| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This makes the SELinux library marginally more robust by dealing
consistently with a missing proc/mounts, and also resoves the test
failures in a way that allows meaningful test runs on non-SELinux
systems.
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch implements the two-part suggestion from the ticket;
1) a client that receives a certificate that doesn't match its current
private key does not accept, store or use the certificate--instead it
removes any locally cached copies and acts as if the certificate had
never been found.
2) a puppetmaster that receives a csr from a client for whom it already
has a signed certificate now honors the request and considers it to
supercede any previously signed certificates.
In order to make the cache expiration work as expected, I changed a few
assumptions in the caching system:
* The expiration of a cached certificate is the earlier of the envelope
expiration and the certificate's expiration, as opposed to just overriding
the cache value
* Telling the cache to expire an item now removes it from the cache if
possible, rather than just setting an expiration date in the past and
hoping that somebody notices.
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This removes some of the IPv4 centricism from authstore's handling
of IP addresses. It isn't full IPv6 support (and doesn't even fully
handle all the cases within its limited scope, as ruby's IPAddr
library does not work with hybrid addresses), but it should simplify
adding IPv6 support when the time comes.
|
| | |
| |
| |
| |
| | |
This patch fixes #2567 by always pre-validating IP addresses with a
strict regular expression check before calling IPAddr.new() on them.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit refactors the code in authstore to enable a fix for #2567,
goes part of the way towards fixing #2708 (DNS/reverse DNS dependence),
and is a start on #2623 (authstore needs to be refactored), though it
stops short of fully addressing some of the more egregious structural
issues ("opaque", ill-placed pattern transformations, etc.).
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added an info message about what database we're connecting to.
In the case of the default database, it looks like:
info: Connecting to sqlite3 database: /var/lib/puppet/state/clientconfigs.sqlite3
Also squashes the deprecation warning #2941, since fixing that makes
this patch smaller.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Disables the b64_zlib_yaml format if zlib cannot be loaded.
I've added a --no-zlib to make it possible to test this on a single
machine, but it might also be useful if someone finds themselves failing
to connect to a server that doesn't have zlib installed.
FactHandler' format is still hard-coded to YAML rather than using
facts.class.default_format
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| | |
This is Luke's suggested fix, from the ticket.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Commit 82714246b913087292f04190e03a885c99723f52 lost the distinction
between links that were being followed and links that were being managed.
This reinstated the distinction and (taking Luke up on his offer) also
includes various cleanups.
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Make sure that we don't try to do anything to webrick until it has
really started.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| | |
This is Matthias Saou's patch from the ticket; it adjusts the regular
expression to permit capital letters where needed.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Andrew Forgue's suggested patch; changes the regular expression to
accept any non-space characters, non-vertical bar characters in a
version "number".
Examples
v | SLES10-SP1-Updates | | resmgr | 0.9.8_SVNr75-18.9 | x86_64
v | SLES10-SP1-Updates | | wireless-tools | 28pre13-22.16.2 | x86_64
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| | |
| |
| |
| |
| |
| | |
The refactoring in 8f60f0c50ee3dfb6453644f5dcded58e6e80e8bb lost the
return code--should be true in all non-exception cases--and this was
causing a false failure when the result was checked higher up.
|
| | |
| |
| |
| |
| |
| | |
Fail rathing than raising the exception so that the line and file are
preserved. A more general solution to these sorts of issues is called
for on the code smell list.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is a fix for the core issue of #2863, calling each on a nil tag (instead
of empty) tag list for a resource with no tags, combined with various cleanup
in related code to forestall reintroduction of a similar bug.
* Replace the direct @var access with an initializing getter
* Rename it from @tags_hash to @tags_list since it's not a hash
* Do the same with the otherwise identical params setup.
* Eliminate the now-redundant external initialization for params.
* Remove the parameters method as it was never used and obviously
faulty (calling a non-existent get_params_hash method).
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a flag "manage_internal_file_permissions" which is enabled by
default. Disabling this flag prevents Puppet from managing the owner,
group, or mode of files created from Puppet::Util::Settings::FileSetting
I think this is a wide enough net to follow Luke's suggestion of
"disable management of everything", and it certainly satisfies the
requests I'm aware of, but if I've missed anything, let me know.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Puppet was mis-parsing sshkey aliases when the last alias is an empty
string.
This is due to the counter-intuitive behavior of Ruby's String#split.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
Clean up warning messages so that they don't fail when run inside the
test class.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Clean up AIX crontab type:
- The return "" if output.include?(...) prevented the
raise from ever being reached.
- Ensure the temp file is deleted after feeding it
to cron.
- Prevent dumping of the new crontab to STDOUT.
Signed-off-by: Andrew Forgue <andrew.forgue@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
No message was being displayed on the server if a file could not be
opened by the file server.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Replace this message that looks like an error
debug: Format s not supported for Puppet::FileServing::Metadata; has not implemented method 'from_s'
with
debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
modulepath/manifestdir
I was told that setting manifestdir in environment is not supported.
Only the manifest setting seems to be supported in environments.
This patch changes how puppetdoc handles manifestdir, instead
of getting it through the manifestdir variable, we now get the
manifest settings and infer the directory from this, exactly as
the parser is doing.
This allows puppetdoc to handle what user are doing with environments.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The problem is that regex node contains '/' which is a directory
separator on unix.
Since puppetdoc writes a file for each node this was creating empty
directories and documentation for such node couldn't be stored.
This patch removes the slashes in the node names.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The following manifest doesn't work:
$foo = undef
case $foo {
undef: { notice("undef") }
default: { notice("defined") }
}
This is because "undef" scope variable are returned as an empty
string.
This patch introduces a behavior change:
Now, unassigned variable usage returns also undef.
This might produce some issues in existing manifests, although
care has been taken to allow correct behavior in the most commonly
used patterns.
For instance:
case $bar {
undef: { notice("undef") }
default: { notice("defined") }
}
will print "undef".
But matching undef in case/selector/if will also match "".
case $bar {
"": { notice("empty") }
default: { notice("defined") }
}
will print "empty".
Of course "" doesn't match undef :-)
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |\ \ |
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
lib/puppet/agent.rb
lib/puppet/application/puppetd.rb
lib/puppet/parser/ast/leaf.rb
lib/puppet/util/rdoc/parser.rb
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Symlinks confuse the "What file system am I on?" logic. This patch just
runs the paths through a beefed up version of the standard 'realpath'
method.
Includes some of Markus's suggested changes.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Check that a specific file supports selinux properties before trying to
set them.
This patch is functionally identical to the one Darrell Fuhriman
submitted with the bug report.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is technically a duplicate of #1531, I think this change prevents
the problem that appears in #2812, without touching the underlying issues
of #1531.
ssh_authorized_key was failing on keys in ~/.ssh/authorized_keys that
lack a comment field - it would generate a Ssh_authorized_key resource
with the name set to nil, which raises "ArgumentError: Field 'name' is
required."
Fixed by setting such keys' name fields to an empty string.
This prevents the error from being raised and the authorized_keys files
round-trip successfully.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The routine which was determining if one path was a prefix of another
in arbitrating between explicit and generated resources was using the
raw string for the test without regard to path segments and thus could
be fooled by pairs such as "/tmp/foo" vs. "/tmp/foo2"
Fix was to be path delimiter aware and add a test.
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Patch thanks to Till Maas
Signed-off-by: James Turnbull <james@lovedthanlost.net>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Replace deprecated method call. This code was not tested before, so I've
tried to capture what I think the method was trying to do.
This version includes Luke's suggested change to better preserve the
original behavior.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* use easily parsable format string (fixes #1872)
* only query stable packages, anything else cannot be installed anyway
* fix withenv usage in class method self.instances
* code cleanup & consistency
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is a moderately ugly workaround for the MRI garbage collection
bug (see the ticket for details).
I explored several other potential solutions (notably, monkey
patching the routines that trigger the bug) but none of them were
satisfactory. Monkey patching sub, gsub, sub!, gsub!, etc., for
example, either changes the scoping of $~, $1, etc. in a way that
could potentially subtly change the meaning of programs or (if you
are clever) faithfully reproduces the behaviour of MRI--including
the memory leak.
I decided to go with the standardized and somewhat obnoxious never-
used optional argument as it was easy to automatically insert and
should be even easier to automatically find and remove if a better
fix is developed. It also should be obtrusive enough to escape
accidental removal in refactoring.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Puppet::Transaction was handling "tags" strings differently depending on
whether they came in from Puppet[:tags] or another source.
This was causing puppetrun's tags to be misparsed if there was not
exactly one --tag parameter.
I've moved the code to Util::Tagging.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Monkey-patch workaround for RDoc so it doesn't get confused by rubygems
stub executables.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit c702f76b271515e9c42dcb923d379fbfac4c83cd and turns it
into a documentation only fix. As it turns out, ENV should have never been
used at all, as the Rack docs say nothing about it *and* Passenger's
behaviour in 2.2.3 + 2.2.4 was completely broken and still is half-way broken
in 2.2.5 (but is OK with the Rack specs).
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This modifies `supported_formats` to warn when the
`preferred_serialization_format` setting is invalid (and ignored in
favor of the default value).
I built the tests for this behavior alongside the existing
FormatHandler tests for *valid* `preferred_serialization_format` values
(and did some restructuring to extract common setup code to `before`
blocks).
Signed-off-by: Bruce Williams <bruce@codefluency.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Suprisingly, I found that setting allow_concurrency made the
"MySQL server has gone away" stop occuring even if the MySQL server
drops connections.
This may be the only change needed to restore compatibility with
ActiveRecord 2.1.x
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
In #1469 we changed the FileSet internal api and missed that tidy
was still using the old version.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | | | |
|
