github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #440 from firezone/fix-precommit-fail

Browse Source 
Fix precommit fail
This commit is contained in:
Jamil
2022-02-05 16:45:50 -08:00
committed by GitHub
parent da39f9395f 1e135cff85
commit 7fc294fdac
89 changed files with 9986 additions and 1614 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
.ci/functional_test.sh
View File

@@ -40,3 +40,18 @@ echo $page
echo "Testing for sign in button"
echo $page | grep '<button class="button" type="submit">Sign In</button>'
echo "Testing telemetry_id survives reconfigures"
tid1=`cat /var/opt/firezone/cache/telemetry_id`
sudo firezone-ctl reconfigure
tid2=`cat /var/opt/firezone/cache/telemetry_id`
if [ "$tid1" = "$tid2" ]; then
echo "telemetry_ids match!"
else
echo "telemetry_ids differ:"
echo $tid1
echo $tid2
exit 1
fi

7
.github/workflows/ci.yml vendored
View File

@@ -21,7 +21,8 @@ jobs:
- name: Lint Docs
run: |
npm install -g markdownlint-cli
markdownlint docs/
cd docs
markdownlint .
static-analysis:
runs-on: ubuntu-18.04
@@ -64,7 +65,7 @@ jobs:
- run: |
pip install pre-commit
pre-commit install
pre-commit run --all-files
SKIP=no-commit-to-branch pre-commit run --all-files
unit-test:
@@ -121,6 +122,8 @@ jobs:
mix coveralls.github --umbrella || mix test
build-package-test:
# Doesn't really need, but don't run this stage when iterating over docs
needs: lint-docs
env:
TELEMETRY_ENABLED: "false"
runs-on: ${{ matrix.platform }}

6
.pre-commit-config.yaml
View File

@@ -25,6 +25,12 @@ repos:
language: system
pass_filenames: false
files: \.ex$
- id: rubocop
name: 'ruby: rubocop'
entry: rubocop
language: system
pass_filenames: false
files: \.rb$
# Standard pre-commit hooks
- repo: https://github.com/pre-commit/pre-commit-hooks

14
.rubocop.yml
View File

@@ -1,13 +1,5 @@
AllCops:
TargetRubyVersion: 2.7
Style/StringLiterals:
Enabled: true
EnforcedStyle: double_quotes
Style/StringLiteralsInInterpolation:
Enabled: true
EnforcedStyle: double_quotes
Layout/LineLength:
Max: 120
Exclude:
- "apps/fz_http/assets/node_modules/**/*"
- "omnibus/cookbooks/firezone/attributes/default.rb"

2
apps/fz_http/assets/local_modules/admin-one-bulma-dashboard/package.json
View File

@@ -22,6 +22,6 @@
"bulma-responsive-tables": "^1.2.3",
"bulma-switch-control": "^1.1.1",
"bulma-upload-control": "^1.2.0",
"node-sass": "^6.0.1"
"node-sass": "^7.0.1"
}
}

9501
apps/fz_http/assets/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

16
docs/Gemfile
View File

@@ -1,27 +1,29 @@
source "https://rubygems.org"
# frozen_string_literal: true
source 'https://rubygems.org'
# Hello! This is where you manage which Jekyll version is used to run.
# When you want to use a different version, change it below, save the
# file and run `bundle install`. Run Jekyll with `bundle exec`, like so:
#
# bundle exec jekyll serve
#
gem "just-the-docs", github: "firezone/just-the-docs"
gem 'just-the-docs', github: 'firezone/just-the-docs'
# If you want to use GitHub Pages, remove the "gem "jekyll"" above and
# uncomment the line below. To upgrade, run `bundle update github-pages`.
# gem "github-pages", group: :jekyll_plugins
# If you have any plugins, put them here!
group :jekyll_plugins do
gem "jekyll-feed", "~> 0.12"
gem "github-pages"
gem 'github-pages'
gem 'jekyll-feed', '~> 0.12'
end
# Windows and JRuby does not include zoneinfo files, so bundle the tzinfo-data gem
# and associated library.
platforms :mingw, :x64_mingw, :mswin, :jruby do
gem "tzinfo", "~> 1.2"
gem "tzinfo-data"
gem 'tzinfo', '~> 1.2'
gem 'tzinfo-data'
end
# Performance-booster for watching directories on Windows
gem "wdm", "~> 0.1.1", :platforms => [:mingw, :x64_mingw, :mswin]
gem 'wdm', '~> 0.1.1', platforms: %i[mingw x64_mingw mswin]

18
docs/docs/deploy/supported-platforms.md
View File

@@ -43,7 +43,7 @@ Note that we only support RPM and DEB based packaging systems. Others, like Arch
Linux are currently being investigated [
in this issue](https://github.com/firezone/firezone/issues/378).
### AmazonLinux 2 Notes
## AmazonLinux 2 Notes
Kernel upgrade required:
@@ -51,7 +51,7 @@ Kernel upgrade required:
sudo amazon-linux-extras install -y kernel-5.10
```
### CentOS 7 Notes
## CentOS 7 Notes
Kernel upgrade to 5.6+ required. To upgrade to the latest mainline kernel and
select it as the default boot kernel:
@@ -66,7 +66,7 @@ sudo grub2-mkconfig -o /boot/grub2/grub.cfg
sudo reboot
```
### CentOS 8 Notes
## CentOS 8 Notes
The WireGuard kernel module needs to be installed:
@@ -75,25 +75,25 @@ yum install elrepo-release epel-release
yum install kmod-wireguard
```
### RHEL 7 Notes
## RHEL 7 Notes
Red Hat Enterprise Linux is binary compatible with CentOS, so the Firezone
package for CentOS 7 should work just fine for RHEL 7. You'll still need to
upgrade your kernel to 5.6+ however. To do so, follow the steps for
[CentOS 7 Notes](#centos-7-notes) above.
### RHEL 8 Notes
## RHEL 8 Notes
Red Hat Enterprise Linux is binary compatible with CentOS, so the Firezone
package for CentOS 8 should work just fine for RHEL 8. You'll still need to
install the WireGuard kernel module, however. See [CentOS 8 Notes
](#centos-8-notes) above.
### RHEL 9 Notes
## RHEL 9 Notes
Use the package for CentOS 9.
### Ubuntu 18.04 Notes
## Ubuntu 18.04 Notes
Kernel upgrade to 5.4+ required:
@@ -101,13 +101,13 @@ Kernel upgrade to 5.4+ required:
sudo apt install linux-image-generic-hwe-18.04
```
### Debian 10 Notes
## Debian 10 Notes
Kernel upgrade to 5.6+ required. See [this guide
](https://jensd.be/968/linux/install-a-newer-kernel-in-debian-10-buster-stable)
for an example.
### openSUSE Notes
## openSUSE Notes
Firezone requires the `setcap` utility, but some recent openSUSE releases may
not have it installed by default. To fix, ensure `libcap-progs` is installed:

2
mix.lock
View File

@@ -24,7 +24,7 @@
"excoveralls": {:hex, :excoveralls, "0.14.4", "295498f1ae47bdc6dce59af9a585c381e1aefc63298d48172efaaa90c3d251db", [:mix], [{:hackney, "~> 1.16", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "e3ab02f2df4c1c7a519728a6f0a747e71d7d6e846020aae338173619217931c1"},
"file_system": {:hex, :file_system, "0.2.10", "fb082005a9cd1711c05b5248710f8826b02d7d1784e7c3451f9c1231d4fc162d", [:mix], [], "hexpm", "41195edbfb562a593726eda3b3e8b103a309b733ad25f3d642ba49696bf715dc"},
"floki": {:hex, :floki, "0.32.0", "f915dc15258bc997d49be1f5ef7d3992f8834d6f5695270acad17b41f5bcc8e2", [:mix], [{:html_entities, "~> 0.5.0", [hex: :html_entities, repo: "hexpm", optional: false]}], "hexpm", "1c5a91cae1fd8931c26a4826b5e2372c284813904c8bacb468b5de39c7ececbd"},
"gettext": {:hex, :gettext, "0.19.0", "6909d61b38bb33339558f128f8af5913d5d5fe304a770217bf352b1620fb7ec4", [:mix], [], "hexpm", "3f7a274f52ebda9bb6655dfeda3d6b0dc4537ae51ce41dcccc7f73ca7379ad5e"},
"gettext": {:hex, :gettext, "0.19.1", "564953fd21f29358e68b91634799d9d26989f8d039d7512622efb3c3b1c97892", [:mix], [], "hexpm", "10c656c0912b8299adba9b061c06947511e3f109ab0d18b44a866a4498e77222"},
"hackney": {:hex, :hackney, "1.18.0", "c4443d960bb9fba6d01161d01cd81173089686717d9490e5d3606644c48d121f", [:rebar3], [{:certifi, "~>2.8.0", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "~>6.1.0", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "~>1.0.0", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~>1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:parse_trans, "3.3.1", [hex: :parse_trans, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "~>1.1.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}, {:unicode_util_compat, "~>0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "9afcda620704d720db8c6a3123e9848d09c87586dc1c10479c42627b905b5c5e"},
"hammer": {:hex, :hammer, "6.0.0", "72ec6fff10e9d63856968988a22ee04c4d6d5248071ddccfbda50aa6c455c1d7", [:mix], [{:poolboy, "~> 1.5", [hex: :poolboy, repo: "hexpm", optional: false]}], "hexpm", "d8e1ec2e534c4aae508b906759e077c3c1eb3e2b9425235d4b7bbab0b016210a"},
"hammer_plug": {:hex, :hammer_plug, "2.1.1", "eb5390380eff6600e24e93edfe6a34d39f35280cbdd1caa0995b58bb8489f00d", [:make, :mix], [{:hammer, "~> 6.0", [hex: :hammer, repo: "hexpm", optional: false]}, {:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "0fbc3e8b1aacecb7affea65c85c349fdbd00ff28a74bbe6ca30c9f4c76d71e4b"},

2
omnibus/Berksfile
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
source 'https://supermarket.chef.io'
cookbook 'omnibus'

14
omnibus/Gemfile
View File

@@ -1,10 +1,10 @@
# frozen_string_literal: true
source "https://rubygems.org"
source 'https://rubygems.org'
# Install omnibus
gem "omnibus", "~> 8.2.2"
gem "chef", "~> 16.17.18"
gem 'chef', '~> 16.17.18'
gem 'omnibus', '~> 8.2.2'
# Use Chef"s software definitions. It is recommended that you write your own
# software definitions, but you can clone/fork Chef"s to get you started.
@@ -16,11 +16,11 @@ gem "chef", "~> 16.17.18"
# by running `bundle install --without development` to speed up build times.
group :development do
# Use Berkshelf for resolving cookbook dependencies
gem "berkshelf"
gem 'berkshelf'
gem "rubocop"
gem 'rubocop'
# Use Test Kitchen with Vagrant for converging the build environment
gem "test-kitchen"
gem "kitchen-vagrant"
gem 'kitchen-vagrant'
gem 'test-kitchen'
end

54
omnibus/config/projects/firezone.rb
View File

@@ -15,11 +15,11 @@
# limitations under the License.
#
name "firezone"
maintainer "Firezone"
homepage "https://firez.one"
license "Apache-2.0"
license_file "../LICENSE"
name 'firezone'
maintainer 'Firezone'
homepage 'https://firez.one'
license 'Apache-2.0'
license_file '../LICENSE'
description <<~DESC
Web UI + Firewall manager for WireGuard
@@ -29,34 +29,30 @@ DESC
# and /opt/firezone on all other platforms
install_dir "#{default_root}/#{name}"
if ENV["CI"]
stage_path = "/opt/runner/omnibus-local/stage"
# Prevent runner tmp dir from filling up
unless Dir.exist?(stage_path)
staging_dir = stage_path
end
end
# Prevent runner tmp dir from filling up
stage_path = '/opt/runner/omnibus-local/stage'
ENV['CI'] && Dir.exist?(stage_path) && staging_dir(stage_path)
build_version Omnibus::BuildVersion.semver
build_iteration 1
# firezone build dependencies/components
dependency "runit"
dependency "nginx"
dependency "erlang"
dependency "elixir"
dependency "openssl"
dependency "postgresql"
dependency "wireguard-tools"
dependency "firezone"
dependency "firezone-ctl"
dependency "firezone-scripts"
dependency "firezone-cookbooks"
dependency 'runit'
dependency 'nginx'
dependency 'erlang'
dependency 'elixir'
dependency 'openssl'
dependency 'postgresql'
dependency 'wireguard-tools'
dependency 'firezone'
dependency 'firezone-ctl'
dependency 'firezone-scripts'
dependency 'firezone-cookbooks'
# XXX: Ensure all development resources aren't included
exclude ".env"
exclude ".github"
exclude ".vagrant"
exclude ".ci"
exclude "**/.git"
exclude "**/bundler/git"
exclude '.env'
exclude '.github'
exclude '.vagrant'
exclude '.ci'
exclude '**/.git'
exclude '**/bundler/git'

24
omnibus/config/software/autoconf.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright:: Chef Software, Inc.
#
@@ -15,18 +17,18 @@
#
# expeditor/ignore: deprecated 2021-04
name "autoconf"
default_version "2.71"
name 'autoconf'
default_version '2.71'
license "GPL-3.0"
license_file "COPYING"
license_file "COPYING.EXCEPTION"
license 'GPL-3.0'
license_file 'COPYING'
license_file 'COPYING.EXCEPTION'
skip_transitive_dependency_licensing true
dependency "m4"
dependency 'm4'
version("2.69") { source sha256: "954bd69b391edc12d6a4a51a2dd1476543da5c6bbf05a95b59dc0dd6fd4c2969" }
version("2.71") { source sha256: "431075ad0bf529ef13cb41e9042c542381103e80015686222b8a9d4abef42a1c" }
version('2.69') { source sha256: '954bd69b391edc12d6a4a51a2dd1476543da5c6bbf05a95b59dc0dd6fd4c2969' }
version('2.71') { source sha256: '431075ad0bf529ef13cb41e9042c542381103e80015686222b8a9d4abef42a1c' }
source url: "https://mirrors.kernel.org/gnu/autoconf/autoconf-#{version}.tar.gz"
@@ -35,11 +37,9 @@ relative_path "autoconf-#{version}"
build do
env = with_standard_compiler_flags(with_embedded_path)
if solaris2?
env["M4"] = "#{install_dir}/embedded/bin/m4"
end
env['M4'] = "#{install_dir}/embedded/bin/m4" if solaris2?
command "./configure" \
command './configure' \
" --prefix=#{install_dir}/embedded", env: env
make "-j #{workers}", env: env

30
omnibus/config/software/automake.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright 2012-2014 Chef Software, Inc.
#
@@ -15,20 +17,20 @@
#
# expeditor/ignore: deprecated 2021-04
name "automake"
default_version "1.16.4"
name 'automake'
default_version '1.16.4'
dependency "autoconf"
dependency "perl-thread-queue"
dependency 'autoconf'
dependency 'perl-thread-queue'
license "GPL-2.0"
license_file "COPYING"
license 'GPL-2.0'
license_file 'COPYING'
skip_transitive_dependency_licensing true
version("1.16.4") { source sha256: "8a0f0be7aaae2efa3a68482af28e5872d8830b9813a6a932a2571eac63ca1794" }
version("1.16") { source sha256: "80da43bb5665596ee389e6d8b64b4f122ea4b92a685b1dbd813cd1f0e0c2d83f" }
version("1.15") { source sha256: "7946e945a96e28152ba5a6beb0625ca715c6e32ac55f2e353ef54def0c8ed924" }
version("1.11.2") { source sha256: "c339e3871d6595620760725da61de02cf1c293af8a05b14592d6587ac39ce546" }
version('1.16.4') { source sha256: '8a0f0be7aaae2efa3a68482af28e5872d8830b9813a6a932a2571eac63ca1794' }
version('1.16') { source sha256: '80da43bb5665596ee389e6d8b64b4f122ea4b92a685b1dbd813cd1f0e0c2d83f' }
version('1.15') { source sha256: '7946e945a96e28152ba5a6beb0625ca715c6e32ac55f2e353ef54def0c8ed924' }
version('1.11.2') { source sha256: 'c339e3871d6595620760725da61de02cf1c293af8a05b14592d6587ac39ce546' }
source url: "https://mirrors.kernel.org/gnu/automake/automake-#{version}.tar.gz"
@@ -37,12 +39,12 @@ relative_path "automake-#{version}"
build do
env = with_standard_compiler_flags(with_embedded_path)
if version == "1.15"
command "./bootstrap.sh", env: env
if version == '1.15'
command './bootstrap.sh', env: env
else
command "./bootstrap", env: env
command './bootstrap', env: env
end
command "./configure" \
command './configure' \
" --prefix=#{install_dir}/embedded", env: env
make "-j #{workers}", env: env

16
omnibus/config/software/bison.rb
View File

@@ -15,18 +15,18 @@
# limitations under the License.
#
# expeditor/ignore: deprecated 2021-04
name "bison"
name 'bison'
dependency "readline"
dependency "config_guess"
dependency 'readline'
dependency 'config_guess'
license "GPL-3.0"
license_file "COPYING"
license 'GPL-3.0'
license_file 'COPYING'
skip_transitive_dependency_licensing true
default_version "3.7"
default_version '3.7'
source url: "http://mirrors.kernel.org/gnu/bison/bison-#{version}.tar.gz"
version("3.7") do
source sha256: "492ad61202de893ca21a99b621d63fa5389da58804ad79d3f226b8d04b803998"
version('3.7') do
source sha256: '492ad61202de893ca21a99b621d63fa5389da58804ad79d3f226b8d04b803998'
end
relative_path "bison-#{version}"

26
omnibus/config/software/bzip2.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright 2013-2018 Chef Software, Inc.
#
@@ -17,18 +19,18 @@
# This library object is required for building Python with the bz2 module,
# and should be picked up automatically when building Python.
name "bzip2"
default_version "1.0.8"
name 'bzip2'
default_version '1.0.8'
license "BSD-2-Clause"
license_file "LICENSE"
license 'BSD-2-Clause'
license_file 'LICENSE'
skip_transitive_dependency_licensing true
dependency "zlib"
dependency "openssl"
dependency 'zlib'
dependency 'openssl'
# version_list: url=https://sourceware.org/pub/bzip2/ filter=*.tar.gz
version("1.0.8") { source sha256: "ab5a03176ee106d3f0fa90e381da478ddae405918153cca248e682cd0c4a2269" }
version('1.0.8') { source sha256: 'ab5a03176ee106d3f0fa90e381da478ddae405918153cca248e682cd0c4a2269' }
source url: "https://fossies.org/linux/misc/#{name}-#{version}.tar.gz"
@@ -38,16 +40,16 @@ build do
env = with_standard_compiler_flags(with_embedded_path)
# Avoid warning where .rodata cannot be used when making a shared object
env["CFLAGS"] << " -fPIC" unless aix?
env['CFLAGS'] << ' -fPIC' unless aix?
# The list of arguments to pass to make
args = "PREFIX='#{install_dir}/embedded' VERSION='#{version}'"
args << " CFLAGS='-qpic=small -qpic=large -O2 -g -D_ALL_SOURCE -D_LARGE_FILES'" if aix?
patch source: "makefile_take_env_vars.patch", plevel: 1, env: env
patch source: "makefile_no_bins.patch", plevel: 1, env: env # removes various binaries we don't want to ship
patch source: "soname_install_dir.patch", env: env if mac_os_x?
patch source: "aix_makefile.patch", env: env if aix?
patch source: 'makefile_take_env_vars.patch', plevel: 1, env: env
patch source: 'makefile_no_bins.patch', plevel: 1, env: env # removes various binaries we don't want to ship
patch source: 'soname_install_dir.patch', env: env if mac_os_x?
patch source: 'aix_makefile.patch', env: env if aix?
make "#{args} -j #{workers}", env: env
make "#{args} -j #{workers} -f Makefile-libbz2_so", env: env

28
omnibus/config/software/cacerts.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright:: Chef Software, Inc.
#
@@ -14,22 +16,22 @@
# limitations under the License.
#
name "cacerts"
name 'cacerts'
license "MPL-2.0"
license_file "https://www.mozilla.org/media/MPL/2.0/index.815ca599c9df.txt"
license 'MPL-2.0'
license_file 'https://www.mozilla.org/media/MPL/2.0/index.815ca599c9df.txt'
skip_transitive_dependency_licensing true
default_version "2021-01-19"
default_version '2021-01-19'
source url: "https://curl.haxx.se/ca/cacert-#{version}.pem"
# versions_list: https://curl.se/docs/caextract.html
version("2021-01-19") { source sha256: "e010c0c071a2c79a76aa3c289dc7e4ac4ed38492bfda06d766a80b707ebd2f29" }
version("2020-12-08") { source sha256: "313d562594ebd07846ad6b840dd18993f22e0f8b3f275d9aacfae118f4f00fb7" }
version("2020-10-14") { source sha256: "bb28d145ed1a4ee67253d8ddb11268069c9dafe3db25a9eee654974c4e43eee5" }
version("2020-07-22") { source sha256: "2782f0f8e89c786f40240fc1916677be660fb8d8e25dede50c9f6f7b0c2c2178" }
version("2020-06-24") { source sha256: "726889705b00f736200ed7999f7a50021b8735d53228d679c4e6665aa3b44987" }
version('2021-01-19') { source sha256: 'e010c0c071a2c79a76aa3c289dc7e4ac4ed38492bfda06d766a80b707ebd2f29' }
version('2020-12-08') { source sha256: '313d562594ebd07846ad6b840dd18993f22e0f8b3f275d9aacfae118f4f00fb7' }
version('2020-10-14') { source sha256: 'bb28d145ed1a4ee67253d8ddb11268069c9dafe3db25a9eee654974c4e43eee5' }
version('2020-07-22') { source sha256: '2782f0f8e89c786f40240fc1916677be660fb8d8e25dede50c9f6f7b0c2c2178' }
version('2020-06-24') { source sha256: '726889705b00f736200ed7999f7a50021b8735d53228d679c4e6665aa3b44987' }
relative_path "cacerts-#{version}"
@@ -41,10 +43,10 @@ build do
# Windows does not support symlinks
unless windows?
link "certs/cacert.pem", "#{install_dir}/embedded/ssl/cert.pem",
unchecked: true,
force: true
link 'certs/cacert.pem', "#{install_dir}/embedded/ssl/cert.pem",
unchecked: true,
force: true
block { File.chmod(0644, "#{install_dir}/embedded/ssl/certs/cacert.pem") }
block { File.chmod(0o644, "#{install_dir}/embedded/ssl/certs/cacert.pem") }
end
end

14
omnibus/config/software/config_guess.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright 2015 Chef Software, Inc.
#
@@ -15,16 +17,16 @@
#
# expeditor/ignore: no version pinning
name "config_guess"
default_version "master"
name 'config_guess'
default_version 'master'
# Use our github mirror of the savannah repository
source git: "https://github.com/chef/config-mirror.git"
source git: 'https://github.com/chef/config-mirror.git'
# http://savannah.gnu.org/projects/config
license "GPL-3.0 (with exception)"
license_file "config.guess"
license_file "config.sub"
license 'GPL-3.0 (with exception)'
license_file 'config.guess'
license_file 'config.sub'
skip_transitive_dependency_licensing true
relative_path "config_guess-#{version}"

20
omnibus/config/software/elixir.rb
View File

@@ -17,19 +17,19 @@
#
# expeditor/ignore: deprecated 2021-04
name "elixir"
default_version "1.13.2"
name 'elixir'
default_version '1.13.2'
license "Apache-2.0"
license_file "LICENSE"
license 'Apache-2.0'
license_file 'LICENSE'
dependency "erlang"
dependency 'erlang'
version("1.4.2") { source sha256: "cb4e2ec4d68b3c8b800179b7ae5779e2999aa3375f74bd188d7d6703497f553f" }
version("1.12.2") { source sha256: "701006d1279225fc42f15c8d3f39906db127ddcc95373d34d8d160993356b15c" }
version("1.12.3") { source sha256: "c5affa97defafa1fd89c81656464d61da8f76ccfec2ea80c8a528decd5cb04ad" }
version("1.13.1") { source sha256: "deaba8156b11777adfa28e54e76ddf49ab1a0132cca54c41d9d7648e800edcc8" }
version("1.13.2") { source sha256: "03afed42dccf4347c4d3ae2b905134093a3ba2245d0d3098d75009a1d659ed1a" }
version('1.4.2') { source sha256: 'cb4e2ec4d68b3c8b800179b7ae5779e2999aa3375f74bd188d7d6703497f553f' }
version('1.12.2') { source sha256: '701006d1279225fc42f15c8d3f39906db127ddcc95373d34d8d160993356b15c' }
version('1.12.3') { source sha256: 'c5affa97defafa1fd89c81656464d61da8f76ccfec2ea80c8a528decd5cb04ad' }
version('1.13.1') { source sha256: 'deaba8156b11777adfa28e54e76ddf49ab1a0132cca54c41d9d7648e800edcc8' }
version('1.13.2') { source sha256: '03afed42dccf4347c4d3ae2b905134093a3ba2245d0d3098d75009a1d659ed1a' }
source url: "https://github.com/elixir-lang/elixir/archive/v#{version}.tar.gz"
relative_path "elixir-#{version}"

123
omnibus/config/software/erlang.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright:: Chef Software, Inc.
# Copyright:: Firezone
@@ -15,72 +17,74 @@
# limitations under the License.
#
name "erlang"
default_version "24.2.1"
name 'erlang'
default_version '24.2.1'
license "Apache-2.0"
license_file "LICENSE.txt"
license 'Apache-2.0'
license_file 'LICENSE.txt'
skip_transitive_dependency_licensing true
dependency "gawk"
dependency "automake"
dependency "autoconf"
dependency "zlib"
dependency "openssl"
dependency "ncurses"
dependency "config_guess"
dependency 'gawk'
dependency 'automake'
dependency 'autoconf'
dependency 'zlib'
dependency 'openssl'
dependency 'ncurses'
dependency 'config_guess'
# grab from github so we can get patch releases if we need to
source url: "https://github.com/erlang/otp/archive/OTP-#{version}.tar.gz"
relative_path "otp-OTP-#{version}"
# versions_list: https://github.com/erlang/otp/tags filter=*.tar.gz
version("24.2.1") { source sha256: "2854318d12d727fc508e8fd5fe6921c0cbc7727d1183ad8f6f808585496e42d6" }
version("24.2") { source sha256: "0b9c9ba7d8b40f6c77d529e07561b10f0914d2bfe9023294d7eda85b62936792" }
version("24.1.4") { source sha256: "aa31ba689740dc446dfa5bb256474df5fb5e5459b981b4d2155afa91010ca66a" }
version("24.0.6") { source sha256: "a60a7d776a4573e2018d6fad6df957e3911ecbce5f11497a8ec537f613aca0a1" }
version("24.0.5") { source sha256: "dd189cf94bf86c610a66f5d9f1a49b8d95a7ce1a7534d216e97e8fade271e624" }
version("23.3.3") { source sha256: "839d74e71a457295d95b8674f1848a5d7d9c4c274a041ef8026d035da88858ae" }
version("23.3.2") { source sha256: "02443dd42023d0eb73f73dc05f4d3ded7bc4ab59d348041a37a045ba1581b48b" }
version("22.2") { source sha256: "232c37a502c7e491a9cbf86acb7af64fbc1a793fcbcbd0093cb029cf1c3830a7" }
version("22.1.8") { source sha256: "7302be70cee2c33689bf2c2a3e7cfee597415d0fb3e4e71bd3e86bd1eff9cfdc" }
version("21.3.8.11") { source sha256: "aab77124285820608cd7a90f6b882e42bb5739283e10a8593d7f5bce9b30b16a" }
version("21.1") { source sha256: "7212f895ae317fa7a086fa2946070de5b910df5d41263e357d44b0f1f410af0f" }
version("20.3.8.9") { source sha256: "897dd8b66c901bfbce09ed64e0245256aca9e6e9bdf78c36954b9b7117192519" }
version("20.0") { source sha256: "22710927ad2e48a0964997bf5becb24abb1f4fed86f5f05af22a9e1df636b787" }
version("19.3.6.11") { source sha256: "c857ea6d2c901bfb633d9ceeb5e05332475357f185dd5112b7b6e4db80072827" }
version("18.3.4.9") { source sha256: "25ef8ba3824cb726c4830abf32c2a2967925b1e33a8e8851dba596e933e2689a" }
version("18.3") { source sha256: "a6d08eb7df06e749ccaf3049b33ceae617a3c466c6a640ee8d248c2372d48f4e" }
version("18.2") { source sha256: "3944ce41d13fbef1e1e80d7335b2167849e8566581513d5d9226cd211d3d58f9" }
version("18.1") { source sha256: "6b956dda690d3f3bf244249e8d422dd606231cc7229675bf5e34b5ba2ae83e9b" }
version('24.2.1') { source sha256: '2854318d12d727fc508e8fd5fe6921c0cbc7727d1183ad8f6f808585496e42d6' }
version('24.2') { source sha256: '0b9c9ba7d8b40f6c77d529e07561b10f0914d2bfe9023294d7eda85b62936792' }
version('24.1.4') { source sha256: 'aa31ba689740dc446dfa5bb256474df5fb5e5459b981b4d2155afa91010ca66a' }
version('24.0.6') { source sha256: 'a60a7d776a4573e2018d6fad6df957e3911ecbce5f11497a8ec537f613aca0a1' }
version('24.0.5') { source sha256: 'dd189cf94bf86c610a66f5d9f1a49b8d95a7ce1a7534d216e97e8fade271e624' }
version('23.3.3') { source sha256: '839d74e71a457295d95b8674f1848a5d7d9c4c274a041ef8026d035da88858ae' }
version('23.3.2') { source sha256: '02443dd42023d0eb73f73dc05f4d3ded7bc4ab59d348041a37a045ba1581b48b' }
version('22.2') { source sha256: '232c37a502c7e491a9cbf86acb7af64fbc1a793fcbcbd0093cb029cf1c3830a7' }
version('22.1.8') { source sha256: '7302be70cee2c33689bf2c2a3e7cfee597415d0fb3e4e71bd3e86bd1eff9cfdc' }
version('21.3.8.11') { source sha256: 'aab77124285820608cd7a90f6b882e42bb5739283e10a8593d7f5bce9b30b16a' }
version('21.1') { source sha256: '7212f895ae317fa7a086fa2946070de5b910df5d41263e357d44b0f1f410af0f' }
version('20.3.8.9') { source sha256: '897dd8b66c901bfbce09ed64e0245256aca9e6e9bdf78c36954b9b7117192519' }
version('20.0') { source sha256: '22710927ad2e48a0964997bf5becb24abb1f4fed86f5f05af22a9e1df636b787' }
version('19.3.6.11') { source sha256: 'c857ea6d2c901bfb633d9ceeb5e05332475357f185dd5112b7b6e4db80072827' }
version('18.3.4.9') { source sha256: '25ef8ba3824cb726c4830abf32c2a2967925b1e33a8e8851dba596e933e2689a' }
version('18.3') { source sha256: 'a6d08eb7df06e749ccaf3049b33ceae617a3c466c6a640ee8d248c2372d48f4e' }
version('18.2') { source sha256: '3944ce41d13fbef1e1e80d7335b2167849e8566581513d5d9226cd211d3d58f9' }
version('18.1') { source sha256: '6b956dda690d3f3bf244249e8d422dd606231cc7229675bf5e34b5ba2ae83e9b' }
# rubocop:disable Metrics/BlockLength
build do
if version.satisfies?(">= 18.3")
if version.satisfies?('>= 18.3')
# Don't listen on 127.0.0.1/::1 implicitly whenever ERL_EPMD_ADDRESS is given
patch source: "epmd-require-explicitly-adding-loopback-address.patch", plevel: 1
patch source: 'epmd-require-explicitly-adding-loopback-address.patch', plevel: 1
end
env = with_standard_compiler_flags(with_embedded_path).merge(
# WARNING!
"CFLAGS" => "-L#{install_dir}/embedded/lib -I#{install_dir}/embedded/erlang/include",
"LDFLAGS" => "-Wl,-rpath #{install_dir}/embedded/lib -L#{install_dir}/embedded/lib -I#{install_dir}/embedded/erlang/include"
'CFLAGS' => "-L#{install_dir}/embedded/lib -I#{install_dir}/embedded/erlang/include",
'LDFLAGS' => "-Wl,-rpath #{install_dir}/embedded/lib -L#{install_dir}/embedded/lib -I#{install_dir}/embedded/er"\
'lang/include'
)
env.delete("CPPFLAGS")
env.delete('CPPFLAGS')
# The TYPE env var sets the type of emulator you want
# We want the default so we give TYPE and empty value
# in case it was set by CI.
env["TYPE"] = ""
env['TYPE'] = ''
update_config_guess(target: "erts/autoconf")
update_config_guess(target: "lib/common_test/priv/auxdir")
update_config_guess(target: "lib/erl_interface/src/auxdir")
update_config_guess(target: "lib/wx/autoconf")
update_config_guess(target: 'erts/autoconf')
update_config_guess(target: 'lib/common_test/priv/auxdir')
update_config_guess(target: 'lib/erl_interface/src/auxdir')
update_config_guess(target: 'lib/wx/autoconf')
if version.satisfies?(">= 19.0")
update_config_guess(target: "lib/common_test/test_server/src")
if version.satisfies?('>= 19.0')
update_config_guess(target: 'lib/common_test/test_server/src')
else
update_config_guess(target: "lib/test_server/src")
update_config_guess(target: 'lib/test_server/src')
end
# Setup the erlang include dir
@@ -93,7 +97,7 @@ build do
# In future releases of erlang, someone should check if these flags (or
# environment variables) are avaiable to remove this ugly hack.
# Doesn't seem to be necessary for 24.0.5
%w{ncurses openssl zlib.h zconf.h}.each do |name|
%w[ncurses openssl zlib.h zconf.h].each do |name|
link "#{install_dir}/embedded/include/#{name}", "#{install_dir}/embedded/erlang/include/#{name}"
end
@@ -108,37 +112,38 @@ build do
# https://github.com/erlang/otp/blob/c1ea854fac3d8ed14/erts/emulator/hipe/elf64ppc.x
# Probably introduced with https://github.com/erlang/otp/commit/37d63e9b8a0a96
# See also https://sourceware.org/ml/binutils/2015-05/msg00148.html
hipe = ppc64le? ? "disable" : "enable"
hipe = ppc64le? ? 'disable' : 'enable'
unless File.exist?("./configure")
unless File.exist?('./configure')
# Building from github source requires this step
command "./otp_build autoconf"
command './otp_build autoconf'
end
# Note: et, debugger and observer applications require wx to
# NOTE: et, debugger and observer applications require wx to
# build. The tarballs from the downloads site has prebuilt the beam
# files, so we were able to get away without disabling them and
# still build. When building from raw source we must disable them
# explicitly.
wx = "without"
wx = 'without'
command "./configure" \
command './configure' \
" --prefix=#{install_dir}/embedded" \
" --enable-threads" \
" --enable-smp-support" \
" --enable-kernel-poll" \
" --enable-dynamic-ssl-lib" \
" --enable-shared-zlib" \
" --enable-fips" \
' --enable-threads' \
' --enable-smp-support' \
' --enable-kernel-poll' \
' --enable-dynamic-ssl-lib' \
' --enable-shared-zlib' \
' --enable-fips' \
" --#{hipe}-hipe" \
" --#{wx}-wx" \
" --#{wx}-et" \
" --#{wx}-debugger" \
" --#{wx}-observer" \
" --without-megaco" \
" --without-javac" \
' --without-megaco' \
' --without-javac' \
" --with-ssl=#{install_dir}/embedded" \
" --disable-debug", env: env
' --disable-debug', env: env
make "-j #{workers}", env: env
make "install", env: env
make 'install', env: env
end
# rubocop:enable Metrics/BlockLength

22
omnibus/config/software/firezone-cookbooks.rb
View File

@@ -1,3 +1,6 @@
# rubocop:disable Naming/FileName
# frozen_string_literal: true
#
# Copyright 2014 Chef Software, Inc.
#
@@ -14,11 +17,12 @@
# limitations under the License.
#
name "firezone-cookbooks"
name 'firezone-cookbooks'
license :project_license
source path: "cookbooks/firezone"
source path: 'cookbooks/firezone'
# rubocop:disable Metrics/BlockLength
build do
cookbooks_path = "#{install_dir}/embedded/cookbooks"
env = with_standard_compiler_flags(with_embedded_path)
@@ -27,7 +31,7 @@ build do
block do
all_the_gem_deps = {}
Dir.glob(cookbooks_path + '/**/metadata.json').each do |metadata|
Dir.glob("#{cookbooks_path}/**/metadata.json").each do |metadata|
cookbook_name = File.basename(File.dirname(metadata))
metadata_json = FFI_Yajl::Parser.parse(File.read(metadata))
gem_deps = metadata_json.fetch('gems', [])
@@ -35,24 +39,24 @@ build do
end
unless all_the_gem_deps.empty?
raise Omnibus::Error, "Nope. Gem dependencies found in the following "\
"cookbooks used during ctl-reconfigure. This will break airgapped "\
raise Omnibus::Error, 'Nope. Gem dependencies found in the following '\
'cookbooks used during ctl-reconfigure. This will break airgapped '\
"installs.\n#{all_the_gem_deps}"
end
end
block do
open("#{cookbooks_path}/dna.json", "w") do |file|
File.open("#{cookbooks_path}/dna.json", 'w') do |file|
file.write FFI_Yajl::Encoder.encode(run_list: ['recipe[firezone::default]'])
end
open("#{cookbooks_path}/show-config.json", "w") do |file|
File.open("#{cookbooks_path}/show-config.json", 'w') do |file|
file.write FFI_Yajl::Encoder.encode(
run_list: ['recipe[firezone::show_config]']
)
end
open("#{cookbooks_path}/solo.rb", "w") do |file|
File.open("#{cookbooks_path}/solo.rb", 'w') do |file|
file.write <<~SOLO
cookbook_path "#{cookbooks_path}"
cache_path "/var/opt/firezone/cache"
@@ -62,3 +66,5 @@ build do
end
end
end
# rubocop:enable Metrics/BlockLength
# rubocop:enable Naming/FileName

20
omnibus/config/software/firezone-ctl.rb
View File

@@ -1,3 +1,6 @@
# rubocop:disable Naming/FileName
# frozen_string_literal: true
#
# Copyright 2014 Chef Software, Inc.
#
@@ -14,31 +17,32 @@
# limitations under the License.
#
name "firezone-ctl"
name 'firezone-ctl'
license :project_license
dependency "omnibus-ctl"
dependency "runit"
dependency 'omnibus-ctl'
dependency 'runit'
source path: "cookbooks/firezone"
source path: 'cookbooks/firezone'
build do
env = with_standard_compiler_flags(with_embedded_path)
bundle "install --binstubs --without test", env: env
bundle 'install --binstubs --without test', env: env
mkdir "#{install_dir}/bin"
block do
erb source: "firezone-ctl.erb",
erb source: 'firezone-ctl.erb',
dest: "#{install_dir}/bin/firezone-ctl",
mode: 0755,
mode: 0o755,
vars: {
embedded_bin: "#{install_dir}/embedded/bin",
embedded_service: "#{install_dir}/embedded/service",
embedded_service: "#{install_dir}/embedded/service"
}
end
# additional omnibus-ctl commands
sync "#{project_dir}/files/default/ctl-commands", "#{install_dir}/embedded/service/omnibus-ctl/"
end
# rubocop:enable Naming/FileName

4
omnibus/config/software/firezone-scripts.rb
View File

@@ -1,3 +1,6 @@
# rubocop:disable Naming/FileName
# frozen_string_literal: true
#
# Copyright:: Copyright (c) 2015 GitLab B.V.
# Copyright:: Copyright (c) 2021 Firezone
@@ -28,3 +31,4 @@ source path: File.expand_path('files/firezone-scripts', Omnibus::Config.project_
build do
copy '*', "#{install_dir}/embedded/bin/"
end
# rubocop:enable Naming/FileName

64
omnibus/config/software/firezone.rb
View File

@@ -15,29 +15,29 @@
# limitations under the License.
#
name "firezone"
description "the steps required to compile the firezone elixir application"
default_version "1.0.0"
name 'firezone'
description 'the steps required to compile the firezone elixir application'
default_version '1.0.0'
dependency "postgresql"
dependency "nodejs"
dependency "elixir"
dependency "nftables" if linux?
dependency "ruby"
dependency 'postgresql'
dependency 'nodejs'
dependency 'elixir'
dependency 'nftables' if linux?
dependency 'ruby'
version("1.0.0") do
source path: File.expand_path("../", Omnibus::Config.project_root),
options: { exclude: [
".env",
".git",
".ci",
".vagrant",
".github",
"_build",
"deps",
"omnibus",
"apps/fz_http/assets/node_modules"
] }
version('1.0.0') do
source path: File.expand_path('../', Omnibus::Config.project_root),
options: { exclude: [
'.env',
'.git',
'.ci',
'.vagrant',
'.github',
'_build',
'deps',
'omnibus',
'apps/fz_http/assets/node_modules'
] }
end
license :project_license
@@ -45,17 +45,17 @@ skip_transitive_dependency_licensing true
build do
env = with_standard_compiler_flags(with_embedded_path).merge(
"MIX_ENV" => "prod",
"VERSION" => Omnibus::BuildVersion.semver
'MIX_ENV' => 'prod',
'VERSION' => Omnibus::BuildVersion.semver
)
command "mix local.hex --force", env: env
command "mix local.rebar --force", env: env
command "mix deps.get --only prod", env: env
command "mix deps.compile --only prod", env: env
command "npm ci --prefix apps/fz_http/assets --progress=false --no-audit --loglevel=error", env: env
command "npm run --prefix apps/fz_http/assets deploy", env: env
command "cd apps/fz_http && mix phx.digest", env: env
command "mix release", env: env
sync "_build/prod/rel/firezone", "#{install_dir}/embedded/service/firezone"
command 'mix local.hex --force', env: env
command 'mix local.rebar --force', env: env
command 'mix deps.get --only prod', env: env
command 'mix deps.compile --only prod', env: env
command 'npm ci --prefix apps/fz_http/assets --progress=false --no-audit --loglevel=error', env: env
command 'npm run --prefix apps/fz_http/assets deploy', env: env
command 'cd apps/fz_http && mix phx.digest', env: env
command 'mix release', env: env
sync '_build/prod/rel/firezone', "#{install_dir}/embedded/service/firezone"
end

26
omnibus/config/software/flex.rb
View File

@@ -13,30 +13,30 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name "flex"
license_file "COPYING"
name 'flex'
license_file 'COPYING'
skip_transitive_dependency_licensing true
default_version "2.6.4"
default_version '2.6.4'
source url: "https://github.com/westes/flex/releases/download/v#{version}/flex-#{version}.tar.gz"
version("2.6.4") do
source sha256: "e87aae032bf07c26f85ac0ed3250998c37621d95f8bd748b31f15b33c45ee995"
version('2.6.4') do
source sha256: 'e87aae032bf07c26f85ac0ed3250998c37621d95f8bd748b31f15b33c45ee995'
end
relative_path "#{name}-#{version}"
dependency "bison"
dependency "m4"
dependency "gettext"
dependency "libtool"
dependency "autoconf"
dependency "automake"
dependency 'bison'
dependency 'm4'
dependency 'gettext'
dependency 'libtool'
dependency 'autoconf'
dependency 'automake'
build do
env = with_standard_compiler_flags(with_embedded_path)
# Fixes https://github.com/spack/spack/issues/8152
env["CFLAGS"] << " -D_GNU_SOURCE" if debian?
env['CFLAGS'] << ' -D_GNU_SOURCE' if debian?
command "./autogen.sh", env: env
command './autogen.sh', env: env
command "./configure --prefix=#{install_dir}/embedded", env: env
make "-j #{workers}", env: env
make "-j #{workers} install", env: env

16
omnibus/config/software/gawk.rb
View File

@@ -14,27 +14,27 @@
# See the License for the specific language governing permissions and
# limitations under the License.
name "gawk"
name 'gawk'
default_version "5.1.0"
default_version '5.1.0'
version("5.1.0") { source sha256: "03a0360edcd84bec156fe211bbc4fc8c78790973ce4e8b990a11d778d40b1a26" }
version('5.1.0') { source sha256: '03a0360edcd84bec156fe211bbc4fc8c78790973ce4e8b990a11d778d40b1a26' }
source url: "https://mirrors.kernel.org/gnu/gawk/gawk-#{version}.tar.gz"
dependency "readline"
dependency "config_guess"
dependency 'readline'
dependency 'config_guess'
relative_path "gawk-#{version}"
build do
env = with_standard_compiler_flags(with_embedded_path)
update_config_guess
configure_command = ["./configure",
"--disable-mpfr",
configure_command = ['./configure',
'--disable-mpfr',
"--prefix=#{install_dir}/embedded"]
command configure_command.join(" "), env: env
command configure_command.join(' '), env: env
make "-j #{workers}", env: env
make "-j #{workers} install", env: env
end

42
omnibus/config/software/gettext.rb
View File

@@ -14,29 +14,29 @@
# See the License for the specific language governing permissions and
# limitations under the License.
name "gettext"
license "GPL-3.0"
license_file "COPYING"
name 'gettext'
license 'GPL-3.0'
license_file 'COPYING'
default_version "0.21"
default_version '0.21'
dependency "m4"
dependency "autoconf"
dependency "automake"
dependency "bison"
dependency "perl"
dependency "libiconv"
dependency "ncurses"
dependency "bzip2"
dependency "zlib"
dependency "libxml2"
dependency "liblzma"
dependency "icu"
dependency "pkg-config"
dependency 'm4'
dependency 'autoconf'
dependency 'automake'
dependency 'bison'
dependency 'perl'
dependency 'libiconv'
dependency 'ncurses'
dependency 'bzip2'
dependency 'zlib'
dependency 'libxml2'
dependency 'liblzma'
dependency 'icu'
dependency 'pkg-config'
source url: "https://mirrors.kernel.org/gnu/gettext/gettext-#{version}.tar.gz"
version("0.21") do
source sha256: "c77d0da3102aec9c07f43671e60611ebff89a996ef159497ce8e59d075786b12"
version('0.21') do
source sha256: 'c77d0da3102aec9c07f43671e60611ebff89a996ef159497ce8e59d075786b12'
end
relative_path "#{name}-#{version}"
@@ -44,9 +44,9 @@ relative_path "#{name}-#{version}"
build do
env = with_standard_compiler_flags(with_embedded_path)
configure_command = [
"./configure",
'./configure',
# Enabling OpenMP requires libgomp, which requires building gcc which is very slow.
"--disable-openmp",
'--disable-openmp',
"--prefix=#{install_dir}/embedded"
]

24
omnibus/config/software/gmp.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright 2014 Chef Software, Inc.
#
@@ -14,20 +16,20 @@
# limitations under the License.
#
name "gmp"
default_version "6.2.1"
name 'gmp'
default_version '6.2.1'
# version_list: url=https://ftp.gnu.org/gnu/gmp/ filter=*.tar.bz2
version("6.2.1") { source sha256: "eae9326beb4158c386e39a356818031bd28f3124cf915f8c5b1dc4c7a36b4d7c" }
version("6.1.0") { source sha256: "498449a994efeba527885c10405993427995d3f86b8768d8cdf8d9dd7c6b73e8" }
version("6.0.0a") { source sha256: "7f8e9a804b9c6d07164cf754207be838ece1219425d64e28cfa3e70d5c759aaf" }
version('6.2.1') { source sha256: 'eae9326beb4158c386e39a356818031bd28f3124cf915f8c5b1dc4c7a36b4d7c' }
version('6.1.0') { source sha256: '498449a994efeba527885c10405993427995d3f86b8768d8cdf8d9dd7c6b73e8' }
version('6.0.0a') { source sha256: '7f8e9a804b9c6d07164cf754207be838ece1219425d64e28cfa3e70d5c759aaf' }
source url: "https://mirrors.kernel.org/gnu/gmp/gmp-#{version}.tar.bz2"
if version == "6.0.0a"
if version == '6.0.0a'
# version 6.0.0a expands to 6.0.0
relative_path "gmp-6.0.0"
relative_path 'gmp-6.0.0'
else
relative_path "gmp-#{version}"
end
@@ -35,14 +37,12 @@ end
build do
env = with_standard_compiler_flags(with_embedded_path)
if solaris2?
env["ABI"] = "32"
end
env['ABI'] = '32' if solaris2?
configure_command = ["./configure",
configure_command = ['./configure',
"--prefix=#{install_dir}/embedded"]
command configure_command.join(" "), env: env
command configure_command.join(' '), env: env
make "-j #{workers}", env: env
make "-j #{workers} install", env: env
end

21
omnibus/config/software/icu.rb
View File

@@ -1,14 +1,19 @@
name "icu"
license_file "LICENSE"
skip_transitive_dependency_licensing true
default_version "69.1"
# frozen_string_literal: true
source url: "https://github.com/unicode-org/icu/releases/download/release-#{version.gsub(".", "-")}/icu4c-#{version.gsub(".", "_")}-src.tgz"
version("69.1") do
source sha256: "4cba7b7acd1d3c42c44bb0c14be6637098c7faf2b330ce876bc5f3b915d09745"
name 'icu'
license_file 'LICENSE'
skip_transitive_dependency_licensing true
default_version '69.1'
source url: "https://github.com/unicode-org/icu/releases/download/release-#{version.gsub('.',
'-')}/icu4c-#{version.gsub(
'.', '_'
)}-src.tgz"
version('69.1') do
source sha256: '4cba7b7acd1d3c42c44bb0c14be6637098c7faf2b330ce876bc5f3b915d09745'
end
relative_path "icu/source"
relative_path 'icu/source'
build do
env = with_standard_compiler_flags(with_embedded_path)

39
omnibus/config/software/libedit.rb
View File

@@ -1,3 +1,4 @@
# frozen_string_literal: true
# Copyright 2012-2014 Chef Software, Inc.
#
@@ -14,30 +15,30 @@
# limitations under the License.
#
name "libedit"
default_version "20210910-3.1"
name 'libedit'
default_version '20210910-3.1'
license "BSD-3-Clause"
license_file "COPYING"
license 'BSD-3-Clause'
license_file 'COPYING'
skip_transitive_dependency_licensing true
dependency "ncurses"
dependency "config_guess"
dependency 'ncurses'
dependency 'config_guess'
# version_list: url=http://thrysoee.dk/editline/ filter=*.tar.gz
version("20210910-3.1") { source sha256: "6792a6a992050762edcca28ff3318cdb7de37dccf7bc30db59fcd7017eed13c5" }
version("20210419-3.1") { source sha256: "571ebe44b74860823e24a08cf04086ff104fd7dfa1020abf26c52543134f5602" }
version("20150325-3.1") { source sha256: "c88a5e4af83c5f40dda8455886ac98923a9c33125699742603a88a0253fcc8c5" }
version("20141030-3.1") { source sha256: "9701e16570fb8f7fa407b506986652221b701a9dd61defc05bb7d1c61cdf5a40" }
version("20130712-3.1") { source sha256: "5d9b1a9dd66f1fe28bbd98e4d8ed1a22d8da0d08d902407dcc4a0702c8d88a37" }
version("20120601-3.0") { source sha256: "51f0f4b4a97b7ebab26e7b5c2564c47628cdb3042fd8ba8d0605c719d2541918" }
version('20210910-3.1') { source sha256: '6792a6a992050762edcca28ff3318cdb7de37dccf7bc30db59fcd7017eed13c5' }
version('20210419-3.1') { source sha256: '571ebe44b74860823e24a08cf04086ff104fd7dfa1020abf26c52543134f5602' }
version('20150325-3.1') { source sha256: 'c88a5e4af83c5f40dda8455886ac98923a9c33125699742603a88a0253fcc8c5' }
version('20141030-3.1') { source sha256: '9701e16570fb8f7fa407b506986652221b701a9dd61defc05bb7d1c61cdf5a40' }
version('20130712-3.1') { source sha256: '5d9b1a9dd66f1fe28bbd98e4d8ed1a22d8da0d08d902407dcc4a0702c8d88a37' }
version('20120601-3.0') { source sha256: '51f0f4b4a97b7ebab26e7b5c2564c47628cdb3042fd8ba8d0605c719d2541918' }
source url: "http://www.thrysoee.dk/editline/libedit-#{version}.tar.gz"
if version == "20141030-3.1"
if version == '20141030-3.1'
# released tar file has name discrepency in folder name for this version
relative_path "libedit-20141029-3.1"
relative_path 'libedit-20141029-3.1'
else
relative_path "libedit-#{version}"
end
@@ -47,21 +48,19 @@ build do
# The patch is from the FreeBSD ports tree and is for GCC compatibility.
# http://svnweb.freebsd.org/ports/head/devel/libedit/files/patch-vi.c?annotate=300896
if version.to_i < 20150325 && (freebsd? || openbsd?)
patch source: "freebsd-vi-fix.patch", env: env
end
patch source: 'freebsd-vi-fix.patch', env: env if version.to_i < 20_150_325 && (freebsd? || openbsd?)
if openbsd?
patch source: "openbsd-weak-alias-fix.patch", plevel: 1, env: env
patch source: 'openbsd-weak-alias-fix.patch', plevel: 1, env: env
elsif aix?
# this forces us to build correctly, in the event that the system locale
# is non-standard.
env["LC_ALL"] = "en_US"
env['LC_ALL'] = 'en_US'
end
update_config_guess
command "./configure" \
command './configure' \
" --prefix=#{install_dir}/embedded", env: env
make "-j #{workers}", env: env

33
omnibus/config/software/libffi.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright:: Chef Software, Inc.
#
@@ -14,18 +16,18 @@
# limitations under the License.
#
name "libffi"
default_version "3.4.2"
name 'libffi'
default_version '3.4.2'
license "MIT"
license_file "LICENSE"
license 'MIT'
license_file 'LICENSE'
skip_transitive_dependency_licensing true
# version_list: url=ftp://sourceware.org/pub/libffi/ filter=*.tar.gz
version("3.2.1") { source sha256: "d06ebb8e1d9a22d19e38d63fdb83954253f39bedc5d46232a05645685722ca37" }
version("3.3") { source sha256: "72fba7922703ddfa7a028d513ac15a85c8d54c8d67f55fa5a4802885dc652056" }
version("3.4.2") { source sha256: "540fb721619a6aba3bdeef7d940d8e9e0e6d2c193595bc243241b77ff9e93620" }
version('3.2.1') { source sha256: 'd06ebb8e1d9a22d19e38d63fdb83954253f39bedc5d46232a05645685722ca37' }
version('3.3') { source sha256: '72fba7922703ddfa7a028d513ac15a85c8d54c8d67f55fa5a4802885dc652056' }
version('3.4.2') { source sha256: '540fb721619a6aba3bdeef7d940d8e9e0e6d2c193595bc243241b77ff9e93620' }
source url: "https://github.com/libffi/libffi/releases/download/v#{version}/libffi-#{version}.tar.gz"
relative_path "libffi-#{version}"
@@ -33,27 +35,22 @@ relative_path "libffi-#{version}"
build do
env = with_standard_compiler_flags(with_embedded_path)
env["INSTALL"] = "/opt/freeware/bin/install" if aix?
env['INSTALL'] = '/opt/freeware/bin/install' if aix?
# disable option checking as disable-docs is 3.3+ only
configure_command = ["--disable-option-checking",
"--disable-docs",
]
configure_command = ['--disable-option-checking',
'--disable-docs']
if version == "3.3" && mac_os_x? && arm?
patch source: "libffi-3.3-arm64.patch", plevel: 1, env: env
end
patch source: 'libffi-3.3-arm64.patch', plevel: 1, env: env if version == '3.3' && mac_os_x? && arm?
# AIX's old version of patch doesn't like the patch here
unless aix?
# disable multi-os-directory via configure flag (don't use /lib64)
# Works on all platforms, and is compatible on 32bit platforms as well
configure_command << "--disable-multi-os-directory"
configure_command << '--disable-multi-os-directory'
# add the --disable-multi-os-directory flag to 3.2.1
if version == "3.2.1"
patch source: "libffi-3.2.1-disable-multi-os-directory.patch", plevel: 1, env: env
end
patch source: 'libffi-3.2.1-disable-multi-os-directory.patch', plevel: 1, env: env if version == '3.2.1'
end
configure(*configure_command, env: env)

24
omnibus/config/software/libiconv.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright:: Chef Software, Inc.
#
@@ -17,18 +19,18 @@
# CAUTION - although its not used, external libraries such as nokogiri may pick up an optional dep on
# libiconv such that removal of libiconv will break those libraries on upgrade. With an better story around
# external gem handling when chef-client is upgraded libconv could be dropped.
name "libiconv"
default_version "1.16"
name 'libiconv'
default_version '1.16'
license "LGPL-2.1"
license_file "COPYING.LIB"
license 'LGPL-2.1'
license_file 'COPYING.LIB'
skip_transitive_dependency_licensing true
dependency "config_guess"
dependency 'config_guess'
# versions_list: https://ftp.gnu.org/pub/gnu/libiconv/ filter=*.tar.gz
version("1.15") { source sha256: "ccf536620a45458d26ba83887a983b96827001e92a13847b45e4925cc8913178" }
version("1.16") { source sha256: "e6a1b1b589654277ee790cce3734f07876ac4ccfaecbee8afa0b649cf529cc04" }
version('1.15') { source sha256: 'ccf536620a45458d26ba83887a983b96827001e92a13847b45e4925cc8913178' }
version('1.16') { source sha256: 'e6a1b1b589654277ee790cce3734f07876ac4ccfaecbee8afa0b649cf529cc04' }
source url: "https://mirrors.kernel.org/gnu/libiconv/libiconv-#{version}.tar.gz"
@@ -38,15 +40,15 @@ build do
env = with_standard_compiler_flags(with_embedded_path)
# freebsd 10 needs to be build PIC
env["CFLAGS"] << " -fPIC" if freebsd?
env['CFLAGS'] << ' -fPIC' if freebsd?
update_config_guess(target: "build-aux")
update_config_guess(target: "libcharset/build-aux")
update_config_guess(target: 'build-aux')
update_config_guess(target: 'libcharset/build-aux')
configure(env: env)
pmake = "-j #{workers}"
make "#{pmake}", env: env
make pmake.to_s, env: env
make "#{pmake} install-lib" \
" libdir=#{install_dir}/embedded/lib" \
" includedir=#{install_dir}/embedded/include", env: env

40
omnibus/config/software/liblzma.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright 2014-2018 Chef Software, Inc.
#
@@ -14,19 +16,19 @@
# limitations under the License.
#
name "liblzma"
default_version "5.2.5"
name 'liblzma'
default_version '5.2.5'
license "Public-Domain"
license_file "COPYING"
license 'Public-Domain'
license_file 'COPYING'
skip_transitive_dependency_licensing true
# version_list: url=http://tukaani.org/xz/ filer=*.tar.gz
version("5.2.5") { source sha256: "f6f4910fd033078738bd82bfba4f49219d03b17eb0794eb91efbae419f4aba10" }
version("5.2.4") { source sha256: "b512f3b726d3b37b6dc4c8570e137b9311e7552e8ccbab4d39d47ce5f4177145" }
version("5.2.3") { source sha256: "71928b357d0a09a12a4b4c5fafca8c31c19b0e7d3b8ebb19622e96f26dbf28cb" }
version("5.2.2") { source sha256: "73df4d5d34f0468bd57d09f2d8af363e95ed6cc3a4a86129d2f2c366259902a2" }
version('5.2.5') { source sha256: 'f6f4910fd033078738bd82bfba4f49219d03b17eb0794eb91efbae419f4aba10' }
version('5.2.4') { source sha256: 'b512f3b726d3b37b6dc4c8570e137b9311e7552e8ccbab4d39d47ce5f4177145' }
version('5.2.3') { source sha256: '71928b357d0a09a12a4b4c5fafca8c31c19b0e7d3b8ebb19622e96f26dbf28cb' }
version('5.2.2') { source sha256: '73df4d5d34f0468bd57d09f2d8af363e95ed6cc3a4a86129d2f2c366259902a2' }
source url: "http://tukaani.org/xz/xz-#{version}.tar.gz"
@@ -37,20 +39,20 @@ build do
# liblzma properly uses CFLAGS for C compilation and CPPFLAGS for common
# flags used across tools such as windres. Don't put anything in it
# that can be misinterpreted by windres.
env["CPPFLAGS"] = "-I#{install_dir}/embedded/include" if windows?
env['CPPFLAGS'] = "-I#{install_dir}/embedded/include" if windows?
config_command = [
"--disable-debug",
"--disable-dependency-tracking",
"--disable-doc",
"--disable-scripts",
"--disable-lzma-links",
"--disable-lzmainfo",
"--disable-lzmadec",
"--disable-xzdec",
"--disable-xz",
'--disable-debug',
'--disable-dependency-tracking',
'--disable-doc',
'--disable-scripts',
'--disable-lzma-links',
'--disable-lzmainfo',
'--disable-lzmadec',
'--disable-xzdec',
'--disable-xz'
]
config_command << "--disable-nls" if windows?
config_command << '--disable-nls' if windows?
configure(*config_command, env: env)

10
omnibus/config/software/libmnl.rb
View File

@@ -15,14 +15,14 @@
# limitations under the License.
#
name "libmnl"
default_version "1.0.4"
name 'libmnl'
default_version '1.0.4'
license "GPL-2.1"
license_file "COPYING"
license 'GPL-2.1'
license_file 'COPYING'
skip_transitive_dependency_licensing true
version("1.0.4") { source sha256: "171f89699f286a5854b72b91d06e8f8e3683064c5901fb09d954a9ab6f551f81" }
version('1.0.4') { source sha256: '171f89699f286a5854b72b91d06e8f8e3683064c5901fb09d954a9ab6f551f81' }
source url: "https://www.netfilter.org/pub/libmnl/libmnl-#{version}.tar.bz2"

10
omnibus/config/software/libnftnl.rb
View File

@@ -15,14 +15,14 @@
# limitations under the License.
#
name "libnftnl"
default_version "1.2.0"
name 'libnftnl'
default_version '1.2.0'
license "GPL-2.1"
license_file "COPYING"
license 'GPL-2.1'
license_file 'COPYING'
skip_transitive_dependency_licensing true
version("1.2.0") { source sha256: "90b01fddfe9be8c3245c3ba5ff5a4424a8df708828f92b2b361976b658c074f5" }
version('1.2.0') { source sha256: '90b01fddfe9be8c3245c3ba5ff5a4424a8df708828f92b2b361976b658c074f5' }
source url: "https://www.netfilter.org/pub/libnftnl/libnftnl-#{version}.tar.bz2"

18
omnibus/config/software/libossp-uuid.rb
View File

@@ -1,3 +1,6 @@
# rubocop:disable Naming/FileName
# frozen_string_literal: true
#
# Copyright 2012-2014 Chef Software, Inc.
#
@@ -14,18 +17,18 @@
# limitations under the License.
#
name "libossp-uuid"
default_version "1.6.2"
name 'libossp-uuid'
default_version '1.6.2'
license "MIT"
license_file "README"
license 'MIT'
license_file 'README'
skip_transitive_dependency_licensing true
dependency "config_guess"
dependency 'config_guess'
# version_list: url=https://www.mirrorservice.org/sites/ftp.ossp.org/pkg/lib/uuid/ filter=*.tar.gz
version("1.6.2") { source sha256: "11a615225baa5f8bb686824423f50e4427acd3f70d394765bdff32801f0fd5b0" }
version('1.6.2') { source sha256: '11a615225baa5f8bb686824423f50e4427acd3f70d394765bdff32801f0fd5b0' }
# ftp on ftp.ossp.org is unavaiable so we must use another mirror site.
source url: "https://www.mirrorservice.org/sites/ftp.ossp.org/pkg/lib/uuid/uuid-#{version}.tar.gz"
@@ -37,9 +40,10 @@ build do
update_config_guess
command "./configure" \
command './configure' \
" --prefix=#{install_dir}/embedded", env: env
make "-j #{workers}", env: env
make "-j #{workers} install", env: env
end
# rubocop:enable Naming/FileName

30
omnibus/config/software/libtool.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright:: Chef Software, Inc.
#
@@ -14,21 +16,21 @@
# limitations under the License.
#
name "libtool"
default_version "2.4.6"
name 'libtool'
default_version '2.4.6'
license "GPL-2.0"
license_file "COPYING"
license 'GPL-2.0'
license_file 'COPYING'
skip_transitive_dependency_licensing true
dependency "m4"
dependency "config_guess"
dependency 'm4'
dependency 'config_guess'
# version_list: url=https://ftp.gnu.org/gnu/libtool/ filter=*.tar.gz
version("2.4.6") { source sha256: "e3bd4d5d3d025a36c21dd6af7ea818a2afcd4dfc1ea5a17b39d7854bcd0c06e3" }
version("2.4.2") { source sha256: "b38de44862a987293cd3d8dfae1c409d514b6c4e794ebc93648febf9afc38918" }
version("2.4") { source sha256: "13df57ab63a94e196c5d6e95d64e53262834fe780d5e82c28f177f9f71ddf62e" }
version('2.4.6') { source sha256: 'e3bd4d5d3d025a36c21dd6af7ea818a2afcd4dfc1ea5a17b39d7854bcd0c06e3' }
version('2.4.2') { source sha256: 'b38de44862a987293cd3d8dfae1c409d514b6c4e794ebc93648febf9afc38918' }
version('2.4') { source sha256: '13df57ab63a94e196c5d6e95d64e53262834fe780d5e82c28f177f9f71ddf62e' }
source url: "https://mirrors.kernel.org/gnu/libtool/libtool-#{version}.tar.gz"
@@ -38,19 +40,19 @@ build do
env = with_standard_compiler_flags(with_embedded_path)
update_config_guess
update_config_guess(target: "libltdl/config")
update_config_guess(target: 'libltdl/config')
if aix?
env["M4"] = "/opt/freeware/bin/m4"
env['M4'] = '/opt/freeware/bin/m4'
elsif solaris2?
# We hit this bug on Solaris11 platforms bug#14291: libtool 2.4.2 fails to build due to macro_revision reversion
# The problem occurs with LANG=en_US.UTF-8 but not with LANG=C
env["LANG"] = "C"
env['LANG'] = 'C'
end
command "./configure" \
command './configure' \
" --prefix=#{install_dir}/embedded", env: env
make env: env
make "install", env: env
make 'install', env: env
end

42
omnibus/config/software/libxml2.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright:: Chef Software Inc.
#
@@ -14,21 +16,21 @@
# limitations under the License.
#
name "libxml2"
default_version "2.9.10" # 2.9.12 is not properly building as of 5.20.21
name 'libxml2'
default_version '2.9.10' # 2.9.12 is not properly building as of 5.20.21
license "MIT"
license_file "COPYING"
license 'MIT'
license_file 'COPYING'
skip_transitive_dependency_licensing true
dependency "zlib"
dependency "liblzma"
dependency "config_guess"
dependency 'zlib'
dependency 'liblzma'
dependency 'config_guess'
# version_list: url=ftp://xmlsoft.org/libxml2/ filter=libxml2-*.tar.gz
version("2.9.12") { source sha256: "c8d6681e38c56f172892c85ddc0852e1fd4b53b4209e7f4ebf17f7e2eae71d92" }
version("2.9.10") { source sha256: "aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f" }
version("2.9.9") { source sha256: "94fb70890143e3c6549f265cee93ec064c80a84c42ad0f23e85ee1fd6540a871" }
version('2.9.12') { source sha256: 'c8d6681e38c56f172892c85ddc0852e1fd4b53b4209e7f4ebf17f7e2eae71d92' }
version('2.9.10') { source sha256: 'aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f' }
version('2.9.9') { source sha256: '94fb70890143e3c6549f265cee93ec064c80a84c42ad0f23e85ee1fd6540a871' }
source url: "ftp://xmlsoft.org/libxml2/libxml2-#{version}.tar.gz"
@@ -40,16 +42,16 @@ build do
configure_command = [
"--with-zlib=#{install_dir}/embedded",
"--with-lzma=#{install_dir}/embedded",
"--with-sax1", # required for nokogiri to compile
"--without-iconv",
"--without-python",
"--without-icu",
"--without-debug",
"--without-mem-debug",
"--without-run-debug",
"--without-legacy", # we don't need legacy interfaces
"--without-catalog",
"--without-docbook",
'--with-sax1', # required for nokogiri to compile
'--without-iconv',
'--without-python',
'--without-icu',
'--without-debug',
'--without-mem-debug',
'--without-run-debug',
'--without-legacy', # we don't need legacy interfaces
'--without-catalog',
'--without-docbook'
]
update_config_guess

4
omnibus/config/software/libyaml.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright 2012-2015 Chef Software, Inc.
#
@@ -24,7 +26,7 @@ skip_transitive_dependency_licensing true
dependency 'config_guess'
version("0.1.7") { source sha256: "8088e457264a98ba451a90b8661fcb4f9d6f478f7265d48322a196cec2480729" }
version('0.1.7') { source sha256: '8088e457264a98ba451a90b8661fcb4f9d6f478f7265d48322a196cec2480729' }
source url: "http://pyyaml.org/download/libyaml/yaml-#{version}.tar.gz"

16
omnibus/config/software/linenoise.rb
View File

@@ -15,22 +15,22 @@
# limitations under the License.
#
name "linenoise"
description "A small self-contained alternative to readline and libedit"
name 'linenoise'
description 'A small self-contained alternative to readline and libedit'
license_file "LICENSE"
license_file 'LICENSE'
skip_transitive_dependency_licensing true
source github: "antirez/linenoise"
default_version "master"
source github: 'antirez/linenoise'
default_version 'master'
build do
env = with_standard_compiler_flags(with_embedded_path)
cc = env.fetch("CC", "gcc")
cc = env.fetch('CC', 'gcc')
command "#{cc} -c linenoise.c -o linenoise.o -fPIC", env: env
command "#{cc} -shared -o liblinenoise.so linenoise.o -lm", env: env
copy "liblinenoise.so", "#{install_dir}/embedded/lib/"
copy "linenoise.h", "#{install_dir}/embedded/include/"
copy 'liblinenoise.so', "#{install_dir}/embedded/lib/"
copy 'linenoise.h', "#{install_dir}/embedded/include/"
end

16
omnibus/config/software/m4.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright:: Chef Software, Inc.
#
@@ -15,15 +17,15 @@
#
# expeditor/ignore: deprecated 2021-04
name "m4"
default_version "1.4.19"
name 'm4'
default_version '1.4.19'
license "GPL-3.0"
license_file "COPYING"
license 'GPL-3.0'
license_file 'COPYING'
skip_transitive_dependency_licensing true
version("1.4.19") { source sha256: "3be4a26d825ffdfda52a56fc43246456989a3630093cced3fbddf4771ee58a70" }
version("1.4.18") { source sha256: "ab2633921a5cd38e48797bf5521ad259bdc4b979078034a3b790d7fec5493fab" }
version('1.4.19') { source sha256: '3be4a26d825ffdfda52a56fc43246456989a3630093cced3fbddf4771ee58a70' }
version('1.4.18') { source sha256: 'ab2633921a5cd38e48797bf5521ad259bdc4b979078034a3b790d7fec5493fab' }
source url: "https://mirrors.kernel.org/gnu/m4/m4-#{version}.tar.gz"
@@ -32,7 +34,7 @@ relative_path "m4-#{version}"
build do
env = with_standard_compiler_flags(with_embedded_path)
patch source: "m4-1.4.18-glibc-change-work-around.patch", plevel: 1, env: env if version == "1.4.18"
patch source: 'm4-1.4.18-glibc-change-work-around.patch', plevel: 1, env: env if version == '1.4.18'
command "./configure --prefix=#{install_dir}/embedded", env: env

92
omnibus/config/software/ncurses.rb
View File

@@ -15,11 +15,11 @@
# limitations under the License.
#
name "ncurses"
default_version "6.2"
name 'ncurses'
default_version '6.2'
license "MIT"
license_file "COPYING"
license 'MIT'
license_file 'COPYING'
# This quickly gets rate-limit and blocked on self-hosted runners.
# license_file "http://invisible-island.net/ncurses/ncurses-license.html"
@@ -27,13 +27,13 @@ license_file "COPYING"
skip_transitive_dependency_licensing true
dependency "libtool"
dependency "config_guess"
dependency 'libtool'
dependency 'config_guess'
# versions_list: https://ftp.gnu.org/gnu/ncurses/ filter=*.tar.gz
version("6.2") { source sha256: "30306e0c76e0f9f1f0de987cf1c82a5c21e1ce6568b9227f7da5b71cbea86c9d" }
version("6.1") { source sha256: "aa057eeeb4a14d470101eff4597d5833dcef5965331be3528c08d99cebaa0d17" }
version("5.9") { source sha256: "9046298fb440324c9d4135ecea7879ffed8546dd1b58e59430ea07a4633f563b" }
version('6.2') { source sha256: '30306e0c76e0f9f1f0de987cf1c82a5c21e1ce6568b9227f7da5b71cbea86c9d' }
version('6.1') { source sha256: 'aa057eeeb4a14d470101eff4597d5833dcef5965331be3528c08d99cebaa0d17' }
version('5.9') { source sha256: '9046298fb440324c9d4135ecea7879ffed8546dd1b58e59430ea07a4633f563b' }
source url: "https://mirrors.kernel.org/gnu/ncurses/ncurses-#{version}.tar.gz"
@@ -54,41 +54,40 @@ relative_path "ncurses-#{version}"
#
########################################################################
# rubocop:disable Metrics/BlockLength
build do
env = with_standard_compiler_flags(with_embedded_path)
env.delete("CPPFLAGS")
env.delete('CPPFLAGS')
if smartos?
# SmartOS is Illumos Kernel, plus NetBSD userland with a GNU toolchain.
# These patches are taken from NetBSD pkgsrc and provide GCC 4.7.0
# compatibility:
# http://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/devel/ncurses/patches/
patch source: "patch-aa", plevel: 0, env: env
patch source: "patch-ab", plevel: 0, env: env
patch source: "patch-ac", plevel: 0, env: env
patch source: "patch-ad", plevel: 0, env: env
patch source: "patch-cxx_cursesf.h", plevel: 0, env: env
patch source: "patch-cxx_cursesm.h", plevel: 0, env: env
patch source: 'patch-aa', plevel: 0, env: env
patch source: 'patch-ab', plevel: 0, env: env
patch source: 'patch-ac', plevel: 0, env: env
patch source: 'patch-ad', plevel: 0, env: env
patch source: 'patch-cxx_cursesf.h', plevel: 0, env: env
patch source: 'patch-cxx_cursesm.h', plevel: 0, env: env
# Chef patches - <sean@sean.io>
# The configure script from the pristine tarball detects xopen_source_extended incorrectly.
# Manually working around a false positive.
patch source: "ncurses-5.9-solaris-xopen_source_extended-detection.patch", plevel: 0, env: env
patch source: 'ncurses-5.9-solaris-xopen_source_extended-detection.patch', plevel: 0, env: env
end
update_config_guess
# AIX's old version of patch doesn't like the patches here
unless aix?
if version == "5.9"
# Patch to add support for GCC 5, doesn't break previous versions
patch source: "ncurses-5.9-gcc-5.patch", plevel: 1, env: env
end
if !aix? && (version == '5.9')
# Patch to add support for GCC 5, doesn't break previous versions
patch source: 'ncurses-5.9-gcc-5.patch', plevel: 1, env: env
end
if mac_os_x? ||
# Clang became the default compiler in FreeBSD 10+
(freebsd? && ohai["os_version"].to_i >= 1000024)
# Clang became the default compiler in FreeBSD 10+
(freebsd? && ohai['os_version'].to_i >= 1_000_024)
# References:
# https://github.com/Homebrew/homebrew-dupes/issues/43
# http://invisible-island.net/ncurses/NEWS.html#t20110409
@@ -96,23 +95,21 @@ build do
# Patches ncurses for clang compiler. Changes have been accepted into
# upstream, but occurred shortly after the 5.9 release. We should be able
# to remove this after upgrading to any release created after June 2012
patch source: "ncurses-clang.patch", env: env
patch source: 'ncurses-clang.patch', env: env
end
if openbsd?
patch source: "patch-ncurses_tinfo_lib__baudrate.c", plevel: 0, env: env
end
patch source: 'patch-ncurses_tinfo_lib__baudrate.c', plevel: 0, env: env if openbsd?
configure_command = [
"./configure",
'./configure',
"--prefix=#{install_dir}/embedded",
"--enable-overwrite",
"--with-shared",
"--with-termlib",
"--without-ada",
"--without-cxx-binding",
"--without-debug",
"--without-manpages"
'--enable-overwrite',
'--with-shared',
'--with-termlib',
'--without-ada',
'--without-cxx-binding',
'--without-debug',
'--without-manpages'
]
if aix?
@@ -124,32 +121,32 @@ build do
configure_command << "--with-libtool=\"#{install_dir}/embedded/bin/libtool\""
# stick with just the shared libs on AIX
configure_command << "--without-normal"
configure_command << '--without-normal'
# ncurses's ./configure incorrectly
# "figures out" ARFLAGS if you try
# to set them yourself
env.delete("ARFLAGS")
env.delete('ARFLAGS')
# use gnu install from the coreutils IBM rpm package
env["INSTALL"] = "/opt/freeware/bin/install"
env['INSTALL'] = '/opt/freeware/bin/install'
end
command configure_command.join(" "), env: env
command configure_command.join(' '), env: env
# unfortunately, libtool may try to link to libtinfo
# before it has been assembled; so we have to build in serial
make "libs", env: env if aix?
make 'libs', env: env if aix?
make "-j #{workers}", env: env
make "-j #{workers} install", env: env
# Build non-wide-character libraries
make "distclean", env: env
configure_command << "--enable-widec"
make 'distclean', env: env
configure_command << '--enable-widec'
command configure_command.join(" "), env: env
make "libs", env: env if aix?
command configure_command.join(' '), env: env
make 'libs', env: env if aix?
make "-j #{workers}", env: env
# Installing the non-wide libraries will also install the non-wide
@@ -158,7 +155,6 @@ build do
make "-j #{workers} install", env: env
# Ensure embedded ncurses wins in the LD search path
if smartos?
link "#{install_dir}/embedded/lib/libcurses.so", "#{install_dir}/embedded/lib/libcurses.so.1"
end
link "#{install_dir}/embedded/lib/libcurses.so", "#{install_dir}/embedded/lib/libcurses.so.1" if smartos?
end
# rubocop:enable Metrics/BlockLength

38
omnibus/config/software/nftables.rb
View File

@@ -14,41 +14,41 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
name "nftables"
name 'nftables'
license_file "COPYING"
license_file 'COPYING'
skip_transitive_dependency_licensing true
# Some weirdness in the official release package so use git and switch to tag
# default_version "0.9.9"
# source url: "https://www.netfilter.org/pub/nftables/nftables-#{version}.tar.bz2"
# version("0.9.9") { source sha256: "76ef2dc7fd0d79031a8369487739a217ca83996b3a746cec5bda79da11e3f1b4" }
source git: "git://git.netfilter.org/nftables"
default_version "v0.9.9"
source git: 'git://git.netfilter.org/nftables'
default_version 'v0.9.9'
relative_path "#{name}-#{version}"
dependency "gmp"
dependency "m4"
dependency "bison"
dependency "flex"
dependency "libmnl"
dependency "libnftnl"
dependency "libtool"
dependency "linenoise"
dependency "pkg-config"
dependency 'gmp'
dependency 'm4'
dependency 'bison'
dependency 'flex'
dependency 'libmnl'
dependency 'libnftnl'
dependency 'libtool'
dependency 'linenoise'
dependency 'pkg-config'
build do
env = with_standard_compiler_flags(with_embedded_path)
configure_cmd = [
"./configure",
'./configure',
"--prefix=#{install_dir}/embedded",
"--disable-debug",
"--disable-man-doc",
"--with-cli=linenoise" # readline seems to fail to be detected and libedit fails with missing "editline/history.h"
'--disable-debug',
'--disable-man-doc',
'--with-cli=linenoise' # readline seems to fail to be detected and libedit fails with missing "editline/history.h"
]
command "./autogen.sh", env: env
command configure_cmd.join(" "), env: env
command './autogen.sh', env: env
command configure_cmd.join(' '), env: env
make "-j #{workers}", env: env
make "-j #{workers} install", env: env
end

36
omnibus/config/software/nginx.rb
View File

@@ -15,37 +15,37 @@
# limitations under the License.
#
name "nginx"
default_version "1.20.1"
name 'nginx'
default_version '1.20.1'
dependency "pcre"
dependency "openssl"
dependency "zlib"
dependency 'pcre'
dependency 'openssl'
dependency 'zlib'
license "BSD-2-Clause"
license_file "LICENSE"
license 'BSD-2-Clause'
license_file 'LICENSE'
source url: "https://nginx.org/download/nginx-#{version}.tar.gz"
# versions_list: https://nginx.org/download/ filter=*.tar.gz
version("1.20.1") { source sha256: "e462e11533d5c30baa05df7652160ff5979591d291736cfa5edb9fd2edb48c49" }
version("1.19.9") { source sha256: "2e35dff06a9826e8aca940e9e8be46b7e4b12c19a48d55bfc2dc28fc9cc7d841" }
version("1.19.8") { source sha256: "308919b1a1359315a8066578472f998f14cb32af8de605a3743acca834348b05" }
version("1.18.0") { source sha256: "4c373e7ab5bf91d34a4f11a0c9496561061ba5eee6020db272a17a7228d35f99" }
version("1.14.2") { source sha256: "002d9f6154e331886a2dd4e6065863c9c1cf8291ae97a1255308572c02be9797" }
version("1.14.0") { source sha256: "5d15becbf69aba1fe33f8d416d97edd95ea8919ea9ac519eff9bafebb6022cb5" }
version('1.20.1') { source sha256: 'e462e11533d5c30baa05df7652160ff5979591d291736cfa5edb9fd2edb48c49' }
version('1.19.9') { source sha256: '2e35dff06a9826e8aca940e9e8be46b7e4b12c19a48d55bfc2dc28fc9cc7d841' }
version('1.19.8') { source sha256: '308919b1a1359315a8066578472f998f14cb32af8de605a3743acca834348b05' }
version('1.18.0') { source sha256: '4c373e7ab5bf91d34a4f11a0c9496561061ba5eee6020db272a17a7228d35f99' }
version('1.14.2') { source sha256: '002d9f6154e331886a2dd4e6065863c9c1cf8291ae97a1255308572c02be9797' }
version('1.14.0') { source sha256: '5d15becbf69aba1fe33f8d416d97edd95ea8919ea9ac519eff9bafebb6022cb5' }
relative_path "nginx-#{version}"
build do
env = with_standard_compiler_flags(with_embedded_path)
command "./configure" \
command './configure' \
" --prefix=#{install_dir}/embedded" \
" --with-http_ssl_module" \
" --with-http_stub_status_module" \
" --with-ipv6" \
" --with-debug" \
' --with-http_ssl_module' \
' --with-http_stub_status_module' \
' --with-ipv6' \
' --with-debug' \
" --with-cc-opt=\"-L#{install_dir}/embedded/lib -I#{install_dir}/embedded/include\"" \
" --with-ld-opt=-L#{install_dir}/embedded/lib", env: env

28
omnibus/config/software/nodejs.rb
View File

@@ -1,24 +1,26 @@
name "nodejs"
description "NodeJS"
default_version "14.18.3"
license_file "LICENSE"
# frozen_string_literal: true
name 'nodejs'
description 'NodeJS'
default_version '14.18.3'
license_file 'LICENSE'
source url: "https://github.com/nodejs/node/archive/refs/tags/v#{version}.tar.gz"
version("16.6.2") do
source sha256: "9b539b1ea5e3fbd173fcbaae97088401b228c36c2076c98d04c73802713bbb73"
version('16.6.2') do
source sha256: '9b539b1ea5e3fbd173fcbaae97088401b228c36c2076c98d04c73802713bbb73'
end
version("14.18.3") do
source sha256: "0f20571bc6d7d2f4b12b133768017c913a1a40c0c600ccd553b029842f7827d0"
version('14.18.3') do
source sha256: '0f20571bc6d7d2f4b12b133768017c913a1a40c0c600ccd553b029842f7827d0'
end
version("14.18.2") do
source sha256: "2d3b55fa3ff98acb5a8eb26ac73c1963b38e62c2428c883fc9debdfa54efcb6c"
version('14.18.2') do
source sha256: '2d3b55fa3ff98acb5a8eb26ac73c1963b38e62c2428c883fc9debdfa54efcb6c'
end
version("14.18.1") do
source sha256: "ee873d13ce00680c682be27132a420b3b5620f17549906dda7e2398b56ba41b0"
version('14.18.1') do
source sha256: 'ee873d13ce00680c682be27132a420b3b5620f17549906dda7e2398b56ba41b0'
end
dependency "python"
dependency 'python'
relative_path "node-#{version}"

24
omnibus/config/software/omnibus-ctl.rb
View File

@@ -1,3 +1,4 @@
# rubocop:disable Naming/FileName
# frozen_string_literal: true
# Copyright 2012-2015 Chef Software, Inc.
@@ -16,30 +17,31 @@
# limitations under the License.
#
name "omnibus-ctl"
default_version "v0.6.0"
name 'omnibus-ctl'
default_version 'v0.6.0'
license "Apache-2.0"
license_file "https://raw.githubusercontent.com/chef/omnibus-ctl/master/LICENSE"
license 'Apache-2.0'
license_file 'https://raw.githubusercontent.com/chef/omnibus-ctl/master/LICENSE'
# Even though omnibus-ctl is a gem, it does not have any dependencies.
skip_transitive_dependency_licensing true
dependency "rubygems"
dependency "ruby"
dependency 'rubygems'
dependency 'ruby'
# versions_list: https://github.com/chef/omnibus-ctl/tags filter=*.tar.gz
source git: "https://github.com/chef/omnibus-ctl.git"
source git: 'https://github.com/chef/omnibus-ctl.git'
relative_path "omnibus-ctl"
relative_path 'omnibus-ctl'
build do
env = with_standard_compiler_flags(with_embedded_path)
# Remove existing built gems in case they exist in the current dir
delete "omnibus-ctl-*.gem"
delete 'omnibus-ctl-*.gem'
gem "build omnibus-ctl.gemspec", env: env
gem "install omnibus-ctl-*.gem --no-document ", env: env
gem 'build omnibus-ctl.gemspec', env: env
gem 'install omnibus-ctl-*.gem --no-document ', env: env
touch "#{install_dir}/embedded/service/omnibus-ctl/.gitkeep"
end
# rubocop:enable Naming/FileName

122
omnibus/config/software/openssl.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright:: Chef Software Inc.
#
@@ -14,26 +16,27 @@
# limitations under the License.
#
name "openssl"
name 'openssl'
license "OpenSSL"
license_file "LICENSE"
license 'OpenSSL'
license_file 'LICENSE'
skip_transitive_dependency_licensing true
dependency "cacerts"
dependency "openssl-fips" if fips_mode?
dependency 'cacerts'
dependency 'openssl-fips' if fips_mode?
default_version "1.1.1k" # do_not_auto_update
default_version '1.1.1k' # do_not_auto_update
# Openssl builds engines as libraries into a special directory. We need to include
# that directory in lib_dirs so omnibus can sign them during macOS deep signing.
lib_dirs lib_dirs.concat(["#{install_dir}/embedded/lib/engines"])
lib_dirs lib_dirs.concat(["#{install_dir}/embedded/lib/engines-1.1"]) if version.start_with?("1.1")
lib_dirs lib_dirs.concat(["#{install_dir}/embedded/lib/engines-1.1"]) if version.start_with?('1.1')
# OpenSSL source ships with broken symlinks which windows doesn't allow.
# So skip error checking with `extract: :lax_tar`
if version.satisfies?("> 1.0.2u") && version.satisfies?("< 1.1.0")
# 1.0.2u was the last public release of 1.0.2. Subsequent releases come from a support contract with OpenSSL Software Services
if version.satisfies?('> 1.0.2u') && version.satisfies?('< 1.1.0')
# 1.0.2u was the last public release of 1.0.2. Subsequent releases come from a support contract with OpenSSL
# Software Services
source url: "https://s3.amazonaws.com/chef-releng/openssl/openssl-#{version}.tar.gz", extract: :lax_tar
else
# As of 2020-09-09 even openssl-1.0.0.tar.gz can be downloaded from /source/openssl-VERSION.tar.gz
@@ -42,82 +45,82 @@ else
source url: "https://www.openssl.org/source/openssl-#{version}.tar.gz", extract: :lax_tar
end
version("1.1.1k") { source sha256: "892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5" }
version("1.1.1j") { source sha256: "aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf" }
version("1.1.1i") { source sha256: "e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242" }
version("1.0.2y") { source sha256: "4882ec99f8e147ab26375da8a6af92efae69b6aef505234764f8cd00a1b81ffc" }
version("1.0.2x") { source sha256: "79cb4e20004a0d1301210aee7e154ddfba3d6a33d0df1f6c5d3257cb915a59c9" }
version("1.0.2w") { source sha256: "a675ad1a9df59015cebcdf713de76a422347c5d99f11232fe75758143defd680" }
version("1.0.2i") { source sha256: "9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f" }
version('1.1.1k') { source sha256: '892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5' }
version('1.1.1j') { source sha256: 'aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf' }
version('1.1.1i') { source sha256: 'e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242' }
version('1.0.2y') { source sha256: '4882ec99f8e147ab26375da8a6af92efae69b6aef505234764f8cd00a1b81ffc' }
version('1.0.2x') { source sha256: '79cb4e20004a0d1301210aee7e154ddfba3d6a33d0df1f6c5d3257cb915a59c9' }
version('1.0.2w') { source sha256: 'a675ad1a9df59015cebcdf713de76a422347c5d99f11232fe75758143defd680' }
version('1.0.2i') { source sha256: '9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f' }
relative_path "openssl-#{version}"
# rubocop:disable Metrics/BlockLength
build do
env = with_standard_compiler_flags(with_embedded_path)
if aix?
env["M4"] = "/opt/freeware/bin/m4"
env['M4'] = '/opt/freeware/bin/m4'
elsif mac_os_x? && arm?
env["CFLAGS"] << " -Qunused-arguments"
env['CFLAGS'] << ' -Qunused-arguments'
elsif freebsd?
# Should this just be in standard_compiler_flags?
env["LDFLAGS"] += " -Wl,-rpath,#{install_dir}/embedded/lib"
env['LDFLAGS'] += " -Wl,-rpath,#{install_dir}/embedded/lib"
elsif windows?
# XXX: OpenSSL explicitly sets -march=i486 and expects that to be honored.
# It has OPENSSL_IA32_SSE2 controlling whether it emits optimized SSE2 code
# and the 32-bit calling convention involving XMM registers is... vague.
# Do not enable SSE2 generally because the hand optimized assembly will
# overwrite registers that mingw expects to get preserved.
env["CFLAGS"] = "-I#{install_dir}/embedded/include"
env["CPPFLAGS"] = env["CFLAGS"]
env["CXXFLAGS"] = env["CFLAGS"]
env['CFLAGS'] = "-I#{install_dir}/embedded/include"
env['CPPFLAGS'] = env['CFLAGS']
env['CXXFLAGS'] = env['CFLAGS']
end
configure_args = [
"--prefix=#{install_dir}/embedded",
"no-unit-test",
"no-comp",
"no-idea",
"no-mdc2",
"no-rc5",
"no-ssl2",
"no-ssl3",
"no-zlib",
"shared",
'no-unit-test',
'no-comp',
'no-idea',
'no-mdc2',
'no-rc5',
'no-ssl2',
'no-ssl3',
'no-zlib',
'shared'
]
configure_args += ["--with-fipsdir=#{install_dir}/embedded", "fips"] if fips_mode?
configure_args += ["--with-fipsdir=#{install_dir}/embedded", 'fips'] if fips_mode?
configure_cmd =
if aix?
"perl ./Configure aix64-cc"
'perl ./Configure aix64-cc'
elsif mac_os_x?
intel? ? "./Configure darwin64-x86_64-cc" : "./Configure darwin64-arm64-cc no-asm"
intel? ? './Configure darwin64-x86_64-cc' : './Configure darwin64-arm64-cc no-asm'
elsif smartos?
"/bin/bash ./Configure solaris64-x86_64-gcc -static-libgcc"
'/bin/bash ./Configure solaris64-x86_64-gcc -static-libgcc'
elsif omnios?
"/bin/bash ./Configure solaris-x86-gcc"
'/bin/bash ./Configure solaris-x86-gcc'
elsif solaris2?
platform = sparc? ? "solaris64-sparcv9-gcc" : "solaris64-x86_64-gcc"
if version.satisfies?("< 1.1.0")
platform = sparc? ? 'solaris64-sparcv9-gcc' : 'solaris64-x86_64-gcc'
if version.satisfies?('< 1.1.0')
"/bin/bash ./Configure #{platform} -static-libgcc"
else
"./Configure #{platform} -static-libgcc"
end
elsif windows?
platform = windows_arch_i386? ? "mingw" : "mingw64"
platform = windows_arch_i386? ? 'mingw' : 'mingw64'
"perl.exe ./Configure #{platform}"
else
prefix =
if linux? && ppc64?
"./Configure linux-ppc64"
'./Configure linux-ppc64'
elsif linux? && s390x?
# With gcc > 4.3 on s390x there is an error building
# with inline asm enabled
"./Configure linux64-s390x -DOPENSSL_NO_INLINE_ASM"
'./Configure linux64-s390x -DOPENSSL_NO_INLINE_ASM'
else
"./config"
'./config'
end
"#{prefix} disable-gost"
end
@@ -125,42 +128,38 @@ build do
patch_env = if aix?
# This enables omnibus to use 'makedepend'
# from fileset 'X11.adt.imake' (AIX install media)
env["PATH"] = "/usr/lpp/X11/bin:#{ENV["PATH"]}"
env['PATH'] = "/usr/lpp/X11/bin:#{ENV['PATH']}"
penv = env.dup
penv["PATH"] = "/opt/freeware/bin:#{env["PATH"]}"
penv['PATH'] = "/opt/freeware/bin:#{env['PATH']}"
penv
else
env
end
if version.start_with? "1.0"
patch source: "openssl-1.0.1f-do-not-build-docs.patch", env: patch_env
elsif version.start_with? "1.1"
patch source: "openssl-1.1.0f-do-not-install-docs.patch", env: patch_env
if version.start_with? '1.0'
patch source: 'openssl-1.0.1f-do-not-build-docs.patch', env: patch_env
elsif version.start_with? '1.1'
patch source: 'openssl-1.1.0f-do-not-install-docs.patch', env: patch_env
end
if version.start_with?("1.0.2") && mac_os_x? && arm?
patch source: "openssl-1.0.2x-darwin-arm64.patch"
end
patch source: 'openssl-1.0.2x-darwin-arm64.patch' if version.start_with?('1.0.2') && mac_os_x? && arm?
if version.start_with?("1.0.2") && windows?
if version.start_with?('1.0.2') && windows?
# Patch Makefile.org to update the compiler flags/options table for mingw.
patch source: "openssl-1.0.1q-fix-compiler-flags-table-for-msys.patch", env: env
patch source: 'openssl-1.0.1q-fix-compiler-flags-table-for-msys.patch', env: env
end
# Out of abundance of caution, we put the feature flags first and then
# the crazy platform specific compiler flags at the end.
configure_args << env["CFLAGS"] << env["LDFLAGS"]
configure_args << env['CFLAGS'] << env['LDFLAGS']
configure_command = configure_args.unshift(configure_cmd).join(" ")
configure_command = configure_args.unshift(configure_cmd).join(' ')
command configure_command, env: env, in_msys_bash: true
if version.start_with?("1.0.2") && windows?
patch source: "openssl-1.0.1j-windows-relocate-dll.patch", env: env
end
patch source: 'openssl-1.0.1j-windows-relocate-dll.patch', env: env if version.start_with?('1.0.2') && windows?
make "depend", env: env
make 'depend', env: env
# make -j N on openssl is not reliable
make "-j #{workers}", env: env
if aix?
@@ -171,7 +170,8 @@ build do
# can't install the library that is already in use. Ideally we would patch openssl
# to make this not be an issue.
# Bug Ref: http://rt.openssl.org/Ticket/Display.html?id=2986&user=guest&pass=guest
command "sudo /usr/sbin/slibclean", env: env
command 'sudo /usr/sbin/slibclean', env: env
end
make "-j #{workers} install", env: env
end
# rubocop:enable Metrics/BlockLength

32
omnibus/config/software/pcre.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright:: Chef Software, Inc.
#
@@ -14,21 +16,21 @@
# limitations under the License.
#
name "pcre"
default_version "8.44"
name 'pcre'
default_version '8.44'
license "BSD-2-Clause"
license_file "LICENCE"
license 'BSD-2-Clause'
license_file 'LICENCE'
skip_transitive_dependency_licensing true
dependency "libedit"
dependency "ncurses"
dependency "config_guess"
dependency 'libedit'
dependency 'ncurses'
dependency 'config_guess'
# version_list: url=https://sourceforge.net/projects/pcre/files/pcre/ filter=*.tar.gz
version("8.44") { source sha256: "aecafd4af3bd0f3935721af77b889d9024b2e01d96b58471bd91a3063fb47728" }
version("8.38") { source sha256: "9883e419c336c63b0cb5202b09537c140966d585e4d0da66147dc513da13e629" }
version('8.44') { source sha256: 'aecafd4af3bd0f3935721af77b889d9024b2e01d96b58471bd91a3063fb47728' }
version('8.38') { source sha256: '9883e419c336c63b0cb5202b09537c140966d585e4d0da66147dc513da13e629' }
source url: "http://downloads.sourceforge.net/project/pcre/pcre/#{version}/pcre-#{version}.tar.gz"
@@ -39,13 +41,13 @@ build do
update_config_guess
command "./configure" \
command './configure' \
" --prefix=#{install_dir}/embedded" \
" --disable-cpp" \
" --enable-utf" \
" --enable-unicode-properties" \
" --enable-pcretest-libedit" \
"--disable-pcregrep-jit", env: env
' --disable-cpp' \
' --enable-utf' \
' --enable-unicode-properties' \
' --enable-pcretest-libedit' \
'--disable-pcregrep-jit', env: env
make "-j #{workers}", env: env
make "-j #{workers} install", env: env

18
omnibus/config/software/perl-thread-queue.rb
View File

@@ -1,3 +1,6 @@
# rubocop:disable Naming/FileName
# frozen_string_literal: true
#
# Copyright 2019 Oregon State University
#
@@ -15,13 +18,13 @@
#
# expeditor/ignore: deprecated 2021-04
name "perl-thread-queue"
default_version "3.13"
name 'perl-thread-queue'
default_version '3.13'
dependency "perl"
dependency 'perl'
version "3.13" do
source sha256: "6ba3dacddd2fbb66822b4aa1d11a0a5273cd04c825cb3ff31c20d7037cbfdce8"
version '3.13' do
source sha256: '6ba3dacddd2fbb66822b4aa1d11a0a5273cd04c825cb3ff31c20d7037cbfdce8'
end
source url: "http://search.cpan.org/CPAN/authors/id/J/JD/JDHEDDEN/Thread-Queue-#{version}.tar.gz"
@@ -30,11 +33,12 @@ relative_path "Thread-Queue-#{version}"
build do
env = with_standard_compiler_flags(with_embedded_path).merge(
"INSTALL_BASE" => "#{install_dir}/embedded"
'INSTALL_BASE' => "#{install_dir}/embedded"
)
command "#{install_dir}/embedded/bin/perl Makefile.PL", env: env
make env: env
make "install", env: env
make 'install', env: env
end
# rubocop:enable Naming/FileName

66
omnibus/config/software/perl.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright:: Chef Software, Inc.
#
@@ -14,20 +16,20 @@
# limitations under the License.
#
name "perl"
name 'perl'
license "Artistic-2.0"
license_file "Artistic"
license 'Artistic-2.0'
license_file 'Artistic'
skip_transitive_dependency_licensing true
default_version "5.34.0"
default_version '5.34.0'
# versions_list: http://www.cpan.org/src/ filter=*.tar.gz
version("5.34.0") { source sha256: "551efc818b968b05216024fb0b727ef2ad4c100f8cb6b43fab615fa78ae5be9a" }
version("5.32.1") { source sha256: "03b693901cd8ae807231b1787798cf1f2e0b8a56218d07b7da44f784a7caeb2c" }
version("5.30.0") { source sha256: "851213c754d98ccff042caa40ba7a796b2cee88c5325f121be5cbb61bbf975f2" }
version("5.22.1") { source sha256: "2b475d0849d54c4250e9cba4241b7b7291cffb45dfd083b677ca7b5d38118f27" }
version("5.18.1") { source sha256: "655e11a8ffba8853efcdce568a142c232600ed120ac24aaebb4e6efe74e85b2b" }
version('5.34.0') { source sha256: '551efc818b968b05216024fb0b727ef2ad4c100f8cb6b43fab615fa78ae5be9a' }
version('5.32.1') { source sha256: '03b693901cd8ae807231b1787798cf1f2e0b8a56218d07b7da44f784a7caeb2c' }
version('5.30.0') { source sha256: '851213c754d98ccff042caa40ba7a796b2cee88c5325f121be5cbb61bbf975f2' }
version('5.22.1') { source sha256: '2b475d0849d54c4250e9cba4241b7b7291cffb45dfd083b677ca7b5d38118f27' }
version('5.18.1') { source sha256: '655e11a8ffba8853efcdce568a142c232600ed120ac24aaebb4e6efe74e85b2b' }
source url: "http://www.cpan.org/src/5.0/perl-#{version}.tar.gz"
# perl builds perl as libraries into a special directory. We need to include
@@ -36,39 +38,41 @@ lib_dirs lib_dirs.concat ["#{install_dir}/embedded/lib/perl5/**"]
relative_path "perl-#{version}"
# rubocop:disable Metrics/BlockLength
build do
env = with_standard_compiler_flags(with_embedded_path)
patch source: "perl-#{version}-remove_lnsl.patch", plevel: 1, env: env
if solaris2?
cc_command = "-Dcc='gcc -m64 -static-libgcc'"
elsif aix?
cc_command = "-Dcc='/opt/IBM/xlc/13.1.0/bin/cc_r -q64'"
elsif freebsd? && ohai["os_version"].to_i >= 1000024
cc_command = "-Dcc='clang'"
elsif mac_os_x?
cc_command = "-Dcc='clang'"
else
cc_command = "-Dcc='gcc -static-libgcc'"
end
cc_command = if solaris2?
"-Dcc='gcc -m64 -static-libgcc'"
elsif aix?
"-Dcc='/opt/IBM/xlc/13.1.0/bin/cc_r -q64'"
elsif freebsd? && ohai['os_version'].to_i >= 1_000_024
"-Dcc='clang'"
elsif mac_os_x?
"-Dcc='clang'"
else
"-Dcc='gcc -static-libgcc'"
end
configure_command = ["sh Configure",
" -de",
" -Dprefix=#{install_dir}/embedded",
" -Duseshrplib",
" -Dusethreads",
" #{cc_command}",
" -Dnoextensions='DB_File GDBM_File NDBM_File ODBM_File'"]
configure_command = ['sh Configure',
' -de',
" -Dprefix=#{install_dir}/embedded",
' -Duseshrplib',
' -Dusethreads',
" #{cc_command}",
" -Dnoextensions='DB_File GDBM_File NDBM_File ODBM_File'"]
if aix?
configure_command << "-Dmake=gmake"
configure_command << "-Duse64bitall"
configure_command << '-Dmake=gmake'
configure_command << '-Duse64bitall'
end
command configure_command.join(" "), env: env
command configure_command.join(' '), env: env
make "-j #{workers}", env: env
# using the install.perl target lets
# us skip install the manpages
make "install.perl", env: env
make 'install.perl', env: env
end
# rubocop:enable Metrics/BlockLength

34
omnibus/config/software/pkg-config.rb
View File

@@ -1,3 +1,6 @@
# rubocop:disable Naming/FileName
# frozen_string_literal: true
#
# Copyright 2013-2014 Chef Software, Inc.
#
@@ -15,15 +18,15 @@
#
# expeditor/ignore: deprecated 2021-05
name "pkg-config"
default_version "0.28"
name 'pkg-config'
default_version '0.28'
dependency "libiconv"
dependency "config_guess"
dependency 'libiconv'
dependency 'config_guess'
# version_list: url=https://pkgconfig.freedesktop.org/releases/ filter=*.tar.gz
version("0.28") { source sha256: "6b6eb31c6ec4421174578652c7e141fdaae2dabad1021f420d8713206ac1f845" }
version('0.28') { source sha256: '6b6eb31c6ec4421174578652c7e141fdaae2dabad1021f420d8713206ac1f845' }
source url: "https://pkgconfig.freedesktop.org/releases/pkg-config-#{version}.tar.gz"
@@ -36,31 +39,28 @@ build do
# pkg-config (at least up to 0.28) includes an older version of
# libcharset/lib/config.charset that doesn't know about openbsd
if openbsd?
patch source: "openbsd-charset.patch", plevel: 1, env: env
end
patch source: 'openbsd-charset.patch', plevel: 1, env: env if openbsd?
command "./configure" \
command './configure' \
" --prefix=#{install_dir}/embedded" \
" --disable-debug" \
" --disable-host-tool" \
" --with-internal-glib" \
' --disable-debug' \
' --disable-host-tool' \
' --with-internal-glib' \
" --with-pc-path=#{install_dir}/embedded/bin/pkgconfig", env: env
# #203: pkg-configs internal glib does not provide a way to pass ldflags.
# Only allows GLIB_CFLAGS and GLIB_LIBS.
# These do not serve our purpose, so we must explicitly
# ./configure in the glib dir, with the Omnibus ldflags.
command "./configure" \
command './configure' \
" --prefix=#{install_dir}/embedded" \
" --with-libiconv=gnu", env: env, cwd: "#{project_dir}/glib"
' --with-libiconv=gnu', env: env, cwd: "#{project_dir}/glib"
make "-j #{workers}", env: env
make "-j #{workers} install", env: env
# ensure charset.alias gets installed on openbsd else pkg-config will
# exit with byte conversion errors.
if openbsd?
copy "#{project_dir}/glib/glib/libcharset/charset.alias", "#{install_dir}/embedded/lib/charset.alias"
end
copy "#{project_dir}/glib/glib/libcharset/charset.alias", "#{install_dir}/embedded/lib/charset.alias" if openbsd?
end
# rubocop:enable Naming/FileName

56
omnibus/config/software/postgresql.rb
View File

@@ -15,37 +15,37 @@
# limitations under the License.
#
name "postgresql"
default_version "13.5"
name 'postgresql'
default_version '13.5'
license "PostgreSQL"
license_file "COPYRIGHT"
license 'PostgreSQL'
license_file 'COPYRIGHT'
skip_transitive_dependency_licensing true
dependency "autoconf"
dependency "automake"
dependency "m4"
dependency "pkg-config"
dependency "zlib"
dependency "openssl"
dependency "libedit"
dependency "libossp-uuid"
dependency "ncurses"
dependency "config_guess"
dependency 'autoconf'
dependency 'automake'
dependency 'm4'
dependency 'pkg-config'
dependency 'zlib'
dependency 'openssl'
dependency 'libedit'
dependency 'libossp-uuid'
dependency 'ncurses'
dependency 'config_guess'
# version_list: url=https://ftp.postgresql.org/pub/source/v#{version}/ filter=*.tar.bz2
version("13.5") { source sha256: "9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3" }
version("13.3") { source sha256: "3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1" }
version('13.5') { source sha256: '9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3' }
version('13.3') { source sha256: '3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1' }
# Version 12.x will EoL November 14, 2024
version("12.7") { source sha256: "8490741f47c88edc8b6624af009ce19fda4dc9b31c4469ce2551d84075d5d995" }
version('12.7') { source sha256: '8490741f47c88edc8b6624af009ce19fda4dc9b31c4469ce2551d84075d5d995' }
# Version 9.6 will EoL November 11, 2021
version("9.6.22") { source sha256: "3d32cd101025a0556813397c69feff3df3d63736adb8adeaf365c522f39f2930" }
version('9.6.22') { source sha256: '3d32cd101025a0556813397c69feff3df3d63736adb8adeaf365c522f39f2930' }
# Version 9.3 was EoL November 8, 2018 (but used in Supermarket as of 6.2021)
version("9.3.25") { source sha256: "e4953e80415d039ccd33d34be74526a090fd585cf93f296cd9c593972504b6db" }
version('9.3.25') { source sha256: 'e4953e80415d039ccd33d34be74526a090fd585cf93f296cd9c593972504b6db' }
source url: "https://ftp.postgresql.org/pub/source/v#{version}/postgresql-#{version}.tar.bz2"
@@ -54,25 +54,25 @@ relative_path "postgresql-#{version}"
build do
env = with_standard_compiler_flags(with_embedded_path)
update_config_guess(target: "config")
update_config_guess(target: 'config')
configure_command = [
"./configure",
'./configure',
"--prefix=#{install_dir}/embedded",
"--with-libedit-preferred",
"--with-openssl",
"--enable-thread-safety",
'--with-libedit-preferred',
'--with-openssl',
'--enable-thread-safety',
"--with-includes=#{install_dir}/embedded/include",
"--with-libraries=#{install_dir}/embedded/lib"
]
if linux?
configure_command << "--with-uuid=ossp"
configure_command << '--with-uuid=ossp'
elsif mac_os_x?
configure_command << "--with-uuid=e2fs"
configure_command << '--with-uuid=e2fs'
end
command configure_command.join(" "), env: env
command configure_command.join(' '), env: env
make "world -j #{workers}", env: env
make "install-world", env: env
make 'install-world', env: env
end

28
omnibus/config/software/python.rb
View File

@@ -16,25 +16,25 @@
# limitations under the License.
#
name "python"
description "Python"
default_version "3.9.7"
license_file "LICENSE"
name 'python'
description 'Python'
default_version '3.9.7'
license_file 'LICENSE'
skip_transitive_dependency_licensing true
source url: "https://www.python.org/ftp/python/#{version}/Python-#{version}.tgz"
version("3.9.6") { source sha256: "d0a35182e19e416fc8eae25a3dcd4d02d4997333e4ad1f2eee6010aadc3fe866" }
version("3.9.7") { source sha256: "a838d3f9360d157040142b715db34f0218e535333696a5569dc6f854604eb9d1" }
version("3.10.0") { source sha256: "c4e0cbad57c90690cb813fb4663ef670b4d0f587d8171e2c42bd4c9245bd2758" }
version('3.9.6') { source sha256: 'd0a35182e19e416fc8eae25a3dcd4d02d4997333e4ad1f2eee6010aadc3fe866' }
version('3.9.7') { source sha256: 'a838d3f9360d157040142b715db34f0218e535333696a5569dc6f854604eb9d1' }
version('3.10.0') { source sha256: 'c4e0cbad57c90690cb813fb4663ef670b4d0f587d8171e2c42bd4c9245bd2758' }
dependency "readline"
dependency "bzip2"
dependency "zlib"
dependency "openssl"
dependency "ncurses"
dependency "libffi"
dependency "config_guess"
dependency 'readline'
dependency 'bzip2'
dependency 'zlib'
dependency 'openssl'
dependency 'ncurses'
dependency 'libffi'
dependency 'config_guess'
relative_path "Python-#{version}"

14
omnibus/config/software/readline.rb
View File

@@ -14,26 +14,26 @@
# See the License for the specific language governing permissions and
# limitations under the License.
name "readline"
name 'readline'
default_version "8.1"
default_version '8.1'
version("8.1") { source sha256: "f8ceb4ee131e3232226a17f51b164afc46cd0b9e6cef344be87c65962cb82b02" }
version('8.1') { source sha256: 'f8ceb4ee131e3232226a17f51b164afc46cd0b9e6cef344be87c65962cb82b02' }
source url: "https://mirrors.kernel.org/gnu/readline/readline-#{version}.tar.gz"
dependency "config_guess"
dependency 'config_guess'
relative_path "readline-#{version}"
build do
env = with_standard_compiler_flags(with_embedded_path)
update_config_guess
configure_command = ["./configure",
"--disable-mpfr",
configure_command = ['./configure',
'--disable-mpfr',
"--prefix=#{install_dir}/embedded"]
command configure_command.join(" "), env: env
command configure_command.join(' '), env: env
make "-j #{workers}", env: env
make "-j #{workers} install", env: env
end

26
omnibus/config/software/ruby.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright 2012-2016 Chef Software, Inc.
#
@@ -32,7 +34,7 @@ default_version '2.7.5'
fips_enabled = (project.overrides[:fips] && project.overrides[:fips][:enabled]) || false
dependency 'patch' if (solaris? && platform_version.satisfies?("10"))
dependency 'patch' if solaris? && platform_version.satisfies?('10')
dependency 'ncurses' unless windows? || version.satisfies?('>= 2.1')
dependency 'zlib'
dependency 'openssl'
@@ -83,7 +85,7 @@ elsif aix?
env['SOLIBS'] = '-lm -lc'
# need to use GNU m4, default m4 doesn't work
env['M4'] = '/opt/freeware/bin/m4'
elsif solaris? && platform_version.satisfies?("10")
elsif solaris? && platform_version.satisfies?('10')
if sparc?
# Known issue with rubby where too much GCC optimization blows up miniruby on sparc
env['CFLAGS'] << ' -std=c99 -O0 -g -pipe -mcpu=v9'
@@ -95,13 +97,14 @@ elsif windows?
env['CPPFLAGS'] << ' -DFD_SETSIZE=2048'
else # including linux
env['CFLAGS'] << if version.satisfies?('>= 2.3.0') &&
rhel? && platform_version.satisfies?('< 6.0')
rhel? && platform_version.satisfies?('< 6.0')
' -O2 -g -pipe'
else
' -O3 -g -pipe'
end
end
# rubocop:disable Metrics/BlockLength
build do
env['CFLAGS'] << ' -fno-omit-frame-pointer'
@@ -109,11 +112,11 @@ build do
patch_env = env.dup
patch_env['PATH'] = "/opt/freeware/bin:#{env['PATH']}" if aix?
if solaris? && platform_version.satisfies?("10") && version.satisfies?('>= 2.1')
if solaris? && platform_version.satisfies?('10') && version.satisfies?('>= 2.1')
patch source: 'ruby-no-stack-protector.patch', plevel: 1, env: patch_env
elsif solaris? && platform_version.satisfies?("10") && version =~ /^1.9/
elsif solaris? && platform_version.satisfies?('10') && version =~ /^1.9/
patch source: 'ruby-sparc-1.9.3-c99.patch', plevel: 1, env: patch_env
elsif solaris? && platform_version.satisfies?("11") && version =~ /^2.1/
elsif solaris? && platform_version.satisfies?('11') && version =~ /^2.1/
patch source: 'ruby-solaris-linux-socket-compat.patch', plevel: 1, env: patch_env
end
@@ -147,8 +150,8 @@ build do
# in Ruby trunk and expected to be included in future point releases.
# https://redmine.ruby-lang.org/issues/11602
if rhel? &&
platform_version.satisfies?('< 6') &&
(version == '2.1.7' || version == '2.2.3')
platform_version.satisfies?('< 6') &&
(version == '2.1.7' || version == '2.2.3')
patch source: 'ruby-fix-reserve-stack-segfault.patch', plevel: 1, env: patch_env
end
@@ -181,7 +184,8 @@ build do
patch source: 'ruby-aix-vm-core.patch', plevel: 1, env: patch_env
# per IBM, just help ruby along on what it's running on
configure_command << '--host=powerpc-ibm-aix6.1.0.0 --target=powerpc-ibm-aix6.1.0.0 --build=powerpc-ibm-aix6.1.0.0 --enable-pthread'
configure_command << '--host=powerpc-ibm-aix6.1.0.0 --target=powerpc-ibm-aix6.1.0.0 --build=powerpc-ibm-aix6'\
'.1.0.0 --enable-pthread'
elsif freebsd?
# Disable optional support C level backtrace support. This requires the
@@ -207,7 +211,8 @@ build do
configure_command << ' debugflags=-g'
else
# TODO: Consider pulling in Gitlab's OhaiHelper if raspberry_pi is needed
# configure_command << %w(host target build).map { |w| "--#{w}=#{OhaiHelper.gcc_target}" } if OhaiHelper.raspberry_pi?
# configure_command << %w(host target build).map { |w| "--#{w}=#{OhaiHelper.gcc_target}" } if \
# OhaiHelper.raspberry_pi?
configure_command << "--with-opt-dir=#{install_dir}/embedded"
end
@@ -238,3 +243,4 @@ build do
end
end
end
# rubocop:enable Metrics/BlockLength

6
omnibus/config/software/rubygems.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright 2012-2016 Chef Software, Inc.
#
@@ -69,7 +71,7 @@ if version && !source
end
# git repo is always expanded to "rubygems"
relative_path 'rubygems' if source && source.include?(:git)
relative_path 'rubygems' if source&.include?(:git)
build do
env = with_standard_compiler_flags(with_embedded_path)
@@ -81,6 +83,6 @@ build do
# Installing direct from rubygems:
# If there is no version, this will get latest.
gem "update --system #{version}", env: env
patch source: "license/add-license-file.patch"
patch source: 'license/add-license-file.patch'
end
end

8
omnibus/config/software/runit.rb
View File

@@ -40,7 +40,11 @@ build do
env = with_standard_compiler_flags(with_embedded_path)
# Put runit where we want it, not where they tell us to
command 'sed -i -e "s/^char\ \*varservice\ \=\"\/service\/\";$/char\ \*varservice\ \=\"' + install_dir.gsub('/', '\\/') + '\/service\/\";/" sv.c', env: env
# rubocop:disable Style/StringConcatenation
cmd = 'sed -i -e "s/^char\ \*varservice\ \=\"\/service\/\";$/char\ \*varservice\ \=\"' + \
install_dir.gsub('/', '\\/') + '\/service\/\";/" sv.c'
# rubocop:enable Style/StringConcatenation
command cmd, env: env
# TODO: the following is not idempotent
command 'sed -i -e s:-static:: Makefile', env: env
@@ -63,7 +67,7 @@ build do
erb source: 'runsvdir-start.erb',
dest: "#{install_dir}/embedded/bin/runsvdir-start",
mode: 0755,
mode: 0o755,
vars: { install_dir: install_dir }
# Setup service directories

26
omnibus/config/software/wireguard-tools.rb
View File

@@ -1,3 +1,4 @@
# rubocop:disable Naming/FileName
# frozen_string_literal: true
# Copyright 2021 Firezone
@@ -15,29 +16,30 @@
# limitations under the License.
#
name "wireguard-tools"
description "wireguard userspace utilities"
default_version "1.0.20210424"
name 'wireguard-tools'
description 'wireguard userspace utilities'
default_version '1.0.20210424'
default_src_url = "https://github.com/WireGuard/wireguard-tools/archive/refs/tags/v#{version}.tar.gz"
version "1.0.20210424" do
source url: default_src_url, sha256: "6b32b5deba067b9a920f008a006f001fa1ec903dc69fcaa5674b5a043146c1f7"
version '1.0.20210424' do
source url: default_src_url, sha256: '6b32b5deba067b9a920f008a006f001fa1ec903dc69fcaa5674b5a043146c1f7'
end
relative_path "wireguard-tools-#{version}/src"
license "GPL-2.0"
license 'GPL-2.0'
build do
env = with_standard_compiler_flags(with_embedded_path).merge(
"PREFIX" => "#{install_dir}/embedded",
"WITH_BASHCOMPLETION" => "no",
"WITH_SYSTEMDUNITS" => "no",
"WITH_WGQUICK" => "no",
"SYSCONFDIR" => "/etc/firezone",
"RUNSTATEDIR" => "/var/opt/firezone/run"
'PREFIX' => "#{install_dir}/embedded",
'WITH_BASHCOMPLETION' => 'no',
'WITH_SYSTEMDUNITS' => 'no',
'WITH_WGQUICK' => 'no',
'SYSCONFDIR' => '/etc/firezone',
'RUNSTATEDIR' => '/var/opt/firezone/run'
)
make "-j #{workers}", env: env
make "-j #{workers} install", env: env
end
# rubocop:enable Naming/FileName

42
omnibus/config/software/zlib.rb
View File

@@ -1,5 +1,7 @@
# frozen_string_literal: true
#
#Copyright 2012-2018 Chef Software, Inc.
# Copyright 2012-2018 Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,19 +16,19 @@
# limitations under the License.
#
name "zlib"
default_version "1.2.11"
name 'zlib'
default_version '1.2.11'
# version_list: url=https://zlib.net/fossils/ filter=*.tar.gz
version("1.2.11") { source sha256: "c3e5e9fdd5004dcb542feda5ee4f0ff0744628baf8ed2dd5d66f8ca1197cb1a1" }
version("1.2.8") { source sha256: "36658cb768a54c1d4dec43c3116c27ed893e88b02ecfcb44f2166f9c0b7f2a0d" }
version("1.2.6") { source sha256: "21235e08552e6feba09ea5e8d750805b3391c62fb81c71a235c0044dc7a8a61b" }
version('1.2.11') { source sha256: 'c3e5e9fdd5004dcb542feda5ee4f0ff0744628baf8ed2dd5d66f8ca1197cb1a1' }
version('1.2.8') { source sha256: '36658cb768a54c1d4dec43c3116c27ed893e88b02ecfcb44f2166f9c0b7f2a0d' }
version('1.2.6') { source sha256: '21235e08552e6feba09ea5e8d750805b3391c62fb81c71a235c0044dc7a8a61b' }
source url: "https://zlib.net/fossils/zlib-#{version}.tar.gz"
license "Zlib"
license_file "README"
license 'Zlib'
license_file 'README'
skip_transitive_dependency_licensing true
relative_path "zlib-#{version}"
@@ -35,22 +37,22 @@ build do
if windows?
env = with_standard_compiler_flags(with_embedded_path)
patch source: "zlib-windows-relocate.patch", env: env
patch source: 'zlib-windows-relocate.patch', env: env
# We can't use the top-level Makefile. Instead, the developers have made
# an organic, artisanal, hand-crafted Makefile.gcc for us which takes a few
# variables.
env["BINARY_PATH"] = "/bin"
env["LIBRARY_PATH"] = "/lib"
env["INCLUDE_PATH"] = "/include"
env["DESTDIR"] = "#{install_dir}/embedded"
env['BINARY_PATH'] = '/bin'
env['LIBRARY_PATH'] = '/lib'
env['INCLUDE_PATH'] = '/include'
env['DESTDIR'] = "#{install_dir}/embedded"
make_args = [
"-fwin32/Makefile.gcc",
"SHARED_MODE=1",
"CFLAGS=\"#{env["CFLAGS"]} -Wall\"",
"ASFLAGS=\"#{env["CFLAGS"]} -Wall\"",
"LDFLAGS=\"#{env["LDFLAGS"]}\"",
'-fwin32/Makefile.gcc',
'SHARED_MODE=1',
"CFLAGS=\"#{env['CFLAGS']} -Wall\"",
"ASFLAGS=\"#{env['CFLAGS']} -Wall\"",
"LDFLAGS=\"#{env['LDFLAGS']}\""
# The win32 makefile for zlib does not handle parallel make correctly.
# In particular, see its rule for IMPLIB and SHAREDLIB. The ld step in
# SHAREDLIB will generate both the dll and the dll.a files. The step to
@@ -62,7 +64,7 @@ build do
]
make(*make_args, env: env)
make("install", *make_args, env: env)
make('install', *make_args, env: env)
else
# We omit the omnibus path here because it breaks mac_os_x builds by picking
# up the embedded libtool instead of the system libtool which the zlib
@@ -72,7 +74,7 @@ build do
if freebsd?
# FreeBSD 10+ gets cranky if zlib is not compiled in a
# position-independent way.
env["CFLAGS"] << " -fPIC"
env['CFLAGS'] << ' -fPIC'
end
configure env: env

2
omnibus/cookbooks/firezone/Berksfile
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
source 'https://supermarket.chef.io'
metadata

10
omnibus/cookbooks/firezone/Gemfile
View File

@@ -1,5 +1,7 @@
source "https://rubygems.org"
# frozen_string_literal: true
gem "chef", "~> 16.17.18"
gem "chef-bin", "~> 16.17.18"
gem "berkshelf"
source 'https://rubygems.org'
gem 'berkshelf'
gem 'chef', '~> 16.17.18'
gem 'chef-bin', '~> 16.17.18'

4
omnibus/cookbooks/firezone/Policyfile.rb
View File

@@ -1,3 +1,6 @@
# rubocop:disable Naming/FileName
# frozen_string_literal: true
# Policyfile.rb - Describe how you want Chef Infra Client to build your system.
#
# For more information on the Policyfile feature, visit
@@ -14,3 +17,4 @@ run_list 'firezone::default'
# Specify a custom source for a single cookbook:
cookbook 'firezone', path: '.'
# rubocop:enable Naming/FileName

30
omnibus/cookbooks/firezone/attributes/default.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
# # Firezone configuration
require 'etc'
@@ -36,7 +38,7 @@ default['firezone']['var_directory'] = '/var/opt/firezone'
default['firezone']['user'] = 'firezone'
default['firezone']['group'] = 'firezone'
# Email for the primary admin user.
default['firezone']['admin_email'] = "firezone@localhost"
default['firezone']['admin_email'] = 'firezone@localhost'
# The outgoing interface name.
# This is where tunneled traffic will exit the WireGuard tunnel.
@@ -72,7 +74,7 @@ default['firezone']['nginx']['non_ssl_port'] = 80
default['firezone']['nginx']['ssl_port'] = 443
default['firezone']['nginx']['directory'] = "#{node['firezone']['var_directory']}/nginx/etc"
default['firezone']['nginx']['log_directory'] = "#{node['firezone']['log_directory']}/nginx"
default['firezone']['nginx']['log_rotation']['file_maxbytes'] = 104857600
default['firezone']['nginx']['log_rotation']['file_maxbytes'] = 104_857_600
default['firezone']['nginx']['log_rotation']['num_to_keep'] = 10
default['firezone']['nginx']['log_x_forwarded_for'] = false
@@ -102,7 +104,7 @@ default['firezone']['nginx']['gzip_comp_level'] = '2'
default['firezone']['nginx']['gzip_proxied'] = 'any'
default['firezone']['nginx']['gzip_vary'] = 'off'
default['firezone']['nginx']['gzip_buffers'] = nil
default['firezone']['nginx']['gzip_types'] = %w(
default['firezone']['nginx']['gzip_types'] = %w[
text/plain
text/css
application/x-javascript
@@ -113,7 +115,7 @@ default['firezone']['nginx']['gzip_types'] = %w(
text/javascript
application/javascript
application/json
)
]
default['firezone']['nginx']['gzip_min_length'] = 1000
default['firezone']['nginx']['gzip_disable'] = 'MSIE [1-6]\.'
default['firezone']['nginx']['keepalive'] = 'on'
@@ -160,7 +162,7 @@ default['firezone']['postgresql']['data_directory'] = "#{node['firezone']['var_d
# ### Logs
default['firezone']['postgresql']['log_directory'] = "#{node['firezone']['log_directory']}/postgresql"
default['firezone']['postgresql']['log_rotation']['file_maxbytes'] = 104857600
default['firezone']['postgresql']['log_rotation']['file_maxbytes'] = 104_857_600
default['firezone']['postgresql']['log_rotation']['num_to_keep'] = 10
# ### Postgres Settings
@@ -172,10 +174,10 @@ default['firezone']['postgresql']['effective_cache_size'] = '128MB'
default['firezone']['postgresql']['listen_address'] = '127.0.0.1'
default['firezone']['postgresql']['max_connections'] = 350
default['firezone']['postgresql']['md5_auth_cidr_addresses'] = ['127.0.0.1/32', '::1/128']
default['firezone']['postgresql']['port'] = 15432
default['firezone']['postgresql']['port'] = 15_432
default['firezone']['postgresql']['shared_buffers'] = "#{(node['memory']['total'].to_i / 4) / 1024}MB"
default['firezone']['postgresql']['shmmax'] = 17179869184
default['firezone']['postgresql']['shmall'] = 4194304
default['firezone']['postgresql']['shmmax'] = 17_179_869_184
default['firezone']['postgresql']['shmall'] = 4_194_304
default['firezone']['postgresql']['work_mem'] = '8MB'
# ## Common Database Settings
@@ -199,9 +201,9 @@ default['firezone']['database']['extensions'] = { 'plpgsql' => true, 'pg_trgm' =
# ### The Phoenix web app for Firezone
default['firezone']['phoenix']['enabled'] = true
default['firezone']['phoenix']['port'] = 13000
default['firezone']['phoenix']['port'] = 13_000
default['firezone']['phoenix']['log_directory'] = "#{node['firezone']['log_directory']}/phoenix"
default['firezone']['phoenix']['log_rotation']['file_maxbytes'] = 104857600
default['firezone']['phoenix']['log_rotation']['file_maxbytes'] = 104_857_600
default['firezone']['phoenix']['log_rotation']['num_to_keep'] = 10
# ## WireGuard
@@ -211,14 +213,14 @@ default['firezone']['phoenix']['log_rotation']['num_to_keep'] = 10
# want to manually create your WireGuard interface and manage its interface properties.
default['firezone']['wireguard']['enabled'] = true
default['firezone']['wireguard']['log_directory'] = "#{node['firezone']['log_directory']}/wireguard"
default['firezone']['wireguard']['log_rotation']['file_maxbytes'] = 104857600
default['firezone']['wireguard']['log_rotation']['file_maxbytes'] = 104_857_600
default['firezone']['wireguard']['log_rotation']['num_to_keep'] = 10
# The WireGuard interface name Firezone will apply configuration settings to.
default['firezone']['wireguard']['interface_name'] = 'wg-firezone'
# WireGuard listen port
default['firezone']['wireguard']['port'] = 51820
default['firezone']['wireguard']['port'] = 51_820
# WireGuard interface MTU
default['firezone']['wireguard']['mtu'] = 1420
@@ -303,13 +305,13 @@ default['firezone']['ssl']['email_address'] = 'you@example.com'
#
# If your infrastructure still has requirements for the vulnerable/venerable SSLV3, you can add
# "SSLv3" to the below line.
default['firezone']['ssl']['ciphers'] = 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'
default['firezone']['ssl']['ciphers'] =
'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'
default['firezone']['ssl']['fips_ciphers'] = 'FIPS@STRENGTH:!aNULL:!eNULL'
default['firezone']['ssl']['protocols'] = 'TLSv1 TLSv1.1 TLSv1.2'
default['firezone']['ssl']['session_cache'] = 'shared:SSL:4m'
default['firezone']['ssl']['session_timeout'] = '5m'
# ### robots.txt Settings
#
# These control the "Allow" and "Disallow" paths in /robots.txt. See

41
omnibus/cookbooks/firezone/files/default/ctl-commands/create_admin.rb
View File

@@ -6,28 +6,31 @@ require 'net/http'
require 'json'
desc = <<~DESC
Resets the password for admin with email specified by default['firezone']['admin_email'] or creates a new admin if that email doesn't exist.
Resets the password for admin with email specified by default['firezone']['admin_email'] or creates a new admin if that email doesn't exist.
DESC
# rubocop:disable Metrics/MethodLength
def capture
telemetry_file = "/opt/firezone/sv/phoenix/env/TELEMETRY_ID"
if File.exist?(telemetry_file)
telemetry_id = File.read(telemetry_file)
if telemetry_id
uri = URI("https://telemetry.firez.one/capture/")
data = {
api_key: "phc_ubuPhiqqjMdedpmbWpG2Ak3axqv5eMVhFDNBaXl9UZK",
event: "firezone-ctl create-or-reset-admin",
properties: {
distinct_id: telemetry_id
}
}
unless File.exist?("#{base_path}/.disable-telemetry") || ENV["TELEMETRY_ENABLED"] == "false"
Net::HTTP.post(uri, data.to_json, "Content-Type" => "application/json")
end
end
end
telemetry_file = '/var/opt/firezone/cache/telemetry_id'
return unless File.exist?(telemetry_file)
telemetry_id = File.read(telemetry_file)
return unless telemetry_id
uri = URI('https://telemetry.firez.one/capture/')
data = {
api_key: 'phc_ubuPhiqqjMdedpmbWpG2Ak3axqv5eMVhFDNBaXl9UZK',
event: 'firezone-ctl create-or-reset-admin',
properties: {
distinct_id: telemetry_id
}
}
return if File.exist?('/var/opt/firezone/.disable_telemetry') || ENV['TELEMETRY_ENABLED'] == 'false'
Net::HTTP.post(uri, data.to_json, 'Content-Type' => 'application/json')
end
# rubocop:enable Metrics/MethodLength
add_command_under_category 'create-or-reset-admin', 'general', desc, 2 do
command = %W(
@@ -40,7 +43,7 @@ add_command_under_category 'create-or-reset-admin', 'general', desc, 2 do
capture
result = run_command(command.join(" "))
result = run_command(command.join(' '))
remove_old_node_state
Kernel.exit 1 unless result.success?
end

37
omnibus/cookbooks/firezone/files/default/ctl-commands/reconfigure.rb
View File

@@ -5,25 +5,28 @@ require 'uri'
require 'net/http'
require 'json'
# rubocop:disable Metrics/MethodLength
def capture
telemetry_file = "/opt/firezone/sv/phoenix/env/TELEMETRY_ID"
if File.exist?(telemetry_file)
telemetry_id = File.read(telemetry_file)
if telemetry_id
uri = URI("https://telemetry.firez.one/capture/")
data = {
api_key: "phc_ubuPhiqqjMdedpmbWpG2Ak3axqv5eMVhFDNBaXl9UZK",
event: "firezone-ctl create-or-reset-admin",
properties: {
distinct_id: telemetry_id
}
}
unless File.exist?("#{base_path}/.disable-telemetry") || ENV["TELEMETRY_ENABLED"] == "false"
Net::HTTP.post(uri, data.to_json, "Content-Type" => "application/json")
end
end
end
telemetry_file = '/var/opt/firezone/cache/telemetry_id'
return unless File.exist?(telemetry_file)
telemetry_id = File.read(telemetry_file)
return unless telemetry_id
uri = URI('https://telemetry.firez.one/capture/')
data = {
api_key: 'phc_ubuPhiqqjMdedpmbWpG2Ak3axqv5eMVhFDNBaXl9UZK',
event: 'firezone-ctl create-or-reset-admin',
properties: {
distinct_id: telemetry_id
}
}
return if File.exist?('/var/opt/firezone/.disable_telemetry') || ENV['TELEMETRY_ENABLED'] == 'false'
Net::HTTP.post(uri, data.to_json, 'Content-Type' => 'application/json')
end
# rubocop:enable Metrics/MethodLength
add_command_under_category 'reconfigure', 'general', 'Reconfigure the application.', 2 do
status = run_chef("#{base_path}/embedded/cookbooks/dna.json", '--chef-license=accept')

8
omnibus/cookbooks/firezone/files/default/ctl-commands/reset_network.rb
View File

@@ -1,9 +1,9 @@
# frozen_string_literal: true
require "mixlib/shellout"
require 'mixlib/shellout'
add_command_under_category "reset-network", "general", "Resets nftables, WireGuard interface, "\
"and routing table back to Firezone defaults.", 2 do
add_command_under_category 'reset-network', 'general', 'Resets nftables, WireGuard interface, '\
'and routing table back to Firezone defaults.', 2 do
command = %W(
chef-client
-z
@@ -12,7 +12,7 @@ add_command_under_category "reset-network", "general", "Resets nftables, WireGua
-o recipe[firezone::teardown],recipe[firezone::network]
)
result = run_command(command.join(" "))
result = run_command(command.join(' '))
remove_old_node_state
Kernel.exit 1 unless result.success?
end

5
omnibus/cookbooks/firezone/files/default/ctl-commands/teardown.rb
View File

@@ -2,7 +2,8 @@
require 'mixlib/shellout'
add_command_under_category 'teardown-network', 'general', 'Removes WireGuard interface and firezone nftables table.', 2 do
add_command_under_category 'teardown-network', 'general', 'Removes WireGuard interface and firezone nftables table.',
2 do
command = %W(
chef-client
-z
@@ -11,7 +12,7 @@ add_command_under_category 'teardown-network', 'general', 'Removes WireGuard int
-o recipe[firezone::teardown]
)
result = run_command(command.join(" "))
result = run_command(command.join(' '))
remove_old_node_state
Kernel.exit 1 unless result.success?
end

16
omnibus/cookbooks/firezone/files/default/ctl-commands/version.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Copyright:: Copyright (c) 2019 Chef Software, Inc.
# Copyright:: Copyright (c) 2021 Firezone, Inc.
@@ -16,12 +18,10 @@
require 'json'
add_command_under_category 'version', 'general', 'Display current version of Firezone', 2 do
begin
version = JSON.parse(File.read('/opt/firezone/version-manifest.json'))['build_version']
puts version
rescue Errno::ENOENT => e
puts 'Error determining version!'
puts e.message.to_s
exit(1)
end
version = JSON.parse(File.read('/opt/firezone/version-manifest.json'))['build_version']
puts version
rescue Errno::ENOENT => e
puts 'Error determining version!'
puts e.message.to_s
exit(1)
end

147
omnibus/cookbooks/firezone/libraries/config.rb
View File

@@ -1,13 +1,18 @@
# frozen_string_literal: true
require 'json'
require 'fileutils'
require 'securerandom'
# Manages configuration
class Firezone
# rubocop:disable Metrics/ModuleLength
# Config module
module Config
class IncompleteConfig < StandardError; end
class IncompatibleConfig < StandardError; end
# rubocop:disable Metrics/MethodLength
def self.load_or_create!(filename, node)
create_directory!(filename)
if File.exist?(filename)
@@ -26,6 +31,7 @@ class Firezone
rescue Errno::ENOENT => e
Chef::Log.warn "Could not create #{filename}: #{e}"
end
# rubocop:enable Metrics/MethodLength
def self.locale_variables
<<~LOCALE
@@ -52,74 +58,23 @@ class Firezone
create_directory!(filename)
if File.exist?(filename)
node.consume_attributes(
'firezone' => Chef::JSONCompat.from_json(open(filename).read)
'firezone' => Chef::JSONCompat.from_json(File.read(filename))
)
end
rescue => e
rescue StandardError => e
Chef::Log.warn "Could not read attributes from #{filename}: #{e}"
end
# Read in the filename (as JSON) and add its attributes to the node object.
# If it doesn't exist, create it with generated secrets.
# rubocop:disable Metrics/MethodLength
def self.load_or_create_secrets!(filename, node)
create_directory!(filename)
secrets = Chef::JSONCompat.from_json(File.open(filename).read)
secrets = Chef::JSONCompat.from_json(File.read(filename))
node.consume_attributes('firezone' => secrets)
rescue Errno::ENOENT
begin
secret_key_base = if node['firezone'] && node['firezone']['secret_key_base']
Chef::Log.warn 'Using secret_key_base from firezone.json. This value should really be managed in secrets.json. Writing to secrets.json.'
node['firezone']['secret_key_base']
else
Chef::Log.warn 'No secret_key_base set! Generating and writing one to secrets.json. If this Firezone installation has multiple hosts, you must duplicate the secrets.json file exactly across all hosts.'
SecureRandom.base64(48)
end
live_view_signing_salt = if node['firezone'] && node['firezone']['live_view_signing_salt']
Chef::Log.warn 'Using live_view_signing_salt from firezone.json. This value should really be managed in secrets.json. Writing to secrets.json.'
node['firezone']['live_view_signing_salt']
else
Chef::Log.warn 'No live_view_signing_salt set! Generating and writing one to secrets.json. If this Firezone installation has multiple hosts, you must duplicate the secrets.json file exactly across all hosts.'
SecureRandom.base64(24)
end
cookie_signing_salt = if node['firezone'] && node['firezone']['cookie_signing_salt']
Chef::Log.warn 'Using cookie_signing_salt from firezone.json. This value should really be managed in secrets.json. Writing to secrets.json.'
node['firezone']['cookie_signing_salt']
else
Chef::Log.warn 'No cookie_signing_salt set! Generating and writing one to secrets.json. If this Firezone installation has multiple hosts, you must duplicate the secrets.json file exactly across all hosts.'
SecureRandom.base64(6)
end
wireguard_private_key = if node['firezone'] && node['firezone']['wireguard_private_key']
Chef::Log.warn 'Using wireguard_private_key from firezone.json. This value should really be managed in secrets.json. Writing to secrets.json.'
node['firezone']['wireguard_private_key']
else
Chef::Log.warn 'No wireguard_private_key set! Generating and writing one to secrets.json. If this Firezone installation has multiple hosts, you must duplicate the secrets.json file exactly across all hosts.'
`#{node['firezone']['install_directory']}/embedded/bin/wg genkey`.chomp
end
database_encryption_key = if node['firezone'] && node['firezone']['database_encryption_key']
Chef::Log.warn 'Using database_encryption_key from firezone.json. This value should really be managed in secrets.json. Writing to secrets.json.'
node['firezone']['database_encryption_key']
else
Chef::Log.warn 'No database_encryption_key set! Generating and writing one to secrets.json. If this Firezone installation has multiple hosts, you must duplicate the secrets.json file exactly across all hosts.'
SecureRandom.base64(32)
end
default_admin_password = if node['firezone'] && node['firezone']['default_admin_password']
Chef::Log.warn 'Using default_admin_password from firezone.json. This value should really be managed in secrets.json. Writing to secrets.json.'
node['firezone']['default_admin_password']
else
Chef::Log.warn 'No default_admin_password set! Generating and writing one to secrets.json. If this Firezone installation has multiple hosts, you must duplicate the secrets.json file exactly across all hosts.'
SecureRandom.base64(8)
end
secrets = {
'secret_key_base' => secret_key_base,
'live_view_signing_salt' => live_view_signing_salt,
'cookie_signing_salt' => cookie_signing_salt,
'wireguard_private_key' => wireguard_private_key,
'database_encryption_key' => database_encryption_key,
'default_admin_password' => default_admin_password
}
open(filename, 'w') do |file|
File.open(filename, 'w') do |file|
file.puts Chef::JSONCompat.to_json_pretty(secrets)
end
Chef::Log.info("Creating secrets file #{filename}")
@@ -129,44 +84,35 @@ class Firezone
node.consume_attributes('firezone' => secrets)
end
# rubocop:enable Metrics/MethodLength
def self.secrets(node)
{
'secret_key_base' => node.dig('firezone', 'secret_key_base') || SecureRandom.base64(48),
'live_view_signing_salt' => node.dig('firezone', 'live_view_signing_salt') || SecureRandom.base64(24),
'cookie_signing_salt' => node.dig('firezone', 'cookie_signing_salt') || SecureRandom.base64(6),
'wireguard_private_key' => node.dig('firezone', 'wireguard_private_key') || \
`#{node['firezone']['install_directory']}/embedded/bin/wg genkey`.chomp,
'database_encryption_key' => node.dig('firezone', 'database_encryption_key') || SecureRandom.base64(32),
'default_admin_password' => node.dig('firezone', 'default_admin_password') || SecureRandom.base64(8)
}
end
def self.audit_config(config)
audit_s3_config(config)
audit_fips_config(config)
end
def self.audit_s3_config(config)
required_s3_vars = %w(s3_bucket s3_region).freeze
any_required_s3_vars = required_s3_vars.any? { |key| !config[key].nil? }
all_required_s3_vars = required_s3_vars.all? { |key| !(config[key].nil? || config[key].empty?) }
if any_required_s3_vars && !all_required_s3_vars
raise IncompleteConfig, "Got some, but not all, of the required S3 configs. Must provide #{required_s3_vars} to configure cookbook storage in an S3 bucket."
end
static_s3_creds = %w(s3_access_key_id s3_secret_access_key).freeze
any_static_s3_creds = static_s3_creds.any? { |key| !config[key].nil? }
all_static_s3_creds = static_s3_creds.all? { |key| !(config[key].nil? || config[key].empty?) }
if any_static_s3_creds && !all_static_s3_creds
raise IncompleteConfig, "Got some, but not all, of AWS user credentials. To access an S3 bucket with IAM user credentials, provide #{static_s3_creds}. To use an IAM role, do not set these."
end
if config['s3_bucket'] =~ /\./ &&
(config['s3_domain_style'] != ':s3_path_url' || config['s3_region'] != 'us-east-1')
raise IncompatibleConfig, "Incompatible S3 bucket settings. If the bucket name contains periods, the bucket must be in us-east-1 and the domain style must be :s3_path_url.\nAmazon recommends against periods in bucket names. See: https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html"
end
end
def self.audit_fips_config(config)
unless built_with_fips?(config['install_directory'])
if fips_enabled_in_kernel?
raise IncompatibleConfig, 'Detected FIPS is enabled in the kernel, but FIPS is not supported by this installer.'
end
if config['fips_enabled']
raise IncompatibleConfig, 'You have enabled FIPS in your configuration, but FIPS is not supported by this installer.'
end
return if built_with_fips?(config['install_directory'])
if fips_enabled_in_kernel?
raise IncompatibleConfig,
'Detected FIPS is enabled in the kernel, but FIPS is not supported by this installer.'
end
return unless config['fips_enabled']
raise IncompatibleConfig,
'You have enabled FIPS in your configuration, but FIPS is not supported by this installer.'
end
def self.built_with_fips?(install_directory)
@@ -178,6 +124,8 @@ class Firezone
(File.exist?(fips_path) && File.read(fips_path).chomp != '0')
end
# rubocop:disable Metrics/MethodLength
# rubocop:disable Metrics/AbcSize
def self.maybe_turn_on_fips(node)
# the compexity of this method is currently needed to figure out what words to display
# to the poor human who has to deal with FIPS
@@ -192,16 +140,21 @@ class Firezone
node.normal['firezone']['fips_enabled'] = Firezone::Config.fips_enabled_in_kernel?
if node['firezone']['fips_enabled']
Chef::Log.warn('Detected FIPS-enabled kernel; enabling FIPS 140-2 for Firezone services.')
Chef::Log.warn('fips_enabled was set to false; ignoring this and setting to true or else Firezone services will fail with crypto errors.')
Chef::Log.warn('fips_enabled was set to false; ignoring this and setting to true or else Firezone services'\
' will fail with crypto errors.')
end
when true
Chef::Log.warn('Overriding FIPS detection: FIPS 140-2 mode is ON.')
else
node.normal['firezone']['fips_enabled'] = true
Chef::Log.warn('fips_enabled is set to something other than boolean true/false; assuming FIPS mode should be enabled.')
Chef::Log.warn(
'fips_enabled is set to something other than boolean true/false; assuming FIPS mode should be enabled.'
)
Chef::Log.warn('Overriding FIPS detection: FIPS 140-2 mode is ON.')
end
end
# rubocop:enable Metrics/MethodLength
# rubocop:enable Metrics/AbcSize
# Take some node attributes and return them on each line as:
#
@@ -219,6 +172,8 @@ class Firezone
end
end
# rubocop:disable Metrics/MethodLength
# rubocop:disable Metrics/AbcSize
def self.app_env(attributes, reject = [])
attributes = attributes.reject { |k| reject.include?(k) }
@@ -254,7 +209,8 @@ class Firezone
'WIREGUARD_IPV6_NETWORK' => attributes['wireguard']['ipv6']['network'],
'WIREGUARD_IPV6_ADDRESS' => attributes['wireguard']['ipv6']['address'],
# Allow env var to override config
'TELEMETRY_ENABLED' => ENV.fetch('TELEMETRY_ENABLED', attributes['telemetry']['enabled'] == false ? "false" : "true"),
'TELEMETRY_ENABLED' => ENV.fetch('TELEMETRY_ENABLED',
attributes['telemetry']['enabled'] == false ? 'false' : 'true'),
'TELEMETRY_ID' => attributes['telemetry_id'],
'CONNECTIVITY_CHECKS_ENABLED' => attributes['connectivity_checks']['enabled'].to_s,
'CONNECTIVITY_CHECKS_INTERVAL' => attributes['connectivity_checks']['interval'].to_s,
@@ -266,23 +222,24 @@ class Firezone
'DATABASE_ENCRYPTION_KEY' => attributes['database_encryption_key']
}
if attributes.dig('database', 'password')
env.merge!('DATABASE_PASSWORD' => attributes['database']['password'])
end
env.merge!('DATABASE_PASSWORD' => attributes['database']['password']) if attributes.dig('database', 'password')
if attributes.dig('default_admin_password')
if attributes['default_admin_password']
env.merge!('DEFAULT_ADMIN_PASSWORD' => attributes['default_admin_password'])
end
env
end
# rubocop:enable Metrics/MethodLength
# rubocop:enable Metrics/AbcSize
def self.create_directory!(filename)
dir = File.dirname(filename)
FileUtils.mkdir(dir, mode: 0700) unless Dir.exist?(dir)
FileUtils.mkdir(dir, mode: 0o700) unless Dir.exist?(dir)
rescue Errno::EACCES => e
Chef::Log.warn "Could not create #{dir}: #{e}"
end
private_class_method :create_directory!
end
# rubocop:enable Metrics/ModuleLength
end

2
omnibus/cookbooks/firezone/metadata.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
name 'firezone'
maintainer 'Firezone'
maintainer_email 'infra@firez.one'

14
omnibus/cookbooks/firezone/recipes/config.rb
View File

@@ -1,6 +1,6 @@
# frozen_string_literal: true
require "securerandom"
require 'securerandom'
# Cookbook:: firezone
# Recipe:: config
@@ -39,8 +39,14 @@ Firezone::Config.load_or_create_secrets!(
node
)
node.default['firezone']['wireguard_public_key'] =
`echo '#{node['firezone']['wireguard_private_key']}' | #{node['firezone']['install_directory']}/embedded/bin/wg pubkey`.chomp
# Generate new telemetry_id if doesn't exist
unless /[a-f0-9]{8}-([a-f0-9]{4}-){3}[a-f0-9]{12}/.match?(node['firezone']['telemetry_id'].to_s)
node.default['firezone']['telemetry_id'] = SecureRandom.uuid
end
pkey = node['firezone']['wireguard_private_key']
wg = "#{node['firezone']['install_directory']}/embedded/bin/wg"
node.default['firezone']['wireguard_public_key'] = `echo '#{pkey}' | #{wg} pubkey`.chomp
Firezone::Config.audit_config(node['firezone'])
Firezone::Config.maybe_turn_on_fips(node)
@@ -87,7 +93,7 @@ directory "#{node['firezone']['var_directory']}/etc" do
mode '0700'
end
file "configuration-variables" do
file 'configuration-variables' do
path "#{node['firezone']['config_directory']}/firezone.rb"
owner node['firezone']['user']
group node['firezone']['group']

10
omnibus/cookbooks/firezone/recipes/database.rb
View File

@@ -19,16 +19,16 @@
# limitations under the License.
#
include_recipe "firezone::config"
include_recipe 'firezone::config'
# The enterprise_pg resources use the CLI to create databases and users. Set
# these environment variables so the commands have the correct connection
# settings.
ENV["PGHOST"] = node["firezone"]["database"]["host"]
ENV["PGPORT"] = node["firezone"]["database"]["port"].to_s
ENV["PGUSER"] = node["firezone"]["database"]["user"]
ENV["PGPASSWORD"] = node["firezone"]["database"]["password"]
ENV['PGHOST'] = node['firezone']['database']['host']
ENV['PGPORT'] = node['firezone']['database']['port'].to_s
ENV['PGUSER'] = node['firezone']['database']['user']
ENV['PGPASSWORD'] = node['firezone']['database']['password']
enterprise_pg_user node['firezone']['database']['user'] do
superuser true

22
omnibus/cookbooks/firezone/recipes/default.rb
View File

@@ -5,16 +5,16 @@
#
# Copyright:: 2021, Firezone, All Rights Reserved.
include_recipe "firezone::telemetry"
include_recipe "firezone::config"
include_recipe "firezone::setcap"
include_recipe "firezone::log_management"
include_recipe "firezone::ssl"
include_recipe "firezone::network"
include_recipe "firezone::postgresql"
include_recipe "firezone::nginx"
include_recipe "firezone::database"
include_recipe "firezone::app"
include_recipe 'firezone::telemetry'
include_recipe 'firezone::config'
include_recipe 'firezone::setcap'
include_recipe 'firezone::log_management'
include_recipe 'firezone::ssl'
include_recipe 'firezone::network'
include_recipe 'firezone::postgresql'
include_recipe 'firezone::nginx'
include_recipe 'firezone::database'
include_recipe 'firezone::app'
# Write out a firezone-running.json at the end of the run
file "#{node['firezone']['config_directory']}/firezone-running.json" do
@@ -25,7 +25,7 @@ file "#{node['firezone']['config_directory']}/firezone-running.json" do
end
file "#{node['firezone']['var_directory']}/.license.accepted" do
content ""
content ''
owner node['firezone']['user']
group node['firezone']['group']
mode '0600'

2
omnibus/cookbooks/firezone/recipes/log_management.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Cookbook:: firezone
# Recipe:: log_management

18
omnibus/cookbooks/firezone/recipes/network.rb
View File

@@ -28,16 +28,16 @@ egress_ip.run_command
node.default['firezone']['wireguard']['endpoint'] ||= egress_ip.stdout.chomp.gsub(%r{/.*}, '')
node.default['firezone']['egress_interface'] = egress_interface
replace_or_add "IPv4 packet forwarding" do
path "/etc/sysctl.conf"
pattern /^\s+#\s+net.ipv4.ip_forward\s+=\s+1/
line "net.ipv4.ip_forward=1"
replace_or_add 'IPv4 packet forwarding' do
path '/etc/sysctl.conf'
pattern(/^\s+#\s+net.ipv4.ip_forward\s+=\s+1/)
line 'net.ipv4.ip_forward=1'
end
replace_or_add "IPv6 packet forwarding" do
path "/etc/sysctl.conf"
pattern /^\s+#\s+net.ipv6.conf.all.forwarding\s+=\s+1/
line "net.ipv6.conf.all.forwarding=1"
replace_or_add 'IPv6 packet forwarding' do
path '/etc/sysctl.conf'
pattern(/^\s+#\s+net.ipv6.conf.all.forwarding\s+=\s+1/)
line 'net.ipv6.conf.all.forwarding=1'
end
execute "sysctl -p /etc/sysctl.conf"
execute 'sysctl -p /etc/sysctl.conf'

5
omnibus/cookbooks/firezone/recipes/nginx.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Cookbook:: firezone
# Recipe:: nginx
@@ -69,7 +71,8 @@ template "#{node['firezone']['var_directory']}/etc/logrotate.d/nginx" do
variables(
'log_directory' => node['firezone']['nginx']['log_directory'],
'log_rotation' => node['firezone']['nginx']['log_rotation'],
'postrotate' => "#{node['firezone']['install_directory']}/embedded/sbin/nginx -c #{node['firezone']['nginx']['directory']}/nginx.conf -s reopen",
'postrotate' => "#{node['firezone']['install_directory']}/embedded/sbin/nginx -c "\
"#{node['firezone']['nginx']['directory']}/nginx.conf -s reopen",
'owner' => 'root',
'group' => 'root'
)

1
omnibus/cookbooks/firezone/recipes/phoenix.rb
View File

@@ -60,6 +60,7 @@ if node['firezone']['phoenix']['enabled']
action :enable
subscribes :restart, 'file[environment-variables]'
subscribes :restart, 'file[disable-telemetry]'
subscribes :restart, 'file[telemetry-id]'
end
else
runit_service 'phoenix' do

2
omnibus/cookbooks/firezone/recipes/postgresql.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Cookbook:: firezone
# Recipe:: postgresql

2
omnibus/cookbooks/firezone/recipes/show_config.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Cookbook:: firezone
# Recipe:: show_config

2
omnibus/cookbooks/firezone/recipes/ssl.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
#
# Cookbook:: firezone
# Recipe:: ssl

13
omnibus/cookbooks/firezone/recipes/telemetry.rb
View File

@@ -1,5 +1,7 @@
# frozen_string_literal: true
require 'securerandom'
# Cookbook:: firezone
# Recipe:: telemetry
#
@@ -9,7 +11,7 @@
include_recipe 'firezone::config'
disable_telemetry_path = "#{node['firezone']['install_directory']}/.disable-telemetry"
disable_telemetry_path = "#{node['firezone']['var_directory']}/.disable_telemetry"
if node['firezone']['telemetry']['enabled'] == false
file 'disable_telemetry' do
@@ -18,7 +20,6 @@ if node['firezone']['telemetry']['enabled'] == false
user node['firezone']['user']
group node['firezone']['group']
end
node['firezone']['telemetry_id'] = nil
else
file 'disable_telemetry' do
path disable_telemetry_path
@@ -26,6 +27,10 @@ else
end
end
unless /[a-f0-9]{8}-([a-f0-9]{4}-){3}[a-f0-9]{12}/.match?(node['firezone']['telemetry_id'].to_s)
node.normal['firezone']['telemetry_id'] = SecureRandom.uuid()
file 'telemetry-id' do
path "#{node['firezone']['var_directory']}/cache/telemetry_id"
mode '0440'
owner node['firezone']['user']
group node['firezone']['group']
content node['firezone']['telemetry_id']
end

6
omnibus/cookbooks/firezone/templates/sv-phoenix-finish.erb
View File

@@ -3,8 +3,8 @@ exec 2>&1
capture () {
if type curl > /dev/null; then
if [ -e /opt/firezone/sv/phoenix/env/TELEMETRY_ID ]; then
telemetry_id=`cat /opt/firezone/sv/phoenix/env/TELEMETRY_ID`
if [ -e /var/opt/firezone/cache/telemetry_id ]; then
telemetry_id=`cat /var/opt/firezone/cache/telemetry_id`
if [ ! -z "$telemetry_id" ]; then
curl -s -XPOST \
-H 'Content-Type: application/json' \
@@ -22,7 +22,7 @@ capture () {
}
if [ $1 -eq "1" ]; then
if [ ! -e /opt/firezone/.disable-telemetry ]; then
if [ ! -e /var/opt/firezone/.disable_telemetry ]; then
capture || true
fi

2
omnibus/cookbooks/firezone/test/integration/default/default_test.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
# Chef InSpec test for recipe firezone::default
# The Chef InSpec reference, with examples and extensive documentation, can be

17
omnibus/omnibus.rb
View File

@@ -14,14 +14,10 @@
#
# Uncomment this line to change the default base directory to "local"
# -------------------------------------------------------------------
if ENV["CI"]
base_dir("/opt/runner/omnibus-local")
elsif Dir.exist?("/vagrant")
# Running inside vagrant, use tmp dir
base_dir("/tmp/omnibus-local")
if ENV['CI']
base_dir('/opt/runner/omnibus-local')
else
# Running on build server, use fast SSD array dir
base_dir("/data/omnibus-local")
base_dir('/tmp/omnibus-local')
end
#
# Alternatively you can tune the individual values
@@ -63,5 +59,8 @@ append_timestamp false
# Windows architecture defaults
# ------------------------------
windows_arch %w[x86 x64].include?((ENV["OMNIBUS_WINDOWS_ARCH"] || "").downcase) ?
ENV["OMNIBUS_WINDOWS_ARCH"].downcase.to_sym : :x86
if %w[x86 x64].include?((ENV['OMNIBUS_WINDOWS_ARCH'] || '').downcase)
windows_arch(ENV['OMNIBUS_WINDOWS_ARCH'].downcase.to_sym)
else
windows_arch(:x86)
end

6
omnibus/package-scripts/firezone/postinst
View File

@@ -4,8 +4,8 @@
capture () {
if type curl > /dev/null; then
if [ -e /opt/firezone/sv/phoenix/env/TELEMETRY_ID ]; then
telemetry_id=`cat /opt/firezone/sv/phoenix/env/TELEMETRY_ID`
if [ -e /var/opt/firezone/cache/telemetry_id ]; then
telemetry_id=`cat /var/opt/firezone/cache/telemetry_id`
if [ ! -z "$telemetry_id" ]; then
curl -s -XPOST \
-H 'Content-Type: application/json' \
@@ -21,7 +21,7 @@ capture () {
fi
fi
}
if [ ! -e /opt/firezone/.disable-telemetry ]; then
if [ ! -e /var/opt/firezone/.disable_telemetry ]; then
capture || true
fi

6
omnibus/package-scripts/firezone/postrm
View File

@@ -7,8 +7,8 @@ set -e
capture () {
if type curl > /dev/null; then
if [ -e /opt/firezone/sv/phoenix/env/TELEMETRY_ID ]; then
telemetry_id=`cat /opt/firezone/sv/phoenix/env/TELEMETRY_ID`
if [ -e /var/opt/firezone/cache/telemetry_id ]; then
telemetry_id=`cat /var/opt/firezone/cache/telemetry_id`
if [ ! -z "$telemetry_id" ]; then
curl -s -XPOST \
-H 'Content-Type: application/json' \
@@ -24,7 +24,7 @@ capture () {
fi
fi
}
if [ ! -e /opt/firezone/.disable-telemetry ]; then
if [ ! -e /var/opt/firezone/.disable_telemetry ]; then
capture || true
fi

6
omnibus/package-scripts/firezone/preinst
View File

@@ -7,8 +7,8 @@ set -e
capture () {
if type curl > /dev/null; then
if [ -e /opt/firezone/sv/phoenix/env/TELEMETRY_ID ]; then
telemetry_id=`cat /opt/firezone/sv/phoenix/env/TELEMETRY_ID`
if [ -e /var/opt/firezone/cache/telemetry_id ]; then
telemetry_id=`cat /var/opt/firezone/cache/telemetry_id`
if [ ! -z "$telemetry_id" ]; then
curl -s -XPOST \
-H 'Content-Type: application/json' \
@@ -24,7 +24,7 @@ capture () {
fi
fi
}
if [ ! -e /opt/firezone/.disable-telemetry ]; then
if [ ! -e /var/opt/firezone/.disable_telemetry ]; then
capture || true
fi

6
omnibus/package-scripts/firezone/prerm
View File

@@ -8,8 +8,8 @@ PROGNAME=`basename $0`
capture () {
if type curl > /dev/null; then
if [ -e /opt/firezone/sv/phoenix/env/TELEMETRY_ID ]; then
telemetry_id=`cat /opt/firezone/sv/phoenix/env/TELEMETRY_ID`
if [ -e /var/opt/firezone/cache/telemetry_id ]; then
telemetry_id=`cat /var/opt/firezone/cache/telemetry_id`
if [ ! -z "$telemetry_id" ]; then
curl -s -XPOST \
-H 'Content-Type: application/json' \
@@ -26,7 +26,7 @@ capture () {
fi
}
if [ ! -e /opt/firezone/.disable-telemetry ]; then
if [ ! -e /var/opt/firezone/.disable_telemetry ]; then
capture || true
fi

9
scripts/version.exs
View File

@@ -1,2 +1,7 @@
{result, 0} = System.cmd(Path.join([__DIR__, "semver.sh"]), [], stderr_to_stdout: true)
result |> String.trim()
case System.cmd(Path.join([__DIR__, "semver.sh"]), [], stderr_to_stdout: true) do
{result, 0} ->
result |> String.trim()
{_error, _exit_code} ->
"0.0.0+git.0.deadbeef"
end