right_publish 0.2.0 → 0.2.1

data/README.rdoc

@@ -14,7 +14,9 @@ repositories.
 == Interface
 
 RightPublish is used as a command line tool and controlled via command line options
-and a YAML configuration file known as a RightPublish <i>profile</i>.
+and a YAML configuration file known as a RightPublish <i>profile</i>. It expects
+createrepo to be installed on yum based distros and reprepro to be installed on
+debian distros. It expects the "expect" package to be installed on all distros.
 
 === Profile Format
 

data/VERSION

@@ -1 +1 @@
-0.2.0
+0.2.1

data/bin/autosign.expect

@@ -0,0 +1,43 @@
+#!/usr/bin/expect --
+
+set pass $env(GPG_PASSWORD)
+
+set badpass 0
+set timeout 5
+set count 5;
+eval spawn $argv
+# Apt asks for your passphrase twice, hence the loop
+while {$count > 0 } {
+  expect {
+    "phrase:" {
+      send "$pass\r"
+    }
+    "Bad passphrase" {
+      # CentOS/RHEL case
+      set badpass 1
+    }
+    "again:" {
+      # Ubuntu case, it reprompts. Keep sending till it runs out of retries
+      # else we'll corrupt the db when we exit easrly
+      send "$pass\r"
+      set badpass 1
+    }
+    eof {
+      if {$badpass == 1} {
+        puts "Failure! Bad Passphrase!"
+        exit 1
+      } else {
+        puts "Success!"
+        exit 0
+      }
+    }
+    timeout {
+      puts "\nTimeout failure. For Apt, repo DB may be locked/corrupted and need to be refetch manually"
+      exit 1
+    }
+  }
+  set count [expr $count-1];
+}
+
+puts "Failed to sign package after 5 attempts"
+exit 1

data/lib/right_publish/repo.rb

@@ -1,7 +1,5 @@
 require 'right_publish/profile'
 require 'right_publish/storage'
-require 'pty'
-require 'expect'
 
 module RightPublish
 
@@ -105,23 +103,16 @@ module RightPublish
     # For automation, we want to send the password, however gpg uses getpass 
     # c function, which interacts directly with /dev/pty instead of stdin/stdout 
     # to hide the password as its typed in.  So, we need to allocate a pty.
+    # We do this by shelling out to expect script (tcl based).  Ruby 1.8
+    # implementation of "expect" is broken and has some race conditions with
+    # waiting for a child processes to exist, so don't use that.
     def shellout_with_password(cmd)
       password = repo_config[:gpg_password]
       raise Exception, ":gpg_password must be supplied when signing packages" unless password
-
-      begin
-        PTY.spawn(cmd) do |stdin,stdout,pid|
-          while output = stdin.expect(/pass.?phrase/i, 2)
-            stdout.puts(password)
-            Profile.log(output, :debug)
-          end
-          Process.wait(pid)
-        end
-        status = $?
-      rescue PTY::ChildExited => e
-        status = e.status
-      end
-      return status.success?
+      ENV['GPG_PASSWORD'] = password 
+      bin_dir = File.expand_path("../../../bin", __FILE__)
+      autosign = File.join(bin_dir, "autosign.expect")
+      system("#{autosign} #{cmd}")
     end
 
     def get_storage(provider)

data/lib/right_publish/repos/apt.rb

@@ -8,12 +8,12 @@ module RightPublish
     REPO_KEY = :apt_repo
 
     REPO_OPTIONS = {
-      :dists=>:addr_optional, 
+      :dists => :addr_optional, 
       :description => DEFAULT_DESCRIPTION, 
-      :auto=>DEFAULT_APT_AUTO, 
-      :subdir=>DEFAULT_APT_DIR, 
-      :gpg_key_id       => :attr_optional,
-      :gpg_password     => :attr_optional }
+      :auto => DEFAULT_APT_AUTO, 
+      :subdir => DEFAULT_APT_DIR, 
+      :gpg_key_id => :attr_optional,
+      :gpg_password => :attr_optional }
 
     BIN_EXTENSION = 'deb'
     SRC_EXTENSION = 'dsc'
@@ -87,7 +87,7 @@ module RightPublish
       targets.each do |t|
         sub_command = (pkg.end_with?(BIN_EXTENSION) && 'includedeb') || 'includedsc'
         ask_passphrase = (repo_config[:gpg_key_id]) ? "--ask-passphrase " : ""
-        cmd = "reprepro #{ask_passphrase}-C main -b #{repo_path} #{sub_command} #{t} #{pkg} 2>&1 >/dev/null"
+        cmd = "reprepro #{ask_passphrase}-C main -b #{repo_path} #{sub_command} #{t} #{pkg}"
         if repo_config[:gpg_key_id]
           exited = shellout_with_password(cmd)
         else
@@ -106,7 +106,7 @@ module RightPublish
       targets = (target && Array(target)) || repo_config[:dists]
       targets.each do |t|
         ask_passphrase = (repo_config[:gpg_key_id]) ? "--ask-passphrase" : ""
-        cmd = "reprepro #{ask_passphrase} -b #{repo_path} #{sub_command} #{t} #{pkg_name} 2>&1 >/dev/null"
+        cmd = "reprepro #{ask_passphrase} -b #{repo_path} #{sub_command} #{t} #{pkg_name}"
         if repo_config[:gpg_key_id]
           exited = shellout_with_password(cmd)
         else

data/lib/right_publish/repos/yum.rb

@@ -71,7 +71,7 @@ module RightPublish
       if repo_config[:gpg_key_id]
         do_in_subdir('') do
 
-          cmd = "rpm --define '%_gpg_name #{repo_config[:gpg_key_id]}' --addsign #{pkgs.join(' ')} 2>&1 >/dev/null"
+          cmd = "rpm --define '%_gpg_name #{repo_config[:gpg_key_id]}' --addsign #{pkgs.join(' ')}"
           exited = shellout_with_password(cmd)
 
           raise Exception, "rpm signing failed; cannot continue publishing" unless exited
@@ -148,6 +148,14 @@ module RightPublish
       do_in_subdir(repo_path) do
         exit_val = system('createrepo --update -o $(pwd) $(pwd) 2>&1 >/dev/null')
         raise Exception, "yum regen_metadata failed; cannot continue publishing" unless exit_val
+
+        if repo_config[:gpg_key_id]
+          File.unlink("repodata/repomd.xml.asc") if File.exists?("repodata/repomd.xml.asc")
+          exit_val = system("gpg -a --batch --passphrase '#{repo_config[:gpg_password]}' --detach-sign repodata/repomd.xml")
+          raise Exception, "signing of repodata.xml failed; cannot continue publishing" unless exit_val
+          exit_val = system("gpg -a --export '#{repo_config[:gpg_key_id]}' > repodata/repomd.xml.key")
+          raise Exception, "exporting gpg public key failed; cannot continue publishing" unless exit_val
+        end
       end
     end
 

data/right_publish.gemspec

@@ -4,16 +4,15 @@
 # -*- encoding: utf-8 -*-
 
 Gem::Specification.new do |s|
-  s.name = %q{right_publish}
-  s.version = "0.2.0"
+  s.name = "right_publish"
+  s.version = "0.2.1"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Brian Szmyd", "Tony Spataro"]
-  s.date = %q{2013-07-03}
-  s.default_executable = %q{right_publish}
-  s.description = %q{A tool for maintaining S3-based DEB, GEM and RPM packages.}
-  s.email = %q{support@rightscale.com}
-  s.executables = ["right_publish"]
+  s.date = "2013-07-24"
+  s.description = "A tool for maintaining S3-based DEB, GEM and RPM packages."
+  s.email = "support@rightscale.com"
+  s.executables = ["autosign.expect", "right_publish"]
   s.extra_rdoc_files = [
     "README.rdoc"
   ]
@@ -24,6 +23,7 @@ Gem::Specification.new do |s|
     "README.rdoc",
     "Rakefile",
     "VERSION",
+    "bin/autosign.expect",
     "bin/right_publish",
     "lib/right_publish.rb",
     "lib/right_publish/profile.rb",
@@ -46,14 +46,13 @@ Gem::Specification.new do |s|
     "spec/stores/local_spec.rb",
     "spec/stores/s3_spec.rb"
   ]
-  s.homepage = %q{https://github.com/rightscale/right_publish}
+  s.homepage = "https://github.com/rightscale/right_publish"
   s.licenses = ["Proprietary"]
   s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.3.7}
-  s.summary = %q{Package publishing and indexing tool}
+  s.rubygems_version = "1.8.15"
+  s.summary = "Package publishing and indexing tool"
 
   if s.respond_to? :specification_version then
-    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
     s.specification_version = 3
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then

data/spec/repos/apt_spec.rb

@@ -47,7 +47,7 @@ describe RightPublish::AptRepo do
 
           system_calls = (pkgs.size * expected_dists.size) * 2
           @repo.should_receive(@system_func).times(system_calls).and_return do |cmd|
-            path, subcmd, distro, pkg = /reprepro\s+(?:--ask-passphrase )?(?:-C main )?-b\s+(.+)\s+(includedeb|includedsc|removesrc|remove)\s+([^\s]+)\s+([^\s]+)\s+2>&1 >\/dev\/null\Z/.match(cmd).captures
+            path, subcmd, distro, pkg = /reprepro\s+(?:--ask-passphrase )?(?:-C main )?-b\s+(.+)\s+(includedeb|includedsc|removesrc|remove)\s+([^\s]+)\s+([^\s]+)/.match(cmd).captures
             path.should be_eql(File.join(@cache_dir,@repo_subdir))
 
             if @remove_expectations.has_key?(distro) && @remove_expectations[distro].include?(pkg)

data/spec/repos/yum_spec.rb

@@ -67,6 +67,7 @@ describe RightPublish::YumRepo do
             @install_expectations.delete(dir) if @install_expectations[dir].empty?
           end
           system_calls = @install_expectations.size
+          system_calls *= 3 if @profile.config[:yum_repo][:gpg_key_id]
           system_sign_calls = (@profile.config[:yum_repo][:gpg_key_id]) ? 1 : 0
           @repo.should_receive(:system).times(system_calls).and_return(0)
           @repo.should_receive(:shellout_with_password).times(system_sign_calls).and_return(0)
@@ -205,6 +206,7 @@ describe RightPublish::YumRepo do
             @install_expectations.delete(pkg)
           end
           system_calls = 1
+          system_calls *= 3 if @profile.config[:yum_repo][:gpg_key_id]
           system_sign_calls = (@profile.config[:yum_repo][:gpg_key_id]) ?  1 : 0
           @repo.should_receive(:system).times(system_calls).and_return(0)
           @repo.should_receive(:shellout_with_password).times(system_sign_calls).and_return(0)

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: right_publish
 version: !ruby/object:Gem::Version 
-  hash: 23
-  prerelease: false
+  hash: 21
+  prerelease: 
   segments: 
   - 0
   - 2
-  - 0
-  version: 0.2.0
+  - 1
+  version: 0.2.1
 platform: ruby
 authors: 
 - Brian Szmyd
@@ -16,8 +16,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2013-07-03 00:00:00 -07:00
-default_executable: right_publish
+date: 2013-07-24 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   version_requirements: &id001 !ruby/object:Gem::Requirement 
@@ -29,10 +28,10 @@ dependencies:
         segments: 
         - 0
         version: "0"
-  requirement: *id001
   type: :runtime
-  name: builder
+  requirement: *id001
   prerelease: false
+  name: builder
 - !ruby/object:Gem::Dependency 
   version_requirements: &id002 !ruby/object:Gem::Requirement 
     none: false
@@ -44,10 +43,10 @@ dependencies:
         - 1
         - 9
         version: "1.9"
-  requirement: *id002
   type: :runtime
-  name: fog
+  requirement: *id002
   prerelease: false
+  name: fog
 - !ruby/object:Gem::Dependency 
   version_requirements: &id003 !ruby/object:Gem::Requirement 
     none: false
@@ -59,10 +58,10 @@ dependencies:
         - 2
         - 0
         version: "2.0"
-  requirement: *id003
   type: :runtime
-  name: trollop
+  requirement: *id003
   prerelease: false
+  name: trollop
 - !ruby/object:Gem::Dependency 
   version_requirements: &id004 !ruby/object:Gem::Requirement 
     none: false
@@ -74,10 +73,10 @@ dependencies:
         - 0
         - 9
         version: "0.9"
-  requirement: *id004
   type: :development
-  name: rake
+  requirement: *id004
   prerelease: false
+  name: rake
 - !ruby/object:Gem::Dependency 
   version_requirements: &id005 !ruby/object:Gem::Requirement 
     none: false
@@ -90,10 +89,10 @@ dependencies:
         - 8
         - 3
         version: 1.8.3
-  requirement: *id005
   type: :development
-  name: jeweler
+  requirement: *id005
   prerelease: false
+  name: jeweler
 - !ruby/object:Gem::Dependency 
   version_requirements: &id006 !ruby/object:Gem::Requirement 
     none: false
@@ -105,10 +104,10 @@ dependencies:
         - 1
         - 0
         version: "1.0"
-  requirement: *id006
   type: :development
-  name: right_develop
+  requirement: *id006
   prerelease: false
+  name: right_develop
 - !ruby/object:Gem::Dependency 
   version_requirements: &id007 !ruby/object:Gem::Requirement 
     none: false
@@ -121,10 +120,10 @@ dependencies:
         - 4
         - 2
         version: 2.4.2
-  requirement: *id007
   type: :development
-  name: rdoc
+  requirement: *id007
   prerelease: false
+  name: rdoc
 - !ruby/object:Gem::Dependency 
   version_requirements: &id008 !ruby/object:Gem::Requirement 
     none: false
@@ -136,10 +135,10 @@ dependencies:
         - 2
         - 0
         version: "2.0"
-  requirement: *id008
   type: :development
-  name: rspec
+  requirement: *id008
   prerelease: false
+  name: rspec
 - !ruby/object:Gem::Dependency 
   version_requirements: &id009 !ruby/object:Gem::Requirement 
     none: false
@@ -151,10 +150,10 @@ dependencies:
         - 0
         - 9
         version: "0.9"
-  requirement: *id009
   type: :development
-  name: flexmock
+  requirement: *id009
   prerelease: false
+  name: flexmock
 - !ruby/object:Gem::Dependency 
   version_requirements: &id010 !ruby/object:Gem::Requirement 
     none: false
@@ -165,10 +164,10 @@ dependencies:
         segments: 
         - 0
         version: "0"
-  requirement: *id010
   type: :development
-  name: simplecov
+  requirement: *id010
   prerelease: false
+  name: simplecov
 - !ruby/object:Gem::Dependency 
   version_requirements: &id011 !ruby/object:Gem::Requirement 
     none: false
@@ -180,10 +179,10 @@ dependencies:
         - 0
         - 10
         version: "0.10"
-  requirement: *id011
   type: :development
-  name: ruby-debug
+  requirement: *id011
   prerelease: false
+  name: ruby-debug
 - !ruby/object:Gem::Dependency 
   version_requirements: &id012 !ruby/object:Gem::Requirement 
     none: false
@@ -196,13 +195,14 @@ dependencies:
         - 11
         - 6
         version: 0.11.6
-  requirement: *id012
   type: :development
-  name: ruby-debug19
+  requirement: *id012
   prerelease: false
+  name: ruby-debug19
 description: A tool for maintaining S3-based DEB, GEM and RPM packages.
 email: support@rightscale.com
 executables: 
+- autosign.expect
 - right_publish
 extensions: []
 
@@ -215,6 +215,7 @@ files:
 - README.rdoc
 - Rakefile
 - VERSION
+- bin/autosign.expect
 - bin/right_publish
 - lib/right_publish.rb
 - lib/right_publish/profile.rb
@@ -236,7 +237,6 @@ files:
 - spec/storage_spec.rb
 - spec/stores/local_spec.rb
 - spec/stores/s3_spec.rb
-has_rdoc: true
 homepage: https://github.com/rightscale/right_publish
 licenses: 
 - Proprietary
@@ -266,7 +266,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.3.7
+rubygems_version: 1.8.15
 signing_key: 
 specification_version: 3
 summary: Package publishing and indexing tool