vanagon 0.21.1 → 0.22.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5594ace45005baef8cc8dda25c0fa7c59f8bee3bd8224709d2dfbc0d8dfbbf5b
-  data.tar.gz: 6f5ccee0dd9713e2177dea361ffe93f65ac15d9ed69e30262a8b962efef67907
+  metadata.gz: 1cd74e5ec690b73ee51e201f896f81a448020c90509107ec229c603b19b578bb
+  data.tar.gz: 9584067cc8334e4b280f7105834ffa7efe08d62e5b418f89cc53ee90c6f436f6
 SHA512:
-  metadata.gz: f1fe1c250db472eaab9bd44c537a770c71a17313d5579a9dd198f9c585ffd281a921eadac4023debef2e96b0b66a280ef339ce9d0d58921cc4a18545a36c863f
-  data.tar.gz: b38c3ab64b33243ffbed532e48d0566a8f596f2c9bb8704789f4fe3398fd79fcc4a6c405dcaad0ec3edde0d6bdb9101eee68cf1a35f6a985b91543febe33f94e
+  metadata.gz: 1637ab1e2874427d490551f7e166a6607aadf6fa4c452697d4eb857bd5735369ad3977f6e53efc1e6b99c3bbda6bb5a0422be4366ccebeab00eda49805a93d05
+  data.tar.gz: 2e476edabd0575c234b2b94a23947b2d0c9c5dced079648deea0a014e98b15bd69bee833e02d234ab11eb6949323ac4f9aa7743fcc07918ed8ef5833070de546

data/README.md

@@ -230,6 +230,13 @@ time. The default value is *7200* seconds(120 minutes) but setting to any
 integer value these components to fail after the `VANAGON_TIMEOUT` count is reached.
 Note that this value is expected to be in seconds.
 
+##### `VANAGON_FORCE_SIGNING`
+By default, Vanagon does not fail if extra files signing fails, it just logs an
+error and continues building the package. This is unwanted behavior in
+environments where we expect a hard failure when signing cannot proceed. To
+force Vanagon to fail if extra files signing fails, ensure this variable is set
+before starting a build.
+
 #### Example usage
 `vanagon build --preserve puppet-agent el-6-i386` will build the puppet-agent project
 on the el-6-i386 platform and leave the host intact afterward.

data/lib/vanagon/engine/pooler.rb

@@ -15,7 +15,10 @@ class Vanagon
       def initialize(platform, target = nil, **opts)
         super
 
-        @available_poolers = ["https://vmpooler.delivery.puppetlabs.net", "https://nspooler-service-prod-1.delivery.puppetlabs.net"]
+        @available_poolers = %w[
+          https://vmpooler.delivery.puppetlabs.net
+          https://nspooler-prod.k8s.infracore.puppet.net
+        ]
         @token = load_token
         @required_attributes << "vmpooler_template"
       end

data/lib/vanagon/platform/defaults/debian-11-amd64.rb

@@ -0,0 +1,11 @@
+platform "debian-11-amd64" do |plat|
+  plat.servicedir "/lib/systemd/system"
+  plat.defaultdir "/etc/default"
+  plat.servicetype "systemd"
+  plat.codename "bullseye"
+
+  packages = %w(build-essential devscripts make quilt pkg-config debhelper rsync fakeroot cmake)
+  plat.provision_with "export DEBIAN_FRONTEND=noninteractive; apt-get update -qq; apt-get install -qy --no-install-recommends #{packages.join(' ')}"
+  plat.install_build_dependencies_with "DEBIAN_FRONTEND=noninteractive; apt-get install -qy --no-install-recommends "
+  plat.vmpooler_template "debian-11-x86_64"
+end

data/lib/vanagon/platform/osx.rb

@@ -64,6 +64,7 @@ class Vanagon
           --scripts $(tempdir)/osx/build/scripts \
           --identifier #{project.identifier}.#{project.name} \
           --version #{project.version} \
+          --preserve-xattr \
           --install-location / \
           payload/#{project.name}-#{project.version}-#{project.release}.pkg)",
          # Create a custom installer using the pkg above

data/lib/vanagon/utilities/extra_files_signer.rb

@@ -19,11 +19,13 @@ class Vanagon
             remote_host = "#{project.signing_username}@#{project.signing_hostname}"
             remote_destination_path = "#{remote_host}:#{tempdir}"
             remote_file_location = "#{remote_host}:#{file_location}"
+            extra_flags = ''
+            extra_flags = '--extended-attributes' if project.platform.is_macos?
 
             commands += [
-              "rsync -e '#{Vanagon::Utilities.ssh_command}' --verbose --recursive --hard-links --links  --no-perms --no-owner --no-group #{local_source_path} #{remote_destination_path}",
+              "rsync -e '#{Vanagon::Utilities.ssh_command}' --verbose --recursive --hard-links --links  --no-perms --no-owner --no-group #{extra_flags} #{local_source_path} #{remote_destination_path}",
               "#{Vanagon::Utilities.ssh_command} #{remote_host} #{project.signing_command} #{file_location}",
-              "rsync -e '#{Vanagon::Utilities.ssh_command}' --verbose --recursive --hard-links --links  --no-perms --no-owner --no-group #{remote_file_location} #{local_source_path}"
+              "rsync -e '#{Vanagon::Utilities.ssh_command}' --verbose --recursive --hard-links --links  --no-perms --no-owner --no-group #{extra_flags} #{remote_file_location} #{local_source_path}"
             ]
           end
 
@@ -31,6 +33,7 @@ class Vanagon
         rescue RuntimeError
           require 'vanagon/logger'
           VanagonLogger.error "Unable to connect to #{project.signing_username}@#{project.signing_hostname}, skipping signing extra files: #{project.extra_files_to_sign.join(',')}"
+          raise if ENV['VANAGON_FORCE_SIGNING']
           []
         end
       end

data/spec/lib/vanagon/utilities/extra_files_signer_spec.rb

@@ -68,21 +68,54 @@ describe Vanagon::Utilities::ExtraFilesSigner do
           Vanagon::Utilities::ExtraFilesSigner.commands(project._project, mktemp, source_dir)
           expect(VanagonLogger).to have_received(:error).with(/Unable to connect to test@abc/)
         end
+
+        it 'fails the build if VANAGON_FORCE_SIGNING is set' do
+          allow(ENV).to receive(:[]).with('VANAGON_FORCE_SIGNING').and_return('true')
+          expect {
+            Vanagon::Utilities::ExtraFilesSigner.commands(project._project, mktemp, source_dir)
+          }.to raise_error(RuntimeError)
+        end
       end
 
       context 'when success' do
-        it 'generates signing commands for each file' do
-          commands = Vanagon::Utilities::ExtraFilesSigner.commands(project._project, mktemp, source_dir)
-          expect(commands).to match(
-            [
-              "rsync -e '/usr/bin/ssh -p 22  -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' --verbose --recursive --hard-links --links  --no-perms --no-owner --no-group $(tempdir)/dir/source_dir/test1/a.rb test@abc:/tmp/xyz",
-              "/usr/bin/ssh -p 22  -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no test@abc codesign /tmp/xyz/a.rb",
-              "rsync -e '/usr/bin/ssh -p 22  -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' --verbose --recursive --hard-links --links  --no-perms --no-owner --no-group test@abc:/tmp/xyz/a.rb $(tempdir)/dir/source_dir/test1/a.rb",
-              "rsync -e '/usr/bin/ssh -p 22  -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' --verbose --recursive --hard-links --links  --no-perms --no-owner --no-group $(tempdir)/dir/source_dir/test2/b.rb test@abc:/tmp/xyz",
-              "/usr/bin/ssh -p 22  -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no test@abc codesign /tmp/xyz/b.rb",
-              "rsync -e '/usr/bin/ssh -p 22  -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' --verbose --recursive --hard-links --links  --no-perms --no-owner --no-group test@abc:/tmp/xyz/b.rb $(tempdir)/dir/source_dir/test2/b.rb"
-            ]
-          )
+        context 'when macos' do
+          it 'generates signing commands for each file using --extended-attributes' do
+            commands = Vanagon::Utilities::ExtraFilesSigner.commands(project._project, mktemp, source_dir)
+            expect(commands).to match(
+              [
+                "rsync -e '/usr/bin/ssh -p 22  -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' --verbose --recursive --hard-links --links  --no-perms --no-owner --no-group --extended-attributes $(tempdir)/dir/source_dir/test1/a.rb test@abc:/tmp/xyz",
+                "/usr/bin/ssh -p 22  -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no test@abc codesign /tmp/xyz/a.rb",
+                "rsync -e '/usr/bin/ssh -p 22  -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' --verbose --recursive --hard-links --links  --no-perms --no-owner --no-group --extended-attributes test@abc:/tmp/xyz/a.rb $(tempdir)/dir/source_dir/test1/a.rb",
+                "rsync -e '/usr/bin/ssh -p 22  -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' --verbose --recursive --hard-links --links  --no-perms --no-owner --no-group --extended-attributes $(tempdir)/dir/source_dir/test2/b.rb test@abc:/tmp/xyz",
+                "/usr/bin/ssh -p 22  -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no test@abc codesign /tmp/xyz/b.rb",
+                "rsync -e '/usr/bin/ssh -p 22  -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' --verbose --recursive --hard-links --links  --no-perms --no-owner --no-group --extended-attributes test@abc:/tmp/xyz/b.rb $(tempdir)/dir/source_dir/test2/b.rb"
+              ]
+            )
+          end
+        end
+
+        context 'when other platform' do
+          let(:platform_block) do
+            %( platform "windows-2012r2-x86_64" do |plat|
+            end
+            )
+          end
+
+          let(:platform) { Vanagon::Platform::DSL.new('windows-2012r2-x86_64') }
+
+          it 'generates signing commands for each file' do
+            commands = Vanagon::Utilities::ExtraFilesSigner.commands(project._project, mktemp, source_dir)
+            expect(commands).to match(
+              [
+                "rsync -e '/usr/bin/ssh -p 22  -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' --verbose --recursive --hard-links --links  --no-perms --no-owner --no-group  $(tempdir)/dir/source_dir/test1/a.rb test@abc:/tmp/xyz",
+                "/usr/bin/ssh -p 22  -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no test@abc codesign /tmp/xyz/a.rb",
+                "rsync -e '/usr/bin/ssh -p 22  -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' --verbose --recursive --hard-links --links  --no-perms --no-owner --no-group  test@abc:/tmp/xyz/a.rb $(tempdir)/dir/source_dir/test1/a.rb",
+                "rsync -e '/usr/bin/ssh -p 22  -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' --verbose --recursive --hard-links --links  --no-perms --no-owner --no-group  $(tempdir)/dir/source_dir/test2/b.rb test@abc:/tmp/xyz",
+                "/usr/bin/ssh -p 22  -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no test@abc codesign /tmp/xyz/b.rb",
+                "rsync -e '/usr/bin/ssh -p 22  -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' --verbose --recursive --hard-links --links  --no-perms --no-owner --no-group  test@abc:/tmp/xyz/b.rb $(tempdir)/dir/source_dir/test2/b.rb"
+              ]
+            )
+          end
         end
       end
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: vanagon
 version: !ruby/object:Gem::Version
-  version: 0.21.1
+  version: 0.22.0
 platform: ruby
 authors:
 - Puppet Labs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-07 00:00:00.000000000 Z
+date: 2021-07-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: docopt
@@ -153,6 +153,7 @@ files:
 - lib/vanagon/platform.rb
 - lib/vanagon/platform/deb.rb
 - lib/vanagon/platform/defaults/debian-10-amd64.rb
+- lib/vanagon/platform/defaults/debian-11-amd64.rb
 - lib/vanagon/platform/defaults/debian-8-amd64.rb
 - lib/vanagon/platform/defaults/debian-8-i386.rb
 - lib/vanagon/platform/defaults/debian-9-amd64.rb
@@ -323,42 +324,42 @@ signing_key:
 specification_version: 3
 summary: All of your packages will fit into this van with this one simple trick.
 test_files:
+- spec/lib/makefile_spec.rb
 - spec/lib/git/rev_list_spec.rb
-- spec/lib/vanagon/engine/always_be_scheduling_spec.rb
-- spec/lib/vanagon/engine/base_spec.rb
-- spec/lib/vanagon/engine/docker_spec.rb
-- spec/lib/vanagon/engine/pooler_spec.rb
-- spec/lib/vanagon/engine/local_spec.rb
-- spec/lib/vanagon/engine/hardware_spec.rb
-- spec/lib/vanagon/engine/ec2_spec.rb
-- spec/lib/vanagon/cli_spec.rb
-- spec/lib/vanagon/project/dsl_spec.rb
 - spec/lib/vanagon/utilities/shell_utilities_spec.rb
 - spec/lib/vanagon/utilities/extra_files_signer_spec.rb
-- spec/lib/vanagon/component_spec.rb
-- spec/lib/vanagon/platform_spec.rb
-- spec/lib/vanagon/driver_spec.rb
-- spec/lib/vanagon/component/rules_spec.rb
-- spec/lib/vanagon/component/source/local_spec.rb
-- spec/lib/vanagon/component/source/rewrite_spec.rb
-- spec/lib/vanagon/component/source/http_spec.rb
-- spec/lib/vanagon/component/source/git_spec.rb
-- spec/lib/vanagon/component/source_spec.rb
-- spec/lib/vanagon/component/dsl_spec.rb
-- spec/lib/vanagon/project_spec.rb
 - spec/lib/vanagon/common/pathname_spec.rb
 - spec/lib/vanagon/common/user_spec.rb
 - spec/lib/vanagon/environment_spec.rb
-- spec/lib/vanagon/extensions/set/json_spec.rb
-- spec/lib/vanagon/extensions/string_spec.rb
-- spec/lib/vanagon/extensions/ostruct/json_spec.rb
-- spec/lib/vanagon/platform/rpm_spec.rb
 - spec/lib/vanagon/platform/windows_spec.rb
 - spec/lib/vanagon/platform/deb_spec.rb
-- spec/lib/vanagon/platform/dsl_spec.rb
-- spec/lib/vanagon/platform/rpm/aix_spec.rb
 - spec/lib/vanagon/platform/solaris_11_spec.rb
-- spec/lib/vanagon/platform/osx_spec.rb
+- spec/lib/vanagon/platform/rpm_spec.rb
 - spec/lib/vanagon/platform/solaris_10_spec.rb
+- spec/lib/vanagon/platform/rpm/aix_spec.rb
+- spec/lib/vanagon/platform/osx_spec.rb
+- spec/lib/vanagon/platform/dsl_spec.rb
+- spec/lib/vanagon/component_spec.rb
 - spec/lib/vanagon/utilities_spec.rb
-- spec/lib/makefile_spec.rb
+- spec/lib/vanagon/project_spec.rb
+- spec/lib/vanagon/cli_spec.rb
+- spec/lib/vanagon/extensions/ostruct/json_spec.rb
+- spec/lib/vanagon/extensions/string_spec.rb
+- spec/lib/vanagon/extensions/set/json_spec.rb
+- spec/lib/vanagon/project/dsl_spec.rb
+- spec/lib/vanagon/platform_spec.rb
+- spec/lib/vanagon/engine/ec2_spec.rb
+- spec/lib/vanagon/engine/docker_spec.rb
+- spec/lib/vanagon/engine/hardware_spec.rb
+- spec/lib/vanagon/engine/local_spec.rb
+- spec/lib/vanagon/engine/always_be_scheduling_spec.rb
+- spec/lib/vanagon/engine/pooler_spec.rb
+- spec/lib/vanagon/engine/base_spec.rb
+- spec/lib/vanagon/component/source/rewrite_spec.rb
+- spec/lib/vanagon/component/source/local_spec.rb
+- spec/lib/vanagon/component/source/http_spec.rb
+- spec/lib/vanagon/component/source/git_spec.rb
+- spec/lib/vanagon/component/rules_spec.rb
+- spec/lib/vanagon/component/dsl_spec.rb
+- spec/lib/vanagon/component/source_spec.rb
+- spec/lib/vanagon/driver_spec.rb