From 7f97a76f4682a7c1d5bfbbc3cd5a6dd9523b1d96 Mon Sep 17 00:00:00 2001
From: Hunter Haugen <hunter@puppetlabs.com>
Date: Wed, 13 May 2015 15:39:01 -0700
Subject: (MODULES-821) Don't use /tmp

Very often /tmp is mounted noexec for security reasons related to it
being writable by all users. This stopped vcsrepo's git provider from
working.

This pull request uses puppet's statedir as it is not writable by all
users and is a good candidate for transient state like the git
provider's identity script for the $GIT_SSH command.

An alternative in the future that wouldn't require a temporary file is
to set $GIT_SSH_COMMAND instead of $GIT_SSH, except this was added in
git 2.3 and is too new to depend on.
---
 lib/puppet/provider/vcsrepo/git.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/puppet/provider/vcsrepo/git.rb b/lib/puppet/provider/vcsrepo/git.rb
index 8101253..44e4d04 100644
--- a/lib/puppet/provider/vcsrepo/git.rb
+++ b/lib/puppet/provider/vcsrepo/git.rb
@@ -418,7 +418,7 @@ Puppet::Type.type(:vcsrepo).provide(:git, :parent => Puppet::Provider::Vcsrepo)
   # @!visibility private
   def git_with_identity(*args)
     if @resource.value(:identity)
-      Tempfile.open('git-helper') do |f|
+      Tempfile.open('git-helper', Puppet[:statedir]) do |f|
         f.puts '#!/bin/sh'
         f.puts "exec ssh -oStrictHostKeyChecking=no -oPasswordAuthentication=no -oKbdInteractiveAuthentication=no -oChallengeResponseAuthentication=no -oConnectTimeout=120 -i #{@resource.value(:identity)} $*"
         f.close
-- 
cgit v1.2.3