├── .gitignore ├── .gitlab-ci.yml ├── .gitlab ├── package.yml └── test.yml ├── LICENSE ├── README.md ├── build-source.sh ├── build.sh ├── caching.sh ├── docker.sh ├── patch.sh ├── publish-gems.sh ├── scripts ├── install-biome.sh ├── install-cinc-macos.sh ├── install-cinc.ps1 ├── uninstall-cinc-macos.sh └── uninstall-cinc.ps1 └── test └── integration ├── cinc-sources ├── README.md ├── controls │ └── source_spec.rb ├── inspec.lock └── inspec.yml └── cinc-tests ├── README.md ├── controls ├── executables.rb ├── fips_mode.rb └── win-executables.rb ├── inspec.lock └── inspec.yml /.gitignore: -------------------------------------------------------------------------------- 1 | /bundle/* 2 | /cache/* 3 | /chef* 4 | /chef-zero* 5 | /inspec* 6 | /omnibus-software* 7 | -------------------------------------------------------------------------------- /.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | image: cincproject/omnibus-debian 3 | 4 | stages: 5 | - patch 6 | - package 7 | - test 8 | - cleanup 9 | - deploy 10 | - publish 11 | 12 | variables: 13 | ORIGIN: https://github.com/chef/chef.git 14 | REF: main 15 | CHANNEL: unstable 16 | CINC_PRODUCT: cinc 17 | CINC_FOUNDATION_VERSION: "3.2.8" 18 | OMNIBUS_FIPS_MODE: "true" 19 | GIT_CACHE: "false" 20 | HAB_ORIGIN: cinc 21 | HAB_NONINTERACTIVE: "true" 22 | OMNIBUS_LOG_LEVEL: "info" 23 | 24 | workflow: 25 | rules: 26 | # Run if we trigger a pipeline from the web 27 | - if: $CI_PIPELINE_SOURCE == "web" 28 | # Run if we trigger a pipeline from another project (i.e. upstream/chef) 29 | - if: $CI_PIPELINE_SOURCE == "pipeline" 30 | # Run if this is a merge request 31 | - if: $CI_MERGE_REQUEST_ID 32 | 33 | include: 34 | - local: .gitlab/package.yml 35 | - local: .gitlab/test.yml 36 | 37 | patch: 38 | stage: patch 39 | tags: 40 | - docker-x86_64 41 | script: 42 | - ./patch.sh 43 | artifacts: 44 | expire_in: 1mo 45 | paths: 46 | - chef/ 47 | 48 | .bio_setup: 49 | before_script: 50 | - scripts/install-biome.sh 51 | 52 | # Package stage 53 | 54 | package:source: 55 | stage: package 56 | needs: 57 | - patch 58 | tags: 59 | - docker-x86_64 60 | script: 61 | - ./build-source.sh cinc chef 62 | artifacts: 63 | expire_in: 1mo 64 | paths: 65 | - source/* 66 | 67 | package:bio:linux: 68 | stage: package 69 | extends: 70 | - .bio_setup 71 | allow_failure: true 72 | tags: 73 | - docker-x86_64 74 | needs: 75 | - patch 76 | script: 77 | - bio pkg build ./chef 78 | artifacts: 79 | paths: 80 | - results/*.hart 81 | 82 | package:amazonlinux-2023:x86_64: 83 | extends: .package:amazonlinux 84 | image: cincproject/omnibus-amazonlinux:2023 85 | cache: 86 | key: amazonlinux:2023:x86_64 87 | tags: 88 | - docker-x86_64 89 | variables: 90 | PLATFORM_VER: "2023" 91 | 92 | package:amazonlinux-2023:aarch64: 93 | extends: .package:amazonlinux 94 | image: cincproject/omnibus-amazonlinux:2023 95 | cache: 96 | key: amazonlinux:2023:aarch64 97 | tags: 98 | - docker-aarch64-v8.2-a 99 | variables: 100 | PLATFORM_VER: "2023" 101 | OMNIBUS_FIPS_MODE: "false" 102 | 103 | package:centos-8:x86_64: 104 | extends: .package:centos 105 | image: cincproject/omnibus-almalinux:8 106 | cache: 107 | key: centos-stream:8:x86_64 108 | tags: 109 | - docker-x86_64 110 | variables: 111 | PLATFORM_VER: "8" 112 | 113 | package:centos-8:aarch64: 114 | extends: .package:centos 115 | image: cincproject/omnibus-almalinux:8 116 | cache: 117 | key: centos-stream:8:aarch64 118 | tags: 119 | - docker-aarch64 120 | variables: 121 | PLATFORM_VER: "8" 122 | OMNIBUS_FIPS_MODE: "false" 123 | 124 | package:centos-8:ppc64le: 125 | extends: .package:centos 126 | image: cincproject/omnibus-almalinux:8 127 | cache: 128 | key: centos-stream:8:ppc64le 129 | tags: 130 | - docker-ppc64le 131 | variables: 132 | PLATFORM_VER: "8" 133 | 134 | package:centos-8:s390x: 135 | extends: .package:centos 136 | image: cincproject/omnibus-almalinux:8 137 | cache: 138 | key: centos:8:s390x 139 | tags: 140 | - docker-s390x 141 | needs: 142 | - patch 143 | variables: 144 | PLATFORM_VER: "8" 145 | 146 | package:centos-9:x86_64: 147 | extends: .package:centos 148 | image: cincproject/omnibus-almalinux:9 149 | cache: 150 | key: centos-stream:9:x86_64 151 | tags: 152 | - docker-x86_64 153 | variables: 154 | PLATFORM_VER: "9" 155 | 156 | package:centos-9:aarch64: 157 | extends: .package:centos 158 | image: cincproject/omnibus-almalinux:9 159 | cache: 160 | key: centos-stream:9:aarch64 161 | tags: 162 | - docker-aarch64 163 | variables: 164 | PLATFORM_VER: "9" 165 | OMNIBUS_FIPS_MODE: "false" 166 | 167 | package:centos-9:ppc64le: 168 | extends: .package:centos 169 | image: cincproject/omnibus-almalinux:9 170 | cache: 171 | key: centos-stream:9:ppc64le 172 | tags: 173 | - docker-ppc64le-p9 174 | variables: 175 | PLATFORM_VER: "9" 176 | 177 | package:centos-9:s390x: 178 | extends: .package:centos 179 | image: cincproject/omnibus-almalinux:9 180 | cache: 181 | key: centos:9:s390x 182 | tags: 183 | - docker-s390x 184 | needs: 185 | - patch 186 | variables: 187 | PLATFORM_VER: "9" 188 | 189 | package:debian-11:x86_64: 190 | extends: .package:debian 191 | image: cincproject/omnibus-debian:11 192 | cache: 193 | key: debian:11:x86_64 194 | tags: 195 | - docker-x86_64 196 | variables: 197 | PLATFORM_VER: "11" 198 | 199 | package:debian-11:aarch64: 200 | extends: .package:debian 201 | image: cincproject/omnibus-debian:11 202 | cache: 203 | key: debian:11:aarch64 204 | tags: 205 | - docker-aarch64 206 | variables: 207 | PLATFORM_VER: "11" 208 | OMNIBUS_FIPS_MODE: "false" 209 | 210 | package:debian-12:x86_64: 211 | extends: .package:debian 212 | image: cincproject/omnibus-debian:12 213 | cache: 214 | key: debian:12:x86_64 215 | tags: 216 | - docker-x86_64 217 | variables: 218 | PLATFORM_VER: "12" 219 | 220 | package:debian-12:aarch64: 221 | extends: .package:debian 222 | image: cincproject/omnibus-debian:12 223 | cache: 224 | key: debian:12:aarch64 225 | tags: 226 | - docker-aarch64 227 | variables: 228 | PLATFORM_VER: "12" 229 | OMNIBUS_FIPS_MODE: "false" 230 | 231 | package:macos-11: 232 | extends: .package:macos 233 | cache: 234 | key: macos:11 235 | tags: 236 | - macos-11 237 | variables: 238 | PLATFORM_VER: "11" 239 | OMNIBUS_FIPS_MODE: "false" 240 | 241 | package:macos-12: 242 | extends: .package:macos 243 | cache: 244 | key: macos:12 245 | tags: 246 | - macos-12 247 | variables: 248 | PLATFORM_VER: "12" 249 | OMNIBUS_FIPS_MODE: "false" 250 | 251 | package:macos-12:aarch64: 252 | extends: .package:macos 253 | cache: 254 | key: macos:12:aarch64 255 | tags: 256 | - macos-12-aarch64 257 | variables: 258 | PLATFORM_VER: "12" 259 | OMNIBUS_FIPS_MODE: "false" 260 | 261 | package:macos-13: 262 | extends: .package:macos 263 | cache: 264 | key: macos:13 265 | tags: 266 | - macos-13 267 | variables: 268 | PLATFORM_VER: "13" 269 | OMNIBUS_FIPS_MODE: "false" 270 | 271 | package:macos-13:aarch64: 272 | extends: .package:macos 273 | cache: 274 | key: macos:13:aarch64 275 | tags: 276 | - macos-13-aarch64 277 | variables: 278 | PLATFORM_VER: "13" 279 | OMNIBUS_FIPS_MODE: "false" 280 | 281 | package:opensuse-15:x86_64: 282 | extends: .package:opensuse 283 | image: cincproject/omnibus-opensuse:15.2 284 | cache: 285 | key: opensuse:15:x86_64 286 | tags: 287 | - docker-x86_64 288 | variables: 289 | PLATFORM_VER: "15" 290 | 291 | package:opensuse-15:aarch64: 292 | extends: .package:opensuse 293 | image: cincproject/omnibus-opensuse:15.2 294 | cache: 295 | key: opensuse:15:aarch64 296 | tags: 297 | - docker-aarch64 298 | variables: 299 | PLATFORM_VER: "15" 300 | OMNIBUS_FIPS_MODE: "false" 301 | 302 | package:windows-2012r2: 303 | extends: .package:windows 304 | cache: 305 | key: windows-2012r2 306 | tags: 307 | - windows-x64-ucrt64 308 | variables: 309 | PLATFORM_VER: "2012r2" 310 | # https://discourse.chef.io/t/chef-infra-client-18-0-169-released/21570#known-issues-5 311 | OMNIBUS_FIPS_MODE: "false" 312 | 313 | package:ubuntu-18.04:x86_64: 314 | extends: .package:ubuntu 315 | image: cincproject/omnibus-ubuntu:18.04 316 | cache: 317 | key: ubuntu:18.04:x86_64 318 | tags: 319 | - docker-x86_64 320 | variables: 321 | PLATFORM_VER: "18.04" 322 | 323 | package:ubuntu-18.04:aarch64: 324 | extends: .package:ubuntu 325 | image: cincproject/omnibus-ubuntu:18.04 326 | cache: 327 | key: ubuntu:18.04:aarch64 328 | tags: 329 | - docker-aarch64 330 | variables: 331 | PLATFORM_VER: "18.04" 332 | OMNIBUS_FIPS_MODE: "false" 333 | 334 | package:rockylinux-8:x86_64: 335 | extends: .package:rockylinux 336 | image: cincproject/omnibus-rockylinux:8 337 | cache: 338 | key: rockylinux:8:x86_64 339 | tags: 340 | - docker-x86_64 341 | variables: 342 | PLATFORM_VER: "8" 343 | 344 | package:rockylinux-8:aarch64: 345 | extends: .package:rockylinux 346 | image: cincproject/omnibus-rockylinux:8 347 | cache: 348 | key: rockylinux:8:aarch64 349 | tags: 350 | - docker-aarch64 351 | variables: 352 | PLATFORM_VER: "8" 353 | OMNIBUS_FIPS_MODE: "false" 354 | 355 | package:rockylinux-9:x86_64: 356 | extends: .package:rockylinux 357 | image: cincproject/omnibus-rockylinux:9 358 | cache: 359 | key: rockylinux:9:x86_64 360 | tags: 361 | - docker-x86_64 362 | variables: 363 | PLATFORM_VER: "9" 364 | 365 | package:rockylinux-9:aarch64: 366 | extends: .package:rockylinux 367 | image: cincproject/omnibus-rockylinux:9 368 | cache: 369 | key: rockylinux:9:aarch64 370 | tags: 371 | - docker-aarch64 372 | variables: 373 | PLATFORM_VER: "9" 374 | OMNIBUS_FIPS_MODE: "false" 375 | 376 | package:ubuntu-20.04:x86_64: 377 | extends: .package:ubuntu 378 | image: cincproject/omnibus-ubuntu:20.04 379 | cache: 380 | key: ubuntu:20.04:x86_64 381 | tags: 382 | - docker-x86_64 383 | variables: 384 | PLATFORM_VER: "20.04" 385 | 386 | package:ubuntu-20.04:aarch64: 387 | extends: .package:ubuntu 388 | image: cincproject/omnibus-ubuntu:20.04 389 | cache: 390 | key: ubuntu:20.04:aarch64 391 | tags: 392 | - docker-aarch64 393 | variables: 394 | PLATFORM_VER: "20.04" 395 | OMNIBUS_FIPS_MODE: "false" 396 | 397 | package:ubuntu-22.04:x86_64: 398 | extends: .package:ubuntu 399 | image: cincproject/omnibus-ubuntu:22.04 400 | cache: 401 | key: ubuntu:22.04:x86_64 402 | tags: 403 | - docker-x86_64 404 | variables: 405 | PLATFORM_VER: "22.04" 406 | 407 | package:ubuntu-22.04:aarch64: 408 | extends: .package:ubuntu 409 | image: cincproject/omnibus-ubuntu:22.04 410 | cache: 411 | key: ubuntu:22.04:aarch64 412 | tags: 413 | - docker-aarch64 414 | variables: 415 | PLATFORM_VER: "22.04" 416 | OMNIBUS_FIPS_MODE: "false" 417 | 418 | # Test stage 419 | test:bio:linux: 420 | stage: test 421 | extends: 422 | - .bio_setup 423 | allow_failure: true 424 | tags: 425 | - docker-x86_64 426 | needs: 427 | - package:bio:linux 428 | script: 429 | - bio install results/*.hart --binlink 430 | - export CINC_PATH=$(bio pkg path cincproject/cinc-client) 431 | - export GEM_PATH=${CINC_PATH}/vendor:$GEM_PATH 432 | - ln -s $CINC_PATH /opt/cinc 433 | - mkdir /opt/cinc/embedded 434 | - ln -s /opt/cinc/bin /opt/cinc/embedded/bin 435 | - ln -s $(bio pkg path core/ruby31)/bin/ruby /opt/cinc/embedded/bin/ruby 436 | - cinc-auditor exec test/integration/cinc-tests --no-distinct-exit --reporter cli junit:junit.xml 437 | artifacts: 438 | reports: 439 | junit: junit.xml 440 | variables: 441 | APPBUNDLER_ALLOW_RVM: "true" 442 | HAB_TEST: "true" 443 | 444 | test:amazonlinux-2023:x86_64: 445 | extends: .test:amazonlinux 446 | image: cincproject/omnibus-amazonlinux:2023 447 | needs: 448 | - package:amazonlinux-2023:x86_64 449 | tags: 450 | - docker-x86_64 451 | variables: 452 | PLATFORM_VER: "2023" 453 | 454 | test:amazonlinux-2023:aarch64: 455 | extends: .test:amazonlinux 456 | image: cincproject/omnibus-amazonlinux:2023 457 | needs: 458 | - package:amazonlinux-2023:aarch64 459 | tags: 460 | - docker-aarch64-v8.2-a 461 | variables: 462 | PLATFORM_VER: "2023" 463 | 464 | test:centos-8:x86_64: 465 | extends: .test:centos 466 | image: cincproject/omnibus-almalinux:8 467 | needs: 468 | - package:centos-8:x86_64 469 | tags: 470 | - docker-x86_64 471 | variables: 472 | PLATFORM_VER: "8" 473 | 474 | test:centos-8:aarch64: 475 | extends: .test:centos 476 | image: cincproject/omnibus-almalinux:8 477 | needs: 478 | - package:centos-8:aarch64 479 | tags: 480 | - docker-aarch64 481 | variables: 482 | PLATFORM_VER: "8" 483 | 484 | test:centos-8:ppc64le: 485 | extends: .test:centos 486 | image: cincproject/omnibus-almalinux:8 487 | needs: 488 | - package:centos-8:ppc64le 489 | tags: 490 | - docker-ppc64le 491 | variables: 492 | PLATFORM_VER: "8" 493 | 494 | test:centos-8:s390x: 495 | extends: .test:centos 496 | image: cincproject/omnibus-almalinux:8 497 | needs: 498 | - package:centos-8:s390x 499 | tags: 500 | - docker-s390x 501 | variables: 502 | PLATFORM_VER: "8" 503 | 504 | test:centos-9:x86_64: 505 | extends: .test:centos 506 | image: cincproject/omnibus-almalinux:9 507 | needs: 508 | - package:centos-9:x86_64 509 | tags: 510 | - docker-x86_64 511 | variables: 512 | PLATFORM_VER: "9" 513 | 514 | test:centos-9:aarch64: 515 | extends: .test:centos 516 | image: cincproject/omnibus-almalinux:9 517 | needs: 518 | - package:centos-9:aarch64 519 | tags: 520 | - docker-aarch64 521 | variables: 522 | PLATFORM_VER: "9" 523 | 524 | test:centos-9:ppc64le: 525 | extends: .test:centos 526 | image: cincproject/omnibus-almalinux:9 527 | needs: 528 | - package:centos-9:ppc64le 529 | tags: 530 | - docker-ppc64le-p9 531 | variables: 532 | PLATFORM_VER: "9" 533 | 534 | test:centos-9:s390x: 535 | extends: .test:centos 536 | image: cincproject/omnibus-almalinux:9 537 | needs: 538 | - package:centos-9:s390x 539 | tags: 540 | - docker-s390x 541 | variables: 542 | PLATFORM_VER: "9" 543 | 544 | test:debian-11:x86_64: 545 | extends: .test:debian 546 | image: cincproject/omnibus-debian:11 547 | needs: 548 | - package:debian-11:x86_64 549 | tags: 550 | - docker-x86_64 551 | variables: 552 | PLATFORM_VER: "11" 553 | 554 | test:debian-11:aarch64: 555 | extends: .test:debian 556 | image: cincproject/omnibus-debian:11 557 | needs: 558 | - package:debian-11:aarch64 559 | tags: 560 | - docker-aarch64 561 | variables: 562 | PLATFORM_VER: "11" 563 | 564 | test:debian-12:x86_64: 565 | extends: .test:debian 566 | image: cincproject/omnibus-debian:12 567 | needs: 568 | - package:debian-12:x86_64 569 | tags: 570 | - docker-x86_64 571 | variables: 572 | PLATFORM_VER: "12" 573 | 574 | test:debian-12:aarch64: 575 | extends: .test:debian 576 | image: cincproject/omnibus-debian:12 577 | needs: 578 | - package:debian-12:aarch64 579 | tags: 580 | - docker-aarch64 581 | variables: 582 | PLATFORM_VER: "12" 583 | 584 | test:macos-11: 585 | extends: .test:macos 586 | needs: 587 | - package:macos-11 588 | tags: 589 | - macos-11 590 | variables: 591 | PLATFORM_VER: "11" 592 | 593 | test:macos-12: 594 | extends: .test:macos 595 | needs: 596 | - package:macos-12 597 | tags: 598 | - macos-12 599 | variables: 600 | PLATFORM_VER: "12" 601 | 602 | test:macos-12:aarch64: 603 | extends: .test:macos 604 | needs: 605 | - package:macos-12:aarch64 606 | tags: 607 | - macos-12-aarch64 608 | variables: 609 | PLATFORM_VER: "12" 610 | 611 | test:macos-13: 612 | extends: .test:macos 613 | needs: 614 | - package:macos-13 615 | tags: 616 | - macos-13 617 | variables: 618 | PLATFORM_VER: "13" 619 | 620 | test:macos-13:aarch64: 621 | extends: .test:macos 622 | needs: 623 | - package:macos-13:aarch64 624 | tags: 625 | - macos-13-aarch64 626 | variables: 627 | PLATFORM_VER: "13" 628 | 629 | test:opensuse-15:x86_64: 630 | extends: .test:opensuse 631 | image: cincproject/omnibus-opensuse:15 632 | needs: 633 | - package:opensuse-15:x86_64 634 | tags: 635 | - docker-x86_64 636 | variables: 637 | PLATFORM_VER: "15" 638 | 639 | test:opensuse-15:aarch64: 640 | extends: .test:opensuse 641 | image: cincproject/omnibus-opensuse:15 642 | needs: 643 | - package:opensuse-15:aarch64 644 | tags: 645 | - docker-aarch64 646 | variables: 647 | PLATFORM_VER: "15" 648 | 649 | test:rockylinux-8:x86_64: 650 | extends: .test:rockylinux 651 | image: cincproject/omnibus-rockylinux:8 652 | needs: 653 | - package:rockylinux-8:x86_64 654 | tags: 655 | - docker-x86_64 656 | variables: 657 | PLATFORM_VER: "8" 658 | 659 | test:rockylinux-8:aarch64: 660 | extends: .test:rockylinux 661 | image: cincproject/omnibus-rockylinux:8 662 | needs: 663 | - package:rockylinux-8:aarch64 664 | tags: 665 | - docker-aarch64 666 | variables: 667 | PLATFORM_VER: "8" 668 | 669 | test:rockylinux-9:x86_64: 670 | extends: .test:rockylinux 671 | image: cincproject/omnibus-rockylinux:9 672 | needs: 673 | - package:rockylinux-9:x86_64 674 | tags: 675 | - docker-x86_64 676 | variables: 677 | PLATFORM_VER: "9" 678 | 679 | test:rockylinux-9:aarch64: 680 | extends: .test:rockylinux 681 | image: cincproject/omnibus-rockylinux:9 682 | needs: 683 | - package:rockylinux-9:aarch64 684 | tags: 685 | - docker-aarch64 686 | variables: 687 | PLATFORM_VER: "9" 688 | 689 | test:ubuntu-18.04:x86_64: 690 | extends: .test:ubuntu 691 | image: cincproject/omnibus-ubuntu:18.04 692 | needs: 693 | - package:ubuntu-18.04:x86_64 694 | tags: 695 | - docker-x86_64 696 | variables: 697 | PLATFORM_VER: "18.04" 698 | 699 | test:ubuntu-18.04:aarch64: 700 | extends: .test:ubuntu 701 | image: cincproject/omnibus-ubuntu:18.04 702 | needs: 703 | - package:ubuntu-18.04:aarch64 704 | tags: 705 | - docker-aarch64 706 | variables: 707 | PLATFORM_VER: "18.04" 708 | 709 | test:ubuntu-20.04:x86_64: 710 | extends: .test:ubuntu 711 | image: cincproject/omnibus-ubuntu:20.04 712 | needs: 713 | - package:ubuntu-20.04:x86_64 714 | tags: 715 | - docker-x86_64 716 | variables: 717 | PLATFORM_VER: "20.04" 718 | 719 | test:ubuntu-20.04:aarch64: 720 | extends: .test:ubuntu 721 | image: cincproject/omnibus-ubuntu:20.04 722 | needs: 723 | - package:ubuntu-20.04:aarch64 724 | tags: 725 | - docker-aarch64 726 | variables: 727 | PLATFORM_VER: "20.04" 728 | 729 | test:ubuntu-22.04:x86_64: 730 | extends: .test:ubuntu 731 | image: cincproject/omnibus-ubuntu:22.04 732 | needs: 733 | - package:ubuntu-22.04:x86_64 734 | tags: 735 | - docker-x86_64 736 | variables: 737 | PLATFORM_VER: "22.04" 738 | 739 | test:ubuntu-22.04:aarch64: 740 | extends: .test:ubuntu 741 | image: cincproject/omnibus-ubuntu:22.04 742 | needs: 743 | - package:ubuntu-22.04:aarch64 744 | tags: 745 | - docker-aarch64 746 | variables: 747 | PLATFORM_VER: "22.04" 748 | 749 | test:sources: 750 | image: cincproject/docker-auditor 751 | stage: test 752 | needs: 753 | - package:source 754 | tags: 755 | - docker-x86_64 756 | script: 757 | - apk add bash outils-sha256 758 | - cinc-auditor exec test/integration/cinc-sources --no-distinct-exit --reporter cli junit:junit.xml 759 | artifacts: 760 | reports: 761 | junit: junit.xml 762 | 763 | test:windows-2012r2: 764 | extends: .test:windows 765 | needs: 766 | - package:windows-2012r2 767 | tags: 768 | - windows-x64-ucrt64 769 | variables: 770 | PLATFORM_VER: "2012r2" 771 | 772 | # Deploy stage 773 | 774 | .ssh-setup: 775 | before_script: 776 | - eval $(ssh-agent -s) 777 | - echo "${SSH_PRIVATE_KEY}" | tr -d '\r' | ssh-add - > /dev/null 778 | - mkdir -p ~/.ssh 779 | - chmod 700 ~/.ssh 780 | - echo "${SSH_KNOWN_HOSTS}" > ~/.ssh/known_hosts 781 | - chmod 644 ~/.ssh/known_hosts 782 | 783 | deploy: 784 | allow_failure: false 785 | stage: deploy 786 | extends: .ssh-setup 787 | # Only run if this is triggered from the web 788 | rules: 789 | - if: $CI_PIPELINE_SOURCE == "web" 790 | when: manual 791 | - when: never 792 | tags: 793 | - docker-x86_64 794 | dependencies: 795 | - package:source 796 | - package:amazonlinux-2023:x86_64 797 | - package:amazonlinux-2023:aarch64 798 | - package:centos-8:aarch64 799 | - package:centos-8:ppc64le 800 | - package:centos-8:x86_64 801 | - package:centos-8:s390x 802 | - package:centos-9:aarch64 803 | - package:centos-9:ppc64le 804 | - package:centos-9:x86_64 805 | - package:centos-9:s390x 806 | - package:debian-11:aarch64 807 | - package:debian-11:x86_64 808 | - package:debian-12:aarch64 809 | - package:debian-12:x86_64 810 | - package:macos-11 811 | - package:macos-12 812 | - package:macos-12:aarch64 813 | - package:macos-13 814 | - package:macos-13:aarch64 815 | - package:opensuse-15:aarch64 816 | - package:opensuse-15:x86_64 817 | - package:rockylinux-8:aarch64 818 | - package:rockylinux-8:x86_64 819 | - package:rockylinux-9:aarch64 820 | - package:rockylinux-9:x86_64 821 | - package:ubuntu-18.04:aarch64 822 | - package:ubuntu-18.04:x86_64 823 | - package:ubuntu-20.04:aarch64 824 | - package:ubuntu-20.04:x86_64 825 | - package:ubuntu-22.04:aarch64 826 | - package:ubuntu-22.04:x86_64 827 | - package:windows-2012r2 828 | script: 829 | - ssh cinc@${DOWNLOADS_HOST} "mkdir -p /data/incoming/files/${CHANNEL}/cinc/$(cat VERSION)" 830 | - ssh cinc@${DOWNLOADS_HOST} "mkdir -p /data/incoming/source/${CHANNEL}/cinc/" 831 | - rsync -avH --delete data/ cinc@${DOWNLOADS_HOST}:/data/incoming/files/${CHANNEL}/cinc/$(cat VERSION)/ 832 | - rsync -avH --delete source/ cinc@${DOWNLOADS_HOST}:/data/incoming/source/${CHANNEL}/cinc/ 833 | - ssh cinc@${DOWNLOADS_HOST} "chmod 755 /data/incoming/files/${CHANNEL}/cinc/$(cat VERSION)/" 834 | 835 | deploy:bio:linux: 836 | stage: deploy 837 | allow_failure: true 838 | rules: 839 | - if: $CI_PIPELINE_SOURCE == "web" 840 | when: manual 841 | - when: never 842 | extends: 843 | - .bio_setup 844 | tags: 845 | - docker-x86_64 846 | needs: 847 | - package:bio:linux 848 | - test:bio:linux 849 | script: 850 | - bio pkg upload results/*.hart 851 | 852 | # Publish stage 853 | 854 | publish: 855 | stage: publish 856 | extends: .ssh-setup 857 | dependencies: [] 858 | # Only run if this is triggered from the web 859 | rules: 860 | - if: $CI_PIPELINE_SOURCE == "web" 861 | when: on_success 862 | - when: never 863 | tags: 864 | - downloads 865 | script: 866 | - sudo mkdir -p /data/mirror/{files,source}/${CHANNEL}/cinc 867 | - sudo /usr/bin/rsync -avH /data/incoming/files/${CHANNEL}/cinc/ /data/mirror/files/${CHANNEL}/cinc/ 868 | - sudo /usr/bin/rsync -avH /data/incoming/source/${CHANNEL}/cinc/ /data/mirror/source/${CHANNEL}/cinc/ 869 | - sudo -E -u cinc /usr/local/bin/update-cinc-api 870 | - ssh -q cinc@${MIRROR_HOST} "~/sync-from-master" 871 | 872 | publish-gems: 873 | stage: publish 874 | # Only run if this is triggered from the web 875 | rules: 876 | - if: $CI_PIPELINE_SOURCE == "web" 877 | when: on_success 878 | - when: never 879 | tags: 880 | - docker-x86_64 881 | dependencies: 882 | - patch 883 | script: 884 | - ./publish-gems.sh 885 | 886 | publish-docker: 887 | image: docker:latest 888 | services: 889 | - docker:dind 890 | stage: publish 891 | # Only run if this is triggered from the web 892 | rules: 893 | - if: $CI_PIPELINE_SOURCE == "web" 894 | when: on_success 895 | - if: $CHANNEL == "unstable" 896 | when: never 897 | - when: never 898 | tags: 899 | - docker-x86_64 900 | dependencies: 901 | - patch 902 | # binaries required for script 903 | before_script: 904 | - apk add curl bash 905 | script: 906 | - bash docker.sh 907 | variables: 908 | DOCKER_TLS_CERTDIR: "/certs" 909 | 910 | publish:bio:linux: 911 | needs: 912 | - package:bio:linux 913 | - deploy:bio:linux 914 | extends: 915 | - .bio_setup 916 | allow_failure: true 917 | stage: publish 918 | tags: 919 | - docker-x86_64 920 | rules: 921 | - if: $CI_PIPELINE_SOURCE == "web" 922 | when: on_success 923 | - when: never 924 | script: 925 | - bio pkg install core/jq-static -b 926 | - export PKG=$(bio pkg info results/*.hart -j | jq -r '[.origin,.name,.version,.release] | join("/")') 927 | - bio pkg promote $PKG $CHANNEL 928 | 929 | .cleanup: 930 | stage: cleanup 931 | dependencies: [] 932 | variables: 933 | GIT_CHECKOUT: "false" 934 | when: always 935 | script: 936 | - sudo rm -rf chef/ 937 | - sudo rm -rf ${CI_PROJECT_DIR}/cinc-project/distribution/client/ 938 | 939 | cleanup:macos-11: 940 | extends: .cleanup 941 | tags: 942 | - macos-11 943 | 944 | cleanup:macos-12: 945 | extends: .cleanup 946 | tags: 947 | - macos-12 948 | 949 | cleanup:macos-12-aarch64: 950 | extends: .cleanup 951 | tags: 952 | - macos-12-aarch64 953 | 954 | cleanup:macos-13: 955 | extends: .cleanup 956 | tags: 957 | - macos-13 958 | 959 | cleanup:macos-13-aarch64: 960 | extends: .cleanup 961 | tags: 962 | - macos-13-aarch64 963 | -------------------------------------------------------------------------------- /.gitlab/package.yml: -------------------------------------------------------------------------------- 1 | --- 2 | .package: 3 | stage: package 4 | needs: 5 | - patch 6 | script: 7 | - ./build.sh 8 | - cd chef/omnibus 9 | - mkdir ${CI_PROJECT_DIR}/data 10 | - mv -v pkg/cinc* ${CI_PROJECT_DIR}/data/ 11 | - cp ../VERSION ${CI_PROJECT_DIR}/ 12 | cache: 13 | paths: 14 | - cache/* 15 | - bundle/vendor/* 16 | artifacts: 17 | expire_in: 1mo 18 | paths: 19 | - data/* 20 | - VERSION 21 | 22 | .package:amazonlinux: 23 | extends: .package 24 | after_script: 25 | - mkdir -p ${CI_PROJECT_DIR}/data/amazon/${PLATFORM_VER} 26 | - mv -v ${CI_PROJECT_DIR}/data/*.{rpm,json} ${CI_PROJECT_DIR}/data/amazon/${PLATFORM_VER}/ 27 | 28 | .package:centos: 29 | extends: .package 30 | after_script: 31 | - mkdir -p ${CI_PROJECT_DIR}/data/el/${PLATFORM_VER} 32 | - mv -v ${CI_PROJECT_DIR}/data/*.{rpm,json} ${CI_PROJECT_DIR}/data/el/${PLATFORM_VER}/ 33 | 34 | .package:debian: 35 | extends: .package 36 | after_script: 37 | - mkdir -p ${CI_PROJECT_DIR}/data/debian/${PLATFORM_VER} 38 | - mv -v ${CI_PROJECT_DIR}/data/*.{deb,json} ${CI_PROJECT_DIR}/data/debian/${PLATFORM_VER}/ 39 | 40 | .package:macos: 41 | extends: .package 42 | before_script: 43 | - curl -fsSL https://omnitruck.cinc.sh/install.sh | sudo -E bash -s -- -c "stable" -P "cinc-foundation" -v "${CINC_FOUNDATION_VERSION}" 44 | script: 45 | - source /Users/omnibus/load-omnibus-toolchain.sh 46 | - bash caching.sh 47 | - cd chef/omnibus 48 | - bundle config set --local path ${CI_PROJECT_DIR}/bundle/vendor 49 | - bundle config set --local without 'development' 50 | - bundle install 51 | - sudo rm -rf /var/cache/omnibus/pkg/* 52 | - sudo -E bundle exec omnibus build cinc -l ${OMNIBUS_LOG_LEVEL} --override append_timestamp:false 53 | - mkdir -p ${CI_PROJECT_DIR}/data/mac_os_x/${PLATFORM_VER} 54 | - sudo chown -R omnibus:omnibus pkg 55 | - mv -v pkg/cinc*dmg* ${CI_PROJECT_DIR}/data/mac_os_x/${PLATFORM_VER}/ 56 | - cp ../VERSION ${CI_PROJECT_DIR}/ 57 | after_script: 58 | - sudo chown -R omnibus cache/ bundle/ 59 | - sudo rm -rf /opt/cinc/ '/Applications/Cinc Foundation.app' 60 | - sudo pkgutil --forget com.cinc-project.pkg.cinc-foundation 61 | variables: 62 | OMNIBUS_FIPS_MODE: "false" 63 | 64 | .package:opensuse: 65 | extends: .package 66 | after_script: 67 | - mkdir -p ${CI_PROJECT_DIR}/data/sles/${PLATFORM_VER} 68 | - mv -v ${CI_PROJECT_DIR}/data/*.{rpm,json} ${CI_PROJECT_DIR}/data/sles/${PLATFORM_VER}/ 69 | 70 | .package:rockylinux: 71 | extends: .package 72 | after_script: 73 | - mkdir -p ${CI_PROJECT_DIR}/data/rocky/${PLATFORM_VER} 74 | - mv -v ${CI_PROJECT_DIR}/data/*.{rpm,json} ${CI_PROJECT_DIR}/data/rocky/${PLATFORM_VER}/ 75 | 76 | .package:windows: 77 | extends: .package 78 | before_script: 79 | - "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12" 80 | - . { Invoke-WebRequest -useb https://omnitruck.cinc.sh/install.ps1 } | Invoke-Expression; install -channel "stable" -project "cinc-foundation" -version "${CINC_FOUNDATION_VERSION}" 81 | script: 82 | - $ErrorActionPreference = "Stop" 83 | - C:\omnibus\load-omnibus-toolchain.ps1 84 | - bash caching.sh 85 | - cd chef\omnibus 86 | - bundle config set --local path ${CI_PROJECT_DIR}/bundle/vendor 87 | - bundle config set --local without 'development' 88 | - bundle install 89 | - bundle exec omnibus build cinc -l ${OMNIBUS_LOG_LEVEL} --override append_timestamp:false 90 | - mkdir.exe -p ${CI_PROJECT_DIR}/data/windows/${PLATFORM_VER} 91 | - mv.exe -v pkg/cinc* ${CI_PROJECT_DIR}/data/windows/${PLATFORM_VER} 92 | - cp.exe ../VERSION ${CI_PROJECT_DIR}/ 93 | after_script: 94 | - $ErrorActionPreference = "Stop" 95 | - $application = Get-WmiObject -Class Win32_Product -Filter "Name = 'Cinc Foundation v${CINC_FOUNDATION_VERSION}'" 96 | - $application.Uninstall() 97 | - Remove-Item -Recurse -Force C:\cinc-project 98 | 99 | .package:ubuntu: 100 | extends: .package 101 | after_script: 102 | - mkdir -p ${CI_PROJECT_DIR}/data/ubuntu/${PLATFORM_VER} 103 | - mv -v ${CI_PROJECT_DIR}/data/*.{deb,json} ${CI_PROJECT_DIR}/data/ubuntu/${PLATFORM_VER}/ 104 | -------------------------------------------------------------------------------- /.gitlab/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | .test: 3 | stage: test 4 | script: 5 | - /opt/cinc/bin/cinc-auditor exec test/integration/cinc-tests --no-distinct-exit --reporter cli junit:junit.xml 6 | artifacts: 7 | reports: 8 | junit: junit.xml 9 | 10 | .test:amazonlinux: 11 | extends: .test 12 | before_script: 13 | - yum -y install data/amazon/${PLATFORM_VER}/cinc*.rpm 14 | after_script: 15 | - yum -y remove cinc 16 | 17 | .test:centos: 18 | extends: .test 19 | before_script: 20 | - yum -y install data/el/${PLATFORM_VER}/cinc*.rpm 21 | after_script: 22 | - yum -y remove cinc 23 | 24 | .test:debian: 25 | extends: .test 26 | before_script: 27 | - dpkg -i data/debian/${PLATFORM_VER}/cinc*.deb 28 | after_script: 29 | - apt-get -y remove cinc 30 | 31 | .test:macos: 32 | extends: .test 33 | script: 34 | - sudo scripts/install-cinc-macos.sh 35 | - sudo /opt/cinc/bin/cinc-auditor exec test/integration/cinc-tests --no-distinct-exit --reporter cli junit:junit.xml 36 | - sudo scripts/uninstall-cinc-macos.sh 37 | artifacts: 38 | reports: 39 | junit: junit.xml 40 | 41 | .test:opensuse: 42 | extends: .test 43 | before_script: 44 | - rpm -iU data/sles/${PLATFORM_VER}/cinc*.rpm 45 | 46 | .test:rockylinux: 47 | extends: .test 48 | before_script: 49 | - yum -y install data/rocky/${PLATFORM_VER}/cinc*.rpm 50 | after_script: 51 | - yum -y remove cinc 52 | 53 | .test:ubuntu: 54 | extends: .test 55 | before_script: 56 | - dpkg -i data/ubuntu/${PLATFORM_VER}/cinc*.deb 57 | after_script: 58 | - apt-get -y remove cinc 59 | 60 | .test:windows: 61 | stage: test 62 | before_script: 63 | - ./scripts/install-cinc.ps1 64 | tags: 65 | - windows-x64-package-testing 66 | script: 67 | - $ErrorActionPreference = "Stop" 68 | - $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User") 69 | - echo $env:PATH 70 | - cinc-auditor.bat exec test\integration\cinc-tests --no-distinct-exit --reporter cli junit:junit.xml 71 | artifacts: 72 | reports: 73 | junit: junit.xml 74 | after_script: 75 | - ./scripts/uninstall-cinc.ps1 76 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2019 Cinc Project 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | Cinc-client is a FOSS distribution of Chef Infra™ client, licensed under Apache-2.0. 3 | 4 | This repo contains all the required pipeline code to output functional builds of of the Chef Infra™ codebase under the rebranded name Cinc Client, designed to be compliant with Chef Software's [Policy on Trademarks](https://www.chef.io/trademark-policy/) 5 | 6 | ## Functioning 7 | 8 | We use gitlab-ci. In our [fork of chef/chef](https://gitlab.com/cinc-project/upstream/chef) we maintain a branch named `stable/cinc`. This branch hosts a handful of commits required to rebrand the original code. When the pipeline runs, it clones a fresh copy of the upstream repository, merges in `stable/cinc` and executes the omnibus build. 9 | 10 | We run builds for a variety of operating systems: 11 | - Ubuntu 18.04+ 12 | - Centos 7+ 13 | - Debian 9+ 14 | - Opensuse 15 15 | - Windows 2012r2+ 16 | - MacOS 10.14+ 17 | 18 | To build: go to pipelines and launch a pipeline on branch master, add a variable `ORIGIN` with which source you want to use (default to https://github.com/chef/chef on master branch) 19 | To use a specific branch or a PR as source, find the branch and source of the PR and use `-b https://github.com//chef` as value 20 | 21 | ## Getting started with Cinc 22 | 23 | See the [quick start](https://www.cinc.sh/quickstart/) section of our website, or jump directly to [downloads](http://downloads.cinc.sh/files/stable/cinc/). 24 | 25 | ## Contributing 26 | 27 | See the [contributing section of our website](https://www.cinc.sh/contributing/) 28 | 29 | # Authors 30 | 31 | The Cinc Project 32 | 33 | Originally written by [Tensibai Zhaoying](mailto:tensibai@iabis.net) 34 | 35 | Contributions by [Lance Albertson](lance@osuosl.org), [Artem Sidorenko](artem@posteo.de) and [Marc Chamberland](chamberland.marc@gmail.com) 36 | 37 | ## License and copyright 38 | 39 | Copyrights Cinc Project 40 | 41 | Licensed under the Apache License, Version 2.0 (the "License"); 42 | you may not use this file except in compliance with the License. 43 | You may obtain a copy of the License at 44 | 45 | http://www.apache.org/licenses/LICENSE-2.0 46 | 47 | Unless required by applicable law or agreed to in writing, software 48 | distributed under the License is distributed on an "AS IS" BASIS, 49 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 50 | See the License for the specific language governing permissions and 51 | limitations under the License. 52 | -------------------------------------------------------------------------------- /build-source.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Author:: Antonio Terceiro 4 | # Copyright:: Copyright 2020, Cinc Project 5 | # License:: Apache License, Version 2.0 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | 19 | set -eu 20 | 21 | # Positional parameters: 22 | # $1 = cinc product short name [cinc|cinc-auditor|cinc-workstation] 23 | # $2 = $1's upstream counterpart repository name on disk [chef|inspec|chef-workstation] 24 | product=$1 25 | upstream_product=$2 26 | 27 | TOP_DIR="$(pwd)" 28 | export CI_PROJECT_DIR=${CI_PROJECT_DIR:-${TOP_DIR}} 29 | 30 | set -x 31 | 32 | version=$(cat chef/VERSION) 33 | destdir="${CI_PROJECT_DIR}/source/" 34 | tarball="${product}-${version}.tar.xz" 35 | mkdir -p "${destdir}" 36 | 37 | cp README.md ${upstream_product}/README.cinc 38 | cd $upstream_product 39 | git archive --prefix=${product}-${version}/ HEAD | xz > ${destdir}/${tarball} 40 | cd $destdir 41 | sha256sum $tarball > $tarball.sha256sum 42 | sha512sum $tarball > $tarball.sha512sum 43 | -------------------------------------------------------------------------------- /build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # 3 | # Author:: Lance Albertson 4 | # Copyright:: Copyright 2020, Cinc Project 5 | # License:: Apache License, Version 2.0 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | 19 | TOP_DIR="$(pwd)" 20 | export CI_PROJECT_DIR=${CI_PROJECT_DIR:-${TOP_DIR}} 21 | source /home/omnibus/load-omnibus-toolchain.sh 22 | set -ex 23 | bash caching.sh 24 | curl -fsSL https://omnitruck.cinc.sh/chef/install.sh | \ 25 | bash -s -- -c "stable" -P "cinc-foundation" -v "${CINC_FOUNDATION_VERSION:-3}" 26 | cd chef/omnibus 27 | bundle config set --local path ${CI_PROJECT_DIR}/bundle/vendor 28 | bundle config set --local without 'development' 29 | bundle install 30 | bundle exec omnibus build cinc -l ${OMNIBUS_LOG_LEVEL:-info} --override append_timestamp:false 31 | -------------------------------------------------------------------------------- /caching.sh: -------------------------------------------------------------------------------- 1 | # Author:: Lance Albertson 2 | # Copyright:: Copyright 2021, Cinc Project 3 | # License:: Apache License, Version 2.0 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | TOP_DIR="$(pwd)" 18 | export CI_PROJECT_DIR=${CI_PROJECT_DIR:-${TOP_DIR}} 19 | echo "cache_dir '${CI_PROJECT_DIR}/cache'" >> chef/omnibus/omnibus.rb 20 | mkdir -p ${CI_PROJECT_DIR}/cache 21 | if [ "${GIT_CACHE}" == "true" ] ; then 22 | mkdir -p ${CI_PROJECT_DIR}/cache/git_cache 23 | echo "git_cache_dir '${CI_PROJECT_DIR}/cache/git_cache'" >> chef/omnibus/omnibus.rb 24 | echo "use_git_caching true" >> chef/omnibus/omnibus.rb 25 | else 26 | echo "git cache has been disabled" 27 | fi 28 | -------------------------------------------------------------------------------- /docker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # 3 | # Author:: Lance Albertson 4 | # Copyright:: Copyright 2020, Cinc Project 5 | # License:: Apache License, Version 2.0 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | cat << EOF > /tmp/docker-token 19 | $DOCKER_TOKEN 20 | EOF 21 | cat /tmp/docker-token | docker login --username $DOCKER_USERNAME --password-stdin 22 | rm -rf /tmp/docker-token 23 | cd chef 24 | 25 | VERSION="$(cat VERSION)" 26 | MAJ="$(cat VERSION | cut -d '.' -f 1)" 27 | MIN="$(cat VERSION | cut -d '.' -f 2)" 28 | # Point directly to OSUOSL master mirror 29 | URL="https://ftp-osl.osuosl.org/pub/cinc/files/${CHANNEL}/cinc/${VERSION}/el/8/cinc-${VERSION}-1.el8.x86_64.rpm" 30 | COUNT=0 31 | SLEEP=10 32 | MAX_COUNT=300 33 | 34 | # The Dockerfile pulls a built rpm from a URL instead of using the source. The 35 | # following ensures that we wait until the RPM has been deployed onto our 36 | # mirrors. By default, it will try the URL, wait 10 seconds if it fails and keep 37 | # doing that for 5 minutes. If nothing happens within those five minutes, then 38 | # something is obviously wrong and exits with 1. 39 | while [ ${COUNT} -le ${MAX_COUNT} ] ; do 40 | if [ ${COUNT} -ge ${MAX_COUNT} ] ; then 41 | echo "Exceeded ${MAX_COUNT} seconds, giving up..." 42 | exit 1 43 | fi 44 | curl --output /dev/null --silent --head --fail "$URL" 45 | STATUS=$? 46 | if [ "${STATUS}" -eq 0 ] ; then 47 | echo "${URL} ready!" 48 | break 49 | else 50 | echo "${URL} is not ready, waiting for ${SLEEP} seconds... (${COUNT}/${MAX_COUNT})" 51 | sleep ${SLEEP} 52 | COUNT=`expr ${COUNT} + ${SLEEP}` 53 | fi 54 | done 55 | 56 | set -x 57 | docker build --pull --no-cache -t cincproject/cinc:${VERSION} . 58 | # If we're building a current channel build, then tag appropriately 59 | if [ "${CHANNEL}" == "current" ] ; then 60 | docker tag cincproject/cinc:${VERSION} cincproject/cinc:current 61 | docker push cincproject/cinc:current 62 | else 63 | docker tag cincproject/cinc:${VERSION} cincproject/cinc:latest 64 | docker tag cincproject/cinc:${VERSION} cincproject/cinc:${MAJ}.${MIN} 65 | docker tag cincproject/cinc:${VERSION} cincproject/cinc:${MAJ} 66 | docker push cincproject/cinc:latest 67 | docker push cincproject/cinc:${MAJ}.${MIN} 68 | docker push cincproject/cinc:${MAJ} 69 | fi 70 | docker push cincproject/cinc:${VERSION} 71 | rm -rf ${HOME}/.docker 72 | -------------------------------------------------------------------------------- /patch.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # 3 | # Author:: Lance Albertson 4 | # Copyright:: Copyright 2019-2020, Cinc Project 5 | # License:: Apache License, Version 2.0 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | 19 | # This will patch Chef using Cinc branded patches 20 | git_patch() { 21 | if [ -n "${2}" ] ; then 22 | CINC_BRANCH="${2}" 23 | elif [ "${REF}" == "main" -o -z "${REF}" ] ; then 24 | CINC_BRANCH="stable/cinc" 25 | else 26 | CINC_BRANCH="stable/cinc-${REF}" 27 | fi 28 | echo "Patching ${1} from ${CINC_BRANCH}..." 29 | git remote add -f --no-tags -t ${CINC_BRANCH} cinc https://gitlab.com/cinc-project/upstream/${1}.git 30 | git merge --no-edit cinc/${CINC_BRANCH} 31 | } 32 | 33 | TOP_DIR="$(pwd)" 34 | source /home/omnibus/load-omnibus-toolchain.sh 35 | set -ex 36 | # remove any previous builds 37 | rm -rf chef omnibus-software 38 | git config --global user.email || git config --global user.email "maintainers@cinc.sh" 39 | echo "Cloning ${REF:-main} branch from ${ORIGIN:-https://github.com/chef/chef.git}" 40 | git clone -q -b ${REF:-main} ${ORIGIN:-https://github.com/chef/chef.git} 41 | cd chef 42 | git_patch chef ${CINC_REF} 43 | cd $TOP_DIR 44 | 45 | echo "Updating Gemfile.lock" 46 | cd chef 47 | gem install -N bundler:2.3.7 48 | bundle lock 49 | echo "Commit the new Gemfile.lock" 50 | git add Gemfile.lock 51 | git commit -m 'Update Gemfile.lock to handle cinc-auditor' 52 | rm results/*.hart || true # Cleanup previous builds hart packages and ignore no files error 53 | -------------------------------------------------------------------------------- /publish-gems.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # 3 | # Author:: Lance Albertson 4 | # Copyright:: Copyright 2020, Cinc Project 5 | # License:: Apache License, Version 2.0 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | 19 | TOP_DIR="$(pwd)" 20 | export PATH="/opt/omnibus-toolchain/embedded/bin/:${PATH}" 21 | 22 | source /home/omnibus/load-omnibus-toolchain.sh 23 | set -x 24 | cd ${TOP_DIR}/chef/chef-utils 25 | gem build chef-utils.gemspec 26 | # chef gem requires chef-utils to build the gems 27 | gem install -N chef-utils-[0-9]*.gem 28 | cd ${TOP_DIR}/chef 29 | gem build chef.gemspec 30 | gem build chef-universal-mingw-ucrt.gemspec 31 | cd ${TOP_DIR}/chef/chef-bin 32 | gem build chef-bin.gemspec 33 | cd ${TOP_DIR}/chef/chef-config 34 | gem build chef-config.gemspec 35 | cd $TOP_DIR/chef 36 | VERSION="$(cat VERSION)" 37 | gem push chef-${VERSION}.gem --host https://rubygems.cinc.sh 38 | gem push chef-${VERSION}-x64-mingw-ucrt.gem --host https://rubygems.cinc.sh 39 | gem push chef-bin/chef-bin-${VERSION}.gem --host https://rubygems.cinc.sh 40 | gem push chef-config/chef-config-${VERSION}.gem --host https://rubygems.cinc.sh 41 | gem push chef-utils/chef-utils-${VERSION}.gem --host https://rubygems.cinc.sh 42 | -------------------------------------------------------------------------------- /scripts/install-biome.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh -ex 2 | wget -q -O /tmp/bio.tar.gz https://github.com/biome-sh/biome/releases/download/v1.6.821/bio-1.6.821-x86_64-linux.tar.gz 3 | tar -C /usr/bin -xvf /tmp/bio.tar.gz 4 | rm -f /tmp/bio.tar.gz 5 | chmod +x /usr/bin/bio 6 | bio --version 7 | bio origin key download --secret cincproject 8 | bio origin key download cincproject 9 | -------------------------------------------------------------------------------- /scripts/install-cinc-macos.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -ex 3 | hdiutil attach $(find data -name '*.dmg') 4 | sudo installer -package "$(find "/Volumes/Cinc Client/" -name '*.pkg')" -target / 5 | hdiutil detach "/Volumes/Cinc Client/" 6 | -------------------------------------------------------------------------------- /scripts/install-cinc.ps1: -------------------------------------------------------------------------------- 1 | $ErrorActionPreference = "Stop" 2 | if (Test-Path C:\cinc-project) { 3 | Write-Host "Found existing directory C:\cinc-project, removing.." 4 | Remove-Item -Recurse -Force C:\cinc-project 5 | } 6 | Write-Host "Finding MSI..." 7 | $msi = gci -recurse -filter '*.msi' $env:CI_PROJECT_DIR/data/windows/ | select -expand FullName 8 | Write-Host "Found MSI at $msi, installing..." 9 | $p = Start-Process -FilePath "msiexec.exe" -ArgumentList "/qn /i $msi" -Passthru -Wait -NoNewWindow 10 | $p.WaitForExit() 11 | if ($p.ExitCode -ne 0) { 12 | throw "msiexec was not successful. Received exit code $($p.ExitCode)" 13 | } 14 | if (Test-Path C:\cinc-project) { 15 | Write-Host "MSI Installed successfully!" 16 | } else { 17 | throw "MSI was installed however C:\cinc-project does not exist" 18 | } 19 | -------------------------------------------------------------------------------- /scripts/uninstall-cinc-macos.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ $(osascript -e 'application "Cinc Client" is running') = 'true' ]; then 4 | echo "Closing Cinc Client..." 5 | sudo osascript -e 'quit app "Cinc Client"' > /dev/null 2>&1; 6 | fi 7 | echo "Uninstalling Cinc Client..." 8 | echo " -> Removing files..." 9 | sudo rm -rf '/opt/cinc' 10 | sudo rm -rf '/Applications/Cinc Client.app' 11 | echo " -> Removing binary links in /usr/local/bin..." 12 | sudo find /usr/local/bin -lname '/opt/cinc/*' -delete 13 | echo " -> Forgeting com.cinc-project.pkg.cinc package..." 14 | sudo pkgutil --forget com.cinc-project.pkg.cinc > /dev/null 2>&1; 15 | echo "Cinc Client Uninstalled." 16 | -------------------------------------------------------------------------------- /scripts/uninstall-cinc.ps1: -------------------------------------------------------------------------------- 1 | $ErrorActionPreference = "Stop" 2 | Write-Host "Finding MSI..." 3 | $msi = gci -recurse -filter '*.msi' $env:CI_PROJECT_DIR/data/windows/ | select -expand FullName 4 | Write-Host "Found MSI at $msi, uninstalling..." 5 | $p = Start-Process -FilePath "msiexec.exe" -ArgumentList "/qn /x $msi" -Passthru -Wait -NoNewWindow 6 | $p.WaitForExit() 7 | if ($p.ExitCode -ne 0) { 8 | throw "msiexec was not successful. Received exit code $($p.ExitCode)" 9 | } 10 | if (Test-Path C:\cinc-project) { 11 | throw "MSI was uninstalled however C:\cinc-project still exists" 12 | } else { 13 | Write-Host "MSI Uninstalled successfully!" 14 | } 15 | -------------------------------------------------------------------------------- /test/integration/cinc-sources/README.md: -------------------------------------------------------------------------------- 1 | # Cinc sources inspec profile 2 | 3 | This profile ensure cinc sources tarball have been made properly and still match their checksum. 4 | -------------------------------------------------------------------------------- /test/integration/cinc-sources/controls/source_spec.rb: -------------------------------------------------------------------------------- 1 | control 'Validate source tarballs' do 2 | impact 1.0 3 | title 'Ensure source tarball are correct' 4 | desc 'Ensure the tarballs match their respective shasum' 5 | 6 | describe command 'bash -c "cd source/ && sha256sum -c cinc-[0-9]*.tar.xz.sha256sum"' do 7 | its('exit_status') { should eq 0 } 8 | its('stdout') { should match /OK$/ } 9 | end 10 | describe command 'bash -c "cd source/ && sha512sum -c cinc-[0-9]*.tar.xz.sha512sum"' do 11 | its('exit_status') { should eq 0 } 12 | its('stdout') { should match /OK$/ } 13 | end 14 | end 15 | -------------------------------------------------------------------------------- /test/integration/cinc-sources/inspec.lock: -------------------------------------------------------------------------------- 1 | --- 2 | lockfile_version: 1 3 | depends: [] 4 | -------------------------------------------------------------------------------- /test/integration/cinc-sources/inspec.yml: -------------------------------------------------------------------------------- 1 | name: cinc-sources 2 | title: Cinc sourecs validation 3 | maintainer: Cinc maintainers 4 | copyright: Cinc Maintainerss 5 | copyright_email: maintainersàcinc.sh 6 | license: Apache-2.0 7 | summary: Validate source files tarballs are matching their checksums 8 | version: 0.1.0 9 | supports: 10 | platform: os -------------------------------------------------------------------------------- /test/integration/cinc-tests/README.md: -------------------------------------------------------------------------------- 1 | # Cinc trademark validation 2 | 3 | This profile implement multiple tests to ensure our builds of chef-client are trademark free and matching expectations. 4 | -------------------------------------------------------------------------------- /test/integration/cinc-tests/controls/executables.rb: -------------------------------------------------------------------------------- 1 | title 'Cinc executables' 2 | 3 | control 'Common tests for all platforms' do 4 | impact 1.0 5 | title 'Validate basic functionality on all platforms' 6 | desc 'Common test to all platforms' 7 | 8 | describe command 'cinc-client --version' do 9 | its('exit_status') { should eq 0 } 10 | its('stdout') { should match /^Cinc Client:/ } 11 | end 12 | 13 | describe command 'cinc-solo --version' do 14 | its('exit_status') { should eq 0 } 15 | its('stdout') { should match /^Cinc Client:/ } 16 | end 17 | 18 | describe command 'cinc-apply --version' do 19 | its('exit_status') { should eq 0 } 20 | end 21 | 22 | describe command 'cinc-shell --version' do 23 | its('exit_status') { should eq 0 } 24 | end 25 | 26 | describe command 'ohai --version' do 27 | its('exit_status') { should eq 0 } 28 | end 29 | end 30 | 31 | control 'cinc-*nix' do 32 | impact 1.0 33 | title 'Validate executables outputs on linux and mac' 34 | desc 'Outputs should not contain trademarks on linux or mac' 35 | only_if { os.family != 'windows' } 36 | 37 | describe command 'chef-client --version' do 38 | its('exit_status') { should eq 0 } 39 | its('stderr') { should match /^Redirecting to cinc-client/ } 40 | its('stdout') { should match /^Cinc Client:/ } 41 | end 42 | 43 | describe command 'chef-solo -l info -o ""' do 44 | its('exit_status') { should eq 0 } 45 | its('stderr') { should match /^Redirecting to cinc-solo/ } 46 | its('stdout') { should match /Cinc Zero/ } 47 | its('stdout') { should match /Cinc Client/ } 48 | its('stdout') { should match /Cinc-client/ } 49 | its('stdout') { should match %r{/var/cinc} } 50 | its('stdout') { should_not match /Chef Infra Zero/ } 51 | its('stdout') { should_not match /Chef Infra Client/ } 52 | its('stdout') { should_not match /Chef-client/ } 53 | its('stdout') { should_not match %r{/etc/chef/client.rb} } 54 | its('stdout') { should_not match %r{/var/chef} } 55 | end 56 | 57 | describe command '/opt/cinc/embedded/bin/cinc-zero --version' do 58 | its('exit_status') { should eq 0 } 59 | end unless ENV['HAB_TEST'] 60 | 61 | describe command '/opt/cinc/bin/cinc-auditor version' do 62 | its('exit_status') { should eq 0 } 63 | end 64 | 65 | describe command '/opt/cinc/bin/cinc-auditor detect' do 66 | its('exit_status') { should eq 0 } 67 | end 68 | 69 | describe command '/opt/cinc/bin/inspec version' do 70 | its('exit_status') { should eq 0 } 71 | its('stderr') { should match /^Redirecting to cinc-auditor/ } 72 | end 73 | end 74 | -------------------------------------------------------------------------------- /test/integration/cinc-tests/controls/fips_mode.rb: -------------------------------------------------------------------------------- 1 | title 'Check fips mode' 2 | # FIPS is not supported on MacOS, aarch64 and ppc64le 3 | control 'Validate fips mode' do 4 | impact 1.0 5 | title 'Test calling OpenSSL.fips_mode' 6 | desc 'Test that fips modes is enabled on supported os and architectures' 7 | # Windows currently disabled due to: 8 | # https://discourse.chef.io/t/chef-infra-client-18-0-169-released/21570#known-issues-5 9 | only_if { os.family != 'darwin' && os.arch != 'aarch64' && os.family != 'windows'} 10 | 11 | ruby_path = '/opt/cinc/embedded/bin/ruby' 12 | # Overwrite the ruby_path if we're under windows 13 | ruby_path = 'C:\cinc-project\cinc\embedded\bin\ruby.exe' if os.family == 'windows' 14 | 15 | describe command "#{ruby_path} -ropenssl -e 'puts OpenSSL.fips_mode'" do 16 | its('exit_status') { should eq 0 } 17 | its('stdout') { should match /false/ } 18 | end 19 | 20 | describe command "#{ruby_path} -ropenssl -e 'puts OpenSSL.fips_mode=true'" do 21 | its('exit_status') { should eq 0 } 22 | its('stdout') { should match /true/ } 23 | end 24 | end 25 | -------------------------------------------------------------------------------- /test/integration/cinc-tests/controls/win-executables.rb: -------------------------------------------------------------------------------- 1 | title 'Windows Cinc executables' 2 | 3 | control 'cinc-windows' do 4 | impact 1.0 5 | title 'Validate executables outputs on Windows' 6 | desc 'Outputs should not contain trademarks on Windows' 7 | only_if { os.family == 'windows' } 8 | 9 | describe command %q(cinc-solo -l info -o '""') do 10 | its('exit_status') { should eq 0 } 11 | its('stdout') { should match /Cinc Zero/ } 12 | its('stdout') { should match /Cinc Client/ } 13 | its('stdout') { should match /Cinc-client/ } 14 | its('stdout') { should_not match /Chef Infra Zero/ } 15 | its('stdout') { should_not match /Chef Infra Client/ } 16 | its('stdout') { should_not match /Chef-client/ } 17 | its('stdout') { should match %r{C:/cinc/client.rb.} } 18 | its('stdout') { should match %r{C:/cinc} } 19 | its('stdout') { should_not match %r{C:/chef/client.rb} } 20 | its('stdout') { should_not match %r{C:/chef} } 21 | end 22 | 23 | describe command 'C:\cinc-project\cinc\embedded\bin\cinc-zero.bat --version' do 24 | its('exit_status') { should eq 0 } 25 | end 26 | 27 | describe command 'cinc-auditor.bat version' do 28 | its('exit_status') { should eq 0 } 29 | end 30 | 31 | describe command 'cinc-auditor.bat detect' do 32 | its('exit_status') { should eq 0 } 33 | end 34 | 35 | describe command 'chef-client --version' do 36 | its('exit_status') { should eq 0 } 37 | # its('stderr') { should match /^Redirecting to cinc-client/ } # Train bug https://github.com/inspec/train/issues/288 38 | its('stdout') { should match /^Cinc Client:/ } 39 | end 40 | 41 | describe command %q(chef-solo -l info) do # No -o as escaping with wrapper in inspec under windows is a hell 42 | its('exit_status') { should eq 0 } 43 | # its('stderr') { should match /^Redirecting to cinc-solo/ } # Train bug https://github.com/inspec/train/issues/288 44 | its('stdout') { should match /Cinc Zero/ } 45 | its('stdout') { should match /Cinc Client/ } 46 | its('stdout') { should match /Cinc-client/ } 47 | its('stdout') { should_not match /Chef Infra Zero/ } 48 | its('stdout') { should_not match /Chef Infra Client/ } 49 | its('stdout') { should_not match /Chef-client/ } 50 | its('stdout') { should match %r{C:/cinc/client.rb.} } 51 | its('stdout') { should match %r{C:/cinc} } 52 | its('stdout') { should_not match %r{C:/chef/client.rb} } 53 | its('stdout') { should_not match %r{C:/chef} } 54 | end 55 | 56 | describe command 'inspec version' do 57 | its('exit_status') { should eq 0 } 58 | # its('stderr') { should match /^Redirecting to cinc-auditor/ } 59 | end 60 | end 61 | -------------------------------------------------------------------------------- /test/integration/cinc-tests/inspec.lock: -------------------------------------------------------------------------------- 1 | --- 2 | lockfile_version: 1 3 | depends: [] 4 | -------------------------------------------------------------------------------- /test/integration/cinc-tests/inspec.yml: -------------------------------------------------------------------------------- 1 | name: cinc-tests 2 | title: Cinc trademark validation 3 | maintainer: Cinc maintainers 4 | copyright: Cinc Maintainerss 5 | copyright_email: maintainersàcinc.sh 6 | license: Apache-2.0 7 | summary: Validate cinc binaries outputs and others executable 8 | version: 0.1.0 9 | supports: 10 | platform: os --------------------------------------------------------------------------------