[Pkg-puppet-devel] Bug#525850: puppet: Requesting new certificate will overwrite CA certificate

Micah Anderson micah at riseup.net
Sat Sep 29 21:28:26 UTC 2012


> attached is a patch that I use to prevent puppet from overwriting the
> CA certificate if it is already present on the local host.

When you reported this bug, it was for 0.24, does this still happen with newer
versions of puppet?

> --- puppet.orig/lib/puppet/network/client/ca.rb
> +++ puppet/lib/puppet/network/client/ca.rb
> @@ -48,7 +48,9 @@
>      # Only write the cert out if it passes validating.
>      Puppet.settings.write(:hostcert) do |f| f.print cert end
> -    Puppet.settings.write(:localcacert) do |f| f.print cacert end
> +    unless FileTest.exist?(Puppet[:localcacert])
> +      Puppet.settings.write(:localcacert) do |f| f.print cacert end
> +    end
>      @cert
>    end

In newer versions of puppet, most of the above code doesn't exist anywhere I
could find, so I guess that this has either been resolved in newer versions, or
you have been forward porting this patch to new versions? If you do have a newer
version, could you send it to the bug report?



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/attachments/20120929/4b6cf486/attachment.pgp>

More information about the Pkg-puppet-devel mailing list