diff --git a/omnibus/Gemfile b/omnibus/Gemfile index 8e79590b9..8e8337cd6 100644 --- a/omnibus/Gemfile +++ b/omnibus/Gemfile @@ -4,6 +4,7 @@ source "https://rubygems.org" # Install omnibus gem "omnibus", "~> 8.1" +gem "chef", "~> 16.14.1" # Use Chef"s software definitions. It is recommended that you write your own # software definitions, but you can clone/fork Chef"s to get you started. diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock index af3a1519e..6e90fee64 100644 --- a/omnibus/Gemfile.lock +++ b/omnibus/Gemfile.lock @@ -6,7 +6,7 @@ GEM ast (2.4.2) awesome_print (1.9.2) aws-eventstream (1.1.1) - aws-partitions (1.484.0) + aws-partitions (1.487.0) aws-sdk-core (3.119.0) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.239.0) @@ -182,7 +182,7 @@ GEM mixlib-cli (2.1.8) mixlib-config (3.0.9) tomlrb - mixlib-install (3.12.11) + mixlib-install (3.12.16) mixlib-shellout mixlib-versioning thor @@ -190,7 +190,7 @@ GEM mixlib-shellout (3.2.5) chef-utils mixlib-versioning (1.2.12) - molinillo (0.7.0) + molinillo (0.8.0) multi_json (1.15.0) multipart-post (2.1.1) net-scp (3.0.0) @@ -272,16 +272,16 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.10.0) rspec-support (3.10.2) - rubocop (1.18.4) + rubocop (1.19.0) parallel (~> 1.10) parser (>= 3.0.0.0) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) rexml - rubocop-ast (>= 1.8.0, < 2.0) + rubocop-ast (>= 1.9.1, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.8.0) + rubocop-ast (1.10.0) parser (>= 3.0.1.1) ruby-progressbar (1.11.0) ruby2_keywords (0.0.5) @@ -380,6 +380,7 @@ PLATFORMS DEPENDENCIES berkshelf + chef (~> 16.14.1) kitchen-vagrant omnibus (~> 8.1) rubocop diff --git a/omnibus/config/patches/chef-bin/disable_license_enforce.patch b/omnibus/config/patches/chef-bin/disable_license_enforce.patch new file mode 100644 index 000000000..2d5f681ef --- /dev/null +++ b/omnibus/config/patches/chef-bin/disable_license_enforce.patch @@ -0,0 +1,10 @@ +diff --git a/chef-bin/bin/chef-client b/chef-bin/bin/chef-client +index 45a6af546a..95402c9481 100755 +--- a/chef-bin/bin/chef-client ++++ b/chef-bin/bin/chef-client +@@ -22,4 +22,4 @@ $:.unshift(File.join(File.dirname(__FILE__), "..", "lib")) + require "chef" + require "chef/application/client" + +-Chef::Application::Client.new.run(enforce_license: true) ++Chef::Application::Client.new.run(enforce_license: false) diff --git a/omnibus/config/patches/omnibus-ctl/skip-license-acceptance.patch b/omnibus/config/patches/omnibus-ctl/skip-license-acceptance.patch new file mode 100644 index 000000000..68bf2334c --- /dev/null +++ b/omnibus/config/patches/omnibus-ctl/skip-license-acceptance.patch @@ -0,0 +1,12 @@ +diff --git a/lib/omnibus-ctl.rb b/lib/omnibus-ctl.rb +index b3e06c2..acbf8b9 100644 +--- a/lib/omnibus-ctl.rb ++++ b/lib/omnibus-ctl.rb +@@ -504,7 +504,6 @@ EOM + # args being passed to this command does not include the ones that are + # starting with "-". See #is_option? method. If it is starting with "-" + # then it is treated as a option and we need to look for them in ARGV. +- check_license_acceptance(ARGV.include?("--accept-license")) + + status = run_chef("#{base_path}/embedded/cookbooks/dna.json") + if status.success? diff --git a/omnibus/config/patches/ruby/patch-configure b/omnibus/config/patches/ruby/patch-configure new file mode 100644 index 000000000..e4b239e02 --- /dev/null +++ b/omnibus/config/patches/ruby/patch-configure @@ -0,0 +1,103 @@ +$NetBSD: patch-configure,v 1.4 2012/10/12 14:51:31 taca Exp $ + +* Adding Interix and MirBSD support. +* Ignore doxygen. + +--- configure.orig 2012-10-12 09:23:46.000000000 +0000 ++++ configure +@@ -10654,6 +10654,9 @@ esac + superux*) : + ac_cv_func_setitimer=no + ;; #( ++ interix*) LIBS="-lm $LIBS" ++ ac_cv_func_getpgrp_void=yes ++ ;; #( + *) : + LIBS="-lm $LIBS" ;; + esac +@@ -11980,6 +11983,9 @@ fi + ac_fn_c_check_type "$LINENO" "struct timespec" "ac_cv_type_struct_timespec" "#ifdef HAVE_TIME_H + #include + #endif ++#ifdef HAVE_SYS_TIME_H ++# include ++#endif + " + if test "x$ac_cv_type_struct_timespec" = xyes; then : + +@@ -15790,7 +15796,7 @@ done + MAINLIBS="-pthread $MAINLIBS" ;; #( + *) : + case "$target_os" in #( +- openbsd*) : ++ openbsd*|mirbsd*) : + LIBS="-pthread $LIBS" ;; #( + *) : + LIBS="-l$pthread_lib $LIBS" ;; +@@ -16239,8 +16245,12 @@ esac ;; #( + rb_cv_dlopen=yes ;; #( + interix*) : + : ${LDSHARED='$(CC) -shared'} ++ LDFLAGS="$LDFLAGS -Wl,-E" + XLDFLAGS="$XLDFLAGS -Wl,-E" ++ # use special random-slot linkage in 0x[56]XXXXXXX + LIBPATHFLAG=" -L%1\$-s" ++ DLDFLAGS="$DLDFLAGS "'-Wl,-h,$(.TARGET) -Wl,--image-base,$$(($$RANDOM %4096/2*262144+1342177280))' ++ RPATHFLAG=' -Wl,-R%1$-s' + rb_cv_dlopen=yes ;; #( + freebsd*|dragonfly*) : + +@@ -16252,7 +16262,7 @@ esac ;; #( + test "$GCC" = yes && test "$rb_cv_prog_gnu_ld" = yes || LDSHARED="ld -Bshareable" + fi + rb_cv_dlopen=yes ;; #( +- openbsd*) : ++ openbsd*|mirbsd*) : + : ${LDSHARED='$(CC) -shared ${CCDLFLAGS}'} + if test "$rb_cv_binary_elf" = yes; then + LDFLAGS="$LDFLAGS -Wl,-E" +@@ -16781,7 +16791,7 @@ _ACEOF + freebsd*|dragonfly*) : + + SOLIBS='$(LIBS)' +- LIBRUBY_SO='lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR)' ++ LIBRUBY_SO='lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR)$(TEENY)' + if test "$rb_cv_binary_elf" != "yes" ; then + LIBRUBY_SO="$LIBRUBY_SO.\$(TEENY)" + LIBRUBY_ALIASES='' +@@ -16798,7 +16808,7 @@ _ACEOF + LIBRUBY_ALIASES="" + fi + ;; #( +- openbsd*) : ++ openbsd*|mirbsd*) : + + SOLIBS='$(LIBS)' + LIBRUBY_SO='lib$(RUBY_SO_NAME).so.$(MAJOR).'`expr ${MINOR} \* 10 + ${TEENY}` +@@ -16859,7 +16869,12 @@ esac + ;; #( + interix*) : + +- LIBRUBYARG_SHARED='-L. -L${libdir} -l$(RUBY_SO_NAME)' ++ SOLIBS='$(LIBS)' ++ LIBRUBY_SO='lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR).$(TEENY)' ++ # link explicitly to 0x48000000 ++ LIBRUBY_DLDFLAGS='-Wl,-h,lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR) -Wl,--image-base,1207959552' ++ LIBRUBYARG_SHARED='-Wl,-R -Wl,${libdir} -L${libdir} -L. -l$(RUBY_SO_NAME)' ++ LIBRUBY_ALIASES='lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR) lib$(RUBY_SO_NAME).so' + ;; #( + *) : + ;; +@@ -16922,11 +16937,7 @@ if test "$install_doc" != no; then + else + RDOCTARGET="nodoc" + fi +- if test "$install_capi" != no -a -n "$DOXYGEN"; then +- CAPITARGET="capi" +- else +- CAPITARGET="nodoc" +- fi ++ CAPITARGET="nodoc" + else + RDOCTARGET="nodoc" + CAPITARGET="nodoc" diff --git a/omnibus/config/patches/ruby/ruby-aix-atomic.patch b/omnibus/config/patches/ruby/ruby-aix-atomic.patch new file mode 100644 index 000000000..0ed17ef93 --- /dev/null +++ b/omnibus/config/patches/ruby/ruby-aix-atomic.patch @@ -0,0 +1,11 @@ +--- ruby-2.1.2/ruby_atomic.h.orig 2014-09-29 14:08:29.000000000 -0500 ++++ ruby-2.1.2/ruby_atomic.h 2014-09-29 14:08:41.000000000 -0500 +@@ -117,7 +117,7 @@ + # endif + + #else +-typedef int rb_atomic_t; ++typedef long rb_atomic_t; + #define NEED_RUBY_ATOMIC_OPS + extern rb_atomic_t ruby_atomic_exchange(rb_atomic_t *ptr, rb_atomic_t val); + extern rb_atomic_t ruby_atomic_compare_and_swap(rb_atomic_t *ptr, diff --git a/omnibus/config/patches/ruby/ruby-aix-configure.patch b/omnibus/config/patches/ruby/ruby-aix-configure.patch new file mode 100644 index 000000000..f6ef4bb0b --- /dev/null +++ b/omnibus/config/patches/ruby/ruby-aix-configure.patch @@ -0,0 +1,20 @@ +--- ruby-1.9.3-p547/configure.orig 2014-05-16 09:38:31 -0500 ++++ ruby-1.9.3-p547/configure 2014-07-15 19:58:29 -0500 +@@ -16488,6 +16488,7 @@ + aix*) : + : ${LDSHARED='$(CC)'} + LDSHARED="$LDSHARED ${linker_flag}-G" ++ DLDFLAGS='-eInit_$(TARGET)' + EXTDLDFLAGS='-e$(TARGET_ENTRY)' + XLDFLAGS="${linker_flag}"'-bE:$(ARCHFILE)'" ${linker_flag}-brtl" + XLDFLAGS="$XLDFLAGS ${linker_flag}-blibpath:${prefix}/lib:${LIBPATH:-/usr/lib:/lib}" +@@ -17028,7 +17029,8 @@ + + LIBRUBY_DLDFLAGS="${linker_flag}-bnoentry $XLDFLAGS" + LIBRUBYARG_SHARED='-L${libdir} -l${RUBY_SO_NAME}' +- SOLIBS='-lm -lc' ++ SOLIBS='-lm -lc -lz' ++ LIBRUBY_SO='lib$(RUBY_SO_NAME).a' + ;; #( + beos*) : + diff --git a/omnibus/config/patches/ruby/ruby-aix-vm-core.patch b/omnibus/config/patches/ruby/ruby-aix-vm-core.patch new file mode 100644 index 000000000..773a28772 --- /dev/null +++ b/omnibus/config/patches/ruby/ruby-aix-vm-core.patch @@ -0,0 +1,14 @@ +--- ruby-2.1.2/vm_core.h.orig 2014-09-29 14:05:24.000000000 -0500 ++++ ruby-2.1.2/vm_core.h 2014-09-29 14:05:39.000000000 -0500 +@@ -392,9 +392,9 @@ + + /* postponed_job */ + struct rb_postponed_job_struct *postponed_job_buffer; +- int postponed_job_index; ++ long postponed_job_index; + +- int src_encoding_index; ++ long src_encoding_index; + + VALUE verbose, debug, orig_progname, progname; + VALUE coverages; diff --git a/omnibus/config/patches/ruby/ruby-disable-copy-file-range.patch b/omnibus/config/patches/ruby/ruby-disable-copy-file-range.patch new file mode 100644 index 000000000..d2ceaa8d2 --- /dev/null +++ b/omnibus/config/patches/ruby/ruby-disable-copy-file-range.patch @@ -0,0 +1,13 @@ +diff --git a/io.c b/io.c +index 868756ffc5..2e4166d664 100644 +--- a/io.c ++++ b/io.c +@@ -10887,7 +10887,7 @@ nogvl_copy_stream_wait_write(struct copy_stream_struct *stp) + return 0; + } + +-#if defined HAVE_COPY_FILE_RANGE || (defined __linux__ && defined __NR_copy_file_range) ++#if 0 + # define USE_COPY_FILE_RANGE + #endif + diff --git a/omnibus/config/patches/ruby/ruby-fix-reserve-stack-segfault.patch b/omnibus/config/patches/ruby/ruby-fix-reserve-stack-segfault.patch new file mode 100644 index 000000000..ee61dd6df --- /dev/null +++ b/omnibus/config/patches/ruby/ruby-fix-reserve-stack-segfault.patch @@ -0,0 +1,12 @@ +--- a/thread_pthread.c ++++ b/thread_pthread.c +@@ -686,8 +686,8 @@ reserve_stack(volatile char *limit, size_t size) + limit -= size; + if (buf > limit) { + limit = alloca(buf - limit); ++ limit[0] = 0; /* ensure alloca is called */ + limit -= stack_check_margin; +- limit[0] = 0; + } + } + } diff --git a/omnibus/config/patches/ruby/ruby-freebsd-9-zlib.patch b/omnibus/config/patches/ruby/ruby-freebsd-9-zlib.patch new file mode 100644 index 000000000..e69de29bb diff --git a/omnibus/config/patches/ruby/ruby-mkmf.patch b/omnibus/config/patches/ruby/ruby-mkmf.patch new file mode 100644 index 000000000..aef3b0446 --- /dev/null +++ b/omnibus/config/patches/ruby/ruby-mkmf.patch @@ -0,0 +1,29 @@ +--- a/lib/mkmf.rb 2016-06-16 16:19:13.000000000 -0400 ++++ b/lib/mkmf.rb 2016-06-16 16:23:08.000000000 -0400 +@@ -365,6 +365,17 @@ + end + + def libpath_env ++ # Patch for aix ++ # Ideally applications should not need LIBPATH/LD_LIBRARY_PATH set ++ # and should rely on the embedded paths in binaries/shared objects ++ # For chef say on AIX we already build using -blibpath and ++ # LD_RUN_PATH, so the extensions built using chef embedded ruby ++ # (using rbconfig) should have correct paths set. ++ # Setting LIBPATH overrides the behaviour of programs invoked from ++ # chef built ruby, for example xlc ends up picking up libiconv built ++ # within chef embedded ruby libs instead of the one from /usr/lib ++ return {} ++ + # used only if native compiling + if libpathenv = config_string("LIBPATHENV") + pathenv = ENV[libpathenv] +@@ -1799,7 +1810,7 @@ + # + if !CROSS_COMPILING + case CONFIG['build_os'] +- when 'mingw32' ++ when 'mingw32', 'mingw64' + def mkintpath(path) + # mingw uses make from msys and it needs special care + # converts from C:\some\path to /C/some/path diff --git a/omnibus/config/patches/ruby/ruby-no-stack-protector.patch b/omnibus/config/patches/ruby/ruby-no-stack-protector.patch new file mode 100644 index 000000000..7ecabf32f --- /dev/null +++ b/omnibus/config/patches/ruby/ruby-no-stack-protector.patch @@ -0,0 +1,13 @@ +diff --git a/configure.dist b/configure +index d83c15a..bd4813c 100755 +--- a/configure.dist ++++ b/configure +@@ -7491,7 +7491,7 @@ main () + } + _ACEOF + if ac_fn_c_try_compile "$LINENO"; then : +- stack_protector=yes ++ stack_protector=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + else diff --git a/omnibus/config/patches/ruby/ruby-openssl-1.0.1c.patch b/omnibus/config/patches/ruby/ruby-openssl-1.0.1c.patch new file mode 100644 index 000000000..7b98d226c --- /dev/null +++ b/omnibus/config/patches/ruby/ruby-openssl-1.0.1c.patch @@ -0,0 +1,42 @@ +diff -Naur ruby-1.9.3-p286.pristine/ext/openssl/openssl_missing.c ruby-1.9.3-p286/ext/openssl/openssl_missing.c +--- ruby-1.9.3-p286.pristine/ext/openssl/openssl_missing.c 2011-06-26 01:32:03.000000000 +0000 ++++ ruby-1.9.3-p286/ext/openssl/openssl_missing.c 2013-01-28 05:08:38.192083253 +0000 +@@ -22,7 +22,7 @@ + #include "openssl_missing.h" + + #if !defined(HAVE_HMAC_CTX_COPY) +-void ++int + HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in) + { + if (!out || !in) return; +@@ -118,7 +118,7 @@ + * tested on 0.9.7d. + */ + int +-EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in) ++EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) + { + memcpy(out, in, sizeof(EVP_CIPHER_CTX)); + +diff -Naur ruby-1.9.3-p286.pristine/ext/openssl/openssl_missing.h ruby-1.9.3-p286/ext/openssl/openssl_missing.h +--- ruby-1.9.3-p286.pristine/ext/openssl/openssl_missing.h 2011-06-26 01:32:03.000000000 +0000 ++++ ruby-1.9.3-p286/ext/openssl/openssl_missing.h 2013-01-28 05:08:38.192500215 +0000 +@@ -68,7 +68,7 @@ + #endif + + #if !defined(HAVE_HMAC_CTX_COPY) +-void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); ++int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); + #endif + + #if !defined(HAVE_HMAC_CTX_CLEANUP) +@@ -92,7 +92,7 @@ + #endif + + #if !defined(HAVE_EVP_CIPHER_CTX_COPY) +-int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in); ++int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); + #endif + + #if !defined(HAVE_EVP_DIGESTINIT_EX) diff --git a/omnibus/config/patches/ruby/ruby-solaris-linux-socket-compat.patch b/omnibus/config/patches/ruby/ruby-solaris-linux-socket-compat.patch new file mode 100644 index 000000000..7369c1def --- /dev/null +++ b/omnibus/config/patches/ruby/ruby-solaris-linux-socket-compat.patch @@ -0,0 +1,42 @@ +--- ruby-2.1.5/ext/socket/raddrinfo.c.orig Fri Mar 20 13:53:18 2015 ++++ ruby-2.1.5/ext/socket/raddrinfo.c Fri Mar 20 13:53:34 2015 +@@ -8,6 +8,39 @@ + + ************************************************/ + ++/* Linux kernel socket model compat defs. ++ AIX/Solaris/HP-UX all use an alternate ++ interface called DLPI. See the below and ++ libpcap's pcap-dlpi.c for more info: ++ http://www.oracle.com/technetwork/server-storage/solaris/solaris-linux-app-139382.html*/ ++#define PACKET_HOST 0 /* To us. */ ++#define PACKET_BROADCAST 1 /* To all. */ ++#define PACKET_MULTICAST 2 /* To group. */ ++#define PACKET_OTHERHOST 3 /* To someone else. */ ++#define PACKET_OUTGOING 4 /* Originated by us . */ ++#define PACKET_LOOPBACK 5 ++#define PACKET_FASTROUTE 6 ++ ++/* Packet socket options. */ ++ ++#define PACKET_ADD_MEMBERSHIP 1 ++#define PACKET_DROP_MEMBERSHIP 2 ++#define PACKET_RECV_OUTPUT 3 ++#define PACKET_RX_RING 5 ++#define PACKET_STATISTICS 6 ++ ++struct packet_mreq ++ { ++ int mr_ifindex; ++ unsigned short int mr_type; ++ unsigned short int mr_alen; ++ unsigned char mr_address[8]; ++ }; ++ ++#define PACKET_MR_MULTICAST 0 ++#define PACKET_MR_PROMISC 1 ++#define PACKET_MR_ALLMULTI 2 ++ + #include "rubysocket.h" + + #if defined(INET6) && (defined(LOOKUP_ORDER_HACK_INET) || defined(LOOKUP_ORDER_HACK_INET6)) diff --git a/omnibus/config/patches/ruby/ruby-sparc-1.9.3-c99.patch b/omnibus/config/patches/ruby/ruby-sparc-1.9.3-c99.patch new file mode 100644 index 000000000..c7ac38b59 --- /dev/null +++ b/omnibus/config/patches/ruby/ruby-sparc-1.9.3-c99.patch @@ -0,0 +1,20 @@ +--- ruby-1.9.3/sparc.c_orig Wed Apr 22 19:07:16 2015 ++++ ruby-1.9.3/sparc.c Wed Apr 22 19:07:57 2015 +@@ -11,7 +11,16 @@ + *********************************************************************/ + void rb_sparc_flush_register_windows(void) + { +- asm ++ /* ++ * gcc doesn't provide "asm" keyword if -ansi and the various -std options ++ * are given. ++ * http://gcc.gnu.org/onlinedocs/gcc/Alternate-Keywords.html ++ */ ++#ifndef __GNUC__ ++#define __asm__ asm ++#endif ++ ++ __asm__ + #ifdef __GNUC__ + __volatile__ + #endif diff --git a/omnibus/config/patches/ruby/ruby_aix_1_9_3_448_ssl_EAGAIN.patch b/omnibus/config/patches/ruby/ruby_aix_1_9_3_448_ssl_EAGAIN.patch new file mode 100644 index 000000000..ec661262b --- /dev/null +++ b/omnibus/config/patches/ruby/ruby_aix_1_9_3_448_ssl_EAGAIN.patch @@ -0,0 +1,58 @@ +diff --git a/ext/openssl/lib/openssl/ssl-internal.rb b/ext/openssl/lib/openssl/ssl-internal.rb +index 356d4e8..89a7a42 100644 +--- a/ext/openssl/lib/openssl/ssl-internal.rb ++++ b/ext/openssl/lib/openssl/ssl-internal.rb +@@ -169,7 +169,15 @@ module OpenSSL + begin + ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx) + ssl.sync_close = true +- ssl.accept if @start_immediately ++ if @start_immediately ++ # Retry on EAGAIN (may be due to underlying inprogress for TLS handshake or renegotiation requested.) ++ # Any other error is rescued further. ++ begin ++ ssl.accept ++ rescue Errno::EAGAIN ++ retry ++ end ++ end + ssl + rescue SSLError => ex + sock.close +diff --git a/lib/net/http.rb b/lib/net/http.rb +index 9e4fe6a..41a9c75 100644 +--- a/lib/net/http.rb ++++ b/lib/net/http.rb +@@ -797,7 +797,14 @@ module Net #:nodoc: + end + # Server Name Indication (SNI) RFC 3546 + s.hostname = @address if s.respond_to? :hostname= +- timeout(@open_timeout) { s.connect } ++ timeout(@open_timeout) { ++ # Retry on EAGAIN (may be due to underlying inprogress for TLS handshake or renegotiation requested.) ++ begin ++ s.connect ++ rescue Errno::EAGAIN ++ retry ++ end ++ } + if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE + s.post_connection_check(@address) + end +diff --git a/lib/net/protocol.rb b/lib/net/protocol.rb +index f374466..b6f9f17 100644 +--- a/lib/net/protocol.rb ++++ b/lib/net/protocol.rb +@@ -153,6 +153,12 @@ module Net # :nodoc: + else + raise Timeout::Error + end ++ rescue Errno::EAGAIN ++ # read_nonblock calls underlying SSL_read. openssl doc states that data can be processed only when SSL/TLS ++ # record has been received completely. Also data that was not retrieved at the last call of SSL_read() ++ # can still be buffered inside the SSL layer and will be retrieved on the next call to SSL_read. ++ # http://www.openssl.org/docs/ssl/SSL_read.html ++ retry + end + end + diff --git a/omnibus/config/patches/ruby/ruby_aix_2_1_3_ssl_EAGAIN.patch b/omnibus/config/patches/ruby/ruby_aix_2_1_3_ssl_EAGAIN.patch new file mode 100644 index 000000000..a5eacc994 --- /dev/null +++ b/omnibus/config/patches/ruby/ruby_aix_2_1_3_ssl_EAGAIN.patch @@ -0,0 +1,19 @@ +--- ruby-2.1.3/ext/openssl/lib/openssl/ssl.rb_orig 2014-10-24 13:09:44.000000000 -0500 ++++ ruby-2.1.3/ext/openssl/lib/openssl/ssl.rb 2014-10-24 13:11:01.000000000 -0500 +@@ -194,7 +194,15 @@ + begin + ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx) + ssl.sync_close = true +- ssl.accept if @start_immediately ++ if @start_immediately ++ # Retry on EAGAIN (may be due to underlying inprogress for TLS handshake or renegotiation requested.) ++ # Any other error is rescued further. ++ begin ++ ssl.accept ++ rescue Errno::EAGAIN ++ retry ++ end ++ end + ssl + rescue SSLError => ex + sock.close diff --git a/omnibus/config/patches/ruby/ruby_aix_openssl.patch b/omnibus/config/patches/ruby/ruby_aix_openssl.patch new file mode 100644 index 000000000..e8204b49d --- /dev/null +++ b/omnibus/config/patches/ruby/ruby_aix_openssl.patch @@ -0,0 +1,10 @@ +--- ruby-1.9.3-p547/ext/openssl/extconf.rb.orig 2014-07-15 17:50:30 -0500 ++++ ruby-1.9.3-p547/ext/openssl/extconf.rb 2014-07-15 17:50:39 -0500 +@@ -34,6 +34,7 @@ + end + + Logging::message "=== Checking for system dependent stuff... ===\n" ++have_library("z", "inflate") + have_library("nsl", "t_open") + have_library("socket", "socket") + have_header("assert.h") diff --git a/omnibus/config/patches/ruby/rvm-cflags.patch b/omnibus/config/patches/ruby/rvm-cflags.patch new file mode 100644 index 000000000..fcd2f6d77 --- /dev/null +++ b/omnibus/config/patches/ruby/rvm-cflags.patch @@ -0,0 +1,27 @@ +--- a/configure.in ++++ b/configure.in +@@ -267,11 +267,9 @@ + cflagspat="$cflagspat;s|"`eval echo '"'"${debugflags}"'"' | sed 's/[[][|.*]]/\\&/g;s/^ */ /;s/ *$/ /'`'| |g' + test -z "warnflags" || + cflagspat="$cflagspat;s|"`eval echo '"'"${warnflags}"'"' | sed 's/[[][|.*]]/\\&/g;s/^ */ /;s/ *$/ /'`'| |g' +-if test -z "${CFLAGS+set}"; then +- cflags=`echo " $cflags " | sed "$cflagspat;s/^ *//;s/ *$//"` +- orig_cflags="$cflags" +- cflags="$cflags "'${optflags} ${debugflags} ${warnflags}' +-fi ++cflags=`echo " $cflags " | sed "$cflagspat;s/^ *//;s/ *$//"` ++orig_cflags="$cflags" ++cflags="$cflags "'${optflags} ${debugflags} ${warnflags}' + if test -z "${CXXFLAGS+set}"; then + cxxflags=`echo " $cxxflags " | sed "$cflagspat;s/^ *//;s/ *$//"` + orig_cxxflags="$cxxflags" +@@ -511,7 +509,8 @@ + ]) + fi + +-test -z "${ac_env_CFLAGS_set}" -a -n "${cflags+set}" && eval CFLAGS="\"$cflags $ARCH_FLAG\"" ++test -z "${ac_env_CFLAGS_set}" && CFLAGS="$ARCH_FLAG" ++test -n "${cflags:+set}" && eval CFLAGS="\"$cflags\${CFLAGS:+ $CFLAGS}\"" + test -z "${ac_env_CXXFLAGS_set}" -a -n "${cxxflags+set}" && eval CXXFLAGS="\"$cxxflags $ARCH_FLAG\"" + + dnl check for large file stuff diff --git a/omnibus/config/patches/ruby/thread-memory-allocations-2.7.patch b/omnibus/config/patches/ruby/thread-memory-allocations-2.7.patch new file mode 100644 index 000000000..239e96bc5 --- /dev/null +++ b/omnibus/config/patches/ruby/thread-memory-allocations-2.7.patch @@ -0,0 +1,256 @@ +From 97f14ebfd8d24d71e10c450e0a90b6322f9c0d59 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Kamil=20Trzci=C5=84ski?= +Date: Tue, 22 Dec 2020 15:33:08 +0100 +Subject: [PATCH] Expose `Thread#memory_allocations` counters + +This provides currently a per-thread GC heap slots +and malloc allocations statistics. + +This is designed to measure a memory allocations +in a multi-threaded environments (concurrent requests +processing) with an accurate information about allocated +memory within a given execution context. + +Example: Measure memory pressure generated by a given +requests to easier find requests with a lot of allocations. +--- + gc.c | 20 ++++++ + .../test_thread_trace_memory_allocations.rb | 67 +++++++++++++++++++ + thread.c | 55 +++++++++++++++ + vm_core.h | 17 +++++ + 4 files changed, 159 insertions(+) + create mode 100644 test/ruby/test_thread_trace_memory_allocations.rb + +diff --git a/gc.c b/gc.c +index 73faf46b128b..f2dcd2935052 100644 +--- a/gc.c ++++ b/gc.c +@@ -2172,6 +2172,13 @@ newobj_init(VALUE klass, VALUE flags, VALUE v1, VALUE v2, VALUE v3, int wb_prote + GC_ASSERT(!SPECIAL_CONST_P(obj)); /* check alignment */ + #endif + ++#if THREAD_TRACE_MEMORY_ALLOCATIONS ++ rb_thread_t *th = ruby_threadptr_for_trace_memory_allocations(); ++ if (th) { ++ ATOMIC_SIZE_INC(th->memory_allocations.total_allocated_objects); ++ } ++#endif ++ + objspace->total_allocated_objects++; + + gc_report(5, objspace, "newobj: %s\n", obj_info(obj)); +@@ -9732,6 +9739,19 @@ objspace_malloc_increase(rb_objspace_t *objspace, void *mem, size_t new_size, si + #endif + } + ++#if THREAD_TRACE_MEMORY_ALLOCATIONS ++ rb_thread_t *th = ruby_threadptr_for_trace_memory_allocations(); ++ if (th) { ++ if (new_size > old_size) { ++ ATOMIC_SIZE_ADD(th->memory_allocations.total_malloc_bytes, new_size - old_size); ++ } ++ ++ if (type == MEMOP_TYPE_MALLOC) { ++ ATOMIC_SIZE_INC(th->memory_allocations.total_mallocs); ++ } ++ } ++#endif ++ + if (type == MEMOP_TYPE_MALLOC) { + retry: + if (malloc_increase > malloc_limit && ruby_native_thread_p() && !dont_gc) { +diff --git a/test/ruby/test_thread_trace_memory_allocations.rb b/test/ruby/test_thread_trace_memory_allocations.rb +new file mode 100644 +index 000000000000..2e281513578b +--- /dev/null ++++ b/test/ruby/test_thread_trace_memory_allocations.rb +@@ -0,0 +1,67 @@ ++# frozen_string_literal: true ++ ++require 'test/unit' ++ ++class TestThreadTraceMemoryAllocations < Test::Unit::TestCase ++ def test_disabled_trace_memory_allocations ++ Thread.trace_memory_allocations = false ++ ++ assert_predicate Thread.current.memory_allocations, :nil? ++ end ++ ++ def test_enabled_trace_memory_allocations ++ Thread.trace_memory_allocations = true ++ ++ assert_not_nil(Thread.current.memory_allocations) ++ end ++ ++ def test_only_this_thread_allocations_are_counted ++ changed = { ++ total_allocated_objects: 1000, ++ total_malloc_bytes: 1_000_000, ++ total_mallocs: 100 ++ } ++ ++ Thread.trace_memory_allocations = true ++ ++ assert_less_than(changed) do ++ Thread.new do ++ assert_greater_than(changed) do ++ # This will allocate: 5k objects, 5k mallocs, 5MB ++ allocate(5000, 1000) ++ end ++ end.join ++ ++ # This will allocate: 50 objects, 50 mallocs, 500 bytes ++ allocate(50, 10) ++ end ++ end ++ ++ private ++ ++ def allocate(slots, bytes) ++ Array.new(slots).map do ++ '0' * bytes ++ end ++ end ++ ++ def assert_greater_than(keys) ++ before = Thread.current.memory_allocations ++ yield ++ after = Thread.current.memory_allocations ++ ++ keys.each do |key, by| ++ assert_operator(by, :<=, after[key]-before[key], "expected the #{key} to change more than #{by}") ++ end ++ end ++ ++ def assert_less_than(keys) ++ before = Thread.current.memory_allocations ++ yield ++ after = Thread.current.memory_allocations ++ ++ keys.each do |key, by| ++ assert_operator(by, :>, after[key]-before[key], "expected the #{key} to change less than #{by}") ++ end ++ end ++end +diff --git a/thread.c b/thread.c +index 708aaa471d99..d68a59e9f2d6 100644 +--- a/thread.c ++++ b/thread.c +@@ -5143,6 +5143,55 @@ rb_thread_backtrace_locations_m(int argc, VALUE *argv, VALUE thval) + return rb_vm_thread_backtrace_locations(argc, argv, thval); + } + ++#if THREAD_TRACE_MEMORY_ALLOCATIONS ++rb_thread_t * ++ruby_threadptr_for_trace_memory_allocations(void) ++{ ++ // The order of this checks is important due ++ // to how Ruby VM is initialized ++ if (GET_VM()->thread_trace_memory_allocations && GET_EC() != NULL) { ++ return GET_THREAD(); ++ } ++ ++ return NULL; ++} ++ ++static VALUE ++rb_thread_s_trace_memory_allocations(VALUE _) ++{ ++ return GET_THREAD()->vm->thread_trace_memory_allocations ? Qtrue : Qfalse; ++} ++ ++static VALUE ++rb_thread_s_trace_memory_allocations_set(VALUE self, VALUE val) ++{ ++ GET_THREAD()->vm->thread_trace_memory_allocations = RTEST(val); ++ return val; ++} ++ ++static VALUE ++rb_thread_memory_allocations(VALUE self) ++{ ++ rb_thread_t *th = rb_thread_ptr(self); ++ ++ if (!th->vm->thread_trace_memory_allocations) { ++ return Qnil; ++ } ++ ++ VALUE ret = rb_hash_new(); ++ ++ VALUE total_allocated_objects = ID2SYM(rb_intern_const("total_allocated_objects")); ++ VALUE total_malloc_bytes = ID2SYM(rb_intern_const("total_malloc_bytes")); ++ VALUE total_mallocs = ID2SYM(rb_intern_const("total_mallocs")); ++ ++ rb_hash_aset(ret, total_allocated_objects, SIZET2NUM(th->memory_allocations.total_allocated_objects)); ++ rb_hash_aset(ret, total_malloc_bytes, SIZET2NUM(th->memory_allocations.total_malloc_bytes)); ++ rb_hash_aset(ret, total_mallocs, SIZET2NUM(th->memory_allocations.total_mallocs)); ++ ++ return ret; ++} ++#endif ++ + /* + * Document-class: ThreadError + * +@@ -5230,6 +5279,12 @@ Init_Thread(void) + rb_define_method(rb_cThread, "to_s", rb_thread_to_s, 0); + rb_define_alias(rb_cThread, "inspect", "to_s"); + ++#if THREAD_TRACE_MEMORY_ALLOCATIONS ++ rb_define_singleton_method(rb_cThread, "trace_memory_allocations", rb_thread_s_trace_memory_allocations, 0); ++ rb_define_singleton_method(rb_cThread, "trace_memory_allocations=", rb_thread_s_trace_memory_allocations_set, 1); ++ rb_define_method(rb_cThread, "memory_allocations", rb_thread_memory_allocations, 0); ++#endif ++ + rb_vm_register_special_exception(ruby_error_stream_closed, rb_eIOError, + "stream closed in another thread"); + +diff --git a/vm_core.h b/vm_core.h +index 12c3ac377551..63cdf55fa6ed 100644 +--- a/vm_core.h ++++ b/vm_core.h +@@ -69,6 +69,13 @@ + # define VM_INSN_INFO_TABLE_IMPL 2 + #endif + ++/* ++ * track a per thread memory allocations ++ */ ++#ifndef THREAD_TRACE_MEMORY_ALLOCATIONS ++# define THREAD_TRACE_MEMORY_ALLOCATIONS 1 ++#endif ++ + #include "ruby/ruby.h" + #include "ruby/st.h" + +@@ -602,6 +609,7 @@ typedef struct rb_vm_struct { + unsigned int running: 1; + unsigned int thread_abort_on_exception: 1; + unsigned int thread_report_on_exception: 1; ++ unsigned int thread_trace_memory_allocations: 1; + + unsigned int safe_level_: 1; + int sleeper; +@@ -960,6 +968,14 @@ typedef struct rb_thread_struct { + + rb_thread_list_t *join_list; + ++#if THREAD_TRACE_MEMORY_ALLOCATIONS ++ struct { ++ size_t total_allocated_objects; ++ size_t total_malloc_bytes; ++ size_t total_mallocs; ++ } memory_allocations; ++#endif ++ + union { + struct { + VALUE proc; +@@ -1852,6 +1868,7 @@ void rb_threadptr_interrupt(rb_thread_t *th); + void rb_threadptr_unlock_all_locking_mutexes(rb_thread_t *th); + void rb_threadptr_pending_interrupt_clear(rb_thread_t *th); + void rb_threadptr_pending_interrupt_enque(rb_thread_t *th, VALUE v); ++rb_thread_t *ruby_threadptr_for_trace_memory_allocations(void); + VALUE rb_ec_get_errinfo(const rb_execution_context_t *ec); + void rb_ec_error_print(rb_execution_context_t * volatile ec, volatile VALUE errinfo); + void rb_execution_context_update(const rb_execution_context_t *ec); diff --git a/omnibus/config/patches/rubygems/license/add-license-file.patch b/omnibus/config/patches/rubygems/license/add-license-file.patch new file mode 100644 index 000000000..bcc5e92f5 --- /dev/null +++ b/omnibus/config/patches/rubygems/license/add-license-file.patch @@ -0,0 +1,60 @@ +diff --git a/LICENSE.txt b/LICENSE.txt +new file mode 100644 +index 0000000..8a0a51d +--- /dev/null ++++ b/LICENSE.txt +@@ -0,0 +1,54 @@ ++RubyGems is copyrighted free software by Chad Fowler, Rich Kilmer, Jim ++Weirich and others. You can redistribute it and/or modify it under ++either the terms of the MIT license (see the file MIT.txt), or the ++conditions below: ++ ++1. You may make and give away verbatim copies of the source form of the ++ software without restriction, provided that you duplicate all of the ++ original copyright notices and associated disclaimers. ++ ++2. You may modify your copy of the software in any way, provided that ++ you do at least ONE of the following: ++ ++ a. place your modifications in the Public Domain or otherwise ++ make them Freely Available, such as by posting said ++ modifications to Usenet or an equivalent medium, or by allowing ++ the author to include your modifications in the software. ++ ++ b. use the modified software only within your corporation or ++ organization. ++ ++ c. give non-standard executables non-standard names, with ++ instructions on where to get the original software distribution. ++ ++ d. make other distribution arrangements with the author. ++ ++3. You may distribute the software in object code or executable ++ form, provided that you do at least ONE of the following: ++ ++ a. distribute the executables and library files of the software, ++ together with instructions (in the manual page or equivalent) ++ on where to get the original distribution. ++ ++ b. accompany the distribution with the machine-readable source of ++ the software. ++ ++ c. give non-standard executables non-standard names, with ++ instructions on where to get the original software distribution. ++ ++ d. make other distribution arrangements with the author. ++ ++4. You may modify and include the part of the software into any other ++ software (possibly commercial). ++ ++5. The scripts and library files supplied as input to or produced as ++ output from the software do not automatically fall under the ++ copyright of the software, but belong to whomever generated them, ++ and may be sold commercially, and may be aggregated with this ++ software. ++ ++6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR ++ IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED ++ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ PURPOSE. ++ diff --git a/omnibus/config/patches/runit/log-status.patch b/omnibus/config/patches/runit/log-status.patch new file mode 100644 index 000000000..cfdaeee40 --- /dev/null +++ b/omnibus/config/patches/runit/log-status.patch @@ -0,0 +1,13 @@ +diff --git a/sv.c b/sv.c +index 0125795..b79dc4f 100644 +--- a/sv.c ++++ b/sv.c +@@ -167,7 +167,7 @@ int status(char *unused) { + } + else { + outs("; "); +- if (svstatus_get()) { rc =svstatus_print("log"); outs("\n"); } ++ if (svstatus_get()) { svstatus_print("log"); outs("\n"); } + } + islog =0; + flush(""); diff --git a/omnibus/config/projects/firezone.rb b/omnibus/config/projects/firezone.rb index d32f7d269..91df5886a 100644 --- a/omnibus/config/projects/firezone.rb +++ b/omnibus/config/projects/firezone.rb @@ -33,16 +33,15 @@ build_version Omnibus::BuildVersion.semver build_iteration 1 # firezone build dependencies/components -dependency "compile_release" +dependency "runit" +dependency "nginx" dependency "erlang" dependency "elixir" dependency "openssl" dependency "postgresql" dependency "wireguard-tools" - -if linux? - dependency "nftables" -end +dependency "compile_release" +dependency "nftables" if linux? exclude ".env" exclude ".github" diff --git a/omnibus/config/software/autoconf.rb b/omnibus/config/software/autoconf.rb index c61793fc0..324c6fc07 100644 --- a/omnibus/config/software/autoconf.rb +++ b/omnibus/config/software/autoconf.rb @@ -43,5 +43,5 @@ build do " --prefix=#{install_dir}/embedded", env: env make "-j #{workers}", env: env - make "install", env: env + make "-j #{workers} install", env: env end diff --git a/omnibus/config/software/automake.rb b/omnibus/config/software/automake.rb index 67e5732e9..83a809e59 100644 --- a/omnibus/config/software/automake.rb +++ b/omnibus/config/software/automake.rb @@ -46,5 +46,5 @@ build do " --prefix=#{install_dir}/embedded", env: env make "-j #{workers}", env: env - make "install", env: env + make "-j #{workers} install", env: env end diff --git a/omnibus/config/software/cacerts.rb b/omnibus/config/software/cacerts.rb index 2a6524c63..46ac706a9 100644 --- a/omnibus/config/software/cacerts.rb +++ b/omnibus/config/software/cacerts.rb @@ -41,7 +41,9 @@ build do # Windows does not support symlinks unless windows? - link "certs/cacert.pem", "#{install_dir}/embedded/ssl/cert.pem", unchecked: true + link "certs/cacert.pem", "#{install_dir}/embedded/ssl/cert.pem", + unchecked: true, + force: true block { File.chmod(0644, "#{install_dir}/embedded/ssl/certs/cacert.pem") } end diff --git a/omnibus/config/software/chef-bin.rb b/omnibus/config/software/chef-bin.rb new file mode 100644 index 000000000..bb2544aa4 --- /dev/null +++ b/omnibus/config/software/chef-bin.rb @@ -0,0 +1,23 @@ +name 'chef-bin' +# The version here should be in agreement with /Gemfile.lock so that our rspec +# testing stays consistent with the package contents. +default_version '15.14.0' + +license 'Apache-2.0' +license_file 'LICENSE' + +skip_transitive_dependency_licensing true + +dependency 'ruby' +dependency 'rubygems' + +build do + env = with_standard_compiler_flags(with_embedded_path) + + gem 'install chef-bin' \ + " --version '#{version}'" \ + " --bindir '#{install_dir}/embedded/bin'" \ + ' --no-document', env: env + patch source: 'disable_license_enforce.patch', + target: "#{install_dir}/embedded/lib/ruby/gems/2.7.0/gems/chef-bin-#{version}/bin/chef-client" +end diff --git a/omnibus/config/software/elixir.rb b/omnibus/config/software/elixir.rb index db917b10d..b4b7b4b19 100644 --- a/omnibus/config/software/elixir.rb +++ b/omnibus/config/software/elixir.rb @@ -1,4 +1,5 @@ -# +# frozen_string_literal: true + # Copyright 2017 Chef Software, Inc. # Copyright 2021 FireZone # @@ -33,5 +34,5 @@ build do env = with_standard_compiler_flags(with_embedded_path) make "-j #{workers}", env: env - make "install PREFIX=#{install_dir}/embedded", env: env + make "-j #{workers} install PREFIX=#{install_dir}/embedded", env: env end diff --git a/omnibus/config/software/erlang.rb b/omnibus/config/software/erlang.rb index 385c117ae..53176675e 100644 --- a/omnibus/config/software/erlang.rb +++ b/omnibus/config/software/erlang.rb @@ -85,8 +85,11 @@ build do # # In future releases of erlang, someone should check if these flags (or # environment variables) are avaiable to remove this ugly hack. - %w{ncurses openssl zlib.h zconf.h}.each do |name| - link "#{install_dir}/embedded/include/#{name}", "#{install_dir}/embedded/erlang/include/#{name}" + # Doesn't seem to be necessary for 24.0.5 + if version != "24.0.5" + %w{ncurses openssl zlib.h zconf.h}.each do |name| + link "#{install_dir}/embedded/include/#{name}", "#{install_dir}/embedded/erlang/include/#{name}" + end end # Note 2017-02-28 sr: HiPE doesn't compile with OTP 18.3 on ppc64le (https://bugs.erlang.org/browse/ERL-369) diff --git a/omnibus/config/software/firezone-ctl.rb b/omnibus/config/software/firezone-ctl.rb new file mode 100644 index 000000000..afba0b23a --- /dev/null +++ b/omnibus/config/software/firezone-ctl.rb @@ -0,0 +1,42 @@ +# +# Copyright 2014 Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name "firezone-ctl" +license :project_license + +dependency "omnibus-ctl" +dependency "runit" + +source path: "cookbooks/omnibus-firezone" + +build do + env = with_standard_compiler_flags(with_embedded_path) + + bundle "install --binstubs --without test", env: env + + block do + erb source: "firezone-ctl.erb", + dest: "#{install_dir}/bin/firezone-ctl", + mode: 0755, + vars: { + embedded_bin: "#{install_dir}/embedded/bin", + embedded_service: "#{install_dir}/embedded/service", + } + end + + # additional omnibus-ctl commands + sync "#{project_dir}/files/default/ctl-commands", "#{install_dir}/embedded/service/omnibus-ctl/" +end diff --git a/omnibus/config/software/nftables.rb b/omnibus/config/software/nftables.rb index 019735130..971a7368f 100644 --- a/omnibus/config/software/nftables.rb +++ b/omnibus/config/software/nftables.rb @@ -17,6 +17,7 @@ name "nftables" license_file "COPYING" +skip_transitive_dependency_licensing true # Some weirdness in the official release package so use git and switch to tag # default_version "0.9.9" diff --git a/omnibus/config/software/nginx.rb b/omnibus/config/software/nginx.rb new file mode 100644 index 000000000..534155baf --- /dev/null +++ b/omnibus/config/software/nginx.rb @@ -0,0 +1,57 @@ +# frozen_string_literal: true + +# Copyright 2012-2016 Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name "nginx" +default_version "1.20.1" + +dependency "pcre" +dependency "openssl" +dependency "zlib" + +license "BSD-2-Clause" +license_file "LICENSE" + +source url: "https://nginx.org/download/nginx-#{version}.tar.gz" + +# versions_list: https://nginx.org/download/ filter=*.tar.gz +version("1.20.1") { source sha256: "e462e11533d5c30baa05df7652160ff5979591d291736cfa5edb9fd2edb48c49" } +version("1.19.9") { source sha256: "2e35dff06a9826e8aca940e9e8be46b7e4b12c19a48d55bfc2dc28fc9cc7d841" } +version("1.19.8") { source sha256: "308919b1a1359315a8066578472f998f14cb32af8de605a3743acca834348b05" } +version("1.18.0") { source sha256: "4c373e7ab5bf91d34a4f11a0c9496561061ba5eee6020db272a17a7228d35f99" } +version("1.14.2") { source sha256: "002d9f6154e331886a2dd4e6065863c9c1cf8291ae97a1255308572c02be9797" } +version("1.14.0") { source sha256: "5d15becbf69aba1fe33f8d416d97edd95ea8919ea9ac519eff9bafebb6022cb5" } + +relative_path "nginx-#{version}" + +build do + env = with_standard_compiler_flags(with_embedded_path) + + command "./configure" \ + " --prefix=#{install_dir}/embedded" \ + " --with-http_ssl_module" \ + " --with-http_stub_status_module" \ + " --with-ipv6" \ + " --with-debug" \ + " --with-cc-opt=\"-L#{install_dir}/embedded/lib -I#{install_dir}/embedded/include\"" \ + " --with-ld-opt=-L#{install_dir}/embedded/lib", env: env + + make "-j #{workers}", env: env + make "install", env: env + + # Ensure the logs directory is available on rebuild from git cache + touch "#{install_dir}/embedded/logs/.gitkeep" +end diff --git a/omnibus/config/software/omnibus-ctl.rb b/omnibus/config/software/omnibus-ctl.rb new file mode 100644 index 000000000..7c52dd065 --- /dev/null +++ b/omnibus/config/software/omnibus-ctl.rb @@ -0,0 +1,45 @@ +# +# Copyright 2012-2015 Chef Software, Inc. +# Copyright 2017-2021 GitLab Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name 'omnibus-ctl' +version = Gitlab::Version.new('omnibus-ctl', 'v0.6.0') +default_version version.print(false) +display_version version.print(false) + +license 'Apache-2.0' +license_file 'LICENSE' + +skip_transitive_dependency_licensing true + +dependency 'rubygems' + +source git: version.remote + +relative_path 'omnibus-ctl' + +build do + env = with_standard_compiler_flags(with_embedded_path) + patch source: 'skip-license-acceptance.patch' + + # Remove existing built gems in case they exist in the current dir + delete 'omnibus-ctl-*.gem' + + gem 'build omnibus-ctl.gemspec', env: env + gem 'install omnibus-ctl-*.gem --no-document', env: env + + touch "#{install_dir}/embedded/service/omnibus-ctl/.gitkeep" +end diff --git a/omnibus/config/software/pcre.rb b/omnibus/config/software/pcre.rb new file mode 100644 index 000000000..1f91ddb8b --- /dev/null +++ b/omnibus/config/software/pcre.rb @@ -0,0 +1,52 @@ +# +# Copyright:: Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name "pcre" +default_version "8.44" + +license "BSD-2-Clause" +license_file "LICENCE" +skip_transitive_dependency_licensing true + +dependency "libedit" +dependency "ncurses" +dependency "config_guess" + +# version_list: url=https://sourceforge.net/projects/pcre/files/pcre/ filter=*.tar.gz + +version("8.44") { source sha256: "aecafd4af3bd0f3935721af77b889d9024b2e01d96b58471bd91a3063fb47728" } +version("8.38") { source sha256: "9883e419c336c63b0cb5202b09537c140966d585e4d0da66147dc513da13e629" } + +source url: "http://downloads.sourceforge.net/project/pcre/pcre/#{version}/pcre-#{version}.tar.gz" + +relative_path "pcre-#{version}" + +build do + env = with_standard_compiler_flags(with_embedded_path) + + update_config_guess + + command "./configure" \ + " --prefix=#{install_dir}/embedded" \ + " --disable-cpp" \ + " --enable-utf" \ + " --enable-unicode-properties" \ + " --enable-pcretest-libedit" \ + "--disable-pcregrep-jit", env: env + + make "-j #{workers}", env: env + make "install", env: env +end diff --git a/omnibus/config/software/ruby.rb b/omnibus/config/software/ruby.rb new file mode 100644 index 000000000..678d27a5d --- /dev/null +++ b/omnibus/config/software/ruby.rb @@ -0,0 +1,235 @@ +# +# Copyright 2012-2016 Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name 'ruby' +license 'BSD-2-Clause' +license_file 'BSDL' +license_file 'COPYING' +license_file 'LEGAL' + +skip_transitive_dependency_licensing true + +# - chef-client cannot use 2.2.x yet due to a bug in IRB that affects chef-shell on linux: +# https://bugs.ruby-lang.org/issues/11869 +# - the current status of 2.3.x is that it downloads but fails to compile. +# - verify that all ffi libs are available for your version on all platforms. +# - when upgrading please check the ABI version and update the exclusion until +# https://gitlab.com/gitlab-org/omnibus-gitlab/issues/3414 is addressed +default_version '2.7.2' + +fips_enabled = (project.overrides[:fips] && project.overrides[:fips][:enabled]) || false + +dependency 'patch' if solaris_10? +dependency 'ncurses' unless windows? || version.satisfies?('>= 2.1') +dependency 'zlib' +dependency 'openssl' +dependency 'libffi' +dependency 'libyaml' +# Needed for chef_gem installs of (e.g.) nokogiri on upgrades - +# they expect to see our libiconv instead of a system version. +# Ignore on windows - TDM GCC comes with libiconv in the runtime +# and that's the only one we will ever use. +dependency 'libiconv' + +version('2.7.2') { source sha256: '6e5706d0d4ee4e1e2f883db9d768586b4d06567debea353c796ec45e8321c3d4' } + +source url: "https://cache.ruby-lang.org/pub/ruby/#{version.match(/^(\d+\.\d+)/)[0]}/ruby-#{version}.tar.gz" + +relative_path "ruby-#{version}" + +env = with_standard_compiler_flags(with_embedded_path) + +if mac_os_x? + # -Qunused-arguments suppresses "argument unused during compilation" + # warnings. These can be produced if you compile a program that doesn't + # link to anything in a path given with -Lextra-libs. Normally these + # would be harmless, except that autoconf treats any output to stderr as + # a failure when it makes a test program to check your CFLAGS (regardless + # of the actual exit code from the compiler). + env['CFLAGS'] << " -I#{install_dir}/embedded/include/ncurses -arch x86_64 -m64 -O3 -g -pipe -Qunused-arguments" + env['LDFLAGS'] << ' -arch x86_64' +elsif freebsd? + # Stops "libtinfo.so.5.9: could not read symbols: Bad value" error when + # compiling ext/readline. See the following for more info: + # + # https://lists.freebsd.org/pipermail/freebsd-current/2013-October/045425.html + # http://mailing.freebsd.ports-bugs.narkive.com/kCgK8sNQ/ports-183106-patch-sysutils-libcdio-does-not-build-on-10-0-and-head + # + env['LDFLAGS'] << ' -ltinfow' +elsif aix? + # this magic per IBM + env['LDSHARED'] = 'xlc -G' + env['CFLAGS'] = "-I#{install_dir}/embedded/include/ncurses -I#{install_dir}/embedded/include" + # this magic per IBM + env['XCFLAGS'] = '-DRUBY_EXPORT' + # need CPPFLAGS set so ruby doesn't try to be too clever + env['CPPFLAGS'] = "-I#{install_dir}/embedded/include/ncurses -I#{install_dir}/embedded/include" + env['SOLIBS'] = '-lm -lc' + # need to use GNU m4, default m4 doesn't work + env['M4'] = '/opt/freeware/bin/m4' +elsif solaris_10? + if sparc? + # Known issue with rubby where too much GCC optimization blows up miniruby on sparc + env['CFLAGS'] << ' -std=c99 -O0 -g -pipe -mcpu=v9' + env['LDFLAGS'] << ' -mcpu=v9' + else + env['CFLAGS'] << ' -std=c99 -O3 -g -pipe' + end +elsif windows? + env['CPPFLAGS'] << ' -DFD_SETSIZE=2048' +else # including linux + env['CFLAGS'] << if version.satisfies?('>= 2.3.0') && + rhel? && platform_version.satisfies?('< 6.0') + ' -O2 -g -pipe' + else + ' -O3 -g -pipe' + end +end + +build do + env['CFLAGS'] << ' -fno-omit-frame-pointer' + + # AIX needs /opt/freeware/bin only for patch + patch_env = env.dup + patch_env['PATH'] = "/opt/freeware/bin:#{env['PATH']}" if aix? + + if solaris_10? && version.satisfies?('>= 2.1') + patch source: 'ruby-no-stack-protector.patch', plevel: 1, env: patch_env + elsif solaris_10? && version =~ /^1.9/ + patch source: 'ruby-sparc-1.9.3-c99.patch', plevel: 1, env: patch_env + elsif solaris_11? && version =~ /^2.1/ + patch source: 'ruby-solaris-linux-socket-compat.patch', plevel: 1, env: patch_env + end + + # wrlinux7/ios_xr build boxes from Cisco include libssp and there is no way to + # disable ruby from linking against it, but Cisco switches will not have the + # library. Disabling it as we do for Solaris. + patch source: 'ruby-no-stack-protector.patch', plevel: 1, env: patch_env if ios_xr? && version.satisfies?('>= 2.1') + + # disable libpath in mkmf across all platforms, it trolls omnibus and + # breaks the postgresql cookbook. i'm not sure why ruby authors decided + # this was a good idea, but it breaks our use case hard. AIX cannot even + # compile without removing it, and it breaks some native gem installs on + # other platforms. generally you need to have a condition where the + # embedded and non-embedded libs get into a fight (libiconv, openssl, etc) + # and ruby trying to set LD_LIBRARY_PATH itself gets it wrong. + # + # Also, fix paths emitted in the makefile on windows on both msys and msys2. + if version.satisfies?('>= 2.1') + patch source: 'ruby-mkmf.patch', plevel: 1, env: patch_env + # should intentionally break and fail to apply on 2.2, patch will need to + # be fixed. + end + + # Enable custom patch created by ayufan that allows to count memory allocations + # per-thread. This is asked to be upstreamed as part of https://github.com/ruby/ruby/pull/3978 + patch source: 'thread-memory-allocations-2.7.patch', plevel: 1, env: patch_env + + # Fix reserve stack segmentation fault when building on RHEL5 or below + # Currently only affects 2.1.7 and 2.2.3. This patch taken from the fix + # in Ruby trunk and expected to be included in future point releases. + # https://redmine.ruby-lang.org/issues/11602 + if rhel? && + platform_version.satisfies?('< 6') && + (version == '2.1.7' || version == '2.2.3') + + patch source: 'ruby-fix-reserve-stack-segfault.patch', plevel: 1, env: patch_env + end + + # copy_file_range() has been disabled on recent RedHat kernels: + # 1. https://gitlab.com/gitlab-org/gitlab/-/issues/218999 + # 2. https://bugs.ruby-lang.org/issues/16965 + # 3. https://bugzilla.redhat.com/show_bug.cgi?id=1783554 + patch source: 'ruby-disable-copy-file-range.patch', plevel: 1, env: patch_env if centos? || rhel? + + configure_command = ['--with-out-ext=dbm,readline', + '--enable-shared', + '--disable-install-doc', + '--without-gmp', + '--without-gdbm', + '--without-tk', + '--disable-dtrace'] + configure_command << '--with-ext=psych' if version.satisfies?('< 2.3') + configure_command << '--with-bundled-md5' if fips_enabled + + if aix? + # need to patch ruby's configure file so it knows how to find shared libraries + patch source: 'ruby-aix-configure.patch', plevel: 1, env: patch_env + # have ruby use zlib on AIX correctly + patch source: 'ruby_aix_openssl.patch', plevel: 1, env: patch_env + # AIX has issues with ssl retries, need to patch to have it retry + patch source: 'ruby_aix_2_1_3_ssl_EAGAIN.patch', plevel: 1, env: patch_env + # the next two patches are because xlc doesn't deal with long vs int types well + patch source: 'ruby-aix-atomic.patch', plevel: 1, env: patch_env + patch source: 'ruby-aix-vm-core.patch', plevel: 1, env: patch_env + + # per IBM, just help ruby along on what it's running on + configure_command << '--host=powerpc-ibm-aix6.1.0.0 --target=powerpc-ibm-aix6.1.0.0 --build=powerpc-ibm-aix6.1.0.0 --enable-pthread' + + elsif freebsd? + # Disable optional support C level backtrace support. This requires the + # optional devel/libexecinfo port to be installed. + configure_command << 'ac_cv_header_execinfo_h=no' + configure_command << "--with-opt-dir=#{install_dir}/embedded" + elsif smartos? + # Opscode patch - someara@opscode.com + # GCC 4.7.0 chokes on mismatched function types between OpenSSL 1.0.1c and Ruby 1.9.3-p286 + patch source: 'ruby-openssl-1.0.1c.patch', plevel: 1, env: patch_env + + # Patches taken from RVM. + # http://bugs.ruby-lang.org/issues/5384 + # https://www.illumos.org/issues/1587 + # https://github.com/wayneeseguin/rvm/issues/719 + patch source: 'rvm-cflags.patch', plevel: 1, env: patch_env + + # From RVM forum + # https://github.com/wayneeseguin/rvm/commit/86766534fcc26f4582f23842a4d3789707ce6b96 + configure_command << 'ac_cv_func_dl_iterate_phdr=no' + configure_command << "--with-opt-dir=#{install_dir}/embedded" + elsif windows? + configure_command << ' debugflags=-g' + else + configure_command << %w(host target build).map { |w| "--#{w}=#{OhaiHelper.gcc_target}" } if OhaiHelper.raspberry_pi? + configure_command << "--with-opt-dir=#{install_dir}/embedded" + end + + # FFS: works around a bug that infects AIX when it picks up our pkg-config + # AFAIK, ruby does not need or use this pkg-config it just causes the build to fail. + # The alternative would be to patch configure to remove all the pkg-config garbage entirely + env['PKG_CONFIG'] = '/bin/true' if aix? + + configure(*configure_command, env: env) + make "-j #{workers}", env: env + make "-j #{workers} install", env: env + + if windows? + # Needed now that we switched to msys2 and have not figured out how to tell + # it how to statically link yet + dlls = ['libwinpthread-1'] + dlls << if windows_arch_i386? + 'libgcc_s_dw2-1' + else + 'libgcc_s_seh-1' + end + dlls.each do |dll| + arch_suffix = windows_arch_i386? ? '32' : '64' + windows_path = "C:/msys2/mingw#{arch_suffix}/bin/#{dll}.dll" + raise "Cannot find required DLL needed for dynamic linking: #{windows_path}" unless File.exist?(windows_path) + + copy windows_path, "#{install_dir}/embedded/bin/#{dll}.dll" + end + end +end diff --git a/omnibus/config/software/rubygems.rb b/omnibus/config/software/rubygems.rb new file mode 100644 index 000000000..9553d376d --- /dev/null +++ b/omnibus/config/software/rubygems.rb @@ -0,0 +1,86 @@ +# +# Copyright 2012-2016 Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name 'rubygems' +default_version '3.1.4' + +license 'MIT' +license_file 'LICENSE.txt' + +skip_transitive_dependency_licensing true + +dependency 'ruby' + +if version && !source + # NOTE: 2.1.11 is the last version of rubygems before the 2.2.x change to native gem install location + # + # https://github.com/rubygems/rubygems/issues/874 + # + # This is a breaking change for omnibus clients. Chef-11 needs to be pinned to 2.1.11 for eternity. + # We have switched from tarballs to just `gem update --system`, but for backcompat + # we pin the previously known tarballs. + known_tarballs = { + '2.1.11' => 'b561b7aaa70d387e230688066e46e448', + '2.2.1' => '1f0017af0ad3d3ed52665132f80e7443', + '2.4.1' => '7e39c31806bbf9268296d03bd97ce718', + '2.4.4' => '440a89ad6a3b1b7a69b034233cc4658e', + '2.4.5' => '5918319a439c33ac75fbbad7fd60749d', + '2.4.8' => 'dc77b51449dffe5b31776bff826bf559', + '2.7.9' => '173272ed55405caf7f858b6981fff526', + '3.1.4' => 'd117187a8f016cbe8f52011ae02e858b' + } + known_tarballs.each do |version, md5| + version version do + source md5: md5, url: "https://rubygems.org/rubygems/rubygems-#{version}.tgz" + relative_path "rubygems-#{version}" + end + end + + version('v2.4.4_plus_debug') { source git: 'https://github.com/danielsdeleo/rubygems.git' } + version('2.4.4.debug.1') { source git: 'https://github.com/danielsdeleo/rubygems.git' } + # This is the 2.4.8 release with a fix for + # windows so things like `gem install "pry"` still + # work + version('jdm/2.4.8-patched') { source git: 'https://github.com/jaym/rubygems.git' } +end + +# If we still don't have a source (if it's a tarball) grab from ruby ... +if version && !source + # If the version is a gem version, we"ll just be using rubygems. + # If it's a branch or SHA (i.e. v1.2.3) we use github. + begin + Gem::Version.new(version) + rescue ArgumentError + source git: 'https://github.com/rubygems/rubygems.git' + end +end + +# git repo is always expanded to "rubygems" +relative_path 'rubygems' if source && source.include?(:git) + +build do + env = with_standard_compiler_flags(with_embedded_path) + + if source + # Building from source: + ruby 'setup.rb --no-document', env: env + else + # Installing direct from rubygems: + # If there is no version, this will get latest. + gem "update --system #{version}", env: env + patch source: "license/add-license-file.patch" + end +end diff --git a/omnibus/config/software/runit.rb b/omnibus/config/software/runit.rb new file mode 100644 index 000000000..72cc697bd --- /dev/null +++ b/omnibus/config/software/runit.rb @@ -0,0 +1,73 @@ +# frozen_string_literal: true +# +# Copyright 2012-2014 Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name 'runit' +default_version '2.1.2' + +license 'BSD-3-Clause' +license_file '../package/COPYING' + +skip_transitive_dependency_licensing true + +version '2.1.2' do + source md5: '6c985fbfe3a34608eb3c53dc719172c4' +end + +source url: "http://smarden.org/runit/runit-#{version}.tar.gz" + +relative_path "admin/runit-#{version}/src" + +build do + # Patch runit to not consider status of log service associated with a service + # on determining output of status command. For details, check + # https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4008 + patch source: 'log-status.patch' + + env = with_standard_compiler_flags(with_embedded_path) + + # Put runit where we want it, not where they tell us to + command 'sed -i -e "s/^char\ \*varservice\ \=\"\/service\/\";$/char\ \*varservice\ \=\"' + install_dir.gsub('/', '\\/') + '\/service\/\";/" sv.c', env: env + + # TODO: the following is not idempotent + command 'sed -i -e s:-static:: Makefile', env: env + + # Build it + make "-j #{workers}", env: env + make "-j #{workers} check", env: env + + # Move it + mkdir "#{install_dir}/embedded/bin" + copy "#{project_dir}/chpst", "#{install_dir}/embedded/bin" + copy "#{project_dir}/runit", "#{install_dir}/embedded/bin" + copy "#{project_dir}/runit-init", "#{install_dir}/embedded/bin" + copy "#{project_dir}/runsv", "#{install_dir}/embedded/bin" + copy "#{project_dir}/runsvchdir", "#{install_dir}/embedded/bin" + copy "#{project_dir}/runsvdir", "#{install_dir}/embedded/bin" + copy "#{project_dir}/sv", "#{install_dir}/embedded/bin" + copy "#{project_dir}/svlogd", "#{install_dir}/embedded/bin" + copy "#{project_dir}/utmpset", "#{install_dir}/embedded/bin" + + erb source: 'runsvdir-start.erb', + dest: "#{install_dir}/embedded/bin/runsvdir-start", + mode: 0755, + vars: { install_dir: install_dir } + + # Setup service directories + touch "#{install_dir}/service/.gitkeep" + touch "#{install_dir}/sv/.gitkeep" + touch "#{install_dir}/init/.gitkeep" +end diff --git a/omnibus/config/templates/firezone-ctl/firezone-ctl.erb b/omnibus/config/templates/firezone-ctl/firezone-ctl.erb new file mode 100644 index 000000000..c2b762804 --- /dev/null +++ b/omnibus/config/templates/firezone-ctl/firezone-ctl.erb @@ -0,0 +1,34 @@ +#!/bin/bash +# +# Copyright 2014 Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Ensure the calling environment (disapproval look Bundler) does not infect our +# Ruby environment if called from a Ruby script. +for ruby_env_var in RUBYOPT \ + BUNDLE_BIN_PATH \ + BUNDLE_GEMFILE \ + GEM_PATH \ + GEM_ROOT \ + GEM_HOME +do + unset $ruby_env_var +done + +# This bumps the default svwait timeout from 7 seconds to 30 seconds +# As documented at http://smarden.org/runit/sv.8.html +export SVWAIT=30 + +<%= embedded_bin %>/omnibus-ctl supermarket <%= embedded_service %>/omnibus-ctl $@ diff --git a/omnibus/config/templates/runit/runsvdir-start.erb b/omnibus/config/templates/runit/runsvdir-start.erb new file mode 100644 index 000000000..646644142 --- /dev/null +++ b/omnibus/config/templates/runit/runsvdir-start.erb @@ -0,0 +1,42 @@ +#!/bin/bash +# +# Copyright 2012-<%= Time.now.year %> Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +PATH=<%= install_dir %>/bin:<%= install_dir %>/embedded/bin:/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin + +ulimit -c 0 +ulimit -d unlimited +ulimit -e 0 +ulimit -f unlimited +ulimit -i 62793 +ulimit -l 64 +ulimit -m unlimited +# WARNING: Increasing the global file descriptor limit increases RAM +# consumption on startup dramatically! +ulimit -n 50000 +ulimit -q 819200 +ulimit -r 0 +ulimit -s 10240 +ulimit -t unlimited +ulimit -u unlimited +ulimit -v unlimited +ulimit -x unlimited +echo "1000000" > /proc/sys/fs/file-max + +umask 022 + +exec env - PATH=$PATH \ +runsvdir -P <%= install_dir %>/service 'log: <%= '.'*395 %>' diff --git a/omnibus/cookbooks/omnibus-firezone/.delivery/project.toml b/omnibus/cookbooks/omnibus-firezone/.delivery/project.toml new file mode 100644 index 000000000..3a12ab52d --- /dev/null +++ b/omnibus/cookbooks/omnibus-firezone/.delivery/project.toml @@ -0,0 +1,32 @@ +# Delivery for Local Phases Execution +# +# This file allows you to execute test phases locally on a workstation or +# in a CI pipeline. The delivery-cli will read this file and execute the +# command(s) that are configured for each phase. You can customize them +# by just modifying the phase key on this file. +# +# By default these phases are configured for Cookbook Workflow only +# + +[local_phases] +unit = "echo skipping unit phase." +lint = "chef exec cookstyle" +# foodcritic has been deprecated in favor of cookstyle so we skip the syntax +# phase now. +syntax = "echo skipping syntax phase. Use lint phase instead." +provision = "chef exec kitchen create" +deploy = "chef exec kitchen converge" +smoke = "chef exec kitchen verify" +# The functional phase is optional, you can define it by uncommenting +# the line below and running the command: `delivery local functional` +# functional = "" +cleanup = "chef exec kitchen destroy" + +# Remote project.toml file +# +# Instead of the local phases above, you may specify a remote URI location for +# the `project.toml` file. This is useful for teams that wish to centrally +# manage the behavior of the `delivery local` command across many different +# projects. +# +# remote_file = "https://url/project.toml" diff --git a/omnibus/cookbooks/omnibus-firezone/.gitignore b/omnibus/cookbooks/omnibus-firezone/.gitignore new file mode 100644 index 000000000..875fbbac7 --- /dev/null +++ b/omnibus/cookbooks/omnibus-firezone/.gitignore @@ -0,0 +1,24 @@ +.vagrant +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ + +# Bundler +Gemfile.lock +gems.locked +bin/* +.bundle/* + +# test kitchen +.kitchen/ +kitchen.local.yml + +# Chef Infra +Berksfile.lock +.zero-knife.rb +Policyfile.lock.json + +.idea/ diff --git a/omnibus/cookbooks/omnibus-firezone/CHANGELOG.md b/omnibus/cookbooks/omnibus-firezone/CHANGELOG.md new file mode 100644 index 000000000..db6db8f62 --- /dev/null +++ b/omnibus/cookbooks/omnibus-firezone/CHANGELOG.md @@ -0,0 +1,10 @@ +# omnibus-firezone CHANGELOG + +This file is used to list changes made in each version of the omnibus-firezone cookbook. + +## 0.1.0 + +Initial release. + +- change 0 +- change 1 diff --git a/omnibus/cookbooks/omnibus-firezone/LICENSE b/omnibus/cookbooks/omnibus-firezone/LICENSE new file mode 100644 index 000000000..33e138364 --- /dev/null +++ b/omnibus/cookbooks/omnibus-firezone/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2020 Engineering + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/omnibus/cookbooks/omnibus-firezone/Policyfile.rb b/omnibus/cookbooks/omnibus-firezone/Policyfile.rb new file mode 100644 index 000000000..4b884fee1 --- /dev/null +++ b/omnibus/cookbooks/omnibus-firezone/Policyfile.rb @@ -0,0 +1,16 @@ +# Policyfile.rb - Describe how you want Chef Infra Client to build your system. +# +# For more information on the Policyfile feature, visit +# https://docs.chef.io/policyfile/ + +# A name that describes what the system you're building with Chef does. +name 'omnibus-firezone' + +# Where to find external cookbooks: +default_source :supermarket + +# run_list: chef-client will run these recipes in the order specified. +run_list 'omnibus-firezone::default' + +# Specify a custom source for a single cookbook: +cookbook 'omnibus-firezone', path: '.' diff --git a/omnibus/cookbooks/omnibus-firezone/README.md b/omnibus/cookbooks/omnibus-firezone/README.md new file mode 100644 index 000000000..fc204be35 --- /dev/null +++ b/omnibus/cookbooks/omnibus-firezone/README.md @@ -0,0 +1,3 @@ +# omnibus-firezone + +TODO: Enter the cookbook description here. diff --git a/omnibus/cookbooks/omnibus-firezone/chefignore b/omnibus/cookbooks/omnibus-firezone/chefignore new file mode 100644 index 000000000..cc170ea79 --- /dev/null +++ b/omnibus/cookbooks/omnibus-firezone/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/omnibus/cookbooks/omnibus-firezone/kitchen.yml b/omnibus/cookbooks/omnibus-firezone/kitchen.yml new file mode 100644 index 000000000..e293f9546 --- /dev/null +++ b/omnibus/cookbooks/omnibus-firezone/kitchen.yml @@ -0,0 +1,32 @@ +--- +driver: + name: vagrant + +## The forwarded_port port feature lets you connect to ports on the VM guest via +## localhost on the host. +## see also: https://www.vagrantup.com/docs/networking/forwarded_ports + +# network: +# - ["forwarded_port", {guest: 80, host: 8080}] + +provisioner: + name: chef_zero + + ## product_name and product_version specifies a specific Chef product and version to install. + ## see the Chef documentation for more details: https://docs.chef.io/workstation/config_yml_kitchen/ + # product_name: chef + # product_version: 17 + +verifier: + name: inspec + +platforms: + - name: ubuntu-20.04 + - name: centos-8 + +suites: + - name: default + verifier: + inspec_tests: + - test/integration/default + attributes: diff --git a/omnibus/cookbooks/omnibus-firezone/metadata.rb b/omnibus/cookbooks/omnibus-firezone/metadata.rb new file mode 100644 index 000000000..cfd2e3484 --- /dev/null +++ b/omnibus/cookbooks/omnibus-firezone/metadata.rb @@ -0,0 +1,19 @@ +name 'omnibus-firezone' +maintainer 'The Authors' +maintainer_email 'you@example.com' +license 'All Rights Reserved' +description 'Installs/Configures omnibus-firezone' +version '0.1.0' +chef_version '>= 16.0' + +# The `issues_url` points to the location where issues for this cookbook are +# tracked. A `View Issues` link will be displayed on this cookbook's page when +# uploaded to a Supermarket. +# +# issues_url 'https://github.com//omnibus-firezone/issues' + +# The `source_url` points to the development repository for this cookbook. A +# `View Source` link will be displayed on this cookbook's page when uploaded to +# a Supermarket. +# +# source_url 'https://github.com//omnibus-firezone' diff --git a/omnibus/cookbooks/omnibus-firezone/recipes/default.rb b/omnibus/cookbooks/omnibus-firezone/recipes/default.rb new file mode 100644 index 000000000..d44fc7f8a --- /dev/null +++ b/omnibus/cookbooks/omnibus-firezone/recipes/default.rb @@ -0,0 +1,5 @@ +# +# Cookbook:: omnibus-firezone +# Recipe:: default +# +# Copyright:: 2021, The Authors, All Rights Reserved. diff --git a/omnibus/cookbooks/omnibus-firezone/test/integration/default/default_test.rb b/omnibus/cookbooks/omnibus-firezone/test/integration/default/default_test.rb new file mode 100644 index 000000000..288b523d6 --- /dev/null +++ b/omnibus/cookbooks/omnibus-firezone/test/integration/default/default_test.rb @@ -0,0 +1,16 @@ +# Chef InSpec test for recipe omnibus-firezone::default + +# The Chef InSpec reference, with examples and extensive documentation, can be +# found at https://docs.chef.io/inspec/resources/ + +unless os.windows? + # This is an example test, replace with your own test. + describe user('root'), :skip do + it { should exist } + end +end + +# This is an example test, replace it with your own test. +describe port(80), :skip do + it { should_not be_listening } +end