Issue #4859 has been updated by Markus Roberts. Status changed from Unreviewed to Rejected
You are correct, it was intentional. It was a security fix. Just passing strings to the shell for interpretation is powerful, but it opens the door to shell-injection attacks which, for a tool that runs a root, is not a good idea. In some cases you can get the desired result by using "bash -c ..." but extreme caution is advised, and wherever possible you should restructure so that this is not needed. ---------------------------------------- Bug #4859: exec regression - shell negation doesn't work anymore http://projects.puppetlabs.com/issues/4859 Author: Jordan Sissel Status: Rejected Priority: Normal Assignee: Category: Target version: Affected version: Keywords: Branch: In 0.25.5 and previous, you can no longer use shell negation on commands. I use these in 'onlyif' statements for some. Here's a sample reproduce case: <pre> class foo { Exec { path => [ "/bin", "/sbin", "/usr/bin", "/usr/sbin", "/usr/local/bin", "/usr/local/sbin" ], } exec { "echo hello world": onlyif => "! false"; } } include foo </pre> This works in previous versions (<= 0.25.5). In 2.6.1, this does not work. Specifically, this line causes the error: <pre> onlyif => "! false"; </pre> It also fails if the '!' appears first in the actually command name (like "! echo hello world"). Failure from 2.6: <pre> % puppet apply --verbose test.pp info: Applying configuration version '1285645441' err: /Stage[main]/Foo/Exec[echo hello world]: Could not evaluate: Could not find command '!' </pre> Success on 0.25.5: <pre> % puppet --verbose test.pp info: Applying configuration version '1285645456' </pre> There are workarounds, like adding `[ \$? -ne 0 ]` - <pre> onlyif => "false; [ \$? -ne 0 ]" </pre> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
