[Pkg-puppet-devel] [SCM] Puppet packaging for Debian branch, upstream, updated. puppet-0.24.5-rc3-1601-gf8c1b08

Christian Hofstaedtler ch+git at zeha.at
Fri Jan 15 09:07:17 UTC 2010 

The following commit has been merged in the upstream branch:
commit 5ed2e2619fc366a9ea1e1b9866da055ba0cd57aa
Author: Christian Hofstaedtler <ch+git at zeha.at>
Date:   Thu Nov 5 11:03:44 2009 +0100

    rack: SSL Env vars can only be in Request.env
    
    This reverts commit c702f76b271515e9c42dcb923d379fbfac4c83cd and turns it
    into a documentation only fix. As it turns out, ENV should have never been
    used at all, as the Rack docs say nothing about it *and* Passenger's
    behaviour in 2.2.3 + 2.2.4 was completely broken and still is half-way broken
    in 2.2.5 (but is OK with the Rack specs).

diff --git a/ext/rack/README b/ext/rack/README
index 3bdcca5..d05d402 100644
--- a/ext/rack/README
+++ b/ext/rack/README
@@ -43,7 +43,7 @@ Make sure puppetmasterd ran at least once, so the CA & SSL certificates
 got set up.
 
 Requirements:
-  Passenger version 2.2.2 or newer***
+  Passenger version 2.2.2 or 2.2.5 or newer***
   Rack version 1.0.0
   Apache 2.x
   SSL Module loaded
@@ -68,6 +68,6 @@ config.ru. Therefore, config.ru shall be owned by the puppet user.
 *** Important note about Passenger versions:
     2.2.2 is known to work.
     2.2.3-2.2.4 are known to *NOT* work.
-    2.2.5 (when it is released) is expected to work properly again.
+    2.2.5 works again when used with Puppet 0.25.2+.
     Passenger installation doc: http://www.modrails.com/install.html
 
diff --git a/lib/puppet/network/http/rack/httphandler.rb b/lib/puppet/network/http/rack/httphandler.rb
index 31aa837..e142068 100644
--- a/lib/puppet/network/http/rack/httphandler.rb
+++ b/lib/puppet/network/http/rack/httphandler.rb
@@ -12,23 +12,5 @@ class Puppet::Network::HTTP::RackHttpHandler
         raise NotImplementedError, "Your RackHttpHandler subclass is supposed to override service(request)"
     end
 
-    def ssl_client_header(request)
-        env_or_request_env(Puppet[:ssl_client_header], request)
-    end
-
-    def ssl_client_verify_header(request)
-        env_or_request_env(Puppet[:ssl_client_verify_header], request)
-    end
-
-    # Older Passenger versions passed all Environment vars in app(env),
-    # but since 2.2.3 they (some?) are really in ENV.
-    # Mongrel, etc. may also still use request.env.
-    def env_or_request_env(var, request)
-        if ENV.include?(var)
-            ENV[var]
-        else
-            request.env[var]
-        end
-    end
 end
 
diff --git a/lib/puppet/network/http/rack/rest.rb b/lib/puppet/network/http/rack/rest.rb
index bdca651..1047512 100644
--- a/lib/puppet/network/http/rack/rest.rb
+++ b/lib/puppet/network/http/rack/rest.rb
@@ -63,11 +63,11 @@ class Puppet::Network::HTTP::RackREST < Puppet::Network::HTTP::RackHttpHandler
         result[:ip] = request.ip
 
         # if we find SSL info in the headers, use them to get a hostname.
-        # try this with :ssl_client_header.
-        # For Apache you need special configuration, see ext/rack/README.
-        if dn = ssl_client_header(request) and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
+        # try this with :ssl_client_header, which defaults should work for
+        # Apache with StdEnvVars.
+        if dn = request.env[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
             result[:node] = dn_matchdata[1].to_str
-            result[:authenticated] = (ssl_client_verify_header(request) == 'SUCCESS')
+            result[:authenticated] = (request.env[Puppet[:ssl_client_verify_header]] == 'SUCCESS')
         else
             result[:node] = resolve_node(result)
             result[:authenticated] = false
diff --git a/lib/puppet/network/http/rack/xmlrpc.rb b/lib/puppet/network/http/rack/xmlrpc.rb
index 9d0f486..4fc9e82 100644
--- a/lib/puppet/network/http/rack/xmlrpc.rb
+++ b/lib/puppet/network/http/rack/xmlrpc.rb
@@ -43,11 +43,11 @@ class Puppet::Network::HTTP::RackXMLRPC < Puppet::Network::HTTP::RackHttpHandler
         ip = request.ip
 
         # if we find SSL info in the headers, use them to get a hostname.
-        # try this with :ssl_client_header.
-        # For Apache you need special configuration, see ext/rack/README.
-        if dn = ssl_client_header(request) and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
+        # try this with :ssl_client_header, which defaults should work for
+        # Apache with StdEnvVars.
+        if dn = request.env[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
             node = dn_matchdata[1].to_str
-            authenticated = (ssl_client_verify_header(request) == 'SUCCESS')
+            authenticated = (request.env[Puppet[:ssl_client_verify_header]] == 'SUCCESS')
         else
             begin
                 node = Resolv.getname(ip)

-- 
Puppet packaging for Debian

More information about the Pkg-puppet-devel mailing list