packaging 0.107.0 → 0.107.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a52b5e4526f37d1bf4ebacf7a4c8de7c8b6cf2fb96ababbc1873384381e42903
-  data.tar.gz: 626f5a46015f53bac68d7dc29fd712efa5a5e7180079444c7f6aecda91ce520c
+  metadata.gz: 26256ba67865f30df015a2bb0e52865c2cbc0962f2048ed468f717a115a273c8
+  data.tar.gz: fb1552330cbfb4e3d7bbfd0bbcfb246513d4a5b78a6e34839b90b265a90b0a7b
 SHA512:
-  metadata.gz: cf0029e52dd115687b71974542ab056555ebaa5d0f8886c4a01ff14f072b6dea4cd3ad509ea66b8dd8ea0c36bf324b27e5cdb289e86202c0c15bd8c7d64cb890
-  data.tar.gz: 4e8cde5da7d1fe12d6677582419c4b7e15a0fbe9d499fbfb29fc6e0e82e6c41583ca254d7c4ca861e959d22d1ed5f0a1270b02c0899ae58c230addc9d3015eba
+  metadata.gz: 521387bdf33b936af8242142f115e50c14343cf842e1d28005c39cc691f1449e241b3344758e40a4f1bdc1dbe161f726e9b0f0c02f50e36c0e8e0e1dffcdef71
+  data.tar.gz: 186692c9b584fbd87c989376dce126bd6f4f549756cf90b3cf1e78a171eea9c4c7ddc4cf95fa0c76bb8e54a2ab182e293f238fdd3df84a1fdfa3a375d94a39bc

data/lib/packaging/platforms.rb

@@ -99,6 +99,14 @@ module Pkg
           signature_format: 'v4',
           repo: true,
         },
+        '36' => {
+          architectures: ['x86_64'],
+          source_architecture: 'SRPMS',
+          package_format: 'rpm',
+          source_package_formats: ['src.rpm'],
+          signature_format: 'v4',
+          repo: true,
+        },
       },
 
       'osx' => {

data/lib/packaging/sign/rpm.rb

@@ -5,7 +5,7 @@ module Pkg::Sign::Rpm
     # To enable support for wrappers around rpm and thus support for gpg-agent
     # rpm signing, we have to be able to tell the packaging repo what binary to
     # use as the rpm signing tool.
-    rpm_command = ENV['RPM'] || Pkg::Util::Tool.find_tool('rpm')
+    rpm_executable = ENV['RPM'] || Pkg::Util::Tool.find_tool('rpm')
 
     # If we're using the gpg agent for rpm signing, we don't want to specify the
     # input for the passphrase, which is what '--passphrase-fd 3' does. However,
@@ -20,12 +20,34 @@ module Pkg::Sign::Rpm
       input_flag = "--passphrase-fd 3"
     end
 
+    # If gpg version is >=2.1, use the gpg1 binary to sign. Otherwise, use the standard sign command.
+    gpg_executable = if gpg_version_greater_than_21?
+                       "%__gpg /usr/bin/gpg1' --define '%__gpg_sign_cmd %{__gpg} gpg1"
+                     else
+                       '%__gpg_sign_cmd %{__gpg} gpg'
+                     end
+
+    # rubocop:disable Lint/NestedPercentLiteral
+    gpg_signing_macro = %W[
+      #{gpg_executable} #{sign_flags} #{input_flag}
+      --batch --no-verbose --no-armor
+      --no-secmem-warning -u %{_gpg_name}
+      -sbo %{__signature_filename} %{__plaintext_filename}
+    ].join(' ')
+    # rubocop:enable Lint/NestedPercentLiteral
+
+    sign_command = %W[
+      #{rpm_executable} #{gpg_check_command}
+      --define '%_gpg_name #{Pkg::Util::Gpg.key}'
+      --define '#{gpg_signing_macro}' --addsign #{rpm}
+    ].join(' ')
+
     # Try this up to 5 times, to allow for incorrect passwords
     Pkg::Util::Execution.retry_on_fail(:times => 5) do
       # This definition of %__gpg_sign_cmd is the default on modern rpm. We
       # accept extra flags to override certain signing behavior for older
       # versions of rpm, e.g. specifying V3 signatures instead of V4.
-      Pkg::Util::Execution.capture3("#{rpm_command} #{gpg_check_command} --define '%_gpg_name #{Pkg::Util::Gpg.key}' --define '%__gpg_sign_cmd %{__gpg} gpg #{sign_flags} #{input_flag} --batch --no-verbose --no-armor --no-secmem-warning -u %{_gpg_name} -sbo %{__signature_filename} %{__plaintext_filename}' --addsign #{rpm}")
+      Pkg::Util::Execution.capture3(sign_command)
     end
   end
 
@@ -112,4 +134,10 @@ module Pkg::Sign::Rpm
       end
     end
   end
+
+  def gpg_version_greater_than_21?
+    gpg_version_output = %x(gpg --version)
+    gpg_version = gpg_version_output.split(' ')[2]
+    Gem::Version.new(gpg_version) >= Gem::Version.new('2.1.0')
+  end
 end

data/tasks/jenkins.rake

@@ -314,6 +314,14 @@ namespace :pl do
       Rake::Task['pl:remote:update_foss_repos'].invoke
       Rake::Task['pl:remote:deploy_final_builds_to_s3'].invoke
       Rake::Task['pl:remote:deploy_to_rsync_server'].invoke
+
+      # This serves as a cheap feature toggle to avoid things not ready to
+      # use it. It should be removed in future versions.
+      if ENV['STABLE_SHIP_TO_GCP']
+        ## apt.repos.puppet.com
+        Rake::Task['pl:stage_stable_debs'].invoke
+        Rake::Task['pl:remote:sync_apt_repo_to_gcp'].invoke
+      end
     end
 
     task :stage_release_packages => "pl:fetch" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: packaging
 version: !ruby/object:Gem::Version
-  version: 0.107.0
+  version: 0.107.1
 platform: ruby
 authors:
 - Puppet Labs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-06-14 00:00:00.000000000 Z
+date: 2022-08-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pry
@@ -324,27 +324,27 @@ specification_version: 4
 summary: Puppet Labs' packaging automation
 test_files:
 - spec/lib/packaging/gem_spec.rb
-- spec/lib/packaging/retrieve_spec.rb
-- spec/lib/packaging/repo_spec.rb
-- spec/lib/packaging/tar_spec.rb
-- spec/lib/packaging/deb/repo_spec.rb
 - spec/lib/packaging/platforms_spec.rb
 - spec/lib/packaging/artifactory_spec.rb
-- spec/lib/packaging/sign_spec.rb
+- spec/lib/packaging/tar_spec.rb
 - spec/lib/packaging/config_spec.rb
-- spec/lib/packaging/paths_spec.rb
 - spec/lib/packaging/deb_spec.rb
-- spec/lib/packaging/rpm/repo_spec.rb
+- spec/lib/packaging/deb/repo_spec.rb
+- spec/lib/packaging/repo_spec.rb
+- spec/lib/packaging/retrieve_spec.rb
+- spec/lib/packaging/sign_spec.rb
+- spec/lib/packaging/paths_spec.rb
 - spec/lib/packaging/util/git_tag_spec.rb
-- spec/lib/packaging/util/execution_spec.rb
-- spec/lib/packaging/util/version_spec.rb
-- spec/lib/packaging/util/misc_spec.rb
+- spec/lib/packaging/util/os_spec.rb
+- spec/lib/packaging/util/jenkins_spec.rb
+- spec/lib/packaging/util/gpg_spec.rb
 - spec/lib/packaging/util/net_spec.rb
-- spec/lib/packaging/util/rake_utils_spec.rb
 - spec/lib/packaging/util/ship_spec.rb
+- spec/lib/packaging/util/rake_utils_spec.rb
+- spec/lib/packaging/util/execution_spec.rb
+- spec/lib/packaging/util/misc_spec.rb
 - spec/lib/packaging/util/file_spec.rb
-- spec/lib/packaging/util/os_spec.rb
-- spec/lib/packaging/util/jenkins_spec.rb
 - spec/lib/packaging/util/git_spec.rb
-- spec/lib/packaging/util/gpg_spec.rb
+- spec/lib/packaging/util/version_spec.rb
+- spec/lib/packaging/rpm/repo_spec.rb
 - spec/lib/packaging_spec.rb