Could not match *** LOCAL GEMS *** when /tmp set to noexec

[GeoffWilliams]

Overview

When /tmp is mounted noexec, users will running puppet agent -t will begin to receive a disconcerting error message from facter on every puppet run.

Expected result

Mounting /tmp as noexec is recommended by the OS vendor and many independent hardening guides. Puppet should work without error or warning in such environments.

Actual result

Users receive a warning message on every puppet run:

[root@localhost tmp]# puppet facts > /dev/null
Warning: Could not match *** LOCAL GEMS ***

Analysis

The error is caused by the puppetserver gem list command outputting *** LOCAL GEMS *** when executed, in spite of the notes in the gem provider's gemsplit function:

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/package/gem.rb

  def self.gemsplit(desc)
    # `gem list` when output console has a line like:
    # *** LOCAL GEMS ***
    # but when it's not to the console that line
    # and all blank lines are stripped
    # so we don't need to check for them

Invoking puppetserver gem list on the commandline also gives another message about stty that doesn't seem to impact things:

[root@localhost puppetserver_gem]# puppetserver gem list
io/console on JRuby shells out to stty for most operations

*** LOCAL GEMS ***

To fix the error, we just need to reject the *** LOCAL GEMS *** message and lines consisting of only whitespace in the module's provider.

User impact

Annoying message

Workaround

Hotfix

[tkishel]

@GeoffWilliams This should have been fixed by #24 ...

https://github.com/puppetlabs/puppetlabs-puppetserver_gem/blob/master/lib/puppet/provider/package/puppetserver_gem.rb#L60

Could you verify this with Version 1.1.0 from the Forge?

[tkishel]

Fixed by 24