openvoxserver-ca 3.1.1 → 3.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f69b3d238712b866f56fe50826f0c104b4904f93f767d8b7d003b7861bac34da
4
- data.tar.gz: 7687ad57a9ce424c2e4f76a971d1c223f7d95339ec19ad05ff638cdab5cea110
3
+ metadata.gz: ad89f0911e4df90019067afd7d11d35970af4fa7e8252af3888f9db24fa46a15
4
+ data.tar.gz: 7edd0700a89ad6d06f784934b51dd54b904e862b763e6231710ff851e80f3ecf
5
5
  SHA512:
6
- metadata.gz: cb759a35d4754f5a989c79c6340019e8fd2dbd47eade014b38022c3685906527bba26aa07d0afe21a40ebad4d27ceccbf28b993aac0344bb5b8b085ef309ea17
7
- data.tar.gz: 76a5b7c8bbbb08e317841d74e0609d913f6a57eba47da445d52510f758c0bf1777d28df52ed3a84c40735ca590637ac18c3a4885473ddf9ea6352841d76fc4dd
6
+ metadata.gz: 6ea9016d7224eaae5c65a54e034ebb9300e80ae0d202f09fbef0e9d089fc5dfa86c203179b10f5407825ff414afedcc30c3660daca187b2527edb1c329d1ca71
7
+ data.tar.gz: 59eed25ee2c0c9d0945c9c8ce1567e3cdd436278ce32d6e90e3ce230343ad325485ada51c91ddc4a68ac50b2e4e1c404f3feef085eaaf80d4fc48f875558832a
data/CHANGELOG.md CHANGED
@@ -2,6 +2,22 @@
2
2
 
3
3
  All notable changes to this project will be documented in this file.
4
4
 
5
+ ## [3.2.1](https://github.com/openvoxproject/openvoxserver-ca/tree/3.2.1) (2026-06-29)
6
+
7
+ [Full Changelog](https://github.com/openvoxproject/openvoxserver-ca/compare/3.2.0...3.2.1)
8
+
9
+ **Fixed bugs:**
10
+
11
+ - \(PE-44595\) Tolerate nil in munge\_alt\_names [\#41](https://github.com/OpenVoxProject/openvoxserver-ca/pull/41) ([bastelfreak](https://github.com/bastelfreak))
12
+
13
+ ## [3.2.0](https://github.com/openvoxproject/openvoxserver-ca/tree/3.2.0) (2026-04-23)
14
+
15
+ [Full Changelog](https://github.com/openvoxproject/openvoxserver-ca/compare/3.1.1...3.2.0)
16
+
17
+ **Implemented enhancements:**
18
+
19
+ - fix: skip chown in rootless containers via ensure\_ownership helper [\#33](https://github.com/OpenVoxProject/openvoxserver-ca/pull/33) ([dotconfig404](https://github.com/dotconfig404))
20
+
5
21
  ## [3.1.1](https://github.com/openvoxproject/openvoxserver-ca/tree/3.1.1) (2026-02-21)
6
22
 
7
23
  [Full Changelog](https://github.com/openvoxproject/openvoxserver-ca/compare/3.1.0...3.1.1)
@@ -10,7 +10,10 @@ module Puppetserver
10
10
  end
11
11
 
12
12
  def self.munge_alt_names(names)
13
- raw_names = names.split(/\s*,\s*/).map(&:strip)
13
+ # Tolerate a nil/empty value. A puppet.conf key that is present but
14
+ # has no value (e.g. `dns_alt_names =`) is read as nil rather than
15
+ # using the absent-key default, so callers can hand us nil here.
16
+ raw_names = names.to_s.split(/\s*,\s*/).map(&:strip)
14
17
  munged_names = raw_names.map do |name|
15
18
  # Prepend the DNS tag if no tag was specified
16
19
  if !name.start_with?("IP:") && !name.start_with?("DNS:")
@@ -15,17 +15,26 @@ module Puppetserver
15
15
  :signeddir => 0755
16
16
  }
17
17
 
18
- def self.instance
19
- @instance ||= new
20
- end
21
-
22
- def self.write_file(*args)
23
- instance.write_file(*args)
18
+ def self.write_file(path, one_or_more_objects, mode)
19
+ File.open(path, 'w', mode) do |f|
20
+ Array(one_or_more_objects).each do |object|
21
+ f.puts object.to_s
22
+ end
23
+ end
24
+ ensure_ownership(path)
24
25
  end
25
26
 
26
27
  def self.ensure_dirs(one_or_more_dirs)
27
28
  Array(one_or_more_dirs).each do |directory|
28
- instance.ensure_dir(directory)
29
+ ensure_dir(directory)
30
+ end
31
+ end
32
+
33
+ # Warning: directory mode should be specified in DIR_MODES above
34
+ def self.ensure_dir(directory)
35
+ if !File.exist?(directory)
36
+ FileUtils.mkdir_p(directory, mode: DIR_MODES[directory])
37
+ ensure_ownership(directory)
29
38
  end
30
39
  end
31
40
 
@@ -53,56 +62,30 @@ module Puppetserver
53
62
  def self.forcibly_symlink(source, link_target)
54
63
  FileUtils.remove_dir(link_target, true)
55
64
  FileUtils.symlink(source, link_target)
56
- # Ensure the symlink has the same ownership as the source.
57
- # This requires using `FileUtils.chown` rather than `File.chown`, as
58
- # the latter will update the ownership of the source rather than the
59
- # link itself.
60
- # Symlink permissions are ignored in favor of the source's permissions,
61
- # so we don't have to change those.
62
- source_info = File.stat(source)
63
- FileUtils.chown(source_info.uid, source_info.gid, link_target)
64
- end
65
-
66
- def initialize
67
- @user, @group = find_user_and_group
65
+ ensure_ownership(link_target)
68
66
  end
69
67
 
70
- def find_user_and_group
71
- if !running_as_root?
72
- return Process.euid, Process.egid
73
- else
74
- if pe_puppet_exists?
75
- return 'pe-puppet', 'pe-puppet'
76
- else
77
- return 'puppet', 'puppet'
78
- end
79
- end
68
+ # Chown the path to the puppet user when running as root.
69
+ # Skipped otherwise: a non-root process can only have created the path
70
+ # as itself, so ownership is already correct, and chowning to any other
71
+ # user would require CAP_CHOWN (unavailable in rootless containers).
72
+ #
73
+ # Uses `FileUtils.chown` rather than `File.chown` so that when `path`
74
+ # is a symlink it operates on the link itself rather than its target.
75
+ def self.ensure_ownership(path)
76
+ return unless running_as_root?
77
+ user = pe_puppet_exists? ? 'pe-puppet' : 'puppet'
78
+ group = pe_puppet_exists? ? 'pe-puppet' : 'puppet'
79
+ FileUtils.chown(user, group, path)
80
80
  end
81
81
 
82
- def running_as_root?
82
+ def self.running_as_root?
83
83
  !Gem.win_platform? && Process.euid == 0
84
84
  end
85
85
 
86
- def pe_puppet_exists?
86
+ def self.pe_puppet_exists?
87
87
  !!(Etc.getpwnam('pe-puppet') rescue nil)
88
88
  end
89
-
90
- def write_file(path, one_or_more_objects, mode)
91
- File.open(path, 'w', mode) do |f|
92
- Array(one_or_more_objects).each do |object|
93
- f.puts object.to_s
94
- end
95
- end
96
- FileUtils.chown(@user, @group, path)
97
- end
98
-
99
- # Warning: directory mode should be specified in DIR_MODES above
100
- def ensure_dir(directory)
101
- if !File.exist?(directory)
102
- FileUtils.mkdir_p(directory, mode: DIR_MODES[directory])
103
- FileUtils.chown(@user, @group, directory)
104
- end
105
- end
106
89
  end
107
90
  end
108
91
  end
@@ -1,5 +1,5 @@
1
1
  module Puppetserver
2
2
  module Ca
3
- VERSION = "3.1.1"
3
+ VERSION = "3.2.1"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openvoxserver-ca
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.1
4
+ version: 3.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - OpenVox Project
@@ -65,7 +65,6 @@ extensions: []
65
65
  extra_rdoc_files: []
66
66
  files:
67
67
  - CHANGELOG.md
68
- - CODE_OF_CONDUCT.md
69
68
  - CONTRIBUTING.md
70
69
  - LICENSE
71
70
  - README.md
@@ -117,7 +116,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
117
116
  - !ruby/object:Gem::Version
118
117
  version: '0'
119
118
  requirements: []
120
- rubygems_version: 4.0.3
119
+ rubygems_version: 4.0.10
121
120
  specification_version: 4
122
121
  summary: A simple CLI tool for interacting with OpenVox Server's Certificate Authority
123
122
  test_files: []
data/CODE_OF_CONDUCT.md DELETED
@@ -1,74 +0,0 @@
1
- # Contributor Covenant Code of Conduct
2
-
3
- ## Our Pledge
4
-
5
- In the interest of fostering an open and welcoming environment, we as
6
- contributors and maintainers pledge to making participation in our project and
7
- our community a harassment-free experience for everyone, regardless of age, body
8
- size, disability, ethnicity, gender identity and expression, level of experience,
9
- nationality, personal appearance, race, religion, or sexual identity and
10
- orientation.
11
-
12
- ## Our Standards
13
-
14
- Examples of behavior that contributes to creating a positive environment
15
- include:
16
-
17
- * Using welcoming and inclusive language
18
- * Being respectful of differing viewpoints and experiences
19
- * Gracefully accepting constructive criticism
20
- * Focusing on what is best for the community
21
- * Showing empathy towards other community members
22
-
23
- Examples of unacceptable behavior by participants include:
24
-
25
- * The use of sexualized language or imagery and unwelcome sexual attention or
26
- advances
27
- * Trolling, insulting/derogatory comments, and personal or political attacks
28
- * Public or private harassment
29
- * Publishing others' private information, such as a physical or electronic
30
- address, without explicit permission
31
- * Other conduct which could reasonably be considered inappropriate in a
32
- professional setting
33
-
34
- ## Our Responsibilities
35
-
36
- Project maintainers are responsible for clarifying the standards of acceptable
37
- behavior and are expected to take appropriate and fair corrective action in
38
- response to any instances of unacceptable behavior.
39
-
40
- Project maintainers have the right and responsibility to remove, edit, or
41
- reject comments, commits, code, wiki edits, issues, and other contributions
42
- that are not aligned to this Code of Conduct, or to ban temporarily or
43
- permanently any contributor for other behaviors that they deem inappropriate,
44
- threatening, offensive, or harmful.
45
-
46
- ## Scope
47
-
48
- This Code of Conduct applies both within project spaces and in public spaces
49
- when an individual is representing the project or its community. Examples of
50
- representing a project or community include using an official project e-mail
51
- address, posting via an official social media account, or acting as an appointed
52
- representative at an online or offline event. Representation of a project may be
53
- further defined and clarified by project maintainers.
54
-
55
- ## Enforcement
56
-
57
- Instances of abusive, harassing, or otherwise unacceptable behavior may be
58
- reported by contacting the project team at puppetserver-team@puppet.com. All
59
- complaints will be reviewed and investigated and will result in a response that
60
- is deemed necessary and appropriate to the circumstances. The project team is
61
- obligated to maintain confidentiality with regard to the reporter of an incident.
62
- Further details of specific enforcement policies may be posted separately.
63
-
64
- Project maintainers who do not follow or enforce the Code of Conduct in good
65
- faith may face temporary or permanent repercussions as determined by other
66
- members of the project's leadership.
67
-
68
- ## Attribution
69
-
70
- This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71
- available at [http://contributor-covenant.org/version/1/4][version]
72
-
73
- [homepage]: http://contributor-covenant.org
74
- [version]: http://contributor-covenant.org/version/1/4/