headers
wearetherobots | 1 Sep 2011 06:15

(puppetlabs/puppet) New pull request: (#9167) Do not sent tagmail reports if no changes

Greetings!

Please review the pull request #88: (#9167) Do not sent tagmail reports if no changes opened by (khightower)

Some more information about the pull request:

  • Opened: Thu Sep 01 04:04:17 UTC 2011
  • Based on: puppetlabs:2.6.x (e4bb85af3216473e82a263f41c39c34489940276)
  • Requested merge: khightower:bug/2.6.x/9167 (6b91139a511f8788aca61e6433be2f73a4664d28)

Description:

Prevent Puppet Master from sending tagmail reports if the status of the
puppet run is "unchanged".

Thanks!
The Pull Request Bot

Diff follows:

diff --git a/lib/puppet/reports/tagmail.rb b/lib/puppet/reports/tagmail.rb index e17143e..e873c89 100644 --- a/lib/puppet/reports/tagmail.rb +++ b/lib/puppet/reports/tagmail.rb <at> <at> -104,6 +104,11 <at> <at> Puppet::Reports.register_report(:tagmail) do # Process the report. This just calls the other associated messages. def process + # Do not send the email report if nothing changed. + if self.status == "unchanged" + Puppet.info "Not sending tagmail report; no changes" + return + end unless FileTest.exists?(Puppet[:tagmap]) Puppet.notice "Cannot send tagmail report; no tagmap file #{Puppet[:tagmap]}" return diff --git a/spec/unit/reports/tagmail_spec.rb b/spec/unit/reports/tagmail_spec.rb index 1dadfc7..a3621a9 100755 --- a/spec/unit/reports/tagmail_spec.rb +++ b/spec/unit/reports/tagmail_spec.rb <at> <at> -92,4 +92,8 <at> <at> describe tagmail do results.should be_nil end end + + describe "when there are no changes" do + it "should not send an email" + end end

--
You received this message because you are subscribed to the Google Groups "Puppet Developers" group.
To post to this group, send email to puppet-dev <at> googlegroups.com.
To unsubscribe from this group, send email to puppet-dev+unsubscribe <at> googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
Permalink | Reply | 0 comments |
headers
wearetherobots | 1 Sep 2011 06:15

(puppetlabs/puppet) Closed pull request: (#9167) Do not sent tagmail reports if no changes

Greetings!

On Thu Sep 01 04:01:57 UTC 2011 pull request #60 was closed.

(#9167) Do not sent tagmail reports if no changes requested by (khightower)

Thanks!
The Pull Request Bot

--
You received this message because you are subscribed to the Google Groups "Puppet Developers" group.
To post to this group, send email to puppet-dev <at> googlegroups.com.
To unsubscribe from this group, send email to puppet-dev+unsubscribe <at> googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
Permalink | Reply | 0 comments |
headers
Trevor Vaughan | 1 Sep 2011 11:20

Re: Re: (puppetlabs/puppet) New pull request: (#8986) Don't su when creating SSH authorized_keys


ssh_authorized_keys can be owned by anyone.

Think of how git works. The file is owned by git/gitosis/whatever, but you log in as yourself. This is the
whole point of ssh_authorized_keys and one
way that it can be abused.

In my tests, SSH doesn't care one way or the other who it's owned by so long as it's not world writable.

Trevor

On 08/30/2011 06:27 PM, Kelsey Hightower wrote:
> One use case where it may not be desirable to have users own the keys
> is in centralized ssh key setups backed by LDAP and PAM
> authentication. In this specific case all keys are stored in a central
> location such as /etc/ssh-public-keys/*.pub. The keys are only read by
> PAM (root) during the authentication phase.
> 

--

-- 
Trevor Vaughan
 Vice President, Onyx Point, Inc.
 email: tvaughan <at> onyxpoint.com
 phone: 410-541-ONYX (6699)
 pgp: 0x6C701E94

-- This account not approved for unencrypted sensitive information --
Attachment (tvaughan.vcf): text/x-vcard, 254 bytes
Permalink | Reply | 3 comments |
headers
Trevor Vaughan | 1 Sep 2011 12:27

Re: Re: (puppetlabs/puppet) New pull request: (#8986) Don't su when creating SSH authorized_keys


Isn't it wonderful when you sound like a complete idiot on a public forum?

So, lesson #1 is to not post before the morning caffeine.

That said, I just re-tested this on Fedora 15 and SSH doesn't care if the authorized_keys file is owned by the
user or root. It does, however, care if
it's owned by a different user.

So, I would like to change this request to allow the key to be owned by either the user or root (which was the
purpose of my original request anyway).

Thanks!

Trevor

On 09/01/2011 05:20 AM, Trevor Vaughan wrote:
> ssh_authorized_keys can be owned by anyone.
> 
> Think of how git works. The file is owned by git/gitosis/whatever, but you log in as yourself. This is the
whole point of ssh_authorized_keys and one
> way that it can be abused.
> 
> In my tests, SSH doesn't care one way or the other who it's owned by so long as it's not world writable.
> 
> Trevor
> 
> On 08/30/2011 06:27 PM, Kelsey Hightower wrote:
>> One use case where it may not be desirable to have users own the keys
>> is in centralized ssh key setups backed by LDAP and PAM
>> authentication. In this specific case all keys are stored in a central
>> location such as /etc/ssh-public-keys/*.pub. The keys are only read by
>> PAM (root) during the authentication phase.
> 
> 

--

-- 
Trevor Vaughan
 Vice President, Onyx Point, Inc.
 email: tvaughan <at> onyxpoint.com
 phone: 410-541-ONYX (6699)
 pgp: 0x6C701E94

-- This account not approved for unencrypted sensitive information --
Attachment (tvaughan.vcf): text/x-vcard, 267 bytes
Permalink | Reply | 2 comments |
headers
wearetherobots | 1 Sep 2011 17:30

(puppetlabs/puppet) New pull request: Gemfile, created while trying to set up this to run on Windows

Greetings!

Please review the pull request #89: Gemfile, created while trying to set up this to run on Windows opened by (haf)

Some more information about the pull request:

  • Opened: Thu Sep 01 15:25:21 UTC 2011
  • Based on: puppetlabs:master (86f47191cc4d9f4fc9416804559548e1b924286a)
  • Requested merge: haf:master (b21a61579a2ecb01f6d3ca4b109027895b4e0267)

Description:

started hacking at getting a Gemfile up so that I can try this out in Windows without having to remember all dependencies. btw, tests are failing and I can't install win32-service through bundler, because it won't compile in the git bash

Thanks!
The Pull Request Bot

Diff follows:

diff --git a/.gitignore b/.gitignore index a208237..5e09b51 100644 --- a/.gitignore +++ b/.gitignore <at> <at> -1,3 +1,5 <at> <at> .rspec results .*.sw[op] +dev/ +windows/ \ No newline at end of file diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..dfdc391 --- /dev/null +++ b/Gemfile <at> <at> -0,0 +1,16 <at> <at> +source "http://rubygems.org" + +gem "rake" + +group :windows do + gem "sys-admin" + gem "win32-process" + gem "win32-dir" + gem "win32-service", "~> 0.7.1", :platforms => :mswin +end + +group :dev do + gem "mocha" + gem "rspec" + gem "facter" +end \ No newline at end of file diff --git a/README.md b/README.md index 2d67c01..3543c8f 100644 --- a/README.md +++ b/README.md <at> <at> -32,6 +32,8 <at> <at> Generally, you need the following things installed: * Facter => 1.5.1 (available via your package manager or from the [Facter site](http://puppetlabs.com/projects/facter). + * For Windows development, run `bundle install windows` + License ------- diff --git a/Rakefile b/Rakefile index e59d20a..98e3cd7 100644 --- a/Rakefile +++ b/Rakefile <at> <at> -36,6 +36,14 <at> <at> Rake::PackageTask.new("puppet", Puppet::PUPPETVERSION) do |pkg| end task :default do + processor, platform, *rest = RUBY_PLATFORM.split("-") + require 'bundler' + if platform == 'mswin32' then + Bundler.require(:default, :windows) + else + Bundler.require + end + sh %{rake -T} end <at> <at> -49,5 +57,7 <at> <at> end desc "Run the unit tests" task :unit do + require 'bundler' + Bundler.require(:dev) Dir.chdir("test") { sh "rake" } end

--
You received this message because you are subscribed to the Google Groups "Puppet Developers" group.
To post to this group, send email to puppet-dev <at> googlegroups.com.
To unsubscribe from this group, send email to puppet-dev+unsubscribe <at> googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
Permalink | Reply | 0 comments |
headers
Ricky Zhou | 1 Sep 2011 19:50

[PATCH] SELinux module headers are always little endian.

selmodule’s check of selinux module files fails on non-little endian
machines (like PPC), as it reads in the file headers using the native
byte order (selinux module headers are always in little endian).

---
 lib/puppet/provider/selmodule/semodule.rb |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/lib/puppet/provider/selmodule/semodule.rb b/lib/puppet/provider/selmodule/semodule.rb
index 6419715..506b8f3 100644
--- a/lib/puppet/provider/selmodule/semodule.rb
+++ b/lib/puppet/provider/selmodule/semodule.rb
 <at>  <at>  -83,7 +83,7  <at>  <at>  Puppet::Type.type(:selmodule).provide(:semodule) do
     filename = selmod_name_to_filename
     mod = File.new(filename, "r")

-    (hdr, ver, numsec) = mod.read(12).unpack('LLL')
+    (hdr, ver, numsec) = mod.read(12).unpack('VVV')

     raise Puppet::Error, "Found #{hdr} instead of magic #{magic} in #{filename}" if hdr != magic

--

-- 
1.7.6
Permalink | Reply | 0 comments |
headers
wearetherobots | 1 Sep 2011 20:30

(puppetlabs/puppet) Closed pull request: (#8413) Properly clean up stale pidfile on Windows

Greetings!

On Thu Sep 01 18:24:55 UTC 2011 pull request #74 was closed.

(#8413) Properly clean up stale pidfile on Windows requested by (nicklewis)

The pull request was merged by: joshcooper

Thanks!
The Pull Request Bot

--
You received this message because you are subscribed to the Google Groups "Puppet Developers" group.
To post to this group, send email to puppet-dev <at> googlegroups.com.
To unsubscribe from this group, send email to puppet-dev+unsubscribe <at> googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
Permalink | Reply | 0 comments |
headers
wearetherobots | 1 Sep 2011 21:00

(puppetlabs/puppet) New pull request: (#8413) Only try to catch Process::Error if it's defined

Greetings!

Please review the pull request #90: (#8413) Only try to catch Process::Error if it's defined opened by (nicklewis)

Some more information about the pull request:

  • Opened: Thu Sep 01 18:54:17 UTC 2011
  • Based on: puppetlabs:2.7.x (2af580256d2b451b004f780f8b70fa3a31e37a6c)
  • Requested merge: nicklewis:fix-pidlock-removal-failure (f7e526b86a015a63995a3300a3d438f3f3b4272f)

Description:

This error class is only defined when using the win32-process gem on
Windows. So rather than always trying to rescue Process::Error (which of
course causes its own error), we build a list of classes to rescue,
which initially only contains Errno::ESRCH, and add Process::Error if
it exists.

Thanks!
The Pull Request Bot

Diff follows:

diff --git a/lib/puppet/util/pidlock.rb b/lib/puppet/util/pidlock.rb index 066f66e..fcf0cf2 100644 --- a/lib/puppet/util/pidlock.rb +++ b/lib/puppet/util/pidlock.rb <at> <at> -59,9 +59,13 <at> <at> class Puppet::Util::Pidlock def clear_if_stale return if lock_pid.nil? + errors = [Errno::ESRCH] + # Process::Error can only happen, and is only defined, on Windows + errors << Process::Error if defined? Process::Error + begin Process.kill(0, lock_pid) - rescue Errno::ESRCH, Process::Error + rescue *errors File.unlink( <at> lockfile) end end

--
You received this message because you are subscribed to the Google Groups "Puppet Developers" group.
To post to this group, send email to puppet-dev <at> googlegroups.com.
To unsubscribe from this group, send email to puppet-dev+unsubscribe <at> googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
Permalink | Reply | 1 comment |
headers
wearetherobots | 1 Sep 2011 21:30

(puppetlabs/puppet) Closed pull request: (#8413) Only try to catch Process::Error if it's defined

Greetings!

On Thu Sep 01 19:18:29 UTC 2011 pull request #90 was closed.

(#8413) Only try to catch Process::Error if it's defined requested by (nicklewis)

The pull request was merged by: joshcooper

Thanks!
The Pull Request Bot

--
You received this message because you are subscribed to the Google Groups "Puppet Developers" group.
To post to this group, send email to puppet-dev <at> googlegroups.com.
To unsubscribe from this group, send email to puppet-dev+unsubscribe <at> googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
Permalink | Reply | 0 comments |
headers
Daniel Pittman | 1 Sep 2011 22:43
Gravatar

Re: (puppetlabs/puppet) New pull request: (#8413) Only try to catch Process::Error if it's defined

On Thu, Sep 1, 2011 at 12:00,  <wearetherobots <at> puppetlabs.com> wrote:
> Greetings!
>
> Please review the pull request #90: (#8413) Only try to catch Process::Error
> if it's defined opened by (nicklewis)
>
> Some more information about the pull request:
>
> Opened: Thu Sep 01 18:54:17 UTC 2011
> Based on: puppetlabs:2.7.x (2af580256d2b451b004f780f8b70fa3a31e37a6c)
> Requested merge: nicklewis:fix-pidlock-removal-failure
> (f7e526b86a015a63995a3300a3d438f3f3b4272f)
>
> Description:
>
> This error class is only defined when using the win32-process gem on
> Windows. So rather than always trying to rescue Process::Error (which of
> course causes its own error), we build a list of classes to rescue,
> which initially only contains Errno::ESRCH, and add Process::Error if
> it exists.
>
> Thanks!
> The Pull Request Bot
>
> Diff follows:
>
> diff --git a/lib/puppet/util/pidlock.rb b/lib/puppet/util/pidlock.rb
> index 066f66e..fcf0cf2 100644
> --- a/lib/puppet/util/pidlock.rb
> +++ b/lib/puppet/util/pidlock.rb
>  <at>  <at>  -59,9 +59,13  <at>  <at>  class Puppet::Util::Pidlock
>    def clear_if_stale
>      return if lock_pid.nil?
>
> +    errors = [Errno::ESRCH]
> +    # Process::Error can only happen, and is only defined, on Windows
> +    errors << Process::Error if defined? Process::Error
> +

Can we do that statically, rather than making the same check *every*
time we pass through this process?  A constant somewhere, built at
load time, seems like a decent trade-off to me?

Daniel
-- 
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons

--

-- 
You received this message because you are subscribed to the Google Groups "Puppet Developers" group.
To post to this group, send email to puppet-dev <at> googlegroups.com.
To unsubscribe from this group, send email to puppet-dev+unsubscribe <at> googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
Permalink | Reply | 0 comments |

Gmane