From 6718d9e8c7aaafa9710e57a4a861cad02634c79d Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 18 Mar 2017 20:28:21 +0100
Subject: [PATCH] do check for boolean value of true instead of stringified
 version

---
 modules/apache2/templates/puppet-config.erb            |  2 +-
 modules/exim/templates/eximconf.erb                    | 10 +++++-----
 modules/onion/templates/torrc-header.erb               |  2 +-
 modules/roles/templates/syncproxy/rsyncd.conf.erb      |  8 ++++----
 .../syncproxy/syncproxy.debian.org-apache.erb          |  2 +-
 .../syncproxy/syncproxy.debian.org-index.html.erb      |  2 +-
 modules/schroot/templates/schroot-buildd/fstab.erb     |  2 +-
 modules/ssh/templates/sshd_config.erb                  |  2 +-
 8 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/modules/apache2/templates/puppet-config.erb b/modules/apache2/templates/puppet-config.erb
index 3a7134d45..7edde691c 100644
--- a/modules/apache2/templates/puppet-config.erb
+++ b/modules/apache2/templates/puppet-config.erb
@@ -10,7 +10,7 @@
     SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!eNULL:!LOW:!MD5:!EXP:!RC4:!SEED:!DSS
   <% end -%>
 
-  <%- if has_variable?("apache2deb9") && @apache2deb9 == "true" -%>
+  <%- if has_variable?("apache2deb9") && @apache2deb9 -%>
     SSLUseStapling On
 
     # the default size is 32k, but we make it 1M.
diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index 93ec70865..1c8dcf0ea 100644
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -211,7 +211,7 @@ queue_only_load = 8
 <%- end -%>
 queue_list_requires_admin = false
 
-<%- if has_variable?("clamd") && @clamd == "true" -%>
+<%- if has_variable?("clamd") && @clamd -%>
 av_scanner = clamd:/var/run/clamav/clamd.ctl
 <%- end -%>
 
@@ -663,7 +663,7 @@ check_recipient:
           ratelimit      = 10 / 60m / per_rcpt / $sender_host_address
           message        = slow down (no reverse dns, mismatched ehlo, dialup, or in blacklists)
 
-<%- if has_variable?("policydweight") && @policydweight == "true" -%>
+<%- if has_variable?("policydweight") && @policydweight -%>
   # Check with policyd-weight - this only works with a version after etch's,
   # sadly.  etch's version attempts to hold the socket open, since that's what
   # postfix expects.  Exim, on the other hand, expects the remote side to close
@@ -734,7 +734,7 @@ check_recipient:
 
 
 <%- end -%>
-<%- if has_variable?("greylistd") && @greylistd == "true" -%>
+<%- if has_variable?("greylistd") && @greylistd -%>
   defer
     message  = $sender_host_address is not yet authorized to deliver mail from <$sender_address> to <$local_part@$domain>.
     log_message = greylisted.
@@ -759,7 +759,7 @@ check_recipient:
                                   $local_part@$domain}\
                                  {5s}{}{false}}
 
-<%- elsif has_variable?("postgrey") && @postgrey == "true" -%>
+<%- elsif has_variable?("postgrey") && @postgrey -%>
   # next three are greylisting, inspired by http://www.bebt.de/blog/debian/archives/2006/07/30/T06_12_27/index.html
   # this adds acl_m_grey if there isn't one (so unique per message)
   warn
@@ -956,7 +956,7 @@ check_message:
           condition       = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
 	  message         = Your mailer is not RFC 2047 compliant: message rejected
 
-<%- if has_variable?("clamd") && @clamd == "true" -%>
+<%- if has_variable?("clamd") && @clamd -%>
   discard condition       = ${if eq {$acl_m_prf}{blackhole}}
           demime          = *
           malware         = */defer_ok
diff --git a/modules/onion/templates/torrc-header.erb b/modules/onion/templates/torrc-header.erb
index 845adbfd9..5d5b32840 100644
--- a/modules/onion/templates/torrc-header.erb
+++ b/modules/onion/templates/torrc-header.erb
@@ -1,7 +1,7 @@
 SocksPort 0
 Log notice syslog
 
-<%- if has_variable?("tor_ge_0_2_9") && tor_ge_0_2_9 == "true" -%>
+<%- if has_variable?("tor_ge_0_2_9") && tor_ge_0_2_9 -%>
 #HiddenServiceSingleHopMode 1
 #HiddenServiceNonAnonymousMode 1
 <%- end -%>
diff --git a/modules/roles/templates/syncproxy/rsyncd.conf.erb b/modules/roles/templates/syncproxy/rsyncd.conf.erb
index d27bcc487..101716494 100644
--- a/modules/roles/templates/syncproxy/rsyncd.conf.erb
+++ b/modules/roles/templates/syncproxy/rsyncd.conf.erb
@@ -14,7 +14,7 @@ strict modes = false
 
 [debian]
   path = /srv/mirrors/debian/
-<%- unless has_variable?("has_srv_mirrors_debian") && has_srv_mirrors_debian == "true" -%>
+<%- unless has_variable?("has_srv_mirrors_debian") && has_srv_mirrors_debian -%>
   list = no
 <%- end -%>
   comment = Debian archive (contact mirrors@debian.org for access; see https://www.debian.org/mirror/size for size)
@@ -23,7 +23,7 @@ strict modes = false
 
 [debian-debug]
   path = /srv/mirrors/debian-debug/
-<%- unless has_variable?("has_srv_mirrors_debian_debug") && has_srv_mirrors_debian_debug == "true" -%>
+<%- unless has_variable?("has_srv_mirrors_debian_debug") && has_srv_mirrors_debian_debug -%>
   list = no
 <%- end -%>
   comment = Debug packages for Debian archive (contact mirrors@debian.org for access)
@@ -32,7 +32,7 @@ strict modes = false
 
 [debian-ports]
   path = /srv/mirrors/debian-ports/
-<%- unless has_variable?("has_srv_mirrors_debian_debug") && has_srv_mirrors_debian_debug == "true" -%>
+<%- unless has_variable?("has_srv_mirrors_debian_debug") && has_srv_mirrors_debian_debug -%>
   list = no
 <%- end -%>
   comment = Debian ports archive (contact mirrors@debian.org for access)
@@ -41,7 +41,7 @@ strict modes = false
 
 [debian-security]
   path = /srv/mirrors/debian-security/
-<%- unless has_variable?("has_srv_mirrors_debian_security") && has_srv_mirrors_debian_security == "true" -%>
+<%- unless has_variable?("has_srv_mirrors_debian_security") && has_srv_mirrors_debian_security -%>
   list = no
 <%- end -%>
   comment = Debian security archive (contact mirrors@debian.org for access)
diff --git a/modules/roles/templates/syncproxy/syncproxy.debian.org-apache.erb b/modules/roles/templates/syncproxy/syncproxy.debian.org-apache.erb
index de01c02a5..690ab30cd 100644
--- a/modules/roles/templates/syncproxy/syncproxy.debian.org-apache.erb
+++ b/modules/roles/templates/syncproxy/syncproxy.debian.org-apache.erb
@@ -35,7 +35,7 @@ lines.join("\n")
 lines = []
 %w{debian debian-debug debian-ports debian-security}.each do |archive|
   varname = 'has_srv_mirrors_' + archive.gsub(/[\/-]/,'_')
-  if has_variable?(varname) and (eval(varname)) == 'true'
+  if has_variable?(varname) and (eval(varname))
     lines << "  Alias /#{archive}/project/trace/ /srv/mirrors/#{archive}/project/trace/"
     lines << "  <Directory /srv/mirrors/#{archive}/project/trace/>"
     lines << "    Require all granted"
diff --git a/modules/roles/templates/syncproxy/syncproxy.debian.org-index.html.erb b/modules/roles/templates/syncproxy/syncproxy.debian.org-index.html.erb
index 062731ee9..876577f2a 100644
--- a/modules/roles/templates/syncproxy/syncproxy.debian.org-index.html.erb
+++ b/modules/roles/templates/syncproxy/syncproxy.debian.org-index.html.erb
@@ -20,7 +20,7 @@ This syncproxy contains copies of the following archives.
 lines = []
 %w{debian debian-debug debian-ports debian-security}.each do |archive|
   varname = 'has_srv_mirrors_' + archive.gsub(/[\/-]/,'_')
-  if has_variable?(varname) and (eval(varname)) == 'true'
+  if has_variable?(varname) and (eval(varname))
     lines << "<li>#{archive} [<a href=\"/#{archive}/project/trace/\">trace directory</a>]</li>"
   end
 end
diff --git a/modules/schroot/templates/schroot-buildd/fstab.erb b/modules/schroot/templates/schroot-buildd/fstab.erb
index 56a87563e..a9836697a 100644
--- a/modules/schroot/templates/schroot-buildd/fstab.erb
+++ b/modules/schroot/templates/schroot-buildd/fstab.erb
@@ -18,7 +18,7 @@ dev		/dev/fd		fdescfs	rw		0	0
 /dev/pts	/dev/pts	none	rw,bind		0	0
 tmpfs-shm	/dev/shm	tmpfs	defaults,size=64m	0 0
 
-<%- if has_variable?("has_srv_build_trees") && has_srv_build_trees == "true" -%>
+<%- if has_variable?("has_srv_build_trees") && has_srv_build_trees -%>
 /srv/build-trees	/build	none	rw,bind		0	0
 
 <% end %>
diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb
index 7a8ff877c..d2ad6b37c 100644
--- a/modules/ssh/templates/sshd_config.erb
+++ b/modules/ssh/templates/sshd_config.erb
@@ -24,7 +24,7 @@ extraports
 Protocol 2
 # HostKeys for protocol version 2
 HostKey /etc/ssh/ssh_host_rsa_key
-<%- if has_variable?("has_etc_ssh_ssh_host_ed25519_key") && @has_etc_ssh_ssh_host_ed25519_key == "true" -%>
+<%- if has_variable?("has_etc_ssh_ssh_host_ed25519_key") && @has_etc_ssh_ssh_host_ed25519_key -%>
 HostKey /etc/ssh/ssh_host_ed25519_key
 <% end %>
 #Privilege Separation is turned on for security
-- 
2.20.1