puppet 2.7.9 → 2.7.11

data/lib/puppet/util/retryaction.rb

@@ -0,0 +1,48 @@
+module Puppet::Util::RetryAction
+  class RetryException < Exception; end
+  class RetryException::NoBlockGiven < RetryException; end
+  class RetryException::NoRetriesGiven < RetryException;end
+  class RetryException::RetriesExceeded < RetryException; end
+
+  def self.retry_action( parameters = { :retry_exceptions => nil, :retries => nil } )
+    # Retry actions for a specified amount of time. This method will allow the final
+    # retry to complete even if that extends beyond the timeout period.
+    unless block_given?
+      raise RetryException::NoBlockGiven
+    end
+
+    raise RetryException::NoRetriesGiven if parameters[:retries].nil?
+    parameters[:retry_exceptions] ||= Hash.new
+
+    start = Time.now
+    failures = 0
+
+    begin
+      yield
+    rescue Exception => e
+      # If we were giving exceptions to catch,
+      # catch the excptions we care about and retry.
+      # All others fail hard
+
+      raise RetryException::RetriesExceeded if parameters[:retries] == 0
+
+      if (not parameters[:retry_exceptions].keys.empty?) and parameters[:retry_exceptions].keys.include?(e.class)
+        Puppet.info("Caught exception #{e.class}:#{e}")
+        Puppet.info(parameters[:retry_exceptions][e.class])
+      elsif (not parameters[:retry_exceptions].keys.empty?)
+        # If the exceptions is not in the list of retry_exceptions re-raise.
+        raise e
+      end
+
+      failures += 1
+      parameters[:retries] -= 1
+
+      # Increase the amount of time that we sleep after every
+      # failed retry attempt.
+      sleep (((2 ** failures) -1) * 0.1)
+
+      retry
+
+    end
+  end
+end

data/lib/puppet/util/suidmanager.rb

@@ -1,11 +1,13 @@
 require 'puppet/util/warnings'
 require 'forwardable'
+require 'etc'
 
 module Puppet::Util::SUIDManager
   include Puppet::Util::Warnings
   extend Forwardable
 
-  # Note groups= is handled specially due to a bug in OS X 10.6
+  # Note groups= is handled specially due to a bug in OS X 10.6, 10.7,
+  # and probably upcoming releases...
   to_delegate_to_process = [ :euid=, :euid, :egid=, :egid, :uid=, :uid, :gid=, :gid, :groups ]
 
   to_delegate_to_process.each do |method|
@@ -28,10 +30,25 @@ module Puppet::Util::SUIDManager
   module_function :osx_maj_ver
 
   def groups=(grouplist)
-    if osx_maj_ver == '10.6'
-      return true
-    else
+    begin
       return Process.groups = grouplist
+    rescue Errno::EINVAL => e
+      #We catch Errno::EINVAL as some operating systems (OS X in particular) can
+      # cause troubles when using Process#groups= to change *this* user / process
+      # list of supplementary groups membership.  This is done via Ruby's function
+      # "static VALUE proc_setgroups(VALUE obj, VALUE ary)" which is effectively
+      # a wrapper for "int setgroups(size_t size, const gid_t *list)" (part of SVr4
+      # and 4.3BSD but not in POSIX.1-2001) that fails and sets errno to EINVAL.
+      #
+      # This does not appear to be a problem with Ruby but rather an issue on the
+      # operating system side.  Therefore we catch the exception and look whether
+      # we run under OS X or not -- if so, then we acknowledge the problem and
+      # re-throw the exception otherwise.
+      if osx_maj_ver and not osx_maj_ver.empty?
+        return true
+      else
+        raise e
+      end
     end
   end
   module_function :groups=
@@ -53,55 +70,76 @@ module Puppet::Util::SUIDManager
     group and group.members.index(Sys::Admin.get_login) != nil
   end
 
-  # Runs block setting uid and gid if provided then restoring original ids
+  # Methods to handle changing uid/gid of the running process. In general,
+  # these will noop or fail on Windows, and require root to change to anything
+  # but the current uid/gid (which is a noop).
+
+  # Runs block setting euid and egid if provided then restoring original ids.
+  # If running on Windows or without root, the block will be run with the
+  # current euid/egid.
   def asuser(new_uid=nil, new_gid=nil)
-    return yield if Puppet.features.microsoft_windows? or !root?
+    return yield if Puppet.features.microsoft_windows?
+    return yield unless root?
+    return yield unless new_uid or new_gid
 
     old_euid, old_egid = self.euid, self.egid
     begin
-      change_group(new_gid) if new_gid
-      change_user(new_uid) if new_uid
+      change_privileges(new_uid, new_gid, false)
 
       yield
     ensure
-      change_group(old_egid)
-      change_user(old_euid)
+      change_privileges(new_uid ? old_euid : nil, old_egid, false)
     end
   end
   module_function :asuser
 
+  # If `permanently` is set, will permanently change the uid/gid of the
+  # process. If not, it will only set the euid/egid. If only uid is supplied,
+  # the primary group of the supplied gid will be used. If only gid is
+  # supplied, only gid will be changed. This method will fail if used on
+  # Windows.
+  def change_privileges(uid=nil, gid=nil, permanently=false)
+    return unless uid or gid
+
+    unless gid
+      uid = convert_xid(:uid, uid)
+      gid = Etc.getpwuid(uid).gid
+    end
+
+    change_group(gid, permanently)
+    change_user(uid, permanently) if uid
+  end
+  module_function :change_privileges
+
+  # Changes the egid of the process if `permanently` is not set, otherwise
+  # changes gid. This method will fail if used on Windows, or attempting to
+  # change to a different gid without root.
   def change_group(group, permanently=false)
     gid = convert_xid(:gid, group)
     raise Puppet::Error, "No such group #{group}" unless gid
 
     if permanently
-      begin
-        Process::GID.change_privilege(gid)
-      rescue NotImplementedError
-        Process.egid = gid
-        Process.gid  = gid
-      end
+      Process::GID.change_privilege(gid)
     else
       Process.egid = gid
     end
   end
   module_function :change_group
 
+  # As change_group, but operates on uids. If changing user permanently,
+  # supplementary groups will be set the to default groups for the new uid.
   def change_user(user, permanently=false)
     uid = convert_xid(:uid, user)
     raise Puppet::Error, "No such user #{user}" unless uid
 
     if permanently
-      begin
-        Process::UID.change_privilege(uid)
-      rescue NotImplementedError
-        # If changing uid, we must be root. So initgroups first here.
-        initgroups(uid)
-        Process.euid = uid
-        Process.uid  = uid
-      end
+      # If changing uid, we must be root. So initgroups first here.
+      initgroups(uid)
+
+      Process::UID.change_privilege(uid)
     else
-      # If we're already root, initgroups before changing euid. If we're not,
+      # We must be root to initgroups, so initgroups before dropping euid if
+      # we're root, otherwise elevate euid before initgroups.
       # change euid (to root) first.
       if Process.euid == 0
         initgroups(uid)
@@ -126,10 +164,13 @@ module Puppet::Util::SUIDManager
   end
   module_function :convert_xid
 
-  # Initialize supplementary groups
-  def initgroups(user)
-    require 'etc'
-    Process.initgroups(Etc.getpwuid(user).name, Process.gid)
+  # Initialize primary and supplemental groups to those of the target user.  We
+  # take the UID and manually look up their details in the system database,
+  # including username and primary group. This method will fail on Windows, or
+  # if used without root to initgroups of another user.
+  def initgroups(uid)
+    pwent = Etc.getpwuid(uid)
+    Process.initgroups(pwent.name, pwent.gid)
   end
 
   module_function :initgroups
@@ -139,14 +180,4 @@ module Puppet::Util::SUIDManager
     [output, $CHILD_STATUS.dup]
   end
   module_function :run_and_capture
-
-  def system(command, new_uid=nil, new_gid=nil)
-    status = nil
-    asuser(new_uid, new_gid) do
-      Kernel.system(command)
-      status = $CHILD_STATUS.dup
-    end
-    status
-  end
-  module_function :system
 end

data/lib/puppet/util/symbolic_file_mode.rb

@@ -0,0 +1,140 @@
+require 'puppet/util'
+
+module Puppet::Util::SymbolicFileMode
+  SetUIDBit = ReadBit  = 4
+  SetGIDBit = WriteBit = 2
+  StickyBit = ExecBit  = 1
+  SymbolicMode = { 'x' => ExecBit, 'w' => WriteBit, 'r' => ReadBit }
+  SymbolicSpecialToBit = {
+    't' => { 'u' => StickyBit, 'g' => StickyBit, 'o' => StickyBit },
+    's' => { 'u' => SetUIDBit, 'g' => SetGIDBit, 'o' => StickyBit }
+  }
+
+  def valid_symbolic_mode?(value)
+    value = normalize_symbolic_mode(value)
+    return true if value =~ /^0?[0-7]{1,4}$/
+    return true if value =~ /^([ugoa]*[-=+][-=+rstwxXugo]*)(,[ugoa]*[-=+][-=+rstwxXugo]*)*$/
+    return false
+  end
+
+  def normalize_symbolic_mode(value)
+    return nil if value.nil?
+
+    # We need to treat integers as octal numbers.
+    if value.is_a? Numeric then
+      return value.to_s(8)
+    elsif value =~ /^0?[0-7]{1,4}$/ then
+      return value.to_i(8).to_s(8)
+    else
+      return value
+    end
+  end
+
+  def symbolic_mode_to_int(modification, to_mode = 0, is_a_directory = false)
+    if modification.nil? or modification == '' then
+      raise Puppet::Error, "An empty mode string is illegal"
+    end
+    if modification =~ /^[0-7]+$/ then return modification.to_i(8) end
+    if modification =~ /^\d+$/ then
+      raise Puppet::Error, "Numeric modes must be in octal, not decimal!"
+    end
+
+    fail "non-numeric current mode (#{to_mode.inspect})" unless to_mode.is_a?(Numeric)
+
+    original_mode = {
+      's' => (to_mode & 07000) >> 9,
+      'u' => (to_mode & 00700) >> 6,
+      'g' => (to_mode & 00070) >> 3,
+      'o' => (to_mode & 00007) >> 0,
+      # Are there any execute bits set in the original mode?
+      'any x?' => (to_mode & 00111) != 0
+    }
+    final_mode = {
+      's' => original_mode['s'],
+      'u' => original_mode['u'],
+      'g' => original_mode['g'],
+      'o' => original_mode['o'],
+    }
+
+    modification.split(/\s*,\s*/).each do |part|
+      begin
+        _, to, dsl = /^([ugoa]*)([-+=].*)$/.match(part).to_a
+        if dsl.nil? then raise Puppet::Error, 'Missing action' end
+        to = "a" unless to and to.length > 0
+
+        # We want a snapshot of the mode before we start messing with it to
+        # make actions like 'a-g' atomic.  Various parts of the DSL refer to
+        # the original mode, the final mode, or the current snapshot of the
+        # mode, for added fun.
+        snapshot_mode = {}
+        final_mode.each {|k,v| snapshot_mode[k] = v }
+
+        to.gsub('a', 'ugo').split('').uniq.each do |who|
+          value = snapshot_mode[who]
+
+          action = '!'
+          actions = {
+            '!' => lambda {|_,_| raise Puppet::Error, 'Missing operation (-, =, or +)' },
+            '=' => lambda {|m,v| m | v },
+            '+' => lambda {|m,v| m | v },
+            '-' => lambda {|m,v| m & ~v },
+          }
+
+          dsl.split('').each do |op|
+            case op
+            when /[-+=]/ then
+              action = op
+              # Clear all bits, if this is assignment
+              value  = 0 if op == '='
+
+            when /[ugo]/ then
+              value = actions[action].call(value, snapshot_mode[op])
+
+            when /[rwx]/ then
+              value = actions[action].call(value, SymbolicMode[op])
+
+            when 'X' then
+              # Only meaningful in combination with "set" actions.
+              if action != '+' then
+                raise Puppet::Error, "X only works with the '+' operator"
+              end
+
+              # As per the BSD manual page, set if this is a directory, or if
+              # any execute bit is set on the original (unmodified) mode.
+              # Ignored otherwise; it is "add if", not "add or clear".
+              if is_a_directory or original_mode['any x?'] then
+                value = actions[action].call(value, ExecBit)
+              end
+
+            when /[st]/ then
+              bit = SymbolicSpecialToBit[op][who] or fail "internal error"
+              final_mode['s'] = actions[action].call(final_mode['s'], bit)
+
+            else
+              raise Puppet::Error, 'Unknown operation'
+            end
+          end
+
+          # Now, assign back the value.
+          final_mode[who] = value
+        end
+
+      rescue Puppet::Error => e
+        if part.inspect != modification.inspect then
+          rest = " at #{part.inspect}"
+        else
+          rest = ''
+        end
+
+        raise Puppet::Error, "#{e}#{rest} in symbolic mode #{modification.inspect}"
+      end
+    end
+
+    result =
+      final_mode['s'] << 9 |
+      final_mode['u'] << 6 |
+      final_mode['g'] << 3 |
+      final_mode['o'] << 0
+    return result
+  end
+end

data/spec/integration/configurer_spec.rb

@@ -47,6 +47,7 @@ describe Puppet::Configurer do
       Puppet::Transaction::Report.indirection.stubs(:save)
 
       Puppet[:lastrunfile] = tmpfile("lastrunfile")
+      Puppet.settings.setting(:lastrunfile).mode = 0666
       Puppet[:report] = true
 
       # We only record integer seconds in the timestamp, and truncate
@@ -56,6 +57,10 @@ describe Puppet::Configurer do
       @configurer.run :catalog => @catalog, :report => report
       t2 = Time.now.tv_sec
 
+      file_mode = Puppet.features.microsoft_windows? ? '100644' : '100666'
+
+      File.stat(Puppet[:lastrunfile]).mode.to_s(8).should == file_mode
+
       summary = nil
       File.open(Puppet[:lastrunfile], "r") do |fd|
         summary = YAML.load(fd.read)

data/spec/integration/indirector/direct_file_server_spec.rb

@@ -22,7 +22,7 @@ describe Puppet::Indirector::DirectFileServer, " when interacting with the files
   it "should return an instance capable of returning its content" do
     FileTest.expects(:exists?).with(@filepath).returns(true)
     File.stubs(:lstat).with(@filepath).returns(stub("stat", :ftype => "file"))
-    File.expects(:read).with(@filepath).returns("my content")
+    Puppet::Util.expects(:binread).with(@filepath).returns("my content")
 
     instance = @terminus.find(@terminus.indirection.request(:find, "file://host#{@filepath}"))
 

data/spec/integration/indirector/file_content/file_server_spec.rb

@@ -24,7 +24,7 @@ describe Puppet::Indirector::FileContent::FileServer, " when finding files" do
     modpath = File.join(path, "mod")
     FileUtils.mkdir_p(File.join(modpath, "lib"))
     file = File.join(modpath, "lib", "file.rb")
-    File.open(file, "w") { |f| f.puts "1" }
+    File.open(file, "wb") { |f| f.write "1\r\n" }
 
     Puppet.settings[:modulepath] = "/no/such/file"
 
@@ -35,8 +35,8 @@ describe Puppet::Indirector::FileContent::FileServer, " when finding files" do
 
     result.should_not be_nil
     result.length.should == 2
-    result[1].should be_instance_of(Puppet::FileServing::Content)
-    result[1].content.should == "1\n"
+    result.map {|x| x.should be_instance_of(Puppet::FileServing::Content) }
+    result.find {|x| x.relative_path == 'file.rb' }.content.should == "1\r\n"
   end
 
   it "should find file content in modules" do
@@ -47,7 +47,7 @@ describe Puppet::Indirector::FileContent::FileServer, " when finding files" do
     modpath = File.join(path, "mymod")
     FileUtils.mkdir_p(File.join(modpath, "files"))
     file = File.join(modpath, "files", "myfile")
-    File.open(file, "w") { |f| f.puts "1" }
+    File.open(file, "wb") { |f| f.write "1\r\n" }
 
     Puppet.settings[:modulepath] = path
 
@@ -55,7 +55,7 @@ describe Puppet::Indirector::FileContent::FileServer, " when finding files" do
 
     result.should_not be_nil
     result.should be_instance_of(Puppet::FileServing::Content)
-    result.content.should == "1\n"
+    result.content.should == "1\r\n"
   end
 
   it "should find file content in files when node name expansions are used" do
@@ -67,7 +67,7 @@ describe Puppet::Indirector::FileContent::FileServer, " when finding files" do
     Dir.mkdir(@path)
     subdir = File.join(@path, "mynode")
     Dir.mkdir(subdir)
-    File.open(File.join(subdir, "myfile"), "w") { |f| f.puts "1" }
+    File.open(File.join(subdir, "myfile"), "wb") { |f| f.write "1\r\n" }
 
     # Use a real mount, so the integration is a bit deeper.
     @mount1 = Puppet::FileServing::Configuration::Mount::File.new("one")
@@ -85,6 +85,6 @@ describe Puppet::Indirector::FileContent::FileServer, " when finding files" do
 
     result.should_not be_nil
     result.should be_instance_of(Puppet::FileServing::Content)
-    result.content.should == "1\n"
+    result.content.should == "1\r\n"
   end
 end

data/spec/integration/provider/package_spec.rb

@@ -27,6 +27,13 @@ describe "Package provider", :'fails_on_ruby_1.9.2' => true do
           Puppet[:vardir] = tmpdir('msi_package_var_dir')
         end
 
+        # the instances method requires root priviledges on gentoo
+        # if the eix cache is outdated (to run eix-update) so make
+        # sure we dont actually run eix-update
+        if provider.name == :portage
+          provider.stubs(:update_eix).returns('Database contains 15240 packages in 155 categories')
+        end
+
         provider.instances.each do |package|
           package.should be_instance_of(provider)
           package.properties[:provider].should == provider.name