github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-02-06 01:06:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Cookbook added

Browse Source
This commit is contained in:
Jamil Bou Kheir
2021-08-16 23:39:48 +00:00
parent 588743d5b3
commit fc18ed2f0a
51 changed files with 1972 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
omnibus/Gemfile
View File

@@ -4,6 +4,7 @@ source "https://rubygems.org"
# Install omnibus
gem "omnibus", "~> 8.1"
gem "chef", "~> 16.14.1"
# Use Chef"s software definitions. It is recommended that you write your own
# software definitions, but you can clone/fork Chef"s to get you started.

13
omnibus/Gemfile.lock
View File

@@ -6,7 +6,7 @@ GEM
ast (2.4.2)
awesome_print (1.9.2)
aws-eventstream (1.1.1)
aws-partitions (1.484.0)
aws-partitions (1.487.0)
aws-sdk-core (3.119.0)
aws-eventstream (~> 1, >= 1.0.2)
aws-partitions (~> 1, >= 1.239.0)
@@ -182,7 +182,7 @@ GEM
mixlib-cli (2.1.8)
mixlib-config (3.0.9)
tomlrb
mixlib-install (3.12.11)
mixlib-install (3.12.16)
mixlib-shellout
mixlib-versioning
thor
@@ -190,7 +190,7 @@ GEM
mixlib-shellout (3.2.5)
chef-utils
mixlib-versioning (1.2.12)
molinillo (0.7.0)
molinillo (0.8.0)
multi_json (1.15.0)
multipart-post (2.1.1)
net-scp (3.0.0)
@@ -272,16 +272,16 @@ GEM
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.10.0)
rspec-support (3.10.2)
rubocop (1.18.4)
rubocop (1.19.0)
parallel (~> 1.10)
parser (>= 3.0.0.0)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 1.8, < 3.0)
rexml
rubocop-ast (>= 1.8.0, < 2.0)
rubocop-ast (>= 1.9.1, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 1.4.0, < 3.0)
rubocop-ast (1.8.0)
rubocop-ast (1.10.0)
parser (>= 3.0.1.1)
ruby-progressbar (1.11.0)
ruby2_keywords (0.0.5)
@@ -380,6 +380,7 @@ PLATFORMS
DEPENDENCIES
berkshelf
chef (~> 16.14.1)
kitchen-vagrant
omnibus (~> 8.1)
rubocop

10
omnibus/config/patches/chef-bin/disable_license_enforce.patch Normal file
View File

@@ -0,0 +1,10 @@
diff --git a/chef-bin/bin/chef-client b/chef-bin/bin/chef-client
index 45a6af546a..95402c9481 100755
--- a/chef-bin/bin/chef-client
+++ b/chef-bin/bin/chef-client
@@ -22,4 +22,4 @@ $:.unshift(File.join(File.dirname(__FILE__), "..", "lib"))
require "chef"
require "chef/application/client"
-Chef::Application::Client.new.run(enforce_license: true)
+Chef::Application::Client.new.run(enforce_license: false)

12
omnibus/config/patches/omnibus-ctl/skip-license-acceptance.patch Normal file
View File

@@ -0,0 +1,12 @@
diff --git a/lib/omnibus-ctl.rb b/lib/omnibus-ctl.rb
index b3e06c2..acbf8b9 100644
--- a/lib/omnibus-ctl.rb
+++ b/lib/omnibus-ctl.rb
@@ -504,7 +504,6 @@ EOM
# args being passed to this command does not include the ones that are
# starting with "-". See #is_option? method. If it is starting with "-"
# then it is treated as a option and we need to look for them in ARGV.
- check_license_acceptance(ARGV.include?("--accept-license"))
status = run_chef("#{base_path}/embedded/cookbooks/dna.json")
if status.success?

103
omnibus/config/patches/ruby/patch-configure Normal file
View File

@@ -0,0 +1,103 @@
$NetBSD: patch-configure,v 1.4 2012/10/12 14:51:31 taca Exp $
* Adding Interix and MirBSD support.
* Ignore doxygen.
--- configure.orig 2012-10-12 09:23:46.000000000 +0000
+++ configure
@@ -10654,6 +10654,9 @@ esac
superux*) :
ac_cv_func_setitimer=no
;; #(
+ interix*) LIBS="-lm $LIBS"
+ ac_cv_func_getpgrp_void=yes
+ ;; #(
*) :
LIBS="-lm $LIBS" ;;
esac
@@ -11980,6 +11983,9 @@ fi
ac_fn_c_check_type "$LINENO" "struct timespec" "ac_cv_type_struct_timespec" "#ifdef HAVE_TIME_H
#include <time.h>
#endif
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
"
if test "x$ac_cv_type_struct_timespec" = xyes; then :
@@ -15790,7 +15796,7 @@ done
MAINLIBS="-pthread $MAINLIBS" ;; #(
*) :
case "$target_os" in #(
- openbsd*) :
+ openbsd*|mirbsd*) :
LIBS="-pthread $LIBS" ;; #(
*) :
LIBS="-l$pthread_lib $LIBS" ;;
@@ -16239,8 +16245,12 @@ esac ;; #(
rb_cv_dlopen=yes ;; #(
interix*) :
: ${LDSHARED='$(CC) -shared'}
+ LDFLAGS="$LDFLAGS -Wl,-E"
XLDFLAGS="$XLDFLAGS -Wl,-E"
+ # use special random-slot linkage in 0x[56]XXXXXXX
LIBPATHFLAG=" -L%1\$-s"
+ DLDFLAGS="$DLDFLAGS "'-Wl,-h,$(.TARGET) -Wl,--image-base,$$(($$RANDOM %4096/2*262144+1342177280))'
+ RPATHFLAG=' -Wl,-R%1$-s'
rb_cv_dlopen=yes ;; #(
freebsd*|dragonfly*) :
@@ -16252,7 +16262,7 @@ esac ;; #(
test "$GCC" = yes && test "$rb_cv_prog_gnu_ld" = yes || LDSHARED="ld -Bshareable"
fi
rb_cv_dlopen=yes ;; #(
- openbsd*) :
+ openbsd*|mirbsd*) :
: ${LDSHARED='$(CC) -shared ${CCDLFLAGS}'}
if test "$rb_cv_binary_elf" = yes; then
LDFLAGS="$LDFLAGS -Wl,-E"
@@ -16781,7 +16791,7 @@ _ACEOF
freebsd*|dragonfly*) :
SOLIBS='$(LIBS)'
- LIBRUBY_SO='lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR)'
+ LIBRUBY_SO='lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR)$(TEENY)'
if test "$rb_cv_binary_elf" != "yes" ; then
LIBRUBY_SO="$LIBRUBY_SO.\$(TEENY)"
LIBRUBY_ALIASES=''
@@ -16798,7 +16808,7 @@ _ACEOF
LIBRUBY_ALIASES=""
fi
;; #(
- openbsd*) :
+ openbsd*|mirbsd*) :
SOLIBS='$(LIBS)'
LIBRUBY_SO='lib$(RUBY_SO_NAME).so.$(MAJOR).'`expr ${MINOR} \* 10 + ${TEENY}`
@@ -16859,7 +16869,12 @@ esac
;; #(
interix*) :
- LIBRUBYARG_SHARED='-L. -L${libdir} -l$(RUBY_SO_NAME)'
+ SOLIBS='$(LIBS)'
+ LIBRUBY_SO='lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR).$(TEENY)'
+ # link explicitly to 0x48000000
+ LIBRUBY_DLDFLAGS='-Wl,-h,lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR) -Wl,--image-base,1207959552'
+ LIBRUBYARG_SHARED='-Wl,-R -Wl,${libdir} -L${libdir} -L. -l$(RUBY_SO_NAME)'
+ LIBRUBY_ALIASES='lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR) lib$(RUBY_SO_NAME).so'
;; #(
*) :
;;
@@ -16922,11 +16937,7 @@ if test "$install_doc" != no; then
else
RDOCTARGET="nodoc"
fi
- if test "$install_capi" != no -a -n "$DOXYGEN"; then
- CAPITARGET="capi"
- else
- CAPITARGET="nodoc"
- fi
+ CAPITARGET="nodoc"
else
RDOCTARGET="nodoc"
CAPITARGET="nodoc"

11
omnibus/config/patches/ruby/ruby-aix-atomic.patch Normal file
View File

@@ -0,0 +1,11 @@
--- ruby-2.1.2/ruby_atomic.h.orig 2014-09-29 14:08:29.000000000 -0500
+++ ruby-2.1.2/ruby_atomic.h 2014-09-29 14:08:41.000000000 -0500
@@ -117,7 +117,7 @@
# endif
#else
-typedef int rb_atomic_t;
+typedef long rb_atomic_t;
#define NEED_RUBY_ATOMIC_OPS
extern rb_atomic_t ruby_atomic_exchange(rb_atomic_t *ptr, rb_atomic_t val);
extern rb_atomic_t ruby_atomic_compare_and_swap(rb_atomic_t *ptr,

20
omnibus/config/patches/ruby/ruby-aix-configure.patch Normal file
View File

@@ -0,0 +1,20 @@
--- ruby-1.9.3-p547/configure.orig 2014-05-16 09:38:31 -0500
+++ ruby-1.9.3-p547/configure 2014-07-15 19:58:29 -0500
@@ -16488,6 +16488,7 @@
aix*) :
: ${LDSHARED='$(CC)'}
LDSHARED="$LDSHARED ${linker_flag}-G"
+ DLDFLAGS='-eInit_$(TARGET)'
EXTDLDFLAGS='-e$(TARGET_ENTRY)'
XLDFLAGS="${linker_flag}"'-bE:$(ARCHFILE)'" ${linker_flag}-brtl"
XLDFLAGS="$XLDFLAGS ${linker_flag}-blibpath:${prefix}/lib:${LIBPATH:-/usr/lib:/lib}"
@@ -17028,7 +17029,8 @@
LIBRUBY_DLDFLAGS="${linker_flag}-bnoentry $XLDFLAGS"
LIBRUBYARG_SHARED='-L${libdir} -l${RUBY_SO_NAME}'
- SOLIBS='-lm -lc'
+ SOLIBS='-lm -lc -lz'
+ LIBRUBY_SO='lib$(RUBY_SO_NAME).a'
;; #(
beos*) :

14
omnibus/config/patches/ruby/ruby-aix-vm-core.patch Normal file
View File

@@ -0,0 +1,14 @@
--- ruby-2.1.2/vm_core.h.orig 2014-09-29 14:05:24.000000000 -0500
+++ ruby-2.1.2/vm_core.h 2014-09-29 14:05:39.000000000 -0500
@@ -392,9 +392,9 @@
/* postponed_job */
struct rb_postponed_job_struct *postponed_job_buffer;
- int postponed_job_index;
+ long postponed_job_index;
- int src_encoding_index;
+ long src_encoding_index;
VALUE verbose, debug, orig_progname, progname;
VALUE coverages;

13
omnibus/config/patches/ruby/ruby-disable-copy-file-range.patch Normal file
View File

@@ -0,0 +1,13 @@
diff --git a/io.c b/io.c
index 868756ffc5..2e4166d664 100644
--- a/io.c
+++ b/io.c
@@ -10887,7 +10887,7 @@ nogvl_copy_stream_wait_write(struct copy_stream_struct *stp)
return 0;
}
-#if defined HAVE_COPY_FILE_RANGE || (defined __linux__ && defined __NR_copy_file_range)
+#if 0
# define USE_COPY_FILE_RANGE
#endif

12
omnibus/config/patches/ruby/ruby-fix-reserve-stack-segfault.patch Normal file
View File

@@ -0,0 +1,12 @@
--- a/thread_pthread.c
+++ b/thread_pthread.c
@@ -686,8 +686,8 @@ reserve_stack(volatile char *limit, size_t size)
limit -= size;
if (buf > limit) {
limit = alloca(buf - limit);
+ limit[0] = 0; /* ensure alloca is called */
limit -= stack_check_margin;
- limit[0] = 0;
}
}
}

0
omnibus/config/patches/ruby/ruby-freebsd-9-zlib.patch Normal file
View File

29
omnibus/config/patches/ruby/ruby-mkmf.patch Normal file
View File

@@ -0,0 +1,29 @@
--- a/lib/mkmf.rb 2016-06-16 16:19:13.000000000 -0400
+++ b/lib/mkmf.rb 2016-06-16 16:23:08.000000000 -0400
@@ -365,6 +365,17 @@
end
def libpath_env
+ # Patch for aix
+ # Ideally applications should not need LIBPATH/LD_LIBRARY_PATH set
+ # and should rely on the embedded paths in binaries/shared objects
+ # For chef say on AIX we already build using -blibpath and
+ # LD_RUN_PATH, so the extensions built using chef embedded ruby
+ # (using rbconfig) should have correct paths set.
+ # Setting LIBPATH overrides the behaviour of programs invoked from
+ # chef built ruby, for example xlc ends up picking up libiconv built
+ # within chef embedded ruby libs instead of the one from /usr/lib
+ return {}
+
# used only if native compiling
if libpathenv = config_string("LIBPATHENV")
pathenv = ENV[libpathenv]
@@ -1799,7 +1810,7 @@
#
if !CROSS_COMPILING
case CONFIG['build_os']
- when 'mingw32'
+ when 'mingw32', 'mingw64'
def mkintpath(path)
# mingw uses make from msys and it needs special care
# converts from C:\some\path to /C/some/path

13
omnibus/config/patches/ruby/ruby-no-stack-protector.patch Normal file
View File

@@ -0,0 +1,13 @@
diff --git a/configure.dist b/configure
index d83c15a..bd4813c 100755
--- a/configure.dist
+++ b/configure
@@ -7491,7 +7491,7 @@ main ()
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
- stack_protector=yes
+ stack_protector=no
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
else

42
omnibus/config/patches/ruby/ruby-openssl-1.0.1c.patch Normal file
View File

@@ -0,0 +1,42 @@
diff -Naur ruby-1.9.3-p286.pristine/ext/openssl/openssl_missing.c ruby-1.9.3-p286/ext/openssl/openssl_missing.c
--- ruby-1.9.3-p286.pristine/ext/openssl/openssl_missing.c 2011-06-26 01:32:03.000000000 +0000
+++ ruby-1.9.3-p286/ext/openssl/openssl_missing.c 2013-01-28 05:08:38.192083253 +0000
@@ -22,7 +22,7 @@
#include "openssl_missing.h"
#if !defined(HAVE_HMAC_CTX_COPY)
-void
+int
HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
{
if (!out || !in) return;
@@ -118,7 +118,7 @@
* tested on 0.9.7d.
*/
int
-EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in)
+EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
{
memcpy(out, in, sizeof(EVP_CIPHER_CTX));
diff -Naur ruby-1.9.3-p286.pristine/ext/openssl/openssl_missing.h ruby-1.9.3-p286/ext/openssl/openssl_missing.h
--- ruby-1.9.3-p286.pristine/ext/openssl/openssl_missing.h 2011-06-26 01:32:03.000000000 +0000
+++ ruby-1.9.3-p286/ext/openssl/openssl_missing.h 2013-01-28 05:08:38.192500215 +0000
@@ -68,7 +68,7 @@
#endif
#if !defined(HAVE_HMAC_CTX_COPY)
-void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
+int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
#endif
#if !defined(HAVE_HMAC_CTX_CLEANUP)
@@ -92,7 +92,7 @@
#endif
#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
-int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in);
+int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
#endif
#if !defined(HAVE_EVP_DIGESTINIT_EX)

42
omnibus/config/patches/ruby/ruby-solaris-linux-socket-compat.patch Normal file
View File

@@ -0,0 +1,42 @@
--- ruby-2.1.5/ext/socket/raddrinfo.c.orig Fri Mar 20 13:53:18 2015
+++ ruby-2.1.5/ext/socket/raddrinfo.c Fri Mar 20 13:53:34 2015
@@ -8,6 +8,39 @@
************************************************/
+/* Linux kernel socket model compat defs.
+ AIX/Solaris/HP-UX all use an alternate
+ interface called DLPI. See the below and
+ libpcap's pcap-dlpi.c for more info:
+ http://www.oracle.com/technetwork/server-storage/solaris/solaris-linux-app-139382.html*/
+#define PACKET_HOST 0 /* To us. */
+#define PACKET_BROADCAST 1 /* To all. */
+#define PACKET_MULTICAST 2 /* To group. */
+#define PACKET_OTHERHOST 3 /* To someone else. */
+#define PACKET_OUTGOING 4 /* Originated by us . */
+#define PACKET_LOOPBACK 5
+#define PACKET_FASTROUTE 6
+
+/* Packet socket options. */
+
+#define PACKET_ADD_MEMBERSHIP 1
+#define PACKET_DROP_MEMBERSHIP 2
+#define PACKET_RECV_OUTPUT 3
+#define PACKET_RX_RING 5
+#define PACKET_STATISTICS 6
+
+struct packet_mreq
+ {
+ int mr_ifindex;
+ unsigned short int mr_type;
+ unsigned short int mr_alen;
+ unsigned char mr_address[8];
+ };
+
+#define PACKET_MR_MULTICAST 0
+#define PACKET_MR_PROMISC 1
+#define PACKET_MR_ALLMULTI 2
+
#include "rubysocket.h"
#if defined(INET6) && (defined(LOOKUP_ORDER_HACK_INET) || defined(LOOKUP_ORDER_HACK_INET6))

20
omnibus/config/patches/ruby/ruby-sparc-1.9.3-c99.patch Normal file
View File

@@ -0,0 +1,20 @@
--- ruby-1.9.3/sparc.c_orig Wed Apr 22 19:07:16 2015
+++ ruby-1.9.3/sparc.c Wed Apr 22 19:07:57 2015
@@ -11,7 +11,16 @@
*********************************************************************/
void rb_sparc_flush_register_windows(void)
{
- asm
+ /*
+ * gcc doesn't provide "asm" keyword if -ansi and the various -std options
+ * are given.
+ * http://gcc.gnu.org/onlinedocs/gcc/Alternate-Keywords.html
+ */
+#ifndef __GNUC__
+#define __asm__ asm
+#endif
+
+ __asm__
#ifdef __GNUC__
__volatile__
#endif

58
omnibus/config/patches/ruby/ruby_aix_1_9_3_448_ssl_EAGAIN.patch Normal file
View File

@@ -0,0 +1,58 @@
diff --git a/ext/openssl/lib/openssl/ssl-internal.rb b/ext/openssl/lib/openssl/ssl-internal.rb
index 356d4e8..89a7a42 100644
--- a/ext/openssl/lib/openssl/ssl-internal.rb
+++ b/ext/openssl/lib/openssl/ssl-internal.rb
@@ -169,7 +169,15 @@ module OpenSSL
begin
ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
ssl.sync_close = true
- ssl.accept if @start_immediately
+ if @start_immediately
+ # Retry on EAGAIN (may be due to underlying inprogress for TLS handshake or renegotiation requested.)
+ # Any other error is rescued further.
+ begin
+ ssl.accept
+ rescue Errno::EAGAIN
+ retry
+ end
+ end
ssl
rescue SSLError => ex
sock.close
diff --git a/lib/net/http.rb b/lib/net/http.rb
index 9e4fe6a..41a9c75 100644
--- a/lib/net/http.rb
+++ b/lib/net/http.rb
@@ -797,7 +797,14 @@ module Net #:nodoc:
end
# Server Name Indication (SNI) RFC 3546
s.hostname = @address if s.respond_to? :hostname=
- timeout(@open_timeout) { s.connect }
+ timeout(@open_timeout) {
+ # Retry on EAGAIN (may be due to underlying inprogress for TLS handshake or renegotiation requested.)
+ begin
+ s.connect
+ rescue Errno::EAGAIN
+ retry
+ end
+ }
if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
s.post_connection_check(@address)
end
diff --git a/lib/net/protocol.rb b/lib/net/protocol.rb
index f374466..b6f9f17 100644
--- a/lib/net/protocol.rb
+++ b/lib/net/protocol.rb
@@ -153,6 +153,12 @@ module Net # :nodoc:
else
raise Timeout::Error
end
+ rescue Errno::EAGAIN
+ # read_nonblock calls underlying SSL_read. openssl doc states that data can be processed only when SSL/TLS
+ # record has been received completely. Also data that was not retrieved at the last call of SSL_read()
+ # can still be buffered inside the SSL layer and will be retrieved on the next call to SSL_read.
+ # http://www.openssl.org/docs/ssl/SSL_read.html
+ retry
end
end

19
omnibus/config/patches/ruby/ruby_aix_2_1_3_ssl_EAGAIN.patch Normal file
View File

@@ -0,0 +1,19 @@
--- ruby-2.1.3/ext/openssl/lib/openssl/ssl.rb_orig 2014-10-24 13:09:44.000000000 -0500
+++ ruby-2.1.3/ext/openssl/lib/openssl/ssl.rb 2014-10-24 13:11:01.000000000 -0500
@@ -194,7 +194,15 @@
begin
ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
ssl.sync_close = true
- ssl.accept if @start_immediately
+ if @start_immediately
+ # Retry on EAGAIN (may be due to underlying inprogress for TLS handshake or renegotiation requested.)
+ # Any other error is rescued further.
+ begin
+ ssl.accept
+ rescue Errno::EAGAIN
+ retry
+ end
+ end
ssl
rescue SSLError => ex
sock.close

10
omnibus/config/patches/ruby/ruby_aix_openssl.patch Normal file
View File

@@ -0,0 +1,10 @@
--- ruby-1.9.3-p547/ext/openssl/extconf.rb.orig 2014-07-15 17:50:30 -0500
+++ ruby-1.9.3-p547/ext/openssl/extconf.rb 2014-07-15 17:50:39 -0500
@@ -34,6 +34,7 @@
end
Logging::message "=== Checking for system dependent stuff... ===\n"
+have_library("z", "inflate")
have_library("nsl", "t_open")
have_library("socket", "socket")
have_header("assert.h")

27
omnibus/config/patches/ruby/rvm-cflags.patch Normal file
View File

@@ -0,0 +1,27 @@
--- a/configure.in
+++ b/configure.in
@@ -267,11 +267,9 @@
cflagspat="$cflagspat;s|"`eval echo '"'"${debugflags}"'"' | sed 's/[[][|.*]]/\\&/g;s/^ */ /;s/ *$/ /'`'| |g'
test -z "warnflags" ||
cflagspat="$cflagspat;s|"`eval echo '"'"${warnflags}"'"' | sed 's/[[][|.*]]/\\&/g;s/^ */ /;s/ *$/ /'`'| |g'
-if test -z "${CFLAGS+set}"; then
- cflags=`echo " $cflags " | sed "$cflagspat;s/^ *//;s/ *$//"`
- orig_cflags="$cflags"
- cflags="$cflags "'${optflags} ${debugflags} ${warnflags}'
-fi
+cflags=`echo " $cflags " | sed "$cflagspat;s/^ *//;s/ *$//"`
+orig_cflags="$cflags"
+cflags="$cflags "'${optflags} ${debugflags} ${warnflags}'
if test -z "${CXXFLAGS+set}"; then
cxxflags=`echo " $cxxflags " | sed "$cflagspat;s/^ *//;s/ *$//"`
orig_cxxflags="$cxxflags"
@@ -511,7 +509,8 @@
])
fi
-test -z "${ac_env_CFLAGS_set}" -a -n "${cflags+set}" && eval CFLAGS="\"$cflags $ARCH_FLAG\""
+test -z "${ac_env_CFLAGS_set}" && CFLAGS="$ARCH_FLAG"
+test -n "${cflags:+set}" && eval CFLAGS="\"$cflags\${CFLAGS:+ $CFLAGS}\""
test -z "${ac_env_CXXFLAGS_set}" -a -n "${cxxflags+set}" && eval CXXFLAGS="\"$cxxflags $ARCH_FLAG\""
dnl check for large file stuff

256
omnibus/config/patches/ruby/thread-memory-allocations-2.7.patch Normal file
View File

@@ -0,0 +1,256 @@
From 97f14ebfd8d24d71e10c450e0a90b6322f9c0d59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kamil=20Trzci=C5=84ski?= <ayufan@ayufan.eu>
Date: Tue, 22 Dec 2020 15:33:08 +0100
Subject: [PATCH] Expose `Thread#memory_allocations` counters
This provides currently a per-thread GC heap slots
and malloc allocations statistics.
This is designed to measure a memory allocations
in a multi-threaded environments (concurrent requests
processing) with an accurate information about allocated
memory within a given execution context.
Example: Measure memory pressure generated by a given
requests to easier find requests with a lot of allocations.
---
gc.c | 20 ++++++
.../test_thread_trace_memory_allocations.rb | 67 +++++++++++++++++++
thread.c | 55 +++++++++++++++
vm_core.h | 17 +++++
4 files changed, 159 insertions(+)
create mode 100644 test/ruby/test_thread_trace_memory_allocations.rb
diff --git a/gc.c b/gc.c
index 73faf46b128b..f2dcd2935052 100644
--- a/gc.c
+++ b/gc.c
@@ -2172,6 +2172,13 @@ newobj_init(VALUE klass, VALUE flags, VALUE v1, VALUE v2, VALUE v3, int wb_prote
GC_ASSERT(!SPECIAL_CONST_P(obj)); /* check alignment */
#endif
+#if THREAD_TRACE_MEMORY_ALLOCATIONS
+ rb_thread_t *th = ruby_threadptr_for_trace_memory_allocations();
+ if (th) {
+ ATOMIC_SIZE_INC(th->memory_allocations.total_allocated_objects);
+ }
+#endif
+
objspace->total_allocated_objects++;
gc_report(5, objspace, "newobj: %s\n", obj_info(obj));
@@ -9732,6 +9739,19 @@ objspace_malloc_increase(rb_objspace_t *objspace, void *mem, size_t new_size, si
#endif
}
+#if THREAD_TRACE_MEMORY_ALLOCATIONS
+ rb_thread_t *th = ruby_threadptr_for_trace_memory_allocations();
+ if (th) {
+ if (new_size > old_size) {
+ ATOMIC_SIZE_ADD(th->memory_allocations.total_malloc_bytes, new_size - old_size);
+ }
+
+ if (type == MEMOP_TYPE_MALLOC) {
+ ATOMIC_SIZE_INC(th->memory_allocations.total_mallocs);
+ }
+ }
+#endif
+
if (type == MEMOP_TYPE_MALLOC) {
retry:
if (malloc_increase > malloc_limit && ruby_native_thread_p() && !dont_gc) {
diff --git a/test/ruby/test_thread_trace_memory_allocations.rb b/test/ruby/test_thread_trace_memory_allocations.rb
new file mode 100644
index 000000000000..2e281513578b
--- /dev/null
+++ b/test/ruby/test_thread_trace_memory_allocations.rb
@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+require 'test/unit'
+
+class TestThreadTraceMemoryAllocations < Test::Unit::TestCase
+ def test_disabled_trace_memory_allocations
+ Thread.trace_memory_allocations = false
+
+ assert_predicate Thread.current.memory_allocations, :nil?
+ end
+
+ def test_enabled_trace_memory_allocations
+ Thread.trace_memory_allocations = true
+
+ assert_not_nil(Thread.current.memory_allocations)
+ end
+
+ def test_only_this_thread_allocations_are_counted
+ changed = {
+ total_allocated_objects: 1000,
+ total_malloc_bytes: 1_000_000,
+ total_mallocs: 100
+ }
+
+ Thread.trace_memory_allocations = true
+
+ assert_less_than(changed) do
+ Thread.new do
+ assert_greater_than(changed) do
+ # This will allocate: 5k objects, 5k mallocs, 5MB
+ allocate(5000, 1000)
+ end
+ end.join
+
+ # This will allocate: 50 objects, 50 mallocs, 500 bytes
+ allocate(50, 10)
+ end
+ end
+
+ private
+
+ def allocate(slots, bytes)
+ Array.new(slots).map do
+ '0' * bytes
+ end
+ end
+
+ def assert_greater_than(keys)
+ before = Thread.current.memory_allocations
+ yield
+ after = Thread.current.memory_allocations
+
+ keys.each do |key, by|
+ assert_operator(by, :<=, after[key]-before[key], "expected the #{key} to change more than #{by}")
+ end
+ end
+
+ def assert_less_than(keys)
+ before = Thread.current.memory_allocations
+ yield
+ after = Thread.current.memory_allocations
+
+ keys.each do |key, by|
+ assert_operator(by, :>, after[key]-before[key], "expected the #{key} to change less than #{by}")
+ end
+ end
+end
diff --git a/thread.c b/thread.c
index 708aaa471d99..d68a59e9f2d6 100644
--- a/thread.c
+++ b/thread.c
@@ -5143,6 +5143,55 @@ rb_thread_backtrace_locations_m(int argc, VALUE *argv, VALUE thval)
return rb_vm_thread_backtrace_locations(argc, argv, thval);
}
+#if THREAD_TRACE_MEMORY_ALLOCATIONS
+rb_thread_t *
+ruby_threadptr_for_trace_memory_allocations(void)
+{
+ // The order of this checks is important due
+ // to how Ruby VM is initialized
+ if (GET_VM()->thread_trace_memory_allocations && GET_EC() != NULL) {
+ return GET_THREAD();
+ }
+
+ return NULL;
+}
+
+static VALUE
+rb_thread_s_trace_memory_allocations(VALUE _)
+{
+ return GET_THREAD()->vm->thread_trace_memory_allocations ? Qtrue : Qfalse;
+}
+
+static VALUE
+rb_thread_s_trace_memory_allocations_set(VALUE self, VALUE val)
+{
+ GET_THREAD()->vm->thread_trace_memory_allocations = RTEST(val);
+ return val;
+}
+
+static VALUE
+rb_thread_memory_allocations(VALUE self)
+{
+ rb_thread_t *th = rb_thread_ptr(self);
+
+ if (!th->vm->thread_trace_memory_allocations) {
+ return Qnil;
+ }
+
+ VALUE ret = rb_hash_new();
+
+ VALUE total_allocated_objects = ID2SYM(rb_intern_const("total_allocated_objects"));
+ VALUE total_malloc_bytes = ID2SYM(rb_intern_const("total_malloc_bytes"));
+ VALUE total_mallocs = ID2SYM(rb_intern_const("total_mallocs"));
+
+ rb_hash_aset(ret, total_allocated_objects, SIZET2NUM(th->memory_allocations.total_allocated_objects));
+ rb_hash_aset(ret, total_malloc_bytes, SIZET2NUM(th->memory_allocations.total_malloc_bytes));
+ rb_hash_aset(ret, total_mallocs, SIZET2NUM(th->memory_allocations.total_mallocs));
+
+ return ret;
+}
+#endif
+
/*
* Document-class: ThreadError
*
@@ -5230,6 +5279,12 @@ Init_Thread(void)
rb_define_method(rb_cThread, "to_s", rb_thread_to_s, 0);
rb_define_alias(rb_cThread, "inspect", "to_s");
+#if THREAD_TRACE_MEMORY_ALLOCATIONS
+ rb_define_singleton_method(rb_cThread, "trace_memory_allocations", rb_thread_s_trace_memory_allocations, 0);
+ rb_define_singleton_method(rb_cThread, "trace_memory_allocations=", rb_thread_s_trace_memory_allocations_set, 1);
+ rb_define_method(rb_cThread, "memory_allocations", rb_thread_memory_allocations, 0);
+#endif
+
rb_vm_register_special_exception(ruby_error_stream_closed, rb_eIOError,
"stream closed in another thread");
diff --git a/vm_core.h b/vm_core.h
index 12c3ac377551..63cdf55fa6ed 100644
--- a/vm_core.h
+++ b/vm_core.h
@@ -69,6 +69,13 @@
# define VM_INSN_INFO_TABLE_IMPL 2
#endif
+/*
+ * track a per thread memory allocations
+ */
+#ifndef THREAD_TRACE_MEMORY_ALLOCATIONS
+# define THREAD_TRACE_MEMORY_ALLOCATIONS 1
+#endif
+
#include "ruby/ruby.h"
#include "ruby/st.h"
@@ -602,6 +609,7 @@ typedef struct rb_vm_struct {
unsigned int running: 1;
unsigned int thread_abort_on_exception: 1;
unsigned int thread_report_on_exception: 1;
+ unsigned int thread_trace_memory_allocations: 1;
unsigned int safe_level_: 1;
int sleeper;
@@ -960,6 +968,14 @@ typedef struct rb_thread_struct {
rb_thread_list_t *join_list;
+#if THREAD_TRACE_MEMORY_ALLOCATIONS
+ struct {
+ size_t total_allocated_objects;
+ size_t total_malloc_bytes;
+ size_t total_mallocs;
+ } memory_allocations;
+#endif
+
union {
struct {
VALUE proc;
@@ -1852,6 +1868,7 @@ void rb_threadptr_interrupt(rb_thread_t *th);
void rb_threadptr_unlock_all_locking_mutexes(rb_thread_t *th);
void rb_threadptr_pending_interrupt_clear(rb_thread_t *th);
void rb_threadptr_pending_interrupt_enque(rb_thread_t *th, VALUE v);
+rb_thread_t *ruby_threadptr_for_trace_memory_allocations(void);
VALUE rb_ec_get_errinfo(const rb_execution_context_t *ec);
void rb_ec_error_print(rb_execution_context_t * volatile ec, volatile VALUE errinfo);
void rb_execution_context_update(const rb_execution_context_t *ec);

60
omnibus/config/patches/rubygems/license/add-license-file.patch Normal file
View File

@@ -0,0 +1,60 @@
diff --git a/LICENSE.txt b/LICENSE.txt
new file mode 100644
index 0000000..8a0a51d
--- /dev/null
+++ b/LICENSE.txt
@@ -0,0 +1,54 @@
+RubyGems is copyrighted free software by Chad Fowler, Rich Kilmer, Jim
+Weirich and others. You can redistribute it and/or modify it under
+either the terms of the MIT license (see the file MIT.txt), or the
+conditions below:
+
+1. You may make and give away verbatim copies of the source form of the
+ software without restriction, provided that you duplicate all of the
+ original copyright notices and associated disclaimers.
+
+2. You may modify your copy of the software in any way, provided that
+ you do at least ONE of the following:
+
+ a. place your modifications in the Public Domain or otherwise
+ make them Freely Available, such as by posting said
+ modifications to Usenet or an equivalent medium, or by allowing
+ the author to include your modifications in the software.
+
+ b. use the modified software only within your corporation or
+ organization.
+
+ c. give non-standard executables non-standard names, with
+ instructions on where to get the original software distribution.
+
+ d. make other distribution arrangements with the author.
+
+3. You may distribute the software in object code or executable
+ form, provided that you do at least ONE of the following:
+
+ a. distribute the executables and library files of the software,
+ together with instructions (in the manual page or equivalent)
+ on where to get the original distribution.
+
+ b. accompany the distribution with the machine-readable source of
+ the software.
+
+ c. give non-standard executables non-standard names, with
+ instructions on where to get the original software distribution.
+
+ d. make other distribution arrangements with the author.
+
+4. You may modify and include the part of the software into any other
+ software (possibly commercial).
+
+5. The scripts and library files supplied as input to or produced as
+ output from the software do not automatically fall under the
+ copyright of the software, but belong to whomever generated them,
+ and may be sold commercially, and may be aggregated with this
+ software.
+
+6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+ IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE.
+

13
omnibus/config/patches/runit/log-status.patch Normal file
View File

@@ -0,0 +1,13 @@
diff --git a/sv.c b/sv.c
index 0125795..b79dc4f 100644
--- a/sv.c
+++ b/sv.c
@@ -167,7 +167,7 @@ int status(char *unused) {
}
else {
outs("; ");
- if (svstatus_get()) { rc =svstatus_print("log"); outs("\n"); }
+ if (svstatus_get()) { svstatus_print("log"); outs("\n"); }
}
islog =0;
flush("");

9
omnibus/config/projects/firezone.rb
View File

@@ -33,16 +33,15 @@ build_version Omnibus::BuildVersion.semver
build_iteration 1
# firezone build dependencies/components
dependency "compile_release"
dependency "runit"
dependency "nginx"
dependency "erlang"
dependency "elixir"
dependency "openssl"
dependency "postgresql"
dependency "wireguard-tools"
if linux?
dependency "nftables"
end
dependency "compile_release"
dependency "nftables" if linux?
exclude ".env"
exclude ".github"

2
omnibus/config/software/autoconf.rb
View File

@@ -43,5 +43,5 @@ build do
" --prefix=#{install_dir}/embedded", env: env
make "-j #{workers}", env: env
make "install", env: env
make "-j #{workers} install", env: env
end

2
omnibus/config/software/automake.rb
View File

@@ -46,5 +46,5 @@ build do
" --prefix=#{install_dir}/embedded", env: env
make "-j #{workers}", env: env
make "install", env: env
make "-j #{workers} install", env: env
end

4
omnibus/config/software/cacerts.rb
View File

@@ -41,7 +41,9 @@ build do
# Windows does not support symlinks
unless windows?
link "certs/cacert.pem", "#{install_dir}/embedded/ssl/cert.pem", unchecked: true
link "certs/cacert.pem", "#{install_dir}/embedded/ssl/cert.pem",
unchecked: true,
force: true
block { File.chmod(0644, "#{install_dir}/embedded/ssl/certs/cacert.pem") }
end

23
omnibus/config/software/chef-bin.rb Normal file
View File

@@ -0,0 +1,23 @@
name 'chef-bin'
# The version here should be in agreement with /Gemfile.lock so that our rspec
# testing stays consistent with the package contents.
default_version '15.14.0'
license 'Apache-2.0'
license_file 'LICENSE'
skip_transitive_dependency_licensing true
dependency 'ruby'
dependency 'rubygems'
build do
env = with_standard_compiler_flags(with_embedded_path)
gem 'install chef-bin' \
" --version '#{version}'" \
" --bindir '#{install_dir}/embedded/bin'" \
' --no-document', env: env
patch source: 'disable_license_enforce.patch',
target: "#{install_dir}/embedded/lib/ruby/gems/2.7.0/gems/chef-bin-#{version}/bin/chef-client"
end

5
omnibus/config/software/elixir.rb
View File

@@ -1,4 +1,5 @@
#
# frozen_string_literal: true
# Copyright 2017 Chef Software, Inc.
# Copyright 2021 FireZone
#
@@ -33,5 +34,5 @@ build do
env = with_standard_compiler_flags(with_embedded_path)
make "-j #{workers}", env: env
make "install PREFIX=#{install_dir}/embedded", env: env
make "-j #{workers} install PREFIX=#{install_dir}/embedded", env: env
end

7
omnibus/config/software/erlang.rb
View File

@@ -85,8 +85,11 @@ build do
#
# In future releases of erlang, someone should check if these flags (or
# environment variables) are avaiable to remove this ugly hack.
%w{ncurses openssl zlib.h zconf.h}.each do |name|
link "#{install_dir}/embedded/include/#{name}", "#{install_dir}/embedded/erlang/include/#{name}"
# Doesn't seem to be necessary for 24.0.5
if version != "24.0.5"
%w{ncurses openssl zlib.h zconf.h}.each do |name|
link "#{install_dir}/embedded/include/#{name}", "#{install_dir}/embedded/erlang/include/#{name}"
end
end
# Note 2017-02-28 sr: HiPE doesn't compile with OTP 18.3 on ppc64le (https://bugs.erlang.org/browse/ERL-369)

42
omnibus/config/software/firezone-ctl.rb Normal file
View File

@@ -0,0 +1,42 @@
#
# Copyright 2014 Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name "firezone-ctl"
license :project_license
dependency "omnibus-ctl"
dependency "runit"
source path: "cookbooks/omnibus-firezone"
build do
env = with_standard_compiler_flags(with_embedded_path)
bundle "install --binstubs --without test", env: env
block do
erb source: "firezone-ctl.erb",
dest: "#{install_dir}/bin/firezone-ctl",
mode: 0755,
vars: {
embedded_bin: "#{install_dir}/embedded/bin",
embedded_service: "#{install_dir}/embedded/service",
}
end
# additional omnibus-ctl commands
sync "#{project_dir}/files/default/ctl-commands", "#{install_dir}/embedded/service/omnibus-ctl/"
end

1
omnibus/config/software/nftables.rb
View File

@@ -17,6 +17,7 @@
name "nftables"
license_file "COPYING"
skip_transitive_dependency_licensing true
# Some weirdness in the official release package so use git and switch to tag
# default_version "0.9.9"

57
omnibus/config/software/nginx.rb Normal file
View File

@@ -0,0 +1,57 @@
# frozen_string_literal: true
# Copyright 2012-2016 Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name "nginx"
default_version "1.20.1"
dependency "pcre"
dependency "openssl"
dependency "zlib"
license "BSD-2-Clause"
license_file "LICENSE"
source url: "https://nginx.org/download/nginx-#{version}.tar.gz"
# versions_list: https://nginx.org/download/ filter=*.tar.gz
version("1.20.1") { source sha256: "e462e11533d5c30baa05df7652160ff5979591d291736cfa5edb9fd2edb48c49" }
version("1.19.9") { source sha256: "2e35dff06a9826e8aca940e9e8be46b7e4b12c19a48d55bfc2dc28fc9cc7d841" }
version("1.19.8") { source sha256: "308919b1a1359315a8066578472f998f14cb32af8de605a3743acca834348b05" }
version("1.18.0") { source sha256: "4c373e7ab5bf91d34a4f11a0c9496561061ba5eee6020db272a17a7228d35f99" }
version("1.14.2") { source sha256: "002d9f6154e331886a2dd4e6065863c9c1cf8291ae97a1255308572c02be9797" }
version("1.14.0") { source sha256: "5d15becbf69aba1fe33f8d416d97edd95ea8919ea9ac519eff9bafebb6022cb5" }
relative_path "nginx-#{version}"
build do
env = with_standard_compiler_flags(with_embedded_path)
command "./configure" \
" --prefix=#{install_dir}/embedded" \
" --with-http_ssl_module" \
" --with-http_stub_status_module" \
" --with-ipv6" \
" --with-debug" \
" --with-cc-opt=\"-L#{install_dir}/embedded/lib -I#{install_dir}/embedded/include\"" \
" --with-ld-opt=-L#{install_dir}/embedded/lib", env: env
make "-j #{workers}", env: env
make "install", env: env
# Ensure the logs directory is available on rebuild from git cache
touch "#{install_dir}/embedded/logs/.gitkeep"
end

45
omnibus/config/software/omnibus-ctl.rb Normal file
View File

@@ -0,0 +1,45 @@
#
# Copyright 2012-2015 Chef Software, Inc.
# Copyright 2017-2021 GitLab Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name 'omnibus-ctl'
version = Gitlab::Version.new('omnibus-ctl', 'v0.6.0')
default_version version.print(false)
display_version version.print(false)
license 'Apache-2.0'
license_file 'LICENSE'
skip_transitive_dependency_licensing true
dependency 'rubygems'
source git: version.remote
relative_path 'omnibus-ctl'
build do
env = with_standard_compiler_flags(with_embedded_path)
patch source: 'skip-license-acceptance.patch'
# Remove existing built gems in case they exist in the current dir
delete 'omnibus-ctl-*.gem'
gem 'build omnibus-ctl.gemspec', env: env
gem 'install omnibus-ctl-*.gem --no-document', env: env
touch "#{install_dir}/embedded/service/omnibus-ctl/.gitkeep"
end

52
omnibus/config/software/pcre.rb Normal file
View File

@@ -0,0 +1,52 @@
#
# Copyright:: Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name "pcre"
default_version "8.44"
license "BSD-2-Clause"
license_file "LICENCE"
skip_transitive_dependency_licensing true
dependency "libedit"
dependency "ncurses"
dependency "config_guess"
# version_list: url=https://sourceforge.net/projects/pcre/files/pcre/ filter=*.tar.gz
version("8.44") { source sha256: "aecafd4af3bd0f3935721af77b889d9024b2e01d96b58471bd91a3063fb47728" }
version("8.38") { source sha256: "9883e419c336c63b0cb5202b09537c140966d585e4d0da66147dc513da13e629" }
source url: "http://downloads.sourceforge.net/project/pcre/pcre/#{version}/pcre-#{version}.tar.gz"
relative_path "pcre-#{version}"
build do
env = with_standard_compiler_flags(with_embedded_path)
update_config_guess
command "./configure" \
" --prefix=#{install_dir}/embedded" \
" --disable-cpp" \
" --enable-utf" \
" --enable-unicode-properties" \
" --enable-pcretest-libedit" \
"--disable-pcregrep-jit", env: env
make "-j #{workers}", env: env
make "install", env: env
end

235
omnibus/config/software/ruby.rb Normal file
View File

@@ -0,0 +1,235 @@
#
# Copyright 2012-2016 Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name 'ruby'
license 'BSD-2-Clause'
license_file 'BSDL'
license_file 'COPYING'
license_file 'LEGAL'
skip_transitive_dependency_licensing true
# - chef-client cannot use 2.2.x yet due to a bug in IRB that affects chef-shell on linux:
# https://bugs.ruby-lang.org/issues/11869
# - the current status of 2.3.x is that it downloads but fails to compile.
# - verify that all ffi libs are available for your version on all platforms.
# - when upgrading please check the ABI version and update the exclusion until
# https://gitlab.com/gitlab-org/omnibus-gitlab/issues/3414 is addressed
default_version '2.7.2'
fips_enabled = (project.overrides[:fips] && project.overrides[:fips][:enabled]) || false
dependency 'patch' if solaris_10?
dependency 'ncurses' unless windows? || version.satisfies?('>= 2.1')
dependency 'zlib'
dependency 'openssl'
dependency 'libffi'
dependency 'libyaml'
# Needed for chef_gem installs of (e.g.) nokogiri on upgrades -
# they expect to see our libiconv instead of a system version.
# Ignore on windows - TDM GCC comes with libiconv in the runtime
# and that's the only one we will ever use.
dependency 'libiconv'
version('2.7.2') { source sha256: '6e5706d0d4ee4e1e2f883db9d768586b4d06567debea353c796ec45e8321c3d4' }
source url: "https://cache.ruby-lang.org/pub/ruby/#{version.match(/^(\d+\.\d+)/)[0]}/ruby-#{version}.tar.gz"
relative_path "ruby-#{version}"
env = with_standard_compiler_flags(with_embedded_path)
if mac_os_x?
# -Qunused-arguments suppresses "argument unused during compilation"
# warnings. These can be produced if you compile a program that doesn't
# link to anything in a path given with -Lextra-libs. Normally these
# would be harmless, except that autoconf treats any output to stderr as
# a failure when it makes a test program to check your CFLAGS (regardless
# of the actual exit code from the compiler).
env['CFLAGS'] << " -I#{install_dir}/embedded/include/ncurses -arch x86_64 -m64 -O3 -g -pipe -Qunused-arguments"
env['LDFLAGS'] << ' -arch x86_64'
elsif freebsd?
# Stops "libtinfo.so.5.9: could not read symbols: Bad value" error when
# compiling ext/readline. See the following for more info:
#
# https://lists.freebsd.org/pipermail/freebsd-current/2013-October/045425.html
# http://mailing.freebsd.ports-bugs.narkive.com/kCgK8sNQ/ports-183106-patch-sysutils-libcdio-does-not-build-on-10-0-and-head
#
env['LDFLAGS'] << ' -ltinfow'
elsif aix?
# this magic per IBM
env['LDSHARED'] = 'xlc -G'
env['CFLAGS'] = "-I#{install_dir}/embedded/include/ncurses -I#{install_dir}/embedded/include"
# this magic per IBM
env['XCFLAGS'] = '-DRUBY_EXPORT'
# need CPPFLAGS set so ruby doesn't try to be too clever
env['CPPFLAGS'] = "-I#{install_dir}/embedded/include/ncurses -I#{install_dir}/embedded/include"
env['SOLIBS'] = '-lm -lc'
# need to use GNU m4, default m4 doesn't work
env['M4'] = '/opt/freeware/bin/m4'
elsif solaris_10?
if sparc?
# Known issue with rubby where too much GCC optimization blows up miniruby on sparc
env['CFLAGS'] << ' -std=c99 -O0 -g -pipe -mcpu=v9'
env['LDFLAGS'] << ' -mcpu=v9'
else
env['CFLAGS'] << ' -std=c99 -O3 -g -pipe'
end
elsif windows?
env['CPPFLAGS'] << ' -DFD_SETSIZE=2048'
else # including linux
env['CFLAGS'] << if version.satisfies?('>= 2.3.0') &&
rhel? && platform_version.satisfies?('< 6.0')
' -O2 -g -pipe'
else
' -O3 -g -pipe'
end
end
build do
env['CFLAGS'] << ' -fno-omit-frame-pointer'
# AIX needs /opt/freeware/bin only for patch
patch_env = env.dup
patch_env['PATH'] = "/opt/freeware/bin:#{env['PATH']}" if aix?
if solaris_10? && version.satisfies?('>= 2.1')
patch source: 'ruby-no-stack-protector.patch', plevel: 1, env: patch_env
elsif solaris_10? && version =~ /^1.9/
patch source: 'ruby-sparc-1.9.3-c99.patch', plevel: 1, env: patch_env
elsif solaris_11? && version =~ /^2.1/
patch source: 'ruby-solaris-linux-socket-compat.patch', plevel: 1, env: patch_env
end
# wrlinux7/ios_xr build boxes from Cisco include libssp and there is no way to
# disable ruby from linking against it, but Cisco switches will not have the
# library. Disabling it as we do for Solaris.
patch source: 'ruby-no-stack-protector.patch', plevel: 1, env: patch_env if ios_xr? && version.satisfies?('>= 2.1')
# disable libpath in mkmf across all platforms, it trolls omnibus and
# breaks the postgresql cookbook. i'm not sure why ruby authors decided
# this was a good idea, but it breaks our use case hard. AIX cannot even
# compile without removing it, and it breaks some native gem installs on
# other platforms. generally you need to have a condition where the
# embedded and non-embedded libs get into a fight (libiconv, openssl, etc)
# and ruby trying to set LD_LIBRARY_PATH itself gets it wrong.
#
# Also, fix paths emitted in the makefile on windows on both msys and msys2.
if version.satisfies?('>= 2.1')
patch source: 'ruby-mkmf.patch', plevel: 1, env: patch_env
# should intentionally break and fail to apply on 2.2, patch will need to
# be fixed.
end
# Enable custom patch created by ayufan that allows to count memory allocations
# per-thread. This is asked to be upstreamed as part of https://github.com/ruby/ruby/pull/3978
patch source: 'thread-memory-allocations-2.7.patch', plevel: 1, env: patch_env
# Fix reserve stack segmentation fault when building on RHEL5 or below
# Currently only affects 2.1.7 and 2.2.3. This patch taken from the fix
# in Ruby trunk and expected to be included in future point releases.
# https://redmine.ruby-lang.org/issues/11602
if rhel? &&
platform_version.satisfies?('< 6') &&
(version == '2.1.7' || version == '2.2.3')
patch source: 'ruby-fix-reserve-stack-segfault.patch', plevel: 1, env: patch_env
end
# copy_file_range() has been disabled on recent RedHat kernels:
# 1. https://gitlab.com/gitlab-org/gitlab/-/issues/218999
# 2. https://bugs.ruby-lang.org/issues/16965
# 3. https://bugzilla.redhat.com/show_bug.cgi?id=1783554
patch source: 'ruby-disable-copy-file-range.patch', plevel: 1, env: patch_env if centos? || rhel?
configure_command = ['--with-out-ext=dbm,readline',
'--enable-shared',
'--disable-install-doc',
'--without-gmp',
'--without-gdbm',
'--without-tk',
'--disable-dtrace']
configure_command << '--with-ext=psych' if version.satisfies?('< 2.3')
configure_command << '--with-bundled-md5' if fips_enabled
if aix?
# need to patch ruby's configure file so it knows how to find shared libraries
patch source: 'ruby-aix-configure.patch', plevel: 1, env: patch_env
# have ruby use zlib on AIX correctly
patch source: 'ruby_aix_openssl.patch', plevel: 1, env: patch_env
# AIX has issues with ssl retries, need to patch to have it retry
patch source: 'ruby_aix_2_1_3_ssl_EAGAIN.patch', plevel: 1, env: patch_env
# the next two patches are because xlc doesn't deal with long vs int types well
patch source: 'ruby-aix-atomic.patch', plevel: 1, env: patch_env
patch source: 'ruby-aix-vm-core.patch', plevel: 1, env: patch_env
# per IBM, just help ruby along on what it's running on
configure_command << '--host=powerpc-ibm-aix6.1.0.0 --target=powerpc-ibm-aix6.1.0.0 --build=powerpc-ibm-aix6.1.0.0 --enable-pthread'
elsif freebsd?
# Disable optional support C level backtrace support. This requires the
# optional devel/libexecinfo port to be installed.
configure_command << 'ac_cv_header_execinfo_h=no'
configure_command << "--with-opt-dir=#{install_dir}/embedded"
elsif smartos?
# Opscode patch - someara@opscode.com
# GCC 4.7.0 chokes on mismatched function types between OpenSSL 1.0.1c and Ruby 1.9.3-p286
patch source: 'ruby-openssl-1.0.1c.patch', plevel: 1, env: patch_env
# Patches taken from RVM.
# http://bugs.ruby-lang.org/issues/5384
# https://www.illumos.org/issues/1587
# https://github.com/wayneeseguin/rvm/issues/719
patch source: 'rvm-cflags.patch', plevel: 1, env: patch_env
# From RVM forum
# https://github.com/wayneeseguin/rvm/commit/86766534fcc26f4582f23842a4d3789707ce6b96
configure_command << 'ac_cv_func_dl_iterate_phdr=no'
configure_command << "--with-opt-dir=#{install_dir}/embedded"
elsif windows?
configure_command << ' debugflags=-g'
else
configure_command << %w(host target build).map { |w| "--#{w}=#{OhaiHelper.gcc_target}" } if OhaiHelper.raspberry_pi?
configure_command << "--with-opt-dir=#{install_dir}/embedded"
end
# FFS: works around a bug that infects AIX when it picks up our pkg-config
# AFAIK, ruby does not need or use this pkg-config it just causes the build to fail.
# The alternative would be to patch configure to remove all the pkg-config garbage entirely
env['PKG_CONFIG'] = '/bin/true' if aix?
configure(*configure_command, env: env)
make "-j #{workers}", env: env
make "-j #{workers} install", env: env
if windows?
# Needed now that we switched to msys2 and have not figured out how to tell
# it how to statically link yet
dlls = ['libwinpthread-1']
dlls << if windows_arch_i386?
'libgcc_s_dw2-1'
else
'libgcc_s_seh-1'
end
dlls.each do |dll|
arch_suffix = windows_arch_i386? ? '32' : '64'
windows_path = "C:/msys2/mingw#{arch_suffix}/bin/#{dll}.dll"
raise "Cannot find required DLL needed for dynamic linking: #{windows_path}" unless File.exist?(windows_path)
copy windows_path, "#{install_dir}/embedded/bin/#{dll}.dll"
end
end
end

86
omnibus/config/software/rubygems.rb Normal file
View File

@@ -0,0 +1,86 @@
#
# Copyright 2012-2016 Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name 'rubygems'
default_version '3.1.4'
license 'MIT'
license_file 'LICENSE.txt'
skip_transitive_dependency_licensing true
dependency 'ruby'
if version && !source
# NOTE: 2.1.11 is the last version of rubygems before the 2.2.x change to native gem install location
#
# https://github.com/rubygems/rubygems/issues/874
#
# This is a breaking change for omnibus clients. Chef-11 needs to be pinned to 2.1.11 for eternity.
# We have switched from tarballs to just `gem update --system`, but for backcompat
# we pin the previously known tarballs.
known_tarballs = {
'2.1.11' => 'b561b7aaa70d387e230688066e46e448',
'2.2.1' => '1f0017af0ad3d3ed52665132f80e7443',
'2.4.1' => '7e39c31806bbf9268296d03bd97ce718',
'2.4.4' => '440a89ad6a3b1b7a69b034233cc4658e',
'2.4.5' => '5918319a439c33ac75fbbad7fd60749d',
'2.4.8' => 'dc77b51449dffe5b31776bff826bf559',
'2.7.9' => '173272ed55405caf7f858b6981fff526',
'3.1.4' => 'd117187a8f016cbe8f52011ae02e858b'
}
known_tarballs.each do |version, md5|
version version do
source md5: md5, url: "https://rubygems.org/rubygems/rubygems-#{version}.tgz"
relative_path "rubygems-#{version}"
end
end
version('v2.4.4_plus_debug') { source git: 'https://github.com/danielsdeleo/rubygems.git' }
version('2.4.4.debug.1') { source git: 'https://github.com/danielsdeleo/rubygems.git' }
# This is the 2.4.8 release with a fix for
# windows so things like `gem install "pry"` still
# work
version('jdm/2.4.8-patched') { source git: 'https://github.com/jaym/rubygems.git' }
end
# If we still don't have a source (if it's a tarball) grab from ruby ...
if version && !source
# If the version is a gem version, we"ll just be using rubygems.
# If it's a branch or SHA (i.e. v1.2.3) we use github.
begin
Gem::Version.new(version)
rescue ArgumentError
source git: 'https://github.com/rubygems/rubygems.git'
end
end
# git repo is always expanded to "rubygems"
relative_path 'rubygems' if source && source.include?(:git)
build do
env = with_standard_compiler_flags(with_embedded_path)
if source
# Building from source:
ruby 'setup.rb --no-document', env: env
else
# Installing direct from rubygems:
# If there is no version, this will get latest.
gem "update --system #{version}", env: env
patch source: "license/add-license-file.patch"
end
end

73
omnibus/config/software/runit.rb Normal file
View File

@@ -0,0 +1,73 @@
# frozen_string_literal: true
#
# Copyright 2012-2014 Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name 'runit'
default_version '2.1.2'
license 'BSD-3-Clause'
license_file '../package/COPYING'
skip_transitive_dependency_licensing true
version '2.1.2' do
source md5: '6c985fbfe3a34608eb3c53dc719172c4'
end
source url: "http://smarden.org/runit/runit-#{version}.tar.gz"
relative_path "admin/runit-#{version}/src"
build do
# Patch runit to not consider status of log service associated with a service
# on determining output of status command. For details, check
# https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4008
patch source: 'log-status.patch'
env = with_standard_compiler_flags(with_embedded_path)
# Put runit where we want it, not where they tell us to
command 'sed -i -e "s/^char\ \*varservice\ \=\"\/service\/\";$/char\ \*varservice\ \=\"' + install_dir.gsub('/', '\\/') + '\/service\/\";/" sv.c', env: env
# TODO: the following is not idempotent
command 'sed -i -e s:-static:: Makefile', env: env
# Build it
make "-j #{workers}", env: env
make "-j #{workers} check", env: env
# Move it
mkdir "#{install_dir}/embedded/bin"
copy "#{project_dir}/chpst", "#{install_dir}/embedded/bin"
copy "#{project_dir}/runit", "#{install_dir}/embedded/bin"
copy "#{project_dir}/runit-init", "#{install_dir}/embedded/bin"
copy "#{project_dir}/runsv", "#{install_dir}/embedded/bin"
copy "#{project_dir}/runsvchdir", "#{install_dir}/embedded/bin"
copy "#{project_dir}/runsvdir", "#{install_dir}/embedded/bin"
copy "#{project_dir}/sv", "#{install_dir}/embedded/bin"
copy "#{project_dir}/svlogd", "#{install_dir}/embedded/bin"
copy "#{project_dir}/utmpset", "#{install_dir}/embedded/bin"
erb source: 'runsvdir-start.erb',
dest: "#{install_dir}/embedded/bin/runsvdir-start",
mode: 0755,
vars: { install_dir: install_dir }
# Setup service directories
touch "#{install_dir}/service/.gitkeep"
touch "#{install_dir}/sv/.gitkeep"
touch "#{install_dir}/init/.gitkeep"
end

34
omnibus/config/templates/firezone-ctl/firezone-ctl.erb Normal file
View File

@@ -0,0 +1,34 @@
#!/bin/bash
#
# Copyright 2014 Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Ensure the calling environment (disapproval look Bundler) does not infect our
# Ruby environment if called from a Ruby script.
for ruby_env_var in RUBYOPT \
BUNDLE_BIN_PATH \
BUNDLE_GEMFILE \
GEM_PATH \
GEM_ROOT \
GEM_HOME
do
unset $ruby_env_var
done
# This bumps the default svwait timeout from 7 seconds to 30 seconds
# As documented at http://smarden.org/runit/sv.8.html
export SVWAIT=30
<%= embedded_bin %>/omnibus-ctl supermarket <%= embedded_service %>/omnibus-ctl $@

42
omnibus/config/templates/runit/runsvdir-start.erb Normal file
View File

@@ -0,0 +1,42 @@
#!/bin/bash
#
# Copyright 2012-<%= Time.now.year %> Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
PATH=<%= install_dir %>/bin:<%= install_dir %>/embedded/bin:/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin
ulimit -c 0
ulimit -d unlimited
ulimit -e 0
ulimit -f unlimited
ulimit -i 62793
ulimit -l 64
ulimit -m unlimited
# WARNING: Increasing the global file descriptor limit increases RAM
# consumption on startup dramatically!
ulimit -n 50000
ulimit -q 819200
ulimit -r 0
ulimit -s 10240
ulimit -t unlimited
ulimit -u unlimited
ulimit -v unlimited
ulimit -x unlimited
echo "1000000" > /proc/sys/fs/file-max
umask 022
exec env - PATH=$PATH \
runsvdir -P <%= install_dir %>/service 'log: <%= '.'*395 %>'

32
omnibus/cookbooks/omnibus-firezone/.delivery/project.toml Normal file
View File

@@ -0,0 +1,32 @@
# Delivery for Local Phases Execution
#
# This file allows you to execute test phases locally on a workstation or
# in a CI pipeline. The delivery-cli will read this file and execute the
# command(s) that are configured for each phase. You can customize them
# by just modifying the phase key on this file.
#
# By default these phases are configured for Cookbook Workflow only
#
[local_phases]
unit = "echo skipping unit phase."
lint = "chef exec cookstyle"
# foodcritic has been deprecated in favor of cookstyle so we skip the syntax
# phase now.
syntax = "echo skipping syntax phase. Use lint phase instead."
provision = "chef exec kitchen create"
deploy = "chef exec kitchen converge"
smoke = "chef exec kitchen verify"
# The functional phase is optional, you can define it by uncommenting
# the line below and running the command: `delivery local functional`
# functional = ""
cleanup = "chef exec kitchen destroy"
# Remote project.toml file
#
# Instead of the local phases above, you may specify a remote URI location for
# the `project.toml` file. This is useful for teams that wish to centrally
# manage the behavior of the `delivery local` command across many different
# projects.
#
# remote_file = "https://url/project.toml"

24
omnibus/cookbooks/omnibus-firezone/.gitignore vendored Normal file
View File

@@ -0,0 +1,24 @@
.vagrant
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
# Bundler
Gemfile.lock
gems.locked
bin/*
.bundle/*
# test kitchen
.kitchen/
kitchen.local.yml
# Chef Infra
Berksfile.lock
.zero-knife.rb
Policyfile.lock.json
.idea/

10
omnibus/cookbooks/omnibus-firezone/CHANGELOG.md Normal file
View File

@@ -0,0 +1,10 @@
# omnibus-firezone CHANGELOG
This file is used to list changes made in each version of the omnibus-firezone cookbook.
## 0.1.0
Initial release.
- change 0
- change 1

201
omnibus/cookbooks/omnibus-firezone/LICENSE Normal file
View File

@@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2020 Engineering
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

16
omnibus/cookbooks/omnibus-firezone/Policyfile.rb Normal file
View File

@@ -0,0 +1,16 @@
# Policyfile.rb - Describe how you want Chef Infra Client to build your system.
#
# For more information on the Policyfile feature, visit
# https://docs.chef.io/policyfile/
# A name that describes what the system you're building with Chef does.
name 'omnibus-firezone'
# Where to find external cookbooks:
default_source :supermarket
# run_list: chef-client will run these recipes in the order specified.
run_list 'omnibus-firezone::default'
# Specify a custom source for a single cookbook:
cookbook 'omnibus-firezone', path: '.'

3
omnibus/cookbooks/omnibus-firezone/README.md Normal file
View File

@@ -0,0 +1,3 @@
# omnibus-firezone
TODO: Enter the cookbook description here.

115
omnibus/cookbooks/omnibus-firezone/chefignore Normal file
View File

@@ -0,0 +1,115 @@
# Put files/directories that should be ignored in this file when uploading
# to a Chef Infra Server or Supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
ehthumbs.db
Icon?
nohup.out
Thumbs.db
.envrc
# EDITORS #
###########
.#*
.project
.settings
*_flymake
*_flymake.*
*.bak
*.sw[a-z]
*.tmproj
*~
\#*
REVISION
TAGS*
tmtags
.vscode
.editorconfig
## COMPILED ##
##############
*.class
*.com
*.dll
*.exe
*.o
*.pyc
*.so
*/rdoc/
a.out
mkmf.log
# Testing #
###########
.circleci/*
.codeclimate.yml
.delivery/*
.foodcritic
.kitchen*
.mdlrc
.overcommit.yml
.rspec
.rubocop.yml
.travis.yml
.watchr
.yamllint
azure-pipelines.yml
Dangerfile
examples/*
features/*
Guardfile
kitchen.yml*
mlc_config.json
Procfile
Rakefile
spec/*
test/*
# SCM #
#######
.git
.gitattributes
.gitconfig
.github/*
.gitignore
.gitkeep
.gitmodules
.svn
*/.bzr/*
*/.git
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Bundler #
###########
vendor/*
Gemfile
Gemfile.lock
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Documentation #
#############
CODE_OF_CONDUCT*
CONTRIBUTING*
documentation/*
TESTING*
UPGRADING*
# Vagrant #
###########
.vagrant
Vagrantfile

32
omnibus/cookbooks/omnibus-firezone/kitchen.yml Normal file
View File

@@ -0,0 +1,32 @@
---
driver:
name: vagrant
## The forwarded_port port feature lets you connect to ports on the VM guest via
## localhost on the host.
## see also: https://www.vagrantup.com/docs/networking/forwarded_ports
# network:
# - ["forwarded_port", {guest: 80, host: 8080}]
provisioner:
name: chef_zero
## product_name and product_version specifies a specific Chef product and version to install.
## see the Chef documentation for more details: https://docs.chef.io/workstation/config_yml_kitchen/
# product_name: chef
# product_version: 17
verifier:
name: inspec
platforms:
- name: ubuntu-20.04
- name: centos-8
suites:
- name: default
verifier:
inspec_tests:
- test/integration/default
attributes:

19
omnibus/cookbooks/omnibus-firezone/metadata.rb Normal file
View File

@@ -0,0 +1,19 @@
name 'omnibus-firezone'
maintainer 'The Authors'
maintainer_email 'you@example.com'
license 'All Rights Reserved'
description 'Installs/Configures omnibus-firezone'
version '0.1.0'
chef_version '>= 16.0'
# The `issues_url` points to the location where issues for this cookbook are
# tracked. A `View Issues` link will be displayed on this cookbook's page when
# uploaded to a Supermarket.
#
# issues_url 'https://github.com/<insert_org_here>/omnibus-firezone/issues'
# The `source_url` points to the development repository for this cookbook. A
# `View Source` link will be displayed on this cookbook's page when uploaded to
# a Supermarket.
#
# source_url 'https://github.com/<insert_org_here>/omnibus-firezone'

5
omnibus/cookbooks/omnibus-firezone/recipes/default.rb Normal file
View File

@@ -0,0 +1,5 @@
#
# Cookbook:: omnibus-firezone
# Recipe:: default
#
# Copyright:: 2021, The Authors, All Rights Reserved.

16
omnibus/cookbooks/omnibus-firezone/test/integration/default/default_test.rb Normal file
View File

@@ -0,0 +1,16 @@
# Chef InSpec test for recipe omnibus-firezone::default
# The Chef InSpec reference, with examples and extensive documentation, can be
# found at https://docs.chef.io/inspec/resources/
unless os.windows?
# This is an example test, replace with your own test.
describe user('root'), :skip do
it { should exist }
end
end
# This is an example test, replace it with your own test.
describe port(80), :skip do
it { should_not be_listening }
end