This changes makes the neccessary changes to enable the pkg to pass apples notarization requirements.
1. Drop 'Developer ID Installer:' from signing key. This lets sigining pick up the correct key for what is being signed.
2. Update inspec software definition to delete test dir from rubyzip gem because its fixtures contain zip files that the notarization service cannot inspect.
Signed-off-by: Jon Morrow <jmorrow@chef.io>
We thought we were riding the latest, but actually the overrides file wasn't wired up the same way it is in Chef. This properly sources that file and does a few other syncs from the chef config so we can diff things more easily.
Signed-off-by: Tim Smith <tsmith@chef.io>
Do not use omnibus-software gem definitions for installing gems,
and use the Gemfile in the inspec project as the source of truth.
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
* Modernize the kitchen config
This is basically the same one we use in chef/chef
* Modernize the omnibus deps
* Remove cookbook constraints
* Avoid security warnings when bundle installing
* Use the ruby-cleanup project to slim the omnibus package
We're using this in chef and DK to greatly reduce our artifact size. It's just a set of cleanup steps that are the same for all ruby omnibus projects.
Signed-off-by: Tim Smith <tsmith@chef.io>
* Enable compression for deb/rpm packages
In Chef we've seen this shrink package sizes by 22%. Should save us some sweet $$$ on the CDN costs.
* Maintain support for RHEL 5
Signed-off-by: Tim Smith <tsmith@chef.io>
* Pin RubyGems to 2.6.14
2.7.0 seems to have introduced an issue causing bundler to fail to
install in our Jenkins pipeline.
Signed-off-by: Adam Leff <adam@leff.co>
* Added comment explaining the pin
Signed-off-by: Adam Leff <adam@leff.co>
This reverts commit b803194abd.
Reverting this as we are investigating using an EV cert which has
instant reputation with Microsoft Smartscreen filter.
Signed-off-by: Seth Chisamore <schisamo@chef.io>
In #1454, we welcomed a newly-revamped JUnit formatter which has
a dependency on Nokogiri. Unfortunately, this had led us to problems
getting InSpec included in Chef omnibus builds (see chef/chef#5937)
because Chef is using Ruby 2.4.1 and the Nokogiri maintainers have
not yet released a windows binary gem that supports Ruby 2.4.x.
This has led to breaking builds in Chef's CI platform and would
block the acceptance of chef/chef#5937.
This change replaces Nokogiri use with REXML instead. While REXML
can be slower than Nokogiri, it does not require native extensions
and is supported on all Chef platforms.
Signed-off-by: Adam Leff <adam@leff.co>
The new JUnit formatter requires nokogiri, so we need
to build nokogiri via omnibus to ensure liblzma, etc.
is built as part of the omnibus package instead of
`gem` picking up a system liblzma, such as on Mac OS X.
Also bumping ruby to 2.3.1 to match ChefDK.
Signed-off-by: Adam Leff <adam@leff.co>
- Removes resource files which matched the default implementations
contained in omnibus.
- Removes software definition for train which will be installed via the
gem dependecies in the inspec defintion.
- Appbundle inspec to match our other ruby-based projects
- Update rubocop style violations
- Update copyright notices
Signed-off-by: Steven Danna <steve@chef.io>