[Pkg-puppet-devel] Bug#525850: puppet: Requesting new certificate will overwrite CA certificate

[Ansgar Burchardt]

Package: puppet
Version: 0.24.5-3
Severity: minor

Hi,

When puppet initially requests a certificate from puppetmaster, it will
overwrite the CA certificate even if it is already present.

I traced the problem to

    # Only write the cert out if it passes validating.
    Puppet.settings.write(:hostcert) do |f| f.print cert end
    Puppet.settings.write(:localcacert) do |f| f.print cacert end

in /usr/lib/ruby/1.8/puppet/network/client/ca.rb.  I think the local CA
cert should only be written if the file is not already present.

Regards,
Ansgar

-- System Information:
Debian Release: 5.0.1
  APT prefers stable
  APT policy: (900, 'stable'), (600, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages puppet depends on:
ii  adduser                       3.110      add and remove users and groups
ii  facter                        1.5.1-0.1  a library for retrieving facts fro
ii  libopenssl-ruby               4.2        OpenSSL interface for Ruby
ii  libruby [libxmlrpc-ruby]      4.2        Libraries necessary to run Ruby 1.
ii  libshadow-ruby1.8             1.4.1-8    Interface of shadow password for R
ii  libxmlrpc-ruby                4.2        transitional dummy package
ii  lsb-base                      3.2-20     Linux Standard Base 3.2 init scrip
ii  ruby                          4.2        An interpreter of object-oriented 

Versions of packages puppet recommends:
pn  rdoc                          <none>     (no description available)

puppet suggests no packages.

-- no debconf information