simp-rake-helpers 5.11.6 → 5.12.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (94) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +28 -0
  3. data/CONTRIBUTING.md +1 -1
  4. data/README.md +1 -1
  5. data/lib/simp/command_utils.rb +21 -0
  6. data/lib/simp/local_gpg_signing_key.rb +128 -79
  7. data/lib/simp/rake.rb +3 -17
  8. data/lib/simp/rake/build/pkg.rb +102 -40
  9. data/lib/simp/rake/helpers/version.rb +1 -1
  10. data/lib/simp/rake/pkg.rb +5 -1
  11. data/lib/simp/rake/pupmod/helpers.rb +2 -0
  12. data/lib/simp/rake/rubygem.rb +5 -1
  13. data/lib/simp/rpm.rb +10 -127
  14. data/lib/simp/rpm_signer.rb +321 -0
  15. data/spec/acceptance/00_pkg_rpm_custom_scriptlets_spec.rb +18 -19
  16. data/spec/acceptance/10_pkg_rpm_spec.rb +46 -48
  17. data/spec/acceptance/50_local_gpg_signing_key_spec.rb +7 -3
  18. data/spec/acceptance/55_build_pkg_signing_spec.rb +293 -42
  19. data/spec/acceptance/files/testpackage/README +8 -0
  20. data/spec/acceptance/files/testpackage/spec/classes/init_spec.rb +1 -0
  21. data/spec/acceptance/files/testpackage/spec/files/mock_something.rb +3 -0
  22. data/spec/acceptance/files/testpackage/utils/convert_v1_to_v2.rb +3 -0
  23. data/spec/acceptance/nodesets/default.yml +15 -2
  24. data/spec/acceptance/support/build_project_helpers.rb +32 -8
  25. data/spec/lib/simp/command_utils_spec.rb +29 -0
  26. data/spec/lib/simp/local_gpg_signing_key_spec.rb.beaker-only +115 -18
  27. data/spec/lib/simp/rake/pupmod/fixtures/simpmod/README.md +2 -2
  28. data/spec/lib/simp/rpm_signer_spec.rb +98 -0
  29. data/spec/lib/simp/rpm_spec.rb +0 -6
  30. metadata +12 -67
  31. data/.travis.yml +0 -41
  32. data/spec/acceptance/20_pkg_rpm_upgrade_spec.rb +0 -236
  33. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/CHANGELOG +0 -2
  34. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/Rakefile +0 -3
  35. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/build/rpm_metadata/custom/overrides +0 -14
  36. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/build/rpm_metadata/requires +0 -1
  37. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-2.1/metadata.json +0 -33
  38. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/CHANGELOG +0 -2
  39. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/Rakefile +0 -3
  40. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/build/rpm_metadata/custom/overrides +0 -14
  41. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/build/rpm_metadata/requires +0 -1
  42. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-new-package-3.0/metadata.json +0 -33
  43. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-1.0/CHANGELOG +0 -2
  44. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-1.0/Rakefile +0 -3
  45. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-1.0/build/rpm_metadata/requires +0 -1
  46. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-1.0/metadata.json +0 -33
  47. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.0/CHANGELOG +0 -2
  48. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.0/Rakefile +0 -3
  49. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.0/build/rpm_metadata/requires +0 -1
  50. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.0/metadata.json +0 -33
  51. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/CHANGELOG +0 -2
  52. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/Rakefile +0 -3
  53. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/build/rpm_metadata/custom/overrides +0 -14
  54. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/build/rpm_metadata/requires +0 -1
  55. data/spec/acceptance/files/custom_scriptlet_triggers/pupmod-old-package-2.2/metadata.json +0 -33
  56. data/spec/acceptance/files/mock_packages/pupmod-puppetlabs-stdlib.spec +0 -32
  57. data/spec/acceptance/files/mock_packages/pupmod-simp-foo.spec +0 -32
  58. data/spec/acceptance/files/mock_packages/pupmod-simp-simplib.spec +0 -32
  59. data/spec/acceptance/files/mock_packages/rpmbuild.sh +0 -25
  60. data/spec/acceptance/files/mock_packages/simp-adapter.spec +0 -43
  61. data/spec/acceptance/files/mock_packages/simp-adapter/etc/simp/adapter_config.yaml +0 -3
  62. data/spec/acceptance/files/mock_packages/simp-adapter/usr/local/sbin/simp_rpm_helper +0 -495
  63. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/CHANGELOG +0 -2
  64. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/Rakefile +0 -3
  65. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/build/rpm_metadata/requires +0 -2
  66. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/data/os/CentOS.yaml +0 -2
  67. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/data/os/RedHat.yaml +0 -2
  68. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/hiera.yaml +0 -14
  69. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/manifests/init.pp +0 -2
  70. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-1.0/metadata.json +0 -37
  71. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/CHANGELOG +0 -5
  72. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/Rakefile +0 -3
  73. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/build/rpm_metadata/requires +0 -2
  74. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/data/os/CentOS.yaml +0 -2
  75. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/data/os/RedHat.yaml +0 -2
  76. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/hiera.yaml +0 -14
  77. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/manifests/init.pp +0 -3
  78. data/spec/acceptance/files/package_upgrades/pupmod-simp-testpackage-2.0/metadata.json +0 -37
  79. data/spec/lib/simp/ci/files/job_broken_link_nodeset/spec/acceptance/suites/default/nodesets +0 -1
  80. data/spec/lib/simp/ci/files/job_invalid_nodeset/spec/acceptance/suites/default/nodesets +0 -1
  81. data/spec/lib/simp/ci/files/job_invalid_suite/spec/acceptance/suites/default/nodesets +0 -1
  82. data/spec/lib/simp/ci/files/job_missing_nodeset/spec/acceptance/suites/default/nodesets +0 -1
  83. data/spec/lib/simp/ci/files/job_missing_suite_and_nodeset/spec/acceptance/suites/default/nodesets +0 -1
  84. data/spec/lib/simp/ci/files/multiple_invalid_jobs/spec/acceptance/suites/default/nodesets +0 -1
  85. data/spec/lib/simp/ci/files/multiple_valid_jobs/spec/acceptance/suites/default/nodesets +0 -1
  86. data/spec/lib/simp/ci/files/no_gitlab_config_with_tests/spec/acceptance/suites/default/nodesets +0 -1
  87. data/spec/lib/simp/ci/files/no_gitlab_config_without_tests/spec/acceptance/suites/default/nodesets +0 -1
  88. data/spec/lib/simp/ci/files/suite_skeleton_only/spec/acceptance/nodesets/default.yml +0 -1
  89. data/spec/lib/simp/ci/files/suite_skeleton_only/spec/acceptance/suites/default/nodesets +0 -1
  90. data/spec/lib/simp/ci/files/valid_job_nodeset_dir_link/spec/acceptance/suites/default/nodesets +0 -1
  91. data/spec/lib/simp/ci/files/valid_job_nodeset_link/spec/acceptance/suites/default/nodesets/default.yml +0 -1
  92. data/spec/lib/simp/files/build/testpackage.spec +0 -1
  93. data/spec/lib/simp/rake/pupmod/fixtures/simpmod/spec/acceptance/nodesets/default.yml +0 -1
  94. data/spec/lib/simp/rake/pupmod/fixtures/simpmod/spec/acceptance/suites/default/nodesets +0 -1
@@ -37,28 +37,28 @@ shared_examples_for 'an RPM generator with customized scriptlets' do
37
37
  comment '...default preun postun scriptlets call simp_rpm_helper with correct arguments'
38
38
  expected_simp_rpm_helper_scriptlets = scriptlet_label_map.select{|k,v| %w(preun postun).include? v }
39
39
  expected_simp_rpm_helper_scriptlets.each do |rpm_label, simp_helper_label|
40
- expected = <<EOM
41
- if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
42
- /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='#{simp_helper_label}' --rpm_status=$1
43
- fi
44
- EOM
40
+ expected = <<~EOM
41
+ if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
42
+ /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='#{simp_helper_label}' --rpm_status=$1
43
+ fi
44
+ EOM
45
45
  expect(scriptlets[rpm_label][:bare_content]).to eq(expected.strip)
46
46
  end
47
47
 
48
48
  comment '...default posttrans scriptlet calls simp_rpm_helper with correct arguments'
49
- expected = <<EOM
50
- if [ -e /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage ] ; then
51
- rm /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage
52
- if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
53
- /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=1
54
- fi
55
- elif [ -e /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage ] ; then
56
- rm /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage
57
- if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
58
- /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=2
59
- fi
60
- fi
61
- EOM
49
+ expected = <<~EOM
50
+ if [ -e /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage ] ; then
51
+ rm /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage
52
+ if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
53
+ /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=1
54
+ fi
55
+ elif [ -e /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage ] ; then
56
+ rm /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage
57
+ if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
58
+ /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=2
59
+ fi
60
+ fi
61
+ EOM
62
62
  expect(scriptlets['posttrans'][:bare_content]).to eq(expected.strip)
63
63
  end
64
64
  end
@@ -130,6 +130,5 @@ describe 'rake pkg:rpm with customized content' do
130
130
 
131
131
  end
132
132
  end
133
-
134
133
  end
135
134
  end
@@ -6,7 +6,7 @@ RSpec.configure do |c|
6
6
  c.extend Simp::BeakerHelpers::SimpRakeHelpers::PkgRpmHelpers
7
7
  end
8
8
 
9
- shared_examples_for "an RPM generator with edge cases" do
9
+ shared_examples_for 'an RPM generator with edge cases' do
10
10
  it 'should use specified release number for the RPM' do
11
11
  on host, %(#{run_cmd} "cd #{pkg_root_dir}/testpackage_with_release; #{rake_cmd} pkg:rpm")
12
12
  release_test_rpm = File.join(pkg_root_dir, 'testpackage_with_release',
@@ -21,14 +21,6 @@ shared_examples_for "an RPM generator with edge cases" do
21
21
  on host, %(rpm --changelog -qp #{changelog_test_rpm} | grep -q 'Auto Changelog')
22
22
  end
23
23
 
24
- it 'should not require pupmod-simp-simplib for simp-simplib RPM' do
25
- on host, %(#{run_cmd} "cd #{pkg_root_dir}/simplib; #{rake_cmd} pkg:rpm")
26
- simplib_rpm = File.join(pkg_root_dir, 'simplib', 'dist',
27
- File.basename(testpackage_rpm).gsub(/simp-testpackage-0.0.1/,'simp-simplib-1.2.3'))
28
- on host, %(test -f #{simplib_rpm})
29
- on host, %(rpm -qpR #{simplib_rpm} | grep -q pupmod-simp-simplib), {:acceptable_exit_codes => [1]}
30
- end
31
-
32
24
  it 'should not fail to create an RPM when the CHANGELOG has a bad date' do
33
25
  on host,
34
26
  %(#{run_cmd} "cd #{pkg_root_dir}/testpackage_with_bad_changelog_date; #{rake_cmd} pkg:rpm")
@@ -147,59 +139,65 @@ describe 'rake pkg:rpm' do
147
139
  ].sort
148
140
 
149
141
  comment '...default preinstall scriptlet'
150
- expected =<<-EOM
151
- # (default scriptlet for SIMP 6.x)
152
- # when $1 = 1, this is an install
153
- # when $1 = 2, this is an upgrade
154
- mkdir -p /var/lib/rpm-state/simp-adapter
155
- touch /var/lib/rpm-state/simp-adapter/rpm_status$1.testpackage
156
- if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
157
- /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='pre' --rpm_status=$1
158
- fi
142
+ expected =<<~EOM
143
+ # (default scriptlet for SIMP 6.x)
144
+ # when $1 = 1, this is an install
145
+ # when $1 = 2, this is an upgrade
146
+ mkdir -p /var/lib/rpm-state/simp-adapter
147
+ touch /var/lib/rpm-state/simp-adapter/rpm_status$1.testpackage
148
+ if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
149
+ /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='pre' --rpm_status=$1
150
+ fi
159
151
  EOM
160
152
  expect(scriptlets['preinstall'][:content]).to eq( expected.strip )
161
153
 
162
154
  comment '...default preuninstall scriptlet'
163
- expected =<<-EOM
164
- # (default scriptlet for SIMP 6.x)
165
- # when $1 = 1, this is the uninstall of the previous version during an upgrade
166
- # when $1 = 0, this is the uninstall of the only version during an erase
167
- if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
168
- /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='preun' --rpm_status=$1
169
- fi
155
+ expected =<<~EOM
156
+ # (default scriptlet for SIMP 6.x)
157
+ # when $1 = 1, this is the uninstall of the previous version during an upgrade
158
+ # when $1 = 0, this is the uninstall of the only version during an erase
159
+ if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
160
+ /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='preun' --rpm_status=$1
161
+ fi
170
162
  EOM
171
163
  expect(scriptlets['preuninstall'][:content]).to eq( expected.strip )
172
164
 
173
165
  comment '...default postuninstall scriptlet'
174
- expected =<<-EOM
175
- # (default scriptlet for SIMP 6.x)
176
- # when $1 = 1, this is the uninstall of the previous version during an upgrade
177
- # when $1 = 0, this is the uninstall of the only version during an erase
178
- if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
179
- /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='postun' --rpm_status=$1
180
- fi
166
+ expected =<<~EOM
167
+ # (default scriptlet for SIMP 6.x)
168
+ # when $1 = 1, this is the uninstall of the previous version during an upgrade
169
+ # when $1 = 0, this is the uninstall of the only version during an erase
170
+ if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
171
+ /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='postun' --rpm_status=$1
172
+ fi
181
173
  EOM
182
174
  expect(scriptlets['postuninstall'][:content]).to eq( expected.strip )
183
175
 
184
176
  comment '...default posttrans scriptlet'
185
- expected =<<-EOM
186
- # (default scriptlet for SIMP 6.x)
187
- # Marker file is created in %pre and only exists for installs or upgrades
188
- # when marker file is prepended with 'rpm_status1.', this is an install
189
- # when marker file is prepended with 'rpm_status2.', this is an upgrade
190
- if [ -e /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage ] ; then
191
- rm /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage
192
- if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
193
- /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=1
194
- fi
195
- elif [ -e /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage ] ; then
196
- rm /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage
197
- if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
198
- /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=2
199
- fi
200
- fi
177
+ expected =<<~EOM
178
+ # (default scriptlet for SIMP 6.x)
179
+ # Marker file is created in %pre and only exists for installs or upgrades
180
+ # when marker file is prepended with 'rpm_status1.', this is an install
181
+ # when marker file is prepended with 'rpm_status2.', this is an upgrade
182
+ if [ -e /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage ] ; then
183
+ rm /var/lib/rpm-state/simp-adapter/rpm_status1.testpackage
184
+ if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
185
+ /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=1
186
+ fi
187
+ elif [ -e /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage ] ; then
188
+ rm /var/lib/rpm-state/simp-adapter/rpm_status2.testpackage
189
+ if [ -x /usr/local/sbin/simp_rpm_helper ] ; then
190
+ /usr/local/sbin/simp_rpm_helper --rpm_dir=/usr/share/simp/modules/testpackage --rpm_section='posttrans' --rpm_status=2
191
+ fi
192
+ fi
201
193
  EOM
202
194
  expect(scriptlets['posttrans'][:content]).to eq( expected.strip )
195
+
196
+ comment 'does not modify the shebangs in executable scripts in the RPM'
197
+ # if the shebangs were modified, we should see /usr/bin/ruby and /usr/bin/rspec
198
+ # as requirements of the RPM
199
+ on host, %(rpm -qpR #{testpackage_rpm} | grep -q /usr/bin/ruby), :acceptable_exit_codes => [1]
200
+ on host, %(rpm -qpR #{testpackage_rpm} | grep -q /usr/bin/rspec), :acceptable_exit_codes => [1]
203
201
  end
204
202
 
205
203
  it_should_behave_like 'an RPM generator with edge cases'
@@ -13,7 +13,7 @@ end
13
13
  #
14
14
  # It should be possible manage GPG keys using this logic from many OSes,
15
15
  # but it's silly to try to mock them all directly in RSpec.
16
- describe 'rake pkg:rpm with customized content' do
16
+ describe 'local_gpg_signing_key unit test' do
17
17
 
18
18
  def hf_cmd( hosts, cmd, env_str=nil, opts={})
19
19
  if ENV['PUPPET_VERSION']
@@ -24,11 +24,15 @@ describe 'rake pkg:rpm with customized content' do
24
24
 
25
25
  before :all do
26
26
  copy_host_files_into_build_user_homedir(hosts)
27
- hf_cmd(hosts, "bundle --local || bundle", nil, {run_in_parallel: true})
27
+
28
+ # If the build environment of user executing this test has a newer
29
+ # version of bundler than provided by the published docker container,
30
+ # the Gemfile.lock will cause problems. So, make sure to remove it!
31
+ hf_cmd(hosts, 'rm Gemfile.lock; bundle --local || bundle', nil, {run_in_parallel: true})
28
32
  end
29
33
 
30
34
  it 'can run the os-dependent Simp::LocalGpgSigningKey spec tests' do
31
- hf_cmd( hosts, "bundle exec rspec spec/lib/simp/local_gpg_signing_key_spec.rb.beaker-only" );
35
+ hf_cmd( hosts, 'bundle exec rspec spec/lib/simp/local_gpg_signing_key_spec.rb.beaker-only' );
32
36
  end
33
37
  end
34
38
 
@@ -9,10 +9,14 @@ RSpec.configure do |c|
9
9
  c.extend Simp::BeakerHelpers::SimpRakeHelpers::BuildProjectHelpers
10
10
  end
11
11
 
12
- describe 'rake pkg:signrpms' do
13
- def opts
14
- { run_in_parallel: true, environment: { 'SIMP_PKG_verbose' => 'yes' } }
15
- end
12
+ # options to be applied to each on() operation
13
+ def run_opts
14
+ # WARNING: If you set run_in_parallel to true, tests will fail
15
+ # when run in a GitHub action.
16
+ { run_in_parallel: false }
17
+ end
18
+
19
+ describe 'rake pkg:signrpms and pkg:checksig' do
16
20
 
17
21
  # Clean out RPMs dir and copy in a fresh dummy RPM
18
22
  def prep_rpms_dir(rpms_dir, src_rpms, opts = {})
@@ -21,33 +25,35 @@ describe 'rake pkg:signrpms' do
21
25
  end
22
26
 
23
27
  # Provides a scaffolded test project and `let` variables
24
- shared_context 'a freshly-scaffolded test project' do |dir|
25
- opts = {}
26
- test__dir = "#{build_user_homedir}/test--#{dir}"
27
- rpms__dir = "#{test__dir}/test.rpms"
28
- src__rpm = "#{build_user_host_files}/spec/lib/simp/files/testpackage-1-0.noarch.rpm"
29
- host__dirs = {}
28
+ shared_context 'a freshly-scaffolded test project' do |dir, opts = {}|
29
+ test__dir = "#{build_user_homedir}/test-#{dir}"
30
+ rpms__dir = "#{test__dir}/test.rpms"
31
+ src__rpm = "#{build_user_host_files}/spec/lib/simp/files/testpackage-1-0.noarch.rpm"
32
+ host__dirs = {}
33
+ gpg__keysdir = opts[:gpg_keysdir] ? opts[:gpg_keysdir] : "#{test__dir}/.dev_gpgkeys"
34
+ extra__env = opts[:gpg_keysdir] ? "SIMP_PKG_build_keys_dir=#{gpg__keysdir}" : ''
35
+ digest__algo = opts[:digest_algo] ? opts[:digest_algo] : nil
36
+
30
37
 
31
38
  hosts.each do |host|
32
- dist_dir = distribution_dir(host, test__dir, opts)
39
+ dist_dir = distribution_dir(host, test__dir, run_opts)
33
40
  host__dirs[host] = {
34
41
  test_dir: test__dir,
35
- dev_keydir: "#{dist_dir}/build_keys/dev",
36
- dvd_dir: "#{dist_dir}/DVD",
42
+ dvd_dir: "#{dist_dir}/DVD"
37
43
  }
38
44
  host__dirs[host.name] = host__dirs[host]
39
45
  end
40
46
 
41
47
  before(:all) do
42
48
  # Scaffold a project skeleton
43
- scaffold_build_project(hosts, test__dir, opts)
49
+ scaffold_build_project(hosts, test__dir, run_opts)
44
50
 
45
- # Provide an RPM directory to process and a dummy RPM to sign
46
- on(hosts, %(#{run_cmd} "mkdir '#{rpms__dir}'"))
51
+ # Provide an RPM directory to process
52
+ on(hosts, %(#{run_cmd} "mkdir '#{rpms__dir}'"), run_opts)
47
53
 
48
54
  # Ensure a DVD directory exists that is appropriate to each SUT
49
55
  hosts.each do |host|
50
- on(host, %(#{run_cmd} "mkdir -p '#{host__dirs[host][:dvd_dir]}'"), opts)
56
+ on(host, %(#{run_cmd} "mkdir -p '#{host__dirs[host][:dvd_dir]}'"), run_opts)
51
57
  end
52
58
  end
53
59
 
@@ -56,6 +62,15 @@ describe 'rake pkg:signrpms' do
56
62
  let(:src_rpm) { src__rpm }
57
63
  let(:test_rpm) { "#{rpms__dir}/#{File.basename(src__rpm)}" }
58
64
  let(:dirs) { host__dirs }
65
+ let(:dev_keydir) { "#{gpg__keysdir}/dev" }
66
+ let(:extra_env) { extra__env }
67
+ let(:digest_algo_param) { digest__algo }
68
+ let(:digest_algo_result) { digest__algo ? digest__algo.upcase : 'SHA256' }
69
+ let(:signrpm_cmd) {
70
+ extra_args = digest_algo_param ? ",false,#{digest_algo_param}" : ''
71
+ "SIMP_PKG_verbose=yes #{extra_env} bundle exec rake pkg:signrpms[dev,'#{rpms_dir}'#{extra_args}]"
72
+ }
73
+ let(:checksig_cmd) { "#{extra_env} bundle exec rake pkg:checksig[#{rpms_dir}]" }
59
74
  end
60
75
 
61
76
  let(:rpm_unsigned_regex) do
@@ -63,78 +78,314 @@ describe 'rake pkg:signrpms' do
63
78
  end
64
79
 
65
80
  let(:rpm_signed_regex) do
66
- %r{^Signature\s+:\s+.*,\s*Key ID (?<key_id>[0-9a-f]+)$}
81
+ %r{^Signature\s+:\s+\w+/(?<digest_algo>.*?),.*,\s*Key ID (?<key_id>[0-9a-f]+)$}
67
82
  end
68
83
 
69
84
  let(:expired_keydir) do
85
+ # NOTE: This expired keydir actually works on EL7 and EL8, even though
86
+ # the newer gpg version creates different files than those in this
87
+ # directory.
70
88
  "#{build_user_host_files}/spec/acceptance/files/build/pkg/gpg-keydir.expired.2018-04-06"
71
89
  end
72
90
 
91
+ shared_examples 'it does not leave the gpg-agent daemon running' do
92
+ it 'does not leave the gpg-agent daemon running' do
93
+ hosts.each do |host|
94
+ expect(gpg_agent_running?(host, dev_keydir)).to be false
95
+ end
96
+ end
97
+ end
98
+
99
+ shared_examples 'it verifies RPM signatures' do
100
+ let(:public_gpgkeys_dir) { 'src/assets/gpgkeys/GPGKEYS' }
101
+ it 'verifies RPM signatures' do
102
+ hosts.each do |host|
103
+ # mock out the simp-gpgkeys project checkout so that the pkg:checksig
104
+ # doesn't fail before reading in the generated 'dev' GPGKEY
105
+ on(host, %(#{run_cmd} "cd '#{test_dir}'; mkdir -p #{public_gpgkeys_dir}"), run_opts)
106
+ on(host, %(#{run_cmd} "cd '#{test_dir}'; touch #{public_gpgkeys_dir}/RPM-GPG-KEY-empty"), run_opts)
107
+ on(host, %(#{run_cmd} "cd '#{test_dir}'; #{checksig_cmd}"), run_opts)
108
+ end
109
+ end
110
+ end
111
+
73
112
  shared_examples 'it creates a new GPG dev signing key' do
74
113
  it 'creates a new GPG dev signing key' do
75
- on(hosts, %(#{run_cmd} "cd '#{test_dir}'; bundle exec rake pkg:signrpms[dev,'#{rpms_dir}']"), opts)
114
+ on(hosts, %(#{run_cmd} "cd '#{test_dir}'; #{signrpm_cmd}"), run_opts)
76
115
  hosts.each do |host|
77
- expect { dev_signing_key_id(host, test_dir, opts) }.not_to(raise_error)
116
+ expect(dev_signing_key_id(host, dev_keydir, run_opts)).to_not be_empty
117
+ expect(file_exists_on(host,"#{dirs[host][:dvd_dir]}/RPM-GPG-KEY-SIMP-Dev")).to be true
78
118
  end
79
119
  end
120
+
121
+ include_examples('it does not leave the gpg-agent daemon running')
80
122
  end
81
123
 
82
124
  shared_examples 'it begins with unsigned RPMs' do
83
125
  it 'begins with unsigned RPMs' do
84
- prep_rpms_dir(rpms_dir, [src_rpm], opts)
85
- rpms_before_signing = on(hosts, %(#{run_cmd} "rpm -qip '#{test_rpm}' | grep ^Signature"), opts)
126
+ prep_rpms_dir(rpms_dir, [src_rpm], run_opts)
127
+ rpms_before_signing = on(hosts, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
86
128
  rpms_before_signing.each do |result|
87
129
  expect(result.stdout).to match rpm_unsigned_regex
88
130
  end
89
131
  end
90
132
  end
91
133
 
92
- shared_examples 'it signs RPM packages in the directory using the GPG dev signing key' do
93
- it 'signs RPM packages in the directory using the GPG dev signing key' do
94
- on(hosts, %(#{run_cmd} "cd '#{test_dir}'; bundle exec rake pkg:signrpms[dev,'#{rpms_dir}']"), opts)
95
- rpms_after_signing = on(hosts, %(#{run_cmd} "rpm -qip '#{test_rpm}' | grep ^Signature"), opts)
96
- rpms_after_signing.each do |result|
97
- host = hosts_with_name(hosts, result.host).first
98
- on(host, "gpg --list-keys --homedir='#{dirs[host][:dev_keydir]}'", opts)
134
+ shared_examples 'it creates GPG dev signing key and signs packages' do
135
+ it 'creates GPG dev signing key and signs packages' do
136
+ hosts.each do |host|
137
+ # NOTE: pkg:signrpms will not actually fail if it can't sign a RPM
138
+ on(hosts, %(#{run_cmd} "cd '#{test_dir}'; #{signrpm_cmd}"), run_opts)
139
+
140
+ expect(file_exists_on(host,"#{dirs[host][:dvd_dir]}/RPM-GPG-KEY-SIMP-Dev")).to be true
99
141
 
142
+ result = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
100
143
  expect(result.stdout).to match rpm_signed_regex
101
144
  signed_rpm_data = rpm_signed_regex.match(result.stdout)
102
- expect(signed_rpm_data[:key_id]).to eql dev_signing_key_id(host, test_dir, opts)
145
+ expect(signed_rpm_data[:key_id]).to eql dev_signing_key_id(host, dev_keydir, run_opts)
146
+ expect(signed_rpm_data[:digest_algo]).to eql digest_algo_result
103
147
  end
104
148
  end
149
+
150
+ include_examples('it does not leave the gpg-agent daemon running')
105
151
  end
106
152
 
107
- describe 'when starting without a dev key' do
108
- include_context('a freshly-scaffolded test project', 'pkg-signrpms')
153
+ shared_examples 'it signs RPM packages using existing GPG dev signing key' do
154
+ it 'signs RPM packages using existing GPG dev signing key' do
155
+ hosts.each do |host|
156
+ existing_key_id = dev_signing_key_id(host, dev_keydir, run_opts)
157
+
158
+ on(hosts, %(#{run_cmd} "cd '#{test_dir}'; #{signrpm_cmd}"), run_opts)
159
+
160
+ result = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
161
+ expect(result.stdout).to match rpm_signed_regex
162
+ signed_rpm_data = rpm_signed_regex.match(result.stdout)
163
+ expect(signed_rpm_data[:key_id]).to eql existing_key_id
164
+ expect(signed_rpm_data[:digest_algo]).to eql digest_algo_result
165
+ end
166
+ end
167
+
168
+ include_examples('it does not leave the gpg-agent daemon running')
169
+ end
170
+
171
+
172
+ describe 'when starting without a dev key and no RPMs to sign' do
173
+ include_context('a freshly-scaffolded test project', 'create-key')
109
174
  include_examples('it creates a new GPG dev signing key')
175
+ end
176
+
177
+ describe 'when starting without a dev key and RPMs to sign' do
178
+ include_context('a freshly-scaffolded test project', 'signrpms')
110
179
  include_examples('it begins with unsigned RPMs')
111
- include_examples('it signs RPM packages in the directory using the GPG dev signing key')
180
+ include_examples('it creates GPG dev signing key and signs packages')
181
+ include_examples('it verifies RPM signatures')
112
182
 
113
- context 'when there is an unexpired GPG dev signing key' do
183
+ context 'when there is an unexpired GPG dev signing key and the packages are unsigned' do
114
184
  include_examples('it begins with unsigned RPMs')
115
- include_examples('it signs RPM packages in the directory using the GPG dev signing key')
185
+ include_examples('it signs RPM packages using existing GPG dev signing key')
186
+ include_examples('it verifies RPM signatures')
116
187
  end
117
188
  end
118
189
 
119
190
  describe 'when starting with an expired dev key' do
120
- include_context('a freshly-scaffolded test project', 'pkg-signrpms-expired_dev_key')
191
+ include_context('a freshly-scaffolded test project', 'signrpms-expired')
121
192
 
122
193
  it 'begins with an expired GPG signing key' do
123
- prep_rpms_dir(rpms_dir, [src_rpm], opts)
194
+ prep_rpms_dir(rpms_dir, [src_rpm], run_opts)
124
195
  hosts.each do |host|
125
196
  copy_expired_keydir_to_dev_cmds = [
126
- "mkdir -p '$(dirname '#{dirs[host][:dev_keydir]}')'",
127
- "cp -aT '#{expired_keydir}' '#{dirs[host][:dev_keydir]}'",
197
+ "mkdir -p '$(dirname '#{dev_keydir}')'",
198
+ "cp -aT '#{expired_keydir}' '#{dev_keydir}'",
128
199
  "ls -lart '#{expired_keydir}'"
129
200
  ].join(' && ')
130
- on(host, %(#{run_cmd} "#{copy_expired_keydir_to_dev_cmds}"), opts)
131
- result = on(host, %(#{run_cmd} "gpg --list-keys --homedir='#{dirs[host][:dev_keydir]}'"), opts)
201
+ on(host, %(#{run_cmd} "#{copy_expired_keydir_to_dev_cmds}"), run_opts)
202
+ result = on(host, %(#{run_cmd} "gpg --list-keys --homedir='#{dev_keydir}'"), run_opts)
132
203
  expect(result.stdout).to match(/expired: 2018-04-06/)
133
204
  end
134
205
  end
135
206
 
207
+ include_examples('it begins with unsigned RPMs')
208
+ include_examples('it creates GPG dev signing key and signs packages')
209
+ include_examples('it verifies RPM signatures')
210
+ end
211
+
212
+ describe 'when packages are already signed' do
213
+ let(:keysdir) { "#{test_dir}/.dev_gpgkeys" }
214
+
215
+ include_context('a freshly-scaffolded test project', 'force')
216
+
217
+ context 'initial package signing' do
218
+ include_examples('it begins with unsigned RPMs')
219
+ include_examples('it creates GPG dev signing key and signs packages')
220
+ end
221
+
222
+ context 'when force is disabled' do
223
+ before :each do
224
+ # remove the initial signing key
225
+ on(hosts, %(#{run_cmd} 'rm -rf #{keysdir}'))
226
+ end
227
+
228
+ it 'creates new GPG signing key but does not resign RPMs' do
229
+ hosts.each do |host|
230
+ # force defaults to false
231
+ on(host, %(#{run_cmd} "cd '#{test_dir}'; bundle exec rake pkg:signrpms[dev,'#{rpms_dir}']"), run_opts)
232
+
233
+ result = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
234
+ expect(result.stdout).to match rpm_signed_regex
235
+ signed_rpm_data = rpm_signed_regex.match(result.stdout)
236
+
237
+ # verify RPM is not signed with the new signing key
238
+ expect(signed_rpm_data[:key_id]).to_not eql dev_signing_key_id(host, dev_keydir, run_opts)
239
+ end
240
+ end
241
+
242
+ it 'does not verify RPM signatures with the new key' do
243
+ public_gpgkeys_dir = 'src/assets/gpgkeys/GPGKEYS'
244
+ hosts.each do |host|
245
+ # mock out the simp-gpgkeys project checkout so that the pkg:checksig
246
+ # doesn't fail before reading in the new generated 'dev' GPGKEY
247
+ on(host, %(#{run_cmd} "cd '#{test_dir}'; mkdir -p #{public_gpgkeys_dir}"), run_opts)
248
+ on(host, %(#{run_cmd} "cd '#{test_dir}'; touch #{public_gpgkeys_dir}/RPM-GPG-KEY-empty"), run_opts)
249
+ result = on(host, %(#{run_cmd} "cd '#{test_dir}'; #{checksig_cmd}"),
250
+ :acceptable_exit_codes => [1]
251
+ )
252
+
253
+ expect(result.stderr).to match('ERROR: Untrusted RPMs found in the repository')
254
+ end
255
+ end
256
+ end
257
+
258
+ context 'when force is enabled' do
259
+ before :each do
260
+ # remove the initial signing key
261
+ on(hosts, %(#{run_cmd} 'rm -rf #{keysdir}'))
262
+ end
263
+
264
+ it 'creates new GPG signing key and resigns RPMs' do
265
+ hosts.each do |host|
266
+ on(host, %(#{run_cmd} "cd '#{test_dir}'; bundle exec rake pkg:signrpms[dev,'#{rpms_dir}',true]"), run_opts)
267
+
268
+ result = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
269
+ expect(result.stdout).to match rpm_signed_regex
270
+ signed_rpm_data = rpm_signed_regex.match(result.stdout)
271
+
272
+ # verify RPM is signed with the new signing key
273
+ expect(signed_rpm_data[:key_id]).to eql dev_signing_key_id(host, dev_keydir, run_opts)
274
+ end
275
+ end
276
+ end
277
+ end
278
+
279
+ describe 'when SIMP_PKG_build_keys_dir is set' do
280
+ opts = { :gpg_keysdir => '/home/build_user/.dev_gpgpkeys' }
281
+ include_context('a freshly-scaffolded test project', 'custom-keys-dir', opts)
282
+ include_examples('it begins with unsigned RPMs')
283
+ include_examples('it creates GPG dev signing key and signs packages')
284
+ end
285
+
286
+ describe 'when digest algorithm is specified' do
287
+ opts = { :digest_algo => 'sha384' }
288
+ include_context('a freshly-scaffolded test project', 'custom-digest-algo', opts)
289
+ include_examples('it begins with unsigned RPMs')
290
+ include_examples('it creates GPG dev signing key and signs packages')
291
+ include_examples('it verifies RPM signatures')
292
+ end
293
+
294
+ describe 'when some rpm signing fails' do
295
+ include_context('a freshly-scaffolded test project', 'signing-failure')
296
+ include_examples('it begins with unsigned RPMs')
297
+
298
+ it 'should create a malformed RPM' do
299
+ on(hosts, %(#{run_cmd} "echo 'OOPS' > #{rpms_dir}/oops-test.rpm"))
300
+ end
301
+
302
+ it 'should sign all valid RPMs before failing' do
303
+ hosts.each do |host|
304
+ result = on(host,
305
+ %(#{run_cmd} "cd '#{test_dir}'; SIMP_PKG_verbose="yes" #{signrpm_cmd}"),
306
+ :acceptable_exit_codes => [1]
307
+ )
308
+
309
+ expect(result.stderr).to match('ERROR: Failed to sign some RPMs')
310
+
311
+ signature_check = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
312
+ expect(signature_check.stdout).to match rpm_signed_regex
313
+ end
314
+ end
315
+ end
316
+
317
+ describe 'when wrong keyword password is specified' do
318
+ include_context('a freshly-scaffolded test project', 'wrong-password')
136
319
  include_examples('it creates a new GPG dev signing key')
320
+
321
+ it 'should corrupt the password of new key' do
322
+ key_gen_file = File.join(dev_keydir, 'gengpgkey')
323
+ on(hosts, "sed -i -e \"s/^Passphrase: /Passphrase: OOPS/\" #{key_gen_file}")
324
+ end
325
+
137
326
  include_examples('it begins with unsigned RPMs')
138
- include_examples('it signs RPM packages in the directory using the GPG dev signing key')
327
+
328
+ it 'should fail to sign any rpms and notify user of each failure' do
329
+ hosts.each do |host|
330
+ result = on(host,
331
+ %(#{run_cmd} "cd '#{test_dir}'; SIMP_PKG_verbose="yes" #{signrpm_cmd}"),
332
+ :acceptable_exit_codes => [1]
333
+ )
334
+
335
+ err_msg = %r(Error occurred while attempting to sign #{test_rpm})
336
+ expect(result.stderr).to match(err_msg)
337
+
338
+ signature_check = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
339
+ expect(signature_check.stdout).to match rpm_unsigned_regex
340
+ end
341
+ end
342
+ end
343
+
344
+ hosts.each do |host|
345
+ os_major = fact_on(host,'operatingsystemmajrelease')
346
+ if os_major > '7'
347
+ # this problem only happens on EL > 7 in a docker container
348
+ describe "when gpg-agent's socket path is too long on #{host}" do
349
+ opts = { :gpg_keysdir => '/home/build_user/this/results/in/a/gpg_agent/socket/path/that/is/longer/than/one/hundred/eight/characters' }
350
+ include_context('a freshly-scaffolded test project', 'long-socket-path', opts)
351
+
352
+ context 'when the gpg key needs to be created ' do
353
+ it 'should fail to sign any rpms' do
354
+ on(host,
355
+ %(#{run_cmd} "cd '#{test_dir}'; SIMP_PKG_verbose="yes" #{signrpm_cmd}"),
356
+ :acceptable_exit_codes => [1]
357
+ )
358
+ end
359
+ end
360
+
361
+ context 'when the gpg key already exists' do
362
+ # This would be when a GPG key dir was populated with keys generated elsewhere.
363
+ # Reuse the keys from an earlier test.
364
+ it 'should copy existing key files into the gpg key dir' do
365
+ source_dir = '/home/build_user/test-create-key/.dev_gpgkeys/dev'
366
+ on(host, %(#{run_cmd} "cp -r #{source_dir}/* #{dev_keydir}"))
367
+ end
368
+
369
+ include_examples('it begins with unsigned RPMs')
370
+
371
+ it 'should fail to sign any rpms and notify user of each failure' do
372
+ # For rpm-sign-4.14.2-11.el8_0, 'rpm --resign' hangs instead of failing
373
+ # when gpg-agent fails to start.
374
+ # Set the default smaller than the 30 second default, so that we don't
375
+ # wait so long for the failure.
376
+ result = on(host,
377
+ %(#{run_cmd} "cd '#{test_dir}'; SIMP_PKG_rpmsign_timeout=5 SIMP_PKG_verbose="yes" #{signrpm_cmd}"),
378
+ :acceptable_exit_codes => [1]
379
+ )
380
+
381
+ err_msg = %r(Failed to sign #{test_rpm} in 5 seconds)
382
+ expect(result.stderr).to match(err_msg)
383
+
384
+ signature_check = on(host, "rpm -qip '#{test_rpm}' | grep ^Signature", run_opts)
385
+ expect(signature_check.stdout).to match rpm_unsigned_regex
386
+ end
387
+ end
388
+ end
389
+ end
139
390
  end
140
391
  end