debian/0000755000000000000000000000000013237366373007203 5ustar debian/puppetmaster.postinst0000644000000000000000000000003712301355777013536 0ustar #!/bin/sh set -e #DEBHELPER# debian/puppet-common.preinst0000644000000000000000000000224112301355777013410 0ustar #!/bin/sh # preinst script for puppet-common # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `install' # * `install' # * `upgrade' # * `abort-upgrade' # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package disable_puppet_agent() { mkdir -p /var/lib/puppet/state tmp_lockfile=$(mktemp /var/lib/puppet/state/agent_disabled.lock.XXXXXXXX) lockfile=/var/lib/puppet/state/agent_disabled.lock printf '{"disabled_message":"Disabled by default on new installations"}' \ > $tmp_lockfile mv $tmp_lockfile $lockfile } case "$1" in install) # disable the puppet agent on the first install if [ -z "$2" ]; then disable_puppet_agent fi ;; upgrade) ;; abort-upgrade) ;; *) echo "preinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/puppet.postrm0000644000000000000000000000213012301355777011757 0ustar #!/bin/sh # postrm script for puppet # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `purge' # * `upgrade' # * `failed-upgrade' # * `abort-install' # * `abort-install' # * `abort-upgrade' # * `disappear' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) if dpkg-maintscript-helper supports rm_conffile; then dpkg-maintscript-helper rm_conffile \ /etc/default/puppet 3.2.3-1 puppet -- "$@" fi ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/tests/0000755000000000000000000000000012301355777010342 5ustar debian/tests/control0000644000000000000000000000011712301355777011744 0ustar Tests: run-tests Depends: puppetmaster-passenger,perl Restrictions: needs-root debian/tests/02.puppetmaster-passenger.t0000755000000000000000000000177312301355777015500 0ustar #!/bin/sh test_description="puppetmaster-passenger" . ./sharness.sh test_token='82cc6efd-19e3-4f20-9ca8-58364f8a10d0' server=$(facter fqdn) tempfile=$(tempfile) setup_puppet_conf() { cat > /etc/puppet/puppet.conf < /etc/puppet/manifests/site.pp < present, content => '${test_token}', } } EOF } test_expect_success "setup puppet.conf" " setup_puppet_conf " test_expect_success "setup site.pp" " setup_site_pp " test_expect_success "run puppet agent" " test_expect_code 2 puppet agent --test --detailed-exitcodes " test_expect_success "puppet should have added token to file" " grep -q $test_token $tempfile " test_done debian/tests/01.puppet-agent.t0000755000000000000000000000052512301355777013364 0ustar #!/bin/sh test_description="puppet agent" . ./sharness.sh lockfile=/var/lib/puppet/state/agent_disabled.lock test_expect_success "lock file present" " test -e ${lockfile} " test_expect_success "enable puppet agent" " puppet agent --enable " test_expect_success "lock file removed" " test_must_fail test -e ${lockfile} " test_done debian/tests/run-tests0000755000000000000000000000017512301355777012237 0ustar #!/bin/sh cd "$(dirname $0)" if [ -z "${ADTTMP:-}" ]; then tempdir="$(mktemp -d --suffix=.autopkgtest)" fi prove -v *.t debian/tests/sharness.sh0000644000000000000000000004411112301355777012525 0ustar #!/bin/sh # # Copyright (c) 2011-2012 Mathias Lafeldt # Copyright (c) 2005-2012 Git project # Copyright (c) 2005-2012 Junio C Hamano # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see http://www.gnu.org/licenses/ . # Public: Current version of Sharness. SHARNESS_VERSION="0.3.0" export SHARNESS_VERSION # Public: The file extension for tests. By default, it is set to "t". : ${SHARNESS_TEST_EXTENSION:=t} export SHARNESS_TEST_EXTENSION # Keep the original TERM for say_color ORIGINAL_TERM=$TERM # For repeatability, reset the environment to a known state. LANG=C LC_ALL=C PAGER=cat TZ=UTC TERM=dumb EDITOR=: export LANG LC_ALL PAGER TZ TERM EDITOR unset VISUAL CDPATH GREP_OPTIONS # Line feed LF=' ' [ "x$ORIGINAL_TERM" != "xdumb" ] && ( TERM=$ORIGINAL_TERM && export TERM && [ -t 1 ] && tput bold >/dev/null 2>&1 && tput setaf 1 >/dev/null 2>&1 && tput sgr0 >/dev/null 2>&1 ) && color=t while test "$#" -ne 0; do case "$1" in -d|--d|--de|--deb|--debu|--debug) debug=t; shift ;; -i|--i|--im|--imm|--imme|--immed|--immedi|--immedia|--immediat|--immediate) immediate=t; shift ;; -l|--l|--lo|--lon|--long|--long-|--long-t|--long-te|--long-tes|--long-test|--long-tests) TEST_LONG=t; export TEST_LONG; shift ;; -h|--h|--he|--hel|--help) help=t; shift ;; -v|--v|--ve|--ver|--verb|--verbo|--verbos|--verbose) verbose=t; shift ;; -q|--q|--qu|--qui|--quie|--quiet) # Ignore --quiet under a TAP::Harness. Saying how many tests # passed without the ok/not ok details is always an error. test -z "$HARNESS_ACTIVE" && quiet=t; shift ;; --no-color) color=; shift ;; --root=*) root=$(expr "z$1" : 'z[^=]*=\(.*\)') shift ;; *) echo "error: unknown test option '$1'" >&2; exit 1 ;; esac done if test -n "$color"; then say_color() { ( TERM=$ORIGINAL_TERM export TERM case "$1" in error) tput bold; tput setaf 1;; # bold red skip) tput setaf 4;; # blue warn) tput setaf 3;; # brown/yellow pass) tput setaf 2;; # green info) tput setaf 6;; # cyan *) test -n "$quiet" && return;; esac shift printf "%s" "$*" tput sgr0 echo ) } else say_color() { test -z "$1" && test -n "$quiet" && return shift printf "%s\n" "$*" } fi error() { say_color error "error: $*" EXIT_OK=t exit 1 } say() { say_color info "$*" } test -n "$test_description" || error "Test script did not set test_description." if test "$help" = "t"; then echo "$test_description" exit 0 fi exec 5>&1 exec 6<&0 if test "$verbose" = "t"; then exec 4>&2 3>&1 else exec 4>/dev/null 3>/dev/null fi test_failure=0 test_count=0 test_fixed=0 test_broken=0 test_success=0 die() { code=$? if test -n "$EXIT_OK"; then exit $code else echo >&5 "FATAL: Unexpected exit with code $code" exit 1 fi } EXIT_OK= trap 'die' EXIT # Public: Define that a test prerequisite is available. # # The prerequisite can later be checked explicitly using test_have_prereq or # implicitly by specifying the prerequisite name in calls to test_expect_success # or test_expect_failure. # # $1 - Name of prerequiste (a simple word, in all capital letters by convention) # # Examples # # # Set PYTHON prerequisite if interpreter is available. # command -v python >/dev/null && test_set_prereq PYTHON # # # Set prerequisite depending on some variable. # test -z "$NO_GETTEXT" && test_set_prereq GETTEXT # # Returns nothing. test_set_prereq() { satisfied_prereq="$satisfied_prereq$1 " } satisfied_prereq=" " # Public: Check if one or more test prerequisites are defined. # # The prerequisites must have previously been set with test_set_prereq. # The most common use of this is to skip all the tests if some essential # prerequisite is missing. # # $1 - Comma-separated list of test prerequisites. # # Examples # # # Skip all remaining tests if prerequisite is not set. # if ! test_have_prereq PERL; then # skip_all='skipping perl interface tests, perl not available' # test_done # fi # # Returns 0 if all prerequisites are defined or 1 otherwise. test_have_prereq() { # prerequisites can be concatenated with ',' save_IFS=$IFS IFS=, set -- $* IFS=$save_IFS total_prereq=0 ok_prereq=0 missing_prereq= for prerequisite; do case "$prerequisite" in !*) negative_prereq=t prerequisite=${prerequisite#!} ;; *) negative_prereq= esac total_prereq=$(($total_prereq + 1)) case "$satisfied_prereq" in *" $prerequisite "*) satisfied_this_prereq=t ;; *) satisfied_this_prereq= esac case "$satisfied_this_prereq,$negative_prereq" in t,|,t) ok_prereq=$(($ok_prereq + 1)) ;; *) # Keep a list of missing prerequisites; restore # the negative marker if necessary. prerequisite=${negative_prereq:+!}$prerequisite if test -z "$missing_prereq"; then missing_prereq=$prerequisite else missing_prereq="$prerequisite,$missing_prereq" fi esac done test $total_prereq = $ok_prereq } # You are not expected to call test_ok_ and test_failure_ directly, use # the text_expect_* functions instead. test_ok_() { test_success=$(($test_success + 1)) say_color "" "ok $test_count - $@" } test_failure_() { test_failure=$(($test_failure + 1)) say_color error "not ok $test_count - $1" shift echo "$@" | sed -e 's/^/# /' test "$immediate" = "" || { EXIT_OK=t; exit 1; } } test_known_broken_ok_() { test_fixed=$(($test_fixed + 1)) say_color error "ok $test_count - $@ # TODO known breakage vanished" } test_known_broken_failure_() { test_broken=$(($test_broken + 1)) say_color warn "not ok $test_count - $@ # TODO known breakage" } # Public: Execute commands in debug mode. # # Takes a single argument and evaluates it only when the test script is started # with --debug. This is primarily meant for use during the development of test # scripts. # # $1 - Commands to be executed. # # Examples # # test_debug "cat some_log_file" # # Returns the exit code of the last command executed in debug mode or 0 # otherwise. test_debug() { test "$debug" = "" || eval "$1" } test_eval_() { # This is a separate function because some tests use # "return" to end a test_expect_success block early. eval &3 2>&4 "$*" } test_run_() { test_cleanup=: expecting_failure=$2 test_eval_ "$1" eval_ret=$? if test -z "$immediate" || test $eval_ret = 0 || test -n "$expecting_failure"; then test_eval_ "$test_cleanup" fi if test "$verbose" = "t" && test -n "$HARNESS_ACTIVE"; then echo "" fi return "$eval_ret" } test_skip_() { test_count=$(($test_count + 1)) to_skip= for skp in $SKIP_TESTS; do case $this_test.$test_count in $skp) to_skip=t break esac done if test -z "$to_skip" && test -n "$test_prereq" && ! test_have_prereq "$test_prereq"; then to_skip=t fi case "$to_skip" in t) of_prereq= if test "$missing_prereq" != "$test_prereq"; then of_prereq=" of $test_prereq" fi say_color skip >&3 "skipping test: $@" say_color skip "ok $test_count # skip $1 (missing $missing_prereq${of_prereq})" : true ;; *) false ;; esac } # Public: Run test commands and expect them to succeed. # # When the test passed, an "ok" message is printed and the number of successful # tests is incremented. When it failed, a "not ok" message is printed and the # number of failed tests is incremented. # # With --immediate, exit test immediately upon the first failed test. # # Usually takes two arguments: # $1 - Test description # $2 - Commands to be executed. # # With three arguments, the first will be taken to be a prerequisite: # $1 - Comma-separated list of test prerequisites. The test will be skipped if # not all of the given prerequisites are set. To negate a prerequisite, # put a "!" in front of it. # $2 - Test description # $3 - Commands to be executed. # # Examples # # test_expect_success \ # 'git-write-tree should be able to write an empty tree.' \ # 'tree=$(git-write-tree)' # # # Test depending on one prerequisite. # test_expect_success TTY 'git --paginate rev-list uses a pager' \ # ' ... ' # # # Multiple prerequisites are separated by a comma. # test_expect_success PERL,PYTHON 'yo dawg' \ # ' test $(perl -E 'print eval "1 +" . qx[python -c "print 2"]') == "4" ' # # Returns nothing. test_expect_success() { test "$#" = 3 && { test_prereq=$1; shift; } || test_prereq= test "$#" = 2 || error "bug in the test script: not 2 or 3 parameters to test_expect_success" export test_prereq if ! test_skip_ "$@"; then say >&3 "expecting success: $2" if test_run_ "$2"; then test_ok_ "$1" else test_failure_ "$@" fi fi echo >&3 "" } # Public: Run test commands and expect them to fail. Used to demonstrate a known # breakage. # # This is NOT the opposite of test_expect_success, but rather used to mark a # test that demonstrates a known breakage. # # When the test passed, an "ok" message is printed and the number of fixed tests # is incremented. When it failed, a "not ok" message is printed and the number # of tests still broken is incremented. # # Failures from these tests won't cause --immediate to stop. # # Usually takes two arguments: # $1 - Test description # $2 - Commands to be executed. # # With three arguments, the first will be taken to be a prerequisite: # $1 - Comma-separated list of test prerequisites. The test will be skipped if # not all of the given prerequisites are set. To negate a prerequisite, # put a "!" in front of it. # $2 - Test description # $3 - Commands to be executed. # # Returns nothing. test_expect_failure() { test "$#" = 3 && { test_prereq=$1; shift; } || test_prereq= test "$#" = 2 || error "bug in the test script: not 2 or 3 parameters to test_expect_failure" export test_prereq if ! test_skip_ "$@"; then say >&3 "checking known breakage: $2" if test_run_ "$2" expecting_failure; then test_known_broken_ok_ "$1" else test_known_broken_failure_ "$1" fi fi echo >&3 "" } # Public: Run command and ensure that it fails in a controlled way. # # Use it instead of "! ". For example, when dies due to a # segfault, test_must_fail diagnoses it as an error, while "! " would # mistakenly be treated as just another expected failure. # # This is one of the prefix functions to be used inside test_expect_success or # test_expect_failure. # # $1.. - Command to be executed. # # Examples # # test_expect_success 'complain and die' ' # do something && # do something else && # test_must_fail git checkout ../outerspace # ' # # Returns 1 if the command succeeded (exit code 0). # Returns 1 if the command died by signal (exit codes 130-192) # Returns 1 if the command could not be found (exit code 127). # Returns 0 otherwise. test_must_fail() { "$@" exit_code=$? if test $exit_code = 0; then echo >&2 "test_must_fail: command succeeded: $*" return 1 elif test $exit_code -gt 129 -a $exit_code -le 192; then echo >&2 "test_must_fail: died by signal: $*" return 1 elif test $exit_code = 127; then echo >&2 "test_must_fail: command not found: $*" return 1 fi return 0 } # Public: Run command and ensure that it succeeds or fails in a controlled way. # # Similar to test_must_fail, but tolerates success too. Use it instead of # " || :" to catch failures caused by a segfault, for instance. # # This is one of the prefix functions to be used inside test_expect_success or # test_expect_failure. # # $1.. - Command to be executed. # # Examples # # test_expect_success 'some command works without configuration' ' # test_might_fail git config --unset all.configuration && # do something # ' # # Returns 1 if the command died by signal (exit codes 130-192) # Returns 1 if the command could not be found (exit code 127). # Returns 0 otherwise. test_might_fail() { "$@" exit_code=$? if test $exit_code -gt 129 -a $exit_code -le 192; then echo >&2 "test_might_fail: died by signal: $*" return 1 elif test $exit_code = 127; then echo >&2 "test_might_fail: command not found: $*" return 1 fi return 0 } # Public: Run command and ensure it exits with a given exit code. # # This is one of the prefix functions to be used inside test_expect_success or # test_expect_failure. # # $1 - Expected exit code. # $2.. - Command to be executed. # # Examples # # test_expect_success 'Merge with d/f conflicts' ' # test_expect_code 1 git merge "merge msg" B master # ' # # Returns 0 if the expected exit code is returned or 1 otherwise. test_expect_code() { want_code=$1 shift "$@" exit_code=$? if test $exit_code = $want_code; then return 0 fi echo >&2 "test_expect_code: command exited with $exit_code, we wanted $want_code $*" return 1 } # Public: Compare two files to see if expected output matches actual output. # # The TEST_CMP variable defines the command used for the comparision; it # defaults to "diff -u". Only when the test script was started with --verbose, # will the command's output, the diff, be printed to the standard output. # # This is one of the prefix functions to be used inside test_expect_success or # test_expect_failure. # # $1 - Path to file with expected output. # $2 - Path to file with actual output. # # Examples # # test_expect_success 'foo works' ' # echo expected >expected && # foo >actual && # test_cmp expected actual # ' # # Returns the exit code of the command set by TEST_CMP. test_cmp() { ${TEST_CMP:-diff -u} "$@" } # Public: Schedule cleanup commands to be run unconditionally at the end of a # test. # # If some cleanup command fails, the test will not pass. With --immediate, no # cleanup is done to help diagnose what went wrong. # # This is one of the prefix functions to be used inside test_expect_success or # test_expect_failure. # # $1.. - Commands to prepend to the list of cleanup commands. # # Examples # # test_expect_success 'test core.capslock' ' # git config core.capslock true && # test_when_finished "git config --unset core.capslock" && # do_something # ' # # Returns the exit code of the last cleanup command executed. test_when_finished() { test_cleanup="{ $* } && (exit \"\$eval_ret\"); eval_ret=\$?; $test_cleanup" } # Public: Summarize test results and exit with an appropriate error code. # # Must be called at the end of each test script. # # Can also be used to stop tests early and skip all remaining tests. For this, # set skip_all to a string explaining why the tests were skipped before calling # test_done. # # Examples # # # Each test script must call test_done at the end. # test_done # # # Skip all remaining tests if prerequisite is not set. # if ! test_have_prereq PERL; then # skip_all='skipping perl interface tests, perl not available' # test_done # fi # # Returns 0 if all tests passed or 1 if there was a failure. test_done() { EXIT_OK=t if test -z "$HARNESS_ACTIVE"; then test_results_dir="$SHARNESS_TEST_DIRECTORY/test-results" mkdir -p "$test_results_dir" test_results_path="$test_results_dir/${SHARNESS_TEST_FILE%.$SHARNESS_TEST_EXTENSION}.$$.counts" cat >>"$test_results_path" <<-EOF total $test_count success $test_success fixed $test_fixed broken $test_broken failed $test_failure EOF fi if test "$test_fixed" != 0; then say_color error "# $test_fixed known breakage(s) vanished; please update test(s)" fi if test "$test_broken" != 0; then say_color warn "# still have $test_broken known breakage(s)" fi if test "$test_broken" != 0 || test "$test_fixed" != 0; then test_remaining=$(( $test_count - $test_broken - $test_fixed )) msg="remaining $test_remaining test(s)" else test_remaining=$test_count msg="$test_count test(s)" fi case "$test_failure" in 0) # Maybe print SKIP message if test -n "$skip_all" && test $test_count -gt 0; then error "Can't use skip_all after running some tests" fi [ -z "$skip_all" ] || skip_all=" # SKIP $skip_all" if test $test_remaining -gt 0; then say_color pass "# passed all $msg" fi say "1..$test_count$skip_all" test -d "$remove_trash" && cd "$(dirname "$remove_trash")" && rm -rf "$(basename "$remove_trash")" exit 0 ;; *) say_color error "# failed $test_failure among $msg" say "1..$test_count" exit 1 ;; esac } # Public: Root directory containing tests. Tests can override this variable, # e.g. for testing Sharness itself. : ${SHARNESS_TEST_DIRECTORY:=$(pwd)} export SHARNESS_TEST_DIRECTORY # Public: Build directory that will be added to PATH. By default, it is set to # the parent directory of SHARNESS_TEST_DIRECTORY. : ${SHARNESS_BUILD_DIRECTORY:="$SHARNESS_TEST_DIRECTORY/.."} PATH="$SHARNESS_BUILD_DIRECTORY:$PATH" export PATH SHARNESS_BUILD_DIRECTORY # Public: Path to test script currently executed. SHARNESS_TEST_FILE="$0" export SHARNESS_TEST_FILE # Prepare test area. test_dir="trash directory.$(basename "$SHARNESS_TEST_FILE" ".$SHARNESS_TEST_EXTENSION")" test -n "$root" && test_dir="$root/$test_dir" case "$test_dir" in /*) SHARNESS_TRASH_DIRECTORY="$test_dir" ;; *) SHARNESS_TRASH_DIRECTORY="$SHARNESS_TEST_DIRECTORY/$test_dir" ;; esac test "$debug" = "t" || remove_trash="$SHARNESS_TRASH_DIRECTORY" rm -rf "$test_dir" || { EXIT_OK=t echo >&5 "FATAL: Cannot prepare test area" exit 1 } # Public: Empty trash directory, the test area, provided for each test. The HOME # variable is set to that directory too. export SHARNESS_TRASH_DIRECTORY HOME="$SHARNESS_TRASH_DIRECTORY" export HOME mkdir -p "$test_dir" || exit 1 # Use -P to resolve symlinks in our working directory so that the cwd # in subprocesses like git equals our $PWD (for pathname comparisons). cd -P "$test_dir" || exit 1 this_test=${SHARNESS_TEST_FILE##*/} this_test=${this_test%.$SHARNESS_TEST_EXTENSION} for skp in $SKIP_TESTS; do case "$this_test" in $skp) say_color info >&3 "skipping test $this_test altogether" skip_all="skip all tests in $this_test" test_done esac done # vi: set ts=4 sw=4 noet : debian/puppet-common.NEWS0000644000000000000000000000205612301355777012504 0ustar puppet (0.25.4-3) unstable; urgency=low The pluginsync=true option is no longer set in the default puppet.conf that is distributed with the package. There is a spurious error that is thrown when this is enabled, and you have no plugins. Most people will eventually want this enabled, however for a new puppet installation it tends to scare people. Given the security implications of pluginsync (it can append to anything in RUBYLIB, not just puppet/facter related things), it is better to have it off by default, and let you decide when you want it enabled. -- Micah Anderson Mon, 15 Mar 2010 18:01:15 -0400 puppet (0.25.4-2) unstable; urgency=low The default location of the puppet template directory has been moved to /etc/puppet/templates from /var/lib/puppet/templates. If you use templates in your manifests, please either set "templatedir" in /etc/puppet/puppet.conf to the old location, or move your templates to the new location. -- Stig Sandbeck Mathisen Sun, 14 Feb 2010 15:33:30 +0100 debian/puppet-common.lintian-overrides0000644000000000000000000000034012301355777015360 0ustar # Man pages are automatically generated, not much to do here puppet-common binary: manpage-has-bad-whatis-entry # puppet manifests many use puppet as interpreter puppet-common binary: example-unusual-interpreter * #!puppet debian/puppetmaster.install0000644000000000000000000000006012301355777013315 0ustar debian/puppetmaster.service /lib/systemd/system debian/README.Debian0000644000000000000000000000063712301355777011247 0ustar puppet for Debian ------------------ To enable the puppet agent after installation, run "puppet agent --enable" The default puppet configuration in Debian will automatically integrate with etckeeper if etckeeper is installed. puppet will automatically commit any changes made to files in /etc via etckeeper before and after its run. -- Stig Sandbeck Mathisen , Mon, 5 Aug 2013 23:36:19 +0200 debian/rules0000755000000000000000000000224312301355777010261 0ustar #!/usr/bin/make -f # -*- makefile -*- # Verbose mode export DH_VERBOSE=1 %: dh $@ --with=systemd override_dh_installinit: dh_installinit -ppuppetmaster dh_installinit --name=puppetqd dh_installinit -ppuppet --error-handler=true -- defaults 21 override_dh_auto_install: ./install.rb --destdir=debian/tmp --sitelibdir=/usr/lib/ruby/vendor_ruby --ruby=/usr/bin/ruby rm -vfr debian/tmp/usr/lib/ruby/vendor_ruby/puppet/vendor/safe_yaml/ override_dh_install: dh_install --fail-missing -Xusr/share/man mv debian/puppetmaster-passenger/usr/share/puppetmaster-passenger/example-passenger-vhost.conf \ debian/puppetmaster-passenger/usr/share/puppetmaster-passenger/apache2.site.conf.tmpl chmod 755 debian/puppet-common/etc/puppet/etckeeper-commit-post chmod 755 debian/puppet-common/etc/puppet/etckeeper-commit-pre override_dh_installlogcheck: ln ext/logcheck/puppet debian/puppet-common.logcheck.ignore.server dh_installlogcheck override_dh_installexamples: dh_installexamples find debian/puppet-common/usr/share/doc/puppet-common/examples -type f -print0 | \ xargs -r -0 chmod 644 override_dh_clean: dh_clean debian/puppet-common.logcheck.ignore.server metadata.yml debian/puppet-common.postinst0000644000000000000000000000244512301355777013615 0ustar #!/bin/sh set -e if [ "$1" = "configure" ]; then # Create the "puppet" user if ! getent passwd puppet > /dev/null; then adduser --quiet --system --group --home /var/lib/puppet \ --no-create-home \ --gecos "Puppet configuration management daemon" \ puppet fi # Create the "puppet" group, if it is missing, and set the # primary group of the "puppet" user to this group. if ! getent group puppet > /dev/null; then addgroup --quiet --system puppet usermod -g puppet puppet fi # Set correct permissions and ownership for puppet directories if ! dpkg-statoverride --list /var/log/puppet >/dev/null 2>&1; then dpkg-statoverride --update --add puppet puppet 0750 /var/log/puppet fi if ! dpkg-statoverride --list /var/lib/puppet >/dev/null 2>&1; then dpkg-statoverride --update --add puppet puppet 0750 /var/lib/puppet fi # Create folders common to "puppet" and "puppetmaster", which need # to be owned by the "puppet" user install --owner puppet --group puppet --directory \ /var/lib/puppet/state # Handle if [ -d /etc/puppet/ssl ] && [ ! -e /var/lib/puppet/ssl ] && grep -q 'ssldir=/var/lib/puppet/ssl' /etc/puppet/puppet.conf; then mv /etc/puppet/ssl /var/lib/puppet/ssl fi fi #DEBHELPER# debian/puppetmaster-common.install0000644000000000000000000000010512301355777014603 0ustar /etc/puppet/auth.conf /etc/puppet debian/fileserver.conf /etc/puppet debian/puppetmaster-passenger.install0000644000000000000000000000020012301355777015276 0ustar ext/rack/example-passenger-vhost.conf /usr/share/puppetmaster-passenger ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd debian/puppetmaster.logrotate0000644000000000000000000000027712506531627013656 0ustar /var/log/puppet/masterhttp.log { missingok notifempty create 0644 puppet puppet compress rotate 4 postrotate pkill -USR2 -u puppet -f "puppet master" || true endscript } debian/puppetmaster.init0000644000000000000000000000400712464513576012622 0ustar #! /bin/sh ### BEGIN INIT INFO # Provides: puppetmaster # Required-Start: $network $named $remote_fs $syslog # Required-Stop: $network $named $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: puppet master # Description: The puppet master accepts connections from puppet agents, # compiles manifests into catalogs for them, acts as a file # server and report server. ### END INIT INFO PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/bin/puppet DAEMON_OPTS="" NAME=master DESC="puppet master" test -x $DAEMON || exit 0 [ -r /etc/default/puppetmaster ] && . /etc/default/puppetmaster . /lib/lsb/init-functions if [ ! -d /var/run/puppet ]; then mkdir -p /var/run/puppet fi chown puppet:puppet /var/run/puppet is_true() { if [ "x$1" = "xtrue" -o "x$1" = "xyes" -o "x$1" = "x0" ] ; then return 0 else return 1 fi } start_puppet_master() { if is_true "$START" ; then start-stop-daemon --start --quiet --pidfile /var/run/puppet/${NAME}.pid \ --startas $DAEMON -- $NAME $DAEMON_OPTS else echo "" echo "puppetmaster not configured to start, please edit /etc/default/puppetmaster to enable" fi } stop_puppet_master() { start-stop-daemon --stop --retry TERM/10/KILL/5 --quiet --oknodo --pidfile /var/run/puppet/${NAME}.pid } status_puppet_master() { status_of_proc -p "/var/run/puppet/${NAME}.pid" "${DAEMON}" "${NAME}" } case "$1" in start) log_begin_msg "Starting $DESC" start_puppet_master log_end_msg $? ;; stop) log_begin_msg "Stopping $DESC" stop_puppet_master log_end_msg $? ;; reload) # Do nothing, as Puppetmaster rechecks its config automatically ;; status) status_puppet_master ;; restart|force-reload) log_begin_msg "Restarting $DESC" stop_puppet_master start_puppet_master log_end_msg $? ;; *) echo "Usage: $0 {start|stop|status|restart|force-reload}" >&2 exit 1 ;; esac debian/puppetmaster-passenger.postrm0000644000000000000000000000241412301355777015165 0ustar #!/bin/sh set -e sitename="puppetmaster" # Can be removed when we only support apache >= 2.4 restart_apache2() { if [ -x "/etc/init.d/apache2" ]; then # Seems that a restart is needed. reload breaks ssl apparently. if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then invoke-rc.d apache2 restart || exit $? else /etc/init.d/apache2 restart || exit $? fi fi } case "$1" in purge) if dpkg-statoverride --list /usr/share/puppet/rack/puppetmasterd/config.ru >/dev/null 2>&1 then dpkg-statoverride --remove /usr/share/puppet/rack/puppetmasterd/config.ru fi # Remove the puppetmaster site configuration on purge rm -f /etc/apache2/sites-available/${sitename}.conf ;; remove) # Disable the puppetmaster apache2 site configuration on package removal if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then . /usr/share/apache2/apache2-maintscript-helper apache2_invoke dissite "${sitename}" else a2dissite puppetmaster restart_apache2 fi ;; upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 esac #DEBHELPER# exit 0 debian/puppet-common.tmpfile0000644000000000000000000000004312301355777013362 0ustar d /run/puppet 0755 puppet root - - debian/vim-puppet.yaml0000644000000000000000000000023712301355777012174 0ustar addon: puppet description: "Syntax highlighting for puppet" files: - ftdetect/puppet.vim - ftplugin/puppet.vim - indent/puppet.vim - syntax/puppet.vim debian/control0000644000000000000000000001714512506531704010604 0ustar Source: puppet Section: admin Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Puppet Package Maintainers Uploaders: Micah Anderson , Andrew Pollock , Nigel Kersten , Stig Sandbeck Mathisen Build-Depends: debhelper (>= 9~), dh-systemd, facter, rake, Standards-Version: 3.9.5 Vcs-Git: git://anonscm.debian.org/pkg-puppet/puppet.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-puppet/puppet.git Homepage: http://projects.puppetlabs.com/projects/puppet XS-Testsuite: autopkgtest Package: puppet-common Architecture: all Depends: ${misc:Depends}, adduser, facter, ruby-augeas, ruby-hiera, lsb-base, ruby | ruby-interpreter, ruby-safe-yaml, ruby-shadow, sysv-rc | file-rc, Recommends: debconf-utils, lsb-release, ruby-rgen, Suggests: ruby-selinux, ruby-rrd | librrd-ruby Breaks: puppet (<< 2.7.5-3), puppetmaster (<< 0.25.4-1), ruby-hiera-puppet Replaces: puppet (<< 2.7.5-3), puppetmaster (<< 0.25.4-1), ruby-hiera-puppet Description: Centralized configuration management Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. . Puppet's simple declarative specification language provides powerful classing abilities for drawing out the similarities between hosts while allowing them to be as specific as necessary, and it handles dependency and prerequisite relationships between objects clearly and explicitly. . This package contains the puppet software and documentation. For the startup scripts needed to run the puppet agent and master, see the "puppet" and "puppetmaster" packages, respectively. Package: puppet Architecture: all Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, puppet-common (= ${binary:Version}), ruby | ruby-interpreter, Suggests: puppet-el, vim-puppet, etckeeper Description: Centralized configuration management - agent startup and compatibility scripts This package contains the startup script and compatbility scripts for the puppet agent, which is the process responsible for configuring the local node. . Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. . Puppet's simple declarative specification language provides powerful classing abilities for drawing out the similarities between hosts while allowing them to be as specific as necessary, and it handles dependency and prerequisite relationships between objects clearly and explicitly. Package: puppetmaster-common Architecture: all Depends: ${misc:Depends}, lsb-base, puppet-common (= ${binary:Version}), ruby | ruby-interpreter, Breaks: puppet (<< 0.24.7-1), puppetmaster (<< 2.7.6-1~) Replaces: puppet (<< 0.24.7-1), puppetmaster (<< 2.7.6-1~) Suggests: apache2 | nginx, puppet-el, ruby-ldap, ruby-stomp, stompserver, vim-puppet, Description: Puppet master common scripts This package contains common scripts for the puppet master, which is the server hosting manifests and files for the puppet nodes. . Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. . Puppet's simple declarative specification language provides powerful classing abilities for drawing out the similarities between hosts while allowing them to be as specific as necessary, and it handles dependency and prerequisite relationships between objects clearly and explicitly. Package: puppetmaster Architecture: all Depends: ${misc:Depends}, puppetmaster-common (= ${source:Version}), ruby | ruby-interpreter, Breaks: puppet (<< 0.24.7-1) Replaces: puppet (<< 0.24.7-1) Description: Centralized configuration management - master startup and compatibility scripts This package contains the startup and compatibility scripts for the puppet master, which is the server hosting manifests and files for the puppet nodes. . Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. . Puppet's simple declarative specification language provides powerful classing abilities for drawing out the similarities between hosts while allowing them to be as specific as necessary, and it handles dependency and prerequisite relationships between objects clearly and explicitly. Package: puppetmaster-passenger Architecture: all Depends: ${misc:Depends}, apache2, libapache2-mod-passenger, lsb-base, puppetmaster-common (= ${source:Version}), ruby | ruby-interpreter, Breaks: puppetmaster (<< 2.6.1~rc2-1) Replaces: puppetmaster (<< 2.6.1~rc2-1) Description: Centralised configuration management - master setup to run under mod passenger This package provides a puppetmaster running under mod passenger. This configuration offers better performance and scalability. . Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. . Puppet's simple declarative specification language provides powerful classing abilities for drawing out the similarities between hosts while allowing them to be as specific as necessary, and it handles dependency and prerequisite relationships between objects clearly and explicitly. Package: vim-puppet Architecture: all Depends: ${misc:Depends} Recommends: vim-addon-manager Breaks: puppet (<< 0.25.4-1) Replaces: puppet (<< 0.25.4-1) Description: syntax highlighting for puppet manifests in vim The vim-puppet package provides filetype detection and syntax highlighting for puppet manifests (files ending with ".pp"). . As per the Debian vim policy, installed addons are not activated automatically, but the "vim-addon-manager" tool can be used for this purpose. Package: puppet-el Architecture: all Depends: ${misc:Depends}, emacsen-common Breaks: puppet (<< 0.25.4-1) Replaces: puppet (<< 0.25.4-1) Description: syntax highlighting for puppet manifests in emacs The puppet-el package provides syntax highlighting for puppet manifests (files ending with (".pp"). . As per the Debian emacs policy, installed addons are activated automatically. Package: puppet-testsuite Architecture: all Depends: ${misc:Depends}, git-core, lsb-base, puppet-common (= ${source:Version}), ruby | ruby-interpreter, ruby-ldap, ruby-mocha, ruby-rack, ruby-rspec, ruby-sqlite3, Recommends: cron, ruby-rgen, Suggests: ruby Description: Centralized configuration management - test suite This package provides all the tests from the upstream puppet source code. The tests are used for improving the QA of the puppet package. . Tests are installed under /usr/share/puppet-testsuite, and can be performed using "rake unit" in that directory. debian/watch0000644000000000000000000000015412301355777010231 0ustar version=3 opts=pgpsigurlmangle=s/$/.asc/ \ http://downloads.puppetlabs.com/puppet/ puppet-([0-9\.]+).tar.gz debian/puppet-common.manpages0000644000000000000000000000147612301355777013530 0ustar debian/extlookup2hiera.1 man/man5/puppet.conf.5 man/man8/puppet.8 man/man8/puppet-agent.8 man/man8/puppet-apply.8 man/man8/puppet-catalog.8 man/man8/puppet-cert.8 man/man8/puppet-certificate.8 man/man8/puppet-certificate_request.8 man/man8/puppet-certificate_revocation_list.8 man/man8/puppet-config.8 man/man8/puppet-describe.8 man/man8/puppet-device.8 man/man8/puppet-doc.8 man/man8/puppet-facts.8 man/man8/puppet-file.8 man/man8/puppet-filebucket.8 man/man8/puppet-help.8 man/man8/puppet-inspect.8 man/man8/puppet-key.8 man/man8/puppet-kick.8 man/man8/puppet-man.8 man/man8/puppet-master.8 man/man8/puppet-node.8 man/man8/puppet-parser.8 man/man8/puppet-plugin.8 man/man8/puppet-queue.8 man/man8/puppet-report.8 man/man8/puppet-resource.8 man/man8/puppet-resource_type.8 man/man8/puppet-secret_agent.8 man/man8/puppet-status.8 debian/puppet-common.examples0000644000000000000000000000001312301355777013535 0ustar examples/* debian/etckeeper-commit-pre0000644000000000000000000000040012301355777013136 0ustar #!/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin which etckeeper > /dev/null 2>&1 || exit 0 etckeeper commit "saving uncommitted changes in /etc prior to puppet catalog run" # Failure of etckeeper should not be fatal. exit 0 debian/puppet-el.emacsen-startup0000644000000000000000000000034512301355777014152 0ustar ;; -*-emacs-lisp-*- ;; ;; Emacs startup file for the Debian GNU/Linux puppet-el package (autoload 'puppet-mode "puppet-mode" "Major mode for editing puppet manifests") (add-to-list 'auto-mode-alist '("\\.pp$" . puppet-mode)) debian/patches/0000755000000000000000000000000013237366223010624 5ustar debian/patches/CVE-2017-10689-2.patch0000644000000000000000000000255613237366223013505 0ustar From 983154f7e29a2a50d416d889a6fed012b9b12399 Mon Sep 17 00:00:00 2001 From: Josh Cooper Date: Tue, 6 Feb 2018 15:36:14 -0800 Subject: [PATCH] (maint) Use Integer instead of Fixnum Fixnum and Bignum are deprecated, use Integer instead. --- lib/puppet/module_tool/tar/mini.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Index: puppet-3.4.3/lib/puppet/module_tool/tar/mini.rb =================================================================== --- puppet-3.4.3.orig/lib/puppet/module_tool/tar/mini.rb 2018-02-09 13:46:41.442970734 -0500 +++ puppet-3.4.3/lib/puppet/module_tool/tar/mini.rb 2018-02-09 13:46:41.442970734 -0500 @@ -46,7 +46,7 @@ class Puppet::ModuleTool::Tar::Mini stats[:mode] = EXECUTABLE elsif stats.key?(:entry) old_mode = stats[:entry].instance_variable_get(:@mode) - if old_mode.is_a?(Fixnum) + if old_mode.is_a?(Integer) stats[:entry].instance_variable_set(:@mode, EXECUTABLE) end end @@ -65,7 +65,7 @@ class Puppet::ModuleTool::Tar::Mini elsif stats.key?(:entry) old_mode = stats[:entry].instance_variable_get(:@mode) # If the user can execute the file, set 0755, otherwise 0644. - if old_mode.is_a?(Fixnum) + if old_mode.is_a?(Integer) new_mode = sanitized_mode(old_mode) stats[:entry].instance_variable_set(:@mode, new_mode) end debian/patches/series0000644000000000000000000000033113237366220012033 0ustar 0001-Do-not-require-rubygems.patch 0002-Set-passenger-puppet-master-document-root.patch 0003-fix-puppet-master-logcheck-rule.patch CVE-2014-3248.patch CVE-2017-2295.patch CVE-2017-10689-1.patch CVE-2017-10689-2.patch debian/patches/0001-Do-not-require-rubygems.patch0000644000000000000000000000102412301355777016670 0ustar From: Stig Sandbeck Mathisen Date: Fri, 20 Dec 2013 08:52:29 +0100 Subject: Do not require rubygems --- spec/spec_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 49fa482..a71f0cb 100755 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -14,7 +14,7 @@ rescue LoadError end require 'puppet' -gem 'rspec', '>=2.0.0' +require 'rspec' require 'rspec/expectations' # So everyone else doesn't have to include this base constant. debian/patches/CVE-2017-2295.patch0000644000000000000000000000750713114273057013255 0ustar Backport of: From 06d8c51367ca932b9da5d9b01958cfc0adf0f2ea Mon Sep 17 00:00:00 2001 From: Josh Cooper Date: Fri, 28 Apr 2017 12:09:11 -0700 Subject: [PATCH] (PUP-7483) Reject all fact formats except PSON Previously, an authenticated user could cause the master to execute YAML.load on user-specified input, as well as MessagePack.unpack if the msgpack gem was installed. Since 3.2.2, agents have always sent facts as PSON. There is no reason to support other formats, so reject all fact formats except PSON. --- lib/puppet/indirector/catalog/compiler.rb | 6 +++-- spec/unit/indirector/catalog/compiler_spec.rb | 36 ++++++++++++++++++++++++--- 2 files changed, 36 insertions(+), 6 deletions(-) Index: puppet-3.4.3/lib/puppet/indirector/catalog/compiler.rb =================================================================== --- puppet-3.4.3.orig/lib/puppet/indirector/catalog/compiler.rb 2017-06-02 10:27:51.039331140 -0400 +++ puppet-3.4.3/lib/puppet/indirector/catalog/compiler.rb 2017-06-02 10:28:39.283665948 -0400 @@ -22,9 +22,11 @@ class Puppet::Resource::Catalog::Compile # in Network::HTTP::Handler will automagically deserialize the value. if text_facts.is_a?(Puppet::Node::Facts) facts = text_facts - else + elsif format == 'pson' # We unescape here because the corrosponding code in Puppet::Configurer::FactHandler escapes - facts = Puppet::Node::Facts.convert_from(format, CGI.unescape(text_facts)) + facts = Puppet::Node::Facts.convert_from('pson', CGI.unescape(text_facts)) + else + raise ArgumentError, "Unsupported facts format" end unless facts.name == request.key Index: puppet-3.4.3/spec/unit/indirector/catalog/compiler_spec.rb =================================================================== --- puppet-3.4.3.orig/spec/unit/indirector/catalog/compiler_spec.rb 2017-06-02 10:27:51.039331140 -0400 +++ puppet-3.4.3/spec/unit/indirector/catalog/compiler_spec.rb 2017-06-02 10:27:51.035331113 -0400 @@ -140,10 +140,10 @@ describe Puppet::Resource::Catalog::Comp @facts = Puppet::Node::Facts.new('hostname', "fact" => "value", "architecture" => "i386") end - def a_request_that_contains(facts) + def a_request_that_contains(facts, format = :pson) request = Puppet::Indirector::Request.new(:catalog, :find, "hostname", nil) - request.options[:facts_format] = "pson" - request.options[:facts] = CGI.escape(facts.render(:pson)) + request.options[:facts_format] = format.to_s + request.options[:facts] = CGI.escape(facts.render(format)) request end @@ -165,13 +165,41 @@ describe Puppet::Resource::Catalog::Comp facts.timestamp.should == now end - it "should convert the facts into a fact instance and save it" do + it "accepts PSON facts" do request = a_request_that_contains(@facts) Puppet::Node::Facts.indirection.expects(:save).with(equals(@facts)) @compiler.extract_facts_from_request(request) end + + it "rejects YAML facts" do + request = a_request_that_contains(@facts, :yaml) + + options = { + :environment => request.environment, + :transaction_uuid => request.options[:transaction_uuid], + } + + expect { + @compiler.extract_facts_from_request(request) + }.to raise_error(ArgumentError, /Unsupported facts format/) + end + + it "rejects unknown fact formats" do + request = a_request_that_contains(@facts) + request.options[:facts_format] = 'unknown-format' + + options = { + :environment => request.environment, + :transaction_uuid => request.options[:transaction_uuid], + } + + expect { + @compiler.extract_facts_from_request(request) + }.to raise_error(ArgumentError, /Unsupported facts format/) + end + end describe "when finding nodes" do debian/patches/0002-Set-passenger-puppet-master-document-root.patch0000644000000000000000000000175212301355777022355 0ustar From: Stig Sandbeck Mathisen Date: Fri, 20 Dec 2013 08:52:29 +0100 Subject: Set passenger puppet master document root Forwarded: not-needed Bug-Debian: http://bugs.debian.org/662866 --- ext/rack/example-passenger-vhost.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/rack/example-passenger-vhost.conf b/ext/rack/example-passenger-vhost.conf index 860e6f3..ddbfae0 100644 --- a/ext/rack/example-passenger-vhost.conf +++ b/ext/rack/example-passenger-vhost.conf @@ -40,9 +40,9 @@ Listen 8140 RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e - DocumentRoot /etc/puppet/rack/public/ + DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ RackBaseURI / - + Options None AllowOverride None Order allow,deny debian/patches/CVE-2014-3248.patch0000644000000000000000000000175613114272736013254 0ustar From 1d1e1eac451fdd277ff1601b3fb635dcb713c7be Mon Sep 17 00:00:00 2001 From: Peter Huene Date: Tue, 6 May 2014 12:49:59 -0700 Subject: [PATCH] (PUP-2478) Remove current directory from Ruby load path. The current directory ('.') is on the load path for Ruby 1.8.7. This is a security vulnerability as it allows arbitrary code loading if users create ruby source files with names that correspond to those that puppet is trying to load. The fix is to explicitly remove '.' from the load path before any code is loaded by puppet. --- bin/puppet | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bin/puppet b/bin/puppet index c0307029161..c80174f601b 100755 --- a/bin/puppet +++ b/bin/puppet @@ -1,4 +1,8 @@ #!/usr/bin/env ruby +# For security reasons, ensure that '.' is not on the load path +# This is primarily for 1.8.7 since 1.9.2+ doesn't put '.' on the load path +$LOAD_PATH.delete '.' + require 'puppet/util/command_line' Puppet::Util::CommandLine.new.execute debian/patches/CVE-2017-10689-1.patch0000644000000000000000000001265213237366047013506 0ustar Backport of: From 17d9e02da3882e44c1876e2805cf9708481715ee Mon Sep 17 00:00:00 2001 From: Scott McClellan Date: Fri, 20 Oct 2017 19:23:10 -0500 Subject: [PATCH] (PUP-7866) Reset permissions when unpacking tar in PMT When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created with weird permissions. This change sets the permissions upon unpacking the tar. --- lib/puppet/module_tool/tar/mini.rb | 61 +++++++++++++++++++++++++++++++--- spec/unit/module_tool/tar/mini_spec.rb | 39 +++++++++++++++++++--- 2 files changed, 91 insertions(+), 9 deletions(-) Index: puppet-3.4.3/lib/puppet/module_tool/tar/mini.rb =================================================================== --- puppet-3.4.3.orig/lib/puppet/module_tool/tar/mini.rb 2018-02-09 13:39:25.514658367 -0500 +++ puppet-3.4.3/lib/puppet/module_tool/tar/mini.rb 2018-02-09 13:41:41.678756179 -0500 @@ -7,24 +7,77 @@ class Puppet::ModuleTool::Tar::Mini Zlib::GzipReader.open(sourcefile) do |reader| Archive::Tar::Minitar.unpack(reader, destdir) do |action, name, stats| case action - when :file_done - File.chmod(0444, "#{destdir}/#{name}") - when :dir, :file_start + when :dir validate_entry(destdir, name) + set_dir_mode!(stats) + Puppet.debug("Extracting: #{destdir}/#{name}") + when :file_start + # Octal string of the old file mode. + validate_entry(destdir, name) + set_file_mode!(stats) Puppet.debug("extracting #{destdir}/#{name}") end + set_default_user_and_group!(stats) + stats end end end def pack(sourcedir, destfile) Zlib::GzipWriter.open(destfile) do |writer| - Archive::Tar::Minitar.pack(sourcedir, writer) + Archive::Tar::Minitar.pack(sourcedir, writer) do |step, name, stats| + # TODO smcclellan 2017-10-31 Set permissions here when this yield block + # executes before the header is written. As it stands, the `stats` + # argument isn't mutable in a way that will effect the desired mode for + # the file. + end end end private + EXECUTABLE = 0755 + NOT_EXECUTABLE = 0644 + USER_EXECUTE = 0100 + + def set_dir_mode!(stats) + if stats.key?(:mode) + # This is only the case for `pack`, so this code will not run. + stats[:mode] = EXECUTABLE + elsif stats.key?(:entry) + old_mode = stats[:entry].instance_variable_get(:@mode) + if old_mode.is_a?(Fixnum) + stats[:entry].instance_variable_set(:@mode, EXECUTABLE) + end + end + end + + # Sets a file mode to 0755 if the file is executable by the user. + # Sets a file mode to 0644 if the file mode is set (non-Windows). + def sanitized_mode(old_mode) + old_mode & USER_EXECUTE != 0 ? EXECUTABLE : NOT_EXECUTABLE + end + + def set_file_mode!(stats) + if stats.key?(:mode) + # This is only the case for `pack`, so this code will not run. + stats[:mode] = sanitized_mode(stats[:mode]) + elsif stats.key?(:entry) + old_mode = stats[:entry].instance_variable_get(:@mode) + # If the user can execute the file, set 0755, otherwise 0644. + if old_mode.is_a?(Fixnum) + new_mode = sanitized_mode(old_mode) + stats[:entry].instance_variable_set(:@mode, new_mode) + end + end + end + + # Sets UID and GID to 0 for standardization. + def set_default_user_and_group!(stats) + stats[:uid] = 0 + stats[:gid] = 0 + end + def validate_entry(destdir, path) if Pathname.new(path).absolute? raise Puppet::ModuleTool::Errors::InvalidPathInPackageError, Index: puppet-3.4.3/spec/unit/module_tool/tar/mini_spec.rb =================================================================== --- puppet-3.4.3.orig/spec/unit/module_tool/tar/mini_spec.rb 2018-02-09 13:39:25.514658367 -0500 +++ puppet-3.4.3/spec/unit/module_tool/tar/mini_spec.rb 2018-02-09 13:44:23.350872003 -0500 @@ -8,10 +8,17 @@ describe Puppet::ModuleTool::Tar::Mini, let(:destfile) { '/the/dest/file.tar.gz' } let(:minitar) { described_class.new('nginx') } - it "unpacks a tar file" do - unpacks_the_entry(:file_start, 'thefile') + class MockFileStatEntry + def initialize(mode = 0100) + @mode = mode + end + end + + it "unpacks a tar file with correct permissions" do + entry = unpacks_the_entry(:file_start, 'thefile') minitar.unpack(sourcefile, destdir, 'uid') + expect(entry.instance_variable_get(:@mode)).to eq(0755) end it "does not allow an absolute path" do @@ -45,15 +52,19 @@ describe Puppet::ModuleTool::Tar::Mini, writer = mock('GzipWriter') Zlib::GzipWriter.expects(:open).with(destfile).yields(writer) - Archive::Tar::Minitar.expects(:pack).with(sourcedir, writer) + stats = {:mode => 0222} + Archive::Tar::Minitar.expects(:pack).with(sourcedir, writer).yields(:file_start, 'abc', stats) minitar.pack(sourcedir, destfile) end - def unpacks_the_entry(type, name) + def unpacks_the_entry(type, name, mode = 0100) reader = mock('GzipReader') Zlib::GzipReader.expects(:open).with(sourcefile).yields(reader) - Archive::Tar::Minitar.expects(:unpack).with(reader, destdir).yields(type, name, nil) + entry = MockFileStatEntry.new(mode) + Archive::Tar::Minitar.expects(:unpack).with(reader, destdir, [name]). + yields(type, name, {:entry => entry}) + entry end end debian/patches/0003-fix-puppet-master-logcheck-rule.patch0000644000000000000000000000222712301355777020347 0ustar From: Micah Anderson Date: Fri, 20 Dec 2013 08:52:29 +0100 Subject: fix puppet-master logcheck rule --- ext/logcheck/puppet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/logcheck/puppet b/ext/logcheck/puppet index 7de06aa..4e5134f 100644 --- a/ext/logcheck/puppet +++ b/ext/logcheck/puppet @@ -1,6 +1,6 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppet-master\[[0-9]+\]: (Handled resources in|Resource comparison took|Searched for (host|resources|resource params and tags) in) [0-9.]+ seconds ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppet-master\[[0-9]+\]: Starting Puppet server version [.0-9]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppet-master\[[0-9]+\]: Compiled catalog for [._[:alnum:]-]+ in [.0-9]+ seconds$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppet-master\[[0-9]+\]: Compiled catalog for [._[:alnum:]-]+ in environment [._[:alnum:]-]+ in [.[:digit:]]+ seconds$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppet-master\[[0-9]+\]: Caught TERM; shutting down$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppet-master\[[0-9]+\]: Shutting down$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppet-agent\[[0-9]+\]: Starting Puppet client version [.0-9]+$ debian/puppet-common.install0000644000000000000000000000033512301355777013374 0ustar /usr/bin/extlookup2hiera /usr/bin/puppet /usr/lib/ruby/vendor_ruby/* debian/etckeeper-commit-post /etc/puppet debian/etckeeper-commit-pre /etc/puppet debian/puppet.conf /etc/puppet ext/ldap/puppet.schema /etc/ldap/schema debian/puppet-testsuite.links0000644000000000000000000000007212301355777013605 0ustar /usr/lib/ruby/vendor_ruby /usr/share/puppet-testsuite/lib debian/puppet.init0000644000000000000000000000346512464513576011415 0ustar #! /bin/sh ### BEGIN INIT INFO # Provides: puppet # Required-Start: $network $named $remote_fs $syslog # Required-Stop: $network $named $remote_fs $syslog # Should-Start: puppetmaster apache2 # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: puppet agent # Description: The puppet agent connects to a puppet master, requests a # catalog of resources, and configures the local system. ### END INIT INFO PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/bin/puppet DAEMON_OPTS="" NAME="agent" DESC="puppet agent" PIDFILE="/var/run/puppet/${NAME}.pid" test -x $DAEMON || exit 0 [ -r /etc/default/puppet ] && . /etc/default/puppet . /lib/lsb/init-functions reload_puppet_agent() { start-stop-daemon --stop --quiet --signal HUP --pidfile $PIDFILE } start_puppet_agent() { start-stop-daemon --start --quiet --pidfile $PIDFILE \ --startas $DAEMON -- $NAME $DAEMON_OPTS } stop_puppet_agent() { start-stop-daemon --stop --retry TERM/10/KILL/5 --quiet --oknodo --pidfile $PIDFILE } status_puppet_agent() { status_of_proc -p "${PIDFILE}" "${DAEMON}" "${NAME}" } case "$1" in start) log_begin_msg "Starting $DESC" start_puppet_agent log_end_msg $? ;; stop) log_begin_msg "Stopping $DESC" stop_puppet_agent log_end_msg $? ;; reload) log_begin_msg "Reloading $DESC" reload_puppet_agent log_end_msg $? ;; status) status_puppet_agent ;; restart|force-reload) log_begin_msg "Restarting $DESC" stop_puppet_agent start_puppet_agent log_end_msg $? ;; *) echo "Usage: $0 {start|stop|status|restart|force-reload|reload}" >&2 exit 1 ;; esac debian/puppet-el.emacsen-remove0000644000000000000000000000034012301355777013740 0ustar #!/bin/sh set -e FLAVOR=$1 PACKAGE=puppet-el ELCFILE=puppet-mode.elc if [ ${FLAVOR} != emacs ]; then echo remove/${PACKAGE}: Purging byte-compiled files for ${FLAVOR} rm -f /usr/share/${FLAVOR}/site-lisp/${ELCFILE} fi debian/puppet-testsuite.install0000644000000000000000000000011612301355777014132 0ustar spec/* /usr/share/puppet-testsuite/spec Rakefile /usr/share/puppet-testsuite/ debian/puppet-common.postrm0000644000000000000000000000041112301355777013245 0ustar #!/bin/sh set -e case "$1" in purge) rm -rf /var/lib/puppet ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 esac #DEBHELPER# exit 0 debian/puppetmaster-common.puppetqd.init0000644000000000000000000000372212301355777015751 0ustar #! /bin/sh ### BEGIN INIT INFO # Provides: puppetqd # Required-Start: $network $named $remote_fs $syslog # Required-Stop: $network $named $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: puppet queue # Description: The puppet queue daemon interacts with a STOMP server on # behalf of the puppet master to increase database write # performance. Useful if you need to scale to thousands of # nodes. ### END INIT INFO PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/bin/puppet DAEMON_OPTS="" NAME="queue" DESC="puppet queue" PIDFILE="/var/run/puppet/${NAME}.pid" test -x $DAEMON || exit 0 [ -r /etc/default/puppetqd ] && . /etc/default/puppetqd . /lib/lsb/init-functions if [ ! -d /var/run/puppet ]; then mkdir -p /var/run/puppet fi chown puppet:puppet /var/run/puppet is_true() { if [ "x$1" = "xtrue" -o "x$1" = "xyes" -o "x$1" = "x0" ] ; then return 0 else return 1 fi } start_puppet_queue() { if is_true "$PUPPETQD" ; then start-stop-daemon --start --quiet --pidfile=${PIDFILE} \ --startas $DAEMON -- $NAME $DAEMON_OPTS $PUPPETQD_OPTS fi } stop_puppet_queue() { start-stop-daemon --stop --quiet --oknodo --pidfile ${PIDFILE} rm -f ${PIDFILE} } status_puppet_queue() { if is_true "$PUPPETQD" ; then status_of_proc -p "${PIDFILE}" "${DAEMON}" "${NAME}" else echo "" echo "puppetqd not configured to start" fi } case "$1" in start) log_begin_msg "Starting $DESC" start_puppet_queue log_end_msg $? ;; stop) log_begin_msg "Stopping $DESC" stop_puppet_queue log_end_msg $? ;; status) status_puppet_queue ;; reload|restart|force-reload) log_begin_msg "Restarting $DESC" stop_puppet_queue sleep 1 start_puppet_queue log_end_msg $? ;; *) echo "Usage: $0 {start|stop|status|restart|force-reload}" >&2 exit 1 ;; esac debian/extlookup2hiera.10000644000000000000000000000157312301355777012415 0ustar .TH "EXTLOOKUP2HIERA" "1" "2012" "extlookup2hiera" "Utils" .SH "NAME" extlookup2hiera \- A 'puppet extlookup'\-CSV converter .SH "SYNOPSIS" .LP .B extlookup2hiera [\fBoptions\fR] .SH "DESCRIPTION" .LP extlookup2hiera is a converter for 'puppet extlookup'\-CSV files into 'Hiera'\-JSON or \-YAML files. .LP .br .SH "OPTIONS" .LP .TP \fB\-i\fR, \fB\-\-in\fR FILE Input CSV file .TP \fB\-o\fR, \fB\-\-out\fR FILE Output Hiera file .TP \fB\-j\fR, \fB\-\-json\fR Create JSON format file .PP .LP When used without \fB\-j\fR or \fB\-\-json\fR it'll fallback to creating a YAML format file. .br .SH "AUTHORS" .LP extlookup2hiera is a part of Puppet Hiera and developed by Puppet Labs , (R.I.Pienaar respectively). .LP This man page was written by Patrick Ringl for the Debian GNU/Linux distribution (but it may also be used by others). debian/TODO.Debian0000644000000000000000000000013612301355777011051 0ustar * clean up initscripts per http://mail.madstop.com/pipermail/puppet-dev/2006-June/001069.html debian/puppetmaster-common.puppetqd.default0000644000000000000000000000155612301355777016435 0ustar # Defaults for puppetqd - sourced by /etc/init.d/puppetqd # Should puppetqd (the storeconfigs queuing broker) be started? # This can take some load off of the puppetmaster by queuing the # storeconfig updates to the database with puppetqd. You need # to have the 'stompserver' package installed and running, and # the following configured in your puppet.conf: # # [main] # queue_type = stomp # queue_source = stomp://localhost:61613 # dbadapter = (sqlite3|mysql|postgresql) # dbserver=localhost # dbname=puppet # dbuser=puppet # dbpassword=xxxx # dblocation = /var/lib/puppet/storeconfigs.sqlite <-- only if using sqlite # # [master] # async_storeconfigs = true # # See: http://reductivelabs.com/trac/puppet/wiki/UsingStoredConfiguration # # Once you have the proper puppet.conf, and stompserver, you can enable # the following: PUPPETQD=no PUPPETQD_OPTS="" debian/fileserver.conf0000644000000000000000000000071312301355777012216 0ustar # This file consists of arbitrarily named sections/modules # defining where files are served from and to whom # Define a section 'files' # Adapt the allow/deny settings to your needs. Order # for allow/deny does not matter, allow always takes precedence # over deny [files] path /etc/puppet/files # allow *.example.com # deny *.evil.example.com # allow 192.168.0.0/24 [plugins] # allow *.example.com # deny *.evil.example.com # allow 192.168.0.0/24 debian/compat0000644000000000000000000000000212301355777010376 0ustar 9 debian/puppet.preinst0000644000000000000000000000151312301355777012123 0ustar #!/bin/sh # preinst script for #PACKAGE# # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `install' # * `install' # * `upgrade' # * `abort-upgrade' # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in install|upgrade) ;; abort-upgrade) ;; *) echo "preinst called with unknown argument \`$1'" >&2 exit 1 ;; esac if dpkg-maintscript-helper supports rm_conffile; then dpkg-maintscript-helper rm_conffile \ /etc/default/puppet 3.2.3-1 puppet -- "$@" fi # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/puppet.NEWS0000644000000000000000000001056212301355777011217 0ustar puppet (0.25.4-1) unstable; urgency=low In this packaging version we add a "puppet-common" package, on which the packages "puppet" and "puppetmaster" depend. The editor syntax highlighting code previously in the "puppet" package has been moved to the packages "puppet-el" and "vim-puppet". -- Stig Sandbeck Mathisen Tue, 19 Jan 2010 13:09:36 +0000 puppet (0.25.1-3) unstable; urgency=low The default setting for puppet starting on boot has been changed from true to false. This means the puppet client will not automatically start on install or boot until this file is modified. Note that the last Debian packaged version of puppet 0.24.x is too old to communicate with a 0.25.x puppetmaster server. To resolve this, either upgrade your client to 0.25.x, or install puppet 0.24.8 from source from: http://reductivelabs.com/downloads/puppet/puppet-0.24.8.tgz -- Nigel Kersten Wed, 16 Dec 2009 12:49:03 -0800 puppet (0.23.2-12) unstable; urgency=low * Handling of the rundir setting has been changed; we now store PID files in /var/run/puppet, and the initscripts have been modified to ensure that this directory exists on startup. It is no longer necessary to set rundir explicitly in /etc/puppet/puppet.conf, and you should ensure that you have no explicit rundir setting in your puppet.conf unless you want to use a custom rundir setting for your own local purposes. -- Matthew Palmer Sat, 20 Oct 2007 11:58:58 +1000 puppet (0.23.2-3) unstable; urgency=low * This version of Puppet makes a fairly major change to the location of the CA and certificates, from /etc/puppet/ssl to the more FHS-compliant location /var/lib/puppet/ssl. This is to be both policy-compliant and to match the location of the ssldir in other distributions. If you have transitioned to using the consolidated puppet.conf config file, there should be no problems. If you are using a stock puppet.conf, the change should be made for you automatically, while if you've customised puppet.conf the ssldir will be left where it is and you should transition to the new location manually. The only source of problems is if you're still using per-program config files (puppetd.conf, puppetmasterd.conf, etc). I haven't been able to work out a damage-free way of transitioning to the new location, so things will likely break for you -- ssldir will have been moved to /var/lib/puppet/ssl, but your puppet programs will use the old config file (with the default ssldir of /etc/puppet/ssl. In this case, you'll likely get all sorts of certificate-related problems. The solution is to either switch to using puppet.conf (which is necessary anyway because support for the deprecated per-program config files will be going away sometime) with the new ssldir setting, or add the ssldir setting to all your per-program config files (this includes creating them for programs that don't already have a config file, like puppetca.conf). Then delete /etc/puppet/ssl (since it's not needed) and use the existing SSL data that was moved to /var/lib/puppet/ssl. -- Matthew Palmer Fri, 24 Aug 2007 16:08:04 +1000 puppet (0.23.0-1) unstable; urgency=low * As of upstream 0.23.0, the configuration file layout has been largely revamped. Now, instead of having one file per program, there is now a single file, /etc/puppet/puppet.conf, which contains sections for each program, as well as a "main" section that sets global config options relevant for all programs. See http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for more info. For backwards compatibility, all programs still read the per-program configuration files, and will ignore the generic puppet.conf file if the per-program file still exists. To prevent accidents, you will need to do the configuration change manually, by rewriting puppet.conf to match your local configuration parameters and then deleting the old files. If you haven't changed any config parameters, then it should be as simple as deleting puppetd.conf and puppetmasterd.conf and restarting the daemons, as the configuration itself hasn't changed between versions. -- Matthew Palmer Mon, 25 Jun 2007 10:43:53 +1000 debian/puppet.postinst0000644000000000000000000000212312301355777012320 0ustar #!/bin/sh # postinst script for puppet # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-remove' # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in configure) ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac if dpkg-maintscript-helper supports rm_conffile; then dpkg-maintscript-helper rm_conffile \ /etc/default/puppet 3.2.3-1 puppet -- "$@" fi # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/copyright0000644000000000000000000004547612301355777011153 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: Puppet Source: git://github.com/reductivelabs/puppet.git, Files: * Copyright: 2004-2012 Puppet Labs Inc 2011 Bryan Kearney 2008 Google Inc. Jeff McCune License: Apache-2.0 Puppet - Automating Configuration Management. . Copyright (C) 2011 Puppet Labs Inc . Puppet Labs can be contacted at: info@puppetlabs.com . Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at . http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. . For a local copy of the license, see /usr/share/common-licenses/Apache-2.0 Files: ext/envpuppet Copyright: 2010 Jeff McCune License: BSD-3-clause Files: debian/* Copyright: 2008-2012 Micah Anderson , 2009-2012 Stig Sandbeck Mathisen , 2009,2010 Andrew Pollock , 2010 Mathias Gug , 2009,2010 Nigel Kersten , 2007-2009 Thom May , 2006,2007 Matthew Palmer , Jamie Wilkinson , License: GPL-2 Files: install.rb Copyright: Austin Ziegler License: GPL-2+ or Ruby Files: conf/gentoo/init.d/puppet* Copyright: 1999-2008 Gentoo Foundation License: GPL-2 Files: lib/puppet/util/rdoc/generators/template/puppet/puppet.rb Copyright: 2002, 2003 The FaerieMUD Consortium. License: CC-BY-1.0 Files: lib/puppet/external/nagios/parser.rb Copyright: 1999-2005 Minero Aoki License: Ruby with exception This program is free software. You can distribute/modify this program under the same terms of ruby. . As a special exception, when this code is copied by Racc into a Racc output file, you may use that output file without restriction. Files: lib/puppet/network/http_server/mongrel.rb Copyright: 2006 Manuel Holtgrewe, 2007 Luke Kanies License: MIT Files: examples/modules/sample-module/lib/puppet/parser/functions/hostname_to_dn.rb Copyright: David Schmitt License: BSD-3-clause License: MIT Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: . The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. License: GPL-2 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2 of the License) . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston MA 02110-1301 USA . On Debian systems, the full text of the GNU General Public License version 2 can be found in the file "/usr/share/common-licenses/GPL-2". License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. . On Debian systems, the full text of the GNU General Public License version 2 can be found in the file "/usr/share/common-licenses/GPL-2". License: CC-BY-1.0 THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE IS PROHIBITED. . BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS. . 1. Definitions . "Collective Work" means a work, such as a periodical issue, anthology or encyclopedia, in which the Work in its entirety in unmodified form, along with a number of other contributions, constituting separate and independent works in themselves, are assembled into a collective whole. A work that constitutes a Collective Work will not be considered a Derivative Work (as defined below) for the purposes of this License. "Derivative Work" means a work based upon the Work or upon the Work and other pre-existing works, such as a translation, musical arrangement, dramatization, fictionalization, motion picture version, sound recording, art reproduction, abridgment, condensation, or any other form in which the Work may be recast, transformed, or adapted, except that a work that constitutes a Collective Work will not be considered a Derivative Work for the purpose of this License. . "Licensor" means the individual or entity that offers the Work under the terms of this License. "Original Author" means the individual or entity who created the Work. . "Work" means the copyrightable work of authorship offered under the terms of this License. "You" means an individual or entity exercising rights under this License who has not previously violated the terms of this License with respect to the Work, or who has received express permission from the Licensor to exercise rights under this License despite a previous violation. . 2. Fair Use Rights. Nothing in this license is intended to reduce, limit, or restrict any rights arising from fair use, first sale or other limitations on the exclusive rights of the copyright owner under copyright law or other applicable laws. . 3. License Grant. Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below: . a. to reproduce the Work, to incorporate the Work into one or more Collective Works, and to reproduce the Work as incorporated in the Collective Works; . b. to create and reproduce Derivative Works; . c. to distribute copies or phonorecords of, display publicly, perform publicly, and perform publicly by means of a digital audio transmission the Work including as incorporated in Collective Works; . d. to distribute copies or phonorecords of, display publicly, perform publicly, and perform publicly by means of a digital audio transmission Derivative Works; . The above rights may be exercised in all media and formats whether now known or hereafter devised. The above rights include the right to make such modifications as are technically necessary to exercise the rights in other media and formats. All rights not expressly granted by Licensor are hereby reserved. . 4. Restrictions. . The license granted in Section 3 above is expressly made subject to and limited by the following restrictions: . a. You may distribute, publicly display, publicly perform, or publicly digitally perform the Work only under the terms of this License, and You must include a copy of, or the Uniform Resource Identifier for, this License with every copy or phonorecord of the Work You distribute, publicly display, publicly perform, or publicly digitally perform. You may not offer or impose any terms on the Work that alter or restrict the terms of this License or the recipients' exercise of the rights granted hereunder. You may not sublicense the Work. You must keep intact all notices that refer to this License and to the disclaimer of warranties. You may not distribute, publicly display, publicly perform, or publicly digitally perform the Work with any technological measures that control access or use of the Work in a manner inconsistent with the terms of this License Agreement. The above applies to the Work as incorporated in a Collective Work, but this does not require the Collective Work apart from the Work itself to be made subject to the terms of this License. If You create a Collective Work, upon notice from any Licensor You must, to the extent practicable, remove from the Collective Work any reference to such Licensor or the Original Author, as requested. If You create a Derivative Work, upon notice from any Licensor You must, to the extent practicable, remove from the Derivative Work any reference to such Licensor or the Original Author, as requested. . b. If you distribute, publicly display, publicly perform, or publicly digitally perform the Work or any Derivative Works or Collective Works, You must keep intact all copyright notices for the Work and give the Original Author credit reasonable to the medium or means You are utilizing by conveying the name (or pseudonym if applicable) of the Original Author if supplied; the title of the Work if supplied; in the case of a Derivative Work, a credit identifying the use of the Work in the Derivative Work (e.g., "French translation of the Work by Original Author," or "Screenplay based on original Work by Original Author"). Such credit may be implemented in any reasonable manner; provided, however, that in the case of a Derivative Work or Collective Work, at a minimum such credit will appear where any other comparable authorship credit appears and in a manner at least as prominent as such other comparable authorship credit. . 5. Representations, Warranties and Disclaimer . a. By offering the Work for public release under this License, Licensor represents and warrants that, to the best of Licensor's knowledge after reasonable inquiry: . i. Licensor has secured all rights in the Work necessary to grant the license rights hereunder and to permit the lawful exercise of the rights granted hereunder without You having any obligation to pay any royalties, compulsory license fees, residuals or any other payments; . ii. The Work does not infringe the copyright, trademark, publicity rights, common law rights or any other right of any third party or constitute defamation, invasion of privacy or other tortious injury to any third party. . b. EXCEPT AS EXPRESSLY STATED IN THIS LICENSE OR OTHERWISE AGREED IN WRITING OR REQUIRED BY APPLICABLE LAW, THE WORK IS LICENSED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES REGARDING THE CONTENTS OR ACCURACY OF THE WORK. . 6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, AND EXCEPT FOR DAMAGES ARISING FROM LIABILITY TO A THIRD PARTY RESULTING FROM BREACH OF THE WARRANTIES IN SECTION 5, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. . 7. Termination . a. This License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License. Individuals or entities who have received Derivative Works or Collective Works from You under this License, however, will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of this License. . b. Subject to the above terms and conditions, the license granted here is perpetual (for the duration of the applicable copyright in the Work). Notwithstanding the above, Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time; provided, however that any such election will not serve to withdraw this License (or any other license that has been, or is required to be, granted under the terms of this License), and this License will continue in full force and effect unless terminated as stated above. . 8. Miscellaneous . Each time You distribute or publicly digitally perform the Work or a Collective Work, the Licensor offers to the recipient a license to the Work on the same terms and conditions as the license granted to You under this License. . Each time You distribute or publicly digitally perform a Derivative Work, Licensor offers to the recipient a license to the original Work on the same terms and conditions as the license granted to You under this License. . If any provision of this License is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this License, and without further action by the parties to this agreement, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable. . No term or provision of this License shall be deemed waived and no breach consented to unless such waiver or consent shall be in writing and signed by the party to be charged with such waiver or consent. . This License constitutes the entire agreement between the parties with respect to the Work licensed here. There are no understandings, agreements or representations with respect to the Work not specified here. Licensor shall not be bound by any additional provisions that may appear in any communication from You. This License may not be modified without the mutual written agreement of the Licensor and You. License: Ruby 1. You may make and give away verbatim copies of the source form of the software without restriction, provided that you duplicate all of the original copyright notices and associated disclaimers. . 2. You may modify your copy of the software in any way, provided that you do at least ONE of the following: . a) place your modifications in the Public Domain or otherwise make them Freely Available, such as by posting said modifications to Usenet or an equivalent medium, or by allowing the author to include your modifications in the software. . b) use the modified software only within your corporation or organization. . c) rename any non-standard executables so the names do not conflict with standard executables, which must also be provided. . d) make other distribution arrangements with the author. . 3. You may distribute the software in object code or executable form, provided that you do at least ONE of the following: . a) distribute the executables and library files of the software, together with instructions (in the manual page or equivalent) on where to get the original distribution. . b) accompany the distribution with the machine-readable source of the software. . c) give non-standard executables non-standard names, with instructions on where to get the original software distribution. . d) make other distribution arrangements with the author. . 4. You may modify and include the part of the software into any other software (possibly commercial). But some files in the distribution are not written by the author, so that they are not under this terms. . They are gc.c(partly), utils.c(partly), regex.[ch], st.[ch] and some files under the ./missing directory. See each file for the copying condition. . 5. The scripts and library files supplied as input to or produced as output from the software do not automatically fall under the copyright of the software, but belong to whomever generated them, and may be sold commercially, and may be aggregated with this software. . 6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. License: BSD-3-clause Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. debian/puppetmaster.default0000644000000000000000000000021612301355777013276 0ustar # Defaults for puppetmaster - sourced by /etc/init.d/puppetmaster # Start puppetmaster on boot? START=yes # Startup options. DAEMON_OPTS="" debian/puppet.service0000644000000000000000000000023412301355777012076 0ustar [Unit] Description=Puppet agent [Service] Type=forking PIDFile=/run/puppet/agent.pid ExecStart=/usr/bin/puppet agent [Install] WantedBy=multi-user.target debian/ruby-tests.rb0000644000000000000000000000005412301355777011645 0ustar # tests are in the puppet-testsuite package debian/puppetmaster-passenger.dirs0000644000000000000000000000016712301355777014605 0ustar usr/share/puppet/rack/puppetmasterd usr/share/puppet/rack/puppetmasterd/public usr/share/puppet/rack/puppetmasterd/tmp debian/puppet-common.dirs0000644000000000000000000000020512301355777012663 0ustar etc/puppet/files etc/puppet/manifests etc/puppet/templates etc/puppet/modules var/lib/puppet var/log/puppet usr/share/puppet/modules debian/etckeeper-commit-post0000644000000000000000000000036512301355777013347 0ustar #!/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin which etckeeper > /dev/null 2>&1 || exit 0 etckeeper commit "committing changes in /etc after puppet catalog run" # Failure of etckeeper should not be fatal. exit 0 debian/upstream-signing-key.pgp0000644000000000000000000000503112301355777013771 0ustar ™ L7»@µù¢P¥N}x›c¨Đ }˜„ăCI„1Ø Ws’G̀›}@Py¦|®âF~­^/Θ y·‹¼ÔÏÑáv]£‹nlmWÖƯ¥2zŸ[B" æ&ZÏæëQ™E“ó2'F3ÿơPëĂuºơÜr`ú»,Tï Çºçj¸?k‚5¥m ¾Kß đ Ă=&ạ“q,m ·À|Ógʼ9)đoÜ7Aª± @¬ x²˜r·ø}S3†LÄû ¹×(&ïO)~8#ñSc±>;Ÿå¯ÀVS8 ¿¬í=ïbªG>w*âÅ6ă>¥˜æ4 *_x[đÛ}Ơï¾kSáÁIû‰U0UW¾˜áœ®~Ư/TÄm€—KíƯ5₫ Å+áÏÇ­§ ´OÖ-ƒ„»Â%¥‰j…ʾÙ^Ö1Nç45ÎEC”´q5\§ñ-a¾{Ö$1¥z¾́ß“uü>Ó₫_NÚRÅ8ă´̣:49ˆˆÂ¸á19&No{ÁFđY6yñ>·E&ÿ×Å\€J»†cÀ~ô¶•q6R5Â?Ï'´åÆ<¸áưhà$9¨ÎHˆL›áô$àúMđh>¹ĂØÑ—Ụ̀Ú%€‘çæÚû ¦à̃3‡$‹9&Á²&9€çư1ÊĐ{Bø ³j¶æơ¡Ê &Q´GPuppet Labs Release Key (Puppet Labs Release Key) ‰L7ÀF !Z₫Päp2¯ >sâ §ÊTôèÿ¯\&}vÛ™­¥æÂr´pº‚đŒ¡G^¹v ˜?2¬A“ÄœQR¬CúR£k*åÍú5 î!eEzÖ¬­eúK8₫7S¥•¼È%¹åê4Z0Œ¢U#ñ“c`'Me›~-¹t€O)*Ă™Â³Ä\‘̃₫@̃l\­z›ă”;Œ²i-ÂNè¦â¼ưf{/<²»½*O®é@ oN¬¾̃•Í1¸S<>H$ơ{ư1£R£`°ùϨV×^ ¡vs>•c }W¾‰c±S ™:£çª¡ät¢₫² ,pUP–8Ư€‰Lù@é \ÖÛ“.X₫44&Ë+ưtS̉SøĐ£>êX#9µư"¥{[ÛíöY°5_©hÂĐmo{ëÜ–8₫²náRˆ bđ+g(â2ÅÓ4S†.¹Äî2¥§¢ô›̃*w?JÖ&Y ÍŹÙ‹ƠÏY?ú{̉Ç´ïüö×:êjfĐ´å₫Y\n#³ÑNæÍ̉̉Ñ»cê„£E%.,Ç{Z9 °5³©Ç̉m+-̀Fvû7‡Îä]Ea£ojÔ‰\g"óÏlEØ‘á„hOYë[um:á<¯ºF­JT|,?Y÷€eÉ‘;1@¾½×—µ\ B“Vbz]Ư*2[v^ËÉ•$9fƠçvñ8H‚ï»Á-Y"…×U¾–»µjùä,×&ăÀc¡r£ÏÉe]Ă'/<Í󤓦3x¨d×C/Ä÷çrPưl^}ÑG₫fGHï¹µayA`øj‡¾È¹e ÔËSJ'?ávîgèÓ₫vÚ›…ĐïuÑÛD>*â[.íĂv̉ơÖÙ0mŒ…ªKé¶@[ÔåÑQ,êRå£fwåIWŒ¤,å”脇΢wE÷@;ƒ₫KM ôk|!¤—»áƠñ*O…̉¦ưûúF.$÷®§N¿bÆøıÓîá ÖEX4‘ß‘@|Ơï‰>(L7»@ Âg  € T·¢KÖ́0kÿh¹„ưê¥zHQ\‚Qd1óí3øHlr¨ßnÛ^ÂÏ”Âÿ́_uqåWACÙïµ……x³LÑŒö/Ê3­ à+ÈBY©Ú¡‹Q́€jˆöưrÀ^éô¦ß ~«/ 6‘é~hÊQŸ­+¬‘öÔÙ̀™x:ÁƠÚÍ´ Ăg¿ÎoQ†ƒ)¬h¯ÏîíŒÛ*î#C fúu[ §7eUư¸Û0›¹³ÂÇ:9ê¼äPû‰ó™W"×Ú RT¾hÂ+uKÄ8oÊ1-ú„IwªÖFó~+´·Ü¨ ªzh›‰,à7ÎŒ1Ü̉9!óQ2ùn!äÜ€íäP˜jtă›VƠ:³‘€GÄVă‘˜Áóé$‘ç†Ç!¨%»œáîÁ’(T›Ÿ6vñAgór†$p·ƒA½Êå7é°ĐéJ™VH0[wzu!ªcU’ Óư95NI»3Đ˜ •i”Xe‚ußÂ1%¿¿÷UC‰9„C›oµ&Œ—<ƠE~×0~®̃Kkó–{…9₫M@N(Đ¡XÄên€^¯[µ2z ¤ùåiÚp₫M`T̀Nǹ6©7+\ Ê9jïÜ3,* 5 ÷ '(èrî ÚÀw¬8b1Gp46ºQÙ ”Œ’'†¶¦ÊxÍ’ăuá‰>(  €Oñäú H2: T·¢KÖ́0)ưörâÇU)“Ưo¨’x¢Ÿ¹¢Œúî«̣h†̣¸z‡*CAûmÛVŒ ÍÈ1£‡*ÚO-ÎĐ…íÑÔi6E₫"Ú'ØkÉ^ïPëyŒøà>hbâËă¡ä„á,«¿)ø¡ÎA¯·^üùÓ½̀#6ÆÅÚˆ8L;Dßh½&J?xf¾r¿Ü¥QçZÓ̃v¿¥K q<~ÜŒŒK Sz'Hé«u|ŸŒ4Œ¶W¾đ~fĂơ¼ˆW·Ws)ÍÈùé0¥P1&œźK•6JqÔª£Oê™-€ó­Øe ï—É₫N#}₫Ëă+Ëëåèº̃ÙWÏ›{t‹V\ŸPØ)†û3OZ̃÷SQCïH́óï:\³ ~&¶ß¿6ŒzxüT¢ ½}5z—®̀®Ÿ|q>DH 3Ù¹0(âO}¯{Î&×J\è°1z§vöéê+Uê+ºïÖÚn&•DK˜ÓQ¸¼ÆRK™Ê‘÷f<˜“‰N0H~…>¬̉^³œ&ưIÚrnr y îé“‚rVPØ¡̀¢¡¼ó§¥»êæФ‡*OlXªm2]Í&DOæơP$ºHjbû˼áÿŸæ—ŒeÊ(àbí9¦£oœ´r$2ƯëXoˆ°¼…debian/puppetmaster.NEWS0000644000000000000000000000267512301355777012441 0ustar puppet (2.7.12-3) unstable; urgency=low This version of puppetmaster, only provides a single threaded puppet master. This has been the default configuration. If you have not configured the puppet master to run several processes with mongrel, nothing has changed. The "mongrel" package is being removed from Debian, so we no provide configuration for it. Support for mongrel has been removed from /etc/defaults/puppetmaster and /etc/init.d/puppetmaster. If you need better performance, please install the "puppetmaster-passenger" package. Note that this implies installation of the apache2 web server. There are other options, although not provided by the puppet packaging team. Consider looking to the "thin" package for a more or less direct replacement for "mongrel". -- Stig Sandbeck Mathisen Tue, 03 Apr 2012 19:11:29 +0200 puppet (2.6.1~rc3-1) experimental; urgency=low Some packages recommended by the puppetmaster package are now suggested instead, since they are not needed for the default operation of the puppetmaster package. This means they are not installed by default. The packages affected are "libldap-ruby1.8", used for external nodes in LDAP, "rdoc", which is used by puppet doc, and "rails", which is used for stored configurations. If you need this functionality, please install the packages explicitly. -- Stig Sandbeck Mathisen Fri, 27 Aug 2010 12:17:02 +0200 debian/puppet.conf0000644000000000000000000000071612301355777011370 0ustar [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeeper-commit-post [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY debian/puppetmaster.service0000644000000000000000000000023712301355777013315 0ustar [Unit] Description=Puppet master [Service] Type=forking PIDFile=/run/puppet/master.pid ExecStart=/usr/bin/puppet master [Install] WantedBy=multi-user.target debian/source/0000755000000000000000000000000012301355777010500 5ustar debian/source/include-binaries0000644000000000000000000000004012301355777013632 0ustar debian/upstream-signing-key.pgp debian/source/options0000644000000000000000000000002412301355777012112 0ustar single-debian-patch debian/source/format0000644000000000000000000000001412301355777011706 0ustar 3.0 (quilt) debian/puppetmaster-passenger.lintian-overrides0000644000000000000000000000014612301355777017277 0ustar puppetmaster-passenger binary: package-contains-empty-directory usr/share/puppet/rack/puppetmasterd/* debian/puppet-el.emacsen-install0000644000000000000000000000113412301355777014113 0ustar #!/bin/sh # # emacsen install script for the Debian GNU/Linux puppet-el package FLAVOR=$1 PACKAGE=puppet-el ELDIR=/usr/share/emacs/site-lisp/ ELCDIR=/usr/share/${FLAVOR}/site-lisp/${PACKAGE} ELFILE="puppet-mode.el" FLAGS="-batch -no-site-file -l path.el -f batch-byte-compile" if [ ${FLAVOR} != emacs ]; then echo install/${PACKAGE}: Byte-compiling for ${FLAVOR} install -m 755 -d ${ELCDIR} cd ${ELDIR} cp ${ELFILE} ${ELCDIR} cd ${ELCDIR} cat << EOF > path.el (setq load-path (cons "." load-path) byte-compile-warnings nil) EOF ${FLAVOR} ${FLAGS} ${ELFILE} rm -f ${ELFILE} path.el fi debian/NEWS0000644000000000000000000000175512301355777007707 0ustar puppet (3.2.4-1) unstable; urgency=high The puppet agent is now started by default, regardless of init system. - On a fresh installation, you will need to run "puppet agent --enable" before it will connect to a puppet master to retrieve its catalog. -- Stig Sandbeck Mathisen Fri, 16 Aug 2013 14:39:55 +0200 puppet (3.1.0-1) experimental; urgency=low Puppet 3.x introduces incompatible changes. For the puppet DSL, dynamic variable scoping has been removed. This means that your manifests may need changes to work as intended. See http://docs.puppetlabs.com/guides/scope_and_puppet.html Authorization of clients in /etc/puppet/auth.conf now matches client certificate names only. There is a new allow_ip keyword in auth.conf if you want to permit IP addresses. For the full list of changes, see: http://projects.puppetlabs.com/projects/puppet/wiki/Release_Notes#3.1.0 -- Stig Sandbeck Mathisen Mon, 04 Mar 2013 08:48:15 +0100 debian/docs0000644000000000000000000000001212301355777010044 0ustar README.md debian/puppetmaster.README.debian0000644000000000000000000000140612301355777014032 0ustar By default, the puppetmaster package is configured in /etc/default/puppetmaster to utilize the webrick server included in the application. This server is single-threaded, very slow and tends to fall over when you get close to 30 nodes. You will start to see connection-reset or End-of-file errors when this happens. You will want to a server that can scale better than webrick, such as Passenger (aka. mod_rails), or mongrel, both with a front-end web-proxy such as apache. If you would like to run Passenger (aka. mod_rails) with apache install the puppetmaster-passenger package. It will automatically setup an apache2 virtual host that will run puppetmaster under Passenger. For more information: http://projects.reductivelabs.com/projects/puppet/wiki/Using_Passenger debian/puppetmaster-passenger.NEWS0000644000000000000000000000153612301355777014421 0ustar puppet (3.2.4-1) unstable; urgency=high Two manual configuration changes needed for puppetmaster-passenger For systems upgrading from apache 2.2 to apache 2.4, the file /etc/apache2/sites-enabled/puppetmaster should be renamed to /etc/apache2/sites-enabled/puppetmaster.conf Some passenger options used by puppetmaster-passenger in the past have been deprecated on passenger 4.0.0. You will most likely have to remove the keywords "RailsAutoDetect" and "RackAutoDetect" from puppetmaster-passenger's apache2 configuration, by default in /etc/apache2/sites-enabled/puppetmaster.conf For more information about this from Phusion Passenger. See http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsautodetect_rackautodetect_and_wsgiautodetect -- Stig Sandbeck Mathisen Fri, 16 Aug 2013 14:55:46 +0200 debian/puppet-testsuite.lintian-overrides0000644000000000000000000000032312301355777016122 0ustar # Upstream distributes it like this puppet-testsuite binary: executable-not-elf-or-script puppet-testsuite binary: unusual-interpreter puppet-testsuite binary: script-not-executable usr/share/puppet-testsuite/* debian/puppetmaster.postrm0000644000000000000000000000004712301355777013200 0ustar #!/bin/sh set -e #DEBHELPER# exit 0 debian/puppetmaster-passenger.postinst0000644000000000000000000000614712301355777015533 0ustar #!/bin/sh set -e sitename="puppetmaster" APACHE2_SITE_FILE="/etc/apache2/sites-available/${sitename}.conf" # Can be removed when we only support apache >= 2.4 restart_apache2() { if [ -x "/etc/init.d/apache2" ]; then # Seems that a restart is needed. reload breaks ssl apparently. if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then invoke-rc.d apache2 restart || exit $? else /etc/init.d/apache2 restart || exit $? fi fi } if [ "$1" = "configure" ]; then # Change the owner of the rack config.ru to be the puppet user # because passenger will suid to that user, see #577366 if ! dpkg-statoverride --list /usr/share/puppet/rack/puppetmasterd/config.ru >/dev/null 2>&1 then dpkg-statoverride --update --add puppet puppet 0644 /usr/share/puppet/rack/puppetmasterd/config.ru fi # Setup passenger configuration if [ "$2" = "" ]; then # Install needed modules if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then . /usr/share/apache2/apache2-maintscript-helper apache2_invoke enmod ssl apache2_invoke enmod headers else a2enmod ssl a2enmod headers restart_apache2 fi # Check that puppet master --configprint works properly if [ $(puppet master --configprint all 2>&1 | grep "Could not parse" | wc -l) != "0" ]; then echo "Puppet config print not working properly, exiting" exit 1 fi # Initialize puppetmaster CA and generate the master certificate # only if the host doesn't already have any puppet ssl certificate. # The ssl key and cert need to be available (eg generated) before # apache2 is configured and started since apache2 ssl configuration # uses the puppetmaster ssl files. if [ ! -e "$(puppet master --configprint hostcert)" ]; then puppet cert generate $(puppet master --configprint certname) fi # Setup apache2 configuration files if [ ! -e "${APACHE2_SITE_FILE}" ]; then tempfile=$(mktemp) sed -r \ -e "s|(SSLCertificateFile\s+).+$|\1$(puppet master --configprint hostcert)|" \ -e "s|(SSLCertificateKeyFile\s+).+$|\1$(puppet master --configprint hostprivkey)|" \ -e "s|(SSLCACertificateFile\s+).+$|\1$(puppet master --configprint localcacert)|" \ -e "s|(SSLCertificateChainFile\s+).+$|\1$(puppet master --configprint localcacert)|" \ -e "s|(SSLCARevocationFile\s+).+$|\1$(puppet master --configprint cacrl)|" \ -e "/RailsAutoDetect/d" \ -e "/RackAutoDetect/d" \ /usr/share/puppetmaster-passenger/apache2.site.conf.tmpl > $tempfile mv $tempfile "${APACHE2_SITE_FILE}" fi if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then . /usr/share/apache2/apache2-maintscript-helper apache2_invoke ensite "${sitename}" else a2ensite puppetmaster restart_apache2 fi fi fi #DEBHELPER# debian/vim-puppet.install0000644000000000000000000000042312301355777012675 0ustar debian/vim-puppet.yaml /usr/share/vim/registry ext/vim/ftdetect/puppet.vim /usr/share/vim/addons/ftdetect ext/vim/ftplugin/puppet.vim /usr/share/vim/addons/ftplugin ext/vim/syntax/puppet.vim /usr/share/vim/addons/syntax ext/vim/indent/puppet.vim /usr/share/vim/addons/indent debian/puppet.install0000644000000000000000000000005212301355777012102 0ustar debian/puppet.service /lib/systemd/system debian/puppet-el.install0000644000000000000000000000006412301355777012503 0ustar ext/emacs/puppet-mode.el /usr/share/emacs/site-lisp debian/puppet.maintscript0000644000000000000000000000036412301355777012777 0ustar # Remove renamed configuration files which are now handled by other packages rm_conffile /etc/logrotate.d/puppet 2.6.4-2 rm_conffile /etc/logcheck/ignore.d.server/puppet 2.6.4-2 rm_conffile /etc/emacs/site-start.d/50puppet-mode-init.el 2.6.4-2 debian/vim-puppet.README.Debian0000644000000000000000000000061312301355777013346 0ustar Dear user, this package provides the vim addon puppet, but it is not enabled per default. If you want to enable it for your user account just execute vim-addons install puppet Similarly, to enable it for all users of this system just execute (as root): vim-addons -w install puppet vim-addons is provided by the vim-addon-manager package, have a look at its manpage for more information. debian/changelog0000644000000000000000000012450513237366373011064 0ustar puppet (3.4.3-1ubuntu1.3) trusty-security; urgency=medium * SECURITY UPDATE: insecure permissions when unpacking tarballs - debian/patches/CVE-2017-10689-1.patch: reset permissions when unpacking tar in lib/puppet/module_tool/tar/mini.rb, fix test in spec/unit/module_tool/tar/mini_spec.rb. - debian/patches/CVE-2017-10689-2.patch: use Integer instead of Fixnum in lib/puppet/module_tool/tar/mini.rb. - CVE-2017-10689 -- Marc Deslauriers Fri, 09 Feb 2018 13:46:46 -0500 puppet (3.4.3-1ubuntu1.2) trusty-security; urgency=medium * SECURITY UPDATE: untrusted search path vulnerability - debian/patches/CVE-2014-3248.patch: remove current directory from load path in bin/puppet. - CVE-2014-3248 * SECURITY UPDATE: code execution via unsafe fact formats - debian/patches/CVE-2017-2295.patch: reject all fact formats except PSON in lib/puppet/indirector/catalog/compiler.rb, added tests to spec/unit/indirector/catalog/compiler_spec.rb. - CVE-2017-2295 -- Marc Deslauriers Fri, 02 Jun 2017 10:29:36 -0400 puppet (3.4.3-1ubuntu1.1) trusty; urgency=medium * fix wrong process name match in logrotate script (LP: #1410383) -- Bartosz Cisek Fri, 06 Feb 2015 14:48:16 +0100 puppet (3.4.3-1ubuntu1) trusty; urgency=medium * Wait until the puppet and puppetmaster daemons are actually stopped before returning (LP: #1315021) -- Felipe Reyes Wed, 04 Feb 2015 17:11:00 -0300 puppet (3.4.3-1) unstable; urgency=medium [ Jonas Genannt ] * [57515db] d/control: added ruby-rrd as primary Suggests, left librrd-ruby for easy backporting. [ Stig Sandbeck Mathisen ] * Imported upstream release 3.4.3 -- Stig Sandbeck Mathisen Thu, 20 Feb 2014 11:41:42 +0100 puppet (3.4.2-1) unstable; urgency=medium * Imported upstream release 3.4.2 -- Stig Sandbeck Mathisen Tue, 07 Jan 2014 12:04:39 +0100 puppet (3.4.1-1) unstable; urgency=high * Imported upstream release 3.4.1 (CVE-2013-4969) -- Stig Sandbeck Mathisen Thu, 26 Dec 2013 23:43:56 +0100 puppet (3.4.0-1) unstable; urgency=medium * Imported upstream release 3.4.0 - Update puppetmaster passenger template source path - Refresh quilt patches * Include upstream provided puppet ldap schema (Closes: #730627) * Update dependencies: add ruby-rgen and ruby-rack - have puppet-testsuite recommend ruby-rgen until it has passed NEW * Make uscan verify new upstream versions automatically with GnuPG * Update DEP-8 tests, use sharness * Bump standards version (no changes) -- Stig Sandbeck Mathisen Fri, 20 Dec 2013 10:20:39 +0100 puppet (3.3.1-1) unstable; urgency=low * Imported upstream release 3.3.1 -- Stig Sandbeck Mathisen Tue, 08 Oct 2013 09:32:30 +0200 puppet (3.3.0-1) unstable; urgency=low * Imported upstream release 3.3.0 * Move dependency on ruby-hiera from puppetmaster-common to puppet-common (Closes: #712780) * Drop "duplicate-resource" patch included in current upstream version * debian/control: Clean up old dependencies, remove unused headers * Improve systemd packaging, use dh-systemd. Thanks to Michael Stapelberg (Closes: #714202) * Use "puppet master" to retrieve configuration for puppetmaster-passenger (Closes: #722614) -- Stig Sandbeck Mathisen Sun, 15 Sep 2013 14:51:22 +0200 puppet (3.2.4-2) unstable; urgency=low * Include patch from upstream to prevent duplicate nagios_ resources (Closes: #721132) * Add empty /usr/share/puppet/modules to puppet-common for puppet modules -- Stig Sandbeck Mathisen Sun, 01 Sep 2013 13:41:51 +0200 puppet (3.2.4-1) unstable; urgency=high [ Micah Anderson ] * Change dependency on libaugeas-ruby to ruby-augeas (Closes: #719424) [ Stig Sandbeck Mathisen ] * Imported upstream version 3.2.4 (CVE-2013-4956, CVE-2013-4761) * Start puppet agent by default, to reflect systemd configuration * …but disable puppet agent on initial install * Add dep8 tests for initially disabled puppet agent * Remove deprecated passenger options -- Stig Sandbeck Mathisen Fri, 16 Aug 2013 16:47:28 +0200 puppet (3.2.3-1) unstable; urgency=low * Import upstream version 3.2.3 * Do not use "dpkg-maintscript-helper" on non-conffiles (Closes: #713070) * Bump standards version (no changes) -- Stig Sandbeck Mathisen Fri, 02 Aug 2013 23:07:48 +0200 puppet (3.2.2-1) unstable; urgency=high * New upstream version (Closes: #712745, CVE-2013-3567) - use packaged ruby-safe-yaml instead of the vendored gem * Support apache 2.4 (Closes: #675409) * Remove dependency on rails (Closes: #709636) * Remove build dependency on ruby-rspec * add dep8 tests * puppetmaster-passenger.postinst: check if puppet.conf can be parsed on install. Thanks to Ubuntu -- Stig Sandbeck Mathisen Wed, 19 Jun 2013 11:45:46 +0200 puppet (3.2.1-1) unstable; urgency=low * New upstream version -- Stig Sandbeck Mathisen Sun, 26 May 2013 18:08:38 +0200 puppet (3.1.1-2) unstable; urgency=low * Upload to unstable after freeze -- Stig Sandbeck Mathisen Sun, 05 May 2013 11:45:33 +0200 puppet (3.1.1-1) experimental; urgency=low * New upstream release (CVE-2013-1640, CVE-2013-1652, CVE-2013-1653, CVE-2013-1654, CVE-2013-1655, CVE-2013-2275) -- Stig Sandbeck Mathisen Wed, 13 Mar 2013 10:59:16 +0100 puppet (3.1.0-1) experimental; urgency=low * New upstream release * Add no-rubygems patch -- Stig Sandbeck Mathisen Mon, 04 Mar 2013 08:48:15 +0100 puppet (2.7.18-2) unstable; urgency=low * Create /etc/puppet/files on package install (Closes: #591897) -- Micah Anderson Sat, 29 Sep 2012 18:03:53 -0400 puppet (2.7.18-1) unstable; urgency=high * New upstream release (CVE-2012-3864, CVE-2012-3865, CVE-2012-3866, CVE-2012-3867) * Restrict puppet 2.7 to only run on ruby1.8 - follow http://docs.puppetlabs.com/guides/platforms.html - backout ruby1.9.1 patches -- Stig Sandbeck Mathisen Wed, 11 Jul 2012 15:40:56 +0200 puppet (2.7.17-1) unstable; urgency=low * New upstream release * Support ruby1.9 and ruby1.8 with dh_ruby packaging * Add missing vim indent file * Add patch to fix fqdn_rand function for ruby 1.9 * Add patch to fix require warnings for ruby 1.9 -- Stig Sandbeck Mathisen Sun, 24 Jun 2012 16:03:16 +0200 puppet (2.7.14-1) unstable; urgency=low * Imported Upstream version 2.7.14 * Add apache headers module (Closes: #670424) * Revert patch for upstart provider, fixed upstream * Convert fakes.rb commit to quilt patch * Convert Rakefile commit to quilt patch * Use breaks/replaces instead of conflicts in debian/control * Update debian/copyright (format 1.0) * Update lintian overrides * Update descriptions in init scripts, debian/control and quilt patches * Maintainer scripts: Use "set -e" instead of "-e" on the shebang line -- Stig Sandbeck Mathisen Sat, 05 May 2012 12:04:45 +0200 puppet (2.7.13-1) unstable; urgency=high * Imported Upstream version 2.7.13 (CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988, CVE-2012-1989) * Remove superfluous dependency on facter (Closes: #668136) -- Stig Sandbeck Mathisen Wed, 11 Apr 2012 05:19:28 +0200 puppet (2.7.12-3) unstable; urgency=low * Remove mongrel support (Closes: #664236) -- Stig Sandbeck Mathisen Tue, 03 Apr 2012 19:08:19 +0200 puppet (2.7.12-2) unstable; urgency=low * Add install section for systemd services * Backport fix for runit/daemontools services (Closes: #663873) * Bump standards version (no changes) * Ensure puppet group exists (Closes: #650527) * Update passenger documentroot (Closes: #662866) -- Stig Sandbeck Mathisen Sun, 25 Mar 2012 19:52:54 +0200 puppet (2.7.12-1) unstable; urgency=low * New upstream release * Fix disabled puppetmaster init script return code (Closes: #661927) -- Stig Sandbeck Mathisen Fri, 16 Mar 2012 13:34:56 +0100 puppet (2.7.11-1) unstable; urgency=high * New upstream release * Urgency set to high due to regressions in previous release and security vulnerabilities * Execs when run with a user specified, but no group, get the root group. Similarly unexpected privileges are given to providers and types (egid remains as root), this is fixed with a patch from upstream (CVE-2012-1053) * Fix Klogin write through symlink (CVE-2012-1054) -- Micah Anderson Thu, 23 Feb 2012 18:24:48 -0500 puppet (2.7.10-2) unstable; urgency=low * Use maintscript support in dh_installdeb (Closes: #659612) -- Micah Anderson Thu, 16 Feb 2012 12:22:45 -0500 puppet (2.7.10-1) unstable; urgency=low * New upstream release * Update breaks/replaces for puppetmaster-common (Closes: #656962) * Add systemd services for puppet agent and master -- Stig Sandbeck Mathisen Thu, 26 Jan 2012 11:27:00 +0100 puppet (2.7.9-1) unstable; urgency=low * New upstream release -- Stig Sandbeck Mathisen Sat, 10 Dec 2011 12:16:32 +0100 puppet (2.7.8-1) unstable; urgency=low * New upstream release * Update dependencies for renamed ruby packages * puppet-testsuite: Depend on ruby-sqlite3 -- Stig Sandbeck Mathisen Fri, 09 Dec 2011 08:50:08 +0100 puppet (2.7.6-1) unstable; urgency=high * New upstream release (CVE-2011-3872) * Remove cherry-picked "groupadd_aix_warning" patch * Install all new manpages -- Stig Sandbeck Mathisen Sat, 22 Oct 2011 14:08:22 +0000 puppet (2.7.5-3) unstable; urgency=low * Generate certificate properly for puppetmaster-passenger (Closes: #645073) * Init scripts: Remove superfluous arguments for agent and queue daemons * Move the etckeeper hooks from puppet to puppet-common -- Stig Sandbeck Mathisen Wed, 12 Oct 2011 15:43:24 +0200 puppet (2.7.5-2) unstable; urgency=low * Add patch to fix upstream issue #9027 re manages_aix_lam warnings * Adjust dependencies. "libstomp-ruby" renamed to "ruby-stomp" -- Stig Sandbeck Mathisen Thu, 06 Oct 2011 15:24:59 +0200 puppet (2.7.5-1) unstable; urgency=low * New upstream version * Remove README.source, the up-to-date information is kept in debian/control -- Stig Sandbeck Mathisen Wed, 05 Oct 2011 16:36:28 +0200 puppet (2.7.3-3) unstable; urgency=high [Micah Anderson] * Fix SSH authorized keys symlink attack (CVE-2011-3870) * Fix K5login content attack (CVE-2011-3869) * Fix predictable temporary file using RAL (CVE-2011-3871) * Fix file indirectory injection [Stig Sandbeck Mathisen] * Update package conflicts for puppet-el and vim-puppet (Closes: #643657) -- Micah Anderson Fri, 30 Sep 2011 21:08:55 -0400 puppet (2.7.3-2) unstable; urgency=high * Resist directory traversal attacks (CVE-2011-3848) -- Micah Anderson Wed, 28 Sep 2011 11:00:12 -0400 puppet (2.7.3-1) unstable; urgency=low * New upstream version -- Stig Sandbeck Mathisen Tue, 16 Aug 2011 08:38:28 +0200 puppet (2.7.1-1) UNRELEASED; urgency=low * New upstream version * Bump Standards-Version (no changes) * Adjust debian/source/options to allow for a VCS-generated patch * Tell adduser not to create /var/lib/puppet (Closes: #609896) * Use dpkg-statoverride to handle permissions * Allow the use of file-rc (Closes: #625638) * Use the pkg-ruby-extras watch service -- Stig Sandbeck Mathisen Sun, 17 Jul 2011 17:43:31 +0200 puppet (2.6.8-1) unstable; urgency=low * New upstream version -- Stig Sandbeck Mathisen Thu, 28 Apr 2011 19:26:00 +0200 puppet (2.6.7-2) unstable; urgency=medium * Fix puppetmaster-passenger.postinst to get proper ssl configs (Closes: #620635) * Fix maintainer scripts ignoring errors -- Micah Anderson Mon, 11 Apr 2011 11:31:23 -0400 puppet (2.6.7-1) unstable; urgency=low * New upstream version -- Stig Sandbeck Mathisen Fri, 25 Mar 2011 21:10:07 +0100 puppet (2.6.6-1) unstable; urgency=low * New upstream release 2.6.6 -- Stig Sandbeck Mathisen Thu, 10 Mar 2011 08:42:00 +0100 puppet (2.6.6~rc1-1) experimental; urgency=low * New upstream release candidate -- Stig Sandbeck Mathisen Thu, 03 Mar 2011 21:00:31 +0100 puppet (2.6.5-1) unstable; urgency=low * New upstream version (Closes: #612894) * Remove renamed configuration files now handled by other packages (Closes: #564947, #611615) -- Stig Sandbeck Mathisen Tue, 01 Mar 2011 13:59:58 +0100 puppet (2.6.4-2) unstable; urgency=low * Release for unstable * Move puppetstoredconfigclean to puppetmaster-common, and set ruby1.8 as parser to match the rest of the puppet suite -- Stig Sandbeck Mathisen Mon, 07 Feb 2011 07:28:19 +0100 puppet (2.6.4-1) experimental; urgency=low [ Micah Anderson ] * Make puppetqd honor flags from /etc/default/puppetqd (Closes: #605510) * Remove the puppetqd PID file on stop (Closes: #605512) * Add ext/puppetstoredconfigclean to puppetmaster:/usr/sbin * Patch ext/logcheck/puppet to handle new puppet-master Compiled log lines (Closes: #602336) * Fix puppetqd initscript PID location * Fix /etc/default/puppetmaster comments to match new section headings * Fix puppetmaster/README.Debian to match new section headings * Fix Should-Start init header in puppet initscript [ Mathias Gug ] * New upstream version. [ Stig Sandbeck Mathisen ] * debian/puppetmaster.logrotate: send SIGUSR2 on log rotation (Closes: #602698) * puppet-common: Add versioned dependency on sysv-rc [ martin f krafft ] * Use update-rc.d enable/disable in the "debian" provider in the "service" type (Closes: #573551) -- Stig Sandbeck Mathisen Wed, 26 Jan 2011 16:10:56 +0100 puppet (2.6.3-1) experimental; urgency=low [ Mathias Gug ] * New upstream version. [ Stig Sandbeck Mathisen ] * debian/control: Adjust dependencies for puppet-testsuite, depend on puppet-common instead of puppet and puppetmaster -- Stig Sandbeck Mathisen Tue, 23 Nov 2010 10:40:31 +0100 puppet (2.6.1-1) experimental; urgency=low [ Mathias Gug ] * New upstream version: - Fix "Puppet standalone broken" (Closes: #594575) * test/lib/puppettest/fakes.rb: Fix puppettest to use puppet system library. * debian/puppetmaster-passenger.postinst: Use cacrl instead of hostcrl to set the location of the CRL in apache2 configuration. Fix apache2 configuration on upgrade as well (LP: #641001). * debian/control: - move all puppet dependencies to puppet-common since all the code is actually located in puppet-common. - move libaugeas from a recommend to a dependency. [ Stig Sandbeck Mathisen ] * Fix "require" path for puppet queue. * Add dependency on "facter" for "puppet-common" * Make sure the "puppet-common" package can be purged even when not fully installed (Closes: #596163) -- Stig Sandbeck Mathisen Sat, 02 Oct 2010 12:14:37 +0200 puppet (2.6.1~rc3-1) experimental; urgency=low [ Mathias Gug ] * New upstream version: - fix config.ru file to run puppetmaster as a rack application. (Closes: #593557) * Fix test suite to run from a package install rather then from the source directory: + Rakefile: use system puppet.rb file to detect version. + spec/unit/application/apply_spec.rb: Fix test suite to use puppet system library. + spec/spec_helper.rb: disable gem. * Fix init service provider to correctly check the status of services using upstart jobs (Closes: #584481, LP: #551544). * etckeeper integration (Closes: #571127) [server-lucid-puppet-etckeeper-integration]: + debian/etckeeper-commit-post, debian/etckeeper-commit-pre: Call "etckeeper commit" before and after catalog runs. Silently bail out if etckeeper is not available. + debian/puppet.conf: Call out to the etckeeper hooks using the prerun_command and postrun_command hooks. + debian/rules: Install the etckeeper hook scripts in /etc/puppet. + debian/README.Debian: add note about etckeeper integration. + debian/control: the puppet package suggests etckeeper. * Create puppetmaster-passenger package to automatically setup the puppetmaster to be run under mod passenger and apache2: - create new puppetmaster-common package to share files between puppetmaster (ie webrick) and puppetmaster-passenger. - move puppetqd to puppetmaster-common. - debian/puppet.conf: enable ssl options so that the default configuration works out of the box under passenger. * debian/puppet-common.postinst: set permissions and ownership of puppet log directory. * Move puppetmaster's Recommends to Suggests. [ Stig Sandbeck Mathisen ] * Recommend lsb-release (Closes: #593606) * Recommend debconf-utils (Closes: #593780) * ext/puppetlast: removed from upstream * Cherry-pick updated man pages from upstream -- Stig Sandbeck Mathisen Fri, 27 Aug 2010 14:32:00 +0200 puppet (2.6.0-2) unstable; urgency=low * Bump Standards-Version to 3.9.1 * Release for unstable -- Stig Sandbeck Mathisen Wed, 28 Jul 2010 20:48:21 +0200 puppet (2.6.0-1) experimental; urgency=low * New upstream version * Fix "short package description doesn't differ from binary package puppet", update description of binary package. (Closes: #587364) * Move /usr/bin/puppet to the puppet-common package * debian/control: Convert Conflicts: to Breaks: * debian/control: bump policy version and update project homepage * debian/control: Update dependencies/breakages * debian/copyright: Remove reference to deprecated bsd license file, it is included already * move manpage puppet(8) to package puppet-common * Debian fix: set correct header in puppet.conf(5) * Add puppetqd(8) to the puppetmaster package -- Stig Sandbeck Mathisen Tue, 20 Jul 2010 09:37:22 +0200 puppet (0.25.5-1) unstable; urgency=low [ Stig Sandbeck Mathisen ] * New upstream version: 0.25.5 * Adjust conflicts for puppet-common, to ensure upgrade goes well [ Mathias Gug ] * Add /etc/puppet/templates and /etc/puppet/modules to the puppet- common package (Closes: #571129) * Add binary package "puppet-testsuite" (Closes: #584480) -- Stig Sandbeck Mathisen Fri, 25 Jun 2010 17:27:05 +0200 puppet (0.25.4-6) unstable; urgency=low * clarify passenger options in default/puppetmaster * add patch to ext/rack/files/apache2.conf for debian-specific settings * debian/control: add version depends on librack-ruby * additional start-stop-daemon fix for puppet.init and puppetqd.init * debian/rules: actually install config.ru owned by the puppet user, this is necessary for proper suid of passenger (closes: #577366) -- Micah Anderson Tue, 20 Apr 2010 16:06:38 -0400 puppet (0.25.4-5) unstable; urgency=low * debian/puppetmaster.init: fix invocation of start-stop-daemon (closes: * #578066) -- Andrew Pollock Sat, 17 Apr 2010 20:33:09 -0700 puppet (0.25.4-4) unstable; urgency=low [ Andrew Pollock ] * debian/watch: update for new upstream location * apply patch from Mathias Gug to add /etc/puppet to puppet-common's directories so that it is removed on package purge (if empty). Also removes /var/log/puppet on purge (closes: #571130) [ Micah Anderson ] * add Suggests: libselinux-ruby1.8 as puppet supports it, but only if the library is present * cherry-pick: add puppetmasterd dbconnections option to increase the rails 'max pool size' (redmine: #2568) * fix puppetqd initscript status operation [ Andrew Pollock ] * debian/rules: don't install config.ru owned by the puppet user (closes: #577366) -- Andrew Pollock Thu, 15 Apr 2010 21:18:32 -0700 puppet (0.25.4-3) unstable; urgency=low [ Stig Sandbeck Mathisen ] * Fix "puppetmaster and puppet scripts always return 0" with patch from Mathias Gug, make sure return codes are actually used (Closes: #573473) [ Micah Anderson ] * Disable default puppet.conf option pluginsync=true, see puppet-common.NEWS * Suggest in puppetmaster package: libapache2-mod-passenger, librack-ruby * Create puppetmaster.README with information about the server type * Provide an example apache2.conf for libapache2-mod-passenger * Ship the rack config.ru, and README as README.rack * Fix puppet-el.emacsen-startup script to be properly installed * debian/puppetmaster.init: Fix init stop action to not fail if the puppetmaster is already stopped, Thanks Mathias Gug (Closes: #574677) * Add Suggests: stompserver/libstomp-ruby1.8 - needed for puppetqd * Add README.queueing to puppetmaster package which describes puppetqd * Add /etc/init.d/puppetqd and defaults in /etc/defaults/puppetmaster * Switch to dpkg-source 3.0 (quilt) format -- Micah Anderson Tue, 16 Mar 2010 12:27:07 -0400 puppet (0.25.4-2) unstable; urgency=low [ Stig Sandbeck Mathisen ] * puppet: do not explicitly remove /var/lib/puppet on purge (Closes: #525852) * upstream cherry-pick: Updated man pages and moved puppet.conf.8 to puppet.conf.5 (Closes: #563567) * Fix "Improper ownership of /var/lib/puppet/state", explicitly create this in postinst (and remove in postrm on purge) (Closes: #462551) * Fix "wrong default location for templates", update default settings, and create puppet-common.NEWS with information (Closes: #484659) * Move postinst and postrm handling of shared users and directories to puppet-common (Closes: #570012) -- Stig Sandbeck Mathisen Tue, 16 Feb 2010 06:30:55 +0000 puppet (0.25.4-1) unstable; urgency=low [Nigel Kersten ] * New upstream version 0.25.4 [ Micah Anderson ] * Fix debian/rules typo in install of puppet-mode-init.el * Fix which package puppet-mode-init.el gets installed into * Add Suggests for vim-puppet and puppet-el on binary packages [ Stig Sandbeck Mathisen ] * Update debian/copyright * debian/{puppet,puppetmaster}.init: Add status argument, fix pid file locations (Closes: #545975) * Refactoring: Add binary packages for puppet-common, puppet-el, vim-puppet -- Stig Sandbeck Mathisen Mon, 01 Feb 2010 12:31:58 +0100 puppet (0.25.1-3) unstable; urgency=low [ Nigel Kersten ] * Require modification of /etc/default/puppet to start puppet client daemon. (closes: #518831) * cherry pick upstream fix for puppetrun with tags (closes: #559092) * cherry pick upstream fix for supplementary groups not being reset. (CVE-2009-3564) (closes: #551073) [ Andrew Pollock ] * debian/{puppet,puppetmaster}.pid: Correct the path to the pidfiles (closes: #561231) * debian/control: version the build dependency on facter (closes: #551055) -- Andrew Pollock Wed, 16 Dec 2009 11:36:39 -0800 puppet (0.25.1-2) unstable; urgency=low * Add puppetqd executable to puppetmaster package (closes: #554624) -- Nigel Kersten Thu, 05 Nov 2009 11:23:10 -0800 puppet (0.25.1-1) unstable; urgency=low * New upstream release of 0.25.1 -- Nigel Kersten Tue, 27 Oct 2009 10:35:40 -0700 puppet (0.25.0-1) unstable; urgency=low * New upstream release * Tweak .install files to cope with new use of sbindir from upstream. * Add the new auth.conf config file to the puppetmaster package. -- Nigel Kersten Sun, 16 Aug 2009 05:34:17 -0700 puppet (0.24.8-3) unstable; urgency=low [ Micah Anderson ] * Make logcheck ignore 'Reopening log files' on puppetmaster (Closes: #538721) [ Nigel Kersten ] * switch from unreleased to unstable. -- Nigel Kersten Sun, 16 Aug 2009 05:33:53 -0700 puppet (0.24.8-2) unstable; urgency=high [ Micah Anderson ] * Cherry-pick upstream versioncmp fix (redmine:#2110) [ Andrew Pollock ] * Enable waiting for certificates for the default value (upstream default that was previously disabled or enabled with a 5 second value) * Re-ship the vim syntax file in the correct location (it fell out after the 0.24.5-3 upload) (closes: #530752) * Re-add the 0.24.5-3 changelog entry * debian/puppet.postrm: don't delete the user or group (closes: #528068, #527381) * debian/puppet.{preinst,postinst}: Applied modified patch from Stig Sandbeck Mathisen to call conditionally call adduser in the postinst, if it's available [ Nigel Kersten ] * Switched to use install.rb, primarily to stop shebangs using /usr/bin/env * Stopped using dh_movefiles, moved to dh_install * debian/rules greatly cleaned up due to above two changes [ Andrew Pollock ] * debian/control: add rdoc, libopenssl-ruby and facter to build dependencies * debian/control: depend on ruby1.8 instead of ruby to placate Lintian * debian/puppet.install: brown paper bag release averted; install /usr/lib/ruby/1.8 * debian/rules: ensure permissions on everything under /usr/lib/ruby/1.8 is correct -- Andrew Pollock Tue, 16 Jun 2009 23:37:22 -0700 puppet (0.24.8-1) unstable; urgency=low * New upstream release * debian/control: Add Nigel Kersten and myself as uploaders * debian/changelog: wrap long lines * debian/watch: ignore release candidates * debian/compat: bump to 5 * debian/control: bump Standards-Version (no changes) -- Andrew Pollock Mon, 13 Apr 2009 17:12:47 -0700 puppet (0.24.7-2) experimental; urgency=low * make puppetmaster conflict previous puppet due to man page move -- Micah Anderson Wed, 28 Jan 2009 10:28:23 -0500 puppet (0.24.7-1) experimental; urgency=low * New upstream release * Fixed comment in defaults/puppetmaster (Closes: #510881) * Fixed debian/puppetmaster.manpages and debian/puppet.manpages to distribute puppetrun and puppetca correctly, thanks Savvas Radevic (Closes: #511826) * Added puppetmaster Recommends: libldap-ruby1.8 to silence puppetrun (Closes: #512639) * Added puppet Recommends: libaugeas-ruby1.8 for new Augeas support in this release -- Micah Anderson Fri, 23 Jan 2009 09:27:09 -0500 puppet (0.24.6-1) experimental; urgency=low * New upstream release (Closes: #506129, #504624, #502163) * Distribute filebucket binary (Closes: #499999) * Fix missing check for START variable in defaults files (Closes: #498284) * Fix maintainer scripts so that they do not ignore errors (set -e) * Fix maintainer scripts so they don't have prepended paths (thanks lintian) * Cherry-pick fixes from upstream: - comparison of String with 0 failed (Closes: #500848) - filename cannot handle ++ (Closes: #502163) - tidy must specify size, age or both (Closes: #500852) -- Micah Anderson Sat, 29 Nov 2008 13:59:25 -0500 puppet (0.24.5-3) unstable; urgency=medium * Set wait for cert timeout to 5 secs, to avoid resource abuse (Closes: #509566) * Distribute filebucket binary (Closes: #499999) * Place vim syntax in the correct location (LP: #181960) -- Thom May Wed, 07 Jan 2009 15:15:34 -0500 puppet (0.24.5-2) unstable; urgency=low * Fix puppetlast to work with 0.24.5 * Adjust logcheck to match against new log messages in 0.24.5 * Update standards version to 3.8.0 (no changes) * Update changelog to reduce length of line to make lintian happy -- Micah Anderson Sat, 26 Jul 2008 15:43:45 -0400 puppet (0.24.5-1) unstable; urgency=low * New upstream release * Applied patch from Martin Krafft to improve logcheck file installation -- Thom May Thu, 24 Jul 2008 10:58:08 +0100 puppet (0.24.4-8) unstable; urgency=low * Changed the default port value to 8140 in /etc/default/puppetmaster to be consistent with the client default port. (Closes: #483823) * Cherry-picked various bug fixes from upstream: - further emacs mode updates from Russ Allbery - misleading error if CA private key can not be decrypted (trac:#1271) - fix missing bracket in documentation (trac:#1209) - man pages updates (trac:#1211) - add dump parameter to mount type (trac:#1212) - fixed undefined variable in lib/puppet/util/settings.rb (trac:#1218) - usermod problem on Solaris (trac:#1207) - added native authorized_keys type - test within a template if a variable or fact is defined (trac:#1177) - Fixed Red Hat service disabling (trac:#1219) - fix crontab provider parse error when line begins w/space (trac:#1216) - Fix for latest method in rpm provider (trac:#1224) - puppetd documentation updates (trac:#1227) - Modified the 'factpath' setting to automatically configure Facter to load facts there if a new enough version of Facter is used. - Removing unused file lib/puppet/util/variables.rb (trac:#1229) - Fixing transaction support for prefetching generated resources. Previously, we prefetched then generated, which caused generated resources that needed prefetching not to work. This just reorders the calls, so generated resources now get prefetched. - Respect "replace => false" for symlinks (trac:#1235) - Added cron random function fixing ticket (trac:#311) - No more clear_cache failures (trac:#1247) - Fixed Rakefile to install non-.rb files (trac:#1266) -- Micah Anderson Sat, 31 May 2008 11:39:47 -0400 puppet (0.24.4-7) unstable; urgency=low * Update emacs-mode with changes cherry-picked from rra's repository * Fix typo in puppetmaster.init (Closes: #480019) * Fix variable name in /etc/default/puppetmaster comments * Fix incorrect port increment in puppetmaster initscript when mongrel is used, thanks Francois Deppierraz (Closes: #480263) * Add puppetmaster.postrm to remove /var/log/puppet on purge * Added debian/puppetmaster.dirs containing etc/puppet/manifests * Remove puppet group on purge (Closes: #481511) * Remove old config files and stray directories (Closes: #454681) -- Micah Anderson > Sat, 03 May 2008 16:18:32 -0400 puppet (0.24.4-6) unstable; urgency=low * Remove bashisms in puppetmaster.init * Add puppetlast script -- Micah Anderson > Wed, 30 Apr 2008 07:37:04 -0400 puppet (0.24.4-5) unstable; urgency=low * Fix missing --pidfile piece for mongrel startup and make stop consistent, thanks Bart Cortooms (Closes: #476840) * Add trailing newline missing from default files -- Micah Anderson Sat, 19 Apr 2008 11:03:35 -0400 puppet (0.24.4-4) unstable; urgency=low * Create /etc/default/puppet and /etc/default/puppetmaster * Modify /etc/init.d/puppetmaster to support mongrel instances on multiple ports * Remove no longer necessary .svn cleaning from debian/rules * Added $network and $named appropriated places in the LSB headers in puppet and puppetmaster initscripts, thanks Sam Quigley * Install ralsh (Closes: #476629) * Cherry-pick upstream patches from 0.24.x branch: - Install manpages - Fix shebang issues (#1148) - Updated fix for (#1020) - Fix for (#1174) - Emacs mode updates (#1160) - Debian service [en|dis]able issue (#1161) - User type group list validation enhancement - Fix configtimeout issue (#1176) -- Micah Anderson Sun, 13 Apr 2008 19:18:46 -0400 puppet (0.24.4-3) unstable; urgency=low * Remove pi binary, puppetdoc provides this functionality now (Closes: #472850) -- Micah Anderson Fri, 28 Mar 2008 12:38:30 -0400 puppet (0.24.4-2) unstable; urgency=low * Fix duplicate man8/puppetmasterd.8 install -- Micah Anderson Tue, 25 Mar 2008 22:58:22 -0400 puppet (0.24.4-1) unstable; urgency=low * New upstream release * Install man pages missing from upstream release -- Micah Anderson Tue, 25 Mar 2008 18:17:02 -0400 puppet (0.24.3-1) unstable; urgency=low [ Micah Anderson] * New upstream release * Install man pages (Closes: #385529) * Apply lsb formatted dependency info into initscripts, thanks Petter Reinholdtsen (Closes: #462915) * Install more robust puppet-mode.el * Add factpath and pluginsync=true to the default puppet.conf so that facts added through pluginsync are loaded by puppet * Add [plugins] section to fileserver.conf * Updated outdated debian/control substrvar for puppet to ${source:Version} * Updated link in debian/copyright for new URL to license * Updated copyright in debian/copyright * Bumped standards version to 3.7.3.0 (no changes) * Switch debhelper from Build-Depends-Indep to Build-Depends because it is required to run clean target (lintian check: clean-should-be-satisfied-by-build-depends) * Moved homepage from Description to control field * Added Vcs-Browser and Vcs-Git fields to debian/control [ Thom May ] * If puppet can't start, continue with package install -- Micah Anderson Sun, 09 Mar 2008 14:03:00 -0400 puppet (0.24.1-2) unstable; urgency=low * Set rundir correctly (Closes: #460203, #459579) * Apply patch for puppet#1003 to enable collection of tagged resources -- Thom May Wed, 16 Jan 2008 11:08:55 +0100 puppet (0.24.1-1) unstable; urgency=low * New upstream release (Closes: #445626) * Set maintainer to pkg-puppet-devel -- Thom May Sun, 30 Dec 2007 19:13:47 +0100 puppet (0.24.0-1) unstable; urgency=low * New upstream release -- Thom May Wed, 19 Dec 2007 16:00:34 +0100 puppet (0.23.2-15) unstable; urgency=low * No change upload setting maintainer to me whilst waiting for an alioth project. -- Thom May Thu, 29 Nov 2007 10:44:50 +0100 puppet (0.23.2-14) unstable; urgency=low * Orphaning. * Create /var/lib/puppet in the puppet package. Closes: #452506. * Start the puppet init script after puppetmaster, to silence whiny bug reports. Closes: #452064. * Add a reload command to the Puppet init script. Closes: #452060. -- Matthew Palmer Thu, 29 Nov 2007 10:48:21 +1100 puppet (0.23.2-13) unstable; urgency=low * Drop quotes from an already-quoted value in a query. Closes: #448179. * Remove excessive quoting from puppet/network/handler/master.rb. Closes: #448221. * Force removal of directories during pluginsync. Closes: #448180. -- Matthew Palmer Tue, 30 Oct 2007 14:55:19 +1100 puppet (0.23.2-12) unstable; urgency=low * Create /var/run/puppet and set the perms in the various initscripts, as well as hardcoding the rundir better in configuration.rb and removing the explicit rundir setting from puppet.conf. Closes: #447314. * Apply additional patch given (backwards) to fix export/collect on some database backends. Closes: #445591 (again!) -- Matthew Palmer Sat, 20 Oct 2007 11:28:50 +1000 puppet (0.23.2-11) unstable; urgency=low * Apply patch from puppet#786 to fix a problem with exported resources not being properly detected as needing a rerun. Closes: #445591. * Fix ignore handling for the plugins mount. Closes: #446390. -- Matthew Palmer Mon, 15 Oct 2007 09:11:25 +1000 puppet (0.23.2-10) unstable; urgency=low * Recycle connections when we change (or get) certs. * Catch and retry more transient errors in the XMLRPC wrapper. -- Matthew Palmer Thu, 27 Sep 2007 15:06:11 +1000 puppet (0.23.2-9) unstable; urgency=low * Recycle the HTTP connection if we get an EPIPE during a request. Closes: #444177. Thanks to Jos Backus for helping with testing. -- Matthew Palmer Thu, 27 Sep 2007 09:55:34 +1000 puppet (0.23.2-8) unstable; urgency=low * Remove extraneous debugging output accidentally left behind in the last release. * Fix spelling mistakes in debian/control and debian/puppet.preinst. Closes: #444158. -- Matthew Palmer Thu, 27 Sep 2007 07:45:07 +1000 puppet (0.23.2-7) unstable; urgency=low * Ignore ENOENT errors in the module plugin syncing code, since they're innocuous and expected. * Allow facts that are downloaded through pluginsync to be used like any other fact. * Allow users to still have an old-style plugins mount if they want, by specifying a path for the mount. Also track down a fault in old-style fileserving which did strange slash-stripping. Closes: #443932. -- Matthew Palmer Tue, 25 Sep 2007 16:41:32 +1000 puppet (0.23.2-6) unstable; urgency=low * Patch rails/param_name.rb to stop query failures, as per puppet#784. * Actually honour namevar. * Only set dbuser if explicitly asked for. * Fix annoying database deletion error for ParamValue objects. * Add an accessor for ca_file, since older openssl-ruby only had a writer. * Fix the fileserver to honour ignore. Thanks to Nathan Ward for the bug report on IRC. -- Matthew Palmer Thu, 20 Sep 2007 16:10:41 +1000 puppet (0.23.2-5) unstable; urgency=low * Add some NEWS for the ssldir transition. Should have done that earlier. * Remove the explicit mode change for vardir, and fix up the mode on statedir, as well. Closes: #425496. * Only set some database parameters if they're explicitly set; this makes life easier for PgSQL ident auth. * Allow empty config options. -- Matthew Palmer Thu, 13 Sep 2007 11:09:59 +1000 puppet (0.23.2-4) unstable; urgency=low * Fix puppet#776 in a slightly better way by only flushing the cache when a value is changed, rather than whenever a value is read. * Apply patch from puppet#755 to cache connections to the Puppetmaster, which improves performance by more than a little. * Modify the fileserver so that it provides a 'plugins' mount which exports the union of the plugins directory of all modules. -- Matthew Palmer Fri, 31 Aug 2007 15:32:04 +1000 puppet (0.23.2-3) unstable; urgency=low * Clear the config value cache every time. This is a titchy little performance hit, but it works around puppet#776 rather nicely. -- Matthew Palmer Fri, 24 Aug 2007 16:08:04 +1000 puppet (0.23.2-2) unstable; urgency=low * Move the SSL state directory to a more policy-friendly location, /var/lib/puppet/ssl. -- Matthew Palmer Tue, 21 Aug 2007 12:54:40 +1000 puppet (0.23.2-1) unstable; urgency=low * New upstream release. -- Matthew Palmer Tue, 7 Aug 2007 12:47:49 +1000 puppet (0.23.1-1) unstable; urgency=low * New upstream release. * Switch primary maintainer to me. Thanks jaq. * Make the recommendation for rails >= 1.2.3-2, to avoid incompatibilities. This breaks compatibility with stable, but the rails package from unstable should install cleanly in stable. Closes: #433999 -- Matthew Palmer Sat, 21 Jul 2007 16:34:36 +1000 puppet (0.23.0-1) unstable; urgency=low * New upstream release. - Includes a new configuration file handling system; see NEWS.Debian. -- Matthew Palmer Mon, 25 Jun 2007 09:55:12 +1000 puppet (0.22.4-2) unstable; urgency=low * Depend on libshadow-ruby1.8, for new password modification functionality added to upstream 0.22.4. * Several improvements from Micah Anderson: - Better vim syntax installation process. - Install Emacs syntax highlighting. - Install logcheck rules. Closes: #421851. -- Matthew Palmer Thu, 3 May 2007 15:04:15 +1000 puppet (0.22.4-1) unstable; urgency=low * New upstream release. -- Matthew Palmer Wed, 2 May 2007 12:20:15 +1000 puppet (0.22.3-1) unstable; urgency=low * New upstream release. Closes: #415773. * Switch to using our own logrotate config, and enhance it as per David Schmitt's suggestions. Closes: #414282. * Add puppetrun to the puppetmaster package, and actually put puppetdoc into the puppet package. Closes: #419273. * Copy vim syntax highlighting file into the puppet package, and add a stanza to have Vim automatically highlight .pp files. Closes: #412868. Thanks to David Schmitt for researching how to do all of that. * Add a templatedir setting to the default puppetmasterd.conf to make it obvious that it can be changed. Closes: #407506. -- Matthew Palmer Wed, 18 Apr 2007 14:03:33 +1000 puppet (0.22.1-1) unstable; urgency=low * New upstream release. -- Matthew Palmer Fri, 2 Feb 2007 09:06:46 +1100 puppet (0.22.0-1) unstable; urgency=low * New upstream release. * Use --startas instead of --init in init scripts, which (according to Paul Hampson) makes checking for already-running instances work. Closes: #405912. -- Matthew Palmer Mon, 8 Jan 2007 08:41:35 +1100 puppet (0.20.1-1) unstable; urgency=low * New upstream release. (Closes: #387674) * Rationalise the puppetmasterd init script. * Add inclusion of /etc/default files for init scripts. (Closes: #388178) * Add puppet.conf to match puppetd.conf. (Closes: #385646) -- Matthew Palmer Thu, 30 Nov 2006 10:54:19 +1100 puppet (0.18.4-1) unstable; urgency=low * New upstream release. - Properly detect all services, including those in rcS.d. (Closes: #378351) * Add Homepage: to the long description. (Closes: #377896) -- Matthew Palmer Mon, 24 Jul 2006 19:46:06 +1000 puppet (0.18.3-1) unstable; urgency=low * New upstream version. - Set DEBIAN_FRONTEND=noninteractive when installing Debian packages. (Closes: #378338) -- Matthew Palmer Sun, 16 Jul 2006 10:58:50 +1000 puppet (0.18.1-1) unstable; urgency=low * Make Puppet not wait for a cert at all (to prevent startup hangs). * Cleanup the init scripts to not have NO_START detritus. * Apply puppet.debian-frontend, to set DEBIAN_FRONTEND=noninteractive on package installation. -- Matthew Palmer Tue, 27 Jun 2006 15:05:32 +1000 puppet (0.18.0-1) unstable; urgency=low * Initial release. (Closes: #348625) -- Matthew Palmer Wed, 24 May 2006 13:10:01 +1000