simp-rake-helpers 5.11.4 → 5.12.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +46 -0
- data/CONTRIBUTING.md +1 -1
- data/Gemfile +2 -1
- data/README.md +3 -38
- data/Rakefile +2 -3
- data/lib/simp/command_utils.rb +21 -0
- data/lib/simp/componentinfo.rb +17 -0
- data/lib/simp/local_gpg_signing_key.rb +184 -81
- data/lib/simp/rake.rb +3 -10
- data/lib/simp/rake/build/build.rb +45 -29
- data/lib/simp/rake/build/constants.rb +5 -1
- data/lib/simp/rake/build/iso.rb +1 -1
- data/lib/simp/rake/build/pkg.rb +168 -52
- data/lib/simp/rake/build/spec.rb +1 -1
- data/lib/simp/rake/build/tar.rb +1 -1
- data/lib/simp/rake/build/unpack.rb +1 -1
- data/lib/simp/rake/build/upload.rb +1 -1
- data/lib/simp/rake/helpers/assets/rpm_spec/simp6.spec +3 -3
- data/lib/simp/rake/helpers/assets/rpm_spec/simpdefault.spec +3 -3
- data/lib/simp/rake/helpers/version.rb +1 -1
- data/lib/simp/rake/pkg.rb +5 -1
- data/lib/simp/rake/pupmod/helpers.rb +2 -0
- data/lib/simp/rake/rubygem.rb +5 -1
- data/lib/simp/rpm.rb +13 -125
- data/lib/simp/rpm_signer.rb +321 -0
- data/spec/acceptance/nodesets/default.yml +18 -109
- data/spec/acceptance/{00_pkg_rpm_custom_scriptlets_spec.rb → suites/default/00_pkg_rpm_custom_scriptlets_spec.rb} +21 -22
- data/spec/acceptance/{10_pkg_rpm_spec.rb → suites/default/10_pkg_rpm_spec.rb} +50 -52
- data/spec/acceptance/{30_pkg_misc_spec.rb → suites/default/30_pkg_misc_spec.rb} +1 -1
- data/spec/acceptance/{50_local_gpg_signing_key_spec.rb → suites/default/50_local_gpg_signing_key_spec.rb} +7 -3
- data/spec/acceptance/suites/default/55_build_pkg_signing_spec.rb +391 -0
- data/spec/acceptance/{development → suites/default/development}/docker_env.sh +0 -0
- data/spec/acceptance/{development → suites/default/development}/rerun_acceptance_tests.sh +0 -0
- data/spec/acceptance/{development → suites/default/development}/vagrant_rsync.sh +0 -0
- data/spec/acceptance/{files → suites/default/files}/asset/Rakefile +0 -0
- data/spec/acceptance/{files → suites/default/files}/asset/build/asset.spec +0 -0
- data/spec/acceptance/{files → suites/default/files}/asset_with_misordered_entries/Rakefile +0 -0
- data/spec/acceptance/{files → suites/default/files}/asset_with_misordered_entries/build/asset_with_misordered_entries.spec +0 -0
- data/spec/acceptance/{files → suites/default/files}/build/pkg/gpg-keydir.expired.2018-04-06/RPM-GPG-KEY-SIMP-Dev +0 -0
- data/spec/acceptance/{files → suites/default/files}/build/pkg/gpg-keydir.expired.2018-04-06/gengpgkey +0 -0
- data/spec/acceptance/{files → suites/default/files}/build/pkg/gpg-keydir.expired.2018-04-06/pubring.gpg +0 -0
- data/spec/acceptance/{files → suites/default/files}/build/pkg/gpg-keydir.expired.2018-04-06/random_seed +0 -0
- data/spec/acceptance/{files → suites/default/files}/build/pkg/gpg-keydir.expired.2018-04-06/run_gpg_agent +0 -0
- data/spec/acceptance/{files → suites/default/files}/build/pkg/gpg-keydir.expired.2018-04-06/secring.gpg +0 -0
- data/spec/acceptance/{files → suites/default/files}/build/pkg/gpg-keydir.expired.2018-04-06/trustdb.gpg +0 -0
- data/spec/acceptance/{files → suites/default/files}/build/project_skeleton/Puppetfile.tracking +0 -0
- data/spec/acceptance/{files → suites/default/files}/build/project_skeleton/README.md +0 -0
- data/spec/acceptance/{files → suites/default/files}/build/project_skeleton/Rakefile +0 -0
- data/spec/acceptance/{files → suites/default/files}/build/project_skeleton/src/assets/simp/build/simp.spec +0 -0
- data/spec/acceptance/{files → suites/default/files}/module/CHANGELOG +0 -0
- data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-new-package-2.1 → suites/default/files/module}/Rakefile +0 -0
- data/spec/acceptance/{files → suites/default/files}/module/metadata.json +0 -0
- data/spec/acceptance/{files → suites/default/files}/module_with_misordered_entries/CHANGELOG +0 -0
- data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-new-package-3.0 → suites/default/files/module_with_misordered_entries}/Rakefile +0 -0
- data/spec/acceptance/{files → suites/default/files}/module_with_misordered_entries/metadata.json +0 -0
- data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-new-package-2.1 → suites/default/files/simplib}/CHANGELOG +0 -0
- data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-old-package-1.0 → suites/default/files/simplib}/Rakefile +0 -0
- data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-old-package-1.0 → suites/default/files/simplib}/build/rpm_metadata/requires +0 -0
- data/spec/acceptance/{files → suites/default/files}/simplib/metadata.json +0 -0
- data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-new-package-3.0 → suites/default/files/testpackage}/CHANGELOG +0 -0
- data/spec/acceptance/suites/default/files/testpackage/README +8 -0
- data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-old-package-2.0 → suites/default/files/testpackage}/Rakefile +0 -0
- data/spec/acceptance/{files/package_upgrades/pupmod-simp-testpackage-1.0 → suites/default/files/testpackage}/build/rpm_metadata/requires +0 -0
- data/spec/acceptance/{files → suites/default/files}/testpackage/metadata.json +0 -0
- data/spec/acceptance/suites/default/files/testpackage/spec/classes/init_spec.rb +1 -0
- data/spec/acceptance/suites/default/files/testpackage/spec/files/mock_something.rb +3 -0
- data/spec/acceptance/suites/default/files/testpackage/utils/convert_v1_to_v2.rb +3 -0
- data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-old-package-1.0 → suites/default/files/testpackage_custom_scriptlet}/CHANGELOG +0 -0
- data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-old-package-2.2 → suites/default/files/testpackage_custom_scriptlet}/Rakefile +0 -0
- data/spec/acceptance/{files → suites/default/files}/testpackage_custom_scriptlet/build/rpm_metadata/custom/overrides +0 -0
- data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-old-package-2.0 → suites/default/files/testpackage_custom_scriptlet}/build/rpm_metadata/requires +0 -0
- data/spec/acceptance/{files → suites/default/files}/testpackage_custom_scriptlet/metadata.json +0 -0
- data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-old-package-2.0 → suites/default/files/testpackage_missing_license}/CHANGELOG +0 -0
- data/spec/acceptance/{files/module → suites/default/files/testpackage_missing_license}/Rakefile +0 -0
- data/spec/acceptance/{files/simplib → suites/default/files/testpackage_missing_license}/build/rpm_metadata/requires +0 -0
- data/spec/acceptance/{files → suites/default/files}/testpackage_missing_license/metadata.json +0 -0
- data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-old-package-2.2 → suites/default/files/testpackage_missing_metadata_file}/CHANGELOG +0 -0
- data/spec/acceptance/{files/module_with_misordered_entries → suites/default/files/testpackage_missing_metadata_file}/Rakefile +0 -0
- data/spec/acceptance/{files/testpackage_custom_scriptlet → suites/default/files/testpackage_missing_metadata_file}/build/rpm_metadata/requires +0 -0
- data/spec/acceptance/{files/simplib → suites/default/files/testpackage_missing_name}/CHANGELOG +0 -0
- data/spec/acceptance/{files/package_upgrades/pupmod-simp-testpackage-1.0 → suites/default/files/testpackage_missing_name}/Rakefile +0 -0
- data/spec/acceptance/{files/testpackage_missing_license → suites/default/files/testpackage_missing_name}/build/rpm_metadata/requires +0 -0
- data/spec/acceptance/{files → suites/default/files}/testpackage_missing_name/metadata.json +0 -0
- data/spec/acceptance/{files/testpackage → suites/default/files/testpackage_missing_source}/CHANGELOG +0 -0
- data/spec/acceptance/{files/package_upgrades/pupmod-simp-testpackage-2.0 → suites/default/files/testpackage_missing_source}/Rakefile +0 -0
- data/spec/acceptance/{files/testpackage_missing_metadata_file → suites/default/files/testpackage_missing_source}/build/rpm_metadata/requires +0 -0
- data/spec/acceptance/{files → suites/default/files}/testpackage_missing_source/metadata.json +0 -0
- data/spec/acceptance/{files/testpackage_custom_scriptlet → suites/default/files/testpackage_missing_summary}/CHANGELOG +0 -0
- data/spec/acceptance/{files/simplib → suites/default/files/testpackage_missing_summary}/Rakefile +0 -0
- data/spec/acceptance/{files/testpackage_missing_name → suites/default/files/testpackage_missing_summary}/build/rpm_metadata/requires +0 -0
- data/spec/acceptance/{files → suites/default/files}/testpackage_missing_summary/metadata.json +0 -0
- data/spec/acceptance/{files/testpackage_missing_license → suites/default/files/testpackage_missing_version}/CHANGELOG +0 -0
- data/spec/acceptance/{files/testpackage → suites/default/files/testpackage_missing_version}/Rakefile +0 -0
- data/spec/acceptance/{files/testpackage_missing_source → suites/default/files/testpackage_missing_version}/build/rpm_metadata/requires +0 -0
- data/spec/acceptance/{files → suites/default/files}/testpackage_missing_version/metadata.json +0 -0
- data/spec/acceptance/{files → suites/default/files}/testpackage_with_bad_changelog_date/CHANGELOG +0 -0
- data/spec/acceptance/{files/testpackage_custom_scriptlet → suites/default/files/testpackage_with_bad_changelog_date}/Rakefile +0 -0
- data/spec/acceptance/{files/testpackage_missing_summary → suites/default/files/testpackage_with_bad_changelog_date}/build/rpm_metadata/requires +0 -0
- data/spec/acceptance/{files → suites/default/files}/testpackage_with_bad_changelog_date/metadata.json +0 -0
- data/spec/acceptance/{files/testpackage_missing_metadata_file → suites/default/files/testpackage_with_release}/CHANGELOG +0 -0
- data/spec/acceptance/{files/testpackage_missing_license → suites/default/files/testpackage_with_release}/Rakefile +0 -0
- data/spec/acceptance/{files → suites/default/files}/testpackage_with_release/build/rpm_metadata/release +0 -0
- data/spec/acceptance/{files/testpackage_missing_version → suites/default/files/testpackage_with_release}/build/rpm_metadata/requires +0 -0
- data/spec/acceptance/{files → suites/default/files}/testpackage_with_release/metadata.json +0 -0
- data/spec/acceptance/{files/testpackage_missing_metadata_file → suites/default/files/testpackage_without_changelog}/Rakefile +0 -0
- data/spec/acceptance/{files/testpackage_with_bad_changelog_date → suites/default/files/testpackage_without_changelog}/build/rpm_metadata/requires +0 -0
- data/spec/acceptance/{files → suites/default/files}/testpackage_without_changelog/metadata.json +0 -0
- data/spec/acceptance/{support → suites/default/support}/build_project_helpers.rb +33 -9
- data/spec/acceptance/{support → suites/default/support}/build_user_helpers.rb +0 -0
- data/spec/acceptance/{support → suites/default/support}/pkg_rpm_helpers.rb +0 -0
- data/spec/lib/simp/ci/gitlab_spec.rb +12 -13
- data/spec/lib/simp/command_utils_spec.rb +29 -0
- data/spec/lib/simp/componentinfo_spec.rb +10 -4
- data/spec/lib/simp/local_gpg_signing_key_spec.rb.beaker-only +115 -18
- data/spec/lib/simp/rake/build/helpers_spec.rb +3 -0
- data/spec/lib/simp/rake/build/rpmdeps_spec.rb +1 -2
- data/spec/lib/simp/rake/pupmod/fixtures/othermod/Gemfile +1 -10
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/README.md +2 -2
- data/spec/lib/simp/rake_spec.rb +2 -1
- data/spec/lib/simp/relchecks_check_rpm_changelog_spec.rb +20 -10
- data/spec/lib/simp/relchecks_compare_latest_tag_spec.rb +17 -17
- data/spec/lib/simp/rpm_signer_spec.rb +98 -0
- data/spec/lib/simp/rpm_spec.rb +1 -7
- data/spec/spec_helper.rb +1 -1
- data/spec/spec_helper_acceptance.rb +20 -3
- metadata +94 -151
- data/.travis.yml +0 -60
- data/lib/simp/rake/helpers/assets/rpm_spec/simp4.spec +0 -388
- data/lib/simp/rake/helpers/assets/rpm_spec/simp5.spec +0 -388
- data/spec/acceptance/20_pkg_rpm_upgrade_spec.rb +0 -236
- data/spec/acceptance/55_build_pkg_signing_spec.rb +0 -140
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/build/rpm_metadata/custom/overrides +0 -14
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/build/rpm_metadata/requires +0 -1
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/metadata.json +0 -33
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/build/rpm_metadata/custom/overrides +0 -14
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/build/rpm_metadata/requires +0 -1
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/metadata.json +0 -33
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-1.0/metadata.json +0 -33
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.0/metadata.json +0 -33
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/build/rpm_metadata/custom/overrides +0 -14
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/build/rpm_metadata/requires +0 -1
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/metadata.json +0 -33
- data/spec/acceptance/files/mock_packages/pupmod-puppetlabs-stdlib.spec +0 -32
- data/spec/acceptance/files/mock_packages/pupmod-simp-foo.spec +0 -32
- data/spec/acceptance/files/mock_packages/pupmod-simp-simplib.spec +0 -32
- data/spec/acceptance/files/mock_packages/rpmbuild.sh +0 -25
- data/spec/acceptance/files/mock_packages/simp-adapter.spec +0 -43
- data/spec/acceptance/files/mock_packages/simp-adapter/etc/simp/adapter_config.yaml +0 -3
- data/spec/acceptance/files/mock_packages/simp-adapter/usr/local/sbin/simp_rpm_helper +0 -495
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/CHANGELOG +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/data/os/CentOS.yaml +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/data/os/RedHat.yaml +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/hiera.yaml +0 -14
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/manifests/init.pp +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/metadata.json +0 -37
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/CHANGELOG +0 -5
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/build/rpm_metadata/requires +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/data/os/CentOS.yaml +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/data/os/RedHat.yaml +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/hiera.yaml +0 -14
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/manifests/init.pp +0 -3
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/metadata.json +0 -37
- data/spec/acceptance/files/testpackage/build/rpm_metadata/requires +0 -2
- data/spec/acceptance/files/testpackage_missing_name/CHANGELOG +0 -2
- data/spec/acceptance/files/testpackage_missing_name/Rakefile +0 -3
- data/spec/acceptance/files/testpackage_missing_source/CHANGELOG +0 -2
- data/spec/acceptance/files/testpackage_missing_source/Rakefile +0 -3
- data/spec/acceptance/files/testpackage_missing_summary/CHANGELOG +0 -2
- data/spec/acceptance/files/testpackage_missing_summary/Rakefile +0 -3
- data/spec/acceptance/files/testpackage_missing_version/CHANGELOG +0 -2
- data/spec/acceptance/files/testpackage_missing_version/Rakefile +0 -3
- data/spec/acceptance/files/testpackage_with_bad_changelog_date/Rakefile +0 -3
- data/spec/acceptance/files/testpackage_with_release/CHANGELOG +0 -2
- data/spec/acceptance/files/testpackage_with_release/Rakefile +0 -3
- data/spec/acceptance/files/testpackage_with_release/build/rpm_metadata/requires +0 -1
- data/spec/acceptance/files/testpackage_without_changelog/Rakefile +0 -3
- data/spec/acceptance/files/testpackage_without_changelog/build/rpm_metadata/requires +0 -1
- data/spec/lib/simp/ci/files/job_broken_link_nodeset/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/job_invalid_nodeset/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/job_invalid_suite/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/job_missing_nodeset/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/job_missing_suite_and_nodeset/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/multiple_invalid_jobs/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/multiple_valid_jobs/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/no_gitlab_config_with_tests/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/no_gitlab_config_without_tests/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/suite_skeleton_only/spec/acceptance/nodesets/default.yml +0 -1
- data/spec/lib/simp/ci/files/suite_skeleton_only/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/valid_job_nodeset_dir_link/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/valid_job_nodeset_link/spec/acceptance/suites/default/nodesets/default.yml +0 -1
- data/spec/lib/simp/files/build/testpackage.spec +0 -1
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/spec/acceptance/nodesets/default.yml +0 -1
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/spec/acceptance/suites/default/nodesets +0 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4da7d0cf624209586f4a159cd06bf86cc61da199ddecc3d2730e53a267225316
|
|
4
|
+
data.tar.gz: 44fcb7049d7a6a39b433e88de24894db6817fc06620fddc6ac7f67d3481c6a42
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6f4a80dd4864f3ade29b60932b83d87b8d2fd56384fd03bc5df9de9a03f70f54445333e3654b3d2225d67e0ffdc5f1f772c5a23908a0ea40378c648043c00fb2
|
|
7
|
+
data.tar.gz: 862aaaac472efde1959b314d66ddb254379be34f2ecbfa1f4715fc58882010fcfc14c5caf41a090947b2d3955b2c27eb146bec1b2236a817caebc95ada01f857
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,49 @@
|
|
|
1
|
+
### 5.12.2 / 2021-06-22
|
|
2
|
+
- Change to '-1' from '-0' as the default RPM release
|
|
3
|
+
|
|
4
|
+
### 5.12.1 / 2021-05-27
|
|
5
|
+
- Default `@build_dir` to `@distro_build_dir` in build tasks
|
|
6
|
+
- Use `file --keep-going` in the **unpack** task's ISO validation check. This
|
|
7
|
+
allows the check to work from EL8-based systems, where `ISO 9660 CD-ROM
|
|
8
|
+
filesystem data` is not the first match.
|
|
9
|
+
|
|
10
|
+
### 5.12.0 / 2021-02-16
|
|
11
|
+
- Ensure that pkg:install_gem uses the correct documentation options for the
|
|
12
|
+
version of Ruby in use.
|
|
13
|
+
- Disable brp-mangle-shebangs when building RPMs.
|
|
14
|
+
- Mitigated problem where gpg-agent daemon fails to start because
|
|
15
|
+
its socket path is longer than 108 characters.
|
|
16
|
+
- Changed the default location of the GPG keys directory used in the
|
|
17
|
+
pkg:key_prep and pkg:signrpms Rake tasks to <base_dir>/.dev_gpgkeys.
|
|
18
|
+
- Added a SIMP_PKG_build_keys_dir environment variable that overrides
|
|
19
|
+
the default location of the GPG keys directory used in the
|
|
20
|
+
pkg:key_prep and pkg:signrpms Rake tasks.
|
|
21
|
+
- Added SIMP_PKG_rpmsign_timeout environment variable that overrides
|
|
22
|
+
default timeout in seconds to wait for an individual RPM signing
|
|
23
|
+
operation to complete.
|
|
24
|
+
- Default timeout is 30 seconds.
|
|
25
|
+
- Most relevant when signing on RPMs on EL8 and the gpg-agent
|
|
26
|
+
started by rpmsign fails to start, but rpmsign does not detect
|
|
27
|
+
the failure and hangs.
|
|
28
|
+
- Improved pkg:signrpms error handling and reporting.
|
|
29
|
+
- Fixed bug in GPG handling for GPG 2.1+ in which an existing
|
|
30
|
+
GPG key that was not cached internally was not detected.
|
|
31
|
+
- Fixed bug where pkg:signrpms failed to sign RPMs on EL8.
|
|
32
|
+
- Fixed bug where pkg:checksig reported failure on EL8, even when
|
|
33
|
+
the signatures were valid.
|
|
34
|
+
- Deprecated the following top-level Rake tasks for Puppet modules:
|
|
35
|
+
- compare_latest_tag: use pkg:compare_latest_tag instead
|
|
36
|
+
- changelog_annotation: use pkg:create_tag_changelog instead
|
|
37
|
+
|
|
38
|
+
### 5.11.6 / 2021-02-03
|
|
39
|
+
* Fix GPG handling for GPG 2.1+
|
|
40
|
+
|
|
41
|
+
### 5.11.5 / 2020-12-02
|
|
42
|
+
* Add support for Puppet 7
|
|
43
|
+
* Work around issues with querying RPM spec file changelogs using RPM version 4.15.0+
|
|
44
|
+
* Switch between 'with_unbundled_env' and 'with_clean_env' based on which one
|
|
45
|
+
Bundler supports.
|
|
46
|
+
|
|
1
47
|
### 5.11.4 / 2020-08-03
|
|
2
48
|
* Permit *.md files in `rake pkg:compare_latest_tag`
|
|
3
49
|
|
data/CONTRIBUTING.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
## Contributing
|
|
2
2
|
|
|
3
|
-
Please refer to the main [SIMP Project Contributing Guide](https://
|
|
3
|
+
Please refer to the main [SIMP Project Contributing Guide](https://simp-doc.readthedocs.io/en/stable/contributors_guide/index.html)
|
|
4
4
|
for details on contributing to this project.
|
data/Gemfile
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# SIMP_GEM_SERVERS | a space/comma delimited list of rubygem servers
|
|
4
4
|
# PUPPET_VERSION | specifies the version of the puppet gem to load
|
|
5
|
-
puppetversion = ENV.key?('PUPPET_VERSION') ? "#{ENV['PUPPET_VERSION']}" : '~>
|
|
5
|
+
puppetversion = ENV.key?('PUPPET_VERSION') ? "#{ENV['PUPPET_VERSION']}" : '~> 6'
|
|
6
6
|
gem_sources = ENV.key?('SIMP_GEM_SERVERS') ? ENV['SIMP_GEM_SERVERS'].split(/[, ]+/) : ['https://rubygems.org']
|
|
7
7
|
|
|
8
8
|
gem_sources.each { |gem_source| source gem_source }
|
|
@@ -13,6 +13,7 @@ gem 'simp-build-helpers'
|
|
|
13
13
|
gem 'simp-beaker-helpers'
|
|
14
14
|
gem 'beaker-puppet_install_helper'
|
|
15
15
|
gem 'rake', '>= 12.3.3'
|
|
16
|
+
gem 'beaker-docker'
|
|
16
17
|
|
|
17
18
|
if puppetversion
|
|
18
19
|
gem 'puppet', puppetversion
|
data/README.md
CHANGED
|
@@ -26,7 +26,6 @@
|
|
|
26
26
|
* [`rake pkg:rpm`](#rake-pkgrpm)
|
|
27
27
|
* [`rake pkg:tar`](#rake-pkgtar)
|
|
28
28
|
* [Limitations](#limitations)
|
|
29
|
-
* [Some versions of bundler fail on FIPS-enabled Systems](#some-versions-of-bundler-fail-on-fips-enabled-systems)
|
|
30
29
|
* [Development](#development)
|
|
31
30
|
* [License](#license)
|
|
32
31
|
* [History](#history)
|
|
@@ -39,7 +38,7 @@ The `simp-rake-helpers` gem provides common Rake tasks to support the SIMP build
|
|
|
39
38
|
|
|
40
39
|
### This gem is part of SIMP
|
|
41
40
|
|
|
42
|
-
This gem is part of (the build tooling for) the [System Integrity Management Platform](https://
|
|
41
|
+
This gem is part of (the build tooling for) the [System Integrity Management Platform](https://simp-project.com), a compliance-management framework built on [Puppet](https://puppetlabs.com/).
|
|
43
42
|
|
|
44
43
|
|
|
45
44
|
### Features
|
|
@@ -66,25 +65,6 @@ group :test do
|
|
|
66
65
|
gem 'puppet', puppetversion
|
|
67
66
|
gem 'beaker-rspec'
|
|
68
67
|
gem 'vagrant-wrapper'
|
|
69
|
-
|
|
70
|
-
# Puppet 4+ has issues with Hiera 3.1+
|
|
71
|
-
if puppetversion.to_s =~ />(\d+)/
|
|
72
|
-
pversion = $1
|
|
73
|
-
else
|
|
74
|
-
pversion = puppetversion
|
|
75
|
-
end
|
|
76
|
-
|
|
77
|
-
if Gem::Dependency.new('puppet', '~> 4.0').match?('puppet', pversion)
|
|
78
|
-
gem 'hiera', '~> 3.0.0'
|
|
79
|
-
end
|
|
80
|
-
|
|
81
|
-
# simp-rake-helpers does not suport puppet 2.7.X
|
|
82
|
-
if "#{ENV['PUPPET_VERSION']}".scan(/\d+/).first != '2' &&
|
|
83
|
-
# simp-rake-helpers and ruby 1.8.7 bomb Travis tests
|
|
84
|
-
# TODO: fix upstream deps (parallel in simp-rake-helpers)
|
|
85
|
-
RUBY_VERSION.sub(/\.\d+$/,'') != '1.8'
|
|
86
|
-
gem 'simp-rake-helpers'
|
|
87
|
-
end
|
|
88
68
|
end
|
|
89
69
|
```
|
|
90
70
|
|
|
@@ -164,7 +144,7 @@ directory . The full list of files considered are:
|
|
|
164
144
|
├── CHANGELOG # OPTIONAL written in RPM's CHANGELOG format
|
|
165
145
|
└── build/ # OPTIONAL
|
|
166
146
|
└── rpm_metadata/ # OPTIONAL
|
|
167
|
-
├── release # OPTIONAL defines the RPM's "
|
|
147
|
+
├── release # OPTIONAL defines the RPM's "-<qualifier>" release qualifier
|
|
168
148
|
├── requires # OPTIONAL supplementary 'Requires','Provides','Obsoletes'
|
|
169
149
|
└── custom/ # OPTIONAL
|
|
170
150
|
└── * # OPTIONAL custom snippets in RPM .spec format
|
|
@@ -187,7 +167,7 @@ level of the project, if it exists.
|
|
|
187
167
|
|
|
188
168
|
Example:
|
|
189
169
|
|
|
190
|
-
* Mon Nov 06 2017 Tom Smith <tom.smith@simp.com> - 3.8.0
|
|
170
|
+
* Mon Nov 06 2017 Tom Smith <tom.smith@simp.com> - 3.8.0
|
|
191
171
|
- Add feature x
|
|
192
172
|
|
|
193
173
|
**Important:** Note the leading zero in "`Nov 05`". It is a convention
|
|
@@ -227,21 +207,6 @@ Build the tar package for the current SIMP project
|
|
|
227
207
|
|
|
228
208
|
## Limitations
|
|
229
209
|
|
|
230
|
-
### Some versions of bundler fail on FIPS-enabled Systems
|
|
231
|
-
|
|
232
|
-
This is a limitation of Bundler, not the gem.
|
|
233
|
-
|
|
234
|
-
If you are running on a FIPS-enabled system, you will need to use
|
|
235
|
-
`bundler '~> 1.14.0'` or `bundler '~> 1.16'`
|
|
236
|
-
|
|
237
|
-
If you are using RVM, the appropriate steps are as follows:
|
|
238
|
-
|
|
239
|
-
```shell
|
|
240
|
-
rm Gemfile.lock ||:
|
|
241
|
-
rvm @global do gem uninstall bundler -a -x
|
|
242
|
-
rvm @global do gem install bundler -v '~> 1.14.0'
|
|
243
|
-
```
|
|
244
|
-
|
|
245
210
|
## Development
|
|
246
211
|
|
|
247
212
|
Please see the [SIMP Contribution Guidelines](https://simp-project.atlassian.net/wiki/display/SD/Contributing+to+SIMP).
|
data/Rakefile
CHANGED
|
@@ -1,5 +1,3 @@
|
|
|
1
|
-
# -*- ruby -*-
|
|
2
|
-
|
|
3
1
|
require "rubygems"
|
|
4
2
|
require 'rake/clean'
|
|
5
3
|
require 'find'
|
|
@@ -12,5 +10,6 @@ require 'rspec/core/rake_task'
|
|
|
12
10
|
require 'simp/rake/rubygem'
|
|
13
11
|
Simp::Rake::Rubygem.new(@package, @rakefile_dir)
|
|
14
12
|
|
|
13
|
+
require 'simp/rake/beaker'
|
|
15
14
|
|
|
16
|
-
|
|
15
|
+
Simp::Rake::Beaker.new(Dir.pwd)
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module Simp; end
|
|
2
|
+
module Simp::CommandUtils
|
|
3
|
+
require 'facter'
|
|
4
|
+
|
|
5
|
+
def which(cmd, fail=false)
|
|
6
|
+
@which_cache ||= {}
|
|
7
|
+
|
|
8
|
+
if @which_cache.has_key?(cmd)
|
|
9
|
+
command = @which_cache[cmd]
|
|
10
|
+
else
|
|
11
|
+
command = Facter::Core::Execution.which(cmd)
|
|
12
|
+
@which_cache[cmd] = command
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
msg = "Warning: Command #{cmd} not found on the system."
|
|
16
|
+
|
|
17
|
+
( fail ? raise(msg) : warn(msg) ) unless command
|
|
18
|
+
|
|
19
|
+
command
|
|
20
|
+
end
|
|
21
|
+
end
|
data/lib/simp/componentinfo.rb
CHANGED
|
@@ -139,6 +139,23 @@ class Simp::ComponentInfo
|
|
|
139
139
|
if $?.exitstatus != 0
|
|
140
140
|
fail("Could not extract changelog from #{rpm_spec_files[0]}." +
|
|
141
141
|
" To debug, execute:\n #{changelog_query}")
|
|
142
|
+
elsif raw_changelog.strip.empty?
|
|
143
|
+
changelog_lines = []
|
|
144
|
+
|
|
145
|
+
in_changelog = false
|
|
146
|
+
File.read(rpm_spec_files[0]).lines.each do |line|
|
|
147
|
+
changelog_lines << line if in_changelog
|
|
148
|
+
|
|
149
|
+
if line.start_with?('%')
|
|
150
|
+
if line.start_with?('%changelog')
|
|
151
|
+
in_changelog = true
|
|
152
|
+
else
|
|
153
|
+
in_changelog = false
|
|
154
|
+
end
|
|
155
|
+
end
|
|
156
|
+
end
|
|
157
|
+
|
|
158
|
+
raw_changelog = changelog_lines.join
|
|
142
159
|
end
|
|
143
160
|
@changelog = parse_changelog(raw_changelog, latest_version_only, verbose)
|
|
144
161
|
end
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
require 'securerandom'
|
|
2
2
|
require 'rake'
|
|
3
|
+
require 'simp/command_utils'
|
|
3
4
|
|
|
4
5
|
module Simp
|
|
5
6
|
# Ensure that a valid GPG signing key exists in a local directory
|
|
@@ -14,49 +15,52 @@ module Simp
|
|
|
14
15
|
# - New keys are generated using a temporary GPG agent with its own
|
|
15
16
|
# settings and socket.
|
|
16
17
|
#
|
|
17
|
-
# The local signing key's directory
|
|
18
|
+
# The local signing key's directory includes the following:
|
|
19
|
+
# gpg < 2.1.0 (EL7):
|
|
18
20
|
#
|
|
19
21
|
# ```
|
|
20
22
|
# #{key_name}/ # key directory
|
|
21
23
|
# +-- RPM-GPG-KEY-SIMP-#{key_name} # key file
|
|
22
24
|
# +-- gengpgkey # --gen-key params file **
|
|
25
|
+
# +-- gpg-agent-info.env # Lists location of gpg-agent socket + pid
|
|
26
|
+
# +-- run_gpg_agnet # Script used to start gpg-agent
|
|
23
27
|
# +-- pubring.gpg
|
|
24
28
|
# +-- secring.gpg
|
|
25
|
-
# +--
|
|
29
|
+
# +-- trustdb.gpg
|
|
26
30
|
# ```
|
|
27
31
|
#
|
|
28
|
-
#
|
|
32
|
+
# gpg >= 2.1.0 (EL8):
|
|
33
|
+
# ```
|
|
34
|
+
# #{key_name}/ # key directory
|
|
35
|
+
# +-- RPM-GPG-KEY-SIMP-#{key_name} # key file
|
|
36
|
+
# +-- gengpgkey # --gen-key params file **
|
|
37
|
+
# +-- openpgp-revocs.d/<fingerprint id>.rev
|
|
38
|
+
# +-- private-keys-v1.d/<user id>.key
|
|
39
|
+
# +-- pubring.kbx
|
|
40
|
+
# +-- trustdb.gpg
|
|
41
|
+
# ```
|
|
42
|
+
#
|
|
43
|
+
# `**` = `SIMP::RpmSigner.sign_rpms` will use the values in the `gengpgkey` file
|
|
29
44
|
# for the GPG signing key's email and passphrase
|
|
30
45
|
#
|
|
31
46
|
# If a new key is required, a project-only `gpg-agent` daemon is momentarily
|
|
32
47
|
# created to generate it, and destroyed after this is done. The daemon does
|
|
33
|
-
# not interact with any other `gpg-agent` daemons on the system
|
|
34
|
-
# launched on
|
|
35
|
-
# #{key_name/} directory.
|
|
36
|
-
#
|
|
37
|
-
# When instantiated, the daemon writes an "env-file" to the #{key_name}
|
|
38
|
-
# directory. This file specifies the location of the daemon's socket and
|
|
39
|
-
# pid.
|
|
48
|
+
# not interact with any other `gpg-agent` daemons on the system. It is
|
|
49
|
+
# launched on random socket(s) whose socket file(s) can be found as follows:
|
|
40
50
|
#
|
|
41
|
-
#
|
|
51
|
+
# Location Environment
|
|
52
|
+
# #{key_name} dir Docker container for EL8
|
|
53
|
+
# temp dir in /run/user/<uid>/gnupg EL8
|
|
54
|
+
# temp dir in /tmp EL7
|
|
42
55
|
#
|
|
43
|
-
# ```sh
|
|
44
|
-
# GPG_AGENT_INFO=/tmp/gpg-4yhfOB/S.gpg-agent:15495:1
|
|
45
|
-
# ```
|
|
46
|
-
#
|
|
47
|
-
# A brand-new gpg-agent daemon will output similar information, with an
|
|
48
|
-
# additional export:
|
|
49
|
-
#
|
|
50
|
-
# ```sh
|
|
51
|
-
# GPG_AGENT_INFO=/tmp/gpg-4yhfOB/S.gpg-agent:15495:1; export GPG_AGENT_INFO;\n"
|
|
52
|
-
# ```
|
|
53
56
|
class LocalGpgSigningKey
|
|
54
57
|
include FileUtils
|
|
58
|
+
include Simp::CommandUtils
|
|
55
59
|
|
|
56
|
-
# `SIMP::
|
|
60
|
+
# `SIMP::RpmSigner.sign_rpms` will look for a 'gengpgkey' file to
|
|
57
61
|
# non-interactively sign packages.
|
|
58
62
|
#
|
|
59
|
-
# @see SIMP::
|
|
63
|
+
# @see SIMP::RpmSigner.sign_rpms
|
|
60
64
|
GPG_GENKEY_PARAMS_FILENAME = 'gengpgkey'.freeze
|
|
61
65
|
|
|
62
66
|
# @param dir [String] path to gpg-agent / key directory
|
|
@@ -74,10 +78,27 @@ module Simp
|
|
|
74
78
|
@key_file = opts[:file] || "RPM-GPG-KEY-SIMP-#{@label.capitalize}"
|
|
75
79
|
@verbose = opts[:verbose] || false
|
|
76
80
|
|
|
81
|
+
# for EL7 only
|
|
77
82
|
@gpg_agent_env_file = 'gpg-agent-info.env'
|
|
78
83
|
@gpg_agent_script = 'run_gpg_agent'
|
|
79
84
|
end
|
|
80
85
|
|
|
86
|
+
# Return the version of GPG installed on the system
|
|
87
|
+
#
|
|
88
|
+
# @return [Gem::Version]
|
|
89
|
+
def gpg_version
|
|
90
|
+
return @gpg_version if @gpg_version
|
|
91
|
+
|
|
92
|
+
which('gpg', true)
|
|
93
|
+
@gpg_version = %x{gpg --version}.lines.first.split(/\s+/).last
|
|
94
|
+
|
|
95
|
+
unless @gpg_version.nil? || @gpg_version.empty?
|
|
96
|
+
@gpg_version = Gem::Version.new(@gpg_version)
|
|
97
|
+
end
|
|
98
|
+
|
|
99
|
+
@gpg_version
|
|
100
|
+
end
|
|
101
|
+
|
|
81
102
|
# Returns a gpg-agent's env string, if it can be detected from the
|
|
82
103
|
# gpg-agent-info file
|
|
83
104
|
#
|
|
@@ -95,15 +116,45 @@ module Simp
|
|
|
95
116
|
info
|
|
96
117
|
end
|
|
97
118
|
|
|
98
|
-
# Return the number of days left before the GPG signing key expires
|
|
119
|
+
# Return the number of days left before the GPG signing key expires or
|
|
120
|
+
# 0 if the key does not exist or the key is missing an expiration date.
|
|
99
121
|
def dev_key_days_left
|
|
122
|
+
which('gpg', true)
|
|
100
123
|
ensure_gpg_directory
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
124
|
+
|
|
125
|
+
days_left = 0
|
|
126
|
+
cmd = "gpg --with-colons --homedir=#{@dir} --list-keys '<#{@key_email}>' 2>&1"
|
|
127
|
+
puts "Executing: #{cmd}" if @verbose
|
|
128
|
+
%x(#{cmd}).each_line do |line|
|
|
129
|
+
# See https://github.com/CSNW/gnupg/blob/master/doc/DETAILS
|
|
130
|
+
# Index Content
|
|
131
|
+
# 0 record type
|
|
132
|
+
# 6 expiration date
|
|
133
|
+
#
|
|
134
|
+
# If expiration date contains a 'T', it is in an ISO 8601 format
|
|
135
|
+
# (e.g., 20210223T091500). Otherwise it is seconds since the epoch.
|
|
136
|
+
#
|
|
137
|
+
fields = line.split(':')
|
|
138
|
+
if fields[0] && (fields[0] == 'pub')
|
|
139
|
+
raw_exp_date = fields[6]
|
|
140
|
+
unless raw_exp_date.nil? || raw_exp_date.strip.empty?
|
|
141
|
+
require 'date'
|
|
142
|
+
|
|
143
|
+
exp_date = nil
|
|
144
|
+
if raw_exp_date.include?('T')
|
|
145
|
+
exp_date = DateTime.parse(raw_exp_date).to_date
|
|
146
|
+
else
|
|
147
|
+
exp_date = Time.at(raw_exp_date.to_i).to_date
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
days_left = (exp_date - Date.today).to_i
|
|
151
|
+
days_left = 0 if days_left < 0
|
|
152
|
+
end
|
|
153
|
+
|
|
154
|
+
break
|
|
155
|
+
end
|
|
106
156
|
end
|
|
157
|
+
|
|
107
158
|
days_left
|
|
108
159
|
end
|
|
109
160
|
|
|
@@ -135,36 +186,18 @@ module Simp
|
|
|
135
186
|
|
|
136
187
|
clean_gpg_agent_directory
|
|
137
188
|
write_genkey_parameter_file
|
|
138
|
-
write_gpg_agent_startup_script
|
|
139
189
|
|
|
190
|
+
agent_info = nil
|
|
140
191
|
begin
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
local_socket = File.join(Dir.pwd, 'S.gpg-agent')
|
|
146
|
-
|
|
147
|
-
# This condition was handled differently in previous logic.
|
|
148
|
-
#
|
|
149
|
-
# a.) As the surrounding logic works now, it will _always_ be a new
|
|
150
|
-
# agent by this point, because the directory is cleaned out
|
|
151
|
-
# b.) The agent's information will be read from the env-file it
|
|
152
|
-
# writes at startup
|
|
153
|
-
# c.) The old command `gpg-agent --homedir=#{Dir.pwd} /get serverpid`
|
|
154
|
-
# did not work on EL6 or EL7.
|
|
155
|
-
#
|
|
156
|
-
warn(empty_gpg_agent_message) if gpg_agent_output.empty?
|
|
157
|
-
|
|
158
|
-
agent_info = gpg_agent_info
|
|
159
|
-
|
|
160
|
-
# The socket is useful to get back info on the command line.
|
|
161
|
-
unless File.exist?(File.join(Dir.pwd, File.basename(agent_info[:socket])))
|
|
162
|
-
ln_s(agent_info[:socket], local_socket, :verbose => @verbose)
|
|
192
|
+
if gpg_version < Gem::Version.new('2.1')
|
|
193
|
+
agent_info = start_gpg_agent_old
|
|
194
|
+
else
|
|
195
|
+
agent_info = start_gpg_agent
|
|
163
196
|
end
|
|
164
|
-
generate_key(agent_info[:info])
|
|
165
197
|
ensure
|
|
166
|
-
kill_agent(agent_info[:pid])
|
|
198
|
+
kill_agent(agent_info[:pid]) if agent_info
|
|
167
199
|
end
|
|
200
|
+
|
|
168
201
|
agent_info
|
|
169
202
|
end
|
|
170
203
|
end
|
|
@@ -174,7 +207,7 @@ module Simp
|
|
|
174
207
|
#
|
|
175
208
|
# @return [String] Warning message
|
|
176
209
|
def empty_gpg_agent_message
|
|
177
|
-
|
|
210
|
+
<<~WARNING
|
|
178
211
|
WARNING: Tried to start an project-only gpg-agent daemon on a random socket by
|
|
179
212
|
running the script:
|
|
180
213
|
|
|
@@ -195,7 +228,6 @@ module Simp
|
|
|
195
228
|
#
|
|
196
229
|
# @param pid [String] The GPG Agent PID to kill
|
|
197
230
|
def kill_agent(pid)
|
|
198
|
-
rm('S.gpg-agent') if File.symlink?('S.gpg-agent')
|
|
199
231
|
if pid
|
|
200
232
|
Process.kill(0, pid)
|
|
201
233
|
Process.kill(15, pid)
|
|
@@ -209,11 +241,18 @@ module Simp
|
|
|
209
241
|
# @param gpg_agent_info_str [String] value to set the GPG_AGENT_INFO
|
|
210
242
|
# environment variable to use in order to use the correct `gpg-agent`.
|
|
211
243
|
def generate_key(gpg_agent_info_str)
|
|
244
|
+
which('gpg', true)
|
|
245
|
+
|
|
212
246
|
puts "Generating new GPG key#{@verbose ? " under '#{@dir}'" : ''}..."
|
|
213
247
|
gpg_cmd = %(GPG_AGENT_INFO=#{gpg_agent_info_str} gpg --homedir="#{@dir}")
|
|
248
|
+
|
|
214
249
|
pipe = @verbose ? '| tee' : '>'
|
|
215
|
-
|
|
216
|
-
|
|
250
|
+
%x(#{gpg_cmd} --batch --gen-key #{GPG_GENKEY_PARAMS_FILENAME})
|
|
251
|
+
%x(#{gpg_cmd} --armor --export '<#{@key_email}>' #{pipe} "#{@key_file}")
|
|
252
|
+
|
|
253
|
+
if File.stat(@key_file).size == 0
|
|
254
|
+
fail "Error: Something went wrong generating #{@key_file}"
|
|
255
|
+
end
|
|
217
256
|
end
|
|
218
257
|
|
|
219
258
|
# Return a data structure from a gpg-agent env-file formatted string.
|
|
@@ -225,6 +264,62 @@ module Simp
|
|
|
225
264
|
{ info: info.strip, socket: matches[:socket], pid: matches[:pid].to_i }
|
|
226
265
|
end
|
|
227
266
|
|
|
267
|
+
# Start the gpg-agent
|
|
268
|
+
# @return Hash of agent info
|
|
269
|
+
# @raise if gpg-agent fails to start
|
|
270
|
+
def start_gpg_agent
|
|
271
|
+
which('gpg', true)
|
|
272
|
+
which('gpg-agent', true)
|
|
273
|
+
which('gpg-connect-agent', true)
|
|
274
|
+
|
|
275
|
+
# Start the GPG agent, if it is not already running
|
|
276
|
+
check_agent = "gpg-agent -q --homedir=#{Dir.pwd} >&/dev/null"
|
|
277
|
+
start_agent = "gpg-agent --homedir=#{Dir.pwd} --daemon >&/dev/null"
|
|
278
|
+
cmd = "#{check_agent} || #{start_agent}"
|
|
279
|
+
puts "Executing: #{cmd}" if @verbose
|
|
280
|
+
%x(#{cmd})
|
|
281
|
+
if $? && ($?.exitstatus != 0)
|
|
282
|
+
err_msg = [
|
|
283
|
+
'Failed to start gpg-agent during key creation.',
|
|
284
|
+
" Execute '#{start_agent.gsub(' >&/dev/null','')}' to debug."
|
|
285
|
+
].join("\n")
|
|
286
|
+
raise(err_msg)
|
|
287
|
+
end
|
|
288
|
+
|
|
289
|
+
agent_info = {}
|
|
290
|
+
|
|
291
|
+
# Provide a local socket (needed by the `gpg` command when
|
|
292
|
+
agent_info[:socket] = %x{echo 'GETINFO socket_name' | gpg-connect-agent --homedir=#{Dir.pwd}}.lines.first[1..-1].strip
|
|
293
|
+
|
|
294
|
+
# Get the pid
|
|
295
|
+
agent_info[:pid] = %x{echo 'GETINFO pid' | gpg-connect-agent --homedir=#{Dir.pwd}}.lines.first[1..-1].strip.to_i
|
|
296
|
+
|
|
297
|
+
generate_key(%{#{agent_info[:socket]}:#{agent_info[:pid]}:1})
|
|
298
|
+
|
|
299
|
+
agent_info
|
|
300
|
+
end
|
|
301
|
+
|
|
302
|
+
# Start the gpg-agent with options suitable for gpg version < 2.1
|
|
303
|
+
# @return Hash of agent info
|
|
304
|
+
def start_gpg_agent_old
|
|
305
|
+
write_gpg_agent_startup_script
|
|
306
|
+
gpg_agent_output = %x(./#{@gpg_agent_script}).strip
|
|
307
|
+
|
|
308
|
+
# By the time we get here, we can be assured we will be starting a
|
|
309
|
+
# new agent, because the directory is cleaned out.
|
|
310
|
+
#
|
|
311
|
+
# Follow-on gpg actions will read the agent's information from
|
|
312
|
+
# the env-file the agent writes at startup.
|
|
313
|
+
|
|
314
|
+
# We're using the --sh option which will spew out the agent config
|
|
315
|
+
# when the agent starts. If it is empty, this is a problem.
|
|
316
|
+
warn(empty_gpg_agent_message) if gpg_agent_output.empty?
|
|
317
|
+
|
|
318
|
+
agent_info = gpg_agent_info
|
|
319
|
+
generate_key(agent_info[:info])
|
|
320
|
+
agent_info
|
|
321
|
+
end
|
|
322
|
+
|
|
228
323
|
# Write the `gpg --genkey --batch` control parameter file
|
|
229
324
|
#
|
|
230
325
|
# @see "Unattended key generation" in /usr/share/doc/gnupg2-*/DETAILS for
|
|
@@ -232,38 +327,46 @@ module Simp
|
|
|
232
327
|
def write_genkey_parameter_file
|
|
233
328
|
now = Time.now.to_i.to_s
|
|
234
329
|
expire_date = Date.today + 14
|
|
235
|
-
passphrase = SecureRandom.base64(
|
|
236
|
-
genkey_parameters =
|
|
237
|
-
%echo Generating Development GPG Key
|
|
238
|
-
%echo
|
|
239
|
-
%echo This key will expire on #{expire_date}
|
|
240
|
-
%echo
|
|
241
|
-
Key-Type: RSA
|
|
242
|
-
Key-Length: 4096
|
|
243
|
-
Key-Usage: sign
|
|
244
|
-
Name-Real: SIMP Development
|
|
245
|
-
Name-Comment: Development key #{now}
|
|
246
|
-
Name-Email: #{@key_email}
|
|
247
|
-
Expire-Date: 2w
|
|
248
|
-
Passphrase: #{passphrase}
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
%
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
330
|
+
passphrase = SecureRandom.base64(100)
|
|
331
|
+
genkey_parameters = [
|
|
332
|
+
'%echo Generating Development GPG Key',
|
|
333
|
+
'%echo',
|
|
334
|
+
"%echo This key will expire on #{expire_date}",
|
|
335
|
+
'%echo',
|
|
336
|
+
'Key-Type: RSA',
|
|
337
|
+
'Key-Length: 4096',
|
|
338
|
+
'Key-Usage: sign',
|
|
339
|
+
'Name-Real: SIMP Development',
|
|
340
|
+
"Name-Comment: Development key #{now}",
|
|
341
|
+
"Name-Email: #{@key_email}",
|
|
342
|
+
'Expire-Date: 2w',
|
|
343
|
+
"Passphrase: #{passphrase}",
|
|
344
|
+
]
|
|
345
|
+
|
|
346
|
+
if gpg_version < Gem::Version.new('2.1')
|
|
347
|
+
genkey_parameters << '%pubring pubring.gpg'
|
|
348
|
+
genkey_parameters << '%secring secring.gpg'
|
|
349
|
+
end
|
|
350
|
+
|
|
351
|
+
genkey_parameters << '# The following creates the key, so we can print "Done!" afterwards'
|
|
352
|
+
genkey_parameters << '%commit'
|
|
353
|
+
genkey_parameters << '%echo New GPG Development Key Created'
|
|
354
|
+
|
|
355
|
+
File.open(GPG_GENKEY_PARAMS_FILENAME, 'w') { |fh| fh.puts(genkey_parameters.join("\n")) }
|
|
256
356
|
end
|
|
257
357
|
|
|
258
358
|
# Write a local gpg-agent daemon script file
|
|
259
359
|
def write_gpg_agent_startup_script
|
|
260
|
-
|
|
360
|
+
which('gpg-agent', true)
|
|
361
|
+
pinentry_cmd = which('pinentry-curses', true)
|
|
362
|
+
|
|
363
|
+
gpg_agent_script = <<~AGENT_SCRIPT
|
|
261
364
|
#!/bin/sh
|
|
262
365
|
|
|
263
366
|
gpg-agent --homedir=#{Dir.pwd} --daemon \
|
|
264
367
|
--no-use-standard-socket --sh --batch \
|
|
265
368
|
--write-env-file "#{@gpg_agent_env_file}" \
|
|
266
|
-
--pinentry-program
|
|
369
|
+
--pinentry-program #{pinentry_cmd} < /dev/null &
|
|
267
370
|
AGENT_SCRIPT
|
|
268
371
|
|
|
269
372
|
File.open(@gpg_agent_script, 'w') { |fh| fh.puts(gpg_agent_script) }
|