Fix a number of packaging and source bugs

Fri Aug 07 2009 Todd Zullinger <tmz@pobox.com> - 0.24.8-4
- Fix status -p handling on older RHEL (#501577)
- Fix condrestart when daemon's aren't running (#480600)
- Fix timeout reading /proc/mounts (upstream #1963)
- Fix permissions on /var/log/puppet (#495096)
- Fix rails test for activerecord-2.3 (#515728)
Wed Jun 24 2009 Jeroen van Meeuwen <kanarip@kanarip.com>
- Fix permissions on /var/run/puppet/ (#495096)
- Support initializing supplementary groups (#1806, #475201, Till Maas)
- Own the correct vim directory
- Move ext/ outside of doc datadir (rpmlint)
- Require ruby(selinux) rather then libselinux-ruby (#507848)

puppet-0.24.8-activerecord-test.patch

@@ -0,0 +1,46 @@
+From a7a9fb5afaa58922bb6ecb49e04b5ed59f381d22 Mon Sep 17 00:00:00 2001
+From: Luke Kanies <luke@madstop.com>
+Date: Thu, 23 Apr 2009 18:56:30 -0500
+Subject: [PATCH/puppet] Fixing the Rails feature test to require 2.3.x
+
+Signed-off-by: Luke Kanies <luke@madstop.com>
+---
+ lib/puppet/feature/rails.rb |   21 ++++-----------------
+ 1 files changed, 4 insertions(+), 17 deletions(-)
+
+diff --git a/lib/puppet/feature/rails.rb b/lib/puppet/feature/rails.rb
+index 63e6f00..561863c 100644
+--- a/lib/puppet/feature/rails.rb
++++ b/lib/puppet/feature/rails.rb
+@@ -28,24 +28,11 @@ Puppet.features.add(:rails) do
+         end
+     end
+ 
+-    # If we couldn't find it the normal way, try using a Gem.
+-    unless defined? ActiveRecord
+-        begin
+-            require 'rubygems'
+-            require 'rails'
+-        rescue LoadError
+-            # Nothing
+-        end
++    unless defined?(::ActiveRecord) and ::ActiveRecord::VERSION::MAJOR == 2 and ::ActiveRecord::VERSION::MINOR == 3
++        Puppet.err "ActiveRecord 2.3 required for StoreConfigs"
++        raise "ActiveRecord 2.3 required for StoreConfigs"
+     end
+ 
+-    # We check a fairly specific class, so that we can be sure that we've
+-    # loaded a new enough version of AR that will support the features we
+-    # actually use.
+-    if defined? ActiveRecord::Associations::BelongsToPolymorphicAssociation
+-        require 'puppet/rails'
+-        true
+-    else
+-        false
+-    end
++    true
+ end
+ 
+-- 
+1.6.4
+

puppet-0.24.8-condrestart.patch

@@ -0,0 +1,82 @@
+From fc161e4a5ad4d470d0fe17b734004ab675eaa6ae Mon Sep 17 00:00:00 2001
+From: Todd Zullinger <tmz@pobox.com>
+Date: Fri, 3 Jul 2009 10:22:19 -0400
+Subject: [PATCH/puppet 2/2] conf/redhat/*.init: Fix condrestart/try-restart
+
+Previously, the Red Hat init scripts used the $pidfile or $lockfile as a
+test for whether to restart the daemons.  This caused condrestart to
+start the daemons even when they were not running, in cases where they
+had died or been killed without cleaning up the $pidfile/$lockfile.
+
+This was reported by Ingvar Hagelund in Red Hat bug #480600.
+---
+ conf/redhat/client.init |    7 ++++++-
+ conf/redhat/server.init |   11 ++++++++---
+ 2 files changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/conf/redhat/client.init b/conf/redhat/client.init
+index f40e81d..fda156c 100644
+--- a/conf/redhat/client.init
++++ b/conf/redhat/client.init
+@@ -67,6 +67,10 @@ rh_status() {
+     status $statusopts $puppetd
+ }
+ 
++rh_status_q() {
++        rh_status >/dev/null 2>&1
++}
++
+ genconfig() {
+   echo -n $"Generate configuration puppet: "
+   $puppetd ${PUPPET_OPTS} ${PUPPET_EXTRA_OPTS} --genconfig
+@@ -86,7 +90,8 @@ case "$1" in
+         reload
+ 	;;
+   condrestart|try-restart)
+-	[ -f "$pidfile" ] && restart
++	rh_status_q || exit 0
++	restart
+ 	;;
+   status)
+         rh_status
+diff --git a/conf/redhat/server.init b/conf/redhat/server.init
+index 6871b9a..74cb52f 100644
+--- a/conf/redhat/server.init
++++ b/conf/redhat/server.init
+@@ -89,7 +89,7 @@ genconfig() {
+   $PUPPETMASTER $PUPPETMASTER_OPTS --genconfig
+ }
+ 
+-puppetmaster_status() {
++rh_status() {
+     if [ -n "$PUPPETMASTER_PORTS" ] && [ ${#PUPPETMASTER_PORTS[@]} -gt 1 ]; then
+         for ((i=0; i<${#PUPPETMASTER_PORTS[@]}; i++)); do
+             echo -en "Port ${PUPPETMASTER_PORTS[$i]}: "
+@@ -103,6 +103,10 @@ puppetmaster_status() {
+     return $RETVAL
+ }
+ 
++rh_status_q() {
++        rh_status >/dev/null 2>&1
++}
++
+ case "$1" in
+   start)
+ 	start
+@@ -114,10 +118,11 @@ case "$1" in
+         restart
+ 	;;
+   condrestart)
+-	[ -f "$lockfile" ] && restart
++	rh_status_q || exit 0
++	restart
+ 	;;
+   status)
+-    puppetmaster_status
++    rh_status
+ 	;;
+   genconfig)
+ 	genconfig
+-- 
+1.6.3.3
+

puppet-0.24.8-read-proc-mounts.patch

@@ -0,0 +1,36 @@
+From 0ce5b22a45d675de6969f3f5e5d4565be0a2d2d1 Mon Sep 17 00:00:00 2001
+From: Ricky Zhou <ricky@fedoraproject.org>
+Date: Sat, 11 Jul 2009 01:57:52 -0400
+Subject: [PATCH/puppet] Fix #1963 - Failing to read /proc/mounts for selinux kills file downloads
+
+This works around a linux kernel bug that causes a select() on
+/proc/mounts to hang.
+---
+ lib/puppet/util/selinux.rb |   10 ++++++++--
+ 1 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/lib/puppet/util/selinux.rb b/lib/puppet/util/selinux.rb
+index cd3b2ac..dc5daec 100644
+--- a/lib/puppet/util/selinux.rb
++++ b/lib/puppet/util/selinux.rb
+@@ -152,9 +152,15 @@ module Puppet::Util::SELinux
+ 
+     # Internal helper function to read and parse /proc/mounts
+     def read_mounts
++        mounts = ""
+         begin
+-            mountfh = File.open("/proc/mounts", NONBLOCK)
+-            mounts = mountfh.read
++            mountfh = File.open("/proc/mounts")
++            # We use read_nonblock() in a loop rather than read() to work-around
++            # a linux kernel bug.  See ticket #1963 for details.
++            while true
++                mounts += mountfh.read_nonblock(1024)
++            end
++        rescue EOFError
+             mountfh.close
+         rescue
+             return nil
+-- 
+1.6.3.3
+

puppet-0.24.8-rundir-perms.patch

@@ -0,0 +1,25 @@
+From f9ccc92662c53d9890e337d4e9f1629eb1ff650f Mon Sep 17 00:00:00 2001
+From: Jeroen van Meeuwen (Fedora Unity) <kanarip@fedoraunity.org>
+Date: Wed, 24 Jun 2009 15:19:01 +0200
+Subject: [PATCH/puppet 1/6] Simplest fix for #495096 as it applies to the Fedora based distributions using the Red Hat RPM. Story continues.
+
+---
+ lib/puppet/defaults.rb |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb
+index e36dd70..077faab 100644
+--- a/lib/puppet/defaults.rb
++++ b/lib/puppet/defaults.rb
+@@ -68,7 +68,7 @@ module Puppet
+         },
+         :rundir => { 
+             :default => rundir,
+-            :mode => 01777,
++            :mode => 0755,
+             :desc => "Where Puppet PID files are kept."
+         },
+         :genconfig => [false,
+-- 
+1.6.3.3
+

puppet-0.24.8-status-options.patch

@@ -0,0 +1,41 @@
+From ea04f2700ebdbac7c5abd263df1bbda9eee12097 Mon Sep 17 00:00:00 2001
+From: Todd Zullinger <tmz@pobox.com>
+Date: Fri, 3 Jul 2009 09:08:17 -0400
+Subject: [PATCH/puppet 1/2] conf/redhat/client.init: Fix #2123, status options on older RHEL
+
+On RHEL < 5, the status function does not accept a -p option.  Using it
+causes 'service puppet status' to produce erroneous output.  This was
+also reported by Aaron Dummer in Red Hat bug #501577.
+---
+ conf/redhat/client.init |    8 ++++++--
+ 1 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/conf/redhat/client.init b/conf/redhat/client.init
+index 44caab1..f40e81d 100644
+--- a/conf/redhat/client.init
++++ b/conf/redhat/client.init
+@@ -62,6 +62,11 @@ restart() {
+     start
+ }
+ 
++rh_status() {
++    status | grep -q -- '-p' 2>/dev/null && statusopts="-p $pidfile"
++    status $statusopts $puppetd
++}
++
+ genconfig() {
+   echo -n $"Generate configuration puppet: "
+   $puppetd ${PUPPET_OPTS} ${PUPPET_EXTRA_OPTS} --genconfig
+@@ -84,8 +89,7 @@ case "$1" in
+ 	[ -f "$pidfile" ] && restart
+ 	;;
+   status)
+-        status -p "$pidfile" $puppetd
+-        RETVAL=$?
++        rh_status
+ 	;;
+   once)
+         shift
+-- 
+1.6.3.3
+

puppet-0.24.8-supplementary-groups.patch

@@ -0,0 +1,74 @@
+From 2a401c6897af3abbc27dfaaf162556745267d6b2 Mon Sep 17 00:00:00 2001
+From: Jeroen van Meeuwen (Fedora Unity) <kanarip@fedoraunity.org>
+Date: Wed, 24 Jun 2009 15:30:19 +0200
+Subject: [PATCH/puppet 2/6] Support supplementary groups (Till Maas)
+
+---
+ lib/puppet/util.rb             |    5 +++--
+ lib/puppet/util/suidmanager.rb |   11 ++++++++++-
+ 2 files changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/lib/puppet/util.rb b/lib/puppet/util.rb
+index f8a8721..51a2a16 100644
+--- a/lib/puppet/util.rb
++++ b/lib/puppet/util.rb
+@@ -58,10 +58,11 @@ module Util
+             end
+             unless Puppet::Util::SUIDManager.uid == user
+                 begin
++                    Puppet::Util::SUIDManager.initgroups(user)
+                     Puppet::Util::SUIDManager.uid = user 
+                     Puppet::Util::SUIDManager.euid = user 
+-                rescue
+-                    $stderr.puts "could not change to user %s" % user
++                rescue => detail
++                    $stderr.puts "could not change to user %s: %s" % [user, detail]
+                     exit(74)
+                 end
+             end
+diff --git a/lib/puppet/util/suidmanager.rb b/lib/puppet/util/suidmanager.rb
+index b071dca..9f6e3b6 100644
+--- a/lib/puppet/util/suidmanager.rb
++++ b/lib/puppet/util/suidmanager.rb
+@@ -7,7 +7,7 @@ module Puppet::Util::SUIDManager
+     extend Forwardable
+ 
+     to_delegate_to_process = [ :euid=, :euid, :egid=, :egid,
+-                               :uid=, :uid, :gid=, :gid ]
++                               :uid=, :uid, :gid=, :gid, :groups=, :groups ]
+ 
+     to_delegate_to_process.each do |method|
+         def_delegator Process, method
+@@ -26,13 +26,16 @@ module Puppet::Util::SUIDManager
+         # We set both because some programs like to drop privs, i.e. bash.
+         old_uid, old_gid = self.uid, self.gid
+         old_euid, old_egid = self.euid, self.egid
++        old_groups = self.groups
+         begin
+             self.egid = convert_xid :gid, new_gid if new_gid
++            self.initgroups(convert_xid(:uid, new_uid)) if new_uid
+             self.euid = convert_xid :uid, new_uid if new_uid
+   
+             yield
+         ensure
+             self.euid, self.egid = old_euid, old_egid
++            self.groups = old_groups
+         end
+     end
+     module_function :asuser
+@@ -49,6 +52,12 @@ module Puppet::Util::SUIDManager
+     end
+     module_function :convert_xid
+ 
++    # Initialize supplementary groups
++    def initgroups(user)
++        require 'etc'
++        Process.initgroups(Etc.getpwuid(user).name, Process.gid)
++    end
++    module_function :initgroups
+ 
+     def run_and_capture(command, new_uid=nil, new_gid=nil)
+         output = Puppet::Util.execute(command, :failonfail => false, :uid => new_uid, :gid => new_gid)
+-- 
+1.6.3.3
+

puppet.spec

@@ -6,11 +6,25 @@
 
 Name:           puppet
 Version:        0.24.8
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        A network tool for managing many disparate systems
 License:        GPLv2+
 URL:            http://puppet.reductivelabs.com/
 Source0:        http://reductivelabs.com/downloads/puppet/%{name}-%{version}.tgz
+
+# https://bugzilla.redhat.com/495096
+Patch0:         puppet-0.24.8-rundir-perms.patch
+# https://bugzilla.redhat.com/475201
+Patch1:         puppet-0.24.8-supplementary-groups.patch
+# http://projects.reductivelabs.com/issues/1963
+Patch2:         puppet-0.24.8-read-proc-mounts.patch
+# https://bugzilla.redhat.com/501577
+Patch3:         puppet-0.24.8-status-options.patch
+# https://bugzilla.redhat.com/480600
+Patch4:         puppet-0.24.8-condrestart.patch
+# https://bugzilla.redhat.com/515728
+Patch5:         puppet-0.24.8-activerecord-test.patch
+
 Group:          System Environment/Base
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -24,10 +38,14 @@ Requires:       ruby(abi) = 1.8
 Requires:       ruby-shadow
 %endif
 
-# Pull in libselinux-ruby where it is available
-%if 0%{?fedora} >=9
+# Pull in ruby selinux bindings where available
+%if 0%{?fedora}
+%if 0%{?fedora} >= 12
+%{!?_without_selinux:Requires: ruby(selinux)}
+%else
 %{!?_without_selinux:Requires: libselinux-ruby}
 %endif
+%endif
 
 Requires:       facter >= 1.5
 Requires:       ruby >= 1.8.1
@@ -61,6 +79,15 @@ The server can also function as a certificate authority and file server.
 %prep
 %setup -q
 
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%if 0%{?fedora} >= 11
+%patch5 -p1
+%endif
+
 # Move puppetca, puppetd, and puppetmasterd to sbin
 mkdir sbin
 mv bin/puppet{ca,d,masterd} sbin/
@@ -75,6 +102,7 @@ done
 for f in external/nagios.rb network/http_server/mongrel.rb relationship.rb; do
   sed -i -e '1d' lib/puppet/$f
 done
+chmod +x ext/puppetstoredconfigclean.rb
 
 find examples/ -type f -empty | xargs rm
 find examples/ -type f | xargs chmod a-x
@@ -86,7 +114,7 @@ ruby install.rb --destdir=%{buildroot} --quick --no-rdoc
 install -d -m0755 %{buildroot}%{_sysconfdir}/puppet/manifests
 install -d -m0755 %{buildroot}%{_localstatedir}/lib/puppet
 install -d -m0755 %{buildroot}%{_localstatedir}/run/puppet
-install -d -m0755 %{buildroot}%{_localstatedir}/log/puppet
+install -d -m0750 %{buildroot}%{_localstatedir}/log/puppet
 install -Dp -m0644 %{confdir}/client.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/puppet
 install -Dp -m0755 %{confdir}/client.init %{buildroot}%{_initrddir}/puppet
 install -Dp -m0644 %{confdir}/server.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/puppetmaster
@@ -101,6 +129,12 @@ touch %{buildroot}%{_sysconfdir}/puppet/puppetmasterd.conf
 touch %{buildroot}%{_sysconfdir}/puppet/puppetca.conf
 touch %{buildroot}%{_sysconfdir}/puppet/puppetd.conf
 
+# Install the ext/ directory to %{_datadir}/%{name}
+install -d %{buildroot}%{_datadir}/%{name}
+cp -a ext/ %{buildroot}%{_datadir}/%{name}
+# emacs and vim bits are installed elsewhere
+rm -rf %{buildroot}%{_datadir}/%{name}/ext/{emacs,vim}
+
 # Install emacs mode files
 emacsdir=%{buildroot}%{_datadir}/emacs/site-lisp
 install -Dp -m0644 ext/emacs/puppet-mode.el $emacsdir/puppet-mode.el
@@ -114,7 +148,7 @@ install -Dp -m0644 ext/vim/syntax/puppet.vim $vimdir/syntax/puppet.vim
 
 %files
 %defattr(-, root, root, 0755)
-%doc CHANGELOG COPYING LICENSE README examples ext
+%doc CHANGELOG COPYING LICENSE README examples
 %{_bindir}/puppet
 %{_bindir}/ralsh
 %{_bindir}/filebucket
@@ -130,7 +164,8 @@ install -Dp -m0644 ext/vim/syntax/puppet.vim $vimdir/syntax/puppet.vim
 %config(noreplace) %{_sysconfdir}/logrotate.d/puppet
 # We don't want to require emacs or vim, so we need to own these dirs
 %{_datadir}/emacs
-%{_datadir}/vim/vimfiles
+%{_datadir}/vim
+%{_datadir}/%{name}
 # These need to be owned by puppet so the server can
 # write to them
 %attr(-, puppet, puppet) %{_localstatedir}/run/puppet
@@ -202,9 +237,23 @@ fi
 rm -rf %{buildroot}
 
 %changelog
+* Fri Aug 07 2009 Todd Zullinger <tmz@pobox.com> - 0.24.8-4
+- Fix status -p handling on older RHEL (#501577)
+- Fix condrestart when daemon's aren't running (#480600)
+- Fix timeout reading /proc/mounts (upstream #1963)
+- Fix permissions on /var/log/puppet (#495096)
+- Fix rails test for activerecord-2.3 (#515728)
+
 * Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.24.8-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
 
+* Wed Jun 24 2009 Jeroen van Meeuwen <kanarip@kanarip.com>
+- Fix permissions on /var/run/puppet/ (#495096)
+- Support initializing supplementary groups (#1806, #475201, Till Maas)
+- Own the correct vim directory
+- Move ext/ outside of doc datadir (rpmlint)
+- Require ruby(selinux) rather then libselinux-ruby (#507848)
+
 * Fri May 29 2009 Todd Zullinger <tmz@pobox.com> - 0.24.8-2
 - Make Augeas and SELinux requirements build time options
 - Install emacs mode and vim syntax files (#491437)