23019017 clone archives should remove sensitive puppet configuration data
23606517 mcollective default psk setting should be changeme
--- a/components/ruby/mcollective/patches/01-mco-client-config.patch Sun Sep 18 10:50:41 2016 -0700
+++ b/components/ruby/mcollective/patches/01-mco-client-config.patch Thu Sep 22 07:45:05 2016 -0700
@@ -3,12 +3,13 @@
The default port used to connect to RabbitMQ is 61613
Default user : 'mcollective' & passwd : 'changeme'
Change RabbitMQ to log to /dev/stderr, so it goes to the SMF log
+ Set the PSK type explicitly to UID and the default to 'changeme'
NOTE : This patch is developed in-house (and Solaris specific)
---- marionette-collective-2.8.8/etc/client.cfg.dist.orig 2016-04-20 09:42:43.785159244 -0700
-+++ marionette-collective-2.8.8/etc/client.cfg.dist 2016-04-20 12:07:58.755907466 -0700
-@@ -1,19 +1,26 @@
+--- marionette-collective-2.8.8/etc/client.cfg.dist.orig 2016-09-19 08:51:01.733783224 -0700
++++ marionette-collective-2.8.8/etc/client.cfg.dist 2016-09-19 08:51:34.482722348 -0700
+@@ -1,19 +1,27 @@
+#######################################################################
+# Oracle has modified the originally distributed contents of this file.
+#######################################################################
@@ -25,7 +26,9 @@
# Plugins
securityprovider = psk
- plugin.psk = unset
+-plugin.psk = unset
++plugin.psk = changeme
++plugin.psk.callertype = uid
-connector = activemq
-plugin.activemq.pool.size = 1
--- a/components/ruby/mcollective/patches/02-mco-server-config.patch Sun Sep 18 10:50:41 2016 -0700
+++ b/components/ruby/mcollective/patches/02-mco-server-config.patch Thu Sep 22 07:45:05 2016 -0700
@@ -3,12 +3,11 @@
The default port used to connect to RabbitMQ is 61613
Default user : 'mcollective' & passwd : 'changeme'
Change RabbitMQ to log to /dev/stderr, so it goes to the SMF log
-
-NOTE : This patch is developed in-house (and Solaris specific)
+ Set the PSK type explicitly to UID and the default to 'changeme'
---- marionette-collective-2.8.8/etc/server.cfg.dist.orig 2016-04-20 12:36:27.556854540 -0700
-+++ marionette-collective-2.8.8/etc/server.cfg.dist 2016-04-20 12:37:10.186932498 -0700
-@@ -1,7 +1,13 @@
+--- marionette-collective-2.8.8/etc/server.cfg.dist.orig 2016-09-19 08:51:05.719526817 -0700
++++ marionette-collective-2.8.8/etc/server.cfg.dist 2016-09-19 08:51:49.506159302 -0700
+@@ -1,20 +1,28 @@
+#######################################################################
+# Oracle has modified the originally distributed contents of this file.
+#######################################################################
@@ -24,9 +23,11 @@
loglevel = info
daemonize = 1
-@@ -9,12 +15,13 @@
+ # Plugins
securityprovider = psk
- plugin.psk = unset
+-plugin.psk = unset
++plugin.psk = changeme
++plugin.psk.callertype = uid
-connector = activemq
-plugin.activemq.pool.size = 1
--- a/components/ruby/puppet/puppet.p5m Sun Sep 18 10:50:41 2016 -0700
+++ b/components/ruby/puppet/puppet.p5m Thu Sep 22 07:45:05 2016 -0700
@@ -1341,8 +1341,10 @@
file path=usr/share/man/man8/puppet-secret_agent.8
file path=usr/share/man/man8/puppet-status.8
file path=usr/share/man/man8/puppet.8
-dir path=var/lib/puppet owner=puppet group=puppet mode=0755
-dir path=var/log/puppet owner=puppet group=puppet mode=0755
+dir path=var/lib/puppet owner=puppet group=puppet mode=0755 \
+ revert-tag=system:clone=*
+dir path=var/log/puppet owner=puppet group=puppet mode=0755 \
+ revert-tag=system:clone=*
license puppet.license license="Apache v2.0"
# globally applicable low level puppet modules we provide