Merge pull request #117 from hurricanehrndz/develop

Develop

Author: hurricanehrndz

.Dockerfiles/alpine/latest/Dockerfile

@@ -1,38 +1,29 @@
 FROM alpine:latest
 
-# - build tools are for: fig2dev which is needed by gnupg builds
-# - openssh is for scp
-# - tini is for PID 1
-# - changing alpine from 3.6 to 3.7 is for ansible 2.4,
-#   but need to install ansible 2.3 for dependencies first
-# - shellcheck is not in the apk repository (xz/tar needed for shellcheck)
-# - bundler/rspec is not found on kitchen verify (symlink needed)
-
 RUN apk add --no-cache --update \
-	curl net-tools \
-	openssh-server openssh \
-  sudo bash tini \
-  ansible git rsync xz \
-	gcc autoconf automake g++ libffi-dev tar libxpm-dev make \
-	autoconf automake imagemagick-dev texinfo gettext-dev libgcrypt-dev \
-	libgpg-error-dev libassuan-dev libksba-dev npth-dev libxfont-dev \
-	libwmf-dev libx11-dev libxt-dev libxext-dev libxml2-dev libexif-dev perl \
-	ruby-dev ruby-bundler \
- && ln -s /usr/bin/bundle /usr/local/bin/bundle \
- && ln -s /usr/bin/rspec /usr/local/bin/rspec \
- && sed -i -e 's/v3\.6/v3.7/g' /etc/apk/repositories \
- && apk add --update-cache --upgrade ansible \
- && sed -i -e 's/v3\.7/v3.6/g' /etc/apk/repositories \
- && apk add --update-cache \
- && curl --silent -L -o shellcheck.tar.xz https://storage.googleapis.com/shellcheck/shellcheck-latest.linux.x86_64.tar.xz \
- && tar -vxf shellcheck.tar.xz \
- && mv shellcheck-latest/shellcheck /usr/local/bin/ \
- && sudo mkdir -p /usr/local/src/ \
- && git clone https://github.com/Distrotech/transfig.git && cd transfig \
- && make && make install \
- && cp -R /usr/X11R7/bin/fig2dev /usr/local/bin \
+	bash \
+	build-base \
+	coreutils \
+	curl \
+	findutils \
+	gcc \
+	libffi-dev \
+	musl-dev \
+	net-tools \
+	openrc \
+	openssh \
+	openssh-server \
+	openssh-sftp-server \
+	openssl-dev \
+	py-boto \
+	py2-pip \
+	python2-dev \
+	rsyslog \
+	sudo \
+	xz \
+ && pip install --upgrade pip \
  && if ! getent passwd <%= @username %>; then \
-      adduser -h /home/<%= @username %> -s /bin/bash <%= @username %>; \
+      adduser -h /home/<%= @username %> -s /bin/bash -D <%= @username %>; \
       passwd -d <%= @username %>; \
     fi \
  && echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
@@ -44,10 +35,10 @@ RUN apk add --no-cache --update \
  && chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \
  && chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \
  && sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \
+ && sed -ri 's/^#?PasswordAuthentication\s+.*/PasswordAuthentication no/' /etc/ssh/sshd_config \
+ && sed -ri 's/^#?ChallengeResponseAuthentication\s+.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config \
  && sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
  && echo "UseDNS=no" >> /etc/ssh/sshd_config \
- && ssh-keygen -A
+ && rc-update add sshd
 
 EXPOSE 22
-
-VOLUME [ "/sys/fs/cgroup" ]

.Dockerfiles/centos/latest/Dockerfile

@@ -0,0 +1,71 @@
+FROM centos:latest
+
+ENV container="docker"
+
+RUN yum clean all \
+ && yum makecache \
+ && yum install -y epel-release \
+ && yum makecache \
+ && yum install -y \
+	curl \
+	findutils \
+	gcc \
+	glibc-langpack-en.x86_64  \
+	libffi-devel \
+	net-tools \
+	openssh-server \
+	openssl-devel \
+	python2-devel \
+	python2-pip \
+	redhat-lsb \
+	redhat-rpm-config \
+	sudo \
+	systemd \
+ && pip install --upgrade pip \
+ && yum clean all \
+ && if ! getent passwd <%= @username %>; then \
+      useradd -d /home/<%= @username %> -m -s /usr/bin/bash -p '*' <%= @username %>; \
+    fi \
+ && echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
+ && echo "Defaults !requiretty" >> /etc/sudoers \
+ && mkdir -p /home/<%= @username %>/.ssh \
+ && chown -R <%= @username %> /home/<%= @username %>/.ssh \
+ && chmod 0700 /home/<%= @username %>/.ssh \
+ && echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \
+ && chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \
+ && chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \
+ && export LANG="en_US.UTF-8" && echo "LANG=\"en_US.UTF-8\"" > /etc/locale.conf \
+ && cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | /usr/bin/xargs rm -f $1 \
+ && /usr/bin/rm -f /lib/systemd/system/multi-user.target.wants/* \
+ && /usr/bin/rm -f /etc/systemd/system/*.wants/* \
+ && /usr/bin/rm -f /lib/systemd/system/local-fs.target.wants/* \
+ && /usr/bin/rm -f /lib/systemd/system/sockets.target.wants/*udev* \
+ && /usr/bin/rm -f /lib/systemd/system/sockets.target.wants/*initctl* \
+ && /usr/bin/rm -f /lib/systemd/system/basic.target.wants/* \
+ && /usr/bin/rm -f /lib/systemd/system/anaconda.target.wants/*  \
+ && /usr/bin/rm -f /lib/systemd/system/plymouth* \
+ && /usr/bin/rm -f /lib/systemd/system/systemd-update-utmp* \
+ && sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \
+ && sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
+ && echo "UseDNS=no" >> /etc/ssh/sshd_config \
+ && systemctl set-default multi-user.target \
+ && ln -s /lib/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/sshd.service \
+ && ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \
+ && echo $'[Unit]\
+\nDescription=Finish boot up\
+\nAfter=sshd.service\
+\n\
+\n[Service]\
+\nType=oneshot\
+\nRemainAfterExit=yes\
+\nExecStartPre=/bin/sleep 3s\
+\nExecStart=/bin/rm -f /run/nologin\
+\n\
+\n[Install]\
+\nWantedBy=default.target' >> /etc/systemd/system/FinishBootUp.service \
+ && ln -s /etc/systemd/system/FinishBootUp.service /etc/systemd/system/multi-user.target.wants/FinishBootUp.service
+
+
+EXPOSE 22
+
+VOLUME [ "/sys/fs/cgroup" ]

.Dockerfiles/debian/stable/Dockerfile .Dockerfiles/debian/latest/Dockerfile

@@ -45,7 +45,7 @@ RUN apt-get update \
  && sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
  && echo "UseDNS=no" >> /etc/ssh/sshd_config \
  && systemctl set-default multi-user.target \
- && ln -s /lib/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/sshd.service \
+ && ln -s /lib/systemd/system/ssh.service /etc/systemd/system/multi-user.target.wants/ssh.service \
  && ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \
  && echo $'[Unit]\
 \nDescription=Finish boot up\

.Dockerfiles/fedora/latest/Dockerfile

@@ -51,7 +51,7 @@ RUN dnf clean all \
  && ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \
  && echo $'[Unit]\
 \nDescription=Finish boot up\
-\nAfter=ssh.service\
+\nAfter=sshd.service\
 \n\
 \n[Service]\
 \nType=oneshot\

.Dockerfiles/ubuntu/latest/Dockerfile

@@ -45,7 +45,7 @@ RUN apt-get update \
  && sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
  && echo "UseDNS=no" >> /etc/ssh/sshd_config \
  && systemctl set-default multi-user.target \
- && ln -s /lib/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/sshd.service \
+ && ln -s /lib/systemd/system/ssh.service /etc/systemd/system/multi-user.target.wants/ssh.service \
  && ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \
  && echo $'[Unit]\
 \nDescription=Finish boot up\

.Dockerfiles/ubuntu/rolling/Dockerfile

@@ -46,7 +46,7 @@ RUN apt-get update \
  && sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
  && echo "UseDNS=no" >> /etc/ssh/sshd_config \
  && systemctl set-default multi-user.target \
- && ln -s /lib/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/sshd.service \
+ && ln -s /lib/systemd/system/ssh.service /etc/systemd/system/multi-user.target.wants/ssh.service \
  && ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \
  && echo $'[Unit]\
 \nDescription=Finish boot up\

.ci-tests/integration/vars/Alpine.yml

@@ -0,0 +1,28 @@
+#!/bin/sh
+## Script is sepcifically for use on travis-ci
+
+set -e
+
+## This is an example setup script that you would encapsulate the installation
+# What version of avm setup to use
+echo "Setting up Ansible Version Manager"
+AVM_VERSION="v1.0.0"
+## Install Ansible 2.3.1 using pip and label it 'v2.3'
+export ANSIBLE_VERSIONS_0="2.3.1.0"
+export INSTALL_TYPE_0="pip"
+export ANSIBLE_LABEL_0="v2.3"
+## Install Ansible 2.4.1 using pip and label it 'v2.4'
+export ANSIBLE_VERSIONS_1="2.4.1.0"
+export INSTALL_TYPE_1="pip"
+export ANSIBLE_LABEL_1="v2.4"
+# Whats the default version
+export ANSIBLE_DEFAULT_VERSION="v2.4"
+
+## Create a temp dir to download avm
+avm_dir="$(mktemp -d 2> /dev/null || mktemp -d -t 'mytmpdir')"
+git clone https://github.com/ahelal/avm.git "${avm_dir}" > /dev/null 2>&1
+
+## Run the setup
+/bin/sh ${avm_dir}/setup.sh
+
+exit 0

.ci/ansible-setup.sh

@@ -7,9 +7,8 @@ if [[ "$GITSECRET_DIST" == "rpm" ]]; then
   sudo apt-get install -y rpm;
 fi
 
-
-if [[ ! -z "$DOCKER_DIST" ]]; then
+if [[ ! -z "$GITSECRET_DIST" ]] && [[ -z "$KITCHEN_REGEXP" ]]; then
   # When making a non-container build, this step will generate
   # proper manifest files:
-  make "deploy-${GITSECRET_DIST}";
+  make "deploy-$GITSECRET_DIST";
 fi

.ci/before_deploy.sh

@@ -2,22 +2,33 @@
 
 set -e
 
-# Docker:
-if [[ ! -z "$DOCKER_DIST" ]]; then
-  TEMPLATE="sobolevn/git-secret-docker-$DOCKER_DIST"
-  DOCKERFILE_PATH=".docker/${GITSECRET_DIST}/${DOCKER_DIST}"
+# Linux helper functions:
+function update_linux() {
+  sudo apt-get update -qq
+  sudo apt-get install -qq python-apt python-pycurl git python-pip ruby ruby-dev build-essential autoconf rpm
+  gem install bundler
+}
+
+function install_ansible {
+  bash .ci/ansible-setup.sh
+  bundle install
+  ~/.avm/v2.3/venv/bin/pip install netaddr ansible-lint
+  ~/.avm/v2.4/venv/bin/pip install netaddr ansible-lint
+}
 
-  # Building the local image:
-  docker build -t "$TEMPLATE" "$DOCKERFILE_PATH"
-fi
 
 # Mac:
 if [[ "$GITSECRET_DIST" == "brew" ]]; then
-  brew install "$GITSECRET_GPG_DEP"
+  gnupg_installed="$(brew list | grep -c "gnupg")"
+  [[ "$gnupg_installed" -ge 1 ]] || brew install gnupg
+  if [[ -f "/usr/local/bin/gpg1" ]]; then
+    ln -s /usr/local/bin/gpg1 /usr/local/bin/gpg
+  fi
+  brew install gawk
 fi
 
-# Local linux (standart build):
-if [[ "$GITSECRET_DIST" == "none" ]] && [[ "$GITSECRET_GPG_DEP" == "gnupg2" ]]; then
-  # Installing custom GPG version:
-  sudo apt-get install -y gnupg2
+# Linux:
+if [[ "$TRAVIS_OS_NAME" == "linux" ]] && [[ -n "$KITCHEN_REGEXP" ]]; then
+  update_linux
+  install_ansible
 fi

.ci/before_script.sh

@@ -18,6 +18,8 @@
           distribution: Fedora
         - name: gnupg1
           distribution: Debian
+        - name: gnupg1
+          distribution: Alpine
 
     - name: Check for gpg1 binary
       stat:

.ci-tests/integration/gnupg-git/default.yml .ci/integration/gnupg-git/default.yml

@@ -6,7 +6,7 @@
     it { should be_installed }
   end
 
-  if host_inventory['platform'] == 'fedora'
+  if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat'
     describe command('find /tmp/git-secret/build -name "*.rpm"') do
       its(:stdout) { should match /git-secret.*rpm/ }
     end
@@ -16,7 +16,7 @@
     end
   else
     describe command('find /tmp/git-secret/build -name "*.deb"') do
-      its(:stdout) { should match /git-secret.*deb/ }
+      its(:stdout) { should match(/git-secret.*deb/) }
     end
   end
 
@@ -28,7 +28,7 @@
     it { should exist }
   end
 
-  if host_inventory['platform'] == 'fedora'
+  if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat'
     describe command('rpm --query --info git-secret') do
       its(:exit_status) { should eq 0 }
     end

.ci-tests/integration/gnupg-git/serverspec/default_spec.rb .ci/integration/gnupg-git/serverspec/default_spec.rb

@@ -20,6 +20,8 @@
           distribution: Ubuntu
         - name: gnupg
           distribution: Debian
+        - name: gnupg
+          distribution: Alpine
 
     - name: Check for gpg2 binary
       stat:

.ci-tests/integration/gnupg-git/serverspec/spec_helper.rb .ci/integration/gnupg-git/serverspec/spec_helper.rb

@@ -3,20 +3,20 @@
 describe 'git-secret::test' do
 
   describe package('git-secret') do
-    it { should be_installed }
+      it { should be_installed }
   end
 
-  if host_inventory['platform'] == 'fedora'
+  if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat'
     describe command('find /tmp/git-secret/build -name "*.rpm"') do
-      its(:stdout) { should match /git-secret.*rpm/ }
+      its(:stdout) { should match(/git-secret.*rpm/) }
     end
   elsif host_inventory['platform'] == 'alpine'
     describe command('find /tmp/git-secret/build -name "*.apk"') do
       its(:stdout) { should match /git-secret.*apk/ }
     end
   else
     describe command('find /tmp/git-secret/build -name "*.deb"') do
-      its(:stdout) { should match /git-secret.*deb/ }
+      its(:stdout) { should match(/git-secret.*deb/) }
     end
   end
 
@@ -28,7 +28,7 @@
     it { should exist }
   end
 
-  if host_inventory['platform'] == 'fedora'
+  if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat'
     describe command('rpm --query --info git-secret') do
       its(:exit_status) { should eq 0 }
     end

.ci-tests/integration/gnupg1/default.yml .ci/integration/gnupg1/default.yml

@@ -23,6 +23,17 @@
     dest: /usr/bin/bats
     state: link
 
+- name: Get ShellCheck
+  get_url:
+    url: https://storage.googleapis.com/shellcheck/shellcheck-latest.linux.x86_64.tar.xz
+    dest: /tmp/shellcheck.tar.xz
+
+- name: Install ShellCheck
+  command: tar xvf /tmp/shellcheck.tar.xz -C /usr/bin --strip-components=1
+  args:
+    warn: no
+    creates: /usr/bin/shellcheck
+
 - name: Install fpm
   gem:
     name: fpm

.ci-tests/integration/gnupg2/serverspec/default_spec.rb .ci/integration/gnupg1/serverspec/default_spec.rb

@@ -53,6 +53,8 @@
 - name: Set git-secret {{ os_pkg_type }} location
   set_fact:
     pkg_path: "{{ pkg_location.files | map(attribute='path') | first }}"
+  when:
+    - pkg_location is defined
 
 - name: Install git-secret {{ os_pkg_type }} package
   command: bash -lc "{{ item.command }} {{ pkg_path }}"

.ci-tests/integration/gnupg1/serverspec/spec_helper.rb .ci/integration/gnupg1/serverspec/spec_helper.rb

@@ -0,0 +1,15 @@
+---
+test_dependencies:
+  - gawk
+  - git
+  - make
+  - man
+  - procps
+  - rsync
+  - ruby
+  - ruby-dev
+  - tar
+
+build_tools:
+  - make
+  - tar