puppet 6.0.9-universal-darwin → 6.0.10-universal-darwin

data/lib/puppet/provider/service/upstart.rb

@@ -28,14 +28,16 @@ Puppet::Type.type(:service).provide :upstart, :parent => :debian do
   # We only want to use upstart as our provider if the upstart daemon is running.
   # This can be checked by running `initctl version --quiet` on a machine that has
   # upstart installed.
-  confine :true => lambda {
+  confine :true => lambda { has_initctl? }
+
+  def self.has_initctl?
     # Puppet::Util::Execution.execute does not currently work on jRuby.
     # Unfortunately, since this confine is invoked whenever we check for
     # provider suitability and since provider suitability is still checked
     # on the master, this confine will still be invoked on the master. Thus
     # to avoid raising an exception, we do an early return if we're running
     # on jRuby.
-    next false if Puppet::Util::Platform.jruby?
+    return false if Puppet::Util::Platform.jruby?
 
     begin
       initctl('version', '--quiet')
@@ -43,7 +45,7 @@ Puppet::Type.type(:service).provide :upstart, :parent => :debian do
     rescue
       false
     end
-  }
+  end
 
   # upstart developer haven't implemented initctl enable/disable yet:
   # http://www.linuxplanet.com/linuxplanet/tutorials/7033/2/

data/lib/puppet/provider/user/useradd.rb

@@ -105,11 +105,11 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
     # because by default duplicates are allowed.  This check is
     # to ensure consistent behaviour of the useradd provider when
     # using both useradd and luseradd
-    if not @resource.allowdupe? and @resource.forcelocal?
-       if @resource.should(:uid) and finduser('uid', @resource.should(:uid).to_s)
+    if (!@resource.allowdupe?) && @resource.forcelocal?
+       if @resource.should(:uid) && finduser('uid', @resource.should(:uid).to_s)
            raise(Puppet::Error, "UID #{@resource.should(:uid).to_s} already exists, use allowdupe to force user creation")
        end
-    elsif @resource.allowdupe? and not @resource.forcelocal?
+    elsif @resource.allowdupe? && (!@resource.forcelocal?)
        return ["-o"]
     end
     []
@@ -126,16 +126,16 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
 
   def check_manage_home
     cmd = []
-    if @resource.managehome? and not @resource.forcelocal?
+    if @resource.managehome? && (!@resource.forcelocal?)
       cmd << "-m"
-    elsif not @resource.managehome? and Facter.value(:osfamily) == 'RedHat'
+    elsif (!@resource.managehome?) && Facter.value(:osfamily) == 'RedHat'
       cmd << "-M"
     end
     cmd
   end
 
   def check_system_users
-    if self.class.system_users? and resource.system?
+    if self.class.system_users? && resource.system?
       ["-r"]
     else
       []
@@ -149,11 +149,11 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
     Puppet::Type.type(:user).validproperties.sort.each do |property|
       next if property == :ensure
       next if property_manages_password_age?(property)
-      next if property == :groups and @resource.forcelocal?
-      next if property == :expiry and @resource.forcelocal?
+      next if (property == :groups) && @resource.forcelocal?
+      next if (property == :expiry) && @resource.forcelocal?
       # the value needs to be quoted, mostly because -c might
       # have spaces in it
-      if value = @resource.should(property) and value != ""
+      if (value = @resource.should(property)) && (value != "")
         cmd << flag(property) << munge(property, value)
       end
     end
@@ -167,7 +167,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
     else
       cmd = [command(:add)]
     end
-    if not @resource.should(:gid) and Puppet::Util.gid(@resource[:name])
+    if (!@resource.should(:gid)) && Puppet::Util.gid(@resource[:name])
       cmd += ["-g", @resource[:name]]
     end
     cmd += add_properties
@@ -203,7 +203,10 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
     else
       cmd = [command(:delete)]
     end
-    cmd += @resource.managehome? ? ['-r'] : []
+    # Solaris `userdel -r` will fail if the homedir does not exist.
+    if @resource.managehome? && (('Solaris' != Facter.value(:operatingsystem)) || Dir.exist?(Dir.home(@resource[:name])))
+      cmd << '-r'
+    end
     cmd << @resource[:name]
   end
 
@@ -239,10 +242,10 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
       check_valid_shell
     end
      super
-     if @resource.forcelocal? and self.groups?
+     if @resource.forcelocal? && self.groups?
        set(:groups, @resource[:groups])
      end
-     if @resource.forcelocal? and @resource[:expiry]
+     if @resource.forcelocal? && @resource[:expiry]
        set(:expiry, @resource[:expiry])
      end
   end

data/lib/puppet/settings/server_list_setting.rb

@@ -4,6 +4,15 @@ class Puppet::Settings::ServerListSetting < Puppet::Settings::ArraySetting
     :server_list
   end
 
+  def print(value)
+    if value.is_a?(Array)
+      #turn into a string
+      value.map {|item| item.join(":") }.join(",")
+    else
+      value
+    end
+  end
+  
   def munge(value)
     servers = super 
     servers.map! { |server| 

data/lib/puppet/ssl/host.rb

@@ -6,13 +6,6 @@ require 'puppet/ssl/certificate_request_attributes'
 require 'puppet/rest/errors'
 require 'puppet/rest/routes'
 require 'puppet/rest/ssl_context'
-begin
-  # This may fail when being loaded from Puppet Server. However loading the
-  # client monkey patches the SSL Store and we need to have those monkey
-  # patches in as soon as possible on the agent.
-  require 'puppet/rest/client'
-rescue LoadError
-end
 
 # The class that manages all aspects of our SSL certificates --
 # private keys, public keys, requests, etc.
@@ -123,10 +116,6 @@ class Puppet::SSL::Host
     true
   end
 
-  def http_client(ssl_context)
-    Puppet::Rest::Client.new(ssl_context: ssl_context)
-  end
-
   def certificate
     unless @certificate
       generate_key unless key

data/lib/puppet/ssl/validator/default_validator.rb

@@ -9,6 +9,7 @@ require 'puppet/ssl'
 class Puppet::SSL::Validator::DefaultValidator #< class Puppet::SSL::Validator
   attr_reader :peer_certs
   attr_reader :verify_errors
+  attr_reader :last_error
 
   FIVE_MINUTES_AS_SECONDS = 5 * 60
 
@@ -33,6 +34,8 @@ class Puppet::SSL::Validator::DefaultValidator #< class Puppet::SSL::Validator
   def reset!
     @peer_certs = []
     @verify_errors = []
+    @hostname = nil
+    @last_error = nil
   end
 
   # Performs verification of the SSL connection and collection of the
@@ -78,6 +81,32 @@ class Puppet::SSL::Validator::DefaultValidator #< class Puppet::SSL::Validator
       error_string = store_context.error_string || "OpenSSL error #{error}"
 
       case error
+      when OpenSSL::X509::V_OK
+        if @hostname
+          # chain is from leaf to root, opposite of the order that `call` is invoked
+          chain_cert = store_context.chain.first
+          peer_cert = @peer_certs.last
+
+          # ruby 2.4 doesn't compare certs based on value, so force to DER byte array
+          if peer_cert && chain_cert && peer_cert.to_der == chain_cert.to_der && !OpenSSL::SSL.verify_certificate_identity(peer_cert, @hostname)
+            valid_certnames = [peer_cert.subject.to_s.sub(/.*=/, ''),
+                               *Puppet::SSL::Certificate.subject_alt_names_for(peer_cert)].uniq
+            if valid_certnames.size > 1
+              expected_certnames = _("expected one of %{certnames}") % { certnames: valid_certnames.join(', ') }
+            else
+              expected_certnames = _("expected %{certname}") % { certname: valid_certnames.first }
+            end
+
+            msg = _("Server hostname '%{host}' did not match server certificate; %{expected_certnames}") % { host: @hostname, expected_certnames: expected_certnames }
+            @last_error = Puppet::Error.new(msg)
+            return false
+          else
+            @verify_errors << "#{error_string} for #{current_cert.subject}"
+          end
+        else
+          @verify_errors << "#{error_string} for #{current_cert.subject}"
+        end
+
       when OpenSSL::X509::V_ERR_CRL_NOT_YET_VALID
         # current_crl can be nil
         # https://github.com/ruby/ruby/blob/ruby_1_9_3/ext/openssl/ossl_x509store.c#L501-L510
@@ -112,6 +141,8 @@ class Puppet::SSL::Validator::DefaultValidator #< class Puppet::SSL::Validator
   # @api private
   #
   def setup_connection(connection, ssl_host = Puppet.lookup(:ssl_host))
+    @hostname = connection.address
+
     if ssl_certificates_are_present?
       connection.cert_store = ssl_host.ssl_store
       connection.ca_file = @ca_path

data/lib/puppet/type/package.rb

@@ -20,8 +20,8 @@ module Puppet
       requires in order to function, and you must meet those requirements
       to use a given provider.
 
-      You can declare multiple package resources with the same `name`, as long
-      as they specify different providers and have unique titles.
+      You can declare multiple package resources with the same `name` as long
+      as they have unique titles, and specify different providers and commands.
 
       Note that you must use the _title_ to make a reference to a package
       resource; `Package[<NAME>]` is not a synonym for `Package[<TITLE>]` like
@@ -66,6 +66,8 @@ module Puppet
       :methods => [:package_settings_insync?, :package_settings, :package_settings=]
     feature :virtual_packages, "The provider accepts virtual package names for install and uninstall."
 
+    feature :targetable, "The provider accepts a targeted package management command."
+
     ensurable do
       desc <<-EOT
         What state the package should be in. On packaging systems that can
@@ -271,20 +273,55 @@ module Puppet
     providify
     paramclass(:provider).isnamevar
 
-    # We have more than one namevar, so we need title_patterns. However, we
-    # cheat and set the patterns to map to name only and completely ignore
-    # provider. So far, the logic that determines uniqueness appears to just
-    # "Do The Right Thing™" when the provider is explicitly set by the user.
+    # Specify a targeted package management command.
+    newparam(:command, :required_features => :targetable) do
+      desc <<-EOT
+        The targeted command to use when managing a package:
+
+          package { 'mysql':
+            provider => gem,
+          }
+
+          package { 'mysql-opt':
+            name     => 'mysql',
+            provider => gem,
+            command  => '/opt/ruby/bin/gem',
+          }
+
+        Each provider defines a package management command; and uses the first
+        instance of the command found in the PATH.
+
+        Providers supporting the targetable feature allow you to specify the
+        absolute path of the package management command; useful when multiple
+        instances of the command are installed, or the command is not in the PATH.
+      EOT
+
+      isnamevar
+      defaultto :default
+    end
+
+    # We have more than one namevar, so we need title_patterns.
+    # However, we cheat and set the patterns to map to name only
+    # and completely ignore provider (and command, for targetable providers).
+    # So far, the logic that determines uniqueness appears to just
+    # "Do The Right Thing™" when provider (and command) are explicitly set.
     #
     # The following resources will be seen as unique by puppet:
     #
     #     # Uniqueness Key: ['mysql', nil]
-    #     package{'mysql': }
+    #     package {'mysql': }
+    #
+    #     # Uniqueness Key: ['mysql', 'gem', nil]
+    #     package {'gem-mysql':
+    #       name     => 'mysql,
+    #       provider => gem,
+    #     }
     #
-    #     # Uniqueness Key: ['mysql', 'gem']
-    #     package{'gem-mysql':
+    #     # Uniqueness Key: ['mysql', 'gem', '/opt/ruby/bin/gem']
+    #     package {'gem-mysql-opt':
     #       name     => 'mysql,
     #       provider => gem
+    #       command  => '/opt/ruby/bin/gem',
     #     }
     #
     # This does not handle the case where providers like 'yum' and 'rpm' should

data/lib/puppet/util/pidlock.rb

@@ -62,12 +62,13 @@ class Puppet::Util::Pidlock
     # POSIX and Windows platforms (PUP-9247).
     if Puppet.features.posix?
       procname = Puppet::Util::Execution.execute(["ps", "-p", lock_pid, "-o", "comm="]).strip
-      @lockfile.unlock unless procname =~ /puppet(-.*)?$/
+      args     = Puppet::Util::Execution.execute(["ps", "-p", lock_pid, "-o", "args="]).strip
+      @lockfile.unlock unless procname =~ /ruby/ && args =~ /puppet/ || procname =~ /puppet(-.*)?$/
     elsif Puppet.features.microsoft_windows?
       # On Windows, we're checking if the filesystem path name of the running
       # process is our vendored ruby:
       exe_path = Puppet::Util::Windows::Process::get_process_image_name_by_pid(lock_pid)
-      @lockfile.unlock unless exe_path =~ /Puppet\\puppet\\bin\\ruby.exe/
+      @lockfile.unlock unless exe_path =~ /\\bin\\ruby.exe$/
     end
   end
   private :clear_if_stale

data/lib/puppet/util/windows/process.rb

@@ -122,21 +122,21 @@ module Puppet::Util::Windows::Process
   def get_process_image_name_by_pid(pid)
     image_name = ""
 
-    open_process(PROCESS_QUERY_INFORMATION, false, pid) do |phandle|
+     open_process(PROCESS_QUERY_INFORMATION, false, pid) do |phandle|
 
-      FFI::MemoryPointer.new(:dword, 1) do |exe_name_length_ptr|
-        # Add 1 for the null terminator, and UTF is 2 bytes/char:
-        max_path_length = (MAX_PATH_LENGTH + 1) * 2
-        exe_name_length_ptr.write_dword(max_path_length)
-        FFI::MemoryPointer.new(max_path_length) do |exe_name_ptr|
+       FFI::MemoryPointer.new(:dword, 1) do |exe_name_length_ptr|
+        # UTF is 2 bytes/char:
+        max_chars = MAX_PATH_LENGTH + 1
+        exe_name_length_ptr.write_dword(max_chars)
+        FFI::MemoryPointer.new(:wchar, max_chars) do |exe_name_ptr|
           use_win32_path_format = 0
           result = QueryFullProcessImageNameW(phandle, use_win32_path_format, exe_name_ptr, exe_name_length_ptr)
           if result == FFI::WIN32_FALSE
             raise Puppet::Util::Windows::Error.new(
               "QueryFullProcessImageNameW(phandle, #{use_win32_path_format}, " +
-              "exe_name_ptr, #{max_path_length}")
+              "exe_name_ptr, #{max_chars}")
           end
-          image_name = exe_name_ptr.read_wide_string(MAX_PATH_LENGTH + 1)
+          image_name = exe_name_ptr.read_wide_string(exe_name_length_ptr.read_dword)
         end
       end
     end

data/lib/puppet/util/windows/registry.rb

@@ -232,7 +232,7 @@ module Puppet::Util::Windows
         begin
           case type
             when Win32::Registry::REG_SZ, Win32::Registry::REG_EXPAND_SZ
-              result = [ type, data_ptr.read_wide_string(string_length) ]
+              result = [ type, sanitize(data_ptr.read_wide_string(string_length)) ]
             when Win32::Registry::REG_MULTI_SZ
               result = [ type, data_ptr.read_wide_string(string_length).split(/\0/) ]
             when Win32::Registry::REG_BINARY
@@ -312,6 +312,12 @@ module Puppet::Util::Windows
       result
     end
 
+    def sanitize(value)
+      # Replace null bytes with a space
+      value.gsub!("\x00", ' ')
+      value
+    end
+
     ffi_convention :stdcall
 
     # https://msdn.microsoft.com/en-us/library/windows/desktop/ms724862(v=vs.85).aspx

data/lib/puppet/util/windows/user.rb

@@ -75,15 +75,18 @@ module Puppet::Util::Windows::User
   module_function :password_is?
 
   def logon_user(name, password, &block)
-    fLOGON32_LOGON_NETWORK = 3
     fLOGON32_PROVIDER_DEFAULT = 0
+    fLOGON32_LOGON_INTERACTIVE = 2
+    fLOGON32_LOGON_NETWORK = 3
 
     token = nil
     begin
       FFI::MemoryPointer.new(:handle, 1) do |token_pointer|
-        if LogonUserW(wide_string(name), wide_string('.'), password.nil? ? FFI::Pointer::NULL : wide_string(password),
-            fLOGON32_LOGON_NETWORK, fLOGON32_PROVIDER_DEFAULT, token_pointer) == FFI::WIN32_FALSE
-          raise Puppet::Util::Windows::Error.new(_("Failed to logon user %{name}") % { name: name.inspect })
+        #try logon using network else try logon using interactive mode
+        if logon_user_by_logon_type(name, password, fLOGON32_LOGON_NETWORK, fLOGON32_PROVIDER_DEFAULT, token_pointer) == FFI::WIN32_FALSE
+          if logon_user_by_logon_type(name, password, fLOGON32_LOGON_INTERACTIVE, fLOGON32_PROVIDER_DEFAULT, token_pointer) == FFI::WIN32_FALSE
+            raise Puppet::Util::Windows::Error.new(_("Failed to logon user %{name}") % {name: name.inspect})
+          end
         end
 
         yield token = token_pointer.read_handle
@@ -95,8 +98,15 @@ module Puppet::Util::Windows::User
     # token has been closed by this point
     true
   end
+
   module_function :logon_user
 
+  def self.logon_user_by_logon_type(name, password, logon_type, logon_provider, token)
+    LogonUserW(wide_string(name), wide_string('.'), password.nil? ? FFI::Pointer::NULL : wide_string(password), logon_type, logon_provider, token)
+  end
+
+  private_class_method :logon_user_by_logon_type
+
   def load_profile(user, password)
     logon_user(user, password) do |token|
       FFI::MemoryPointer.from_string_to_wide_string(user) do |lpUserName|

data/lib/puppet/version.rb

@@ -6,7 +6,7 @@
 # Raketasks and such to set the version based on the output of `git describe`
 
 module Puppet
-  PUPPETVERSION = '6.0.9'
+  PUPPETVERSION = '6.0.10'
 
   ##
   # version is a public API method intended to always provide a fast and

data/locales/puppet.pot

@@ -6,11 +6,11 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: Puppet automation framework 6.0.7-36-gaf24bc1\n"
+"Project-Id-Version: Puppet automation framework 6.0.9-65-gc4f22cb\n"
 "\n"
 "Report-Msgid-Bugs-To: https://tickets.puppetlabs.com\n"
-"POT-Creation-Date: 2019-04-02 23:22+0000\n"
-"PO-Revision-Date: 2019-04-02 23:22+0000\n"
+"POT-Creation-Date: 2019-05-28 23:50+0000\n"
+"PO-Revision-Date: 2019-05-28 23:50+0000\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 "Language: \n"
@@ -28,11 +28,11 @@ msgstr ""
 msgid "See https://puppet.com/docs/puppet/%{minor_version}/deprecated_language.html"
 msgstr ""
 
-#: ../lib/hiera/scope.rb:43 ../lib/puppet/parser/scope.rb:535
+#: ../lib/hiera/scope.rb:46 ../lib/puppet/parser/scope.rb:535
 msgid "Variable: %{name}"
 msgstr ""
 
-#: ../lib/hiera/scope.rb:44 ../lib/hiera/scope.rb:46 ../lib/puppet/parser/scope.rb:536 ../lib/puppet/parser/scope.rb:538
+#: ../lib/hiera/scope.rb:47 ../lib/hiera/scope.rb:49 ../lib/puppet/parser/scope.rb:536 ../lib/puppet/parser/scope.rb:538
 msgid "Undefined variable '%{name}'; %{reason}"
 msgstr ""
 
@@ -48,10 +48,6 @@ msgstr ""
 msgid "Config file %{hiera_config} not found, using Hiera defaults"
 msgstr ""
 
-#: ../lib/puppet.rb:4
-msgid "Puppet %{version} requires ruby 2.3.0 or greater."
-msgstr ""
-
 #: ../lib/puppet.rb:130
 msgid "Support for ruby version %{version} is deprecated and will be removed in a future release. See https://puppet.com/docs/puppet/latest/system_requirements.html for a list of supported ruby versions."
 msgstr ""
@@ -266,23 +262,23 @@ msgstr ""
 msgid "No device found in %{config}"
 msgstr ""
 
-#: ../lib/puppet/application/device.rb:287
+#: ../lib/puppet/application/device.rb:304
 msgid "retrieving resource: %{resource} from %{target} at %{scheme}%{url_host}%{port}%{url_path}"
 msgstr ""
 
-#: ../lib/puppet/application/device.rb:302
+#: ../lib/puppet/application/device.rb:319
 msgid "retrieving facts from %{target} at %{scheme}%{url_host}%{port}%{url_path}"
 msgstr ""
 
-#: ../lib/puppet/application/device.rb:327
+#: ../lib/puppet/application/device.rb:342
 msgid "starting applying configuration to %{target} at %{scheme}%{url_host}%{port}%{url_path}"
 msgstr ""
 
-#: ../lib/puppet/application/device.rb:360 ../lib/puppet/application/resource.rb:196
+#: ../lib/puppet/application/device.rb:380 ../lib/puppet/application/resource.rb:196
 msgid "You must specify the type to display"
 msgstr ""
 
-#: ../lib/puppet/application/device.rb:361 ../lib/puppet/application/resource.rb:197
+#: ../lib/puppet/application/device.rb:381 ../lib/puppet/application/resource.rb:197
 msgid "Could not find type %{type}"
 msgstr ""
 
@@ -6127,65 +6123,65 @@ msgstr ""
 msgid "Unknown type <%{type}>"
 msgstr ""
 
-#: ../lib/puppet/pops/types/types.rb:928
+#: ../lib/puppet/pops/types/types.rb:930
 msgid "The string '%{str}' cannot be converted to Numeric"
 msgstr ""
 
-#: ../lib/puppet/pops/types/types.rb:931
+#: ../lib/puppet/pops/types/types.rb:933
 msgid "Value of type %{type} cannot be converted to Numeric"
 msgstr ""
 
-#: ../lib/puppet/pops/types/types.rb:1169
+#: ../lib/puppet/pops/types/types.rb:1171
 msgid "The string '%{str}' cannot be converted to Integer"
 msgstr ""
 
-#: ../lib/puppet/pops/types/types.rb:1172
+#: ../lib/puppet/pops/types/types.rb:1174
 msgid "Value of type %{type} cannot be converted to Integer"
 msgstr ""
 
-#: ../lib/puppet/pops/types/types.rb:1180
+#: ../lib/puppet/pops/types/types.rb:1182
 msgid "Illegal radix: %{radix}, expected 2, 8, 10, 16, or default"
 msgstr ""
 
-#: ../lib/puppet/pops/types/types.rb:1293
+#: ../lib/puppet/pops/types/types.rb:1295
 msgid "The string '%{str}' cannot be converted to Float"
 msgstr ""
 
-#: ../lib/puppet/pops/types/types.rb:1296
+#: ../lib/puppet/pops/types/types.rb:1298
 msgid "Value of type %{type} cannot be converted to Float"
 msgstr ""
 
 #. TRANSLATORS 'PStringType#initialize' is a class and method name and should not be translated
-#: ../lib/puppet/pops/types/types.rb:1513
+#: ../lib/puppet/pops/types/types.rb:1515
 msgid "Passing more than one argument to PStringType#initialize is deprecated"
 msgstr ""
 
 #. TRANSLATORS 'PStringType#values' and '#value' are classes and method names and should not be translated
-#: ../lib/puppet/pops/types/types.rb:1567
+#: ../lib/puppet/pops/types/types.rb:1569
 msgid "Method PStringType#values is deprecated. Use #value instead"
 msgstr ""
 
-#: ../lib/puppet/pops/types/types.rb:1892
+#: ../lib/puppet/pops/types/types.rb:1894
 msgid "The string '%{str}' cannot be converted to Boolean"
 msgstr ""
 
-#: ../lib/puppet/pops/types/types.rb:1895
+#: ../lib/puppet/pops/types/types.rb:1897
 msgid "Value of type %{type} cannot be converted to Boolean"
 msgstr ""
 
-#: ../lib/puppet/pops/types/types.rb:2623
+#: ../lib/puppet/pops/types/types.rb:2625
 msgid "Value of type %{type} cannot be converted to Array"
 msgstr ""
 
-#: ../lib/puppet/pops/types/types.rb:2693
+#: ../lib/puppet/pops/types/types.rb:2695
 msgid "Puppet::Pops::Types::PHashType#element_type is deprecated, use #value_type instead"
 msgstr ""
 
-#: ../lib/puppet/pops/types/types.rb:2830
+#: ../lib/puppet/pops/types/types.rb:2832
 msgid "odd number of arguments for Hash"
 msgstr ""
 
-#: ../lib/puppet/pops/types/types.rb:2841
+#: ../lib/puppet/pops/types/types.rb:2843
 msgid "Value of type %{type} cannot be converted to Hash"
 msgstr ""
 
@@ -6269,7 +6265,7 @@ msgid "No command %{command} defined for provider %{provider}"
 msgstr ""
 
 #: ../lib/puppet/provider.rb:398
-msgid "Provider %{provider} has not defined the 'instances' class method"
+msgid "To support listing resources of this type the '%{provider}' provider needs to implement an 'instances' class method returning the current set of resources. We recommend porting your module to the simpler Resource API instead: https://puppet.com/search/docs?keys=resource+api"
 msgstr ""
 
 #: ../lib/puppet/provider.rb:470
@@ -6540,7 +6536,7 @@ msgstr ""
 msgid "You cannot install dpkg packages without a source"
 msgstr ""
 
-#: ../lib/puppet/provider/package/dpkg.rb:108
+#: ../lib/puppet/provider/package/dpkg.rb:107
 msgid "source doesn't contain named package, but %{name}"
 msgstr ""
 
@@ -6548,27 +6544,27 @@ msgstr ""
 msgid "source is defined but does not have trailing slash, ignoring %{source}"
 msgstr ""
 
-#: ../lib/puppet/provider/package/gem.rb:42
+#: ../lib/puppet/provider/package/gem.rb:84
 msgid "Could not list gems: %{detail}"
 msgstr ""
 
-#: ../lib/puppet/provider/package/gem.rb:68
+#: ../lib/puppet/provider/package/gem.rb:110
 msgid "Could not match %{desc}"
 msgstr ""
 
-#: ../lib/puppet/provider/package/gem.rb:109
+#: ../lib/puppet/provider/package/gem.rb:158
 msgid "Invalid source '%{uri}': %{detail}"
 msgstr ""
 
-#: ../lib/puppet/provider/package/gem.rb:120
+#: ../lib/puppet/provider/package/gem.rb:169
 msgid "puppet:// URLs are not supported as gem sources"
 msgstr ""
 
-#: ../lib/puppet/provider/package/gem.rb:136
+#: ../lib/puppet/provider/package/gem.rb:185
 msgid "Could not install: %{output}"
 msgstr ""
 
-#: ../lib/puppet/provider/package/gem.rb:161
+#: ../lib/puppet/provider/package/gem.rb:211
 msgid "Could not uninstall: %{output}"
 msgstr ""
 
@@ -6839,6 +6835,14 @@ msgstr ""
 msgid "Failed to update to version %{should}, got version %{version} instead"
 msgstr ""
 
+#: ../lib/puppet/provider/package_targetable.rb:53
+msgid "Provider %{name} package command is not functional on this host"
+msgstr ""
+
+#: ../lib/puppet/provider/package_targetable.rb:56
+msgid "Provider %{name} package command '%{cmd}' does not exist on this host"
+msgstr ""
+
 #: ../lib/puppet/provider/parsedfile.rb:52
 msgid "Invalid filetype %{type}"
 msgstr ""
@@ -7473,7 +7477,7 @@ msgstr ""
 msgid "Invalid priority format '%{value}' for parameter: %{name}"
 msgstr ""
 
-#: ../lib/puppet/settings/server_list_setting.rb:16
+#: ../lib/puppet/settings/server_list_setting.rb:25
 msgid "Expected an Array of String, got a %{klass}"
 msgstr ""
 
@@ -7581,15 +7585,15 @@ msgstr ""
 msgid "unexpected attributes %{keys} in %{path}"
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:165
+#: ../lib/puppet/ssl/host.rb:154
 msgid "No certificate to validate."
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:166
+#: ../lib/puppet/ssl/host.rb:155
 msgid "No private key with which to validate certificate with fingerprint: %{fingerprint}"
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:168
+#: ../lib/puppet/ssl/host.rb:157
 msgid ""
 "The certificate retrieved from the master does not match the agent's private key. Did you forget to run as root?\n"
 "Certificate fingerprint: %{fingerprint}\n"
@@ -7601,7 +7605,7 @@ msgid ""
 "  2. puppet %{puppet_params}\n"
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:250
+#: ../lib/puppet/ssl/host.rb:239
 msgid ""
 "The local CSR does not match the agent's public key.\n"
 "CSR fingerprint: %{fingerprint}\n"
@@ -7613,7 +7617,7 @@ msgid ""
 "  2. puppet %{puppet_params}\n"
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:266
+#: ../lib/puppet/ssl/host.rb:255
 msgid ""
 "The CSR retrieved from the master does not match the agent's public key.\n"
 "CSR fingerprint: %{fingerprint}\n"
@@ -7627,73 +7631,73 @@ msgid ""
 "  2. puppet %{puppet_params}\n"
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:320 ../lib/puppet/ssl/host.rb:341
+#: ../lib/puppet/ssl/host.rb:309 ../lib/puppet/ssl/host.rb:330
 msgid "Could not request certificate: %{message}"
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:322
+#: ../lib/puppet/ssl/host.rb:311
 msgid "Exiting; failed to retrieve certificate and waitforcert is disabled"
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:331
+#: ../lib/puppet/ssl/host.rb:320
 msgid "Exiting; no certificate found and waitforcert is disabled"
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:339
+#: ../lib/puppet/ssl/host.rb:328
 msgid "Did not receive certificate"
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:379
+#: ../lib/puppet/ssl/host.rb:368
 msgid "Response from the CA did not contain a valid certificate request: %{message}"
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:385
+#: ../lib/puppet/ssl/host.rb:374
 msgid "Could not download certificate request: %{message}"
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:412
+#: ../lib/puppet/ssl/host.rb:401
 msgid ""
 "Failed attempting to load CRL from %{crl_path}! The CRL below caused the error '%{error}':\n"
 "%{crl}"
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:440
+#: ../lib/puppet/ssl/host.rb:429
 msgid "The CA certificate at %{file_path} is invalid: %{message}"
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:464
+#: ../lib/puppet/ssl/host.rb:453
 msgid "No valid PEM-encoded certificates."
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:471
+#: ../lib/puppet/ssl/host.rb:460
 msgid "Could not parse certificate: %{message}"
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:494
+#: ../lib/puppet/ssl/host.rb:483
 msgid "Could not download CRLs: %{message}"
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:513
+#: ../lib/puppet/ssl/host.rb:502
 msgid "Response from the CA did not contain a valid CA certificate: %{message}"
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:516
+#: ../lib/puppet/ssl/host.rb:505
 msgid "Could not download CA certificate: %{message}"
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:556
+#: ../lib/puppet/ssl/host.rb:545
 msgid "The certificate at %{file_path} is invalid. Could not load."
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:577
+#: ../lib/puppet/ssl/host.rb:566
 msgid "Response from the CA did not contain a valid certificate for %{cert_name}."
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:581
+#: ../lib/puppet/ssl/host.rb:570
 msgid "No certificate for %{cert_name} on CA"
 msgstr ""
 
-#: ../lib/puppet/ssl/host.rb:584
+#: ../lib/puppet/ssl/host.rb:573
 msgid "Could not download host certificate: %{message}"
 msgstr ""
 
@@ -7721,6 +7725,18 @@ msgstr ""
 msgid "Error registering ssl custom OIDs mapping from file '%{custom_oid_file}': %{err}"
 msgstr ""
 
+#: ../lib/puppet/ssl/validator/default_validator.rb:95 ../lib/puppet/util/ssl.rb:81
+msgid "expected one of %{certnames}"
+msgstr ""
+
+#: ../lib/puppet/ssl/validator/default_validator.rb:97 ../lib/puppet/util/ssl.rb:83
+msgid "expected %{certname}"
+msgstr ""
+
+#: ../lib/puppet/ssl/validator/default_validator.rb:100 ../lib/puppet/util/ssl.rb:86
+msgid "Server hostname '%{host}' did not match server certificate; %{expected_certnames}"
+msgstr ""
+
 #: ../lib/puppet/syntax_checkers/base64.rb:18
 msgid "Base64 syntax checker: the text to check must be a String."
 msgstr ""
@@ -7857,7 +7873,7 @@ msgstr[1] ""
 msgid "Failed to call %{callback}: %{detail}"
 msgstr ""
 
-#: ../lib/puppet/transaction/event_manager.rb:171
+#: ../lib/puppet/transaction/event_manager.rb:172
 msgid "Would have triggered '%{callback}' from %{count} event"
 msgid_plural "Would have triggered '%{callback}' from %{count} events"
 msgstr[0] ""
@@ -8214,15 +8230,15 @@ msgstr ""
 msgid "Invalid GID %{gid}"
 msgstr ""
 
-#: ../lib/puppet/type/package.rb:114 ../lib/puppet/type/package.rb:128
+#: ../lib/puppet/type/package.rb:116 ../lib/puppet/type/package.rb:130
 msgid "Could not update: %{detail}"
 msgstr ""
 
-#: ../lib/puppet/type/package.rb:163
+#: ../lib/puppet/type/package.rb:165
 msgid "Could not get latest version: %{detail}"
 msgstr ""
 
-#: ../lib/puppet/type/package.rb:263
+#: ../lib/puppet/type/package.rb:265
 msgid "Name must be a String not %{klass}"
 msgstr ""
 
@@ -8266,15 +8282,15 @@ msgstr ""
 msgid "Invalid minute '%{n}'"
 msgstr ""
 
-#: ../lib/puppet/type/schedule.rb:278
+#: ../lib/puppet/type/schedule.rb:282
 msgid "Repeat must be a number"
 msgstr ""
 
-#: ../lib/puppet/type/schedule.rb:287
+#: ../lib/puppet/type/schedule.rb:291
 msgid "Repeat must be 1 unless periodmatch is 'distance', not '%{period}'"
 msgstr ""
 
-#: ../lib/puppet/type/schedule.rb:331
+#: ../lib/puppet/type/schedule.rb:335
 msgid "%{value} is not a valid day of the week"
 msgstr ""
 
@@ -9190,18 +9206,6 @@ msgstr ""
 msgid "Sleeping for %{time} seconds (splay is enabled)"
 msgstr ""
 
-#: ../lib/puppet/util/ssl.rb:81
-msgid "expected one of %{certnames}"
-msgstr ""
-
-#: ../lib/puppet/util/ssl.rb:83
-msgid "expected %{certname}"
-msgstr ""
-
-#: ../lib/puppet/util/ssl.rb:86
-msgid "Server hostname '%{host}' did not match server certificate; %{expected_certnames}"
-msgstr ""
-
 #: ../lib/puppet/util/storage.rb:53
 msgid "Checksumfile %{filename} is not a file, ignoring"
 msgstr ""