packaging 0.88.77 → 0.99.0

data/lib/packaging/ips.rb

@@ -0,0 +1,57 @@
+module Pkg::IPS
+  class << self
+    def sign(target_dir = 'pkg')
+      use_identity = "-i #{Pkg::Config.ips_signing_ssh_key}" unless Pkg::Config.ips_signing_ssh_key.nil?
+
+      ssh_host_string = "#{use_identity} #{ENV['USER']}@#{Pkg::Config.ips_signing_server}"
+      rsync_host_string = "-e 'ssh #{use_identity}' #{ENV['USER']}@#{Pkg::Config.ips_signing_server}"
+
+      p5ps = Dir.glob("#{target_dir}/solaris/11/**/*.p5p")
+
+      p5ps.each do |p5p|
+        work_dir     = "/tmp/#{Pkg::Util.rand_string}"
+        unsigned_dir = "#{work_dir}/unsigned"
+        repo_dir     = "#{work_dir}/repo"
+        signed_dir   = "#{work_dir}/pkgs"
+
+        Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "mkdir -p #{repo_dir} #{unsigned_dir} #{signed_dir}")
+        Pkg::Util::Net.rsync_to(p5p, rsync_host_string, unsigned_dir)
+
+        # Before we can get started with signing packages we need to create a repo
+        Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "sudo -E /usr/bin/pkgrepo create #{repo_dir}")
+        Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "sudo -E /usr/bin/pkgrepo set -s #{repo_dir} publisher/prefix=puppetlabs.com")
+        # And import all the packages into the repo.
+        Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "sudo -E /usr/bin/pkgrecv -s #{unsigned_dir}/#{File.basename(p5p)} -d #{repo_dir} '*'")
+        # We are going to hard code the values for signing cert locations for now.
+        # This autmation will require an update to actually become reusable, but
+        # for now these values will stay this way so solaris signing will stop
+        # failing. Please update soon. 06/23/16
+        #
+        #            - Sean P. McDonald
+        #
+        # We sign the entire repo
+        sign_cmd = "sudo -E /usr/bin/pkgsign -c /root/signing/signing_cert_interim_SHA1.pem \
+                    -i /root/signing/Thawte_Code_Signing_Certificate_interim_SHA1.pem \
+                    -i /root/signing/Thawte_Primary_Root_CA_interim_SHA1.pem \
+                    -k /root/signing/signing_key_interim_SHA1.pem \
+                    -s 'file://#{work_dir}/repo' '*'"
+        puts "About to sign #{p5p} with #{sign_cmd} in #{work_dir}"
+        Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, sign_cmd.squeeze(' '))
+        # pkgrecv with -a will pull packages out of the repo, so we need to do that too to actually get the packages we signed
+        Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "sudo -E /usr/bin/pkgrecv -d #{signed_dir}/#{File.basename(p5p)} -a -s #{repo_dir} '*'")
+        begin
+          # lets make sure we actually signed something?
+          # **NOTE** if we're repeatedly trying to sign the same version this
+          # might explode because I don't know how to reset the IPS cache.
+          # Everything is amazing.
+          Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "sudo -E /usr/bin/pkg contents -m -g #{signed_dir}/#{File.basename(p5p)} '*' | grep '^signature '")
+        rescue RuntimeError
+          raise "Looks like #{File.basename(p5p)} was not signed correctly, quitting!"
+        end
+        # and pull the packages back.
+        Pkg::Util::Net.rsync_from("#{signed_dir}/#{File.basename(p5p)}", rsync_host_string, File.dirname(p5p))
+        Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "if [ -e '#{work_dir}' ] ; then sudo rm -r '#{work_dir}' ; fi")
+      end
+    end
+  end
+end

data/lib/packaging/msi.rb

@@ -0,0 +1,89 @@
+module Pkg::MSI
+  class << self
+    def sign(target_dir = 'pkg')
+      use_identity = "-i #{Pkg::Config.msi_signing_ssh_key}" if Pkg::Config.msi_signing_ssh_key
+
+      ssh_host_string = "#{use_identity} Administrator@#{Pkg::Config.msi_signing_server}"
+      rsync_host_string = "-e 'ssh #{use_identity}' Administrator@#{Pkg::Config.msi_signing_server}"
+
+      work_dir = "Windows/Temp/#{Pkg::Util.rand_string}"
+      Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "mkdir -p C:/#{work_dir}")
+      msis = Dir.glob("#{target_dir}/windows/**/*.msi")
+      Pkg::Util::Net.rsync_to(msis.join(" "), rsync_host_string, "/cygdrive/c/#{work_dir}")
+
+      # Please Note:
+      # We are currently adding two signatures to the msi.
+      #
+      # Microsoft compatable Signatures are composed of three different
+      # elements.
+      #   1) The Certificate used to sign the package. This is the element that
+      #     is attached to organization. The certificate has an associated
+      #     algorithm. We recently (February 2016) had to switch from a sha1 to
+      #     a sha256 certificate. Sha1 was deprecated by many Microsoft
+      #     elements on 2016-01-01, which forced us to switch to a sha256 cert.
+      #     This sha256 certificate is recognized by all currently supported
+      #     windows platforms (Windows 8/Vista forward).
+      #   2) The signature used to attach the certificate to the package. This
+      #     can be a done with a variety of digest algorithms. Older platforms
+      #     (i.e., Windows 8 and Windows Vista) don't recognize later
+      #     algorithms like sha256.
+      #   3) The timestamp used to validate when the package was signed. This
+      #     comes from an external source and can be delivered with a variety
+      #     of digest algorithms. Older platforms do not recognize newer
+      #     algorithms like sha256.
+      #
+      # We could have only one signature with the Sha256 Cert, Sha1 Signature,
+      # and Sha1 Timestamp, but that would be too easy. The sha256 signature
+      # and timestamp add more security to our packages. We can't have only
+      # sha256 elements in our package signature, though, because Windows 8
+      # and Windows Vista just don't recognize them at all.
+      #
+      # In order to add two signatures to an MSI, we also need to change the
+      # tool we use to sign packages with. Previously, we were using SignTool
+      # which is the Microsoft blessed program used to sign packages. However,
+      # this tool isn't able to add two signatures to an MSI specifically. It
+      # can dual-sign an exe, just not an MSI. In order to get the dual-signed
+      # packages, we decided to switch over to using osslsigncode. The original
+      # project didn't have support to compile on a windows system, so we
+      # decided to use this fork. The binaries on the signer were pulled from
+      # https://sourceforge.net/u/keeely/osslsigncode/ci/master/tree/
+      #
+      # These are our signatures:
+      # The first signature:
+      #   * Sha256 Certificate
+      #   * Sha1 Signature
+      #   * Sha1 Timestamp
+      #
+      # The second signature:
+      #   * Sha256 Certificate
+      #   * Sha256 Signature
+      #   * Sha256 Timestamp
+      #
+      # Once we no longer support Windows 8/Windows Vista, we can remove the
+      # first Sha1 signature.
+      Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, %Q(for msi in #{msis.map { |d| File.basename(d) }.join(" ")}; do
+        "/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe" sign \
+          -n "Puppet" -i "http://www.puppet.com" \
+          -h sha1 \
+          -pkcs12 "#{Pkg::Config.msi_signing_cert}" \
+          -pass "#{Pkg::Config.msi_signing_cert_pw}" \
+          -t "http://timestamp.verisign.com/scripts/timstamp.dll" \
+          -in "C:/#{work_dir}/$msi" \
+          -out "C:/#{work_dir}/signed-$msi"
+        "/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe" sign \
+          -n "Puppet" -i "http://www.puppet.com" \
+          -nest -h sha256 \
+          -pkcs12 "#{Pkg::Config.msi_signing_cert}" \
+          -pass "#{Pkg::Config.msi_signing_cert_pw}" \
+          -ts "http://sha256timestamp.ws.symantec.com/sha256/timestamp" \
+          -in "C:/#{work_dir}/signed-$msi" \
+          -out "C:/#{work_dir}/$msi"
+        rm "C:/#{work_dir}/signed-$msi"
+      done))
+      msis.each do | msi |
+        Pkg::Util::Net.rsync_from("/cygdrive/c/#{work_dir}/#{File.basename(msi)}", rsync_host_string, File.dirname(msi))
+      end
+      Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "if [ -d '/cygdrive/c/#{work_dir}' ]; then rm -rf '/cygdrive/c/#{work_dir}'; fi")
+    end
+  end
+end

data/lib/packaging/nuget.rb

@@ -2,7 +2,7 @@ module Pkg::Nuget
   class << self
     def ship(packages)
       #
-      # Support shipping of Nuget style packages to an Artifactory based nuget feed
+      # Support shipping of Nuget style packages to a nexus based nuget feed
       # Using curl to submit the packages rather than windows based choco/mono.
       # This approach gives more flexibility and fits in with the current Puppet
       # release automation practices using linux/mac systems.

data/lib/packaging/osx.rb

@@ -0,0 +1,36 @@
+module Pkg::OSX
+  class << self
+    def sign(target_dir = 'pkg')
+      use_identity = "-i #{Pkg::Config.osx_signing_ssh_key}" unless Pkg::Config.osx_signing_ssh_key.nil?
+
+      if Pkg::Config.osx_signing_server =~ /@/
+        host_string = "#{Pkg::Config.osx_signing_server}"
+      else
+        host_string = "#{ENV['USER']}@#{Pkg::Config.osx_signing_server}"
+      end
+      ssh_host_string = "#{use_identity} #{host_string}"
+      rsync_host_string = "-e 'ssh #{use_identity}' #{host_string}"
+
+      work_dir  = "/tmp/#{Pkg::Util.rand_string}"
+      mount     = File.join(work_dir, "mount")
+      signed    = File.join(work_dir, "signed")
+      Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "mkdir -p #{mount} #{signed}")
+      dmgs = Dir.glob("#{target_dir}/apple/**/*.dmg")
+      Pkg::Util::Net.rsync_to(dmgs.join(" "), rsync_host_string, work_dir)
+      Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, %Q[for dmg in #{dmgs.map { |d| File.basename(d, ".dmg") }.join(" ")}; do
+        /usr/bin/hdiutil attach #{work_dir}/$dmg.dmg -mountpoint #{mount} -nobrowse -quiet ;
+        /usr/bin/security -q unlock-keychain -p "#{Pkg::Config.osx_signing_keychain_pw}" "#{Pkg::Config.osx_signing_keychain}" ;
+          for pkg in $(ls #{mount}/*.pkg | xargs -n 1 basename); do
+            /usr/bin/productsign --keychain "#{Pkg::Config.osx_signing_keychain}" --sign "#{Pkg::Config.osx_signing_cert}" #{mount}/$pkg #{signed}/$pkg ;
+          done
+        /usr/bin/hdiutil detach #{mount} -quiet ;
+        /bin/rm #{work_dir}/$dmg.dmg ;
+        /usr/bin/hdiutil create -volname $dmg -srcfolder #{signed}/ #{work_dir}/$dmg.dmg ;
+        /bin/rm #{signed}/* ; done])
+      dmgs.each do | dmg |
+        Pkg::Util::Net.rsync_from("#{work_dir}/#{File.basename(dmg)}", rsync_host_string, File.dirname(dmg))
+      end
+      Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "if [ -d '#{work_dir}' ]; then rm -rf '#{work_dir}'; fi")
+    end
+  end
+end

data/lib/packaging/paths.rb

@@ -16,24 +16,22 @@ module Pkg::Paths
     if source_formats.find { |fmt| path =~ /#{fmt}$/ }
       return Pkg::Platforms.get_attribute_for_platform_version(platform, version, :source_architecture)
     end
-    arches.find { |a| path.include?(package_arch(platform, a)) } || arches[0]
+    arches.find { |a| path.include?(a) } || arches[0]
   rescue
-    arches.find { |a| path.include?(package_arch(platform, a)) } || arches[0]
+    arches.find { |a| path.include?(a) } || arches[0]
   end
 
   # Given a path to an artifact, divine the appropriate platform tag associated
   # with the artifact and path
   def tag_from_artifact_path(path)
     platform = Pkg::Platforms.supported_platforms.find { |p| path =~ /(\/|\.)#{p}[^\.]/ }
-    platform = 'windowsfips' if path =~ /windowsfips/
-
     codename = Pkg::Platforms.codenames.find { |c| path =~ /\/#{c}/ }
 
     if codename
       platform, version = Pkg::Platforms.codename_to_platform_version(codename)
     end
 
-    version = '2012' if platform =~ /^windows.*$/
+    version = '2012' if platform == 'windows'
 
     version ||= Pkg::Platforms.versions_for_platform(platform).find { |v| path =~ /#{platform}(\/|-)?#{v}/ }
 
@@ -60,150 +58,117 @@ module Pkg::Paths
   # shipped to the development/beta/non-final repo, if there is one defined.
   # Otherwise, default to the final repo name. We use this for more than just
   # shipping to the final repos, so we need this to not fail.
-  def repo_name(nonfinal = false)
-    if nonfinal && Pkg::Config.nonfinal_repo_name
-      Pkg::Config.nonfinal_repo_name
-    elsif nonfinal
-      fail "Nonfinal is set to true but Pkg::Config.nonfinal_repo_name is unset!"
-    else
+  def repo_name
+    if Pkg::Util::Version.final?
       Pkg::Config.repo_name || ""
+    else
+      if Pkg::Config.nonfinal_repo_name
+        Pkg::Config.nonfinal_repo_name
+      else
+        Pkg::Config.repo_name || ""
+      end
     end
   end
 
-  # Method to determine the yum repo name. Maintains compatibility with legacy
-  # projects, where `Pkg::Config.yum_repo_name` is set instead of
-  # `Pkg::Config.repo_name`. Defaults to 'products' if nothing is set.
-  def yum_repo_name(nonfinal = false)
-    if nonfinal && Pkg::Config.nonfinal_repo_name
-      return Pkg::Config.nonfinal_repo_name
-    elsif nonfinal
-      fail "Nonfinal is set to true but Pkg::Config.nonfinal_repo_name is unset!"
-    end
-
-    return Pkg::Config.repo_name || Pkg::Config.yum_repo_name || 'products'
-  end
-
-  # Method to determine the apt repo name. Maintains compatibility with legacy
-  # projects, where `Pkg::Config.apt_repo_name` is set instead of
-  # `Pkg::Config.repo_name`. Defaults to 'main' if nothing is set.
-  def apt_repo_name(nonfinal = false)
-    if nonfinal && Pkg::Config.nonfinal_repo_name
-      return Pkg::Config.nonfinal_repo_name
-    elsif nonfinal
-      fail "Nonfinal is set to true but Pkg::Config.nonfinal_repo_name is unset!"
-    end
-
-    return Pkg::Config.repo_name || Pkg::Config.apt_repo_name || 'main'
-  end
-
-  def link_name(nonfinal = false)
-    return Pkg::Config.nonfinal_repo_link_target if nonfinal
-    return Pkg::Config.repo_link_target
-  end
-
-  # Construct a platform-dependent symlink target path.
-  def construct_base_path(path_data)
-    package_format = path_data[:package_format]
-    prefix = path_data[:prefix]
-    is_nonfinal = path_data[:is_nonfinal]
-    platform_name = path_data[:platform_name]
-    platform_tag = path_data[:platform_tag]
-
-    repo_name = Pkg::Config.repo_name
-
-    case package_format
-    when 'deb'
-      debian_code_name = Pkg::Platforms.get_attribute(platform_tag, :codename)
-
-      # In puppet7 and beyond, we moved the repo_name to the top to allow each
-      # puppet major release to have its own apt repo.
-      if %w(FUTURE-puppet7 FUTURE-puppet7-nightly).include? repo_name
-        return File.join(prefix, apt_repo_name(is_nonfinal), debian_code_name)
-      end
-
-      # For puppet6 and prior
-      return File.join(prefix, debian_code_name, apt_repo_name(is_nonfinal))
-    when 'dmg'
-      return File.join(prefix, 'mac', repo_name(is_nonfinal))
-    when 'msi'
-      return File.join(prefix, platform_name, repo_name(is_nonfinal))
-    when 'rpm'
-      return File.join(prefix, yum_repo_name(is_nonfinal))
-    when 'swix'
-      return File.join(prefix, platform_name, repo_name(is_nonfinal))
-    when 'svr4', 'ips'
-      return File.join(prefix, 'solaris', repo_name(is_nonfinal))
+  def link_name
+    if Pkg::Util::Version.final?
+      Pkg::Config.repo_link_target || nil
     else
-      raise "Error: Unknown package format '#{package_format}'"
+      Pkg::Config.nonfinal_repo_link_target || nil
     end
   end
 
-  # Construct a platform-dependent link path
-  def construct_link_path(path_data)
-    package_format = path_data[:package_format]
-    prefix = path_data[:prefix]
-    platform_name = path_data[:platform_name]
-    platform_tag = path_data[:platform_tag]
-    link = path_data[:link]
-
-    return nil if link.nil?
+  # TODO: please please please clean this up
+  # This is so terrible. I really dislike it. But in order to maintain backward
+  # compatibility, we need to maintain these path differences between PC1 and
+  # everything else. Once we stop shipping things to PC1, we can remove all the
+  # PC1 specific cases. That's likely to not happen until the current LTS
+  # (2016.4) is EOL'd. Hopefully also we do not choose to further change these
+  # path structures, as it is no bueno.
+  # --MAS 2017-08-16
+  def artifacts_base_path_and_link_path(platform_tag, path_prefix = 'artifacts')
+    platform, version, architecture = Pkg::Platforms.parse_platform_tag(platform_tag)
+    package_format = Pkg::Platforms.package_format_for_tag(platform_tag)
 
     case package_format
     when 'rpm'
-      return File.join(prefix, link)
+      if repo_name == 'PC1'
+        [File.join(path_prefix, platform, version, repo_name), nil]
+      else
+        [File.join(path_prefix, repo_name), link_name.nil? ? nil : File.join(path_prefix, link_name)]
+      end
     when 'swix'
-      return File.join(prefix, platform_name, link)
+      if repo_name == 'PC1'
+        [File.join(path_prefix, platform, version, repo_name), nil]
+      else
+        [File.join(path_prefix, platform, repo_name), link_name.nil? ? nil : File.join(path_prefix, platform, link_name)]
+      end
     when 'deb'
-      debian_code_name = Pkg::Platforms.get_attribute(platform_tag, :codename)
-      return File.join(prefix, debian_code_name, link)
+      [File.join(path_prefix, Pkg::Platforms.get_attribute(platform_tag, :codename), repo_name),
+       link_name.nil? ? nil : File.join(path_prefix, Pkg::Platforms.get_attribute(platform_tag, :codename), link_name)]
     when 'svr4', 'ips'
-      return File.join(prefix, 'solaris', link)
+      if repo_name == 'PC1'
+        [File.join(path_prefix, 'solaris', repo_name, version), nil]
+      else
+        [File.join(path_prefix, 'solaris', repo_name), link_name.nil? ? nil : File.join(path_prefix, 'solaris', link_name)]
+      end
     when 'dmg'
-      return File.join(prefix, 'mac', link)
+      if repo_name == 'PC1'
+        [File.join(path_prefix, 'mac', version, repo_name), nil]
+      else
+        [File.join(path_prefix, 'mac', repo_name), link_name.nil? ? nil : File.join(path_prefix, 'mac', link_name)]
+      end
     when 'msi'
-      return File.join(prefix, platform_name, link)
+      if repo_name == 'PC1'
+        [File.join(path_prefix, 'windows'), nil]
+      else
+        [File.join(path_prefix, 'windows', repo_name), link_name.nil? ? nil : File.join(path_prefix, 'windows', link_name)]
+      end
     else
-      raise "Error: Unknown package format '#{package_format}'"
+      raise "Not sure where to find packages with a package format of '#{package_format}'"
     end
   end
 
-  # Given platform information, create symlink target (base_path) and link path in the
-  # form of a 2-element array
-  def artifacts_base_path_and_link_path(platform_tag, prefix = 'artifacts', is_nonfinal = false)
-    platform_name, _ = Pkg::Platforms.parse_platform_tag(platform_tag)
-    package_format = Pkg::Platforms.package_format_for_tag(platform_tag)
-
-    path_data = {
-      is_nonfinal: is_nonfinal,
-      link: link_name(is_nonfinal),
-      package_format: package_format,
-      platform_name: platform_name,
-      platform_tag: platform_tag,
-      prefix: prefix
-    }
-
-    return [
-      construct_base_path(path_data),
-      construct_link_path(path_data)
-    ]
-  end
-
-  def artifacts_path(platform_tag, path_prefix = 'artifacts', nonfinal = false)
-    base_path, _ = artifacts_base_path_and_link_path(platform_tag, path_prefix, nonfinal)
+  # TODO: please please please clean this up
+  # This is so terrible. I really dislike it. But in order to maintain backward
+  # compatibility, we need to maintain these path differences between PC1 and
+  # everything else. Once we stop shipping things to PC1, we can remove all the
+  # PC1 specific cases. That's likely to not happen until the current LTS
+  # (2016.4) is EOL'd. Hopefully also we do not choose to further change these
+  # path structures, as it is no bueno.
+  # --MAS 2017-08-16
+  def artifacts_path(platform_tag, path_prefix = 'artifacts')
+    base_path, _ = artifacts_base_path_and_link_path(platform_tag, path_prefix)
     platform, version, architecture = Pkg::Platforms.parse_platform_tag(platform_tag)
     package_format = Pkg::Platforms.package_format_for_tag(platform_tag)
 
     case package_format
     when 'rpm'
-      File.join(base_path, platform, version, architecture)
+      if repo_name == 'PC1'
+        File.join(base_path, architecture)
+      else
+        File.join(base_path, platform, version, architecture)
+      end
     when 'swix'
-      File.join(base_path, version, architecture)
+      if repo_name == 'PC1'
+        File.join(base_path, architecture)
+      else
+        File.join(base_path, version, architecture)
+      end
     when 'deb'
       base_path
     when 'svr4', 'ips'
-      File.join(base_path, version)
+      if repo_name == 'PC1'
+        base_path
+      else
+        File.join(base_path, version)
+      end
     when 'dmg'
-      File.join(base_path, version, architecture)
+      if repo_name == 'PC1'
+        File.join(base_path, architecture)
+      else
+        File.join(base_path, version, architecture)
+      end
     when 'msi'
       base_path
     else
@@ -211,8 +176,8 @@ module Pkg::Paths
     end
   end
 
-  def repo_path(platform_tag, options = { :legacy => false, :nonfinal => false })
-    repo_target = repo_name(options[:nonfinal])
+  def repo_path(platform_tag, options = { :legacy => false })
+    repo_target = repo_name
     # in legacy packaging methods, there was no consistent way to determine the
     # repo name. There were separate variables for apt_repo_name and
     # yum_repo_name. At times, either or both of these were unset, and they had
@@ -247,7 +212,7 @@ module Pkg::Paths
       if options[:legacy]
         File.join('repos', 'windows')
       else
-        File.join('repos', platform, repo_target)
+        File.join('repos', 'windows', repo_target)
       end
     else
       raise "Not sure what to do with a package format of '#{package_format}'"
@@ -270,107 +235,4 @@ module Pkg::Paths
       raise "Not sure what to do with a package format of '#{package_format}'"
     end
   end
-
-  def remote_repo_base(platform_tag = nil, nonfinal: false, package_format: nil)
-    if platform_tag.nil? && package_format.nil?
-      raise "Pkg::Paths.remote_repo_base must have `platform_tag` or `package_format` specified."
-    end
-
-    package_format ||= Pkg::Platforms.package_format_for_tag(platform_tag)
-
-    repo_base = case package_format
-    when 'rpm'
-      nonfinal ? Pkg::Config.nonfinal_yum_repo_path : Pkg::Config.yum_repo_path
-    when 'deb'
-      nonfinal ? Pkg::Config.nonfinal_apt_repo_path : Pkg::Config.apt_repo_path
-    when 'dmg'
-      nonfinal ? Pkg::Config.nonfinal_dmg_path : Pkg::Config.dmg_path
-    when 'swix'
-      nonfinal ? Pkg::Config.nonfinal_swix_path : Pkg::Config.swix_path
-    when 'msi'
-      nonfinal ? Pkg::Config.nonfinal_msi_path : Pkg::Config.msi_path
-    else
-      raise "Can't determine remote repo base path for package format '#{package_format}'."
-    end
-
-    # normalize the path for things shipping to the downloads server
-    if repo_base.match(/^\/opt\/downloads\/\w+$/)
-      repo_base = '/opt/downloads'
-    end
-    repo_base
-  end
-
-  # This is where deb packages end up after freight repo updates
-  def apt_package_base_path(platform_tag, repo_name, project, nonfinal = false)
-    unless Pkg::Platforms.package_format_for_tag(platform_tag) == 'deb'
-      fail "Can't determine path for non-debian platform #{platform_tag}."
-    end
-
-    platform, version, _ = Pkg::Platforms.parse_platform_tag(platform_tag)
-    code_name = Pkg::Platforms.codename_for_platform_version(platform, version)
-    remote_repo_path = remote_repo_base(platform_tag, nonfinal: nonfinal)
-
-    # In puppet7 and beyond, we moved the puppet major version to near the top to allow each
-    # puppet major release to have its own apt repo, for example:
-    # /opt/repository/apt/puppet7/pool/bionic/p/puppet-agent
-    if %w(FUTURE-puppet7 FUTURE-puppet7-nightly).include? repo_name
-      return File.join(remote_repo_path, repo_name, 'pool', code_name, project[0], project)
-    end
-
-    # For repos prior to puppet7, the puppet version was part of the repository
-    # For example: /opt/repository/apt/pool/bionic/puppet6/p/puppet-agent
-    if %w(puppet7 puppet7-nightly
-          puppet6 puppet6-nightly
-          puppet5 puppet5-nightly
-          puppet  puppet-nightly
-          puppet-tools).include? repo_name
-      return File.join(remote_repo_path, 'pool', code_name, repo_name, project[0], project)
-    end
-
-    raise "Error: Cannot determine apt_package_base_path for repo: \"#{repo_name}\"."
-  end
-
-  def release_package_link_path(platform_tag, nonfinal = false)
-    platform, version, _ = Pkg::Platforms.parse_platform_tag(platform_tag)
-    package_format = Pkg::Platforms.package_format_for_tag(platform_tag)
-    case package_format
-    when 'rpm'
-      return File.join(remote_repo_base(platform_tag, nonfinal: nonfinal),
-                       "#{repo_name(nonfinal)}-release-#{platform}-#{version}.noarch.rpm")
-    when 'deb'
-      codename = Pkg::Platforms.codename_for_platform_version(platform, version)
-      return File.join(remote_repo_base(platform_tag, nonfinal: nonfinal),
-                       "#{repo_name(nonfinal)}-release-#{codename}.deb")
-    else
-      warn "No release packages for package format '#{package_format}', skipping."
-      return nil
-    end
-  end
-
-  def debian_component_from_path(path)
-    # substitute '.' and '/' since those aren't valid characters for debian components
-    matches = path.match(/(\d+\.\d+|master|main)\/(\w+)/)
-    regex_for_substitution = /[\.\/]/
-    fail "Error: Could not determine Debian Component from path #{path}" if matches.nil?
-    base_component = matches[1]
-    component_qualifier = matches[2]
-    full_component = "#{base_component}/#{component_qualifier}"
-    unless regex_for_substitution.nil?
-      base_component.gsub!(regex_for_substitution, '_')
-      full_component.gsub!(regex_for_substitution, '_')
-    end
-    return base_component if component_qualifier == 'repos'
-    return full_component
-  end
-
-  #for ubuntu-20.04-aarch64, debian package architecture is arm64
-  def package_arch(platform, arch)
-    if platform == 'ubuntu' && arch == 'aarch64'
-      return 'arm64'
-    end
-    arch
-  end
-
-  private :package_arch
-
 end