkg::Config.osx_signing_server}"
|
10
|
+
end
|
11
|
+
ssh_host_string = "#{use_identity} #{host_string}"
|
12
|
+
rsync_host_string = "-e 'ssh #{use_identity}' #{host_string}"
|
13
|
+
|
14
|
+
work_dir = "/tmp/#{Pkg::Util.rand_string}"
|
15
|
+
mount = File.join(work_dir, "mount")
|
16
|
+
signed = File.join(work_dir, "signed")
|
17
|
+
Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "mkdir -p #{mount} #{signed}")
|
18
|
+
dmgs = Dir.glob("#{target_dir}/apple/**/*.dmg")
|
19
|
+
Pkg::Util::Net.rsync_to(dmgs.join(" "), rsync_host_string, work_dir)
|
20
|
+
Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, %Q[for dmg in #{dmgs.map { |d| File.basename(d, ".dmg") }.join(" ")}; do
|
21
|
+
/usr/bin/hdiutil attach #{work_dir}/$dmg.dmg -mountpoint #{mount} -nobrowse -quiet ;
|
22
|
+
/usr/bin/security -q unlock-keychain -p "#{Pkg::Config.osx_signing_keychain_pw}" "#{Pkg::Config.osx_signing_keychain}" ;
|
23
|
+
for pkg in $(ls #{mount}/*.pkg | xargs -n 1 basename); do
|
24
|
+
/usr/bin/productsign --keychain "#{Pkg::Config.osx_signing_keychain}" --sign "#{Pkg::Config.osx_signing_cert}" #{mount}/$pkg #{signed}/$pkg ;
|
25
|
+
done
|
26
|
+
/usr/bin/hdiutil detach #{mount} -quiet ;
|
27
|
+
/bin/rm #{work_dir}/$dmg.dmg ;
|
28
|
+
/usr/bin/hdiutil create -volname $dmg -srcfolder #{signed}/ #{work_dir}/$dmg.dmg ;
|
29
|
+
/bin/rm #{signed}/* ; done])
|
30
|
+
dmgs.each do | dmg |
|
31
|
+
Pkg::Util::Net.rsync_from("#{work_dir}/#{File.basename(dmg)}", rsync_host_string, File.dirname(dmg))
|
32
|
+
end
|
33
|
+
Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "if [ -d '#{work_dir}' ]; then rm -rf '#{work_dir}'; fi")
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
data/lib/packaging/paths.rb
CHANGED
@@ -16,24 +16,22 @@ module Pkg::Paths
|
|
16
16
|
if source_formats.find { |fmt| path =~ /#{fmt}$/ }
|
17
17
|
return Pkg::Platforms.get_attribute_for_platform_version(platform, version, :source_architecture)
|
18
18
|
end
|
19
|
-
arches.find { |a| path.include?(
|
19
|
+
arches.find { |a| path.include?(a) } || arches[0]
|
20
20
|
rescue
|
21
|
-
arches.find { |a| path.include?(
|
21
|
+
arches.find { |a| path.include?(a) } || arches[0]
|
22
22
|
end
|
23
23
|
|
24
24
|
# Given a path to an artifact, divine the appropriate platform tag associated
|
25
25
|
# with the artifact and path
|
26
26
|
def tag_from_artifact_path(path)
|
27
27
|
platform = Pkg::Platforms.supported_platforms.find { |p| path =~ /(\/|\.)#{p}[^\.]/ }
|
28
|
-
platform = 'windowsfips' if path =~ /windowsfips/
|
29
|
-
|
30
28
|
codename = Pkg::Platforms.codenames.find { |c| path =~ /\/#{c}/ }
|
31
29
|
|
32
30
|
if codename
|
33
31
|
platform, version = Pkg::Platforms.codename_to_platform_version(codename)
|
34
32
|
end
|
35
33
|
|
36
|
-
version = '2012' if platform
|
34
|
+
version = '2012' if platform == 'windows'
|
37
35
|
|
38
36
|
version ||= Pkg::Platforms.versions_for_platform(platform).find { |v| path =~ /#{platform}(\/|-)?#{v}/ }
|
39
37
|
|
@@ -60,150 +58,117 @@ module Pkg::Paths
|
|
60
58
|
# shipped to the development/beta/non-final repo, if there is one defined.
|
61
59
|
# Otherwise, default to the final repo name. We use this for more than just
|
62
60
|
# shipping to the final repos, so we need this to not fail.
|
63
|
-
def repo_name
|
64
|
-
if
|
65
|
-
Pkg::Config.nonfinal_repo_name
|
66
|
-
elsif nonfinal
|
67
|
-
fail "Nonfinal is set to true but Pkg::Config.nonfinal_repo_name is unset!"
|
68
|
-
else
|
61
|
+
def repo_name
|
62
|
+
if Pkg::Util::Version.final?
|
69
63
|
Pkg::Config.repo_name || ""
|
64
|
+
else
|
65
|
+
if Pkg::Config.nonfinal_repo_name
|
66
|
+
Pkg::Config.nonfinal_repo_name
|
67
|
+
else
|
68
|
+
Pkg::Config.repo_name || ""
|
69
|
+
end
|
70
70
|
end
|
71
71
|
end
|
72
72
|
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
def yum_repo_name(nonfinal = false)
|
77
|
-
if nonfinal && Pkg::Config.nonfinal_repo_name
|
78
|
-
return Pkg::Config.nonfinal_repo_name
|
79
|
-
elsif nonfinal
|
80
|
-
fail "Nonfinal is set to true but Pkg::Config.nonfinal_repo_name is unset!"
|
81
|
-
end
|
82
|
-
|
83
|
-
return Pkg::Config.repo_name || Pkg::Config.yum_repo_name || 'products'
|
84
|
-
end
|
85
|
-
|
86
|
-
# Method to determine the apt repo name. Maintains compatibility with legacy
|
87
|
-
# projects, where `Pkg::Config.apt_repo_name` is set instead of
|
88
|
-
# `Pkg::Config.repo_name`. Defaults to 'main' if nothing is set.
|
89
|
-
def apt_repo_name(nonfinal = false)
|
90
|
-
if nonfinal && Pkg::Config.nonfinal_repo_name
|
91
|
-
return Pkg::Config.nonfinal_repo_name
|
92
|
-
elsif nonfinal
|
93
|
-
fail "Nonfinal is set to true but Pkg::Config.nonfinal_repo_name is unset!"
|
94
|
-
end
|
95
|
-
|
96
|
-
return Pkg::Config.repo_name || Pkg::Config.apt_repo_name || 'main'
|
97
|
-
end
|
98
|
-
|
99
|
-
def link_name(nonfinal = false)
|
100
|
-
return Pkg::Config.nonfinal_repo_link_target if nonfinal
|
101
|
-
return Pkg::Config.repo_link_target
|
102
|
-
end
|
103
|
-
|
104
|
-
# Construct a platform-dependent symlink target path.
|
105
|
-
def construct_base_path(path_data)
|
106
|
-
package_format = path_data[:package_format]
|
107
|
-
prefix = path_data[:prefix]
|
108
|
-
is_nonfinal = path_data[:is_nonfinal]
|
109
|
-
platform_name = path_data[:platform_name]
|
110
|
-
platform_tag = path_data[:platform_tag]
|
111
|
-
|
112
|
-
repo_name = Pkg::Config.repo_name
|
113
|
-
|
114
|
-
case package_format
|
115
|
-
when 'deb'
|
116
|
-
debian_code_name = Pkg::Platforms.get_attribute(platform_tag, :codename)
|
117
|
-
|
118
|
-
# In puppet7 and beyond, we moved the repo_name to the top to allow each
|
119
|
-
# puppet major release to have its own apt repo.
|
120
|
-
if %w(FUTURE-puppet7 FUTURE-puppet7-nightly).include? repo_name
|
121
|
-
return File.join(prefix, apt_repo_name(is_nonfinal), debian_code_name)
|
122
|
-
end
|
123
|
-
|
124
|
-
# For puppet6 and prior
|
125
|
-
return File.join(prefix, debian_code_name, apt_repo_name(is_nonfinal))
|
126
|
-
when 'dmg'
|
127
|
-
return File.join(prefix, 'mac', repo_name(is_nonfinal))
|
128
|
-
when 'msi'
|
129
|
-
return File.join(prefix, platform_name, repo_name(is_nonfinal))
|
130
|
-
when 'rpm'
|
131
|
-
return File.join(prefix, yum_repo_name(is_nonfinal))
|
132
|
-
when 'swix'
|
133
|
-
return File.join(prefix, platform_name, repo_name(is_nonfinal))
|
134
|
-
when 'svr4', 'ips'
|
135
|
-
return File.join(prefix, 'solaris', repo_name(is_nonfinal))
|
73
|
+
def link_name
|
74
|
+
if Pkg::Util::Version.final?
|
75
|
+
Pkg::Config.repo_link_target || nil
|
136
76
|
else
|
137
|
-
|
77
|
+
Pkg::Config.nonfinal_repo_link_target || nil
|
138
78
|
end
|
139
79
|
end
|
140
80
|
|
141
|
-
#
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
81
|
+
# TODO: please please please clean this up
|
82
|
+
# This is so terrible. I really dislike it. But in order to maintain backward
|
83
|
+
# compatibility, we need to maintain these path differences between PC1 and
|
84
|
+
# everything else. Once we stop shipping things to PC1, we can remove all the
|
85
|
+
# PC1 specific cases. That's likely to not happen until the current LTS
|
86
|
+
# (2016.4) is EOL'd. Hopefully also we do not choose to further change these
|
87
|
+
# path structures, as it is no bueno.
|
88
|
+
# --MAS 2017-08-16
|
89
|
+
def artifacts_base_path_and_link_path(platform_tag, path_prefix = 'artifacts')
|
90
|
+
platform, version, architecture = Pkg::Platforms.parse_platform_tag(platform_tag)
|
91
|
+
package_format = Pkg::Platforms.package_format_for_tag(platform_tag)
|
150
92
|
|
151
93
|
case package_format
|
152
94
|
when 'rpm'
|
153
|
-
|
95
|
+
if repo_name == 'PC1'
|
96
|
+
[File.join(path_prefix, platform, version, repo_name), nil]
|
97
|
+
else
|
98
|
+
[File.join(path_prefix, repo_name), link_name.nil? ? nil : File.join(path_prefix, link_name)]
|
99
|
+
end
|
154
100
|
when 'swix'
|
155
|
-
|
101
|
+
if repo_name == 'PC1'
|
102
|
+
[File.join(path_prefix, platform, version, repo_name), nil]
|
103
|
+
else
|
104
|
+
[File.join(path_prefix, platform, repo_name), link_name.nil? ? nil : File.join(path_prefix, platform, link_name)]
|
105
|
+
end
|
156
106
|
when 'deb'
|
157
|
-
|
158
|
-
|
107
|
+
[File.join(path_prefix, Pkg::Platforms.get_attribute(platform_tag, :codename), repo_name),
|
108
|
+
link_name.nil? ? nil : File.join(path_prefix, Pkg::Platforms.get_attribute(platform_tag, :codename), link_name)]
|
159
109
|
when 'svr4', 'ips'
|
160
|
-
|
110
|
+
if repo_name == 'PC1'
|
111
|
+
[File.join(path_prefix, 'solaris', repo_name, version), nil]
|
112
|
+
else
|
113
|
+
[File.join(path_prefix, 'solaris', repo_name), link_name.nil? ? nil : File.join(path_prefix, 'solaris', link_name)]
|
114
|
+
end
|
161
115
|
when 'dmg'
|
162
|
-
|
116
|
+
if repo_name == 'PC1'
|
117
|
+
[File.join(path_prefix, 'mac', version, repo_name), nil]
|
118
|
+
else
|
119
|
+
[File.join(path_prefix, 'mac', repo_name), link_name.nil? ? nil : File.join(path_prefix, 'mac', link_name)]
|
120
|
+
end
|
163
121
|
when 'msi'
|
164
|
-
|
122
|
+
if repo_name == 'PC1'
|
123
|
+
[File.join(path_prefix, 'windows'), nil]
|
124
|
+
else
|
125
|
+
[File.join(path_prefix, 'windows', repo_name), link_name.nil? ? nil : File.join(path_prefix, 'windows', link_name)]
|
126
|
+
end
|
165
127
|
else
|
166
|
-
raise "
|
128
|
+
raise "Not sure where to find packages with a package format of '#{package_format}'"
|
167
129
|
end
|
168
130
|
end
|
169
131
|
|
170
|
-
#
|
171
|
-
#
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
platform_name: platform_name,
|
181
|
-
platform_tag: platform_tag,
|
182
|
-
prefix: prefix
|
183
|
-
}
|
184
|
-
|
185
|
-
return [
|
186
|
-
construct_base_path(path_data),
|
187
|
-
construct_link_path(path_data)
|
188
|
-
]
|
189
|
-
end
|
190
|
-
|
191
|
-
def artifacts_path(platform_tag, path_prefix = 'artifacts', nonfinal = false)
|
192
|
-
base_path, _ = artifacts_base_path_and_link_path(platform_tag, path_prefix, nonfinal)
|
132
|
+
# TODO: please please please clean this up
|
133
|
+
# This is so terrible. I really dislike it. But in order to maintain backward
|
134
|
+
# compatibility, we need to maintain these path differences between PC1 and
|
135
|
+
# everything else. Once we stop shipping things to PC1, we can remove all the
|
136
|
+
# PC1 specific cases. That's likely to not happen until the current LTS
|
137
|
+
# (2016.4) is EOL'd. Hopefully also we do not choose to further change these
|
138
|
+
# path structures, as it is no bueno.
|
139
|
+
# --MAS 2017-08-16
|
140
|
+
def artifacts_path(platform_tag, path_prefix = 'artifacts')
|
141
|
+
base_path, _ = artifacts_base_path_and_link_path(platform_tag, path_prefix)
|
193
142
|
platform, version, architecture = Pkg::Platforms.parse_platform_tag(platform_tag)
|
194
143
|
package_format = Pkg::Platforms.package_format_for_tag(platform_tag)
|
195
144
|
|
196
145
|
case package_format
|
197
146
|
when 'rpm'
|
198
|
-
|
147
|
+
if repo_name == 'PC1'
|
148
|
+
File.join(base_path, architecture)
|
149
|
+
else
|
150
|
+
File.join(base_path, platform, version, architecture)
|
151
|
+
end
|
199
152
|
when 'swix'
|
200
|
-
|
153
|
+
if repo_name == 'PC1'
|
154
|
+
File.join(base_path, architecture)
|
155
|
+
else
|
156
|
+
File.join(base_path, version, architecture)
|
157
|
+
end
|
201
158
|
when 'deb'
|
202
159
|
base_path
|
203
160
|
when 'svr4', 'ips'
|
204
|
-
|
161
|
+
if repo_name == 'PC1'
|
162
|
+
base_path
|
163
|
+
else
|
164
|
+
File.join(base_path, version)
|
165
|
+
end
|
205
166
|
when 'dmg'
|
206
|
-
|
167
|
+
if repo_name == 'PC1'
|
168
|
+
File.join(base_path, architecture)
|
169
|
+
else
|
170
|
+
File.join(base_path, version, architecture)
|
171
|
+
end
|
207
172
|
when 'msi'
|
208
173
|
base_path
|
209
174
|
else
|
@@ -211,8 +176,8 @@ module Pkg::Paths
|
|
211
176
|
end
|
212
177
|
end
|
213
178
|
|
214
|
-
def repo_path(platform_tag, options = { :legacy => false
|
215
|
-
repo_target = repo_name
|
179
|
+
def repo_path(platform_tag, options = { :legacy => false })
|
180
|
+
repo_target = repo_name
|
216
181
|
# in legacy packaging methods, there was no consistent way to determine the
|
217
182
|
# repo name. There were separate variables for apt_repo_name and
|
218
183
|
# yum_repo_name. At times, either or both of these were unset, and they had
|
@@ -247,7 +212,7 @@ module Pkg::Paths
|
|
247
212
|
if options[:legacy]
|
248
213
|
File.join('repos', 'windows')
|
249
214
|
else
|
250
|
-
File.join('repos',
|
215
|
+
File.join('repos', 'windows', repo_target)
|
251
216
|
end
|
252
217
|
else
|
253
218
|
raise "Not sure what to do with a package format of '#{package_format}'"
|
@@ -270,107 +235,4 @@ module Pkg::Paths
|
|
270
235
|
raise "Not sure what to do with a package format of '#{package_format}'"
|
271
236
|
end
|
272
237
|
end
|
273
|
-
|
274
|
-
def remote_repo_base(platform_tag = nil, nonfinal: false, package_format: nil)
|
275
|
-
if platform_tag.nil? && package_format.nil?
|
276
|
-
raise "Pkg::Paths.remote_repo_base must have `platform_tag` or `package_format` specified."
|
277
|
-
end
|
278
|
-
|
279
|
-
package_format ||= Pkg::Platforms.package_format_for_tag(platform_tag)
|
280
|
-
|
281
|
-
repo_base = case package_format
|
282
|
-
when 'rpm'
|
283
|
-
nonfinal ? Pkg::Config.nonfinal_yum_repo_path : Pkg::Config.yum_repo_path
|
284
|
-
when 'deb'
|
285
|
-
nonfinal ? Pkg::Config.nonfinal_apt_repo_path : Pkg::Config.apt_repo_path
|
286
|
-
when 'dmg'
|
287
|
-
nonfinal ? Pkg::Config.nonfinal_dmg_path : Pkg::Config.dmg_path
|
288
|
-
when 'swix'
|
289
|
-
nonfinal ? Pkg::Config.nonfinal_swix_path : Pkg::Config.swix_path
|
290
|
-
when 'msi'
|
291
|
-
nonfinal ? Pkg::Config.nonfinal_msi_path : Pkg::Config.msi_path
|
292
|
-
else
|
293
|
-
raise "Can't determine remote repo base path for package format '#{package_format}'."
|
294
|
-
end
|
295
|
-
|
296
|
-
# normalize the path for things shipping to the downloads server
|
297
|
-
if repo_base.match(/^\/opt\/downloads\/\w+$/)
|
298
|
-
repo_base = '/opt/downloads'
|
299
|
-
end
|
300
|
-
repo_base
|
301
|
-
end
|
302
|
-
|
303
|
-
# This is where deb packages end up after freight repo updates
|
304
|
-
def apt_package_base_path(platform_tag, repo_name, project, nonfinal = false)
|
305
|
-
unless Pkg::Platforms.package_format_for_tag(platform_tag) == 'deb'
|
306
|
-
fail "Can't determine path for non-debian platform #{platform_tag}."
|
307
|
-
end
|
308
|
-
|
309
|
-
platform, version, _ = Pkg::Platforms.parse_platform_tag(platform_tag)
|
310
|
-
code_name = Pkg::Platforms.codename_for_platform_version(platform, version)
|
311
|
-
remote_repo_path = remote_repo_base(platform_tag, nonfinal: nonfinal)
|
312
|
-
|
313
|
-
# In puppet7 and beyond, we moved the puppet major version to near the top to allow each
|
314
|
-
# puppet major release to have its own apt repo, for example:
|
315
|
-
# /opt/repository/apt/puppet7/pool/bionic/p/puppet-agent
|
316
|
-
if %w(FUTURE-puppet7 FUTURE-puppet7-nightly).include? repo_name
|
317
|
-
return File.join(remote_repo_path, repo_name, 'pool', code_name, project[0], project)
|
318
|
-
end
|
319
|
-
|
320
|
-
# For repos prior to puppet7, the puppet version was part of the repository
|
321
|
-
# For example: /opt/repository/apt/pool/bionic/puppet6/p/puppet-agent
|
322
|
-
if %w(puppet7 puppet7-nightly
|
323
|
-
puppet6 puppet6-nightly
|
324
|
-
puppet5 puppet5-nightly
|
325
|
-
puppet puppet-nightly
|
326
|
-
puppet-tools).include? repo_name
|
327
|
-
return File.join(remote_repo_path, 'pool', code_name, repo_name, project[0], project)
|
328
|
-
end
|
329
|
-
|
330
|
-
raise "Error: Cannot determine apt_package_base_path for repo: \"#{repo_name}\"."
|
331
|
-
end
|
332
|
-
|
333
|
-
def release_package_link_path(platform_tag, nonfinal = false)
|
334
|
-
platform, version, _ = Pkg::Platforms.parse_platform_tag(platform_tag)
|
335
|
-
package_format = Pkg::Platforms.package_format_for_tag(platform_tag)
|
336
|
-
case package_format
|
337
|
-
when 'rpm'
|
338
|
-
return File.join(remote_repo_base(platform_tag, nonfinal: nonfinal),
|
339
|
-
"#{repo_name(nonfinal)}-release-#{platform}-#{version}.noarch.rpm")
|
340
|
-
when 'deb'
|
341
|
-
codename = Pkg::Platforms.codename_for_platform_version(platform, version)
|
342
|
-
return File.join(remote_repo_base(platform_tag, nonfinal: nonfinal),
|
343
|
-
"#{repo_name(nonfinal)}-release-#{codename}.deb")
|
344
|
-
else
|
345
|
-
warn "No release packages for package format '#{package_format}', skipping."
|
346
|
-
return nil
|
347
|
-
end
|
348
|
-
end
|
349
|
-
|
350
|
-
def debian_component_from_path(path)
|
351
|
-
# substitute '.' and '/' since those aren't valid characters for debian components
|
352
|
-
matches = path.match(/(\d+\.\d+|master|main)\/(\w+)/)
|
353
|
-
regex_for_substitution = /[\.\/]/
|
354
|
-
fail "Error: Could not determine Debian Component from path #{path}" if matches.nil?
|
355
|
-
base_component = matches[1]
|
356
|
-
component_qualifier = matches[2]
|
357
|
-
full_component = "#{base_component}/#{component_qualifier}"
|
358
|
-
unless regex_for_substitution.nil?
|
359
|
-
base_component.gsub!(regex_for_substitution, '_')
|
360
|
-
full_component.gsub!(regex_for_substitution, '_')
|
361
|
-
end
|
362
|
-
return base_component if component_qualifier == 'repos'
|
363
|
-
return full_component
|
364
|
-
end
|
365
|
-
|
366
|
-
#for ubuntu-20.04-aarch64, debian package architecture is arm64
|
367
|
-
def package_arch(platform, arch)
|
368
|
-
if platform == 'ubuntu' && arch == 'aarch64'
|
369
|
-
return 'arm64'
|
370
|
-
end
|
371
|
-
arch
|
372
|
-
end
|
373
|
-
|
374
|
-
private :package_arch
|
375
|
-
|
376
238
|
end
|