diff options
author | Hunter Haugen <hunter@puppetlabs.com> | 2015-05-13 15:39:01 -0700 |
---|---|---|
committer | Hunter Haugen <hunter@puppetlabs.com> | 2015-05-13 15:39:01 -0700 |
commit | 7f97a76f4682a7c1d5bfbbc3cd5a6dd9523b1d96 (patch) | |
tree | 7c39b8a4a5cd7f8bceb875cbedfda52696c835be /lib/puppet/provider/vcsrepo | |
parent | 4cc3383f3e22edb31a03a3dad7817734529781ee (diff) | |
download | puppet-vcsrepo-7f97a76f4682a7c1d5bfbbc3cd5a6dd9523b1d96.tar.gz puppet-vcsrepo-7f97a76f4682a7c1d5bfbbc3cd5a6dd9523b1d96.tar.bz2 |
(MODULES-821) Don't use /tmp
Very often /tmp is mounted noexec for security reasons related to it
being writable by all users. This stopped vcsrepo's git provider from
working.
This pull request uses puppet's statedir as it is not writable by all
users and is a good candidate for transient state like the git
provider's identity script for the $GIT_SSH command.
An alternative in the future that wouldn't require a temporary file is
to set $GIT_SSH_COMMAND instead of $GIT_SSH, except this was added in
git 2.3 and is too new to depend on.
Diffstat (limited to 'lib/puppet/provider/vcsrepo')
-rw-r--r-- | lib/puppet/provider/vcsrepo/git.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/puppet/provider/vcsrepo/git.rb b/lib/puppet/provider/vcsrepo/git.rb index 8101253..44e4d04 100644 --- a/lib/puppet/provider/vcsrepo/git.rb +++ b/lib/puppet/provider/vcsrepo/git.rb @@ -418,7 +418,7 @@ Puppet::Type.type(:vcsrepo).provide(:git, :parent => Puppet::Provider::Vcsrepo) # @!visibility private def git_with_identity(*args) if @resource.value(:identity) - Tempfile.open('git-helper') do |f| + Tempfile.open('git-helper', Puppet[:statedir]) do |f| f.puts '#!/bin/sh' f.puts "exec ssh -oStrictHostKeyChecking=no -oPasswordAuthentication=no -oKbdInteractiveAuthentication=no -oChallengeResponseAuthentication=no -oConnectTimeout=120 -i #{@resource.value(:identity)} $*" f.close |