The Candlepin entitlement engine
Switch branches/tags
python-rhsm-0.94.13-1 python-rhsm-0.94.12-1 python-rhsm-0.94.11-1 python-rhsm-0.94.10-1 python-rhsm-0.94.9-1 python-rhsm-0.94.8-1 python-rhsm-0.94.7-1 python-rhsm-0.94.6-1 python-rhsm-0.94.5-1 python-rhsm-0.94.4-1 python-rhsm-0.94.3-1 python-rhsm-0.94.2-1 python-rhsm-0.94.1-1 gutterball-2.0.5-1 gutterball-2.0.4-1 gutterball-2.0.3-1 gutterball-2.0.2-1 gutterball-2.0.1-1 gutterball-2.0.0-1 gutterball-1.0.16-1 gutterball- gutterball- gutterball- gutterball- gutterball- gutterball- gutterball-1.0.15-1 gutterball-1.0.14-1 gutterball-1.0.13-1 gutterball-1.0.12-1 gutterball-1.0.11-1 gutterball-1.0.10-1 gutterball-1.0.9-1 gutterball-1.0.8-1 gutterball-1.0.7-1 gutterball-1.0.6-1 gutterball-1.0.5-1 gutterball-1.0.4-1 gutterball-1.0.3-1 gutterball-1.0.2-1 gutterball-1.0.1-1 candlepin-common-2.0.3-1 candlepin-common-2.0.2-1 candlepin-common-2.0.1-1 candlepin-common-2.0.0-1 candlepin-common-1.0.23-1 candlepin-common-1.0.22-1 candlepin-common-1.0.21-1 candlepin-common-1.0.20-1 candlepin-common-1.0.19-1 candlepin-common-1.0.18-1 candlepin-common-1.0.17-1 candlepin-common-1.0.16-1 candlepin-common-1.0.15-1 candlepin-common-1.0.14-1 candlepin-common-1.0.13-1 candlepin-common-1.0.12-1 candlepin-common-1.0.11-1 candlepin-common-1.0.10-1 candlepin-common-1.0.9-1 candlepin-common-1.0.8-1 candlepin-common-1.0.7-1 candlepin-common-1.0.6-1 candlepin-common-1.0.5-1 candlepin-common-1.0.4-1 candlepin-common-1.0.3-1 candlepin-common-1.0.2-1 candlepin-common-1.0.1-1 candlepin-2.5.6-1 candlepin-2.5.5-1 candlepin-2.5.4-1 candlepin-2.5.3-1 candlepin-2.5.2-1 candlepin-2.5.1-1 candlepin-2.5.0-1 candlepin-2.4.7-1 candlepin-2.4.6-1 candlepin-2.4.5-1 candlepin-2.4.4-1 candlepin-2.4.3-1 candlepin-2.4.2-1 candlepin-2.4.1-1 candlepin-2.4.0-1 candlepin-2.3.9-1 candlepin-2.3.8-1 candlepin-2.3.7-1 candlepin-2.3.6-1 candlepin-2.3.5-1 candlepin-2.3.4-1 candlepin-2.3.3-1 candlepin-2.3.2-1 candlepin-2.3.1-1 candlepin-2.2.3-1 candlepin-2.2.2-1 candlepin-2.1.23-1 candlepin-2.1.22-1 candlepin-2.1.21-1 candlepin-2.1.20-1 candlepin-2.1.19-1 candlepin-2.1.18-1
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
.idea Add shared IntelliJ IDEA settings. Mar 2, 2017
.settings Update copyright dates Jun 24, 2012
bin Remove Oracle related code. Sep 4, 2018
checks Correct errors flagged in Checkstyle. Jun 19, 2018
common Sync zanata translations Sep 21, 2018
docker removing oracle from docker setup Aug 16, 2018
project_conf Ban BouncyCastle classes from production code. Jun 19, 2018
rel-eng Automatic commit of package [candlepin] release [2.5.6-1]. Sep 21, 2018
server Automatic commit of package [candlepin] release [2.5.6-1]. Sep 21, 2018
tasks Remove this task. Emma messes up the bytecode in Java 1.8 Feb 5, 2018
vagrant updating role to candlepin project May 1, 2018
.gitignore removing oracle from docker setup Aug 16, 2018
.rubocop.yml Use better name for 2xx status code expectation. Feb 29, 2016
BUILDING Move 'true' candlepin code to the toplevel Jun 19, 2012
Gemfile Require newer version of qpid_proton to match CentOS. May 8, 2018
Gemfile.lock Require newer version of qpid_proton to match CentOS. May 8, 2018
LICENSE 1520831: ENT-392: Move license to root directory Jun 28, 2018 Add explanations to MEAD docs. Apr 26, 2016 Update to JSS 4.5.0 Sep 4, 2018
Vagrantfile factored the ansible candlepin roles into a dependency Apr 3, 2018
buildfile Merge branch 'master' into awood/no-more-oracle Sep 19, 2018
pom.xml Disable Maven tests normally. Feb 5, 2018
profiles.yaml Remove Oracle related code. Sep 4, 2018
rpmlint.config add rpmlint target to buildfile, and rpmlint.config Mar 14, 2013

Custom Buildr Tasks

Unless otherwise noted, these tasks are all recursive: they will run on the project you are in and all subprojects contained within.


  • buildr gettext:extract runs xgettext
  • buildr gettext:merge runs msgmerge
  • buildr msgfmt runs msgfmt

The msgfmt task is run during compilation and it can take awhile to run on every different locale we support. To alleviate the slowness, the task looks at the environment variable nopo. If the variable is set to a locale or comma separated list of locales, msgfmt will only run against those locales. Setting nopo to anything else will prevent msgfmt from running at all.

If you keep forgetting to set nopo you can have Buildr do it for you automatically by placing something like the following in ~/.buildr/buildr.rb:

#! /usr/bin/env ruby

ENV['nopo'] ||= 'de'

Buildr will automatically evaluate that file and set nopo to "de" unless the variable is already set.

Check for Dependencies with CVEs

  • buildr dependency:check

The dependency:check task will check a project (and all sub-projects) using the OWASP Dependency Check to see if any dependencies have CVEs reported against them. The maximum allowable CVSS score can be modified by setting the max_allowed_cvss to a float value between 1.0 and 10.0. Any CVEs above the maximum allowed CVSS score will cause the build to fail.


  • buildr checkstyle

Buildr provides a Checkstyle task, but we have our own that reads from the Eclipse Checkstyle Plugin configuration. The Eclipse configuration defines several variables that are then passed in to the project_conf/checks.xml (which is the actual Checkstyle configuration). This practice allows us to have slightly different style requirements for tests versus production code. The Eclipse Checkstyle Plugin defaults to reading from a file named .checkstyle in the root of the Eclipse project and that file points to the location of checks.xml. Unfortunately, checks.xml isn't in the Eclipse project root and the plugin doesn't know how to look outside of the Eclipse project directory except by using an absolute path.

To solve this problem, we generate the .checkstyle file programmatically when running the buildr eclipse task. The template is located at project_conf/.checkstyle and uses an XML entity to represent the location of checks.xml. When you run buildr eclipse, we set the value of the conf_dir entity in project_conf/eclipse-checkstyle.xml to the absolute path to checks.xml and drop the result into .checkstyle in your Eclipse project directory.

Spec Tests

  • buildr rspec runs RSpec tests serially
  • buildr rspec:parallel runs RSpec tests in parallel when possible
  • buildr rspec:failures runs the tests that failed on the last run
  • buildr rspec:my_spec_name:my_test_name runs my_test_name in the my_spec_name file

The spec tests are our integration tests. You can run them serially with buildr rspec. If you want to speed things up use buildr rspec:parallel. That task will run most of the tests in parallel. A few must still be run serially to prevent errors (generally import tests are run serially).

You can run specific tests by appending items to the rspec task name. For example, buildr rspec:vcpu,consumer will run any spec file that begins with "vcpu" or "consumer". You can exclude tests with a minus sign in front of the identifier. E.g. buildr rspec:-vcpu will run all spec files that do not begin with "vcpu".

Additionally, you can provide either line numbers or test names to the task. For example, buildr rspec:vcpu:62,41 will run the tests on line 62 and 41 of the vcpu spec file. Likewise, buildr rspec:vcpu,consumer:consumer will run all tests in the vcpu and consumer specs that have the word "consumer" in the test name.

The general syntax is

rspec:test_name[,test_name ...][:signifier[,signifier ...]]

where the signifier is either a string or an integer.

Please note that if you need to use a phrase to single out a test, you will need to quote the task name: buildr "rspec:vcpu:should be valid" to prevent the shell from interfering. Also note that any phrase or line number you specify will be applied to all tests. So buildr rspec:vcpu,consumer:62 will only run tests that begin on line 62 in either the vcpu or consumer specs. This is a limitation of RSpec itself.

When you run RSpec, failed tests are recorded in target/rspec.failures. You can then use the rspec:failures task to just run failed tests which will then update the list of failures again. Thus, you can keep running rspec:failures until the list is empty.


  • buildr "changeset:my changeset name" Much like the rspec task, the changeset task is followed by a colon and an argument. In this case the argument is a brief description of the nature of the changeset. Be sure to quote the task name to prevent the shell from interpreting the spaces.


  • buildr erb renders any templates found under the erb directory

This plugin is discussed in detail at


  • buildr swagger connects to a Candlepin deployment defined in buildfile and downloads the swagger.json file. It then sends this JSON file to swagger-codegen to automatically generate client bindings. The task can be subdivided with buildr swagger:json and buildr swagger:client.


Our crypto functions are provided by JSS which is not available in the normal Maven repositories. I put it in a Maven repository we control on, but here is the process I use in case anyone needs to replicate it. The example commands use version 4.5.0 and Fedora 28. Change those values as appropriate.

  • Download the latest SRPM from Fedora.
  • Build the SRPM in mock for that version of Fedora.
    mock -r fedora-28-x86_64 jss-4.5.0-1.fc28.src.rpm
  • Copy the rebuilt RPM from /var/lib/mock/fedora-28-x86_64/result (where Mock drops the results of its build)
  • Explode the RPM using rpm2cpio.
    rpm2cpio jss-4.5.0-1.fc28.src.rpm | cpio -idmv
  • Install the JAR file from the exploded RPM into your Maven repository. Make sure the version and path are correct.
    mvn install:install-file -Dpackaging=jar -DgroupId=org.mozilla
    -Dversion=4.5.0 -DartifactId=jss -Dfile=/tmp/jss/usr/lib/java/jss4.jar
  • Explode the SRPM into /tmp/jss. This will give you a source tarball.
    rpm2cpio jss-4.5.0-1.fc28.src.rpm |  cpio -idmv
  • Extract the source tarball.
    tar xzvf jss-4.5.0.tar.gz
  • Go into the source directory and create a source jar.
    cd jss-4.5.0 && jar cvf jss-4.5.0-sources.jar org
  • Install the sources jar
    mvn install:install-file -Dpackaging=jar -DgroupId=org.mozilla -Dversion=4.5.0 -DartifactId=jss -Dfile=jss-4.5.0-sources.jar -Dclassifier=sources
  • Now rsync everything under ~/.m2/repository/org/mozilla/jss to the Maven repository.
    rsync -avz ~/.m2/repository/org/mozilla/jss/


  • buildr syntastic creates .syntastic_class_path for the Vim Syntastic plugin
  • buildr pom creates a pom.xml file with the project dependencies in it
  • buildr rpmlint runs rpmlint on all *.spec files