Use Puppet::Util::Execution for RubyGpg

[seanmil]

I don't know if this should be merged or not, but I am providing it at least as a reference for anyone else who might encounter this problem.

RubyGpg is used when Gpgme isn't available, which will always be the case for Puppetserver-based execution. However, when running from Puppetserver Puppet::Util::Execution.execute() should be used to invoke external commands and RubyGpg does not do that.

This patch basically monkeypatches RubyGpg so that Puppet::Util::Execution.execute() is used, which will address issues on Puppetserver deployments (particularly ones with large heap sizes).

Probably a better way to go about this would be some more fundamental changes so that RubyGpg isn't needed (and therefore doesn't need to be monkeypatched) but that was beyond the scope of what I was ready to take on.

Note that this patch modifies the command passed in with an appended tempfile path instead of passing the key in on stdin (which I feel would be a cleaner way of handling it) because of this Puppet bug: https://tickets.puppetlabs.com/browse/PUP-9304

[alexjfisher]

This fixes https://tickets.puppetlabs.com/browse/SERVER-2021 for me.

Thanks @seanmil!

[vchepkov]

Any chance of merging this and releasing a gem? Show-stopper for us with adopting puppet 6

[alexjfisher]

@sihil Hi! Are you able to look at this? If you've moved on from puppet and this project, perhaps Vox Pupuli could help with ongoing maintenance? Thanks.

[SimonHoenscheid]

@alexjfisher I would be happy to help to move this to Vox Pupuli. Any Reference what needs to be done to fulfill the Vox Pupuli quality standards?

[sihil]

Very keen to hand this over to vox pupuli. Did e-mail them a couple of times last year with no reply.

Apologies to all of you who have been blocked on this. I'm afraid I don't use this any more and find it hard to carve out this time. That said I'm super glad that others are still finding it useful!

In the short term I can merge this and publish a new gem but I don't know enough about puppet any more to understand whether this is likely to break earlier puppet versions that people are still using. If someone is up for volunteering to take over in the interim that would be marvellous. I'd need to see some evidence of other projects and community support to avoid accidentally wind up handing it over to someone malicious (e.g. https://snyk.io/blog/malicious-code-found-in-npm-package-event-stream/).

[lukebigum]

@sihil The commit history of @alexjfisher at https://github.com/alexjfisher should hopefully be enough evidence (and documents his Voxpupuli membership). Sorry to be hounding you, but I'm keenly interested in the merge because in my environment the patch from @seanmil does not quite fix the memory leak :-)

[alexjfisher]

@sihil Hi! Sorry for missing your email. Looking back through the archives, it looks like there was a reply, but only to the group. Oops!

https://groups.io/g/voxpupuli/message/212

Anyway... we'd be very happy to take this on. Are you able to join our IRC channel on freenode or the slack puppet community #voxpupuli channel so we can get this progressed?

Thanks, Alex

[alexjfisher]

@sihil The commit history of @alexjfisher at https://github.com/alexjfisher should hopefully be enough evidence (and documents his Voxpupuli membership).

Thanks for the vote of confidence and brightening my day! :)

@alexjfisher will now prove his VP allegiance by wielding his admin powers to invite @sihil :)

[sihil]

Hi @alexjfisher, @lukebigum et al,

Great! A shame that it got dropped. I've been on the other side of this enough times to be keenly aware that I've been a poor steward of this open source project and can only apologise to you all. I've joined the slack channel to progress and hopefully get this handed over and unblocked.

UPDATE: As the eagle eyed will see - this is now in the domain of voxpupuli and they can also publish gems.

[alexjfisher]

@seanmil Thanks!

For all those who've been waiting, Vox will try to get a release out of this in the very near future.

@sihil Thanks for the migration!