packaging 0.99.11 → 0.99.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 941dadd42783a3f36d63c1b9ad2670ab6f514e76
-  data.tar.gz: c4a2cb2b7c8fdad4be179201aeb797ff539fc462
+  metadata.gz: 75390943c5911db51faf6f0e7402fd9f1a097a3f
+  data.tar.gz: 6074cb15a9e826dd85a2800df94c0cd3dbbc4c70
 SHA512:
-  metadata.gz: 64160466a199a96adbe2f2de438387abed2a34ef09e60f19cc15b8261b2291e390c8327886df908786302ff33d17856ae3201da1dee98038da1caa7d08107218
-  data.tar.gz: 00d31db799203d04adea27d03816592dc67e2399302f571343a3d886ffdbea1746525a609cb34865d1a7b274f0be6cc955dc5e2fbe7cfceef7656db5feed9c62
+  metadata.gz: 7c2857a239fa9544c3442dda8901d461bbb35e42f24f740531399b383b99fe9b941d108cc5a23a48145052fd16cc222829ffe4c31e98314d219157271d87cb45
+  data.tar.gz: 89b6b4a5707c3e4d5c562f8ce84b43be33b582a2a98480e7b7863231dc9d668a54496e340ed2677f7979abb7a0d38ee5b6016602d46ca4d6d9d5d354e776e2d7

data/README.md

@@ -446,7 +446,7 @@ packager: 'puppetlabs'
 # GPG key ID of the signer
 gpg_key: '7F438280EF8D349F'
 # Whether to require tarball signing as a prerequisite of other package building
-sign_tar: FALSE
+sign_tar: false
 # a space separated list of mock configs. These are the rpm distributions to package for. If a noarch package, only one arch of each is needed.
 final_mocks: 'pl-el-5-i386 pl-el-5-x86_64 pl-el-6-i386 pl-el-6-x86_64 pl-fedora-16-i386 pl-fedora-16-x86_64 pl-fedora-17-i386 pl-fedora-17-x86_64'
 # The host that contains the yum repository to ship to
@@ -462,10 +462,10 @@ apt_repo_path: '/opt/repository/incoming'
 # The host that stores the tarballs for downloading
 tar_host: 'downloads.puppetlabs.com'
 # Whether to present the gem and apple tasks
-build_gem: TRUE
-build_dmg: TRUE
+build_gem: true
+build_dmg: true
 # Whether to execute the rdoc rake tasks prior to composing the tarball
-build_doc: FALSE
+build_doc: false
 # Whether to kick of a dynamic msi build job along side the uber_build
 # If present, a dynamically generated jenkins job will be kicked off.
 # The automation in puppet_for_the_win is used to build the msi with the
@@ -487,9 +487,9 @@ build_msi:
     repo: 'git://github.com/puppetlabs/puppet-win32-ruby.git'
 # Whether to present the Solaris 11 IPS packaging tasks
 # This requires suitable IPS packaging artifacts in the project in ext/ips
-build_ips: FALSE
+build_ips: false
 # Whether this project is a PE project or not
-build_pe: FALSE
+build_pe: false
 # An optional task to execute pre-tarball composition. See the tasks in
 # the 'pretasks' directory
 pre_tar_task: 'package:vendor_gems'
@@ -657,7 +657,7 @@ files:
 * **package:apple**
 
     Use `PackageMaker` to create a pkg package inside a dmg. Requires 'sudo'
-    privileges. `build_dmg: TRUE` must be set in `ext/build_defaults.yaml`.
+    privileges. `build_dmg: true` must be set in `ext/build_defaults.yaml`.
     Packages are staged in ./pkg/apple. See the Mac packaging section of
     [Setting up projects for the Packaging
     Repo](https://github.com/MosesMendoza/packaging/tree/more_documentation#setting-up-projects-for-the-packaging-repo).
@@ -677,7 +677,7 @@ files:
 
 * **package:gem**
     Use the `rubygems/package_task` library to create a rubygem from the
-    repository. Requires `build_gem: TRUE` and gem-related parameters be set in
+    repository. Requires `build_gem: true` and gem-related parameters be set in
     `ext/build_defaults.yaml` and `ext/project\_data.yaml`. The gem is staged
     in `./pkg`.
 

data/lib/packaging/sign/rpm.rb

@@ -34,7 +34,81 @@ module Pkg::Sign::Rpm
   end
 
   def has_sig?(rpm)
-    %x(rpm -Kv #{rpm} | grep "#{Pkg::Util::Gpg.key.downcase}" &> /dev/null)
-    $?.success?
+    # This should allow the `Pkg::Util::Gpg.key` method to fail if gpg_key is
+    # not set, before shelling out. We also only want the short key, all
+    # lowercase, since that's what the `rpm -Kv` output uses.
+    key = Pkg::Util::Gpg.key.downcase.chars.last(8).join
+    signature_check_output = %x(rpm --checksig --verbose #{rpm})
+    # If the signing key has not been loaded on the system this is running on,
+    # the check will exit 1, even if the rpm is signed, so we can't use capture3,
+    # which bails out with non-0 exit codes. Instead, check that the output
+    # looks more-or-less how we expect it to.
+    fail "Something went wrong checking the signature of #{rpm}." unless signature_check_output.include? "Header"
+    return signature_check_output.include? "key ID #{key}"
+  end
+
+  def sign_all(rpm_directory)
+    # Create a hash mapping full paths to basenames.
+    # This will allow us to keep track of the different paths that may be
+    # associated with a single basename, e.g. noarch packages.
+    all_rpms = {}
+    rpms_to_sign = Dir["#{rpm_directory}/**/*.rpm"]
+    rpms_to_sign.each do |rpm_path|
+      all_rpms[rpm_path] = File.basename(rpm_path)
+    end
+    # Delete a package, both from the signing server and from the rpm array, if
+    # there are other packages with the same basename so that we only sign the
+    # package once.
+    all_rpms.each do |rpm_path, rpm_filename|
+      if rpms_to_sign.map { |rpm| File.basename(rpm) }.count(rpm_filename) > 1
+        FileUtils.rm(rpm_path)
+        rpms_to_sign.delete(rpm_path)
+      end
+    end
+
+    v3_rpms = []
+    v4_rpms = []
+    rpms_to_sign.each do |rpm|
+      if has_sig? rpm
+        puts "#{rpm} is already signed, skipping . . ."
+        next
+      end
+      platform_tag = Pkg::Paths.tag_from_artifact_path(rpm)
+      platform, version, _ = Pkg::Platforms.parse_platform_tag(platform_tag)
+
+      # We don't sign AIX rpms
+      next if platform_tag.include?('aix')
+
+      case Pkg::Platforms.signature_format_for_platform_version(platform, version)
+      when 'v3'
+        v3_rpms << rpm
+      when 'v4'
+        v4_rpms << rpm
+      else
+        fail "Cannot find signature type for package '#{rpm}'"
+      end
+    end
+
+    unless v3_rpms.empty?
+      puts "Signing legacy (v3) rpms..."
+      legacy_sign(v3_rpms.join(' '))
+    end
+
+    unless v4_rpms.empty?
+      puts "Signing modern (v4) rpms..."
+      sign(v4_rpms.join(' '))
+    end
+
+    # Using the map of paths to basenames, we re-hardlink the rpms we deleted.
+    all_rpms.each do |link_path, rpm_filename|
+      next if File.exist? link_path
+      FileUtils.mkdir_p(File.dirname(link_path))
+      # Find paths where the signed rpm has the same basename, but different
+      # full path, as the one we need to link.
+      paths_to_link_to = rpms_to_sign.select { |rpm| File.basename(rpm) == rpm_filename && rpm != link_path }
+      paths_to_link_to.each do |path|
+        FileUtils.ln(path, link_path, :force => true, :verbose => true)
+      end
+    end
   end
 end

data/lib/packaging/util/execution.rb

@@ -58,7 +58,7 @@ module Pkg::Util::Execution
     # Loop a block up to the number of attempts given, exiting when we receive success
     # or max attempts is reached. Raise an exception unless we've succeeded.
     def retry_on_fail(args, &blk)
-      success = FALSE
+      success = false
       exception = ''
 
       if args[:times].respond_to?(:times) and block_given?
@@ -69,7 +69,7 @@ module Pkg::Util::Execution
 
           begin
             blk.call
-            success = TRUE
+            success = true
             break
           rescue => err
             puts "An error was encountered evaluating block. Retrying.."

data/lib/packaging/util/gpg.rb

@@ -25,7 +25,7 @@ module Pkg::Util::Gpg
           kill_keychain
           start_keychain
         end
-        @keychain_loaded = TRUE
+        @keychain_loaded = true
       end
     end
 

data/lib/packaging/util/net.rb

@@ -361,7 +361,7 @@ git clone --recursive /tmp/#{tarball_name} /tmp/#{Pkg::Config.project}-#{appendi
 cd /tmp/#{Pkg::Config.project}-#{appendix} ;
 bundle_prefix= ;
 if [[ -r Gemfile ]]; then
-  source /usr/local/rvm/scripts/rvm; rvm use ruby-2.4.1; bundle install --path .bundle/gems ;
+  #{remote_bundle_install_command}
   bundle_prefix='bundle exec' ;
 fi ;
 $bundle_prefix rake package:bootstrap
@@ -370,6 +370,12 @@ DOC
       "/tmp/#{Pkg::Config.project}-#{appendix}"
     end
 
+    def remote_bundle_install_command
+      export_packaging_location = ''
+      export_packaging_location = "export PACKAGING_LOCATION=#{ENV['PACKAGING_LOCATION']};" if ENV['PACKAGING_LOCATION'] && !ENV['PACKAGING_LOCATION'].empty?
+      command = "source /usr/local/rvm/scripts/rvm; rvm use ruby-2.4.1; #{export_packaging_location} bundle install --path .bundle/gems ;"
+    end
+
     # Given a BuildInstance object and a host, send its params to the host. Return
     # the remote path to the params.
     def remote_buildparams(host, build)

data/lib/packaging/util.rb

@@ -22,8 +22,8 @@ module Pkg::Util
   require 'packaging/util/git_tags'
 
   def self.boolean_value(var)
-    return TRUE if var == TRUE || ( var.is_a?(String) && ( var.downcase == 'true' || var.downcase =~ /^y$|^yes$/))
-    FALSE
+    return true if var == true || ( var.is_a?(String) && ( var.downcase == 'true' || var.downcase =~ /^y$|^yes$/))
+    return false
   end
 
   def self.in_project_root(&blk)

data/spec/lib/packaging/config_spec.rb

@@ -168,10 +168,10 @@ describe "Pkg::Config" do
       end
     end
 
-    mixed_params = { :sign_tar => TRUE, :baz => 'qux' }
+    mixed_params = { :sign_tar => true, :baz => 'qux' }
     context "given a hash with both valid and invalid params" do
       it "should set the valid param" do
-        Pkg::Config.should_receive(:instance_variable_set).with("@sign_tar", TRUE)
+        Pkg::Config.should_receive(:instance_variable_set).with("@sign_tar", true)
         Pkg::Config.config_from_hash(mixed_params)
       end
 
@@ -190,7 +190,7 @@ describe "Pkg::Config" do
   describe "#params" do
     it "should return a hash containing keys for all build parameters" do
       params = Pkg::Config.config
-      Build_Params.each { |param| params.has_key?(param).should == TRUE }
+      Build_Params.each { |param| params.has_key?(param).should == true }
     end
   end
 

data/spec/lib/packaging/sign_spec.rb

@@ -0,0 +1,136 @@
+require 'spec_helper'
+require 'packaging/sign'
+
+describe 'Pkg::Sign' do
+  describe 'Pkg::Sign::Rpm' do
+
+    before :each do
+      allow(Pkg::Config).to receive(:gpg_key).and_return('7F438280EF8D349F')
+    end
+
+    describe '#has_sig?' do
+      let(:rpm) { 'foo.rpm' }
+      let(:el7_signed_response) { <<-DOC
+Header V4 RSA/SHA256 Signature, key ID ef8d349f: NOKEY
+Header SHA1 digest: OK (3cb7e9861e8bc09783a1b6c8d88243a3c16daa81)
+V4 RSA/SHA256 Signature, key ID ef8d349f: NOKEY
+MD5 digest: OK (d5f06ba2a9053de532326d0659ec0d11)
+DOC
+      }
+      let(:el5_signed_response) { <<-DOC
+Header V3 RSA/SHA1 signature: NOKEY, key ID ef8d349f
+Header SHA1 digest: OK (12ea7bd578097a3aecc5deb8ada6aca6147d68e3)
+V3 RSA/SHA1 signature: NOKEY, key ID ef8d349f
+MD5 digest: OK (27353c6153068a3c9902fcb4ad5b8b92)
+DOC
+      }
+      let(:sles12_signed_response) { <<-DOC
+Header V4 RSA/SHA256 Signature, key ID ef8d349f: NOKEY
+Header SHA1 digest: OK (e713487cf21ebeb933aefd5ec9211a34603233d2)
+V4 RSA/SHA256 Signature, key ID ef8d349f: NOKEY
+MD5 digest: OK (3093a09ac39bc17751f913e19ca74432)
+DOC
+      }
+      let(:unsigned_response) { <<-DOC
+Header SHA1 digest: OK (f9404cc95f200568c2dbb1fd24e1119e3e4a40a9)
+MD5 digest: OK (816095f3cee145091c3fa07a0915ce85)
+DOC
+      }
+      it 'returns true if rpm has been signed (el7)' do
+        allow(Pkg::Sign::Rpm).to receive(:`).and_return(el7_signed_response)
+        expect(Pkg::Sign::Rpm.has_sig?(rpm)).to be true
+      end
+      it 'returns true if rpm has been signed (el5)' do
+        allow(Pkg::Sign::Rpm).to receive(:`).and_return(el5_signed_response)
+        expect(Pkg::Sign::Rpm.has_sig?(rpm)).to be true
+      end
+      it 'returns true if rpm has been signed (sles12)' do
+        allow(Pkg::Sign::Rpm).to receive(:`).and_return(sles12_signed_response)
+        expect(Pkg::Sign::Rpm.has_sig?(rpm)).to be true
+      end
+      it 'returns false if rpm has not been signed' do
+        allow(Pkg::Sign::Rpm).to receive(:`).and_return(unsigned_response)
+        expect(Pkg::Sign::Rpm.has_sig?(rpm)).to be false
+      end
+      it 'fails with unexpected output' do
+        allow(Pkg::Sign::Rpm).to receive(:`).and_return('something that is definitely not a normal response')
+        expect { Pkg::Sign::Rpm.has_sig?(rpm) }.to raise_error(RuntimeError, /Something went wrong checking the signature/)
+      end
+      it 'fails if gpg_key is not set' do
+        allow(Pkg::Config).to receive(:gpg_key).and_return(nil)
+        expect { Pkg::Sign::Rpm.has_sig?(rpm) }.to raise_error(RuntimeError, /You need to set `gpg_key` in your build defaults./)
+      end
+    end
+
+    describe '#sign_all' do
+      let(:rpm_directory) { 'foo' }
+      let(:rpms_not_to_sign) { [
+        "#{rpm_directory}/aix/6.1/PC1/ppc/puppet-agent-5.5.3-1.aix6.1.ppc.rpm",
+        "#{rpm_directory}/aix/7.1/PC1/ppc/puppet-agent-5.5.3-1.aix7.1.ppc.rpm",
+      ] }
+      let(:v3_rpms) { [
+        "#{rpm_directory}/el/5/PC1/i386/puppet-agent-5.5.3-1.el5.i386.rpm",
+        "#{rpm_directory}/sles/11/PC1/x86_64/puppet-agent-5.5.3-1.sles11.x86_64.rpm",
+      ] }
+      let(:v4_rpms) { [
+        "#{rpm_directory}/el/7/PC1/aarch64/puppet-agent-5.5.3-1.el7.aarch64.rpm",
+        "#{rpm_directory}/sles/12/PC1/s390x/puppet-agent-5.5.3-1.sles12.s390x.rpm",
+      ] }
+      let(:rpms) { rpms_not_to_sign + v3_rpms + v4_rpms }
+      let(:already_signed_rpms) { [
+        "#{rpm_directory}/cisco-wrlinux/7/PC1/x86_64/puppet-agent-5.5.3-1.cisco_wrlinux7.x86_64.rpm",
+        "#{rpm_directory}/el/6/PC1/x86_64/puppet-agent-5.5.3-1.el6.x86_64.rpm",
+      ] }
+      let(:noarch_rpms) { [
+        "#{rpm_directory}/el/6/puppet5/i386/puppetserver-5.3.3-1.el6.noarch.rpm",
+        "#{rpm_directory}/el/6/puppet5/x86_64/puppetserver-5.3.3-1.el6.noarch.rpm",
+        "#{rpm_directory}/el/7/puppet5/i386/puppetserver-5.3.3-1.el7.noarch.rpm",
+        "#{rpm_directory}/el/7/puppet5/x86_64/puppetserver-5.3.3-1.el7.noarch.rpm",
+        "#{rpm_directory}/sles/12/puppet5/i386/puppetserver-5.3.3-1.sles12.noarch.rpm",
+        "#{rpm_directory}/sles/12/puppet5/x86_64/puppetserver-5.3.3-1.sles12.noarch.rpm"
+      ] }
+
+      it 'signs both v3 and v4 rpms' do
+        allow(Dir).to receive(:[]).with("#{rpm_directory}/**/*.rpm").and_return(rpms)
+        rpms.each do |rpm|
+          allow(Pkg::Sign::Rpm).to receive(:has_sig?).and_return(false)
+        end
+        expect(Pkg::Sign::Rpm).to receive(:legacy_sign).with(v3_rpms.join(' '))
+        expect(Pkg::Sign::Rpm).to receive(:sign).with(v4_rpms.join(' '))
+        Pkg::Sign::Rpm.sign_all(rpm_directory)
+      end
+
+      it 'does not sign AIX rpms' do
+        allow(Dir).to receive(:[]).with("#{rpm_directory}/**/*.rpm").and_return(rpms_not_to_sign)
+        allow(Pkg::Sign::Rpm).to receive(:has_sig?)
+        expect(Pkg::Sign::Rpm).to_not receive(:legacy_sign)
+        expect(Pkg::Sign::Rpm).to_not receive(:sign)
+        Pkg::Sign::Rpm.sign_all(rpm_directory)
+      end
+
+      it 'does not sign already-signed rpms' do
+        allow(Dir).to receive(:[]).with("#{rpm_directory}/**/*.rpm").and_return(already_signed_rpms)
+        already_signed_rpms.each do |rpm|
+          allow(Pkg::Sign::Rpm).to receive(:has_sig?).and_return(true)
+        end
+        expect(Pkg::Sign::Rpm).to_not receive(:legacy_sign)
+        expect(Pkg::Sign::Rpm).to_not receive(:sign)
+        Pkg::Sign::Rpm.sign_all(rpm_directory)
+      end
+
+      it 'deletes and relinks rpms with the same basename' do
+        allow(Dir).to receive(:[]).with("#{rpm_directory}/**/*.rpm").and_return(noarch_rpms)
+        allow(Pkg::Sign::Rpm).to receive(:sign)
+        allow(Pkg::Sign::Rpm).to receive(:has_sig?)
+        expect(FileUtils).to receive(:rm).exactly(noarch_rpms.count/2).times
+        expect(FileUtils).to receive(:ln).exactly(noarch_rpms.count/2).times
+        Pkg::Sign::Rpm.sign_all(rpm_directory)
+      end
+
+      it 'does not fail if there are no rpms to sign' do
+        allow(Dir).to receive(:[]).with("#{rpm_directory}/**/*.rpm").and_return([])
+        expect(Pkg::Sign::Rpm.sign_all(rpm_directory)).to_not raise_error
+      end
+    end
+  end
+end

data/spec/lib/packaging/util/gpg_spec.rb

@@ -24,7 +24,7 @@ describe "Pkg::Util::Gpg" do
 
   describe '#kill_keychain' do
     it "doesn't reload the keychain if already loaded" do
-      Pkg::Util::Gpg.instance_variable_set("@keychain_loaded", TRUE)
+      Pkg::Util::Gpg.instance_variable_set("@keychain_loaded", true)
       Pkg::Util::Gpg.should_receive(:kill_keychain).never
       Pkg::Util::Gpg.should_receive(:start_keychain).never
       Pkg::Util::Gpg.load_keychain

data/tasks/nightly_repos.rake

@@ -25,7 +25,7 @@ namespace :pl do
 cd #{remote_repo} ;
 bundle_prefix= ;
 if [[ -r Gemfile ]]; then
-  source /usr/local/rvm/scripts/rvm; rvm use ruby-2.4.1; bundle install --path .bundle/gems;
+  #{Pkg::Util::Net.remote_bundle_install_command}
   bundle_prefix='bundle exec';
 fi ;
 $bundle_prefix rake pl:jenkins:sign_repos GPG_KEY=#{Pkg::Util::Gpg.key} PARAMS_FILE=#{build_params}

data/tasks/sign.rake

@@ -38,67 +38,8 @@ namespace :pl do
 
   desc "Sign mocked rpms, Defaults to PL Key, pass GPG_KEY to override"
   task :sign_rpms, :root_dir do |t, args|
-    rpm_dir = args.root_dir || $DEFAULT_DIRECTORY
-
-    # Create a hash mapping full paths to basenames.
-    # This will allow us to keep track of the different paths that may be
-    # associated with a single basename, e.g. noarch packages.
-    all_rpms = {}
-    rpms_to_sign = Dir["#{rpm_dir}/**/*.rpm"]
-    rpms_to_sign.each do |rpm_path|
-      all_rpms[rpm_path] = File.basename(rpm_path)
-    end
-    # Delete a package, both from the signing server and from the rpm array, if
-    # there are other packages with the same basename so that we only sign the
-    # package once.
-    all_rpms.each do |rpm_path, rpm_filename|
-      if rpms_to_sign.map { |rpm| File.basename(rpm) }.count(rpm_filename) > 1
-        FileUtils.rm(rpm_path)
-        rpms_to_sign.delete(rpm_path)
-      end
-    end
-
-    v3_rpms = []
-    v4_rpms = []
-    rpms_to_sign.each do |rpm|
-      platform_tag = Pkg::Paths.tag_from_artifact_path(rpm)
-      platform, version, _ = Pkg::Platforms.parse_platform_tag(platform_tag)
-
-      # We don't sign AIX rpms
-      next if platform_tag.include?('aix')
-
-      sig_type = Pkg::Platforms.signature_format_for_platform_version(platform, version)
-      case sig_type
-      when 'v3'
-        v3_rpms << rpm
-      when 'v4'
-        v4_rpms << rpm
-      else
-        fail "Cannot find signature type for package '#{rpm}'"
-      end
-    end
-
-    unless v3_rpms.empty?
-      puts "Signing old rpms..."
-      Pkg::Sign::Rpm.legacy_sign(v3_rpms.join(' '))
-    end
-
-    unless v4_rpms.empty?
-      puts "Signing modern rpms..."
-      Pkg::Sign::Rpm.sign(v4_rpms.join(' '))
-    end
-
-    # Using the map of paths to basenames, we re-hardlink the rpms we deleted.
-    all_rpms.each do |link_path, rpm_filename|
-      next if File.exist? link_path
-      FileUtils.mkdir_p(File.dirname(link_path))
-      # Find paths where the signed rpm has the same basename, but different
-      # full path, as the one we need to link.
-      paths_to_link_to = rpms_to_sign.select { |rpm| File.basename(rpm) == rpm_filename && rpm != link_path }
-      paths_to_link_to.each do |path|
-        FileUtils.ln(path, link_path, :force => true, :verbose => true)
-      end
-    end
+    rpm_directory = args.root_dir || $DEFAULT_DIRECTORY
+    Pkg::Sign::Rpm.sign_all(rpm_directory)
   end
 
   desc "Sign ips package, uses PL certificates by default, update privatekey_pem, certificate_pem, and ips_inter_cert in build_defaults.yaml to override."
@@ -120,7 +61,7 @@ namespace :pl do
   desc "Check if all rpms are signed"
   task :check_rpm_sigs, :root_dir do |_t, args|
     rpm_dir = args.root_dir || $DEFAULT_DIRECTORY
-    signed = TRUE
+    signed = true
     rpms = Dir["#{rpm_dir}/**/*.rpm"]
     print 'Checking rpm signatures'
     rpms.each do |rpm|
@@ -128,7 +69,7 @@ namespace :pl do
         print '.'
       else
         puts "#{rpm} is unsigned."
-        signed = FALSE
+        signed = false
       end
     end
     fail unless signed
@@ -200,7 +141,7 @@ namespace :pl do
 cd #{remote_repo} ;
 bundle_prefix= ;
 if [[ -r Gemfile ]]; then
-  source /usr/local/rvm/scripts/rvm; rvm use ruby-2.4.1; bundle install --path .bundle/gems;
+  #{Pkg::Util::Net.remote_bundle_install_command}
   bundle_prefix='bundle exec';
 fi ;
 $bundle_prefix rake #{sign_tasks.map { |task| task + "[#{root_dir}]" }.join(" ")} PARAMS_FILE=#{build_params}

data/templates/packaging.xml.erb

@@ -146,6 +146,9 @@ pushd project
   pushd git_repo
 
     ### Clone the packaging repo
+    <% if ENV['PACKAGING_LOCATION'] && !ENV['PACKAGING_LOCATION'].empty? %>
+      export PACKAGING_LOCATION=&quot;<%= ENV['PACKAGING_LOCATION'] %>&quot;
+    <% end %>
     bundle install --path .bundle/gems --binstubs .bundle/bin --retry 3
 
     ### Perform the build

data/templates/repo.xml.erb

@@ -71,6 +71,9 @@ if [ $PACKAGE_BUILD_RESULT -eq 0 ] ; then
     pushd git_repo
 
       ### Clone the packaging repo
+      <% if ENV['PACKAGING_LOCATION'] && !ENV['PACKAGING_LOCATION'].empty? %>
+        export PACKAGING_LOCATION=&quot;<%= ENV['PACKAGING_LOCATION'] %>&quot;
+      <% end %>
       bundle install --path .bundle/gems --binstubs .bundle/bin --retry 3
 
       ### Run repo creation

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: packaging
 version: !ruby/object:Gem::Version
-  version: 0.99.11
+  version: 0.99.12
 platform: ruby
 authors:
 - Puppet Labs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-09-04 00:00:00.000000000 Z
+date: 2018-09-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -146,6 +146,7 @@ files:
 - spec/lib/packaging/repo_spec.rb
 - spec/lib/packaging/retrieve_spec.rb
 - spec/lib/packaging/rpm/repo_spec.rb
+- spec/lib/packaging/sign_spec.rb
 - spec/lib/packaging/tar_spec.rb
 - spec/lib/packaging/util/execution_spec.rb
 - spec/lib/packaging/util/file_spec.rb
@@ -222,7 +223,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.14
+rubygems_version: 2.6.9
 signing_key: 
 specification_version: 4
 summary: Puppet Labs' packaging automation
@@ -236,6 +237,7 @@ test_files:
 - spec/lib/packaging/repo_spec.rb
 - spec/lib/packaging/retrieve_spec.rb
 - spec/lib/packaging/rpm/repo_spec.rb
+- spec/lib/packaging/sign_spec.rb
 - spec/lib/packaging/tar_spec.rb
 - spec/lib/packaging/util/execution_spec.rb
 - spec/lib/packaging/util/file_spec.rb