Repository: bigtop Updated Branches: refs/heads/master 08af48ece -> 980e1883a
BIGTOP-3037: Download maven securely Signed-off-by: Olaf Flebbe <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/bigtop/repo Commit: http://git-wip-us.apache.org/repos/asf/bigtop/commit/980e1883 Tree: http://git-wip-us.apache.org/repos/asf/bigtop/tree/980e1883 Diff: http://git-wip-us.apache.org/repos/asf/bigtop/diff/980e1883 Branch: refs/heads/master Commit: 980e1883a66256b904cdcd11419f5745880ec55a Parents: 08af48e Author: Olaf Flebbe <[email protected]> Authored: Thu May 31 23:16:09 2018 +0200 Committer: Olaf Flebbe <[email protected]> Committed: Wed Jun 6 22:25:26 2018 +0200 ---------------------------------------------------------------------- bigtop_toolchain/manifests/ant.pp | 26 +++++++---------------- bigtop_toolchain/manifests/gnupg.pp | 36 ++++++++++++++++++++++++++++++++ bigtop_toolchain/manifests/maven.pp | 22 +++++++++++++------ 3 files changed, 59 insertions(+), 25 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/bigtop/blob/980e1883/bigtop_toolchain/manifests/ant.pp ---------------------------------------------------------------------- diff --git a/bigtop_toolchain/manifests/ant.pp b/bigtop_toolchain/manifests/ant.pp index 16471e5..c378d74 100644 --- a/bigtop_toolchain/manifests/ant.pp +++ b/bigtop_toolchain/manifests/ant.pp @@ -14,22 +14,13 @@ # limitations under the License. class bigtop_toolchain::ant { + + require bigtop_toolchain::gnupg + # Ant version restricted to 1.9 because 1.10 supports Java>=8 only. $ant = latest_ant_binary("1.9.[0-9]*") $apache_prefix = nearest_apache_mirror() - case $operatingsystem{ - /(?i:(centos|fedora))/: { - $pkg = "gnupg2" - } - /(?i:(SLES|opensuse))/: { - $pkg = "gpg2" - } - /(Ubuntu|Debian)/: { - $pkg = "gnupg" - } - } - exec {"/usr/bin/wget $apache_prefix/ant/binaries/$ant-bin.tar.gz": cwd => "/usr/src", unless => "/usr/bin/test -f /usr/src/$ant-bin.tar.gz", @@ -40,16 +31,13 @@ class bigtop_toolchain::ant { unless => "/usr/bin/test -f /usr/src/$ant-bin.tar.gz.asc", } ~> - package { $pkg: - } -> - - exec {"/usr/bin/gpg -v --verify --auto-key-retrieve --keyserver hkp://keyserver.ubuntu.com:80 $ant-bin.tar.gz.asc": - cwd => "/usr/src" + exec {"/usr/bin/$bigtop_toolchain::gnupg::cmd -v --verify --auto-key-retrieve --keyserver hkp://keyserver.ubuntu.com:80 $ant-bin.tar.gz.asc": + cwd => "/usr/src", } -> exec {"/bin/tar xvzf /usr/src/$ant-bin.tar.gz": - cwd => '/usr/local', - creates => "/usr/local/$ant", + cwd => '/usr/local', + creates => "/usr/local/$ant", } -> file {'/usr/local/ant': http://git-wip-us.apache.org/repos/asf/bigtop/blob/980e1883/bigtop_toolchain/manifests/gnupg.pp ---------------------------------------------------------------------- diff --git a/bigtop_toolchain/manifests/gnupg.pp b/bigtop_toolchain/manifests/gnupg.pp new file mode 100644 index 0000000..be76f05 --- /dev/null +++ b/bigtop_toolchain/manifests/gnupg.pp @@ -0,0 +1,36 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +class bigtop_toolchain::gnupg { + + case $operatingsystem { + /(?i:(centos|fedora))/: { + $pkg = "gnupg2" + $cmd = "gpg2" + } + /(?i:(SLES|opensuse))/: { + $pkg = "gpg2" + $cmd = "gpg" + } + /(Ubuntu|Debian)/: { + $pkg = "gnupg" + $cmd = "gpg" + } + } + + package { $pkg: + ensure => installed + } +} http://git-wip-us.apache.org/repos/asf/bigtop/blob/980e1883/bigtop_toolchain/manifests/maven.pp ---------------------------------------------------------------------- diff --git a/bigtop_toolchain/manifests/maven.pp b/bigtop_toolchain/manifests/maven.pp index adbb0c8..09c6853 100644 --- a/bigtop_toolchain/manifests/maven.pp +++ b/bigtop_toolchain/manifests/maven.pp @@ -14,6 +14,9 @@ # limitations under the License. class bigtop_toolchain::maven { + + require bigtop_toolchain::gnupg + $mvnversion = latest_maven_binary("3.5.[0-9]*") $mvn = "apache-maven-$mvnversion" @@ -22,17 +25,24 @@ class bigtop_toolchain::maven { exec {"/usr/bin/wget $apache_prefix/maven/maven-3/$mvnversion/binaries/$mvn-bin.tar.gz": cwd => "/usr/src", unless => "/usr/bin/test -f /usr/src/$mvn-bin.tar.gz", - } + } ~> + + exec {"/usr/bin/wget https://www.apache.org/dist/maven/maven-3/3.5.3/binaries/$mvn-bin.tar.gz.asc": + cwd => "/usr/src", + unless => "/usr/bin/test -f /usr/src/$mvn-bin.tar.gz.asc", + } ~> + + exec {"/usr/bin/$bigtop_toolchain::gnupg::cmd -v --verify --auto-key-retrieve --keyserver hkp://keyserver.ubuntu.com:80 $mvn-bin.tar.gz.asc": + cwd => "/usr/src", + } -> exec {"/bin/tar xvzf /usr/src/$mvn-bin.tar.gz": - cwd => '/usr/local', - creates => "/usr/local/$mvn", - require => Exec["/usr/bin/wget $apache_prefix/maven/maven-3/$mvnversion/binaries/$mvn-bin.tar.gz"], - } + cwd => '/usr/local', + creates => "/usr/local/$mvn", + } -> file {'/usr/local/maven': ensure => link, target => "/usr/local/$mvn", - require => Exec["/bin/tar xvzf /usr/src/$mvn-bin.tar.gz"], } }
