puppet 8.8.1-x64-mingw32 → 8.9.0-x64-mingw32

data/lib/puppet/face/catalog.rb

@@ -25,13 +25,27 @@ Puppet::Indirector::Face.define(:catalog, '0.0.1') do
 
   deactivate_action(:destroy)
   deactivate_action(:search)
-  find = get_action(:find)
-  find.summary "Retrieve the catalog for the node from which the command is run."
-  find.arguments "<certname>"
-  find.returns <<-'EOT'
-    A serialized catalog. When used from the Ruby API, returns a
-    Puppet::Resource::Catalog object.
-  EOT
+  action(:find) do
+    summary _("Retrieve the catalog for the node from which the command is run.")
+    arguments "<certname>, <facts>"
+    option("--facts_for_catalog") do
+      summary _("Not implemented for the CLI; facts are collected internally.")
+    end
+    returns <<-'EOT'
+      A serialized catalog. When used from the Ruby API, returns a
+      Puppet::Resource::Catalog object.
+    EOT
+
+    when_invoked do |*args|
+      # Default the key to Puppet[:certname] if none is supplied
+      if args.length == 1
+        key = Puppet[:certname]
+      else
+        key = args.shift
+      end
+      call_indirection_method :find, key, args.first
+    end
+  end
 
   action(:apply) do
     summary "Find and apply a catalog."
@@ -135,9 +149,11 @@ Puppet::Indirector::Face.define(:catalog, '0.0.1') do
     when_invoked do |_options|
       Puppet::Resource::Catalog.indirection.terminus_class = :rest
       Puppet::Resource::Catalog.indirection.cache_class = nil
+      facts = Puppet::Face[:facts, '0.0.1'].find(Puppet[:certname])
       catalog = nil
       retrieval_duration = thinmark do
-        catalog = Puppet::Face[:catalog, '0.0.1'].find(Puppet[:certname])
+        catalog = Puppet::Face[:catalog, '0.0.1'].find(Puppet[:certname],
+                                                       { facts_for_catalog: facts })
       end
       catalog.retrieval_duration = retrieval_duration
       catalog.write_class_file

data/lib/puppet/face/help.rb

@@ -151,6 +151,33 @@ Puppet::Face.define(:help, '0.0.1') do
     end.sort
   end
 
+  def generate_summary(appname)
+    if is_face_app?(appname)
+      begin
+        face = Puppet::Face[appname, :current]
+        # Add deprecation message to summary if the face is deprecated
+        summary = face.deprecated? ? face.summary + ' ' + _("(Deprecated)") : face.summary
+        [appname, summary, '  ']
+      rescue StandardError, LoadError
+        error_message = _("!%{sub_command}! Subcommand unavailable due to error.") % { sub_command: appname }
+        error_message += ' ' + _("Check error logs.")
+        [error_message, '', '  ']
+      end
+    else
+      begin
+        summary = Puppet::Application[appname].summary
+        if summary.empty?
+          summary = horribly_extract_summary_from(appname)
+        end
+        [appname, summary, '  ']
+      rescue StandardError, LoadError
+        error_message = _("!%{sub_command}! Subcommand unavailable due to error.") % { sub_command: appname }
+        error_message += ' ' + _("Check error logs.")
+        [error_message, '', '  ']
+      end
+    end
+  end
+
   # Return a list of all applications (both legacy and Face applications), along with a summary
   #  of their functionality.
   # @return [Array] An Array of Arrays.  The outer array contains one entry per application; each
@@ -162,29 +189,8 @@ Puppet::Face.define(:help, '0.0.1') do
 
       if appname == COMMON || appname == SPECIALIZED || appname == BLANK
         result << appname
-      elsif is_face_app?(appname)
-        begin
-          face = Puppet::Face[appname, :current]
-          # Add deprecation message to summary if the face is deprecated
-          summary = face.deprecated? ? face.summary + ' ' + _("(Deprecated)") : face.summary
-          result << [appname, summary, '  ']
-        rescue StandardError, LoadError
-          error_message = _("!%{sub_command}! Subcommand unavailable due to error.") % { sub_command: appname }
-          error_message += ' ' + _("Check error logs.")
-          result << [error_message, '', '  ']
-        end
       else
-        begin
-          summary = Puppet::Application[appname].summary
-          if summary.empty?
-            summary = horribly_extract_summary_from(appname)
-          end
-          result << [appname, summary, '  ']
-        rescue StandardError, LoadError
-          error_message = _("!%{sub_command}! Subcommand unavailable due to error.") % { sub_command: appname }
-          error_message += ' ' + _("Check error logs.")
-          result << [error_message, '', '  ']
-        end
+        result << generate_summary(appname)
       end
     end
   end
@@ -192,15 +198,29 @@ Puppet::Face.define(:help, '0.0.1') do
   COMMON = 'Common:'
   SPECIALIZED = 'Specialized:'
   BLANK = "\n"
+  COMMON_APPS = %w[apply agent config help lookup module resource]
   def available_application_names_special_sort
     full_list = Puppet::Application.available_application_names
-    a_list = full_list & %w[apply agent config help lookup module resource]
+    a_list = full_list & COMMON_APPS
     a_list = a_list.sort
     also_ran = full_list - a_list
     also_ran = also_ran.sort
     [[COMMON], a_list, [BLANK], [SPECIALIZED], also_ran].flatten(1)
   end
 
+  def common_app_summaries
+    COMMON_APPS.map do |appname|
+      generate_summary(appname)
+    end
+  end
+
+  def specialized_app_summaries
+    specialized_apps = Puppet::Application.available_application_names - COMMON_APPS
+    specialized_apps.filter_map do |appname|
+      generate_summary(appname) unless exclude_from_docs?(appname)
+    end
+  end
+
   def horribly_extract_summary_from(appname)
     help = Puppet::Application[appname].help.split("\n")
     # Now we find the line with our summary, extract it, and return it.  This

data/lib/puppet/functions/capitalize.rb

@@ -5,7 +5,7 @@
 # This function is compatible with the stdlib function with the same name.
 #
 # The function does the following:
-# * For a `String`, a string with its first character in upper case version is returned.
+# * For a `String`, a string is returned in which the first character is uppercase.
 #   This is done using Ruby system locale which handles some, but not all
 #   special international up-casing rules (for example German double-s ß is capitalized to "Ss").
 # * For an `Iterable[Variant[String, Numeric]]` (for example an `Array`) each value is capitalized and the conversion is not recursive.

data/lib/puppet/functions/find_file.rb

@@ -7,6 +7,10 @@
 # directory. (For example, the reference `mysql/mysqltuner.pl` will search for the
 # file `<MODULES DIRECTORY>/mysql/files/mysqltuner.pl`.)
 #
+# If this function is run via puppet agent, it checks for file existence on the
+# Puppet Primary server. If run via puppet apply, it checks on the local host.
+# In both cases, the check is performed before any resources are changed.
+#
 # This function can also accept:
 #
 # * An absolute String path, which checks for the existence of a file from anywhere on disk.

data/lib/puppet/functions/hiera.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'hiera/puppet_function'
+
 # Performs a standard priority lookup of the hierarchy and returns the most specific value
 # for a given key. The returned value can be any type of data.
 #

data/lib/puppet/functions/index.rb

@@ -40,8 +40,8 @@
 # Note that the lambda gets the value and not an array with `[key, value]` as in other
 # iterative functions.
 #
-# Using a lambda that accepts two values works the same way, it simply gets the index/key
-# as the first parameter, and the value as the second.
+# Using a lambda that accepts two values works the same way. The lambda gets the index/key
+# as the first parameter and the value as the second parameter.
 #
 # @example Using the `index` function with an Array and a two-parameter lambda
 #

data/lib/puppet/functions/lookup.rb

@@ -97,7 +97,7 @@
 # or `{'strategy' => 'hash'}` --- Same as the string versions of these merge behaviors.
 # * `{'strategy' => 'deep', <DEEP OPTION> => <VALUE>, ...}` --- Same as `'deep'`,
 # but can adjust the merge with additional options. The available options are:
-#     * `'knockout_prefix'` (string or undef) --- A string prefix to indicate a
+#     * `'knockout_prefix'` (string) --- A string prefix to indicate a
 #     value should be _removed_ from the final result. If a value is exactly equal
 #     to the prefix, it will knockout the entire element. Defaults to `undef`, which
 #     disables this feature.

data/lib/puppet/functions/new.rb

@@ -557,7 +557,7 @@
 # @example Simple Conversion to String specifying the format for the given value directly
 #
 # ```puppet
-# $str = String(10, "%#x")    # produces '0x10'
+# $str = String(10, "%#x")    # produces '0xa'
 # $str = String([10], "%(a")  # produces '("10")'
 # ```
 #

data/lib/puppet/functions/regsubst.rb

@@ -20,7 +20,7 @@ Puppet::Functions.create_function(:regsubst) do
   #        - *M*         Multiline regexps
   #        - *G*         Global replacement; all occurrences of the regexp in each target string will be replaced.  Without this, only the first occurrence will be replaced.
   # @param encoding [Enum['N','E','S','U']]
-  #      Deprecated and ignored parameter, only here for compatibility.
+  #      Deprecated and ignored parameter, included only for compatibility.
   # @return [Array[String], String] The result of the substitution. Result type is the same as for the target parameter.
   # @deprecated
   #   This method has the optional encoding parameter, which is ignored.

data/lib/puppet/functions/unique.rb

@@ -65,8 +65,9 @@
 # *first-found* unique value, but for `Hash` it contains associations from a set of keys to the set of values clustered by the
 # equality lambda (or the default value equality if no lambda was given). This makes the `unique` function more versatile for hashes
 # in general, while requiring that the simple computation of "hash's unique set of values" is performed as `$hsh.map |$k, $v| { $v }.unique`.
-# (A unique set of hash keys is in general meaningless (since they are unique by definition) - although if processed with a different
-# lambda for equality that would be different. First map the hash to an array of its keys if such a unique computation is wanted).
+# (Generally, it's meaningless to compute the unique set of hash keys because they are unique by definition. However, the
+# situation can change if the hash keys are processed with a different lambda for equality. For this unique computation,
+# first map the hash to an array of its keys.)
 # If the more advanced clustering is wanted for one of the other data types, simply transform it into a `Hash` as shown in the
 # following example.
 #

data/lib/puppet/functions/yaml_data.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'yaml'
+
 # The `yaml_data` is a hiera 5 `data_hash` data provider function.
 # See [the configuration guide documentation](https://puppet.com/docs/puppet/latest/hiera_config_yaml_5.html#configuring-a-hierarchy-level-built-in-backends) for
 # how to use this function.

data/lib/puppet/interface/action_manager.rb

@@ -19,7 +19,7 @@ module Puppet::Interface::ActionManager
   # @dsl Faces
   def action(name, &block)
     @actions ||= {}
-    Puppet.warning _("Redefining action %{name} for %{self}") % { name: name, self: self } if action?(name)
+    Puppet.debug _("Redefining action %{name} for %{self}") % { name: name, self: self } if action?(name)
 
     action = Puppet::Interface::ActionBuilder.build(self, name, &block)
 

data/lib/puppet/provider/package/pacman.rb

@@ -29,7 +29,7 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
 
   # Checks if a given name is a group
   def self.group?(name)
-    !pacman("-Sg", name).empty?
+    !pacman('--sync', '--groups', name).empty?
   rescue Puppet::ExecutionFailure
     # pacman returns an expected non-zero exit code when the name is not a group
     false
@@ -74,7 +74,7 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
   # returns a hash package => version of installed packages
   def self.get_installed_packages
     packages = {}
-    execpipe([command(:pacman), "-Q"]) do |pipe|
+    execpipe([command(:pacman), "--query"]) do |pipe|
       # pacman -Q output is 'packagename version-rel'
       regex = /^(\S+)\s(\S+)/
       pipe.each_line do |line|
@@ -96,7 +96,7 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
     groups = {}
     begin
       # Build a hash of group name => list of packages
-      command = [command(:pacman), "-Sgg"]
+      command = [command(:pacman), '--sync', '-gg']
       command << filter if filter
       execpipe(command) do |pipe|
         pipe.each_line do |line|
@@ -134,14 +134,14 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
     resource_name = @resource[:name]
 
     # If target is a group, construct the group version
-    return pacman("-Sp", "--print-format", "%n %v", resource_name).lines.map(&:chomp).sort.join(', ') if self.class.group?(resource_name)
+    return pacman("--sync", "--print", "--print-format", "%n %v", resource_name).lines.map(&:chomp).sort.join(', ') if self.class.group?(resource_name)
 
     # Start by querying with pacman first
     # If that fails, retry using yaourt against the AUR
     pacman_check = true
     begin
       if pacman_check
-        output = pacman "-Sp", "--print-format", "%v", resource_name
+        output = pacman "--sync", "--print", "--print-format", "%v", resource_name
         output.chomp
       else
         output = yaourt "-Qma", resource_name
@@ -210,8 +210,8 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
 
     cmd = %w[--noconfirm --noprogressbar]
     cmd += uninstall_options if @resource[:uninstall_options]
-    cmd << "-R"
-    cmd << '-s' if is_group
+    cmd << "--remove"
+    cmd << '--recursive' if is_group
     cmd << '--nosave' if purge_configs
     cmd << resource_name
 
@@ -248,8 +248,7 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
              else
                fail _("Source %{source} is not supported by pacman") % { source: source }
              end
-    pacman "--noconfirm", "--noprogressbar", "-S"
-    pacman "--noconfirm", "--noprogressbar", "-U", source
+    pacman "--noconfirm", "--noprogressbar", "--update", source
   end
 
   def install_from_repo
@@ -260,7 +259,7 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
 
     cmd = %w[--noconfirm --needed --noprogressbar]
     cmd += install_options if @resource[:install_options]
-    cmd << "-S" << resource_name
+    cmd << "--sync" << resource_name
 
     if self.class.yaourt?
       yaourt(*cmd)

data/lib/puppet/reference/configuration.rb

@@ -41,8 +41,14 @@ config = Puppet::Util::Reference.newreference(:configuration, :depth => 1, :doc
       val = '$confdir/hiera.yaml. However, for backwards compatibility, if a file exists at $codedir/hiera.yaml, Puppet uses that instead.'
     when 'certname'
       val = "the Host's fully qualified domain name, as determined by Facter"
+    when 'hostname'
+      val = "(the system's fully qualified hostname)"
+    when 'domain'
+      val = "(the system's own domain)"
     when 'srv_domain'
       val = 'example.com'
+    when 'http_user_agent'
+      val = 'Puppet/<version> Ruby/<version> (<architecture>)'
     end
 
     # Leave out the section information; it was apparently confusing people.
@@ -95,6 +101,5 @@ config.header = <<~EOT
 
   [confguide]: https://puppet.com/docs/puppet/latest/config_about_settings.html
 
-  * * *
 
 EOT

data/lib/puppet/resource/type.rb

@@ -33,6 +33,16 @@ class Puppet::Resource::Type
   DOUBLE_COLON = '::'
   EMPTY_ARRAY = [].freeze
 
+  LOOKAROUND_OPERATORS = {
+    "(" => 'LP',
+    "?" => "QU",
+    "<" => "LT",
+    ">" => "GT",
+    "!" => "EX",
+    "=" => "EQ",
+    ")" => 'RP'
+  }.freeze
+
   attr_accessor :file, :line, :doc, :code, :parent, :resource_type_collection, :override
   attr_reader :namespace, :arguments, :behaves_like, :module_name
 
@@ -196,7 +206,11 @@ class Puppet::Resource::Type
 
   def name
     if type == :node && name_is_regex?
-      "__node_regexp__#{@name.source.downcase.gsub(/[^-\w:.]/, '').sub(/^\.+/, '')}"
+      # Normalize lookarround regex patthern
+      internal_name = @name.source.downcase.gsub(/\(\?[^)]*\)/) do |str|
+        str.gsub(/./) { |ch| LOOKAROUND_OPERATORS[ch] || ch }
+      end
+      "__node_regexp__#{internal_name.gsub(/[^-\w:.]/, '').sub(/^\.+/, '')}"
     else
       @name
     end

data/lib/puppet/settings.rb

@@ -81,11 +81,11 @@ class Puppet::Settings
   end
 
   def self.hostname_fact
-    Puppet.runtime[:facter].value 'networking.hostname'
+    Puppet.runtime[:facter].value('networking.hostname')
   end
 
   def self.domain_fact
-    Puppet.runtime[:facter].value 'networking.domain'
+    Puppet.runtime[:facter].value('networking.domain')
   end
 
   def self.default_config_file_name

data/lib/puppet/transaction/resource_harness.rb

@@ -235,9 +235,13 @@ class Puppet::Transaction::ResourceHarness
   end
 
   def noop(event, param, current_value, audit_message)
-    event.message = param.format(_("current_value %s, should be %s (noop)"),
-                                 param.is_to_s(current_value),
-                                 param.should_to_s(param.should)) + audit_message.to_s
+    if param.sensitive
+      event.message = param.format(_("current_value %s, should be %s (noop)"),
+                                   param.is_to_s(current_value),
+                                   param.should_to_s(param.should)) + audit_message.to_s
+    else
+      event.message = "#{param.change_to_s(current_value, param.should)} (noop)#{audit_message}"
+    end
     event.status = "noop"
   end
 

data/lib/puppet/type/exec.rb

@@ -437,13 +437,12 @@ module Puppet
         actually contain `myfile`, the exec will keep running every time
         Puppet runs.
 
-        This parameter can also take an array of files and the command will
-        not run if **any** of these files exist. For example:
+        This parameter can also take an array of files, and the command will
+        not run if **any** of these files exist. Consider this example:
 
             creates => ['/tmp/file1', '/tmp/file2'],
 
-        will only run the command if both files don't exist.
-
+        The command is only run if both files don't exist.
       EOT
 
       accept_arrays

data/lib/puppet/type/file/checksum.rb

@@ -7,11 +7,13 @@ require_relative '../../../puppet/util/checksums'
 Puppet::Type.type(:file).newparam(:checksum) do
   include Puppet::Util::Checksums
 
+  # The default is defined in Puppet.default_digest_algorithm
   desc "The checksum type to use when determining whether to replace a file's contents.
 
-    The default checksum type is #{Puppet.default_digest_algorithm}."
+    The default checksum type is sha256."
 
-  newvalues(*Puppet::Util::Checksums.known_checksum_types)
+  # The values are defined in Puppet::Util::Checksums.known_checksum_types
+  newvalues(:sha256, :sha256lite, :md5, :md5lite, :sha1, :sha1lite, :sha512, :sha384, :sha224, :mtime, :ctime, :none)
 
   defaultto do
     Puppet[:digest_algorithm].to_sym

data/lib/puppet/type/file/ctime.rb

@@ -2,9 +2,9 @@
 
 module Puppet
   Puppet::Type.type(:file).newproperty(:ctime) do
-    desc %q(A read-only state to check the file ctime. On most modern \*nix-like
+    desc "A read-only state to check the file ctime. On most modern \*nix-like
       systems, this is the time of the most recent change to the owner, group,
-      permissions, or content of the file.)
+      permissions, or content of the file."
 
     def retrieve
       current_value = :absent

data/lib/puppet/type/file/mtime.rb

@@ -2,8 +2,8 @@
 
 module Puppet
   Puppet::Type.type(:file).newproperty(:mtime) do
-    desc %q(A read-only state to check the file mtime. On \*nix-like systems, this
-      is the time of the most recent change to the content of the file.)
+    desc "A read-only state to check the file mtime. On \*nix-like systems, this
+      is the time of the most recent change to the content of the file."
 
     def retrieve
       current_value = :absent

data/lib/puppet/type/file/selcontext.rb

@@ -45,7 +45,7 @@ module Puppet
         return nil
       end
 
-      context = get_selinux_default_context_with_handle(@resource[:path], provider.class.selinux_handle)
+      context = get_selinux_default_context_with_handle(@resource[:path], provider.class.selinux_handle, @resource[:ensure])
       unless context
         return nil
       end
@@ -86,7 +86,7 @@ module Puppet
   end
 
   Puppet::Type.type(:file).newparam(:selinux_ignore_defaults) do
-    desc "If this is set then Puppet will not ask SELinux (via selabel_lookup) to
+    desc "If this is set, Puppet will not call the SELinux function selabel_lookup to
       supply defaults for the SELinux attributes (seluser, selrole,
       seltype, and selrange). In general, you should leave this set at its
       default and only set it to true when you need Puppet to not try to fix
@@ -99,7 +99,7 @@ module Puppet
   Puppet::Type.type(:file).newproperty(:seluser, :parent => Puppet::SELFileContext) do
     desc "What the SELinux user component of the context of the file should be.
       Any valid SELinux user component is accepted.  For example `user_u`.
-      If not specified it defaults to the value returned by selabel_lookup for
+      If not specified, it defaults to the value returned by selabel_lookup for
       the file, if any exists.  Only valid on systems with SELinux support
       enabled."
 
@@ -110,7 +110,7 @@ module Puppet
   Puppet::Type.type(:file).newproperty(:selrole, :parent => Puppet::SELFileContext) do
     desc "What the SELinux role component of the context of the file should be.
       Any valid SELinux role component is accepted.  For example `role_r`.
-      If not specified it defaults to the value returned by selabel_lookup for
+      If not specified, it defaults to the value returned by selabel_lookup for
       the file, if any exists.  Only valid on systems with SELinux support
       enabled."
 
@@ -121,7 +121,7 @@ module Puppet
   Puppet::Type.type(:file).newproperty(:seltype, :parent => Puppet::SELFileContext) do
     desc "What the SELinux type component of the context of the file should be.
       Any valid SELinux type component is accepted.  For example `tmp_t`.
-      If not specified it defaults to the value returned by selabel_lookup for
+      If not specified, it defaults to the value returned by selabel_lookup for
       the file, if any exists.  Only valid on systems with SELinux support
       enabled."
 
@@ -132,7 +132,7 @@ module Puppet
   Puppet::Type.type(:file).newproperty(:selrange, :parent => Puppet::SELFileContext) do
     desc "What the SELinux range component of the context of the file should be.
       Any valid SELinux range component is accepted.  For example `s0` or
-      `SystemHigh`.  If not specified it defaults to the value returned by
+      `SystemHigh`.  If not specified, it defaults to the value returned by
       selabel_lookup for the file, if any exists.  Only valid on systems with
       SELinux support enabled and that have support for MCS (Multi-Category
       Security)."

data/lib/puppet/type/package.rb

@@ -301,12 +301,13 @@ module Puppet
             command  => '/opt/ruby/bin/gem',
           }
 
-        Each provider defines a package management command; and uses the first
+        Each provider defines a package management command and uses the first
         instance of the command found in the PATH.
 
         Providers supporting the targetable feature allow you to specify the
-        absolute path of the package management command; useful when multiple
-        instances of the command are installed, or the command is not in the PATH.
+        absolute path of the package management command. Specifying the absolute
+        path is useful when multiple instances of the command are installed, or
+        the command is not in the PATH.
       EOT
 
       isnamevar

data/lib/puppet/type/user.rb

@@ -231,7 +231,7 @@ module Puppet
         * OS X 10.8 and higher use salted SHA512 PBKDF2 hashes. When managing passwords
           on these systems, the `salt` and `iterations` attributes need to be specified as
           well as the password.
-        * macOS 10.15 and higher require the salt to be 32-bytes. Since Puppet's user
+        * macOS 10.15 and later require the salt to be 32 bytes. Because Puppet's user
           resource requires the value to be hex encoded, the length of the salt's
           string must be 64.
         * Windows passwords can be managed only in cleartext, because there is no Windows

data/lib/puppet/util/checksums.rb

@@ -9,6 +9,7 @@ require 'time'
 module Puppet::Util::Checksums
   module_function
 
+  # If you modify this, update puppet/type/file/checksum.rb too
   KNOWN_CHECKSUMS = [
     :sha256, :sha256lite,
     :md5, :md5lite,

data/lib/puppet/util/profiler/aggregate.rb

@@ -72,11 +72,11 @@ class Puppet::Util::Profiler::Aggregate < Puppet::Util::Profiler::WallClock
 
   class Timer
     def initialize
-      @start = Time.now
+      @start = Process.clock_gettime(Process::CLOCK_MONOTONIC, :float_second)
     end
 
     def stop
-      Time.now - @start
+      Process.clock_gettime(Process::CLOCK_MONOTONIC, :float_second) - @start
     end
   end
 end

data/lib/puppet/util/profiler/wall_clock.rb

@@ -21,11 +21,11 @@ class Puppet::Util::Profiler::WallClock < Puppet::Util::Profiler::Logging
     FOUR_DECIMAL_DIGITS = '%0.4f'
 
     def initialize
-      @start = Time.now
+      @start = Process.clock_gettime(Process::CLOCK_MONOTONIC, :float_second)
     end
 
     def stop
-      @time = Time.now - @start
+      @time = Process.clock_gettime(Process::CLOCK_MONOTONIC, :float_second) - @start
       @time
     end
 

data/lib/puppet/util/reference.rb

@@ -84,7 +84,6 @@ class Puppet::Util::Reference
   def to_markdown(withcontents = true)
     # First the header
     text = markdown_header(@title, 1)
-    text << _("\n\n**This page is autogenerated; any changes will get overwritten**\n\n")
 
     text << @header