packaging 0.99.73 → 0.99.78
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/packaging/archive.rb +6 -6
- data/lib/packaging/config.rb +31 -1
- data/lib/packaging/config/params.rb +11 -0
- data/lib/packaging/config/validations.rb +13 -0
- data/lib/packaging/deb/repo.rb +5 -5
- data/lib/packaging/paths.rb +15 -3
- data/lib/packaging/platforms.rb +23 -36
- data/lib/packaging/repo.rb +9 -3
- data/lib/packaging/rpm/repo.rb +4 -4
- data/lib/packaging/sign/dmg.rb +61 -31
- data/lib/packaging/sign/ips.rb +8 -8
- data/lib/packaging/sign/msi.rb +9 -6
- data/lib/packaging/util/net.rb +54 -32
- data/lib/packaging/util/ship.rb +4 -4
- data/spec/lib/packaging/artifactory_spec.rb +11 -11
- data/spec/lib/packaging/config_spec.rb +13 -15
- data/spec/lib/packaging/deb/repo_spec.rb +3 -3
- data/spec/lib/packaging/paths_spec.rb +10 -2
- data/spec/lib/packaging/platforms_spec.rb +15 -15
- data/spec/lib/packaging/repo_spec.rb +1 -1
- data/spec/lib/packaging/retrieve_spec.rb +4 -3
- data/spec/lib/packaging/rpm/repo_spec.rb +3 -3
- data/spec/lib/packaging/sign_spec.rb +0 -2
- data/spec/lib/packaging/util/git_tag_spec.rb +1 -1
- data/spec/lib/packaging/util/net_spec.rb +22 -9
- data/spec/lib/packaging/util/ship_spec.rb +2 -2
- data/tasks/archive.rake +3 -4
- data/tasks/config.rake +5 -0
- data/tasks/education.rake +5 -5
- data/tasks/fetch.rake +17 -14
- data/tasks/gem.rake +0 -10
- data/tasks/nightly_repos.rake +9 -9
- data/tasks/pe_ship.rake +11 -19
- data/tasks/ship.rake +35 -45
- data/tasks/sign.rake +3 -3
- metadata +21 -20
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0340bf3301e12ac79afefe26c69ef76c9b826e03804d114fa00be1e94c558214
|
4
|
+
data.tar.gz: d79eb4d7206d75e38011f783890e8288f4ee12dfefba2c990e511ccbe508e847
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 25a54450f869fc920f1308d6446b255ebc9571397df63323d242f0270072a72f68d8febb44feb07c7e12d780656b0d18349f7f389a54bbdf54f970990b2451fb
|
7
|
+
data.tar.gz: 63ba12e182757008a631ee76551aa43570b97c5ba96787d83dbe1d5b3b5b5808a3a2fb9c2e26e1252febbad15855c4463c1fe531ffbc0dc7604ec9a79a2e52d5
|
data/README.md
CHANGED
@@ -404,7 +404,7 @@ deb_build_mirrors:
|
|
404
404
|
# Who is packaging. Turns up in various packaging artifacts
|
405
405
|
packager: 'puppetlabs'
|
406
406
|
# GPG key ID of the signer
|
407
|
-
gpg_key: '
|
407
|
+
gpg_key: '4528B6CD9E61EF26'
|
408
408
|
# Whether to require tarball signing as a prerequisite of other package building
|
409
409
|
sign_tar: false
|
410
410
|
# a space separated list of mock configs. These are the rpm distributions to package for. If a noarch package, only one arch of each is needed.
|
data/lib/packaging/archive.rb
CHANGED
@@ -33,7 +33,7 @@ module Pkg::Archive
|
|
33
33
|
sudo chmod g+w -R #{Pkg::Config.yum_archive_path}
|
34
34
|
mv #{full_directory} #{archive_path}
|
35
35
|
CMD
|
36
|
-
Pkg::Util::Net.
|
36
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, command)
|
37
37
|
end
|
38
38
|
|
39
39
|
# Move directories from freight path (aka repo staging path) to archive staging paths
|
@@ -60,7 +60,7 @@ module Pkg::Archive
|
|
60
60
|
mv $pool_directory /opt/tmp-apt
|
61
61
|
done
|
62
62
|
CMD
|
63
|
-
Pkg::Util::Net.
|
63
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, command)
|
64
64
|
end
|
65
65
|
|
66
66
|
# Move downloads directories to archive staging path
|
@@ -85,7 +85,7 @@ module Pkg::Archive
|
|
85
85
|
sudo chmod g+w -R #{Pkg::Config.downloads_archive_path}
|
86
86
|
mv #{full_directory} #{archive_path}
|
87
87
|
CMD
|
88
|
-
Pkg::Util::Net.
|
88
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, command)
|
89
89
|
end
|
90
90
|
|
91
91
|
# Delete empty directories from repo paths on weth
|
@@ -104,7 +104,7 @@ module Pkg::Archive
|
|
104
104
|
fi
|
105
105
|
done
|
106
106
|
CMD
|
107
|
-
Pkg::Util::Net.
|
107
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, command)
|
108
108
|
end
|
109
109
|
end
|
110
110
|
|
@@ -112,7 +112,7 @@ module Pkg::Archive
|
|
112
112
|
def remove_dead_symlinks
|
113
113
|
base_paths.each do |path|
|
114
114
|
command = "find #{path} -xtype l -delete"
|
115
|
-
Pkg::Util::Net.
|
115
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, command)
|
116
116
|
end
|
117
117
|
end
|
118
118
|
|
@@ -120,7 +120,7 @@ module Pkg::Archive
|
|
120
120
|
def delete_staged_archives
|
121
121
|
archive_paths.each do |archive_path|
|
122
122
|
command = "sudo rm -rf #{File.join(archive_path, '*')}"
|
123
|
-
Pkg::Util::Net.
|
123
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, command)
|
124
124
|
end
|
125
125
|
end
|
126
126
|
end
|
data/lib/packaging/config.rb
CHANGED
@@ -6,6 +6,7 @@ module Pkg
|
|
6
6
|
#
|
7
7
|
class Config
|
8
8
|
require 'packaging/config/params.rb'
|
9
|
+
require 'packaging/config/validations.rb'
|
9
10
|
require 'yaml'
|
10
11
|
|
11
12
|
class << self
|
@@ -80,7 +81,11 @@ module Pkg
|
|
80
81
|
dir = "/opt/jenkins-builds/#{self.project}/#{self.ref}"
|
81
82
|
cmd = "if [ -s \"#{dir}/artifacts\" ]; then cd #{dir};"\
|
82
83
|
"find ./artifacts/ -mindepth 2 -type f; fi"
|
83
|
-
artifacts, _ = Pkg::Util::Net.
|
84
|
+
artifacts, _ = Pkg::Util::Net.remote_execute(
|
85
|
+
self.builds_server,
|
86
|
+
cmd,
|
87
|
+
{ capture_output: true }
|
88
|
+
)
|
84
89
|
|
85
90
|
artifacts = artifacts.split("\n")
|
86
91
|
data = {}
|
@@ -389,6 +394,31 @@ module Pkg
|
|
389
394
|
end
|
390
395
|
end
|
391
396
|
|
397
|
+
##
|
398
|
+
# Ask for validation of BUILD_PARAMS
|
399
|
+
#
|
400
|
+
# Issued as warnings initially but the intent is to turn this into
|
401
|
+
# a failure.
|
402
|
+
#
|
403
|
+
def perform_validations
|
404
|
+
error_count = 0
|
405
|
+
Pkg::Params::VALIDATIONS.each do |v|
|
406
|
+
variable_name = v[:var]
|
407
|
+
variable_value = self.instance_variable_get("@#{v[:var]}")
|
408
|
+
validations = v[:validations]
|
409
|
+
validations.each do |validation|
|
410
|
+
unless Pkg::ConfigValidations.send(validation, variable_value)
|
411
|
+
warn "Warning: variable \"#{variable_name}\" failed validation \"#{validation}\""
|
412
|
+
error_count += 1
|
413
|
+
end
|
414
|
+
end
|
415
|
+
end
|
416
|
+
|
417
|
+
if error_count != 0
|
418
|
+
warn "Warning: #{error_count} validation failure(s)."
|
419
|
+
end
|
420
|
+
end
|
421
|
+
|
392
422
|
def string_to_array(str)
|
393
423
|
delimiters = /[,\s;]/
|
394
424
|
return str if str.respond_to?('each')
|
@@ -363,6 +363,7 @@ module Pkg::Params
|
|
363
363
|
{ :oldvar => :yum_host, :newvar => :tar_host },
|
364
364
|
]
|
365
365
|
|
366
|
+
|
366
367
|
# These are variables that we have deprecated. If they are encountered in a
|
367
368
|
# project's config, we issue deprecations for them.
|
368
369
|
#
|
@@ -373,4 +374,14 @@ module Pkg::Params
|
|
373
374
|
{ :var => :gpg_name, :message => "
|
374
375
|
DEPRECATED, 29-Jul-2014: 'gpg_name' has been replaced with 'gpg_key'.
|
375
376
|
Please update this field in your build_defaults.yaml" }]
|
377
|
+
|
378
|
+
# Provide an open-ended template for validating BUILD_PARAMS.
|
379
|
+
#
|
380
|
+
# Each validatation contains the variable name as ':var' and a list of validations it
|
381
|
+
# must pass from the Pkg::Params::Validations class.
|
382
|
+
#
|
383
|
+
VALIDATIONS = [
|
384
|
+
{ :var => :project, :validations => [:not_empty?] }
|
385
|
+
]
|
386
|
+
|
376
387
|
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
module Pkg
|
2
|
+
class ConfigValidations
|
3
|
+
|
4
|
+
class << self
|
5
|
+
|
6
|
+
# As a validation, this one is kindof lame but is intended as a seed pattern for possibly
|
7
|
+
# more robust ones.
|
8
|
+
def not_empty?(value)
|
9
|
+
value.to_s.empty? ? false : true
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
data/lib/packaging/deb/repo.rb
CHANGED
@@ -125,7 +125,7 @@ Description: Apt repository for acceptance testing" >> conf/distributions ; )
|
|
125
125
|
command = repo_creation_command(File.join(artifact_directory, 'repos'), artifact_paths)
|
126
126
|
|
127
127
|
begin
|
128
|
-
Pkg::Util::Net.
|
128
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.distribution_server, command)
|
129
129
|
# Now that we've created our package repositories, we can generate repo
|
130
130
|
# configurations for use with downstream jobs, acceptance clients, etc.
|
131
131
|
Pkg::Deb::Repo.generate_repo_configs
|
@@ -134,7 +134,7 @@ Description: Apt repository for acceptance testing" >> conf/distributions ; )
|
|
134
134
|
Pkg::Deb::Repo.ship_repo_configs
|
135
135
|
ensure
|
136
136
|
# Always remove the lock file, even if we've failed
|
137
|
-
Pkg::Util::Net.
|
137
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.distribution_server, "rm -f #{artifact_directory}/repos/.lock")
|
138
138
|
end
|
139
139
|
end
|
140
140
|
|
@@ -146,7 +146,7 @@ Description: Apt repository for acceptance testing" >> conf/distributions ; )
|
|
146
146
|
|
147
147
|
Pkg::Util::RakeUtils.invoke_task("pl:fetch")
|
148
148
|
repo_dir = "#{Pkg::Config.jenkins_repo_path}/#{Pkg::Config.project}/#{Pkg::Config.ref}/#{target}/deb"
|
149
|
-
Pkg::Util::Net.
|
149
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.distribution_server, "mkdir -p #{repo_dir}")
|
150
150
|
Pkg::Util::Execution.retry_on_fail(:times => 3) do
|
151
151
|
Pkg::Util::Net.rsync_to("pkg/#{target}/deb/", Pkg::Config.distribution_server, repo_dir)
|
152
152
|
end
|
@@ -252,11 +252,11 @@ SignWith: #{Pkg::Config.gpg_key}"
|
|
252
252
|
rsync_command = repo_deployment_command(apt_path, destination_staging_path, destination_server, dryrun)
|
253
253
|
cp_command = repo_deployment_command(destination_staging_path, apt_path, nil, dryrun)
|
254
254
|
|
255
|
-
Pkg::Util::Net.
|
255
|
+
Pkg::Util::Net.remote_execute(origin_server, rsync_command)
|
256
256
|
if dryrun
|
257
257
|
puts "[DRYRUN] not executing #{cp_command} on #{destination_server}"
|
258
258
|
else
|
259
|
-
Pkg::Util::Net.
|
259
|
+
Pkg::Util::Net.remote_execute(destination_server, cp_command)
|
260
260
|
end
|
261
261
|
end
|
262
262
|
|
data/lib/packaging/paths.rb
CHANGED
@@ -16,9 +16,9 @@ module Pkg::Paths
|
|
16
16
|
if source_formats.find { |fmt| path =~ /#{fmt}$/ }
|
17
17
|
return Pkg::Platforms.get_attribute_for_platform_version(platform, version, :source_architecture)
|
18
18
|
end
|
19
|
-
arches.find { |a| path.include?(a) } || arches[0]
|
19
|
+
arches.find { |a| path.include?(package_arch(platform, a)) } || arches[0]
|
20
20
|
rescue
|
21
|
-
arches.find { |a| path.include?(a) } || arches[0]
|
21
|
+
arches.find { |a| path.include?(package_arch(platform, a)) } || arches[0]
|
22
22
|
end
|
23
23
|
|
24
24
|
# Given a path to an artifact, divine the appropriate platform tag associated
|
@@ -322,7 +322,8 @@ module Pkg::Paths
|
|
322
322
|
if %w(puppet7 puppet7-nightly
|
323
323
|
puppet6 puppet6-nightly
|
324
324
|
puppet5 puppet5-nightly
|
325
|
-
puppet
|
325
|
+
puppet puppet-nightly
|
326
|
+
puppet-tools).include? repo_name
|
326
327
|
return File.join(remote_repo_path, 'pool', code_name, repo_name, project[0], project)
|
327
328
|
end
|
328
329
|
|
@@ -361,4 +362,15 @@ module Pkg::Paths
|
|
361
362
|
return base_component if component_qualifier == 'repos'
|
362
363
|
return full_component
|
363
364
|
end
|
365
|
+
|
366
|
+
#for ubuntu-20.04-aarch64, debian package architecture is arm64
|
367
|
+
def package_arch(platform, arch)
|
368
|
+
if platform == 'ubuntu' && arch == 'aarch64'
|
369
|
+
return 'arm64'
|
370
|
+
end
|
371
|
+
arch
|
372
|
+
end
|
373
|
+
|
374
|
+
private :package_arch
|
375
|
+
|
364
376
|
end
|
data/lib/packaging/platforms.rb
CHANGED
@@ -12,13 +12,6 @@ module Pkg
|
|
12
12
|
# Each element in this hash
|
13
13
|
PLATFORM_INFO = {
|
14
14
|
'aix' => {
|
15
|
-
'6.1' => {
|
16
|
-
architectures: ['power'],
|
17
|
-
source_architecture: 'SRPMS',
|
18
|
-
package_format: 'rpm',
|
19
|
-
source_package_formats: ['src.rpm'],
|
20
|
-
repo: false,
|
21
|
-
},
|
22
15
|
'7.1' => {
|
23
16
|
architectures: ['power'],
|
24
17
|
source_architecture: 'SRPMS',
|
@@ -28,25 +21,6 @@ module Pkg
|
|
28
21
|
},
|
29
22
|
},
|
30
23
|
|
31
|
-
'cisco-wrlinux' => {
|
32
|
-
'5' => {
|
33
|
-
architectures: ['x86_64'],
|
34
|
-
source_architecture: 'SRPMS',
|
35
|
-
package_format: 'rpm',
|
36
|
-
source_package_formats: ['src.rpm'],
|
37
|
-
signature_format: 'v4',
|
38
|
-
repo: true,
|
39
|
-
},
|
40
|
-
'7' => {
|
41
|
-
architectures: ['x86_64'],
|
42
|
-
source_architecture: 'SRPMS',
|
43
|
-
package_format: 'rpm',
|
44
|
-
source_package_formats: ['src.rpm'],
|
45
|
-
signature_format: 'v4',
|
46
|
-
repo: true,
|
47
|
-
},
|
48
|
-
},
|
49
|
-
|
50
24
|
'debian' => {
|
51
25
|
'8' => {
|
52
26
|
codename: 'jessie',
|
@@ -72,6 +46,14 @@ module Pkg
|
|
72
46
|
source_package_formats: DEBIAN_SOURCE_FORMATS,
|
73
47
|
repo: true,
|
74
48
|
},
|
49
|
+
'11' => {
|
50
|
+
codename: 'bullseye',
|
51
|
+
architectures: ['amd64'],
|
52
|
+
source_architecture: 'source',
|
53
|
+
package_format: 'deb',
|
54
|
+
source_package_formats: DEBIAN_SOURCE_FORMATS,
|
55
|
+
repo: true,
|
56
|
+
},
|
75
57
|
},
|
76
58
|
|
77
59
|
'el' => {
|
@@ -100,7 +82,7 @@ module Pkg
|
|
100
82
|
repo: true,
|
101
83
|
},
|
102
84
|
'8' => {
|
103
|
-
architectures: ['x86_64', 'aarch64'],
|
85
|
+
architectures: ['x86_64', 'ppc64le', 'aarch64'],
|
104
86
|
source_architecture: 'SRPMS',
|
105
87
|
package_format: 'rpm',
|
106
88
|
source_package_formats: ['src.rpm'],
|
@@ -109,14 +91,6 @@ module Pkg
|
|
109
91
|
}
|
110
92
|
},
|
111
93
|
|
112
|
-
'eos' => {
|
113
|
-
'4' => {
|
114
|
-
architectures: ['i386'],
|
115
|
-
package_format: 'swix',
|
116
|
-
repo: false,
|
117
|
-
},
|
118
|
-
},
|
119
|
-
|
120
94
|
'fedora' => {
|
121
95
|
'30' => {
|
122
96
|
architectures: ['x86_64'],
|
@@ -142,6 +116,14 @@ module Pkg
|
|
142
116
|
signature_format: 'v4',
|
143
117
|
repo: true,
|
144
118
|
},
|
119
|
+
'34' => {
|
120
|
+
architectures: ['x86_64'],
|
121
|
+
source_architecture: 'SRPMS',
|
122
|
+
package_format: 'rpm',
|
123
|
+
source_package_formats: ['src.rpm'],
|
124
|
+
signature_format: 'v4',
|
125
|
+
repo: true,
|
126
|
+
},
|
145
127
|
},
|
146
128
|
|
147
129
|
'osx' => {
|
@@ -160,6 +142,11 @@ module Pkg
|
|
160
142
|
package_format: 'dmg',
|
161
143
|
repo: false,
|
162
144
|
},
|
145
|
+
'11' => {
|
146
|
+
architectures: ['x86_64'],
|
147
|
+
package_format: 'dmg',
|
148
|
+
repo: false,
|
149
|
+
},
|
163
150
|
},
|
164
151
|
|
165
152
|
'redhatfips' => {
|
@@ -248,7 +235,7 @@ module Pkg
|
|
248
235
|
},
|
249
236
|
'20.04' => {
|
250
237
|
codename: 'focal',
|
251
|
-
architectures: ['amd64'],
|
238
|
+
architectures: ['amd64', 'aarch64'],
|
252
239
|
source_architecture: 'source',
|
253
240
|
package_format: 'deb',
|
254
241
|
source_package_formats: DEBIAN_SOURCE_FORMATS,
|
data/lib/packaging/repo.rb
CHANGED
@@ -110,7 +110,11 @@ module Pkg::Repo
|
|
110
110
|
cmd = "[ -d #{artifact_directory} ] || exit 1 ; "
|
111
111
|
cmd << "pushd #{artifact_directory} > /dev/null && "
|
112
112
|
cmd << "find . -name '*.#{pkg_ext}' -print0 | xargs --no-run-if-empty -0 -I {} dirname {} "
|
113
|
-
stdout,
|
113
|
+
stdout, _ = Pkg::Util::Net.remote_execute(
|
114
|
+
Pkg::Config.distribution_server,
|
115
|
+
cmd,
|
116
|
+
{ capture_output: true }
|
117
|
+
)
|
114
118
|
return stdout.split
|
115
119
|
rescue => e
|
116
120
|
fail "Error: Could not retrieve directories that contain #{pkg_ext} packages in #{Pkg::Config.distribution_server}:#{artifact_directory}"
|
@@ -120,7 +124,7 @@ module Pkg::Repo
|
|
120
124
|
cmd = "[ -d #{artifact_parent_directory}/artifacts ] || exit 1 ; "
|
121
125
|
cmd << "pushd #{artifact_parent_directory} > /dev/null && "
|
122
126
|
cmd << 'rsync --archive --verbose --one-file-system --ignore-existing artifacts/ repos/ '
|
123
|
-
Pkg::Util::Net.
|
127
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.distribution_server, cmd)
|
124
128
|
rescue => e
|
125
129
|
fail "Error: Could not populate repos directory in #{Pkg::Config.distribution_server}:#{artifact_parent_directory}"
|
126
130
|
end
|
@@ -143,7 +147,9 @@ module Pkg::Repo
|
|
143
147
|
__APT_PLATFORMS__: Pkg::Config.apt_releases.join(' '),
|
144
148
|
__GPG_KEY__: Pkg::Util::Gpg.key
|
145
149
|
}
|
146
|
-
Pkg::Util::Net.
|
150
|
+
Pkg::Util::Net.remote_execute(
|
151
|
+
remote_host,
|
152
|
+
Pkg::Util::Misc.search_and_replace(command, whitelist))
|
147
153
|
end
|
148
154
|
end
|
149
155
|
end
|
data/lib/packaging/rpm/repo.rb
CHANGED
@@ -16,7 +16,7 @@ module Pkg::Rpm::Repo
|
|
16
16
|
|
17
17
|
Pkg::Util::RakeUtils.invoke_task("pl:fetch")
|
18
18
|
repo_dir = "#{Pkg::Config.jenkins_repo_path}/#{Pkg::Config.project}/#{Pkg::Config.ref}/#{target}/rpm"
|
19
|
-
Pkg::Util::Net.
|
19
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.distribution_server, "mkdir -p #{repo_dir}")
|
20
20
|
Pkg::Util::Execution.retry_on_fail(:times => 3) do
|
21
21
|
Pkg::Util::Net.rsync_to("pkg/#{target}/rpm/", Pkg::Config.distribution_server, repo_dir)
|
22
22
|
end
|
@@ -215,7 +215,7 @@ module Pkg::Rpm::Repo
|
|
215
215
|
command = Pkg::Rpm::Repo.repo_creation_command(File.join(artifact_directory, directory), artifact_paths)
|
216
216
|
|
217
217
|
begin
|
218
|
-
Pkg::Util::Net.
|
218
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.distribution_server, command)
|
219
219
|
# Now that we've created our package repositories, we can generate repo
|
220
220
|
# configurations for use with downstream jobs, acceptance clients, etc.
|
221
221
|
Pkg::Rpm::Repo.generate_repo_configs
|
@@ -224,7 +224,7 @@ module Pkg::Rpm::Repo
|
|
224
224
|
Pkg::Rpm::Repo.ship_repo_configs
|
225
225
|
ensure
|
226
226
|
# Always remove the lock file, even if we've failed
|
227
|
-
Pkg::Util::Net.
|
227
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.distribution_server, "rm -f #{artifact_directory}/repos/.lock")
|
228
228
|
end
|
229
229
|
end
|
230
230
|
|
@@ -248,7 +248,7 @@ module Pkg::Rpm::Repo
|
|
248
248
|
def deploy_repos(yum_path, origin_server, destination_server, dryrun = false)
|
249
249
|
rsync_command = repo_deployment_command(yum_path, yum_path, destination_server, dryrun)
|
250
250
|
|
251
|
-
Pkg::Util::Net.
|
251
|
+
Pkg::Util::Net.remote_execute(origin_server, rsync_command)
|
252
252
|
end
|
253
253
|
end
|
254
254
|
end
|
data/lib/packaging/sign/dmg.rb
CHANGED
@@ -1,41 +1,71 @@
|
|
1
1
|
module Pkg::Sign::Dmg
|
2
2
|
module_function
|
3
3
|
|
4
|
-
def sign(
|
5
|
-
use_identity =
|
6
|
-
|
7
|
-
|
8
|
-
host_string = "#{Pkg::Config.osx_signing_server}"
|
9
|
-
else
|
10
|
-
host_string = "#{ENV['USER']}@#{Pkg::Config.osx_signing_server}"
|
4
|
+
def sign(pkg_directory = 'pkg')
|
5
|
+
use_identity = ''
|
6
|
+
unless Pkg::Config.osx_signing_ssh_key.nil?
|
7
|
+
use_identity = "-i #{Pkg::Config.osx_signing_ssh_key}"
|
11
8
|
end
|
9
|
+
|
10
|
+
host_string = "#{ENV['USER']}@#{Pkg::Config.osx_signing_server}"
|
11
|
+
host_string = "#{Pkg::Config.osx_signing_server}" if Pkg::Config.osx_signing_server =~ /@/
|
12
|
+
|
12
13
|
ssh_host_string = "#{use_identity} #{host_string}"
|
13
14
|
rsync_host_string = "-e 'ssh #{use_identity}' #{host_string}"
|
14
15
|
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
dmgs = Dir.glob("#{
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
16
|
+
remote_working_directory = "/tmp/#{Pkg::Util.rand_string}"
|
17
|
+
dmg_mount_point = File.join(remote_working_directory, "mount")
|
18
|
+
signed_items_directory = File.join(remote_working_directory, "signed")
|
19
|
+
|
20
|
+
dmgs = Dir.glob("#{pkg_directory}/{apple,mac,osx}/**/*.dmg")
|
21
|
+
if dmgs.empty?
|
22
|
+
$stderr.puts "Error: no dmgs found in #{pkg_directory}/{apple,mac,osx}."
|
23
|
+
exit 1
|
24
|
+
end
|
25
|
+
|
26
|
+
dmg_basenames = dmgs.map { |d| File.basename(d, '.dmg') }.join(' ')
|
27
|
+
|
28
|
+
sign_package_command = %W[
|
29
|
+
for dmg in #{dmg_basenames}; do
|
30
|
+
/usr/bin/hdiutil attach #{remote_working_directory}/$dmg.dmg
|
31
|
+
-mountpoint #{dmg_mount_point} -nobrowse -quiet ;
|
32
|
+
|
33
|
+
/usr/bin/security -q unlock-keychain
|
34
|
+
-p "#{Pkg::Config.osx_signing_keychain_pw}" "#{Pkg::Config.osx_signing_keychain}" ;
|
35
|
+
|
36
|
+
for pkg in #{dmg_mount_point}/*.pkg; do
|
37
|
+
pkg_basename=$(basename $pkg) ;
|
38
|
+
if /usr/sbin/pkgutil --check-signature $pkg ; then
|
39
|
+
echo "Warning: $pkg is already signed, skipping" ;
|
40
|
+
cp $pkg #{signed_items_directory}/$pkg_basename ;
|
41
|
+
continue ;
|
42
|
+
fi ;
|
43
|
+
|
44
|
+
/usr/bin/productsign --keychain "#{Pkg::Config.osx_signing_keychain}"
|
45
|
+
--sign "#{Pkg::Config.osx_signing_cert}"
|
46
|
+
$pkg #{signed_items_directory}/$pkg_basename ;
|
47
|
+
done ;
|
48
|
+
|
49
|
+
/usr/bin/hdiutil detach #{dmg_mount_point} -quiet ;
|
50
|
+
/bin/rm #{remote_working_directory}/$dmg.dmg ;
|
51
|
+
/usr/bin/hdiutil create -volname $dmg
|
52
|
+
-srcfolder #{signed_items_directory}/ #{remote_working_directory}/$dmg.dmg ;
|
53
|
+
/bin/rm #{signed_items_directory}/* ;
|
54
|
+
done
|
55
|
+
].join(' ')
|
56
|
+
|
57
|
+
Pkg::Util::Net.remote_execute(ssh_host_string,
|
58
|
+
"mkdir -p #{dmg_mount_point} #{signed_items_directory}")
|
59
|
+
|
60
|
+
Pkg::Util::Net.rsync_to(dmgs.join(' '), rsync_host_string, remote_working_directory)
|
61
|
+
|
62
|
+
Pkg::Util::Net.remote_execute(ssh_host_string, sign_package_command)
|
63
|
+
|
64
|
+
dmgs.each do |dmg|
|
65
|
+
Pkg::Util::Net.rsync_from(
|
66
|
+
"#{remote_working_directory}/#{File.basename(dmg)}", rsync_host_string, File.dirname(dmg))
|
38
67
|
end
|
39
|
-
|
68
|
+
|
69
|
+
Pkg::Util::Net.remote_execute(ssh_host_string, "rm -rf '#{remote_working_directory}'")
|
40
70
|
end
|
41
71
|
end
|