Module: Pkg::Util::Sign

Defined in:
lib/packaging/util/sign.rb

Class Method Summary collapse

Class Method Details

.sign_all(root_directory = nil) ⇒ Object

Sign all locally staged packages on signing server.



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/packaging/util/sign.rb', line 7

def sign_all(root_directory = nil)
  Pkg::Util::File.fetch
  root_directory ||= ENV['DEFAULT_DIRECTORY']
  Dir["#{root_directory}/*"].empty? and fail "There were no files found in #{root_directory}. \
  Maybe you wanted to build/retrieve something first?"

  # Because rpms and debs are laid out differently in PE under pkg/ they
  # have a different sign task to address this. Rather than create a whole
  # extra :jenkins task for signing PE, we determine which sign task to use
  # based on if we're building PE.
  # We also listen in on the environment variable SIGNING_BUNDLE. This is
  # _NOT_ intended for public use, but rather with the internal promotion
  # workflow for Puppet Enterprise. SIGNING_BUNDLE is the path to a tarball
  # containing a git bundle to be used as the environment for the packaging
  # repo in a signing operation.
  signing_bundle = ENV['SIGNING_BUNDLE']
  sign_tasks = ["pl:sign_rpms"]
  sign_tasks    << "pl:sign_deb_changes" unless Dir["#{root_directory}/**/*.changes"].empty?
  sign_tasks    << "pl:sign_tar" if Pkg::Config.build_tar
  sign_tasks    << "pl:sign_gem" if Pkg::Config.build_gem
  sign_tasks    << "pl:sign_osx" if Pkg::Config.build_dmg || Pkg::Config.vanagon_project
  sign_tasks    << "pl:sign_svr4" if Pkg::Config.vanagon_project
  sign_tasks    << "pl:sign_ips" if Pkg::Config.vanagon_project
  sign_tasks    << "pl:sign_msi" if Pkg::Config.build_msi || Pkg::Config.vanagon_project
  remote_repo = Pkg::Util::Net.remote_unpack_git_bundle(Pkg::Config.signing_server, 'HEAD', nil, signing_bundle)
  build_params = Pkg::Util::Net.remote_buildparams(Pkg::Config.signing_server, Pkg::Config)
  Pkg::Util::Net.rsync_to(root_directory, Pkg::Config.signing_server, remote_repo)
  rake_command = <<~DOC
    cd #{remote_repo} ;
    #{Pkg::Util::Net.remote_bundle_install_command}
    bundle exec rake #{sign_tasks.map { |task| task + "[#{root_directory}]" }.join(' ')} PARAMS_FILE=#{build_params}
  DOC
  Pkg::Util::Net.remote_execute(Pkg::Config.signing_server, rake_command)
  Pkg::Util::Net.rsync_from("#{remote_repo}/#{root_directory}/", Pkg::Config.signing_server, "#{root_directory}/")
  Pkg::Util::Net.remote_execute(Pkg::Config.signing_server, "rm -rf #{remote_repo}")
  Pkg::Util::Net.remote_execute(Pkg::Config.signing_server, "rm #{build_params}")
  puts "Signed packages staged in #{root_directory}/ directory"
end