simp-rake-helpers 5.11.5 → 5.11.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/Gemfile +4 -0
- data/lib/simp/local_gpg_signing_key.rb +99 -45
- data/lib/simp/rake.rb +13 -6
- data/lib/simp/rake/build/pkg.rb +53 -11
- data/lib/simp/rake/helpers/version.rb +1 -1
- data/spec/acceptance/nodesets/default.yml +21 -109
- data/spec/spec_helper_acceptance.rb +16 -3
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cd1fc58d4764acdc2a2160e63a50a2a16015c1dd2a41f7b530baad394d6a397e
|
|
4
|
+
data.tar.gz: 6f322c3850b40ff56c8aa49a86146a176311e999495ada8cc8270ecf806f2d81
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d58adb8bae7eba07b696cbfd3add6ce335672a7ddc6d9063f6057ca3da8f23e5492d6cecb805afe13104f377fac3c16cc38a8925791eef9c3f2543017c609bcf
|
|
7
|
+
data.tar.gz: baaf3228b15df258dcdd6030f7fa95d995ac4a08cf735218cbc941543eef389c881f9f31bed619d605b230da154fee39353eabcebb9165cbb70f3b44b88e595a
|
data/CHANGELOG.md
CHANGED
data/Gemfile
CHANGED
|
@@ -13,6 +13,10 @@ gem 'simp-build-helpers'
|
|
|
13
13
|
gem 'simp-beaker-helpers'
|
|
14
14
|
gem 'beaker-puppet_install_helper'
|
|
15
15
|
gem 'rake', '>= 12.3.3'
|
|
16
|
+
# You'll need the following if using podman until they are released upstream
|
|
17
|
+
#gem 'beaker-docker', :git => 'https://github.com/trevor-vaughan/beaker-docker', :branch => 'support_rootless_podman'
|
|
18
|
+
#gem 'docker-api', :git => 'https://github.com/trevor-vaughan/docker-api', :branch => 'podman-compat'
|
|
19
|
+
gem 'beaker-docker'
|
|
16
20
|
|
|
17
21
|
if puppetversion
|
|
18
22
|
gem 'puppet', puppetversion
|
|
@@ -78,6 +78,22 @@ module Simp
|
|
|
78
78
|
@gpg_agent_script = 'run_gpg_agent'
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
+
# Return the version of GPG instealled on the system
|
|
82
|
+
#
|
|
83
|
+
# @return [Gem::Version]
|
|
84
|
+
def gpg_version
|
|
85
|
+
return @gpg_version if @gpg_version
|
|
86
|
+
|
|
87
|
+
which('gpg', true)
|
|
88
|
+
@gpg_version = %x{gpg --version}.lines.first.split(/\s+/).last
|
|
89
|
+
|
|
90
|
+
unless @gpg_version.nil? || @gpg_version.empty?
|
|
91
|
+
@gpg_version = Gem::Version.new(@gpg_version)
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
@gpg_version
|
|
95
|
+
end
|
|
96
|
+
|
|
81
97
|
# Returns a gpg-agent's env string, if it can be detected from the
|
|
82
98
|
# gpg-agent-info file
|
|
83
99
|
#
|
|
@@ -99,6 +115,8 @@ module Simp
|
|
|
99
115
|
def dev_key_days_left
|
|
100
116
|
ensure_gpg_directory
|
|
101
117
|
days_left = 0
|
|
118
|
+
|
|
119
|
+
which('gpg', true)
|
|
102
120
|
current_key = %x(GPG_AGENT_INFO='' gpg --homedir=#{@dir} --list-keys #{@key_email} 2>/dev/null)
|
|
103
121
|
unless current_key.empty?
|
|
104
122
|
lasts_until = current_key.lines.first.strip.split("\s").last.delete(']')
|
|
@@ -138,33 +156,54 @@ module Simp
|
|
|
138
156
|
write_gpg_agent_startup_script
|
|
139
157
|
|
|
140
158
|
begin
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
159
|
+
if gpg_version < Gem::Version.new('2.1')
|
|
160
|
+
# Start the GPG agent.
|
|
161
|
+
gpg_agent_output = %x(./#{@gpg_agent_script}).strip
|
|
162
|
+
|
|
163
|
+
# Provide a local socket (needed by the `gpg` command when
|
|
164
|
+
local_socket = File.join(Dir.pwd, 'S.gpg-agent')
|
|
165
|
+
|
|
166
|
+
# This condition was handled differently in previous logic.
|
|
167
|
+
#
|
|
168
|
+
# a.) As the surrounding logic works now, it will _always_ be a new
|
|
169
|
+
# agent by this point, because the directory is cleaned out
|
|
170
|
+
# b.) The agent's information will be read from the env-file it
|
|
171
|
+
# writes at startup
|
|
172
|
+
# c.) The old command `gpg-agent --homedir=#{Dir.pwd} /get serverpid`
|
|
173
|
+
# did not work on EL6 or EL7.
|
|
174
|
+
#
|
|
175
|
+
warn(empty_gpg_agent_message) if gpg_agent_output.empty?
|
|
176
|
+
|
|
177
|
+
agent_info = gpg_agent_info
|
|
178
|
+
|
|
179
|
+
# The socket is useful to get back info on the command line.
|
|
180
|
+
unless File.exist?(File.join(Dir.pwd, File.basename(agent_info[:socket])))
|
|
181
|
+
ln_s(agent_info[:socket], local_socket, :verbose => @verbose)
|
|
182
|
+
end
|
|
183
|
+
|
|
184
|
+
generate_key(agent_info[:info])
|
|
185
|
+
else
|
|
186
|
+
which('gpg', true)
|
|
187
|
+
which('gpg-agent', true)
|
|
188
|
+
which('gpg-connect-agent', true)
|
|
189
|
+
|
|
190
|
+
# Start the GPG agent
|
|
191
|
+
%x{gpg-agent --homedir=#{Dir.pwd} >&/dev/null || gpg-agent --homedir=#{Dir.pwd} --daemon >&/dev/null}
|
|
192
|
+
|
|
193
|
+
agent_info = {}
|
|
194
|
+
|
|
195
|
+
# Provide a local socket (needed by the `gpg` command when
|
|
196
|
+
agent_info[:socket] = %x{echo 'GETINFO socket_name' | gpg-connect-agent --homedir=#{Dir.pwd}}.lines.first[1..-1].strip
|
|
197
|
+
|
|
198
|
+
# Get the pid
|
|
199
|
+
agent_info[:pid] = %x{echo 'GETINFO pid' | gpg-connect-agent --homedir=#{Dir.pwd}}.lines.first[1..-1].strip.to_i
|
|
200
|
+
|
|
201
|
+
generate_key(%{#{agent_info[:socket]}:#{agent_info[:pid]}:1})
|
|
163
202
|
end
|
|
164
|
-
generate_key(agent_info[:info])
|
|
165
203
|
ensure
|
|
166
204
|
kill_agent(agent_info[:pid])
|
|
167
205
|
end
|
|
206
|
+
|
|
168
207
|
agent_info
|
|
169
208
|
end
|
|
170
209
|
end
|
|
@@ -209,11 +248,18 @@ module Simp
|
|
|
209
248
|
# @param gpg_agent_info_str [String] value to set the GPG_AGENT_INFO
|
|
210
249
|
# environment variable to use in order to use the correct `gpg-agent`.
|
|
211
250
|
def generate_key(gpg_agent_info_str)
|
|
251
|
+
which('gpg', true)
|
|
252
|
+
|
|
212
253
|
puts "Generating new GPG key#{@verbose ? " under '#{@dir}'" : ''}..."
|
|
213
254
|
gpg_cmd = %(GPG_AGENT_INFO=#{gpg_agent_info_str} gpg --homedir="#{@dir}")
|
|
255
|
+
|
|
214
256
|
pipe = @verbose ? '| tee' : '>'
|
|
215
257
|
sh %(#{gpg_cmd} --batch --gen-key #{GPG_GENKEY_PARAMS_FILENAME})
|
|
216
258
|
sh %(#{gpg_cmd} --armor --export #{@key_email} #{pipe} "#{@key_file}")
|
|
259
|
+
|
|
260
|
+
if File.stat(@key_file).size == 0
|
|
261
|
+
fail "Error: Something went wrong generating #{@key_file}"
|
|
262
|
+
end
|
|
217
263
|
end
|
|
218
264
|
|
|
219
265
|
# Return a data structure from a gpg-agent env-file formatted string.
|
|
@@ -232,38 +278,46 @@ module Simp
|
|
|
232
278
|
def write_genkey_parameter_file
|
|
233
279
|
now = Time.now.to_i.to_s
|
|
234
280
|
expire_date = Date.today + 14
|
|
235
|
-
passphrase = SecureRandom.base64(
|
|
236
|
-
genkey_parameters =
|
|
237
|
-
%echo Generating Development GPG Key
|
|
238
|
-
%echo
|
|
239
|
-
%echo This key will expire on #{expire_date}
|
|
240
|
-
%echo
|
|
241
|
-
Key-Type: RSA
|
|
242
|
-
Key-Length: 4096
|
|
243
|
-
Key-Usage: sign
|
|
244
|
-
Name-Real: SIMP Development
|
|
245
|
-
Name-Comment: Development key #{now}
|
|
246
|
-
Name-Email: #{@key_email}
|
|
247
|
-
Expire-Date: 2w
|
|
248
|
-
Passphrase: #{passphrase}
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
%
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
281
|
+
passphrase = SecureRandom.base64(100)
|
|
282
|
+
genkey_parameters = [
|
|
283
|
+
'%echo Generating Development GPG Key',
|
|
284
|
+
'%echo',
|
|
285
|
+
"%echo This key will expire on #{expire_date}",
|
|
286
|
+
'%echo',
|
|
287
|
+
'Key-Type: RSA',
|
|
288
|
+
'Key-Length: 4096',
|
|
289
|
+
'Key-Usage: sign',
|
|
290
|
+
'Name-Real: SIMP Development',
|
|
291
|
+
"Name-Comment: Development key #{now}",
|
|
292
|
+
"Name-Email: #{@key_email}",
|
|
293
|
+
'Expire-Date: 2w',
|
|
294
|
+
"Passphrase: #{passphrase}",
|
|
295
|
+
]
|
|
296
|
+
|
|
297
|
+
if gpg_version < Gem::Version.new('2.1')
|
|
298
|
+
genkey_parameters << '%pubring pubring.gpg'
|
|
299
|
+
genkey_parameters << '%secring secring.gpg'
|
|
300
|
+
end
|
|
301
|
+
|
|
302
|
+
genkey_parameters << '# The following creates the key, so we can print "Done!" afterwards'
|
|
303
|
+
genkey_parameters << '%commit'
|
|
304
|
+
genkey_parameters << '%echo New GPG Development Key Created'
|
|
305
|
+
|
|
306
|
+
File.open(GPG_GENKEY_PARAMS_FILENAME, 'w') { |fh| fh.puts(genkey_parameters.join("\n")) }
|
|
256
307
|
end
|
|
257
308
|
|
|
258
309
|
# Write a local gpg-agent daemon script file
|
|
259
310
|
def write_gpg_agent_startup_script
|
|
311
|
+
which('gpg-agent', true)
|
|
312
|
+
pinentry_cmd = which('pinentry-curses', true)
|
|
313
|
+
|
|
260
314
|
gpg_agent_script = <<-AGENT_SCRIPT.gsub(%r{^ {20}}, '')
|
|
261
315
|
#!/bin/sh
|
|
262
316
|
|
|
263
317
|
gpg-agent --homedir=#{Dir.pwd} --daemon \
|
|
264
318
|
--no-use-standard-socket --sh --batch \
|
|
265
319
|
--write-env-file "#{@gpg_agent_env_file}" \
|
|
266
|
-
--pinentry-program
|
|
320
|
+
--pinentry-program #{pinentry_cmd} < /dev/null &
|
|
267
321
|
AGENT_SCRIPT
|
|
268
322
|
|
|
269
323
|
File.open(@gpg_agent_script, 'w') { |fh| fh.puts(gpg_agent_script) }
|
data/lib/simp/rake.rb
CHANGED
|
@@ -96,14 +96,21 @@ module Simp::Rake
|
|
|
96
96
|
exec pager rescue exec "/bin/sh", "-c", pager
|
|
97
97
|
end
|
|
98
98
|
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
def which(cmd)
|
|
102
|
-
command = Facter::Core::Execution.which(cmd)
|
|
99
|
+
def which(cmd, fail=false)
|
|
100
|
+
@which_cache ||= {}
|
|
103
101
|
|
|
104
|
-
|
|
102
|
+
if @which_cache.has_key?(cmd)
|
|
103
|
+
command = @which_cache[cmd]
|
|
104
|
+
else
|
|
105
|
+
command = Facter::Core::Execution.which(cmd)
|
|
106
|
+
@which_cache[cmd] = command
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
msg = "Warning: Command #{cmd} not found on the system."
|
|
110
|
+
|
|
111
|
+
fail ? raise(msg) : warn(msg) unless command
|
|
105
112
|
|
|
106
|
-
|
|
113
|
+
command
|
|
107
114
|
end
|
|
108
115
|
|
|
109
116
|
def help
|
data/lib/simp/rake/build/pkg.rb
CHANGED
|
@@ -69,7 +69,6 @@ module Simp::Rake::Build
|
|
|
69
69
|
:in_processes => get_cpu_limit,
|
|
70
70
|
:progress => t.name
|
|
71
71
|
) do |dir|
|
|
72
|
-
next unless File.directory?(dir)
|
|
73
72
|
Dir.chdir(dir) do
|
|
74
73
|
begin
|
|
75
74
|
rake_flags = Rake.application.options.trace ? '--trace' : ''
|
|
@@ -99,7 +98,6 @@ module Simp::Rake::Build
|
|
|
99
98
|
:in_processes => get_cpu_limit,
|
|
100
99
|
:progress => t.name
|
|
101
100
|
) do |dir|
|
|
102
|
-
next unless File.directory?(dir)
|
|
103
101
|
Dir.chdir(dir) do
|
|
104
102
|
rake_flags = Rake.application.options.trace ? '--trace' : ''
|
|
105
103
|
sh %{rake clobber #{rake_flags}}
|
|
@@ -667,9 +665,9 @@ protect=1
|
|
|
667
665
|
# can be pulled out into a library that is easily unit-testable
|
|
668
666
|
def require_rebuild?(dir, yum_helper, opts={ :unique_namespace => generate_namespace, :fetch => false, :verbose => @verbose, :check_git => false, :prefix => '' })
|
|
669
667
|
result = false
|
|
670
|
-
|
|
671
|
-
|
|
672
668
|
rpm_metadata = File.exist?(@rpm_dependency_file) ? YAML.load(File.read(@rpm_dependency_file)) : {}
|
|
669
|
+
dir_relpath = Pathname.new(dir).relative_path_from(Pathname.new(Dir.pwd)).to_path
|
|
670
|
+
$stderr.puts "\n require_rebuild? (#{dir_relpath}):" if @verbose
|
|
673
671
|
|
|
674
672
|
Dir.chdir(dir) do
|
|
675
673
|
if File.exist?('metadata.json')
|
|
@@ -689,10 +687,23 @@ protect=1
|
|
|
689
687
|
else
|
|
690
688
|
spec_file = Dir.glob(File.join('build', '*.spec'))
|
|
691
689
|
fail("No spec file found in #{dir}/build") if spec_file.empty?
|
|
690
|
+
$stderr.puts " Found spec file: #{File.expand_path(spec_file.first)}" if @verbose
|
|
692
691
|
new_rpm_info = Simp::RPM.new(spec_file.first)
|
|
693
692
|
end
|
|
694
693
|
|
|
694
|
+
if @verbose
|
|
695
|
+
$stderr.puts ' Details:'
|
|
696
|
+
$stderr.puts " Puppetfile name: #{File.basename(dir)}"
|
|
697
|
+
$stderr.puts " RPM name: #{new_rpm_info.name}"
|
|
698
|
+
$stderr.puts " Local directory: #{dir}"
|
|
699
|
+
end
|
|
700
|
+
|
|
695
701
|
if opts[:check_git]
|
|
702
|
+
git_origin_url = nil
|
|
703
|
+
['origin','upstream'].each do |r|
|
|
704
|
+
git_origin_url = %x(git config --get remote.#{r}.url).strip if git_origin_url.to_s.empty?
|
|
705
|
+
end
|
|
706
|
+
$stderr.puts " Git origin URL: #{git_origin_url}" if @verbose
|
|
696
707
|
require_tag = false
|
|
697
708
|
|
|
698
709
|
#FIXME The check below is insufficient. See logic in compare_latest_tag,
|
|
@@ -711,28 +722,59 @@ protect=1
|
|
|
711
722
|
|
|
712
723
|
begin
|
|
713
724
|
rpm_version = Gem::Version.new(new_rpm_info.version)
|
|
725
|
+
rpm_release = new_rpm_info.release.match(/^(\d+)[.-_]?/) ? new_rpm_info.release.match(/^(\d+)[.-_]?/)[1] : nil
|
|
726
|
+
if @verbose
|
|
727
|
+
$stderr.puts ' ' + [
|
|
728
|
+
"RPM version-rel: #{ "#{rpm_version}-#{rpm_release}".ljust(10) } ",
|
|
729
|
+
"(semver: #{rpm_version}, relver: #{rpm_release})",
|
|
730
|
+
].join
|
|
731
|
+
end
|
|
714
732
|
rescue ArgumentError
|
|
715
|
-
$stderr.puts ">>#{new_rpm_info.basename}: Could not determine RPM version"
|
|
733
|
+
$stderr.puts ">>#{new_rpm_info.basename}: Could not determine RPM version from '#{new_rpm_info.version}'"
|
|
716
734
|
end
|
|
717
735
|
|
|
718
736
|
begin
|
|
719
737
|
if latest_tag.empty?
|
|
720
738
|
require_tag = true
|
|
739
|
+
$stderr.puts " Latest Git tag semver: (none)" if @verbose
|
|
721
740
|
else
|
|
722
|
-
|
|
741
|
+
# Gem::Version interprets an RPM-style release suffix like
|
|
742
|
+
# `1.2.3-4` as `1.2.3.pre.4`, which is *less* than `1.2.3`.
|
|
743
|
+
# So we compare SemVer first, then relver numbers if needed
|
|
744
|
+
latest_tag_version = Gem::Version.new(latest_tag.sub(/-\d+$/,''))
|
|
745
|
+
latest_tag_release = latest_tag.match(/-(\d+)$/) ? latest_tag.match(/-(\d+)$/)[1].to_i : nil
|
|
746
|
+
if @verbose
|
|
747
|
+
$stderr.puts ' ' + [
|
|
748
|
+
"Latest Git tag: #{latest_tag.ljust(10)} ",
|
|
749
|
+
"(semver: #{latest_tag_version}#{latest_tag_release ? ", relver: #{latest_tag_release}" : nil})",
|
|
750
|
+
].join
|
|
751
|
+
end
|
|
723
752
|
end
|
|
724
753
|
rescue ArgumentError
|
|
725
|
-
$stderr.puts ">>#{
|
|
754
|
+
$stderr.puts ">>#{git_origin_url}: Invalid git tag version '#{latest_tag}' "
|
|
726
755
|
end
|
|
727
756
|
|
|
728
757
|
if rpm_version && latest_tag_version
|
|
729
|
-
|
|
758
|
+
# undefined behavior, so far (this current logic skips it):
|
|
759
|
+
# what to do if rpm_release is set and latest_tag_release is nil?
|
|
760
|
+
if latest_tag_release &&
|
|
761
|
+
rpm_release &&
|
|
762
|
+
(rpm_version == latest_tag_version) &&
|
|
763
|
+
(rpm_release > latest_tag_release)
|
|
764
|
+
require_tag = true
|
|
765
|
+
elsif rpm_version > latest_tag_version
|
|
730
766
|
require_tag = true
|
|
731
767
|
end
|
|
732
768
|
end
|
|
733
769
|
|
|
734
770
|
if opts[:verbose] && require_tag
|
|
735
|
-
$stderr.puts
|
|
771
|
+
$stderr.puts [
|
|
772
|
+
"#{opts[:prefix]}Git Release Tag Required: ",
|
|
773
|
+
"[#{git_origin_url || dir_relpath }] ",
|
|
774
|
+
"tag: #{latest_tag} => ",
|
|
775
|
+
"rpm: #{new_rpm_info.version}#{latest_tag_release ? "-#{rpm_release}" : nil} ",
|
|
776
|
+
"[#{new_rpm_info.basename}]",
|
|
777
|
+
].join
|
|
736
778
|
end
|
|
737
779
|
end
|
|
738
780
|
|
|
@@ -751,7 +793,6 @@ protect=1
|
|
|
751
793
|
if new_rpm_info.package_newer?(package, published_rpm)
|
|
752
794
|
if opts[:verbose]
|
|
753
795
|
$stderr.puts "#{opts[:prefix]}RPM Publish Required: #{published_rpm} => #{new_rpm_info.rpm_name(package)}"
|
|
754
|
-
|
|
755
796
|
end
|
|
756
797
|
result = true
|
|
757
798
|
else
|
|
@@ -783,7 +824,7 @@ protect=1
|
|
|
783
824
|
end
|
|
784
825
|
else
|
|
785
826
|
if opts[:verbose]
|
|
786
|
-
$stderr.puts "#{opts[:prefix]}RPM Publish Required: #{new_rpm_info.rpm_name(package)}"
|
|
827
|
+
$stderr.puts "#{opts[:prefix]}RPM Publish Required (new RPM): #{new_rpm_info.rpm_name(package)}"
|
|
787
828
|
end
|
|
788
829
|
result = true
|
|
789
830
|
end
|
|
@@ -881,6 +922,7 @@ protect=1
|
|
|
881
922
|
|
|
882
923
|
::Bundler.send(clean_env_method) do
|
|
883
924
|
%x{#{bundle_install_cmd}}
|
|
925
|
+
|
|
884
926
|
output = %x{#{cmd} 2>&1}
|
|
885
927
|
|
|
886
928
|
unless $?.success?
|
|
@@ -1,121 +1,21 @@
|
|
|
1
1
|
HOSTS:
|
|
2
|
-
|
|
2
|
+
el7-build-server:
|
|
3
3
|
roles:
|
|
4
4
|
- default
|
|
5
|
-
- master
|
|
6
|
-
- agent
|
|
7
5
|
- build_server
|
|
8
|
-
platform: el-
|
|
6
|
+
platform: el-7-x86_64
|
|
9
7
|
hypervisor: docker
|
|
10
|
-
image:
|
|
11
|
-
|
|
12
|
-
- 'yum install -y epel-release'
|
|
13
|
-
- "echo 'Defaults:build_user !requiretty' >> /etc/sudoers"
|
|
14
|
-
- "echo 'build_user ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers"
|
|
15
|
-
- 'useradd -b /home -m -c "Build User" -s /bin/bash -U build_user'
|
|
16
|
-
- 'yum install -y facter rubygem-json'
|
|
17
|
-
# simp build-deps
|
|
18
|
-
- 'yum install -y rpm-build augeas-devel createrepo genisoimage git gnupg2 libicu-devel libxml2 libxml2-devel libxslt libxslt-devel rpmdevtools which'
|
|
19
|
-
# rvm build-deps
|
|
20
|
-
- 'yum install -y libyaml-devel glibc-headers autoconf gcc-c++ glibc-devel readline-devel libffi-devel openssl-devel automake libtool bison sqlite-devel'
|
|
21
|
-
|
|
22
|
-
#
|
|
23
|
-
# Do our best to get one of the keys from at one of the servers, and to
|
|
24
|
-
# trust the right ones if the GPG keyservers return bad keys
|
|
25
|
-
#
|
|
26
|
-
# These are the keys we want:
|
|
27
|
-
#
|
|
28
|
-
# 409B6B1796C275462A1703113804BB82D39DC0E3 # mpapis@gmail.com
|
|
29
|
-
# 7D2BAF1CF37B13E2069D6956105BD0E739499BDB # piotr.kuczynski@gmail.com
|
|
30
|
-
#
|
|
31
|
-
# See:
|
|
32
|
-
# - https://rvm.io/rvm/security
|
|
33
|
-
# - https://github.com/rvm/rvm/blob/master/docs/gpg.md
|
|
34
|
-
# - https://github.com/rvm/rvm/issues/4449
|
|
35
|
-
# - https://github.com/rvm/rvm/issues/4250
|
|
36
|
-
# - https://seclists.org/oss-sec/2018/q3/174
|
|
37
|
-
#
|
|
38
|
-
# NOTE (mostly to self): In addition to RVM's documented procedures,
|
|
39
|
-
# importing from https://keybase.io/mpapis may be a practical
|
|
40
|
-
# alternative for 409B6B1796C275462A1703113804BB82D39DC0E3:
|
|
41
|
-
#
|
|
42
|
-
# curl https://keybase.io/mpapis/pgp_keys.asc | gpg2 --import
|
|
43
|
-
#
|
|
44
|
-
- 'runuser build_user -l -c "for i in {1..5}; do { gpg2 --keyserver hkp://pool.sks-keyservers.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 || gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3; } && break || sleep 1; done"'
|
|
45
|
-
- 'runuser build_user -l -c "for i in {1..5}; do { gpg2 --keyserver hkp://pool.sks-keyservers.net --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB || gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB; } && break || sleep 1; done"'
|
|
46
|
-
# - 'runuser build_user -l -c "gpg2 --refresh-keys"'
|
|
47
|
-
- 'runuser build_user -l -c "curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer -o rvm-installer && curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer.asc -o rvm-installer.asc && gpg2 --verify rvm-installer.asc rvm-installer && bash rvm-installer"'
|
|
48
|
-
- 'runuser build_user -l -c "rvm install 2.4"'
|
|
49
|
-
- 'runuser build_user -l -c "rvm use --default 2.4"'
|
|
50
|
-
- 'runuser build_user -l -c "rvm all do gem install bundler"'
|
|
51
|
-
mount_folders:
|
|
52
|
-
folder1:
|
|
53
|
-
host_path: ./
|
|
54
|
-
container_path: /host_files
|
|
55
|
-
docker_preserve_image: true
|
|
8
|
+
image: simpproject/simp_build_centos7
|
|
9
|
+
docker_cmd: '/usr/sbin/sshd -D -E /var/log/sshd.log'
|
|
56
10
|
|
|
57
|
-
|
|
11
|
+
el8-build-server:
|
|
58
12
|
roles:
|
|
59
13
|
- build_server
|
|
60
|
-
platform: el-
|
|
14
|
+
platform: el-8-x86_64
|
|
61
15
|
hypervisor: docker
|
|
62
|
-
image:
|
|
63
|
-
docker_cmd: '/sbin/
|
|
64
|
-
docker_image_commands:
|
|
65
|
-
- 'yum install -y epel-release'
|
|
66
|
-
- 'ln -sf /bin/true /usr/bin/systemctl'
|
|
67
|
-
# Work around regression in beaker-docker
|
|
68
|
-
# https://github.com/puppetlabs/beaker-docker/pull/15/files
|
|
69
|
-
- 'yum install -y sudo openssh-server openssh-clients'
|
|
70
|
-
- "sed -ri 's/^#?PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config"
|
|
71
|
-
- "sed -ri 's/^#?PasswordAuthentication .*/PasswordAuthentication yes/' /etc/ssh/sshd_config"
|
|
72
|
-
- "sed -ri 's/^#?UseDNS .*/UseDNS no/' /etc/ssh/sshd_config"
|
|
73
|
-
- "echo 'Defaults:build_user !requiretty' >> /etc/sudoers"
|
|
74
|
-
- "echo 'build_user ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers"
|
|
75
|
-
- 'useradd -b /home -m -c "Build User" -s /bin/bash -U build_user'
|
|
76
|
-
- 'yum install -y facter rubygem-json'
|
|
77
|
-
# simp build-deps
|
|
78
|
-
- 'yum install -y rpm-build augeas-devel createrepo genisoimage git gnupg2 libicu-devel libxml2 libxml2-devel libxslt libxslt-devel rpmdevtools clamav-update which'
|
|
79
|
-
|
|
80
|
-
# rvm build-deps
|
|
81
|
-
#
|
|
82
|
-
# Do our best to get one of the keys from at one of the servers, and to
|
|
83
|
-
# trust the right ones if the GPG keyservers return bad keys
|
|
84
|
-
#
|
|
85
|
-
# These are the keys we want:
|
|
86
|
-
#
|
|
87
|
-
# 409B6B1796C275462A1703113804BB82D39DC0E3 # mpapis@gmail.com
|
|
88
|
-
# 7D2BAF1CF37B13E2069D6956105BD0E739499BDB # piotr.kuczynski@gmail.com
|
|
89
|
-
#
|
|
90
|
-
# See:
|
|
91
|
-
# - https://rvm.io/rvm/security
|
|
92
|
-
# - https://github.com/rvm/rvm/blob/master/docs/gpg.md
|
|
93
|
-
# - https://github.com/rvm/rvm/issues/4449
|
|
94
|
-
# - https://github.com/rvm/rvm/issues/4250
|
|
95
|
-
# - https://seclists.org/oss-sec/2018/q3/174
|
|
96
|
-
#
|
|
97
|
-
# NOTE (mostly to self): In addition to RVM's documented procedures,
|
|
98
|
-
# importing from https://keybase.io/mpapis may be a practical
|
|
99
|
-
# alternative for 409B6B1796C275462A1703113804BB82D39DC0E3:
|
|
100
|
-
#
|
|
101
|
-
# curl https://keybase.io/mpapis/pgp_keys.asc | gpg2 --import
|
|
102
|
-
#
|
|
103
|
-
- 'runuser build_user -l -c "for i in {1..5}; do { gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3; } && { gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB; } && break || sleep 1; done"'
|
|
104
|
-
- 'runuser build_user -l -c "gpg2 --refresh-keys"'
|
|
105
|
-
- 'runuser build_user -l -c "curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer -o rvm-installer && curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer.asc -o rvm-installer.asc && gpg2 --verify rvm-installer.asc rvm-installer && bash rvm-installer"'
|
|
106
|
-
- 'runuser build_user -l -c "rvm install 2.4"'
|
|
107
|
-
- 'runuser build_user -l -c "rvm use --default 2.4"'
|
|
108
|
-
- 'runuser build_user -l -c "rvm all do gem install bundler"'
|
|
109
|
-
- 'yum install -y rpm-sign'
|
|
110
|
-
mount_folders:
|
|
111
|
-
folder1:
|
|
112
|
-
host_path: ./
|
|
113
|
-
container_path: /host_files
|
|
16
|
+
image: simpproject/simp_build_centos8
|
|
17
|
+
docker_cmd: '["/sbin/init"]'
|
|
114
18
|
docker_preserve_image: true
|
|
115
|
-
ssh:
|
|
116
|
-
password: root
|
|
117
|
-
auth_methods:
|
|
118
|
-
- password
|
|
119
19
|
|
|
120
20
|
CONFIG:
|
|
121
21
|
log_level: verbose
|
|
@@ -123,5 +23,17 @@ CONFIG:
|
|
|
123
23
|
<% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
|
|
124
24
|
puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
|
|
125
25
|
<% else -%>
|
|
126
|
-
puppet_collection:
|
|
26
|
+
puppet_collection: puppet6
|
|
127
27
|
<% end -%>
|
|
28
|
+
ssh:
|
|
29
|
+
password: root
|
|
30
|
+
auth_methods:
|
|
31
|
+
- password
|
|
32
|
+
docker_cap_add:
|
|
33
|
+
- AUDIT_WRITE
|
|
34
|
+
docker_preserve_image: true
|
|
35
|
+
mount_folders:
|
|
36
|
+
host_files:
|
|
37
|
+
host_path: ./
|
|
38
|
+
container_path: /host_files
|
|
39
|
+
opts: 'z'
|
|
@@ -1,22 +1,35 @@
|
|
|
1
1
|
require 'beaker-rspec'
|
|
2
|
+
require 'tmpdir'
|
|
3
|
+
require 'yaml'
|
|
2
4
|
require 'simp/beaker_helpers'
|
|
3
5
|
include Simp::BeakerHelpers
|
|
4
|
-
require 'tmpdir'
|
|
5
|
-
require 'pry' if ENV['PRY'] == 'yes'
|
|
6
6
|
|
|
7
7
|
require 'acceptance/support/simp_rake_helpers'
|
|
8
8
|
$LOAD_PATH.unshift(File.expand_path('../acceptance/support',__FILE__))
|
|
9
9
|
|
|
10
|
+
unless ENV['BEAKER_provision'] == 'no'
|
|
11
|
+
hosts.each do |host|
|
|
12
|
+
# Install Puppet
|
|
13
|
+
if host.is_pe?
|
|
14
|
+
install_pe
|
|
15
|
+
else
|
|
16
|
+
install_puppet
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
10
21
|
|
|
11
22
|
RSpec.configure do |c|
|
|
12
23
|
# provide helper methods to individual examples AND example groups
|
|
13
24
|
c.include Simp::BeakerHelpers::SimpRakeHelpers
|
|
14
25
|
c.extend Simp::BeakerHelpers::SimpRakeHelpers
|
|
15
26
|
|
|
27
|
+
# ensure that environment OS is ready on each host
|
|
28
|
+
fix_errata_on hosts
|
|
29
|
+
|
|
16
30
|
# Readable test descriptions
|
|
17
31
|
c.formatter = :documentation
|
|
18
32
|
|
|
19
|
-
# Configure all nodes in nodeset
|
|
20
33
|
c.before :suite do
|
|
21
34
|
end
|
|
22
35
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: simp-rake-helpers
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.11.
|
|
4
|
+
version: 5.11.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Tessmer
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2021-02-09 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: simp-beaker-helpers
|