puppet 2.7.20 → 2.7.21

data/CHANGELOG

@@ -1,3 +1,229 @@
+2.7.21
+===
+570e4d2 Update CHANGELOG, PUPPETVERSION for 2.7.21
+4b0a7e2 Add missing 2.7.20 CHANGELOG entries
+3ecd376 (#19391) Find the catalog for the specified node name
+c240299 (#19392) Don't validate key for certificate_status
+a1c4abd Don't assume master supports SSLv2
+60eebed Don't require openssl client to return 0 on failure
+12728c0 Display SSL messages so we can match our regex
+70cdc63 Don't assume puppetbindir is defined
+9cbfb9d Remove unnecessary rubygems require
+0f4ac20 Run openssl from windows when trying to downgrade master
+7d62aa0 Separate tests for same CVEs into separate files
+61109fa Fix order-dependent test failure in rest_authconfig_spec
+a3d3c95 Always read request body when using Rack
+79b875e Acceptance tests for CVEs 2013 (1640, 1652, 1653, 1654, 2274, 2275)
+632e12d (#19531) (CVE-2013-2275) Only allow report save from the node matching the certname
+7df884b Fix module tool acceptance test
+4a272ea Updating module tool acceptance tests with new expectations.
+0a7d61f (#19392) (CVE-2013-1653) Validate instances passed to indirector
+be920ac (#19151) Reject SSLv2 SSL handshakes and ciphers
+516142e (#19391) (CVE-2013-1652) Disallow use_node compiler parameter for remote requests
+bd942ec (#14093) Restore access to the filename in the template
+cf6cf81 (#14093) Remove unsafe attributes from TemplateWrapper
+f2a3d5c (#19393) Safely load YAML from the network
+
+2.7.20
+===
+cb9696d Update lib/puppet/version.rb for 2.7.20
+1d01f2a Update lib/puppet/version.rb for 2.7.20-rc1
+d16d357 (#17458) Add acceptance test for executing external subcommands
+fd92eb1 (#17458) Partial revert of "don't rebuild regexp every time"
+28229d7 Revert "(#17458) Load 'puppet' at the right time"
+b5ed15b (#17458) Load 'puppet' at the right time
+0524a0a (#7422) Support arrow syntax with metaparams
+fc6571e rm packaging artifacts in rpm spec, debian rules
+b1adcd2 Fix build targets for 2.7.x
+0cc80ad Preserve timestamps when installing files
+6da5aa8 Replace dashes with dots for gem version
+5c61f32 (#17260) Include link to information about deprecation
+858e4b4 Update Rakefile to make rspec optional
+0c1991f Remove the asc file from the source of spec file
+bd0caf5 (#17260) Warn when variables contain hyphens
+35b9ff2 Edit description of hyphenated variables compatibility setting
+5ee2558 (#10146) `-` in variable names should be deprecated!
+d892859 (#16791) Remove tests for unused behavior
+aba3c67 (#16791) Re-instate deprecated symbolize and symbolizehash!
+65b5c5c Eliminate `symbolize` everywhere, and remove it.
+3cda4f4 (#16791) Revert "Merge branch 'feature/2.7.x/json-terminus-backport' of https://github.com/daniel-pittman/puppet into 2.7.x"
+1e5baee (#16791) Revert "Maint: Fix intermittently failing spec test"
+13ab956 (#16791) Revert "Merge branch 'perf/2.7.x/backport-activesupport-hook-disabling' of https://github.com/daniel-pittman/puppet into 2.7.x"
+5c96254 (#16581) Fix mis-stubbed test
+c305a32 (#11042) indirect via the property to convert group names to numbers
+f08fc39 (#16581) Refactor code for sid validation
+92f0688 (#16798) Add more tests to cover revoke by serial number
+b55d885 (#16798) Update revocation by serial number documentation
+5e8236f (#16798) Fix certificate revocation by serial number
+c60a82d (#16581) Deprecate sid_for_account
+c86e685 (#16581) Use native Win32 APIs to resolve SIDs in file provider
+9291ae2 (#16581) Use native Win32 APIs to resolve SIDs in providers
+3d360e7 (#16581) Documentation changes
+be848e6 (#16581) Use win32-security gem to resolve SIDs
+da3aea4 (#16581) Refactor code for converting string and binary sids
+e6865c4 (maint) Update mailmap for git shortlog
+dc50ec7 (#16922) Quote strings that contain ":"
+b2e31b5 fail better in package repo rake tasks
+5e7cce5 Disable ActiveSupport::Dependencies hooks.
+68dea3d zaml: handle multi-line map keys and array values correctly.
+67e5957 zaml: don't use backreferences on strings
+fbca3b0 zaml: avoid calling emit when we don't have anything to output
+4f6289b zaml: add whitespace for readability.
+83defc0 zaml: rework strings for correctness and speed
+e45961f Maint: Fix intermittently failing spec test
+69315c2 Implement `Fixnum#ord` for Ruby 1.8.5
+f60e402 tagging: use a static regexp rather than rebuilding it
+314c3da file_serving: avoid rewriting paths if possible.
+b54f8cd log_paths: memoize the entire value, not just part of it.
+33c127b zaml: speed micro-optimization for Time output
+e70273b whit: cache the `to_s` result.
+9099a42 zaml: don't sort object attributes for output
+20efe94 util: don't rebuild regexp every time we invoke absolute_file?
+58f6ca1 parser/files: use a cheaper test for "is this path absolute?"
+275c94d Eliminate remaining uses of FileCollection.
+912ed34 FileCollection is a memory loss, not a memory win.
+89e0f14 type: support implicit "identity" transformation
+397dfa8 monkey_patch: cache Symbol to_proc result.
+54c4f0a lexer: remove some unused stats collection
+9176f5c tagging: document why fixing this horror is hard.
+aca7959 type: memoize key_attributes for types.
+8173a6e Avoid object creation/destruction when possible.
+5e3fbca (Maint) Remove fragile test
+fd8343a zaml: unify on a single definition of `to_zaml` for Symbol
+4d4a75a zaml: statically determine the to_ascii8bit implementation.
+fbd5105 Use `intern` rather than `symbolize` it Puppet::Type
+c0e5f4d Implement Symbol#intern when it is missing.
+141c83b Add catalog JSON terminus to improve performance.
+a0287bf Implement a JSON file terminus to mirror YAML.
+61a34d3 (#2888) Fix race condition with puppetdlockfile
+315ebad (#2888) Add settings catalog info to README_DEVELOPER
+fe1f4a2 (#4680) Reject CA network operations when master CA is disabled
+312b467 Git ignore an .rvmrc file in the root of the project
+f0ef301 (#16330) Update ZAML to latest upstream.
+f8a4ddc (#16376) Fix rails compatibility layer for activerecord < 3.0
+a1c4467 Fixup apple package plist for use with packaging repo
+e84f448 (#16347) Qualify references to windows-pr gem
+68c61fa (#16347) Replace \x92 character with apostrophe
+0e7fc8d Update copyright years in LICENSE
+81c8afa Skip symbolic link demanding test on Windows
+d260b90 RSpec 3 is deprecating `expect {}.should` - respect that.
+dff6e53 (maint) Confine pty-based test to non-Windows hosts.
+b48a172 (Maint) Fix syntax and semantic erros in test
+da24d54 (#15959) Fix groupadd/useradd spec when run on non-linux systems
+bd875f5 (#16208): Correct spec test to match new failed parameter message
+a753b86 Maint: Fix inconsistent expect-should usage
+1a9d122 Maint: Fix leaked tempfile handle
+d9ab06f (#16208) fix tests
+f30af22 (#16208) use #{ref} instead of #{type} #{title} as suggested by dpittman
+cb3c912 (#16208) Better error messages for failed parameter validation
+294fae2 Port the SemVer test from Test::Unit to RSpec.
+14d1fdc Don't make executables in /tmp in posix_spec
+ca36893 Backport fix for commandline spec
+6f556ef Don't pollute Functions namespace in shellquote function
+13cb623 (#8714) Don't follow symlinks in SELinux FS detection
+8fa6575 Make SELinux internal helper functions private.
+0a72c5c Fix yum repo path in yaml file
+0620497 (#15797) Update chkconfig test to reflect reality
+775d0dc Revert "(#15797) Change the argument to chkconfig from 'on' to 'reset'"
+f9463ea (#15731) Add clarifying comments to host.rb
+82ebe28 Remove version check regex from puppet
+67f8b0b Remove broken dual build-requires of facter in redhat spec
+2ea1e98 Add in manpage listings that should have been there
+b1648b2 Fixup Rakefile to use packaging repo
+a670a4f Move and template all apple pkging artifacts to ext/osx
+302248b Add debian packaging artifacts and template
+5dc896b Move redhat spec file to erb template in ext/redhat
+b67e4dc (#16019) Don't add Unix paths to Windows search path
+489352b (#16119) Recognize carriage return escape sequence
+db74432 Switch off building gem for 2.7.x
+77afeba Add yaml files
+2b06b7e (#15193) Fix windows failing on unix style paths
+5e84c97 (#15560) Delete user's profile after deleting account
+94aaf15 (#15193) Fix StaticCompiler#store_content
+58f9679 (#15193) Add spec test coverage for static compiler
+2bbc4e4 Document the different forms of catalogs to help test writers
+1a432fd (#15193) Document how to use the static compiler
+1820927 (Maint) Stop watchr from reading non-existent spec.opts
+576fd56 Whitespace only cleanup
+67b9227 (#15560) Create the user's profile if managehome is true
+1075b74 (#15560) Refactor LogonUser
+7efbfc6 Maint: Large or complex HEREDOC strings w/ no interpolation should be single-quote type
+13e0109 (#15591) Skip test that causes segfault on Windows
+f10d364 maint: remove .rspec entirely
+7b4ac10 (#15731) Move explicit fingerprints to hash
+4ffc02d (Maint) Enable colorized rspec output on Windows
+700caba (#15739) Bump report_version since #10064 change its format
+1a2e8fc (#14822) Use feature confine for feature tests during run
+c6e1aa3 (#14822) Re-evaluate features if they previously were false
+65dbdea (#15797) Disable RedHat services in all run levels
+5ef0df0 (Maint) Whitespace only cleanup
+7ca6b70 (#15797) Add test coverage for redhat service provider
+d2012ae (#15797) Change the argument to chkconfig from 'on' to 'reset'
+b2c3675 Fix typo in create_resources function's description string
+48a9cc2 (#15464) Exclude gem command from bundler
+54ea4fe Revert "Revert "Merge branch 'ticket/2.7.x/15464_a_gemfile_would_improve_contributor_on-boarding' into 2.7.x""
+76ef99b Revert "Merge branch 'ticket/2.7.x/15464_a_gemfile_would_improve_contributor_on-boarding' into 2.7.x"
+6350e6c (#15959) Do not support system group on Solaris and HP-UX
+c404d99 maint: Reduce stubbing in groupadd spec
+c50f552 maint: Rearrange tests in groupadd unittests
+5e64c1f (#15959) Do not support system user on Solaris and HP-UX
+03c7ddf1 maint: Reduce stubbing in useradd spec
+e111f56 maint: Rearrange tests in useradd unittests
+d7cb3c7 (#15464) Make Puppet.version settable via Puppet.version=
+f9cfec7 (#15912) Make function access consistent
+e067c2a (#15693) Allow restart command to be specified
+07f0b0e (#15464) Make Puppet usable as a Gem from source
+b33d517 Move Puppet version into lib/puppet/version.rb
+1c1a383 (#15464) Make contributing easy via bundle Gemfile
+83cfe9d (Maint) Fix rspec options file
+86dac63 (Maint) Skip crontab filetype tests on Windows
+dd25c9e (#15346) Add spec test for --source when checking latest
+e9d10ca (#15346) add --source to the gem list command
+1d80007 (#14283) Call Tempfile#close and #unlink separately
+7a72361 (#14283) Raise an error when crontab returns non-zero on AIX
+d9c7698 (maint) Refactor filetype specs
+bbdbb06 (maint) Consolidate flat file tests
+5ceb55c (Maint) Add logging for when Puppet is enabled/disabled.
+07aeef3 (#15940) Add test coverage for rdoc exclude option
+f08dd53 (#15940) Update puppet doc to ignore files and templates in modules
+08c62da (#7442) solaris: return "-1" for password_max_age when password aging is disabled
+e0b1e40 (#7442) solaris: add tests for password_max_age attribute
+0a41053 Always set log functions on root environment
+b47e910 Use TestHelper in old unit tests
+9815de4 Convert expect..should to expect..to in configurer spec
+f2a4cca (maint) Remove spurious `puts` line
+c95bda7 (maint) Whitespace cleanup
+ed22b06 (maint) Include backtrace in re-raised exception
+c8152d4 (#15920) Make forward-sexp ignore comments in puppet-mode.el
+4cd6686 (#14283) Fix suntab filetype when run as normal user
+d2b4f08 maint: Refactor suntab and aixtab filetype
+a7d6c3d Add Puppet::Parser::Functions::clear for specs
+279c323 Clear Environment.current when calling Environment.clear
+536b68c Check that function loading worked correctly.
+abc7885 Avoid stubbing Thread::new due to issues in newer mocha
+fdb8ca3 Rename specs to end in _spec.rb
+9c361f1 Don't require mocha in spec_helper
+6d3d591 Fix stubbing on nil in some specs
+60a6a2a (#14515) Tests fail with mocha 0.11.4
+d2e5268 (#10915) Add test for provider throwing NoMethodError
+9e26fe0 (#10915) Fix tests to work with new parameter checking
+da7cd8e Don't mask NoMethodErrors
+fcd4957 (#15521) Convert to using host stub wrapper
+fbede51 Fixed #11686 - Updated documentation for exec timeout
+6f7303a Mark git diff --check as inline code
+cf04e5e Make the example in CONTRIBUTING imperative and concrete
+9862940 Add HOWTO hint on topic branches in CONTRIBUTING
+9c60ed3 (Maint) Whitespace cleanup of CONTRIBUTING.md
+65b35a8 (Maint) Simplify CONTRIBUTING.md
+b61d041 (#15731) explicit fingerprint digest for pson
+6dcf122 (#15731) Full certificate metadata for pson
+31fac81 (#15665) Fix issue with eix-update on newer eix (>=0.25.2).
+adfc27e Maint: Fix borked help/man output for node clean
+367926a (#15264) Custom title patterns can fail cryptically.
+b8ca748 (#11727) Support STDIN for `puppet parser validate`
+04ba8e2 Add stdin parsing to puppet parser validate
+368a1cb Fix for #3984 -- SELinux warns about changes it doesn't actually make
+
 2.7.19
 ===
 85f5543 Ruby 1.9.3 has a different error when `require` fails.

data/conf/auth.conf

@@ -63,10 +63,10 @@ path /certificate_revocation_list/ca
 method find
 allow *
 
-# allow all nodes to store their reports
-path /report
+# allow all nodes to store their own reports
+path ~ ^/report/([^/]+)$
 method save
-allow *
+allow $1
 
 # inconditionnally allow access to all files services
 # which means in practice that fileserver.conf will

data/ext/packaging/README.md

@@ -11,14 +11,28 @@ continue to iterate and improve upon it.
 
 ##Using the Packaging Repo
 
-Several Puppet Labs projects have been migrated to the packaging repo,
-including puppet, facter, puppet-dashboard, and hiera. Generally speaking,
-ruby 1.9.3 and rake 0.9.x seem to work best. To pull the packaging tasks into
-your source repo, do a `rake package:bootstrap`. This will clone this repo
-into the ext directory of the project and make many packaging tasks
-available. The tasks are generally grouped into two categories, `package:`
-namespaced tasks and `pl:` namespaced tasks.
+Several Puppet Labs projects are using the packaging repo. They are:
 
+* puppet
+* facter
+* puppet-dashboard
+* hiera
+* puppetdb
+* razor
+
+as well as several closed-source projects, including
+* live-management
+* console-auth
+* console
+
+Generally speaking, the packaging repo should be compatible with ruby 1.8.7,
+ruby 1.9.3 and rake 0.9.x. To pull the packaging tasks into your source repo,
+do a `rake package:bootstrap`. This will clone this repo into the ext directory
+of the project and make many packaging tasks available. The tasks are
+generally grouped into two categories, `package:` namespaced tasks and `pl:`
+namespaced tasks.
+
+## `package:` tasks
 `package:` namespaced tasks are general purpose tasks that are set up to use
 the most minimal tool chain possible for creating packages. These tasks will
 create rpms and debs, but any build dependencies will need to be satisifed by
@@ -28,59 +42,170 @@ for rolling one's own debs and rpms or for use in environments without many
 OSes/versions, this may work just fine. To build an rpm using the packaging
 repo, do a `rake package:rpm`. To build a deb, use `rake package:deb`.
 
+## `pl:` tasks
 `pl:` namespaced tasks rely on a slighly more complex toolchain for packaging
-inside clean chroot environments for the various operating systems and
-versions that Puppet Labs supports. On the rpm side, this is done with
+inside clean chroot environments for the various operating systems and versions
+that Puppet Labs supports. On the rpm side, this is done with
 [mock](http://fedoraproject.org/wiki/Projects/Mock) and for debs, we use
 pdebuild and [cowbuilder](http://wiki.debian.org/cowbuilder). For the most
 part, these tasks are keyed to puppetlabs infrastructure, and are used by the
 Release Engineering team to create release packages. However, they can
 certainly be modified to suit other environments, and much effort went into
 making tasks as modular and reusable as possible. Several Puppet Labs-specific
-tasks are only available if the file '~/.packaging/builder\_data.yaml' is present.
-This file is created by the `pl:fetch` task, which pulls down another yaml file
-from a [separate build data repository](https://github.com/puppetlabs/build-data),
-which contains additional settings/data specific to Puppet Labs release
-infrastructure. The goal in separating these data and tasks out is to refrain
-from presenting by default yet more Puppet Labs-specific tasks that aren't
-generally consumable by everyone. To build a deb from a local repository using
-a `pl` task, ssh into a builder (e.g., one stood up using the modules detailed
-below) and clone the source repo, e.g. puppet. Then, run `rake package:bootstrap`
-and `rake pl:deb` to create a deb, and `rake pl:mock` to make an rpm (on a debian
-or redhat host, respectively).
-
-There is also a `pe:` namespace, for the building of Puppet Labs' Puppet
-Enterprise packages that have been converted to using this repo. The `pe:`
-tasks rely heavily on PL internal infrastructure, and are not generally useful
-outside of this environment. To create packages, in the source repository run
-`rake package:bootstrap`, followed by `rake pl:fetch`. These two commands
-bootstrap the packaging environment and pull in the additional data needed for
-PE building (see `pl:fetch` notes above).
-Then, to make a debian package, run `rake pe:deb`, and to make an rpm, run
-`rake pe:mock`. There are also `pe:deb_all` and `pe:mock_all` tasks, which build
-packages against all shipped debian/redhat targets. The `pe:deb_all` task is not
-generally necessary for developer use for building test packages; the `pe:deb`
-task creates a package that will work against virtually all supported PE debian
-versions. The same is generally true for PE internal rpms, but because of variances
-in build macros for rpm, rpms should generally be built with `pe:mock_all`, and
-then the desired version installed, or by building only for a specific target.
-This is accomplished by passing MOCK=<mock> to the rake call, e.g. `rake pe:mock MOCK=<mock>`.
-The available mocks are listed in `ext/build_defaults.yaml` after `final_mocks:`.
-For PE, the mocks are formatted as `pupent-<peversion>-<distversion>-<arch>`, e.g.
-`pupent-2.7-el5-i386`. To build for a specific target, set `MOCK=<mock>` to the mock
-that matches the target. The `pe:deb` and `pe:mock` tasks work by building on a
-remote builder using the current committed state of the source repository. To forego
-remote building and build on the local station (e.g., by ssh-ing into a remote
-builder first), the tasks `pe:local_mock` and `pe:local_deb` build using the
-local host.
+tasks are only available if the file '~/.packaging' is present.  This file is
+created by the `pl:fetch` task, which curls two yaml files into 'team' and
+'project' subdirectories.  from a [separate build data
+repository](https://github.com/puppetlabs/build-data), which contains
+additional settings/data specific to Puppet Labs release infrastructure. The
+goal in separating these data and tasks out is to refrain from presenting by
+default yet more Puppet Labs-specific tasks that aren't generally consumable by
+everyone. To build a deb from a local repository using a `pl` task, ssh into a
+builder (e.g., one stood up using the modules detailed below) and clone the
+source repo, e.g. puppet. Then, run `rake package:bootstrap` and `rake pl:deb`
+to create a deb, and `rake pl:mock` to make an rpm (on a debian or redhat host,
+respectively).
+
+## `pe:` tasks
+There is also a `pe:` namespace, for the building of Puppet
+Labs' Puppet Enterprise packages that have been converted to using this repo.
+The `pe:` tasks rely heavily on PL internal infrastructure, and are not
+generally useful outside of this environment. To create packages, in the source
+repository run `rake package:bootstrap`, followed by `rake pl:fetch`. These two
+commands bootstrap the packaging environment and pull in the additional data
+needed for PE building (see `pl:fetch` notes above).  Then, to make a debian
+package, run `rake pe:deb`, and to make an rpm, run `rake pe:mock`. There are
+also `pe:deb_all` and `pe:mock_all` tasks, which build packages against all
+shipped debian/redhat targets. The `pe:deb_all` task is not generally necessary
+for developer use for building test packages; the `pe:deb` task creates a
+  package that will work against virtually all supported PE debian versions.
+  The same is generally true for PE internal rpms, but because of variances in
+  build macros for rpm, rpms should generally be built with `pe:mock_all`, and
+  then the desired version installed, or by building only for a specific
+  target.  This is accomplished by passing MOCK=<mock> to the rake call, e.g.
+  `rake pe:mock MOCK=<mock>`.  The available mocks are listed in
+  `ext/build_defaults.yaml` after `final_mocks:`.  For PE, the mocks are
+  formatted as `pupent-<peversion>-<distversion>-<arch>`, e.g.
+  `pupent-2.7-el5-i386`. To build for a specific target, set `MOCK=<mock>` to
+  the mock that matches the target. The `pe:deb` and `pe:mock` tasks work by
+  using the `:remote` tasks for building on a remote builder using the current
+  committed state of the source repository. To forego remote building and build
+  on the local station (e.g., by ssh-ing into a remote builder first), the
+  tasks `pe:local_mock` and `pe:local_deb` build using the local host.
+
+## `:remote:` tasks
+There are also sub-namespaces of `:pl` and `:pe` that are
+worth noting. First, the `:remote` namespace. Tasks under `:remote` perform
+builds remotely on internal builders from your local workstation. How they
+work:
+
+1) Run `pl:fetch` to obtain extra data from the build-data repo. The data
+includes the hostnames of builders to use for packaging.
+
+2) Create a git bundle of the local workspace and tar it up.
+
+3) Create a build parameters file. The params file includes all the information
+about the build, including any values overridden with env vars, and the actual
+task to run, e.g. `rake pl:deb`.
+
+4) scp the git bundle and build parameters file to a temporary directory on the
+builder hostname assigned to that particular package build type.
+
+5) ssh into the builder, untar the git bundle, clone it, and run `rake
+package:bootstrap`.
+
+6) ssh into the builder, cd into the cloned repo, and run `rake
+pl:build_from_params PARAMS_FILE=/path/to/previously/sent/file`.
+
+7) Maintain the ssh connection until the build finishes, and rsync the packages
+from the builder to the local workstation.
+
+## `:jenkins:` tasks
+Jenkins tasks are similar to the `:remote:` tasks, but
+they do not require ssh access to the builders.  The jenkins tasks enable the
+packaging repo to kick off packaging builds on a remote jenkins slave. They
+work in a similar way to the :remote tasks, but with a few key differences. The
+jenkins tasks transmit information to a jenkins coordinator, which handles the
+rest. The data passed are the following:
+
+1) $PROJECT\_BUNDLE - a tar.gz of a git-bundle from HEAD of the current
+project, which is cloned on the builder to set up a duplicate of this
+environment
+
+2) $BUILD\_PROPERTIES - a build parameters file, containing all information
+about the build
+
+3) $BUILD\_TYPE - the "type" of build, e.g. rpm, deb, gem, etc The jenkins url
+and job name are obtained via the team build-data file from [the build data
+repository](https://github.com/puppetlabs/build-data)
+
+4) $PROJECT - the project we're building, e.g. facter, puppet. This is used
+later in determining the target for the build artifacts on the distribution
+server
+
+5) $DOWNSTREAM\_JOB - The URL of a downstream job that jenkins should post to
+upon success. This is obtained via the DOWNSTREAM\_JOB environment variable.
+
+
+On the Jenkins end, the job is a parameterized job that accepts five
+parameters. Jenkins has the Parameterized Trigger Plugin, Workspace Cleanup
+Plugin, and Node and Label Parameter Plugin in use for this job. The workspace
+cleanup plugin cleans the workspace before each build. Two are file parameters,
+two string parameters, and a Label parameter provided by the Node and Label
+Parameter Plugin, as described above. When the pl:jenkins:\* task triggers a
+build, it passes values for all of these parameters. The Label parameter is
+associated with the build type. This way we can queue the job on a builder with
+the appropriate capabilities just by assigning a builder the label "deb" or
+"rpm," etc. The actual build itself is accomplished via a shell build task. The
+contents of the task are:
+
+```bash
+#################
+
+  SHA=$(echo $BUILD_PROPERTIES | cut -d '.' -f1)
+
+  echo "Build type: $BUILD_TYPE"
+
+ ### Create a local clone of the git-bundle that was passed
+ # The bundle is a tarball, and since this is a project-agnostic
+ # job, we don't actually know what's in it, just that it's a
+ # git bundle.
+
+
+  [ -f "PROJECT_BUNDLE" ] || exit 1
+  mkdir project && tar -xzf PROJECT_BUNDLE -C project/
+
+  cd project
+    git clone --recursive $(ls) git_repo
+
+    cd git_repo
+
+      ### Clone the packaging repo
+      rake package:bootstrap && rake pl:fetch
+
+      ### Perform the build
+      rake pl:load_extras pl:build_from_params PARAMS_FILE=$WORKSPACE/BUILD_PROPERTIES
+
+      ### Send the results
+      rake pl:jenkins:ship["artifacts"]
+
+      ### If a downstream job was passed, trigger it now
+      if [ -n "$DOWNSTREAM_JOB" ] ; then
+        rake pl:jenkins:post["$DOWNSTREAM_JOB"]
+      fi
+
+#################
+```
+
+## Modules
 
 A puppet module,
 [puppetlabs-debbuilder](https://github.com/puppetlabs/puppetlabs-debbuilder),
 has been created to stand up a debian build host compatible with the debian
 side of this packaging repo. The rpm-side module,
 [puppetlabs-rpmbuilder](https://github.com/puppetlabs/puppetlabs-rpmbuilder),
-is currently a work in progress and.
+will set up an rpm builder.
 
+## Clean up
 To remove the packaging repo, remove the ext/packaging directory or run `rake
 package:implode`.
 
@@ -97,7 +222,7 @@ each of which contains templated erb files using the instance variables
 specified in the setupvars task. These include a debian changelog, a redhat
 spec file, and an osx preflight and plist.
 
-The top level Rakefile in the project should have the following added:
+The top level Rakefile or a separate task file in the project should have the following added:
 
 ```ruby
 Dir['ext/packaging/tasks/**/*.rake'].sort.each { |t| load t }
@@ -143,20 +268,24 @@ This is the sample build_defaults.yaml file from Hiera:
 packaging_url: 'git@github.com:puppetlabs/packaging --branch=master'
 packaging_repo: 'packaging'
 default_cow: 'base-squeeze-i386.cow'
+# Which debian distributions to build for. Noarch packages only need one arch of each cow.
 cows: 'base-lucid-amd64.cow base-lucid-i386.cow base-natty-amd64.cow base-natty-i386.cow base-oneiric-amd64.cow base-oneiric-i386.cow base-precise-amd64.cow base-precise-i386.cow base-sid-amd64.cow base-sid-i386.cow base-squeeze-amd64.cow base-squeeze-i386.cow base-testing-amd64.cow base-testing-i386.cow base-wheezy-i386.cow'
+# The pbuilder configuration file to use
 pbuild_conf: '/etc/pbuilderrc'
+# Who is packaging. Turns up in various packaging artifacts
 packager: 'puppetlabs'
+# Who is signing packages
 gpg_name: 'info@puppetlabs.com'
+# GPG key ID of the signer
 gpg_key: '4BD6EC30'
 # Whether to require tarball signing as a prerequisite of other package building
 sign_tar: FALSE
-# a space separated list of mock configs, one set for final releases, another for devel
-final_mocks: 'pl-5-i386 pl-5-x86_64 pl-6-i386 pl-6-x86_64 fedora-15-i386 fedora-15-x86_64 fedora-16-i386 fedora-16-x86_64 fedora-17-i386 fedora-17-x86_64'
-rc_mocks: 'pl-5-i386-dev pl-5-x86_64-dev pl-6-i386-dev pl-6-x86_64-dev fedora-15-i386-dev fedora-15-x86_64-dev fedora-16-i386-dev fedora-16-x86_64-dev fedora-17-i386-dev fedora-17-x86_64-dev'
+# a space separated list of mock configs. These are the rpm distributions to package for. If a noarch package, only one arch of each is needed.
+final_mocks: 'pl-el-5-i386 pl-el-5-x86_64 pl-el-6-i386 pl-el-6-x86_64 pl-fedora-16-i386 pl-fedora-16-x86_64 pl-fedora-17-i386 pl-fedora-17-x86_64'
 # The host that contains the yum repository to ship to
 yum_host: 'burji.puppetlabs.com'
-# The remote path the repository on the yum_host
-yum_repo_path: '~/repo/'
+# The remote path the repository on the yum\_host
+yum_repo_path: '/some/repo/'
 # The host that contains the apt repository to ship to
 apt_host: 'burji.puppetlabs.com'
 # The URL to use for the apt dependencies in cow building
@@ -178,12 +307,12 @@ summary: 'Light weight hierarchical data store'
 description: 'A pluggable data store for hierarcical data'
 # file containing hard coded version information, if present
 version_file: '/lib/hiera.rb'
-# files and gem_files are space separated lists
+# files and gem\_files are space separated lists
 # files to be packaged into a tarball and released with deb/rpm
 files: '[A-Z]* ext lib bin spec acceptance_tests'
 # space separated list of files to *exclude* from the tarball
 # note that each listing in files, above, is recursively copied into the tarball, so
-# 'tar_excludes' only needs to include any undesired subdirectories/files of the 'files'
+# 'tar\_excludes' only needs to include any undesired subdirectories/files of the 'files'
 # list to exclude
 tar_excludes: 'ext/packaging lib/some_excluded_file'
 # files to be packaged into a gem
@@ -256,11 +385,15 @@ For basic mac packaging, add an osx directory in ext containing the following fi
 </dict>
 </plist>
 ```
-A file_mapping.yaml file that specifies a set of files and a set of directories from the source to install, with destinations, ownership, and permissions. The directories are top level directories in the source to install. The files are files somewhere in the source to install. This is the one from puppet 3.x:
+A file_mapping.yaml file that specifies a set of files and a set of directories
+from the source to install, with destinations, ownership, and permissions. The
+directories are top level directories in the source to install. The files are
+files somewhere in the source to install. This is the one from puppet 3.x:
 ```yaml
 ---
 directories:
-# this will take the contents of lib, e.g. puppet/lib/* and place them in /usr/lib/ruby/site_ruby/1.8
+# this will take the contents of lib, e.g. puppet/lib/\* and place them in
+# /usr/lib/ruby/site\_ruby/1.8
   lib:
     path: 'usr/lib/ruby/site_ruby/1.8'
     owner: 'root'
@@ -277,7 +410,8 @@ directories:
     group: 'wheel'
     perms: '0755'
 files:
-# this will take the file puppet/conf/auth.conf and place it in /private/etc/puppet/, creating the directory if not present
+# this will take the file puppet/conf/auth.conf and place it in
+# /private/etc/puppet/, creating the directory if not present
   'conf/auth.conf':
     path: 'private/etc/puppet'
     owner: 'root'