From ab54e7fc193aff36cb1f118545e7b905c17e9550 Mon Sep 17 00:00:00 2001 From: Xorima <4923914+Xorima@users.noreply.github.com> Date: Fri, 18 Oct 2019 13:57:06 +0100 Subject: [PATCH] Cirlcleci 2.0 (#31) * Cirlcleci 2.0 * Yaml lint * delivery fixes * Lint fixes * Fixes * Use context for license * Revert context * Update installs * lint fix * remove amazon linux 1 * Split to capture status results from compile steps * Minor version bump * Fedora and CentOS packaging updates * Update install.rb * Fixes #39 * Fixes #37 * Fixes #36 * Fixes #40 * Removes Fedora and updates checksums for rpm package * Cookstyle fixes * fix file resource error --- .circleci/config.yml | 42 ++++++++-- .github/ISSUE_TEMPLATE.md | 20 ----- .github/PULL_REQUEST_TEMPLATE.md | 12 --- .github/lock.yml | 24 +----- .kitchen.dokken.yml | 83 ------------------- .mdlrc | 1 + .rubocop.yml | 3 - CHANGELOG.md | 10 ++- CONTRIBUTING.md | 1 - Dangerfile | 4 +- TESTING.md | 5 +- kitchen.dokken.yml | 47 +++++++++++ .kitchen.yml => kitchen.yml | 14 +--- libraries/helpers.rb | 2 +- metadata.rb | 4 +- resources/compile.rb | 18 ++-- resources/install.rb | 25 ++---- test/fixtures/cookbooks/test/metadata.rb | 2 +- .../cookbooks/test/recipes/default.rb | 2 +- test/integration/default/default_spec.rb | 6 +- 20 files changed, 122 insertions(+), 203 deletions(-) delete mode 100644 .github/ISSUE_TEMPLATE.md delete mode 100644 .github/PULL_REQUEST_TEMPLATE.md delete mode 100644 .kitchen.dokken.yml create mode 100644 .mdlrc delete mode 100644 .rubocop.yml create mode 100644 kitchen.dokken.yml rename .kitchen.yml => kitchen.yml (57%) diff --git a/.circleci/config.yml b/.circleci/config.yml index a4ac5cd..0e09df1 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,17 +1,41 @@ +--- +lint_and_unit: &lint_and_unit + - delivery + - danger + - lint-yaml + - lint-markdown version: 2.1 - orbs: - kitchen: sous-chefs/kitchen@1.0.0 - + kitchen: sous-chefs/kitchen@2 workflows: kitchen: jobs: + - kitchen/yamllint: + name: lint-yaml + - kitchen/mdlint: + name: lint-markdown - kitchen/danger: name: danger context: Danger - - kitchen/lint: - name: lint - # - kitchen/dokken: - # name: default - # suite: default - # requires: [ danger, lint ] \ No newline at end of file + - kitchen/delivery: + name: delivery + - kitchen/dokken-single: + name: default-debian-8 + suite: default-debian-8 + requires: *lint_and_unit + - kitchen/dokken-single: + name: default-debian-9 + suite: default-debian-9 + requires: *lint_and_unit + - kitchen/dokken-single: + name: default-centos-7 + suite: default-centos-7 + requires: *lint_and_unit + - kitchen/dokken-single: + name: default-ubuntu-1604 + suite: default-ubuntu-1604 + requires: *lint_and_unit + - kitchen/dokken-single: + name: default-ubuntu-1804 + suite: default-ubuntu-1804 + requires: *lint_and_unit diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md deleted file mode 100644 index 651e753..0000000 --- a/.github/ISSUE_TEMPLATE.md +++ /dev/null @@ -1,20 +0,0 @@ -### Cookbook version -[Version of the cookbook where you are encountering the issue] - -### Chef-client version -[Version of chef-client in your environment] - -### Platform Details -[Operating system distribution and release version. Cloud provider if running in the cloud] - -### Scenario: -[What you are trying to achieve and you can't?] - -### Steps to Reproduce: -[If you are filing an issue what are the things we need to do in order to repro your problem? How are you using this cookbook or any resources it includes?] - -### Expected Result: -[What are you expecting to happen as the consequence of above reproduction steps?] - -### Actual Result: -[What actually happens after the reproduction steps? Include the error output or a link to a gist if possible.] diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md deleted file mode 100644 index af09b2e..0000000 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ /dev/null @@ -1,12 +0,0 @@ -## Description - -[Describe what this change achieves] - -### Issues Resolved - -[List any existing issues this PR resolves] - -### Check List -- [ ] All tests pass. See https://github.com/sous-chefs/apache2/blob/master/TESTING.md -- [ ] New functionality includes testing. -- [ ] New functionality has been documented in the README if applicable diff --git a/.github/lock.yml b/.github/lock.yml index 9703715..b0262d4 100644 --- a/.github/lock.yml +++ b/.github/lock.yml @@ -1,28 +1,8 @@ -# Configuration for lock-threads - https://github.com/dessant/lock-threads - -# Number of days of inactivity before a closed issue or pull request is locked -daysUntilLock: 365 - -# Issues and pull requests with these labels will not be locked. Set to `[]` to disable +--- +daysUntilLock: 30 exemptLabels: [] - -# Label to add before locking, such as `outdated`. Set to `false` to disable lockLabel: false - -# Comment to post before locking. Set to `false` to disable lockComment: > This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. - -# Limit to only `issues` or `pulls` -# only: issues - -# Optionally, specify configuration settings just for `issues` or `pulls` -# issues: -# exemptLabels: -# - help-wanted -# lockLabel: outdated - -# pulls: -# daysUntilLock: 30 diff --git a/.kitchen.dokken.yml b/.kitchen.dokken.yml deleted file mode 100644 index a083a06..0000000 --- a/.kitchen.dokken.yml +++ /dev/null @@ -1,83 +0,0 @@ -driver: - name: dokken - privileged: true # because Docker and SystemD/Upstart - chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> - env: [CHEF_LICENSE=accept] - -transport: - name: dokken - -provisioner: - name: dokken - deprecations_as_errors: true - -platforms: -- name: amazonlinux - driver: - image: dokken/amazonlinux - pid_one_command: /sbin/init - -- name: debian-8 - driver: - image: dokken/debian-8 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - -- name: debian-9 - driver: - image: dokken/debian-9 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - -- name: centos-6 - driver: - image: dokken/centos-6 - pid_one_command: /sbin/init - -- name: centos-7 - driver: - image: dokken/centos-7 - pid_one_command: /usr/lib/systemd/systemd - -- name: fedora-26 - driver: - image: dokken/fedora-26 - pid_one_command: /usr/lib/systemd/systemd - -- name: fedora-27 - driver: - image: dokken/fedora-27 - pid_one_command: /usr/lib/systemd/systemd - -- name: fedora-latest - driver: - image: dokken/fedora-latest - pid_one_command: /usr/lib/systemd/systemd - -- name: ubuntu-14.04 - driver: - image: dokken/ubuntu-14.04 - pid_one_command: /sbin/init - intermediate_instructions: - - RUN /usr/bin/apt-get update - -- name: ubuntu-16.04 - driver: - image: dokken/ubuntu-16.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - -- name: ubuntu-18.04 - driver: - image: dokken/ubuntu-18.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - -- name: opensuse-leap - driver: - image: dokken/opensuse-leap - pid_one_command: /bin/systemd diff --git a/.mdlrc b/.mdlrc new file mode 100644 index 0000000..b7e0825 --- /dev/null +++ b/.mdlrc @@ -0,0 +1 @@ +rules "~MD013" diff --git a/.rubocop.yml b/.rubocop.yml deleted file mode 100644 index 6562000..0000000 --- a/.rubocop.yml +++ /dev/null @@ -1,3 +0,0 @@ -AllCops: - Exclude: - - 'Dangerfile' diff --git a/CHANGELOG.md b/CHANGELOG.md index 8aa76d3..d432b64 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ This file is used to list changes made in each version of the snort cookbook. +## v4.0.2 (2019-06-25) + +- Added CircleCI 2.0 support + ## v4.0.1 (2018-12-14) - Updated checksums for the snort package on CentOS and Fedora @@ -31,7 +35,7 @@ This file is used to list changes made in each version of the snort cookbook. - Added new snort_service custom resource and a _service.rb recipe. The recipe is called by the default.rb recipe. The custom resource can be used to write wrapper cookbooks and supports the standard service actions (enable, start, restart, reload). The custom resource used the new Chef 12.5 customer resource format and the compat_resource cookbook for compatibility with 12.0+ -## v1.1.0: +## v1.1.0 - Updated to the latest daq and snort packages for RHEL - Added Chefspecs for RHEL/Debian platforms @@ -45,7 +49,7 @@ This file is used to list changes made in each version of the snort cookbook. - Removed references to database output from the Readme - Added a Rakefile for simplified testing -## v1.0.0: +## v1.0.0 - Updated to the latest Snort packages on RHEL / Fedora. For RHEL the minimum supported release is now RHEL 7 due to Snort requirements - The default package action is now install and not upgrade to prevent service restarts on Chef runs @@ -58,6 +62,6 @@ This file is used to list changes made in each version of the snort cookbook. - Added a Gemfile with development dependencies - Added a Berksfile for development dependencies -## v0.10.0: +## v0.10.0 - [COOK-1512] - Update SNORT cookbook with upstream changes for RHEL platforms diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ff4f1d9..ffc11b7 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -10,7 +10,6 @@ The master branch is the current committed changes. These changes may not yet be All releases are tagged in git. To see the releases available to you see the changelog or the tags directly. - ## Pull requests - diff --git a/Dangerfile b/Dangerfile index cf0c5e2..2d99dba 100644 --- a/Dangerfile +++ b/Dangerfile @@ -25,13 +25,13 @@ def test_changes? false end -fail 'Please provide a summary of your Pull Request.' if github.pr_body.length < 10 +failure 'Please provide a summary of your Pull Request.' if github.pr_body.length < 10 warn 'This is a big Pull Request.' if git.lines_of_code > 400 # Require a CHANGELOG entry for non-test changes. if !git.modified_files.include?('CHANGELOG.md') && code_changes? - fail 'Please include a CHANGELOG entry.' + failure 'Please include a CHANGELOG entry.' end # A sanity check for tests. diff --git a/TESTING.md b/TESTING.md index ca524ab..920e381 100644 --- a/TESTING.md +++ b/TESTING.md @@ -1,2 +1,3 @@ -Please refer to -https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/TESTING.MD +# Testing + +Please refer to [the community cookbook documentation on testing](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/TESTING.MD). diff --git a/kitchen.dokken.yml b/kitchen.dokken.yml new file mode 100644 index 0000000..9803344 --- /dev/null +++ b/kitchen.dokken.yml @@ -0,0 +1,47 @@ +--- +driver: + name: dokken + privileged: true + chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> + env: [CHEF_LICENSE=accept] + +transport: + name: dokken + +provisioner: + name: dokken + deprecations_as_errors: true + +platforms: + - name: debian-8 + driver: + image: dokken/debian-8 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: debian-9 + driver: + image: dokken/debian-9 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: centos-7 + driver: + image: dokken/centos-7 + pid_one_command: /usr/lib/systemd/systemd + + - name: ubuntu-16.04 + driver: + image: dokken/ubuntu-16.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: ubuntu-18.04 + driver: + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update diff --git a/.kitchen.yml b/kitchen.yml similarity index 57% rename from .kitchen.yml rename to kitchen.yml index 0bc1be6..0310841 100644 --- a/.kitchen.yml +++ b/kitchen.yml @@ -1,3 +1,4 @@ +--- driver: name: vagrant @@ -12,10 +13,6 @@ verifier: name: inspec platforms: - - name: amazon-linux - driver_config: - box: mvbcoding/awslinux - - name: centos-6 - name: centos-7 - name: debian-8 - name: debian-9 @@ -24,9 +21,6 @@ platforms: - name: ubuntu-16.04 suites: - - name: default - run_list: - - recipe[test::default] - attributes: - oink_code: <%= ENV['SNORT_LICENCE'] %> - community_rules_url: <%= ENV['COMMUNITY_URL'] %> + - name: default + run_list: + - recipe[test::default] diff --git a/libraries/helpers.rb b/libraries/helpers.rb index f58ca4c..88f6df1 100644 --- a/libraries/helpers.rb +++ b/libraries/helpers.rb @@ -10,7 +10,7 @@ def system_lib_dir def package_suffix if platform?('fedora') - '.f25' + '.f29' else '.centos7' end diff --git a/metadata.rb b/metadata.rb index de79ac8..ead5434 100644 --- a/metadata.rb +++ b/metadata.rb @@ -3,8 +3,8 @@ maintainer_email 'help@sous-chefs.org' license 'Apache-2.0' description 'Installs Snort IDS packages' -long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version '4.0.1' + +version '4.0.2' chef_version '>= 13.0' source_url 'https://github.com/sous-chefs/snort' issues_url 'https://github.com/sous-chefs/snort/issues' diff --git a/resources/compile.rb b/resources/compile.rb index ecde624..b41ae10 100644 --- a/resources/compile.rb +++ b/resources/compile.rb @@ -57,21 +57,21 @@ execute 'Compile DAQ' do cwd daq_path - command <<-EOH - ./configure - make - make install - EOH + command './configure && make && make install' action :nothing end execute 'Compile snort' do + cwd snort_path + command './configure --enable-sourcefire --disable-open-appid && make && make install && ldconfig' + action :nothing + + notifies :run, 'execute[Post-compile steps]', :immediately + end + + execute 'Post-compile steps' do cwd snort_path command <<-EOH - ./configure --enable-sourcefire - make - make install - ldconfig ln -s /usr/local/bin/snort /usr/sbin/snort cp #{snort_path}/etc/*.conf* /etc/snort cp #{snort_path}/etc/*.map* /etc/snort diff --git a/resources/install.rb b/resources/install.rb index 483fc2f..d3b2081 100644 --- a/resources/install.rb +++ b/resources/install.rb @@ -29,9 +29,9 @@ property :checksum, [String, nil], default: lazy { case node['platform_family'] when 'rhel' - 'c0b9d7e855424b63efda0d443a2da30d16537ed827e7fdeb72a7e2a8c98d8393' + 'a57088d06efa670ee5f4ee6f264d04abaea361852892b88b7c28496d41adb66c' when 'fedora' - '381f2b634ccb9559523e94062de9ffbbdcc5fc3c0f8cbfb51d2eaaa417533c95' + '8a86694c7242287b6593fb29ee4f6490772776099b91783b7697da4bce01a32f' end } property :daq_checksum, [String, nil], default: lazy { @@ -43,7 +43,7 @@ end } property :rpm_version, String, default: lazy { snort_version } -property :snort_version, String, default: '2.9.12-1' +property :snort_version, String, default: '2.9.15-1' property :daq_version, String, default: '2.0.6-1' property :install_type, String, default: 'package', equal_to: %w(package compile) property :daq_tar, [String, nil] # If you want to override the daq_tar pass in the full url e.g. https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz @@ -76,10 +76,9 @@ source 'snort.seed.erb' cookbook 'snort' mode '0755' - variables( - home_net: new_resource.home_net, - interface: new_resource.interface.nil? ? default_interface : new_resource.interface # Use computed interface if we haven't passed one in - ) + variables(home_net: new_resource.home_net, + interface: new_resource.interface.nil? ? default_interface : new_resource.interface # Use computed interface if we haven't passed one in + ) notifies :run, 'execute[preseed snort]', :immediately end @@ -98,17 +97,7 @@ # snort needs libnghttp2 from EPEL include_recipe 'yum-epel::default' if platform_family?('rhel') - daq_rpm = "daq-#{new_resource.daq_version}#{package_suffix}.x86_64.rpm" - - remote_file "#{Chef::Config[:file_cache_path]}/#{daq_rpm}" do - source "https://www.snort.org/downloads/snort/#{daq_rpm}" - checksum new_resource.daq_checksum - mode '0644' - end - - package 'daq' do - source "#{Chef::Config[:file_cache_path]}/#{daq_rpm}" - end + package 'daq' snort_rpm = "snort-#{new_resource.rpm_version + package_suffix}.x86_64.rpm" diff --git a/test/fixtures/cookbooks/test/metadata.rb b/test/fixtures/cookbooks/test/metadata.rb index a3faebd..835b2b4 100644 --- a/test/fixtures/cookbooks/test/metadata.rb +++ b/test/fixtures/cookbooks/test/metadata.rb @@ -3,7 +3,7 @@ name 'test' maintainer 'Sous Chefs' maintainer_email 'help@sous-chefs.org' -license 'Apache 2.0' +license 'Apache-2.0' description 'Testing cookbook for snort' version '0.0.1' depends 'snort' diff --git a/test/fixtures/cookbooks/test/recipes/default.rb b/test/fixtures/cookbooks/test/recipes/default.rb index 35f1bd1..f7583c8 100644 --- a/test/fixtures/cookbooks/test/recipes/default.rb +++ b/test/fixtures/cookbooks/test/recipes/default.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true snort_install 'none' do - install_type node['platform'] == 'debian' ? 'compile' : 'package' + install_type platform?('debian') ? 'compile' : 'package' end snort_config 'hello' do diff --git a/test/integration/default/default_spec.rb b/test/integration/default/default_spec.rb index 2d4804e..b21513a 100644 --- a/test/integration/default/default_spec.rb +++ b/test/integration/default/default_spec.rb @@ -1,7 +1,5 @@ -describe 'snort package' do - it 'should be installed' do - expect(file('/usr/sbin/snort')).to exist - end +describe file('/usr/sbin/snort') do + it { should exist } end if os[:family] == 'redhat' || os[:family] == 'fedora'