CentOS 8: Fix puppet command error

When executing the puppet command, report error '/usr/share/ruby/vendor_ruby/puppet/util/ monkey_patches.rb:104:in `<class:SSLContext>': undefined method `<<' for nil:NilClass (NoMethodError)' Refer to https://github.com/puppetlabs/puppet/pull/5911/files, fix puppet command execution failure Story: 2006729 Task: 40302 Change-Id: I95496cd42e1d524486a9cd277e6468cd125b28aa Signed-off-by: Dongqi Chen <chen.dq@neusoft.com>
2020-07-09 17:31:31 +08:00 · 2020-07-09 17:31:31 +08:00 · 3f074c2d19
commit 3f074c2d19
parent 018a0afba7
3 changed files with 73 additions and 0 deletions
--- a/config/puppet-4.8.2/centos/meta_patches/0002-Skip-cipher-monkey-patch-on-ruby-2.4.patch
+++ b/config/puppet-4.8.2/centos/meta_patches/0002-Skip-cipher-monkey-patch-on-ruby-2.4.patch
@ -0,0 +1,33 @@
+From 2da0c51f8b282a9d285424047b3e33dcae230681 Mon Sep 17 00:00:00 2001
+From: Dongqi Chen <chen.dq@neusoft.com>
+Date: Thu, 9 Jul 2020 16:52:12 +0800
+Subject: [PATCH] Skip cipher monkey patch on ruby 2.4+
+
+Signed-off-by: Dongqi Chen <chen.dq@neusoft.com>
+---
+ SPECS/puppet.spec | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/SPECS/puppet.spec b/SPECS/puppet.spec
+index 6c965d0..ce87eec 100644
+--- a/SPECS/puppet.spec
+++ b/SPECS/puppet.spec
+@@ -39,6 +39,7 @@ Patch1002:      1002-Set-hasstatus-to-false-by-default.patch
+ Patch1003:      1003-Update-getpid-function.patch
+ Patch1004:      1004-Block-enabling-of-services.patch
+ Patch1005:      1005-Set-strict_variables-and-basemodulepath-in-puppet.co.patch
+Patch1006:      1006-Skip-cipher-monkey-patch-on-ruby-2.4.patch
+ 
+ 
+ Group:          System Environment/Base
+@@ -134,6 +135,7 @@ The server can also function as a certificate authority and file server.
+ %patch1003 -p1
+ %patch1004 -p1
+ %patch1005 -p1
+%patch1006 -p1
+ 
+ 
+ # Unbundle
+-- 
+2.7.4
+
--- a/config/puppet-4.8.2/centos/meta_patches/PATCH_ORDER
+++ b/config/puppet-4.8.2/centos/meta_patches/PATCH_ORDER
@ -1,2 +1,3 @@
 0000-Update-package-versioning-for-TIS-format.patch
 0001-Add-WRS-Patches.patch
+0002-Skip-cipher-monkey-patch-on-ruby-2.4.patch
--- a/config/puppet-4.8.2/centos/patches/1006-Skip-cipher-monkey-patch-on-ruby-2.4.patch
+++ b/config/puppet-4.8.2/centos/patches/1006-Skip-cipher-monkey-patch-on-ruby-2.4.patch
@ -0,0 +1,39 @@
+From fc7c1aaf60062746d463de97d5d0c2bee7fb7199 Mon Sep 17 00:00:00 2001
+From: Josh Cooper <josh@puppet.com>
+Date: Tue May 16 15:47:04 2017 -0700
+Subject: [PATCH] (PUP-7383) Skip cipher monkey patch on ruby 2.4+
+
+[commit fc7c1aaf60062746d463de97d5d0c2bee7fb7199]
+https://github.com/puppetlabs/puppet/pull/5911/commits/fc7c1aaf60062746d463de97d5d0c2bee7fb7199
+
+Previously, we appended "!SSLv2" to the SSLContext
+DEFAULT_PARAMS[:ciphers] to ensure that puppet never uses SSLv2, either
+from our http client or when using open-uri. However, ruby 2.4 only
+defines the `:ciphers` array if using openssl < 1.1.0[1]. As a result,
+puppet as a gem running on newer systems would hard fail.
+
+Check existence of array before trying to append to it.
+
+Signed-off-by: Dongqi Chen <chen.dq@neusoft.com>
+---
+ lib/puppet/util/monkey_patches.rb | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/lib/puppet/util/monkey_patches.rb b/lib/puppet/util/monkey_patches.rb
+index 0632ccc..8ba6587 100644
+--- a/lib/puppet/util/monkey_patches.rb
+++ b/lib/puppet/util/monkey_patches.rb
+@@ -101,7 +101,9 @@ class OpenSSL::SSL::SSLContext
+   else
+     DEFAULT_PARAMS[:options] = OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3
+   end
+-  DEFAULT_PARAMS[:ciphers] << ':!SSLv2'
+  if DEFAULT_PARAMS[:ciphers]
+    DEFAULT_PARAMS[:ciphers] << ':!SSLv2'
+  end
+ 
+   alias __original_initialize initialize
+   private :__original_initialize
+-- 
+2.7.4
+