summaryrefslogtreecommitdiff
path: root/lib/puppet/provider/vcsrepo
diff options
context:
space:
mode:
authorHunter Haugen <hunter@puppetlabs.com>2015-05-13 15:39:01 -0700
committerHunter Haugen <hunter@puppetlabs.com>2015-05-13 15:39:01 -0700
commit7f97a76f4682a7c1d5bfbbc3cd5a6dd9523b1d96 (patch)
tree7c39b8a4a5cd7f8bceb875cbedfda52696c835be /lib/puppet/provider/vcsrepo
parent4cc3383f3e22edb31a03a3dad7817734529781ee (diff)
downloadpuppet-vcsrepo-7f97a76f4682a7c1d5bfbbc3cd5a6dd9523b1d96.tar.gz
puppet-vcsrepo-7f97a76f4682a7c1d5bfbbc3cd5a6dd9523b1d96.tar.bz2
(MODULES-821) Don't use /tmp
Very often /tmp is mounted noexec for security reasons related to it being writable by all users. This stopped vcsrepo's git provider from working. This pull request uses puppet's statedir as it is not writable by all users and is a good candidate for transient state like the git provider's identity script for the $GIT_SSH command. An alternative in the future that wouldn't require a temporary file is to set $GIT_SSH_COMMAND instead of $GIT_SSH, except this was added in git 2.3 and is too new to depend on.
Diffstat (limited to 'lib/puppet/provider/vcsrepo')
-rw-r--r--lib/puppet/provider/vcsrepo/git.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/puppet/provider/vcsrepo/git.rb b/lib/puppet/provider/vcsrepo/git.rb
index 8101253..44e4d04 100644
--- a/lib/puppet/provider/vcsrepo/git.rb
+++ b/lib/puppet/provider/vcsrepo/git.rb
@@ -418,7 +418,7 @@ Puppet::Type.type(:vcsrepo).provide(:git, :parent => Puppet::Provider::Vcsrepo)
# @!visibility private
def git_with_identity(*args)
if @resource.value(:identity)
- Tempfile.open('git-helper') do |f|
+ Tempfile.open('git-helper', Puppet[:statedir]) do |f|
f.puts '#!/bin/sh'
f.puts "exec ssh -oStrictHostKeyChecking=no -oPasswordAuthentication=no -oKbdInteractiveAuthentication=no -oChallengeResponseAuthentication=no -oConnectTimeout=120 -i #{@resource.value(:identity)} $*"
f.close