packaging 0.99.76 → 0.99.80
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/packaging/archive.rb +6 -6
- data/lib/packaging/artifactory.rb +0 -2
- data/lib/packaging/config.rb +5 -1
- data/lib/packaging/config/params.rb +1 -0
- data/lib/packaging/deb/repo.rb +5 -5
- data/lib/packaging/platforms.rb +22 -35
- data/lib/packaging/repo.rb +9 -3
- data/lib/packaging/rpm/repo.rb +4 -4
- data/lib/packaging/sign/dmg.rb +68 -30
- data/lib/packaging/sign/ips.rb +8 -8
- data/lib/packaging/sign/msi.rb +7 -3
- data/lib/packaging/util/net.rb +53 -31
- data/lib/packaging/util/ship.rb +4 -4
- data/spec/lib/packaging/artifactory_spec.rb +11 -11
- data/spec/lib/packaging/config_spec.rb +14 -15
- data/spec/lib/packaging/deb/repo_spec.rb +3 -3
- data/spec/lib/packaging/paths_spec.rb +8 -2
- data/spec/lib/packaging/platforms_spec.rb +15 -15
- data/spec/lib/packaging/repo_spec.rb +1 -1
- data/spec/lib/packaging/retrieve_spec.rb +4 -3
- data/spec/lib/packaging/rpm/repo_spec.rb +3 -3
- data/spec/lib/packaging/sign_spec.rb +0 -2
- data/spec/lib/packaging/util/net_spec.rb +22 -9
- data/spec/lib/packaging/util/ship_spec.rb +2 -2
- data/tasks/archive.rake +3 -4
- data/tasks/education.rake +5 -5
- data/tasks/gem.rake +17 -16
- data/tasks/nightly_repos.rake +9 -9
- data/tasks/pe_ship.rake +11 -19
- data/tasks/ship.rake +36 -18
- data/tasks/sign.rake +3 -3
- metadata +18 -18
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3c641cdc322d55fe7c595fb4802ababf87830fe6a63a852f3acf291b601deeed
|
4
|
+
data.tar.gz: 39d19f13de74f2736b3aa8efcd9519345a81ee056f33ae7f1960cecc40e7d896
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 690143636f97cba9f3a97918c60dd1f875b2b0a84eada68ae456f3b7c71a0295fcf38fcafcaf1584237ce2dbec6b3c4c8350e4e0d4112ac60f5c1f057ddd27ed
|
7
|
+
data.tar.gz: 3cfd026361b7b485eaffc9e9bb1ec8c0a2a296300631d3399f9edb3ee8d2e59a4cf3866cd0f1f7243f70f9ff15b3dc2b372477426ebf55fe5657362f531a76c9
|
data/lib/packaging/archive.rb
CHANGED
@@ -33,7 +33,7 @@ module Pkg::Archive
|
|
33
33
|
sudo chmod g+w -R #{Pkg::Config.yum_archive_path}
|
34
34
|
mv #{full_directory} #{archive_path}
|
35
35
|
CMD
|
36
|
-
Pkg::Util::Net.
|
36
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, command)
|
37
37
|
end
|
38
38
|
|
39
39
|
# Move directories from freight path (aka repo staging path) to archive staging paths
|
@@ -60,7 +60,7 @@ module Pkg::Archive
|
|
60
60
|
mv $pool_directory /opt/tmp-apt
|
61
61
|
done
|
62
62
|
CMD
|
63
|
-
Pkg::Util::Net.
|
63
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, command)
|
64
64
|
end
|
65
65
|
|
66
66
|
# Move downloads directories to archive staging path
|
@@ -85,7 +85,7 @@ module Pkg::Archive
|
|
85
85
|
sudo chmod g+w -R #{Pkg::Config.downloads_archive_path}
|
86
86
|
mv #{full_directory} #{archive_path}
|
87
87
|
CMD
|
88
|
-
Pkg::Util::Net.
|
88
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, command)
|
89
89
|
end
|
90
90
|
|
91
91
|
# Delete empty directories from repo paths on weth
|
@@ -104,7 +104,7 @@ module Pkg::Archive
|
|
104
104
|
fi
|
105
105
|
done
|
106
106
|
CMD
|
107
|
-
Pkg::Util::Net.
|
107
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, command)
|
108
108
|
end
|
109
109
|
end
|
110
110
|
|
@@ -112,7 +112,7 @@ module Pkg::Archive
|
|
112
112
|
def remove_dead_symlinks
|
113
113
|
base_paths.each do |path|
|
114
114
|
command = "find #{path} -xtype l -delete"
|
115
|
-
Pkg::Util::Net.
|
115
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, command)
|
116
116
|
end
|
117
117
|
end
|
118
118
|
|
@@ -120,7 +120,7 @@ module Pkg::Archive
|
|
120
120
|
def delete_staged_archives
|
121
121
|
archive_paths.each do |archive_path|
|
122
122
|
command = "sudo rm -rf #{File.join(archive_path, '*')}"
|
123
|
-
Pkg::Util::Net.
|
123
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.staging_server, command)
|
124
124
|
end
|
125
125
|
end
|
126
126
|
end
|
@@ -224,8 +224,6 @@ module Pkg
|
|
224
224
|
deploy_properties(platform_tag, File.basename(package)),
|
225
225
|
headers
|
226
226
|
)
|
227
|
-
rescue
|
228
|
-
raise "Attempt to upload '#{package}' to #{File.join(@artifactory_uri, data[:full_artifactory_path])} failed"
|
229
227
|
end
|
230
228
|
|
231
229
|
# @param pkg [String] The package to download YAML for
|
data/lib/packaging/config.rb
CHANGED
@@ -81,7 +81,11 @@ module Pkg
|
|
81
81
|
dir = "/opt/jenkins-builds/#{self.project}/#{self.ref}"
|
82
82
|
cmd = "if [ -s \"#{dir}/artifacts\" ]; then cd #{dir};"\
|
83
83
|
"find ./artifacts/ -mindepth 2 -type f; fi"
|
84
|
-
artifacts, _ = Pkg::Util::Net.
|
84
|
+
artifacts, _ = Pkg::Util::Net.remote_execute(
|
85
|
+
self.builds_server,
|
86
|
+
cmd,
|
87
|
+
{ capture_output: true }
|
88
|
+
)
|
85
89
|
|
86
90
|
artifacts = artifacts.split("\n")
|
87
91
|
data = {}
|
data/lib/packaging/deb/repo.rb
CHANGED
@@ -125,7 +125,7 @@ Description: Apt repository for acceptance testing" >> conf/distributions ; )
|
|
125
125
|
command = repo_creation_command(File.join(artifact_directory, 'repos'), artifact_paths)
|
126
126
|
|
127
127
|
begin
|
128
|
-
Pkg::Util::Net.
|
128
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.distribution_server, command)
|
129
129
|
# Now that we've created our package repositories, we can generate repo
|
130
130
|
# configurations for use with downstream jobs, acceptance clients, etc.
|
131
131
|
Pkg::Deb::Repo.generate_repo_configs
|
@@ -134,7 +134,7 @@ Description: Apt repository for acceptance testing" >> conf/distributions ; )
|
|
134
134
|
Pkg::Deb::Repo.ship_repo_configs
|
135
135
|
ensure
|
136
136
|
# Always remove the lock file, even if we've failed
|
137
|
-
Pkg::Util::Net.
|
137
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.distribution_server, "rm -f #{artifact_directory}/repos/.lock")
|
138
138
|
end
|
139
139
|
end
|
140
140
|
|
@@ -146,7 +146,7 @@ Description: Apt repository for acceptance testing" >> conf/distributions ; )
|
|
146
146
|
|
147
147
|
Pkg::Util::RakeUtils.invoke_task("pl:fetch")
|
148
148
|
repo_dir = "#{Pkg::Config.jenkins_repo_path}/#{Pkg::Config.project}/#{Pkg::Config.ref}/#{target}/deb"
|
149
|
-
Pkg::Util::Net.
|
149
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.distribution_server, "mkdir -p #{repo_dir}")
|
150
150
|
Pkg::Util::Execution.retry_on_fail(:times => 3) do
|
151
151
|
Pkg::Util::Net.rsync_to("pkg/#{target}/deb/", Pkg::Config.distribution_server, repo_dir)
|
152
152
|
end
|
@@ -252,11 +252,11 @@ SignWith: #{Pkg::Config.gpg_key}"
|
|
252
252
|
rsync_command = repo_deployment_command(apt_path, destination_staging_path, destination_server, dryrun)
|
253
253
|
cp_command = repo_deployment_command(destination_staging_path, apt_path, nil, dryrun)
|
254
254
|
|
255
|
-
Pkg::Util::Net.
|
255
|
+
Pkg::Util::Net.remote_execute(origin_server, rsync_command)
|
256
256
|
if dryrun
|
257
257
|
puts "[DRYRUN] not executing #{cp_command} on #{destination_server}"
|
258
258
|
else
|
259
|
-
Pkg::Util::Net.
|
259
|
+
Pkg::Util::Net.remote_execute(destination_server, cp_command)
|
260
260
|
end
|
261
261
|
end
|
262
262
|
|
data/lib/packaging/platforms.rb
CHANGED
@@ -12,13 +12,6 @@ module Pkg
|
|
12
12
|
# Each element in this hash
|
13
13
|
PLATFORM_INFO = {
|
14
14
|
'aix' => {
|
15
|
-
'6.1' => {
|
16
|
-
architectures: ['power'],
|
17
|
-
source_architecture: 'SRPMS',
|
18
|
-
package_format: 'rpm',
|
19
|
-
source_package_formats: ['src.rpm'],
|
20
|
-
repo: false,
|
21
|
-
},
|
22
15
|
'7.1' => {
|
23
16
|
architectures: ['power'],
|
24
17
|
source_architecture: 'SRPMS',
|
@@ -28,25 +21,6 @@ module Pkg
|
|
28
21
|
},
|
29
22
|
},
|
30
23
|
|
31
|
-
'cisco-wrlinux' => {
|
32
|
-
'5' => {
|
33
|
-
architectures: ['x86_64'],
|
34
|
-
source_architecture: 'SRPMS',
|
35
|
-
package_format: 'rpm',
|
36
|
-
source_package_formats: ['src.rpm'],
|
37
|
-
signature_format: 'v4',
|
38
|
-
repo: true,
|
39
|
-
},
|
40
|
-
'7' => {
|
41
|
-
architectures: ['x86_64'],
|
42
|
-
source_architecture: 'SRPMS',
|
43
|
-
package_format: 'rpm',
|
44
|
-
source_package_formats: ['src.rpm'],
|
45
|
-
signature_format: 'v4',
|
46
|
-
repo: true,
|
47
|
-
},
|
48
|
-
},
|
49
|
-
|
50
24
|
'debian' => {
|
51
25
|
'8' => {
|
52
26
|
codename: 'jessie',
|
@@ -72,6 +46,14 @@ module Pkg
|
|
72
46
|
source_package_formats: DEBIAN_SOURCE_FORMATS,
|
73
47
|
repo: true,
|
74
48
|
},
|
49
|
+
'11' => {
|
50
|
+
codename: 'bullseye',
|
51
|
+
architectures: ['amd64'],
|
52
|
+
source_architecture: 'source',
|
53
|
+
package_format: 'deb',
|
54
|
+
source_package_formats: DEBIAN_SOURCE_FORMATS,
|
55
|
+
repo: true,
|
56
|
+
},
|
75
57
|
},
|
76
58
|
|
77
59
|
'el' => {
|
@@ -109,14 +91,6 @@ module Pkg
|
|
109
91
|
}
|
110
92
|
},
|
111
93
|
|
112
|
-
'eos' => {
|
113
|
-
'4' => {
|
114
|
-
architectures: ['i386'],
|
115
|
-
package_format: 'swix',
|
116
|
-
repo: false,
|
117
|
-
},
|
118
|
-
},
|
119
|
-
|
120
94
|
'fedora' => {
|
121
95
|
'30' => {
|
122
96
|
architectures: ['x86_64'],
|
@@ -142,6 +116,14 @@ module Pkg
|
|
142
116
|
signature_format: 'v4',
|
143
117
|
repo: true,
|
144
118
|
},
|
119
|
+
'34' => {
|
120
|
+
architectures: ['x86_64'],
|
121
|
+
source_architecture: 'SRPMS',
|
122
|
+
package_format: 'rpm',
|
123
|
+
source_package_formats: ['src.rpm'],
|
124
|
+
signature_format: 'v4',
|
125
|
+
repo: true,
|
126
|
+
},
|
145
127
|
},
|
146
128
|
|
147
129
|
'osx' => {
|
@@ -160,6 +142,11 @@ module Pkg
|
|
160
142
|
package_format: 'dmg',
|
161
143
|
repo: false,
|
162
144
|
},
|
145
|
+
'11' => {
|
146
|
+
architectures: ['x86_64', 'arm64'],
|
147
|
+
package_format: 'dmg',
|
148
|
+
repo: false,
|
149
|
+
},
|
163
150
|
},
|
164
151
|
|
165
152
|
'redhatfips' => {
|
@@ -232,7 +219,7 @@ module Pkg
|
|
232
219
|
},
|
233
220
|
'18.04' => {
|
234
221
|
codename: 'bionic',
|
235
|
-
architectures: ['amd64', 'ppc64el'],
|
222
|
+
architectures: ['amd64', 'ppc64el', 'aarch64'],
|
236
223
|
source_architecture: 'source',
|
237
224
|
package_format: 'deb',
|
238
225
|
source_package_formats: DEBIAN_SOURCE_FORMATS,
|
data/lib/packaging/repo.rb
CHANGED
@@ -110,7 +110,11 @@ module Pkg::Repo
|
|
110
110
|
cmd = "[ -d #{artifact_directory} ] || exit 1 ; "
|
111
111
|
cmd << "pushd #{artifact_directory} > /dev/null && "
|
112
112
|
cmd << "find . -name '*.#{pkg_ext}' -print0 | xargs --no-run-if-empty -0 -I {} dirname {} "
|
113
|
-
stdout,
|
113
|
+
stdout, _ = Pkg::Util::Net.remote_execute(
|
114
|
+
Pkg::Config.distribution_server,
|
115
|
+
cmd,
|
116
|
+
{ capture_output: true }
|
117
|
+
)
|
114
118
|
return stdout.split
|
115
119
|
rescue => e
|
116
120
|
fail "Error: Could not retrieve directories that contain #{pkg_ext} packages in #{Pkg::Config.distribution_server}:#{artifact_directory}"
|
@@ -120,7 +124,7 @@ module Pkg::Repo
|
|
120
124
|
cmd = "[ -d #{artifact_parent_directory}/artifacts ] || exit 1 ; "
|
121
125
|
cmd << "pushd #{artifact_parent_directory} > /dev/null && "
|
122
126
|
cmd << 'rsync --archive --verbose --one-file-system --ignore-existing artifacts/ repos/ '
|
123
|
-
Pkg::Util::Net.
|
127
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.distribution_server, cmd)
|
124
128
|
rescue => e
|
125
129
|
fail "Error: Could not populate repos directory in #{Pkg::Config.distribution_server}:#{artifact_parent_directory}"
|
126
130
|
end
|
@@ -143,7 +147,9 @@ module Pkg::Repo
|
|
143
147
|
__APT_PLATFORMS__: Pkg::Config.apt_releases.join(' '),
|
144
148
|
__GPG_KEY__: Pkg::Util::Gpg.key
|
145
149
|
}
|
146
|
-
Pkg::Util::Net.
|
150
|
+
Pkg::Util::Net.remote_execute(
|
151
|
+
remote_host,
|
152
|
+
Pkg::Util::Misc.search_and_replace(command, whitelist))
|
147
153
|
end
|
148
154
|
end
|
149
155
|
end
|
data/lib/packaging/rpm/repo.rb
CHANGED
@@ -16,7 +16,7 @@ module Pkg::Rpm::Repo
|
|
16
16
|
|
17
17
|
Pkg::Util::RakeUtils.invoke_task("pl:fetch")
|
18
18
|
repo_dir = "#{Pkg::Config.jenkins_repo_path}/#{Pkg::Config.project}/#{Pkg::Config.ref}/#{target}/rpm"
|
19
|
-
Pkg::Util::Net.
|
19
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.distribution_server, "mkdir -p #{repo_dir}")
|
20
20
|
Pkg::Util::Execution.retry_on_fail(:times => 3) do
|
21
21
|
Pkg::Util::Net.rsync_to("pkg/#{target}/rpm/", Pkg::Config.distribution_server, repo_dir)
|
22
22
|
end
|
@@ -215,7 +215,7 @@ module Pkg::Rpm::Repo
|
|
215
215
|
command = Pkg::Rpm::Repo.repo_creation_command(File.join(artifact_directory, directory), artifact_paths)
|
216
216
|
|
217
217
|
begin
|
218
|
-
Pkg::Util::Net.
|
218
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.distribution_server, command)
|
219
219
|
# Now that we've created our package repositories, we can generate repo
|
220
220
|
# configurations for use with downstream jobs, acceptance clients, etc.
|
221
221
|
Pkg::Rpm::Repo.generate_repo_configs
|
@@ -224,7 +224,7 @@ module Pkg::Rpm::Repo
|
|
224
224
|
Pkg::Rpm::Repo.ship_repo_configs
|
225
225
|
ensure
|
226
226
|
# Always remove the lock file, even if we've failed
|
227
|
-
Pkg::Util::Net.
|
227
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.distribution_server, "rm -f #{artifact_directory}/repos/.lock")
|
228
228
|
end
|
229
229
|
end
|
230
230
|
|
@@ -248,7 +248,7 @@ module Pkg::Rpm::Repo
|
|
248
248
|
def deploy_repos(yum_path, origin_server, destination_server, dryrun = false)
|
249
249
|
rsync_command = repo_deployment_command(yum_path, yum_path, destination_server, dryrun)
|
250
250
|
|
251
|
-
Pkg::Util::Net.
|
251
|
+
Pkg::Util::Net.remote_execute(origin_server, rsync_command)
|
252
252
|
end
|
253
253
|
end
|
254
254
|
end
|
data/lib/packaging/sign/dmg.rb
CHANGED
@@ -1,41 +1,79 @@
|
|
1
1
|
module Pkg::Sign::Dmg
|
2
2
|
module_function
|
3
3
|
|
4
|
-
def sign(
|
5
|
-
use_identity =
|
6
|
-
|
7
|
-
|
8
|
-
host_string = "#{Pkg::Config.osx_signing_server}"
|
9
|
-
else
|
10
|
-
host_string = "#{ENV['USER']}@#{Pkg::Config.osx_signing_server}"
|
4
|
+
def sign(pkg_directory = 'pkg')
|
5
|
+
use_identity = ''
|
6
|
+
unless Pkg::Config.osx_signing_ssh_key.nil?
|
7
|
+
use_identity = "-i #{Pkg::Config.osx_signing_ssh_key}"
|
11
8
|
end
|
9
|
+
|
10
|
+
host_string = "#{ENV['USER']}@#{Pkg::Config.osx_signing_server}"
|
11
|
+
host_string = "#{Pkg::Config.osx_signing_server}" if Pkg::Config.osx_signing_server =~ /@/
|
12
|
+
|
12
13
|
ssh_host_string = "#{use_identity} #{host_string}"
|
13
14
|
rsync_host_string = "-e 'ssh #{use_identity}' #{host_string}"
|
15
|
+
archs = Dir.glob("#{pkg_directory}/{apple,mac,osx}/**/{x86_64,arm64}").map { |el| el.split('/').last }
|
16
|
+
|
17
|
+
if archs.empty?
|
18
|
+
$stderr.puts "Error: no architectures found in #{pkg_directory}/{apple,mac,osx}"
|
19
|
+
exit 1
|
20
|
+
end
|
21
|
+
|
22
|
+
archs.each do |arch|
|
23
|
+
remote_working_directory = "/tmp/#{Pkg::Util.rand_string}/#{arch}"
|
24
|
+
dmg_mount_point = File.join(remote_working_directory, "mount")
|
25
|
+
signed_items_directory = File.join(remote_working_directory, "signed")
|
26
|
+
|
27
|
+
dmgs = Dir.glob("#{pkg_directory}/{apple,mac,osx}/**/#{arch}/*.dmg")
|
28
|
+
if dmgs.empty?
|
29
|
+
$stderr.puts "Error: no dmgs found in #{pkg_directory}/{apple,mac,osx} for #{arch} architecture."
|
30
|
+
exit 1
|
31
|
+
end
|
32
|
+
|
33
|
+
dmg_basenames = dmgs.map { |d| File.basename(d, '.dmg') }.join(' ')
|
34
|
+
|
35
|
+
sign_package_command = %W[
|
36
|
+
for dmg in #{dmg_basenames}; do
|
37
|
+
/usr/bin/hdiutil attach #{remote_working_directory}/$dmg.dmg
|
38
|
+
-mountpoint #{dmg_mount_point} -nobrowse -quiet ;
|
14
39
|
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
40
|
+
/usr/bin/security -q unlock-keychain
|
41
|
+
-p "#{Pkg::Config.osx_signing_keychain_pw}" "#{Pkg::Config.osx_signing_keychain}" ;
|
42
|
+
|
43
|
+
for pkg in #{dmg_mount_point}/*.pkg; do
|
44
|
+
pkg_basename=$(basename $pkg) ;
|
45
|
+
if /usr/sbin/pkgutil --check-signature $pkg ; then
|
46
|
+
echo "Warning: $pkg is already signed, skipping" ;
|
47
|
+
cp $pkg #{signed_items_directory}/$pkg_basename ;
|
48
|
+
continue ;
|
49
|
+
fi ;
|
50
|
+
|
51
|
+
/usr/bin/productsign --keychain "#{Pkg::Config.osx_signing_keychain}"
|
52
|
+
--sign "#{Pkg::Config.osx_signing_cert}"
|
53
|
+
$pkg #{signed_items_directory}/$pkg_basename ;
|
54
|
+
done ;
|
55
|
+
|
56
|
+
/usr/bin/hdiutil detach #{dmg_mount_point} -quiet ;
|
57
|
+
/bin/rm #{remote_working_directory}/$dmg.dmg ;
|
58
|
+
/usr/bin/hdiutil create -volname $dmg
|
59
|
+
-srcfolder #{signed_items_directory}/ #{remote_working_directory}/$dmg.dmg ;
|
60
|
+
/bin/rm #{signed_items_directory}/* ;
|
31
61
|
done
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
Pkg::Util::Net.
|
62
|
+
].join(' ')
|
63
|
+
|
64
|
+
Pkg::Util::Net.remote_execute(ssh_host_string,
|
65
|
+
"mkdir -p #{dmg_mount_point} #{signed_items_directory}")
|
66
|
+
|
67
|
+
Pkg::Util::Net.rsync_to(dmgs.join(' '), rsync_host_string, remote_working_directory)
|
68
|
+
|
69
|
+
Pkg::Util::Net.remote_execute(ssh_host_string, sign_package_command)
|
70
|
+
|
71
|
+
dmgs.each do |dmg|
|
72
|
+
Pkg::Util::Net.rsync_from(
|
73
|
+
"#{remote_working_directory}/#{File.basename(dmg)}", rsync_host_string, File.dirname(dmg))
|
74
|
+
end
|
75
|
+
|
76
|
+
Pkg::Util::Net.remote_execute(ssh_host_string, "rm -rf '#{remote_working_directory}'")
|
38
77
|
end
|
39
|
-
Pkg::Util::Net.remote_ssh_cmd(ssh_host_string, "if [ -d '#{work_dir}' ]; then rm -rf '#{work_dir}'; fi")
|
40
78
|
end
|
41
79
|
end
|
data/lib/packaging/sign/ips.rb
CHANGED
@@ -15,14 +15,14 @@ module Pkg::Sign::Ips
|
|
15
15
|
repo_dir = "#{work_dir}/repo"
|
16
16
|
signed_dir = "#{work_dir}/pkgs"
|
17
17
|
|
18
|
-
Pkg::Util::Net.
|
18
|
+
Pkg::Util::Net.remote_execute(ssh_host_string, "mkdir -p #{repo_dir} #{unsigned_dir} #{signed_dir}")
|
19
19
|
Pkg::Util::Net.rsync_to(p5p, rsync_host_string, unsigned_dir)
|
20
20
|
|
21
21
|
# Before we can get started with signing packages we need to create a repo
|
22
|
-
Pkg::Util::Net.
|
23
|
-
Pkg::Util::Net.
|
22
|
+
Pkg::Util::Net.remote_execute(ssh_host_string, "sudo -E /usr/bin/pkgrepo create #{repo_dir}")
|
23
|
+
Pkg::Util::Net.remote_execute(ssh_host_string, "sudo -E /usr/bin/pkgrepo set -s #{repo_dir} publisher/prefix=puppetlabs.com")
|
24
24
|
# And import all the packages into the repo.
|
25
|
-
Pkg::Util::Net.
|
25
|
+
Pkg::Util::Net.remote_execute(ssh_host_string, "sudo -E /usr/bin/pkgrecv -s #{unsigned_dir}/#{File.basename(p5p)} -d #{repo_dir} '*'")
|
26
26
|
# We are going to hard code the values for signing cert locations for now.
|
27
27
|
# This autmation will require an update to actually become reusable, but
|
28
28
|
# for now these values will stay this way so solaris signing will stop
|
@@ -37,21 +37,21 @@ module Pkg::Sign::Ips
|
|
37
37
|
-k /root/signing/signing_key_2020.pem \
|
38
38
|
-s 'file://#{work_dir}/repo' '*'"
|
39
39
|
puts "About to sign #{p5p} with #{sign_cmd} in #{work_dir}"
|
40
|
-
Pkg::Util::Net.
|
40
|
+
Pkg::Util::Net.remote_execute(ssh_host_string, sign_cmd.squeeze(' '))
|
41
41
|
# pkgrecv with -a will pull packages out of the repo, so we need to do that too to actually get the packages we signed
|
42
|
-
Pkg::Util::Net.
|
42
|
+
Pkg::Util::Net.remote_execute(ssh_host_string, "sudo -E /usr/bin/pkgrecv -d #{signed_dir}/#{File.basename(p5p)} -a -s #{repo_dir} '*'")
|
43
43
|
begin
|
44
44
|
# lets make sure we actually signed something?
|
45
45
|
# **NOTE** if we're repeatedly trying to sign the same version this
|
46
46
|
# might explode because I don't know how to reset the IPS cache.
|
47
47
|
# Everything is amazing.
|
48
|
-
Pkg::Util::Net.
|
48
|
+
Pkg::Util::Net.remote_execute(ssh_host_string, "sudo -E /usr/bin/pkg contents -m -g #{signed_dir}/#{File.basename(p5p)} '*' | grep '^signature '")
|
49
49
|
rescue RuntimeError
|
50
50
|
raise "Looks like #{File.basename(p5p)} was not signed correctly, quitting!"
|
51
51
|
end
|
52
52
|
# and pull the packages back.
|
53
53
|
Pkg::Util::Net.rsync_from("#{signed_dir}/#{File.basename(p5p)}", rsync_host_string, File.dirname(p5p))
|
54
|
-
Pkg::Util::Net.
|
54
|
+
Pkg::Util::Net.remote_execute(ssh_host_string, "if [ -e '#{work_dir}' ] ; then sudo rm -r '#{work_dir}' ; fi")
|
55
55
|
end
|
56
56
|
end
|
57
57
|
end
|