packaging 0.99.28 → 0.99.29
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/packaging/paths.rb +22 -4
- data/lib/packaging/sign/msi.rb +36 -17
- data/lib/packaging/util/ship.rb +34 -0
- data/spec/fixtures/config/ext/build_defaults.yaml +1 -1
- data/spec/fixtures/config/ext/project_data.yaml +1 -1
- data/spec/lib/packaging/paths_spec.rb +40 -0
- data/tasks/jenkins.rake +18 -0
- metadata +3 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9f423cc0b3db951ead3f977e29ce01bb1ef130b86ce40de7b21c45f8c7cb7952
|
4
|
+
data.tar.gz: e15f8d7c8bb1f03dea062857bc5e8669e175b11d11855affa24e653fa45b87f1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 40aa070d4b58734c6b16be7ceac959b860560016f407dfb124349cb51e5afd6d6cbe1f506c3aaecbce345e029ca861527d2d419167235114083b9555ec466f0c
|
7
|
+
data.tar.gz: aa7e8edc975af46c0b08370e94e2335381bdba55cc281f908e207b6b80db1c60a79f6319c88782500b8a2e5b24865a6aa90362be4e9a3fb36f4167053cf15382
|
data/lib/packaging/paths.rb
CHANGED
@@ -266,17 +266,35 @@ module Pkg::Paths
|
|
266
266
|
end
|
267
267
|
end
|
268
268
|
|
269
|
+
def remote_repo_base(platform_tag, nonfinal = false)
|
270
|
+
package_format = Pkg::Platforms.package_format_for_tag(platform_tag)
|
271
|
+
case package_format
|
272
|
+
when 'rpm'
|
273
|
+
nonfinal ? Pkg::Config.nonfinal_yum_repo_path : Pkg::Config.yum_repo_path
|
274
|
+
when 'deb'
|
275
|
+
nonfinal ? Pkg::Config.nonfinal_apt_repo_path : Pkg::Config.apt_repo_path
|
276
|
+
else
|
277
|
+
raise "Can't determine remote repo base path for package format '#{package_format}'."
|
278
|
+
end
|
279
|
+
end
|
280
|
+
|
281
|
+
# This is where deb packages end up after freight repo updates
|
282
|
+
def apt_package_base_path(platform_tag, repo_name, project, nonfinal = false)
|
283
|
+
fail "Can't determine path for non-debian platform #{platform_tag}." unless Pkg::Platforms.package_format_for_tag(platform_tag) == 'deb'
|
284
|
+
platform, version, _ = Pkg::Platforms.parse_platform_tag(platform_tag)
|
285
|
+
codename = Pkg::Platforms.codename_for_platform_version(platform, version)
|
286
|
+
return File.join(remote_repo_base(platform_tag, nonfinal), 'pool', codename, repo_name, project[0], project)
|
287
|
+
end
|
288
|
+
|
269
289
|
def release_package_link_path(platform_tag, nonfinal = false)
|
270
290
|
platform, version, arch = Pkg::Platforms.parse_platform_tag(platform_tag)
|
271
291
|
package_format = Pkg::Platforms.package_format_for_tag(platform_tag)
|
272
292
|
case package_format
|
273
293
|
when 'rpm'
|
274
|
-
|
275
|
-
return File.join(base_path, "#{repo_name(nonfinal)}-release-#{platform}-#{version}.noarch.rpm")
|
294
|
+
return File.join(remote_repo_base(platform_tag, nonfinal), "#{repo_name(nonfinal)}-release-#{platform}-#{version}.noarch.rpm")
|
276
295
|
when 'deb'
|
277
|
-
base_path = nonfinal ? Pkg::Config.nonfinal_apt_repo_path : Pkg::Config.apt_repo_path
|
278
296
|
codename = Pkg::Platforms.codename_for_platform_version(platform, version)
|
279
|
-
return File.join(
|
297
|
+
return File.join(remote_repo_base(platform_tag, nonfinal), "#{repo_name(nonfinal)}-release-#{codename}.deb")
|
280
298
|
else
|
281
299
|
warn "No release packages for package format '#{package_format}', skipping . . ."
|
282
300
|
return nil
|
data/lib/packaging/sign/msi.rb
CHANGED
@@ -66,23 +66,42 @@ module Pkg::Sign::Msi
|
|
66
66
|
if "/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe" verify -in "C:/#{work_dir}/$msi" ; then
|
67
67
|
echo "$msi is already signed, skipping . . ." ;
|
68
68
|
else
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
69
|
+
tries=5
|
70
|
+
sha1Servers=(http://timestamp.verisign.com/scripts/timstamp.dll
|
71
|
+
http://timestamp.globalsign.com/scripts/timstamp.dll
|
72
|
+
http://www.startssl.com/timestamp)
|
73
|
+
for timeserver in "${sha1Servers[@]}"; do
|
74
|
+
for ((try=1; try<=$tries; try++)) do
|
75
|
+
ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
|
76
|
+
-n "Puppet" -i "http://www.puppet.com" \
|
77
|
+
-h sha1 \
|
78
|
+
-pkcs12 "#{Pkg::Config.msi_signing_cert}" \
|
79
|
+
-pass "#{Pkg::Config.msi_signing_cert_pw}" \
|
80
|
+
-t "$timeserver" \
|
81
|
+
-in "C:/#{work_dir}/$msi" \
|
82
|
+
-out "C:/#{work_dir}/signed-$msi")
|
83
|
+
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
84
|
+
done;
|
85
|
+
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
86
|
+
done;
|
87
|
+
echo $ret
|
88
|
+
sha256Servers=(http://sha256timestamp.ws.symantec.com/sha256/timestamp
|
89
|
+
http://timestamp.comodoca.com?td=sha256)
|
90
|
+
for timeserver in "${sha256Servers[@]}"; do
|
91
|
+
for ((try=1; try<=$tries; try++)) do
|
92
|
+
ret=$(/cygdrive/c/tools/osslsigncode-fork/osslsigncode.exe sign \
|
93
|
+
-n "Puppet" -i "http://www.puppet.com" \
|
94
|
+
-nest -h sha256 \
|
95
|
+
-pkcs12 "#{Pkg::Config.msi_signing_cert}" \
|
96
|
+
-pass "#{Pkg::Config.msi_signing_cert_pw}" \
|
97
|
+
-ts "$timeserver" \
|
98
|
+
-in "C:/#{work_dir}/signed-$msi" \
|
99
|
+
-out "C:/#{work_dir}/$msi")
|
100
|
+
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
101
|
+
done;
|
102
|
+
if [[ $ret == *"Succeeded"* ]]; then break; fi
|
103
|
+
done;
|
104
|
+
echo $ret
|
86
105
|
fi
|
87
106
|
done))
|
88
107
|
msis.each do | msi |
|
data/lib/packaging/util/ship.rb
CHANGED
@@ -208,6 +208,40 @@ module Pkg::Util::Ship
|
|
208
208
|
fail "Failed to create rolling repo link for '#{platform_tag}'.\n#{e}"
|
209
209
|
end
|
210
210
|
|
211
|
+
def update_release_package_symlinks(local_staging_directory, nonfinal = false)
|
212
|
+
local_packages = collect_packages(["#{local_staging_directory}/**/*.rpm", "#{local_staging_directory}/**/*.deb"])
|
213
|
+
local_packages.each do |package|
|
214
|
+
platform_tag = Pkg::Paths.tag_from_artifact_path(package)
|
215
|
+
package_format = Pkg::Platforms.package_format_for_tag(platform_tag)
|
216
|
+
case package_format
|
217
|
+
when 'rpm'
|
218
|
+
remote_base = Pkg::Paths.artifacts_path(platform_tag, Pkg::Paths.remote_repo_base(platform_tag, nonfinal), nonfinal)
|
219
|
+
when 'deb'
|
220
|
+
remote_base = Pkg::Paths.apt_package_base_path(platform_tag, Pkg::Paths.repo_name(nonfinal), Pkg::Config.project, nonfinal)
|
221
|
+
else
|
222
|
+
fail "Unexpected package format #{package_format}, cannot create symlinks."
|
223
|
+
end
|
224
|
+
remote_path = File.join(remote_base, File.basename(package))
|
225
|
+
link_path = Pkg::Paths.release_package_link_path(platform_tag, nonfinal)
|
226
|
+
link_command = <<-CMD
|
227
|
+
if [ ! -e #{remote_path} ]; then
|
228
|
+
echo "Uh oh! #{remote_path} doesn't exist! Can't create symlink."
|
229
|
+
exit 1
|
230
|
+
fi
|
231
|
+
if [ -e #{link_path} ] && [ ! -L #{link_path} ]; then
|
232
|
+
echo "Uh oh! #{link_path} exists but isn't a link, I don't know what to do with this."
|
233
|
+
exit 1
|
234
|
+
fi
|
235
|
+
if [ -L #{link_path} ] && [ ! #{remote_path} -ef #{link_path} ]; then
|
236
|
+
echo "Removing old link from $(readlink #{link_path}) to #{link_path} . . ."
|
237
|
+
rm #{link_path}
|
238
|
+
fi
|
239
|
+
ln -sf #{remote_path} #{link_path}
|
240
|
+
CMD
|
241
|
+
Pkg::Util::Net.remote_ssh_cmd(Pkg::Config.staging_server, link_command)
|
242
|
+
end
|
243
|
+
end
|
244
|
+
|
211
245
|
def test_ship(vm, ship_task)
|
212
246
|
command = 'getent group release || groupadd release'
|
213
247
|
Pkg::Util::Net.remote_ssh_cmd(vm, command)
|
@@ -1 +1 @@
|
|
1
|
-
|
1
|
+
../params.yaml
|
@@ -1 +1 @@
|
|
1
|
-
|
1
|
+
../params.yaml
|
@@ -236,6 +236,46 @@ describe 'Pkg::Paths' do
|
|
236
236
|
end
|
237
237
|
end
|
238
238
|
|
239
|
+
describe '#remote_repo_base' do
|
240
|
+
before :each do
|
241
|
+
allow(Pkg::Config).to receive(:yum_repo_path).and_return('foo')
|
242
|
+
allow(Pkg::Config).to receive(:apt_repo_path).and_return('bar')
|
243
|
+
allow(Pkg::Config).to receive(:nonfinal_yum_repo_path).and_return('foo-nightly')
|
244
|
+
allow(Pkg::Config).to receive(:nonfinal_apt_repo_path).and_return('bar-nightly')
|
245
|
+
end
|
246
|
+
it 'returns yum_repo_path for rpms' do
|
247
|
+
expect(Pkg::Paths.remote_repo_base('el-7-x86_64')).to eq('foo')
|
248
|
+
end
|
249
|
+
it 'returns apt_repo_path for debs' do
|
250
|
+
expect(Pkg::Paths.remote_repo_base('ubuntu-18.04-amd64')).to eq('bar')
|
251
|
+
end
|
252
|
+
it 'returns nonfinal_yum_repo_path for nonfinal rpms' do
|
253
|
+
expect(Pkg::Paths.remote_repo_base('fedora-29-x86_64', true)).to eq('foo-nightly')
|
254
|
+
end
|
255
|
+
it 'returns nonfinal_apt_repo_path for nonfinal debs' do
|
256
|
+
expect(Pkg::Paths.remote_repo_base('debian-9-amd64', true)).to eq('bar-nightly')
|
257
|
+
end
|
258
|
+
it 'fails for all other package formats' do
|
259
|
+
expect { Pkg::Paths.remote_repo_base('osx-10.14-x86_64') }.to raise_error(/Can't determine remote repo base path/)
|
260
|
+
end
|
261
|
+
end
|
262
|
+
|
263
|
+
describe '#apt_package_base_path' do
|
264
|
+
it 'fails for non-debian platforms' do
|
265
|
+
expect { Pkg::Paths.apt_package_base_path('el-7-x86_64', 'puppet6', 'puppet-agent') }.to raise_error(/Can't determine path for non-debian platform/)
|
266
|
+
end
|
267
|
+
it 'returns the approprate apt repo path' do
|
268
|
+
allow(Pkg::Paths).to receive(:remote_repo_base).and_return('/opt/repository/apt')
|
269
|
+
expect(Pkg::Paths.apt_package_base_path('ubuntu-18.04-amd64', 'puppet6', 'puppet-agent')).to eq('/opt/repository/apt/pool/bionic/puppet6/p/puppet-agent')
|
270
|
+
expect(Pkg::Paths.apt_package_base_path('debian-9-amd64', 'puppet6', 'razor-server')).to eq('/opt/repository/apt/pool/stretch/puppet6/r/razor-server')
|
271
|
+
end
|
272
|
+
it 'returns the appropriate nonfinal repo path' do
|
273
|
+
allow(Pkg::Paths).to receive(:remote_repo_base).and_return('/opt/repository-nightlies/apt')
|
274
|
+
expect(Pkg::Paths.apt_package_base_path('ubuntu-18.04-amd64', 'puppet6-nightly', 'puppet-agent', true)).to eq('/opt/repository-nightlies/apt/pool/bionic/puppet6-nightly/p/puppet-agent')
|
275
|
+
expect(Pkg::Paths.apt_package_base_path('debian-9-amd64', 'puppet6-nightly', 'razor-server', true)).to eq('/opt/repository-nightlies/apt/pool/stretch/puppet6-nightly/r/razor-server')
|
276
|
+
end
|
277
|
+
end
|
278
|
+
|
239
279
|
describe '#release_package_link_path' do
|
240
280
|
repo_name = 'puppet6'
|
241
281
|
nonfinal_repo_name = 'puppet6-nightly'
|
data/tasks/jenkins.rake
CHANGED
@@ -298,6 +298,24 @@ namespace :pl do
|
|
298
298
|
Rake::Task['pl:remote:deploy_to_rsync_server'].invoke
|
299
299
|
end
|
300
300
|
|
301
|
+
task :stage_release_packages => "pl:fetch" do
|
302
|
+
Rake::Task['pl:jenkins:uber_ship_lite'].invoke
|
303
|
+
# Deb packages only appear in the freight directory until repo updates.
|
304
|
+
# We must run that before creating symlinks so we can link from packages
|
305
|
+
# in the apt repository.
|
306
|
+
Rake::Task['pl:remote:update_apt_repo'].invoke
|
307
|
+
Pkg::Util::Ship.update_release_package_symlinks('pkg')
|
308
|
+
end
|
309
|
+
|
310
|
+
task :stage_nightly_release_packages => "pl:fetch" do
|
311
|
+
Rake::Task['pl:jenkins:stage_nightlies'].invoke
|
312
|
+
# Deb packages only appear in the freight directory until repo updates.
|
313
|
+
# We must run that before creating symlinks so we can link from packages
|
314
|
+
# in the apt repository.
|
315
|
+
Rake::Task['pl:remote:update_nightlies_apt_repo'].invoke
|
316
|
+
Pkg::Util::Ship.update_release_package_symlinks('pkg', true)
|
317
|
+
end
|
318
|
+
|
301
319
|
desc "Retrieve packages built by jenkins, sign, and ship all!"
|
302
320
|
task :uber_ship => "pl:fetch" do
|
303
321
|
uber_tasks = %w(
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: packaging
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.99.
|
4
|
+
version: 0.99.29
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Puppet Labs
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-04-
|
11
|
+
date: 2019-04-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rspec
|
@@ -223,8 +223,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
223
223
|
- !ruby/object:Gem::Version
|
224
224
|
version: '0'
|
225
225
|
requirements: []
|
226
|
-
|
227
|
-
rubygems_version: 2.7.6
|
226
|
+
rubygems_version: 3.0.3
|
228
227
|
signing_key:
|
229
228
|
specification_version: 4
|
230
229
|
summary: Puppet Labs' packaging automation
|