Diffusion Puppetlabs - APT ab2e06b72f2b

MODULES-10548: make files readonly
ab2e06b72f2b
Actions

Tags

None

Subscribers

None

Description

MODULES-10548: make files readonly

Files created by the apt module are mode writable by the
owner. Because those files are managed by Puppet, they should really
not be writable by anyone, even root. While root can bypass those
warnings, having files readonly does provide an immediate and reliable
indication that a file should not be edited on site, on top of the
usual top of file warnings.

This also fixes a problem with sources.list.d being non-executable,
which Puppet seems to ignore, but seems better to keep consistent.

Details

Provenance

Antoine Beaupré <anarcat@debian.org>	Authored on Feb 12 2020, 8:23 PM
olasd	Pushed on Apr 1 2020, 10:50 AM

Parents

rSPAPTdcb71161ed8a: Merge pull request #905 from anarcat/no-release

Branches

Unknown

Tags

Unknown

Reverted By

rSPAPT316fd8f4dd1e: Revert "MODULES-10548: make files readonly"

Event Timeline

Antoine Beaupré <anarcat@debian.org> committed rSPAPTab2e06b72f2b: MODULES-10548: make files readonly (authored by Antoine Beaupré <anarcat@debian.org>).Feb 17 2020, 6:08 PM

Daniel Carabas <daniel.carabas@puppet.com> added a reverting change: rSPAPT316fd8f4dd1e: Revert "MODULES-10548: make files readonly".Apr 1 2020, 10:50 AM

Antoine Beaupré <anarcat@debian.org> mentioned this in rSPAPT4d8b3e11f857: do not specify file modes unless relevant.Apr 1 2020, 10:50 AM

Changes (5)

Path

Size

manifests/

spec/

classes/

defines/

setting_spec.rb

rSPAPTab2e06b72f2b

manifests/init.pp

Loading...

manifests/setting.pp

Loading...

spec/classes/apt_spec.rb

Loading...

spec/defines/conf_spec.rb

Loading...

spec/defines/setting_spec.rb

Loading...