simp-rake-helpers 5.11.2 → 5.12.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +43 -0
- data/CONTRIBUTING.md +1 -1
- data/Gemfile +5 -1
- data/README.md +1 -1
- data/lib/simp/command_utils.rb +21 -0
- data/lib/simp/componentinfo.rb +17 -0
- data/lib/simp/local_gpg_signing_key.rb +184 -81
- data/lib/simp/rake.rb +3 -10
- data/lib/simp/rake/build/build.rb +43 -27
- data/lib/simp/rake/build/constants.rb +5 -1
- data/lib/simp/rake/build/pkg.rb +167 -51
- data/lib/simp/rake/build/tar.rb +1 -1
- data/lib/simp/rake/helpers/version.rb +1 -1
- data/lib/simp/rake/pkg.rb +5 -1
- data/lib/simp/rake/pupmod/helpers.rb +2 -0
- data/lib/simp/rake/rubygem.rb +5 -1
- data/lib/simp/relchecks.rb +1 -1
- data/lib/simp/rpm.rb +13 -125
- data/lib/simp/rpm_signer.rb +321 -0
- data/spec/acceptance/00_pkg_rpm_custom_scriptlets_spec.rb +18 -19
- data/spec/acceptance/10_pkg_rpm_spec.rb +46 -48
- data/spec/acceptance/50_local_gpg_signing_key_spec.rb +7 -3
- data/spec/acceptance/55_build_pkg_signing_spec.rb +293 -42
- data/spec/acceptance/files/testpackage/README +8 -0
- data/spec/acceptance/files/testpackage/spec/classes/init_spec.rb +1 -0
- data/spec/acceptance/files/testpackage/spec/files/mock_something.rb +3 -0
- data/spec/acceptance/files/testpackage/utils/convert_v1_to_v2.rb +3 -0
- data/spec/acceptance/nodesets/default.yml +34 -109
- data/spec/acceptance/support/build_project_helpers.rb +32 -8
- data/spec/lib/simp/ci/gitlab_spec.rb +12 -13
- data/spec/lib/simp/command_utils_spec.rb +29 -0
- data/spec/lib/simp/componentinfo_spec.rb +10 -4
- data/spec/lib/simp/local_gpg_signing_key_spec.rb.beaker-only +115 -18
- data/spec/lib/simp/rake/build/helpers_spec.rb +3 -0
- data/spec/lib/simp/rake/build/rpmdeps_spec.rb +1 -2
- data/spec/lib/simp/rake/pupmod/fixtures/othermod/Gemfile +1 -10
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/README.md +2 -2
- data/spec/lib/simp/rake_spec.rb +2 -1
- data/spec/lib/simp/relchecks_check_rpm_changelog_spec.rb +20 -10
- data/spec/lib/simp/relchecks_compare_latest_tag_spec.rb +18 -18
- data/spec/lib/simp/rpm_signer_spec.rb +98 -0
- data/spec/lib/simp/rpm_spec.rb +1 -7
- data/spec/spec_helper.rb +1 -1
- data/spec/spec_helper_acceptance.rb +16 -3
- metadata +13 -69
- data/.travis.yml +0 -60
- data/spec/acceptance/20_pkg_rpm_upgrade_spec.rb +0 -236
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/CHANGELOG +0 -2
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/Rakefile +0 -3
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/build/rpm_metadata/custom/overrides +0 -14
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/build/rpm_metadata/requires +0 -1
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/metadata.json +0 -33
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/CHANGELOG +0 -2
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/Rakefile +0 -3
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/build/rpm_metadata/custom/overrides +0 -14
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/build/rpm_metadata/requires +0 -1
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/metadata.json +0 -33
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-1.0/CHANGELOG +0 -2
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-1.0/Rakefile +0 -3
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-1.0/build/rpm_metadata/requires +0 -1
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-1.0/metadata.json +0 -33
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.0/CHANGELOG +0 -2
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.0/Rakefile +0 -3
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.0/build/rpm_metadata/requires +0 -1
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.0/metadata.json +0 -33
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/CHANGELOG +0 -2
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/Rakefile +0 -3
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/build/rpm_metadata/custom/overrides +0 -14
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/build/rpm_metadata/requires +0 -1
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/metadata.json +0 -33
- data/spec/acceptance/files/mock_packages/pupmod-puppetlabs-stdlib.spec +0 -32
- data/spec/acceptance/files/mock_packages/pupmod-simp-foo.spec +0 -32
- data/spec/acceptance/files/mock_packages/pupmod-simp-simplib.spec +0 -32
- data/spec/acceptance/files/mock_packages/rpmbuild.sh +0 -25
- data/spec/acceptance/files/mock_packages/simp-adapter.spec +0 -43
- data/spec/acceptance/files/mock_packages/simp-adapter/etc/simp/adapter_config.yaml +0 -3
- data/spec/acceptance/files/mock_packages/simp-adapter/usr/local/sbin/simp_rpm_helper +0 -495
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/CHANGELOG +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/Rakefile +0 -3
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/build/rpm_metadata/requires +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/data/os/CentOS.yaml +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/data/os/RedHat.yaml +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/hiera.yaml +0 -14
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/manifests/init.pp +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/metadata.json +0 -37
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/CHANGELOG +0 -5
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/Rakefile +0 -3
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/build/rpm_metadata/requires +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/data/os/CentOS.yaml +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/data/os/RedHat.yaml +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/hiera.yaml +0 -14
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/manifests/init.pp +0 -3
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/metadata.json +0 -37
- data/spec/lib/simp/ci/files/job_broken_link_nodeset/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/job_invalid_nodeset/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/job_invalid_suite/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/job_missing_nodeset/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/job_missing_suite_and_nodeset/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/multiple_invalid_jobs/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/multiple_valid_jobs/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/no_gitlab_config_with_tests/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/no_gitlab_config_without_tests/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/suite_skeleton_only/spec/acceptance/nodesets/default.yml +0 -1
- data/spec/lib/simp/ci/files/suite_skeleton_only/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/valid_job_nodeset_dir_link/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/valid_job_nodeset_link/spec/acceptance/suites/default/nodesets/default.yml +0 -1
- data/spec/lib/simp/files/build/testpackage.spec +0 -1
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/spec/acceptance/nodesets/default.yml +0 -1
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/spec/acceptance/suites/default/nodesets +0 -1
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
The following scripts with problematic shebangs have their execute bits set in
|
|
2
|
+
order to trigger the brp-mangle-shebangs script during an RPM build in EL8:
|
|
3
|
+
|
|
4
|
+
* spec/classes/init_spec.rb: #!/usr/bin/env rspec => #!/usr/bin/rspec
|
|
5
|
+
* spec/files/mock_something.rb: #!/usr/bin/env ruby => #!/usr/bin/ruby
|
|
6
|
+
* utils/convert_v1_to_v2.rb: #!/usr/bin/env ruby => #!/usr/bin/ruby
|
|
7
|
+
|
|
8
|
+
*** Do not change their execute bits in Git! ***
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
#!/usr/bin/env rspec
|
|
@@ -1,121 +1,21 @@
|
|
|
1
1
|
HOSTS:
|
|
2
|
-
|
|
2
|
+
el7-build-server:
|
|
3
3
|
roles:
|
|
4
4
|
- default
|
|
5
|
-
- master
|
|
6
|
-
- agent
|
|
7
5
|
- build_server
|
|
8
|
-
platform: el-
|
|
6
|
+
platform: el-7-x86_64
|
|
9
7
|
hypervisor: docker
|
|
10
|
-
image:
|
|
11
|
-
|
|
12
|
-
- 'yum install -y epel-release'
|
|
13
|
-
- "echo 'Defaults:build_user !requiretty' >> /etc/sudoers"
|
|
14
|
-
- "echo 'build_user ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers"
|
|
15
|
-
- 'useradd -b /home -m -c "Build User" -s /bin/bash -U build_user'
|
|
16
|
-
- 'yum install -y facter rubygem-json'
|
|
17
|
-
# simp build-deps
|
|
18
|
-
- 'yum install -y rpm-build augeas-devel createrepo genisoimage git gnupg2 libicu-devel libxml2 libxml2-devel libxslt libxslt-devel rpmdevtools which'
|
|
19
|
-
# rvm build-deps
|
|
20
|
-
- 'yum install -y libyaml-devel glibc-headers autoconf gcc-c++ glibc-devel readline-devel libffi-devel openssl-devel automake libtool bison sqlite-devel'
|
|
21
|
-
|
|
22
|
-
#
|
|
23
|
-
# Do our best to get one of the keys from at one of the servers, and to
|
|
24
|
-
# trust the right ones if the GPG keyservers return bad keys
|
|
25
|
-
#
|
|
26
|
-
# These are the keys we want:
|
|
27
|
-
#
|
|
28
|
-
# 409B6B1796C275462A1703113804BB82D39DC0E3 # mpapis@gmail.com
|
|
29
|
-
# 7D2BAF1CF37B13E2069D6956105BD0E739499BDB # piotr.kuczynski@gmail.com
|
|
30
|
-
#
|
|
31
|
-
# See:
|
|
32
|
-
# - https://rvm.io/rvm/security
|
|
33
|
-
# - https://github.com/rvm/rvm/blob/master/docs/gpg.md
|
|
34
|
-
# - https://github.com/rvm/rvm/issues/4449
|
|
35
|
-
# - https://github.com/rvm/rvm/issues/4250
|
|
36
|
-
# - https://seclists.org/oss-sec/2018/q3/174
|
|
37
|
-
#
|
|
38
|
-
# NOTE (mostly to self): In addition to RVM's documented procedures,
|
|
39
|
-
# importing from https://keybase.io/mpapis may be a practical
|
|
40
|
-
# alternative for 409B6B1796C275462A1703113804BB82D39DC0E3:
|
|
41
|
-
#
|
|
42
|
-
# curl https://keybase.io/mpapis/pgp_keys.asc | gpg2 --import
|
|
43
|
-
#
|
|
44
|
-
- 'runuser build_user -l -c "for i in {1..5}; do { gpg2 --keyserver hkp://pool.sks-keyservers.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 || gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3; } && break || sleep 1; done"'
|
|
45
|
-
- 'runuser build_user -l -c "for i in {1..5}; do { gpg2 --keyserver hkp://pool.sks-keyservers.net --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB || gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB; } && break || sleep 1; done"'
|
|
46
|
-
# - 'runuser build_user -l -c "gpg2 --refresh-keys"'
|
|
47
|
-
- 'runuser build_user -l -c "curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer -o rvm-installer && curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer.asc -o rvm-installer.asc && gpg2 --verify rvm-installer.asc rvm-installer && bash rvm-installer"'
|
|
48
|
-
- 'runuser build_user -l -c "rvm install 2.4"'
|
|
49
|
-
- 'runuser build_user -l -c "rvm use --default 2.4"'
|
|
50
|
-
- 'runuser build_user -l -c "rvm all do gem install bundler"'
|
|
51
|
-
mount_folders:
|
|
52
|
-
folder1:
|
|
53
|
-
host_path: ./
|
|
54
|
-
container_path: /host_files
|
|
55
|
-
docker_preserve_image: true
|
|
8
|
+
image: simpproject/simp_build_centos7
|
|
9
|
+
docker_cmd: '/usr/sbin/sshd -D -E /var/log/sshd.log'
|
|
56
10
|
|
|
57
|
-
|
|
11
|
+
el8-build-server:
|
|
58
12
|
roles:
|
|
59
13
|
- build_server
|
|
60
|
-
platform: el-
|
|
14
|
+
platform: el-8-x86_64
|
|
61
15
|
hypervisor: docker
|
|
62
|
-
image:
|
|
63
|
-
docker_cmd: '/sbin/
|
|
64
|
-
docker_image_commands:
|
|
65
|
-
- 'yum install -y epel-release'
|
|
66
|
-
- 'ln -sf /bin/true /usr/bin/systemctl'
|
|
67
|
-
# Work around regression in beaker-docker
|
|
68
|
-
# https://github.com/puppetlabs/beaker-docker/pull/15/files
|
|
69
|
-
- 'yum install -y sudo openssh-server openssh-clients'
|
|
70
|
-
- "sed -ri 's/^#?PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config"
|
|
71
|
-
- "sed -ri 's/^#?PasswordAuthentication .*/PasswordAuthentication yes/' /etc/ssh/sshd_config"
|
|
72
|
-
- "sed -ri 's/^#?UseDNS .*/UseDNS no/' /etc/ssh/sshd_config"
|
|
73
|
-
- "echo 'Defaults:build_user !requiretty' >> /etc/sudoers"
|
|
74
|
-
- "echo 'build_user ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers"
|
|
75
|
-
- 'useradd -b /home -m -c "Build User" -s /bin/bash -U build_user'
|
|
76
|
-
- 'yum install -y facter rubygem-json'
|
|
77
|
-
# simp build-deps
|
|
78
|
-
- 'yum install -y rpm-build augeas-devel createrepo genisoimage git gnupg2 libicu-devel libxml2 libxml2-devel libxslt libxslt-devel rpmdevtools clamav-update which'
|
|
79
|
-
|
|
80
|
-
# rvm build-deps
|
|
81
|
-
#
|
|
82
|
-
# Do our best to get one of the keys from at one of the servers, and to
|
|
83
|
-
# trust the right ones if the GPG keyservers return bad keys
|
|
84
|
-
#
|
|
85
|
-
# These are the keys we want:
|
|
86
|
-
#
|
|
87
|
-
# 409B6B1796C275462A1703113804BB82D39DC0E3 # mpapis@gmail.com
|
|
88
|
-
# 7D2BAF1CF37B13E2069D6956105BD0E739499BDB # piotr.kuczynski@gmail.com
|
|
89
|
-
#
|
|
90
|
-
# See:
|
|
91
|
-
# - https://rvm.io/rvm/security
|
|
92
|
-
# - https://github.com/rvm/rvm/blob/master/docs/gpg.md
|
|
93
|
-
# - https://github.com/rvm/rvm/issues/4449
|
|
94
|
-
# - https://github.com/rvm/rvm/issues/4250
|
|
95
|
-
# - https://seclists.org/oss-sec/2018/q3/174
|
|
96
|
-
#
|
|
97
|
-
# NOTE (mostly to self): In addition to RVM's documented procedures,
|
|
98
|
-
# importing from https://keybase.io/mpapis may be a practical
|
|
99
|
-
# alternative for 409B6B1796C275462A1703113804BB82D39DC0E3:
|
|
100
|
-
#
|
|
101
|
-
# curl https://keybase.io/mpapis/pgp_keys.asc | gpg2 --import
|
|
102
|
-
#
|
|
103
|
-
- 'runuser build_user -l -c "for i in {1..5}; do { gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3; } && { gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB; } && break || sleep 1; done"'
|
|
104
|
-
- 'runuser build_user -l -c "gpg2 --refresh-keys"'
|
|
105
|
-
- 'runuser build_user -l -c "curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer -o rvm-installer && curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer.asc -o rvm-installer.asc && gpg2 --verify rvm-installer.asc rvm-installer && bash rvm-installer"'
|
|
106
|
-
- 'runuser build_user -l -c "rvm install 2.4"'
|
|
107
|
-
- 'runuser build_user -l -c "rvm use --default 2.4"'
|
|
108
|
-
- 'runuser build_user -l -c "rvm all do gem install bundler"'
|
|
109
|
-
- 'yum install -y rpm-sign'
|
|
110
|
-
mount_folders:
|
|
111
|
-
folder1:
|
|
112
|
-
host_path: ./
|
|
113
|
-
container_path: /host_files
|
|
16
|
+
image: simpproject/simp_build_centos8
|
|
17
|
+
docker_cmd: '["/sbin/init"]'
|
|
114
18
|
docker_preserve_image: true
|
|
115
|
-
ssh:
|
|
116
|
-
password: root
|
|
117
|
-
auth_methods:
|
|
118
|
-
- password
|
|
119
19
|
|
|
120
20
|
CONFIG:
|
|
121
21
|
log_level: verbose
|
|
@@ -123,5 +23,30 @@ CONFIG:
|
|
|
123
23
|
<% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
|
|
124
24
|
puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
|
|
125
25
|
<% else -%>
|
|
126
|
-
puppet_collection:
|
|
26
|
+
puppet_collection: puppet6
|
|
127
27
|
<% end -%>
|
|
28
|
+
ssh:
|
|
29
|
+
password: root
|
|
30
|
+
auth_methods:
|
|
31
|
+
- password
|
|
32
|
+
docker_preserve_image: true
|
|
33
|
+
# This is necessary for pretty much all containers
|
|
34
|
+
docker_cap_add:
|
|
35
|
+
- AUDIT_WRITE
|
|
36
|
+
mount_folders:
|
|
37
|
+
host_files:
|
|
38
|
+
host_path: ./
|
|
39
|
+
container_path: /host_files
|
|
40
|
+
# All items below this point are required for systemd
|
|
41
|
+
cgroup:
|
|
42
|
+
host_path: /sys/fs/cgroup
|
|
43
|
+
container_path: /sys/fs/cgroup
|
|
44
|
+
opts: 'ro'
|
|
45
|
+
dockeropts:
|
|
46
|
+
HostConfig:
|
|
47
|
+
Tmpfs:
|
|
48
|
+
'/run': 'rw,noexec,nosuid,nodev,size=65536k'
|
|
49
|
+
'/run/lock': 'rw,noexec,nosuid,nodev,size=65536k'
|
|
50
|
+
'/tmp': 'rw,exec,nosuid,nodev,size=65536k'
|
|
51
|
+
'/sys/fs/cgroup/systemd': 'rw,size=65536k'
|
|
52
|
+
'/var/log/journal': 'rw,noexec,nodev,nosuid,size=65536k'
|
|
@@ -57,16 +57,40 @@ module Simp::BeakerHelpers::SimpRakeHelpers::BuildProjectHelpers
|
|
|
57
57
|
# Scans a host path for the 'SIMP Development' GPG key and returns its Key ID
|
|
58
58
|
#
|
|
59
59
|
# @param [Host, String, Symbol] host Beaker host
|
|
60
|
-
# @param [
|
|
61
|
-
# @param [String] proj_dir Absolute path to the parent project directory
|
|
60
|
+
# @param [String] key_dir Absolute path to GPG key dir
|
|
62
61
|
# @param [Hash{Symbol=>String}] opts Beaker options Hash for `#on` ({})
|
|
63
62
|
# @return [String] GPG dev signing Key ID
|
|
64
63
|
#
|
|
65
|
-
def dev_signing_key_id(host,
|
|
66
|
-
|
|
67
|
-
res = on(host, %(#{run_cmd} "gpg --
|
|
68
|
-
|
|
69
|
-
raise "No 'SIMP Development' GPG keys found
|
|
70
|
-
|
|
64
|
+
def dev_signing_key_id(host, key_dir, opts = {})
|
|
65
|
+
# NOTE: This search uses a substring match on 'SIMP Development'.
|
|
66
|
+
res = on(host, %(#{run_cmd} "gpg --with-colons --fingerprint --homedir='#{key_dir}' 'SIMP Development'"), opts)
|
|
67
|
+
pub_lines = res.stdout.lines.select { |x| x.start_with?('pub') }
|
|
68
|
+
raise "No 'SIMP Development' GPG keys found in '#{key_dir}'" if pub_lines.empty?
|
|
69
|
+
pub_lines.first.split(':')[4].downcase
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
# Returns true when a gpg-agent daemon using the specified GPG home directory
|
|
73
|
+
# (aka key directory) is running.
|
|
74
|
+
#
|
|
75
|
+
# @param [Host, String, Symbol] host Beaker host
|
|
76
|
+
# @param [String] gpg_homedir Absolute path to GPG home dir
|
|
77
|
+
def gpg_agent_running?(host, gpg_homedir)
|
|
78
|
+
|
|
79
|
+
# This check is being used in tests to verify no gpg-agent for gpg_homedir
|
|
80
|
+
# is running. On slow VMs, the gpg-agent can take some time to shutdown.
|
|
81
|
+
# So wait up to 20 seconds for gpg-agent to shutdown before finalizing
|
|
82
|
+
# gpg-agent status to be reported.
|
|
83
|
+
|
|
84
|
+
retries = 20
|
|
85
|
+
agent_exists = true
|
|
86
|
+
while (agent_exists || (retries > 0))
|
|
87
|
+
result = on(host, "pgrep -c -f 'gpg-agent.*homedir.*#{gpg_homedir}'", :accept_all_exit_codes => true)
|
|
88
|
+
agent_exists = (result.stdout.strip != '0')
|
|
89
|
+
break unless agent_exists
|
|
90
|
+
sleep 1
|
|
91
|
+
retries -= 1
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
agent_exists
|
|
71
95
|
end
|
|
72
96
|
end
|
|
@@ -35,8 +35,7 @@ describe Simp::Ci::Gitlab do
|
|
|
35
35
|
describe '#validate_config' do
|
|
36
36
|
it 'succeeds when no .gitlab-ci.yml file exists and no tests exist' do
|
|
37
37
|
proj_dir = File.join(files_dir, 'no_gitlab_config_without_tests')
|
|
38
|
-
expect{ Simp::Ci::Gitlab.new(proj_dir).validate_config }.
|
|
39
|
-
to_not raise_error
|
|
38
|
+
expect{ Simp::Ci::Gitlab.new(proj_dir).validate_config }.to_not raise_error
|
|
40
39
|
end
|
|
41
40
|
|
|
42
41
|
it 'succeeds but warns when no .gitlab-ci.yml file exists but tests exist' do
|
|
@@ -56,9 +55,9 @@ describe Simp::Ci::Gitlab do
|
|
|
56
55
|
proj_dir = File.join(files_dir, 'valid_job_suite_nodeset')
|
|
57
56
|
validator = Simp::Ci::Gitlab.new(proj_dir)
|
|
58
57
|
|
|
59
|
-
validator.
|
|
58
|
+
expect(validator).to receive(:`).with('which curl').and_return('/usr/bin/curl')
|
|
60
59
|
gitlab_response = '{"status":"valid","errors":[]}'
|
|
61
|
-
validator.
|
|
60
|
+
expect(validator).to receive(:`).with(/(?!which curl).*/).and_return(gitlab_response)
|
|
62
61
|
|
|
63
62
|
expect{ validator.validate_config }.
|
|
64
63
|
to_not raise_error
|
|
@@ -68,9 +67,9 @@ describe Simp::Ci::Gitlab do
|
|
|
68
67
|
proj_dir = File.join(files_dir, 'valid_job_suite_nodeset')
|
|
69
68
|
validator = Simp::Ci::Gitlab.new(proj_dir)
|
|
70
69
|
|
|
71
|
-
validator.
|
|
70
|
+
expect(validator).to receive(:`).with('which curl').and_return('/usr/bin/curl')
|
|
72
71
|
gitlab_response = '{"status":"invalid","errors":["root config contains unknown keys: pup5.5-unit"]}'
|
|
73
|
-
validator.
|
|
72
|
+
expect(validator).to receive(:`).with(/(?!which curl).*/).and_return(gitlab_response)
|
|
74
73
|
|
|
75
74
|
expect{ validator.validate_config }.
|
|
76
75
|
to raise_error(Simp::Ci::Gitlab::LintError,
|
|
@@ -97,7 +96,7 @@ describe Simp::Ci::Gitlab do
|
|
|
97
96
|
proj_dir = File.join(files_dir, 'valid_job_suite_nodeset')
|
|
98
97
|
validator = Simp::Ci::Gitlab.new(proj_dir)
|
|
99
98
|
|
|
100
|
-
validator.
|
|
99
|
+
expect(validator).to receive(:`).and_return('')
|
|
101
100
|
|
|
102
101
|
expect{ validator.validate_yaml }.
|
|
103
102
|
to output(/Could not find 'curl'/).to_stdout
|
|
@@ -107,8 +106,8 @@ describe Simp::Ci::Gitlab do
|
|
|
107
106
|
proj_dir = File.join(files_dir, 'valid_job_suite_nodeset')
|
|
108
107
|
validator = Simp::Ci::Gitlab.new(proj_dir)
|
|
109
108
|
|
|
110
|
-
validator.
|
|
111
|
-
validator.
|
|
109
|
+
expect(validator).to receive(:`).with('which curl').and_return('/usr/bin/curl')
|
|
110
|
+
expect(validator).to receive(:`).with(/(?!which curl).*/).and_return('{}')
|
|
112
111
|
|
|
113
112
|
expect{ validator.validate_yaml }.
|
|
114
113
|
to output(/Unable to lint check/).to_stdout
|
|
@@ -118,9 +117,9 @@ describe Simp::Ci::Gitlab do
|
|
|
118
117
|
proj_dir = File.join(files_dir, 'valid_job_suite_nodeset')
|
|
119
118
|
validator = Simp::Ci::Gitlab.new(proj_dir)
|
|
120
119
|
|
|
121
|
-
validator.
|
|
120
|
+
expect(validator).to receive(:`).with('which curl').and_return('/usr/bin/curl')
|
|
122
121
|
gitlab_response = '{"status":"valid","errors":[]}'
|
|
123
|
-
validator.
|
|
122
|
+
expect(validator).to receive(:`).with(/(?!which curl).*/).and_return(gitlab_response)
|
|
124
123
|
|
|
125
124
|
expect{ validator.validate_yaml }.
|
|
126
125
|
to_not raise_error
|
|
@@ -132,9 +131,9 @@ describe Simp::Ci::Gitlab do
|
|
|
132
131
|
proj_dir = File.join(files_dir, 'valid_job_suite_nodeset')
|
|
133
132
|
validator = Simp::Ci::Gitlab.new(proj_dir)
|
|
134
133
|
|
|
135
|
-
validator.
|
|
134
|
+
expect(validator).to receive(:`).with('which curl').and_return('/usr/bin/curl')
|
|
136
135
|
gitlab_response = '{"status":"invalid","errors":["root config contains unknown keys: pup5.5-unit"]}'
|
|
137
|
-
validator.
|
|
136
|
+
expect(validator).to receive(:`).with(/(?!which curl).*/).and_return(gitlab_response)
|
|
138
137
|
|
|
139
138
|
expect{ validator.validate_yaml }.
|
|
140
139
|
to raise_error(Simp::Ci::Gitlab::LintError,
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
require 'simp/command_utils'
|
|
2
|
+
require 'spec_helper'
|
|
3
|
+
|
|
4
|
+
describe Simp::CommandUtils do
|
|
5
|
+
RSpec.configure do |c|
|
|
6
|
+
c.include Simp::CommandUtils
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
describe '.which' do
|
|
10
|
+
it 'should return location of command that exists' do
|
|
11
|
+
expect(Facter::Core::Execution).to receive(:which).with('ls').and_return('/usr/bin/ls')
|
|
12
|
+
expect( which('ls') ).to eq('/usr/bin/ls')
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
it 'should return nil if command does not exist by default' do
|
|
16
|
+
expect( which('/does/not/exist/command') ).to be nil
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
it 'should fail if command does not exist if fail=true' do
|
|
20
|
+
expect{ which('/does/not/exist/command', true) }.to raise_error(
|
|
21
|
+
RuntimeError, /Warning: Command \/does\/not\/exist\/command not found/)
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
it 'should cache commands' do
|
|
25
|
+
allow(Facter::Core::Execution).to receive(:which).with('ls').and_return('/path1/ls', '/path2/ls')
|
|
26
|
+
expect( which('ls') ).to eq('/path1/ls')
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
@@ -257,10 +257,16 @@ describe Simp::ComponentInfo do
|
|
|
257
257
|
/Could not extract version and release from /)
|
|
258
258
|
end
|
|
259
259
|
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
260
|
+
it 'fails when changelog cannot be read from asset RPM spec file' do
|
|
261
|
+
skip(
|
|
262
|
+
<<~SKIP.strip.split("\n").join(' ')
|
|
263
|
+
This has to be a case in which version and release can be read from
|
|
264
|
+
spec file but the changelog (which is optional) can't.
|
|
264
265
|
|
|
266
|
+
It *could* be mocked, but is probably not worth the LOE unless we
|
|
267
|
+
encounter a real-world test case."
|
|
268
|
+
SKIP
|
|
269
|
+
)
|
|
270
|
+
end
|
|
265
271
|
end
|
|
266
272
|
end
|
|
@@ -1,14 +1,24 @@
|
|
|
1
1
|
require 'simp/local_gpg_signing_key'
|
|
2
2
|
require 'spec_helper'
|
|
3
3
|
require 'fileutils'
|
|
4
|
+
require 'timeout'
|
|
4
5
|
require 'tmpdir'
|
|
5
6
|
|
|
7
|
+
|
|
8
|
+
def get_key_id(keydir, key_email)
|
|
9
|
+
key_id = nil
|
|
10
|
+
key_info = `gpg --with-colons --homedir=#{keydir} --list-keys '<#{key_email}>' 2>&1 | grep ^pub:`
|
|
11
|
+
unless key_info.strip.empty?
|
|
12
|
+
key_id = key_info.split(':')[4]
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
|
|
6
16
|
describe Simp::LocalGpgSigningKey do
|
|
7
17
|
include FileUtils
|
|
8
18
|
|
|
9
19
|
before :all do
|
|
10
20
|
TMP_DIR = Dir.mktmpdir('spec_test__simp_local_gpg_signing_key')
|
|
11
|
-
|
|
21
|
+
TMP_DEV_KEYDIR = File.join(TMP_DIR, 'dev')
|
|
12
22
|
OPTS = {verbose: ENV['VERBOSE'].to_s =~ /^(yes|true)$/ }
|
|
13
23
|
|
|
14
24
|
mkdir_p TMP_DIR
|
|
@@ -24,9 +34,17 @@ describe Simp::LocalGpgSigningKey do
|
|
|
24
34
|
ENV['GPG_AGENT_INFO'] = ORIGINAL_GPG_AGENT_INFO
|
|
25
35
|
end
|
|
26
36
|
|
|
37
|
+
let(:gpg_keydir) { TMP_DEV_KEYDIR }
|
|
38
|
+
let(:gpg_email_name) { 'gatekeeper@simp.development.key' }
|
|
39
|
+
let(:opts) { OPTS }
|
|
40
|
+
|
|
27
41
|
shared_examples_for 'it just generated a local gpg signing key' do
|
|
28
|
-
it '
|
|
29
|
-
expect(
|
|
42
|
+
it 'has the key in the keyring' do
|
|
43
|
+
expect(get_key_id(gpg_keydir, gpg_email_name)).to_not be_nil
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
it 'had created a local gpg-agent' do
|
|
47
|
+
expect(agent_info.reject{|x| x.nil?}.keys).to include(:socket, :pid)
|
|
30
48
|
end
|
|
31
49
|
|
|
32
50
|
it 'had a gpg-agent socket' do
|
|
@@ -35,62 +53,141 @@ describe Simp::LocalGpgSigningKey do
|
|
|
35
53
|
end
|
|
36
54
|
|
|
37
55
|
it 'has killed the local gpg-agent' do
|
|
56
|
+
begin
|
|
57
|
+
# it may take some time for the local gpg-agent to die
|
|
58
|
+
Timeout::timeout(30) do
|
|
59
|
+
done = !File.exist?(agent_info[:socket])
|
|
60
|
+
until(done)
|
|
61
|
+
sleep(2)
|
|
62
|
+
done = !File.exist?(agent_info[:socket])
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
rescue Timeout::Error
|
|
66
|
+
puts "agent_info = #{agent_info}"
|
|
67
|
+
puts "gpg-agent processes running:\n#{`pgrep -f gpg-agent`}"
|
|
68
|
+
end
|
|
69
|
+
|
|
38
70
|
expect(File.exist?(agent_info[:socket])).to be false
|
|
39
71
|
end
|
|
40
72
|
end
|
|
41
73
|
|
|
42
|
-
|
|
43
74
|
shared_examples_for 'a valid gpg signing key environment' do
|
|
44
|
-
it 'has
|
|
45
|
-
Dir.chdir(
|
|
75
|
+
it 'has an exported local GPG signing key' do
|
|
76
|
+
Dir.chdir(gpg_keydir) { expect(Dir['*']).to include('RPM-GPG-KEY-SIMP-Dev') }
|
|
46
77
|
end
|
|
47
78
|
|
|
48
|
-
it 'has a
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
79
|
+
it 'has a keygen params file with info required for package signing' do
|
|
80
|
+
params_file = File.join(gpg_keydir, 'gengpgkey')
|
|
81
|
+
expect(File.exist?(params_file)).to be true
|
|
82
|
+
|
|
83
|
+
content = File.read(params_file)
|
|
84
|
+
expect(content).to match(/^Passphrase: .*$/)
|
|
85
|
+
expect(content).to match(/^Name-Email: #{gpg_email_name}$/)
|
|
55
86
|
end
|
|
56
87
|
end
|
|
57
88
|
|
|
58
89
|
shared_examples_for 'it encountered an unexpired local gpg signing key' do
|
|
59
90
|
it 'reuses an unexpired local gpg signing key' do
|
|
60
|
-
expect{described_class.new(
|
|
91
|
+
expect{described_class.new(gpg_keydir,opts).ensure_key}.to output(
|
|
61
92
|
/^GPG key \(gatekeeper@simp\.development\.key\) will expire in 14 days\./
|
|
62
93
|
).to_stdout
|
|
94
|
+
|
|
95
|
+
expect(get_key_id(gpg_keydir, gpg_email_name)).to eq original_key_id
|
|
63
96
|
end
|
|
64
97
|
|
|
65
98
|
it 'reuses an unexpired local gpg signing key' do
|
|
66
|
-
expect{described_class.new(
|
|
99
|
+
expect{described_class.new(gpg_keydir,opts).ensure_key}.to output(
|
|
67
100
|
/^GPG key \(gatekeeper@simp\.development\.key\) will expire in 14 days\./
|
|
68
101
|
).to_stdout
|
|
102
|
+
|
|
103
|
+
expect(get_key_id(gpg_keydir, gpg_email_name)).to eq original_key_id
|
|
69
104
|
end
|
|
70
105
|
end
|
|
71
106
|
|
|
72
107
|
context '#ensure_key' do
|
|
73
108
|
before :all do
|
|
74
|
-
rm_rf
|
|
109
|
+
rm_rf TMP_DEV_KEYDIR
|
|
75
110
|
ENV['GPG_AGENT_INFO'] = nil
|
|
76
111
|
end
|
|
77
112
|
|
|
113
|
+
|
|
78
114
|
context 'when run from scratch' do
|
|
79
115
|
before :all do
|
|
80
|
-
FIRST_RUN_AGENT_INFO = described_class.new(
|
|
116
|
+
FIRST_RUN_AGENT_INFO = described_class.new(TMP_DEV_KEYDIR,OPTS).ensure_key
|
|
81
117
|
end
|
|
118
|
+
|
|
82
119
|
let(:agent_info){ FIRST_RUN_AGENT_INFO }
|
|
120
|
+
|
|
83
121
|
it_behaves_like 'it just generated a local gpg signing key'
|
|
84
122
|
it_behaves_like 'a valid gpg signing key environment'
|
|
85
123
|
end
|
|
86
124
|
|
|
87
125
|
context 'when run again' do
|
|
88
126
|
before :all do
|
|
89
|
-
SECOND_RUN_AGENT_INFO = described_class.new(
|
|
127
|
+
SECOND_RUN_AGENT_INFO = described_class.new(TMP_DEV_KEYDIR,OPTS).ensure_key
|
|
90
128
|
end
|
|
129
|
+
|
|
91
130
|
let(:agent_info){ SECOND_RUN_AGENT_INFO }
|
|
131
|
+
let(:original_key_id) { get_key_id(gpg_keydir, gpg_email_name) }
|
|
132
|
+
|
|
92
133
|
it_behaves_like 'it encountered an unexpired local gpg signing key'
|
|
93
134
|
it_behaves_like 'a valid gpg signing key environment'
|
|
94
135
|
end
|
|
95
136
|
end
|
|
137
|
+
|
|
138
|
+
context '#gpg_agent_info' do
|
|
139
|
+
before :all do
|
|
140
|
+
rm_rf TMP_DEV_KEYDIR
|
|
141
|
+
end
|
|
142
|
+
|
|
143
|
+
# other use cases already tested in ensure_key tests
|
|
144
|
+
it 'returns nil when no gpg agent env file exists' do
|
|
145
|
+
expect(described_class.new(gpg_keydir,opts).gpg_agent_info).to be_nil
|
|
146
|
+
end
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
context '#dev_key_days_left' do
|
|
150
|
+
before :all do
|
|
151
|
+
rm_rf TMP_DEV_KEYDIR
|
|
152
|
+
end
|
|
153
|
+
|
|
154
|
+
let(:gpg_cmd) { "gpg --with-colons --homedir=#{gpg_keydir} --list-keys '<#{gpg_email_name}>' 2>&1" }
|
|
155
|
+
|
|
156
|
+
it 'returns 0 when key is not found' do
|
|
157
|
+
expect(described_class.new(gpg_keydir,opts).dev_key_days_left).to eq 0
|
|
158
|
+
end
|
|
159
|
+
|
|
160
|
+
it 'returns 0 when key is expired' do
|
|
161
|
+
generator = described_class.new(gpg_keydir,opts)
|
|
162
|
+
output = <<~EOM
|
|
163
|
+
tru::1:1521838828:0:3:1:5
|
|
164
|
+
pub:e:4096:1:722B97A808E7DAEA:1521838554:1523048154::-:::sc::::::23::0:
|
|
165
|
+
fpr:::::::::5DD3E8D45C99780DCA7D0B83722B97A808E7DAEA:
|
|
166
|
+
uid:e::::1521838554::773C55CA511CCE31244D86D4AB70F6499024695F::SIMP Development (Development key 1521838554) <gatekeeper@simp.development.key>::::::::::0:
|
|
167
|
+
EOM
|
|
168
|
+
expect(generator).to receive(:`).with(gpg_cmd).and_return(output)
|
|
169
|
+
|
|
170
|
+
expect(generator.dev_key_days_left).to eq 0
|
|
171
|
+
end
|
|
172
|
+
|
|
173
|
+
it 'returns # days left when unexpired key is found with ISO 8601 date' do
|
|
174
|
+
generator = described_class.new(gpg_keydir,opts)
|
|
175
|
+
|
|
176
|
+
require 'date'
|
|
177
|
+
creation_date = DateTime.now - 5
|
|
178
|
+
expiration_date = creation_date + 14
|
|
179
|
+
creation_str = creation_date.iso8601.gsub(/:|-/,'')
|
|
180
|
+
expiration_str = expiration_date.iso8601.gsub(/:|-/,'')
|
|
181
|
+
|
|
182
|
+
output = <<~EOM
|
|
183
|
+
tru::1:1521838828:0:3:1:5
|
|
184
|
+
pub:u:4096:1:722B97A808E7DAEA:#{creation_str}:#{expiration_str}::-:::sc::::::23::0:
|
|
185
|
+
fpr:::::::::5DD3E8D45C99780DCA7D0B83722B97A808E7DAEA:
|
|
186
|
+
uid:e::::1521838554::773C55CA511CCE31244D86D4AB70F6499024695F::SIMP Development (Development key 1521838554) <gatekeeper@simp.development.key>::::::::::0:
|
|
187
|
+
EOM
|
|
188
|
+
expect(generator).to receive(:`).with(gpg_cmd).and_return(output)
|
|
189
|
+
|
|
190
|
+
expect(generator.dev_key_days_left).to eq 9
|
|
191
|
+
end
|
|
192
|
+
end
|
|
96
193
|
end
|