Compare commits
No commits in common. "master" and "6.7" have entirely different histories.
277 changed files with 1543 additions and 9264 deletions
2
.gitattributes
vendored
2
.gitattributes
vendored
|
@ -4,5 +4,5 @@
|
||||||
docs/speeches export-ignore
|
docs/speeches export-ignore
|
||||||
docs/video export-ignore
|
docs/video export-ignore
|
||||||
docs/src/man7 export-ignore
|
docs/src/man7 export-ignore
|
||||||
bin/cdist-build-helper export-ignore
|
bin/build-helper export-ignore
|
||||||
README-maintainers export-ignore
|
README-maintainers export-ignore
|
||||||
|
|
|
@ -1,23 +1,20 @@
|
||||||
---
|
|
||||||
image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest
|
|
||||||
|
|
||||||
stages:
|
stages:
|
||||||
- test
|
- test
|
||||||
|
|
||||||
before_script:
|
image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest
|
||||||
- ./bin/cdist-build-helper version
|
|
||||||
|
|
||||||
shellcheck:
|
|
||||||
stage: test
|
|
||||||
script:
|
|
||||||
- ./bin/cdist-build-helper shellcheck
|
|
||||||
|
|
||||||
pycodestyle:
|
|
||||||
stage: test
|
|
||||||
script:
|
|
||||||
- ./bin/cdist-build-helper pycodestyle
|
|
||||||
|
|
||||||
unit_tests:
|
unit_tests:
|
||||||
stage: test
|
stage: test
|
||||||
script:
|
script:
|
||||||
- ./bin/cdist-build-helper test
|
- ./bin/build-helper version
|
||||||
|
- ./bin/build-helper test
|
||||||
|
|
||||||
|
pycodestyle:
|
||||||
|
stage: test
|
||||||
|
script:
|
||||||
|
- ./bin/build-helper pycodestyle
|
||||||
|
|
||||||
|
shellcheck:
|
||||||
|
stage: test
|
||||||
|
script:
|
||||||
|
- ./bin/build-helper shellcheck
|
||||||
|
|
10
Makefile
10
Makefile
|
@ -35,9 +35,9 @@ DOCS_SRC_DIR=./docs/src
|
||||||
SPEECHDIR=./docs/speeches
|
SPEECHDIR=./docs/speeches
|
||||||
TYPEDIR=./cdist/conf/type
|
TYPEDIR=./cdist/conf/type
|
||||||
|
|
||||||
SPHINXM=$(MAKE) -C $(DOCS_SRC_DIR) man
|
SPHINXM=make -C $(DOCS_SRC_DIR) man
|
||||||
SPHINXH=$(MAKE) -C $(DOCS_SRC_DIR) html
|
SPHINXH=make -C $(DOCS_SRC_DIR) html
|
||||||
SPHINXC=$(MAKE) -C $(DOCS_SRC_DIR) clean
|
SPHINXC=make -C $(DOCS_SRC_DIR) clean
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
# Manpages
|
# Manpages
|
||||||
|
@ -81,7 +81,7 @@ version:
|
||||||
}
|
}
|
||||||
|
|
||||||
# Manpages #3: generic part
|
# Manpages #3: generic part
|
||||||
man: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF)
|
man: version $(MANTYPES) $(DOCSREF)
|
||||||
$(SPHINXM)
|
$(SPHINXM)
|
||||||
|
|
||||||
html: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF)
|
html: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF)
|
||||||
|
@ -104,7 +104,7 @@ DOTMANTYPES=$(subst /man.rst,.rst,$(DOTMANTYPEPREFIX))
|
||||||
$(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst
|
$(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst
|
||||||
ln -sf "$^" $@
|
ln -sf "$^" $@
|
||||||
|
|
||||||
dotman: version configskel $(DOTMANTYPES) $(DOCSREF) $(DOCSTYPESREF)
|
dotman: version $(DOTMANTYPES)
|
||||||
$(SPHINXM)
|
$(SPHINXM)
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
Maintainers should use ./bin/cdist-build-helper script.
|
Maintainers should use ./bin/build-helper script.
|
||||||
|
|
||||||
Makefile is intended for end users. It can be used for non-maintaining
|
Makefile is intended for end users. It can be used for non-maintaining
|
||||||
targets that can be run from pure source (without git repository).
|
targets that can be run from pure source (without git repository).
|
||||||
|
|
|
@ -24,8 +24,8 @@ For community-maintained types there is
|
||||||
|
|
||||||
## Participating
|
## Participating
|
||||||
|
|
||||||
IRC: ``#cdist`` @ [libera](https://libera.chat)
|
IRC: ``#cdist`` @ freenode
|
||||||
|
|
||||||
Matrix: ``#cdist:ungleich.ch``
|
Matrix: ``#cdist:ungleich.ch``
|
||||||
|
|
||||||
Matrix and IRC are bridged.
|
Mattermost: https://chat.ungleich.ch/ungleich/channels/cdist
|
||||||
|
|
|
@ -45,7 +45,7 @@ usage() {
|
||||||
shellcheck-manifests
|
shellcheck-manifests
|
||||||
shellcheck-local-gencodes
|
shellcheck-local-gencodes
|
||||||
shellcheck-remote-gencodes
|
shellcheck-remote-gencodes
|
||||||
shellcheck-bin
|
shellcheck-scripts
|
||||||
shellcheck-gencodes
|
shellcheck-gencodes
|
||||||
shellcheck-types
|
shellcheck-types
|
||||||
shellcheck
|
shellcheck
|
||||||
|
@ -100,7 +100,7 @@ case "$option" in
|
||||||
if (\$0 ~ /^$end/) {
|
if (\$0 ~ /^$end/) {
|
||||||
exit
|
exit
|
||||||
} else {
|
} else {
|
||||||
print \$0
|
print \$0
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}" "$basedir/docs/changelog"
|
}" "$basedir/docs/changelog"
|
||||||
|
@ -135,7 +135,7 @@ case "$option" in
|
||||||
|
|
||||||
version=$1; shift
|
version=$1; shift
|
||||||
|
|
||||||
(
|
(
|
||||||
cat << eof
|
cat << eof
|
||||||
Subject: cdist $version has been released
|
Subject: cdist $version has been released
|
||||||
|
|
||||||
|
@ -336,7 +336,7 @@ eof
|
||||||
make docs-clean
|
make docs-clean
|
||||||
make docs
|
make docs
|
||||||
|
|
||||||
#############################################################
|
#############################################################
|
||||||
# Everything green, let's do the release
|
# Everything green, let's do the release
|
||||||
|
|
||||||
# Tag the current commit
|
# Tag the current commit
|
||||||
|
@ -371,6 +371,7 @@ eof
|
||||||
Manual steps post release:
|
Manual steps post release:
|
||||||
- cdist-web
|
- cdist-web
|
||||||
- send generated mailinglist.tmp mail
|
- send generated mailinglist.tmp mail
|
||||||
|
- twitter
|
||||||
eof
|
eof
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
@ -405,7 +406,7 @@ eof
|
||||||
;;
|
;;
|
||||||
|
|
||||||
pycodestyle|pep8)
|
pycodestyle|pep8)
|
||||||
pycodestyle "${basedir}" "${basedir}/bin/cdist"
|
pycodestyle "${basedir}" "${basedir}/scripts/cdist"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
check-pycodestyle)
|
check-pycodestyle)
|
||||||
|
@ -460,34 +461,27 @@ eof
|
||||||
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
|
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
|
||||||
;;
|
;;
|
||||||
|
|
||||||
# NOTE: shellcheck-scripts is kept for compatibility
|
shellcheck-scripts)
|
||||||
shellcheck-bin|shellcheck-scripts)
|
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
${SHELLCHECKCMD} bin/cdist-dump bin/cdist-new-type > "${SHELLCHECKTMP}"
|
${SHELLCHECKCMD} scripts/cdist-dump scripts/cdist-new-type > "${SHELLCHECKTMP}"
|
||||||
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
|
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
|
||||||
;;
|
;;
|
||||||
|
|
||||||
shellcheck-gencodes)
|
shellcheck-gencodes)
|
||||||
errors=false
|
"$0" shellcheck-local-gencodes || exit 1
|
||||||
"$0" shellcheck-local-gencodes || errors=true
|
"$0" shellcheck-remote-gencodes || exit 1
|
||||||
"$0" shellcheck-remote-gencodes || errors=true
|
|
||||||
! $errors || exit 1
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
shellcheck-types)
|
shellcheck-types)
|
||||||
errors=false
|
"$0" shellcheck-type-explorers || exit 1
|
||||||
"$0" shellcheck-type-explorers || errors=true
|
"$0" shellcheck-manifests || exit 1
|
||||||
"$0" shellcheck-manifests || errors=true
|
"$0" shellcheck-gencodes || exit 1
|
||||||
"$0" shellcheck-gencodes || errors=true
|
|
||||||
! $errors || exit 1
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
shellcheck)
|
shellcheck)
|
||||||
errors=false
|
"$0" shellcheck-global-explorers || exit 1
|
||||||
"$0" shellcheck-global-explorers || errors=true
|
"$0" shellcheck-types || exit 1
|
||||||
"$0" shellcheck-types || errors=true
|
"$0" shellcheck-scripts || exit 1
|
||||||
"$0" shellcheck-bin || errors=true
|
|
||||||
! $errors || exit 1
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
shellcheck-type-files)
|
shellcheck-type-files)
|
||||||
|
@ -497,14 +491,12 @@ eof
|
||||||
;;
|
;;
|
||||||
|
|
||||||
shellcheck-with-files)
|
shellcheck-with-files)
|
||||||
errors=false
|
"$0" shellcheck || exit 1
|
||||||
"$0" shellcheck || errors=true
|
"$0" shellcheck-type-files || exit 1
|
||||||
"$0" shellcheck-type-files || errors=true
|
|
||||||
! $errors || exit 1
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
shellcheck-build-helper)
|
shellcheck-build-helper)
|
||||||
${SHELLCHECKCMD} ./bin/cdist-build-helper
|
${SHELLCHECKCMD} ./bin/build-helper
|
||||||
;;
|
;;
|
||||||
|
|
||||||
check-shellcheck)
|
check-shellcheck)
|
90
bin/cdist
90
bin/cdist
|
@ -1,8 +1,7 @@
|
||||||
#!/usr/bin/env python3
|
#!/bin/sh
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
#
|
#
|
||||||
# 2010-2016 Nico Schottelius (nico-cdist at schottelius.org)
|
# 2012 Nico Schottelius (nico-cdist at schottelius.org)
|
||||||
# 2016 Darko Poljak (darko.poljak at gmail.com)
|
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -21,83 +20,14 @@
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
|
|
||||||
import logging
|
# Wrapper for real script to allow execution from checkout
|
||||||
import os
|
dir=${0%/*}
|
||||||
import sys
|
|
||||||
|
|
||||||
# See if this file's parent is cdist module
|
# Ensure version is present - the bundled/shipped version contains a static version,
|
||||||
# and if so add it to module search path.
|
# the git version contains a dynamic version
|
||||||
cdist_dir = os.path.realpath(
|
"$dir/build-helper" version
|
||||||
os.path.join(
|
|
||||||
os.path.dirname(os.path.realpath(__file__)),
|
|
||||||
os.pardir))
|
|
||||||
cdist_init_dir = os.path.join(cdist_dir, 'cdist', '__init__.py')
|
|
||||||
if os.path.exists(cdist_init_dir):
|
|
||||||
sys.path.insert(0, cdist_dir)
|
|
||||||
|
|
||||||
import cdist # noqa 402
|
libdir=$(cd "${dir}/../" && pwd -P)
|
||||||
import cdist.argparse # noqa 402
|
export PYTHONPATH="${libdir}"
|
||||||
import cdist.banner # noqa 402
|
|
||||||
import cdist.config # noqa 402
|
|
||||||
import cdist.install # noqa 402
|
|
||||||
import cdist.shell # noqa 402
|
|
||||||
import cdist.inventory # noqa 402
|
|
||||||
|
|
||||||
|
"$dir/../scripts/cdist" "$@"
|
||||||
def commandline():
|
|
||||||
"""Parse command line"""
|
|
||||||
|
|
||||||
# preos subcommand hack
|
|
||||||
if len(sys.argv) > 1 and sys.argv[1] == 'preos':
|
|
||||||
return cdist.preos.PreOS.commandline(sys.argv[1:])
|
|
||||||
parser, cfg = cdist.argparse.parse_and_configure(sys.argv[1:])
|
|
||||||
args = cfg.get_args()
|
|
||||||
|
|
||||||
# Work around python 3.3 bug:
|
|
||||||
# http://bugs.python.org/issue16308
|
|
||||||
# http://bugs.python.org/issue9253
|
|
||||||
|
|
||||||
# FIXME: catching AttributeError also hides
|
|
||||||
# real problems.. try a different way
|
|
||||||
|
|
||||||
# FIXME: we always print main help, not
|
|
||||||
# the help of the actual parser being used!
|
|
||||||
try:
|
|
||||||
getattr(args, "func")
|
|
||||||
except AttributeError:
|
|
||||||
parser['main'].print_help()
|
|
||||||
sys.exit(0)
|
|
||||||
|
|
||||||
args.func(args)
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
|
||||||
if sys.version_info[:3] < cdist.MIN_SUPPORTED_PYTHON_VERSION:
|
|
||||||
print(
|
|
||||||
'Python >= {} is required on the source host.'.format(
|
|
||||||
".".join(map(str, cdist.MIN_SUPPORTED_PYTHON_VERSION))),
|
|
||||||
file=sys.stderr)
|
|
||||||
sys.exit(1)
|
|
||||||
|
|
||||||
exit_code = 0
|
|
||||||
|
|
||||||
try:
|
|
||||||
import re
|
|
||||||
import os
|
|
||||||
|
|
||||||
if re.match("__", os.path.basename(sys.argv[0])):
|
|
||||||
import cdist.emulator
|
|
||||||
emulator = cdist.emulator.Emulator(sys.argv)
|
|
||||||
emulator.run()
|
|
||||||
else:
|
|
||||||
commandline()
|
|
||||||
|
|
||||||
except KeyboardInterrupt:
|
|
||||||
exit_code = 2
|
|
||||||
|
|
||||||
except cdist.Error as e:
|
|
||||||
log = logging.getLogger("cdist")
|
|
||||||
log.error(e)
|
|
||||||
exit_code = 1
|
|
||||||
|
|
||||||
sys.exit(exit_code)
|
|
||||||
|
|
|
@ -22,27 +22,12 @@
|
||||||
|
|
||||||
import os
|
import os
|
||||||
import hashlib
|
import hashlib
|
||||||
import subprocess
|
|
||||||
|
|
||||||
import cdist.log
|
import cdist.log
|
||||||
|
import cdist.version
|
||||||
|
|
||||||
|
|
||||||
VERSION = 'unknown version'
|
VERSION = cdist.version.VERSION
|
||||||
|
|
||||||
try:
|
|
||||||
import cdist.version
|
|
||||||
VERSION = cdist.version.VERSION
|
|
||||||
except ModuleNotFoundError:
|
|
||||||
cdist_dir = os.path.abspath(
|
|
||||||
os.path.join(os.path.dirname(__file__), os.pardir))
|
|
||||||
if os.path.isdir(os.path.join(cdist_dir, '.git')):
|
|
||||||
try:
|
|
||||||
VERSION = subprocess.check_output(
|
|
||||||
['git', 'describe', '--always'],
|
|
||||||
cwd=cdist_dir,
|
|
||||||
universal_newlines=True)
|
|
||||||
except Exception:
|
|
||||||
pass
|
|
||||||
|
|
||||||
BANNER = """
|
BANNER = """
|
||||||
.. . .x+=:. s
|
.. . .x+=:. s
|
||||||
|
@ -64,7 +49,7 @@ REMOTE_EXEC = "ssh -o User=root"
|
||||||
REMOTE_CMDS_CLEANUP_PATTERN = "ssh -o User=root -O exit -S {}"
|
REMOTE_CMDS_CLEANUP_PATTERN = "ssh -o User=root -O exit -S {}"
|
||||||
|
|
||||||
|
|
||||||
MIN_SUPPORTED_PYTHON_VERSION = (3, 5)
|
MIN_SUPPORTED_PYTHON_VERSION = '3.5'
|
||||||
|
|
||||||
|
|
||||||
class Error(Exception):
|
class Error(Exception):
|
||||||
|
|
|
@ -8,11 +8,10 @@ import cdist.configuration
|
||||||
import cdist.log
|
import cdist.log
|
||||||
import cdist.preos
|
import cdist.preos
|
||||||
import cdist.info
|
import cdist.info
|
||||||
import cdist.scan.commandline
|
|
||||||
|
|
||||||
|
|
||||||
# set of beta sub-commands
|
# set of beta sub-commands
|
||||||
BETA_COMMANDS = set(('install', 'inventory', 'scan', ))
|
BETA_COMMANDS = set(('install', 'inventory', ))
|
||||||
# set of beta arguments for sub-commands
|
# set of beta arguments for sub-commands
|
||||||
BETA_ARGS = {
|
BETA_ARGS = {
|
||||||
'config': set(('tag', 'all_tagged_hosts', 'use_archiving', )),
|
'config': set(('tag', 'all_tagged_hosts', 'use_archiving', )),
|
||||||
|
@ -274,7 +273,8 @@ def get_parsers():
|
||||||
'-f', '--file',
|
'-f', '--file',
|
||||||
help=('Read specified file for a list of additional hosts to '
|
help=('Read specified file for a list of additional hosts to '
|
||||||
'operate on or if \'-\' is given, read stdin (one host per '
|
'operate on or if \'-\' is given, read stdin (one host per '
|
||||||
'line).'),
|
'line). If no host or host file is specified then, by '
|
||||||
|
'default, read hosts from stdin.'),
|
||||||
dest='hostfile', required=False)
|
dest='hostfile', required=False)
|
||||||
parser['config_args'].add_argument(
|
parser['config_args'].add_argument(
|
||||||
'-p', '--parallel', nargs='?', metavar='HOST_MAX',
|
'-p', '--parallel', nargs='?', metavar='HOST_MAX',
|
||||||
|
@ -326,7 +326,9 @@ def get_parsers():
|
||||||
parser['add-host'].add_argument(
|
parser['add-host'].add_argument(
|
||||||
'-f', '--file',
|
'-f', '--file',
|
||||||
help=('Read additional hosts to add from specified file '
|
help=('Read additional hosts to add from specified file '
|
||||||
'or from stdin if \'-\' (each host on separate line). '),
|
'or from stdin if \'-\' (each host on separate line). '
|
||||||
|
'If no host or host file is specified then, by default, '
|
||||||
|
'read from stdin.'),
|
||||||
dest='hostfile', required=False)
|
dest='hostfile', required=False)
|
||||||
|
|
||||||
parser['add-tag'] = parser['invsub'].add_parser(
|
parser['add-tag'] = parser['invsub'].add_parser(
|
||||||
|
@ -340,12 +342,20 @@ def get_parsers():
|
||||||
parser['add-tag'].add_argument(
|
parser['add-tag'].add_argument(
|
||||||
'-f', '--file',
|
'-f', '--file',
|
||||||
help=('Read additional hosts to add tags from specified file '
|
help=('Read additional hosts to add tags from specified file '
|
||||||
'or from stdin if \'-\' (each host on separate line). '),
|
'or from stdin if \'-\' (each host on separate line). '
|
||||||
|
'If no host or host file is specified then, by default, '
|
||||||
|
'read from stdin. If no tags/tagfile nor hosts/hostfile'
|
||||||
|
' are specified then tags are read from stdin and are'
|
||||||
|
' added to all hosts.'),
|
||||||
dest='hostfile', required=False)
|
dest='hostfile', required=False)
|
||||||
parser['add-tag'].add_argument(
|
parser['add-tag'].add_argument(
|
||||||
'-T', '--tag-file',
|
'-T', '--tag-file',
|
||||||
help=('Read additional tags to add from specified file '
|
help=('Read additional tags to add from specified file '
|
||||||
'or from stdin if \'-\' (each tag on separate line). '),
|
'or from stdin if \'-\' (each tag on separate line). '
|
||||||
|
'If no tag or tag file is specified then, by default, '
|
||||||
|
'read from stdin. If no tags/tagfile nor hosts/hostfile'
|
||||||
|
' are specified then tags are read from stdin and are'
|
||||||
|
' added to all hosts.'),
|
||||||
dest='tagfile', required=False)
|
dest='tagfile', required=False)
|
||||||
parser['add-tag'].add_argument(
|
parser['add-tag'].add_argument(
|
||||||
'-t', '--taglist',
|
'-t', '--taglist',
|
||||||
|
@ -366,7 +376,9 @@ def get_parsers():
|
||||||
parser['del-host'].add_argument(
|
parser['del-host'].add_argument(
|
||||||
'-f', '--file',
|
'-f', '--file',
|
||||||
help=('Read additional hosts to delete from specified file '
|
help=('Read additional hosts to delete from specified file '
|
||||||
'or from stdin if \'-\' (each host on separate line). '),
|
'or from stdin if \'-\' (each host on separate line). '
|
||||||
|
'If no host or host file is specified then, by default, '
|
||||||
|
'read from stdin.'),
|
||||||
dest='hostfile', required=False)
|
dest='hostfile', required=False)
|
||||||
|
|
||||||
parser['del-tag'] = parser['invsub'].add_parser(
|
parser['del-tag'] = parser['invsub'].add_parser(
|
||||||
|
@ -384,13 +396,20 @@ def get_parsers():
|
||||||
parser['del-tag'].add_argument(
|
parser['del-tag'].add_argument(
|
||||||
'-f', '--file',
|
'-f', '--file',
|
||||||
help=('Read additional hosts to delete tags for from specified '
|
help=('Read additional hosts to delete tags for from specified '
|
||||||
'file or from stdin if \'-\' (each host on separate '
|
'file or from stdin if \'-\' (each host on separate line). '
|
||||||
'line). '),
|
'If no host or host file is specified then, by default, '
|
||||||
|
'read from stdin. If no tags/tagfile nor hosts/hostfile'
|
||||||
|
' are specified then tags are read from stdin and are'
|
||||||
|
' deleted from all hosts.'),
|
||||||
dest='hostfile', required=False)
|
dest='hostfile', required=False)
|
||||||
parser['del-tag'].add_argument(
|
parser['del-tag'].add_argument(
|
||||||
'-T', '--tag-file',
|
'-T', '--tag-file',
|
||||||
help=('Read additional tags from specified file '
|
help=('Read additional tags from specified file '
|
||||||
'or from stdin if \'-\' (each tag on separate line). '),
|
'or from stdin if \'-\' (each tag on separate line). '
|
||||||
|
'If no tag or tag file is specified then, by default, '
|
||||||
|
'read from stdin. If no tags/tagfile nor'
|
||||||
|
' hosts/hostfile are specified then tags are read from'
|
||||||
|
' stdin and are added to all hosts.'),
|
||||||
dest='tagfile', required=False)
|
dest='tagfile', required=False)
|
||||||
parser['del-tag'].add_argument(
|
parser['del-tag'].add_argument(
|
||||||
'-t', '--taglist',
|
'-t', '--taglist',
|
||||||
|
@ -471,47 +490,6 @@ def get_parsers():
|
||||||
'pattern', nargs='?', help='Glob pattern.')
|
'pattern', nargs='?', help='Glob pattern.')
|
||||||
parser['info'].set_defaults(func=cdist.info.Info.commandline)
|
parser['info'].set_defaults(func=cdist.info.Info.commandline)
|
||||||
|
|
||||||
# Scan = config + further
|
|
||||||
parser['scan'] = parser['sub'].add_parser('scan', add_help=False,
|
|
||||||
parents=[parser['config']])
|
|
||||||
|
|
||||||
parser['scan'] = parser['sub'].add_parser(
|
|
||||||
'scan', parents=[parser['loglevel'],
|
|
||||||
parser['beta'],
|
|
||||||
parser['colored_output'],
|
|
||||||
parser['common'],
|
|
||||||
parser['config_main']])
|
|
||||||
|
|
||||||
parser['scan'].add_argument(
|
|
||||||
'-m', '--mode', help='Which modes should run',
|
|
||||||
action='append', default=[],
|
|
||||||
choices=['scan', 'trigger', 'config'])
|
|
||||||
parser['scan'].add_argument(
|
|
||||||
'--list',
|
|
||||||
action='store_true',
|
|
||||||
help='List the known hosts and exit')
|
|
||||||
parser['scan'].add_argument(
|
|
||||||
'--config',
|
|
||||||
action='store_true',
|
|
||||||
help='Try to configure detected hosts')
|
|
||||||
parser['scan'].add_argument(
|
|
||||||
'-I', '--interface',
|
|
||||||
action='append', default=[], required=True,
|
|
||||||
help='On which interfaces to scan/trigger')
|
|
||||||
parser['scan'].add_argument(
|
|
||||||
'--name-mapper',
|
|
||||||
action='store', default=None,
|
|
||||||
help='Map addresses to names, required for config mode')
|
|
||||||
parser['scan'].add_argument(
|
|
||||||
'-d', '--config-delay',
|
|
||||||
action='store', default=3600, type=int,
|
|
||||||
help='How long (seconds) to wait before reconfiguring after last try')
|
|
||||||
parser['scan'].add_argument(
|
|
||||||
'-t', '--trigger-delay',
|
|
||||||
action='store', default=5, type=int,
|
|
||||||
help='How long (seconds) to wait between ICMPv6 echo requests')
|
|
||||||
parser['scan'].set_defaults(func=cdist.scan.commandline.commandline)
|
|
||||||
|
|
||||||
for p in parser:
|
for p in parser:
|
||||||
parser[p].epilog = EPILOG
|
parser[p].epilog = EPILOG
|
||||||
|
|
||||||
|
@ -545,10 +523,10 @@ def parse_and_configure(argv, singleton=True):
|
||||||
|
|
||||||
log = logging.getLogger("cdist")
|
log = logging.getLogger("cdist")
|
||||||
|
|
||||||
log.verbose("version %s", cdist.VERSION)
|
log.verbose("version %s" % cdist.VERSION)
|
||||||
log.trace('command line args: %s', cfg.command_line_args)
|
log.trace('command line args: {}'.format(cfg.command_line_args))
|
||||||
log.trace('configuration: %s', cfg.get_config())
|
log.trace('configuration: {}'.format(cfg.get_config()))
|
||||||
log.trace('configured args: %s', args)
|
log.trace('configured args: {}'.format(args))
|
||||||
|
|
||||||
check_beta(vars(args))
|
check_beta(vars(args))
|
||||||
|
|
||||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,9 +1,8 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# 2014 Daniel Heule (hda at sfs.biz)
|
# 2014 Daniel Heule (hda at sfs.biz)
|
||||||
# 2014 Thomas Oettli (otho at sfs.biz)
|
# 2014 Thomas Oettli (otho at sfs.biz)
|
||||||
# Copyright 2017, Philippe Gregoire <pg@pgregoire.xyz>
|
# Copyright 2017, Philippe Gregoire <pg@pgregoire.xyz>
|
||||||
# 2020 Dennis Camera <dennis.camera at ssrq-sds-fds.ch>
|
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -20,73 +19,24 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
# Returns the amount of memory physically installed in the system, or if that
|
#
|
||||||
# cannot be determined the amount available to the operating system kernel,
|
|
||||||
# in kibibytes (kiB).
|
|
||||||
|
|
||||||
str2bytes() {
|
# FIXME: other system types (not linux ...)
|
||||||
awk -F' ' '
|
|
||||||
$2 == "B" || !$2 { print $1 }
|
|
||||||
$2 == "kB" { printf "%.f\n", ($1 * 1000) }
|
|
||||||
$2 == "MB" { printf "%.f\n", ($1 * 1000 * 1000) }
|
|
||||||
$2 == "GB" { printf "%.f\n", ($1 * 1000 * 1000 * 1000) }
|
|
||||||
$2 == "TB" { printf "%.f\n", ($1 * 1000 * 1000 * 1000 * 1000) }
|
|
||||||
$2 == "kiB" { printf "%.f\n", ($1 * 1024) }
|
|
||||||
$2 == "MiB" { printf "%.f\n", ($1 * 1024 * 1024) }
|
|
||||||
$2 == "GiB" { printf "%.f\n", ($1 * 1024 * 1024 * 1024) }
|
|
||||||
$2 == "TiB" { printf "%.f\n", ($1 * 1024 * 1024 * 1024 * 1024) }'
|
|
||||||
}
|
|
||||||
|
|
||||||
bytes2kib() {
|
os=$("$__explorer/os")
|
||||||
awk '$0 > 0 { printf "%.f\n", ($0 / 1024) }'
|
case "$os" in
|
||||||
}
|
"macosx")
|
||||||
|
echo "$(sysctl -n hw.memsize)/1024" | bc
|
||||||
|
;;
|
||||||
|
|
||||||
|
*"bsd")
|
||||||
|
PATH=$(getconf PATH)
|
||||||
|
echo "$(sysctl -n hw.physmem) / 1048576" | bc
|
||||||
|
;;
|
||||||
|
|
||||||
case $(uname -s)
|
*)
|
||||||
in
|
if [ -r /proc/meminfo ]; then
|
||||||
(Darwin)
|
grep "MemTotal:" /proc/meminfo | awk '{print $2}'
|
||||||
sysctl -n hw.memsize | bytes2kib
|
fi
|
||||||
;;
|
;;
|
||||||
(FreeBSD)
|
|
||||||
sysctl -n hw.realmem | bytes2kib
|
|
||||||
;;
|
|
||||||
(NetBSD|OpenBSD)
|
|
||||||
# NOTE: This reports "usable" memory, not physically installed memory.
|
|
||||||
command -p sysctl -n hw.physmem | bytes2kib
|
|
||||||
;;
|
|
||||||
(SunOS)
|
|
||||||
# Make sure that awk from xpg4 is used for the scripts to work
|
|
||||||
export PATH="/usr/xpg4/bin:${PATH}"
|
|
||||||
prtconf \
|
|
||||||
| awk -F ': ' '
|
|
||||||
$1 == "Memory size" { sub(/Megabytes/, "MiB", $2); print $2 }
|
|
||||||
/^$/ { exit }' \
|
|
||||||
| str2bytes \
|
|
||||||
| bytes2kib
|
|
||||||
;;
|
|
||||||
(Linux)
|
|
||||||
if test -d /sys/devices/system/memory
|
|
||||||
then
|
|
||||||
# Use memory blocks if the architecture (e.g. x86, PPC64, s390)
|
|
||||||
# supports them (they denote physical memory)
|
|
||||||
num_mem_blocks=$(cat /sys/devices/system/memory/memory[0-9]*/state | grep -cxF online)
|
|
||||||
mem_block_size=$(cat /sys/devices/system/memory/block_size_bytes)
|
|
||||||
|
|
||||||
echo $((num_mem_blocks * 0x$mem_block_size)) | bytes2kib && exit
|
|
||||||
fi
|
|
||||||
if test -r /proc/meminfo
|
|
||||||
then
|
|
||||||
# Fall back to meminfo file on other architectures (e.g. ARM, MIPS,
|
|
||||||
# PowerPC)
|
|
||||||
# NOTE: This is "usable" memory, not physically installed memory.
|
|
||||||
awk -F ': +' '$1 == "MemTotal" { sub(/B$/, "iB", $2); print $2 }' /proc/meminfo \
|
|
||||||
| str2bytes \
|
|
||||||
| bytes2kib
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
(*)
|
|
||||||
printf "Your kernel (%s) is currently not supported by the memory explorer\n" "$(uname -s)" >&2
|
|
||||||
printf "Please contribute an implementation for it if you can.\n" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
esac
|
||||||
|
|
|
@ -144,9 +144,7 @@ esac
|
||||||
|
|
||||||
if [ -f /etc/os-release ]; then
|
if [ -f /etc/os-release ]; then
|
||||||
# after sles15, suse don't provide an /etc/SuSE-release anymore, but there is almost no difference between sles and opensuse leap, so call it suse
|
# after sles15, suse don't provide an /etc/SuSE-release anymore, but there is almost no difference between sles and opensuse leap, so call it suse
|
||||||
# shellcheck disable=SC1091
|
if grep -q ^ID_LIKE=\"suse\" /etc/os-release 2>/dev/null; then
|
||||||
if (. /etc/os-release && echo "${ID_LIKE}" | grep -q '\(^\|\ \)suse\($\|\ \)')
|
|
||||||
then
|
|
||||||
echo suse
|
echo suse
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# 2010-2011 Nico Schottelius (nico-cdist at schottelius.org)
|
# 2010-2011 Nico Schottelius (nico-cdist at schottelius.org)
|
||||||
# 2020-2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -18,22 +17,12 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
|
#
|
||||||
# All os variables are lower case
|
# All os variables are lower case
|
||||||
#
|
#
|
||||||
|
#
|
||||||
|
|
||||||
rc_getvar() {
|
case "$("$__explorer/os")" in
|
||||||
awk -F= -v varname="$2" '
|
|
||||||
function unquote(s) {
|
|
||||||
if (s ~ /^".*"$/ || s ~ /^'\''.*'\''$/)
|
|
||||||
return substr(s, 2, length(s) - 2)
|
|
||||||
else
|
|
||||||
return s
|
|
||||||
}
|
|
||||||
$1 == varname { print unquote(substr($0, index($0, "=") + 1)) }' "$1"
|
|
||||||
}
|
|
||||||
|
|
||||||
case $("${__explorer:?}/os")
|
|
||||||
in
|
|
||||||
amazon)
|
amazon)
|
||||||
cat /etc/system-release
|
cat /etc/system-release
|
||||||
;;
|
;;
|
||||||
|
@ -42,53 +31,10 @@ in
|
||||||
cat /etc/arch-release
|
cat /etc/arch-release
|
||||||
;;
|
;;
|
||||||
debian)
|
debian)
|
||||||
debian_version=$(cat /etc/debian_version)
|
cat /etc/debian_version
|
||||||
case $debian_version
|
|
||||||
in
|
|
||||||
testing/unstable)
|
|
||||||
# previous to Debian 4.0 testing/unstable was used
|
|
||||||
# cf. https://metadata.ftp-master.debian.org/changelogs/main/b/base-files/base-files_11_changelog
|
|
||||||
echo 3.99
|
|
||||||
;;
|
|
||||||
*/sid)
|
|
||||||
# sid versions don't have a number, so we decode by codename:
|
|
||||||
case $(expr "$debian_version" : '\([a-z]\{1,\}\)/')
|
|
||||||
in
|
|
||||||
trixie) echo 12.99 ;;
|
|
||||||
bookworm) echo 11.99 ;;
|
|
||||||
bullseye) echo 10.99 ;;
|
|
||||||
buster) echo 9.99 ;;
|
|
||||||
stretch) echo 8.99 ;;
|
|
||||||
jessie) echo 7.99 ;;
|
|
||||||
wheezy) echo 6.99 ;;
|
|
||||||
squeeze) echo 5.99 ;;
|
|
||||||
lenny) echo 4.99 ;;
|
|
||||||
*) echo 99.99 ;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "$debian_version"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
;;
|
;;
|
||||||
devuan)
|
devuan)
|
||||||
devuan_version=$(cat /etc/devuan_version)
|
cat /etc/devuan_version
|
||||||
case ${devuan_version}
|
|
||||||
in
|
|
||||||
(*/ceres)
|
|
||||||
# ceres versions don't have a number, so we decode by codename:
|
|
||||||
case ${devuan_version}
|
|
||||||
in
|
|
||||||
(chimaera/ceres) echo 3.99 ;;
|
|
||||||
(beowulf/ceres) echo 2.99 ;;
|
|
||||||
(ascii/ceres) echo 1.99 ;;
|
|
||||||
(*) exit 1
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
(*)
|
|
||||||
echo "${devuan_version}"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
;;
|
;;
|
||||||
fedora)
|
fedora)
|
||||||
cat /etc/fedora-release
|
cat /etc/fedora-release
|
||||||
|
@ -97,20 +43,7 @@ in
|
||||||
cat /etc/gentoo-release
|
cat /etc/gentoo-release
|
||||||
;;
|
;;
|
||||||
macosx)
|
macosx)
|
||||||
# NOTE: Legacy versions (< 10.3) do not support options
|
sw_vers -productVersion
|
||||||
sw_vers | awk -F ':[ \t]+' '$1 == "ProductVersion" { print $2 }'
|
|
||||||
;;
|
|
||||||
freebsd)
|
|
||||||
# Apparently uname -r is not a reliable way to get the patch level.
|
|
||||||
# See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743
|
|
||||||
if command -v freebsd-version >/dev/null 2>&1
|
|
||||||
then
|
|
||||||
# get userland version
|
|
||||||
freebsd-version -u
|
|
||||||
else
|
|
||||||
# fallback to kernel release for FreeBSD < 10.0
|
|
||||||
uname -r
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
*bsd|solaris)
|
*bsd|solaris)
|
||||||
uname -r
|
uname -r
|
||||||
|
@ -135,22 +68,9 @@ in
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
ubuntu)
|
ubuntu)
|
||||||
if command -v lsb_release >/dev/null 2>&1
|
lsb_release -sr
|
||||||
then
|
|
||||||
lsb_release -sr
|
|
||||||
elif test -r /usr/lib/os-release
|
|
||||||
then
|
|
||||||
# fallback to /usr/lib/os-release if lsb_release is not present (like
|
|
||||||
# on minimized Ubuntu installations)
|
|
||||||
rc_getvar /usr/lib/os-release VERSION_ID
|
|
||||||
elif test -r /etc/lsb-release
|
|
||||||
then
|
|
||||||
# extract DISTRIB_RELEASE= variable from /etc/lsb-release on old
|
|
||||||
# versions without /usr/lib/os-release.
|
|
||||||
rc_getvar /etc/lsb-release DISTRIB_RELEASE
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
alpine)
|
alpine)
|
||||||
cat /etc/alpine-release
|
cat /etc/alpine-release
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
36
cdist/conf/type/__postgres_extension/explorer/state → cdist/conf/type/__acl/explorer/checks
Normal file → Executable file
36
cdist/conf/type/__postgres_extension/explorer/state → cdist/conf/type/__acl/explorer/checks
Normal file → Executable file
|
@ -1,7 +1,6 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh -e
|
||||||
# -*- mode: sh; indent-tabs-mode: t -*-
|
|
||||||
#
|
#
|
||||||
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
# 2019 Ander Punnar (ander-at-kvlt-dot-ee)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -18,24 +17,23 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
# Prints "present" if the extension is currently installed.
|
|
||||||
# "absent" otherwise.
|
|
||||||
|
|
||||||
quote() { printf '%s\n' "$*" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"; }
|
# TODO check if filesystem has ACL turned on etc
|
||||||
|
|
||||||
postgres_user=$("${__type_explorer:?}/postgres_user")
|
if [ -f "$__object/parameter/acl" ]
|
||||||
|
|
||||||
IFS=: read -r dbname extname <<EOF
|
|
||||||
${__object_id:?}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
psql_exec() {
|
|
||||||
su - "${postgres_user}" -c "psql $(quote "$1") -twAc $(quote "$2")"
|
|
||||||
}
|
|
||||||
|
|
||||||
if psql_exec "${dbname}" 'SELECT extname FROM pg_extension' | grep -qFx "${extname}"
|
|
||||||
then
|
then
|
||||||
echo present
|
grep -E '^(default:)?(user|group):' "$__object/parameter/acl" \
|
||||||
else
|
| while read -r acl
|
||||||
echo absent
|
do
|
||||||
|
param="$( echo "$acl" | awk -F: '{print $(NF-2)}' )"
|
||||||
|
check="$( echo "$acl" | awk -F: '{print $(NF-1)}' )"
|
||||||
|
|
||||||
|
[ "$param" = 'user' ] && db=passwd || db="$param"
|
||||||
|
|
||||||
|
if ! getent "$db" "$check" > /dev/null
|
||||||
|
then
|
||||||
|
echo "missing $param '$check'" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
fi
|
fi
|
|
@ -1,4 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
|
|
||||||
getent passwd | awk -F: '{print "user:"$1}'
|
|
||||||
getent group | awk -F: '{print "group:"$1}'
|
|
|
@ -22,8 +22,8 @@ file_is="$( cat "$__object/explorer/file_is" )"
|
||||||
|
|
||||||
if [ "$file_is" = 'missing' ] \
|
if [ "$file_is" = 'missing' ] \
|
||||||
&& [ -z "$__cdist_dry_run" ] \
|
&& [ -z "$__cdist_dry_run" ] \
|
||||||
&& [ ! -f "$__object/parameter/file" ] \
|
&& \( [ ! -f "$__object/parameter/file" ] \
|
||||||
&& [ ! -f "$__object/parameter/directory" ]
|
|| [ ! -f "$__object/parameter/directory" ] \)
|
||||||
then
|
then
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
@ -47,26 +47,28 @@ then
|
||||||
elif [ -f "$__object/parameter/entry" ]
|
elif [ -f "$__object/parameter/entry" ]
|
||||||
then
|
then
|
||||||
acl_should="$( cat "$__object/parameter/entry" )"
|
acl_should="$( cat "$__object/parameter/entry" )"
|
||||||
|
elif [ -f "$__object/parameter/acl" ]
|
||||||
|
then
|
||||||
|
acl_should="$( cat "$__object/parameter/acl" )"
|
||||||
|
elif
|
||||||
|
[ -f "$__object/parameter/user" ] \
|
||||||
|
|| [ -f "$__object/parameter/group" ] \
|
||||||
|
|| [ -f "$__object/parameter/mask" ] \
|
||||||
|
|| [ -f "$__object/parameter/other" ]
|
||||||
|
then
|
||||||
|
acl_should="$( for param in user group mask other
|
||||||
|
do
|
||||||
|
[ ! -f "$__object/parameter/$param" ] && continue
|
||||||
|
|
||||||
|
echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=:
|
||||||
|
|
||||||
|
echo "$param$sep$( cat "$__object/parameter/$param" )"
|
||||||
|
done )"
|
||||||
else
|
else
|
||||||
echo 'no parameters set' >&2
|
echo 'no parameters set' >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# instead of setfacl's non-helpful message "Option -m: Invalid argument near character X"
|
|
||||||
# let's check if target has necessary users and groups, since mistyped or missing
|
|
||||||
# users/groups in target is most common reason.
|
|
||||||
echo "$acl_should" \
|
|
||||||
| grep -Po '(user|group):[^:]+' \
|
|
||||||
| sort -u \
|
|
||||||
| while read -r l
|
|
||||||
do
|
|
||||||
if ! grep "$l" -Fxq "$__object/explorer/getent"
|
|
||||||
then
|
|
||||||
echo "no $l' in target" | sed "s/:/ '/" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
if [ -f "$__object/parameter/default" ]
|
if [ -f "$__object/parameter/default" ]
|
||||||
then
|
then
|
||||||
acl_should="$( echo "$acl_should" \
|
acl_should="$( echo "$acl_should" \
|
||||||
|
|
|
@ -12,14 +12,11 @@ Fully supported and tested on Linux (ext4 filesystem), partial support for FreeB
|
||||||
|
|
||||||
See ``setfacl`` and ``acl`` manpages for more details.
|
See ``setfacl`` and ``acl`` manpages for more details.
|
||||||
|
|
||||||
One of ``--entry`` or ``--source`` must be used.
|
|
||||||
|
|
||||||
|
REQUIRED MULTIPLE PARAMETERS
|
||||||
OPTIONAL MULTIPLE PARAMETERS
|
|
||||||
----------------------------
|
----------------------------
|
||||||
entry
|
entry
|
||||||
Set ACL entry following ``getfacl`` output syntax.
|
Set ACL entry following ``getfacl`` output syntax.
|
||||||
Must be used if ``--source`` is not used.
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
|
@ -28,7 +25,6 @@ source
|
||||||
Read ACL entries from stdin or file.
|
Read ACL entries from stdin or file.
|
||||||
Ordering of entries is not important.
|
Ordering of entries is not important.
|
||||||
When reading from file, comments and empty lines are ignored.
|
When reading from file, comments and empty lines are ignored.
|
||||||
Must be used if ``--entry`` is not used.
|
|
||||||
|
|
||||||
file
|
file
|
||||||
Create/change file with ``__file`` using ``user:group:mode`` pattern.
|
Create/change file with ``__file`` using ``user:group:mode`` pattern.
|
||||||
|
@ -52,6 +48,12 @@ remove
|
||||||
``mask`` and ``other`` entries can't be removed, but only changed.
|
``mask`` and ``other`` entries can't be removed, but only changed.
|
||||||
|
|
||||||
|
|
||||||
|
DEPRECATED PARAMETERS
|
||||||
|
---------------------
|
||||||
|
Parameters ``acl``, ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
|
||||||
|
will be removed in future versions. Please use ``entry`` parameter instead.
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
||||||
|
|
1
cdist/conf/type/__acl/parameter/deprecated/acl
Normal file
1
cdist/conf/type/__acl/parameter/deprecated/acl
Normal file
|
@ -0,0 +1 @@
|
||||||
|
see manual for details
|
1
cdist/conf/type/__acl/parameter/deprecated/group
Normal file
1
cdist/conf/type/__acl/parameter/deprecated/group
Normal file
|
@ -0,0 +1 @@
|
||||||
|
see manual for details
|
1
cdist/conf/type/__acl/parameter/deprecated/mask
Normal file
1
cdist/conf/type/__acl/parameter/deprecated/mask
Normal file
|
@ -0,0 +1 @@
|
||||||
|
see manual for details
|
1
cdist/conf/type/__acl/parameter/deprecated/other
Normal file
1
cdist/conf/type/__acl/parameter/deprecated/other
Normal file
|
@ -0,0 +1 @@
|
||||||
|
see manual for details
|
1
cdist/conf/type/__acl/parameter/deprecated/user
Normal file
1
cdist/conf/type/__acl/parameter/deprecated/user
Normal file
|
@ -0,0 +1 @@
|
||||||
|
see manual for details
|
|
@ -1,3 +1,5 @@
|
||||||
|
mask
|
||||||
|
other
|
||||||
source
|
source
|
||||||
file
|
file
|
||||||
directory
|
directory
|
||||||
|
|
|
@ -1 +1,4 @@
|
||||||
entry
|
entry
|
||||||
|
acl
|
||||||
|
user
|
||||||
|
group
|
||||||
|
|
|
@ -1,104 +0,0 @@
|
||||||
cdist-type__debian_backports(7)
|
|
||||||
===============================
|
|
||||||
|
|
||||||
NAME
|
|
||||||
----
|
|
||||||
cdist-type__apt_backports - Install backports
|
|
||||||
|
|
||||||
|
|
||||||
DESCRIPTION
|
|
||||||
-----------
|
|
||||||
This singleton type installs backports for the current OS release.
|
|
||||||
It aborts if backports are not supported for the specified OS or
|
|
||||||
no version codename could be fetched (like Debian unstable).
|
|
||||||
|
|
||||||
The package index will be automatically updated if required.
|
|
||||||
|
|
||||||
It supports backports from following OSes:
|
|
||||||
|
|
||||||
- Debian
|
|
||||||
- Devuan
|
|
||||||
- Ubuntu
|
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
|
||||||
-------------------
|
|
||||||
None.
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
|
||||||
-------------------
|
|
||||||
state
|
|
||||||
Represents the state of the backports repository. ``present`` or
|
|
||||||
``absent``, defaults to ``present``.
|
|
||||||
|
|
||||||
Will be directly passed to :strong:`cdist-type__apt_source`\ (7).
|
|
||||||
|
|
||||||
mirror
|
|
||||||
The mirror to fetch the backports from. Will defaults to the generic
|
|
||||||
mirror of the current OS.
|
|
||||||
|
|
||||||
Will be directly passed to :strong:`cdist-type__apt_source`\ (7).
|
|
||||||
|
|
||||||
|
|
||||||
BOOLEAN PARAMETERS
|
|
||||||
------------------
|
|
||||||
None.
|
|
||||||
|
|
||||||
|
|
||||||
MESSAGES
|
|
||||||
--------
|
|
||||||
None.
|
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
|
||||||
--------
|
|
||||||
|
|
||||||
.. code-block:: sh
|
|
||||||
|
|
||||||
# setup the backports
|
|
||||||
__apt_backports
|
|
||||||
__apt_backports --state absent
|
|
||||||
__apt_backports --state present --mirror "http://ftp.de.debian.org/debian/"
|
|
||||||
|
|
||||||
# install a backports package
|
|
||||||
# currently for the buster release backports
|
|
||||||
require="__apt_backports" __package_apt wireguard \
|
|
||||||
--target-release buster-backports
|
|
||||||
|
|
||||||
|
|
||||||
ABORTS
|
|
||||||
------
|
|
||||||
Aborts if the detected os is not Debian.
|
|
||||||
|
|
||||||
Aborts if no distribuition codename could be detected. This is common for the
|
|
||||||
unstable distribution, but there is no backports repository for it already.
|
|
||||||
|
|
||||||
|
|
||||||
CAVEATS
|
|
||||||
-------
|
|
||||||
For Ubuntu, it setup all componenents for the backports repository: ``main``,
|
|
||||||
``restricted``, ``universe`` and ``multiverse``. The user may not want to
|
|
||||||
install proprietary packages, which will only be installed if the user
|
|
||||||
explicitly uses the backports target-release. The user may change this behavior
|
|
||||||
to install backports packages without the need of explicitly select it.
|
|
||||||
|
|
||||||
|
|
||||||
SEE ALSO
|
|
||||||
--------
|
|
||||||
`Official Debian Backports site <https://backports.debian.org/>`_
|
|
||||||
|
|
||||||
:strong:`cdist-type__apt_source`\ (7)
|
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
|
||||||
-------
|
|
||||||
Matthias Stecher <matthiasstecher at gmx.de>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
|
||||||
-------
|
|
||||||
Copyright \(C) 2020 Matthias Stecher. You can redistribute it
|
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
|
||||||
published by the Free Software Foundation, either version 3 of the
|
|
||||||
License, or (at your option) any later version.
|
|
|
@ -1,82 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
# __apt_backports/manifest
|
|
||||||
#
|
|
||||||
# 2020 Matthias Stecher (matthiasstecher at gmx.de)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
#
|
|
||||||
# Enables/disables backports repository. Utilises __apt_source for it.
|
|
||||||
#
|
|
||||||
|
|
||||||
|
|
||||||
# Get the distribution codename by /etc/os-release.
|
|
||||||
# is already executed in a subshell by string substitution
|
|
||||||
# lsb_release may not be given in all installations
|
|
||||||
codename_os_release() {
|
|
||||||
# shellcheck disable=SC1090
|
|
||||||
# shellcheck disable=SC1091
|
|
||||||
. "$__global/explorer/os_release"
|
|
||||||
printf "%s" "$VERSION_CODENAME"
|
|
||||||
}
|
|
||||||
|
|
||||||
# detect backport distribution
|
|
||||||
os="$(cat "$__global/explorer/os")"
|
|
||||||
case "$os" in
|
|
||||||
debian)
|
|
||||||
dist="$( codename_os_release )"
|
|
||||||
components="main"
|
|
||||||
mirror="http://deb.debian.org/debian/"
|
|
||||||
;;
|
|
||||||
devuan)
|
|
||||||
dist="$( codename_os_release )"
|
|
||||||
components="main"
|
|
||||||
mirror="http://deb.devuan.org/merged"
|
|
||||||
;;
|
|
||||||
ubuntu)
|
|
||||||
dist="$( codename_os_release )"
|
|
||||||
components="main restricted universe multiverse"
|
|
||||||
mirror="http://archive.ubuntu.com/ubuntu"
|
|
||||||
;;
|
|
||||||
|
|
||||||
*)
|
|
||||||
printf "Backports for %s are not supported!\n" "$os" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# error if no codename given (e.g. on Debian unstable)
|
|
||||||
if [ -z "$dist" ]; then
|
|
||||||
printf "No backports for unkown version of distribution %s!\n" "$os" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# parameters
|
|
||||||
state="$(cat "$__object/parameter/state")"
|
|
||||||
|
|
||||||
# mirror already set for the os, only override user-values
|
|
||||||
if [ -f "$__object/parameter/mirror" ]; then
|
|
||||||
mirror="$(cat "$__object/parameter/mirror")"
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# install the given backports repository
|
|
||||||
__apt_source "${dist}-backports" \
|
|
||||||
--state "$state" \
|
|
||||||
--distribution "${dist}-backports" \
|
|
||||||
--component "$components" \
|
|
||||||
--uri "$mirror"
|
|
|
@ -1 +0,0 @@
|
||||||
present
|
|
|
@ -1,2 +0,0 @@
|
||||||
state
|
|
||||||
mirror
|
|
|
@ -27,25 +27,18 @@ else
|
||||||
keyid="$__object_id"
|
keyid="$__object_id"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# From apt-key(8):
|
|
||||||
# Use of apt-key is deprecated, except for the use of apt-key del in
|
|
||||||
# maintainer scripts to remove existing keys from the main keyring.
|
|
||||||
# If such usage of apt-key is desired the additional installation of
|
|
||||||
# the GNU Privacy Guard suite (packaged in gnupg) is required.
|
|
||||||
if [ -f "${__object}/parameter/use-deprecated-apt-key" ]; then
|
|
||||||
if apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK"
|
|
||||||
then echo present
|
|
||||||
else echo absent
|
|
||||||
fi
|
|
||||||
exit
|
|
||||||
fi
|
|
||||||
|
|
||||||
keydir="$(cat "$__object/parameter/keydir")"
|
keydir="$(cat "$__object/parameter/keydir")"
|
||||||
keyfile="$keydir/$__object_id.gpg"
|
keyfile="$keydir/$__object_id.gpg"
|
||||||
|
|
||||||
if [ -f "$keyfile" ]
|
if [ -d "$keydir" ]
|
||||||
then
|
then
|
||||||
echo present
|
if [ -f "$keyfile" ]
|
||||||
exit
|
then echo present
|
||||||
|
else echo absent
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
# fallback to deprecated apt-key
|
||||||
|
apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK" \
|
||||||
|
&& echo present \
|
||||||
|
|| echo absent
|
||||||
fi
|
fi
|
||||||
echo absent
|
|
||||||
|
|
|
@ -25,7 +25,11 @@ else
|
||||||
fi
|
fi
|
||||||
state_should="$(cat "$__object/parameter/state")"
|
state_should="$(cat "$__object/parameter/state")"
|
||||||
state_is="$(cat "$__object/explorer/state")"
|
state_is="$(cat "$__object/explorer/state")"
|
||||||
method="$(cat "$__object/key_method")"
|
|
||||||
|
if [ "$state_should" = "$state_is" ]; then
|
||||||
|
# nothing to do
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
keydir="$(cat "$__object/parameter/keydir")"
|
keydir="$(cat "$__object/parameter/keydir")"
|
||||||
keyfile="$keydir/$__object_id.gpg"
|
keyfile="$keydir/$__object_id.gpg"
|
||||||
|
@ -33,18 +37,30 @@ keyfile="$keydir/$__object_id.gpg"
|
||||||
case "$state_should" in
|
case "$state_should" in
|
||||||
present)
|
present)
|
||||||
keyserver="$(cat "$__object/parameter/keyserver")"
|
keyserver="$(cat "$__object/parameter/keyserver")"
|
||||||
# Using __download or __file as key source
|
|
||||||
# Propagate messages if needed
|
if [ -f "$__object/parameter/uri" ]; then
|
||||||
if [ "${method}" = "uri" ] || [ "${method}" = "source" ]; then
|
uri="$(cat "$__object/parameter/uri")"
|
||||||
if grep -Eq "^__(file|download)$keyfile" "$__messages_in"; then
|
|
||||||
echo "added '$keyid'" >> "$__messages_out"
|
if [ -d "$keydir" ]; then
|
||||||
|
cat << EOF
|
||||||
|
|
||||||
|
curl -s -L \\
|
||||||
|
-o "$keyfile" \\
|
||||||
|
"$uri"
|
||||||
|
|
||||||
|
key="\$( cat "$keyfile" )"
|
||||||
|
|
||||||
|
if echo "\$key" | grep -Fq 'BEGIN PGP PUBLIC KEY BLOCK'
|
||||||
|
then
|
||||||
|
echo "\$key" | gpg --dearmor > "$keyfile"
|
||||||
|
fi
|
||||||
|
|
||||||
|
EOF
|
||||||
|
else
|
||||||
|
# fallback to deprecated apt-key
|
||||||
|
echo "curl -s -L '$uri' | apt-key add -"
|
||||||
fi
|
fi
|
||||||
exit 0
|
elif [ -d "$keydir" ]; then
|
||||||
elif [ "${state_is}" = "present" ]; then
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
# Using key servers to fetch the key
|
|
||||||
if [ ! -f "$__object/parameter/use-deprecated-apt-key" ]; then
|
|
||||||
# we need to kill gpg after 30 seconds, because gpg
|
# we need to kill gpg after 30 seconds, because gpg
|
||||||
# can get stuck if keyserver is not responding.
|
# can get stuck if keyserver is not responding.
|
||||||
# exporting env var and not exit 1,
|
# exporting env var and not exit 1,
|
||||||
|
@ -84,16 +100,13 @@ EOF
|
||||||
echo "added '$keyid'" >> "$__messages_out"
|
echo "added '$keyid'" >> "$__messages_out"
|
||||||
;;
|
;;
|
||||||
absent)
|
absent)
|
||||||
# Removal for keys added from a keyserver without this flag
|
if [ -f "$keyfile" ]; then
|
||||||
# is done in the manifest
|
echo "rm '$keyfile'"
|
||||||
if [ "$state_is" != "absent" ] && \
|
else
|
||||||
[ -f "$__object/parameter/use-deprecated-apt-key" ]; then
|
|
||||||
# fallback to deprecated apt-key
|
# fallback to deprecated apt-key
|
||||||
echo "apt-key del \"$keyid\""
|
echo "apt-key del \"$keyid\""
|
||||||
echo "removed '$keyid'" >> "$__messages_out"
|
|
||||||
# Propagate messages if needed
|
|
||||||
elif grep -Eq "^__file$keyfile" "$__messages_in"; then
|
|
||||||
echo "removed '$keyid'" >> "$__messages_out"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
echo "removed '$keyid'" >> "$__messages_out"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
|
@ -10,14 +10,6 @@ DESCRIPTION
|
||||||
-----------
|
-----------
|
||||||
Manages the list of keys used by apt to authenticate packages.
|
Manages the list of keys used by apt to authenticate packages.
|
||||||
|
|
||||||
This is done by placing the requested key in a file named
|
|
||||||
``$__object_id.gpg`` in the ``keydir`` directory.
|
|
||||||
|
|
||||||
This is supported by modern releases of Debian-based distributions.
|
|
||||||
|
|
||||||
In order of preference, exactly one of: ``source``, ``uri`` or ``keyid``
|
|
||||||
must be specified.
|
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
|
@ -26,49 +18,21 @@ None.
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
keydir
|
|
||||||
keyring directory, defaults to ``/etc/apt/trusted.pgp.d``, which is
|
|
||||||
enabled system-wide by default.
|
|
||||||
|
|
||||||
source
|
|
||||||
path to a file containing the GPG key of the repository.
|
|
||||||
Using this is recommended as it ensures that the manifest/type manintainer
|
|
||||||
has validated the key.
|
|
||||||
If ``-``, the GPG key is read from the type's stdin.
|
|
||||||
|
|
||||||
state
|
state
|
||||||
'present' or 'absent'. Defaults to 'present'
|
'present' or 'absent'. Defaults to 'present'
|
||||||
|
|
||||||
uri
|
|
||||||
the URI from which to download the key.
|
|
||||||
It is highly recommended that you only use protocols with TLS like HTTPS.
|
|
||||||
This uses ``__download`` but does not use checksums, if you want to ensure
|
|
||||||
that the key doesn't change, you are better off downloading it and using
|
|
||||||
``--source``.
|
|
||||||
|
|
||||||
|
|
||||||
DEPRECATED OPTIONAL PARAMETERS
|
|
||||||
------------------------------
|
|
||||||
keyid
|
keyid
|
||||||
the id of the key to download from the ``keyserver``.
|
the id of the key to add. Defaults to __object_id
|
||||||
This is to be used in absence of ``--source`` and ``--uri`` or together
|
|
||||||
with ``--use-deprecated-apt-key`` for key removal.
|
|
||||||
Defaults to ``$__object_id``.
|
|
||||||
|
|
||||||
keyserver
|
keyserver
|
||||||
the keyserver from which to fetch the key.
|
the keyserver from which to fetch the key. If omitted the default set
|
||||||
Defaults to ``pool.sks-keyservers.net``.
|
in ./parameter/default/keyserver is used.
|
||||||
|
|
||||||
|
keydir
|
||||||
|
key save location, defaults to ``/etc/apt/trusted.pgp.d``
|
||||||
|
|
||||||
DEPRECATED BOOLEAN PARAMETERS
|
uri
|
||||||
-----------------------------
|
the URI from which to download the key
|
||||||
use-deprecated-apt-key
|
|
||||||
``apt-key(8)`` will last be available in Debian 11 and Ubuntu 22.04.
|
|
||||||
You can use this parameter to force usage of ``apt-key(8)``.
|
|
||||||
Please only use this parameter to *remove* keys from the keyring,
|
|
||||||
in order to prepare for removal of ``apt-key``.
|
|
||||||
Adding keys should be done without this parameter.
|
|
||||||
This parameter will be removed when Debian 11 stops being supported.
|
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
|
@ -76,39 +40,33 @@ EXAMPLES
|
||||||
|
|
||||||
.. code-block:: sh
|
.. code-block:: sh
|
||||||
|
|
||||||
# add a key that has been verified by a type maintainer
|
# Add Ubuntu Archive Automatic Signing Key
|
||||||
__apt_key jitsi_meet_2021 \
|
__apt_key 437D05B5
|
||||||
--source cdist-contrib/type/__jitsi_meet/files/apt_2021.gpg
|
# Same thing
|
||||||
|
__apt_key 437D05B5 --state present
|
||||||
|
# Get rid of it
|
||||||
|
__apt_key 437D05B5 --state absent
|
||||||
|
|
||||||
# remove an old, deprecated or expired key
|
# same thing with human readable name and explicit keyid
|
||||||
__apt_key jitsi_meet_2016 --state absent
|
__apt_key UbuntuArchiveKey --keyid 437D05B5
|
||||||
|
|
||||||
# Get rid of a key that might have been added to
|
# same thing with other keyserver
|
||||||
# /etc/apt/trusted.gpg with apt-key
|
__apt_key UbuntuArchiveKey --keyid 437D05B5 --keyserver keyserver.ubuntu.com
|
||||||
__apt_key 0x40976EAF437D05B5 --use-deprecated-apt-key --state absent
|
|
||||||
|
|
||||||
# add a key that we define in-line
|
# download key from the internet
|
||||||
__apt_key jitsi_meet_2021 --source '-' <<EOF
|
__apt_key rabbitmq \
|
||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
--uri http://www.rabbitmq.com/rabbitmq-signing-key-public.asc
|
||||||
[...]
|
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# download or update key from the internet
|
|
||||||
__apt_key rabbitmq_2007 \
|
|
||||||
--uri https://www.rabbitmq.com/rabbitmq-signing-key-public.asc
|
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
AUTHORS
|
||||||
-------
|
-------
|
||||||
Steven Armstrong <steven-cdist--@--armstrong.cc>
|
Steven Armstrong <steven-cdist--@--armstrong.cc>
|
||||||
Ander Punnar <ander-at-kvlt-dot-ee>
|
Ander Punnar <ander-at-kvlt-dot-ee>
|
||||||
Evilham <contact~~@~~evilham.com>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
COPYING
|
||||||
-------
|
-------
|
||||||
Copyright \(C) 2011-2021 Steven Armstrong, Ander Punnar and Evilham. You can
|
Copyright \(C) 2011-2019 Steven Armstrong and Ander Punnar. You can
|
||||||
redistribute it and/or modify it under the terms of the GNU General Public
|
redistribute it and/or modify it under the terms of the GNU General Public
|
||||||
License as published by the Free Software Foundation, either version 3 of the
|
License as published by the Free Software Foundation, either version 3 of the
|
||||||
License, or (at your option) any later version.
|
License, or (at your option) any later version.
|
||||||
|
|
|
@ -2,105 +2,7 @@
|
||||||
|
|
||||||
__package gnupg
|
__package gnupg
|
||||||
|
|
||||||
state_should="$(cat "${__object}/parameter/state")"
|
if [ -f "$__object/parameter/uri" ]
|
||||||
|
then __package curl
|
||||||
incompatible_args()
|
else __package dirmngr
|
||||||
{
|
|
||||||
cat >> /dev/stderr <<-EOF
|
|
||||||
This type does not support --${1} and --${method} simultaneously.
|
|
||||||
EOF
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
if [ -f "${__object}/parameter/source" ]; then
|
|
||||||
method="source"
|
|
||||||
src="$(cat "${__object}/parameter/source")"
|
|
||||||
if [ "${src}" = "-" ]; then
|
|
||||||
src="${__object}/stdin"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
if [ -f "${__object}/parameter/uri" ]; then
|
|
||||||
if [ -n "${method}" ]; then
|
|
||||||
incompatible_args uri
|
|
||||||
fi
|
|
||||||
method="uri"
|
|
||||||
src="$(cat "${__object}/parameter/uri")"
|
|
||||||
fi
|
|
||||||
if [ -f "${__object}/parameter/keyid" ]; then
|
|
||||||
if [ -n "${method}" ]; then
|
|
||||||
incompatible_args keyid
|
|
||||||
fi
|
|
||||||
method="keyid"
|
|
||||||
fi
|
|
||||||
# Keep old default
|
|
||||||
if [ -z "${method}" ]; then
|
|
||||||
method="keyid"
|
|
||||||
fi
|
|
||||||
# Save this for later in gencode-remote
|
|
||||||
echo "${method}" > "${__object}/key_method"
|
|
||||||
|
|
||||||
# Required remotely (most likely already installed)
|
|
||||||
__package dirmngr
|
|
||||||
# We need this in case a key has to be dearmor'd
|
|
||||||
__package gnupg
|
|
||||||
export require="__package/gnupg"
|
|
||||||
|
|
||||||
if [ -f "${__object}/parameter/use-deprecated-apt-key" ]; then
|
|
||||||
# This is required if apt-key(8) is to be used
|
|
||||||
if [ "${method}" = "source" ] || [ "${method}" = "uri" ]; then
|
|
||||||
incompatible_args use-deprecated-apt-key
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
if [ "${state_should}" = "absent" ] && \
|
|
||||||
[ -f "${__object}/parameter/keyid" ]; then
|
|
||||||
cat >> /dev/stderr <<EOF
|
|
||||||
You can't reliably remove by keyid without --use-deprecated-apt-key.
|
|
||||||
This would very likely do something you do not intend.
|
|
||||||
EOF
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
keydir="$(cat "${__object}/parameter/keydir")"
|
|
||||||
keyfile="${keydir}/${__object_id}.gpg"
|
|
||||||
keyfilecdist="${keyfile}.cdist"
|
|
||||||
if [ "${state_should}" != "absent" ]; then
|
|
||||||
# Ensure keydir exists
|
|
||||||
__directory "${keydir}" --state exists --mode 0755
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "${state_should}" = "absent" ]; then
|
|
||||||
__file "${keyfile}" --state "absent"
|
|
||||||
__file "${keyfilecdist}" --state "absent"
|
|
||||||
elif [ "${method}" = "source" ] || [ "${method}" = "uri" ]; then
|
|
||||||
dearmor="$(cat <<-EOF
|
|
||||||
if [ '${state_should}' = 'present' ]; then
|
|
||||||
# Dearmor if necessary
|
|
||||||
if grep -Fq 'BEGIN PGP PUBLIC KEY BLOCK' '${keyfilecdist}'; then
|
|
||||||
gpg --dearmor < '${keyfilecdist}' > '${keyfile}'
|
|
||||||
else
|
|
||||||
cp '${keyfilecdist}' '${keyfile}'
|
|
||||||
fi
|
|
||||||
# Ensure permissions
|
|
||||||
chown root '${keyfile}'
|
|
||||||
chmod 0444 '${keyfile}'
|
|
||||||
fi
|
|
||||||
EOF
|
|
||||||
)"
|
|
||||||
|
|
||||||
if [ "${method}" = "uri" ]; then
|
|
||||||
__download "${keyfilecdist}" \
|
|
||||||
--url "${src}" \
|
|
||||||
--onchange "${dearmor}"
|
|
||||||
require="__download${keyfilecdist}" \
|
|
||||||
__file "${keyfile}" \
|
|
||||||
--owner root \
|
|
||||||
--mode 0444 \
|
|
||||||
--state pre-exists
|
|
||||||
else
|
|
||||||
__file "${keyfilecdist}" --state "${state_should}" \
|
|
||||||
--mode 0444 \
|
|
||||||
--source "${src}" \
|
|
||||||
--onchange "${dearmor}"
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
use-deprecated-apt-key
|
|
|
@ -1,3 +0,0 @@
|
||||||
apt-key(8) will last be available in Debian 11 and Ubuntu 22.04.
|
|
||||||
Use this flag *only* to migrate to placing a keyring directly in the
|
|
||||||
/etc/apt/trusted.gpg.d/ directory with a descriptive name.
|
|
|
@ -1,6 +1,5 @@
|
||||||
keydir
|
state
|
||||||
keyid
|
keyid
|
||||||
keyserver
|
keyserver
|
||||||
source
|
keydir
|
||||||
state
|
|
||||||
uri
|
uri
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
Please migrate to using __apt_key key_id --uri URI.
|
|
|
@ -32,12 +32,11 @@ EXAMPLES
|
||||||
AUTHORS
|
AUTHORS
|
||||||
-------
|
-------
|
||||||
Steven Armstrong <steven-cdist--@--armstrong.cc>
|
Steven Armstrong <steven-cdist--@--armstrong.cc>
|
||||||
Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
COPYING
|
||||||
-------
|
-------
|
||||||
Copyright \(C) 2014 Steven Armstrong, 2020 Dennis Camera.
|
Copyright \(C) 2014 Steven Armstrong. You can redistribute it
|
||||||
You can redistribute it and/or modify it under the terms of the GNU General
|
and/or modify it under the terms of the GNU General Public License as
|
||||||
Public License as published by the Free Software Foundation, either version 3 of
|
published by the Free Software Foundation, either version 3 of the
|
||||||
the License, or (at your option) any later version.
|
License, or (at your option) any later version.
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh -e
|
||||||
#
|
#
|
||||||
# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
|
# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
|
||||||
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -20,28 +19,26 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
os=$(cat "${__global:?}/explorer/os")
|
os=$(cat "$__global/explorer/os")
|
||||||
|
|
||||||
case ${os}
|
case "$os" in
|
||||||
in
|
ubuntu|debian|devuan)
|
||||||
(ubuntu|debian|devuan)
|
# No stinking recommends thank you very much.
|
||||||
__file /etc/apt/apt.conf.d/00InstallRecommends --state present \
|
# If I want something installed I will do so myself.
|
||||||
--owner root --group root --mode 0644 --source - <<-'EOF'
|
__file /etc/apt/apt.conf.d/99-no-recommends \
|
||||||
APT::Install-Recommends "false";
|
--owner root --group root --mode 644 \
|
||||||
APT::Install-Suggests "false";
|
--source - << DONE
|
||||||
APT::AutoRemove::RecommendsImportant "false";
|
APT::Install-Recommends "0";
|
||||||
APT::AutoRemove::SuggestsImportant "false";
|
APT::Install-Suggests "0";
|
||||||
EOF
|
APT::AutoRemove::RecommendsImportant "0";
|
||||||
|
APT::AutoRemove::SuggestsImportant "0";
|
||||||
# TODO: Remove the following object after some time
|
DONE
|
||||||
require=__file/etc/apt/apt.conf.d/00InstallRecommends \
|
;;
|
||||||
__file /etc/apt/apt.conf.d/99-no-recommends --state absent
|
*)
|
||||||
;;
|
cat >&2 << DONE
|
||||||
(*)
|
|
||||||
cat >&2 <<EOF
|
|
||||||
The developer of this type (${__type##*/}) did not think your operating system
|
The developer of this type (${__type##*/}) did not think your operating system
|
||||||
($os) would have any use for it. If you think otherwise please submit a patch.
|
($os) would have any use for it. If you think otherwise please submit a patch.
|
||||||
EOF
|
DONE
|
||||||
exit 1
|
exit 1
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
|
@ -1,79 +0,0 @@
|
||||||
cdist-type__apt_pin(7)
|
|
||||||
======================
|
|
||||||
|
|
||||||
NAME
|
|
||||||
----
|
|
||||||
cdist-type__apt_pin - Manage apt pinning rules
|
|
||||||
|
|
||||||
|
|
||||||
DESCRIPTION
|
|
||||||
-----------
|
|
||||||
Adds/removes/edits rules to pin some packages to a specific distribution. Useful if using multiple debian repositories at the same time. (Useful, if one wants to use a few specific packages from backports or perhaps Debain testing... or even sid.)
|
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
|
||||||
-------------------
|
|
||||||
distribution
|
|
||||||
Specifies what distribution the package should be pinned to. Accepts both codenames (buster/bullseye/sid) and suite names (stable/testing/...).
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
|
||||||
-------------------
|
|
||||||
package
|
|
||||||
Package name, glob or regular expression to match (multiple) packages. If not specified `__object_id` is used.
|
|
||||||
|
|
||||||
priority
|
|
||||||
The priority value to assign to matching packages. Deafults to 500. (To match the default target distro's priority)
|
|
||||||
|
|
||||||
state
|
|
||||||
Will be passed to underlying `__file` type; see there for valid values and defaults.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
BOOLEAN PARAMETERS
|
|
||||||
------------------
|
|
||||||
None.
|
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
|
||||||
--------
|
|
||||||
|
|
||||||
.. code-block:: sh
|
|
||||||
|
|
||||||
# Add the bullseye repo to buster, but do not install any packages by default,
|
|
||||||
# only if explicitely asked for (-1 means "never" for apt)
|
|
||||||
__apt_pin bullseye-default \
|
|
||||||
--package "*" \
|
|
||||||
--distribution bullseye \
|
|
||||||
--priority -1
|
|
||||||
|
|
||||||
require="__apt_pin/bullseye-default" __apt_source bullseye \
|
|
||||||
--uri http://deb.debian.org/debian/ \
|
|
||||||
--distribution bullseye \
|
|
||||||
--component main
|
|
||||||
|
|
||||||
__apt_pin foo --package "foo foo-*" --distribution bullseye
|
|
||||||
|
|
||||||
__foo # Assuming, this installs the `foo` package internally
|
|
||||||
|
|
||||||
__package foo-plugin-extras # Assuming we also need some extra stuff
|
|
||||||
|
|
||||||
|
|
||||||
SEE ALSO
|
|
||||||
--------
|
|
||||||
:strong:`apt_preferences`\ (5)
|
|
||||||
:strong:`cdist-type__apt_source`\ (7)
|
|
||||||
:strong:`cdist-type__apt_backports`\ (7)
|
|
||||||
:strong:`cdist-type__file`\ (7)
|
|
||||||
|
|
||||||
AUTHORS
|
|
||||||
-------
|
|
||||||
Daniel Fancsali <fancsali@gmail.com>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
|
||||||
-------
|
|
||||||
Copyright \(C) 2021 Daniel Fancsali. You can redistribute it
|
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
|
||||||
published by the Free Software Foundation, either version 3 of the
|
|
||||||
License, or (at your option) any later version.
|
|
|
@ -1,63 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2021 Daniel Fancsali (fancsali@gmail.com)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
|
|
||||||
|
|
||||||
name="$__object_id"
|
|
||||||
|
|
||||||
os=$(cat "$__global/explorer/os")
|
|
||||||
state="$(cat "$__object/parameter/state")"
|
|
||||||
|
|
||||||
if [ -f "$__object/parameter/package" ]; then
|
|
||||||
package="$(cat "$__object/parameter/package")"
|
|
||||||
else
|
|
||||||
package=$name
|
|
||||||
fi
|
|
||||||
|
|
||||||
distribution="$(cat "$__object/parameter/distribution")"
|
|
||||||
priority="$(cat "$__object/parameter/priority")"
|
|
||||||
|
|
||||||
|
|
||||||
case "$os" in
|
|
||||||
debian|ubuntu|devuan)
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
printf "This type is specific to Debian and it's derivatives" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
case $distribution in
|
|
||||||
stable|testing|unstable|experimental)
|
|
||||||
pin="release a=$distribution"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
pin="release n=$distribution"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
|
|
||||||
__file "/etc/apt/preferences.d/$name" \
|
|
||||||
--owner root --group root --mode 0644 \
|
|
||||||
--state "$state" \
|
|
||||||
--source - << EOF
|
|
||||||
Package: $package
|
|
||||||
Pin: $pin
|
|
||||||
Pin-Priority: $priority
|
|
||||||
EOF
|
|
|
@ -1 +0,0 @@
|
||||||
present
|
|
|
@ -1,2 +0,0 @@
|
||||||
state
|
|
||||||
package
|
|
|
@ -1,2 +0,0 @@
|
||||||
distribution
|
|
||||||
priority
|
|
|
@ -22,21 +22,7 @@
|
||||||
name="$__object_id"
|
name="$__object_id"
|
||||||
destination="/etc/apt/sources.list.d/${name}.list"
|
destination="/etc/apt/sources.list.d/${name}.list"
|
||||||
|
|
||||||
# There are special arguments to apt(8) to prevent aborts if apt woudn't been
|
|
||||||
# updated after the 19th April 2021 till the bullseye release. The additional
|
|
||||||
# arguments acknoledge the happend suite change (the apt(8) update does the
|
|
||||||
# same by itself).
|
|
||||||
#
|
|
||||||
# Using '-o $config' instead of the --allow-releaseinfo-change-* parameter
|
|
||||||
# allows backward compatablility to pre-buster Debian versions.
|
|
||||||
#
|
|
||||||
# See more: ticket #861
|
|
||||||
# https://code.ungleich.ch/ungleich-public/cdist/-/issues/861
|
|
||||||
apt_opts="-o Acquire::AllowReleaseInfoChange::Suite=true -o Acquire::AllowReleaseInfoChange::Version=true"
|
|
||||||
|
|
||||||
# run 'apt-get update' only if something changed with our sources.list file
|
|
||||||
# it will be run a second time on error as a redundancy messure to success
|
|
||||||
if grep -q "^__file${destination}" "$__messages_in"; then
|
if grep -q "^__file${destination}" "$__messages_in"; then
|
||||||
printf 'apt-get %s update || apt-get %s update\n' "$apt_opts" "$apt_opts"
|
printf 'apt-get update || apt-get update\n'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -18,23 +18,9 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
# There are special arguments to apt(8) to prevent aborts if apt woudn't been
|
|
||||||
# updated after the 19th April 2021 till the bullseye release. The additional
|
|
||||||
# arguments acknoledge the happend suite change (the apt(8) update does the
|
|
||||||
# same by itself).
|
|
||||||
#
|
|
||||||
# Using '-o $config' instead of the --allow-releaseinfo-change-* parameter
|
|
||||||
# allows backward compatablility to pre-buster Debian versions.
|
|
||||||
#
|
|
||||||
# See more: ticket #861
|
|
||||||
# https://code.ungleich.ch/ungleich-public/cdist/-/issues/861
|
|
||||||
apt_opts="-o Acquire::AllowReleaseInfoChange::Suite=true -o Acquire::AllowReleaseInfoChange::Version=true"
|
|
||||||
|
|
||||||
# run 'apt-get update' if anything in /etc/apt is newer then /var/lib/apt/lists
|
# run 'apt-get update' if anything in /etc/apt is newer then /var/lib/apt/lists
|
||||||
# it will be run a second time on error as a redundancy messure to success
|
|
||||||
cat << DONE
|
cat << DONE
|
||||||
if find /etc/apt -mindepth 1 -cnewer /var/lib/apt/lists | grep . > /dev/null; then
|
if find /etc/apt -mindepth 1 -cnewer /var/lib/apt/lists | grep . > /dev/null; then
|
||||||
apt-get $apt_opts update || apt-get $apt_opts update
|
apt-get update || apt-get update
|
||||||
fi
|
fi
|
||||||
DONE
|
DONE
|
||||||
|
|
|
@ -46,29 +46,28 @@ fi
|
||||||
|
|
||||||
remove_block() {
|
remove_block() {
|
||||||
cat << DONE
|
cat << DONE
|
||||||
tmpfile=\$(mktemp ${quoted_file}.cdist.XXXXXXXXXX)
|
tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
|
||||||
# preserve ownership and permissions of existing file
|
# preserve ownership and permissions of existing file
|
||||||
if [ -f $quoted_file ]; then
|
if [ -f "$file" ]; then
|
||||||
cp -p $quoted_file "\$tmpfile"
|
cp -p "$file" "\$tmpfile"
|
||||||
fi
|
fi
|
||||||
awk -v prefix=$(quote "$prefix") -v suffix=$(quote "$suffix") '
|
awk -v prefix=^$(quote "$prefix")\$ -v suffix=^$(quote "$suffix")\$ '
|
||||||
{
|
{
|
||||||
if (\$0 == prefix) {
|
if (match(\$0,prefix)) {
|
||||||
triggered=1
|
triggered=1
|
||||||
}
|
}
|
||||||
if (triggered) {
|
if (triggered) {
|
||||||
if (\$0 == suffix) {
|
if (match(\$0,suffix)) {
|
||||||
triggered=0
|
triggered=0
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
print
|
print
|
||||||
}
|
}
|
||||||
}' $quoted_file > "\$tmpfile"
|
}' "$file" > "\$tmpfile"
|
||||||
mv -f "\$tmpfile" $quoted_file
|
mv -f "\$tmpfile" "$file"
|
||||||
DONE
|
DONE
|
||||||
}
|
}
|
||||||
|
|
||||||
quoted_file="$(quote "$file")"
|
|
||||||
case "$state_should" in
|
case "$state_should" in
|
||||||
present)
|
present)
|
||||||
if [ "$state_is" = "changed" ]; then
|
if [ "$state_is" = "changed" ]; then
|
||||||
|
@ -78,7 +77,7 @@ case "$state_should" in
|
||||||
echo add >> "$__messages_out"
|
echo add >> "$__messages_out"
|
||||||
fi
|
fi
|
||||||
cat << DONE
|
cat << DONE
|
||||||
cat >> $quoted_file << '${__type##*/}_DONE'
|
cat >> "$file" << ${__type##*/}_DONE
|
||||||
$(cat "$block")
|
$(cat "$block")
|
||||||
${__type##*/}_DONE
|
${__type##*/}_DONE
|
||||||
DONE
|
DONE
|
||||||
|
|
|
@ -1,142 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
# Determine current debconf selections' state.
|
|
||||||
# Prints one of:
|
|
||||||
# present: all selections are already set as they should.
|
|
||||||
# different: one or more of the selections have a different value.
|
|
||||||
# absent: one or more of the selections are not (currently) defined.
|
|
||||||
#
|
|
||||||
|
|
||||||
test -x /usr/bin/perl || {
|
|
||||||
# cannot find perl (no perl ~ no debconf)
|
|
||||||
echo 'absent'
|
|
||||||
exit 0
|
|
||||||
}
|
|
||||||
|
|
||||||
linesfile="${__object:?}/parameter/line"
|
|
||||||
test -s "${linesfile}" || {
|
|
||||||
if test -s "${__object:?}/parameter/file"
|
|
||||||
then
|
|
||||||
echo absent
|
|
||||||
else
|
|
||||||
echo present
|
|
||||||
fi
|
|
||||||
exit 0
|
|
||||||
}
|
|
||||||
|
|
||||||
# assert __type_explorer is set (because it is used by the Perl script)
|
|
||||||
: "${__type_explorer:?}"
|
|
||||||
|
|
||||||
/usr/bin/perl -- - "${linesfile}" <<'EOF'
|
|
||||||
use strict;
|
|
||||||
use warnings "all";
|
|
||||||
|
|
||||||
use Fcntl qw(:DEFAULT :flock);
|
|
||||||
|
|
||||||
use Debconf::Db;
|
|
||||||
use Debconf::Question;
|
|
||||||
|
|
||||||
# Extract @known... arrays from debconf-set-selections
|
|
||||||
# These values are required to distinguish flags and values in the given lines.
|
|
||||||
# DC: I couldn't think of a more ugly solution to the problem…
|
|
||||||
my @knownflags;
|
|
||||||
my @knowntypes;
|
|
||||||
my $debconf_set_selections = '/usr/bin/debconf-set-selections';
|
|
||||||
if (-e $debconf_set_selections) {
|
|
||||||
my $sed_known = 's/^my \(@known\(flags\|types\) = qw([a-z ]*);\).*$/\1/p';
|
|
||||||
eval `sed -n '$sed_known' '$debconf_set_selections'`;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub mungeline ($) {
|
|
||||||
my $line = shift;
|
|
||||||
chomp $line;
|
|
||||||
$line =~ s/\r$//;
|
|
||||||
return $line;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub fatal { printf STDERR @_; exit 1; }
|
|
||||||
|
|
||||||
my $state = 'present';
|
|
||||||
|
|
||||||
sub state {
|
|
||||||
my $new = shift;
|
|
||||||
if ($state eq 'present'
|
|
||||||
or ($state eq 'different' and $new eq 'absent')) {
|
|
||||||
$state = $new;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
# Load Debconf DB but manually lock on the state explorer script,
|
|
||||||
# because Debconf aborts immediately if executed concurrently.
|
|
||||||
# This is not really an ideal solution because the Debconf DB could be locked by
|
|
||||||
# another process (e.g. apt-get), but no way to achieve this could be found.
|
|
||||||
# If you know how to, please provide a patch.
|
|
||||||
my $lockfile = "%ENV{'__type_explorer'}/state";
|
|
||||||
if (open my $lock_fh, '+<', $lockfile) {
|
|
||||||
flock $lock_fh, LOCK_EX or die "Cannot lock $lockfile";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
Debconf::Db->load(readonly => 'true');
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
while (<>) {
|
|
||||||
# Read and process lines (taken from debconf-set-selections)
|
|
||||||
$_ = mungeline($_);
|
|
||||||
while (/\\$/ && ! eof) {
|
|
||||||
s/\\$//;
|
|
||||||
$_ .= mungeline(<>);
|
|
||||||
}
|
|
||||||
next if /^\s*$/ || /^\s*\#/;
|
|
||||||
|
|
||||||
my ($owner, $label, $type, $content) = /^\s*(\S+)\s+(\S+)\s+(\S+)(?:\s(.*))?/
|
|
||||||
or fatal "invalid line: %s\n", $_;
|
|
||||||
$content = '' unless defined $content;
|
|
||||||
|
|
||||||
|
|
||||||
# Compare is and should state
|
|
||||||
my $q = Debconf::Question->get($label);
|
|
||||||
|
|
||||||
unless (defined $q) {
|
|
||||||
# probably a preseed
|
|
||||||
state 'absent';
|
|
||||||
next;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (grep { $_ eq $q->type } @knownflags) {
|
|
||||||
# This line wants to set a flag, presumably.
|
|
||||||
if ($q->flag($q->type) ne $content) {
|
|
||||||
state 'different';
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
# Otherwise, it's probably a value…
|
|
||||||
if ($q->value ne $content) {
|
|
||||||
state 'different';
|
|
||||||
}
|
|
||||||
|
|
||||||
unless (grep { $_ eq $owner } (split /, /, $q->owners)) {
|
|
||||||
state 'different';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
printf "%s\n", $state;
|
|
||||||
EOF
|
|
|
@ -1,7 +1,6 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh -e
|
||||||
#
|
#
|
||||||
# 2011-2014 Nico Schottelius (nico-cdist at schottelius.org)
|
# 2011-2014 Nico Schottelius (nico-cdist at schottelius.org)
|
||||||
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -18,37 +17,16 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
|
#
|
||||||
|
# Setup selections
|
||||||
|
#
|
||||||
|
|
||||||
if test -f "${__object:?}/parameter/line"
|
filename="$(cat "$__object/parameter/file")"
|
||||||
then
|
|
||||||
filename="${__object:?}/parameter/line"
|
if [ "$filename" = "-" ]; then
|
||||||
elif test -s "${__object:?}/parameter/file"
|
filename="$__object/stdin"
|
||||||
then
|
|
||||||
filename=$(cat "${__object:?}/parameter/file")
|
|
||||||
if test "${filename}" = '-'
|
|
||||||
then
|
|
||||||
filename="${__object:?}/stdin"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
printf 'Neither --line nor --file set.\n' >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# setting no lines makes no sense
|
echo "debconf-set-selections << __file-eof"
|
||||||
test -s "${filename}" || exit 0
|
cat "$filename"
|
||||||
|
echo "__file-eof"
|
||||||
state_is=$(cat "${__object:?}/explorer/state")
|
|
||||||
|
|
||||||
if test "${state_is}" != 'present'
|
|
||||||
then
|
|
||||||
cat <<-CODE
|
|
||||||
debconf-set-selections <<'EOF'
|
|
||||||
$(cat "${filename}")
|
|
||||||
EOF
|
|
||||||
CODE
|
|
||||||
|
|
||||||
awk '
|
|
||||||
{
|
|
||||||
printf "set %s %s %s %s\n", $1, $2, $3, $4
|
|
||||||
}' "${filename}" >>"${__messages_out:?}"
|
|
||||||
fi
|
|
||||||
|
|
|
@ -8,33 +8,15 @@ cdist-type__debconf_set_selections - Setup debconf selections
|
||||||
|
|
||||||
DESCRIPTION
|
DESCRIPTION
|
||||||
-----------
|
-----------
|
||||||
On Debian and alike systems :strong:`debconf-set-selections`\ (1) can be used
|
On Debian and alike systems debconf-set-selections(1) can be used
|
||||||
to setup configuration parameters.
|
to setup configuration parameters.
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
cf. ``--line``.
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
|
||||||
-------------------
|
|
||||||
file
|
file
|
||||||
Use the given filename as input for :strong:`debconf-set-selections`\ (1)
|
Use the given filename as input for debconf-set-selections(1)
|
||||||
If filename is ``-``, read from stdin.
|
If filename is "-", read from stdin.
|
||||||
|
|
||||||
**This parameter is deprecated, because it doesn't work with state detection.**
|
|
||||||
line
|
|
||||||
A line in :strong:`debconf-set-selections`\ (1) compatible format.
|
|
||||||
This parameter can be used multiple times to set multiple options.
|
|
||||||
|
|
||||||
(This parameter is actually required, but marked optional because the
|
|
||||||
deprecated ``--file`` is still accepted.)
|
|
||||||
|
|
||||||
|
|
||||||
BOOLEAN PARAMETERS
|
|
||||||
------------------
|
|
||||||
None.
|
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
|
@ -42,29 +24,30 @@ EXAMPLES
|
||||||
|
|
||||||
.. code-block:: sh
|
.. code-block:: sh
|
||||||
|
|
||||||
# Setup gitolite's gituser
|
# Setup configuration for nslcd
|
||||||
__debconf_set_selections nslcd --line 'gitolite gitolite/gituser string git'
|
__debconf_set_selections nslcd --file /path/to/file
|
||||||
|
|
||||||
# Setup configuration for nslcd from a file.
|
# Setup configuration for nslcd from another type
|
||||||
# NB: Multiple lines can be passed to --line, although this can be considered a hack.
|
__debconf_set_selections nslcd --file "$__type/files/preseed/nslcd"
|
||||||
__debconf_set_selections nslcd --line "$(cat "${__files:?}/preseed/nslcd.debconf")"
|
|
||||||
|
__debconf_set_selections nslcd --file - << eof
|
||||||
|
gitolite gitolite/gituser string git
|
||||||
|
eof
|
||||||
|
|
||||||
|
|
||||||
SEE ALSO
|
SEE ALSO
|
||||||
--------
|
--------
|
||||||
- :strong:`cdist-type__update_alternatives`\ (7)
|
:strong:`debconf-set-selections`\ (1), :strong:`cdist-type__update_alternatives`\ (7)
|
||||||
- :strong:`debconf-set-selections`\ (1)
|
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
AUTHORS
|
||||||
-------
|
-------
|
||||||
| Nico Schottelius <nico-cdist--@--schottelius.org>
|
Nico Schottelius <nico-cdist--@--schottelius.org>
|
||||||
| Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
COPYING
|
||||||
-------
|
-------
|
||||||
Copyright \(C) 2011-2014 Nico Schottelius, 2021 Dennis Camera.
|
Copyright \(C) 2011-2014 Nico Schottelius. You can redistribute it
|
||||||
You can redistribute it and/or modify it under the terms of the GNU General
|
and/or modify it under the terms of the GNU General Public License as
|
||||||
Public License as published by the Free Software Foundation, either version 3 of
|
published by the Free Software Foundation, either version 3 of the
|
||||||
the License, or (at your option) any later version.
|
License, or (at your option) any later version.
|
||||||
|
|
|
@ -1,21 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
|
|
||||||
__package_apt debconf
|
|
|
@ -1 +0,0 @@
|
||||||
'file' has been deprecated in favour of 'line' in order to provide idempotency.
|
|
|
@ -1 +0,0 @@
|
||||||
line
|
|
|
@ -25,9 +25,6 @@ user
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
|
|
||||||
dirmode
|
|
||||||
forwarded to :strong:`__directory` type as mode
|
|
||||||
|
|
||||||
mode
|
mode
|
||||||
forwarded to :strong:`__file` type
|
forwarded to :strong:`__file` type
|
||||||
|
|
||||||
|
|
|
@ -19,7 +19,6 @@ set -eu
|
||||||
user="$(cat "${__object}/parameter/user")"
|
user="$(cat "${__object}/parameter/user")"
|
||||||
home="$(cat "${__object}/explorer/home")"
|
home="$(cat "${__object}/explorer/home")"
|
||||||
primary_group="$(cat "${__object}/explorer/primary_group")"
|
primary_group="$(cat "${__object}/explorer/primary_group")"
|
||||||
dirmode="$(cat "${__object}/parameter/dirmode")"
|
|
||||||
|
|
||||||
# Create parent directory. Type __directory has flag 'parents', but it
|
# Create parent directory. Type __directory has flag 'parents', but it
|
||||||
# will leave us with root-owned directory in user home, which is not
|
# will leave us with root-owned directory in user home, which is not
|
||||||
|
@ -37,7 +36,6 @@ export CDIST_ORDER_DEPENDENCY
|
||||||
for dir ; do
|
for dir ; do
|
||||||
__directory "${home}/${dir}" \
|
__directory "${home}/${dir}" \
|
||||||
--group "${primary_group}" \
|
--group "${primary_group}" \
|
||||||
--mode "${dirmode}" \
|
|
||||||
--owner "${user}"
|
--owner "${user}"
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
0700
|
|
|
@ -1,4 +1,3 @@
|
||||||
state
|
state
|
||||||
mode
|
mode
|
||||||
source
|
source
|
||||||
dirmode
|
|
||||||
|
|
19
cdist/conf/type/__download/explorer/remote_cmd
Executable file
19
cdist/conf/type/__download/explorer/remote_cmd
Executable file
|
@ -0,0 +1,19 @@
|
||||||
|
#!/bin/sh -e
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/cmd-get" ]
|
||||||
|
then
|
||||||
|
cmd="$( cat "$__object/parameter/cmd-get" )"
|
||||||
|
|
||||||
|
elif command -v curl > /dev/null
|
||||||
|
then
|
||||||
|
cmd="curl -L -o - '%s'"
|
||||||
|
|
||||||
|
elif command -v fetch > /dev/null
|
||||||
|
then
|
||||||
|
cmd="fetch -o - '%s'"
|
||||||
|
|
||||||
|
else
|
||||||
|
cmd="wget -O - '%s'"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "$cmd"
|
|
@ -1,16 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
|
|
||||||
if [ -f "$__object/parameter/cmd-get" ]
|
|
||||||
then
|
|
||||||
cat "$__object/parameter/cmd-get"
|
|
||||||
elif
|
|
||||||
command -v curl > /dev/null
|
|
||||||
then
|
|
||||||
echo "curl -sSL -o - '%s'"
|
|
||||||
elif
|
|
||||||
command -v fetch > /dev/null
|
|
||||||
then
|
|
||||||
echo "fetch -o - '%s'"
|
|
||||||
else
|
|
||||||
echo "wget -O - '%s'"
|
|
||||||
fi
|
|
|
@ -1,82 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
|
|
||||||
if [ ! -f "$__object/parameter/sum" ]
|
|
||||||
then
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f "$__object/parameter/cmd-sum" ]
|
|
||||||
then
|
|
||||||
cat "$__object/parameter/cmd-sum"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
sum_should="$( cat "$__object/parameter/sum" )"
|
|
||||||
|
|
||||||
if echo "$sum_should" | grep -Fq ':'
|
|
||||||
then
|
|
||||||
sum_hash="$( echo "$sum_should" | cut -d : -f 1 )"
|
|
||||||
else
|
|
||||||
if echo "$sum_should" | grep -Eq '^[0-9]+\s[0-9]+$'
|
|
||||||
then
|
|
||||||
sum_hash='cksum'
|
|
||||||
elif
|
|
||||||
echo "$sum_should" | grep -Eiq '^[a-f0-9]{32}$'
|
|
||||||
then
|
|
||||||
sum_hash='md5'
|
|
||||||
elif
|
|
||||||
echo "$sum_should" | grep -Eiq '^[a-f0-9]{40}$'
|
|
||||||
then
|
|
||||||
sum_hash='sha1'
|
|
||||||
elif
|
|
||||||
echo "$sum_should" | grep -Eiq '^[a-f0-9]{64}$'
|
|
||||||
then
|
|
||||||
sum_hash='sha256'
|
|
||||||
else
|
|
||||||
echo 'hash format detection failed' >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
os="$( "$__explorer/os" )"
|
|
||||||
|
|
||||||
case "$sum_hash" in
|
|
||||||
cksum)
|
|
||||||
echo "cksum %s | awk '{print \$1\" \"\$2}'"
|
|
||||||
;;
|
|
||||||
md5)
|
|
||||||
case "$os" in
|
|
||||||
freebsd)
|
|
||||||
echo "md5 -q %s"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "md5sum %s | awk '{print \$1}'"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
sha1)
|
|
||||||
case "$os" in
|
|
||||||
freebsd)
|
|
||||||
echo "sha1 -q %s"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "sha1sum %s | awk '{print \$1}'"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
sha256)
|
|
||||||
case "$os" in
|
|
||||||
freebsd)
|
|
||||||
echo "sha256 -q %s"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "sha256sum %s | awk '{print \$1}'"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
# we arrive here only if --sum is given with unknown format prefix
|
|
||||||
echo "unknown hash format: $sum_hash" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
|
@ -1,11 +1,6 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh -e
|
||||||
|
|
||||||
if [ -f "$__object/parameter/destination" ]
|
dst="/$__object_id"
|
||||||
then
|
|
||||||
dst="$( cat "$__object/parameter/destination" )"
|
|
||||||
else
|
|
||||||
dst="/$__object_id"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -f "$dst" ]
|
if [ ! -f "$dst" ]
|
||||||
then
|
then
|
||||||
|
@ -13,27 +8,59 @@ then
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! -f "$__object/parameter/sum" ]
|
|
||||||
then
|
|
||||||
echo 'present'
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
sum_should="$( cat "$__object/parameter/sum" )"
|
sum_should="$( cat "$__object/parameter/sum" )"
|
||||||
|
|
||||||
if echo "$sum_should" | grep -Fq ':'
|
if [ -f "$__object/parameter/cmd-sum" ]
|
||||||
then
|
then
|
||||||
sum_should="$( echo "$sum_should" | cut -d : -f 2 )"
|
# shellcheck disable=SC2059
|
||||||
|
sum_is="$( eval "$( printf \
|
||||||
|
"$( cat "$__object/parameter/cmd-sum" )" \
|
||||||
|
"$dst" )" )"
|
||||||
|
else
|
||||||
|
os="$( "$__explorer/os" )"
|
||||||
|
|
||||||
|
if echo "$sum_should" | grep -Eq '^[0-9]+\s[0-9]+$'
|
||||||
|
then
|
||||||
|
sum_is="$( cksum "$dst" | awk '{print $1" "$2}' )"
|
||||||
|
|
||||||
|
elif echo "$sum_should" | grep -Eiq '^md5:[a-f0-9]{32}$'
|
||||||
|
then
|
||||||
|
case "$os" in
|
||||||
|
freebsd)
|
||||||
|
sum_is="md5:$( md5 -q "$dst" )"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
sum_is="md5:$( md5sum "$dst" | awk '{print $1}' )"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
elif echo "$sum_should" | grep -Eiq '^sha1:[a-f0-9]{40}$'
|
||||||
|
then
|
||||||
|
case "$os" in
|
||||||
|
freebsd)
|
||||||
|
sum_is="sha1:$( sha1 -q "$dst" )"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
sum_is="sha1:$( sha1sum "$dst" | awk '{print $1}' )"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
elif echo "$sum_should" | grep -Eiq '^sha256:[a-f0-9]{64}$'
|
||||||
|
then
|
||||||
|
case "$os" in
|
||||||
|
freebsd)
|
||||||
|
sum_is="sha256:$( sha256 -q "$dst" )"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
sum_is="sha256:$( sha256sum "$dst" | awk '{print $1}' )"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
sum_cmd="$( "$__type_explorer/remote_cmd_sum" )"
|
|
||||||
|
|
||||||
# shellcheck disable=SC2059
|
|
||||||
sum_is="$( eval "$( printf "$sum_cmd" "'$dst'" )" )"
|
|
||||||
|
|
||||||
if [ -z "$sum_is" ]
|
if [ -z "$sum_is" ]
|
||||||
then
|
then
|
||||||
echo 'existing destination checksum failed' >&2
|
echo 'no checksum from target' >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -11,133 +11,34 @@ fi
|
||||||
|
|
||||||
url="$( cat "$__object/parameter/url" )"
|
url="$( cat "$__object/parameter/url" )"
|
||||||
|
|
||||||
if [ -f "$__object/parameter/destination" ]
|
tmp="$( mktemp )"
|
||||||
then
|
|
||||||
dst="$( cat "$__object/parameter/destination" )"
|
dst="/$__object_id"
|
||||||
else
|
|
||||||
dst="/$__object_id"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f "$__object/parameter/cmd-get" ]
|
if [ -f "$__object/parameter/cmd-get" ]
|
||||||
then
|
then
|
||||||
cmd="$( cat "$__object/parameter/cmd-get" )"
|
cmd="$( cat "$__object/parameter/cmd-get" )"
|
||||||
|
|
||||||
|
elif command -v wget > /dev/null
|
||||||
|
then
|
||||||
|
cmd="wget -O - '%s'"
|
||||||
|
|
||||||
elif command -v curl > /dev/null
|
elif command -v curl > /dev/null
|
||||||
then
|
then
|
||||||
cmd="curl -sSL -o - '%s'"
|
cmd="curl -L -o - '%s'"
|
||||||
|
|
||||||
elif command -v fetch > /dev/null
|
elif command -v fetch > /dev/null
|
||||||
then
|
then
|
||||||
cmd="fetch -o - '%s'"
|
cmd="fetch -o - '%s'"
|
||||||
|
|
||||||
elif command -v wget > /dev/null
|
|
||||||
then
|
|
||||||
cmd="wget -O - '%s'"
|
|
||||||
|
|
||||||
else
|
else
|
||||||
echo 'local download failed, no usable utility' >&2
|
echo 'no usable locally installed utility for downloading' >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "download_tmp=\"\$( mktemp )\""
|
printf "$cmd > %s\n" \
|
||||||
|
"$url" \
|
||||||
# shellcheck disable=SC2059
|
"$tmp"
|
||||||
printf "$cmd > \"\$download_tmp\"\n" "$url"
|
|
||||||
|
|
||||||
if [ -f "$__object/parameter/sum" ]
|
|
||||||
then
|
|
||||||
sum_should="$( cat "$__object/parameter/sum" )"
|
|
||||||
|
|
||||||
if [ -f "$__object/parameter/cmd-sum" ]
|
|
||||||
then
|
|
||||||
local_cmd_sum="$( cat "$__object/parameter/cmd-sum" )"
|
|
||||||
else
|
|
||||||
if echo "$sum_should" | grep -Fq ':'
|
|
||||||
then
|
|
||||||
sum_hash="$( echo "$sum_should" | cut -d : -f 1 )"
|
|
||||||
|
|
||||||
sum_should="$( echo "$sum_should" | cut -d : -f 2 )"
|
|
||||||
else
|
|
||||||
if echo "$sum_should" | grep -Eq '^[0-9]+\s[0-9]+$'
|
|
||||||
then
|
|
||||||
sum_hash='cksum'
|
|
||||||
elif
|
|
||||||
echo "$sum_should" | grep -Eiq '^[a-f0-9]{32}$'
|
|
||||||
then
|
|
||||||
sum_hash='md5'
|
|
||||||
elif
|
|
||||||
echo "$sum_should" | grep -Eiq '^[a-f0-9]{40}$'
|
|
||||||
then
|
|
||||||
sum_hash='sha1'
|
|
||||||
elif
|
|
||||||
echo "$sum_should" | grep -Eiq '^[a-f0-9]{64}$'
|
|
||||||
then
|
|
||||||
sum_hash='sha256'
|
|
||||||
else
|
|
||||||
echo 'hash format detection failed' >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
case "$sum_hash" in
|
|
||||||
cksum)
|
|
||||||
local_cmd_sum="cksum %s | awk '{print \$1\" \"\$2}'"
|
|
||||||
;;
|
|
||||||
md5)
|
|
||||||
if command -v md5 > /dev/null
|
|
||||||
then
|
|
||||||
local_cmd_sum="md5 -q %s"
|
|
||||||
elif
|
|
||||||
command -v md5sum > /dev/null
|
|
||||||
then
|
|
||||||
local_cmd_sum="md5sum %s | awk '{print \$1}'"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
sha1)
|
|
||||||
if command -v sha1 > /dev/null
|
|
||||||
then
|
|
||||||
local_cmd_sum="sha1 -q %s"
|
|
||||||
elif
|
|
||||||
command -v sha1sum > /dev/null
|
|
||||||
then
|
|
||||||
local_cmd_sum="sha1sum %s | awk '{print \$1}'"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
sha256)
|
|
||||||
if command -v sha256 > /dev/null
|
|
||||||
then
|
|
||||||
local_cmd_sum="sha256 -q %s"
|
|
||||||
elif
|
|
||||||
command -v sha256sum > /dev/null
|
|
||||||
then
|
|
||||||
local_cmd_sum="sha256sum %s | awk '{print \$1}'"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
# we arrive here only if --sum is given with unknown format prefix
|
|
||||||
echo "unknown hash format: $sum_hash" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
if [ -z "$local_cmd_sum" ]
|
|
||||||
then
|
|
||||||
echo 'local checksum verification failed, no usable utility' >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# shellcheck disable=SC2059
|
|
||||||
echo "sum_is=\"\$( $( printf "$local_cmd_sum" "\"\$download_tmp\"" ) )\""
|
|
||||||
|
|
||||||
echo "if [ \"\$sum_is\" != '$sum_should' ]; then"
|
|
||||||
|
|
||||||
echo "echo 'local download checksum mismatch' >&2"
|
|
||||||
|
|
||||||
echo "rm -f \"\$download_tmp\""
|
|
||||||
|
|
||||||
echo 'exit 1; fi'
|
|
||||||
fi
|
|
||||||
|
|
||||||
if echo "$__target_host" | grep -Eq '^[0-9a-fA-F:]+$'
|
if echo "$__target_host" | grep -Eq '^[0-9a-fA-F:]+$'
|
||||||
then
|
then
|
||||||
|
@ -146,10 +47,12 @@ else
|
||||||
target_host="$__target_host"
|
target_host="$__target_host"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# shellcheck disable=SC2016
|
printf '%s %s %s:%s\n' \
|
||||||
printf '%s "$download_tmp" %s:%s\n' \
|
|
||||||
"$__remote_copy" \
|
"$__remote_copy" \
|
||||||
|
"$tmp" \
|
||||||
"$target_host" \
|
"$target_host" \
|
||||||
"$dst"
|
"$dst"
|
||||||
|
|
||||||
echo "rm -f \"\$download_tmp\""
|
echo "rm -f '$tmp'"
|
||||||
|
|
||||||
|
echo 'downloaded' > "$__messages_out"
|
||||||
|
|
|
@ -6,51 +6,17 @@ state_is="$( cat "$__object/explorer/state" )"
|
||||||
|
|
||||||
if [ "$download" = 'remote' ] && [ "$state_is" != 'present' ]
|
if [ "$download" = 'remote' ] && [ "$state_is" != 'present' ]
|
||||||
then
|
then
|
||||||
cmd_get="$( cat "$__object/explorer/remote_cmd_get" )"
|
cmd="$( cat "$__object/explorer/remote_cmd" )"
|
||||||
|
|
||||||
url="$( cat "$__object/parameter/url" )"
|
url="$( cat "$__object/parameter/url" )"
|
||||||
|
|
||||||
if [ -f "$__object/parameter/destination" ]
|
dst="/$__object_id"
|
||||||
then
|
|
||||||
dst="$( cat "$__object/parameter/destination" )"
|
|
||||||
else
|
|
||||||
dst="/$__object_id"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "download_tmp=\"\$( mktemp )\""
|
printf "$cmd > %s\n" \
|
||||||
|
"$url" \
|
||||||
|
"$dst"
|
||||||
|
|
||||||
# shellcheck disable=SC2059
|
echo 'downloaded' > "$__messages_out"
|
||||||
printf "$cmd_get > \"\$download_tmp\"\n" "$url"
|
|
||||||
|
|
||||||
if [ -f "$__object/parameter/sum" ]
|
|
||||||
then
|
|
||||||
sum_should="$( cat "$__object/parameter/sum" )"
|
|
||||||
|
|
||||||
if [ -f "$__object/parameter/cmd-sum" ]
|
|
||||||
then
|
|
||||||
remote_cmd_sum="$( cat "$__object/parameter/cmd-sum" )"
|
|
||||||
else
|
|
||||||
remote_cmd_sum="$( cat "$__object/explorer/remote_cmd_sum" )"
|
|
||||||
|
|
||||||
if echo "$sum_should" | grep -Fq ':'
|
|
||||||
then
|
|
||||||
sum_should="$( echo "$sum_should" | cut -d : -f 2 )"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# shellcheck disable=SC2059
|
|
||||||
echo "sum_is=\"\$( $( printf "$remote_cmd_sum" "\"\$download_tmp\"" ) )\""
|
|
||||||
|
|
||||||
echo "if [ \"\$sum_is\" != '$sum_should' ]; then"
|
|
||||||
|
|
||||||
echo "echo 'remote download checksum mismatch' >&2"
|
|
||||||
|
|
||||||
echo "rm -f \"\$download_tmp\""
|
|
||||||
|
|
||||||
echo 'exit 1; fi'
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "mv \"\$download_tmp\" '$dst'"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -f "$__object/parameter/onchange" ] && [ "$state_is" != "present" ]
|
if [ -f "$__object/parameter/onchange" ] && [ "$state_is" != "present" ]
|
||||||
|
|
|
@ -8,7 +8,10 @@ cdist-type__download - Download a file
|
||||||
|
|
||||||
DESCRIPTION
|
DESCRIPTION
|
||||||
-----------
|
-----------
|
||||||
By default type will try to use ``curl``, ``fetch`` or ``wget``.
|
Destination (``$__object_id``) in target host must be persistent storage
|
||||||
|
in order to calculate checksum and decide if file must be (re-)downloaded.
|
||||||
|
|
||||||
|
By default type will try to use ``wget``, ``curl`` or ``fetch``.
|
||||||
If download happens in target (see ``--download``) then type will
|
If download happens in target (see ``--download``) then type will
|
||||||
fallback to (and install) ``wget``.
|
fallback to (and install) ``wget``.
|
||||||
|
|
||||||
|
@ -16,40 +19,26 @@ If download happens in local machine, then environment variables like
|
||||||
``{http,https,ftp}_proxy`` etc can be used on cdist execution
|
``{http,https,ftp}_proxy`` etc can be used on cdist execution
|
||||||
(``http_proxy=foo cdist config ...``).
|
(``http_proxy=foo cdist config ...``).
|
||||||
|
|
||||||
To change downloaded file's owner, group or permissions, use ``require='__download/path/to/file' __file ...``.
|
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
url
|
url
|
||||||
File's URL.
|
File's URL.
|
||||||
|
|
||||||
|
sum
|
||||||
|
Checksum of file going to be downloaded.
|
||||||
|
By default output of ``cksum`` without filename is expected.
|
||||||
|
Other hash formats supported with prefixes: ``md5:``, ``sha1:`` and ``sha256:``.
|
||||||
|
|
||||||
|
onchange
|
||||||
|
Execute this command after download.
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
destination
|
|
||||||
Downloaded file's destination in target. If unset, ``$__object_id`` is used.
|
|
||||||
|
|
||||||
sum
|
|
||||||
Supported formats: ``cksum`` output without file name, MD5, SHA1 and SHA256.
|
|
||||||
|
|
||||||
Type tries to detect hash format with regexes, but prefixes
|
|
||||||
``cksum:``, ``md5:``, ``sha1:`` and ``sha256:`` are also supported.
|
|
||||||
|
|
||||||
Checksum have two purposes - state check and post-download verification.
|
|
||||||
In state check, if destination checksum mismatches, then content of URL
|
|
||||||
will be downloaded to temporary file. If downloaded temporary file's
|
|
||||||
checksum matches, then it will be moved to destination (overwritten).
|
|
||||||
|
|
||||||
For local downloads it is expected that usable utilities for checksum
|
|
||||||
calculation exist in the system.
|
|
||||||
|
|
||||||
download
|
download
|
||||||
If ``local`` (default), then file is downloaded to local storage and copied
|
If ``local`` (default), then download file to local storage and copy
|
||||||
to target host. If ``remote``, then download happens in target.
|
it to target host. If ``remote``, then download happens in target.
|
||||||
|
|
||||||
For local downloads it is expected that usable utilities for downloading
|
|
||||||
exist in the system. Type will try to use ``curl``, ``fetch`` or ``wget``.
|
|
||||||
|
|
||||||
cmd-get
|
cmd-get
|
||||||
Command used for downloading.
|
Command used for downloading.
|
||||||
|
@ -65,9 +54,6 @@ cmd-sum
|
||||||
format specification ``%s`` which will become destination.
|
format specification ``%s`` which will become destination.
|
||||||
For example: ``md5sum '%s' | awk '{print $1}'``.
|
For example: ``md5sum '%s' | awk '{print $1}'``.
|
||||||
|
|
||||||
onchange
|
|
||||||
Execute this command after download.
|
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
@ -79,12 +65,11 @@ EXAMPLES
|
||||||
require='__directory/opt/cpma' \
|
require='__directory/opt/cpma' \
|
||||||
__download /opt/cpma/cnq3.zip \
|
__download /opt/cpma/cnq3.zip \
|
||||||
--url https://cdn.playmorepromode.com/files/cnq3/cnq3-1.51.zip \
|
--url https://cdn.playmorepromode.com/files/cnq3/cnq3-1.51.zip \
|
||||||
--sum 46da3021ca9eace277115ec9106c5b46
|
--sum md5:46da3021ca9eace277115ec9106c5b46
|
||||||
|
|
||||||
require='__download/opt/cpma/cnq3.zip' \
|
require='__download/opt/cpma/cnq3.zip' \
|
||||||
__unpack /opt/cpma/cnq3.zip \
|
__unpack /opt/cpma/cnq3.zip \
|
||||||
--backup-destination \
|
--move-existing-destination \
|
||||||
--preserve-archive \
|
|
||||||
--destination /opt/cpma/server
|
--destination /opt/cpma/server
|
||||||
|
|
||||||
|
|
||||||
|
@ -95,7 +80,7 @@ Ander Punnar <ander-at-kvlt-dot-ee>
|
||||||
|
|
||||||
COPYING
|
COPYING
|
||||||
-------
|
-------
|
||||||
Copyright \(C) 2021 Ander Punnar. You can redistribute it
|
Copyright \(C) 2020 Ander Punnar. You can redistribute it
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
and/or modify it under the terms of the GNU General Public License as
|
||||||
published by the Free Software Foundation, either version 3 of the
|
published by the Free Software Foundation, either version 3 of the
|
||||||
License, or (at your option) any later version.
|
License, or (at your option) any later version.
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh -e
|
||||||
|
|
||||||
if grep -Eq '^wget' "$__object/explorer/remote_cmd_get"
|
if grep -Eq '^wget' "$__object/explorer/remote_cmd"
|
||||||
then
|
then
|
||||||
__package wget
|
__package wget
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -1,6 +1,4 @@
|
||||||
cmd-get
|
cmd-get
|
||||||
cmd-sum
|
cmd-sum
|
||||||
destination
|
|
||||||
download
|
download
|
||||||
onchange
|
onchange
|
||||||
sum
|
|
||||||
|
|
|
@ -1 +1,2 @@
|
||||||
url
|
url
|
||||||
|
sum
|
||||||
|
|
|
@ -1,26 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
# __dpkg_architecture/explorer/architecture
|
|
||||||
#
|
|
||||||
# 2020 Matthias Stecher <matthiasstecher at gmx.de>
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
|
|
||||||
# Get the main architecture of this machine
|
|
||||||
|
|
||||||
|
|
||||||
# print or die in the gencode-remote
|
|
||||||
dpkg --print-architecture || true
|
|
|
@ -1,26 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
# __dpkg_architecture/explorer/foreign-architectures
|
|
||||||
#
|
|
||||||
# 2020 Matthias Stecher <matthiasstecher at gmx.de>
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
|
|
||||||
# Print all additional architectures
|
|
||||||
|
|
||||||
|
|
||||||
# print or die in the gencode-remote
|
|
||||||
dpkg --print-foreign-architectures || true
|
|
|
@ -1,82 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
# __dpkg_architecture/gencode-remote
|
|
||||||
#
|
|
||||||
# 2020 Matthias Stecher <matthiasstecher at gmx.de>
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
|
|
||||||
|
|
||||||
# Get parameter and explorer
|
|
||||||
state_should="$(cat "$__object/parameter/state")"
|
|
||||||
arch_wanted="$__object_id"
|
|
||||||
main_arch="$(cat "$__object/explorer/architecture")"
|
|
||||||
|
|
||||||
# Exit here if dpkg do not work (empty explorer)
|
|
||||||
if [ -z "$main_arch" ]; then
|
|
||||||
echo "dpkg is not available or unable to detect a architecture!" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# Check if requested architecture is the main one
|
|
||||||
if [ "$arch_wanted" = "$main_arch" ]; then
|
|
||||||
# higher than present; we can not remove it
|
|
||||||
state_is="present"
|
|
||||||
caution="yes"
|
|
||||||
|
|
||||||
# Check if the architecture not already used
|
|
||||||
elif grep -qFx "$arch_wanted" "$__object/explorer/foreign-architectures"; then
|
|
||||||
state_is="present"
|
|
||||||
|
|
||||||
# arch does not exist
|
|
||||||
else
|
|
||||||
state_is="absent"
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# Check what to do
|
|
||||||
if [ "$state_is" != "$state_should" ]; then
|
|
||||||
case "$state_should" in
|
|
||||||
present)
|
|
||||||
# print add code
|
|
||||||
printf "dpkg --add-architecture '%s'\n" "$arch_wanted"
|
|
||||||
# updating the index to make the new architecture available
|
|
||||||
echo "apt update"
|
|
||||||
|
|
||||||
echo added >> "$__messages_out"
|
|
||||||
;;
|
|
||||||
|
|
||||||
absent)
|
|
||||||
if [ "$caution" ]; then
|
|
||||||
printf "can not remove the main arch '%s' of the system!\n" "$main_arch" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# removing all existing packages for the architecture
|
|
||||||
printf "apt purge '.*:%s'\n" "$arch_wanted"
|
|
||||||
# print remove code
|
|
||||||
printf "dpkg --remove-architecture '%s'\n" "$arch_wanted"
|
|
||||||
|
|
||||||
echo removed >> "$__messages_out"
|
|
||||||
;;
|
|
||||||
|
|
||||||
*)
|
|
||||||
printf "state '%s' is unknown!\n" "$state_should" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
fi
|
|
|
@ -1,103 +0,0 @@
|
||||||
cdist-type__dpkg_architecture(7)
|
|
||||||
================================
|
|
||||||
|
|
||||||
NAME
|
|
||||||
----
|
|
||||||
cdist-type__dpkg_architecture - Handles foreign architectures on debian-like
|
|
||||||
systems managed by `dpkg`
|
|
||||||
|
|
||||||
|
|
||||||
DESCRIPTION
|
|
||||||
-----------
|
|
||||||
This type handles foreign architectures on systems managed by
|
|
||||||
:strong:`dpkg`\ (1). The object id is the name of the architecture accepted by
|
|
||||||
`dpkg`, which should be added or removed.
|
|
||||||
|
|
||||||
If the architecture is not setup on the system, it adds a new architecture as a
|
|
||||||
new foreign architecture in `dpkg`. Then, it updates the apt package index to
|
|
||||||
make packages from the new architecture available.
|
|
||||||
|
|
||||||
If the architecture should be removed, it will remove it if it is not the base
|
|
||||||
architecture on where the system was installed on. Before it, it will purge
|
|
||||||
every package based on the "to be removed" architecture via `apt` to be able to
|
|
||||||
remove the selected architecture.
|
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
|
||||||
-------------------
|
|
||||||
None.
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
|
||||||
-------------------
|
|
||||||
state
|
|
||||||
``present`` or ``absent``. Defaults to ``present``.
|
|
||||||
|
|
||||||
|
|
||||||
MESSAGES
|
|
||||||
--------
|
|
||||||
added
|
|
||||||
Added the specified architecture
|
|
||||||
|
|
||||||
removed
|
|
||||||
Removed the specified architecture
|
|
||||||
|
|
||||||
|
|
||||||
ABORTS
|
|
||||||
------
|
|
||||||
Aborts in the following cases:
|
|
||||||
|
|
||||||
If :strong:`dpkg`\ (1) is not available. It will abort with a proper error
|
|
||||||
message.
|
|
||||||
|
|
||||||
If the architecture is the same as the base architecture the system is build
|
|
||||||
upon it (returned by ``dpkg --print-architecture``) and it should be removed.
|
|
||||||
|
|
||||||
It will fail if it can not execute :strong:`apt`\ (8). It is assumed that it is
|
|
||||||
already installed.
|
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
|
||||||
--------
|
|
||||||
|
|
||||||
.. code-block:: sh
|
|
||||||
|
|
||||||
# add i386 (32 bit) architecture
|
|
||||||
__dpkg_architecture i386
|
|
||||||
|
|
||||||
# remove it again :)
|
|
||||||
__dpkg_architecture i386 --state absent
|
|
||||||
|
|
||||||
|
|
||||||
SEE ALSO
|
|
||||||
--------
|
|
||||||
`Multiarch on Debian systems <https://wiki.debian.org/Multiarch>`_
|
|
||||||
|
|
||||||
`How to setup multiarch on Debian <https://wiki.debian.org/Multiarch/HOWTO>`_
|
|
||||||
|
|
||||||
:strong:`dpkg`\ (1)
|
|
||||||
:strong:`cdist-type__package_dpkg`\ (7)
|
|
||||||
:strong:`cdist-type__package_apt`\ (7)
|
|
||||||
|
|
||||||
Useful commands:
|
|
||||||
|
|
||||||
.. code-block:: sh
|
|
||||||
|
|
||||||
# base architecture installed on this system
|
|
||||||
dpkg --print-architecture
|
|
||||||
|
|
||||||
# extra architectures added
|
|
||||||
dpkg --print-foreign-architectures
|
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
|
||||||
-------
|
|
||||||
Matthias Stecher <matthiasstecher at gmx.de>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
|
||||||
-------
|
|
||||||
Copyright \(C) 2020 Matthias Stecher. You can redistribute it
|
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
|
||||||
ublished by the Free Software Foundation, either version 3 of the
|
|
||||||
License, or (at your option) any later version.
|
|
|
@ -1 +0,0 @@
|
||||||
present
|
|
|
@ -1 +0,0 @@
|
||||||
state
|
|
|
@ -87,6 +87,11 @@ case "$state_should" in
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
pre-exists)
|
||||||
|
# pre-exists should never reach gencode-remote…
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
|
||||||
absent)
|
absent)
|
||||||
if [ "$type" = "file" ]; then
|
if [ "$type" = "file" ]; then
|
||||||
echo "rm -f '$destination'"
|
echo "rm -f '$destination'"
|
||||||
|
@ -95,10 +100,6 @@ case "$state_should" in
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
|
||||||
pre-exists)
|
|
||||||
:
|
|
||||||
;;
|
|
||||||
|
|
||||||
*)
|
*)
|
||||||
echo "Unknown state: $state_should" >&2
|
echo "Unknown state: $state_should" >&2
|
||||||
exit 1
|
exit 1
|
||||||
|
|
|
@ -18,16 +18,16 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
|
|
||||||
os=$("${__explorer:?}/os")
|
os=$("$__explorer/os")
|
||||||
|
|
||||||
if [ -f "${__object:?}/parameter/device" ]; then
|
if [ -f "$__object/parameter/device" ]; then
|
||||||
blkdev="$(cat "$__object/parameter/device")"
|
blkdev="$(cat "$__object/parameter/device")"
|
||||||
else
|
else
|
||||||
blkdev="${__object_id:?}"
|
blkdev="$__object_id"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case "$os" in
|
case "$os" in
|
||||||
alpine|centos|fedora|gentoo|redhat|suse|ubuntu)
|
centos|fedora|redhat|suse|gentoo)
|
||||||
if [ ! -x "$(command -v lsblk)" ]; then
|
if [ ! -x "$(command -v lsblk)" ]; then
|
||||||
echo "lsblk is required for __filesystem type" >&2
|
echo "lsblk is required for __filesystem type" >&2
|
||||||
exit 1
|
exit 1
|
||||||
|
|
|
@ -1,24 +1,5 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh
|
||||||
|
|
||||||
destination="/${__object_id:?}/.git"
|
destination="/$__object_id/.git"
|
||||||
|
|
||||||
# shellcheck disable=SC2012
|
stat --print "%G" "${destination}" 2>/dev/null || exit 0
|
||||||
group_gid=$(ls -ldn "${destination}" | awk '{ print $4 }')
|
|
||||||
|
|
||||||
# NOTE: +1 because $((notanum)) prints 0.
|
|
||||||
if test $((group_gid + 1)) -ge 0
|
|
||||||
then
|
|
||||||
group_should=$(cat "${__object:?}/parameter/group")
|
|
||||||
|
|
||||||
if expr "${group_should}" : '[0-9]*$' >/dev/null
|
|
||||||
then
|
|
||||||
printf '%u\n' "${group_gid}"
|
|
||||||
else
|
|
||||||
if command -v getent > /dev/null
|
|
||||||
then
|
|
||||||
getent group "${group_gid}" | cut -d : -f 1
|
|
||||||
else
|
|
||||||
awk -F: -v gid="${group_gid}" '$3 == gid { print $1 }' /etc/group
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
|
@ -1,19 +1,5 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh
|
||||||
|
|
||||||
destination="/${__object_id:?}/.git"
|
destination="/$__object_id/.git"
|
||||||
|
|
||||||
# shellcheck disable=SC2012
|
stat --print "%U" "${destination}" 2>/dev/null || exit 0
|
||||||
owner_uid=$(ls -ldn "${destination}" | awk '{ print $3 }')
|
|
||||||
|
|
||||||
# NOTE: +1 because $((notanum)) prints 0.
|
|
||||||
if test $((owner_uid + 1)) -ge 0
|
|
||||||
then
|
|
||||||
owner_should=$(cat "${__object:?}/parameter/owner")
|
|
||||||
|
|
||||||
if expr "${owner_should}" : '[0-9]*$' >/dev/null
|
|
||||||
then
|
|
||||||
printf '%u\n' "${owner_uid}"
|
|
||||||
else
|
|
||||||
printf '%s\n' "$(id -u -n "${owner_uid}")"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
|
@ -15,7 +15,7 @@ case $os in
|
||||||
# Differntation not needed anymore
|
# Differntation not needed anymore
|
||||||
apt_source_distribution=stable
|
apt_source_distribution=stable
|
||||||
;;
|
;;
|
||||||
10*|11*)
|
10*)
|
||||||
# Differntation not needed anymore
|
# Differntation not needed anymore
|
||||||
apt_source_distribution=stable
|
apt_source_distribution=stable
|
||||||
;;
|
;;
|
||||||
|
|
|
@ -20,27 +20,26 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
|
|
||||||
os=$(cat "${__global:?}/explorer/os")
|
os=$(cat "$__global/explorer/os")
|
||||||
name_running=$(cat "${__global:?}/explorer/hostname")
|
name_running=$(cat "$__global/explorer/hostname")
|
||||||
has_hostnamectl=$(cat "${__object:?}/explorer/has_hostnamectl")
|
has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
|
||||||
|
|
||||||
|
|
||||||
if test -s "${__object:?}/parameter/name"
|
if test -s "$__object/parameter/name"
|
||||||
then
|
then
|
||||||
name_should=$(cat "${__object:?}/parameter/name")
|
name_should=$(cat "$__object/parameter/name")
|
||||||
else
|
else
|
||||||
case ${os}
|
case $os
|
||||||
in
|
in
|
||||||
# RedHat-derivatives and BSDs
|
# RedHat-derivatives and BSDs
|
||||||
(centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd)
|
centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd)
|
||||||
# Hostname is FQDN
|
# Hostname is FQDN
|
||||||
name_should=${__target_host:?}
|
name_should="${__target_host}"
|
||||||
;;
|
;;
|
||||||
(*)
|
*)
|
||||||
# Hostname is only first component of FQDN
|
# Hostname is only first component of FQDN
|
||||||
name_should=${__target_host:?}
|
name_should="${__target_host%%.*}"
|
||||||
name_should=${name_should%%.*}
|
;;
|
||||||
;;
|
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -48,46 +47,43 @@ fi
|
||||||
################################################################################
|
################################################################################
|
||||||
# Check if the (running) hostname is already correct
|
# Check if the (running) hostname is already correct
|
||||||
#
|
#
|
||||||
test "${name_running}" != "${name_should}" || exit 0
|
test "$name_running" != "$name_should" || exit 0
|
||||||
|
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
# Setup hostname
|
# Setup hostname
|
||||||
#
|
#
|
||||||
echo 'changed' >>"${__messages_out:?}"
|
echo 'changed' >>"$__messages_out"
|
||||||
|
|
||||||
# Use the good old way to set the hostname.
|
# Use the good old way to set the hostname.
|
||||||
case ${os}
|
case $os
|
||||||
in
|
in
|
||||||
(alpine|debian|devuan|ubuntu)
|
alpine|debian|devuan|ubuntu)
|
||||||
echo 'hostname -F /etc/hostname'
|
echo 'hostname -F /etc/hostname'
|
||||||
;;
|
;;
|
||||||
(archlinux)
|
archlinux)
|
||||||
echo 'command -v hostnamectl >/dev/null 2>&1' \
|
echo 'command -v hostnamectl >/dev/null 2>&1' \
|
||||||
"&& hostnamectl set-hostname '${name_should}'" \
|
"&& hostnamectl set-hostname '$name_should'" \
|
||||||
"|| hostname '${name_should}'"
|
"|| hostname '$name_should'"
|
||||||
;;
|
;;
|
||||||
(centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void)
|
centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void)
|
||||||
echo "hostname '${name_should}'"
|
echo "hostname '$name_should'"
|
||||||
;;
|
;;
|
||||||
(openwrt)
|
macosx)
|
||||||
echo "echo '${name_should}' >/proc/sys/kernel/hostname"
|
echo "scutil --set HostName '$name_should'"
|
||||||
;;
|
;;
|
||||||
(macosx)
|
solaris)
|
||||||
echo "scutil --set HostName '${name_should}'"
|
echo "uname -S '$name_should'"
|
||||||
;;
|
;;
|
||||||
(solaris)
|
slackware|suse|opensuse-leap)
|
||||||
echo "uname -S '${name_should}'"
|
|
||||||
;;
|
|
||||||
(slackware|suse)
|
|
||||||
# We do not read from /etc/HOSTNAME, because the running
|
# We do not read from /etc/HOSTNAME, because the running
|
||||||
# hostname is the first component only while the file contains
|
# hostname is the first component only while the file contains
|
||||||
# the FQDN.
|
# the FQDN.
|
||||||
echo "hostname '${name_should}'"
|
echo "hostname '$name_should'"
|
||||||
;;
|
;;
|
||||||
(*)
|
*)
|
||||||
# Fall back to set the hostname using hostnamectl, if available.
|
# Fall back to set the hostname using hostnamectl, if available.
|
||||||
if test -n "${has_hostnamectl}"
|
if test -n "$has_hostnamectl"
|
||||||
then
|
then
|
||||||
# Don't use hostnamectl as the primary means to set the hostname for
|
# Don't use hostnamectl as the primary means to set the hostname for
|
||||||
# systemd systems, because it cannot be trusted to work reliably and
|
# systemd systems, because it cannot be trusted to work reliably and
|
||||||
|
@ -98,8 +94,7 @@ in
|
||||||
echo "test \"\$(hostname)\" = \"\$(cat /etc/hostname)\"" \
|
echo "test \"\$(hostname)\" = \"\$(cat /etc/hostname)\"" \
|
||||||
" || hostname -F /etc/hostname"
|
" || hostname -F /etc/hostname"
|
||||||
else
|
else
|
||||||
printf "echo 'Unsupported OS: %s' >&2\n" "${os}"
|
printf "echo 'Unsupported OS: %s' >&2\nexit 1\n" "$os"
|
||||||
printf 'exit 1\n'
|
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
|
@ -20,49 +20,69 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
|
|
||||||
|
not_supported() {
|
||||||
|
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
|
||||||
|
echo "Please contribute an implementation for it if you can." >&2
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
set_hostname_systemd() {
|
set_hostname_systemd() {
|
||||||
echo "$1" | __file /etc/hostname --source -
|
echo "$1" | __file /etc/hostname --source -
|
||||||
}
|
}
|
||||||
|
|
||||||
os=$(cat "${__global:?}/explorer/os")
|
os=$(cat "$__global/explorer/os")
|
||||||
|
os_version=$(cat "$__global/explorer/os_version")
|
||||||
|
os_major=$(echo "$os_version" | grep -o '^[0-9][0-9]*' || true)
|
||||||
|
|
||||||
max_len=$(cat "${__object:?}/explorer/max_len")
|
max_len=$(cat "$__object/explorer/max_len")
|
||||||
has_hostnamectl=$(cat "${__object:?}/explorer/has_hostnamectl")
|
has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
|
||||||
|
|
||||||
if test -s "${__object:?}/parameter/name"
|
if test -s "$__object/parameter/name"
|
||||||
then
|
then
|
||||||
name_should=$(cat "${__object:?}/parameter/name")
|
name_should=$(cat "$__object/parameter/name")
|
||||||
else
|
else
|
||||||
case ${os}
|
case $os
|
||||||
in
|
in
|
||||||
# RedHat-derivatives and BSDs
|
# RedHat-derivatives and BSDs
|
||||||
(centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware|suse)
|
centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware)
|
||||||
# Hostname is FQDN
|
# Hostname is FQDN
|
||||||
name_should=${__target_host:?}
|
name_should="${__target_host}"
|
||||||
;;
|
;;
|
||||||
|
suse|opensuse-leap)
|
||||||
|
# Classic SuSE stores the FQDN in /etc/HOSTNAME, while
|
||||||
|
# systemd does not. The running hostname is the first
|
||||||
|
# component in both cases.
|
||||||
|
# In versions before 15.x, the FQDN is stored in /etc/hostname.
|
||||||
|
if test -n "$has_hostnamectl" && test "$os_major" -ge 15 \
|
||||||
|
&& test "$os_major" -ne 42
|
||||||
|
then
|
||||||
|
name_should="${__target_host%%.*}"
|
||||||
|
else
|
||||||
|
name_should="${__target_host}"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
# Hostname is only first component of FQDN on all other systems.
|
# Hostname is only first component of FQDN on all other systems.
|
||||||
name_should=${__target_host:?}
|
name_should="${__target_host%%.*}"
|
||||||
name_should=${name_should%%.*}
|
;;
|
||||||
;;
|
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if test -n "${max_len}" && test "$(printf '%s' "${name_should}" | wc -c)" -gt "${max_len}"
|
if test -n "$max_len" && test "$(printf '%s' "$name_should" | wc -c)" -gt "$max_len"
|
||||||
then
|
then
|
||||||
printf "Host name too long. Up to %u characters allowed.\n" "${max_len}" >&2
|
printf "Host name too long. Up to %u characters allowed.\n" "${max_len}" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case ${os}
|
case $os
|
||||||
in
|
in
|
||||||
(alpine|debian|devuan|ubuntu|void)
|
alpine|debian|devuan|ubuntu|void)
|
||||||
echo "${name_should}" | __file /etc/hostname --source -
|
echo "$name_should" | __file /etc/hostname --source -
|
||||||
;;
|
;;
|
||||||
(archlinux)
|
archlinux)
|
||||||
if test -n "${has_hostnamectl}"
|
if test -n "$has_hostnamectl"
|
||||||
then
|
then
|
||||||
set_hostname_systemd "${name_should}"
|
set_hostname_systemd "$name_should"
|
||||||
else
|
else
|
||||||
echo 'Ancient ArchLinux variants without hostnamectl are not supported.' >&2
|
echo 'Ancient ArchLinux variants without hostnamectl are not supported.' >&2
|
||||||
exit 1
|
exit 1
|
||||||
|
@ -77,8 +97,8 @@ in
|
||||||
# --value "\"$name_should\""
|
# --value "\"$name_should\""
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
(centos|fedora|redhat|scientific)
|
centos|fedora|redhat|scientific)
|
||||||
if test -z "${has_hostnamectl}"
|
if test -z "$has_hostnamectl"
|
||||||
then
|
then
|
||||||
# Only write to /etc/sysconfig/network on non-systemd versions.
|
# Only write to /etc/sysconfig/network on non-systemd versions.
|
||||||
# On systemd-based versions this entry is ignored.
|
# On systemd-based versions this entry is ignored.
|
||||||
|
@ -86,83 +106,59 @@ in
|
||||||
--file /etc/sysconfig/network \
|
--file /etc/sysconfig/network \
|
||||||
--delimiter '=' --exact_delimiter \
|
--delimiter '=' --exact_delimiter \
|
||||||
--key HOSTNAME \
|
--key HOSTNAME \
|
||||||
--value "\"${name_should}\""
|
--value "\"$name_should\""
|
||||||
else
|
else
|
||||||
set_hostname_systemd "${name_should}"
|
set_hostname_systemd "$name_should"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
(gentoo)
|
gentoo)
|
||||||
# Only write to /etc/conf.d/hostname on OpenRC-based installations.
|
# Only write to /etc/conf.d/hostname on OpenRC-based installations.
|
||||||
# On systemd use hostnamectl(1) in gencode-remote.
|
# On systemd use hostnamectl(1) in gencode-remote.
|
||||||
if test -z "${has_hostnamectl}"
|
if test -z "$has_hostnamectl"
|
||||||
then
|
then
|
||||||
__key_value '/etc/conf.d/hostname:hostname' \
|
__key_value '/etc/conf.d/hostname:hostname' \
|
||||||
--file /etc/conf.d/hostname \
|
--file /etc/conf.d/hostname \
|
||||||
--delimiter '=' --exact_delimiter \
|
--delimiter '=' --exact_delimiter \
|
||||||
--key 'hostname' \
|
--key 'hostname' \
|
||||||
--value "\"${name_should}\""
|
--value "\"$name_should\""
|
||||||
else
|
else
|
||||||
set_hostname_systemd "$name_should"
|
set_hostname_systemd "$name_should"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
(freebsd)
|
freebsd)
|
||||||
__key_value '/etc/rc.conf:hostname' \
|
__key_value '/etc/rc.conf:hostname' \
|
||||||
--file /etc/rc.conf \
|
--file /etc/rc.conf \
|
||||||
--delimiter '=' --exact_delimiter \
|
--delimiter '=' --exact_delimiter \
|
||||||
--key 'hostname' \
|
--key 'hostname' \
|
||||||
--value "\"${name_should}\""
|
--value "\"$name_should\""
|
||||||
;;
|
;;
|
||||||
(macosx)
|
macosx)
|
||||||
# handled in gencode-remote
|
# handled in gencode-remote
|
||||||
;;
|
:
|
||||||
(netbsd)
|
;;
|
||||||
|
netbsd)
|
||||||
__key_value '/etc/rc.conf:hostname' \
|
__key_value '/etc/rc.conf:hostname' \
|
||||||
--file /etc/rc.conf \
|
--file /etc/rc.conf \
|
||||||
--delimiter '=' --exact_delimiter \
|
--delimiter '=' --exact_delimiter \
|
||||||
--key 'hostname' \
|
--key 'hostname' \
|
||||||
--value "\"${name_should}\""
|
--value "\"$name_should\""
|
||||||
|
|
||||||
# To avoid confusion, ensure that the hostname is only stored once.
|
# To avoid confusion, ensure that the hostname is only stored once.
|
||||||
__file /etc/myname --state absent
|
__file /etc/myname --state absent
|
||||||
;;
|
;;
|
||||||
(openbsd)
|
openbsd)
|
||||||
echo "${name_should}" | __file /etc/myname --source -
|
echo "$name_should" | __file /etc/myname --source -
|
||||||
;;
|
;;
|
||||||
(openwrt)
|
slackware)
|
||||||
__uci system.@system[0].hostname --value "${name_should}"
|
|
||||||
# --transaction hostname
|
|
||||||
;;
|
|
||||||
(slackware)
|
|
||||||
# We write the FQDN into /etc/HOSTNAME. But /etc/rc.d/rc.M will only
|
# We write the FQDN into /etc/HOSTNAME. But /etc/rc.d/rc.M will only
|
||||||
# read the first component from this file and set it as the running
|
# read the first component from this file and set it as the running
|
||||||
# hostname on boot.
|
# hostname on boot.
|
||||||
echo "${name_should}" | __file /etc/HOSTNAME --source -
|
echo "$name_should" | __file /etc/HOSTNAME --source -
|
||||||
;;
|
;;
|
||||||
(solaris)
|
solaris)
|
||||||
echo "${name_should}" | __file /etc/nodename --source -
|
echo "$name_should" | __file /etc/nodename --source -
|
||||||
;;
|
;;
|
||||||
(suse)
|
suse|opensuse-leap)
|
||||||
if test -s "${__global:?}/explorer/os_release"
|
|
||||||
then
|
|
||||||
# shellcheck source=/dev/null
|
|
||||||
os_version=$(. "${__global:?}/explorer/os_release" && echo "${VERSION}")
|
|
||||||
else
|
|
||||||
os_version=$(sed -n 's/^VERSION\ *=\ *//p' "${__global:?}/explorer/os_version")
|
|
||||||
fi
|
|
||||||
os_major=$(expr "${os_version}" : '\([0-9]\{1,\}\)')
|
|
||||||
|
|
||||||
# Classic SuSE stores the FQDN in /etc/HOSTNAME, while
|
|
||||||
# systemd does not. The running hostname is the first
|
|
||||||
# component in both cases.
|
|
||||||
# In versions before 15.x, the FQDN is stored in /etc/hostname.
|
|
||||||
if test -n "${has_hostnamectl}" \
|
|
||||||
&& test "${os_major}" -ge 15 \
|
|
||||||
&& test "${os_major}" -ne 42
|
|
||||||
then
|
|
||||||
# strip away everything but the first part from $name_should
|
|
||||||
name_should=${name_should%%.*}
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Modern SuSE provides /etc/HOSTNAME as a symlink for
|
# Modern SuSE provides /etc/HOSTNAME as a symlink for
|
||||||
# backwards-compatibility. Unfortunately it cannot be used
|
# backwards-compatibility. Unfortunately it cannot be used
|
||||||
# here as __file does not follow the symlink.
|
# here as __file does not follow the symlink.
|
||||||
|
@ -171,25 +167,23 @@ in
|
||||||
# not work correctly on openSUSE 12.x which provides
|
# not work correctly on openSUSE 12.x which provides
|
||||||
# hostnamectl but not /etc/hostname.
|
# hostnamectl but not /etc/hostname.
|
||||||
|
|
||||||
if test -n "${has_hostnamectl}" -a "${os_major}" -gt 12
|
if test -n "$has_hostnamectl" -a "$os_major" -gt 12
|
||||||
then
|
then
|
||||||
hostname_file=/etc/hostname
|
hostname_file='/etc/hostname'
|
||||||
else
|
else
|
||||||
hostname_file=/etc/HOSTNAME
|
hostname_file='/etc/HOSTNAME'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "${name_should}" | __file "${hostname_file}" --source -
|
echo "$name_should" | __file "$hostname_file" --source -
|
||||||
;;
|
;;
|
||||||
(*)
|
*)
|
||||||
# On other operating systems we fall back to systemd's
|
# On other operating systems we fall back to systemd's
|
||||||
# hostnamectl if available…
|
# hostnamectl if available…
|
||||||
if test -n "${has_hostnamectl}"
|
if test -n "$has_hostnamectl"
|
||||||
then
|
then
|
||||||
set_hostname_systemd "${name_should}"
|
set_hostname_systemd "$name_should"
|
||||||
else
|
else
|
||||||
echo "Your operating system (${os}) is currently not supported by this type (${__type##*/})." >&2
|
not_supported
|
||||||
echo "Please contribute an implementation for it if you can." >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
|
@ -1,28 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
# Prints the clock mode read from the /etc/adjtime file, if present.
|
|
||||||
#
|
|
||||||
|
|
||||||
# not all operating systems use an adjfile
|
|
||||||
test -f /etc/adjtime || exit 0
|
|
||||||
|
|
||||||
# 3rd line is clock mode
|
|
||||||
# adjtime(5) https://man7.org/linux/man-pages/man5/adjtime.5.html
|
|
||||||
sed -n 3p /etc/adjtime
|
|
|
@ -1,27 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
# Prints the LocalRTC property using timedatectl on systemd-based systems.
|
|
||||||
#
|
|
||||||
|
|
||||||
command -v timedatectl >/dev/null 2>&1 || exit 0
|
|
||||||
|
|
||||||
# NOTE: Older versions of timedatectl do not support `timedatectl show'
|
|
||||||
timedatectl --no-pager status \
|
|
||||||
| awk -F': ' '$1 ~ "RTC in local TZ$" { sub(/[ \t]*$/, "", $2); print $2 }'
|
|
|
@ -1,62 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
|
|
||||||
mode=$(cat "${__object:?}/parameter/mode")
|
|
||||||
|
|
||||||
timedatectl_localrtc=$(cat "${__object:?}/explorer/timedatectl_localrtc")
|
|
||||||
adjtime_mode=$(cat "${__object:?}/explorer/adjtime_mode")
|
|
||||||
|
|
||||||
|
|
||||||
case ${mode}
|
|
||||||
in
|
|
||||||
(localtime)
|
|
||||||
adjtime_str=LOCAL
|
|
||||||
local_rtc_str=yes
|
|
||||||
;;
|
|
||||||
(UTC|utc)
|
|
||||||
adjtime_str=UTC
|
|
||||||
local_rtc_str=no
|
|
||||||
;;
|
|
||||||
(*)
|
|
||||||
printf 'Invalid value for --mode: %s\n' "${mode}" >&2
|
|
||||||
printf 'Acceptable values are: localtime, utc.\n' >&2
|
|
||||||
exit 1
|
|
||||||
esac
|
|
||||||
|
|
||||||
|
|
||||||
if test -n "${timedatectl_localrtc}"
|
|
||||||
then
|
|
||||||
# systemd
|
|
||||||
timedatectl_should=${local_rtc_str}
|
|
||||||
if test "${timedatectl_localrtc}" != "${timedatectl_should}"
|
|
||||||
then
|
|
||||||
printf 'timedatectl set-local-rtc %s\n' "${timedatectl_should}"
|
|
||||||
fi
|
|
||||||
elif test -n "${adjtime_mode}"
|
|
||||||
then
|
|
||||||
# others (update /etc/adjtime if present)
|
|
||||||
if test "${adjtime_mode}" != "${adjtime_str}"
|
|
||||||
then
|
|
||||||
# Update /etc/adjtime (3rd line is clock mode)
|
|
||||||
# adjtime(5) https://man7.org/linux/man-pages/man5/adjtime.5.html
|
|
||||||
# FIXME: Should maybe add third line if adjfile only contains two lines
|
|
||||||
printf "sed -i '3c\\\\\\n%s\\n' /etc/adjtime\\n" "${adjtime_str}"
|
|
||||||
fi
|
|
||||||
fi
|
|
|
@ -1,63 +0,0 @@
|
||||||
cdist-type__hwclock(7)
|
|
||||||
======================
|
|
||||||
|
|
||||||
NAME
|
|
||||||
----
|
|
||||||
cdist-type__hwclock - Manage the hardware real time clock.
|
|
||||||
|
|
||||||
|
|
||||||
DESCRIPTION
|
|
||||||
-----------
|
|
||||||
This type can be used to control how the hardware clock is used by the operating
|
|
||||||
system.
|
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
|
||||||
-------------------
|
|
||||||
mode
|
|
||||||
What mode the hardware clock is in.
|
|
||||||
|
|
||||||
Acceptable values:
|
|
||||||
|
|
||||||
localtime
|
|
||||||
The hardware clock is set to local time (common for systems also running
|
|
||||||
Windows.)
|
|
||||||
UTC
|
|
||||||
The hardware clock is set to UTC (common on UNIX systems.)
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
|
||||||
-------------------
|
|
||||||
None.
|
|
||||||
|
|
||||||
|
|
||||||
BOOLEAN PARAMETERS
|
|
||||||
------------------
|
|
||||||
None.
|
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
|
||||||
--------
|
|
||||||
|
|
||||||
.. code-block:: sh
|
|
||||||
|
|
||||||
# Make the operating system treat the time read from the hwclock as UTC.
|
|
||||||
__hwclock --mode UTC
|
|
||||||
|
|
||||||
|
|
||||||
SEE ALSO
|
|
||||||
--------
|
|
||||||
:strong:`hwclock`\ (8)
|
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
|
||||||
-------
|
|
||||||
Dennis Camera <dennis.camera@ssrq-sds-fds.ch>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
|
||||||
-------
|
|
||||||
Copyright \(C) 2020 Dennis Camera. You can redistribute it
|
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
|
||||||
published by the Free Software Foundation, either version 3 of the
|
|
||||||
License, or (at your option) any later version.
|
|
|
@ -1,222 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
|
|
||||||
# TODO: Consider supporting BADYEAR
|
|
||||||
|
|
||||||
os=$(cat "${__global:?}/explorer/os")
|
|
||||||
mode=$(cat "${__object:?}/parameter/mode")
|
|
||||||
|
|
||||||
has_systemd_timedatectl=$(test -s "${__object:?}/explorer/timedatectl_localrtc" && echo true || echo false)
|
|
||||||
|
|
||||||
|
|
||||||
case ${mode}
|
|
||||||
in
|
|
||||||
(localtime)
|
|
||||||
local_clock=true
|
|
||||||
;;
|
|
||||||
(UTC|utc)
|
|
||||||
local_clock=false
|
|
||||||
;;
|
|
||||||
(*)
|
|
||||||
printf 'Invalid value for --mode: %s\n' "${mode}" >&2
|
|
||||||
printf 'Acceptable values are: UTC, localtime.\n' >&2
|
|
||||||
exit 1
|
|
||||||
esac
|
|
||||||
|
|
||||||
|
|
||||||
case ${os}
|
|
||||||
in
|
|
||||||
(alpine|gentoo)
|
|
||||||
if ! $has_systemd_timedatectl
|
|
||||||
then
|
|
||||||
# NOTE: Gentoo also supports systemd, in which case /etc/conf.d is
|
|
||||||
# not used. So we check for systemd presence here and only
|
|
||||||
# update /etc/conf.d if systemd is not installed.
|
|
||||||
# https://wiki.gentoo.org/wiki/System_time#Hardware_clock
|
|
||||||
|
|
||||||
export CDIST_ORDER_DEPENDENCY=true
|
|
||||||
__file /etc/conf.d/hwclock --state present \
|
|
||||||
--owner root --group root --mode 0644
|
|
||||||
__key_value /etc/conf.d/hwclock:clock \
|
|
||||||
--file /etc/conf.d/hwclock \
|
|
||||||
--key clock \
|
|
||||||
--delimiter '=' --exact_delimiter \
|
|
||||||
--value "\"$($local_clock && echo local || echo UTC)\""
|
|
||||||
unset CDIST_ORDER_DEPENDENCY
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
(centos|fedora|redhat|scientific)
|
|
||||||
os_version=$(cat "${__global:?}/explorer/os_version")
|
|
||||||
os_major=$(expr "${os_version}" : '.* release \([0-9]*\)')
|
|
||||||
case ${os}
|
|
||||||
in
|
|
||||||
(centos|scientific)
|
|
||||||
update_sysconfig=$(test "${os_major}" -lt 6 && echo true || echo false)
|
|
||||||
;;
|
|
||||||
(fedora)
|
|
||||||
update_sysconfig=$(test "${os_major}" -lt 10 && echo true || echo false)
|
|
||||||
;;
|
|
||||||
(redhat|*)
|
|
||||||
case ${os_version}
|
|
||||||
in
|
|
||||||
('Red Hat Enterprise Linux'*)
|
|
||||||
update_sysconfig=$(test "${os_major}" -lt 6 && echo true || echo false)
|
|
||||||
;;
|
|
||||||
('Red Hat Linux'*)
|
|
||||||
update_sysconfig=true
|
|
||||||
;;
|
|
||||||
(*)
|
|
||||||
printf 'Could not determine Red Hat distribution.\n' >&2
|
|
||||||
printf "Please contribute an implementation for it if you can.\n" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
if ${update_sysconfig:?}
|
|
||||||
then
|
|
||||||
export CDIST_ORDER_DEPENDENCY=true
|
|
||||||
__file /etc/sysconfig/clock --state present \
|
|
||||||
--owner root --group root --mode 0644
|
|
||||||
__key_value /etc/sysconfig/clock:UTC \
|
|
||||||
--file /etc/sysconfig/clock \
|
|
||||||
--key UTC \
|
|
||||||
--delimiter '=' --exact_delimiter \
|
|
||||||
--value "$($local_clock && echo false || echo true)"
|
|
||||||
unset CDIST_ORDER_DEPENDENCY
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
(debian|devuan|ubuntu)
|
|
||||||
os_major=$(sed 's/[^0-9].*$//' "${__global:?}/explorer/os_version")
|
|
||||||
|
|
||||||
case ${os}
|
|
||||||
in
|
|
||||||
(debian)
|
|
||||||
if test "${os_major}" -ge 7
|
|
||||||
then
|
|
||||||
update_rcS=false
|
|
||||||
elif test "${os_major}" -ge 3
|
|
||||||
then
|
|
||||||
update_rcS=true
|
|
||||||
else
|
|
||||||
# Debian 2.2 should be supportable using rcS.
|
|
||||||
# Debian 2.1 uses the ancient GMT key.
|
|
||||||
# Debian 1.3 does not have rcS.
|
|
||||||
printf "Your operating system (Debian %s) is currently not supported by this type (%s)\n" \
|
|
||||||
"$(cat "${__global:?}/explorer/os_version")" "${__type##*/}" >&2
|
|
||||||
printf "Please contribute an implementation for it if you can.\n" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
(devuan)
|
|
||||||
update_rcS=false
|
|
||||||
;;
|
|
||||||
(ubuntu)
|
|
||||||
update_rcS=$(test "${os_major}" -lt 16 && echo true || echo false)
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
if ${update_rcS}
|
|
||||||
then
|
|
||||||
export CDIST_ORDER_DEPENDENCY=true
|
|
||||||
__file /etc/default/rcS --state present \
|
|
||||||
--owner root --group root --mode 0644
|
|
||||||
__key_value /etc/default/rcS:UTC \
|
|
||||||
--file /etc/default/rcS \
|
|
||||||
--key UTC \
|
|
||||||
--delimiter '=' --exact_delimiter \
|
|
||||||
--value "$($local_clock && echo no || echo yes)"
|
|
||||||
unset CDIST_ORDER_DEPENDENCY
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
(freebsd)
|
|
||||||
# cf. adjkerntz(8)
|
|
||||||
__file /etc/wall_cmos_clock \
|
|
||||||
--state "$($local_clock && echo present || echo absent)" \
|
|
||||||
--owner root --group wheel --mode 0444
|
|
||||||
;;
|
|
||||||
(netbsd)
|
|
||||||
# https://wiki.netbsd.org/guide/boot/#index9h2
|
|
||||||
__key_value /etc/rc.conf:rtclocaltime \
|
|
||||||
--file /etc/rc.conf \
|
|
||||||
--key rtclocaltime \
|
|
||||||
--delimiter '=' --exact_delimiter \
|
|
||||||
--value "$($local_clock && echo YES || echo NO)"
|
|
||||||
;;
|
|
||||||
(slackware)
|
|
||||||
__file /etc/hardwareclock --owner root --group root --mode 0644 \
|
|
||||||
--source - <<-EOF
|
|
||||||
# /etc/hardwareclock
|
|
||||||
#
|
|
||||||
# Tells how the hardware clock time is stored.
|
|
||||||
# This file is managed by cdist.
|
|
||||||
|
|
||||||
$($local_clock && echo localtime || echo UTC)
|
|
||||||
EOF
|
|
||||||
;;
|
|
||||||
(suse)
|
|
||||||
if test -s "${__global:?}/explorer/os_release"
|
|
||||||
then
|
|
||||||
# shellcheck source=/dev/null
|
|
||||||
os_version=$(. "${__global:?}/explorer/os_release" && echo "${VERSION}")
|
|
||||||
else
|
|
||||||
os_version=$(sed -n 's/^VERSION\ *=\ *//p' "${__global:?}/explorer/os_version")
|
|
||||||
fi
|
|
||||||
os_major=$(expr "${os_version}" : '\([0-9]\{1,\}\)')
|
|
||||||
|
|
||||||
# TODO: Consider using `yast2 timezone set hwclock' instead
|
|
||||||
if expr "${os_major}" \< 12
|
|
||||||
then
|
|
||||||
# Starting with SuSE 12 (first systemd-based version)
|
|
||||||
# /etc/sysconfig/clock does not contain the HWCLOCK line
|
|
||||||
# anymore.
|
|
||||||
# With SuSE 13, it has been reduced to TIMEZONE configuration.
|
|
||||||
__key_value /etc/sysconfig/clock:HWCLOCK \
|
|
||||||
--file /etc/sysconfig/clock \
|
|
||||||
--delimiter '=' --exact_delimiter \
|
|
||||||
--key HWCLOCK \
|
|
||||||
--value "$($local_clock && echo '"--localtime"' || echo '"-u"')"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
(void)
|
|
||||||
export CDIST_ORDER_DEPENDENCY=true
|
|
||||||
__file /etc/rc.conf \
|
|
||||||
--owner root --group root --mode 0644 \
|
|
||||||
--state present
|
|
||||||
__key_value /etc/rc.conf:HARDWARECLOCK \
|
|
||||||
--file /etc/rc.conf \
|
|
||||||
--delimiter '=' --exact_delimiter \
|
|
||||||
--key HARDWARECLOCK \
|
|
||||||
--value "\"$($local_clock && echo localtime || echo UTC)\""
|
|
||||||
unset CDIST_ORDER_DEPENDENCY
|
|
||||||
;;
|
|
||||||
(*)
|
|
||||||
if ! $has_systemd_timedatectl
|
|
||||||
then
|
|
||||||
printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
|
|
||||||
printf "Please contribute an implementation for it if you can.\n" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# NOTE: timedatectl set-local-rtc for systemd is in gencode-remote
|
|
||||||
# NOTE: /etc/adjtime is also updated in gencode-remote
|
|
|
@ -1 +0,0 @@
|
||||||
mode
|
|
|
@ -1,4 +1,7 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
# Nico Schottelius
|
||||||
|
# Zürisee, Mon Sep 2 18:38:27 CEST 2013
|
||||||
|
#
|
||||||
### BEGIN INIT INFO
|
### BEGIN INIT INFO
|
||||||
# Provides: iptables
|
# Provides: iptables
|
||||||
# Required-Start: $local_fs $remote_fs
|
# Required-Start: $local_fs $remote_fs
|
||||||
|
@ -11,72 +14,34 @@
|
||||||
# and saves/restores previous status
|
# and saves/restores previous status
|
||||||
### END INIT INFO
|
### END INIT INFO
|
||||||
|
|
||||||
# Originally written by:
|
|
||||||
# Nico Schottelius
|
|
||||||
# Zürisee, Mon Sep 2 18:38:27 CEST 2013
|
|
||||||
#
|
|
||||||
# 2013 Nico Schottelius (nico-cdist at schottelius.org)
|
|
||||||
# 2020 Matthias Stecher (matthiasstecher at gmx.de)
|
|
||||||
#
|
|
||||||
# This file is distributed with cdist and licenced under the
|
|
||||||
# GNU GPLv3+ WITHOUT ANY WARRANTY.
|
|
||||||
|
|
||||||
|
|
||||||
# Read files and execute the content with the given commands
|
|
||||||
#
|
|
||||||
# Arguments:
|
|
||||||
# 1: Directory
|
|
||||||
# 2..n: Commands which should be used to execute the file content
|
|
||||||
gothrough() {
|
|
||||||
cd "$1" || return
|
|
||||||
shift
|
|
||||||
|
|
||||||
# iterate through all rules and continue if it's not a file
|
|
||||||
for rule in *; do
|
|
||||||
[ -f "$rule" ] || continue
|
|
||||||
echo "Appling iptables rule $rule ..."
|
|
||||||
|
|
||||||
# execute it with all commands specificed
|
|
||||||
ruleparam="$(cat "$rule")"
|
|
||||||
for cmd in "$@"; do
|
|
||||||
# Command and Rule should be split.
|
|
||||||
# shellcheck disable=SC2046
|
|
||||||
command $cmd $ruleparam
|
|
||||||
done
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
# Shortcut for iptables command to do IPv4 and v6
|
|
||||||
# only applies to the "reset" target
|
|
||||||
iptables() {
|
|
||||||
command iptables "$@"
|
|
||||||
command ip6tables "$@"
|
|
||||||
}
|
|
||||||
|
|
||||||
basedir=/etc/iptables.d
|
basedir=/etc/iptables.d
|
||||||
status4="${basedir}/.pre-start"
|
status="${basedir}/.pre-start"
|
||||||
status6="${basedir}/.pre-start6"
|
|
||||||
|
|
||||||
case $1 in
|
case $1 in
|
||||||
start)
|
start)
|
||||||
# Save status
|
# Save status
|
||||||
iptables-save > "$status4"
|
iptables-save > "$status"
|
||||||
ip6tables-save > "$status6"
|
|
||||||
|
|
||||||
# Apply our ruleset
|
# Apply our ruleset
|
||||||
gothrough "$basedir" iptables
|
cd "$basedir" || exit
|
||||||
#gothrough "$basedir/v4" iptables # conflicts with $basedir
|
count="$(find . ! -name . -prune | wc -l)"
|
||||||
gothrough "$basedir/v6" ip6tables
|
|
||||||
gothrough "$basedir/all" iptables ip6tables
|
# Only do something if there are rules
|
||||||
|
if [ "$count" -ge 1 ]; then
|
||||||
|
for rule in *; do
|
||||||
|
echo "Applying iptables rule $rule ..."
|
||||||
|
# Rule should be split.
|
||||||
|
# shellcheck disable=SC2046
|
||||||
|
iptables $(cat "$rule")
|
||||||
|
done
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
|
|
||||||
stop)
|
stop)
|
||||||
# Restore from status before, if there is something to restore
|
# Restore from status before, if there is something to restore
|
||||||
if [ -f "$status4" ]; then
|
if [ -f "$status" ]; then
|
||||||
iptables-restore < "$status4"
|
iptables-restore < "$status"
|
||||||
fi
|
|
||||||
if [ -f "$status6" ]; then
|
|
||||||
ip6tables-restore < "$status6"
|
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
restart)
|
restart)
|
||||||
|
|
|
@ -10,24 +10,7 @@ DESCRIPTION
|
||||||
-----------
|
-----------
|
||||||
This cdist type deploys an init script that triggers
|
This cdist type deploys an init script that triggers
|
||||||
the configured rules and also re-applies them on
|
the configured rules and also re-applies them on
|
||||||
configuration. Rules are written from __iptables_rule
|
configuration.
|
||||||
into the folder ``/etc/iptables.d/``.
|
|
||||||
|
|
||||||
It reads all rules from the base folder as rules for IPv4.
|
|
||||||
Rules in the subfolder ``v6/`` are IPv6 rules. Rules in
|
|
||||||
the subfolder ``all/`` are applied to both rule tables. All
|
|
||||||
files contain the arguments for a single ``iptables`` and/or
|
|
||||||
``ip6tables`` command.
|
|
||||||
|
|
||||||
Rules are applied in the following order:
|
|
||||||
1. All IPv4 rules
|
|
||||||
2. All IPv6 rules
|
|
||||||
2. All rules that should be applied to both tables
|
|
||||||
|
|
||||||
The order of the rules that will be applied are definite
|
|
||||||
from the result the shell glob returns, which should be
|
|
||||||
alphabetical. If rules must be applied in a special order,
|
|
||||||
prefix them with a number like ``02-some-rule``.
|
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
|
@ -41,7 +24,7 @@ None
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
||||||
None (__iptables_apply is used by __iptables_rule automatically)
|
None (__iptables_apply is used by __iptables_rule)
|
||||||
|
|
||||||
|
|
||||||
SEE ALSO
|
SEE ALSO
|
||||||
|
@ -52,13 +35,11 @@ SEE ALSO
|
||||||
AUTHORS
|
AUTHORS
|
||||||
-------
|
-------
|
||||||
Nico Schottelius <nico-cdist--@--schottelius.org>
|
Nico Schottelius <nico-cdist--@--schottelius.org>
|
||||||
Matthias Stecher <matthiasstecher--@--gmx.de>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
COPYING
|
||||||
-------
|
-------
|
||||||
Copyright \(C) 2013 Nico Schottelius.
|
Copyright \(C) 2013 Nico Schottelius. You can redistribute it
|
||||||
Copyright \(C) 2020 Matthias Stecher.
|
and/or modify it under the terms of the GNU General Public License as
|
||||||
You can redistribute it and/or modify it under the terms of the GNU
|
published by the Free Software Foundation, either version 3 of the
|
||||||
General Public License as published by the Free Software Foundation,
|
License, or (at your option) any later version.
|
||||||
either version 3 of the License, or (at your option) any later version.
|
|
||||||
|
|
|
@ -11,10 +11,6 @@ DESCRIPTION
|
||||||
This cdist type allows you to manage iptable rules
|
This cdist type allows you to manage iptable rules
|
||||||
in a distribution independent manner.
|
in a distribution independent manner.
|
||||||
|
|
||||||
See :strong:`cdist-type__iptables_apply`\ (7) for the
|
|
||||||
execution order of these rules. It will be executed
|
|
||||||
automaticly to apply all rules non-volaite.
|
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
|
@ -29,24 +25,6 @@ state
|
||||||
'present' or 'absent', defaults to 'present'
|
'present' or 'absent', defaults to 'present'
|
||||||
|
|
||||||
|
|
||||||
BOOLEAN PARAMETERS
|
|
||||||
------------------
|
|
||||||
All rules without any of these parameters will be treated like ``--v4`` because
|
|
||||||
of backward compatibility.
|
|
||||||
|
|
||||||
v4
|
|
||||||
Explicitly set it as rule for IPv4. If IPv6 is set, too, it will be
|
|
||||||
threaten like ``--all``. Will be the default if nothing else is set.
|
|
||||||
|
|
||||||
v6
|
|
||||||
Explicitly set it as rule for IPv6. If IPv4 is set, too, it will be
|
|
||||||
threaten like ``--all``.
|
|
||||||
|
|
||||||
all
|
|
||||||
Set the rule for both IPv4 and IPv6. It will be saved separately from the
|
|
||||||
other rules.
|
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
||||||
|
@ -70,16 +48,6 @@ EXAMPLES
|
||||||
--state absent
|
--state absent
|
||||||
|
|
||||||
|
|
||||||
# IPv4-only rule for ICMPv4
|
|
||||||
__iptables_rule icmp-v4 --v4 --rule "-A INPUT -p icmp -j ACCEPT"
|
|
||||||
# IPv6-only rule for ICMPv6
|
|
||||||
__iptables_rule icmp-v6 --v6 --rule "-A INPUT -p icmpv6 -j ACCEPT"
|
|
||||||
|
|
||||||
# doing something for the dual stack
|
|
||||||
__iptables_rule fwd-eth0-eth1 --v4 --v6 --rule "-A INPUT -i eth0 -o eth1 -j ACCEPT"
|
|
||||||
__iptables_rule fwd-eth1-eth0 --all --rule "-A -o eth1 -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT"
|
|
||||||
|
|
||||||
|
|
||||||
SEE ALSO
|
SEE ALSO
|
||||||
--------
|
--------
|
||||||
:strong:`cdist-type__iptables_apply`\ (7), :strong:`iptables`\ (8)
|
:strong:`cdist-type__iptables_apply`\ (7), :strong:`iptables`\ (8)
|
||||||
|
@ -88,13 +56,11 @@ SEE ALSO
|
||||||
AUTHORS
|
AUTHORS
|
||||||
-------
|
-------
|
||||||
Nico Schottelius <nico-cdist--@--schottelius.org>
|
Nico Schottelius <nico-cdist--@--schottelius.org>
|
||||||
Matthias Stecher <matthiasstecher--@--gmx.de>
|
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
COPYING
|
||||||
-------
|
-------
|
||||||
Copyright \(C) 2013 Nico Schottelius.
|
Copyright \(C) 2013 Nico Schottelius. You can redistribute it
|
||||||
Copyright \(C) 2020 Matthias Stecher.
|
and/or modify it under the terms of the GNU General Public License as
|
||||||
You can redistribute it and/or modify it under the terms of the GNU
|
published by the Free Software Foundation, either version 3 of the
|
||||||
General Public License as published by the Free Software Foundation,
|
License, or (at your option) any later version.
|
||||||
either version 3 of the License, or (at your option) any later version.
|
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh -e
|
||||||
#
|
#
|
||||||
# 2013 Nico Schottelius (nico-cdist at schottelius.org)
|
# 2013 Nico Schottelius (nico-cdist at schottelius.org)
|
||||||
# 2020 Matthias Stecher (matthiasstecher at gmx.de)
|
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -25,36 +24,12 @@ base_dir=/etc/iptables.d
|
||||||
name="$__object_id"
|
name="$__object_id"
|
||||||
state="$(cat "$__object/parameter/state")"
|
state="$(cat "$__object/parameter/state")"
|
||||||
|
|
||||||
if [ -f "$__object/parameter/v4" ]; then
|
|
||||||
only_v4="yes"
|
|
||||||
# $specific_dir is $base_dir
|
|
||||||
fi
|
|
||||||
if [ -f "$__object/parameter/v6" ]; then
|
|
||||||
only_v6="yes"
|
|
||||||
specific_dir="$base_dir/v6"
|
|
||||||
fi
|
|
||||||
# If rules should be set for both protocols
|
|
||||||
if { [ "$only_v4" = "yes" ] && [ "$only_v6" = "yes" ]; } ||
|
|
||||||
[ -f "$__object/parameter/all" ]; then
|
|
||||||
|
|
||||||
# all to a specific directory
|
|
||||||
specific_dir="$base_dir/all"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# set rule directory based on if it's the base or subdirectory
|
|
||||||
rule_dir="${specific_dir:-$base_dir}"
|
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
# Basic setup
|
# Basic setup
|
||||||
#
|
#
|
||||||
|
|
||||||
__directory "$base_dir" --state present
|
__directory "$base_dir" --state present
|
||||||
|
|
||||||
# sub-directory if required
|
|
||||||
if [ "$specific_dir" ]; then
|
|
||||||
require="__directory/$base_dir" __directory "$specific_dir" --state present
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Have apply do the real job
|
# Have apply do the real job
|
||||||
require="$__object_name" __iptables_apply
|
require="$__object_name" __iptables_apply
|
||||||
|
|
||||||
|
@ -62,15 +37,6 @@ require="$__object_name" __iptables_apply
|
||||||
# The rule
|
# The rule
|
||||||
#
|
#
|
||||||
|
|
||||||
for dir in "$base_dir" "$base_dir/v6" "$base_dir/all"; do
|
require="__directory/$base_dir" __file "$base_dir/${name}" \
|
||||||
# defaults to absent except the directory that should contain the file
|
--source "$__object/parameter/rule" \
|
||||||
if [ "$rule_dir" = "$dir" ]; then
|
--state "$state"
|
||||||
curr_state="$state"
|
|
||||||
else
|
|
||||||
curr_state="absent"
|
|
||||||
fi
|
|
||||||
|
|
||||||
require="__directory/$rule_dir" __file "$dir/$name" \
|
|
||||||
--source "$__object/parameter/rule" \
|
|
||||||
--state "$curr_state"
|
|
||||||
done
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
all
|
|
||||||
v4
|
|
||||||
v6
|
|
3
cdist/conf/type/__letsencrypt_cert/explorer/certbot-path
Executable file
3
cdist/conf/type/__letsencrypt_cert/explorer/certbot-path
Executable file
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/sh -e
|
||||||
|
|
||||||
|
command -v certbot 2>/dev/null || true
|
|
@ -1,78 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
certbot_path="$(command -v certbot 2>/dev/null || true)"
|
|
||||||
# Defaults
|
|
||||||
certificate_exists="no"
|
|
||||||
certificate_is_test="no"
|
|
||||||
|
|
||||||
if [ -n "${certbot_path}" ]; then
|
|
||||||
# Find python executable that has access to certbot's module
|
|
||||||
python_path=$(sed -n '1s/^#! *//p' "${certbot_path}")
|
|
||||||
|
|
||||||
# Use a lock for cdist due to certbot not exiting with failure
|
|
||||||
# or having any flags for concurrent use.
|
|
||||||
_certbot() {
|
|
||||||
${python_path} - 2>/dev/null <<EOF
|
|
||||||
from certbot.main import main
|
|
||||||
import fcntl
|
|
||||||
lock_file = "/tmp/certbot.cdist.lock"
|
|
||||||
timeout=60
|
|
||||||
with open(lock_file, 'w') as fd:
|
|
||||||
for i in range(timeout):
|
|
||||||
try:
|
|
||||||
# Get exclusive lock
|
|
||||||
fcntl.flock(fd, fcntl.LOCK_EX | fcntl.LOCK_NB)
|
|
||||||
break
|
|
||||||
except:
|
|
||||||
# Wait if that fails
|
|
||||||
import time
|
|
||||||
time.sleep(1)
|
|
||||||
else:
|
|
||||||
# Timed out, exit with failure
|
|
||||||
import sys
|
|
||||||
sys.exit(1)
|
|
||||||
# Do list certificates
|
|
||||||
main(["certificates", "--cert-name", "${__object_id:?}"])
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
_certificate_exists() {
|
|
||||||
if grep -q " Certificate Name: ${__object_id:?}$"; then
|
|
||||||
echo yes
|
|
||||||
else
|
|
||||||
echo no
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
_certificate_is_test() {
|
|
||||||
if grep -q 'INVALID: TEST_CERT'; then
|
|
||||||
echo yes
|
|
||||||
else
|
|
||||||
echo no
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
_certificate_domains() {
|
|
||||||
grep ' Domains: ' | cut -d ' ' -f 6- | tr ' ' '\n'
|
|
||||||
}
|
|
||||||
|
|
||||||
# Get data about all available certificates
|
|
||||||
certificates="$(_certbot)"
|
|
||||||
|
|
||||||
# Check whether or not the certificate exists
|
|
||||||
certificate_exists="$(echo "${certificates}" | _certificate_exists)"
|
|
||||||
|
|
||||||
# Check whether or not the certificate is for testing
|
|
||||||
certificate_is_test="$(echo "${certificates}" | _certificate_is_test)"
|
|
||||||
|
|
||||||
# Get domains for certificate
|
|
||||||
certificate_domains="$(echo "${certificates}" | _certificate_domains)"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Return received data
|
|
||||||
cat <<EOF
|
|
||||||
certbot_path:${certbot_path}
|
|
||||||
certificate_exists:${certificate_exists}
|
|
||||||
certificate_is_test:${certificate_is_test}
|
|
||||||
${certificate_domains}
|
|
||||||
EOF
|
|
8
cdist/conf/type/__letsencrypt_cert/explorer/certificate-domains
Executable file
8
cdist/conf/type/__letsencrypt_cert/explorer/certificate-domains
Executable file
|
@ -0,0 +1,8 @@
|
||||||
|
#!/bin/sh -e
|
||||||
|
|
||||||
|
certbot_path=$("${__type_explorer}/certbot-path")
|
||||||
|
if [ -n "${certbot_path}" ]
|
||||||
|
then
|
||||||
|
certbot certificates --cert-name "${__object_id:?}" | grep ' Domains: ' | \
|
||||||
|
cut -d ' ' -f 6- | tr ' ' '\n'
|
||||||
|
fi
|
13
cdist/conf/type/__letsencrypt_cert/explorer/certificate-exists
Executable file
13
cdist/conf/type/__letsencrypt_cert/explorer/certificate-exists
Executable file
|
@ -0,0 +1,13 @@
|
||||||
|
#!/bin/sh -e
|
||||||
|
|
||||||
|
certbot_path=$("${__type_explorer}/certbot-path")
|
||||||
|
if [ -n "${certbot_path}" ]
|
||||||
|
then
|
||||||
|
if certbot certificates | grep -q " Certificate Name: ${__object_id:?}$"; then
|
||||||
|
echo yes
|
||||||
|
else
|
||||||
|
echo no
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo no
|
||||||
|
fi
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue