puppet 7.16.0-universal-darwin → 7.19.0-universal-darwin

data/spec/unit/provider/package/puppetserver_gem_spec.rb

@@ -105,9 +105,9 @@ describe Puppet::Type.type(:package).provider(:puppetserver_gem) do
 
   describe ".gemlist" do
     context "listing installed packages" do
-      it "uses the puppet rubygems library to list local gems" do
+      it "uses the puppet_gem provider_command to list local gems" do
         expected = { name: 'world_airports', provider: :puppetserver_gem, ensure: ['1.1.3'] }
-        expect(described_class).to receive(:execute_rubygems_list_command).with(nil).and_return(File.read(my_fixture('gem-list-local-packages')))
+        expect(described_class).to receive(:execute_rubygems_list_command).with(['gem', 'list', '--local']).and_return(File.read(my_fixture('gem-list-local-packages')))
         expect(described_class.gemlist({ local: true })).to include(expected)
       end
     end

data/spec/unit/provider/user/directoryservice_spec.rb

@@ -840,7 +840,7 @@ end
         expect(provider.class.get_salted_sha512_pbkdf2('iterations', pbkdf2_embedded_bplist_hash)).to be_a(Integer)
     end
     it "should raise an error if a field other than 'entropy', 'salt', or 'iterations' is passed" do
-      expect { provider.class.get_salted_sha512_pbkdf2('othervalue', pbkdf2_embedded_bplist_hash) }.to raise_error(Puppet::Error, /Puppet has tried to read an incorrect value from the SALTED-SHA512-PBKDF2 hash. Acceptable fields are 'salt', 'entropy', or 'iterations'/)
+      expect { provider.class.get_salted_sha512_pbkdf2('othervalue', pbkdf2_embedded_bplist_hash, 'test_user') }.to raise_error(Puppet::Error, /Puppet has tried to read an incorrect value from the user test_user in the SALTED-SHA512-PBKDF2 hash. Acceptable fields are 'salt', 'entropy', or 'iterations'/)
     end
   end
 

data/spec/unit/ssl/ssl_provider_spec.rb

@@ -113,12 +113,21 @@ describe Puppet::SSL::SSLProvider do
       }.to raise_error(/can't modify frozen/)
     end
 
-    it 'trusts system ca store' do
+    it 'trusts system ca store by default' do
       expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths)
 
       subject.create_system_context(cacerts: [])
     end
 
+    it 'trusts an external ca store' do
+      path = tmpfile('system_cacerts')
+      File.write(path, cert_fixture('ca.pem').to_pem)
+
+      expect_any_instance_of(OpenSSL::X509::Store).to receive(:add_file).with(path)
+
+      subject.create_system_context(cacerts: [], path: path)
+    end
+
     it 'verifies peer' do
       sslctx = subject.create_system_context(cacerts: [])
       expect(sslctx.verify_peer).to eq(true)
@@ -135,6 +144,47 @@ describe Puppet::SSL::SSLProvider do
       expect(sslctx.private_key).to be_nil
     end
 
+    it 'includes the client cert and private key when requested' do
+      Puppet[:hostcert] = fixtures('ssl/signed.pem')
+      Puppet[:hostprivkey] = fixtures('ssl/signed-key.pem')
+      sslctx = subject.create_system_context(cacerts: [], include_client_cert: true)
+      expect(sslctx.client_cert).to be_an(OpenSSL::X509::Certificate)
+      expect(sslctx.private_key).to be_an(OpenSSL::PKey::RSA)
+    end
+
+    it 'ignores non-existent client cert and private key when requested' do
+      Puppet[:certname] = 'doesnotexist'
+      sslctx = subject.create_system_context(cacerts: [], include_client_cert: true)
+      expect(sslctx.client_cert).to be_nil
+      expect(sslctx.private_key).to be_nil
+    end
+
+    it 'warns if the client cert does not exist' do
+      Puppet[:certname] = 'missingcert'
+      Puppet[:hostprivkey] = fixtures('ssl/signed-key.pem')
+
+      expect(Puppet).to receive(:warning).with("Client certificate for 'missingcert' does not exist")
+      subject.create_system_context(cacerts: [], include_client_cert: true)
+    end
+
+    it 'warns if the private key does not exist' do
+      Puppet[:certname] = 'missingkey'
+      Puppet[:hostcert] = fixtures('ssl/signed.pem')
+
+      expect(Puppet).to receive(:warning).with("Private key for 'missingkey' does not exist")
+      subject.create_system_context(cacerts: [], include_client_cert: true)
+    end
+
+    it 'raises if client cert and private key are mismatched' do
+      Puppet[:hostcert] = fixtures('ssl/signed.pem')
+      Puppet[:hostprivkey] = fixtures('ssl/127.0.0.1-key.pem')
+
+      expect {
+        subject.create_system_context(cacerts: [], include_client_cert: true)
+      }.to raise_error(Puppet::SSL::SSLError,
+        "The certificate for 'CN=signed' does not match its private key")
+    end
+
     it 'trusts additional system certs' do
       path = tmpfile('system_cacerts')
       File.write(path, cert_fixture('ca.pem').to_pem)
@@ -448,6 +498,18 @@ describe Puppet::SSL::SSLProvider do
       sslctx = subject.create_context(**config)
       expect(sslctx.verify_peer).to eq(true)
     end
+
+    it 'does not trust the system ca store by default' do
+      expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths).never
+
+      subject.create_context(**config)
+    end
+
+    it 'trusts the system ca store' do
+      expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths)
+
+      subject.create_context(**config.merge(include_system_store: true))
+    end
   end
 
   context 'when loading an ssl context' do
@@ -530,6 +592,18 @@ describe Puppet::SSL::SSLProvider do
         }.to raise_error(Puppet::SSL::SSLError, /Failed to load private key for host 'signed': Could not parse PKey/)
       end
     end
+
+    it 'does not trust the system ca store by default' do
+      expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths).never
+
+      subject.load_context
+    end
+
+    it 'trusts the system ca store' do
+      expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths)
+
+      subject.load_context(include_system_store: true)
+    end
   end
 
   context 'when verifying requests' do

data/spec/unit/ssl/state_machine_spec.rb

@@ -27,6 +27,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
   let(:refused_message) { %r{Connection refused|No connection could be made because the target machine actively refused it} }
 
   before(:each) do
+    Puppet[:daemonize] = false
     Puppet[:ssl_lockfile] = tmpfile('ssllock')
     allow(Kernel).to receive(:sleep)
   end

data/spec/unit/task_spec.rb

@@ -24,6 +24,7 @@ describe Puppet::Module::Task do
   it "constructs tasks as expected when every task has a metadata file with the same name (besides extension)" do
     task_files = %w{task1.json task1 task2.json task2.exe task3.json task3.sh}.map { |bn| "#{tasks_path}/#{bn}" }
     expect(Dir).to receive(:glob).with(tasks_glob).and_return(task_files)
+    task_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
     tasks = Puppet::Module::Task.tasks_in_module(mymod)
     allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({})
 
@@ -52,6 +53,7 @@ describe Puppet::Module::Task do
   it "constructs tasks as expected when some tasks don't have a metadata file" do
     task_files = %w{task1 task2.exe task3.json task3.sh}.map { |bn| "#{tasks_path}/#{bn}" }
     expect(Dir).to receive(:glob).with(tasks_glob).and_return(task_files)
+    task_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
     allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({})
     tasks = Puppet::Module::Task.tasks_in_module(mymod)
 
@@ -66,6 +68,7 @@ describe Puppet::Module::Task do
   it "constructs a task as expected when a task has implementations" do
     task_files = %w{task1.elf task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
     expect(Dir).to receive(:glob).with(tasks_glob).and_return(task_files)
+    task_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
     tasks = Puppet::Module::Task.tasks_in_module(mymod)
     allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({'implementations' => [{"name" => "task1.sh"}]})
 
@@ -78,6 +81,7 @@ describe Puppet::Module::Task do
   it "constructs a task as expected when task metadata declares additional files" do
     task_files = %w{task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
     expect(Dir).to receive(:glob).with(tasks_glob).and_return(task_files)
+    task_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
     expect(Puppet::Module::Task).to receive(:find_extra_files).and_return([{'name' => 'mymod/lib/file0.elf', 'path' => "/path/to/file0.elf"}])
     tasks = Puppet::Module::Task.tasks_in_module(mymod)
     allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({'files' => ["mymod/lib/file0.elf"]})
@@ -91,6 +95,7 @@ describe Puppet::Module::Task do
   it "constructs a task as expected when a task implementation declares additional files" do
     task_files = %w{task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
     expect(Dir).to receive(:glob).with(tasks_glob).and_return(task_files)
+    task_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
     expect(Puppet::Module::Task).to receive(:find_extra_files).and_return([{'name' => 'mymod/lib/file0.elf', 'path' => "/path/to/file0.elf"}])
     tasks = Puppet::Module::Task.tasks_in_module(mymod)
     allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({'implementations' => [{"name" => "task1.sh", "files" => ["mymod/lib/file0.elf"]}]})
@@ -104,6 +109,7 @@ describe Puppet::Module::Task do
   it "constructs a task as expected when task metadata and a task implementation both declare additional files" do
     task_files = %w{task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
     expect(Dir).to receive(:glob).with(tasks_glob).and_return(task_files)
+    task_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
     expect(Puppet::Module::Task).to receive(:find_extra_files).and_return([
       {'name' => 'mymod/lib/file0.elf', 'path' => "/path/to/file0.elf"},
       {'name' => 'yourmod/files/file1.txt', 'path' => "/other/path/to/file1.txt"}
@@ -124,6 +130,7 @@ describe Puppet::Module::Task do
   it "constructs a task as expected when a task has files" do
     og_files = %w{task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
     expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
+    og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
     expect(File).to receive(:exist?).with(any_args).and_return(true).at_least(:once)
 
     expect(Puppet::Module).to receive(:find).with(othermod.name, "production").and_return(othermod).at_least(:once)
@@ -139,6 +146,7 @@ describe Puppet::Module::Task do
   it "fails to load a task if its metadata specifies a non-existent file" do
     og_files = %w{task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
     allow(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
+    og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
     allow(File).to receive(:exist?).with(any_args).and_return(true)
 
     expect(Puppet::Module).to receive(:find).with(othermod.name, "production").and_return(nil).at_least(:once)
@@ -149,7 +157,9 @@ describe Puppet::Module::Task do
   end
 
   it "finds files whose names (besides extensions) are valid task names" do
-    expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task task_1 xx_t_a_s_k_2_xx})
+    og_files = %w{task task_1 xx_t_a_s_k_2_xx}.map { |bn| "#{tasks_path}/#{bn}" }
+    expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
+    og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
     tasks = Puppet::Module::Task.tasks_in_module(mymod)
 
     expect(tasks.count).to eq(3)
@@ -157,7 +167,9 @@ describe Puppet::Module::Task do
   end
 
   it "ignores files that have names (besides extensions) that are not valid task names" do
-    expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{.nottask.exe .wat !runme _task 2task2furious def_a_task_PSYCH Fake_task not-a-task realtask})
+    og_files = %w{.nottask.exe .wat !runme _task 2task2furious def_a_task_PSYCH Fake_task not-a-task realtask}.map { |bn| "#{tasks_path}/#{bn}" }
+    expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
+    og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
     tasks = Puppet::Module::Task.tasks_in_module(mymod)
 
     expect(tasks.count).to eq(1)
@@ -165,13 +177,24 @@ describe Puppet::Module::Task do
   end
 
   it "ignores files that have names ending in .conf and .md" do
-    expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{ginuwine_task task.conf readme.md other_task.md})
+    og_files = %w{ginuwine_task task.conf readme.md other_task.md}.map { |bn| "#{tasks_path}/#{bn}" }
+    expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
+    og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
     tasks = Puppet::Module::Task.tasks_in_module(mymod)
 
     expect(tasks.count).to eq(1)
     expect(tasks.map{|t| t.name}).to eq(%w{mymod::ginuwine_task})
   end
 
+  it "ignores files which are not regular files" do
+    og_files = %w{foo}.map { |bn| "#{tasks_path}/#{bn}" }
+    expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
+    og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(false) }
+    tasks = Puppet::Module::Task.tasks_in_module(mymod)
+
+    expect(tasks.count).to eq(0)
+  end
+
   it "gives the 'init' task a name that is just the module's name" do
     expect(Puppet::Module::Task.new(mymod, 'init', ["#{tasks_path}/init.sh"]).name).to eq('mymod')
   end
@@ -179,7 +202,9 @@ describe Puppet::Module::Task do
   describe :metadata do
     it "loads metadata for a task" do
       metadata  = {'desciption': 'some info'}
-      expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.exe task1.json})
+      og_files = %w{task1.exe task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
+      expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
+      og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
       allow(Puppet::Module::Task).to receive(:read_metadata).and_return(metadata)
 
       tasks = Puppet::Module::Task.tasks_in_module(mymod)
@@ -189,7 +214,9 @@ describe Puppet::Module::Task do
     end
 
     it 'returns nil for metadata if no file is present' do
-      expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.exe})
+      og_files = %w{task1.exe}.map { |bn| "#{tasks_path}/#{bn}" }
+      expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
+      og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
       tasks = Puppet::Module::Task.tasks_in_module(mymod)
 
       expect(tasks.count).to eq(1)
@@ -212,7 +239,9 @@ describe Puppet::Module::Task do
 
   describe :validate do
     it "validates when there is no metadata" do
-      expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.exe})
+      og_files = %w{task1.exe}.map { |bn| "#{tasks_path}/#{bn}" }
+      expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
+      og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
 
       tasks = Puppet::Module::Task.tasks_in_module(mymod)
 
@@ -223,7 +252,9 @@ describe Puppet::Module::Task do
     it "validates when an implementation isn't used" do
       metadata  = {'desciption' => 'some info',
         'implementations' => [ {"name" => "task1.exe"}, ] }
-      expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.exe task1.sh task1.json})
+      og_files = %w{task1.exe task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
+      expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
+      og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
       allow(Puppet::Module::Task).to receive(:read_metadata).and_return(metadata)
 
       tasks = Puppet::Module::Task.tasks_in_module(mymod)
@@ -235,7 +266,9 @@ describe Puppet::Module::Task do
     it "validates when an implementation is another task" do
       metadata  = {'desciption' => 'some info',
                    'implementations' => [ {"name" => "task2.sh"}, ] }
-      expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.exe task2.sh task1.json})
+      og_files = %w{task1.exe task2.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
+      expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
+      og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
       allow(Puppet::Module::Task).to receive(:read_metadata).and_return(metadata)
 
       tasks = Puppet::Module::Task.tasks_in_module(mymod)
@@ -245,7 +278,9 @@ describe Puppet::Module::Task do
     end
 
     it "fails validation when there is no metadata and multiple task files" do
-      expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.elf task1.exe task1.json task2.ps1 task2.sh})
+      og_files = %w{task1.elf task1.exe task1.json task2.ps1 task2.sh}.map { |bn| "#{tasks_path}/#{bn}" }
+      expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
+      og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
       tasks = Puppet::Module::Task.tasks_in_module(mymod)
       allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({})
 
@@ -255,7 +290,9 @@ describe Puppet::Module::Task do
     end
 
     it "fails validation when an implementation references a non-existant file" do
-      expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.elf task1.exe task1.json})
+      og_files = %w{task1.elf task1.exe task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
+      expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
+      og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
       tasks = Puppet::Module::Task.tasks_in_module(mymod)
       allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({'implementations' => [ { 'name' => 'task1.sh' } ] })
 
@@ -265,7 +302,9 @@ describe Puppet::Module::Task do
     end
 
     it 'fails validation when there is metadata but no executable' do
-      expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.json task2.sh})
+      og_files = %w{task1.json task2.sh}.map { |bn| "#{tasks_path}/#{bn}" }
+      expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
+      og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
       tasks = Puppet::Module::Task.tasks_in_module(mymod)
       allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({})
 
@@ -273,7 +312,9 @@ describe Puppet::Module::Task do
     end
 
     it 'fails validation when the implementations are not an array' do
-      expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.json task2.sh})
+      og_files = %w{task1.json task2.sh}.map { |bn| "#{tasks_path}/#{bn}" }
+      expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
+      og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
       tasks = Puppet::Module::Task.tasks_in_module(mymod)
       allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({"implemenations" => {}})
 
@@ -281,7 +322,9 @@ describe Puppet::Module::Task do
     end
 
     it 'fails validation when the implementation is json' do
-      expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.json task1.sh})
+      og_files = %w{task1.json task1.sh}.map { |bn| "#{tasks_path}/#{bn}" }
+      expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
+      og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
       tasks = Puppet::Module::Task.tasks_in_module(mymod)
       allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({'implementations' => [ { 'name' => 'task1.json' } ] })
 

data/spec/unit/util/resource_template_spec.rb

@@ -39,7 +39,7 @@ describe Puppet::Util::ResourceTemplate do
 
     it "should create a template instance with the contents of the file" do
       expect(Puppet::FileSystem).to receive(:read).with("/my/template", :encoding => 'utf-8').and_return("yay")
-      expect(ERB).to receive(:new).with("yay", 0, "-").and_return(@template)
+      expect(Puppet::Util).to receive(:create_erb).with("yay").and_return(@template)
 
       allow(@wrapper).to receive(:set_resource_variables)
 

data/spec/unit/util/selinux_spec.rb

@@ -65,6 +65,7 @@ describe Puppet::Util::SELinux do
         '/'        => 'ext3',
         '/sys'     => 'sysfs',
         '/mnt/nfs' => 'nfs',
+        '/mnt/zfs' => 'zfs',
         '/proc'    => 'proc',
         '/dev'     => 'tmpfs' })
     end
@@ -85,6 +86,10 @@ describe Puppet::Util::SELinux do
       expect(selinux_label_support?('/dev/shm/testfile')).to be_truthy
     end
 
+    it "should return true if zfs" do
+      expect(selinux_label_support?('/mnt/zfs/testfile')).to be_truthy
+    end
+
     it "should return false for a noncapable filesystem" do
       expect(selinux_label_support?('/mnt/nfs/testfile')).to be_falsey
     end

data/spec/unit/util_spec.rb

@@ -625,7 +625,7 @@ describe Puppet::Util do
       Puppet::Util.safe_posix_fork
     end
 
-    it "should close all open file descriptors except stdin/stdout/stderr when /proc/self/fd doesn't exists" do
+    it "should close all open file descriptors except stdin/stdout/stderr when /proc/self/fd doesn't exist" do
       # This is ugly, but I can't really think of a better way to do it without
       # letting it actually close fds, which seems risky
       (0..2).each {|n| expect(IO).not_to receive(:new).with(n)}
@@ -635,6 +635,16 @@ describe Puppet::Util do
       Puppet::Util.safe_posix_fork
     end
 
+    it "should close all open file descriptors except stdin/stdout/stderr when /proc/self is not a directory" do
+      # This is ugly, but I can't really think of a better way to do it without
+      # letting it actually close fds, which seems risky
+      (0..2).each {|n| expect(IO).not_to receive(:new).with(n)}
+      (3..256).each {|n| expect(IO).to receive(:new).with(n).and_return(double('io', close: nil))  }
+      allow(Dir).to receive(:foreach).with('/proc/self/fd').and_raise(Errno::ENOTDIR)
+
+      Puppet::Util.safe_posix_fork
+    end
+
     it "should fork a child process to execute the block" do
       expect(Kernel).to receive(:fork).and_return(pid).and_yield
 

data/tasks/generate_cert_fixtures.rake

@@ -37,14 +37,15 @@ task(:gen_cert_fixtures) do
   #                                   |   |
   # signed.pem                        |   +- /CN=signed
   # revoked.pem                       |   +- /CN=revoked
-  # 127.0.0.1.pem                     |   +- /CN=127.0.0.1 (with dns alt names)
   # tampered-cert.pem                 |   +- /CN=signed (with different public key)
   # ec.pem                            |   +- /CN=ec (with EC private key)
   # oid.pem                           |   +- /CN=oid (with custom oid)
   #                                   |
-  #                                   + /CN=Test CA Agent Subauthority
-  #                                   |  |
-  # pluto.pem                         |  +- /CN=pluto
+  # 127.0.0.1.pem                     +- /CN=127.0.0.1 (with dns alt names)
+  #                                   |
+  # intermediate-agent.pem            +- /CN=Test CA Agent Subauthority
+  #                                   |   |
+  # pluto.pem                         |   +- /CN=pluto
   #                                   |
   # bad-int-basic-constraints.pem     +- /CN=Test CA Subauthority (bad isCA constraint)
   #

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppet
 version: !ruby/object:Gem::Version
-  version: 7.16.0
+  version: 7.19.0
 platform: universal-darwin
 authors:
 - Puppet Labs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-04-14 00:00:00.000000000 Z
+date: 2022-09-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter