simp-rake-helpers 5.11.6 → 5.12.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +28 -0
- data/CONTRIBUTING.md +1 -1
- data/README.md +1 -1
- data/lib/simp/command_utils.rb +21 -0
- data/lib/simp/local_gpg_signing_key.rb +128 -79
- data/lib/simp/rake.rb +3 -17
- data/lib/simp/rake/build/pkg.rb +102 -40
- data/lib/simp/rake/helpers/version.rb +1 -1
- data/lib/simp/rake/pkg.rb +5 -1
- data/lib/simp/rake/pupmod/helpers.rb +2 -0
- data/lib/simp/rake/rubygem.rb +5 -1
- data/lib/simp/rpm.rb +10 -127
- data/lib/simp/rpm_signer.rb +321 -0
- data/spec/acceptance/00_pkg_rpm_custom_scriptlets_spec.rb +18 -19
- data/spec/acceptance/10_pkg_rpm_spec.rb +46 -48
- data/spec/acceptance/50_local_gpg_signing_key_spec.rb +7 -3
- data/spec/acceptance/55_build_pkg_signing_spec.rb +293 -42
- data/spec/acceptance/files/testpackage/README +8 -0
- data/spec/acceptance/files/testpackage/spec/classes/init_spec.rb +1 -0
- data/spec/acceptance/files/testpackage/spec/files/mock_something.rb +3 -0
- data/spec/acceptance/files/testpackage/utils/convert_v1_to_v2.rb +3 -0
- data/spec/acceptance/nodesets/default.yml +15 -2
- data/spec/acceptance/support/build_project_helpers.rb +32 -8
- data/spec/lib/simp/command_utils_spec.rb +29 -0
- data/spec/lib/simp/local_gpg_signing_key_spec.rb.beaker-only +115 -18
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/README.md +2 -2
- data/spec/lib/simp/rpm_signer_spec.rb +98 -0
- data/spec/lib/simp/rpm_spec.rb +0 -6
- metadata +12 -67
- data/.travis.yml +0 -41
- data/spec/acceptance/20_pkg_rpm_upgrade_spec.rb +0 -236
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/CHANGELOG +0 -2
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/Rakefile +0 -3
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/build/rpm_metadata/custom/overrides +0 -14
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/build/rpm_metadata/requires +0 -1
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/metadata.json +0 -33
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/CHANGELOG +0 -2
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/Rakefile +0 -3
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/build/rpm_metadata/custom/overrides +0 -14
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/build/rpm_metadata/requires +0 -1
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/metadata.json +0 -33
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-1.0/CHANGELOG +0 -2
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-1.0/Rakefile +0 -3
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-1.0/build/rpm_metadata/requires +0 -1
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-1.0/metadata.json +0 -33
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.0/CHANGELOG +0 -2
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.0/Rakefile +0 -3
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.0/build/rpm_metadata/requires +0 -1
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.0/metadata.json +0 -33
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/CHANGELOG +0 -2
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/Rakefile +0 -3
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/build/rpm_metadata/custom/overrides +0 -14
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/build/rpm_metadata/requires +0 -1
- data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/metadata.json +0 -33
- data/spec/acceptance/files/mock_packages/pupmod-puppetlabs-stdlib.spec +0 -32
- data/spec/acceptance/files/mock_packages/pupmod-simp-foo.spec +0 -32
- data/spec/acceptance/files/mock_packages/pupmod-simp-simplib.spec +0 -32
- data/spec/acceptance/files/mock_packages/rpmbuild.sh +0 -25
- data/spec/acceptance/files/mock_packages/simp-adapter.spec +0 -43
- data/spec/acceptance/files/mock_packages/simp-adapter/etc/simp/adapter_config.yaml +0 -3
- data/spec/acceptance/files/mock_packages/simp-adapter/usr/local/sbin/simp_rpm_helper +0 -495
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/CHANGELOG +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/Rakefile +0 -3
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/build/rpm_metadata/requires +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/data/os/CentOS.yaml +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/data/os/RedHat.yaml +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/hiera.yaml +0 -14
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/manifests/init.pp +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/metadata.json +0 -37
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/CHANGELOG +0 -5
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/Rakefile +0 -3
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/build/rpm_metadata/requires +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/data/os/CentOS.yaml +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/data/os/RedHat.yaml +0 -2
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/hiera.yaml +0 -14
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/manifests/init.pp +0 -3
- data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/metadata.json +0 -37
- data/spec/lib/simp/ci/files/job_broken_link_nodeset/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/job_invalid_nodeset/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/job_invalid_suite/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/job_missing_nodeset/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/job_missing_suite_and_nodeset/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/multiple_invalid_jobs/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/multiple_valid_jobs/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/no_gitlab_config_with_tests/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/no_gitlab_config_without_tests/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/suite_skeleton_only/spec/acceptance/nodesets/default.yml +0 -1
- data/spec/lib/simp/ci/files/suite_skeleton_only/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/valid_job_nodeset_dir_link/spec/acceptance/suites/default/nodesets +0 -1
- data/spec/lib/simp/ci/files/valid_job_nodeset_link/spec/acceptance/suites/default/nodesets/default.yml +0 -1
- data/spec/lib/simp/files/build/testpackage.spec +0 -1
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/spec/acceptance/nodesets/default.yml +0 -1
- data/spec/lib/simp/rake/pupmod/fixtures/simpmod/spec/acceptance/suites/default/nodesets +0 -1
@@ -37,28 +37,28 @@ shared_examples_for 'an RPM generator with customized scriptlets' do
|
|
37
37
|
comment '...default preun postun scriptlets call simp_rpm_helper with correct arguments'
|
38
38
|
expected_simp_rpm_helper_scriptlets = scriptlet_label_map.select{|k,v| %w(preun postun).include? v }
|
39
39
|
expected_simp_rpm_helper_scriptlets.each do |rpm_label, simp_helper_label|
|
40
|
-
expected =
|
41
|
-
if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
|
42
|
-
|
43
|
-
fi
|
44
|
-
EOM
|
40
|
+
expected = <<~EOM
|
41
|
+
if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
|
42
|
+
/usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='#{simp_helper_label}' --rpm_status=$1
|
43
|
+
fi
|
44
|
+
EOM
|
45
45
|
expect(scriptlets[rpm_label][:bare_content]).to eq(expected.strip)
|
46
46
|
end
|
47
47
|
|
48
48
|
comment '...default posttrans scriptlet calls simp_rpm_helper with correct arguments'
|
49
|
-
expected =
|
50
|
-
if [ -e /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage ] ; then
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
elif [ -e /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage ] ; then
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
fi
|
61
|
-
EOM
|
49
|
+
expected = <<~EOM
|
50
|
+
if [ -e /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage ] ; then
|
51
|
+
rm /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage
|
52
|
+
if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
|
53
|
+
/usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=1
|
54
|
+
fi
|
55
|
+
elif [ -e /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage ] ; then
|
56
|
+
rm /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage
|
57
|
+
if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
|
58
|
+
/usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=2
|
59
|
+
fi
|
60
|
+
fi
|
61
|
+
EOM
|
62
62
|
expect(scriptlets['posttrans'][:bare_content]).to eq(expected.strip)
|
63
63
|
end
|
64
64
|
end
|
@@ -130,6 +130,5 @@ describe 'rake pkg:rpm with customized content' do
|
|
130
130
|
|
131
131
|
end
|
132
132
|
end
|
133
|
-
|
134
133
|
end
|
135
134
|
end
|
@@ -6,7 +6,7 @@ RSpec.configure do |c|
|
|
6
6
|
c.extend Simp::BeakerHelpers::SimpRakeHelpers::PkgRpmHelpers
|
7
7
|
end
|
8
8
|
|
9
|
-
shared_examples_for
|
9
|
+
shared_examples_for 'an RPM generator with edge cases' do
|
10
10
|
it 'should use specified release number for the RPM' do
|
11
11
|
on host, %(#{run_cmd} "cd #{pkg_root_dir}/testpackage_with_release; #{rake_cmd} pkg:rpm")
|
12
12
|
release_test_rpm = File.join(pkg_root_dir, 'testpackage_with_release',
|
@@ -21,14 +21,6 @@ shared_examples_for "an RPM generator with edge cases" do
|
|
21
21
|
on host, %(rpm --changelog -qp #{changelog_test_rpm} | grep -q 'Auto Changelog')
|
22
22
|
end
|
23
23
|
|
24
|
-
it 'should not require pupmod-simp-simplib for simp-simplib RPM' do
|
25
|
-
on host, %(#{run_cmd} "cd #{pkg_root_dir}/simplib; #{rake_cmd} pkg:rpm")
|
26
|
-
simplib_rpm = File.join(pkg_root_dir, 'simplib', 'dist',
|
27
|
-
File.basename(testpackage_rpm).gsub(/simp-testpackage-0.0.1/,'simp-simplib-1.2.3'))
|
28
|
-
on host, %(test -f #{simplib_rpm})
|
29
|
-
on host, %(rpm -qpR #{simplib_rpm} | grep -q pupmod-simp-simplib), {:acceptable_exit_codes => [1]}
|
30
|
-
end
|
31
|
-
|
32
24
|
it 'should not fail to create an RPM when the CHANGELOG has a bad date' do
|
33
25
|
on host,
|
34
26
|
%(#{run_cmd} "cd #{pkg_root_dir}/testpackage_with_bad_changelog_date; #{rake_cmd} pkg:rpm")
|
@@ -147,59 +139,65 @@ describe 'rake pkg:rpm' do
|
|
147
139
|
].sort
|
148
140
|
|
149
141
|
comment '...default preinstall scriptlet'
|
150
|
-
expected
|
151
|
-
# (default scriptlet for SIMP 6.x)
|
152
|
-
# when $1 = 1, this is an install
|
153
|
-
# when $1 = 2, this is an upgrade
|
154
|
-
mkdir -p /var/lib/rpm-state/simp-adapter
|
155
|
-
touch /var/lib/rpm-state/simp-adapter/rpm_status$1.testpackage
|
156
|
-
if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
|
157
|
-
|
158
|
-
fi
|
142
|
+
expected =<<~EOM
|
143
|
+
# (default scriptlet for SIMP 6.x)
|
144
|
+
# when $1 = 1, this is an install
|
145
|
+
# when $1 = 2, this is an upgrade
|
146
|
+
mkdir -p /var/lib/rpm-state/simp-adapter
|
147
|
+
touch /var/lib/rpm-state/simp-adapter/rpm_status$1.testpackage
|
148
|
+
if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
|
149
|
+
/usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='pre' --rpm_status=$1
|
150
|
+
fi
|
159
151
|
EOM
|
160
152
|
expect(scriptlets['preinstall'][:content]).to eq( expected.strip )
|
161
153
|
|
162
154
|
comment '...default preuninstall scriptlet'
|
163
|
-
expected
|
164
|
-
# (default scriptlet for SIMP 6.x)
|
165
|
-
# when $1 = 1, this is the uninstall of the previous version during an upgrade
|
166
|
-
# when $1 = 0, this is the uninstall of the only version during an erase
|
167
|
-
if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
|
168
|
-
|
169
|
-
fi
|
155
|
+
expected =<<~EOM
|
156
|
+
# (default scriptlet for SIMP 6.x)
|
157
|
+
# when $1 = 1, this is the uninstall of the previous version during an upgrade
|
158
|
+
# when $1 = 0, this is the uninstall of the only version during an erase
|
159
|
+
if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
|
160
|
+
/usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='preun' --rpm_status=$1
|
161
|
+
fi
|
170
162
|
EOM
|
171
163
|
expect(scriptlets['preuninstall'][:content]).to eq( expected.strip )
|
172
164
|
|
173
165
|
comment '...default postuninstall scriptlet'
|
174
|
-
expected
|
175
|
-
# (default scriptlet for SIMP 6.x)
|
176
|
-
# when $1 = 1, this is the uninstall of the previous version during an upgrade
|
177
|
-
# when $1 = 0, this is the uninstall of the only version during an erase
|
178
|
-
if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
|
179
|
-
|
180
|
-
fi
|
166
|
+
expected =<<~EOM
|
167
|
+
# (default scriptlet for SIMP 6.x)
|
168
|
+
# when $1 = 1, this is the uninstall of the previous version during an upgrade
|
169
|
+
# when $1 = 0, this is the uninstall of the only version during an erase
|
170
|
+
if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
|
171
|
+
/usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='postun' --rpm_status=$1
|
172
|
+
fi
|
181
173
|
EOM
|
182
174
|
expect(scriptlets['postuninstall'][:content]).to eq( expected.strip )
|
183
175
|
|
184
176
|
comment '...default posttrans scriptlet'
|
185
|
-
expected
|
186
|
-
# (default scriptlet for SIMP 6.x)
|
187
|
-
# Marker file is created in %pre and only exists for installs or upgrades
|
188
|
-
# when marker file is prepended with 'rpm_status1.', this is an install
|
189
|
-
# when marker file is prepended with 'rpm_status2.', this is an upgrade
|
190
|
-
if [ -e /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage ] ; then
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
elif [ -e /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage ] ; then
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
|
200
|
-
fi
|
177
|
+
expected =<<~EOM
|
178
|
+
# (default scriptlet for SIMP 6.x)
|
179
|
+
# Marker file is created in %pre and only exists for installs or upgrades
|
180
|
+
# when marker file is prepended with 'rpm_status1.', this is an install
|
181
|
+
# when marker file is prepended with 'rpm_status2.', this is an upgrade
|
182
|
+
if [ -e /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage ] ; then
|
183
|
+
rm /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage
|
184
|
+
if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
|
185
|
+
/usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=1
|
186
|
+
fi
|
187
|
+
elif [ -e /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage ] ; then
|
188
|
+
rm /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage
|
189
|
+
if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
|
190
|
+
/usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=2
|
191
|
+
fi
|
192
|
+
fi
|
201
193
|
EOM
|
202
194
|
expect(scriptlets['posttrans'][:content]).to eq( expected.strip )
|
195
|
+
|
196
|
+
comment 'does not modify the shebangs in executable scripts in the RPM'
|
197
|
+
# if the shebangs were modified, we should see /usr/bin/ruby and /usr/bin/rspec
|
198
|
+
# as requirements of the RPM
|
199
|
+
on host, %(rpm -qpR #{testpackage_rpm} | grep -q /usr/bin/ruby), :acceptable_exit_codes => [1]
|
200
|
+
on host, %(rpm -qpR #{testpackage_rpm} | grep -q /usr/bin/rspec), :acceptable_exit_codes => [1]
|
203
201
|
end
|
204
202
|
|
205
203
|
it_should_behave_like 'an RPM generator with edge cases'
|
@@ -13,7 +13,7 @@ end
|
|
13
13
|
#
|
14
14
|
# It should be possible manage GPG keys using this logic from many OSes,
|
15
15
|
# but it's silly to try to mock them all directly in RSpec.
|
16
|
-
describe '
|
16
|
+
describe 'local_gpg_signing_key unit test' do
|
17
17
|
|
18
18
|
def hf_cmd( hosts, cmd, env_str=nil, opts={})
|
19
19
|
if ENV['PUPPET_VERSION']
|
@@ -24,11 +24,15 @@ describe 'rake pkg:rpm with customized content' do
|
|
24
24
|
|
25
25
|
before :all do
|
26
26
|
copy_host_files_into_build_user_homedir(hosts)
|
27
|
-
|
27
|
+
|
28
|
+
# If the build environment of user executing this test has a newer
|
29
|
+
# version of bundler than provided by the published docker container,
|
30
|
+
# the Gemfile.lock will cause problems. So, make sure to remove it!
|
31
|
+
hf_cmd(hosts, 'rm Gemfile.lock; bundle --local || bundle', nil, {run_in_parallel: true})
|
28
32
|
end
|
29
33
|
|
30
34
|
it 'can run the os-dependent Simp::LocalGpgSigningKey spec tests' do
|
31
|
-
hf_cmd( hosts,
|
35
|
+
hf_cmd( hosts, 'bundle exec rspec spec/lib/simp/local_gpg_signing_key_spec.rb.beaker-only' );
|
32
36
|
end
|
33
37
|
end
|
34
38
|
|
@@ -9,10 +9,14 @@ RSpec.configure do |c|
|
|
9
9
|
c.extend Simp::BeakerHelpers::SimpRakeHelpers::BuildProjectHelpers
|
10
10
|
end
|
11
11
|
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
12
|
+
# options to be applied to each on() operation
|
13
|
+
def run_opts
|
14
|
+
# WARNING: If you set run_in_parallel to true, tests will fail
|
15
|
+
# when run in a GitHub action.
|
16
|
+
{ run_in_parallel: false }
|
17
|
+
end
|
18
|
+
|
19
|
+
describe 'rake pkg:signrpms and pkg:checksig' do
|
16
20
|
|
17
21
|
# Clean out RPMs dir and copy in a fresh dummy RPM
|
18
22
|
def prep_rpms_dir(rpms_dir, src_rpms, opts = {})
|
@@ -21,33 +25,35 @@ describe 'rake pkg:signrpms' do
|
|
21
25
|
end
|
22
26
|
|
23
27
|
# Provides a scaffolded test project and `let` variables
|
24
|
-
shared_context 'a freshly-scaffolded test project' do |dir|
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
28
|
+
shared_context 'a freshly-scaffolded test project' do |dir, opts = {}|
|
29
|
+
test__dir = "#{build_user_homedir}/test-#{dir}"
|
30
|
+
rpms__dir = "#{test__dir}/test.rpms"
|
31
|
+
src__rpm = "#{build_user_host_files}/spec/lib/simp/files/testpackage-1-0.noarch.rpm"
|
32
|
+
host__dirs = {}
|
33
|
+
gpg__keysdir = opts[:gpg_keysdir] ? opts[:gpg_keysdir] : "#{test__dir}/.dev_gpgkeys"
|
34
|
+
extra__env = opts[:gpg_keysdir] ? "SIMP_PKG_build_keys_dir=#{gpg__keysdir}" : ''
|
35
|
+
digest__algo = opts[:digest_algo] ? opts[:digest_algo] : nil
|
36
|
+
|
30
37
|
|
31
38
|
hosts.each do |host|
|
32
|
-
dist_dir = distribution_dir(host, test__dir,
|
39
|
+
dist_dir = distribution_dir(host, test__dir, run_opts)
|
33
40
|
host__dirs[host] = {
|
34
41
|
test_dir: test__dir,
|
35
|
-
|
36
|
-
dvd_dir: "#{dist_dir}/DVD",
|
42
|
+
dvd_dir: "#{dist_dir}/DVD"
|
37
43
|
}
|
38
44
|
host__dirs[host.name] = host__dirs[host]
|
39
45
|
end
|
40
46
|
|
41
47
|
before(:all) do
|
42
48
|
# Scaffold a project skeleton
|
43
|
-
scaffold_build_project(hosts, test__dir,
|
49
|
+
scaffold_build_project(hosts, test__dir, run_opts)
|
44
50
|
|
45
|
-
# Provide an RPM directory to process
|
46
|
-
on(hosts, %(#{run_cmd} "mkdir '#{rpms__dir}'"))
|
51
|
+
# Provide an RPM directory to process
|
52
|
+
on(hosts, %(#{run_cmd} "mkdir '#{rpms__dir}'"), run_opts)
|
47
53
|
|
48
54
|
# Ensure a DVD directory exists that is appropriate to each SUT
|
49
55
|
hosts.each do |host|
|
50
|
-
on(host, %(#{run_cmd} "mkdir -p '#{host__dirs[host][:dvd_dir]}'"),
|
56
|
+
on(host, %(#{run_cmd} "mkdir -p '#{host__dirs[host][:dvd_dir]}'"), run_opts)
|
51
57
|
end
|
52
58
|
end
|
53
59
|
|
@@ -56,6 +62,15 @@ describe 'rake pkg:signrpms' do
|
|
56
62
|
let(:src_rpm) { src__rpm }
|
57
63
|
let(:test_rpm) { "#{rpms__dir}/#{File.basename(src__rpm)}" }
|
58
64
|
let(:dirs) { host__dirs }
|
65
|
+
let(:dev_keydir) { "#{gpg__keysdir}/dev" }
|
66
|
+
let(:extra_env) { extra__env }
|
67
|
+
let(:digest_algo_param) { digest__algo }
|
68
|
+
let(:digest_algo_result) { digest__algo ? digest__algo.upcase : 'SHA256' }
|
69
|
+
let(:signrpm_cmd) {
|
70
|
+
extra_args = digest_algo_param ? ",false,#{digest_algo_param}" : ''
|
71
|
+
"SIMP_PKG_verbose=yes #{extra_env} bundle exec rake pkg:signrpms[dev,'#{rpms_dir}'#{extra_args}]"
|
72
|
+
}
|
73
|
+
let(:checksig_cmd) { "#{extra_env} bundle exec rake pkg:checksig[#{rpms_dir}]" }
|
59
74
|
end
|
60
75
|
|
61
76
|
let(:rpm_unsigned_regex) do
|
@@ -63,78 +78,314 @@ describe 'rake pkg:signrpms' do
|
|
63
78
|
end
|
64
79
|
|
65
80
|
let(:rpm_signed_regex) do
|
66
|
-
%r{^Signature\s+:\s
|
81
|
+
%r{^Signature\s+:\s+\w+/(?<digest_algo>.*?),.*,\s*Key ID (?<key_id>[0-9a-f]+)$}
|
67
82
|
end
|
68
83
|
|
69
84
|
let(:expired_keydir) do
|
85
|
+
# NOTE: This expired keydir actually works on EL7 and EL8, even though
|
86
|
+
# the newer gpg version creates different files than those in this
|
87
|
+
# directory.
|
70
88
|
"#{build_user_host_files}/spec/acceptance/files/build/pkg/gpg-keydir.expired.2018-04-06"
|
71
89
|
end
|
72
90
|
|
91
|
+
shared_examples 'it does not leave the gpg-agent daemon running' do
|
92
|
+
it 'does not leave the gpg-agent daemon running' do
|
93
|
+
hosts.each do |host|
|
94
|
+
expect(gpg_agent_running?(host, dev_keydir)).to be false
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
shared_examples 'it verifies RPM signatures' do
|
100
|
+
let(:public_gpgkeys_dir) { 'src/assets/gpgkeys/GPGKEYS' }
|
101
|
+
it 'verifies RPM signatures' do
|
102
|
+
hosts.each do |host|
|
103
|
+
# mock out the simp-gpgkeys project checkout so that the pkg:checksig
|
104
|
+
# doesn't fail before reading in the generated 'dev' GPGKEY
|
105
|
+
on(host, %(#{run_cmd} "cd '#{test_dir}'; mkdir -p #{public_gpgkeys_dir}"), run_opts)
|
106
|
+
on(host, %(#{run_cmd} "cd '#{test_dir}'; touch #{public_gpgkeys_dir}/RPM-GPG-KEY-empty"), run_opts)
|
107
|
+
on(host, %(#{run_cmd} "cd '#{test_dir}'; #{checksig_cmd}"), run_opts)
|
108
|
+
end
|
109
|
+
end
|
110
|
+
end
|
111
|
+
|
73
112
|
shared_examples 'it creates a new GPG dev signing key' do
|
74
113
|
it 'creates a new GPG dev signing key' do
|
75
|
-
on(hosts, %(#{run_cmd} "cd '#{test_dir}';
|
114
|
+
on(hosts, %(#{run_cmd} "cd '#{test_dir}'; #{signrpm_cmd}"), run_opts)
|
76
115
|
hosts.each do |host|
|
77
|
-
expect
|
116
|
+
expect(dev_signing_key_id(host, dev_keydir, run_opts)).to_not be_empty
|
117
|
+
expect(file_exists_on(host,"#{dirs[host][:dvd_dir]}/RPM-GPG-KEY-SIMP-Dev")).to be true
|
78
118
|
end
|
79
119
|
end
|
120
|
+
|
121
|
+
include_examples('it does not leave the gpg-agent daemon running')
|
80
122
|
end
|
81
123
|
|
82
124
|
shared_examples 'it begins with unsigned RPMs' do
|
83
125
|
it 'begins with unsigned RPMs' do
|
84
|
-
prep_rpms_dir(rpms_dir, [src_rpm],
|
85
|
-
rpms_before_signing = on(hosts,
|
126
|
+
prep_rpms_dir(rpms_dir, [src_rpm], run_opts)
|
127
|
+
rpms_before_signing = on(hosts, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
|
86
128
|
rpms_before_signing.each do |result|
|
87
129
|
expect(result.stdout).to match rpm_unsigned_regex
|
88
130
|
end
|
89
131
|
end
|
90
132
|
end
|
91
133
|
|
92
|
-
shared_examples 'it
|
93
|
-
it '
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
134
|
+
shared_examples 'it creates GPG dev signing key and signs packages' do
|
135
|
+
it 'creates GPG dev signing key and signs packages' do
|
136
|
+
hosts.each do |host|
|
137
|
+
# NOTE: pkg:signrpms will not actually fail if it can't sign a RPM
|
138
|
+
on(hosts, %(#{run_cmd} "cd '#{test_dir}'; #{signrpm_cmd}"), run_opts)
|
139
|
+
|
140
|
+
expect(file_exists_on(host,"#{dirs[host][:dvd_dir]}/RPM-GPG-KEY-SIMP-Dev")).to be true
|
99
141
|
|
142
|
+
result = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
|
100
143
|
expect(result.stdout).to match rpm_signed_regex
|
101
144
|
signed_rpm_data = rpm_signed_regex.match(result.stdout)
|
102
|
-
expect(signed_rpm_data[:key_id]).to eql dev_signing_key_id(host,
|
145
|
+
expect(signed_rpm_data[:key_id]).to eql dev_signing_key_id(host, dev_keydir, run_opts)
|
146
|
+
expect(signed_rpm_data[:digest_algo]).to eql digest_algo_result
|
103
147
|
end
|
104
148
|
end
|
149
|
+
|
150
|
+
include_examples('it does not leave the gpg-agent daemon running')
|
105
151
|
end
|
106
152
|
|
107
|
-
|
108
|
-
|
153
|
+
shared_examples 'it signs RPM packages using existing GPG dev signing key' do
|
154
|
+
it 'signs RPM packages using existing GPG dev signing key' do
|
155
|
+
hosts.each do |host|
|
156
|
+
existing_key_id = dev_signing_key_id(host, dev_keydir, run_opts)
|
157
|
+
|
158
|
+
on(hosts, %(#{run_cmd} "cd '#{test_dir}'; #{signrpm_cmd}"), run_opts)
|
159
|
+
|
160
|
+
result = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
|
161
|
+
expect(result.stdout).to match rpm_signed_regex
|
162
|
+
signed_rpm_data = rpm_signed_regex.match(result.stdout)
|
163
|
+
expect(signed_rpm_data[:key_id]).to eql existing_key_id
|
164
|
+
expect(signed_rpm_data[:digest_algo]).to eql digest_algo_result
|
165
|
+
end
|
166
|
+
end
|
167
|
+
|
168
|
+
include_examples('it does not leave the gpg-agent daemon running')
|
169
|
+
end
|
170
|
+
|
171
|
+
|
172
|
+
describe 'when starting without a dev key and no RPMs to sign' do
|
173
|
+
include_context('a freshly-scaffolded test project', 'create-key')
|
109
174
|
include_examples('it creates a new GPG dev signing key')
|
175
|
+
end
|
176
|
+
|
177
|
+
describe 'when starting without a dev key and RPMs to sign' do
|
178
|
+
include_context('a freshly-scaffolded test project', 'signrpms')
|
110
179
|
include_examples('it begins with unsigned RPMs')
|
111
|
-
include_examples('it
|
180
|
+
include_examples('it creates GPG dev signing key and signs packages')
|
181
|
+
include_examples('it verifies RPM signatures')
|
112
182
|
|
113
|
-
context 'when there is an unexpired GPG dev signing key' do
|
183
|
+
context 'when there is an unexpired GPG dev signing key and the packages are unsigned' do
|
114
184
|
include_examples('it begins with unsigned RPMs')
|
115
|
-
include_examples('it signs RPM packages
|
185
|
+
include_examples('it signs RPM packages using existing GPG dev signing key')
|
186
|
+
include_examples('it verifies RPM signatures')
|
116
187
|
end
|
117
188
|
end
|
118
189
|
|
119
190
|
describe 'when starting with an expired dev key' do
|
120
|
-
include_context('a freshly-scaffolded test project', '
|
191
|
+
include_context('a freshly-scaffolded test project', 'signrpms-expired')
|
121
192
|
|
122
193
|
it 'begins with an expired GPG signing key' do
|
123
|
-
prep_rpms_dir(rpms_dir, [src_rpm],
|
194
|
+
prep_rpms_dir(rpms_dir, [src_rpm], run_opts)
|
124
195
|
hosts.each do |host|
|
125
196
|
copy_expired_keydir_to_dev_cmds = [
|
126
|
-
"mkdir -p '$(dirname '#{
|
127
|
-
"cp -aT '#{expired_keydir}' '#{
|
197
|
+
"mkdir -p '$(dirname '#{dev_keydir}')'",
|
198
|
+
"cp -aT '#{expired_keydir}' '#{dev_keydir}'",
|
128
199
|
"ls -lart '#{expired_keydir}'"
|
129
200
|
].join(' && ')
|
130
|
-
on(host, %(#{run_cmd} "#{copy_expired_keydir_to_dev_cmds}"),
|
131
|
-
result = on(host, %(#{run_cmd} "gpg --list-keys --homedir='#{
|
201
|
+
on(host, %(#{run_cmd} "#{copy_expired_keydir_to_dev_cmds}"), run_opts)
|
202
|
+
result = on(host, %(#{run_cmd} "gpg --list-keys --homedir='#{dev_keydir}'"), run_opts)
|
132
203
|
expect(result.stdout).to match(/expired: 2018-04-06/)
|
133
204
|
end
|
134
205
|
end
|
135
206
|
|
207
|
+
include_examples('it begins with unsigned RPMs')
|
208
|
+
include_examples('it creates GPG dev signing key and signs packages')
|
209
|
+
include_examples('it verifies RPM signatures')
|
210
|
+
end
|
211
|
+
|
212
|
+
describe 'when packages are already signed' do
|
213
|
+
let(:keysdir) { "#{test_dir}/.dev_gpgkeys" }
|
214
|
+
|
215
|
+
include_context('a freshly-scaffolded test project', 'force')
|
216
|
+
|
217
|
+
context 'initial package signing' do
|
218
|
+
include_examples('it begins with unsigned RPMs')
|
219
|
+
include_examples('it creates GPG dev signing key and signs packages')
|
220
|
+
end
|
221
|
+
|
222
|
+
context 'when force is disabled' do
|
223
|
+
before :each do
|
224
|
+
# remove the initial signing key
|
225
|
+
on(hosts, %(#{run_cmd} 'rm -rf #{keysdir}'))
|
226
|
+
end
|
227
|
+
|
228
|
+
it 'creates new GPG signing key but does not resign RPMs' do
|
229
|
+
hosts.each do |host|
|
230
|
+
# force defaults to false
|
231
|
+
on(host, %(#{run_cmd} "cd '#{test_dir}'; bundle exec rake pkg:signrpms[dev,'#{rpms_dir}']"), run_opts)
|
232
|
+
|
233
|
+
result = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
|
234
|
+
expect(result.stdout).to match rpm_signed_regex
|
235
|
+
signed_rpm_data = rpm_signed_regex.match(result.stdout)
|
236
|
+
|
237
|
+
# verify RPM is not signed with the new signing key
|
238
|
+
expect(signed_rpm_data[:key_id]).to_not eql dev_signing_key_id(host, dev_keydir, run_opts)
|
239
|
+
end
|
240
|
+
end
|
241
|
+
|
242
|
+
it 'does not verify RPM signatures with the new key' do
|
243
|
+
public_gpgkeys_dir = 'src/assets/gpgkeys/GPGKEYS'
|
244
|
+
hosts.each do |host|
|
245
|
+
# mock out the simp-gpgkeys project checkout so that the pkg:checksig
|
246
|
+
# doesn't fail before reading in the new generated 'dev' GPGKEY
|
247
|
+
on(host, %(#{run_cmd} "cd '#{test_dir}'; mkdir -p #{public_gpgkeys_dir}"), run_opts)
|
248
|
+
on(host, %(#{run_cmd} "cd '#{test_dir}'; touch #{public_gpgkeys_dir}/RPM-GPG-KEY-empty"), run_opts)
|
249
|
+
result = on(host, %(#{run_cmd} "cd '#{test_dir}'; #{checksig_cmd}"),
|
250
|
+
:acceptable_exit_codes => [1]
|
251
|
+
)
|
252
|
+
|
253
|
+
expect(result.stderr).to match('ERROR: Untrusted RPMs found in the repository')
|
254
|
+
end
|
255
|
+
end
|
256
|
+
end
|
257
|
+
|
258
|
+
context 'when force is enabled' do
|
259
|
+
before :each do
|
260
|
+
# remove the initial signing key
|
261
|
+
on(hosts, %(#{run_cmd} 'rm -rf #{keysdir}'))
|
262
|
+
end
|
263
|
+
|
264
|
+
it 'creates new GPG signing key and resigns RPMs' do
|
265
|
+
hosts.each do |host|
|
266
|
+
on(host, %(#{run_cmd} "cd '#{test_dir}'; bundle exec rake pkg:signrpms[dev,'#{rpms_dir}',true]"), run_opts)
|
267
|
+
|
268
|
+
result = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
|
269
|
+
expect(result.stdout).to match rpm_signed_regex
|
270
|
+
signed_rpm_data = rpm_signed_regex.match(result.stdout)
|
271
|
+
|
272
|
+
# verify RPM is signed with the new signing key
|
273
|
+
expect(signed_rpm_data[:key_id]).to eql dev_signing_key_id(host, dev_keydir, run_opts)
|
274
|
+
end
|
275
|
+
end
|
276
|
+
end
|
277
|
+
end
|
278
|
+
|
279
|
+
describe 'when SIMP_PKG_build_keys_dir is set' do
|
280
|
+
opts = { :gpg_keysdir => '/home/build_user/.dev_gpgpkeys' }
|
281
|
+
include_context('a freshly-scaffolded test project', 'custom-keys-dir', opts)
|
282
|
+
include_examples('it begins with unsigned RPMs')
|
283
|
+
include_examples('it creates GPG dev signing key and signs packages')
|
284
|
+
end
|
285
|
+
|
286
|
+
describe 'when digest algorithm is specified' do
|
287
|
+
opts = { :digest_algo => 'sha384' }
|
288
|
+
include_context('a freshly-scaffolded test project', 'custom-digest-algo', opts)
|
289
|
+
include_examples('it begins with unsigned RPMs')
|
290
|
+
include_examples('it creates GPG dev signing key and signs packages')
|
291
|
+
include_examples('it verifies RPM signatures')
|
292
|
+
end
|
293
|
+
|
294
|
+
describe 'when some rpm signing fails' do
|
295
|
+
include_context('a freshly-scaffolded test project', 'signing-failure')
|
296
|
+
include_examples('it begins with unsigned RPMs')
|
297
|
+
|
298
|
+
it 'should create a malformed RPM' do
|
299
|
+
on(hosts, %(#{run_cmd} "echo 'OOPS' > #{rpms_dir}/oops-test.rpm"))
|
300
|
+
end
|
301
|
+
|
302
|
+
it 'should sign all valid RPMs before failing' do
|
303
|
+
hosts.each do |host|
|
304
|
+
result = on(host,
|
305
|
+
%(#{run_cmd} "cd '#{test_dir}'; SIMP_PKG_verbose="yes" #{signrpm_cmd}"),
|
306
|
+
:acceptable_exit_codes => [1]
|
307
|
+
)
|
308
|
+
|
309
|
+
expect(result.stderr).to match('ERROR: Failed to sign some RPMs')
|
310
|
+
|
311
|
+
signature_check = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
|
312
|
+
expect(signature_check.stdout).to match rpm_signed_regex
|
313
|
+
end
|
314
|
+
end
|
315
|
+
end
|
316
|
+
|
317
|
+
describe 'when wrong keyword password is specified' do
|
318
|
+
include_context('a freshly-scaffolded test project', 'wrong-password')
|
136
319
|
include_examples('it creates a new GPG dev signing key')
|
320
|
+
|
321
|
+
it 'should corrupt the password of new key' do
|
322
|
+
key_gen_file = File.join(dev_keydir, 'gengpgkey')
|
323
|
+
on(hosts, "sed -i -e \"s/^Passphrase: /Passphrase: OOPS/\" #{key_gen_file}")
|
324
|
+
end
|
325
|
+
|
137
326
|
include_examples('it begins with unsigned RPMs')
|
138
|
-
|
327
|
+
|
328
|
+
it 'should fail to sign any rpms and notify user of each failure' do
|
329
|
+
hosts.each do |host|
|
330
|
+
result = on(host,
|
331
|
+
%(#{run_cmd} "cd '#{test_dir}'; SIMP_PKG_verbose="yes" #{signrpm_cmd}"),
|
332
|
+
:acceptable_exit_codes => [1]
|
333
|
+
)
|
334
|
+
|
335
|
+
err_msg = %r(Error occurred while attempting to sign #{test_rpm})
|
336
|
+
expect(result.stderr).to match(err_msg)
|
337
|
+
|
338
|
+
signature_check = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
|
339
|
+
expect(signature_check.stdout).to match rpm_unsigned_regex
|
340
|
+
end
|
341
|
+
end
|
342
|
+
end
|
343
|
+
|
344
|
+
hosts.each do |host|
|
345
|
+
os_major = fact_on(host,'operatingsystemmajrelease')
|
346
|
+
if os_major > '7'
|
347
|
+
# this problem only happens on EL > 7 in a docker container
|
348
|
+
describe "when gpg-agent's socket path is too long on #{host}" do
|
349
|
+
opts = { :gpg_keysdir => '/home/build_user/this/results/in/a/gpg_agent/socket/path/that/is/longer/than/one/hundred/eight/characters' }
|
350
|
+
include_context('a freshly-scaffolded test project', 'long-socket-path', opts)
|
351
|
+
|
352
|
+
context 'when the gpg key needs to be created ' do
|
353
|
+
it 'should fail to sign any rpms' do
|
354
|
+
on(host,
|
355
|
+
%(#{run_cmd} "cd '#{test_dir}'; SIMP_PKG_verbose="yes" #{signrpm_cmd}"),
|
356
|
+
:acceptable_exit_codes => [1]
|
357
|
+
)
|
358
|
+
end
|
359
|
+
end
|
360
|
+
|
361
|
+
context 'when the gpg key already exists' do
|
362
|
+
# This would be when a GPG key dir was populated with keys generated elsewhere.
|
363
|
+
# Reuse the keys from an earlier test.
|
364
|
+
it 'should copy existing key files into the gpg key dir' do
|
365
|
+
source_dir = '/home/build_user/test-create-key/.dev_gpgkeys/dev'
|
366
|
+
on(host, %(#{run_cmd} "cp -r #{source_dir}/* #{dev_keydir}"))
|
367
|
+
end
|
368
|
+
|
369
|
+
include_examples('it begins with unsigned RPMs')
|
370
|
+
|
371
|
+
it 'should fail to sign any rpms and notify user of each failure' do
|
372
|
+
# For rpm-sign-4.14.2-11.el8_0, 'rpm --resign' hangs instead of failing
|
373
|
+
# when gpg-agent fails to start.
|
374
|
+
# Set the default smaller than the 30 second default, so that we don't
|
375
|
+
# wait so long for the failure.
|
376
|
+
result = on(host,
|
377
|
+
%(#{run_cmd} "cd '#{test_dir}'; SIMP_PKG_rpmsign_timeout=5 SIMP_PKG_verbose="yes" #{signrpm_cmd}"),
|
378
|
+
:acceptable_exit_codes => [1]
|
379
|
+
)
|
380
|
+
|
381
|
+
err_msg = %r(Failed to sign #{test_rpm} in 5 seconds)
|
382
|
+
expect(result.stderr).to match(err_msg)
|
383
|
+
|
384
|
+
signature_check = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
|
385
|
+
expect(signature_check.stdout).to match rpm_unsigned_regex
|
386
|
+
end
|
387
|
+
end
|
388
|
+
end
|
389
|
+
end
|
139
390
|
end
|
140
391
|
end
|