[Pkg-puppet-devel] Bug#525850: puppet: Requesting new certificate will overwrite CA certificate
Ansgar Burchardt
ansgar at mathi.uni-heidelberg.de
Tue Oct 2 09:15:23 UTC 2012
Hi,
Micah Anderson <micah at riseup.net> writes:
>> attached is a patch that I use to prevent puppet from overwriting the
>> CA certificate if it is already present on the local host.
>
> When you reported this bug, it was for 0.24, does this still happen with newer
> versions of puppet?
>
>> --- puppet.orig/lib/puppet/network/client/ca.rb
>> +++ puppet/lib/puppet/network/client/ca.rb
>> @@ -48,7 +48,9 @@
>>
>> # Only write the cert out if it passes validating.
>> Puppet.settings.write(:hostcert) do |f| f.print cert end
>> - Puppet.settings.write(:localcacert) do |f| f.print cacert end
>> + unless FileTest.exist?(Puppet[:localcacert])
>> + Puppet.settings.write(:localcacert) do |f| f.print cacert end
>> + end
>>
>> @cert
>> end
>
> In newer versions of puppet, most of the above code doesn't exist anywhere I
> could find, so I guess that this has either been resolved in newer versions, or
> you have been forward porting this patch to new versions? If you do have a newer
> version, could you send it to the bug report?
I dropped the patch after 2.6.2-5+squeeze3. So this issue should be resolved.
Ansgar
More information about the Pkg-puppet-devel
mailing list