Merge pull request #4512 from chef/ksubrama/fips

Make chef-fips pipeline build everything from source.

5 files changed, 24 insertions, 34 deletions

diff --git a/omnibus/.kitchen.yml b/omnibus/.kitchen.yml
index 7ca0af7f25..fa3e8c85ce 100644
--- a/omnibus/.kitchen.yml
+++ b/omnibus/.kitchen.yml
@@ -102,6 +102,13 @@ suites:
         install_dir: /opt/angrychef
     run_list:
       - omnibus::default
+  - name: chef-fips
+    attributes:
+      omnibus:
+        <<: *attribute_defaults
+        install_dir: /opt/chef-fips
+    run_list:
+      - omnibus::default
   - name: chef
     provisioner:
       chef_omnibus_install_options: -P angrychef
diff --git a/omnibus/Berksfile.lock b/omnibus/Berksfile.lock
deleted file mode 100644
index 975ab05c90..0000000000
--- a/omnibus/Berksfile.lock
+++ /dev/null
@@ -1,30 +0,0 @@
-DEPENDENCIES
-  apt (~> 2.3)
-  freebsd (~> 0.1)
-  omnibus
-  yum-epel (~> 0.3)
-
-GRAPH
-  7-zip (1.0.2)
-    windows (>= 1.2.2)
-  apt (2.7.0)
-  build-essential (2.2.3)
-  chef-sugar (3.1.0)
-  chef_handler (1.1.9)
-  freebsd (0.3.0)
-  homebrew (1.12.0)
-    build-essential (>= 2.1.2)
-  omnibus (2.6.7)
-    7-zip (~> 1.0)
-    build-essential (~> 2.0)
-    chef-sugar (~> 3.0)
-    homebrew (~> 1.9)
-    windows (~> 1.30)
-    wix (~> 1.1)
-  windows (1.37.0)
-    chef_handler (>= 0.0.0)
-  wix (1.1.0)
-    windows (>= 1.2.2)
-  yum (3.6.0)
-  yum-epel (0.6.0)
-    yum (~> 3.0)
diff --git a/omnibus/config/projects/angrychef.rb b/omnibus/config/projects/angrychef.rb
index f1e578fdc1..48902e6607 100644
--- a/omnibus/config/projects/angrychef.rb
+++ b/omnibus/config/projects/angrychef.rb
@@ -19,6 +19,7 @@
 # test machines. As such this project definition is just a thin wrapper around
 # `config/project/chef.rb`.
 #
+current_file = __FILE__
 chef_project_contents = IO.read(File.expand_path("../chef.rb", __FILE__))
 self.instance_eval chef_project_contents
 
diff --git a/omnibus/config/projects/chef-fips.rb b/omnibus/config/projects/chef-fips.rb
index be059f332c..c91dbc4b89 100644
--- a/omnibus/config/projects/chef-fips.rb
+++ b/omnibus/config/projects/chef-fips.rb
@@ -16,9 +16,9 @@
 
 #
 # This is the chef client build with FIPS mode enabled.
-# It's a stub for now and produces identical results
 #
-chef_project_contents = IO.read(File.expand_path("../chef.rb", __FILE__))
+current_file = __FILE__
+chef_project_contents = IO.read(File.expand_path("../chef.rb", current_file))
 self.instance_eval chef_project_contents
 
 name "chef-fips"
@@ -34,7 +34,16 @@ else
   install_dir "#{default_root}/#{name}"
 end
 
-override :'ruby-windows', version: "2.0.0-p647"
+# Even if chef marches ahead, make sure that we stay pinned to 1.10.6
+# bundler 1.11 introduces some new features that require zlib. The zlib1.dll
+# base address is generated by gcc to overlap that of libeay.dll. This will
+# force windows into relocating libeay, freaking out the FIPS integrity
+# verifier. Lol security indeed.
+# Delete this once all dlls we generate are appropriately relocated.
+override :bundler, version: "1.10.6"
+
+override :ruby, version: "2.1.7"
+override :"rb-readline", version: "v0.5.3"
 
 # Global FIPS override flag.
 override :fips, enabled: true
@@ -42,6 +51,8 @@ override :fips, enabled: true
 override :chef, version: "local_source"
 override :ohai, version: "master"
 
+dependency "rb-readline"
+
 msi_upgrade_code = "819F5DB3-B818-4358-BB2B-54B8171D0A26"
 project_location_dir = "chef-fips"
 
diff --git a/omnibus/config/projects/chef.rb b/omnibus/config/projects/chef.rb
index 6a0f5eb96e..1dde5cfe85 100644
--- a/omnibus/config/projects/chef.rb
+++ b/omnibus/config/projects/chef.rb
@@ -20,7 +20,8 @@ maintainer "Chef Software, Inc. <maintainers@chef.io>"
 homepage "https://www.chef.io"
 
 build_iteration 1
-version_file = File.expand_path("../../../../VERSION", __FILE__)
+current_file ||= __FILE__
+version_file = File.expand_path("../../../../VERSION", current_file)
 build_version IO.read(version_file).strip
 
 if windows?