puppet 8.6.0 → 8.8.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (94) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +7 -2
  3. data/Gemfile.lock +63 -53
  4. data/Rakefile +45 -22
  5. data/examples/hiera/README.md +68 -57
  6. data/examples/hiera/data/common.yaml +12 -0
  7. data/examples/hiera/data/dc1.yaml +6 -0
  8. data/examples/hiera/hiera.yaml +15 -0
  9. data/examples/hiera/modules/ntp/data/common.yaml +4 -0
  10. data/examples/hiera/modules/ntp/hiera.yaml +9 -0
  11. data/examples/hiera/modules/ntp/manifests/config.pp +16 -4
  12. data/examples/hiera/modules/ntp/templates/ntp.conf.epp +3 -0
  13. data/examples/hiera/modules/users/manifests/common.pp +7 -2
  14. data/examples/hiera/modules/users/manifests/dc1.pp +7 -2
  15. data/examples/hiera/site.pp +1 -1
  16. data/ext/project_data.yaml +0 -45
  17. data/ext/windows/service/daemon.rb +9 -2
  18. data/lib/puppet/application/doc.rb +1 -5
  19. data/lib/puppet/application/lookup.rb +2 -0
  20. data/lib/puppet/defaults.rb +5 -19
  21. data/lib/puppet/file_serving/http_metadata.rb +2 -0
  22. data/lib/puppet/functions/regsubst.rb +11 -14
  23. data/lib/puppet/indirector/catalog/compiler.rb +2 -35
  24. data/lib/puppet/module_tool/tar/gnu.rb +10 -8
  25. data/lib/puppet/node/server_facts.rb +43 -0
  26. data/lib/puppet/parser/functions/generate.rb +2 -1
  27. data/lib/puppet/pops/evaluator/deferred_resolver.rb +41 -6
  28. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +2 -1
  29. data/lib/puppet/pops/evaluator/runtime3_support.rb +0 -6
  30. data/lib/puppet/pops/loader/static_loader.rb +2 -2
  31. data/lib/puppet/pops/lookup/module_data_provider.rb +9 -9
  32. data/lib/puppet/provider/aix_object.rb +1 -1
  33. data/lib/puppet/provider/file/posix.rb +16 -2
  34. data/lib/puppet/provider/group/groupadd.rb +30 -9
  35. data/lib/puppet/provider/package/gem.rb +1 -0
  36. data/lib/puppet/provider/package/pkgutil.rb +6 -5
  37. data/lib/puppet/provider/package/puppet_gem.rb +4 -15
  38. data/lib/puppet/provider/package/xbps.rb +127 -0
  39. data/lib/puppet/type/exec.rb +8 -0
  40. data/lib/puppet/type/file/selcontext.rb +7 -6
  41. data/lib/puppet/type/file/target.rb +9 -11
  42. data/lib/puppet/util/command_line/trollop.rb +20 -2
  43. data/lib/puppet/util/execution.rb +1 -1
  44. data/lib/puppet/util/reference.rb +1 -30
  45. data/lib/puppet/util/rpm_compare.rb +1 -1
  46. data/lib/puppet/util/run_mode.rb +40 -0
  47. data/lib/puppet/util/selinux.rb +14 -4
  48. data/lib/puppet/util/windows/com.rb +2 -2
  49. data/lib/puppet/util/windows/daemon.rb +15 -32
  50. data/lib/puppet/version.rb +1 -1
  51. data/locales/puppet.pot +648 -648
  52. data/man/man5/puppet.conf.5 +2 -2
  53. data/man/man8/puppet-agent.8 +1 -1
  54. data/man/man8/puppet-apply.8 +1 -1
  55. data/man/man8/puppet-catalog.8 +1 -1
  56. data/man/man8/puppet-config.8 +1 -1
  57. data/man/man8/puppet-describe.8 +1 -1
  58. data/man/man8/puppet-device.8 +1 -1
  59. data/man/man8/puppet-doc.8 +1 -1
  60. data/man/man8/puppet-epp.8 +1 -1
  61. data/man/man8/puppet-facts.8 +1 -1
  62. data/man/man8/puppet-filebucket.8 +1 -1
  63. data/man/man8/puppet-generate.8 +1 -1
  64. data/man/man8/puppet-help.8 +1 -1
  65. data/man/man8/puppet-lookup.8 +1 -1
  66. data/man/man8/puppet-module.8 +1 -1
  67. data/man/man8/puppet-node.8 +1 -1
  68. data/man/man8/puppet-parser.8 +1 -1
  69. data/man/man8/puppet-plugin.8 +1 -1
  70. data/man/man8/puppet-report.8 +1 -1
  71. data/man/man8/puppet-resource.8 +1 -1
  72. data/man/man8/puppet-script.8 +1 -1
  73. data/man/man8/puppet-ssl.8 +1 -1
  74. data/man/man8/puppet.8 +2 -2
  75. metadata +56 -51
  76. data/examples/hiera/etc/hiera.yaml +0 -15
  77. data/examples/hiera/etc/hieradb/common.yaml +0 -3
  78. data/examples/hiera/etc/hieradb/dc1.yaml +0 -6
  79. data/examples/hiera/etc/hieradb/development.yaml +0 -2
  80. data/examples/hiera/etc/puppet.conf +0 -3
  81. data/examples/hiera/modules/data/manifests/common.pp +0 -4
  82. data/examples/hiera/modules/ntp/manifests/data.pp +0 -4
  83. data/examples/hiera/modules/ntp/templates/ntp.conf.erb +0 -3
  84. data/examples/hiera/modules/users/manifests/development.pp +0 -4
  85. data/tasks/benchmark.rake +0 -180
  86. data/tasks/cfpropertylist.rake +0 -15
  87. data/tasks/ci.rake +0 -24
  88. data/tasks/generate_ast_model.rake +0 -90
  89. data/tasks/generate_cert_fixtures.rake +0 -199
  90. data/tasks/manpages.rake +0 -67
  91. data/tasks/memwalk.rake +0 -195
  92. data/tasks/parallel.rake +0 -410
  93. data/tasks/parser.rake +0 -22
  94. data/tasks/yard.rake +0 -59
data/tasks/benchmark.rake DELETED
@@ -1,180 +0,0 @@
1
- require 'benchmark'
2
- require 'tmpdir'
3
- require 'csv'
4
- require 'objspace'
5
-
6
- namespace :benchmark do
7
- def generate_scenario_tasks(location, name)
8
- desc File.read(File.join(location, 'description'))
9
- task name => "#{name}:run"
10
- # Load a BenchmarkerTask to handle config of the benchmark
11
- task_handler_file = File.expand_path(File.join(location, 'benchmarker_task.rb'))
12
- if File.exist?(task_handler_file)
13
- require task_handler_file
14
- run_args = BenchmarkerTask.run_args
15
- else
16
- run_args = []
17
- end
18
-
19
- namespace name do
20
- task :setup do
21
- ENV['ITERATIONS'] ||= '10'
22
- ENV['SIZE'] ||= '100'
23
- ENV['TARGET'] ||= Dir.mktmpdir(name)
24
- ENV['TARGET'] = File.expand_path(ENV['TARGET'])
25
-
26
- mkdir_p(ENV['TARGET'])
27
-
28
- require File.expand_path(File.join(location, 'benchmarker.rb'))
29
-
30
- @benchmark = Benchmarker.new(ENV['TARGET'], ENV['SIZE'].to_i)
31
- end
32
-
33
- task :generate => :setup do
34
- @benchmark.generate
35
- @benchmark.setup
36
- end
37
-
38
- desc "Run the #{name} scenario."
39
- task :run, [*run_args] => :generate do |_, args|
40
- report = []
41
- details = []
42
- Benchmark.benchmark(Benchmark::CAPTION, 10, Benchmark::FORMAT, "> total:", "> avg:") do |b|
43
- times = []
44
- ENV['ITERATIONS'].to_i.times do |i|
45
- start_time = Time.now.to_i
46
- times << b.report("Run #{i + 1}") do
47
- details << @benchmark.run(args)
48
- end
49
- report << [to_millis(start_time), to_millis(times.last.real), 200, true, name]
50
- end
51
-
52
- sum = times.inject(Benchmark::Tms.new, &:+)
53
-
54
- [sum, sum / times.length]
55
- end
56
-
57
- write_csv("#{name}.samples",
58
- %w{timestamp elapsed responsecode success name},
59
- report)
60
-
61
- # report details, if any were produced
62
- if details[0].is_a?(Array) && details[0][0].is_a?(Benchmark::Tms)
63
- # assume all entries are Tms if the first is
64
- # turn each into a hash of label => tms (since labels are lost when doing arithmetic on Tms)
65
- hashed = details.reduce([]) do |memo, measures|
66
- memo << measures.reduce({}) {|memo2, measure| memo2[measure.label] = measure; memo2}
67
- memo
68
- end
69
- # sum across all hashes
70
- result = {}
71
-
72
- hashed_totals = hashed.reduce {|memo, h| memo.merge(h) {|k, old, new| old + new }}
73
- # average the totals
74
- hashed_totals.keys.each {|k| hashed_totals[k] /= details.length }
75
- min_width = 14
76
- max_width = (hashed_totals.keys.map(&:length) << min_width).max
77
- puts "\n"
78
- puts sprintf("%2$*1$s %3$s", -max_width, 'Details (avg)', " user system total real")
79
- puts "-" * (46 + max_width)
80
- hashed_totals.sort.each {|k,v| puts sprintf("%2$*1$s %3$s", -max_width, k, v.format) }
81
- end
82
- end
83
-
84
- desc "Profile a single run of the #{name} scenario."
85
- task :profile, [:warm_up_runs, *run_args] => :generate do |_, args|
86
- warm_up_runs = (args[:warm_up_runs] || '0').to_i
87
- warm_up_runs.times do
88
- @benchmark.run(args)
89
- end
90
-
91
- require 'ruby-prof'
92
-
93
- result = RubyProf.profile do
94
- @benchmark.run(args)
95
- end
96
-
97
- printer = RubyProf::CallTreePrinter.new(result)
98
- printer.print(:profile => name, :path => ENV['TARGET'])
99
- path = File.join(ENV['TARGET'], "#{name}.callgrind.out.#{$$}")
100
- puts "Generated callgrind file: #{path}"
101
- end
102
-
103
- desc "Print a memory profile of the #{name} scenario."
104
- task :memory_profile, [*run_args] => :generate do |_, args|
105
- begin
106
- require 'memory_profiler'
107
- rescue LoadError
108
- abort("Run `bundle install --with development` to install the 'memory_profiler' gem.")
109
- end
110
-
111
- report = MemoryProfiler.report do
112
- @benchmark.run(args)
113
- end
114
-
115
- path = "mem_profile_#{$PID}"
116
- report.pretty_print(to_file: path)
117
-
118
- puts "Generated memory profile: #{File.absolute_path(path)}"
119
- end
120
-
121
- desc "Generate a heap dump with object allocation tracing of the #{name} scenario."
122
- task :heap_dump, [*run_args] => :generate do |_, args|
123
- ObjectSpace.trace_object_allocations_start
124
-
125
- if ENV['DISABLE_GC']
126
- GC.disable
127
- end
128
-
129
- @benchmark.run(args)
130
-
131
- unless ENV['DISABLE_GC']
132
- GC.start
133
- end
134
-
135
- path = "heap_#{$PID}.json"
136
- File.open(path, 'w') do |file|
137
- ObjectSpace.dump_all(output: file)
138
- end
139
-
140
- puts "Generated heap dump: #{File.absolute_path(path)}"
141
- end
142
-
143
- def to_millis(seconds)
144
- (seconds * 1000).round
145
- end
146
-
147
- def write_csv(file, header, data)
148
- CSV.open(file, 'w') do |csv|
149
- csv << header
150
- data.each do |line|
151
- csv << line
152
- end
153
- end
154
- end
155
- end
156
- end
157
-
158
- scenarios = []
159
- Dir.glob('benchmarks/*') do |location|
160
- name = File.basename(location)
161
- scenarios << name
162
- generate_scenario_tasks(location, File.basename(location))
163
- end
164
-
165
- namespace :all do
166
- desc "Profile all of the scenarios. (#{scenarios.join(', ')})"
167
- task :profile do
168
- scenarios.each do |name|
169
- sh "rake benchmark:#{name}:profile"
170
- end
171
- end
172
-
173
- desc "Run all of the scenarios. (#{scenarios.join(', ')})"
174
- task :run do
175
- scenarios.each do |name|
176
- sh "rake benchmark:#{name}:run"
177
- end
178
- end
179
- end
180
- end
@@ -1,15 +0,0 @@
1
- task 'cfpropertylist' do
2
- if defined? Pkg::Config and Pkg::Config.project_root
3
- cfp_version = "2.3.5"
4
- libdir = File.join(Pkg::Config.project_root, "lib")
5
- source = "https://github.com/ckruse/CFPropertyList/archive/cfpropertylist-#{cfp_version}.tar.gz"
6
- target_dir = Pkg::Util::File.mktemp
7
- target = File.join(target_dir, "cfpropertylist")
8
- Pkg::Util::Net.fetch_uri(source, target)
9
- Pkg::Util::File.untar_into(target, target_dir, "--strip-components 1")
10
- mv(Dir.glob("#{File.join(target_dir, "lib")}/cfpropertylist*"), libdir)
11
- mv(Dir.glob("#{target_dir}/{LICENSE,README,THANKS}"), File.join(libdir, "cfpropertylist"))
12
- else
13
- warn "It looks like the packaging tasks have not been loaded. You'll need to `rake package:bootstrap` before using this task"
14
- end
15
- end
data/tasks/ci.rake DELETED
@@ -1,24 +0,0 @@
1
- require 'yaml'
2
- require 'time'
3
-
4
- namespace "ci" do
5
- desc "Tar up the acceptance/ directory so that package test runs have tests to run against."
6
- task :acceptance_artifacts => :tag_creator do
7
- Dir.chdir("acceptance") do
8
- rm_f "acceptance-artifacts.tar.gz"
9
- sh "tar -czv --exclude .bundle -f acceptance-artifacts.tar.gz *"
10
- end
11
- end
12
-
13
- task :tag_creator do
14
- Dir.chdir("acceptance") do
15
- File.open('creator.txt', 'w') do |fh|
16
- YAML.dump({
17
- 'creator_id' => ENV['CREATOR'] || ENV['BUILD_URL'] || 'unknown',
18
- 'created_on' => Time.now.iso8601,
19
- 'commit' => (`git log -1 --oneline` rescue "unknown: #{$!}")
20
- }, fh)
21
- end
22
- end
23
- end
24
- end
@@ -1,90 +0,0 @@
1
- begin
2
- require 'puppet'
3
- rescue LoadError
4
- #nothing to see here
5
- else
6
- desc "Generate the Pcore model that represents the AST for the Puppet Language"
7
- task :gen_pcore_ast do
8
- Puppet::Pops.generate_ast
9
- end
10
-
11
- module Puppet::Pops
12
- def self.generate_ast
13
- Puppet.initialize_settings
14
- env = Puppet.lookup(:environments).get(Puppet[:environment])
15
- loaders = Loaders.new(env)
16
- ast_pp = Pathname(__FILE__).parent.parent + 'lib/puppet/pops/model/ast.pp'
17
- Puppet.override(:current_environment => env, :loaders => loaders) do
18
- ast_factory = Parser::Parser.new.parse_file(ast_pp.expand_path.to_s)
19
- ast_model = Types::TypeParser.singleton.interpret(
20
- ast_factory.model.body, Loader::PredefinedLoader.new(loaders.find_loader(nil), 'TypeSet loader'))
21
-
22
- ruby = Types::RubyGenerator.new.module_definition_from_typeset(ast_model)
23
-
24
- # Replace ref() constructs to known Pcore types with directly initialized types. ref() cannot be used
25
- # since it requires a parser (chicken-and-egg problem)
26
- ruby.gsub!(/^module Parser\nmodule Locator\n.*\nend\nend\nmodule Model\n/m, "module Model\n")
27
-
28
- # Remove generated RubyMethod annotations. The ruby methods are there now, no need to also have
29
- # the annotations present.
30
- ruby.gsub!(/^\s+'annotations' => \{\n\s+ref\('RubyMethod'\) => \{\n.*\n\s+\}\n\s+\},\n/, '')
31
-
32
- ruby.gsub!(/ref\('([A-Za-z]+)'\)/, 'Types::P\1Type::DEFAULT')
33
- ruby.gsub!(/ref\('Optional\[([0-9A-Za-z_]+)\]'\)/, 'Types::POptionalType.new(Types::P\1Type::DEFAULT)')
34
- ruby.gsub!(/ref\('Array\[([0-9A-Za-z_]+)\]'\)/, 'Types::PArrayType.new(Types::P\1Type::DEFAULT)')
35
- ruby.gsub!(/ref\('Optional\[Array\[([0-9A-Za-z_]+)\]\]'\)/,
36
- 'Types::POptionalType.new(Types::PArrayType.new(Types::P\1Type::DEFAULT))')
37
- ruby.gsub!(/ref\('Enum(\[[^\]]+\])'\)/) do |match|
38
- params = $1
39
- params.gsub!(/\\'/, '\'')
40
- "Types::PEnumType.new(#{params})"
41
- end
42
-
43
- # Replace ref() constructs with references to _pcore_type of the types in the module namespace
44
- ruby.gsub!(/ref\('Puppet::AST::Locator'\)/, 'Parser::Locator::Locator19._pcore_type')
45
- ruby.gsub!(/ref\('Puppet::AST::([0-9A-Za-z_]+)'\)/, '\1._pcore_type')
46
- ruby.gsub!(/ref\('Optional\[Puppet::AST::([0-9A-Za-z_]+)\]'\)/, 'Types::POptionalType.new(\1._pcore_type)')
47
- ruby.gsub!(/ref\('Array\[Puppet::AST::([0-9A-Za-z_]+)\]'\)/, 'Types::PArrayType.new(\1._pcore_type)')
48
- ruby.gsub!(/ref\('Array\[Puppet::AST::([0-9A-Za-z_]+), 1, default\]'\)/,
49
- 'Types::PArrayType.new(\1._pcore_type, Types::PCollectionType::NOT_EMPTY_SIZE)')
50
-
51
- # Remove the generated ref() method. It's not needed by this model
52
- ruby.gsub!(/ def self\.ref\(type_string\)\n.*\n end\n\n/, '')
53
-
54
- # Add Program#current method for backward compatibility
55
- ruby.gsub!(/(attr_reader :body\n attr_reader :definitions\n attr_reader :locator)/, "\\1\n\n def current\n self\n end")
56
-
57
- # Replace the generated registration with a registration that uses the static loader. This will
58
- # become part of the Puppet bootstrap code and there will be no other loader until we have a
59
- # parser.
60
- ruby.gsub!(/^Puppet::Pops::Pcore.register_implementations\((\[[^\]]+\])\)/, <<-RUBY)
61
-
62
- module Model
63
- @@pcore_ast_initialized = false
64
- def self.register_pcore_types
65
- return if @@pcore_ast_initialized
66
- @@pcore_ast_initialized = true
67
- all_types = \\1
68
-
69
- # Create and register a TypeSet that corresponds to all types in the AST model
70
- types_map = {}
71
- all_types.each do |type|
72
- types_map[type._pcore_type.simple_name] = type._pcore_type
73
- end
74
- type_set = Types::PTypeSetType.new({
75
- 'name' => 'Puppet::AST',
76
- 'pcore_version' => '1.0.0',
77
- 'types' => types_map
78
- })
79
- loc = Puppet::Util.path_to_uri("\#{__FILE__}")
80
- Loaders.static_loader.set_entry(Loader::TypedName.new(:type, 'puppet::ast', Pcore::RUNTIME_NAME_AUTHORITY), type_set, URI("\#{loc}?line=1"))
81
- Loaders.register_static_implementations(all_types)
82
- end
83
- end
84
- RUBY
85
- ast_rb = Pathname(__FILE__).parent.parent + 'lib/puppet/pops/model/ast.rb'
86
- File.open(ast_rb.to_s, 'w') { |f| f.write(ruby) }
87
- end
88
- end
89
- end
90
- end
@@ -1,199 +0,0 @@
1
- # Run this rake task to generate cert fixtures used in unit tests. This should
2
- # be run whenever new fixtures are required that derive from the existing ones
3
- # such as to add an extension to client certs, change expiration, etc. All
4
- # regenerated fixtures should be committed together.
5
- desc "Generate cert test fixtures"
6
- task(:gen_cert_fixtures) do
7
- $LOAD_PATH << File.expand_path(File.join(File.dirname(__FILE__), '../spec/lib'))
8
- require 'puppet/test_ca'
9
-
10
- def save(dir, name, x509)
11
- path = File.join(dir, name)
12
- puts "Generating #{path}"
13
- File.open(path, 'w') do |f|
14
- f.write(x509.to_text)
15
- text = if block_given?
16
- yield x509
17
- else
18
- x509.to_pem
19
- end
20
-
21
- f.write(text)
22
- end
23
- end
24
-
25
- # This task generates a PKI consisting of a root CA, intermediate CA and
26
- # several leaf certs. A CRL is generated for each CA. The root CA CRL is
27
- # empty, while the intermediate CA CRL contains the revoked cert's serial
28
- # number. A textual representation of each X509 object is included in the
29
- # fixture as a comment.
30
- #
31
- # Certs
32
- # =====
33
- #
34
- # ca.pem /CN=Test CA
35
- # |
36
- # intermediate.pem +- /CN=Test CA Subauthority
37
- # | |
38
- # signed.pem | +- /CN=signed
39
- # revoked.pem | +- /CN=revoked
40
- # tampered-cert.pem | +- /CN=signed (with different public key)
41
- # ec.pem | +- /CN=ec (with EC private key)
42
- # oid.pem | +- /CN=oid (with custom oid)
43
- # |
44
- # 127.0.0.1.pem +- /CN=127.0.0.1 (with dns alt names)
45
- # |
46
- # intermediate-agent.pem +- /CN=Test CA Agent Subauthority
47
- # | |
48
- # pluto.pem | +- /CN=pluto
49
- # |
50
- # bad-int-basic-constraints.pem +- /CN=Test CA Subauthority (bad isCA constraint)
51
- #
52
- # bad-basic-constraints.pem /CN=Test CA (bad isCA constraint)
53
- #
54
- # unknown-ca.pem /CN=Unknown CA
55
- # |
56
- # unknown-127.0.0.1.pem +- /CN=127.0.0.1
57
- #
58
- # Keys
59
- # ====
60
- #
61
- # The RSA private key for each leaf cert is also generated. In addition,
62
- # `encrypted-key.pem` contains the private key for the `signed` cert.
63
- #
64
- # Requests
65
- # ========
66
- #
67
- # `request.pem` contains a valid CSR for /CN=pending, while `tampered_csr.pem`
68
- # is the same as `request.pem`, but it's public key has been replaced.
69
- #
70
- dir = File.join(RAKE_ROOT, 'spec/fixtures/ssl')
71
-
72
- # Create self-signed CA & key
73
- unknown_ca = Puppet::TestCa.new('Unknown CA')
74
- save(dir, 'unknown-ca.pem', unknown_ca.ca_cert)
75
- save(dir, 'unknown-ca-key.pem', unknown_ca.key)
76
-
77
- # Create an SSL cert for 127.0.0.1
78
- signed = unknown_ca.create_cert('127.0.0.1', unknown_ca.ca_cert, unknown_ca.key, subject_alt_names: 'DNS:127.0.0.1,DNS:127.0.0.2')
79
- save(dir, 'unknown-127.0.0.1.pem', signed[:cert])
80
- save(dir, 'unknown-127.0.0.1-key.pem', signed[:private_key])
81
-
82
- # Create Test CA & CRL
83
- ca = Puppet::TestCa.new
84
- save(dir, 'ca.pem', ca.ca_cert)
85
- save(dir, 'crl.pem', ca.ca_crl)
86
-
87
- # Create Intermediate CA & CRL "Test CA Subauthority" issued by "Test CA"
88
- inter = ca.create_intermediate_cert('Test CA Subauthority', ca.ca_cert, ca.key)
89
- save(dir, 'intermediate.pem', inter[:cert])
90
- save(dir, 'intermediate-key.pem', inter[:private_key])
91
- inter_crl = ca.create_crl(inter[:cert], inter[:private_key])
92
-
93
- # Create a leaf/entity key and cert for host "signed" and issued by "Test CA Subauthority"
94
- signed = ca.create_cert('signed', inter[:cert], inter[:private_key])
95
- save(dir, 'signed.pem', signed[:cert])
96
- save(dir, 'signed-key.pem', signed[:private_key])
97
-
98
- # Create a cert for host "renewed" and issued by "Test CA Subauthority"
99
- renewed = ca.create_cert('renewed', inter[:cert], inter[:private_key], reuse_key: signed[:private_key])
100
- save(dir, 'renewed.pem', renewed[:cert])
101
-
102
- # Create an encrypted version of the above private key for host "signed"
103
- save(dir, 'encrypted-key.pem', signed[:private_key]) do |x509|
104
- # private key password was chosen at random
105
- x509.to_pem(OpenSSL::Cipher::AES.new(128, :CBC), '74695716c8b6')
106
- end
107
-
108
- # Create an SSL cert for 127.0.0.1 with dns_alt_names
109
- signed = ca.create_cert('127.0.0.1', ca.ca_cert, ca.key, subject_alt_names: 'DNS:127.0.0.1,DNS:127.0.0.2')
110
- save(dir, '127.0.0.1.pem', signed[:cert])
111
- save(dir, '127.0.0.1-key.pem', signed[:private_key])
112
-
113
- # Create an SSL cert with extensions containing custom oids
114
- extensions = [
115
- ['1.3.6.1.4.1.34380.1.2.1.1', OpenSSL::ASN1::UTF8String.new('somevalue'), false],
116
- ]
117
- oid = ca.create_cert('oid', inter[:cert], inter[:private_key], extensions: extensions)
118
- save(dir, 'oid.pem', oid[:cert])
119
- save(dir, 'oid-key.pem', oid[:private_key])
120
-
121
- # Create a leaf/entity key and cert for host "revoked", issued by "Test CA Subauthority"
122
- # and revoke the cert
123
- revoked = ca.create_cert('revoked', inter[:cert], inter[:private_key])
124
- ca.revoke(revoked[:cert], inter_crl, inter[:private_key])
125
- save(dir, 'revoked.pem', revoked[:cert])
126
- save(dir, 'revoked-key.pem', revoked[:private_key])
127
-
128
- # Create an EC key and cert, issued by "Test CA Subauthority"
129
- ec = ca.create_cert('ec', inter[:cert], inter[:private_key], key_type: :ec)
130
- save(dir, 'ec.pem', ec[:cert])
131
- save(dir, 'ec-key.pem', ec[:private_key])
132
-
133
- # Create an encrypted version of the above private key for host "ec"
134
- save(dir, 'encrypted-ec-key.pem', ec[:private_key]) do |x509|
135
- # private key password was chosen at random
136
- x509.to_pem(OpenSSL::Cipher::AES.new(128, :CBC), '74695716c8b6')
137
- end
138
-
139
- # Update intermediate CRL now that we've revoked
140
- save(dir, 'intermediate-crl.pem', inter_crl)
141
-
142
- # Create a pending request (CSR) and private key for host "pending"
143
- request = ca.create_request('pending')
144
- save(dir, 'request.pem', request[:csr])
145
- save(dir, 'request-key.pem', request[:private_key])
146
-
147
- # Create an intermediate for agent certs
148
- inter_agent = ca.create_intermediate_cert('Test CA Agent Subauthority', ca.ca_cert, ca.key)
149
- save(dir, 'intermediate-agent.pem', inter_agent[:cert])
150
- inter_agent_crl = ca.create_crl(inter_agent[:cert], inter_agent[:private_key])
151
- save(dir, 'intermediate-agent-crl.pem', inter_agent_crl)
152
-
153
- # Create a leaf/entity key and cert for host "pluto" and issued by "Test CA Agent Subauthority"
154
- pluto = ca.create_cert('pluto', inter_agent[:cert], inter_agent[:private_key])
155
- save(dir, 'pluto.pem', pluto[:cert])
156
- save(dir, 'pluto-key.pem', pluto[:private_key])
157
-
158
- # Create a new root CA cert, but change the "isCA" basic constraint.
159
- # It should not be trusted to act as a CA.
160
- badconstraints = ca.create_cacert('Test CA')[:cert]
161
- badconstraints.public_key = ca.ca_cert.public_key
162
- badconstraints.extensions = []
163
- ca.ca_cert.extensions.each do |ext|
164
- if ext.oid == 'basicConstraints'
165
- ef = OpenSSL::X509::ExtensionFactory.new
166
- badconstraints.add_extension(ef.create_extension("basicConstraints","CA:FALSE", true))
167
- else
168
- badconstraints.add_extension(ext)
169
- end
170
- end
171
- badconstraints.sign(ca.key, OpenSSL::Digest::SHA256.new)
172
- save(dir, 'bad-basic-constraints.pem', badconstraints)
173
-
174
- # Same as above, but create a new intermediate CA
175
- badintconstraints = inter[:cert].dup
176
- badintconstraints.public_key = inter[:cert].public_key
177
- badintconstraints.extensions = []
178
- inter[:cert].extensions.each do |ext|
179
- if ext.oid == 'basicConstraints'
180
- ef = OpenSSL::X509::ExtensionFactory.new
181
- badintconstraints.add_extension(ef.create_extension("basicConstraints","CA:FALSE", true))
182
- else
183
- badintconstraints.add_extension(ext)
184
- end
185
- end
186
- badintconstraints.sign(ca.key, OpenSSL::Digest::SHA256.new)
187
- save(dir, 'bad-int-basic-constraints.pem', badintconstraints)
188
-
189
- # Create a request, but replace its public key after it's signed
190
- tampered_csr = ca.create_request('signed')[:csr]
191
- tampered_csr.public_key = OpenSSL::PKey::RSA.new(2048).public_key
192
- save(dir, 'tampered-csr.pem', tampered_csr)
193
-
194
- # Create a cert issued from the real intermediate CA, but replace its
195
- # public key
196
- tampered_cert = ca.create_cert('signed', inter[:cert], inter[:private_key])[:cert]
197
- tampered_cert.public_key = OpenSSL::PKey::RSA.new(2048).public_key
198
- save(dir, 'tampered-cert.pem', tampered_cert)
199
- end
data/tasks/manpages.rake DELETED
@@ -1,67 +0,0 @@
1
- desc "Build Puppet manpages"
2
- task :gen_manpages do
3
- require 'puppet/face'
4
- require 'fileutils'
5
-
6
- Puppet.initialize_settings
7
- helpface = Puppet::Face[:help, '0.0.1']
8
-
9
- bins = Dir.glob(%w{bin/*})
10
- non_face_applications = helpface.legacy_applications
11
- faces = Puppet::Face.faces.map(&:to_s)
12
- apps = non_face_applications + faces
13
-
14
- ronn_args = '--manual="Puppet manual" --organization="Puppet, Inc." --roff'
15
-
16
- unless ENV['SOURCE_DATE_EPOCH'].nil?
17
- source_date = Time.at(ENV['SOURCE_DATE_EPOCH'].to_i).strftime('%Y-%m-%d')
18
- ronn_args += " --date=#{source_date}"
19
- end
20
-
21
- # Locate ronn
22
- begin
23
- require 'ronn'
24
- rescue LoadError
25
- abort("Run `bundle install --with documentation` to install the `ronn` gem.")
26
- end
27
-
28
- ronn = %x{which ronn}.chomp
29
- unless File.executable?(ronn)
30
- abort("Ronn does not appear to be installed")
31
- end
32
-
33
- %x{mkdir -p ./man/man5 ./man/man8}
34
- %x{RUBYLIB=./lib:$RUBYLIB bin/puppet doc --reference configuration > ./man/man5/puppetconf.5.ronn}
35
- %x{#{ronn} #{ronn_args} ./man/man5/puppetconf.5.ronn}
36
- FileUtils.mv("./man/man5/puppetconf.5", "./man/man5/puppet.conf.5")
37
- FileUtils.rm("./man/man5/puppetconf.5.ronn")
38
-
39
- # Create LEGACY binary man pages (i.e. delete me for 2.8.0)
40
- bins.each do |bin|
41
- b = bin.gsub( /^s?bin\//, "")
42
- %x{RUBYLIB=./lib:$RUBYLIB #{bin} --help > ./man/man8/#{b}.8.ronn}
43
- %x{#{ronn} #{ronn_args} ./man/man8/#{b}.8.ronn}
44
- FileUtils.rm("./man/man8/#{b}.8.ronn")
45
- end
46
-
47
- apps.each do |app|
48
- %x{RUBYLIB=./lib:$RUBYLIB bin/puppet help #{app} --ronn > ./man/man8/puppet-#{app}.8.ronn}
49
- %x{#{ronn} #{ronn_args} ./man/man8/puppet-#{app}.8.ronn}
50
- FileUtils.rm("./man/man8/puppet-#{app}.8.ronn")
51
- end
52
-
53
- # Delete orphaned manpages if binary was deleted
54
- Dir.glob(%w{./man/man8/puppet-*.8}) do |app|
55
- appname = app.match(/puppet-(.*)\.8/)[1]
56
- FileUtils.rm("./man/man8/puppet-#{appname}.8") unless apps.include?(appname)
57
- end
58
-
59
- # Vile hack: create puppet resource man page
60
- # Currently, the useless resource face wins against puppet resource in puppet
61
- # man. (And actually, it even gets removed from the list of legacy
62
- # applications.) So we overwrite it with the correct man page at the end.
63
- %x{RUBYLIB=./lib:$RUBYLIB bin/puppet resource --help > ./man/man8/puppet-resource.8.ronn}
64
- %x{#{ronn} #{ronn_args} ./man/man8/puppet-resource.8.ronn}
65
- FileUtils.rm("./man/man8/puppet-resource.8.ronn")
66
-
67
- end