simp-rake-helpers 5.11.4 → 5.12.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (194) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +46 -0
  3. data/CONTRIBUTING.md +1 -1
  4. data/Gemfile +2 -1
  5. data/README.md +3 -38
  6. data/Rakefile +2 -3
  7. data/lib/simp/command_utils.rb +21 -0
  8. data/lib/simp/componentinfo.rb +17 -0
  9. data/lib/simp/local_gpg_signing_key.rb +184 -81
  10. data/lib/simp/rake.rb +3 -10
  11. data/lib/simp/rake/build/build.rb +45 -29
  12. data/lib/simp/rake/build/constants.rb +5 -1
  13. data/lib/simp/rake/build/iso.rb +1 -1
  14. data/lib/simp/rake/build/pkg.rb +168 -52
  15. data/lib/simp/rake/build/spec.rb +1 -1
  16. data/lib/simp/rake/build/tar.rb +1 -1
  17. data/lib/simp/rake/build/unpack.rb +1 -1
  18. data/lib/simp/rake/build/upload.rb +1 -1
  19. data/lib/simp/rake/helpers/assets/rpm_spec/simp6.spec +3 -3
  20. data/lib/simp/rake/helpers/assets/rpm_spec/simpdefault.spec +3 -3
  21. data/lib/simp/rake/helpers/version.rb +1 -1
  22. data/lib/simp/rake/pkg.rb +5 -1
  23. data/lib/simp/rake/pupmod/helpers.rb +2 -0
  24. data/lib/simp/rake/rubygem.rb +5 -1
  25. data/lib/simp/rpm.rb +13 -125
  26. data/lib/simp/rpm_signer.rb +321 -0
  27. data/spec/acceptance/nodesets/default.yml +18 -109
  28. data/spec/acceptance/{00_pkg_rpm_custom_scriptlets_spec.rb → suites/default/00_pkg_rpm_custom_scriptlets_spec.rb} +21 -22
  29. data/spec/acceptance/{10_pkg_rpm_spec.rb → suites/default/10_pkg_rpm_spec.rb} +50 -52
  30. data/spec/acceptance/{30_pkg_misc_spec.rb → suites/default/30_pkg_misc_spec.rb} +1 -1
  31. data/spec/acceptance/{50_local_gpg_signing_key_spec.rb → suites/default/50_local_gpg_signing_key_spec.rb} +7 -3
  32. data/spec/acceptance/suites/default/55_build_pkg_signing_spec.rb +391 -0
  33. data/spec/acceptance/{development → suites/default/development}/docker_env.sh +0 -0
  34. data/spec/acceptance/{development → suites/default/development}/rerun_acceptance_tests.sh +0 -0
  35. data/spec/acceptance/{development → suites/default/development}/vagrant_rsync.sh +0 -0
  36. data/spec/acceptance/{files → suites/default/files}/asset/Rakefile +0 -0
  37. data/spec/acceptance/{files → suites/default/files}/asset/build/asset.spec +0 -0
  38. data/spec/acceptance/{files → suites/default/files}/asset_with_misordered_entries/Rakefile +0 -0
  39. data/spec/acceptance/{files → suites/default/files}/asset_with_misordered_entries/build/asset_with_misordered_entries.spec +0 -0
  40. data/spec/acceptance/{files → suites/default/files}/build/pkg/gpg-keydir.expired.2018-04-06/RPM-GPG-KEY-SIMP-Dev +0 -0
  41. data/spec/acceptance/{files → suites/default/files}/build/pkg/gpg-keydir.expired.2018-04-06/gengpgkey +0 -0
  42. data/spec/acceptance/{files → suites/default/files}/build/pkg/gpg-keydir.expired.2018-04-06/pubring.gpg +0 -0
  43. data/spec/acceptance/{files → suites/default/files}/build/pkg/gpg-keydir.expired.2018-04-06/random_seed +0 -0
  44. data/spec/acceptance/{files → suites/default/files}/build/pkg/gpg-keydir.expired.2018-04-06/run_gpg_agent +0 -0
  45. data/spec/acceptance/{files → suites/default/files}/build/pkg/gpg-keydir.expired.2018-04-06/secring.gpg +0 -0
  46. data/spec/acceptance/{files → suites/default/files}/build/pkg/gpg-keydir.expired.2018-04-06/trustdb.gpg +0 -0
  47. data/spec/acceptance/{files → suites/default/files}/build/project_skeleton/Puppetfile.tracking +0 -0
  48. data/spec/acceptance/{files → suites/default/files}/build/project_skeleton/README.md +0 -0
  49. data/spec/acceptance/{files → suites/default/files}/build/project_skeleton/Rakefile +0 -0
  50. data/spec/acceptance/{files → suites/default/files}/build/project_skeleton/src/assets/simp/build/simp.spec +0 -0
  51. data/spec/acceptance/{files → suites/default/files}/module/CHANGELOG +0 -0
  52. data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-new-package-2.1 → suites/default/files/module}/Rakefile +0 -0
  53. data/spec/acceptance/{files → suites/default/files}/module/metadata.json +0 -0
  54. data/spec/acceptance/{files → suites/default/files}/module_with_misordered_entries/CHANGELOG +0 -0
  55. data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-new-package-3.0 → suites/default/files/module_with_misordered_entries}/Rakefile +0 -0
  56. data/spec/acceptance/{files → suites/default/files}/module_with_misordered_entries/metadata.json +0 -0
  57. data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-new-package-2.1 → suites/default/files/simplib}/CHANGELOG +0 -0
  58. data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-old-package-1.0 → suites/default/files/simplib}/Rakefile +0 -0
  59. data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-old-package-1.0 → suites/default/files/simplib}/build/rpm_metadata/requires +0 -0
  60. data/spec/acceptance/{files → suites/default/files}/simplib/metadata.json +0 -0
  61. data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-new-package-3.0 → suites/default/files/testpackage}/CHANGELOG +0 -0
  62. data/spec/acceptance/suites/default/files/testpackage/README +8 -0
  63. data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-old-package-2.0 → suites/default/files/testpackage}/Rakefile +0 -0
  64. data/spec/acceptance/{files/package_upgrades/pupmod-simp-testpackage-1.0 → suites/default/files/testpackage}/build/rpm_metadata/requires +0 -0
  65. data/spec/acceptance/{files → suites/default/files}/testpackage/metadata.json +0 -0
  66. data/spec/acceptance/suites/default/files/testpackage/spec/classes/init_spec.rb +1 -0
  67. data/spec/acceptance/suites/default/files/testpackage/spec/files/mock_something.rb +3 -0
  68. data/spec/acceptance/suites/default/files/testpackage/utils/convert_v1_to_v2.rb +3 -0
  69. data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-old-package-1.0 → suites/default/files/testpackage_custom_scriptlet}/CHANGELOG +0 -0
  70. data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-old-package-2.2 → suites/default/files/testpackage_custom_scriptlet}/Rakefile +0 -0
  71. data/spec/acceptance/{files → suites/default/files}/testpackage_custom_scriptlet/build/rpm_metadata/custom/overrides +0 -0
  72. data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-old-package-2.0 → suites/default/files/testpackage_custom_scriptlet}/build/rpm_metadata/requires +0 -0
  73. data/spec/acceptance/{files → suites/default/files}/testpackage_custom_scriptlet/metadata.json +0 -0
  74. data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-old-package-2.0 → suites/default/files/testpackage_missing_license}/CHANGELOG +0 -0
  75. data/spec/acceptance/{files/module → suites/default/files/testpackage_missing_license}/Rakefile +0 -0
  76. data/spec/acceptance/{files/simplib → suites/default/files/testpackage_missing_license}/build/rpm_metadata/requires +0 -0
  77. data/spec/acceptance/{files → suites/default/files}/testpackage_missing_license/metadata.json +0 -0
  78. data/spec/acceptance/{files/custom_scriptlet_triggers/pupmod-old-package-2.2 → suites/default/files/testpackage_missing_metadata_file}/CHANGELOG +0 -0
  79. data/spec/acceptance/{files/module_with_misordered_entries → suites/default/files/testpackage_missing_metadata_file}/Rakefile +0 -0
  80. data/spec/acceptance/{files/testpackage_custom_scriptlet → suites/default/files/testpackage_missing_metadata_file}/build/rpm_metadata/requires +0 -0
  81. data/spec/acceptance/{files/simplib → suites/default/files/testpackage_missing_name}/CHANGELOG +0 -0
  82. data/spec/acceptance/{files/package_upgrades/pupmod-simp-testpackage-1.0 → suites/default/files/testpackage_missing_name}/Rakefile +0 -0
  83. data/spec/acceptance/{files/testpackage_missing_license → suites/default/files/testpackage_missing_name}/build/rpm_metadata/requires +0 -0
  84. data/spec/acceptance/{files → suites/default/files}/testpackage_missing_name/metadata.json +0 -0
  85. data/spec/acceptance/{files/testpackage → suites/default/files/testpackage_missing_source}/CHANGELOG +0 -0
  86. data/spec/acceptance/{files/package_upgrades/pupmod-simp-testpackage-2.0 → suites/default/files/testpackage_missing_source}/Rakefile +0 -0
  87. data/spec/acceptance/{files/testpackage_missing_metadata_file → suites/default/files/testpackage_missing_source}/build/rpm_metadata/requires +0 -0
  88. data/spec/acceptance/{files → suites/default/files}/testpackage_missing_source/metadata.json +0 -0
  89. data/spec/acceptance/{files/testpackage_custom_scriptlet → suites/default/files/testpackage_missing_summary}/CHANGELOG +0 -0
  90. data/spec/acceptance/{files/simplib → suites/default/files/testpackage_missing_summary}/Rakefile +0 -0
  91. data/spec/acceptance/{files/testpackage_missing_name → suites/default/files/testpackage_missing_summary}/build/rpm_metadata/requires +0 -0
  92. data/spec/acceptance/{files → suites/default/files}/testpackage_missing_summary/metadata.json +0 -0
  93. data/spec/acceptance/{files/testpackage_missing_license → suites/default/files/testpackage_missing_version}/CHANGELOG +0 -0
  94. data/spec/acceptance/{files/testpackage → suites/default/files/testpackage_missing_version}/Rakefile +0 -0
  95. data/spec/acceptance/{files/testpackage_missing_source → suites/default/files/testpackage_missing_version}/build/rpm_metadata/requires +0 -0
  96. data/spec/acceptance/{files → suites/default/files}/testpackage_missing_version/metadata.json +0 -0
  97. data/spec/acceptance/{files → suites/default/files}/testpackage_with_bad_changelog_date/CHANGELOG +0 -0
  98. data/spec/acceptance/{files/testpackage_custom_scriptlet → suites/default/files/testpackage_with_bad_changelog_date}/Rakefile +0 -0
  99. data/spec/acceptance/{files/testpackage_missing_summary → suites/default/files/testpackage_with_bad_changelog_date}/build/rpm_metadata/requires +0 -0
  100. data/spec/acceptance/{files → suites/default/files}/testpackage_with_bad_changelog_date/metadata.json +0 -0
  101. data/spec/acceptance/{files/testpackage_missing_metadata_file → suites/default/files/testpackage_with_release}/CHANGELOG +0 -0
  102. data/spec/acceptance/{files/testpackage_missing_license → suites/default/files/testpackage_with_release}/Rakefile +0 -0
  103. data/spec/acceptance/{files → suites/default/files}/testpackage_with_release/build/rpm_metadata/release +0 -0
  104. data/spec/acceptance/{files/testpackage_missing_version → suites/default/files/testpackage_with_release}/build/rpm_metadata/requires +0 -0
  105. data/spec/acceptance/{files → suites/default/files}/testpackage_with_release/metadata.json +0 -0
  106. data/spec/acceptance/{files/testpackage_missing_metadata_file → suites/default/files/testpackage_without_changelog}/Rakefile +0 -0
  107. data/spec/acceptance/{files/testpackage_with_bad_changelog_date → suites/default/files/testpackage_without_changelog}/build/rpm_metadata/requires +0 -0
  108. data/spec/acceptance/{files → suites/default/files}/testpackage_without_changelog/metadata.json +0 -0
  109. data/spec/acceptance/{support → suites/default/support}/build_project_helpers.rb +33 -9
  110. data/spec/acceptance/{support → suites/default/support}/build_user_helpers.rb +0 -0
  111. data/spec/acceptance/{support → suites/default/support}/pkg_rpm_helpers.rb +0 -0
  112. data/spec/lib/simp/ci/gitlab_spec.rb +12 -13
  113. data/spec/lib/simp/command_utils_spec.rb +29 -0
  114. data/spec/lib/simp/componentinfo_spec.rb +10 -4
  115. data/spec/lib/simp/local_gpg_signing_key_spec.rb.beaker-only +115 -18
  116. data/spec/lib/simp/rake/build/helpers_spec.rb +3 -0
  117. data/spec/lib/simp/rake/build/rpmdeps_spec.rb +1 -2
  118. data/spec/lib/simp/rake/pupmod/fixtures/othermod/Gemfile +1 -10
  119. data/spec/lib/simp/rake/pupmod/fixtures/simpmod/README.md +2 -2
  120. data/spec/lib/simp/rake_spec.rb +2 -1
  121. data/spec/lib/simp/relchecks_check_rpm_changelog_spec.rb +20 -10
  122. data/spec/lib/simp/relchecks_compare_latest_tag_spec.rb +17 -17
  123. data/spec/lib/simp/rpm_signer_spec.rb +98 -0
  124. data/spec/lib/simp/rpm_spec.rb +1 -7
  125. data/spec/spec_helper.rb +1 -1
  126. data/spec/spec_helper_acceptance.rb +20 -3
  127. metadata +94 -151
  128. data/.travis.yml +0 -60
  129. data/lib/simp/rake/helpers/assets/rpm_spec/simp4.spec +0 -388
  130. data/lib/simp/rake/helpers/assets/rpm_spec/simp5.spec +0 -388
  131. data/spec/acceptance/20_pkg_rpm_upgrade_spec.rb +0 -236
  132. data/spec/acceptance/55_build_pkg_signing_spec.rb +0 -140
  133. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/build/rpm_metadata/custom/overrides +0 -14
  134. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/build/rpm_metadata/requires +0 -1
  135. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/metadata.json +0 -33
  136. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/build/rpm_metadata/custom/overrides +0 -14
  137. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/build/rpm_metadata/requires +0 -1
  138. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/metadata.json +0 -33
  139. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-1.0/metadata.json +0 -33
  140. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.0/metadata.json +0 -33
  141. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/build/rpm_metadata/custom/overrides +0 -14
  142. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/build/rpm_metadata/requires +0 -1
  143. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/metadata.json +0 -33
  144. data/spec/acceptance/files/mock_packages/pupmod-puppetlabs-stdlib.spec +0 -32
  145. data/spec/acceptance/files/mock_packages/pupmod-simp-foo.spec +0 -32
  146. data/spec/acceptance/files/mock_packages/pupmod-simp-simplib.spec +0 -32
  147. data/spec/acceptance/files/mock_packages/rpmbuild.sh +0 -25
  148. data/spec/acceptance/files/mock_packages/simp-adapter.spec +0 -43
  149. data/spec/acceptance/files/mock_packages/simp-adapter/etc/simp/adapter_config.yaml +0 -3
  150. data/spec/acceptance/files/mock_packages/simp-adapter/usr/local/sbin/simp_rpm_helper +0 -495
  151. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/CHANGELOG +0 -2
  152. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/data/os/CentOS.yaml +0 -2
  153. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/data/os/RedHat.yaml +0 -2
  154. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/hiera.yaml +0 -14
  155. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/manifests/init.pp +0 -2
  156. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/metadata.json +0 -37
  157. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/CHANGELOG +0 -5
  158. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/build/rpm_metadata/requires +0 -2
  159. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/data/os/CentOS.yaml +0 -2
  160. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/data/os/RedHat.yaml +0 -2
  161. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/hiera.yaml +0 -14
  162. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/manifests/init.pp +0 -3
  163. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/metadata.json +0 -37
  164. data/spec/acceptance/files/testpackage/build/rpm_metadata/requires +0 -2
  165. data/spec/acceptance/files/testpackage_missing_name/CHANGELOG +0 -2
  166. data/spec/acceptance/files/testpackage_missing_name/Rakefile +0 -3
  167. data/spec/acceptance/files/testpackage_missing_source/CHANGELOG +0 -2
  168. data/spec/acceptance/files/testpackage_missing_source/Rakefile +0 -3
  169. data/spec/acceptance/files/testpackage_missing_summary/CHANGELOG +0 -2
  170. data/spec/acceptance/files/testpackage_missing_summary/Rakefile +0 -3
  171. data/spec/acceptance/files/testpackage_missing_version/CHANGELOG +0 -2
  172. data/spec/acceptance/files/testpackage_missing_version/Rakefile +0 -3
  173. data/spec/acceptance/files/testpackage_with_bad_changelog_date/Rakefile +0 -3
  174. data/spec/acceptance/files/testpackage_with_release/CHANGELOG +0 -2
  175. data/spec/acceptance/files/testpackage_with_release/Rakefile +0 -3
  176. data/spec/acceptance/files/testpackage_with_release/build/rpm_metadata/requires +0 -1
  177. data/spec/acceptance/files/testpackage_without_changelog/Rakefile +0 -3
  178. data/spec/acceptance/files/testpackage_without_changelog/build/rpm_metadata/requires +0 -1
  179. data/spec/lib/simp/ci/files/job_broken_link_nodeset/spec/acceptance/suites/default/nodesets +0 -1
  180. data/spec/lib/simp/ci/files/job_invalid_nodeset/spec/acceptance/suites/default/nodesets +0 -1
  181. data/spec/lib/simp/ci/files/job_invalid_suite/spec/acceptance/suites/default/nodesets +0 -1
  182. data/spec/lib/simp/ci/files/job_missing_nodeset/spec/acceptance/suites/default/nodesets +0 -1
  183. data/spec/lib/simp/ci/files/job_missing_suite_and_nodeset/spec/acceptance/suites/default/nodesets +0 -1
  184. data/spec/lib/simp/ci/files/multiple_invalid_jobs/spec/acceptance/suites/default/nodesets +0 -1
  185. data/spec/lib/simp/ci/files/multiple_valid_jobs/spec/acceptance/suites/default/nodesets +0 -1
  186. data/spec/lib/simp/ci/files/no_gitlab_config_with_tests/spec/acceptance/suites/default/nodesets +0 -1
  187. data/spec/lib/simp/ci/files/no_gitlab_config_without_tests/spec/acceptance/suites/default/nodesets +0 -1
  188. data/spec/lib/simp/ci/files/suite_skeleton_only/spec/acceptance/nodesets/default.yml +0 -1
  189. data/spec/lib/simp/ci/files/suite_skeleton_only/spec/acceptance/suites/default/nodesets +0 -1
  190. data/spec/lib/simp/ci/files/valid_job_nodeset_dir_link/spec/acceptance/suites/default/nodesets +0 -1
  191. data/spec/lib/simp/ci/files/valid_job_nodeset_link/spec/acceptance/suites/default/nodesets/default.yml +0 -1
  192. data/spec/lib/simp/files/build/testpackage.spec +0 -1
  193. data/spec/lib/simp/rake/pupmod/fixtures/simpmod/spec/acceptance/nodesets/default.yml +0 -1
  194. data/spec/lib/simp/rake/pupmod/fixtures/simpmod/spec/acceptance/suites/default/nodesets +0 -1
@@ -1,121 +1,21 @@
1
1
  HOSTS:
2
- el6-build-server:
2
+ el7-build-server:
3
3
  roles:
4
4
  - default
5
- - master
6
- - agent
7
5
  - build_server
8
- platform: el-6-x86_64
6
+ platform: el-7-x86_64
9
7
  hypervisor: docker
10
- image: centos:6
11
- docker_image_commands:
12
- - 'yum install -y epel-release'
13
- - "echo 'Defaults:build_user !requiretty' >> /etc/sudoers"
14
- - "echo 'build_user ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers"
15
- - 'useradd -b /home -m -c "Build User" -s /bin/bash -U build_user'
16
- - 'yum install -y facter rubygem-json'
17
- # simp build-deps
18
- - 'yum install -y rpm-build augeas-devel createrepo genisoimage git gnupg2 libicu-devel libxml2 libxml2-devel libxslt libxslt-devel rpmdevtools which'
19
- # rvm build-deps
20
- - 'yum install -y libyaml-devel glibc-headers autoconf gcc-c++ glibc-devel readline-devel libffi-devel openssl-devel automake libtool bison sqlite-devel'
21
-
22
- #
23
- # Do our best to get one of the keys from at one of the servers, and to
24
- # trust the right ones if the GPG keyservers return bad keys
25
- #
26
- # These are the keys we want:
27
- #
28
- # 409B6B1796C275462A1703113804BB82D39DC0E3 # mpapis@gmail.com
29
- # 7D2BAF1CF37B13E2069D6956105BD0E739499BDB # piotr.kuczynski@gmail.com
30
- #
31
- # See:
32
- # - https://rvm.io/rvm/security
33
- # - https://github.com/rvm/rvm/blob/master/docs/gpg.md
34
- # - https://github.com/rvm/rvm/issues/4449
35
- # - https://github.com/rvm/rvm/issues/4250
36
- # - https://seclists.org/oss-sec/2018/q3/174
37
- #
38
- # NOTE (mostly to self): In addition to RVM's documented procedures,
39
- # importing from https://keybase.io/mpapis may be a practical
40
- # alternative for 409B6B1796C275462A1703113804BB82D39DC0E3:
41
- #
42
- # curl https://keybase.io/mpapis/pgp_keys.asc | gpg2 --import
43
- #
44
- - 'runuser build_user -l -c "for i in {1..5}; do { gpg2 --keyserver hkp://pool.sks-keyservers.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 || gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3; } && break || sleep 1; done"'
45
- - 'runuser build_user -l -c "for i in {1..5}; do { gpg2 --keyserver hkp://pool.sks-keyservers.net --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB || gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB; } && break || sleep 1; done"'
46
- # - 'runuser build_user -l -c "gpg2 --refresh-keys"'
47
- - 'runuser build_user -l -c "curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer -o rvm-installer && curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer.asc -o rvm-installer.asc && gpg2 --verify rvm-installer.asc rvm-installer && bash rvm-installer"'
48
- - 'runuser build_user -l -c "rvm install 2.4"'
49
- - 'runuser build_user -l -c "rvm use --default 2.4"'
50
- - 'runuser build_user -l -c "rvm all do gem install bundler"'
51
- mount_folders:
52
- folder1:
53
- host_path: ./
54
- container_path: /host_files
55
- docker_preserve_image: true
8
+ image: simpproject/simp_build_centos7
9
+ docker_cmd: '/usr/sbin/sshd -D -E /var/log/sshd.log'
56
10
 
57
- el7-build-server:
11
+ el8-build-server:
58
12
  roles:
59
13
  - build_server
60
- platform: el-7-x86_64
14
+ platform: el-8-x86_64
61
15
  hypervisor: docker
62
- image: centos:7
63
- docker_cmd: '/sbin/sshd; tail -f /dev/null'
64
- docker_image_commands:
65
- - 'yum install -y epel-release'
66
- - 'ln -sf /bin/true /usr/bin/systemctl'
67
- # Work around regression in beaker-docker
68
- # https://github.com/puppetlabs/beaker-docker/pull/15/files
69
- - 'yum install -y sudo openssh-server openssh-clients'
70
- - "sed -ri 's/^#?PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config"
71
- - "sed -ri 's/^#?PasswordAuthentication .*/PasswordAuthentication yes/' /etc/ssh/sshd_config"
72
- - "sed -ri 's/^#?UseDNS .*/UseDNS no/' /etc/ssh/sshd_config"
73
- - "echo 'Defaults:build_user !requiretty' >> /etc/sudoers"
74
- - "echo 'build_user ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers"
75
- - 'useradd -b /home -m -c "Build User" -s /bin/bash -U build_user'
76
- - 'yum install -y facter rubygem-json'
77
- # simp build-deps
78
- - 'yum install -y rpm-build augeas-devel createrepo genisoimage git gnupg2 libicu-devel libxml2 libxml2-devel libxslt libxslt-devel rpmdevtools clamav-update which'
79
-
80
- # rvm build-deps
81
- #
82
- # Do our best to get one of the keys from at one of the servers, and to
83
- # trust the right ones if the GPG keyservers return bad keys
84
- #
85
- # These are the keys we want:
86
- #
87
- # 409B6B1796C275462A1703113804BB82D39DC0E3 # mpapis@gmail.com
88
- # 7D2BAF1CF37B13E2069D6956105BD0E739499BDB # piotr.kuczynski@gmail.com
89
- #
90
- # See:
91
- # - https://rvm.io/rvm/security
92
- # - https://github.com/rvm/rvm/blob/master/docs/gpg.md
93
- # - https://github.com/rvm/rvm/issues/4449
94
- # - https://github.com/rvm/rvm/issues/4250
95
- # - https://seclists.org/oss-sec/2018/q3/174
96
- #
97
- # NOTE (mostly to self): In addition to RVM's documented procedures,
98
- # importing from https://keybase.io/mpapis may be a practical
99
- # alternative for 409B6B1796C275462A1703113804BB82D39DC0E3:
100
- #
101
- # curl https://keybase.io/mpapis/pgp_keys.asc | gpg2 --import
102
- #
103
- - 'runuser build_user -l -c "for i in {1..5}; do { gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3; } && { gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB; } && break || sleep 1; done"'
104
- - 'runuser build_user -l -c "gpg2 --refresh-keys"'
105
- - 'runuser build_user -l -c "curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer -o rvm-installer && curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer.asc -o rvm-installer.asc && gpg2 --verify rvm-installer.asc rvm-installer && bash rvm-installer"'
106
- - 'runuser build_user -l -c "rvm install 2.4"'
107
- - 'runuser build_user -l -c "rvm use --default 2.4"'
108
- - 'runuser build_user -l -c "rvm all do gem install bundler"'
109
- - 'yum install -y rpm-sign'
110
- mount_folders:
111
- folder1:
112
- host_path: ./
113
- container_path: /host_files
16
+ image: simpproject/simp_build_centos8
17
+ docker_cmd: '["/sbin/init"]'
114
18
  docker_preserve_image: true
115
- ssh:
116
- password: root
117
- auth_methods:
118
- - password
119
19
 
120
20
  CONFIG:
121
21
  log_level: verbose
@@ -123,5 +23,14 @@ CONFIG:
123
23
  <% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
124
24
  puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
125
25
  <% else -%>
126
- puppet_collection: puppet5
26
+ puppet_collection: puppet6
127
27
  <% end -%>
28
+ ssh:
29
+ password: root
30
+ auth_methods:
31
+ - password
32
+ docker_preserve_image: true
33
+ mount_folders:
34
+ host_files:
35
+ host_path: ./
36
+ container_path: /host_files
@@ -11,7 +11,7 @@ shared_examples_for 'an RPM generator with customized scriptlets' do
11
11
  scriptlets = rpm_scriptlets_for(
12
12
  host,
13
13
  "#{pkg_root_dir}/testpackage_custom_scriptlet/dist/" +
14
- 'pupmod-simp-testpackage-0.0.1-0.noarch.rpm'
14
+ 'pupmod-simp-testpackage-0.0.1-1.noarch.rpm'
15
15
  )
16
16
 
17
17
  comment '...the expected scriptlet types are present'
@@ -37,28 +37,28 @@ shared_examples_for 'an RPM generator with customized scriptlets' do
37
37
  comment '...default preun postun scriptlets call simp_rpm_helper with correct arguments'
38
38
  expected_simp_rpm_helper_scriptlets = scriptlet_label_map.select{|k,v| %w(preun postun).include? v }
39
39
  expected_simp_rpm_helper_scriptlets.each do |rpm_label, simp_helper_label|
40
- expected = <<EOM
41
- if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
42
- /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='#{simp_helper_label}' --rpm_status=$1
43
- fi
44
- EOM
40
+ expected = <<~EOM
41
+ if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
42
+ /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='#{simp_helper_label}' --rpm_status=$1
43
+ fi
44
+ EOM
45
45
  expect(scriptlets[rpm_label][:bare_content]).to eq(expected.strip)
46
46
  end
47
47
 
48
48
  comment '...default posttrans scriptlet calls simp_rpm_helper with correct arguments'
49
- expected = <<EOM
50
- if [ -e /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage ] ; then
51
- rm /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage
52
- if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
53
- /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=1
54
- fi
55
- elif [ -e /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage ] ; then
56
- rm /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage
57
- if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
58
- /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=2
59
- fi
60
- fi
61
- EOM
49
+ expected = <<~EOM
50
+ if [ -e /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage ] ; then
51
+ rm /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage
52
+ if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
53
+ /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=1
54
+ fi
55
+ elif [ -e /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage ] ; then
56
+ rm /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage
57
+ if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
58
+ /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=2
59
+ fi
60
+ fi
61
+ EOM
62
62
  expect(scriptlets['posttrans'][:bare_content]).to eq(expected.strip)
63
63
  end
64
64
  end
@@ -69,7 +69,7 @@ shared_examples_for 'an RPM generator with customized triggers' do
69
69
  triggers = rpm_triggers_for(
70
70
  host,
71
71
  "#{pkg_root_dir}/testpackage_custom_scriptlet/dist/" +
72
- 'pupmod-simp-testpackage-0.0.1-0.noarch.rpm'
72
+ 'pupmod-simp-testpackage-0.0.1-1.noarch.rpm'
73
73
  )
74
74
 
75
75
 
@@ -101,7 +101,7 @@ describe 'rake pkg:rpm with customized content' do
101
101
  copy_host_files_into_build_user_homedir(hosts)
102
102
  end
103
103
 
104
- let(:pkg_root_dir){'/home/build_user/host_files/spec/acceptance/files'}
104
+ let(:pkg_root_dir){'/home/build_user/host_files/spec/acceptance/suites/default/files'}
105
105
  let(:testpackage_dir){"#{pkg_root_dir}/testpackage"}
106
106
 
107
107
  hosts.each do |_host|
@@ -130,6 +130,5 @@ describe 'rake pkg:rpm with customized content' do
130
130
 
131
131
  end
132
132
  end
133
-
134
133
  end
135
134
  end
@@ -6,7 +6,7 @@ RSpec.configure do |c|
6
6
  c.extend Simp::BeakerHelpers::SimpRakeHelpers::PkgRpmHelpers
7
7
  end
8
8
 
9
- shared_examples_for "an RPM generator with edge cases" do
9
+ shared_examples_for 'an RPM generator with edge cases' do
10
10
  it 'should use specified release number for the RPM' do
11
11
  on host, %(#{run_cmd} "cd #{pkg_root_dir}/testpackage_with_release; #{rake_cmd} pkg:rpm")
12
12
  release_test_rpm = File.join(pkg_root_dir, 'testpackage_with_release',
@@ -21,14 +21,6 @@ shared_examples_for "an RPM generator with edge cases" do
21
21
  on host, %(rpm --changelog -qp #{changelog_test_rpm} | grep -q 'Auto Changelog')
22
22
  end
23
23
 
24
- it 'should not require pupmod-simp-simplib for simp-simplib RPM' do
25
- on host, %(#{run_cmd} "cd #{pkg_root_dir}/simplib; #{rake_cmd} pkg:rpm")
26
- simplib_rpm = File.join(pkg_root_dir, 'simplib', 'dist',
27
- File.basename(testpackage_rpm).gsub(/simp-testpackage-0.0.1/,'simp-simplib-1.2.3'))
28
- on host, %(test -f #{simplib_rpm})
29
- on host, %(rpm -qpR #{simplib_rpm} | grep -q pupmod-simp-simplib), {:acceptable_exit_codes => [1]}
30
- end
31
-
32
24
  it 'should not fail to create an RPM when the CHANGELOG has a bad date' do
33
25
  on host,
34
26
  %(#{run_cmd} "cd #{pkg_root_dir}/testpackage_with_bad_changelog_date; #{rake_cmd} pkg:rpm")
@@ -88,7 +80,7 @@ describe 'rake pkg:rpm' do
88
80
 
89
81
  context 'rpm building' do
90
82
 
91
- let(:pkg_root_dir){'/home/build_user/host_files/spec/acceptance/files'}
83
+ let(:pkg_root_dir){'/home/build_user/host_files/spec/acceptance/suites/default/files'}
92
84
  let(:testpackage_dir){"#{pkg_root_dir}/testpackage"}
93
85
 
94
86
  it 'can prep the package directories' do
@@ -115,7 +107,7 @@ describe 'rake pkg:rpm' do
115
107
  context 'using simpdefault.spec' do
116
108
 
117
109
  let(:build_type) {:default}
118
- let(:testpackage_rpm) { File.join(testpackage_dir, 'dist/pupmod-simp-testpackage-0.0.1-0.noarch.rpm') }
110
+ let(:testpackage_rpm) { File.join(testpackage_dir, 'dist/pupmod-simp-testpackage-0.0.1-1.noarch.rpm') }
119
111
 
120
112
  it 'should create an RPM' do
121
113
  comment "produces RPM on #{host}"
@@ -127,8 +119,8 @@ describe 'rake pkg:rpm' do
127
119
  on host, %(rpm -qpR #{testpackage_rpm} | grep -q pupmod-simp-foo), :acceptable_exit_codes => [1]
128
120
  on host, %(rpm -qpR #{testpackage_rpm} | grep -q pupmod-simp-simplib)
129
121
  on host, %(rpm -qpR #{testpackage_rpm} | grep -q pupmod-puppetlabs-stdlib)
130
- on host, %(rpm -qp --provides #{testpackage_rpm} | grep -q -x 'pupmod-testpackage = 0.0.1-0')
131
- on host, %(rpm -qp --provides #{testpackage_rpm} | grep -q -x 'simp-testpackage = 0.0.1-0')
122
+ on host, %(rpm -qp --provides #{testpackage_rpm} | grep -q -x 'pupmod-testpackage = 0.0.1-1')
123
+ on host, %(rpm -qp --provides #{testpackage_rpm} | grep -q -x 'simp-testpackage = 0.0.1-1')
132
124
  on host, %(rpm -qp --queryformat "[%{obsoletes}\\n]" #{testpackage_rpm} | grep -q "^pupmod-testpackage")
133
125
  on host, %(rpm -qp --queryformat "[%{obsoletes}\\n]" #{testpackage_rpm} | grep -q "^simp-testpackage")
134
126
 
@@ -147,59 +139,65 @@ describe 'rake pkg:rpm' do
147
139
  ].sort
148
140
 
149
141
  comment '...default preinstall scriptlet'
150
- expected =<<-EOM
151
- # (default scriptlet for SIMP 6.x)
152
- # when $1 = 1, this is an install
153
- # when $1 = 2, this is an upgrade
154
- mkdir -p /var/lib/rpm-state/simp-adapter
155
- touch /var/lib/rpm-state/simp-adapter/rpm_status$1.testpackage
156
- if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
157
- /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='pre' --rpm_status=$1
158
- fi
142
+ expected =<<~EOM
143
+ # (default scriptlet for SIMP 6.x)
144
+ # when $1 = 1, this is an install
145
+ # when $1 = 2, this is an upgrade
146
+ mkdir -p /var/lib/rpm-state/simp-adapter
147
+ touch /var/lib/rpm-state/simp-adapter/rpm_status$1.testpackage
148
+ if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
149
+ /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='pre' --rpm_status=$1
150
+ fi
159
151
  EOM
160
152
  expect(scriptlets['preinstall'][:content]).to eq( expected.strip )
161
153
 
162
154
  comment '...default preuninstall scriptlet'
163
- expected =<<-EOM
164
- # (default scriptlet for SIMP 6.x)
165
- # when $1 = 1, this is the uninstall of the previous version during an upgrade
166
- # when $1 = 0, this is the uninstall of the only version during an erase
167
- if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
168
- /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='preun' --rpm_status=$1
169
- fi
155
+ expected =<<~EOM
156
+ # (default scriptlet for SIMP 6.x)
157
+ # when $1 = 1, this is the uninstall of the previous version during an upgrade
158
+ # when $1 = 0, this is the uninstall of the only version during an erase
159
+ if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
160
+ /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='preun' --rpm_status=$1
161
+ fi
170
162
  EOM
171
163
  expect(scriptlets['preuninstall'][:content]).to eq( expected.strip )
172
164
 
173
165
  comment '...default postuninstall scriptlet'
174
- expected =<<-EOM
175
- # (default scriptlet for SIMP 6.x)
176
- # when $1 = 1, this is the uninstall of the previous version during an upgrade
177
- # when $1 = 0, this is the uninstall of the only version during an erase
178
- if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
179
- /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='postun' --rpm_status=$1
180
- fi
166
+ expected =<<~EOM
167
+ # (default scriptlet for SIMP 6.x)
168
+ # when $1 = 1, this is the uninstall of the previous version during an upgrade
169
+ # when $1 = 0, this is the uninstall of the only version during an erase
170
+ if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
171
+ /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='postun' --rpm_status=$1
172
+ fi
181
173
  EOM
182
174
  expect(scriptlets['postuninstall'][:content]).to eq( expected.strip )
183
175
 
184
176
  comment '...default posttrans scriptlet'
185
- expected =<<-EOM
186
- # (default scriptlet for SIMP 6.x)
187
- # Marker file is created in %pre and only exists for installs or upgrades
188
- # when marker file is prepended with 'rpm_status1.', this is an install
189
- # when marker file is prepended with 'rpm_status2.', this is an upgrade
190
- if [ -e /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage ] ; then
191
- rm /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage
192
- if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
193
- /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=1
194
- fi
195
- elif [ -e /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage ] ; then
196
- rm /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage
197
- if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
198
- /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=2
199
- fi
200
- fi
177
+ expected =<<~EOM
178
+ # (default scriptlet for SIMP 6.x)
179
+ # Marker file is created in %pre and only exists for installs or upgrades
180
+ # when marker file is prepended with 'rpm_status1.', this is an install
181
+ # when marker file is prepended with 'rpm_status2.', this is an upgrade
182
+ if [ -e /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage ] ; then
183
+ rm /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage
184
+ if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
185
+ /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=1
186
+ fi
187
+ elif [ -e /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage ] ; then
188
+ rm /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage
189
+ if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
190
+ /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=2
191
+ fi
192
+ fi
201
193
  EOM
202
194
  expect(scriptlets['posttrans'][:content]).to eq( expected.strip )
195
+
196
+ comment 'does not modify the shebangs in executable scripts in the RPM'
197
+ # if the shebangs were modified, we should see /usr/bin/ruby and /usr/bin/rspec
198
+ # as requirements of the RPM
199
+ on host, %(rpm -qpR #{testpackage_rpm} | grep -q /usr/bin/ruby), :acceptable_exit_codes => [1]
200
+ on host, %(rpm -qpR #{testpackage_rpm} | grep -q /usr/bin/rspec), :acceptable_exit_codes => [1]
203
201
  end
204
202
 
205
203
  it_should_behave_like 'an RPM generator with edge cases'
@@ -40,7 +40,7 @@ describe 'rake pkg:check_rpm_changelog' do
40
40
  hosts.each do |_host|
41
41
  context "on #{_host}" do
42
42
  let!(:host){ _host }
43
- let(:pkg_root_dir) { '/home/build_user/host_files/spec/acceptance/files' }
43
+ let(:pkg_root_dir) { '/home/build_user/host_files/spec/acceptance/suites/default/files' }
44
44
 
45
45
  it 'can prep the package directories' do
46
46
  testpackages = [
@@ -13,7 +13,7 @@ end
13
13
  #
14
14
  # It should be possible manage GPG keys using this logic from many OSes,
15
15
  # but it's silly to try to mock them all directly in RSpec.
16
- describe 'rake pkg:rpm with customized content' do
16
+ describe 'local_gpg_signing_key unit test' do
17
17
 
18
18
  def hf_cmd( hosts, cmd, env_str=nil, opts={})
19
19
  if ENV['PUPPET_VERSION']
@@ -24,11 +24,15 @@ describe 'rake pkg:rpm with customized content' do
24
24
 
25
25
  before :all do
26
26
  copy_host_files_into_build_user_homedir(hosts)
27
- hf_cmd(hosts, "bundle --local || bundle", nil, {run_in_parallel: true})
27
+
28
+ # If the build environment of user executing this test has a newer
29
+ # version of bundler than provided by the published docker container,
30
+ # the Gemfile.lock will cause problems. So, make sure to remove it!
31
+ hf_cmd(hosts, 'rm Gemfile.lock; bundle --local || bundle', nil, {run_in_parallel: true})
28
32
  end
29
33
 
30
34
  it 'can run the os-dependent Simp::LocalGpgSigningKey spec tests' do
31
- hf_cmd( hosts, "bundle exec rspec spec/lib/simp/local_gpg_signing_key_spec.rb.beaker-only" );
35
+ hf_cmd( hosts, 'bundle exec rspec spec/lib/simp/local_gpg_signing_key_spec.rb.beaker-only' );
32
36
  end
33
37
  end
34
38
 
@@ -0,0 +1,391 @@
1
+ require 'spec_helper_acceptance'
2
+ require_relative 'support/build_user_helpers'
3
+ require_relative 'support/build_project_helpers'
4
+
5
+ RSpec.configure do |c|
6
+ c.include Simp::BeakerHelpers::SimpRakeHelpers::BuildUserHelpers
7
+ c.extend Simp::BeakerHelpers::SimpRakeHelpers::BuildUserHelpers
8
+ c.include Simp::BeakerHelpers::SimpRakeHelpers::BuildProjectHelpers
9
+ c.extend Simp::BeakerHelpers::SimpRakeHelpers::BuildProjectHelpers
10
+ end
11
+
12
+ # options to be applied to each on() operation
13
+ def run_opts
14
+ # WARNING: If you set run_in_parallel to true, tests will fail
15
+ # when run in a GitHub action.
16
+ { run_in_parallel: false }
17
+ end
18
+
19
+ describe 'rake pkg:signrpms and pkg:checksig' do
20
+
21
+ # Clean out RPMs dir and copy in a fresh dummy RPM
22
+ def prep_rpms_dir(rpms_dir, src_rpms, opts = {})
23
+ copy_cmds = src_rpms.map { |_rpm| "cp -a '#{_rpm}' '#{rpms_dir}'" }.join('; ')
24
+ on(hosts, %(#{run_cmd} "rm -f '#{rpms_dir}/*'; #{copy_cmds} "), opts)
25
+ end
26
+
27
+ # Provides a scaffolded test project and `let` variables
28
+ shared_context 'a freshly-scaffolded test project' do |dir, opts = {}|
29
+ test__dir = "#{build_user_homedir}/test-#{dir}"
30
+ rpms__dir = "#{test__dir}/test.rpms"
31
+ src__rpm = "#{build_user_host_files}/spec/lib/simp/files/testpackage-1-0.noarch.rpm"
32
+ host__dirs = {}
33
+ gpg__keysdir = opts[:gpg_keysdir] ? opts[:gpg_keysdir] : "#{test__dir}/.dev_gpgkeys"
34
+ extra__env = opts[:gpg_keysdir] ? "SIMP_PKG_build_keys_dir=#{gpg__keysdir}" : ''
35
+ digest__algo = opts[:digest_algo] ? opts[:digest_algo] : nil
36
+
37
+
38
+ hosts.each do |host|
39
+ dist_dir = distribution_dir(host, test__dir, run_opts)
40
+ host__dirs[host] = {
41
+ test_dir: test__dir,
42
+ dvd_dir: "#{dist_dir}/DVD"
43
+ }
44
+ host__dirs[host.name] = host__dirs[host]
45
+ end
46
+
47
+ before(:all) do
48
+ # Scaffold a project skeleton
49
+ scaffold_build_project(hosts, test__dir, run_opts)
50
+
51
+ # Provide an RPM directory to process
52
+ on(hosts, %(#{run_cmd} "mkdir '#{rpms__dir}'"), run_opts)
53
+
54
+ # Ensure a DVD directory exists that is appropriate to each SUT
55
+ hosts.each do |host|
56
+ on(host, %(#{run_cmd} "mkdir -p '#{host__dirs[host][:dvd_dir]}'"), run_opts)
57
+ end
58
+ end
59
+
60
+ let(:test_dir) { test__dir }
61
+ let(:rpms_dir) { rpms__dir }
62
+ let(:src_rpm) { src__rpm }
63
+ let(:test_rpm) { "#{rpms__dir}/#{File.basename(src__rpm)}" }
64
+ let(:dirs) { host__dirs }
65
+ let(:dev_keydir) { "#{gpg__keysdir}/dev" }
66
+ let(:extra_env) { extra__env }
67
+ let(:digest_algo_param) { digest__algo }
68
+ let(:digest_algo_result) { digest__algo ? digest__algo.upcase : 'SHA256' }
69
+ let(:signrpm_cmd) {
70
+ extra_args = digest_algo_param ? ",false,#{digest_algo_param}" : ''
71
+ "SIMP_PKG_verbose=yes #{extra_env} bundle exec rake pkg:signrpms[dev,'#{rpms_dir}'#{extra_args}]"
72
+ }
73
+ let(:checksig_cmd) { "#{extra_env} bundle exec rake pkg:checksig[#{rpms_dir}]" }
74
+ end
75
+
76
+ let(:rpm_unsigned_regex) do
77
+ %r{^Signature\s+:\s+\(none\)$}
78
+ end
79
+
80
+ let(:rpm_signed_regex) do
81
+ %r{^Signature\s+:\s+\w+/(?<digest_algo>.*?),.*,\s*Key ID (?<key_id>[0-9a-f]+)$}
82
+ end
83
+
84
+ let(:expired_keydir) do
85
+ # NOTE: This expired keydir actually works on EL7 and EL8, even though
86
+ # the newer gpg version creates different files than those in this
87
+ # directory.
88
+ "#{build_user_host_files}/spec/acceptance/suites/default/files/build/pkg/gpg-keydir.expired.2018-04-06"
89
+ end
90
+
91
+ shared_examples 'it does not leave the gpg-agent daemon running' do
92
+ it 'does not leave the gpg-agent daemon running' do
93
+ hosts.each do |host|
94
+ expect(gpg_agent_running?(host, dev_keydir)).to be false
95
+ end
96
+ end
97
+ end
98
+
99
+ shared_examples 'it verifies RPM signatures' do
100
+ let(:public_gpgkeys_dir) { 'src/assets/gpgkeys/GPGKEYS' }
101
+ it 'verifies RPM signatures' do
102
+ hosts.each do |host|
103
+ # mock out the simp-gpgkeys project checkout so that the pkg:checksig
104
+ # doesn't fail before reading in the generated 'dev' GPGKEY
105
+ on(host, %(#{run_cmd} "cd '#{test_dir}'; mkdir -p #{public_gpgkeys_dir}"), run_opts)
106
+ on(host, %(#{run_cmd} "cd '#{test_dir}'; touch #{public_gpgkeys_dir}/RPM-GPG-KEY-empty"), run_opts)
107
+ on(host, %(#{run_cmd} "cd '#{test_dir}'; #{checksig_cmd}"), run_opts)
108
+ end
109
+ end
110
+ end
111
+
112
+ shared_examples 'it creates a new GPG dev signing key' do
113
+ it 'creates a new GPG dev signing key' do
114
+ on(hosts, %(#{run_cmd} "cd '#{test_dir}'; #{signrpm_cmd}"), run_opts)
115
+ hosts.each do |host|
116
+ expect(dev_signing_key_id(host, dev_keydir, run_opts)).to_not be_empty
117
+ expect(file_exists_on(host,"#{dirs[host][:dvd_dir]}/RPM-GPG-KEY-SIMP-Dev")).to be true
118
+ end
119
+ end
120
+
121
+ include_examples('it does not leave the gpg-agent daemon running')
122
+ end
123
+
124
+ shared_examples 'it begins with unsigned RPMs' do
125
+ it 'begins with unsigned RPMs' do
126
+ prep_rpms_dir(rpms_dir, [src_rpm], run_opts)
127
+ rpms_before_signing = on(hosts, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
128
+ rpms_before_signing.each do |result|
129
+ expect(result.stdout).to match rpm_unsigned_regex
130
+ end
131
+ end
132
+ end
133
+
134
+ shared_examples 'it creates GPG dev signing key and signs packages' do
135
+ it 'creates GPG dev signing key and signs packages' do
136
+ hosts.each do |host|
137
+ # NOTE: pkg:signrpms will not actually fail if it can't sign a RPM
138
+ on(hosts, %(#{run_cmd} "cd '#{test_dir}'; #{signrpm_cmd}"), run_opts)
139
+
140
+ expect(file_exists_on(host,"#{dirs[host][:dvd_dir]}/RPM-GPG-KEY-SIMP-Dev")).to be true
141
+
142
+ result = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
143
+ expect(result.stdout).to match rpm_signed_regex
144
+ signed_rpm_data = rpm_signed_regex.match(result.stdout)
145
+ expect(signed_rpm_data[:key_id]).to eql dev_signing_key_id(host, dev_keydir, run_opts)
146
+ expect(signed_rpm_data[:digest_algo]).to eql digest_algo_result
147
+ end
148
+ end
149
+
150
+ include_examples('it does not leave the gpg-agent daemon running')
151
+ end
152
+
153
+ shared_examples 'it signs RPM packages using existing GPG dev signing key' do
154
+ it 'signs RPM packages using existing GPG dev signing key' do
155
+ hosts.each do |host|
156
+ existing_key_id = dev_signing_key_id(host, dev_keydir, run_opts)
157
+
158
+ on(hosts, %(#{run_cmd} "cd '#{test_dir}'; #{signrpm_cmd}"), run_opts)
159
+
160
+ result = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
161
+ expect(result.stdout).to match rpm_signed_regex
162
+ signed_rpm_data = rpm_signed_regex.match(result.stdout)
163
+ expect(signed_rpm_data[:key_id]).to eql existing_key_id
164
+ expect(signed_rpm_data[:digest_algo]).to eql digest_algo_result
165
+ end
166
+ end
167
+
168
+ include_examples('it does not leave the gpg-agent daemon running')
169
+ end
170
+
171
+
172
+ describe 'when starting without a dev key and no RPMs to sign' do
173
+ include_context('a freshly-scaffolded test project', 'create-key')
174
+ include_examples('it creates a new GPG dev signing key')
175
+ end
176
+
177
+ describe 'when starting without a dev key and RPMs to sign' do
178
+ include_context('a freshly-scaffolded test project', 'signrpms')
179
+ include_examples('it begins with unsigned RPMs')
180
+ include_examples('it creates GPG dev signing key and signs packages')
181
+ include_examples('it verifies RPM signatures')
182
+
183
+ context 'when there is an unexpired GPG dev signing key and the packages are unsigned' do
184
+ include_examples('it begins with unsigned RPMs')
185
+ include_examples('it signs RPM packages using existing GPG dev signing key')
186
+ include_examples('it verifies RPM signatures')
187
+ end
188
+ end
189
+
190
+ describe 'when starting with an expired dev key' do
191
+ include_context('a freshly-scaffolded test project', 'signrpms-expired')
192
+
193
+ it 'begins with an expired GPG signing key' do
194
+ prep_rpms_dir(rpms_dir, [src_rpm], run_opts)
195
+ hosts.each do |host|
196
+ copy_expired_keydir_to_dev_cmds = [
197
+ "mkdir -p '$(dirname '#{dev_keydir}')'",
198
+ "cp -aT '#{expired_keydir}' '#{dev_keydir}'",
199
+ "ls -lart '#{expired_keydir}'"
200
+ ].join(' && ')
201
+ on(host, %(#{run_cmd} "#{copy_expired_keydir_to_dev_cmds}"), run_opts)
202
+ result = on(host, %(#{run_cmd} "gpg --list-keys --homedir='#{dev_keydir}'"), run_opts)
203
+ expect(result.stdout).to match(/expired: 2018-04-06/)
204
+ end
205
+ end
206
+
207
+ include_examples('it begins with unsigned RPMs')
208
+ include_examples('it creates GPG dev signing key and signs packages')
209
+ include_examples('it verifies RPM signatures')
210
+ end
211
+
212
+ describe 'when packages are already signed' do
213
+ let(:keysdir) { "#{test_dir}/.dev_gpgkeys" }
214
+
215
+ include_context('a freshly-scaffolded test project', 'force')
216
+
217
+ context 'initial package signing' do
218
+ include_examples('it begins with unsigned RPMs')
219
+ include_examples('it creates GPG dev signing key and signs packages')
220
+ end
221
+
222
+ context 'when force is disabled' do
223
+ before :each do
224
+ # remove the initial signing key
225
+ on(hosts, %(#{run_cmd} 'rm -rf #{keysdir}'))
226
+ end
227
+
228
+ it 'creates new GPG signing key but does not resign RPMs' do
229
+ hosts.each do |host|
230
+ # force defaults to false
231
+ on(host, %(#{run_cmd} "cd '#{test_dir}'; bundle exec rake pkg:signrpms[dev,'#{rpms_dir}']"), run_opts)
232
+
233
+ result = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
234
+ expect(result.stdout).to match rpm_signed_regex
235
+ signed_rpm_data = rpm_signed_regex.match(result.stdout)
236
+
237
+ # verify RPM is not signed with the new signing key
238
+ expect(signed_rpm_data[:key_id]).to_not eql dev_signing_key_id(host, dev_keydir, run_opts)
239
+ end
240
+ end
241
+
242
+ it 'does not verify RPM signatures with the new key' do
243
+ public_gpgkeys_dir = 'src/assets/gpgkeys/GPGKEYS'
244
+ hosts.each do |host|
245
+ # mock out the simp-gpgkeys project checkout so that the pkg:checksig
246
+ # doesn't fail before reading in the new generated 'dev' GPGKEY
247
+ on(host, %(#{run_cmd} "cd '#{test_dir}'; mkdir -p #{public_gpgkeys_dir}"), run_opts)
248
+ on(host, %(#{run_cmd} "cd '#{test_dir}'; touch #{public_gpgkeys_dir}/RPM-GPG-KEY-empty"), run_opts)
249
+ result = on(host, %(#{run_cmd} "cd '#{test_dir}'; #{checksig_cmd}"),
250
+ :acceptable_exit_codes => [1]
251
+ )
252
+
253
+ expect(result.stderr).to match('ERROR: Untrusted RPMs found in the repository')
254
+ end
255
+ end
256
+ end
257
+
258
+ context 'when force is enabled' do
259
+ before :each do
260
+ # remove the initial signing key
261
+ on(hosts, %(#{run_cmd} 'rm -rf #{keysdir}'))
262
+ end
263
+
264
+ it 'creates new GPG signing key and resigns RPMs' do
265
+ hosts.each do |host|
266
+ on(host, %(#{run_cmd} "cd '#{test_dir}'; bundle exec rake pkg:signrpms[dev,'#{rpms_dir}',true]"), run_opts)
267
+
268
+ result = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
269
+ expect(result.stdout).to match rpm_signed_regex
270
+ signed_rpm_data = rpm_signed_regex.match(result.stdout)
271
+
272
+ # verify RPM is signed with the new signing key
273
+ expect(signed_rpm_data[:key_id]).to eql dev_signing_key_id(host, dev_keydir, run_opts)
274
+ end
275
+ end
276
+ end
277
+ end
278
+
279
+ describe 'when SIMP_PKG_build_keys_dir is set' do
280
+ opts = { :gpg_keysdir => '/home/build_user/.dev_gpgpkeys' }
281
+ include_context('a freshly-scaffolded test project', 'custom-keys-dir', opts)
282
+ include_examples('it begins with unsigned RPMs')
283
+ include_examples('it creates GPG dev signing key and signs packages')
284
+ end
285
+
286
+ describe 'when digest algorithm is specified' do
287
+ opts = { :digest_algo => 'sha384' }
288
+ include_context('a freshly-scaffolded test project', 'custom-digest-algo', opts)
289
+ include_examples('it begins with unsigned RPMs')
290
+ include_examples('it creates GPG dev signing key and signs packages')
291
+ include_examples('it verifies RPM signatures')
292
+ end
293
+
294
+ describe 'when some rpm signing fails' do
295
+ include_context('a freshly-scaffolded test project', 'signing-failure')
296
+ include_examples('it begins with unsigned RPMs')
297
+
298
+ it 'should create a malformed RPM' do
299
+ on(hosts, %(#{run_cmd} "echo 'OOPS' > #{rpms_dir}/oops-test.rpm"))
300
+ end
301
+
302
+ it 'should sign all valid RPMs before failing' do
303
+ hosts.each do |host|
304
+ result = on(host,
305
+ %(#{run_cmd} "cd '#{test_dir}'; SIMP_PKG_verbose="yes" #{signrpm_cmd}"),
306
+ :acceptable_exit_codes => [1]
307
+ )
308
+
309
+ expect(result.stderr).to match('ERROR: Failed to sign some RPMs')
310
+
311
+ signature_check = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
312
+ expect(signature_check.stdout).to match rpm_signed_regex
313
+ end
314
+ end
315
+ end
316
+
317
+ describe 'when wrong keyword password is specified' do
318
+ include_context('a freshly-scaffolded test project', 'wrong-password')
319
+ include_examples('it creates a new GPG dev signing key')
320
+
321
+ it 'should corrupt the password of new key' do
322
+ key_gen_file = File.join(dev_keydir, 'gengpgkey')
323
+ on(hosts, "sed -i -e \"s/^Passphrase: /Passphrase: OOPS/\" #{key_gen_file}")
324
+ end
325
+
326
+ include_examples('it begins with unsigned RPMs')
327
+
328
+ it 'should fail to sign any rpms and notify user of each failure' do
329
+ hosts.each do |host|
330
+ result = on(host,
331
+ %(#{run_cmd} "cd '#{test_dir}'; SIMP_PKG_verbose="yes" #{signrpm_cmd}"),
332
+ :acceptable_exit_codes => [1]
333
+ )
334
+
335
+ err_msg = %r(Error occurred while attempting to sign #{test_rpm})
336
+ expect(result.stderr).to match(err_msg)
337
+
338
+ signature_check = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
339
+ expect(signature_check.stdout).to match rpm_unsigned_regex
340
+ end
341
+ end
342
+ end
343
+
344
+ hosts.each do |host|
345
+ os_major = fact_on(host,'operatingsystemmajrelease')
346
+ if os_major > '7'
347
+ # this problem only happens on EL > 7 in a docker container
348
+ describe "when gpg-agent's socket path is too long on #{host}" do
349
+ opts = { :gpg_keysdir => '/home/build_user/this/results/in/a/gpg_agent/socket/path/that/is/longer/than/one/hundred/eight/characters' }
350
+ include_context('a freshly-scaffolded test project', 'long-socket-path', opts)
351
+
352
+ context 'when the gpg key needs to be created ' do
353
+ it 'should fail to sign any rpms' do
354
+ on(host,
355
+ %(#{run_cmd} "cd '#{test_dir}'; SIMP_PKG_verbose="yes" #{signrpm_cmd}"),
356
+ :acceptable_exit_codes => [1]
357
+ )
358
+ end
359
+ end
360
+
361
+ context 'when the gpg key already exists' do
362
+ # This would be when a GPG key dir was populated with keys generated elsewhere.
363
+ # Reuse the keys from an earlier test.
364
+ it 'should copy existing key files into the gpg key dir' do
365
+ source_dir = '/home/build_user/test-create-key/.dev_gpgkeys/dev'
366
+ on(host, %(#{run_cmd} "cp -r #{source_dir}/* #{dev_keydir}"))
367
+ end
368
+
369
+ include_examples('it begins with unsigned RPMs')
370
+
371
+ it 'should fail to sign any rpms and notify user of each failure' do
372
+ # For rpm-sign-4.14.2-11.el8_0, 'rpm --resign' hangs instead of failing
373
+ # when gpg-agent fails to start.
374
+ # Set the default smaller than the 30 second default, so that we don't
375
+ # wait so long for the failure.
376
+ result = on(host,
377
+ %(#{run_cmd} "cd '#{test_dir}'; SIMP_PKG_rpmsign_timeout=5 SIMP_PKG_verbose="yes" #{signrpm_cmd}"),
378
+ :acceptable_exit_codes => [1]
379
+ )
380
+
381
+ err_msg = %r(Failed to sign #{test_rpm} in 5 seconds)
382
+ expect(result.stderr).to match(err_msg)
383
+
384
+ signature_check = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
385
+ expect(signature_check.stdout).to match rpm_unsigned_regex
386
+ end
387
+ end
388
+ end
389
+ end
390
+ end
391
+ end