diff --git a/modules/macos_fsmonitor/manifests/init.pp b/modules/macos_fsmonitor/manifests/init.pp new file mode 100644 index 000000000..84dd51d65 --- /dev/null +++ b/modules/macos_fsmonitor/manifests/init.pp @@ -0,0 +1,79 @@ +class macos_fsmonitor ( + Boolean $enabled = true, +) { + # Install the watchman package from S3 + packages::macos_package_from_s3 { 'watchman.pkg': + private => false, + os_version_specific => false, + type => 'pkg', + require => Exec['prepare_watchman_dir'], # Ensure the directory is created before the package is used. + } + + # Step 1: Create the necessary directory + exec { 'prepare_watchman_dir': + command => 'sudo mkdir -p /usr/local/var/run/watchman', + creates => '/usr/local/var/run/watchman', # Ensures this is idempotent. + path => ['/usr/bin', '/usr/local/bin'], # Ensure `mkdir` is found in the PATH. + } + + # Step 2: Adjust ownership of the directory + exec { 'chown_watchman_dir': + command => 'sudo chown -R cltbld:staff /usr/local/var/run/watchman', + require => Exec['prepare_watchman_dir'], # Run only after the directory is created. + path => ['/usr/bin', '/usr/local/bin'], + } + + # Step 3: Codesign the `watchman` binary + exec { 'codesign_watchman': + command => 'sudo codesign --force --sign - /usr/local/bin/watchman', + onlyif => '/bin/test -f /usr/local/bin/watchman', # Specify full path to 'test'. + require => Packages::Macos_package_from_s3['watchman.pkg'], + path => ['/usr/bin', '/usr/local/bin', '/bin'], + } + + # Step 4: Codesign the `watchmanctl` binary + exec { 'codesign_watchmanctl': + command => 'sudo codesign --force --sign - /usr/local/bin/watchmanctl', + onlyif => '/bin/test -f /usr/local/bin/watchmanctl', # Specify full path to 'test'. + require => Packages::Macos_package_from_s3['watchman.pkg'], + path => ['/usr/bin', '/usr/local/bin', '/bin'], + } + + # Step 5: Manage `.hgrc` file for cltbld + file { '/Users/cltbld/.hgrc': + ensure => file, + owner => 'cltbld', + group => 'staff', + mode => '0644', + content => epp('macos_fsmonitor/hgrc.epp'), # Use a template for consistent content. + require => Exec['codesign_watchman'], + } + + # Embedded Puppet Template (hgrc.epp) + # This template will look like this: + # + # <%# macos_fsmonitor/hgrc.epp %> + # [diff] + # git=True + # showfunc=True + # ignoreblanklines=True + # + # [ui] + # username = Mozilla Release Engineering + # traceback = True + # + # [extensions] + # share= + # rebase= + # mq= + # purge= + # robustcheckout=/usr/local/lib/hgext/robustcheckout.py + # sparse= + # fsmonitor = + # + # [fsmonitor] + # mode = paranoid + # + # [web] + # cacerts = /etc/mercurial/cacert.pem +} diff --git a/modules/roles_profiles/manifests/profiles/macos_fsmonitor.pp b/modules/roles_profiles/manifests/profiles/macos_fsmonitor.pp new file mode 100644 index 000000000..ff021702b --- /dev/null +++ b/modules/roles_profiles/manifests/profiles/macos_fsmonitor.pp @@ -0,0 +1,9 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +class roles_profiles::profiles::macos_fsmonitor { + class { 'macos_fsmonitor': + enabled => true, + } +} diff --git a/modules/roles_profiles/manifests/roles/gecko_t_osx_1400_r8_staging.pp b/modules/roles_profiles/manifests/roles/gecko_t_osx_1400_r8_staging.pp index bf7e3c443..432c00ff5 100644 --- a/modules/roles_profiles/manifests/roles/gecko_t_osx_1400_r8_staging.pp +++ b/modules/roles_profiles/manifests/roles/gecko_t_osx_1400_r8_staging.pp @@ -7,6 +7,7 @@ include roles_profiles::profiles::cltbld_user include roles_profiles::profiles::macos_bin_signer include roles_profiles::profiles::macos_directory_cleaner + include roles_profiles::profiles::macos_fsmonitor include roles_profiles::profiles::macos_gw_checker include roles_profiles::profiles::macos_people_remover include roles_profiles::profiles::macos_tcc_perms