[Pkg-puppet-devel] [SCM] Puppet packaging for Debian branch, upstream, updated. puppet-0.24.5-rc3-1456-g2f0b1e5

James Turnbull james at lovedthanlost.net
Tue Oct 27 17:06:19 UTC 2009 

The following commit has been merged in the upstream branch:
commit ff3a7bc17b66b73f5cf155a2ffb62ccd85f9e9bc
Author: John A. Barbuto <jbarbuto at corp.sourceforge.com>
Date:   Mon Oct 26 14:02:35 2009 -0700

    Re-fixed #2750 - Stop disabling the CRL or checking for a disabled CRL
    
    This was deprecated in commit 1cfb0215 and was keeping puppetd from starting in listen mode.
    
    Signed-off-by: John A. Barbuto <jbarbuto at corp.sourceforge.com>

diff --git a/lib/puppet/application/puppetd.rb b/lib/puppet/application/puppetd.rb
index 26c9f82..56aaf93 100644
--- a/lib/puppet/application/puppetd.rb
+++ b/lib/puppet/application/puppetd.rb
@@ -160,13 +160,6 @@ Puppet::Application.new(:puppetd) do
             exit(14)
         end
 
-        # FIXME: we should really figure out how to distribute the CRL
-        # to clients. In the meantime, we just disable CRL checking if
-        # the CRL file doesn't exist
-        unless File::exist?(Puppet[:cacrl])
-            Puppet[:cacrl] = nil
-        end
-
         handlers = nil
 
         if options[:serve].empty?
diff --git a/lib/puppet/network/http_server/webrick.rb b/lib/puppet/network/http_server/webrick.rb
index a863d3a..2dae9cc 100644
--- a/lib/puppet/network/http_server/webrick.rb
+++ b/lib/puppet/network/http_server/webrick.rb
@@ -21,13 +21,10 @@ module Puppet
             # with them, with flags appropriate for checking client
             # certificates for revocation
             def x509store
-                if Puppet[:cacrl] == 'false'
+                unless File.exist?(Puppet[:cacrl])
                     # No CRL, no store needed
                     return nil
                 end
-                unless File.exist?(Puppet[:cacrl])
-                    raise Puppet::Error, "Could not find CRL; set 'cacrl' to 'false' to disable CRL usage"
-                end
                 crl = OpenSSL::X509::CRL.new(File.read(Puppet[:cacrl]))
                 store = OpenSSL::X509::Store.new
                 store.purpose = OpenSSL::X509::PURPOSE_ANY
diff --git a/lib/puppet/ssl/certificate_revocation_list.rb b/lib/puppet/ssl/certificate_revocation_list.rb
index f3c1a34..c725bde 100644
--- a/lib/puppet/ssl/certificate_revocation_list.rb
+++ b/lib/puppet/ssl/certificate_revocation_list.rb
@@ -46,8 +46,6 @@ class Puppet::SSL::CertificateRevocationList < Puppet::SSL::Base
     # The name doesn't actually matter; there's only one CRL.
     # We just need the name so our Indirector stuff all works more easily.
     def initialize(fakename)
-        raise Puppet::Error, "Cannot manage the CRL when :cacrl is set to false" if [false, "false"].include?(Puppet[:cacrl])
-
         @name = "crl"
     end
 
diff --git a/lib/puppet/sslcertificates/ca.rb b/lib/puppet/sslcertificates/ca.rb
index b0bcdb6..b5a2469 100644
--- a/lib/puppet/sslcertificates/ca.rb
+++ b/lib/puppet/sslcertificates/ca.rb
@@ -194,9 +194,6 @@ class Puppet::SSLCertificates::CA
     # Revoke the certificate with serial number SERIAL issued by this
     # CA. The REASON must be one of the OpenSSL::OCSP::REVOKED_* reasons
     def revoke(serial, reason = OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE)
-        if @config[:cacrl] == 'false'
-            raise Puppet::Error, "Revocation requires a CRL, but ca_crl is set to 'false'"
-        end
         time = Time.now
         revoked = OpenSSL::X509::Revoked.new
         revoked.serial = serial
@@ -344,8 +341,6 @@ class Puppet::SSLCertificates::CA
             @crl = OpenSSL::X509::CRL.new(
                 File.read(@config[:cacrl])
             )
-        elsif @config[:cacrl] == 'false'
-            @crl = nil
         else
             # Create new CRL
             @crl = OpenSSL::X509::CRL.new
diff --git a/spec/unit/application/puppetd.rb b/spec/unit/application/puppetd.rb
index 19dfaf3..e5a5167 100755
--- a/spec/unit/application/puppetd.rb
+++ b/spec/unit/application/puppetd.rb
@@ -407,14 +407,6 @@ describe "puppetd" do
                 @puppetd.setup_listen
             end
 
-            it "should set :cacrl to nil if no cacrl file" do
-                Puppet.expects(:[]).with(:cacrl).returns('cacrl')
-                File.expects(:exist?).with('cacrl').returns(false)
-                Puppet.expects(:[]=).with(:cacrl,nil)
-
-                @puppetd.setup_listen
-            end
-
             it "should create a server to listen on at least the Runner handler" do
                 Puppet::Network::Server.expects(:new).with { |args| args[:xmlrpc_handlers] == [:Runner] }
 
diff --git a/spec/unit/ssl/certificate_revocation_list.rb b/spec/unit/ssl/certificate_revocation_list.rb
index eb25268..3d15db7 100755
--- a/spec/unit/ssl/certificate_revocation_list.rb
+++ b/spec/unit/ssl/certificate_revocation_list.rb
@@ -46,18 +46,6 @@ describe Puppet::SSL::CertificateRevocationList do
         end
     end
 
-    describe "when initializing" do
-        it "should fail if :cacrl is set to false" do
-            Puppet.settings.expects(:value).with(:cacrl).returns false
-            lambda { @class.new("crl") }.should raise_error(Puppet::Error)
-        end
-
-        it "should fail if :cacrl is set to the string 'false'" do
-            Puppet.settings.expects(:value).with(:cacrl).returns "false"
-            lambda { @class.new("crl") }.should raise_error(Puppet::Error)
-        end
-    end
-
     describe "when generating the crl" do
         before do
             @real_crl = mock 'crl'

-- 
Puppet packaging for Debian

More information about the Pkg-puppet-devel mailing list