puppet 3.4.0 → 3.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e1040b62e492bc1305e35895aa28cc1f19f5469f
-  data.tar.gz: ad790a27fffea01c15e15a165d4c73dc93c39c0e
+  metadata.gz: 68668528e38b1e5f1736b47b3afcb517372ced94
+  data.tar.gz: ff046f6e2a601f59700bbbadf2589be1e6917dcd
 SHA512:
-  metadata.gz: 59cecec6476f5427db8e80433d396e2bc4d741f2fdcce76d2c7644b28ce28b9251354441a7941e42d6ea864416286a0c806ff60855a1f7b357b031805cfb8686
-  data.tar.gz: f57784909b7b81471460e526e61ecc1a9eb18e7370e6b648390239227726d50ad1c6ff66cbe4139fb887769c938b0587cf72c490ba8d49799372e75e77367705
+  metadata.gz: 55b1ffdca0b53888d129366a1932874bc5749dbcc429512c75ed647d42e8312bc5a947b817bed4f26db182e972f0d8cf19d578ff7fc5c368936cc163a2226507
+  data.tar.gz: c38f970a8be8e4c65d9d1015eae0e5a605bf5d2ed6fbeb07cfd206185b73b282c96836051d96d0115319828f0e76df2fb7a26f946efc9f45b72e3443c2bcb04b

data/lib/puppet/file_system/file.rb

@@ -78,6 +78,12 @@ class Puppet::FileSystem::File
     Puppet::FileSystem::File.new(@path.dirname)
   end
 
+  # @return [String] the name of the file
+  # @api public
+  def basename
+    @path.basename.to_s
+  end
+
   # @return [Num] The size of this file
   # @api public
   def size
@@ -258,4 +264,8 @@ class Puppet::FileSystem::File
       FileUtils.compare_stream(this, stream)
     end
   end
+
+  def to_s
+    @path.to_s
+  end
 end

data/lib/puppet/type/file.rb

@@ -713,36 +713,25 @@ Puppet::Type.newtype(:file) do
   def write(property)
     remove_existing(:file)
 
-    use_temporary_file = write_temporary_file?
-    if use_temporary_file
-      path = "#{self[:path]}.puppettmp_#{rand(10000)}"
-      path = "#{self[:path]}.puppettmp_#{rand(10000)}" while Puppet::FileSystem::File.exist?(path) or Puppet::FileSystem::File.new(path).symlink?
-    else
-      path = self[:path]
-    end
+    assumed_default_mode = 0644
 
     mode = self.should(:mode) # might be nil
-    umask = mode ? 000 : 022
-    mode_int = mode ? symbolic_mode_to_int(mode, 0644) : nil
-
-    content_checksum = Puppet::Util.withumask(umask) { ::File.open(path, 'wb', mode_int ) { |f| write_content(f) } }
-
-    # And put our new file in place
-    if use_temporary_file # This is only not true when our file is empty.
-      begin
-        fail_if_checksum_is_wrong(path, content_checksum) if validate_checksum?
-        ::File.rename(path, self[:path])
-      rescue => detail
-        fail "Could not rename temporary file #{path} to #{self[:path]}: #{detail}"
-      ensure
-        # Make sure the created file gets removed
-        Puppet::FileSystem::File.unlink(path) if Puppet::FileSystem::File.exist?(path)
+    mode_int = mode ? symbolic_mode_to_int(mode, assumed_default_mode) : nil
+
+    if write_temporary_file?
+      Puppet::Util.replace_file(self[:path], mode_int) do |file|
+        file.binmode
+        content_checksum = write_content(file)
+        file.flush
+        fail_if_checksum_is_wrong(file.path, content_checksum) if validate_checksum?
       end
+    else
+      umask = mode ? 000 : 022
+      Puppet::Util.withumask(umask) { ::File.open(self[:path], 'wb', mode_int ) { |f| write_content(f) } }
     end
 
     # make sure all of the modes are actually correct
     property_fix
-
   end
 
   private

data/lib/puppet/util.rb

@@ -378,13 +378,16 @@ module Util
   def replace_file(file, default_mode, &block)
     raise Puppet::DevError, "replace_file requires a block" unless block_given?
 
-    unless valid_symbolic_mode?(default_mode)
-      raise Puppet::DevError, "replace_file default_mode: #{default_mode} is invalid"
+    if default_mode
+      unless valid_symbolic_mode?(default_mode)
+        raise Puppet::DevError, "replace_file default_mode: #{default_mode} is invalid"
+      end
+
+      mode = symbolic_mode_to_int(normalize_symbolic_mode(default_mode))
     end
-    mode = symbolic_mode_to_int(normalize_symbolic_mode(default_mode))
 
-    file     = Pathname(file)
-    tempfile = Tempfile.new(file.basename.to_s, file.dirname.to_s)
+    file     = Puppet::FileSystem::File.new(file)
+    tempfile = Tempfile.new(file.basename, file.dir.to_s)
 
     # Set properties of the temporary file before we write the content, because
     # Tempfile doesn't promise to be safe from reading by other people, just
@@ -394,16 +397,21 @@ module Util
     # and specifically handle the platform, which has all sorts of magic.
     # So, unlike Unix, we don't pre-prep security; we use the default "quite
     # secure" tempfile permissions instead.  Magic happens later.
-    unless Puppet.features.microsoft_windows?
+    if !Puppet.features.microsoft_windows?
       # Grab the current file mode, and fall back to the defaults.
-      stat = file.lstat rescue OpenStruct.new(:mode => mode,
-                                              :uid  => Process.euid,
-                                              :gid  => Process.egid)
-
-      # We only care about the bottom four slots, which make the real mode,
-      # and not the rest of the platform stat call fluff and stuff.
-      tempfile.chmod(stat.mode & 07777)
-      tempfile.chown(stat.uid, stat.gid)
+      if file.exist?
+        stat = file.path.lstat
+        tempfile.chown(stat.uid, stat.gid)
+        effective_mode = stat.mode
+      else
+        effective_mode = mode
+      end
+
+      if effective_mode
+        # We only care about the bottom four slots, which make the real mode,
+        # and not the rest of the platform stat call fluff and stuff.
+        tempfile.chmod(effective_mode & 07777)
+      end
     end
 
     # OK, now allow the caller to write the content of the file.
@@ -426,50 +434,26 @@ module Util
     tempfile.close
 
     if Puppet.features.microsoft_windows?
-      # This will appropriately clone the file, but only if the file we are
-      # replacing exists.  Which is kind of annoying; thanks Microsoft.
-      #
-      # So, to avoid getting into an infinite loop we will retry once if the
-      # file doesn't exist, but only the once...
-      have_retried = false
-
-      begin
-        # Yes, the arguments are reversed compared to the rename in the rest
-        # of the world.
-        Puppet::Util::Windows::File.replace_file(file, tempfile.path)
-      rescue Puppet::Util::Windows::Error
-        # This might race, but there are enough possible cases that there
-        # isn't a good, solid "better" way to do this, and the next call
-        # should fail in the same way anyhow.
-        raise if have_retried or Puppet::FileSystem::File.exist?(file)
-        have_retried = true
-
-        # OK, so, we can't replace a file that doesn't exist, so let us put
-        # one in place and set the permissions.  Then we can retry and the
-        # magic makes this all work.
-        #
-        # This is the least-worst option for handling Windows, as far as we
-        # can determine.
-        File.open(file, 'a') do |fh|
-          # this space deliberately left empty for auto-close behaviour,
-          # append mode, and not actually changing any of the content.
+      # Windows ReplaceFile needs a file to exist, so touch handles this
+      if !file.exist?
+        file.touch
+        if mode
+          Puppet::Util::Windows::Security.set_mode(mode, file.path.to_s)
         end
-
-        # Set the permissions to what we want.
-        Puppet::Util::Windows::Security.set_mode(mode, file.to_s)
-
-        # ...and finally retry the operation.
-        retry
       end
+      # Yes, the arguments are reversed compared to the rename in the rest
+      # of the world.
+      Puppet::Util::Windows::File.replace_file(file.path, tempfile.path)
+
     else
-      File.rename(tempfile.path, file.to_s)
+      File.rename(tempfile.path, file.path.to_s)
     end
 
     # Ideally, we would now fsync the directory as well, but Ruby doesn't
     # have support for that, and it doesn't matter /that/ much...
 
     # Return something true, and possibly useful.
-    file
+    file.path
   end
   module_function :replace_file
 

data/lib/puppet/util/windows/access_control_list.rb

@@ -103,4 +103,11 @@ class Puppet::Util::Windows::AccessControlList
     end
     str
   end
+
+  def ==(other)
+    self.class == other.class &&
+      self.to_a == other.to_a
+  end
+
+  alias eql? ==
 end

data/lib/puppet/version.rb

@@ -7,7 +7,7 @@
 
 
 module Puppet
-  PUPPETVERSION = '3.4.0'
+  PUPPETVERSION = '3.4.1'
 
   ##
   # version is a public API method intended to always provide a fast and

data/spec/integration/type/file_spec.rb

@@ -506,20 +506,6 @@ describe Puppet::Type.type(:file) do
       bucket.bucket.getfile(foomd5).should == "fooyay"
       bucket.bucket.getfile(barmd5).should == "baryay"
     end
-
-    it "should propagate failures encountered when renaming the temporary file" do
-      file = described_class.new :path => path, :content => "foo"
-      file.stubs(:perform_backup).returns(true)
-
-      catalog.add_resource file
-
-      File.open(path, "w") { |f| f.print "bar" }
-
-      File.expects(:rename).raises ArgumentError
-
-      expect { file.write(:content) }.to raise_error(Puppet::Error, /Could not rename temporary file/)
-      File.read(path).should == "bar"
-    end
   end
 
   describe "when recursing" do

data/spec/integration/util_spec.rb

@@ -3,6 +3,8 @@
 require 'spec_helper'
 
 describe Puppet::Util do
+  include PuppetSpec::Files
+
   describe "#execute" do
     it "should properly allow stdout and stderr to share a file" do
       command = "ruby -e '(1..10).each {|i| (i%2==0) ? $stdout.puts(i) : $stderr.puts(i)}'"
@@ -25,5 +27,50 @@ describe Puppet::Util do
       expect { Puppet::Util::Execution.execute(command) }.to raise_error(Puppet::ExecutionFailure, /Execution of '#{command}' returned 43: /)
       $CHILD_STATUS.exitstatus.should == 43
     end
+
+    it "replace_file should preserve original ACEs from existing replaced file on Windows",
+      :if => Puppet.features.microsoft_windows? do
+
+      file = tmpfile("somefile")
+      FileUtils.touch(file)
+
+      admins = 'S-1-5-32-544'
+      dacl = Puppet::Util::Windows::AccessControlList.new
+      dacl.allow(admins, Windows::File::FILE_ALL_ACCESS)
+      protect = true
+      expected_sd = Puppet::Util::Windows::SecurityDescriptor.new(admins, admins, dacl, protect)
+      Puppet::Util::Windows::Security.set_security_descriptor(file, expected_sd)
+
+      ignored_mode = 0644
+      Puppet::Util.replace_file(file, ignored_mode) do |temp_file|
+        ignored_sd = Puppet::Util::Windows::Security.get_security_descriptor(temp_file.path)
+        users = 'S-1-5-11'
+        ignored_sd.dacl.allow(users, Windows::File::FILE_GENERIC_READ)
+        Puppet::Util::Windows::Security.set_security_descriptor(temp_file.path, ignored_sd)
+      end
+
+      replaced_sd = Puppet::Util::Windows::Security.get_security_descriptor(file)
+
+      replaced_sd.dacl.should == expected_sd.dacl
+    end
+
+    it "replace_file should use reasonable default ACEs on a new file on Windows",
+      :if => Puppet.features.microsoft_windows? do
+
+      dir = tmpdir('DACL_playground')
+      sibling_path = File.join(dir, 'sibling_file')
+      FileUtils.touch(sibling_path)
+
+      expected_sd = Puppet::Util::Windows::Security.get_security_descriptor(sibling_path)
+
+      new_file_path = File.join(dir, 'new_file')
+
+      ignored_mode = nil
+      Puppet::Util.replace_file(new_file_path, ignored_mode) { |tmp_file| }
+
+      new_sd = Puppet::Util::Windows::Security.get_security_descriptor(new_file_path)
+
+      new_sd.dacl.should == expected_sd.dacl
+    end
   end
 end

data/spec/unit/type/file_spec.rb

@@ -1066,35 +1066,6 @@ describe Puppet::Type.type(:file) do
   end
 
   describe "#write" do
-    it "should propagate failures encountered when renaming the temporary file" do
-      File.stubs(:open)
-      File.expects(:rename).raises ArgumentError
-
-      file[:backup] = 'puppet'
-
-      file.stubs(:validate_checksum?).returns(false)
-
-      property = stub('content_property', :actual_content => "something", :length => "something".length)
-      file.stubs(:property).with(:content).returns(property)
-
-      expect { file.write(:content) }.to raise_error(Puppet::Error)
-    end
-
-    it "should delegate writing to the content property" do
-      filehandle = stub_everything 'fh'
-      File.stubs(:open).yields(filehandle)
-      File.stubs(:rename)
-      property = stub('content_property', :actual_content => "something", :length => "something".length)
-      file[:backup] = 'puppet'
-
-      file.stubs(:validate_checksum?).returns(false)
-      file.stubs(:property).with(:content).returns(property)
-
-      property.expects(:write).with(filehandle)
-
-      file.write(:content)
-    end
-
     describe "when validating the checksum" do
       before { file.stubs(:validate_checksum?).returns(true) }
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppet
 version: !ruby/object:Gem::Version
-  version: 3.4.0
+  version: 3.4.1
 platform: ruby
 authors:
 - Puppet Labs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-12-19 00:00:00.000000000 Z
+date: 2013-12-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter