We don't have chpasswd, so nothing is executed to change the password.
Current code expects a new value on stdin, so they create a tempfile, etc.
Our usermod(8) -p takes it as argument and, as confimed by ktrace, Puppet
executes the command directly without shell, so use that instead.
master.passwd(5) now gets updated correctly.
Puppet 7 has the same issue, but is EOL since februrary 2025.
OK sebastia
Puppet lets you centrally manage every important aspect of your system using
a cross-platform specification language that manages all the separate
elements normally aggregated in different files, like users, cron jobs,
and hosts, along with obviously discrete elements like packages, services,
and files.
Puppet's simple declarative specification language provides powerful classing
abilities for drawing out the similarities between hosts while allowing them
to be as specific as necessary, and it handles dependency and prerequisite
relationships between objects clearly and explicitly.
Puppet is written entirely in Ruby.
If we need to make an exception we can do it and properly document the
reason but by default we should just use the default login class.
rc.d uses daemon or the login class provided in login.conf.d so this has
no impact there.
discussed with sthen@, tb@ and robert@
praying that my grep/sed skills did not break anything and still
believing in portbump :-)
Excerpt from https://puppet.com/docs/puppet/6/release_notes_puppet.html :
Puppet can leak credentials when following HTTP redirects
Previously, Puppet followed HTTP redirects, the Authentication and Cookie
headers were passed to different hosts, which could leak sensitive
information. Now the Authentication and Cookie headers are only sent when
redirecting to the same hosts. PUP-11188
Puppet 5 and 6 currently use Ruby 2.7, as that is the default Ruby
version. Puppet 6 can probably run on Ruby 3.0 after a distpatch,
but Puppet 5 would require additional backporting (how much is
unknown). Both Puppet 5 and 6 depend on facter and mcollective,
and all must use the same Ruby version. So setting all four ports
to use Ruby 2.7 seems like the simplest way to continue to keep things
working when the default Ruby version is switched to Ruby 3.0.
While here, add install patches for Puppet 5, 6, and mcollective
to build with Ruby 3.0, and add backport a distpatch from Puppet 7
to Puppet 6 to allow Puppet 6 to run on Ruby 3.0. This will make a
future switch to Ruby 3.0 easier.
These changes should not have a runtime effect on Puppet 5 or 6.
The Puppet 6 port is bumped, due to the backported patch, but that
patch should not change runtime behavior on Ruby 2.7.
review from sebastia@ (Puppet 5 maintainer)
OK kn@ (Puppet 6 maintainer)
sebastia added "-W0" to Puppet 5 in
> revision 1.33
> date: 2021/01/18 22:26:11; author: sebastia; state: Exp; lines: +4 -2
> suppress the huge number of deprecation/obsolete warnings since Ruby 2.7
Adapt Puppet 6 equally and adjust their common rc script accordingly to
complete this commit to unbreak "rcctl check puppet".
Reported and tested by giovanni
OK giovanni
if a port needs 2.x then set MODPY_VERSION=${MODPY_DEFAULT_VERSION_2}.
This commit doesn't change any versions currently used; it may be that
some ports have MODPY_DEFAULT_VERSION_2 but don't require it, those
should be cleaned up in the course of updating ports where possible.
Python module ports providing py3-* packages should still use
FLAVOR=python3 so that we don't have a mixture of dependencies some
using ${MODPY_FLAVOR} and others not.
kn