I'd definitely like to see a couple other people test this, but looks good.
On Oct 26, 2009, at 2:24 PM, John A. Barbuto wrote: > > This was deprecated in commit 1cfb0215 and was keeping puppetd from > starting in listen mode. > > Signed-off-by: John A. Barbuto <[email protected]> > --- > lib/puppet/application/puppetd.rb | 7 ------- > lib/puppet/network/http_server/webrick.rb | 5 +---- > lib/puppet/ssl/certificate_revocation_list.rb | 2 -- > lib/puppet/sslcertificates/ca.rb | 5 ----- > spec/unit/application/puppetd.rb | 8 -------- > spec/unit/ssl/certificate_revocation_list.rb | 12 ------------ > 6 files changed, 1 insertions(+), 38 deletions(-) > > diff --git a/lib/puppet/application/puppetd.rb b/lib/puppet/ > application/puppetd.rb > index 26c9f82..56aaf93 100644 > --- a/lib/puppet/application/puppetd.rb > +++ b/lib/puppet/application/puppetd.rb > @@ -160,13 +160,6 @@ Puppet::Application.new(:puppetd) do > exit(14) > end > > - # FIXME: we should really figure out how to distribute the > CRL > - # to clients. In the meantime, we just disable CRL checking > if > - # the CRL file doesn't exist > - unless File::exist?(Puppet[:cacrl]) > - Puppet[:cacrl] = nil > - end > - > handlers = nil > > if options[:serve].empty? > diff --git a/lib/puppet/network/http_server/webrick.rb b/lib/puppet/ > network/http_server/webrick.rb > index a863d3a..2dae9cc 100644 > --- a/lib/puppet/network/http_server/webrick.rb > +++ b/lib/puppet/network/http_server/webrick.rb > @@ -21,13 +21,10 @@ module Puppet > # with them, with flags appropriate for checking client > # certificates for revocation > def x509store > - if Puppet[:cacrl] == 'false' > + unless File.exist?(Puppet[:cacrl]) > # No CRL, no store needed > return nil > end > - unless File.exist?(Puppet[:cacrl]) > - raise Puppet::Error, "Could not find CRL; set > 'cacrl' to 'false' to disable CRL usage" > - end > crl = > OpenSSL::X509::CRL.new(File.read(Puppet[:cacrl])) > store = OpenSSL::X509::Store.new > store.purpose = OpenSSL::X509::PURPOSE_ANY > diff --git a/lib/puppet/ssl/certificate_revocation_list.rb b/lib/ > puppet/ssl/certificate_revocation_list.rb > index f3c1a34..c725bde 100644 > --- a/lib/puppet/ssl/certificate_revocation_list.rb > +++ b/lib/puppet/ssl/certificate_revocation_list.rb > @@ -46,8 +46,6 @@ class Puppet::SSL::CertificateRevocationList < > Puppet::SSL::Base > # The name doesn't actually matter; there's only one CRL. > # We just need the name so our Indirector stuff all works more > easily. > def initialize(fakename) > - raise Puppet::Error, "Cannot manage the CRL when :cacrl is > set to false" if [false, "false"].include?(Puppet[:cacrl]) > - > @name = "crl" > end > > diff --git a/lib/puppet/sslcertificates/ca.rb b/lib/puppet/ > sslcertificates/ca.rb > index b0bcdb6..b5a2469 100644 > --- a/lib/puppet/sslcertificates/ca.rb > +++ b/lib/puppet/sslcertificates/ca.rb > @@ -194,9 +194,6 @@ class Puppet::SSLCertificates::CA > # Revoke the certificate with serial number SERIAL issued by this > # CA. The REASON must be one of the OpenSSL::OCSP::REVOKED_* > reasons > def revoke(serial, reason = > OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE) > - if @config[:cacrl] == 'false' > - raise Puppet::Error, "Revocation requires a CRL, but > ca_crl is set to 'false'" > - end > time = Time.now > revoked = OpenSSL::X509::Revoked.new > revoked.serial = serial > @@ -344,8 +341,6 @@ class Puppet::SSLCertificates::CA > @crl = OpenSSL::X509::CRL.new( > File.read(@config[:cacrl]) > ) > - elsif @config[:cacrl] == 'false' > - @crl = nil > else > # Create new CRL > @crl = OpenSSL::X509::CRL.new > diff --git a/spec/unit/application/puppetd.rb b/spec/unit/ > application/puppetd.rb > index 19dfaf3..e5a5167 100755 > --- a/spec/unit/application/puppetd.rb > +++ b/spec/unit/application/puppetd.rb > @@ -407,14 +407,6 @@ describe "puppetd" do > @puppetd.setup_listen > end > > - it "should set :cacrl to nil if no cacrl file" do > - Puppet.expects(:[]).with(:cacrl).returns('cacrl') > - File.expects(:exist?).with('cacrl').returns(false) > - Puppet.expects(:[]=).with(:cacrl,nil) > - > - @puppetd.setup_listen > - end > - > it "should create a server to listen on at least the > Runner handler" do > Puppet::Network::Server.expects(:new).with { |args| > args[:xmlrpc_handlers] == [:Runner] } > > diff --git a/spec/unit/ssl/certificate_revocation_list.rb b/spec/ > unit/ssl/certificate_revocation_list.rb > index eb25268..3d15db7 100755 > --- a/spec/unit/ssl/certificate_revocation_list.rb > +++ b/spec/unit/ssl/certificate_revocation_list.rb > @@ -46,18 +46,6 @@ describe Puppet::SSL::CertificateRevocationList do > end > end > > - describe "when initializing" do > - it "should fail if :cacrl is set to false" do > - Puppet.settings.expects(:value).with(:cacrl).returns > false > - lambda { @class.new("crl") }.should > raise_error(Puppet::Error) > - end > - > - it "should fail if :cacrl is set to the string 'false'" do > - Puppet.settings.expects(:value).with(:cacrl).returns > "false" > - lambda { @class.new("crl") }.should > raise_error(Puppet::Error) > - end > - end > - > describe "when generating the crl" do > before do > @real_crl = mock 'crl' > -- > 1.6.5.1 > > > > -- Get forgiveness now -- tomorrow you may no longer feel guilty. --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en -~----------~----~----~----~------~----~------~--~---
