diff options
author | Kartik Null Cating-Subramanian <ksubramanian@chef.io> | 2016-02-04 21:38:06 -0500 |
---|---|---|
committer | Kartik Null Cating-Subramanian <ksubramanian@chef.io> | 2016-02-04 21:38:06 -0500 |
commit | 328b16aa75ce8dc49cb8f7b18900d3c68148b789 (patch) | |
tree | b3560f86934a0d64efc292b6b80edc256d404be5 | |
parent | 3079e7bbcb13780322c9748876392f1ebad20447 (diff) | |
parent | a655b753400d5925d749fec36413a51ceead523c (diff) | |
download | chef-328b16aa75ce8dc49cb8f7b18900d3c68148b789.tar.gz |
Merge pull request #4512 from chef/ksubrama/fips
Make chef-fips pipeline build everything from source.
-rw-r--r-- | omnibus/.kitchen.yml | 7 | ||||
-rw-r--r-- | omnibus/Berksfile.lock | 30 | ||||
-rw-r--r-- | omnibus/config/projects/angrychef.rb | 1 | ||||
-rw-r--r-- | omnibus/config/projects/chef-fips.rb | 17 | ||||
-rw-r--r-- | omnibus/config/projects/chef.rb | 3 |
5 files changed, 24 insertions, 34 deletions
diff --git a/omnibus/.kitchen.yml b/omnibus/.kitchen.yml index 7ca0af7f25..fa3e8c85ce 100644 --- a/omnibus/.kitchen.yml +++ b/omnibus/.kitchen.yml @@ -102,6 +102,13 @@ suites: install_dir: /opt/angrychef run_list: - omnibus::default + - name: chef-fips + attributes: + omnibus: + <<: *attribute_defaults + install_dir: /opt/chef-fips + run_list: + - omnibus::default - name: chef provisioner: chef_omnibus_install_options: -P angrychef diff --git a/omnibus/Berksfile.lock b/omnibus/Berksfile.lock deleted file mode 100644 index 975ab05c90..0000000000 --- a/omnibus/Berksfile.lock +++ /dev/null @@ -1,30 +0,0 @@ -DEPENDENCIES - apt (~> 2.3) - freebsd (~> 0.1) - omnibus - yum-epel (~> 0.3) - -GRAPH - 7-zip (1.0.2) - windows (>= 1.2.2) - apt (2.7.0) - build-essential (2.2.3) - chef-sugar (3.1.0) - chef_handler (1.1.9) - freebsd (0.3.0) - homebrew (1.12.0) - build-essential (>= 2.1.2) - omnibus (2.6.7) - 7-zip (~> 1.0) - build-essential (~> 2.0) - chef-sugar (~> 3.0) - homebrew (~> 1.9) - windows (~> 1.30) - wix (~> 1.1) - windows (1.37.0) - chef_handler (>= 0.0.0) - wix (1.1.0) - windows (>= 1.2.2) - yum (3.6.0) - yum-epel (0.6.0) - yum (~> 3.0) diff --git a/omnibus/config/projects/angrychef.rb b/omnibus/config/projects/angrychef.rb index f1e578fdc1..48902e6607 100644 --- a/omnibus/config/projects/angrychef.rb +++ b/omnibus/config/projects/angrychef.rb @@ -19,6 +19,7 @@ # test machines. As such this project definition is just a thin wrapper around # `config/project/chef.rb`. # +current_file = __FILE__ chef_project_contents = IO.read(File.expand_path("../chef.rb", __FILE__)) self.instance_eval chef_project_contents diff --git a/omnibus/config/projects/chef-fips.rb b/omnibus/config/projects/chef-fips.rb index be059f332c..c91dbc4b89 100644 --- a/omnibus/config/projects/chef-fips.rb +++ b/omnibus/config/projects/chef-fips.rb @@ -16,9 +16,9 @@ # # This is the chef client build with FIPS mode enabled. -# It's a stub for now and produces identical results # -chef_project_contents = IO.read(File.expand_path("../chef.rb", __FILE__)) +current_file = __FILE__ +chef_project_contents = IO.read(File.expand_path("../chef.rb", current_file)) self.instance_eval chef_project_contents name "chef-fips" @@ -34,7 +34,16 @@ else install_dir "#{default_root}/#{name}" end -override :'ruby-windows', version: "2.0.0-p647" +# Even if chef marches ahead, make sure that we stay pinned to 1.10.6 +# bundler 1.11 introduces some new features that require zlib. The zlib1.dll +# base address is generated by gcc to overlap that of libeay.dll. This will +# force windows into relocating libeay, freaking out the FIPS integrity +# verifier. Lol security indeed. +# Delete this once all dlls we generate are appropriately relocated. +override :bundler, version: "1.10.6" + +override :ruby, version: "2.1.7" +override :"rb-readline", version: "v0.5.3" # Global FIPS override flag. override :fips, enabled: true @@ -42,6 +51,8 @@ override :fips, enabled: true override :chef, version: "local_source" override :ohai, version: "master" +dependency "rb-readline" + msi_upgrade_code = "819F5DB3-B818-4358-BB2B-54B8171D0A26" project_location_dir = "chef-fips" diff --git a/omnibus/config/projects/chef.rb b/omnibus/config/projects/chef.rb index 6a0f5eb96e..1dde5cfe85 100644 --- a/omnibus/config/projects/chef.rb +++ b/omnibus/config/projects/chef.rb @@ -20,7 +20,8 @@ maintainer "Chef Software, Inc. <maintainers@chef.io>" homepage "https://www.chef.io" build_iteration 1 -version_file = File.expand_path("../../../../VERSION", __FILE__) +current_file ||= __FILE__ +version_file = File.expand_path("../../../../VERSION", current_file) build_version IO.read(version_file).strip if windows? |