Class: Berkshelf::Lockfile

Inherits:
Object
  • Object
show all
Includes:
Mixin::Logging
Defined in:
lib/berkshelf/lockfile.rb

Defined Under Namespace

Classes: Graph, LockfileParser

Constant Summary collapse

DEFAULT_FILENAME =
'Berksfile.lock'.freeze
DEPENDENCIES =
'DEPENDENCIES'.freeze
GRAPH =
'GRAPH'.freeze

Instance Attribute Summary collapse

Attributes included from Mixin::Logging

#logger

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ Lockfile

Create a new lockfile instance associated with the given Berksfile. If a Lockfile exists, it is automatically loaded. Otherwise, an empty instance is created and ready for use.

Parameters:

  • options (Hash) (defaults to: {})

    a customizable set of options

Options Hash (options):

  • :filepath (String)

    filepath to the lockfile

  • :berksfile (Berkshelf::Berksfile)

    the Berksfile associated with this Lockfile


54
55
56
57
58
59
60
61
# File 'lib/berkshelf/lockfile.rb', line 54

def initialize(options = {})
  @filepath     = options[:filepath].to_s
  @berksfile    = options[:berksfile]
  @dependencies = {}
  @graph        = Graph.new(self)

  parse if File.exists?(@filepath)
end

Instance Attribute Details

#berksfileBerkshelf::Berksfile (readonly)

Returns the Berksfile for this Lockfile.

Returns:


40
41
42
# File 'lib/berkshelf/lockfile.rb', line 40

def berksfile
  @berksfile
end

#filepathPathname (readonly)

Returns the path to this Lockfile.

Returns:

  • (Pathname)

    the path to this Lockfile


36
37
38
# File 'lib/berkshelf/lockfile.rb', line 36

def filepath
  @filepath
end

#graphLockfile::Graph (readonly)

Returns the dependency graph.

Returns:


44
45
46
# File 'lib/berkshelf/lockfile.rb', line 44

def graph
  @graph
end

Class Method Details

.from_berksfile(berksfile) ⇒ Object

Initialize a Lockfile from the given Berksfile

Parameters:


18
19
20
21
22
23
24
# File 'lib/berkshelf/lockfile.rb', line 18

def from_berksfile(berksfile)
  parent = File.expand_path(File.dirname(berksfile.filepath))
  lockfile_name = "#{File.basename(berksfile.filepath)}.lock"

  filepath = File.join(parent, lockfile_name)
  new(berksfile: berksfile, filepath: filepath)
end

.from_file(filepath) ⇒ Object

Initialize a Lockfile from the given filepath

Parameters:

  • filepath (String)

    filepath to the lockfile


10
11
12
# File 'lib/berkshelf/lockfile.rb', line 10

def from_file(filepath)
  new(filepath: filepath)
end

Instance Method Details

#add(dependency) ⇒ Dependency

Add a new cookbok to the lockfile. If an entry already exists by the given name, it will be overwritten.

Parameters:

  • dependency (Dependency)

    the dependency to add

Returns:


264
265
266
# File 'lib/berkshelf/lockfile.rb', line 264

def add(dependency)
  @dependencies[Dependency.name(dependency)] = dependency
end

#apply(name, options = {}) ⇒ Object

Resolve this Berksfile and apply the locks found in the generated Berksfile.lock to the target Chef environment

Parameters:

  • name (String)

    the name of the environment to apply the locks to

  • options (Hash) (defaults to: {})

    a customizable set of options

Options Hash (options):

  • :ssl_verify (Hash) — default: true

    Disable/Enable SSL verification during uploads

Raises:

  • (EnvironmentNotFound)

    if the target environment was not found on the remote Chef Server

  • (ChefConnectionError)

    if you are locking cookbooks with an invalid or not-specified client configuration


203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
# File 'lib/berkshelf/lockfile.rb', line 203

def apply(name, options = {})
  Berkshelf.ridley_connection(options) do |connection|
    environment = connection.environment.find(name)

    raise EnvironmentNotFound.new(name) if environment.nil?

    locks = graph.locks.inject({}) do |hash, (name, dependency)|
      hash[name] = "= #{dependency.locked_version.to_s}"
      hash
    end

    environment.cookbook_versions = locks
    environment.save
  end
end

#cachedArray<CachedCookbook>

Returns:


220
221
222
# File 'lib/berkshelf/lockfile.rb', line 220

def cached
  graph.locks.values.collect { |dependency| dependency.cached_cookbook }
end

#dependenciesArray<Berkshelf::Dependency>

The list of dependencies constrained in this lockfile.

Returns:


228
229
230
# File 'lib/berkshelf/lockfile.rb', line 228

def dependencies
  @dependencies.values
end

#dependency?(dependency) ⇒ Boolean Also known as: has_dependency?

Determine if this lockfile contains the given dependency.

Parameters:

Returns:

  • (Boolean)

    true if the dependency exists, false otherwise


252
253
254
# File 'lib/berkshelf/lockfile.rb', line 252

def dependency?(dependency)
  !find(dependency).nil?
end

#find(dependency) ⇒ Berkshelf::Dependency?

Find the given dependency in this lockfile. This method accepts a dependency attribute which may either be the name of a cookbook (String) or an actual cookbook dependency.

Parameters:

Returns:

  • (Berkshelf::Dependency, nil)

    the cookbook dependency from this lockfile or nil if one was not found


241
242
243
# File 'lib/berkshelf/lockfile.rb', line 241

def find(dependency)
  @dependencies[Dependency.name(dependency)]
end

#inspectObject


469
470
471
# File 'lib/berkshelf/lockfile.rb', line 469

def inspect
  "#<Berkshelf::Lockfile #{Pathname.new(filepath).basename}, dependencies: #{dependencies.inspect}>"
end

#locksObject


268
269
270
# File 'lib/berkshelf/lockfile.rb', line 268

def locks
  graph.locks
end

#parseObject

Parse the lockfile.

Returns:

  • true


66
67
68
69
70
71
# File 'lib/berkshelf/lockfile.rb', line 66

def parse
  LockfileParser.new(self).run
  true
rescue => e
  raise LockfileParserError.new(e)
end

#present?Boolean

Determine if this lockfile actually exists on disk.

Returns:

  • (Boolean)

    true if this lockfile exists on the disk, false otherwise


77
78
79
# File 'lib/berkshelf/lockfile.rb', line 77

def present?
  File.exists?(filepath) && !File.read(filepath).strip.empty?
end

#reduce!Array<Dependency>

Iterate over each top-level dependency defined in the lockfile and check if that dependency is still defined in the Berksfile.

If the dependency is no longer present in the Berksfile, it is “safely” removed using #unlock and Lockfile#remove. This prevents the lockfile from “leaking” dependencies when they have been removed from the Berksfile, but still remained locked in the lockfile.

If the dependency exists, a constraint comparison is conducted to verify that the locked dependency still satisifes the original constraint. This handles the edge case where a user has updated or removed a constraint on a dependency that already existed in the lockfile.

Returns:

Raises:

  • (OutdatedDependency)

    if the constraint exists, but is no longer satisifed by the existing locked version


356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
# File 'lib/berkshelf/lockfile.rb', line 356

def reduce!
  Berkshelf.log.info "Reducing lockfile"

  Berkshelf.log.debug "Current lockfile:"
  Berkshelf.log.debug ""
  to_lock.each_line do |line|
    Berkshelf.log.debug "  #{line.chomp}"
  end
  Berkshelf.log.debug ""


  # Unlock any locked dependencies that are no longer in the Berksfile
  Berkshelf.log.debug "Unlocking dependencies no longer in the Berksfile"

  dependencies.each do |dependency|
    Berkshelf.log.debug "  Checking #{dependency}"

    if berksfile.has_dependency?(dependency.name)
      Berkshelf.log.debug "    Skipping unlock for #{dependency.name} (exists in the Berksfile)"
    else
      Berkshelf.log.debug "    Unlocking #{dependency.name}"
      unlock(dependency, true)
    end
  end

  # Remove any transitive dependencies
  Berkshelf.log.debug "Removing transitive dependencies"

  berksfile.dependencies.each do |dependency|
    Berkshelf.log.debug "  Checking #{dependency}"

    graphed = graph.find(dependency)

    if graphed.nil?
      Berkshelf.log.debug "    Skipping (not graphed)"
      next
    end

    unless dependency.version_constraint.satisfies?(graphed.version)
      Berkshelf.log.debug "    Constraints are not satisfied!"
      raise OutdatedDependency.new(graphed, dependency)
    end

    if cookbook = dependency.cached_cookbook
      Berkshelf.log.debug "    Cached cookbook exists"
      Berkshelf.log.debug "    Checking dependencies on the cached cookbook"

      graphed.dependencies.each do |name, constraint|
        Berkshelf.log.debug "      Checking #{name} (#{constraint})"

        # Unless the cookbook still depends on this key, we want to queue it
        # for unlocking. This is the magic that prevents transitive
        # dependency leaking.
        unless cookbook.dependencies.has_key?(name)
          Berkshelf.log.debug "        Not found!"
          unlock(name, true)
        end
      end
    end
  end

  Berkshelf.log.debug "New lockfile:"
  Berkshelf.log.debug ""
  to_lock.each_line do |line|
    Berkshelf.log.debug "  #{line.chomp}"
  end
  Berkshelf.log.debug ""
end

#retrieve(dependency) ⇒ CachedCookbook

Retrieve information about a given cookbook that is in this lockfile.

Parameters:

  • dependency (String, Dependency)

    the dependency or name of the dependency to find

Returns:

  • (CachedCookbook)

    the CachedCookbook that corresponds to the given name parameter

Raises:

  • (DependencyNotFound)

    if this lockfile does not have the given dependency

  • (CookbookNotFound)

    if this lockfile has the dependency, but the cookbook is not installed


284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
# File 'lib/berkshelf/lockfile.rb', line 284

def retrieve(dependency)
  locked = graph.locks[Dependency.name(dependency)]

  if locked.nil?
    raise DependencyNotFound.new(Dependency.name(dependency))
  end

  unless locked.installed?
    name    = locked.name
    version = locked.locked_version || locked.version_constraint
    raise CookbookNotFound.new(name, version, 'in the cookbook store')
  end

  locked.cached_cookbook
end

#satisfies_transitive?(graph_item, checked, level = 0) ⇒ Boolean

Recursive helper method for checking if transitive dependencies (i.e. those dependencies defined in the metadata) are satisfied. This method is used in calculating the trustworthiness of a lockfile.

Parameters:

  • graph_item (GraphItem)

    the graph item to check transitive dependencies for

  • checked (Hash)

    the list of already checked dependencies

Returns:

  • (Boolean)

156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
# File 'lib/berkshelf/lockfile.rb', line 156

def satisfies_transitive?(graph_item, checked, level = 0)
  indent = ' '*(level + 2)

  Berkshelf.log.debug "#{indent}Checking transitive dependencies for #{graph_item}"

  if checked[graph_item.name]
    Berkshelf.log.debug "#{indent}  Already checked - skipping"
    return true
  end

  graph_item.dependencies.each do |name, constraint|
    Berkshelf.log.debug "#{indent}  Checking #{name} (#{constraint})"

    graphed = graph.find(name)
    if graphed.nil?
      Berkshelf.log.debug "#{indent}  Not graphed - cannot be satisifed"
      return false
    end

    unless Semverse::Constraint.new(constraint).satisfies?(graphed.version)
      Berkshelf.log.debug "#{indent}  Version constraint is not satisfied"
      return false
    end

    checked[name] = true

    unless satisfies_transitive?(graphed, checked, level + 2)
      Berkshelf.log.debug "#{indent}  Transitive are not satisifed"
      return false
    end
  end
end

#savetrue, false

Write the contents of the current statue of the lockfile to disk. This method uses an atomic file write. A temporary file is created, written, and then copied over the existing one. This ensures any partial updates or failures do no affect the lockfile. The temporary file is ensured deletion.

Returns:

  • (true, false)

    true if the lockfile was saved, false otherwise


434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
# File 'lib/berkshelf/lockfile.rb', line 434

def save
  return false if dependencies.empty?

  tempfile = Tempfile.new(['Berksfile',  '.lock'])

  tempfile.write(to_lock)

  tempfile.rewind
  tempfile.close

  # Move the lockfile into place
  FileUtils.cp(tempfile.path, filepath)

  true
ensure
  tempfile.unlink if tempfile
end

#to_lockObject


453
454
455
456
457
458
459
460
461
# File 'lib/berkshelf/lockfile.rb', line 453

def to_lock
  out = "#{DEPENDENCIES}\n"
  dependencies.sort.each do |dependency|
    out << dependency.to_lock
  end
  out << "\n"
  out << graph.to_lock
  out
end

#to_sObject


464
465
466
# File 'lib/berkshelf/lockfile.rb', line 464

def to_s
  "#<Berkshelf::Lockfile #{Pathname.new(filepath).basename}>"
end

#trusted?Boolean

Determine if we can “trust” this lockfile. A lockfile is trustworthy if:

1. All dependencies defined in the Berksfile are present in this
   lockfile
2. Each dependency's transitive dependencies are contained and locked
   in the lockfile
3. Each dependency's constraint in the Berksfile is still satisifed by
   the currently locked version

This method does not account for leaky dependencies (i.e. dependencies defined in the lockfile that are no longer present in the Berksfile); this edge case is handed by the installer.

Returns:

  • (Boolean)

    true if this lockfile is trusted, false otherwise


96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
# File 'lib/berkshelf/lockfile.rb', line 96

def trusted?
  Berkshelf.log.info 'Checking if lockfile is trusted'

  checked = {}

  berksfile.dependencies.each do |dependency|
    Berkshelf.log.debug "Checking #{dependency}"

    locked = find(dependency)
    if locked.nil?
      Berkshelf.log.debug "  Not in lockfile - cannot be trusted!"
      return false
    end

    graphed = graph.find(dependency)
    if graphed.nil?
      Berkshelf.log.debug "  Not in graph - cannot be trusted!"
      return false
    end

    if cookbook = dependency.cached_cookbook
      Berkshelf.log.debug "  Detected there is a cached cookbook"

      unless (cookbook.dependencies.keys - graphed.dependencies.keys).empty?
        Berkshelf.log.debug "  Cached cookbook has different dependencies - cannot be trusted!"
        return false
      end
    end

    unless dependency.location == locked.location
      Berkshelf.log.debug "  Different location - cannot be trusted!"
      Berkshelf.log.debug "    Dependency location: #{dependency.location.inspect}"
      Berkshelf.log.debug "    Locked location:     #{locked.location.inspect}"
      return false
    end

    unless dependency.version_constraint.satisfies?(graphed.version)
      Berkshelf.log.debug "  Version constraint is not satisified - cannot be trusted!"
      return false
    end

    unless satisfies_transitive?(graphed, checked)
      Berkshelf.log.debug "  Transitive dependencies not satisfies - cannot be trusted!"
      return false
    end
  end

  true
end

#unlock(dependency, force = false) ⇒ Object

Remove the given dependency from this lockfile. This method accepts a dependency attribute which may either be the name of a cookbook, as a String or an actual Dependency object.

This method first removes the dependency from the list of top-level dependencies. Then it uses a recursive algorithm to safely remove any other dependencies from the graph that are no longer needed.

Parameters:

  • dependency (String)

    the name of the cookbook to remove


322
323
324
325
326
327
328
329
330
# File 'lib/berkshelf/lockfile.rb', line 322

def unlock(dependency, force = false)
  @dependencies.delete(Dependency.name(dependency))

  if force
    graph.remove(dependency, ignore: graph.locks.keys)
  else
    graph.remove(dependency)
  end
end

#unlock_allObject

Completely remove all dependencies from the lockfile and underlying graph.


333
334
335
336
# File 'lib/berkshelf/lockfile.rb', line 333

def unlock_all
  @dependencies = {}
  @graph        = Graph.new(self)
end

#update(dependencies) ⇒ Object

Replace the list of dependencies.

Parameters:


304
305
306
307
308
309
310
# File 'lib/berkshelf/lockfile.rb', line 304

def update(dependencies)
  @dependencies = {}

  dependencies.each do |dependency|
    @dependencies[Dependency.name(dependency)] = dependency
  end
end