Skip to content

Use validate_cmd & expose filename parameter#60

Merged
ekohl merged 2 commits intovoxpupuli:masterfrom
ekohl:update-java-trusted-ca
Aug 29, 2023
Merged

Use validate_cmd & expose filename parameter#60
ekohl merged 2 commits intovoxpupuli:masterfrom
ekohl:update-java-trusted-ca

Conversation

@ekohl
Copy link
Member

@ekohl ekohl commented Aug 22, 2023

See individual commits for details.

@ekohl ekohl mentioned this pull request Aug 22, 2023
Closed
ekohl added 2 commits August 22, 2023 22:23
@ekohl
Use validate_cmd attribute on file
fa122b3 
Instead of defining a file and then validate it using a separate exec
this uses the built in functionality, which prevents the file from being
written out if it's invalid.
@ekohl
Expose the intermediate filename as a parameter
96843d5
@ekohl ekohl force-pushed the update-java-trusted-ca branch from 530269c to 96843d5 Compare August 22, 2023 20:23
@ekohl ekohl changed the title Use puppet-strings, validate_cmd & expose filename parameter Use validate_cmd & expose filename parameter Aug 29, 2023
bastelfreak
bastelfreak reviewed Aug 29, 2023
View reviewed changes
manifests/java.pp
mode => '0644',
owner => 'root',
group => 'root',
validate_cmd => '/usr/bin/openssl x509 -in %s -noout',
Copy link
Member

@bastelfreak bastelfreak Aug 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are you sure that this path is correct on all operating systems? Is there something around that uses /bin/openssl? We had problems like that in the past.

Copy link
Member Author

@ekohl ekohl Aug 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pretty sure. At least on EL (7+) /bin is a symlink to /usr/bin. Debian and Ubuntu both have it in /usr/bin. Not sure about suse mentioned in metadata.json, but I'd be quite confident in assuming it.

I wasn't sure if you can simply use openssl and expect it to use $path.

Copy link
Member

@bastelfreak bastelfreak Aug 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as far as I know it needs to be an absolute path, that's how we implemented it in other modules as well (puppet/nginx, saz/ssh)

@ekohl ekohl merged commit 4d60258 into voxpupuli:master Aug 29, 2023
@ekohl ekohl added the enhancement New feature or request label Aug 29, 2023
@TheKrizz
Copy link

TheKrizz commented Aug 27, 2024
edited
Loading

tag v5.1.0 has a bug
validate_cmd => '/usr/bin/openssl x509 -in %s -noout', is wrong,
it should be
validate_cmd => '/usr/bin/openssl x509 -in % -noout',

with %s all temporary files has a 's' at the end and the validate_cmd command fails because the filenames doesn't match.

@ekohl ekohl deleted the update-java-trusted-ca branch August 27, 2024 15:36
@ekohl
Copy link
Member Author

ekohl commented Aug 27, 2024
edited
Loading

with %s all temporary files has a 's' at the end and the validate_cmd command fails because the filenames doesn't match.

Could you submit a PR to fix that?

Edit: I only now saw #72.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bastelfreak bastelfreak bastelfreak approved these changes

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ekohl @TheKrizz @bastelfreak