Fix dav_svn for Debian 10

[martijndegouw]

As far as I can tell Debian 10 still needs this work-around.

[puppet-community-rangefinder]

apache::mod::dav_svn is a class

that may have no external impact to Forge modules.

This module is declared in 175 of 576 indexed public Puppetfiles.

---

These results were generated with Rangefinder, a tool that helps predict the downstream impact of breaking changes to elements used in Puppet modules. You can run this on the command line to get a full report.

Exact matches are those that we can positively identify via namespace and the declaring modules' metadata. Non-namespaced items, such as Puppet 3.x functions, will always be reported as near matches only.

[ekohl]

This feels like a workaround on some older Debian versions while the newer ones behave as you would expect. Perhaps it should be checked which versions need this. I'd expect Ubuntu 20.04 behaves the same as Debian 10.

Then you would get to something like:

Suggested change

	if $::osfamily == 'Debian' and ! ($::operatingsystemmajrelease in ['6', '9', '10', '16.04', '18.04']) {
	if $::osfamily == 'Debian' and $::operatingsystemmajrelease in ['7', '8', '14.04'] {

Untested, but I think you get the idea.

[martijndegouw]

Yeah I got it. I also did found some patches from Debian for the dav_svn module which should fix this in the package itself, but the issue still reproduces on my Debian 10 testing machine.

[martijndegouw]

I just checked. The Debian 10 package has pretty similar word-around in mods-available/dav_svn.load, but that file is overwritten by this puppet module.

[ekohl]

I must admit I haven't looked at the dav_svn module for ages. Perhaps you can write an acceptance test for the module so we know it really works rather than guessing? That also gives the best chance against regressions.

[martijndegouw]

I will give a shot, It's not hard to reproduce since apache2 simply won't start when including apache::mod::dav_svn :D

[ekohl]

Exactly, those are the things that are fairly easy to test.

[martijndegouw]

Given the result of the acceptance test and looking at how Debian implemented their work-around it's safe to say that the whole version checking part of that if statement can be removed. Agreed?

[ekohl]

I think that makes sense but it's probably good to check with the actual maintainers.

[sanfrancrisko]

Thanks for the fix @martijndegouw and the assistance during the PR @ekohl . The test is great - allows us to check we haven't inadvertently stomp over some logic put in there for the older versions, as you said @ekohl .

[codecov-io]

Codecov Report

Merging #2135 (08fdb9b) into main (13f55bd) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #2135   +/-   ##
=======================================
  Coverage   56.36%   56.36%           
=======================================
  Files          12       12           
  Lines         220      220           
=======================================
  Hits          124      124           
  Misses         96       96           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8a67aa4...08fdb9b. Read the comment docs.

[ekohl]

Could you add an idempotency check to this?

[martijndegouw]

I’m not sure what you mean by this. Do you want to run the apply_manifest twice? To check if it fails/passes 2 times in a row?

[ekohl]

Copied from another module:

  it 'applies with no errors' do
    apply_manifest(pp, catch_failures: true)
  end

  it 'applies a second time without changes' do
    apply_manifest(pp, catch_changes: true)
  end

[martijndegouw]

Great, SLES 15 test is failing, on the exact same issue I have on my SLES server with the puppetlabs repo :/.
`Note: Signing data enables the recipient to verify that no modifications occurred after the data were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system and in extreme cases even to a system compromise.
Note: File 'repomd.xml' is the repositories master index file. It ensures the integrity of the whole repo.

Warning: This file was modified after it has been signed. This may have been a malicious change, so it might not be trustworthy anymore! You should not continue unless you know it's safe.

Signature verification failed for file 'repomd.xml' from repository 'Puppet 6 Nightly Repository sles 15 - x86_64'
`

[sanfrancrisko]

Great, SLES 15 test is failing, on the exact same issue I have on my SLES server with the puppetlabs repo :/.
`Note: Signing data enables the recipient to verify that no modifications occurred after the data were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system and in extreme cases even to a system compromise.
Note: File 'repomd.xml' is the repositories master index file. It ensures the integrity of the whole repo.

Warning: This file was modified after it has been signed. This may have been a malicious change, so it might not be trustworthy anymore! You should not continue unless you know it's safe.

Signature verification failed for file 'repomd.xml' from repository 'Puppet 6 Nightly Repository sles 15 - x86_64'
`

😞 Would this be a consistently reproducible error? Re-running seems to have gotten me past that issue now, but, if you're experiencing that pretty consistently, I'd like to get the issue raised with our Agent team to look in to.

[sanfrancrisko]

PR looks good, but there seems to be a unit test failure. I can't see why we wouldn't still generate a catalog with this File resource when your change is applied. Will have another look at it but just highlighting it here in case yourself or @ekohl figure it out before me.

[martijndegouw]

PR looks good, but there seems to be a unit test failure. I can't see why we wouldn't still generate a catalog with this File resource when your change is applied. Will have another look at it but just highlighting it here in case yourself or @ekohl figure it out before me.

Sorry, I misted that one. I've updated the unit test as well.

[david22swan]

@martijndegouw This PR looks good to me, thanks for putting in the work.