From ab70ecea9045b928b646741975558ec8b0d54149 Mon Sep 17 00:00:00 2001
From: Joshua Hoblitt <jhoblitt@cpan.org>
Date: Fri, 28 Feb 2014 15:25:53 -0700
Subject: [PATCH] yet another attempt to work around exec umask issues

---
 manifests/add_cert_and_key.pp                 | 32 +++++++++++++------
 .../defines/nsstools_add_cert_and_key_spec.rb |  4 +--
 2 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/manifests/add_cert_and_key.pp b/manifests/add_cert_and_key.pp
index 6d5fc59..8ed5d68 100644
--- a/manifests/add_cert_and_key.pp
+++ b/manifests/add_cert_and_key.pp
@@ -38,16 +38,28 @@
   # downcase and change spaces into _s
   $pkcs12_name = downcase(regsubst("${nickname}.p12", '[\s]', '_', 'GM'))
 
-  # the exec type in older versions of puppet don't support the umask param so
-  # we have to inline it in the command string
-  exec {"generate_pkcs12_${title}":
-    command   => "umask 7077 && /usr/bin/openssl pkcs12 -export -in ${cert} -inkey ${key} -password 'file:${certdir}/nss-password.txt' -out '${certdir}/${pkcs12_name}' -name '${nickname}'",
-    creates   => "${certdir}/${pkcs12_name}",
-    subscribe => File["${certdir}/nss-password.txt"],
-    require   => [
-      Nsstools::Create[$certdir],
-      Class['nsstools'],
-    ],
+  # the exec type in older versions of puppet don't support the umask param
+  if versioncmp($::puppetversion, '3.4.0') >= 0 {
+    exec {"generate_pkcs12_${title}":
+      command   => "/usr/bin/openssl pkcs12 -export -in ${cert} -inkey ${key} -password 'file:${certdir}/nss-password.txt' -out '${certdir}/${pkcs12_name}' -name '${nickname}'",
+      creates   => "${certdir}/${pkcs12_name}",
+      subscribe => File["${certdir}/nss-password.txt"],
+      umask     => '7077',
+      require   => [
+        Nsstools::Create[$certdir],
+        Class['nsstools'],
+      ],
+    }
+  } else {
+    exec {"generate_pkcs12_${title}":
+      command   => "/usr/bin/openssl pkcs12 -export -in ${cert} -inkey ${key} -password 'file:${certdir}/nss-password.txt' -out '${certdir}/${pkcs12_name}' -name '${nickname}'",
+      creates   => "${certdir}/${pkcs12_name}",
+      subscribe => File["${certdir}/nss-password.txt"],
+      require   => [
+        Nsstools::Create[$certdir],
+        Class['nsstools'],
+      ],
+    }
   }
 
   exec { "add_pkcs12_${title}":
diff --git a/spec/defines/nsstools_add_cert_and_key_spec.rb b/spec/defines/nsstools_add_cert_and_key_spec.rb
index 5ee7814..2e61187 100644
--- a/spec/defines/nsstools_add_cert_and_key_spec.rb
+++ b/spec/defines/nsstools_add_cert_and_key_spec.rb
@@ -16,7 +16,7 @@
     context 'generate_pkcs12' do
       it do
         should contain_exec('generate_pkcs12_Server-Cert').with(
-          :command   => "umask 7077 && /usr/bin/openssl pkcs12 -export -in /tmp/server.cert -inkey /tmp/server.key -password 'file:/dne/nss-password.txt' -out '/dne/server-cert.p12' -name 'Server-Cert'",
+          :command   => "/usr/bin/openssl pkcs12 -export -in /tmp/server.cert -inkey /tmp/server.key -password 'file:/dne/nss-password.txt' -out '/dne/server-cert.p12' -name 'Server-Cert'",
           :require   => [
             'Nsstools::Create[/dne]',
             'Class[Nsstools]'
@@ -58,7 +58,7 @@
     context 'generate_pkcs12' do
       it do
         should contain_exec('generate_pkcs12_foo').with(
-          :command   => "umask 7077 && /usr/bin/openssl pkcs12 -export -in /tmp/server.cert -inkey /tmp/server.key -password 'file:/dne/nss-password.txt' -out '/dne/server-cert.p12' -name 'Server-Cert'",
+          :command   => "/usr/bin/openssl pkcs12 -export -in /tmp/server.cert -inkey /tmp/server.key -password 'file:/dne/nss-password.txt' -out '/dne/server-cert.p12' -name 'Server-Cert'",
           :require   => [
             'Nsstools::Create[/dne]',
             'Class[Nsstools]'