diff options
| author | Olaf Flebbe <of@oflebbe.de> | 2018-05-31 23:16:09 +0200 |
|---|---|---|
| committer | Olaf Flebbe <of@oflebbe.de> | 2018-06-06 22:25:26 +0200 |
| commit | 980e1883a66256b904cdcd11419f5745880ec55a (patch) | |
| tree | ae2620f549f5183f787ba07d5ce845414aeeda31 | |
| parent | 08af48ece38bc48b0552c4a4b453f0305c47c405 (diff) | |
BIGTOP-3037: Download maven securely
Signed-off-by: Olaf Flebbe <of@oflebbe.de>
| -rw-r--r-- | bigtop_toolchain/manifests/ant.pp | 26 | ||||
| -rw-r--r-- | bigtop_toolchain/manifests/gnupg.pp | 36 | ||||
| -rw-r--r-- | bigtop_toolchain/manifests/maven.pp | 22 |
3 files changed, 59 insertions, 25 deletions
diff --git a/bigtop_toolchain/manifests/ant.pp b/bigtop_toolchain/manifests/ant.pp index 16471e51..c378d741 100644 --- a/bigtop_toolchain/manifests/ant.pp +++ b/bigtop_toolchain/manifests/ant.pp @@ -14,22 +14,13 @@ # limitations under the License. class bigtop_toolchain::ant { + + require bigtop_toolchain::gnupg + # Ant version restricted to 1.9 because 1.10 supports Java>=8 only. $ant = latest_ant_binary("1.9.[0-9]*") $apache_prefix = nearest_apache_mirror() - case $operatingsystem{ - /(?i:(centos|fedora))/: { - $pkg = "gnupg2" - } - /(?i:(SLES|opensuse))/: { - $pkg = "gpg2" - } - /(Ubuntu|Debian)/: { - $pkg = "gnupg" - } - } - exec {"/usr/bin/wget $apache_prefix/ant/binaries/$ant-bin.tar.gz": cwd => "/usr/src", unless => "/usr/bin/test -f /usr/src/$ant-bin.tar.gz", @@ -40,16 +31,13 @@ class bigtop_toolchain::ant { unless => "/usr/bin/test -f /usr/src/$ant-bin.tar.gz.asc", } ~> - package { $pkg: - } -> - - exec {"/usr/bin/gpg -v --verify --auto-key-retrieve --keyserver hkp://keyserver.ubuntu.com:80 $ant-bin.tar.gz.asc": - cwd => "/usr/src" + exec {"/usr/bin/$bigtop_toolchain::gnupg::cmd -v --verify --auto-key-retrieve --keyserver hkp://keyserver.ubuntu.com:80 $ant-bin.tar.gz.asc": + cwd => "/usr/src", } -> exec {"/bin/tar xvzf /usr/src/$ant-bin.tar.gz": - cwd => '/usr/local', - creates => "/usr/local/$ant", + cwd => '/usr/local', + creates => "/usr/local/$ant", } -> file {'/usr/local/ant': diff --git a/bigtop_toolchain/manifests/gnupg.pp b/bigtop_toolchain/manifests/gnupg.pp new file mode 100644 index 00000000..be76f05a --- /dev/null +++ b/bigtop_toolchain/manifests/gnupg.pp @@ -0,0 +1,36 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +class bigtop_toolchain::gnupg { + + case $operatingsystem { + /(?i:(centos|fedora))/: { + $pkg = "gnupg2" + $cmd = "gpg2" + } + /(?i:(SLES|opensuse))/: { + $pkg = "gpg2" + $cmd = "gpg" + } + /(Ubuntu|Debian)/: { + $pkg = "gnupg" + $cmd = "gpg" + } + } + + package { $pkg: + ensure => installed + } +} diff --git a/bigtop_toolchain/manifests/maven.pp b/bigtop_toolchain/manifests/maven.pp index adbb0c8f..09c6853e 100644 --- a/bigtop_toolchain/manifests/maven.pp +++ b/bigtop_toolchain/manifests/maven.pp @@ -14,6 +14,9 @@ # limitations under the License. class bigtop_toolchain::maven { + + require bigtop_toolchain::gnupg + $mvnversion = latest_maven_binary("3.5.[0-9]*") $mvn = "apache-maven-$mvnversion" @@ -22,17 +25,24 @@ class bigtop_toolchain::maven { exec {"/usr/bin/wget $apache_prefix/maven/maven-3/$mvnversion/binaries/$mvn-bin.tar.gz": cwd => "/usr/src", unless => "/usr/bin/test -f /usr/src/$mvn-bin.tar.gz", - } + } ~> + + exec {"/usr/bin/wget https://www.apache.org/dist/maven/maven-3/3.5.3/binaries/$mvn-bin.tar.gz.asc": + cwd => "/usr/src", + unless => "/usr/bin/test -f /usr/src/$mvn-bin.tar.gz.asc", + } ~> + + exec {"/usr/bin/$bigtop_toolchain::gnupg::cmd -v --verify --auto-key-retrieve --keyserver hkp://keyserver.ubuntu.com:80 $mvn-bin.tar.gz.asc": + cwd => "/usr/src", + } -> exec {"/bin/tar xvzf /usr/src/$mvn-bin.tar.gz": - cwd => '/usr/local', - creates => "/usr/local/$mvn", - require => Exec["/usr/bin/wget $apache_prefix/maven/maven-3/$mvnversion/binaries/$mvn-bin.tar.gz"], - } + cwd => '/usr/local', + creates => "/usr/local/$mvn", + } -> file {'/usr/local/maven': ensure => link, target => "/usr/local/$mvn", - require => Exec["/bin/tar xvzf /usr/src/$mvn-bin.tar.gz"], } } |