(BOLT-1040) Build puppet-bolt on osx with homebrew formulas as non-root

[donoghuc]

Previously bolt was being packaged with an outdated snapshot of homebrew that did not require non-root user during build process. This commit uses updated homebrew formulas by setting up a non-root user for packaging. See https://tickets.puppetlabs.com/browse/PA-2334 for upstream puppet-agent work.

[donoghuc]

In order to test I ran an experimental pipeline for bolt based on https://github.com/puppetlabs/ci-job-configs/pull/5498 link: https://jenkins-master-prod-1.delivery.puppetlabs.net/view/__experimental%20automatic/job/experimental_auto_bolt-runtime_runtime-vanagon-component-promotion_master/1/

That published artifact to http://builds.delivery.puppetlabs.net/puppet-runtime/201901130/artifacts/ Then I manually changed the ref in configs/components/puppet-runtime.json to the following {"location":"http://builds.delivery.puppetlabs.net/puppet-runtime/201901130/artifacts/","version":"201901130"} I built it locally with:

bundle exec build puppet-bolt osx-10.14-x86_64

And installed .dmg manually at ieca2t28v5xkx3q.delivery.puppetlabs.net

cas@cas-ThinkPad-T460p:~/working_dir/bolt-vanagon-1$ scp output/apple/10.14/PC1/x86_64/puppet-bolt-1.9.0.6.g63de4e7-1.osx10.14.dmg root@ieca2t28v5xkx3q.delivery.puppetlabs.net:/var/root
ieca2t28v5xkx3q:~ root# mkdir tmp
ieca2t28v5xkx3q:~ root# /usr/bin/hdiutil attach puppet-bolt-1.9.0.6.g63de4e7-1.osx10.14.dmg -nobrowse -readonly -mountpoint tmp
Checksumming Protective Master Boot Record (MBR : 0)…
Protective Master Boot Record (MBR :: verified   CRC32 $1F056883
Checksumming GPT Header (Primary GPT Header : 1)…
 GPT Header (Primary GPT Header : 1): verified   CRC32 $17A5921F
Checksumming GPT Partition Data (Primary GPT Table : 2)…
GPT Partition Data (Primary GPT Tabl: verified   CRC32 $226673D8
Checksumming  (Apple_Free : 3)…
                    (Apple_Free : 3): verified   CRC32 $00000000
Checksumming disk image (Apple_HFS : 4)…
..............................................................................
          disk image (Apple_HFS : 4): verified   CRC32 $D12BF371
Checksumming  (Apple_Free : 5)…
                    (Apple_Free : 5): verified   CRC32 $00000000
Checksumming GPT Partition Data (Backup GPT Table : 6)…
GPT Partition Data (Backup GPT Table: verified   CRC32 $226673D8
Checksumming GPT Header (Backup GPT Header : 7)…
  GPT Header (Backup GPT Header : 7): verified   CRC32 $86663AC9
verified   CRC32 $0BF581D4
/dev/disk2              GUID_partition_scheme           
/dev/disk2s1            Apple_HFS                       /private/var/root/tmp
ieca2t28v5xkx3q:~ root# /usr/sbin/installer -pkg tmp/puppet-bolt-1.9.0.6.g63de4e7-1-installer.pkg -target /
installer: Package name is puppet-bolt
installer: Installing at base path /
installer: The install was successful.
ieca2t28v5xkx3q:~ root# /usr/bin/hdiutil detach tmp
"disk2" ejected.
ieca2t28v5xkx3q:~ root# ls /opt/puppetlabs/
bin bolt
ieca2t28v5xkx3q:~ root# /opt/puppetlabs/bin/bolt command run whoami -n localhost
Started on localhost...
Finished on localhost:
  STDOUT:
    root
Successful on 1 node: localhost
Ran on 1 node in 0.04 seconds

[nicklewis]

This looks good to me. Do we need or want to wait for the corresponding puppet-agent PRs to be merged or should we go ahead with this?

[donoghuc]

@mwaggett will the foss ship job need any updates to publish a macos 10.14 build? That could be a reason to wait for puppet-agent PRs to be completed.

[mwaggett]

@donoghuc The foss ship job should not need updating when new platforms are added - we just ship everything that's been built. There are other things that do need to be updated (packaging, build-data, maybe more? I can never keep track), but I think that's already been taken care of for osx-10.14.