packaging 0.99.0

data/lib/packaging/gem.rb

@@ -0,0 +1,112 @@
+module Pkg::Gem
+  @nexus_config = "#{ENV['HOME']}/.gem/nexus"
+
+  class << self
+    # This is preserved because I don't want to update the deprecated code path
+    # yet; I'm not entirely sure I've fixed everything that might attempt
+    # to call this method so this is now a wrapper for a wrapper.
+    def ship(file)
+      ship_to_stickler(file)
+      ship_to_nexus(file)
+      rsync_to_downloads(file)
+      ship_to_rubygems(file)
+    end
+
+    def load_nexus_config
+      if Pkg::Util::File.file_exists?(@nexus_config)
+        config = YAML.load_file(@nexus_config)
+      end
+      config || {}
+    end
+
+    def write_nexus_config
+      hash = load_nexus_config
+      if hash["GEM_INTERNAL"].nil? || hash["GEM_INTERNAL"][:authorization].nil?
+        puts "Please enter nexus username:"
+        username = Pkg::Util.get_input
+        puts "Please enter nexus password:"
+        password = Pkg::Util.get_input(false)
+        hash["GEM_INTERNAL"] = { :authorization => "Basic #{Pkg::Util.base64_encode("#{username}:#{password}")}" }
+      end
+      if hash["GEM_INTERNAL"][:url].nil? || hash["GEM_INTERNAL"][:url] != Pkg::Config.internal_nexus_host
+        hash["GEM_INTERNAL"][:url] = Pkg::Config.internal_nexus_host
+      end
+      File.open(@nexus_config, "w") do |file|
+        file.write(hash.to_yaml)
+      end
+    end
+
+    # Ship a Ruby gem file to a Nexus server, because
+    # you've lost the ability to feel joy anymore.
+    def ship_to_nexus(file)
+      write_nexus_config
+      cmd = "gem nexus #{file} --repo GEM_INTERNAL"
+      if ENV['DRYRUN']
+        puts "[DRY-RUN] #{cmd}"
+      else
+        stdout, _, _ = Pkg::Util::Execution.capture3(cmd, true)
+        # The `gem nexus` command always returns `0` regardless of what the
+        # command results in. In order to properly handle fail cases, this
+        # checks for the success case and fails otherwise. The `ex` command
+        # above will print any output, so the user should have enough info
+        # to debug the failure, and potentially update this fail case if
+        # needed.
+        fail unless stdout.include? "Created"
+        puts "#{file} pushed to nexus server at #{Pkg::Config.internal_nexus_host}"
+      end
+    rescue => e
+      puts "###########################################"
+      puts "#  Nexus failed, ensure the nexus gem is installed,"
+      puts "#  you have access to #{Pkg::Config.internal_nexus_host}"
+      puts "#  and your settings in #{@nexus_config} are correct"
+      puts "###########################################"
+      puts
+      puts e
+      raise e
+    end
+
+    # Ship a Ruby gem file to a Stickler server, because
+    # you've lost the ability to feel joy anymore.
+    def ship_to_stickler(file)
+      Pkg::Util::Tool.check_tool("stickler")
+      cmd = "stickler push #{file} --server=#{Pkg::Config.internal_stickler_host} 2>/dev/null"
+      if ENV['DRYRUN']
+        puts "[DRY-RUN] #{cmd}"
+      else
+        Pkg::Util::Execution.capture3(cmd)
+        puts "#{file} pushed to stickler server at #{Pkg::Config.internal_stickler_host}"
+      end
+    rescue => e
+      puts "###########################################"
+      puts "#  Stickler failed, ensure it's installed"
+      puts "#  and you have access to #{Pkg::Config.internal_stickler_host}"
+      puts "###########################################"
+      puts
+      puts e
+      raise e
+    end
+
+    # Use rsync to deploy a file and any associated detached signatures,
+    # checksums, or other glob-able artifacts to an external download server.
+    def rsync_to_downloads(file)
+      Pkg::Util.deprecate('Pkg::Gem.rsync_to_downloads', 'Pkg::Util::Ship.ship_pkgs')
+      Pkg::Util::Ship.ship_pkgs(["#{file}*"], Pkg::Config.gem_host, Pkg::Config.gem_path, platform_independent: true)
+    end
+
+    # Ship a Ruby gem file to rubygems.org. Requires the existence
+    # of a ~/.gem/credentials file or else rubygems.org won't have
+    # any idea who you are.
+    def ship_to_rubygems(file)
+      Pkg::Util::File.file_exists?("#{ENV['HOME']}/.gem/credentials", :required => true)
+      Pkg::Util::Execution.capture3("gem push #{file}")
+    rescue => e
+      puts "###########################################"
+      puts "#  Publishing to rubygems failed. Make sure your .gem/credentials"
+      puts "#  file is set up and you are an owner of #{Pkg::Config.gem_name}"
+      puts "###########################################"
+      puts
+      puts e
+      raise e
+    end
+  end
+end

data/lib/packaging/ips.rb

@@ -0,0 +1,57 @@
+module Pkg::IPS
+  class << self
+    def sign(target_dir = 'pkg')
+      use_identity = "-i #{Pkg::Config.ips_signing_ssh_key}" unless Pkg::Config.ips_signing_ssh_key.nil?
+
+      ssh_host_string = "#{use_identity} #{ENV['USER']}@#{Pkg::Config.ips_signing_server}"
+      rsync_host_string = "-e 'ssh #{use_identity}' #{ENV['USER']}@#{Pkg::Config.ips_signing_server}"
+
+      p5ps = Dir.glob("#{target_dir}/solaris/11/**/*.p5p")
+
+      p5ps.each do |p5p|
+        work_dir     = "/tmp/#{Pkg::Util.rand_string}"
+        unsigned_dir = "#{work_dir}/unsigned"
+        repo_dir     = "#{work_dir}/repo"
+        signed_dir   = "#{work_dir}/pkgs"
+
+        Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "mkdir -p #{repo_dir} #{unsigned_dir} #{signed_dir}")
+        Pkg::Util::Net.rsync_to(p5p, rsync_host_string, unsigned_dir)
+
+        # Before we can get started with signing packages we need to create a repo
+        Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "sudo -E /usr/bin/pkgrepo create #{repo_dir}")
+        Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "sudo -E /usr/bin/pkgrepo set -s #{repo_dir} publisher/prefix=puppetlabs.com")
+        # And import all the packages into the repo.
+        Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "sudo -E /usr/bin/pkgrecv -s #{unsigned_dir}/#{File.basename(p5p)} -d #{repo_dir} '*'")
+        # We are going to hard code the values for signing cert locations for now.
+        # This autmation will require an update to actually become reusable, but
+        # for now these values will stay this way so solaris signing will stop
+        # failing. Please update soon. 06/23/16
+        #
+        #            - Sean P. McDonald
+        #
+        # We sign the entire repo
+        sign_cmd = "sudo -E /usr/bin/pkgsign -c /root/signing/signing_cert_interim_SHA1.pem \
+                    -i /root/signing/Thawte_Code_Signing_Certificate_interim_SHA1.pem \
+                    -i /root/signing/Thawte_Primary_Root_CA_interim_SHA1.pem \
+                    -k /root/signing/signing_key_interim_SHA1.pem \
+                    -s 'file://#{work_dir}/repo' '*'"
+        puts "About to sign #{p5p} with #{sign_cmd} in #{work_dir}"
+        Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, sign_cmd.squeeze(' '))
+        # pkgrecv with -a will pull packages out of the repo, so we need to do that too to actually get the packages we signed
+        Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "sudo -E /usr/bin/pkgrecv -d #{signed_dir}/#{File.basename(p5p)} -a -s #{repo_dir} '*'")
+        begin
+          # lets make sure we actually signed something?
+          # **NOTE** if we're repeatedly trying to sign the same version this
+          # might explode because I don't know how to reset the IPS cache.
+          # Everything is amazing.
+          Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "sudo -E /usr/bin/pkg contents -m -g #{signed_dir}/#{File.basename(p5p)} '*' | grep '^signature '")
+        rescue RuntimeError
+          raise "Looks like #{File.basename(p5p)} was not signed correctly, quitting!"
+        end
+        # and pull the packages back.
+        Pkg::Util::Net.rsync_from("#{signed_dir}/#{File.basename(p5p)}", rsync_host_string, File.dirname(p5p))
+        Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "if [ -e '#{work_dir}' ] ; then sudo rm -r '#{work_dir}' ; fi")
+      end
+    end
+  end
+end

data/lib/packaging/msi.rb

@@ -0,0 +1,89 @@
+module Pkg::MSI
+  class << self
+    def sign(target_dir = 'pkg')
+      use_identity = "-i #{Pkg::Config.msi_signing_ssh_key}" if Pkg::Config.msi_signing_ssh_key
+
+      ssh_host_string = "#{use_identity} Administrator@#{Pkg::Config.msi_signing_server}"
+      rsync_host_string = "-e 'ssh #{use_identity}' Administrator@#{Pkg::Config.msi_signing_server}"
+
+      work_dir = "Windows/Temp/#{Pkg::Util.rand_string}"
+      Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "mkdir -p C:/#{work_dir}")
+      msis = Dir.glob("#{target_dir}/windows/**/*.msi")
+      Pkg::Util::Net.rsync_to(msis.join(" "), rsync_host_string, "/cygdrive/c/#{work_dir}")
+
+      # Please Note:
+      # We are currently adding two signatures to the msi.
+      #
+      # Microsoft compatable Signatures are composed of three different
+      # elements.
+      #   1) The Certificate used to sign the package. This is the element that
+      #     is attached to organization. The certificate has an associated
+      #     algorithm. We recently (February 2016) had to switch from a sha1 to
+      #     a sha256 certificate. Sha1 was deprecated by many Microsoft
+      #     elements on 2016-01-01, which forced us to switch to a sha256 cert.
+      #     This sha256 certificate is recognized by all currently supported
+      #     windows platforms (Windows 8/Vista forward).
+      #   2) The signature used to attach the certificate to the package. This
+      #     can be a done with a variety of digest algorithms. Older platforms
+      #     (i.e., Windows 8 and Windows Vista) don't recognize later
+      #     algorithms like sha256.
+      #   3) The timestamp used to validate when the package was signed. This
+      #     comes from an external source and can be delivered with a variety
+      #     of digest algorithms. Older platforms do not recognize newer
+      #     algorithms like sha256.
+      #
+      # We could have only one signature with the Sha256 Cert, Sha1 Signature,
+      # and Sha1 Timestamp, but that would be too easy. The sha256 signature
+      # and timestamp add more security to our packages. We can't have only
+      # sha256 elements in our package signature, though, because Windows 8
+      # and Windows Vista just don't recognize them at all.
+      #
+      # In order to add two signatures to an MSI, we also need to change the
+      # tool we use to sign packages with. Previously, we were using SignTool
+      # which is the Microsoft blessed program used to sign packages. However,
+      # this tool isn't able to add two signatures to an MSI specifically. It
+      # can dual-sign an exe, just not an MSI. In order to get the dual-signed
+      # packages, we decided to switch over to using osslsigncode. The original
+      # project didn't have support to compile on a windows system, so we
+      # decided to use this fork. The binaries on the signer were pulled from
+      # https://sourceforge.net/u/keeely/osslsigncode/ci/master/tree/
+      #
+      # These are our signatures:
+      # The first signature:
+      #   * Sha256 Certificate
+      #   * Sha1 Signature
+      #   * Sha1 Timestamp
+      #
+      # The second signature:
+      #   * Sha256 Certificate
+      #   * Sha256 Signature
+      #   * Sha256 Timestamp
+      #
+      # Once we no longer support Windows 8/Windows Vista, we can remove the
+      # first Sha1 signature.
+      Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, %Q(for msi in #{msis.map { |d| File.basename(d) }.join(" ")}; do
+        "/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe" sign \
+          -n "Puppet" -i "http://www.puppet.com" \
+          -h sha1 \
+          -pkcs12 "#{Pkg::Config.msi_signing_cert}" \
+          -pass "#{Pkg::Config.msi_signing_cert_pw}" \
+          -t "http://timestamp.verisign.com/scripts/timstamp.dll" \
+          -in "C:/#{work_dir}/$msi" \
+          -out "C:/#{work_dir}/signed-$msi"
+        "/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe" sign \
+          -n "Puppet" -i "http://www.puppet.com" \
+          -nest -h sha256 \
+          -pkcs12 "#{Pkg::Config.msi_signing_cert}" \
+          -pass "#{Pkg::Config.msi_signing_cert_pw}" \
+          -ts "http://sha256timestamp.ws.symantec.com/sha256/timestamp" \
+          -in "C:/#{work_dir}/signed-$msi" \
+          -out "C:/#{work_dir}/$msi"
+        rm "C:/#{work_dir}/signed-$msi"
+      done))
+      msis.each do | msi |
+        Pkg::Util::Net.rsync_from("/cygdrive/c/#{work_dir}/#{File.basename(msi)}", rsync_host_string, File.dirname(msi))
+      end
+      Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "if [ -d '/cygdrive/c/#{work_dir}' ]; then rm -rf '/cygdrive/c/#{work_dir}'; fi")
+    end
+  end
+end

data/lib/packaging/nuget.rb

@@ -0,0 +1,39 @@
+module Pkg::Nuget
+  class << self
+    def ship(packages)
+      #
+      # Support shipping of Nuget style packages to a nexus based nuget feed
+      # Using curl to submit the packages rather than windows based choco/mono.
+      # This approach gives more flexibility and fits in with the current Puppet
+      # release automation practices using linux/mac systems.
+
+      # Sanity checks
+      fail "NUGET_HOST is not defined" if Pkg::Config.nuget_host.empty?
+      fail "NUGET_REPO is not defined" if Pkg::Config.nuget_repo_path.to_s.empty?
+
+      # Retrieve password without revealing it
+      puts "Obtaining credentials to ship to nuget feed #{Pkg::Config.nuget_repo_path} on #{Pkg::Config.nuget_host}"
+      print "Username please: "
+      username = Pkg::Util.get_input(true)
+      print "Password please: "
+      password = Pkg::Util.get_input(false)
+      authentication = Pkg::Util.base64_encode("#{username}:#{password}")
+
+      uri = "#{Pkg::Config.nuget_host}#{Pkg::Config.nuget_repo_path}"
+      form_data = ["-H 'Authorization: Basic #{authentication}'", "-f"]
+      packages.each do |pkg|
+        puts "Working on package #{pkg}"
+        projname, version = File.basename(pkg).match(/^(.*)-([\d+\.]+)\.nupkg$/).captures
+        package_form_data = ["--upload-file #{pkg}"]
+        package_path = "#{projname}/#{version}/#{File.basename(pkg)}"
+        stdout = ''
+        retval = ''
+        Pkg::Util::Execution.retry_on_fail(:times => 3) do
+          stdout, retval = Pkg::Util::Net.curl_form_data("#{uri}/#{package_path}", form_data + package_form_data)
+        end
+        fail "The Package upload (curl) failed with error #{retval}" unless Pkg::Util::Execution.success?(retval)
+        stdout
+      end
+    end
+  end
+end

data/lib/packaging/osx.rb

@@ -0,0 +1,36 @@
+module Pkg::OSX
+  class << self
+    def sign(target_dir = 'pkg')
+      use_identity = "-i #{Pkg::Config.osx_signing_ssh_key}" unless Pkg::Config.osx_signing_ssh_key.nil?
+
+      if Pkg::Config.osx_signing_server =~ /@/
+        host_string = "#{Pkg::Config.osx_signing_server}"
+      else
+        host_string = "#{ENV['USER']}@#{Pkg::Config.osx_signing_server}"
+      end
+      ssh_host_string = "#{use_identity} #{host_string}"
+      rsync_host_string = "-e 'ssh #{use_identity}' #{host_string}"
+
+      work_dir  = "/tmp/#{Pkg::Util.rand_string}"
+      mount     = File.join(work_dir, "mount")
+      signed    = File.join(work_dir, "signed")
+      Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "mkdir -p #{mount} #{signed}")
+      dmgs = Dir.glob("#{target_dir}/apple/**/*.dmg")
+      Pkg::Util::Net.rsync_to(dmgs.join(" "), rsync_host_string, work_dir)
+      Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, %Q[for dmg in #{dmgs.map { |d| File.basename(d, ".dmg") }.join(" ")}; do
+        /usr/bin/hdiutil attach #{work_dir}/$dmg.dmg -mountpoint #{mount} -nobrowse -quiet ;
+        /usr/bin/security -q unlock-keychain -p "#{Pkg::Config.osx_signing_keychain_pw}" "#{Pkg::Config.osx_signing_keychain}" ;
+          for pkg in $(ls #{mount}/*.pkg | xargs -n 1 basename); do
+            /usr/bin/productsign --keychain "#{Pkg::Config.osx_signing_keychain}" --sign "#{Pkg::Config.osx_signing_cert}" #{mount}/$pkg #{signed}/$pkg ;
+          done
+        /usr/bin/hdiutil detach #{mount} -quiet ;
+        /bin/rm #{work_dir}/$dmg.dmg ;
+        /usr/bin/hdiutil create -volname $dmg -srcfolder #{signed}/ #{work_dir}/$dmg.dmg ;
+        /bin/rm #{signed}/* ; done])
+      dmgs.each do | dmg |
+        Pkg::Util::Net.rsync_from("#{work_dir}/#{File.basename(dmg)}", rsync_host_string, File.dirname(dmg))
+      end
+      Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "if [ -d '#{work_dir}' ]; then rm -rf '#{work_dir}'; fi")
+    end
+  end
+end

data/lib/packaging/paths.rb

@@ -0,0 +1,238 @@
+# Utilities surrounding the appropriate paths associated with a platform
+# This includes both reporting the correct path and divining the platform
+# tag associated with a variety of paths
+#
+# rubocop:disable Metrics/ModuleLength
+module Pkg::Paths
+  include Pkg::Platforms
+
+  module_function
+
+  def arch_from_artifact_path(platform, version, path)
+    arches = Pkg::Platforms.arches_for_platform_version(platform, version)
+
+    # First check if it's a source package
+    source_formats = Pkg::Platforms.get_attribute_for_platform_version(platform, version, :source_package_formats)
+    if source_formats.find { |fmt| path =~ /#{fmt}$/ }
+      return Pkg::Platforms.get_attribute_for_platform_version(platform, version, :source_architecture)
+    end
+    arches.find { |a| path.include?(a) } || arches[0]
+  rescue
+    arches.find { |a| path.include?(a) } || arches[0]
+  end
+
+  # Given a path to an artifact, divine the appropriate platform tag associated
+  # with the artifact and path
+  def tag_from_artifact_path(path)
+    platform = Pkg::Platforms.supported_platforms.find { |p| path =~ /(\/|\.)#{p}[^\.]/ }
+    codename = Pkg::Platforms.codenames.find { |c| path =~ /\/#{c}/ }
+
+    if codename
+      platform, version = Pkg::Platforms.codename_to_platform_version(codename)
+    end
+
+    version = '2012' if platform == 'windows'
+
+    version ||= Pkg::Platforms.versions_for_platform(platform).find { |v| path =~ /#{platform}(\/|-)?#{v}/ }
+
+    arch = arch_from_artifact_path(platform, version, path)
+
+    return "#{platform}-#{version}-#{arch}"
+  rescue
+    fmt = Pkg::Platforms.all_supported_package_formats.find { |ext| path =~ /#{ext}$/ }
+
+    # We need to make sure this is actually a file, and not simply a path
+    file_ext = File.extname(path)
+
+    # Fail if we do not have a file extension or if that file extension is one
+    # that is platform specific
+    raise "Cannot determine tag from #{path}" if fmt || file_ext.empty?
+
+    # Return nil otherwise, assuming that is a file type that is not tied to a
+    # specific platform
+    return nil
+  end
+
+  # Assign repo name
+  # If we are shipping development/beta/non-final packages, they should be
+  # shipped to the development/beta/non-final repo, if there is one defined.
+  # Otherwise, default to the final repo name. We use this for more than just
+  # shipping to the final repos, so we need this to not fail.
+  def repo_name
+    if Pkg::Util::Version.final?
+      Pkg::Config.repo_name || ""
+    else
+      if Pkg::Config.nonfinal_repo_name
+        Pkg::Config.nonfinal_repo_name
+      else
+        Pkg::Config.repo_name || ""
+      end
+    end
+  end
+
+  def link_name
+    if Pkg::Util::Version.final?
+      Pkg::Config.repo_link_target || nil
+    else
+      Pkg::Config.nonfinal_repo_link_target || nil
+    end
+  end
+
+  # TODO: please please please clean this up
+  # This is so terrible. I really dislike it. But in order to maintain backward
+  # compatibility, we need to maintain these path differences between PC1 and
+  # everything else. Once we stop shipping things to PC1, we can remove all the
+  # PC1 specific cases. That's likely to not happen until the current LTS
+  # (2016.4) is EOL'd. Hopefully also we do not choose to further change these
+  # path structures, as it is no bueno.
+  # --MAS 2017-08-16
+  def artifacts_base_path_and_link_path(platform_tag, path_prefix = 'artifacts')
+    platform, version, architecture = Pkg::Platforms.parse_platform_tag(platform_tag)
+    package_format = Pkg::Platforms.package_format_for_tag(platform_tag)
+
+    case package_format
+    when 'rpm'
+      if repo_name == 'PC1'
+        [File.join(path_prefix, platform, version, repo_name), nil]
+      else
+        [File.join(path_prefix, repo_name), link_name.nil? ? nil : File.join(path_prefix, link_name)]
+      end
+    when 'swix'
+      if repo_name == 'PC1'
+        [File.join(path_prefix, platform, version, repo_name), nil]
+      else
+        [File.join(path_prefix, platform, repo_name), link_name.nil? ? nil : File.join(path_prefix, platform, link_name)]
+      end
+    when 'deb'
+      [File.join(path_prefix, Pkg::Platforms.get_attribute(platform_tag, :codename), repo_name),
+       link_name.nil? ? nil : File.join(path_prefix, Pkg::Platforms.get_attribute(platform_tag, :codename), link_name)]
+    when 'svr4', 'ips'
+      if repo_name == 'PC1'
+        [File.join(path_prefix, 'solaris', repo_name, version), nil]
+      else
+        [File.join(path_prefix, 'solaris', repo_name), link_name.nil? ? nil : File.join(path_prefix, 'solaris', link_name)]
+      end
+    when 'dmg'
+      if repo_name == 'PC1'
+        [File.join(path_prefix, 'mac', version, repo_name), nil]
+      else
+        [File.join(path_prefix, 'mac', repo_name), link_name.nil? ? nil : File.join(path_prefix, 'mac', link_name)]
+      end
+    when 'msi'
+      if repo_name == 'PC1'
+        [File.join(path_prefix, 'windows'), nil]
+      else
+        [File.join(path_prefix, 'windows', repo_name), link_name.nil? ? nil : File.join(path_prefix, 'windows', link_name)]
+      end
+    else
+      raise "Not sure where to find packages with a package format of '#{package_format}'"
+    end
+  end
+
+  # TODO: please please please clean this up
+  # This is so terrible. I really dislike it. But in order to maintain backward
+  # compatibility, we need to maintain these path differences between PC1 and
+  # everything else. Once we stop shipping things to PC1, we can remove all the
+  # PC1 specific cases. That's likely to not happen until the current LTS
+  # (2016.4) is EOL'd. Hopefully also we do not choose to further change these
+  # path structures, as it is no bueno.
+  # --MAS 2017-08-16
+  def artifacts_path(platform_tag, path_prefix = 'artifacts')
+    base_path, _ = artifacts_base_path_and_link_path(platform_tag, path_prefix)
+    platform, version, architecture = Pkg::Platforms.parse_platform_tag(platform_tag)
+    package_format = Pkg::Platforms.package_format_for_tag(platform_tag)
+
+    case package_format
+    when 'rpm'
+      if repo_name == 'PC1'
+        File.join(base_path, architecture)
+      else
+        File.join(base_path, platform, version, architecture)
+      end
+    when 'swix'
+      if repo_name == 'PC1'
+        File.join(base_path, architecture)
+      else
+        File.join(base_path, version, architecture)
+      end
+    when 'deb'
+      base_path
+    when 'svr4', 'ips'
+      if repo_name == 'PC1'
+        base_path
+      else
+        File.join(base_path, version)
+      end
+    when 'dmg'
+      if repo_name == 'PC1'
+        File.join(base_path, architecture)
+      else
+        File.join(base_path, version, architecture)
+      end
+    when 'msi'
+      base_path
+    else
+      raise "Not sure where to find packages with a package format of '#{package_format}'"
+    end
+  end
+
+  def repo_path(platform_tag, options = { :legacy => false })
+    repo_target = repo_name
+    # in legacy packaging methods, there was no consistent way to determine the
+    # repo name. There were separate variables for apt_repo_name and
+    # yum_repo_name. At times, either or both of these were unset, and they had
+    # different defaults. So, for legacy automation we need to just use a splat
+    # and globbing to find our packages.
+    repo_target = '**' if options[:legacy]
+    platform, version, arch = Pkg::Platforms.parse_platform_tag(platform_tag)
+    package_format = Pkg::Platforms.package_format_for_tag(platform_tag)
+
+    case package_format
+    when 'rpm', 'swix'
+      if options[:legacy]
+        File.join('repos', platform, version, repo_target, arch)
+      else
+        File.join('repos', repo_target, platform, version, arch)
+      end
+    when 'deb'
+      File.join('repos', 'apt', Pkg::Platforms.get_attribute(platform_tag, :codename), 'pool', repo_target)
+    when 'svr4', 'ips'
+      if options[:legacy]
+        File.join('repos', 'solaris', version, repo_target)
+      else
+        File.join('repos', 'solaris', repo_target, version)
+      end
+    when 'dmg'
+      if options[:legacy]
+        File.join('repos', 'apple', version, repo_target, arch)
+      else
+        File.join('repos', 'mac', repo_target, version, arch)
+      end
+    when 'msi'
+      if options[:legacy]
+        File.join('repos', 'windows')
+      else
+        File.join('repos', 'windows', repo_target)
+      end
+    else
+      raise "Not sure what to do with a package format of '#{package_format}'"
+    end
+  end
+
+  def repo_config_path(platform_tag)
+    package_format = Pkg::Platforms.package_format_for_tag(platform_tag)
+
+    case package_format
+    when 'rpm'
+      # rpm/pl-puppet-agent-1.2.5-el-5-i386.repo for example
+      File.join('repo_configs', 'rpm', "*#{platform_tag}*.repo")
+    when 'deb'
+      # deb/pl-puppet-agent-1.2.5-jessie.list
+      File.join('repo_configs', 'deb', "*#{Pkg::Platforms.get_attribute(platform_tag, :codename)}*.list")
+    when 'msi', 'swix', 'dmg', 'svr4', 'ips'
+      nil
+    else
+      raise "Not sure what to do with a package format of '#{package_format}'"
+    end
+  end
+end