puppet 7.0.0-x64-mingw32 → 7.5.0-x64-mingw32

data/lib/puppet/provider/package/apt.rb

@@ -42,7 +42,11 @@ Puppet::Type.type(:package).provide :apt, :parent => :dpkg, :source => :dpkg do
 
   def query
     hash = super
-    hash[:mark] = :manual if aptmark('showmanual').split("\n").include?(@resource[:name])
+
+    if !%i(absent purged).include?(hash[:ensure]) && aptmark('showmanual', @resource[:name]).strip == @resource[:name]
+      hash[:mark] = :manual
+    end
+
     hash
   end
 
@@ -51,6 +55,10 @@ Puppet::Type.type(:package).provide :apt, :parent => :dpkg, :source => :dpkg do
     @property_flush = {}
   end
 
+  def mark
+    @property_flush[:mark]
+  end
+
   def mark=(value)
     @property_flush[:mark] = value
   end
@@ -143,7 +151,13 @@ Puppet::Type.type(:package).provide :apt, :parent => :dpkg, :source => :dpkg do
     end
 
     cmd += install_options if @resource[:install_options]
-    cmd << :install << str
+    cmd << :install
+
+    if source
+      cmd << source
+    else
+      cmd << str
+    end
 
     self.unhold if self.properties[:mark] == :hold
     begin
@@ -151,6 +165,18 @@ Puppet::Type.type(:package).provide :apt, :parent => :dpkg, :source => :dpkg do
     ensure
       self.hold if @resource[:mark] == :hold
     end
+
+    # If a source file was specified, we must make sure the expected version was installed from specified file
+    if source && !%i(present installed).include?(should)
+      is = self.query
+      raise Puppet::Error, _("Could not find package %{name}") % { name: self.name } unless is
+
+      version = is[:ensure]
+
+      raise Puppet::Error, _("Failed to update to version %{should}, got version %{version} instead") % { should: should, version: version } unless
+        insync?(version)
+    end
+
   end
 
   # What's the latest package version available?
@@ -227,4 +253,10 @@ Puppet::Type.type(:package).provide :apt, :parent => :dpkg, :source => :dpkg do
     end
     should_range.include?(is_version)
   end
+
+  private
+
+  def source
+    @source ||= @resource[:source]
+  end
 end

data/lib/puppet/provider/package/aptitude.rb

@@ -26,4 +26,10 @@ Puppet::Type.type(:package).provide :aptitude, :parent => :apt, :source => :dpkg
   def purge
     aptitude '-y', 'purge', @resource[:name]
   end
+
+  private
+
+  def source
+    nil
+  end
 end

data/lib/puppet/provider/service/debian.rb

@@ -17,6 +17,8 @@ Puppet::Type.type(:service).provide :debian, :parent => :init do
   commands :invoke_rc => "/usr/sbin/invoke-rc.d"
   commands :service => "/usr/sbin/service"
 
+  confine :false => Puppet::FileSystem.exist?('/proc/1/comm') && Puppet::FileSystem.read('/proc/1/comm').include?('systemd')
+
   defaultfor :operatingsystem => :cumuluslinux, :operatingsystemmajrelease => ['1','2']
   defaultfor :operatingsystem => :debian, :operatingsystemmajrelease => ['5','6','7']
   defaultfor :operatingsystem => :devuan

data/lib/puppet/provider/user/aix.rb

@@ -178,7 +178,7 @@ Puppet::Type.type(:user).provide :aix, :parent => Puppet::Provider::AixObject do
       # does not have a password.
       break if line =~ /^\S+:$/
 
-      match_obj = /password = (\S+)/.match(line)
+      match_obj = /password\s+=\s+(\S+)/.match(line)
     end
     return :absent unless match_obj
 
@@ -211,7 +211,7 @@ Puppet::Type.type(:user).provide :aix, :parent => Puppet::Provider::AixObject do
       tempfile = Tempfile.new("puppet_#{user}_pw", :encoding => Encoding::ASCII)
       tempfile << "#{user}:#{value}\n"
       tempfile.close()
-  
+
       # Options '-e', '-c', use encrypted password and clear flags
       # Must receive "user:enc_password" as input
       # command, arguments = {:failonfail => true, :combine => true}

data/lib/puppet/provider/user/useradd.rb

@@ -59,23 +59,37 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
      get(:uid)
   end
 
+  def gid
+     return localgid if @resource.forcelocal?
+     get(:gid)
+  end
+
   def comment
      return localcomment if @resource.forcelocal?
      get(:comment)
   end
 
+  def groups
+     return localgroups if @resource.forcelocal?
+     super
+  end
+
   def finduser(key, value)
-    passwd_file = "/etc/passwd"
+    passwd_file = '/etc/passwd'
     passwd_keys = [:account, :password, :uid, :gid, :gecos, :directory, :shell]
-    index = passwd_keys.index(key)
-    @passwd_content ||= File.read(passwd_file)
-    @passwd_content.each_line do |line|
-      user = line.split(":")
-      if user[index] == value
-        return Hash[passwd_keys.zip(user)]
+
+    unless @users
+      unless Puppet::FileSystem.exist?(passwd_file)
+        raise Puppet::Error.new("Forcelocal set for user resource '#{resource[:name]}', but #{passwd_file} does not exist")
+      end
+
+      @users = []
+      Puppet::FileSystem.each_line(passwd_file) do |line|
+        user = line.chomp.split(':')
+        @users << Hash[passwd_keys.zip(user)]
       end
     end
-    false
+    @users.find { |param| param[key] == value } || false
   end
 
   def local_username
@@ -88,16 +102,56 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
     false
   end
 
+  def localgid
+    user = finduser(:account, resource[:name])
+    if user
+      begin
+        return Integer(user[:gid])
+      rescue ArgumentError
+        Puppet.debug("Non-numeric GID found in /etc/passwd for user #{resource[:name]}")
+        return user[:gid]
+      end
+    end
+    false
+  end
+
   def localcomment
     user = finduser(:account, resource[:name])
     user[:gecos]
   end
 
+  def localgroups
+    @groups_of ||= {}
+    group_file = '/etc/group'
+    user = resource[:name]
+
+    return @groups_of[user] if @groups_of[user]
+
+    @groups_of[user] = []
+
+    unless Puppet::FileSystem.exist?(group_file)
+      raise Puppet::Error.new("Forcelocal set for user resource '#{user}', but #{group_file} does not exist")
+    end
+
+    Puppet::FileSystem.each_line(group_file) do |line|
+      data = line.chomp.split(':')
+      if data.last.split(',').include?(user)
+        @groups_of[user] << data.first
+      end
+    end
+
+    @groups_of[user]
+  end
+
   def shell=(value)
     check_valid_shell
     set(:shell, value)
   end
 
+  def groups=(value)
+    set(:groups, value)
+  end
+
   verify :gid, "GID must be an integer" do |value|
     value.is_a? Integer
   end

data/lib/puppet/reference/configuration.rb

@@ -57,11 +57,12 @@ config.header = <<EOT
 * Each of these settings can be specified in `puppet.conf` or on the
   command line.
 * Puppet Enterprise (PE) and open source Puppet share the configuration settings
-  that are documented here. However, PE defaults for some settings differ from
-  the open source Puppet defaults. Some examples of settings that have different
-  PE defaults include `disable18n`, `environment_timeout`, `always_retry_plugins`,
-  and the Puppet Server JRuby `max-active-instances` setting. To verify PE
-  configuration defaults, check the `puppet.conf` file after installation.
+  documented here. However, PE defaults differ from open source defaults for some
+  settings, such as `node_terminus`, `storeconfigs`, `always_retry_plugins`,
+  `disable18n`, `environment_timeout` (when Code Manager is enabled), and the
+  Puppet Server JRuby `max-active-instances` setting. To verify PE configuration
+  defaults, check the `puppet.conf` or `pe-puppet-server.conf` file after
+  installation.
 * When using boolean settings on the command line, use `--setting` and
   `--no-setting` instead of `--setting (true|false)`. (Using `--setting false`
   results in "Error: Could not parse application options: needless argument".)

data/lib/puppet/settings.rb

@@ -34,6 +34,7 @@ class Puppet::Settings
   require 'puppet/settings/server_list_setting'
   require 'puppet/settings/http_extra_headers_setting'
   require 'puppet/settings/certificate_revocation_setting'
+  require 'puppet/settings/alias_setting'
 
   # local reference for convenience
   PuppetOptionParser = Puppet::Util::CommandLine::PuppetOptionParser
@@ -388,19 +389,6 @@ class Puppet::Settings
     call_hooks_deferred_to_application_initialization
     issue_deprecations
 
-    run_mode = Puppet::Util::RunMode[self.preferred_run_mode]
-    if run_mode.agent? || run_mode.server?
-      if self.set_in_section?(:masterport, run_mode.name) && !self.set_in_section?(:serverport, run_mode.name)
-        self[:serverport] = self[:masterport]
-      elsif self.set_by_config?(:masterport) && !self.set_by_config?(:serverport)
-        self[:serverport] = self[:masterport]
-      elsif self.set_in_section?(:serverport, run_mode.name) && !self.set_in_section?(:masterport, run_mode.name)
-        self[:masterport] = self[:serverport]
-      elsif self.set_by_config?(:serverport) && !self.set_by_config?(:masterport)
-        self[:masterport] = self[:serverport]
-      end
-    end
-
     REQUIRED_APP_SETTINGS.each do |key|
       create_ancestors(Puppet[key])
     end
@@ -747,7 +735,8 @@ class Puppet::Settings
       :autosign   => AutosignSetting,
       :server_list => ServerListSetting,
       :http_extra_headers => HttpExtraHeadersSetting,
-      :certificate_revocation => CertificateRevocationSetting
+      :certificate_revocation => CertificateRevocationSetting,
+      :alias => AliasSetting
   }
 
   # Create a new setting.  The value is passed in because it's used to determine
@@ -1285,27 +1274,37 @@ Generated on #{Time.now}.
   end
 
   def add_environment_resources(catalog, sections)
-    path = self[:environmentpath]
-    envdir = path.split(File::PATH_SEPARATOR).first if path
     configured_environment = self[:environment]
-    if configured_environment == "production" && envdir && Puppet::FileSystem.exist?(envdir)
-      configured_environment_path = File.join(envdir, configured_environment)
-      # If configured_environment_path is a symlink, assume the source path is being managed
-      # elsewhere, so don't do any of this configuration
-      if !Puppet::FileSystem.symlink?(configured_environment_path)
+
+    if configured_environment == "production" && !production_environment_exists?
+      environment_path = self[:environmentpath]
+      first_environment_path = environment_path.split(File::PATH_SEPARATOR).first
+
+      if Puppet::FileSystem.exist?(first_environment_path)
+        production_environment_path = File.join(first_environment_path, configured_environment)
         parameters = { :ensure => 'directory' }
-        unless Puppet::FileSystem.exist?(configured_environment_path)
-          parameters[:mode] = '0750'
-          if Puppet.features.root?
-            parameters[:owner] = Puppet[:user] if service_user_available?
-            parameters[:group] = Puppet[:group] if service_group_available?
-          end
+        parameters[:mode] = '0750'
+        if Puppet.features.root?
+          parameters[:owner] = Puppet[:user] if service_user_available?
+          parameters[:group] = Puppet[:group] if service_group_available?
         end
-        catalog.add_resource(Puppet::Resource.new(:file, configured_environment_path, :parameters => parameters))
+        catalog.add_resource(Puppet::Resource.new(:file, production_environment_path, :parameters => parameters))
       end
     end
   end
 
+  def production_environment_exists?
+    environment_path = self[:environmentpath]
+    paths = environment_path.split(File::PATH_SEPARATOR)
+
+    paths.any? do |path|
+      # If expected_path is a symlink, assume the source path is being managed
+      # elsewhere, so accept it also as a valid production environment path
+      expected_path = File.join(path, 'production')
+      Puppet::FileSystem.directory?(expected_path) || Puppet::FileSystem.symlink?(expected_path)
+    end
+  end
+
   def add_user_resources(catalog, sections)
     return unless Puppet.features.root?
     return if Puppet::Util::Platform.windows?
@@ -1406,6 +1405,12 @@ Generated on #{Time.now}.
         end
       end
 
+      setting  = @defaults[name]
+      if setting.respond_to?(:alias_name)
+        val  = lookup(setting.alias_name)
+        return val if val
+      end
+
       @defaults[name].default
     end
 

data/lib/puppet/settings/alias_setting.rb

@@ -0,0 +1,37 @@
+class Puppet::Settings::AliasSetting
+  attr_reader :name, :alias_name
+
+  def initialize(args = {})
+    @name = args[:name]
+    @alias_name = args[:alias_for]
+    @alias_for = Puppet.settings.setting(alias_name)
+  end
+
+  def optparse_args
+    args = @alias_for.optparse_args
+    args[0].gsub!(alias_name.to_s, name.to_s)
+    args
+  end
+
+  def getopt_args
+    args = @alias_for.getopt_args
+    args[0].gsub!(alias_name.to_s, name.to_s)
+    args
+  end
+
+  def type
+    :alias
+  end
+
+  def method_missing(method, *args)
+    begin
+      alias_for.send(method, *args)
+    rescue => e
+      Puppet.log_exception(self.class, e.message)
+    end
+  end
+
+  private
+
+  attr_reader :alias_for
+end

data/lib/puppet/settings/environment_conf.rb

@@ -29,6 +29,7 @@ class Puppet::Settings::EnvironmentConf
       section = config.sections[:main]
     rescue Errno::ENOENT
       # environment.conf is an optional file
+      Puppet.debug { "Path to #{path_to_env} does not exist, using default environment.conf" }
     end
 
     new(path_to_env, section, global_module_path)

data/lib/puppet/type/package.rb

@@ -422,10 +422,10 @@ module Puppet
     end
 
     newparam(:source) do
-      desc "Where to find the package file. This is only used by providers that don't
+      desc "Where to find the package file. This is mostly used by providers that don't
         automatically download packages from a central repository. (For example:
-        the `yum` and `apt` providers ignore this attribute, but the `rpm` and
-        `dpkg` providers require it.)
+        the `yum` provider ignores this attribute, `apt` provider uses it if present
+        and the `rpm` and `dpkg` providers require it.)
 
         Different providers accept different values for `source`. Most providers
         accept paths to local files stored on the target system. Some providers

data/lib/puppet/type/user.rb

@@ -465,7 +465,7 @@ module Puppet
       groups = obj.shouldorig if obj
       if groups
         groups = groups.collect { |group|
-          if group =~ /^\d+$/
+          if group.is_a?(String) && group =~/^\d+$/
             Integer(group)
           else
             group

data/lib/puppet/util/autoload.rb

@@ -166,14 +166,7 @@ class Puppet::Util::Autoload
     # Normalize a path. This converts ALT_SEPARATOR to SEPARATOR on Windows
     # and eliminates unnecessary parts of a path.
     def cleanpath(path)
-      # There are two cases here because cleanpath does not handle absolute
-      # paths correctly on windows (c:\ and c:/ are treated as distinct) but
-      # we don't want to convert relative paths to absolute
-      if Puppet::Util.absolute_path?(path)
-        File.expand_path(path)
-      else
-        Pathname.new(path).cleanpath.to_s
-      end
+      Pathname.new(path).cleanpath.to_s
     end
   end
 

data/lib/puppet/util/monkey_patches.rb

@@ -32,6 +32,13 @@ end
 # (#19151) Reject all SSLv2 ciphers and handshakes
 require 'puppet/ssl/openssl_loader'
 unless Puppet::Util::Platform.jruby_fips?
+  unless defined?(OpenSSL::SSL::TLS1_VERSION)
+    module OpenSSL::SSL
+      # see https://github.com/ruby/ruby/commit/609103dbb5fb182eec12f052226c43e39b907682#diff-09f822c26289f5347111795ca22ed7ed1cfadd6ebd28f987991d1d414eef565aR2755-R2759
+      OpenSSL::SSL::TLS1_VERSION = 0x301
+    end
+  end
+
   class OpenSSL::SSL::SSLContext
     if DEFAULT_PARAMS[:options]
       DEFAULT_PARAMS[:options] |= OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3

data/lib/puppet/util/posix.rb

@@ -12,11 +12,18 @@ module Puppet::Util::POSIX
   class << self
     # Returns an array of all the groups that the user's a member of.
     def groups_of(user)
-      groups = []
-      Puppet::Etc.group do |group|
-        groups << group.name if group.mem.include?(user)
+      begin
+        require 'puppet/ffi/posix'
+        groups = get_groups_list(user)
+      rescue StandardError, LoadError => e
+        Puppet.debug("Falling back to Puppet::Etc.group: #{e.message}")
+
+        groups = []
+        Puppet::Etc.group do |group|
+          groups << group.name if group.mem.include?(user)
+        end
       end
-  
+
       uniq_groups = groups.uniq
       if uniq_groups != groups
         Puppet.debug(_('Removing any duplicate group entries'))
@@ -24,6 +31,39 @@ module Puppet::Util::POSIX
 
       uniq_groups
     end
+
+    private
+    def get_groups_list(user)
+      raise LoadError, "The 'getgrouplist' method is not available" unless Puppet::FFI::POSIX::Functions.respond_to?(:getgrouplist)
+
+      user_gid = Puppet::Etc.getpwnam(user).gid
+      ngroups = Puppet::FFI::POSIX::Constants::MAXIMUM_NUMBER_OF_GROUPS
+
+      while true do # rubocop:disable Lint/LiteralInCondition
+        FFI::MemoryPointer.new(:int) do |ngroups_ptr|
+          FFI::MemoryPointer.new(:uint, ngroups) do |groups_ptr|
+            old_ngroups = ngroups
+            ngroups_ptr.write_int(ngroups)
+
+            if Puppet::FFI::POSIX::Functions::getgrouplist(user, user_gid, groups_ptr, ngroups_ptr) != -1
+              groups_gids = groups_ptr.get_array_of_uint(0, ngroups_ptr.read_int)
+
+              result = []
+              groups_gids.each do |group_gid|
+                group_info = Puppet::Etc.getgrgid(group_gid)
+                result |= [group_info.name] if group_info.mem.include?(user)
+              end
+              return result
+            end
+
+            ngroups = ngroups_ptr.read_int
+            if ngroups <= old_ngroups
+              ngroups *= 2
+            end
+          end
+        end
+      end
+    end
   end
 
   # Retrieve a field from a POSIX Etc object.  The id can be either an integer
@@ -144,8 +184,17 @@ module Puppet::Util::POSIX
       name = get_posix_field(location, :name, id)
       check_value = name
     end
+
     if check_value != field
-      return search_posix_field(location, id_field, field)
+      check_value_id = get_posix_field(location, id_field, check_value) if check_value
+
+      if id == check_value_id
+        Puppet.debug("Multiple entries found for resource: '#{location}' with #{id_field}: #{id}")
+        return id
+      else
+        Puppet.debug("The value retrieved: '#{check_value}' is different than the required state: '#{field}', searching in all entries")
+        return search_posix_field(location, id_field, field)
+      end
     else
       return id
     end