packaging 0.104.0 → 0.105.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/packaging/platforms.rb +5 -47
- data/lib/packaging/util/file.rb +79 -0
- data/lib/packaging/util/net.rb +1 -2
- data/lib/packaging/util/repo.rb +18 -0
- data/lib/packaging/util/ship.rb +147 -0
- data/lib/packaging/util/sign.rb +47 -0
- data/lib/packaging/util.rb +2 -0
- data/spec/lib/packaging/config_spec.rb +3 -3
- data/spec/lib/packaging/deb/repo_spec.rb +1 -1
- data/spec/lib/packaging/paths_spec.rb +2 -3
- data/spec/lib/packaging/platforms_spec.rb +5 -5
- data/spec/lib/packaging/sign_spec.rb +0 -12
- data/spec/lib/packaging/util/ship_spec.rb +0 -2
- data/tasks/deb_repos.rake +1 -0
- data/tasks/fetch.rake +1 -0
- data/tasks/load_extras.rake +1 -0
- data/tasks/rpm_repos.rake +1 -0
- data/tasks/ship.rake +2 -0
- data/tasks/sign.rake +1 -1
- metadata +24 -22
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 296bfdcecf936f80297894792d9b9a1bb3a83a422a61e4976aca3916dd6c9a2b
|
4
|
+
data.tar.gz: 0c76c4482d82367cef9d988fc1e31080f718322e4eab1fe9a5176f4544c8a3ce
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 071534bcce41eb8b11517d21592399a9f94c45b20a70259aa5a13c4bf3ec5bfd6cab5e517698e6f8884736a932a62d0212d945cb97ad549bdf8c80242f594f8e
|
7
|
+
data.tar.gz: 532cca35cd6eeea218c8a6cdcdf00f0802f0c0ae33fc009f6f42bd7c39056f45b147abaf971879e2f5532541e1d08c0c6267425d32aa69dad9c11f036697c183
|
data/lib/packaging/platforms.rb
CHANGED
@@ -22,14 +22,6 @@ module Pkg
|
|
22
22
|
},
|
23
23
|
|
24
24
|
'debian' => {
|
25
|
-
'8' => {
|
26
|
-
codename: 'jessie',
|
27
|
-
architectures: ['amd64', 'i386', 'powerpc'],
|
28
|
-
source_architecture: 'source',
|
29
|
-
package_format: 'deb',
|
30
|
-
source_package_formats: DEBIAN_SOURCE_FORMATS,
|
31
|
-
repo: true,
|
32
|
-
},
|
33
25
|
'9' => {
|
34
26
|
codename: 'stretch',
|
35
27
|
architectures: ['amd64', 'i386'],
|
@@ -57,14 +49,6 @@ module Pkg
|
|
57
49
|
},
|
58
50
|
|
59
51
|
'el' => {
|
60
|
-
'5' => {
|
61
|
-
architectures: ['x86_64', 'i386'],
|
62
|
-
source_architecture: 'SRPMS',
|
63
|
-
package_format: 'rpm',
|
64
|
-
source_package_formats: ['src.rpm'],
|
65
|
-
signature_format: 'v3',
|
66
|
-
repo: true,
|
67
|
-
},
|
68
52
|
'6' => {
|
69
53
|
architectures: ['x86_64', 'i386'],
|
70
54
|
source_architecture: 'SRPMS',
|
@@ -88,26 +72,18 @@ module Pkg
|
|
88
72
|
source_package_formats: ['src.rpm'],
|
89
73
|
signature_format: 'v4',
|
90
74
|
repo: true,
|
91
|
-
}
|
92
|
-
},
|
93
|
-
|
94
|
-
'fedora' => {
|
95
|
-
'30' => {
|
96
|
-
architectures: ['x86_64'],
|
97
|
-
source_architecture: 'SRPMS',
|
98
|
-
package_format: 'rpm',
|
99
|
-
source_package_formats: ['src.rpm'],
|
100
|
-
signature_format: 'v4',
|
101
|
-
repo: true,
|
102
75
|
},
|
103
|
-
'
|
76
|
+
'9' => {
|
104
77
|
architectures: ['x86_64'],
|
105
78
|
source_architecture: 'SRPMS',
|
106
79
|
package_format: 'rpm',
|
107
80
|
source_package_formats: ['src.rpm'],
|
108
81
|
signature_format: 'v4',
|
109
82
|
repo: true,
|
110
|
-
}
|
83
|
+
}
|
84
|
+
},
|
85
|
+
|
86
|
+
'fedora' => {
|
111
87
|
'32' => {
|
112
88
|
architectures: ['x86_64'],
|
113
89
|
source_architecture: 'SRPMS',
|
@@ -127,16 +103,6 @@ module Pkg
|
|
127
103
|
},
|
128
104
|
|
129
105
|
'osx' => {
|
130
|
-
'10.13' => {
|
131
|
-
architectures: ['x86_64'],
|
132
|
-
package_format: 'dmg',
|
133
|
-
repo: false,
|
134
|
-
},
|
135
|
-
'10.14' => {
|
136
|
-
architectures: ['x86_64'],
|
137
|
-
package_format: 'dmg',
|
138
|
-
repo: false,
|
139
|
-
},
|
140
106
|
'10.15' => {
|
141
107
|
architectures: ['x86_64'],
|
142
108
|
package_format: 'dmg',
|
@@ -233,14 +199,6 @@ module Pkg
|
|
233
199
|
source_package_formats: DEBIAN_SOURCE_FORMATS,
|
234
200
|
repo: true,
|
235
201
|
},
|
236
|
-
'18.10' => {
|
237
|
-
codename: 'cosmic',
|
238
|
-
architectures: ['amd64', 'ppc64el'],
|
239
|
-
source_architecture: 'source',
|
240
|
-
package_format: 'deb',
|
241
|
-
source_package_formats: DEBIAN_SOURCE_FORMATS,
|
242
|
-
repo: true,
|
243
|
-
},
|
244
202
|
'20.04' => {
|
245
203
|
codename: 'focal',
|
246
204
|
architectures: ['amd64', 'aarch64'],
|
data/lib/packaging/util/file.rb
CHANGED
@@ -120,6 +120,85 @@ module Pkg::Util::File
|
|
120
120
|
end
|
121
121
|
Pkg::Util::Version.versionbump(workdir) if Pkg::Config.update_version_file
|
122
122
|
end
|
123
|
+
|
124
|
+
# The fetch method pulls down two files from the build-data repo that contain additional
|
125
|
+
# data specific to Puppet Labs release infrastructure intended to augment/override any
|
126
|
+
# defaults specified in the source project repo, e.g. in ext/build_defaults.yaml
|
127
|
+
#
|
128
|
+
# It uses curl to download the files, and places them in a temporary
|
129
|
+
# directory, e.g. /tmp/somedirectory/{project,team}/Pkg::Config.builder_data_file
|
130
|
+
#
|
131
|
+
# Retrieve build-data configurations to override/extend local build_defaults
|
132
|
+
def fetch
|
133
|
+
# Each team has a build-defaults file that specifies local infrastructure targets
|
134
|
+
# for things like builders, target locations for build artifacts, etc Since much
|
135
|
+
# of these don't change, one file can be maintained for the team. Each project
|
136
|
+
# also has a data file for information specific to it. If the project builds
|
137
|
+
# both PE and not PE, it has two files, one for PE, and the other for FOSS
|
138
|
+
#
|
139
|
+
data_repo = Pkg::Config.build_data_repo
|
140
|
+
|
141
|
+
if Pkg::Config.dev_build
|
142
|
+
puts "NOTICE: This is a dev build!"
|
143
|
+
project_data_branch = "#{Pkg::Config.project}-dev"
|
144
|
+
else
|
145
|
+
project_data_branch = Pkg::Config.project
|
146
|
+
end
|
147
|
+
team_data_branch = Pkg::Config.team
|
148
|
+
|
149
|
+
if Pkg::Config.build_pe
|
150
|
+
project_data_branch = 'pe-' + project_data_branch unless project_data_branch =~ /^pe-/
|
151
|
+
team_data_branch = 'pe-' + team_data_branch unless team_data_branch =~ /^pe-/
|
152
|
+
end
|
153
|
+
|
154
|
+
# Remove .packaging directory from old-style extras loading
|
155
|
+
FileUtils.rm_rf("#{ENV['HOME']}/.packaging") if File.directory?("#{ENV['HOME']}/.packaging")
|
156
|
+
|
157
|
+
# Touch the .packaging file which is allows packaging to present remote tasks
|
158
|
+
FileUtils.touch("#{ENV['HOME']}/.packaging")
|
159
|
+
|
160
|
+
begin
|
161
|
+
build_data_directory = Pkg::Util::File.mktemp
|
162
|
+
%x(git clone #{data_repo} #{build_data_directory})
|
163
|
+
unless $?.success?
|
164
|
+
fail 'Error: could not fetch the build-data repo. Maybe you do not have the correct permissions?'
|
165
|
+
end
|
166
|
+
|
167
|
+
Dir.chdir(build_data_directory) do
|
168
|
+
[team_data_branch, project_data_branch].each do |branch|
|
169
|
+
%x(git checkout #{branch})
|
170
|
+
unless $?.success?
|
171
|
+
warn "Warning: no build_defaults found in branch '#{branch}' of '#{data_repo}'. Skipping."
|
172
|
+
next
|
173
|
+
end
|
174
|
+
load_extras(build_data_directory)
|
175
|
+
end
|
176
|
+
end
|
177
|
+
ensure
|
178
|
+
FileUtils.rm_rf(build_data_directory)
|
179
|
+
end
|
180
|
+
|
181
|
+
Pkg::Config.perform_validations
|
182
|
+
end
|
183
|
+
|
184
|
+
# The load_extras method is intended to load variables
|
185
|
+
# from the extra yaml file downloaded by the pl:fetch task.
|
186
|
+
# The goal is to be able to augment/override settings in the
|
187
|
+
# source project's build_data.yaml and project_data.yaml with
|
188
|
+
# Puppet Labs-specific data, rather than having to clutter the
|
189
|
+
# generic tasks with data not generally useful outside the
|
190
|
+
# PL Release team
|
191
|
+
def load_extras(temp_directory)
|
192
|
+
unless ENV['PARAMS_FILE'] && ENV['PARAMS_FILE'] != ''
|
193
|
+
temp_directory = temp_directory
|
194
|
+
raise "load_extras requires a directory containing extras data" if temp_directory.nil?
|
195
|
+
Pkg::Config.config_from_yaml("#{temp_directory}/#{Pkg::Config.builder_data_file}")
|
196
|
+
|
197
|
+
# Environment variables take precedence over those loaded from configs,
|
198
|
+
# so we make sure that any we clobbered are reset.
|
199
|
+
Pkg::Config.load_envvars
|
200
|
+
end
|
201
|
+
end
|
123
202
|
end
|
124
203
|
end
|
125
204
|
|
data/lib/packaging/util/net.rb
CHANGED
@@ -392,9 +392,8 @@ DOC
|
|
392
392
|
end
|
393
393
|
|
394
394
|
def remote_bundle_install_command
|
395
|
-
export_packaging_location = ''
|
396
395
|
export_packaging_location = "export PACKAGING_LOCATION='#{ENV['PACKAGING_LOCATION']}';" if ENV['PACKAGING_LOCATION'] && !ENV['PACKAGING_LOCATION'].empty?
|
397
|
-
|
396
|
+
"source /usr/local/rvm/scripts/rvm; rvm use ruby-2.5.1; #{export_packaging_location} bundle install --path .bundle/gems ;"
|
398
397
|
end
|
399
398
|
|
400
399
|
# Given a BuildInstance object and a host, send its params to the host. Return
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# Module for signing all packages to places
|
2
|
+
|
3
|
+
module Pkg::Util::Repo
|
4
|
+
class << self
|
5
|
+
|
6
|
+
# Create yum repositories of built RPM packages for this SHA on the distribution server
|
7
|
+
def rpm_repos
|
8
|
+
Pkg::Util::File.fetch
|
9
|
+
Pkg::Rpm::Repo.create_remote_repos
|
10
|
+
end
|
11
|
+
|
12
|
+
# Create apt repositories of build DEB packages for this SHA on the distributions server
|
13
|
+
def deb_repos
|
14
|
+
Pkg::Util::File.fetch
|
15
|
+
Pkg::Deb::Repo.create_repos
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
data/lib/packaging/util/ship.rb
CHANGED
@@ -355,4 +355,151 @@ module Pkg::Util::Ship
|
|
355
355
|
end
|
356
356
|
Rake::Task[ship_task].invoke
|
357
357
|
end
|
358
|
+
|
359
|
+
# Ship pkg directory contents to distribution server
|
360
|
+
def ship(target = 'artifacts', local_directory = 'pkg')
|
361
|
+
Pkg::Util::File.fetch
|
362
|
+
|
363
|
+
unless Pkg::Config.project
|
364
|
+
fail "You must set the 'project' in build_defaults.yaml or with the 'PROJECT_OVERRIDE' environment variable."
|
365
|
+
end
|
366
|
+
|
367
|
+
project_basedir = "#{Pkg::Config.jenkins_repo_path}/#{Pkg::Config.project}/#{Pkg::Config.ref}"
|
368
|
+
artifact_directory = "#{project_basedir}/#{target}"
|
369
|
+
|
370
|
+
# For EZBake builds, we also want to include the ezbake.manifest file to
|
371
|
+
# get a snapshot of this build and all dependencies. We eventually will
|
372
|
+
# create a yaml version of this file, but until that point we want to
|
373
|
+
# make the original ezbake.manifest available
|
374
|
+
#
|
375
|
+
ezbake_manifest = File.join('ext', 'ezbake.manifest')
|
376
|
+
if File.exist?(ezbake_manifest)
|
377
|
+
FileUtils.cp(ezbake_manifest, File.join(local_directory, "#{Pkg::Config.ref}.ezbake.manifest"))
|
378
|
+
end
|
379
|
+
ezbake_yaml = File.join("ext", "ezbake.manifest.yaml")
|
380
|
+
if File.exists?(ezbake_yaml)
|
381
|
+
FileUtils.cp(ezbake_yaml, File.join(local_directory, "#{Pkg::Config.ref}.ezbake.manifest.yaml"))
|
382
|
+
end
|
383
|
+
|
384
|
+
# Inside build_metadata*.json files there is additional metadata containing
|
385
|
+
# information such as git ref and dependencies that are needed at build
|
386
|
+
# time. If these files exist, copy them downstream.
|
387
|
+
# Typically these files are named 'ext/build_metadata.<project>.<platform>.json'
|
388
|
+
build_metadata_json_files = Dir.glob('ext/build_metadata*.json')
|
389
|
+
build_metadata_json_files.each do |source_file|
|
390
|
+
target_file = File.join(local_directory, "#{Pkg::Config.ref}.#{File.basename(source_file)}")
|
391
|
+
FileUtils.cp(source_file, target_file)
|
392
|
+
end
|
393
|
+
|
394
|
+
# Sadly, the packaging repo cannot yet act on its own, without living
|
395
|
+
# inside of a packaging-repo compatible project. This means in order to
|
396
|
+
# use the packaging repo for shipping and signing (things that really
|
397
|
+
# don't require build automation, specifically) we still need the project
|
398
|
+
# clone itself.
|
399
|
+
Pkg::Util::Git.bundle('HEAD', 'signing_bundle', local_directory)
|
400
|
+
|
401
|
+
# While we're bundling things, let's also make a git bundle of the
|
402
|
+
# packaging repo that we're using when we invoke pl:jenkins:ship. We can
|
403
|
+
# have a reasonable level of confidence, later on, that the git bundle on
|
404
|
+
# the distribution server was, in fact, the git bundle used to create the
|
405
|
+
# associated packages. This is because this ship task is automatically
|
406
|
+
# called upon completion each cell of the pl:jenkins:uber_build, and we
|
407
|
+
# have --ignore-existing set below. As such, the only git bundle that
|
408
|
+
# should possibly be on the distribution is the one used to create the
|
409
|
+
# packages.
|
410
|
+
# We're bundling the packaging repo because it allows us to keep an
|
411
|
+
# archive of the packaging source that was used to create the packages,
|
412
|
+
# so that later on if we need to rebuild an older package to audit it or
|
413
|
+
# for some other reason we're assured that the new package isn't
|
414
|
+
# different by virtue of the packaging automation.
|
415
|
+
if defined?(PACKAGING_ROOT)
|
416
|
+
packaging_bundle = ''
|
417
|
+
Dir.chdir(PACKAGING_ROOT) do
|
418
|
+
packaging_bundle = Pkg::Util::Git.bundle('HEAD', 'packaging-bundle')
|
419
|
+
end
|
420
|
+
FileUtils.mv(packaging_bundle, local_directory)
|
421
|
+
end
|
422
|
+
|
423
|
+
# This is functionality to add the project-arch.msi links that have no
|
424
|
+
# version. The code itself looks for the link (if it's there already)
|
425
|
+
# and if the source package exists before linking. Searching for the
|
426
|
+
# packages has been restricted specifically to just the pkg/windows dir
|
427
|
+
# on purpose, as this is where we currently have all windows packages
|
428
|
+
# building to. Once we move the Metadata about the output location in
|
429
|
+
# to one source of truth we can refactor this to use that to search
|
430
|
+
# -Sean P. M. 08/12/16
|
431
|
+
|
432
|
+
{
|
433
|
+
'windows' => ['x86', 'x64'],
|
434
|
+
'windowsfips' => ['x64']
|
435
|
+
}.each_pair do |platform, archs|
|
436
|
+
packages = Dir["#{local_directory}/#{platform}/*"]
|
437
|
+
|
438
|
+
archs.each do |arch|
|
439
|
+
package_version = Pkg::Util::Git.describe.tr('-', '.')
|
440
|
+
package_filename = File.join(local_directory, platform, "#{Pkg::Config.project}-#{package_version}-#{arch}.msi")
|
441
|
+
link_filename = File.join(local_directory, platform, "#{Pkg::Config.project}-#{arch}.msi")
|
442
|
+
|
443
|
+
next unless !packages.include?(link_filename) && packages.include?(package_filename)
|
444
|
+
# Dear future code spelunkers:
|
445
|
+
# Using symlinks instead of hard links causes failures when we try
|
446
|
+
# to set these files to be immutable. Also be wary of whether the
|
447
|
+
# linking utility you're using expects the source path to be relative
|
448
|
+
# to the link target or pwd.
|
449
|
+
#
|
450
|
+
FileUtils.ln(package_filename, link_filename)
|
451
|
+
end
|
452
|
+
end
|
453
|
+
|
454
|
+
Pkg::Util::Execution.retry_on_fail(times: 3) do
|
455
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.distribution_server, "mkdir --mode=775 -p #{project_basedir}")
|
456
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.distribution_server, "mkdir -p #{artifact_directory}")
|
457
|
+
Pkg::Util::Net.rsync_to("#{local_directory}/", Pkg::Config.distribution_server, "#{artifact_directory}/", extra_flags: ['--ignore-existing', '--exclude repo_configs'])
|
458
|
+
end
|
459
|
+
|
460
|
+
# In order to get a snapshot of what this build looked like at the time
|
461
|
+
# of shipping, we also generate and ship the params file
|
462
|
+
#
|
463
|
+
Pkg::Config.config_to_yaml(local_directory)
|
464
|
+
Pkg::Util::Execution.retry_on_fail(:times => 3) do
|
465
|
+
Pkg::Util::Net.rsync_to("#{local_directory}/#{Pkg::Config.ref}.yaml", Pkg::Config.distribution_server, "#{artifact_directory}/", extra_flags: ["--exclude repo_configs"])
|
466
|
+
end
|
467
|
+
|
468
|
+
# If we just shipped a tagged version, we want to make it immutable
|
469
|
+
files = Dir.glob("#{local_directory}/**/*").select { |f| File.file?(f) and !f.include? "#{Pkg::Config.ref}.yaml" }.map do |file|
|
470
|
+
"#{artifact_directory}/#{file.sub(/^#{local_directory}\//, '')}"
|
471
|
+
end
|
472
|
+
|
473
|
+
Pkg::Util::Net.remote_set_ownership(Pkg::Config.distribution_server, 'root', 'release', files)
|
474
|
+
Pkg::Util::Net.remote_set_permissions(Pkg::Config.distribution_server, '0664', files)
|
475
|
+
Pkg::Util::Net.remote_set_immutable(Pkg::Config.distribution_server, files)
|
476
|
+
end
|
477
|
+
|
478
|
+
def ship_to_artifactory(local_directory = 'pkg')
|
479
|
+
Pkg::Util::File.fetch
|
480
|
+
unless Pkg::Config.project
|
481
|
+
fail "You must set the 'project' in build_defaults.yaml or with the 'PROJECT_OVERRIDE' environment variable."
|
482
|
+
end
|
483
|
+
artifactory = Pkg::ManageArtifactory.new(Pkg::Config.project, Pkg::Config.ref)
|
484
|
+
|
485
|
+
artifacts = Dir.glob("#{local_directory}/**/*").reject { |e| File.directory? e }
|
486
|
+
artifacts.sort! do |a, b|
|
487
|
+
if File.extname(a) =~ /(md5|sha\d+)/ && File.extname(b) !~ /(md5|sha\d+)/
|
488
|
+
1
|
489
|
+
elsif File.extname(b) =~ /(md5|sha\d+)/ && File.extname(a) !~ /(md5|sha\d+)/
|
490
|
+
-1
|
491
|
+
else
|
492
|
+
a <=> b
|
493
|
+
end
|
494
|
+
end
|
495
|
+
artifacts.each do |artifact|
|
496
|
+
if File.extname(artifact) == ".yaml" || File.extname(artifact) == ".json"
|
497
|
+
artifactory.deploy_package(artifact)
|
498
|
+
elsif artifactory.package_exists_on_artifactory?(artifact)
|
499
|
+
warn "Attempt to upload '#{artifact}' failed. Package already exists!"
|
500
|
+
else
|
501
|
+
artifactory.deploy_package(artifact)
|
502
|
+
end
|
503
|
+
end
|
504
|
+
end
|
358
505
|
end
|
@@ -0,0 +1,47 @@
|
|
1
|
+
# Module for signing all packages to places
|
2
|
+
|
3
|
+
|
4
|
+
module Pkg::Util::Sign
|
5
|
+
class << self
|
6
|
+
# Sign all locally staged packages on signing server.
|
7
|
+
def sign_all(root_directory = nil)
|
8
|
+
Pkg::Util::File.fetch
|
9
|
+
root_directory ||= ENV['DEFAULT_DIRECTORY']
|
10
|
+
Dir["#{root_directory}/*"].empty? and fail "There were no files found in #{root_directory}. \
|
11
|
+
Maybe you wanted to build/retrieve something first?"
|
12
|
+
|
13
|
+
# Because rpms and debs are laid out differently in PE under pkg/ they
|
14
|
+
# have a different sign task to address this. Rather than create a whole
|
15
|
+
# extra :jenkins task for signing PE, we determine which sign task to use
|
16
|
+
# based on if we're building PE.
|
17
|
+
# We also listen in on the environment variable SIGNING_BUNDLE. This is
|
18
|
+
# _NOT_ intended for public use, but rather with the internal promotion
|
19
|
+
# workflow for Puppet Enterprise. SIGNING_BUNDLE is the path to a tarball
|
20
|
+
# containing a git bundle to be used as the environment for the packaging
|
21
|
+
# repo in a signing operation.
|
22
|
+
signing_bundle = ENV['SIGNING_BUNDLE']
|
23
|
+
sign_tasks = ["pl:sign_rpms"]
|
24
|
+
sign_tasks << "pl:sign_deb_changes" unless Dir["#{root_directory}/**/*.changes"].empty?
|
25
|
+
sign_tasks << "pl:sign_tar" if Pkg::Config.build_tar
|
26
|
+
sign_tasks << "pl:sign_gem" if Pkg::Config.build_gem
|
27
|
+
sign_tasks << "pl:sign_osx" if Pkg::Config.build_dmg || Pkg::Config.vanagon_project
|
28
|
+
sign_tasks << "pl:sign_swix" if Pkg::Config.vanagon_project
|
29
|
+
sign_tasks << "pl:sign_svr4" if Pkg::Config.vanagon_project
|
30
|
+
sign_tasks << "pl:sign_ips" if Pkg::Config.vanagon_project
|
31
|
+
sign_tasks << "pl:sign_msi" if Pkg::Config.build_msi || Pkg::Config.vanagon_project
|
32
|
+
remote_repo = Pkg::Util::Net.remote_unpack_git_bundle(Pkg::Config.signing_server, 'HEAD', nil, signing_bundle)
|
33
|
+
build_params = Pkg::Util::Net.remote_buildparams(Pkg::Config.signing_server, Pkg::Config)
|
34
|
+
Pkg::Util::Net.rsync_to(root_directory, Pkg::Config.signing_server, remote_repo)
|
35
|
+
rake_command = <<-DOC
|
36
|
+
cd #{remote_repo} ;
|
37
|
+
#{Pkg::Util::Net.remote_bundle_install_command}
|
38
|
+
bundle exec rake #{sign_tasks.map { |task| task + "[#{root_directory}]" }.join(" ")} PARAMS_FILE=#{build_params}
|
39
|
+
DOC
|
40
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.signing_server, rake_command)
|
41
|
+
Pkg::Util::Net.rsync_from("#{remote_repo}/#{root_directory}/", Pkg::Config.signing_server, "#{root_directory}/")
|
42
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.signing_server, "rm -rf #{remote_repo}")
|
43
|
+
Pkg::Util::Net.remote_execute(Pkg::Config.signing_server, "rm #{build_params}")
|
44
|
+
puts "Signed packages staged in #{root_directory}/ directory"
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
data/lib/packaging/util.rb
CHANGED
@@ -25,6 +25,8 @@ module Pkg::Util
|
|
25
25
|
require 'packaging/util/version'
|
26
26
|
require 'packaging/util/windows'
|
27
27
|
require 'packaging/util/git_tags'
|
28
|
+
require 'packaging/util/sign'
|
29
|
+
require 'packaging/util/repo'
|
28
30
|
|
29
31
|
def self.boolean_value(var)
|
30
32
|
return true if var == true || ( var.is_a?(String) && ( var.downcase == 'true' || var.downcase =~ /^y$|^yes$/))
|
@@ -223,7 +223,7 @@ describe "Pkg::Config" do
|
|
223
223
|
"./artifacts/aix/7.1/PC1/ppc/puppet-agent-5.3.2-1.aix7.1.ppc.rpm"
|
224
224
|
|
225
225
|
fedora_artifacts = \
|
226
|
-
"./artifacts/fedora/
|
226
|
+
"./artifacts/fedora/32/PC1/x86_64/puppet-agent-5.3.2-1.fc32.x86_64.rpm"
|
227
227
|
|
228
228
|
windows_artifacts = \
|
229
229
|
"./artifacts/windows/puppet-agent-x64.msi\n" \
|
@@ -280,8 +280,8 @@ describe "Pkg::Config" do
|
|
280
280
|
it "should not use 'f' in fedora platform tags" do
|
281
281
|
allow(Pkg::Util::Net).to receive(:remote_execute).and_return(fedora_artifacts, nil)
|
282
282
|
data = Pkg::Config.platform_data
|
283
|
-
expect(data).to include('fedora-
|
284
|
-
expect(data).not_to include('fedora-
|
283
|
+
expect(data).to include('fedora-32-x86_64')
|
284
|
+
expect(data).not_to include('fedora-f32-x86_64')
|
285
285
|
end
|
286
286
|
|
287
287
|
it "should collect packages whose extname differ from package_format" do
|
@@ -6,7 +6,7 @@ describe "Pkg::Deb::Repo" do
|
|
6
6
|
let(:project) { "deb_repos" }
|
7
7
|
let(:ref) { "1234abcd" }
|
8
8
|
let(:base_url) { "http://#{builds_server}/#{project}/#{ref}" }
|
9
|
-
let(:cows) { ["xenial", "
|
9
|
+
let(:cows) { ["xenial", "trusty", "stretch", ""] }
|
10
10
|
let(:wget_results) { cows.map {|cow| "#{base_url}/repos/apt/#{cow}" }.join("\n") }
|
11
11
|
let(:wget_garbage) { "\n and an index\nhttp://somethingelse.com/robots" }
|
12
12
|
let(:repo_configs) { cows.reject {|cow| cow.empty?}.map {|dist| "pkg/repo_configs/deb/pl-#{project}-#{ref}-#{dist}.list" } }
|
@@ -5,12 +5,11 @@ describe 'Pkg::Paths' do
|
|
5
5
|
arch_transformations = {
|
6
6
|
['pkg/el-8-x86_64/puppet-agent-6.9.0-1.el8.x86_64.rpm', 'el', '8'] => 'x86_64',
|
7
7
|
['pkg/el/8/puppet6/aarch64/puppet-agent-6.5.0.3094.g16b6fa6f-1.el8.aarch64.rpm', 'el', '8'] => 'aarch64',
|
8
|
-
['artifacts/fedora/32/puppet6/x86_64/puppet-agent-6.9.0-1.
|
8
|
+
['artifacts/fedora/32/puppet6/x86_64/puppet-agent-6.9.0-1.fc32.x86_64.rpm', 'fedora', '32'] => 'x86_64',
|
9
9
|
['pkg/ubuntu-16.04-amd64/puppet-agent_4.99.0-1xenial_amd64.deb', 'ubuntu', '16.04'] => 'amd64',
|
10
10
|
['artifacts/deb/focal/puppet6/puppet-agent_6.5.0.3094.g16b6fa6f-1focal_arm64.deb', 'ubuntu', '20.04'] => 'aarch64',
|
11
11
|
|
12
12
|
['artifacts/ubuntu-16.04-i386/puppetserver_5.0.1-0.1SNAPSHOT.2017.07.27T2346puppetlabs1.debian.tar.gz', 'ubuntu', '16.04'] => 'source',
|
13
|
-
['artifacts/deb/jessie/PC1/puppetserver_5.0.1.master.orig.tar.gz', 'debian', '8'] => 'source',
|
14
13
|
['artifacts/el/6/PC1/SRPMS/puppetserver-5.0.1.master-0.1SNAPSHOT.2017.08.18T0951.el6.src.rpm', 'el', '6'] => 'SRPMS'
|
15
14
|
}
|
16
15
|
arch_transformations.each do |path_array, arch|
|
@@ -273,7 +272,7 @@ describe 'Pkg::Paths' do
|
|
273
272
|
.to eq(fake_apt_repo_path)
|
274
273
|
end
|
275
274
|
it 'returns nonfinal_yum_repo_path for nonfinal rpms' do
|
276
|
-
expect(Pkg::Paths.remote_repo_base('fedora-
|
275
|
+
expect(Pkg::Paths.remote_repo_base('fedora-34-x86_64', nonfinal: true))
|
277
276
|
.to eq(fake_yum_nightly_repo_path)
|
278
277
|
end
|
279
278
|
it 'returns nonfinal_apt_repo_path for nonfinal debs' do
|
@@ -26,7 +26,7 @@ describe 'Pkg::Platforms' do
|
|
26
26
|
|
27
27
|
describe '#versions_for_platform' do
|
28
28
|
it 'should return all supported versions for a given platform' do
|
29
|
-
expect(Pkg::Platforms.versions_for_platform('el')).to match_array(['
|
29
|
+
expect(Pkg::Platforms.versions_for_platform('el')).to match_array(['6', '7', '8', '9'])
|
30
30
|
end
|
31
31
|
|
32
32
|
it 'should raise an error if given a nonexistent platform' do
|
@@ -36,7 +36,7 @@ describe 'Pkg::Platforms' do
|
|
36
36
|
|
37
37
|
describe '#codenames' do
|
38
38
|
it 'should return all codenames for a given platform' do
|
39
|
-
codenames = ['focal', 'bionic', 'bullseye', 'buster', '
|
39
|
+
codenames = ['focal', 'bionic', 'bullseye', 'buster', 'stretch', 'trusty', 'xenial']
|
40
40
|
expect(Pkg::Platforms.codenames).to match_array(codenames)
|
41
41
|
end
|
42
42
|
end
|
@@ -101,12 +101,12 @@ describe 'Pkg::Platforms' do
|
|
101
101
|
it 'should return a hash of platform info' do
|
102
102
|
expect(Pkg::Platforms.platform_lookup(platform)).to be_instance_of(Hash)
|
103
103
|
end
|
104
|
-
|
104
|
+
|
105
105
|
it 'should include at least arch and package format keys' do
|
106
106
|
expect(Pkg::Platforms.platform_lookup(platform).keys).to include(:architectures)
|
107
107
|
expect(Pkg::Platforms.platform_lookup(platform).keys).to include(:package_format)
|
108
108
|
end
|
109
|
-
end
|
109
|
+
end
|
110
110
|
end
|
111
111
|
|
112
112
|
describe '#get_attribute' do
|
@@ -166,7 +166,7 @@ describe 'Pkg::Platforms' do
|
|
166
166
|
|
167
167
|
describe '#generic_platform_tag' do
|
168
168
|
it 'fails for unsupported platforms' do
|
169
|
-
expect { Pkg::Platforms.generic_platform_tag('
|
169
|
+
expect { Pkg::Platforms.generic_platform_tag('noplatform') }.to raise_error
|
170
170
|
end
|
171
171
|
|
172
172
|
it 'returns a supported platform tag containing the supplied platform' do
|
@@ -15,13 +15,6 @@ Header V4 RSA/SHA256 Signature, key ID ef8d349f: NOKEY
|
|
15
15
|
Header SHA1 digest: OK (3cb7e9861e8bc09783a1b6c8d88243a3c16daa81)
|
16
16
|
V4 RSA/SHA256 Signature, key ID ef8d349f: NOKEY
|
17
17
|
MD5 digest: OK (d5f06ba2a9053de532326d0659ec0d11)
|
18
|
-
DOC
|
19
|
-
}
|
20
|
-
let(:el5_signed_response) { <<-DOC
|
21
|
-
Header V3 RSA/SHA1 signature: NOKEY, key ID ef8d349f
|
22
|
-
Header SHA1 digest: OK (12ea7bd578097a3aecc5deb8ada6aca6147d68e3)
|
23
|
-
V3 RSA/SHA1 signature: NOKEY, key ID ef8d349f
|
24
|
-
MD5 digest: OK (27353c6153068a3c9902fcb4ad5b8b92)
|
25
18
|
DOC
|
26
19
|
}
|
27
20
|
let(:sles12_signed_response) { <<-DOC
|
@@ -40,10 +33,6 @@ DOC
|
|
40
33
|
allow(Pkg::Sign::Rpm).to receive(:`).and_return(el7_signed_response)
|
41
34
|
expect(Pkg::Sign::Rpm.has_sig?(rpm)).to be true
|
42
35
|
end
|
43
|
-
it 'returns true if rpm has been signed (el5)' do
|
44
|
-
allow(Pkg::Sign::Rpm).to receive(:`).and_return(el5_signed_response)
|
45
|
-
expect(Pkg::Sign::Rpm.has_sig?(rpm)).to be true
|
46
|
-
end
|
47
36
|
it 'returns true if rpm has been signed (sles12)' do
|
48
37
|
allow(Pkg::Sign::Rpm).to receive(:`).and_return(sles12_signed_response)
|
49
38
|
expect(Pkg::Sign::Rpm.has_sig?(rpm)).to be true
|
@@ -68,7 +57,6 @@ DOC
|
|
68
57
|
"#{rpm_directory}/aix/7.1/PC1/ppc/puppet-agent-5.5.3-1.aix7.1.ppc.rpm",
|
69
58
|
] }
|
70
59
|
let(:v3_rpms) { [
|
71
|
-
"#{rpm_directory}/el/5/PC1/i386/puppet-agent-5.5.3-1.el5.i386.rpm",
|
72
60
|
"#{rpm_directory}/sles/11/PC1/x86_64/puppet-agent-5.5.3-1.sles11.x86_64.rpm",
|
73
61
|
] }
|
74
62
|
let(:v4_rpms) { [
|
@@ -51,7 +51,6 @@ describe '#Pkg::Util::Ship' do
|
|
51
51
|
pkg/sles/12/puppet6/ppc64le/puppet-agent-6.19.0-1.sles12.ppc64le.rpm
|
52
52
|
pkg/sles/12/puppet6/x86_64/puppet-agent-6.19.0-1.sles12.x86_64.rpm
|
53
53
|
pkg/sles/15/puppet6/x86_64/puppet-agent-6.19.0-1.sles15.x86_64.rpm
|
54
|
-
pkg/apple/10.14/puppet6/x86_64/puppet-agent-6.19.0-1.osx10.14.dmg
|
55
54
|
pkg/apple/10.15/puppet6/x86_64/puppet-agent-6.19.0-1.osx10.15.dmg
|
56
55
|
pkg/fedora/32/puppet6/x86_64/puppet-agent-6.19.0-1.fc32.x86_64.rpm
|
57
56
|
pkg/windows/puppet-agent-6.19.0-x64.msi
|
@@ -71,7 +70,6 @@ describe '#Pkg::Util::Ship' do
|
|
71
70
|
pkg/puppet6/sles/12/ppc64le/puppet-agent-6.19.0-1.sles12.ppc64le.rpm
|
72
71
|
pkg/puppet6/sles/12/x86_64/puppet-agent-6.19.0-1.sles12.x86_64.rpm
|
73
72
|
pkg/puppet6/sles/15/x86_64/puppet-agent-6.19.0-1.sles15.x86_64.rpm
|
74
|
-
pkg/mac/puppet6/10.14/x86_64/puppet-agent-6.19.0-1.osx10.14.dmg
|
75
73
|
pkg/mac/puppet6/10.15/x86_64/puppet-agent-6.19.0-1.osx10.15.dmg
|
76
74
|
pkg/puppet6/fedora/32/x86_64/puppet-agent-6.19.0-1.fc32.x86_64.rpm
|
77
75
|
pkg/windows/puppet6/puppet-agent-6.19.0-x64.msi
|
data/tasks/deb_repos.rake
CHANGED
@@ -10,6 +10,7 @@
|
|
10
10
|
#
|
11
11
|
namespace :pl do
|
12
12
|
namespace :jenkins do
|
13
|
+
# The equivalent to invoking this task is calling Pkg::Util::Repo.deb_repos
|
13
14
|
desc "Create apt repositories of build DEB packages for this SHA on the distributions erver"
|
14
15
|
task :deb_repos => "pl:fetch" do
|
15
16
|
Pkg::Deb::Repo.create_repos
|
data/tasks/fetch.rake
CHANGED
@@ -26,6 +26,7 @@ end
|
|
26
26
|
# It uses curl to download the files, and places them in a temporary
|
27
27
|
# directory, e.g. /tmp/somedirectory/{project,team}/Pkg::Config.builder_data_file
|
28
28
|
namespace :pl do
|
29
|
+
# The equivalent to invoking this task is calling Pkg::Util::File.fetch
|
29
30
|
desc "retrieve build-data configurations to override/extend local build_defaults"
|
30
31
|
task :fetch do
|
31
32
|
# Remove .packaging directory from old-style extras loading
|
data/tasks/load_extras.rake
CHANGED
@@ -6,6 +6,7 @@
|
|
6
6
|
# generic tasks with data not generally useful outside the
|
7
7
|
# PL Release team
|
8
8
|
namespace :pl do
|
9
|
+
# The equivalent to invoking this task is calling Pkg::Util::File.load_extras(temp_directory)
|
9
10
|
task :load_extras, :tempdir do |t, args|
|
10
11
|
unless ENV['PARAMS_FILE'] && ENV['PARAMS_FILE'] != ''
|
11
12
|
tempdir = args.tempdir
|
data/tasks/rpm_repos.rake
CHANGED
@@ -11,6 +11,7 @@
|
|
11
11
|
#
|
12
12
|
namespace :pl do
|
13
13
|
namespace :jenkins do
|
14
|
+
# The equivalent to invoking this task is calling Pkg::Util::Repo.rpm_repos
|
14
15
|
desc "Create yum repositories of built RPM packages for this SHA on the distribution server"
|
15
16
|
task :rpm_repos => "pl:fetch" do
|
16
17
|
Pkg::Rpm::Repo.create_remote_repos
|
data/tasks/ship.rake
CHANGED
@@ -645,6 +645,7 @@ namespace :pl do
|
|
645
645
|
# server path. That way we can separate out built artifacts from
|
646
646
|
# signed/actually shipped artifacts e.g. $path/shipped/ or $path/artifacts.
|
647
647
|
namespace :jenkins do
|
648
|
+
# The equivalent to invoking this task is calling Pkg::Util::Ship.ship_to_artifactory(local_directory, target)
|
648
649
|
desc 'ship pkg directory contents to artifactory'
|
649
650
|
task :ship_to_artifactory, :local_dir do |_t, args|
|
650
651
|
Pkg::Util::RakeUtils.invoke_task('pl:fetch')
|
@@ -673,6 +674,7 @@ namespace :pl do
|
|
673
674
|
end
|
674
675
|
end
|
675
676
|
|
677
|
+
# The equivalent to invoking this task is calling Pkg::Util::Ship.ship(local_directory, target)
|
676
678
|
desc 'Ship "pkg" directory contents to distribution server'
|
677
679
|
task :ship, :target, :local_dir do |_t, args|
|
678
680
|
Pkg::Util::RakeUtils.invoke_task('pl:fetch')
|
data/tasks/sign.rake
CHANGED
@@ -107,8 +107,8 @@ namespace :pl do
|
|
107
107
|
##
|
108
108
|
# This crazy piece of work establishes a remote repo on the signing
|
109
109
|
# server, ships our packages out to it, signs them, and brings them back.
|
110
|
-
#
|
111
110
|
namespace :jenkins do
|
111
|
+
# The equivalent to invoking this task is calling Pkg::Util::Sign.sign_all(root_directory)
|
112
112
|
desc "Sign all locally staged packages on #{Pkg::Config.signing_server}"
|
113
113
|
task :sign_all, :root_dir do |_t, args|
|
114
114
|
Pkg::Util::RakeUtils.invoke_task('pl:fetch')
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: packaging
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.105.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Puppet Labs
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-01-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: pry-byebug
|
@@ -188,8 +188,10 @@ files:
|
|
188
188
|
- lib/packaging/util/os.rb
|
189
189
|
- lib/packaging/util/platform.rb
|
190
190
|
- lib/packaging/util/rake_utils.rb
|
191
|
+
- lib/packaging/util/repo.rb
|
191
192
|
- lib/packaging/util/serialization.rb
|
192
193
|
- lib/packaging/util/ship.rb
|
194
|
+
- lib/packaging/util/sign.rb
|
193
195
|
- lib/packaging/util/tool.rb
|
194
196
|
- lib/packaging/util/version.rb
|
195
197
|
- lib/packaging/util/windows.rb
|
@@ -293,28 +295,28 @@ signing_key:
|
|
293
295
|
specification_version: 4
|
294
296
|
summary: Puppet Labs' packaging automation
|
295
297
|
test_files:
|
296
|
-
- spec/lib/
|
297
|
-
- spec/lib/packaging/
|
298
|
+
- spec/lib/packaging_spec.rb
|
299
|
+
- spec/lib/packaging/artifactory_spec.rb
|
300
|
+
- spec/lib/packaging/deb_spec.rb
|
301
|
+
- spec/lib/packaging/retrieve_spec.rb
|
302
|
+
- spec/lib/packaging/rpm/repo_spec.rb
|
303
|
+
- spec/lib/packaging/deb/repo_spec.rb
|
304
|
+
- spec/lib/packaging/config_spec.rb
|
305
|
+
- spec/lib/packaging/paths_spec.rb
|
298
306
|
- spec/lib/packaging/tar_spec.rb
|
299
|
-
- spec/lib/packaging/
|
307
|
+
- spec/lib/packaging/repo_spec.rb
|
308
|
+
- spec/lib/packaging/sign_spec.rb
|
309
|
+
- spec/lib/packaging/platforms_spec.rb
|
310
|
+
- spec/lib/packaging/util/version_spec.rb
|
311
|
+
- spec/lib/packaging/util/os_spec.rb
|
312
|
+
- spec/lib/packaging/util/misc_spec.rb
|
300
313
|
- spec/lib/packaging/util/git_spec.rb
|
301
|
-
- spec/lib/packaging/util/
|
314
|
+
- spec/lib/packaging/util/jenkins_spec.rb
|
302
315
|
- spec/lib/packaging/util/execution_spec.rb
|
303
|
-
- spec/lib/packaging/util/version_spec.rb
|
304
|
-
- spec/lib/packaging/util/net_spec.rb
|
305
316
|
- spec/lib/packaging/util/git_tag_spec.rb
|
306
|
-
- spec/lib/packaging/util/
|
307
|
-
- spec/lib/packaging/util/ship_spec.rb
|
317
|
+
- spec/lib/packaging/util/gpg_spec.rb
|
308
318
|
- spec/lib/packaging/util/file_spec.rb
|
309
|
-
- spec/lib/packaging/util/
|
310
|
-
- spec/lib/packaging/util/
|
311
|
-
- spec/lib/packaging/
|
312
|
-
- spec/lib/packaging/
|
313
|
-
- spec/lib/packaging/platforms_spec.rb
|
314
|
-
- spec/lib/packaging/deb_spec.rb
|
315
|
-
- spec/lib/packaging/sign_spec.rb
|
316
|
-
- spec/lib/packaging/retrieve_spec.rb
|
317
|
-
- spec/lib/packaging/artifactory_spec.rb
|
318
|
-
- spec/lib/packaging/deb/repo_spec.rb
|
319
|
-
- spec/lib/packaging/config_spec.rb
|
320
|
-
- spec/lib/packaging_spec.rb
|
319
|
+
- spec/lib/packaging/util/net_spec.rb
|
320
|
+
- spec/lib/packaging/util/rake_utils_spec.rb
|
321
|
+
- spec/lib/packaging/util/ship_spec.rb
|
322
|
+
- spec/lib/packaging/gem_spec.rb
|