puppet 8.7.0-x86-mingw32 → 8.8.1-x86-mingw32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -0
  3. data/Gemfile.lock +32 -26
  4. data/ext/windows/service/daemon.rb +9 -2
  5. data/lib/puppet/application/doc.rb +1 -5
  6. data/lib/puppet/application/lookup.rb +2 -0
  7. data/lib/puppet/daemon.rb +0 -1
  8. data/lib/puppet/defaults.rb +5 -19
  9. data/lib/puppet/file_serving/http_metadata.rb +2 -0
  10. data/lib/puppet/functions/regsubst.rb +11 -14
  11. data/lib/puppet/indirector/catalog/compiler.rb +2 -35
  12. data/lib/puppet/module_tool/tar/gnu.rb +10 -8
  13. data/lib/puppet/node/server_facts.rb +43 -0
  14. data/lib/puppet/parser/functions/generate.rb +2 -1
  15. data/lib/puppet/pops/evaluator/deferred_resolver.rb +41 -6
  16. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +2 -1
  17. data/lib/puppet/pops/evaluator/runtime3_support.rb +0 -6
  18. data/lib/puppet/provider/file/posix.rb +16 -2
  19. data/lib/puppet/provider/package/gem.rb +1 -0
  20. data/lib/puppet/provider/package/pkgutil.rb +6 -5
  21. data/lib/puppet/provider/package/puppet_gem.rb +4 -15
  22. data/lib/puppet/scheduler/splay_job.rb +0 -9
  23. data/lib/puppet/type/file/selcontext.rb +7 -6
  24. data/lib/puppet/type/file/target.rb +9 -11
  25. data/lib/puppet/util/execution.rb +1 -1
  26. data/lib/puppet/util/reference.rb +1 -30
  27. data/lib/puppet/util/run_mode.rb +40 -0
  28. data/lib/puppet/util/selinux.rb +14 -4
  29. data/lib/puppet/util/windows/daemon.rb +15 -32
  30. data/lib/puppet/version.rb +1 -1
  31. data/locales/puppet.pot +90 -94
  32. data/man/man5/puppet.conf.5 +2 -2
  33. data/man/man8/puppet-agent.8 +1 -1
  34. data/man/man8/puppet-apply.8 +1 -1
  35. data/man/man8/puppet-catalog.8 +1 -1
  36. data/man/man8/puppet-config.8 +1 -1
  37. data/man/man8/puppet-describe.8 +1 -1
  38. data/man/man8/puppet-device.8 +1 -1
  39. data/man/man8/puppet-doc.8 +1 -1
  40. data/man/man8/puppet-epp.8 +1 -1
  41. data/man/man8/puppet-facts.8 +1 -1
  42. data/man/man8/puppet-filebucket.8 +1 -1
  43. data/man/man8/puppet-generate.8 +1 -1
  44. data/man/man8/puppet-help.8 +1 -1
  45. data/man/man8/puppet-lookup.8 +1 -1
  46. data/man/man8/puppet-module.8 +1 -1
  47. data/man/man8/puppet-node.8 +1 -1
  48. data/man/man8/puppet-parser.8 +1 -1
  49. data/man/man8/puppet-plugin.8 +1 -1
  50. data/man/man8/puppet-report.8 +1 -1
  51. data/man/man8/puppet-resource.8 +1 -1
  52. data/man/man8/puppet-script.8 +1 -1
  53. data/man/man8/puppet-ssl.8 +1 -1
  54. data/man/man8/puppet.8 +2 -2
  55. metadata +44 -29
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 18f1a8e36b7c80fdb241ea801d9343da53ebef16c6fe7817353da545c9cc821a
4
- data.tar.gz: faabd15563fa5af7036a5fe6ef9fcd3de554691095caef1ee365a64360f22318
3
+ metadata.gz: 8062819b5fd456f8912ffbd1138be0c2d2435b67c6ee493d2b7b29c343ff031b
4
+ data.tar.gz: 02f001766ee56b858785671dc49b75afa0dbbcb3ba110b34c1fbc2545596524b
5
5
  SHA512:
6
- metadata.gz: 0e42b3ed1b6f2bc6ddcd55500abe618a23dd23318865949db904c7da94473c9324e93aab5afe165453e0475aea973ec0c0c62bc48f6c69b06a1f523b8eb2e6d5
7
- data.tar.gz: 7154c7ad26295373a0bf2b517139986ad256f56baea6847eaa48de4c7e17e32f39a33f73e7ab110a61411411699840ab3af5aa077428a04281787b05681b1883
6
+ metadata.gz: 30eef3a49c0b0d0444e94c6e4df2f7669d8c19fa7e02a883f72041484cfe5e2180c4ddffee84b4009a91f934fd5caa8d3c8784ff04fa5cd8e0489a13d4068e74
7
+ data.tar.gz: 36a4ff9a31754c3fc73a6fdbcc1e4337bfc1a6a84b3edb680753ec02062240c32c2ceb68641596e8f0ba9d0e20580a95c32d4fdd66268660409246b714b33eee
data/Gemfile CHANGED
@@ -35,6 +35,7 @@ group(:features) do
35
35
  # requires native ldap headers/libs
36
36
  # gem 'ruby-ldap', '~> 0.9', require: false, platforms: [:ruby]
37
37
  gem 'puppetserver-ca', '~> 2.0', require: false
38
+ gem 'syslog', '~> 0.1.1', require: false, platforms: [:ruby]
38
39
  gem 'CFPropertyList', ['>= 3.0.6', '< 4'], require: false
39
40
  end
40
41
 
data/Gemfile.lock CHANGED
@@ -1,11 +1,12 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- puppet (8.7.0)
4
+ puppet (8.8.1)
5
5
  concurrent-ruby (~> 1.0)
6
6
  deep_merge (~> 1.0)
7
7
  facter (>= 4.3.0, < 5)
8
- fast_gettext (>= 2.1, < 3)
8
+ fast_gettext (>= 2.1, < 4)
9
+ getoptlong (~> 0.2.0)
9
10
  locale (~> 2.1)
10
11
  multi_json (~> 1.13)
11
12
  puppet-resource_api (~> 1.5)
@@ -19,14 +20,14 @@ GEM
19
20
  base64
20
21
  nkf
21
22
  rexml
22
- addressable (2.8.6)
23
- public_suffix (>= 2.0.2, < 6.0)
23
+ addressable (2.8.7)
24
+ public_suffix (>= 2.0.2, < 7.0)
24
25
  artifactory (3.0.17)
25
26
  ast (2.4.2)
26
27
  base64 (0.2.0)
27
28
  bigdecimal (3.1.8)
28
29
  coderay (1.1.3)
29
- concurrent-ruby (1.3.1)
30
+ concurrent-ruby (1.3.3)
30
31
  crack (1.0.0)
31
32
  bigdecimal
32
33
  rexml
@@ -37,18 +38,20 @@ GEM
37
38
  digest-crc (0.6.5)
38
39
  rake (>= 12.0.0, < 14.0.0)
39
40
  docopt (0.6.1)
40
- erubi (1.12.0)
41
- facter (4.7.0)
41
+ erubi (1.13.0)
42
+ facter (4.8.0)
42
43
  hocon (~> 1.3)
43
44
  thor (>= 1.0.1, < 1.3)
44
- faraday (2.9.1)
45
+ faraday (2.10.0)
45
46
  faraday-net_http (>= 2.0, < 3.2)
47
+ logger
46
48
  faraday-net_http (3.1.0)
47
49
  net-http
48
50
  fast_gettext (2.4.0)
49
51
  prime
50
52
  ffi (1.16.3)
51
53
  forwardable (1.3.3)
54
+ getoptlong (0.2.1)
52
55
  gettext (3.4.9)
53
56
  erubi
54
57
  locale (>= 2.0.5)
@@ -69,7 +72,7 @@ GEM
69
72
  rexml
70
73
  google-apis-iamcredentials_v1 (0.21.0)
71
74
  google-apis-core (>= 0.15.0, < 2.a)
72
- google-apis-storage_v1 (0.39.0)
75
+ google-apis-storage_v1 (0.40.0)
73
76
  google-apis-core (>= 0.15.0, < 2.a)
74
77
  google-cloud-core (1.7.0)
75
78
  google-cloud-env (>= 1.0, < 3.a)
@@ -104,11 +107,12 @@ GEM
104
107
  json (2.7.2)
105
108
  json-schema (2.8.1)
106
109
  addressable (>= 2.4)
107
- jwt (2.8.1)
110
+ jwt (2.8.2)
108
111
  base64
109
112
  language_server-protocol (3.17.0.3)
110
113
  locale (2.1.4)
111
- memory_profiler (1.0.1)
114
+ logger (1.6.0)
115
+ memory_profiler (1.0.2)
112
116
  method_source (1.1.0)
113
117
  mini_mime (1.1.5)
114
118
  minitar (0.9)
@@ -127,8 +131,8 @@ GEM
127
131
  googleauth
128
132
  rake (>= 12.3)
129
133
  release-metrics
130
- parallel (1.24.0)
131
- parser (3.3.2.0)
134
+ parallel (1.25.1)
135
+ parser (3.3.4.0)
132
136
  ast (~> 2.4.1)
133
137
  racc
134
138
  prime (0.1.2)
@@ -137,7 +141,7 @@ GEM
137
141
  pry (0.14.2)
138
142
  coderay (~> 1.1)
139
143
  method_source (~> 1.0)
140
- public_suffix (5.0.5)
144
+ public_suffix (6.0.1)
141
145
  puppet-resource_api (1.9.0)
142
146
  hocon (>= 1.0)
143
147
  puppetserver-ca (2.7.0)
@@ -156,8 +160,8 @@ GEM
156
160
  trailblazer-option (>= 0.1.1, < 0.2.0)
157
161
  uber (< 0.2.0)
158
162
  retriable (3.1.2)
159
- rexml (3.2.8)
160
- strscan (>= 3.0.9)
163
+ rexml (3.3.2)
164
+ strscan
161
165
  ronn (0.7.3)
162
166
  hpricot (>= 0.8.2)
163
167
  mustache (>= 0.7.0)
@@ -168,7 +172,7 @@ GEM
168
172
  rspec-mocks (~> 3.13.0)
169
173
  rspec-core (3.13.0)
170
174
  rspec-support (~> 3.13.0)
171
- rspec-expectations (3.13.0)
175
+ rspec-expectations (3.13.1)
172
176
  diff-lcs (>= 1.2.0, < 2.0)
173
177
  rspec-support (~> 3.13.0)
174
178
  rspec-its (1.3.0)
@@ -178,37 +182,37 @@ GEM
178
182
  diff-lcs (>= 1.2.0, < 2.0)
179
183
  rspec-support (~> 3.13.0)
180
184
  rspec-support (3.13.1)
181
- rubocop (1.64.1)
185
+ rubocop (1.65.0)
182
186
  json (~> 2.3)
183
187
  language_server-protocol (>= 3.17.0)
184
188
  parallel (~> 1.10)
185
189
  parser (>= 3.3.0.2)
186
190
  rainbow (>= 2.2.2, < 4.0)
187
- regexp_parser (>= 1.8, < 3.0)
191
+ regexp_parser (>= 2.4, < 3.0)
188
192
  rexml (>= 3.2.5, < 4.0)
189
193
  rubocop-ast (>= 1.31.1, < 2.0)
190
194
  ruby-progressbar (~> 1.7)
191
195
  unicode-display_width (>= 2.4.0, < 3.0)
192
196
  rubocop-ast (1.31.3)
193
197
  parser (>= 3.3.1.0)
194
- rubocop-capybara (2.20.0)
195
- rubocop (~> 1.41)
196
- rubocop-factory_bot (2.25.1)
198
+ rubocop-capybara (2.21.0)
197
199
  rubocop (~> 1.41)
200
+ rubocop-factory_bot (2.26.1)
201
+ rubocop (~> 1.61)
198
202
  rubocop-i18n (3.0.0)
199
203
  rubocop (~> 1.0)
200
- rubocop-performance (1.21.0)
204
+ rubocop-performance (1.21.1)
201
205
  rubocop (>= 1.48.1, < 2.0)
202
206
  rubocop-ast (>= 1.31.1, < 2.0)
203
207
  rubocop-rake (0.6.0)
204
208
  rubocop (~> 1.0)
205
- rubocop-rspec (2.30.0)
209
+ rubocop-rspec (2.31.0)
206
210
  rubocop (~> 1.40)
207
211
  rubocop-capybara (~> 2.17)
208
212
  rubocop-factory_bot (~> 2.22)
209
213
  rubocop-rspec_rails (~> 2.28)
210
- rubocop-rspec_rails (2.28.3)
211
- rubocop (~> 1.40)
214
+ rubocop-rspec_rails (2.29.1)
215
+ rubocop (~> 1.61)
212
216
  ruby-prof (1.7.0)
213
217
  ruby-progressbar (1.13.0)
214
218
  scanf (1.0.0)
@@ -220,6 +224,7 @@ GEM
220
224
  multi_json (~> 1.10)
221
225
  singleton (0.2.0)
222
226
  strscan (3.1.0)
227
+ syslog (0.1.2)
223
228
  text (1.3.1)
224
229
  thor (1.2.2)
225
230
  trailblazer-option (0.1.2)
@@ -268,6 +273,7 @@ DEPENDENCIES
268
273
  rubocop-rspec (~> 2.0)
269
274
  ruby-prof (>= 0.16.0)
270
275
  semantic_puppet (~> 1.0)
276
+ syslog (~> 0.1.1)
271
277
  vcr (~> 6.1)
272
278
  webmock (~> 3.0)
273
279
  webrick (~> 1.7)
@@ -155,12 +155,19 @@ class WindowsDaemon < Puppet::Util::Windows::Daemon
155
155
  end
156
156
  end
157
157
 
158
+ # Parses runinterval.
159
+ #
160
+ # @param puppet_path [String] The file path for the Puppet executable.
161
+ # @return runinterval [Integer] How often to do a Puppet run, in seconds.
158
162
  def parse_runinterval(puppet_path)
159
163
  begin
160
- runinterval = %x(#{puppet_path} config --section agent --log_level notice print runinterval).to_i
161
- if runinterval == 0
164
+ runinterval = %x(#{puppet_path} config --section agent --log_level notice print runinterval).chomp
165
+ if runinterval == ''
162
166
  runinterval = 1800
163
167
  log_err("Failed to determine runinterval, defaulting to #{runinterval} seconds")
168
+ else
169
+ # Use Kernel#Integer because to_i will return 0 with non-numeric strings.
170
+ runinterval = Integer(runinterval)
164
171
  end
165
172
  rescue Exception => e
166
173
  log_exception(e)
@@ -173,11 +173,7 @@ class Puppet::Application::Doc < Puppet::Application
173
173
 
174
174
  text += Puppet::Util::Reference.footer unless with_contents # We've only got one reference
175
175
 
176
- if options[:mode] == :pdf
177
- Puppet::Util::Reference.pdf(text)
178
- else
179
- puts text
180
- end
176
+ puts text
181
177
 
182
178
  exit exit_code
183
179
  end
@@ -3,6 +3,7 @@
3
3
  require_relative '../../puppet/application'
4
4
  require_relative '../../puppet/pops'
5
5
  require_relative '../../puppet/node'
6
+ require_relative '../../puppet/node/server_facts'
6
7
  require_relative '../../puppet/parser/compiler'
7
8
 
8
9
  class Puppet::Application::Lookup < Puppet::Application
@@ -403,6 +404,7 @@ class Puppet::Application::Lookup < Puppet::Application
403
404
  end
404
405
  end
405
406
  node.environment = Puppet[:environment] if Puppet.settings.set_by_cli?(:environment)
407
+ node.add_server_facts(Puppet::Node::ServerFacts.load)
406
408
  Puppet[:code] = 'undef' unless options[:compile]
407
409
  compiler = Puppet::Parser::Compiler.new(node)
408
410
  if options[:node]
data/lib/puppet/daemon.rb CHANGED
@@ -165,7 +165,6 @@ class Puppet::Daemon
165
165
  reparse_run = Puppet::Scheduler.create_job(Puppet[:filetimeout]) do
166
166
  Puppet.settings.reparse_config_files
167
167
  agent_run.run_interval = Puppet[:runinterval]
168
- agent_run.splay_limit = Puppet[:splaylimit] if Puppet[:splay]
169
168
  if Puppet[:filetimeout] == 0
170
169
  reparse_run.disable
171
170
  else
@@ -47,29 +47,15 @@ module Puppet
47
47
  end
48
48
 
49
49
  def self.default_basemodulepath
50
- if Puppet::Util::Platform.windows?
51
- path = ['$codedir/modules']
52
- installdir = ENV.fetch("FACTER_env_windows_installdir", nil)
53
- if installdir
54
- path << "#{installdir}/puppet/modules"
55
- end
56
- path.join(File::PATH_SEPARATOR)
57
- else
58
- '$codedir/modules:/opt/puppetlabs/puppet/modules'
50
+ path = ['$codedir/modules']
51
+ if (run_mode_dir = Puppet.run_mode.common_module_dir)
52
+ path << run_mode_dir
59
53
  end
54
+ path.join(File::PATH_SEPARATOR)
60
55
  end
61
56
 
62
57
  def self.default_vendormoduledir
63
- if Puppet::Util::Platform.windows?
64
- installdir = ENV.fetch("FACTER_env_windows_installdir", nil)
65
- if installdir
66
- "#{installdir}\\puppet\\vendor_modules"
67
- else
68
- nil
69
- end
70
- else
71
- '/opt/puppetlabs/puppet/vendor_modules'
72
- end
58
+ Puppet.run_mode.vendor_module_dir
73
59
  end
74
60
 
75
61
  ############################################################################################
@@ -51,6 +51,8 @@ class Puppet::FileServing::HttpMetadata < Puppet::FileServing::Metadata
51
51
  # Prefer the checksum_type from the indirector request options
52
52
  # but fall back to the alternative otherwise
53
53
  [@checksum_type, :sha256, :sha1, :md5, :mtime].each do |type|
54
+ next if type == :md5 && Puppet::Util::Platform.fips_enabled?
55
+
54
56
  @checksum_type = type
55
57
  @checksum = @checksums[type]
56
58
  break if @checksum
@@ -20,13 +20,10 @@ Puppet::Functions.create_function(:regsubst) do
20
20
  # - *M* Multiline regexps
21
21
  # - *G* Global replacement; all occurrences of the regexp in each target string will be replaced. Without this, only the first occurrence will be replaced.
22
22
  # @param encoding [Enum['N','E','S','U']]
23
- # Optional. How to handle multibyte characters when compiling the regexp (must not be used when pattern is a
24
- # precompiled regexp). A single-character string with the following values:
25
- # - *N* None
26
- # - *E* EUC
27
- # - *S* SJIS
28
- # - *U* UTF-8
23
+ # Deprecated and ignored parameter, only here for compatibility.
29
24
  # @return [Array[String], String] The result of the substitution. Result type is the same as for the target parameter.
25
+ # @deprecated
26
+ # This method has the optional encoding parameter, which is ignored.
30
27
  # @example Get the third octet from the node's IP address:
31
28
  # ```puppet
32
29
  # $i3 = regsubst($ipaddress,'^(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)$','\\3')
@@ -56,13 +53,6 @@ Puppet::Functions.create_function(:regsubst) do
56
53
  # - *I* Ignore case in regexps
57
54
  # - *M* Multiline regexps
58
55
  # - *G* Global replacement; all occurrences of the regexp in each target string will be replaced. Without this, only the first occurrence will be replaced.
59
- # @param encoding [Enum['N','E','S','U']]
60
- # Optional. How to handle multibyte characters when compiling the regexp (must not be used when pattern is a
61
- # precompiled regexp). A single-character string with the following values:
62
- # - *N* None
63
- # - *E* EUC
64
- # - *S* SJIS
65
- # - *U* UTF-8
66
56
  # @return [Array[String], String] The result of the substitution. Result type is the same as for the target parameter.
67
57
  # @example Put angle brackets around each octet in the node's IP address:
68
58
  # ```puppet
@@ -76,6 +66,13 @@ Puppet::Functions.create_function(:regsubst) do
76
66
  end
77
67
 
78
68
  def regsubst_string(target, pattern, replacement, flags = nil, encoding = nil)
69
+ if encoding
70
+ Puppet.warn_once(
71
+ 'deprecations', 'regsubst_function_encoding',
72
+ _("The regsubst() function's encoding argument has been ignored since Ruby 1.9 and will be removed in a future release")
73
+ )
74
+ end
75
+
79
76
  re_flags = 0
80
77
  operation = :sub
81
78
  unless flags.nil?
@@ -88,7 +85,7 @@ Puppet::Functions.create_function(:regsubst) do
88
85
  end
89
86
  end
90
87
  end
91
- inner_regsubst(target, Regexp.compile(pattern, re_flags, encoding), replacement, operation)
88
+ inner_regsubst(target, Regexp.compile(pattern, re_flags), replacement, operation)
92
89
  end
93
90
 
94
91
  def regsubst_regexp(target, pattern, replacement, flags = nil)
@@ -2,6 +2,7 @@
2
2
 
3
3
  require_relative '../../../puppet/environments'
4
4
  require_relative '../../../puppet/node'
5
+ require_relative '../../../puppet/node/server_facts'
5
6
  require_relative '../../../puppet/resource/catalog'
6
7
  require_relative '../../../puppet/indirector/code'
7
8
  require_relative '../../../puppet/util/profiler'
@@ -426,40 +427,6 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code
426
427
  #
427
428
  # See also set_server_facts in Puppet::Server::Compiler in puppetserver.
428
429
  def set_server_facts
429
- @server_facts = {}
430
-
431
- # Add our server Puppet Enterprise version, if available.
432
- pe_version_file = '/opt/puppetlabs/server/pe_version'
433
- if File.readable?(pe_version_file) and !File.zero?(pe_version_file)
434
- @server_facts['pe_serverversion'] = File.read(pe_version_file).chomp
435
- end
436
-
437
- # Add our server version to the fact list
438
- @server_facts["serverversion"] = Puppet.version.to_s
439
-
440
- # And then add the server name and IP
441
- { "servername" => "networking.fqdn",
442
- "serverip" => "networking.ip",
443
- "serverip6" => "networking.ip6" }.each do |var, fact|
444
- value = Puppet.runtime[:facter].value(fact)
445
- unless value.nil?
446
- @server_facts[var] = value
447
- end
448
- end
449
-
450
- if @server_facts["servername"].nil?
451
- host = Puppet.runtime[:facter].value('networking.hostname')
452
- if host.nil?
453
- Puppet.warning _("Could not retrieve fact servername")
454
- elsif domain = Puppet.runtime[:facter].value('networking.domain') # rubocop:disable Lint/AssignmentInCondition
455
- @server_facts["servername"] = [host, domain].join(".")
456
- else
457
- @server_facts["servername"] = host
458
- end
459
- end
460
-
461
- if @server_facts["serverip"].nil? && @server_facts["serverip6"].nil?
462
- Puppet.warning _("Could not retrieve either serverip or serverip6 fact")
463
- end
430
+ @server_facts = Puppet::Node::ServerFacts.load
464
431
  end
465
432
  end
@@ -4,18 +4,20 @@ require 'shellwords'
4
4
 
5
5
  class Puppet::ModuleTool::Tar::Gnu
6
6
  def unpack(sourcefile, destdir, owner)
7
- sourcefile = File.expand_path(sourcefile)
7
+ safe_sourcefile = Shellwords.shellescape(File.expand_path(sourcefile))
8
8
  destdir = File.expand_path(destdir)
9
+ safe_destdir = Shellwords.shellescape(destdir)
9
10
 
10
- Dir.chdir(destdir) do
11
- Puppet::Util::Execution.execute("gzip -dc #{Shellwords.shellescape(sourcefile)} | tar xof -")
12
- Puppet::Util::Execution.execute("find . -type d -exec chmod 755 {} +")
13
- Puppet::Util::Execution.execute("find . -type f -exec chmod u+rw,g+r,a-st {} +")
14
- Puppet::Util::Execution.execute("chown -R #{owner} .")
15
- end
11
+ Puppet::Util::Execution.execute("gzip -dc #{safe_sourcefile} | tar --extract --no-same-owner --directory #{safe_destdir} --file -")
12
+ Puppet::Util::Execution.execute(['find', destdir, '-type', 'd', '-exec', 'chmod', '755', '{}', '+'])
13
+ Puppet::Util::Execution.execute(['find', destdir, '-type', 'f', '-exec', 'chmod', 'u+rw,g+r,a-st', '{}', '+'])
14
+ Puppet::Util::Execution.execute(['chown', '-R', owner, destdir])
16
15
  end
17
16
 
18
17
  def pack(sourcedir, destfile)
19
- Puppet::Util::Execution.execute("tar cf - #{sourcedir} | gzip -c > #{File.basename(destfile)}")
18
+ safe_sourcedir = Shellwords.shellescape(sourcedir)
19
+ safe_destfile = Shellwords.shellescape(File.basename(destfile))
20
+
21
+ Puppet::Util::Execution.execute("tar cf - #{safe_sourcedir} | gzip -c > #{safe_destfile}")
20
22
  end
21
23
  end
@@ -0,0 +1,43 @@
1
+ # frozen_string_literal: true
2
+
3
+ class Puppet::Node::ServerFacts
4
+ def self.load
5
+ server_facts = {}
6
+
7
+ # Add our server Puppet Enterprise version, if available.
8
+ pe_version_file = '/opt/puppetlabs/server/pe_version'
9
+ if File.readable?(pe_version_file) and !File.zero?(pe_version_file)
10
+ server_facts['pe_serverversion'] = File.read(pe_version_file).chomp
11
+ end
12
+
13
+ # Add our server version to the fact list
14
+ server_facts["serverversion"] = Puppet.version.to_s
15
+
16
+ # And then add the server name and IP
17
+ { "servername" => "networking.fqdn",
18
+ "serverip" => "networking.ip",
19
+ "serverip6" => "networking.ip6" }.each do |var, fact|
20
+ value = Puppet.runtime[:facter].value(fact)
21
+ unless value.nil?
22
+ server_facts[var] = value
23
+ end
24
+ end
25
+
26
+ if server_facts["servername"].nil?
27
+ host = Puppet.runtime[:facter].value('networking.hostname')
28
+ if host.nil?
29
+ Puppet.warning _("Could not retrieve fact servername")
30
+ elsif domain = Puppet.runtime[:facter].value('networking.domain') # rubocop:disable Lint/AssignmentInCondition
31
+ server_facts["servername"] = [host, domain].join(".")
32
+ else
33
+ server_facts["servername"] = host
34
+ end
35
+ end
36
+
37
+ if server_facts["serverip"].nil? && server_facts["serverip6"].nil?
38
+ Puppet.warning _("Could not retrieve either serverip or serverip6 fact")
39
+ end
40
+
41
+ server_facts
42
+ end
43
+ end
@@ -31,7 +31,8 @@ Puppet::Parser::Functions.newfunction(:generate, :arity => -2, :type => :rvalue,
31
31
  end
32
32
 
33
33
  begin
34
- Dir.chdir(File.dirname(args[0])) { Puppet::Util::Execution.execute(args).to_str }
34
+ dir = File.dirname(args[0])
35
+ Puppet::Util::Execution.execute(args, failonfail: true, combine: true, cwd: dir).to_str
35
36
  rescue Puppet::ExecutionFailure => detail
36
37
  raise Puppet::ParseError, _("Failed to execute generator %{generator}: %{detail}") % { generator: args[0], detail: detail }, detail.backtrace
37
38
  end
@@ -89,17 +89,25 @@ class DeferredResolver
89
89
  overrides = {}
90
90
  r.parameters.each_pair do |k, v|
91
91
  resolved = resolve(v)
92
- # If the value is instance of Sensitive - assign the unwrapped value
93
- # and mark it as sensitive if not already marked
94
- #
95
92
  case resolved
96
93
  when Puppet::Pops::Types::PSensitiveType::Sensitive
94
+ # If the resolved value is instance of Sensitive - assign the unwrapped value
95
+ # and mark it as sensitive if not already marked
96
+ #
97
97
  resolved = resolved.unwrap
98
98
  mark_sensitive_parameters(r, k)
99
- # If the value is a DeferredValue and it has an argument of type PSensitiveType, mark it as sensitive
100
- # The DeferredValue.resolve method will unwrap it during catalog application
99
+
101
100
  when Puppet::Pops::Evaluator::DeferredValue
102
- if v.arguments.any? { |arg| arg.is_a?(Puppet::Pops::Types::PSensitiveType) }
101
+ # If the resolved value is a DeferredValue and it has an argument of type
102
+ # PSensitiveType, mark it as sensitive. Since DeferredValues can nest,
103
+ # we must walk all arguments, e.g. the DeferredValue may call the `epp`
104
+ # function, where one of its arguments is a DeferredValue to call the
105
+ # `vault:lookup` function.
106
+ #
107
+ # The DeferredValue.resolve method will unwrap the sensitive during
108
+ # catalog application
109
+ #
110
+ if contains_sensitive_args?(v)
103
111
  mark_sensitive_parameters(r, k)
104
112
  end
105
113
  end
@@ -109,6 +117,33 @@ class DeferredResolver
109
117
  end
110
118
  end
111
119
 
120
+ # Return true if x contains an argument that is an instance of PSensitiveType:
121
+ #
122
+ # Deferred('new', [Sensitive, 'password'])
123
+ #
124
+ # Or an instance of PSensitiveType::Sensitive:
125
+ #
126
+ # Deferred('join', [['a', Sensitive('b')], ':'])
127
+ #
128
+ # Since deferred values can nest, descend into Arrays and Hash keys and values,
129
+ # short-circuiting when the first occurrence is found.
130
+ #
131
+ def contains_sensitive_args?(x)
132
+ case x
133
+ when @deferred_class
134
+ contains_sensitive_args?(x.arguments)
135
+ when Array
136
+ x.any? { |v| contains_sensitive_args?(v) }
137
+ when Hash
138
+ x.any? { |k, v| contains_sensitive_args?(k) || contains_sensitive_args?(v) }
139
+ when Puppet::Pops::Types::PSensitiveType, Puppet::Pops::Types::PSensitiveType::Sensitive
140
+ true
141
+ else
142
+ false
143
+ end
144
+ end
145
+ private :contains_sensitive_args?
146
+
112
147
  def mark_sensitive_parameters(r, k)
113
148
  unless r.sensitive_parameters.include?(k.to_sym)
114
149
  r.sensitive_parameters = (r.sensitive_parameters + [k.to_sym]).freeze
@@ -76,7 +76,8 @@ module Runtime3ResourceSupport
76
76
  end
77
77
 
78
78
  def self.resource_to_ptype(resource)
79
- nil if resource.nil?
79
+ return nil if resource.nil?
80
+
80
81
  # inference returns the meta type since the 3x Resource is an alternate way to describe a type
81
82
  Puppet::Pops::Types::TypeCalculator.singleton().infer(resource).type
82
83
  end
@@ -443,12 +443,6 @@ module Runtime3Support
443
443
  resource.valid_parameter?(name)
444
444
  end
445
445
 
446
- def resource_to_ptype(resource)
447
- nil if resource.nil?
448
- # inference returns the meta type since the 3x Resource is an alternate way to describe a type
449
- type_calculator.infer(resource).type
450
- end
451
-
452
446
  # This is the same type of "truth" as used in the current Puppet DSL.
453
447
  #
454
448
  def is_true?(value, o)
@@ -12,8 +12,22 @@ Puppet::Type.type(:file).provide :posix do
12
12
  require 'etc'
13
13
  require_relative '../../../puppet/util/selinux'
14
14
 
15
- def self.post_resource_eval
16
- Selinux.matchpathcon_fini if Puppet::Util::SELinux.selinux_support?
15
+ class << self
16
+ def selinux_handle
17
+ return nil unless Puppet::Util::SELinux.selinux_support?
18
+
19
+ # selabel_open takes 3 args: backend, options, and nopt. The backend param
20
+ # is a constant, SELABEL_CTX_FILE, which happens to be 0. Since options is
21
+ # nil, nopt can be 0 since nopt represents the # of options specified.
22
+ @selinux_handle ||= Selinux.selabel_open(Selinux::SELABEL_CTX_FILE, nil, 0)
23
+ end
24
+
25
+ def post_resource_eval
26
+ if @selinux_handle
27
+ Selinux.selabel_close(@selinux_handle)
28
+ @selinux_handle = nil
29
+ end
30
+ end
17
31
  end
18
32
 
19
33
  def uid2name(id)
@@ -83,6 +83,7 @@ Puppet::Type.type(:package).provide :gem, :parent => Puppet::Provider::Package::
83
83
  custom_environment[:PATH] = windows_path_without_puppet_bin
84
84
  end
85
85
 
86
+ # This uses an unusual form of passing the command and args as [<cmd>, [<arg1>, <arg2>, ...]]
86
87
  execute(cmd, { :failonfail => true, :combine => true, :custom_environment => custom_environment })
87
88
  end
88
89
 
@@ -115,11 +115,12 @@ Puppet::Type.type(:package).provide :pkgutil, :parent => :sun, :source => :sun d
115
115
 
116
116
  # Identify common types of pkgutil noise as it downloads catalogs etc
117
117
  def self.noise?(line)
118
- true if line =~ /^#/
119
- true if line =~ /^Checking integrity / # use_gpg
120
- true if line =~ /^gpg: / # gpg verification
121
- true if line =~ /^=+> / # catalog fetch
122
- true if line =~ /\d+:\d+:\d+ URL:/ # wget without -q
118
+ return true if line =~ /^#/
119
+ return true if line =~ /^Checking integrity / # use_gpg
120
+ return true if line =~ /^gpg: / # gpg verification
121
+ return true if line =~ /^=+> / # catalog fetch
122
+ return true if line =~ /\d+:\d+:\d+ URL:/ # wget without -q
123
+
123
124
  false
124
125
  end
125
126