RubyGems - puppet - Versions diffs - 6.4.5-universal-darwin → 6.5.0-universal-darwin - Mend

puppet 6.4.5-universal-darwin → 6.5.0-universal-darwin

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (329) hide show

checksums.yaml +4 -4
data/CODEOWNERS +10 -10
data/Gemfile +6 -6
data/Gemfile.lock +46 -52
data/ext/build_defaults.yaml +0 -1
data/ext/project_data.yaml +3 -3
data/ext/regexp_nodes/regexp_nodes.rb +4 -4
data/ext/solaris/smf/puppet.xml +0 -2
data/ext/windows/eventlog/Rakefile +32 -0
data/ext/windows/eventlog/puppetres.dll +0 -0
data/ext/windows/eventlog/puppetres.mc +18 -0
data/ext/windows/service/daemon.rb +8 -38
data/install.rb +24 -6
data/lib/puppet.rb +3 -1
data/lib/puppet/application.rb +1 -1
data/lib/puppet/application/agent.rb +11 -34
data/lib/puppet/application/apply.rb +6 -6
data/lib/puppet/application/describe.rb +9 -3
data/lib/puppet/application/device.rb +4 -14
data/lib/puppet/application/doc.rb +1 -1
data/lib/puppet/application/lookup.rb +2 -2
data/lib/puppet/application/resource.rb +4 -4
data/lib/puppet/application/script.rb +2 -2
data/lib/puppet/application/ssl.rb +10 -9
data/lib/puppet/configurer.rb +30 -86
data/lib/puppet/configurer/downloader.rb +6 -2
data/lib/puppet/defaults.rb +50 -44
data/lib/puppet/error.rb +14 -9
data/lib/puppet/face/catalog.rb +20 -1
data/lib/puppet/face/config.rb +48 -10
data/lib/puppet/face/facts.rb +1 -1
data/lib/puppet/face/help.rb +1 -1
data/lib/puppet/face/module/list.rb +5 -5
data/lib/puppet/face/module/search.rb +1 -1
data/lib/puppet/face/module/uninstall.rb +1 -1
data/lib/puppet/face/module/upgrade.rb +1 -1
data/lib/puppet/face/parser.rb +48 -9
data/lib/puppet/face/plugin.rb +2 -9
data/lib/puppet/file_serving/http_metadata.rb +1 -1
data/lib/puppet/file_system.rb +12 -2
data/lib/puppet/file_system/file_impl.rb +6 -3
data/lib/puppet/file_system/memory_file.rb +1 -1
data/lib/puppet/file_system/posix.rb +2 -3
data/lib/puppet/forge.rb +3 -3
data/lib/puppet/functions.rb +2 -1
data/lib/puppet/functions/camelcase.rb +2 -2
data/lib/puppet/functions/epp.rb +4 -4
data/lib/puppet/functions/find_file.rb +9 -9
data/lib/puppet/functions/inline_epp.rb +5 -5
data/lib/puppet/functions/regsubst.rb +6 -8
data/lib/puppet/gettext/module_translations.rb +1 -1
data/lib/puppet/graph/rb_tree_map.rb +2 -2
data/lib/puppet/graph/simple_graph.rb +3 -4
data/lib/puppet/indirector/catalog/compiler.rb +5 -11
data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
data/lib/puppet/indirector/hiera.rb +0 -2
data/lib/puppet/indirector/resource/ral.rb +3 -1
data/lib/puppet/indirector/resource/validator.rb +1 -1
data/lib/puppet/interface.rb +1 -2
data/lib/puppet/loaders.rb +1 -0
data/lib/puppet/metatype/manager.rb +1 -1
data/lib/puppet/module.rb +1 -1
data/lib/puppet/module/task.rb +4 -20
data/lib/puppet/module_tool/applications/installer.rb +1 -1
data/lib/puppet/module_tool/applications/uninstaller.rb +3 -3
data/lib/puppet/module_tool/metadata.rb +1 -1
data/lib/puppet/module_tool/shared_behaviors.rb +4 -4
data/lib/puppet/module_tool/tar/mini.rb +2 -12
data/lib/puppet/network/http/api/indirected_routes.rb +11 -12
data/lib/puppet/network/http/connection.rb +12 -10
data/lib/puppet/network/http/factory.rb +11 -1
data/lib/puppet/network/http/pool.rb +0 -2
data/lib/puppet/network/http/site.rb +1 -1
data/lib/puppet/network/resolver.rb +2 -2
data/lib/puppet/node/environment.rb +2 -4
data/lib/puppet/pal/pal_impl.rb +2 -2
data/lib/puppet/parser/ast.rb +1 -1
data/lib/puppet/parser/ast/resourceparam.rb +1 -1
data/lib/puppet/parser/functions.rb +1 -1
data/lib/puppet/parser/functions/epp.rb +3 -3
data/lib/puppet/parser/functions/fail.rb +8 -1
data/lib/puppet/parser/functions/inline_epp.rb +5 -5
data/lib/puppet/parser/scope.rb +7 -8
data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +1 -1
data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +1 -1
data/lib/puppet/pops/evaluator/external_syntax_support.rb +2 -3
data/lib/puppet/pops/evaluator/runtime3_support.rb +4 -4
data/lib/puppet/pops/loader/null_loader.rb +60 -0
data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -4
data/lib/puppet/pops/loader/task_instantiator.rb +0 -4
data/lib/puppet/pops/loaders.rb +1 -1
data/lib/puppet/pops/lookup/hiera_config.rb +0 -1
data/lib/puppet/pops/lookup/sub_lookup.rb +1 -1
data/lib/puppet/pops/merge_strategy.rb +18 -22
data/lib/puppet/pops/parser/heredoc_support.rb +1 -1
data/lib/puppet/pops/parser/interpolation_support.rb +4 -4
data/lib/puppet/pops/parser/locator.rb +1 -1
data/lib/puppet/pops/parser/pn_parser.rb +16 -17
data/lib/puppet/pops/puppet_stack.rb +49 -51
data/lib/puppet/pops/types/p_sensitive_type.rb +1 -1
data/lib/puppet/pops/types/string_converter.rb +10 -10
data/lib/puppet/pops/types/types.rb +6 -5
data/lib/puppet/property.rb +1 -1
data/lib/puppet/property/ensure.rb +1 -1
data/lib/puppet/provider/exec.rb +2 -6
data/lib/puppet/provider/file/posix.rb +0 -5
data/lib/puppet/provider/nameservice.rb +3 -10
data/lib/puppet/provider/nameservice/directoryservice.rb +1 -1
data/lib/puppet/provider/nameservice/pw.rb +2 -2
data/lib/puppet/provider/package.rb +0 -2
data/lib/puppet/provider/package/apt.rb +1 -5
data/lib/puppet/provider/package/dnf.rb +1 -1
data/lib/puppet/provider/package/dpkg.rb +18 -34
data/lib/puppet/provider/package/openbsd.rb +1 -1
data/lib/puppet/provider/package/pip.rb +13 -37
data/lib/puppet/provider/package/portage.rb +4 -4
data/lib/puppet/provider/package/puppet_gem.rb +1 -1
data/lib/puppet/provider/package/rpm.rb +18 -56
data/lib/puppet/provider/package/windows/package.rb +1 -1
data/lib/puppet/provider/package/yum.rb +5 -9
data/lib/puppet/provider/package_targetable.rb +4 -7
data/lib/puppet/provider/parsedfile.rb +1 -1
data/lib/puppet/provider/service/daemontools.rb +9 -9
data/lib/puppet/provider/service/launchd.rb +5 -20
data/lib/puppet/provider/service/openbsd.rb +1 -1
data/lib/puppet/provider/service/rcng.rb +2 -2
data/lib/puppet/provider/service/runit.rb +8 -2
data/lib/puppet/provider/service/systemd.rb +19 -14
data/lib/puppet/provider/service/windows.rb +0 -8
data/lib/puppet/provider/user/directoryservice.rb +1 -1
data/lib/puppet/provider/user/hpux.rb +1 -1
data/lib/puppet/provider/user/pw.rb +3 -12
data/lib/puppet/provider/user/user_role_add.rb +1 -5
data/lib/puppet/provider/user/useradd.rb +20 -45
data/lib/puppet/provider/user/windows_adsi.rb +5 -4
data/lib/puppet/reference/configuration.rb +3 -3
data/lib/puppet/reference/indirection.rb +2 -2
data/lib/puppet/reference/metaparameter.rb +3 -1
data/lib/puppet/reference/providers.rb +3 -1
data/lib/puppet/reference/type.rb +9 -3
data/lib/puppet/reports.rb +1 -1
data/lib/puppet/resource.rb +1 -18
data/lib/puppet/resource/catalog.rb +1 -1
data/lib/puppet/rest/routes.rb +30 -17
data/lib/puppet/settings.rb +3 -43
data/lib/puppet/settings/environment_conf.rb +0 -1
data/lib/puppet/ssl/certificate_request.rb +12 -2
data/lib/puppet/ssl/host.rb +2 -2
data/lib/puppet/ssl/oids.rb +1 -1
data/lib/puppet/ssl/ssl_provider.rb +11 -5
data/lib/puppet/ssl/state_machine.rb +102 -98
data/lib/puppet/test/test_helper.rb +1 -0
data/lib/puppet/transaction.rb +11 -33
data/lib/puppet/transaction/report.rb +1 -1
data/lib/puppet/type.rb +4 -2
data/lib/puppet/type/exec.rb +17 -23
data/lib/puppet/type/file.rb +39 -11
data/lib/puppet/type/file/data_sync.rb +1 -5
data/lib/puppet/type/group.rb +2 -4
data/lib/puppet/type/notify.rb +3 -4
data/lib/puppet/type/package.rb +3 -20
data/lib/puppet/type/schedule.rb +1 -1
data/lib/puppet/type/service.rb +3 -8
data/lib/puppet/type/user.rb +2 -4
data/lib/puppet/util.rb +29 -39
data/lib/puppet/util/command_line/trollop.rb +1 -1
data/lib/puppet/util/execution.rb +3 -4
data/lib/puppet/util/http_proxy.rb +19 -27
data/lib/puppet/util/log.rb +2 -2
data/lib/puppet/util/log/destinations.rb +2 -2
data/lib/puppet/util/logging.rb +20 -32
data/lib/puppet/util/metric.rb +2 -2
data/lib/puppet/util/monkey_patches.rb +33 -0
data/lib/puppet/util/pidlock.rb +2 -3
data/lib/puppet/util/provider_features.rb +4 -2
data/lib/puppet/util/rdoc.rb +1 -1
data/lib/puppet/util/reference.rb +1 -1
data/lib/puppet/util/resource_template.rb +1 -1
data/lib/puppet/util/selinux.rb +2 -8
data/lib/puppet/util/skip_tags.rb +4 -0
data/lib/puppet/util/windows/adsi.rb +18 -48
data/lib/puppet/util/windows/process.rb +8 -8
data/lib/puppet/util/windows/registry.rb +5 -7
data/lib/puppet/util/windows/security.rb +0 -2
data/lib/puppet/util/windows/service.rb +4 -149
data/lib/puppet/util/windows/sid.rb +0 -1
data/lib/puppet/vendor.rb +1 -1
data/lib/puppet/version.rb +1 -1
data/lib/puppet/x509/cert_provider.rb +81 -24
data/locales/puppet.pot +462 -482
data/man/man5/puppet.conf.5 +43 -44
data/man/man8/puppet-agent.8 +1 -1
data/man/man8/puppet-apply.8 +3 -3
data/man/man8/puppet-catalog.8 +31 -3
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +1 -1
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +1 -1
data/man/man8/puppet-filebucket.8 +1 -1
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-key.8 +1 -1
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-man.8 +1 -1
data/man/man8/puppet-module.8 +1 -1
data/man/man8/puppet-node.8 +1 -1
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +1 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +1 -1
data/man/man8/puppet-ssl.8 +1 -1
data/man/man8/puppet-status.8 +1 -1
data/man/man8/puppet.8 +3 -3
data/spec/fixtures/ssl/127.0.0.1-key.pem +56 -56
data/spec/fixtures/ssl/127.0.0.1.pem +27 -27
data/spec/fixtures/ssl/bad-basic-constraints.pem +32 -32
data/spec/fixtures/ssl/bad-int-basic-constraints.pem +30 -30
data/spec/fixtures/ssl/ca.pem +30 -30
data/spec/fixtures/ssl/crl.pem +15 -15
data/spec/fixtures/ssl/ec-key.pem +18 -0
data/spec/fixtures/ssl/ec.pem +40 -0
data/spec/fixtures/ssl/encrypted-ec-key.pem +21 -0
data/spec/fixtures/ssl/encrypted-key.pem +57 -57
data/spec/fixtures/ssl/intermediate-agent-crl.pem +16 -16
data/spec/fixtures/ssl/intermediate-agent.pem +33 -33
data/spec/fixtures/ssl/intermediate-crl.pem +17 -17
data/spec/fixtures/ssl/intermediate.pem +31 -31
data/spec/fixtures/ssl/pluto-key.pem +56 -56
data/spec/fixtures/ssl/pluto.pem +28 -28
data/spec/fixtures/ssl/request-key.pem +56 -56
data/spec/fixtures/ssl/request.pem +24 -24
data/spec/fixtures/ssl/revoked-key.pem +56 -56
data/spec/fixtures/ssl/revoked.pem +25 -25
data/spec/fixtures/ssl/signed-key.pem +56 -56
data/spec/fixtures/ssl/signed.pem +25 -25
data/spec/fixtures/ssl/tampered-cert.pem +27 -27
data/spec/fixtures/ssl/tampered-csr.pem +24 -24
data/spec/fixtures/unit/pops/loaders/loaders/mix_4x_and_3x_functions/usee/lib/puppet/parser/functions/func_with_syntax_error.rb +9 -0
data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_get/should_yield_to_the_block.yml +24 -0
data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_head/should_yield_to_the_block.yml +24 -0
data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_post/should_yield_to_the_block.yml +24 -0
data/spec/integration/configurer_spec.rb +0 -52
data/spec/integration/provider/service/init_spec.rb +1 -0
data/spec/integration/provider/service/systemd_spec.rb +5 -8
data/spec/integration/type/file_spec.rb +38 -28
data/spec/integration/util/execution_spec.rb +0 -27
data/spec/lib/puppet/certificate_factory.rb +2 -2
data/spec/lib/puppet/test_ca.rb +17 -4
data/spec/lib/puppet_spec/fixtures.rb +4 -0
data/spec/spec_helper.rb +0 -28
data/spec/unit/application/agent_spec.rb +34 -67
data/spec/unit/application/device_spec.rb +1 -27
data/spec/unit/application/ssl_spec.rb +60 -35
data/spec/unit/configurer_spec.rb +399 -395
data/spec/unit/defaults_spec.rb +4 -4
data/spec/unit/face/facts_spec.rb +0 -9
data/spec/unit/face/parser_spec.rb +69 -22
data/spec/unit/face/plugin_spec.rb +0 -8
data/spec/unit/file_system_spec.rb +30 -1
data/spec/unit/forge/forge_spec.rb +3 -1
data/spec/unit/forge/repository_spec.rb +3 -1
data/spec/unit/indirector/catalog/compiler_spec.rb +5 -62
data/spec/unit/indirector/resource/ral_spec.rb +4 -4
data/spec/unit/module_tool/tar/mini_spec.rb +1 -1
data/spec/unit/network/http/api/indirected_routes_spec.rb +10 -25
data/spec/unit/network/http/connection_spec.rb +145 -119
data/spec/unit/network/http/factory_spec.rb +5 -27
data/spec/unit/parser/scope_spec.rb +0 -10
data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +3 -8
data/spec/unit/pops/loaders/loaders_spec.rb +4 -0
data/spec/unit/pops/loaders/module_loaders_spec.rb +0 -37
data/spec/unit/pops/types/types_spec.rb +27 -0
data/spec/unit/provider/exec_spec.rb +0 -209
data/spec/unit/provider/package/aptrpm_spec.rb +1 -1
data/spec/unit/provider/package/dnf_spec.rb +0 -7
data/spec/unit/provider/package/dpkg_spec.rb +80 -240
data/spec/unit/provider/package/pip_spec.rb +8 -61
data/spec/unit/provider/package/portage_spec.rb +4 -4
data/spec/unit/provider/package/rpm_spec.rb +16 -150
data/spec/unit/provider/package/yum_spec.rb +0 -7
data/spec/unit/provider/service/daemontools_spec.rb +0 -24
data/spec/unit/provider/service/launchd_spec.rb +0 -28
data/spec/unit/provider/service/runit_spec.rb +0 -24
data/spec/unit/provider/service/systemd_spec.rb +25 -39
data/spec/unit/provider/service/windows_spec.rb +0 -20
data/spec/unit/provider/user/hpux_spec.rb +2 -2
data/spec/unit/provider/user/pw_spec.rb +0 -37
data/spec/unit/provider/user/useradd_spec.rb +0 -88
data/spec/unit/resource_spec.rb +1 -26
data/spec/unit/ssl/host_spec.rb +5 -0
data/spec/unit/ssl/ssl_provider_spec.rb +36 -11
data/spec/unit/ssl/state_machine_spec.rb +233 -158
data/spec/unit/transaction_spec.rb +0 -64
data/spec/unit/type/exec_spec.rb +12 -15
data/spec/unit/type/file/content_spec.rb +3 -9
data/spec/unit/type/file/source_spec.rb +4 -4
data/spec/unit/type/file_spec.rb +15 -11
data/spec/unit/type/package_spec.rb +0 -5
data/spec/unit/type/schedule_spec.rb +1 -3
data/spec/unit/type/service_spec.rb +0 -16
data/spec/unit/util/execution_spec.rb +0 -16
data/spec/unit/util/http_proxy_spec.rb +21 -151
data/spec/unit/util/ldap/manager_spec.rb +0 -15
data/spec/unit/util/log/destinations_spec.rb +3 -7
data/spec/unit/util/log_spec.rb +138 -0
data/spec/unit/util/logging_spec.rb +0 -200
data/spec/unit/util/pidlock_spec.rb +0 -26
data/spec/unit/util/skip_tags_spec.rb +14 -0
data/spec/unit/util/windows/adsi_spec.rb +0 -51
data/spec/unit/util/windows/service_spec.rb +0 -9
data/spec/unit/util_spec.rb +10 -0
data/spec/unit/x509/cert_provider_spec.rb +82 -43
data/tasks/generate_cert_fixtures.rake +13 -1
data/tasks/manpages.rake +0 -1
metadata +26 -20
data/ext/cert_inspector +0 -140
data/ext/envpuppet +0 -139
data/ext/envpuppet.bat +0 -14
data/ext/puppet-test +0 -476
data/ext/pure_ruby_dsl/dsl_test.rb +0 -7
data/ext/upload_facts.rb +0 -119
data/lib/puppet/provider/package/dnfmodule.rb +0 -87
data/spec/fixtures/unit/provider/package/dnfmodule/dnf-module-list-installed.txt +0 -11
data/spec/integration/type/notify_spec.rb +0 -46
data/spec/unit/provider/package/dnfmodule_spec.rb +0 -186
data/spec/unit/provider/package_targetable_spec.rb +0 -60

data/lib/puppet/util/windows/process.rb CHANGED

@@ -122,21 +122,21 @@ module Puppet::Util::Windows::Process
   def get_process_image_name_by_pid(pid)
     image_name = ""
-     open_process(PROCESS_QUERY_INFORMATION, false, pid) do |phandle|
+    open_process(PROCESS_QUERY_INFORMATION, false, pid) do |phandle|
-       FFI::MemoryPointer.new(:dword, 1) do |exe_name_length_ptr|
-        # UTF is 2 bytes/char:
-        max_chars = MAX_PATH_LENGTH + 1
-        exe_name_length_ptr.write_dword(max_chars)
-        FFI::MemoryPointer.new(:wchar, max_chars) do |exe_name_ptr|
+      FFI::MemoryPointer.new(:dword, 1) do |exe_name_length_ptr|
+        # Add 1 for the null terminator, and UTF is 2 bytes/char:
+        max_path_length = (MAX_PATH_LENGTH + 1) * 2
+        exe_name_length_ptr.write_dword(max_path_length)
+        FFI::MemoryPointer.new(max_path_length) do |exe_name_ptr|
           use_win32_path_format = 0
           result = QueryFullProcessImageNameW(phandle, use_win32_path_format, exe_name_ptr, exe_name_length_ptr)
           if result == FFI::WIN32_FALSE
             raise Puppet::Util::Windows::Error.new(
               "QueryFullProcessImageNameW(phandle, #{use_win32_path_format}, " +
-              "exe_name_ptr, #{max_chars}")
+              "exe_name_ptr, #{max_path_length}")
           end
-          image_name = exe_name_ptr.read_wide_string(exe_name_length_ptr.read_dword)
+          image_name = exe_name_ptr.read_wide_string(MAX_PATH_LENGTH + 1)
         end
       end
     end

data/lib/puppet/util/windows/registry.rb CHANGED

@@ -46,12 +46,11 @@ module Puppet::Util::Windows
       subkey_max_len, _ = reg_query_info_key_max_lengths(key)
-      loop do
+      begin
         subkey, filetime = reg_enum_key(key, index, subkey_max_len)
         yield subkey, filetime if !subkey.nil?
         index += 1
-        break if subkey.nil?
-      end
+      end while !subkey.nil?
       index
     end
@@ -94,12 +93,11 @@ module Puppet::Util::Windows
       _, value_max_len = reg_query_info_key_max_lengths(key)
-      loop do
+      begin
         subkey, type, data = reg_enum_value(key, index, value_max_len)
         yield subkey, type, data if !subkey.nil?
         index += 1
-        break if subkey.nil?
-      end
+      end while !subkey.nil?
       index
     end
@@ -316,7 +314,7 @@ module Puppet::Util::Windows
     def sanitize(value)
       # Replace null bytes with a space
-      value.tr!("\x00", ' ')
+      value.gsub!("\x00", ' ')
       value
     end

data/lib/puppet/util/windows/security.rb CHANGED

@@ -200,7 +200,6 @@ module Puppet::Util::Windows::Security
     well_known_world_sid = Puppet::Util::Windows::SID::Everyone
     well_known_nobody_sid = Puppet::Util::Windows::SID::Nobody
     well_known_system_sid = Puppet::Util::Windows::SID::LocalSystem
-    well_known_app_packages_sid = Puppet::Util::Windows::SID::AllAppPackages
     mode = S_ISYSTEM_MISSING
@@ -235,7 +234,6 @@ module Puppet::Util::Windows::Security
         if (ace.mask & FILE::FILE_APPEND_DATA).nonzero?
           mode |= S_ISVTX
         end
-      when well_known_app_packages_sid
       when well_known_system_sid
       else
         #puts "Warning, unable to map SID into POSIX mode: #{ace.sid}"

data/lib/puppet/util/windows/service.rb CHANGED

@@ -1,4 +1,3 @@
-# coding: utf-8
 require 'puppet/util/windows'
 require 'ffi'
@@ -181,30 +180,7 @@ module Puppet::Util::Windows
     # // Value to indicate no change to an optional parameter
     # //
     # #define SERVICE_NO_CHANGE              0xffffffff
-    # https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-changeserviceconfig2w
-    SERVICE_CONFIG_DESCRIPTION              = 0x00000001
-    SERVICE_CONFIG_FAILURE_ACTIONS          = 0x00000002
-    SERVICE_CONFIG_DELAYED_AUTO_START_INFO  = 0x00000003
-    SERVICE_CONFIG_FAILURE_ACTIONS_FLAG     = 0x00000004
-    SERVICE_CONFIG_SERVICE_SID_INFO         = 0x00000005
-    SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO = 0x00000006
-    SERVICE_CONFIG_PRESHUTDOWN_INFO         = 0x00000007
-    SERVICE_CONFIG_TRIGGER_INFO             = 0x00000008
-    SERVICE_CONFIG_PREFERRED_NODE           = 0x00000009
-    SERVICE_CONFIG_LAUNCH_PROTECTED         = 0x00000012
-    SERVICE_NO_CHANGE                       = 0xffffffff
-    SERVICE_CONFIG_TYPES = {
-      SERVICE_CONFIG_DESCRIPTION => :SERVICE_CONFIG_DESCRIPTION,
-      SERVICE_CONFIG_FAILURE_ACTIONS => :SERVICE_CONFIG_FAILURE_ACTIONS,
-      SERVICE_CONFIG_DELAYED_AUTO_START_INFO => :SERVICE_CONFIG_DELAYED_AUTO_START_INFO,
-      SERVICE_CONFIG_FAILURE_ACTIONS_FLAG => :SERVICE_CONFIG_FAILURE_ACTIONS_FLAG,
-      SERVICE_CONFIG_SERVICE_SID_INFO => :SERVICE_CONFIG_SERVICE_SID_INFO,
-      SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO => :SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO,
-      SERVICE_CONFIG_PRESHUTDOWN_INFO => :SERVICE_CONFIG_PRESHUTDOWN_INFO,
-      SERVICE_CONFIG_TRIGGER_INFO => :SERVICE_CONFIG_TRIGGER_INFO,
-      SERVICE_CONFIG_PREFERRED_NODE => :SERVICE_CONFIG_PREFERRED_NODE,
-      SERVICE_CONFIG_LAUNCH_PROTECTED => :SERVICE_CONFIG_LAUNCH_PROTECTED,
-    }
+    SERVICE_NO_CHANGE = 0xffffffff
     # Service enum codes
     # https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/nf-winsvc-enumservicesstatusexa
@@ -243,19 +219,6 @@ module Puppet::Util::Windows
       )
     end
-    # https://docs.microsoft.com/en-us/windows/win32/api/winsvc/ns-winsvc-service_delayed_auto_start_info
-    # typedef struct _SERVICE_DELAYED_AUTO_START_INFO {
-    #   BOOL fDelayedAutostart;
-    # } SERVICE_DELAYED_AUTO_START_INFO, *LPSERVICE_DELAYED_AUTO_START_INFO;
-    class SERVICE_DELAYED_AUTO_START_INFO < FFI::Struct
-      layout(:fDelayedAutostart, :int)
-      alias aset []=
-      # Intercept the accessor so that we can handle either true/false or 1/0.
-      # Since there is only one member, there’s no need to check the key name.
-      def []=(key, value)
-        [0, false].include?(value) ? aset(key, 0) : aset(key, 1)
-      end
-    end
     # https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/ns-winsvc-_enum_service_status_processw
     # typedef struct _ENUM_SERVICE_STATUS_PROCESSW {
@@ -414,7 +377,6 @@ module Puppet::Util::Windows
     module_function :service_state
     # Query the configuration of a service using QueryServiceConfigW
-    # or QueryServiceConfig2W
     #
     # @param [String] service_name name of the service to query
     # @return [QUERY_SERVICE_CONFIGW.struct] the configuration of the service
@@ -425,14 +387,6 @@ module Puppet::Util::Windows
           start_type = SERVICE_START_TYPES[config[:dwStartType]]
         end
       end
-      # if the service has type AUTO_START, check if it's a delayed service
-      if start_type == :SERVICE_AUTO_START
-        open_service(service_name, SC_MANAGER_CONNECT, SERVICE_QUERY_CONFIG) do |service|
-          query_config2(service, SERVICE_CONFIG_DELAYED_AUTO_START_INFO) do |config|
-            return :SERVICE_DELAYED_AUTO_START if config[:fDelayedAutostart] == 1
-          end
-        end
-      end
       if start_type.nil?
         raise Puppet::Error.new(_("Unknown start type '%{start_type}' for '%{service_name}'") % { start_type: start_type.to_s, service_name: service_name})
       end
@@ -442,12 +396,11 @@ module Puppet::Util::Windows
     # Change the startup mode of a windows service
     #
-    # @param [String] service_name the name of the service to modify
-    # @param [Integer] startup_type a code corresponding to a start type for
+    # @param [string] service_name the name of the service to modify
+    # @param [Int] startup_type a code corresponding to a start type for
     #  windows service, see the "Service start type codes" section in the
     #  Puppet::Util::Windows::Service file for the list of available codes
-    # @param [Bool] delayed whether the service should be started with a delay
-    def set_startup_mode(service_name, startup_type, delayed=false)
+    def set_startup_mode(service_name, startup_type)
       startup_code = SERVICE_START_TYPES.key(startup_type)
       if startup_code.nil?
         raise Puppet::Error.new(_("Unknown start type %{start_type}") % {startup_type: startup_type.to_s})
@@ -474,7 +427,6 @@ module Puppet::Util::Windows
           raise Puppet::Util::Windows::Error.new(_("Failed to update service configuration"))
         end
       end
-      set_startup_mode_delayed(service_name, delayed)
     end
     module_function :set_startup_mode
@@ -757,82 +709,6 @@ module Puppet::Util::Windows
       end
       private :query_config
-      # @api private
-      # perform QueryServiceConfig2W on a windows service and return the
-      # result
-      #
-      # @param [:handle] service handle of the service to query
-      # @param [Integer] info_level the configuration information to be queried
-      # @return [QUERY_SERVICE_CONFIG2W struct] the result of the query
-      def query_config2(service, info_level, &block)
-        config = nil
-        size_required = nil
-        # Fetch the bytes of memory required to be allocated
-        # for QueryServiceConfig2W to return succesfully. This
-        # is done by sending NULL and 0 for the pointer and size
-        # respectively, letting the command fail, then reading the
-        # value of pcbBytesNeeded
-        FFI::MemoryPointer.new(:lpword) do |bytes_pointer|
-          # return value will be false from this call, since it's designed
-          # to fail. Just ignore it
-          QueryServiceConfig2W(service, info_level, FFI::Pointer::NULL, 0, bytes_pointer)
-          size_required = bytes_pointer.read_dword
-          FFI::MemoryPointer.new(size_required) do |ssp_ptr|
-            # We need to supply the appropriate struct to be created based on
-            # the info_level
-            case info_level
-            when SERVICE_CONFIG_DELAYED_AUTO_START_INFO
-              config = SERVICE_DELAYED_AUTO_START_INFO.new(ssp_ptr)
-            end
-            success = QueryServiceConfig2W(
-              service,
-              info_level,
-              ssp_ptr,
-              size_required,
-              bytes_pointer
-            )
-            if success == FFI::WIN32_FALSE
-              raise Puppet::Util::Windows::Error.new(_("Service query for %{parameter_name} failed") % { parameter_name: SERVICE_CONFIG_TYPES[info_level] } )
-            end
-            yield config
-          end
-        end
-      end
-      private :query_config2
-      # @api private
-      # Sets an optional parameter on a service by calling
-      # ChangeServiceConfig2W
-      #
-      # @param [String] service_name name of service
-      # @param [Integer] change parameter to change
-      # @param [struct] value appropriate struct based on the parameter to change
-      def set_optional_parameter(service_name, change, value)
-        open_service(service_name, SC_MANAGER_CONNECT, SERVICE_CHANGE_CONFIG) do |service|
-          success = ChangeServiceConfig2W(
-            service,
-            change, # dwInfoLevel
-            value,  # lpInfo
-          )
-          if success == FFI::WIN32_FALSE
-            raise Puppet::Util::windows::Error.new(_("Failed to update service %{change} configuration") % { change: change } )
-          end
-        end
-      end
-      private :set_optional_parameter
-      # @api private
-      # Controls the delayed auto-start setting of a service
-      #
-      # @param [String] service_name name of service
-      # @param [Bool] delayed whether the service should be started with a delay or not
-      def set_startup_mode_delayed(service_name, delayed)
-        delayed_start = SERVICE_DELAYED_AUTO_START_INFO.new
-        delayed_start[:fDelayedAutostart] = delayed
-        set_optional_parameter(service_name, SERVICE_CONFIG_DELAYED_AUTO_START_INFO, delayed_start)
-      end
-      private :set_startup_mode_delayed
       # @api private
       # Sends a service control signal to a service
       #
@@ -1029,18 +905,6 @@ module Puppet::Util::Windows
     attach_function_private :QueryServiceConfigW,
       [:handle, :lpbyte, :dword, :lpdword], :win32_bool
-    # https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-queryserviceconfig2w
-    # BOOL QueryServiceConfig2W(
-    #   SC_HANDLE hService,
-    #   DWORD     dwInfoLevel,
-    #   LPBYTE    lpBuffer,
-    #   DWORD     cbBufSize,
-    #   LPDWORD   pcbBytesNeeded
-    # );
-    ffi_lib :advapi32
-    attach_function_private :QueryServiceConfig2W,
-      [:handle, :dword, :lpbyte, :dword, :lpdword], :win32_bool
     # https://docs.microsoft.com/en-us/windows/desktop/api/Winsvc/nf-winsvc-startservicew
     # BOOL StartServiceW(
     #   SC_HANDLE hService,
@@ -1091,15 +955,6 @@ module Puppet::Util::Windows
         :lpcwstr
       ], :win32_bool
-    # https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-changeserviceconfig2w
-    # BOOL ChangeServiceConfig2W(
-    #   SC_HANDLE hService,
-    #   DWORD     dwInfoLevel,
-    #   LPVOID    lpInfo
-    # );
-    ffi_lib :advapi32
-    attach_function_private :ChangeServiceConfig2W,
-      [:handle, :dword, :lpvoid], :win32_bool
     # https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/nf-winsvc-enumservicesstatusexw
     # BOOL EnumServicesStatusExW(

data/lib/puppet/util/windows/sid.rb CHANGED

@@ -46,7 +46,6 @@ module Puppet::Util::Windows
     PrintOperators              = 'S-1-5-32-550'
     BackupOperators             = 'S-1-5-32-551'
     Replicators                 = 'S-1-5-32-552'
-    AllAppPackages              = 'S-1-15-2-1'
     # Convert an account name, e.g. 'Administrators' into a SID string,
     # e.g. 'S-1-5-32-544'. The name can be specified as 'Administrators',

data/lib/puppet/vendor.rb CHANGED

@@ -45,7 +45,7 @@ module Puppet
       #
       def load_vendored
         Dir.entries(vendor_dir).each do |entry|
-          if entry =~ /load_(\w+?)\.rb$/
+          if entry.match(/load_(\w+?)\.rb$/)
             load_entry entry
           end
         end

data/lib/puppet/version.rb CHANGED

@@ -6,7 +6,7 @@
 # Raketasks and such to set the version based on the output of `git describe`
 module Puppet
-  PUPPETVERSION = '6.4.5'
+  PUPPETVERSION = '6.5.0'
   ##
   # version is a public API method intended to always provide a fast and

data/lib/puppet/x509/cert_provider.rb CHANGED

@@ -10,21 +10,18 @@ class Puppet::X509::CertProvider
   VALID_CERTNAME = /\A[ -.0-~]+\Z/
   CERT_DELIMITERS = /-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m
   CRL_DELIMITERS = /-----BEGIN X509 CRL-----.*?-----END X509 CRL-----/m
+  EC_HEADER = /-----BEGIN EC PRIVATE KEY-----/
   def initialize(capath: Puppet[:localcacert],
                  crlpath: Puppet[:hostcrl],
                  privatekeydir: Puppet[:privatekeydir],
                  certdir: Puppet[:certdir],
-                 requestdir: Puppet[:requestdir],
-                 hostprivkey: Puppet.settings.set_by_config?(:hostprivkey) ? Puppet[:hostprivkey] : nil,
-                 hostcert: Puppet.settings.set_by_config?(:hostcert) ? Puppet[:hostcert] : nil)
+                 requestdir: Puppet[:requestdir])
     @capath = capath
     @crlpath = crlpath
     @privatekeydir = privatekeydir
     @certdir = certdir
     @requestdir = requestdir
-    @hostprivkey = hostprivkey
-    @hostcert = hostcert
   end
   # Save `certs` to the configured `capath`.
@@ -113,16 +110,44 @@ class Puppet::X509::CertProvider
     end
   end
+  # Return the time when the CRL was last updated.
+  #
+  # @return [Time, nil] Time when the CRL was last updated, or nil if we don't
+  #   have a CRL
+  def crl_last_update
+    stat = Puppet::FileSystem.stat(@crlpath)
+    Time.at(stat.mtime)
+  rescue Errno::ENOENT
+    nil
+  end
+  # Set the CRL last updated time.
+  #
+  # @param time [Time] The last updated time
+  #
+  def crl_last_update=(time)
+    Puppet::FileSystem.touch(@crlpath, mtime: time)
+  end
   # Save named private key in the configured `privatekeydir`. For
   # historical reasons, names are case insensitive.
   #
   # @param name [String] The private key identity
   # @param key [OpenSSL::PKey::RSA] private key
+  # @param password [String, nil] If non-nil, derive an encryption key
+  #   from the password, and use that to encrypt the private key. If nil,
+  #   save the private key unencrypted.
   # @raise [Puppet::Error] if the private key cannot be saved
   # @api private
-  def save_private_key(name, key)
-    path = @hostprivkey || to_path(@privatekeydir, name)
-    save_pem(key.to_pem, path, **permissions_for_setting(:hostprivkey))
+  def save_private_key(name, key, password: nil)
+    pem = if password
+            cipher = OpenSSL::Cipher::AES.new(128, :CBC)
+            key.export(cipher, password)
+          else
+            key.to_pem
+          end
+    path = to_path(@privatekeydir, name)
+    save_pem(pem, path, **permissions_for_setting(:hostprivkey))
   rescue SystemCallError => e
     raise Puppet::Error.new(_("Failed to save private key for '%{name}'") % {name: name}, e)
   end
@@ -132,17 +157,20 @@ class Puppet::X509::CertProvider
   #
   # @param name [String] The private key identity
   # @param required [Boolean] If true, raise if it is missing
+  # @param password [String, nil] If the private key is encrypted, decrypt
+  #   it using the password. If the key is encrypted, but a password is
+  #   not specified, then the key cannot be loaded.
   # @return (see #load_private_key_from_pem)
   # @raise (see #load_private_key_from_pem)
   # @raise [Puppet::Error] if the private key cannot be loaded
   # @api private
-  def load_private_key(name, required: false)
-    path = @hostprivkey || to_path(@privatekeydir, name)
+  def load_private_key(name, required: false, password: nil)
+    path = to_path(@privatekeydir, name)
     pem = load_pem(path)
     if !pem && required
       raise Puppet::Error, _("The private key is missing from '%{path}'") % { path: path }
     end
-    pem ? load_private_key_from_pem(pem) : nil
+    pem ? load_private_key_from_pem(pem, password: password) : nil
   rescue SystemCallError => e
     raise Puppet::Error.new(_("Failed to load private key for '%{name}'") % {name: name}, e)
   end
@@ -150,14 +178,46 @@ class Puppet::X509::CertProvider
   # Load a PEM encoded private key.
   #
   # @param pem [String] PEM encoded private key
-  # @return [OpenSSL::PKey::RSA] The private key
-  # @raise [OpenSSL::PKey::RSAError] The `pem` text does not contain a valid key
+  # @param password [String, nil] If the private key is encrypted, decrypt
+  #   it using the password. If the key is encrypted, but a password is
+  #   not specified, then the key cannot be loaded.
+  # @return [OpenSSL::PKey::RSA, OpenSSL::PKey::EC] The private key
+  # @raise [OpenSSL::PKey::PKeyError] The `pem` text does not contain a valid key
   # @api private
-  def load_private_key_from_pem(pem)
-    # set a non-nil passphrase to ensure openssl doesn't prompt
-    # but ruby 2.4.0 & 2.4.1 require at least 4 bytes, see
-    # https://github.com/ruby/ruby/commit/f012932218fd609f75f9268812df61fb26e2d0f1#diff-40e4270ec386990ac60d7ab5ff8045a4
-    OpenSSL::PKey::RSA.new(pem, '    ')
+  def load_private_key_from_pem(pem, password: nil)
+    # set a non-nil password to ensure openssl doesn't prompt
+    # but ruby 2.4.0 & 2.4.1 require at least 4 bytes due to
+    # https://github.com/ruby/openssl/commit/f38501249f33bff7ca9d208670b8cde695ea8b7b
+    # and corrected in https://github.com/ruby/openssl/commit/a896c3d1dfa090e92dec1abf8ac12843af6af721
+    password ||= '    '
+    if Puppet::Util::Platform.jruby?
+      begin
+        if pem =~ EC_HEADER
+          OpenSSL::PKey::EC.new(pem, password)
+        else
+          OpenSSL::PKey::RSA.new(pem, password)
+        end
+      rescue OpenSSL::PKey::PKeyError => e
+        if e.message =~ /Neither PUB key nor PRIV key/
+          raise OpenSSL::PKey::PKeyError, "Could not parse PKey: no start line"
+        else
+          raise e
+        end
+      end
+    else
+      OpenSSL::PKey.read(pem, password)
+    end
+  end
+  # Load the private key password.
+  #
+  # @return [String, nil] The private key password as a binary string or nil
+  #   if there is none.
+  def load_private_key_password
+    Puppet::FileSystem.read(Puppet[:passfile], :encoding => Encoding::BINARY)
+  rescue Errno::ENOENT
+    nil
   end
   # Save a named client cert to the configured `certdir`.
@@ -167,7 +227,7 @@ class Puppet::X509::CertProvider
   # @raise [Puppet::Error] if the client cert cannot be saved
   # @api private
   def save_client_cert(name, cert)
-    path = @hostcert || to_path(@certdir, name)
+    path = to_path(@certdir, name)
     save_pem(cert.to_pem, path, **permissions_for_setting(:hostcert))
   rescue SystemCallError => e
     raise Puppet::Error.new(_("Failed to save client certificate for '%{name}'") % {name: name}, e)
@@ -182,7 +242,7 @@ class Puppet::X509::CertProvider
   # @raise [Puppet::Error] if the client cert cannot be loaded
   # @api private
   def load_client_cert(name, required: false)
-    path = @hostcert || to_path(@certdir, name)
+    path = to_path(@certdir, name)
     pem = load_pem(path)
     if !pem && required
       raise Puppet::Error, _("The client certificate is missing from '%{path}'") % { path: path }
@@ -284,10 +344,7 @@ class Puppet::X509::CertProvider
   def permissions_for_setting(name)
     setting = Puppet.settings.setting(name)
     perm = { mode: setting.mode.to_i(8) }
-    if Puppet.features.root? && !Puppet::Util::Platform.windows?
-      perm[:owner] = setting.owner
-      perm[:group] = setting.group
-    end
+    perm.merge!(owner: setting.owner, group: setting.group) if Puppet.features.root? && !Puppet::Util::Platform.windows?
     perm
   end
 end