Compare commits

..

No commits in common. "master" and "6.7" have entirely different histories.
master ... 6.7

277 changed files with 1543 additions and 9264 deletions

2
.gitattributes vendored
View file

@ -4,5 +4,5 @@
docs/speeches export-ignore docs/speeches export-ignore
docs/video export-ignore docs/video export-ignore
docs/src/man7 export-ignore docs/src/man7 export-ignore
bin/cdist-build-helper export-ignore bin/build-helper export-ignore
README-maintainers export-ignore README-maintainers export-ignore

View file

@ -1,23 +1,20 @@
---
image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest
stages: stages:
- test - test
before_script: image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest
- ./bin/cdist-build-helper version
shellcheck:
stage: test
script:
- ./bin/cdist-build-helper shellcheck
pycodestyle:
stage: test
script:
- ./bin/cdist-build-helper pycodestyle
unit_tests: unit_tests:
stage: test stage: test
script: script:
- ./bin/cdist-build-helper test - ./bin/build-helper version
- ./bin/build-helper test
pycodestyle:
stage: test
script:
- ./bin/build-helper pycodestyle
shellcheck:
stage: test
script:
- ./bin/build-helper shellcheck

View file

@ -35,9 +35,9 @@ DOCS_SRC_DIR=./docs/src
SPEECHDIR=./docs/speeches SPEECHDIR=./docs/speeches
TYPEDIR=./cdist/conf/type TYPEDIR=./cdist/conf/type
SPHINXM=$(MAKE) -C $(DOCS_SRC_DIR) man SPHINXM=make -C $(DOCS_SRC_DIR) man
SPHINXH=$(MAKE) -C $(DOCS_SRC_DIR) html SPHINXH=make -C $(DOCS_SRC_DIR) html
SPHINXC=$(MAKE) -C $(DOCS_SRC_DIR) clean SPHINXC=make -C $(DOCS_SRC_DIR) clean
################################################################################ ################################################################################
# Manpages # Manpages
@ -81,7 +81,7 @@ version:
} }
# Manpages #3: generic part # Manpages #3: generic part
man: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF) man: version $(MANTYPES) $(DOCSREF)
$(SPHINXM) $(SPHINXM)
html: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF) html: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF)
@ -104,7 +104,7 @@ DOTMANTYPES=$(subst /man.rst,.rst,$(DOTMANTYPEPREFIX))
$(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst $(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst
ln -sf "$^" $@ ln -sf "$^" $@
dotman: version configskel $(DOTMANTYPES) $(DOCSREF) $(DOCSTYPESREF) dotman: version $(DOTMANTYPES)
$(SPHINXM) $(SPHINXM)
################################################################################ ################################################################################

View file

@ -1,4 +1,4 @@
Maintainers should use ./bin/cdist-build-helper script. Maintainers should use ./bin/build-helper script.
Makefile is intended for end users. It can be used for non-maintaining Makefile is intended for end users. It can be used for non-maintaining
targets that can be run from pure source (without git repository). targets that can be run from pure source (without git repository).

View file

@ -24,8 +24,8 @@ For community-maintained types there is
## Participating ## Participating
IRC: ``#cdist`` @ [libera](https://libera.chat) IRC: ``#cdist`` @ freenode
Matrix: ``#cdist:ungleich.ch`` Matrix: ``#cdist:ungleich.ch``
Matrix and IRC are bridged. Mattermost: https://chat.ungleich.ch/ungleich/channels/cdist

View file

@ -45,7 +45,7 @@ usage() {
shellcheck-manifests shellcheck-manifests
shellcheck-local-gencodes shellcheck-local-gencodes
shellcheck-remote-gencodes shellcheck-remote-gencodes
shellcheck-bin shellcheck-scripts
shellcheck-gencodes shellcheck-gencodes
shellcheck-types shellcheck-types
shellcheck shellcheck
@ -100,7 +100,7 @@ case "$option" in
if (\$0 ~ /^$end/) { if (\$0 ~ /^$end/) {
exit exit
} else { } else {
print \$0 print \$0
} }
} }
}" "$basedir/docs/changelog" }" "$basedir/docs/changelog"
@ -135,7 +135,7 @@ case "$option" in
version=$1; shift version=$1; shift
( (
cat << eof cat << eof
Subject: cdist $version has been released Subject: cdist $version has been released
@ -336,7 +336,7 @@ eof
make docs-clean make docs-clean
make docs make docs
############################################################# #############################################################
# Everything green, let's do the release # Everything green, let's do the release
# Tag the current commit # Tag the current commit
@ -371,6 +371,7 @@ eof
Manual steps post release: Manual steps post release:
- cdist-web - cdist-web
- send generated mailinglist.tmp mail - send generated mailinglist.tmp mail
- twitter
eof eof
;; ;;
@ -405,7 +406,7 @@ eof
;; ;;
pycodestyle|pep8) pycodestyle|pep8)
pycodestyle "${basedir}" "${basedir}/bin/cdist" pycodestyle "${basedir}" "${basedir}/scripts/cdist"
;; ;;
check-pycodestyle) check-pycodestyle)
@ -460,34 +461,27 @@ eof
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; } test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
;; ;;
# NOTE: shellcheck-scripts is kept for compatibility shellcheck-scripts)
shellcheck-bin|shellcheck-scripts)
# shellcheck disable=SC2086 # shellcheck disable=SC2086
${SHELLCHECKCMD} bin/cdist-dump bin/cdist-new-type > "${SHELLCHECKTMP}" ${SHELLCHECKCMD} scripts/cdist-dump scripts/cdist-new-type > "${SHELLCHECKTMP}"
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; } test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
;; ;;
shellcheck-gencodes) shellcheck-gencodes)
errors=false "$0" shellcheck-local-gencodes || exit 1
"$0" shellcheck-local-gencodes || errors=true "$0" shellcheck-remote-gencodes || exit 1
"$0" shellcheck-remote-gencodes || errors=true
! $errors || exit 1
;; ;;
shellcheck-types) shellcheck-types)
errors=false "$0" shellcheck-type-explorers || exit 1
"$0" shellcheck-type-explorers || errors=true "$0" shellcheck-manifests || exit 1
"$0" shellcheck-manifests || errors=true "$0" shellcheck-gencodes || exit 1
"$0" shellcheck-gencodes || errors=true
! $errors || exit 1
;; ;;
shellcheck) shellcheck)
errors=false "$0" shellcheck-global-explorers || exit 1
"$0" shellcheck-global-explorers || errors=true "$0" shellcheck-types || exit 1
"$0" shellcheck-types || errors=true "$0" shellcheck-scripts || exit 1
"$0" shellcheck-bin || errors=true
! $errors || exit 1
;; ;;
shellcheck-type-files) shellcheck-type-files)
@ -497,14 +491,12 @@ eof
;; ;;
shellcheck-with-files) shellcheck-with-files)
errors=false "$0" shellcheck || exit 1
"$0" shellcheck || errors=true "$0" shellcheck-type-files || exit 1
"$0" shellcheck-type-files || errors=true
! $errors || exit 1
;; ;;
shellcheck-build-helper) shellcheck-build-helper)
${SHELLCHECKCMD} ./bin/cdist-build-helper ${SHELLCHECKCMD} ./bin/build-helper
;; ;;
check-shellcheck) check-shellcheck)

View file

@ -1,8 +1,7 @@
#!/usr/bin/env python3 #!/bin/sh
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# #
# 2010-2016 Nico Schottelius (nico-cdist at schottelius.org) # 2012 Nico Schottelius (nico-cdist at schottelius.org)
# 2016 Darko Poljak (darko.poljak at gmail.com)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -21,83 +20,14 @@
# #
# #
import logging # Wrapper for real script to allow execution from checkout
import os dir=${0%/*}
import sys
# See if this file's parent is cdist module # Ensure version is present - the bundled/shipped version contains a static version,
# and if so add it to module search path. # the git version contains a dynamic version
cdist_dir = os.path.realpath( "$dir/build-helper" version
os.path.join(
os.path.dirname(os.path.realpath(__file__)),
os.pardir))
cdist_init_dir = os.path.join(cdist_dir, 'cdist', '__init__.py')
if os.path.exists(cdist_init_dir):
sys.path.insert(0, cdist_dir)
import cdist # noqa 402 libdir=$(cd "${dir}/../" && pwd -P)
import cdist.argparse # noqa 402 export PYTHONPATH="${libdir}"
import cdist.banner # noqa 402
import cdist.config # noqa 402
import cdist.install # noqa 402
import cdist.shell # noqa 402
import cdist.inventory # noqa 402
"$dir/../scripts/cdist" "$@"
def commandline():
"""Parse command line"""
# preos subcommand hack
if len(sys.argv) > 1 and sys.argv[1] == 'preos':
return cdist.preos.PreOS.commandline(sys.argv[1:])
parser, cfg = cdist.argparse.parse_and_configure(sys.argv[1:])
args = cfg.get_args()
# Work around python 3.3 bug:
# http://bugs.python.org/issue16308
# http://bugs.python.org/issue9253
# FIXME: catching AttributeError also hides
# real problems.. try a different way
# FIXME: we always print main help, not
# the help of the actual parser being used!
try:
getattr(args, "func")
except AttributeError:
parser['main'].print_help()
sys.exit(0)
args.func(args)
if __name__ == "__main__":
if sys.version_info[:3] < cdist.MIN_SUPPORTED_PYTHON_VERSION:
print(
'Python >= {} is required on the source host.'.format(
".".join(map(str, cdist.MIN_SUPPORTED_PYTHON_VERSION))),
file=sys.stderr)
sys.exit(1)
exit_code = 0
try:
import re
import os
if re.match("__", os.path.basename(sys.argv[0])):
import cdist.emulator
emulator = cdist.emulator.Emulator(sys.argv)
emulator.run()
else:
commandline()
except KeyboardInterrupt:
exit_code = 2
except cdist.Error as e:
log = logging.getLogger("cdist")
log.error(e)
exit_code = 1
sys.exit(exit_code)

View file

@ -22,27 +22,12 @@
import os import os
import hashlib import hashlib
import subprocess
import cdist.log import cdist.log
import cdist.version
VERSION = 'unknown version' VERSION = cdist.version.VERSION
try:
import cdist.version
VERSION = cdist.version.VERSION
except ModuleNotFoundError:
cdist_dir = os.path.abspath(
os.path.join(os.path.dirname(__file__), os.pardir))
if os.path.isdir(os.path.join(cdist_dir, '.git')):
try:
VERSION = subprocess.check_output(
['git', 'describe', '--always'],
cwd=cdist_dir,
universal_newlines=True)
except Exception:
pass
BANNER = """ BANNER = """
.. . .x+=:. s .. . .x+=:. s
@ -64,7 +49,7 @@ REMOTE_EXEC = "ssh -o User=root"
REMOTE_CMDS_CLEANUP_PATTERN = "ssh -o User=root -O exit -S {}" REMOTE_CMDS_CLEANUP_PATTERN = "ssh -o User=root -O exit -S {}"
MIN_SUPPORTED_PYTHON_VERSION = (3, 5) MIN_SUPPORTED_PYTHON_VERSION = '3.5'
class Error(Exception): class Error(Exception):

View file

@ -8,11 +8,10 @@ import cdist.configuration
import cdist.log import cdist.log
import cdist.preos import cdist.preos
import cdist.info import cdist.info
import cdist.scan.commandline
# set of beta sub-commands # set of beta sub-commands
BETA_COMMANDS = set(('install', 'inventory', 'scan', )) BETA_COMMANDS = set(('install', 'inventory', ))
# set of beta arguments for sub-commands # set of beta arguments for sub-commands
BETA_ARGS = { BETA_ARGS = {
'config': set(('tag', 'all_tagged_hosts', 'use_archiving', )), 'config': set(('tag', 'all_tagged_hosts', 'use_archiving', )),
@ -274,7 +273,8 @@ def get_parsers():
'-f', '--file', '-f', '--file',
help=('Read specified file for a list of additional hosts to ' help=('Read specified file for a list of additional hosts to '
'operate on or if \'-\' is given, read stdin (one host per ' 'operate on or if \'-\' is given, read stdin (one host per '
'line).'), 'line). If no host or host file is specified then, by '
'default, read hosts from stdin.'),
dest='hostfile', required=False) dest='hostfile', required=False)
parser['config_args'].add_argument( parser['config_args'].add_argument(
'-p', '--parallel', nargs='?', metavar='HOST_MAX', '-p', '--parallel', nargs='?', metavar='HOST_MAX',
@ -326,7 +326,9 @@ def get_parsers():
parser['add-host'].add_argument( parser['add-host'].add_argument(
'-f', '--file', '-f', '--file',
help=('Read additional hosts to add from specified file ' help=('Read additional hosts to add from specified file '
'or from stdin if \'-\' (each host on separate line). '), 'or from stdin if \'-\' (each host on separate line). '
'If no host or host file is specified then, by default, '
'read from stdin.'),
dest='hostfile', required=False) dest='hostfile', required=False)
parser['add-tag'] = parser['invsub'].add_parser( parser['add-tag'] = parser['invsub'].add_parser(
@ -340,12 +342,20 @@ def get_parsers():
parser['add-tag'].add_argument( parser['add-tag'].add_argument(
'-f', '--file', '-f', '--file',
help=('Read additional hosts to add tags from specified file ' help=('Read additional hosts to add tags from specified file '
'or from stdin if \'-\' (each host on separate line). '), 'or from stdin if \'-\' (each host on separate line). '
'If no host or host file is specified then, by default, '
'read from stdin. If no tags/tagfile nor hosts/hostfile'
' are specified then tags are read from stdin and are'
' added to all hosts.'),
dest='hostfile', required=False) dest='hostfile', required=False)
parser['add-tag'].add_argument( parser['add-tag'].add_argument(
'-T', '--tag-file', '-T', '--tag-file',
help=('Read additional tags to add from specified file ' help=('Read additional tags to add from specified file '
'or from stdin if \'-\' (each tag on separate line). '), 'or from stdin if \'-\' (each tag on separate line). '
'If no tag or tag file is specified then, by default, '
'read from stdin. If no tags/tagfile nor hosts/hostfile'
' are specified then tags are read from stdin and are'
' added to all hosts.'),
dest='tagfile', required=False) dest='tagfile', required=False)
parser['add-tag'].add_argument( parser['add-tag'].add_argument(
'-t', '--taglist', '-t', '--taglist',
@ -366,7 +376,9 @@ def get_parsers():
parser['del-host'].add_argument( parser['del-host'].add_argument(
'-f', '--file', '-f', '--file',
help=('Read additional hosts to delete from specified file ' help=('Read additional hosts to delete from specified file '
'or from stdin if \'-\' (each host on separate line). '), 'or from stdin if \'-\' (each host on separate line). '
'If no host or host file is specified then, by default, '
'read from stdin.'),
dest='hostfile', required=False) dest='hostfile', required=False)
parser['del-tag'] = parser['invsub'].add_parser( parser['del-tag'] = parser['invsub'].add_parser(
@ -384,13 +396,20 @@ def get_parsers():
parser['del-tag'].add_argument( parser['del-tag'].add_argument(
'-f', '--file', '-f', '--file',
help=('Read additional hosts to delete tags for from specified ' help=('Read additional hosts to delete tags for from specified '
'file or from stdin if \'-\' (each host on separate ' 'file or from stdin if \'-\' (each host on separate line). '
'line). '), 'If no host or host file is specified then, by default, '
'read from stdin. If no tags/tagfile nor hosts/hostfile'
' are specified then tags are read from stdin and are'
' deleted from all hosts.'),
dest='hostfile', required=False) dest='hostfile', required=False)
parser['del-tag'].add_argument( parser['del-tag'].add_argument(
'-T', '--tag-file', '-T', '--tag-file',
help=('Read additional tags from specified file ' help=('Read additional tags from specified file '
'or from stdin if \'-\' (each tag on separate line). '), 'or from stdin if \'-\' (each tag on separate line). '
'If no tag or tag file is specified then, by default, '
'read from stdin. If no tags/tagfile nor'
' hosts/hostfile are specified then tags are read from'
' stdin and are added to all hosts.'),
dest='tagfile', required=False) dest='tagfile', required=False)
parser['del-tag'].add_argument( parser['del-tag'].add_argument(
'-t', '--taglist', '-t', '--taglist',
@ -471,47 +490,6 @@ def get_parsers():
'pattern', nargs='?', help='Glob pattern.') 'pattern', nargs='?', help='Glob pattern.')
parser['info'].set_defaults(func=cdist.info.Info.commandline) parser['info'].set_defaults(func=cdist.info.Info.commandline)
# Scan = config + further
parser['scan'] = parser['sub'].add_parser('scan', add_help=False,
parents=[parser['config']])
parser['scan'] = parser['sub'].add_parser(
'scan', parents=[parser['loglevel'],
parser['beta'],
parser['colored_output'],
parser['common'],
parser['config_main']])
parser['scan'].add_argument(
'-m', '--mode', help='Which modes should run',
action='append', default=[],
choices=['scan', 'trigger', 'config'])
parser['scan'].add_argument(
'--list',
action='store_true',
help='List the known hosts and exit')
parser['scan'].add_argument(
'--config',
action='store_true',
help='Try to configure detected hosts')
parser['scan'].add_argument(
'-I', '--interface',
action='append', default=[], required=True,
help='On which interfaces to scan/trigger')
parser['scan'].add_argument(
'--name-mapper',
action='store', default=None,
help='Map addresses to names, required for config mode')
parser['scan'].add_argument(
'-d', '--config-delay',
action='store', default=3600, type=int,
help='How long (seconds) to wait before reconfiguring after last try')
parser['scan'].add_argument(
'-t', '--trigger-delay',
action='store', default=5, type=int,
help='How long (seconds) to wait between ICMPv6 echo requests')
parser['scan'].set_defaults(func=cdist.scan.commandline.commandline)
for p in parser: for p in parser:
parser[p].epilog = EPILOG parser[p].epilog = EPILOG
@ -545,10 +523,10 @@ def parse_and_configure(argv, singleton=True):
log = logging.getLogger("cdist") log = logging.getLogger("cdist")
log.verbose("version %s", cdist.VERSION) log.verbose("version %s" % cdist.VERSION)
log.trace('command line args: %s', cfg.command_line_args) log.trace('command line args: {}'.format(cfg.command_line_args))
log.trace('configuration: %s', cfg.get_config()) log.trace('configuration: {}'.format(cfg.get_config()))
log.trace('configured args: %s', args) log.trace('configured args: {}'.format(args))
check_beta(vars(args)) check_beta(vars(args))

File diff suppressed because it is too large Load diff

View file

@ -1,9 +1,8 @@
#!/bin/sh -e #!/bin/sh
# #
# 2014 Daniel Heule (hda at sfs.biz) # 2014 Daniel Heule (hda at sfs.biz)
# 2014 Thomas Oettli (otho at sfs.biz) # 2014 Thomas Oettli (otho at sfs.biz)
# Copyright 2017, Philippe Gregoire <pg@pgregoire.xyz> # Copyright 2017, Philippe Gregoire <pg@pgregoire.xyz>
# 2020 Dennis Camera <dennis.camera at ssrq-sds-fds.ch>
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -20,73 +19,24 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
# Returns the amount of memory physically installed in the system, or if that #
# cannot be determined the amount available to the operating system kernel,
# in kibibytes (kiB).
str2bytes() { # FIXME: other system types (not linux ...)
awk -F' ' '
$2 == "B" || !$2 { print $1 }
$2 == "kB" { printf "%.f\n", ($1 * 1000) }
$2 == "MB" { printf "%.f\n", ($1 * 1000 * 1000) }
$2 == "GB" { printf "%.f\n", ($1 * 1000 * 1000 * 1000) }
$2 == "TB" { printf "%.f\n", ($1 * 1000 * 1000 * 1000 * 1000) }
$2 == "kiB" { printf "%.f\n", ($1 * 1024) }
$2 == "MiB" { printf "%.f\n", ($1 * 1024 * 1024) }
$2 == "GiB" { printf "%.f\n", ($1 * 1024 * 1024 * 1024) }
$2 == "TiB" { printf "%.f\n", ($1 * 1024 * 1024 * 1024 * 1024) }'
}
bytes2kib() { os=$("$__explorer/os")
awk '$0 > 0 { printf "%.f\n", ($0 / 1024) }' case "$os" in
} "macosx")
echo "$(sysctl -n hw.memsize)/1024" | bc
;;
*"bsd")
PATH=$(getconf PATH)
echo "$(sysctl -n hw.physmem) / 1048576" | bc
;;
case $(uname -s) *)
in if [ -r /proc/meminfo ]; then
(Darwin) grep "MemTotal:" /proc/meminfo | awk '{print $2}'
sysctl -n hw.memsize | bytes2kib fi
;; ;;
(FreeBSD)
sysctl -n hw.realmem | bytes2kib
;;
(NetBSD|OpenBSD)
# NOTE: This reports "usable" memory, not physically installed memory.
command -p sysctl -n hw.physmem | bytes2kib
;;
(SunOS)
# Make sure that awk from xpg4 is used for the scripts to work
export PATH="/usr/xpg4/bin:${PATH}"
prtconf \
| awk -F ': ' '
$1 == "Memory size" { sub(/Megabytes/, "MiB", $2); print $2 }
/^$/ { exit }' \
| str2bytes \
| bytes2kib
;;
(Linux)
if test -d /sys/devices/system/memory
then
# Use memory blocks if the architecture (e.g. x86, PPC64, s390)
# supports them (they denote physical memory)
num_mem_blocks=$(cat /sys/devices/system/memory/memory[0-9]*/state | grep -cxF online)
mem_block_size=$(cat /sys/devices/system/memory/block_size_bytes)
echo $((num_mem_blocks * 0x$mem_block_size)) | bytes2kib && exit
fi
if test -r /proc/meminfo
then
# Fall back to meminfo file on other architectures (e.g. ARM, MIPS,
# PowerPC)
# NOTE: This is "usable" memory, not physically installed memory.
awk -F ': +' '$1 == "MemTotal" { sub(/B$/, "iB", $2); print $2 }' /proc/meminfo \
| str2bytes \
| bytes2kib
fi
;;
(*)
printf "Your kernel (%s) is currently not supported by the memory explorer\n" "$(uname -s)" >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
;;
esac esac

View file

@ -144,9 +144,7 @@ esac
if [ -f /etc/os-release ]; then if [ -f /etc/os-release ]; then
# after sles15, suse don't provide an /etc/SuSE-release anymore, but there is almost no difference between sles and opensuse leap, so call it suse # after sles15, suse don't provide an /etc/SuSE-release anymore, but there is almost no difference between sles and opensuse leap, so call it suse
# shellcheck disable=SC1091 if grep -q ^ID_LIKE=\"suse\" /etc/os-release 2>/dev/null; then
if (. /etc/os-release && echo "${ID_LIKE}" | grep -q '\(^\|\ \)suse\($\|\ \)')
then
echo suse echo suse
exit 0 exit 0
fi fi

View file

@ -1,7 +1,6 @@
#!/bin/sh -e #!/bin/sh
# #
# 2010-2011 Nico Schottelius (nico-cdist at schottelius.org) # 2010-2011 Nico Schottelius (nico-cdist at schottelius.org)
# 2020-2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -18,22 +17,12 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
#
# All os variables are lower case # All os variables are lower case
# #
#
rc_getvar() { case "$("$__explorer/os")" in
awk -F= -v varname="$2" '
function unquote(s) {
if (s ~ /^".*"$/ || s ~ /^'\''.*'\''$/)
return substr(s, 2, length(s) - 2)
else
return s
}
$1 == varname { print unquote(substr($0, index($0, "=") + 1)) }' "$1"
}
case $("${__explorer:?}/os")
in
amazon) amazon)
cat /etc/system-release cat /etc/system-release
;; ;;
@ -42,53 +31,10 @@ in
cat /etc/arch-release cat /etc/arch-release
;; ;;
debian) debian)
debian_version=$(cat /etc/debian_version) cat /etc/debian_version
case $debian_version
in
testing/unstable)
# previous to Debian 4.0 testing/unstable was used
# cf. https://metadata.ftp-master.debian.org/changelogs/main/b/base-files/base-files_11_changelog
echo 3.99
;;
*/sid)
# sid versions don't have a number, so we decode by codename:
case $(expr "$debian_version" : '\([a-z]\{1,\}\)/')
in
trixie) echo 12.99 ;;
bookworm) echo 11.99 ;;
bullseye) echo 10.99 ;;
buster) echo 9.99 ;;
stretch) echo 8.99 ;;
jessie) echo 7.99 ;;
wheezy) echo 6.99 ;;
squeeze) echo 5.99 ;;
lenny) echo 4.99 ;;
*) echo 99.99 ;;
esac
;;
*)
echo "$debian_version"
;;
esac
;; ;;
devuan) devuan)
devuan_version=$(cat /etc/devuan_version) cat /etc/devuan_version
case ${devuan_version}
in
(*/ceres)
# ceres versions don't have a number, so we decode by codename:
case ${devuan_version}
in
(chimaera/ceres) echo 3.99 ;;
(beowulf/ceres) echo 2.99 ;;
(ascii/ceres) echo 1.99 ;;
(*) exit 1
esac
;;
(*)
echo "${devuan_version}"
;;
esac
;; ;;
fedora) fedora)
cat /etc/fedora-release cat /etc/fedora-release
@ -97,20 +43,7 @@ in
cat /etc/gentoo-release cat /etc/gentoo-release
;; ;;
macosx) macosx)
# NOTE: Legacy versions (< 10.3) do not support options sw_vers -productVersion
sw_vers | awk -F ':[ \t]+' '$1 == "ProductVersion" { print $2 }'
;;
freebsd)
# Apparently uname -r is not a reliable way to get the patch level.
# See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743
if command -v freebsd-version >/dev/null 2>&1
then
# get userland version
freebsd-version -u
else
# fallback to kernel release for FreeBSD < 10.0
uname -r
fi
;; ;;
*bsd|solaris) *bsd|solaris)
uname -r uname -r
@ -135,22 +68,9 @@ in
fi fi
;; ;;
ubuntu) ubuntu)
if command -v lsb_release >/dev/null 2>&1 lsb_release -sr
then
lsb_release -sr
elif test -r /usr/lib/os-release
then
# fallback to /usr/lib/os-release if lsb_release is not present (like
# on minimized Ubuntu installations)
rc_getvar /usr/lib/os-release VERSION_ID
elif test -r /etc/lsb-release
then
# extract DISTRIB_RELEASE= variable from /etc/lsb-release on old
# versions without /usr/lib/os-release.
rc_getvar /etc/lsb-release DISTRIB_RELEASE
fi
;; ;;
alpine) alpine)
cat /etc/alpine-release cat /etc/alpine-release
;; ;;
esac esac

View file

@ -1,7 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
# -*- mode: sh; indent-tabs-mode: t -*-
# #
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # 2019 Ander Punnar (ander-at-kvlt-dot-ee)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -18,24 +17,23 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
# Prints "present" if the extension is currently installed.
# "absent" otherwise.
quote() { printf '%s\n' "$*" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"; } # TODO check if filesystem has ACL turned on etc
postgres_user=$("${__type_explorer:?}/postgres_user") if [ -f "$__object/parameter/acl" ]
IFS=: read -r dbname extname <<EOF
${__object_id:?}
EOF
psql_exec() {
su - "${postgres_user}" -c "psql $(quote "$1") -twAc $(quote "$2")"
}
if psql_exec "${dbname}" 'SELECT extname FROM pg_extension' | grep -qFx "${extname}"
then then
echo present grep -E '^(default:)?(user|group):' "$__object/parameter/acl" \
else | while read -r acl
echo absent do
param="$( echo "$acl" | awk -F: '{print $(NF-2)}' )"
check="$( echo "$acl" | awk -F: '{print $(NF-1)}' )"
[ "$param" = 'user' ] && db=passwd || db="$param"
if ! getent "$db" "$check" > /dev/null
then
echo "missing $param '$check'" >&2
exit 1
fi
done
fi fi

View file

@ -1,4 +0,0 @@
#!/bin/sh -e
getent passwd | awk -F: '{print "user:"$1}'
getent group | awk -F: '{print "group:"$1}'

View file

@ -22,8 +22,8 @@ file_is="$( cat "$__object/explorer/file_is" )"
if [ "$file_is" = 'missing' ] \ if [ "$file_is" = 'missing' ] \
&& [ -z "$__cdist_dry_run" ] \ && [ -z "$__cdist_dry_run" ] \
&& [ ! -f "$__object/parameter/file" ] \ && \( [ ! -f "$__object/parameter/file" ] \
&& [ ! -f "$__object/parameter/directory" ] || [ ! -f "$__object/parameter/directory" ] \)
then then
exit 0 exit 0
fi fi
@ -47,26 +47,28 @@ then
elif [ -f "$__object/parameter/entry" ] elif [ -f "$__object/parameter/entry" ]
then then
acl_should="$( cat "$__object/parameter/entry" )" acl_should="$( cat "$__object/parameter/entry" )"
elif [ -f "$__object/parameter/acl" ]
then
acl_should="$( cat "$__object/parameter/acl" )"
elif
[ -f "$__object/parameter/user" ] \
|| [ -f "$__object/parameter/group" ] \
|| [ -f "$__object/parameter/mask" ] \
|| [ -f "$__object/parameter/other" ]
then
acl_should="$( for param in user group mask other
do
[ ! -f "$__object/parameter/$param" ] && continue
echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=:
echo "$param$sep$( cat "$__object/parameter/$param" )"
done )"
else else
echo 'no parameters set' >&2 echo 'no parameters set' >&2
exit 1 exit 1
fi fi
# instead of setfacl's non-helpful message "Option -m: Invalid argument near character X"
# let's check if target has necessary users and groups, since mistyped or missing
# users/groups in target is most common reason.
echo "$acl_should" \
| grep -Po '(user|group):[^:]+' \
| sort -u \
| while read -r l
do
if ! grep "$l" -Fxq "$__object/explorer/getent"
then
echo "no $l' in target" | sed "s/:/ '/" >&2
exit 1
fi
done
if [ -f "$__object/parameter/default" ] if [ -f "$__object/parameter/default" ]
then then
acl_should="$( echo "$acl_should" \ acl_should="$( echo "$acl_should" \

View file

@ -12,14 +12,11 @@ Fully supported and tested on Linux (ext4 filesystem), partial support for FreeB
See ``setfacl`` and ``acl`` manpages for more details. See ``setfacl`` and ``acl`` manpages for more details.
One of ``--entry`` or ``--source`` must be used.
REQUIRED MULTIPLE PARAMETERS
OPTIONAL MULTIPLE PARAMETERS
---------------------------- ----------------------------
entry entry
Set ACL entry following ``getfacl`` output syntax. Set ACL entry following ``getfacl`` output syntax.
Must be used if ``--source`` is not used.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
@ -28,7 +25,6 @@ source
Read ACL entries from stdin or file. Read ACL entries from stdin or file.
Ordering of entries is not important. Ordering of entries is not important.
When reading from file, comments and empty lines are ignored. When reading from file, comments and empty lines are ignored.
Must be used if ``--entry`` is not used.
file file
Create/change file with ``__file`` using ``user:group:mode`` pattern. Create/change file with ``__file`` using ``user:group:mode`` pattern.
@ -52,6 +48,12 @@ remove
``mask`` and ``other`` entries can't be removed, but only changed. ``mask`` and ``other`` entries can't be removed, but only changed.
DEPRECATED PARAMETERS
---------------------
Parameters ``acl``, ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
will be removed in future versions. Please use ``entry`` parameter instead.
EXAMPLES EXAMPLES
-------- --------

View file

@ -0,0 +1 @@
see manual for details

View file

@ -0,0 +1 @@
see manual for details

View file

@ -0,0 +1 @@
see manual for details

View file

@ -0,0 +1 @@
see manual for details

View file

@ -0,0 +1 @@
see manual for details

View file

@ -1,3 +1,5 @@
mask
other
source source
file file
directory directory

View file

@ -1 +1,4 @@
entry entry
acl
user
group

View file

@ -1,104 +0,0 @@
cdist-type__debian_backports(7)
===============================
NAME
----
cdist-type__apt_backports - Install backports
DESCRIPTION
-----------
This singleton type installs backports for the current OS release.
It aborts if backports are not supported for the specified OS or
no version codename could be fetched (like Debian unstable).
The package index will be automatically updated if required.
It supports backports from following OSes:
- Debian
- Devuan
- Ubuntu
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
Represents the state of the backports repository. ``present`` or
``absent``, defaults to ``present``.
Will be directly passed to :strong:`cdist-type__apt_source`\ (7).
mirror
The mirror to fetch the backports from. Will defaults to the generic
mirror of the current OS.
Will be directly passed to :strong:`cdist-type__apt_source`\ (7).
BOOLEAN PARAMETERS
------------------
None.
MESSAGES
--------
None.
EXAMPLES
--------
.. code-block:: sh
# setup the backports
__apt_backports
__apt_backports --state absent
__apt_backports --state present --mirror "http://ftp.de.debian.org/debian/"
# install a backports package
# currently for the buster release backports
require="__apt_backports" __package_apt wireguard \
--target-release buster-backports
ABORTS
------
Aborts if the detected os is not Debian.
Aborts if no distribuition codename could be detected. This is common for the
unstable distribution, but there is no backports repository for it already.
CAVEATS
-------
For Ubuntu, it setup all componenents for the backports repository: ``main``,
``restricted``, ``universe`` and ``multiverse``. The user may not want to
install proprietary packages, which will only be installed if the user
explicitly uses the backports target-release. The user may change this behavior
to install backports packages without the need of explicitly select it.
SEE ALSO
--------
`Official Debian Backports site <https://backports.debian.org/>`_
:strong:`cdist-type__apt_source`\ (7)
AUTHORS
-------
Matthias Stecher <matthiasstecher at gmx.de>
COPYING
-------
Copyright \(C) 2020 Matthias Stecher. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1,82 +0,0 @@
#!/bin/sh -e
# __apt_backports/manifest
#
# 2020 Matthias Stecher (matthiasstecher at gmx.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Enables/disables backports repository. Utilises __apt_source for it.
#
# Get the distribution codename by /etc/os-release.
# is already executed in a subshell by string substitution
# lsb_release may not be given in all installations
codename_os_release() {
# shellcheck disable=SC1090
# shellcheck disable=SC1091
. "$__global/explorer/os_release"
printf "%s" "$VERSION_CODENAME"
}
# detect backport distribution
os="$(cat "$__global/explorer/os")"
case "$os" in
debian)
dist="$( codename_os_release )"
components="main"
mirror="http://deb.debian.org/debian/"
;;
devuan)
dist="$( codename_os_release )"
components="main"
mirror="http://deb.devuan.org/merged"
;;
ubuntu)
dist="$( codename_os_release )"
components="main restricted universe multiverse"
mirror="http://archive.ubuntu.com/ubuntu"
;;
*)
printf "Backports for %s are not supported!\n" "$os" >&2
exit 1
;;
esac
# error if no codename given (e.g. on Debian unstable)
if [ -z "$dist" ]; then
printf "No backports for unkown version of distribution %s!\n" "$os" >&2
exit 1
fi
# parameters
state="$(cat "$__object/parameter/state")"
# mirror already set for the os, only override user-values
if [ -f "$__object/parameter/mirror" ]; then
mirror="$(cat "$__object/parameter/mirror")"
fi
# install the given backports repository
__apt_source "${dist}-backports" \
--state "$state" \
--distribution "${dist}-backports" \
--component "$components" \
--uri "$mirror"

View file

@ -1,2 +0,0 @@
state
mirror

View file

@ -27,25 +27,18 @@ else
keyid="$__object_id" keyid="$__object_id"
fi fi
# From apt-key(8):
# Use of apt-key is deprecated, except for the use of apt-key del in
# maintainer scripts to remove existing keys from the main keyring.
# If such usage of apt-key is desired the additional installation of
# the GNU Privacy Guard suite (packaged in gnupg) is required.
if [ -f "${__object}/parameter/use-deprecated-apt-key" ]; then
if apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK"
then echo present
else echo absent
fi
exit
fi
keydir="$(cat "$__object/parameter/keydir")" keydir="$(cat "$__object/parameter/keydir")"
keyfile="$keydir/$__object_id.gpg" keyfile="$keydir/$__object_id.gpg"
if [ -f "$keyfile" ] if [ -d "$keydir" ]
then then
echo present if [ -f "$keyfile" ]
exit then echo present
else echo absent
fi
else
# fallback to deprecated apt-key
apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK" \
&& echo present \
|| echo absent
fi fi
echo absent

View file

@ -25,7 +25,11 @@ else
fi fi
state_should="$(cat "$__object/parameter/state")" state_should="$(cat "$__object/parameter/state")"
state_is="$(cat "$__object/explorer/state")" state_is="$(cat "$__object/explorer/state")"
method="$(cat "$__object/key_method")"
if [ "$state_should" = "$state_is" ]; then
# nothing to do
exit 0
fi
keydir="$(cat "$__object/parameter/keydir")" keydir="$(cat "$__object/parameter/keydir")"
keyfile="$keydir/$__object_id.gpg" keyfile="$keydir/$__object_id.gpg"
@ -33,18 +37,30 @@ keyfile="$keydir/$__object_id.gpg"
case "$state_should" in case "$state_should" in
present) present)
keyserver="$(cat "$__object/parameter/keyserver")" keyserver="$(cat "$__object/parameter/keyserver")"
# Using __download or __file as key source
# Propagate messages if needed if [ -f "$__object/parameter/uri" ]; then
if [ "${method}" = "uri" ] || [ "${method}" = "source" ]; then uri="$(cat "$__object/parameter/uri")"
if grep -Eq "^__(file|download)$keyfile" "$__messages_in"; then
echo "added '$keyid'" >> "$__messages_out" if [ -d "$keydir" ]; then
cat << EOF
curl -s -L \\
-o "$keyfile" \\
"$uri"
key="\$( cat "$keyfile" )"
if echo "\$key" | grep -Fq 'BEGIN PGP PUBLIC KEY BLOCK'
then
echo "\$key" | gpg --dearmor > "$keyfile"
fi
EOF
else
# fallback to deprecated apt-key
echo "curl -s -L '$uri' | apt-key add -"
fi fi
exit 0 elif [ -d "$keydir" ]; then
elif [ "${state_is}" = "present" ]; then
exit 0
fi
# Using key servers to fetch the key
if [ ! -f "$__object/parameter/use-deprecated-apt-key" ]; then
# we need to kill gpg after 30 seconds, because gpg # we need to kill gpg after 30 seconds, because gpg
# can get stuck if keyserver is not responding. # can get stuck if keyserver is not responding.
# exporting env var and not exit 1, # exporting env var and not exit 1,
@ -84,16 +100,13 @@ EOF
echo "added '$keyid'" >> "$__messages_out" echo "added '$keyid'" >> "$__messages_out"
;; ;;
absent) absent)
# Removal for keys added from a keyserver without this flag if [ -f "$keyfile" ]; then
# is done in the manifest echo "rm '$keyfile'"
if [ "$state_is" != "absent" ] && \ else
[ -f "$__object/parameter/use-deprecated-apt-key" ]; then
# fallback to deprecated apt-key # fallback to deprecated apt-key
echo "apt-key del \"$keyid\"" echo "apt-key del \"$keyid\""
echo "removed '$keyid'" >> "$__messages_out"
# Propagate messages if needed
elif grep -Eq "^__file$keyfile" "$__messages_in"; then
echo "removed '$keyid'" >> "$__messages_out"
fi fi
echo "removed '$keyid'" >> "$__messages_out"
;; ;;
esac esac

View file

@ -10,14 +10,6 @@ DESCRIPTION
----------- -----------
Manages the list of keys used by apt to authenticate packages. Manages the list of keys used by apt to authenticate packages.
This is done by placing the requested key in a file named
``$__object_id.gpg`` in the ``keydir`` directory.
This is supported by modern releases of Debian-based distributions.
In order of preference, exactly one of: ``source``, ``uri`` or ``keyid``
must be specified.
REQUIRED PARAMETERS REQUIRED PARAMETERS
------------------- -------------------
@ -26,49 +18,21 @@ None.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
keydir
keyring directory, defaults to ``/etc/apt/trusted.pgp.d``, which is
enabled system-wide by default.
source
path to a file containing the GPG key of the repository.
Using this is recommended as it ensures that the manifest/type manintainer
has validated the key.
If ``-``, the GPG key is read from the type's stdin.
state state
'present' or 'absent'. Defaults to 'present' 'present' or 'absent'. Defaults to 'present'
uri
the URI from which to download the key.
It is highly recommended that you only use protocols with TLS like HTTPS.
This uses ``__download`` but does not use checksums, if you want to ensure
that the key doesn't change, you are better off downloading it and using
``--source``.
DEPRECATED OPTIONAL PARAMETERS
------------------------------
keyid keyid
the id of the key to download from the ``keyserver``. the id of the key to add. Defaults to __object_id
This is to be used in absence of ``--source`` and ``--uri`` or together
with ``--use-deprecated-apt-key`` for key removal.
Defaults to ``$__object_id``.
keyserver keyserver
the keyserver from which to fetch the key. the keyserver from which to fetch the key. If omitted the default set
Defaults to ``pool.sks-keyservers.net``. in ./parameter/default/keyserver is used.
keydir
key save location, defaults to ``/etc/apt/trusted.pgp.d``
DEPRECATED BOOLEAN PARAMETERS uri
----------------------------- the URI from which to download the key
use-deprecated-apt-key
``apt-key(8)`` will last be available in Debian 11 and Ubuntu 22.04.
You can use this parameter to force usage of ``apt-key(8)``.
Please only use this parameter to *remove* keys from the keyring,
in order to prepare for removal of ``apt-key``.
Adding keys should be done without this parameter.
This parameter will be removed when Debian 11 stops being supported.
EXAMPLES EXAMPLES
@ -76,39 +40,33 @@ EXAMPLES
.. code-block:: sh .. code-block:: sh
# add a key that has been verified by a type maintainer # Add Ubuntu Archive Automatic Signing Key
__apt_key jitsi_meet_2021 \ __apt_key 437D05B5
--source cdist-contrib/type/__jitsi_meet/files/apt_2021.gpg # Same thing
__apt_key 437D05B5 --state present
# Get rid of it
__apt_key 437D05B5 --state absent
# remove an old, deprecated or expired key # same thing with human readable name and explicit keyid
__apt_key jitsi_meet_2016 --state absent __apt_key UbuntuArchiveKey --keyid 437D05B5
# Get rid of a key that might have been added to # same thing with other keyserver
# /etc/apt/trusted.gpg with apt-key __apt_key UbuntuArchiveKey --keyid 437D05B5 --keyserver keyserver.ubuntu.com
__apt_key 0x40976EAF437D05B5 --use-deprecated-apt-key --state absent
# add a key that we define in-line # download key from the internet
__apt_key jitsi_meet_2021 --source '-' <<EOF __apt_key rabbitmq \
-----BEGIN PGP PUBLIC KEY BLOCK----- --uri http://www.rabbitmq.com/rabbitmq-signing-key-public.asc
[...]
-----END PGP PUBLIC KEY BLOCK-----
EOF
# download or update key from the internet
__apt_key rabbitmq_2007 \
--uri https://www.rabbitmq.com/rabbitmq-signing-key-public.asc
AUTHORS AUTHORS
------- -------
Steven Armstrong <steven-cdist--@--armstrong.cc> Steven Armstrong <steven-cdist--@--armstrong.cc>
Ander Punnar <ander-at-kvlt-dot-ee> Ander Punnar <ander-at-kvlt-dot-ee>
Evilham <contact~~@~~evilham.com>
COPYING COPYING
------- -------
Copyright \(C) 2011-2021 Steven Armstrong, Ander Punnar and Evilham. You can Copyright \(C) 2011-2019 Steven Armstrong and Ander Punnar. You can
redistribute it and/or modify it under the terms of the GNU General Public redistribute it and/or modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, either version 3 of the License as published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version. License, or (at your option) any later version.

View file

@ -2,105 +2,7 @@
__package gnupg __package gnupg
state_should="$(cat "${__object}/parameter/state")" if [ -f "$__object/parameter/uri" ]
then __package curl
incompatible_args() else __package dirmngr
{
cat >> /dev/stderr <<-EOF
This type does not support --${1} and --${method} simultaneously.
EOF
exit 1
}
if [ -f "${__object}/parameter/source" ]; then
method="source"
src="$(cat "${__object}/parameter/source")"
if [ "${src}" = "-" ]; then
src="${__object}/stdin"
fi
fi
if [ -f "${__object}/parameter/uri" ]; then
if [ -n "${method}" ]; then
incompatible_args uri
fi
method="uri"
src="$(cat "${__object}/parameter/uri")"
fi
if [ -f "${__object}/parameter/keyid" ]; then
if [ -n "${method}" ]; then
incompatible_args keyid
fi
method="keyid"
fi
# Keep old default
if [ -z "${method}" ]; then
method="keyid"
fi
# Save this for later in gencode-remote
echo "${method}" > "${__object}/key_method"
# Required remotely (most likely already installed)
__package dirmngr
# We need this in case a key has to be dearmor'd
__package gnupg
export require="__package/gnupg"
if [ -f "${__object}/parameter/use-deprecated-apt-key" ]; then
# This is required if apt-key(8) is to be used
if [ "${method}" = "source" ] || [ "${method}" = "uri" ]; then
incompatible_args use-deprecated-apt-key
fi
else
if [ "${state_should}" = "absent" ] && \
[ -f "${__object}/parameter/keyid" ]; then
cat >> /dev/stderr <<EOF
You can't reliably remove by keyid without --use-deprecated-apt-key.
This would very likely do something you do not intend.
EOF
exit 1
fi
fi
keydir="$(cat "${__object}/parameter/keydir")"
keyfile="${keydir}/${__object_id}.gpg"
keyfilecdist="${keyfile}.cdist"
if [ "${state_should}" != "absent" ]; then
# Ensure keydir exists
__directory "${keydir}" --state exists --mode 0755
fi
if [ "${state_should}" = "absent" ]; then
__file "${keyfile}" --state "absent"
__file "${keyfilecdist}" --state "absent"
elif [ "${method}" = "source" ] || [ "${method}" = "uri" ]; then
dearmor="$(cat <<-EOF
if [ '${state_should}' = 'present' ]; then
# Dearmor if necessary
if grep -Fq 'BEGIN PGP PUBLIC KEY BLOCK' '${keyfilecdist}'; then
gpg --dearmor < '${keyfilecdist}' > '${keyfile}'
else
cp '${keyfilecdist}' '${keyfile}'
fi
# Ensure permissions
chown root '${keyfile}'
chmod 0444 '${keyfile}'
fi
EOF
)"
if [ "${method}" = "uri" ]; then
__download "${keyfilecdist}" \
--url "${src}" \
--onchange "${dearmor}"
require="__download${keyfilecdist}" \
__file "${keyfile}" \
--owner root \
--mode 0444 \
--state pre-exists
else
__file "${keyfilecdist}" --state "${state_should}" \
--mode 0444 \
--source "${src}" \
--onchange "${dearmor}"
fi
fi fi

View file

@ -1 +0,0 @@
use-deprecated-apt-key

View file

@ -1,3 +0,0 @@
apt-key(8) will last be available in Debian 11 and Ubuntu 22.04.
Use this flag *only* to migrate to placing a keyring directly in the
/etc/apt/trusted.gpg.d/ directory with a descriptive name.

View file

@ -1,6 +1,5 @@
keydir state
keyid keyid
keyserver keyserver
source keydir
state
uri uri

View file

@ -1 +0,0 @@
Please migrate to using __apt_key key_id --uri URI.

View file

@ -32,12 +32,11 @@ EXAMPLES
AUTHORS AUTHORS
------- -------
Steven Armstrong <steven-cdist--@--armstrong.cc> Steven Armstrong <steven-cdist--@--armstrong.cc>
Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
COPYING COPYING
------- -------
Copyright \(C) 2014 Steven Armstrong, 2020 Dennis Camera. Copyright \(C) 2014 Steven Armstrong. You can redistribute it
You can redistribute it and/or modify it under the terms of the GNU General and/or modify it under the terms of the GNU General Public License as
Public License as published by the Free Software Foundation, either version 3 of published by the Free Software Foundation, either version 3 of the
the License, or (at your option) any later version. License, or (at your option) any later version.

View file

@ -1,7 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -20,28 +19,26 @@
# #
os=$(cat "${__global:?}/explorer/os") os=$(cat "$__global/explorer/os")
case ${os} case "$os" in
in ubuntu|debian|devuan)
(ubuntu|debian|devuan) # No stinking recommends thank you very much.
__file /etc/apt/apt.conf.d/00InstallRecommends --state present \ # If I want something installed I will do so myself.
--owner root --group root --mode 0644 --source - <<-'EOF' __file /etc/apt/apt.conf.d/99-no-recommends \
APT::Install-Recommends "false"; --owner root --group root --mode 644 \
APT::Install-Suggests "false"; --source - << DONE
APT::AutoRemove::RecommendsImportant "false"; APT::Install-Recommends "0";
APT::AutoRemove::SuggestsImportant "false"; APT::Install-Suggests "0";
EOF APT::AutoRemove::RecommendsImportant "0";
APT::AutoRemove::SuggestsImportant "0";
# TODO: Remove the following object after some time DONE
require=__file/etc/apt/apt.conf.d/00InstallRecommends \ ;;
__file /etc/apt/apt.conf.d/99-no-recommends --state absent *)
;; cat >&2 << DONE
(*)
cat >&2 <<EOF
The developer of this type (${__type##*/}) did not think your operating system The developer of this type (${__type##*/}) did not think your operating system
($os) would have any use for it. If you think otherwise please submit a patch. ($os) would have any use for it. If you think otherwise please submit a patch.
EOF DONE
exit 1 exit 1
;; ;;
esac esac

View file

@ -1,79 +0,0 @@
cdist-type__apt_pin(7)
======================
NAME
----
cdist-type__apt_pin - Manage apt pinning rules
DESCRIPTION
-----------
Adds/removes/edits rules to pin some packages to a specific distribution. Useful if using multiple debian repositories at the same time. (Useful, if one wants to use a few specific packages from backports or perhaps Debain testing... or even sid.)
REQUIRED PARAMETERS
-------------------
distribution
Specifies what distribution the package should be pinned to. Accepts both codenames (buster/bullseye/sid) and suite names (stable/testing/...).
OPTIONAL PARAMETERS
-------------------
package
Package name, glob or regular expression to match (multiple) packages. If not specified `__object_id` is used.
priority
The priority value to assign to matching packages. Deafults to 500. (To match the default target distro's priority)
state
Will be passed to underlying `__file` type; see there for valid values and defaults.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Add the bullseye repo to buster, but do not install any packages by default,
# only if explicitely asked for (-1 means "never" for apt)
__apt_pin bullseye-default \
--package "*" \
--distribution bullseye \
--priority -1
require="__apt_pin/bullseye-default" __apt_source bullseye \
--uri http://deb.debian.org/debian/ \
--distribution bullseye \
--component main
__apt_pin foo --package "foo foo-*" --distribution bullseye
__foo # Assuming, this installs the `foo` package internally
__package foo-plugin-extras # Assuming we also need some extra stuff
SEE ALSO
--------
:strong:`apt_preferences`\ (5)
:strong:`cdist-type__apt_source`\ (7)
:strong:`cdist-type__apt_backports`\ (7)
:strong:`cdist-type__file`\ (7)
AUTHORS
-------
Daniel Fancsali <fancsali@gmail.com>
COPYING
-------
Copyright \(C) 2021 Daniel Fancsali. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1,63 +0,0 @@
#!/bin/sh -e
#
# 2021 Daniel Fancsali (fancsali@gmail.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
name="$__object_id"
os=$(cat "$__global/explorer/os")
state="$(cat "$__object/parameter/state")"
if [ -f "$__object/parameter/package" ]; then
package="$(cat "$__object/parameter/package")"
else
package=$name
fi
distribution="$(cat "$__object/parameter/distribution")"
priority="$(cat "$__object/parameter/priority")"
case "$os" in
debian|ubuntu|devuan)
;;
*)
printf "This type is specific to Debian and it's derivatives" >&2
exit 1
;;
esac
case $distribution in
stable|testing|unstable|experimental)
pin="release a=$distribution"
;;
*)
pin="release n=$distribution"
;;
esac
__file "/etc/apt/preferences.d/$name" \
--owner root --group root --mode 0644 \
--state "$state" \
--source - << EOF
Package: $package
Pin: $pin
Pin-Priority: $priority
EOF

View file

@ -1 +0,0 @@
present

View file

@ -1,2 +0,0 @@
state
package

View file

@ -1,2 +0,0 @@
distribution
priority

View file

@ -22,21 +22,7 @@
name="$__object_id" name="$__object_id"
destination="/etc/apt/sources.list.d/${name}.list" destination="/etc/apt/sources.list.d/${name}.list"
# There are special arguments to apt(8) to prevent aborts if apt woudn't been
# updated after the 19th April 2021 till the bullseye release. The additional
# arguments acknoledge the happend suite change (the apt(8) update does the
# same by itself).
#
# Using '-o $config' instead of the --allow-releaseinfo-change-* parameter
# allows backward compatablility to pre-buster Debian versions.
#
# See more: ticket #861
# https://code.ungleich.ch/ungleich-public/cdist/-/issues/861
apt_opts="-o Acquire::AllowReleaseInfoChange::Suite=true -o Acquire::AllowReleaseInfoChange::Version=true"
# run 'apt-get update' only if something changed with our sources.list file
# it will be run a second time on error as a redundancy messure to success
if grep -q "^__file${destination}" "$__messages_in"; then if grep -q "^__file${destination}" "$__messages_in"; then
printf 'apt-get %s update || apt-get %s update\n' "$apt_opts" "$apt_opts" printf 'apt-get update || apt-get update\n'
fi fi

View file

@ -18,23 +18,9 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
# There are special arguments to apt(8) to prevent aborts if apt woudn't been
# updated after the 19th April 2021 till the bullseye release. The additional
# arguments acknoledge the happend suite change (the apt(8) update does the
# same by itself).
#
# Using '-o $config' instead of the --allow-releaseinfo-change-* parameter
# allows backward compatablility to pre-buster Debian versions.
#
# See more: ticket #861
# https://code.ungleich.ch/ungleich-public/cdist/-/issues/861
apt_opts="-o Acquire::AllowReleaseInfoChange::Suite=true -o Acquire::AllowReleaseInfoChange::Version=true"
# run 'apt-get update' if anything in /etc/apt is newer then /var/lib/apt/lists # run 'apt-get update' if anything in /etc/apt is newer then /var/lib/apt/lists
# it will be run a second time on error as a redundancy messure to success
cat << DONE cat << DONE
if find /etc/apt -mindepth 1 -cnewer /var/lib/apt/lists | grep . > /dev/null; then if find /etc/apt -mindepth 1 -cnewer /var/lib/apt/lists | grep . > /dev/null; then
apt-get $apt_opts update || apt-get $apt_opts update apt-get update || apt-get update
fi fi
DONE DONE

View file

@ -46,29 +46,28 @@ fi
remove_block() { remove_block() {
cat << DONE cat << DONE
tmpfile=\$(mktemp ${quoted_file}.cdist.XXXXXXXXXX) tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
# preserve ownership and permissions of existing file # preserve ownership and permissions of existing file
if [ -f $quoted_file ]; then if [ -f "$file" ]; then
cp -p $quoted_file "\$tmpfile" cp -p "$file" "\$tmpfile"
fi fi
awk -v prefix=$(quote "$prefix") -v suffix=$(quote "$suffix") ' awk -v prefix=^$(quote "$prefix")\$ -v suffix=^$(quote "$suffix")\$ '
{ {
if (\$0 == prefix) { if (match(\$0,prefix)) {
triggered=1 triggered=1
} }
if (triggered) { if (triggered) {
if (\$0 == suffix) { if (match(\$0,suffix)) {
triggered=0 triggered=0
} }
} else { } else {
print print
} }
}' $quoted_file > "\$tmpfile" }' "$file" > "\$tmpfile"
mv -f "\$tmpfile" $quoted_file mv -f "\$tmpfile" "$file"
DONE DONE
} }
quoted_file="$(quote "$file")"
case "$state_should" in case "$state_should" in
present) present)
if [ "$state_is" = "changed" ]; then if [ "$state_is" = "changed" ]; then
@ -78,7 +77,7 @@ case "$state_should" in
echo add >> "$__messages_out" echo add >> "$__messages_out"
fi fi
cat << DONE cat << DONE
cat >> $quoted_file << '${__type##*/}_DONE' cat >> "$file" << ${__type##*/}_DONE
$(cat "$block") $(cat "$block")
${__type##*/}_DONE ${__type##*/}_DONE
DONE DONE

View file

@ -1,142 +0,0 @@
#!/bin/sh -e
#
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Determine current debconf selections' state.
# Prints one of:
# present: all selections are already set as they should.
# different: one or more of the selections have a different value.
# absent: one or more of the selections are not (currently) defined.
#
test -x /usr/bin/perl || {
# cannot find perl (no perl ~ no debconf)
echo 'absent'
exit 0
}
linesfile="${__object:?}/parameter/line"
test -s "${linesfile}" || {
if test -s "${__object:?}/parameter/file"
then
echo absent
else
echo present
fi
exit 0
}
# assert __type_explorer is set (because it is used by the Perl script)
: "${__type_explorer:?}"
/usr/bin/perl -- - "${linesfile}" <<'EOF'
use strict;
use warnings "all";
use Fcntl qw(:DEFAULT :flock);
use Debconf::Db;
use Debconf::Question;
# Extract @known... arrays from debconf-set-selections
# These values are required to distinguish flags and values in the given lines.
# DC: I couldn't think of a more ugly solution to the problem…
my @knownflags;
my @knowntypes;
my $debconf_set_selections = '/usr/bin/debconf-set-selections';
if (-e $debconf_set_selections) {
my $sed_known = 's/^my \(@known\(flags\|types\) = qw([a-z ]*);\).*$/\1/p';
eval `sed -n '$sed_known' '$debconf_set_selections'`;
}
sub mungeline ($) {
my $line = shift;
chomp $line;
$line =~ s/\r$//;
return $line;
}
sub fatal { printf STDERR @_; exit 1; }
my $state = 'present';
sub state {
my $new = shift;
if ($state eq 'present'
or ($state eq 'different' and $new eq 'absent')) {
$state = $new;
}
}
# Load Debconf DB but manually lock on the state explorer script,
# because Debconf aborts immediately if executed concurrently.
# This is not really an ideal solution because the Debconf DB could be locked by
# another process (e.g. apt-get), but no way to achieve this could be found.
# If you know how to, please provide a patch.
my $lockfile = "%ENV{'__type_explorer'}/state";
if (open my $lock_fh, '+<', $lockfile) {
flock $lock_fh, LOCK_EX or die "Cannot lock $lockfile";
}
{
Debconf::Db->load(readonly => 'true');
}
while (<>) {
# Read and process lines (taken from debconf-set-selections)
$_ = mungeline($_);
while (/\\$/ && ! eof) {
s/\\$//;
$_ .= mungeline(<>);
}
next if /^\s*$/ || /^\s*\#/;
my ($owner, $label, $type, $content) = /^\s*(\S+)\s+(\S+)\s+(\S+)(?:\s(.*))?/
or fatal "invalid line: %s\n", $_;
$content = '' unless defined $content;
# Compare is and should state
my $q = Debconf::Question->get($label);
unless (defined $q) {
# probably a preseed
state 'absent';
next;
}
if (grep { $_ eq $q->type } @knownflags) {
# This line wants to set a flag, presumably.
if ($q->flag($q->type) ne $content) {
state 'different';
}
} else {
# Otherwise, it's probably a value…
if ($q->value ne $content) {
state 'different';
}
unless (grep { $_ eq $owner } (split /, /, $q->owners)) {
state 'different';
}
}
}
printf "%s\n", $state;
EOF

View file

@ -1,7 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2011-2014 Nico Schottelius (nico-cdist at schottelius.org) # 2011-2014 Nico Schottelius (nico-cdist at schottelius.org)
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -18,37 +17,16 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
#
# Setup selections
#
if test -f "${__object:?}/parameter/line" filename="$(cat "$__object/parameter/file")"
then
filename="${__object:?}/parameter/line" if [ "$filename" = "-" ]; then
elif test -s "${__object:?}/parameter/file" filename="$__object/stdin"
then
filename=$(cat "${__object:?}/parameter/file")
if test "${filename}" = '-'
then
filename="${__object:?}/stdin"
fi
else
printf 'Neither --line nor --file set.\n' >&2
exit 1
fi fi
# setting no lines makes no sense echo "debconf-set-selections << __file-eof"
test -s "${filename}" || exit 0 cat "$filename"
echo "__file-eof"
state_is=$(cat "${__object:?}/explorer/state")
if test "${state_is}" != 'present'
then
cat <<-CODE
debconf-set-selections <<'EOF'
$(cat "${filename}")
EOF
CODE
awk '
{
printf "set %s %s %s %s\n", $1, $2, $3, $4
}' "${filename}" >>"${__messages_out:?}"
fi

View file

@ -8,33 +8,15 @@ cdist-type__debconf_set_selections - Setup debconf selections
DESCRIPTION DESCRIPTION
----------- -----------
On Debian and alike systems :strong:`debconf-set-selections`\ (1) can be used On Debian and alike systems debconf-set-selections(1) can be used
to setup configuration parameters. to setup configuration parameters.
REQUIRED PARAMETERS REQUIRED PARAMETERS
------------------- -------------------
cf. ``--line``.
OPTIONAL PARAMETERS
-------------------
file file
Use the given filename as input for :strong:`debconf-set-selections`\ (1) Use the given filename as input for debconf-set-selections(1)
If filename is ``-``, read from stdin. If filename is "-", read from stdin.
**This parameter is deprecated, because it doesn't work with state detection.**
line
A line in :strong:`debconf-set-selections`\ (1) compatible format.
This parameter can be used multiple times to set multiple options.
(This parameter is actually required, but marked optional because the
deprecated ``--file`` is still accepted.)
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES EXAMPLES
@ -42,29 +24,30 @@ EXAMPLES
.. code-block:: sh .. code-block:: sh
# Setup gitolite's gituser # Setup configuration for nslcd
__debconf_set_selections nslcd --line 'gitolite gitolite/gituser string git' __debconf_set_selections nslcd --file /path/to/file
# Setup configuration for nslcd from a file. # Setup configuration for nslcd from another type
# NB: Multiple lines can be passed to --line, although this can be considered a hack. __debconf_set_selections nslcd --file "$__type/files/preseed/nslcd"
__debconf_set_selections nslcd --line "$(cat "${__files:?}/preseed/nslcd.debconf")"
__debconf_set_selections nslcd --file - << eof
gitolite gitolite/gituser string git
eof
SEE ALSO SEE ALSO
-------- --------
- :strong:`cdist-type__update_alternatives`\ (7) :strong:`debconf-set-selections`\ (1), :strong:`cdist-type__update_alternatives`\ (7)
- :strong:`debconf-set-selections`\ (1)
AUTHORS AUTHORS
------- -------
| Nico Schottelius <nico-cdist--@--schottelius.org> Nico Schottelius <nico-cdist--@--schottelius.org>
| Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
COPYING COPYING
------- -------
Copyright \(C) 2011-2014 Nico Schottelius, 2021 Dennis Camera. Copyright \(C) 2011-2014 Nico Schottelius. You can redistribute it
You can redistribute it and/or modify it under the terms of the GNU General and/or modify it under the terms of the GNU General Public License as
Public License as published by the Free Software Foundation, either version 3 of published by the Free Software Foundation, either version 3 of the
the License, or (at your option) any later version. License, or (at your option) any later version.

View file

@ -1,21 +0,0 @@
#!/bin/sh -e
#
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
__package_apt debconf

View file

@ -1 +0,0 @@
'file' has been deprecated in favour of 'line' in order to provide idempotency.

View file

@ -25,9 +25,6 @@ user
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
dirmode
forwarded to :strong:`__directory` type as mode
mode mode
forwarded to :strong:`__file` type forwarded to :strong:`__file` type

View file

@ -19,7 +19,6 @@ set -eu
user="$(cat "${__object}/parameter/user")" user="$(cat "${__object}/parameter/user")"
home="$(cat "${__object}/explorer/home")" home="$(cat "${__object}/explorer/home")"
primary_group="$(cat "${__object}/explorer/primary_group")" primary_group="$(cat "${__object}/explorer/primary_group")"
dirmode="$(cat "${__object}/parameter/dirmode")"
# Create parent directory. Type __directory has flag 'parents', but it # Create parent directory. Type __directory has flag 'parents', but it
# will leave us with root-owned directory in user home, which is not # will leave us with root-owned directory in user home, which is not
@ -37,7 +36,6 @@ export CDIST_ORDER_DEPENDENCY
for dir ; do for dir ; do
__directory "${home}/${dir}" \ __directory "${home}/${dir}" \
--group "${primary_group}" \ --group "${primary_group}" \
--mode "${dirmode}" \
--owner "${user}" --owner "${user}"
done done

View file

@ -1,4 +1,3 @@
state state
mode mode
source source
dirmode

View file

@ -0,0 +1,19 @@
#!/bin/sh -e
if [ -f "$__object/parameter/cmd-get" ]
then
cmd="$( cat "$__object/parameter/cmd-get" )"
elif command -v curl > /dev/null
then
cmd="curl -L -o - '%s'"
elif command -v fetch > /dev/null
then
cmd="fetch -o - '%s'"
else
cmd="wget -O - '%s'"
fi
echo "$cmd"

View file

@ -1,16 +0,0 @@
#!/bin/sh -e
if [ -f "$__object/parameter/cmd-get" ]
then
cat "$__object/parameter/cmd-get"
elif
command -v curl > /dev/null
then
echo "curl -sSL -o - '%s'"
elif
command -v fetch > /dev/null
then
echo "fetch -o - '%s'"
else
echo "wget -O - '%s'"
fi

View file

@ -1,82 +0,0 @@
#!/bin/sh -e
if [ ! -f "$__object/parameter/sum" ]
then
exit 0
fi
if [ -f "$__object/parameter/cmd-sum" ]
then
cat "$__object/parameter/cmd-sum"
exit 0
fi
sum_should="$( cat "$__object/parameter/sum" )"
if echo "$sum_should" | grep -Fq ':'
then
sum_hash="$( echo "$sum_should" | cut -d : -f 1 )"
else
if echo "$sum_should" | grep -Eq '^[0-9]+\s[0-9]+$'
then
sum_hash='cksum'
elif
echo "$sum_should" | grep -Eiq '^[a-f0-9]{32}$'
then
sum_hash='md5'
elif
echo "$sum_should" | grep -Eiq '^[a-f0-9]{40}$'
then
sum_hash='sha1'
elif
echo "$sum_should" | grep -Eiq '^[a-f0-9]{64}$'
then
sum_hash='sha256'
else
echo 'hash format detection failed' >&2
exit 1
fi
fi
os="$( "$__explorer/os" )"
case "$sum_hash" in
cksum)
echo "cksum %s | awk '{print \$1\" \"\$2}'"
;;
md5)
case "$os" in
freebsd)
echo "md5 -q %s"
;;
*)
echo "md5sum %s | awk '{print \$1}'"
;;
esac
;;
sha1)
case "$os" in
freebsd)
echo "sha1 -q %s"
;;
*)
echo "sha1sum %s | awk '{print \$1}'"
;;
esac
;;
sha256)
case "$os" in
freebsd)
echo "sha256 -q %s"
;;
*)
echo "sha256sum %s | awk '{print \$1}'"
;;
esac
;;
*)
# we arrive here only if --sum is given with unknown format prefix
echo "unknown hash format: $sum_hash" >&2
exit 1
;;
esac

View file

@ -1,11 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
if [ -f "$__object/parameter/destination" ] dst="/$__object_id"
then
dst="$( cat "$__object/parameter/destination" )"
else
dst="/$__object_id"
fi
if [ ! -f "$dst" ] if [ ! -f "$dst" ]
then then
@ -13,27 +8,59 @@ then
exit 0 exit 0
fi fi
if [ ! -f "$__object/parameter/sum" ]
then
echo 'present'
exit 0
fi
sum_should="$( cat "$__object/parameter/sum" )" sum_should="$( cat "$__object/parameter/sum" )"
if echo "$sum_should" | grep -Fq ':' if [ -f "$__object/parameter/cmd-sum" ]
then then
sum_should="$( echo "$sum_should" | cut -d : -f 2 )" # shellcheck disable=SC2059
sum_is="$( eval "$( printf \
"$( cat "$__object/parameter/cmd-sum" )" \
"$dst" )" )"
else
os="$( "$__explorer/os" )"
if echo "$sum_should" | grep -Eq '^[0-9]+\s[0-9]+$'
then
sum_is="$( cksum "$dst" | awk '{print $1" "$2}' )"
elif echo "$sum_should" | grep -Eiq '^md5:[a-f0-9]{32}$'
then
case "$os" in
freebsd)
sum_is="md5:$( md5 -q "$dst" )"
;;
*)
sum_is="md5:$( md5sum "$dst" | awk '{print $1}' )"
;;
esac
elif echo "$sum_should" | grep -Eiq '^sha1:[a-f0-9]{40}$'
then
case "$os" in
freebsd)
sum_is="sha1:$( sha1 -q "$dst" )"
;;
*)
sum_is="sha1:$( sha1sum "$dst" | awk '{print $1}' )"
;;
esac
elif echo "$sum_should" | grep -Eiq '^sha256:[a-f0-9]{64}$'
then
case "$os" in
freebsd)
sum_is="sha256:$( sha256 -q "$dst" )"
;;
*)
sum_is="sha256:$( sha256sum "$dst" | awk '{print $1}' )"
;;
esac
fi
fi fi
sum_cmd="$( "$__type_explorer/remote_cmd_sum" )"
# shellcheck disable=SC2059
sum_is="$( eval "$( printf "$sum_cmd" "'$dst'" )" )"
if [ -z "$sum_is" ] if [ -z "$sum_is" ]
then then
echo 'existing destination checksum failed' >&2 echo 'no checksum from target' >&2
exit 1 exit 1
fi fi

View file

@ -11,133 +11,34 @@ fi
url="$( cat "$__object/parameter/url" )" url="$( cat "$__object/parameter/url" )"
if [ -f "$__object/parameter/destination" ] tmp="$( mktemp )"
then
dst="$( cat "$__object/parameter/destination" )" dst="/$__object_id"
else
dst="/$__object_id"
fi
if [ -f "$__object/parameter/cmd-get" ] if [ -f "$__object/parameter/cmd-get" ]
then then
cmd="$( cat "$__object/parameter/cmd-get" )" cmd="$( cat "$__object/parameter/cmd-get" )"
elif command -v wget > /dev/null
then
cmd="wget -O - '%s'"
elif command -v curl > /dev/null elif command -v curl > /dev/null
then then
cmd="curl -sSL -o - '%s'" cmd="curl -L -o - '%s'"
elif command -v fetch > /dev/null elif command -v fetch > /dev/null
then then
cmd="fetch -o - '%s'" cmd="fetch -o - '%s'"
elif command -v wget > /dev/null
then
cmd="wget -O - '%s'"
else else
echo 'local download failed, no usable utility' >&2 echo 'no usable locally installed utility for downloading' >&2
exit 1 exit 1
fi fi
echo "download_tmp=\"\$( mktemp )\"" printf "$cmd > %s\n" \
"$url" \
# shellcheck disable=SC2059 "$tmp"
printf "$cmd > \"\$download_tmp\"\n" "$url"
if [ -f "$__object/parameter/sum" ]
then
sum_should="$( cat "$__object/parameter/sum" )"
if [ -f "$__object/parameter/cmd-sum" ]
then
local_cmd_sum="$( cat "$__object/parameter/cmd-sum" )"
else
if echo "$sum_should" | grep -Fq ':'
then
sum_hash="$( echo "$sum_should" | cut -d : -f 1 )"
sum_should="$( echo "$sum_should" | cut -d : -f 2 )"
else
if echo "$sum_should" | grep -Eq '^[0-9]+\s[0-9]+$'
then
sum_hash='cksum'
elif
echo "$sum_should" | grep -Eiq '^[a-f0-9]{32}$'
then
sum_hash='md5'
elif
echo "$sum_should" | grep -Eiq '^[a-f0-9]{40}$'
then
sum_hash='sha1'
elif
echo "$sum_should" | grep -Eiq '^[a-f0-9]{64}$'
then
sum_hash='sha256'
else
echo 'hash format detection failed' >&2
exit 1
fi
fi
case "$sum_hash" in
cksum)
local_cmd_sum="cksum %s | awk '{print \$1\" \"\$2}'"
;;
md5)
if command -v md5 > /dev/null
then
local_cmd_sum="md5 -q %s"
elif
command -v md5sum > /dev/null
then
local_cmd_sum="md5sum %s | awk '{print \$1}'"
fi
;;
sha1)
if command -v sha1 > /dev/null
then
local_cmd_sum="sha1 -q %s"
elif
command -v sha1sum > /dev/null
then
local_cmd_sum="sha1sum %s | awk '{print \$1}'"
fi
;;
sha256)
if command -v sha256 > /dev/null
then
local_cmd_sum="sha256 -q %s"
elif
command -v sha256sum > /dev/null
then
local_cmd_sum="sha256sum %s | awk '{print \$1}'"
fi
;;
*)
# we arrive here only if --sum is given with unknown format prefix
echo "unknown hash format: $sum_hash" >&2
exit 1
;;
esac
if [ -z "$local_cmd_sum" ]
then
echo 'local checksum verification failed, no usable utility' >&2
exit 1
fi
fi
# shellcheck disable=SC2059
echo "sum_is=\"\$( $( printf "$local_cmd_sum" "\"\$download_tmp\"" ) )\""
echo "if [ \"\$sum_is\" != '$sum_should' ]; then"
echo "echo 'local download checksum mismatch' >&2"
echo "rm -f \"\$download_tmp\""
echo 'exit 1; fi'
fi
if echo "$__target_host" | grep -Eq '^[0-9a-fA-F:]+$' if echo "$__target_host" | grep -Eq '^[0-9a-fA-F:]+$'
then then
@ -146,10 +47,12 @@ else
target_host="$__target_host" target_host="$__target_host"
fi fi
# shellcheck disable=SC2016 printf '%s %s %s:%s\n' \
printf '%s "$download_tmp" %s:%s\n' \
"$__remote_copy" \ "$__remote_copy" \
"$tmp" \
"$target_host" \ "$target_host" \
"$dst" "$dst"
echo "rm -f \"\$download_tmp\"" echo "rm -f '$tmp'"
echo 'downloaded' > "$__messages_out"

View file

@ -6,51 +6,17 @@ state_is="$( cat "$__object/explorer/state" )"
if [ "$download" = 'remote' ] && [ "$state_is" != 'present' ] if [ "$download" = 'remote' ] && [ "$state_is" != 'present' ]
then then
cmd_get="$( cat "$__object/explorer/remote_cmd_get" )" cmd="$( cat "$__object/explorer/remote_cmd" )"
url="$( cat "$__object/parameter/url" )" url="$( cat "$__object/parameter/url" )"
if [ -f "$__object/parameter/destination" ] dst="/$__object_id"
then
dst="$( cat "$__object/parameter/destination" )"
else
dst="/$__object_id"
fi
echo "download_tmp=\"\$( mktemp )\"" printf "$cmd > %s\n" \
"$url" \
"$dst"
# shellcheck disable=SC2059 echo 'downloaded' > "$__messages_out"
printf "$cmd_get > \"\$download_tmp\"\n" "$url"
if [ -f "$__object/parameter/sum" ]
then
sum_should="$( cat "$__object/parameter/sum" )"
if [ -f "$__object/parameter/cmd-sum" ]
then
remote_cmd_sum="$( cat "$__object/parameter/cmd-sum" )"
else
remote_cmd_sum="$( cat "$__object/explorer/remote_cmd_sum" )"
if echo "$sum_should" | grep -Fq ':'
then
sum_should="$( echo "$sum_should" | cut -d : -f 2 )"
fi
fi
# shellcheck disable=SC2059
echo "sum_is=\"\$( $( printf "$remote_cmd_sum" "\"\$download_tmp\"" ) )\""
echo "if [ \"\$sum_is\" != '$sum_should' ]; then"
echo "echo 'remote download checksum mismatch' >&2"
echo "rm -f \"\$download_tmp\""
echo 'exit 1; fi'
fi
echo "mv \"\$download_tmp\" '$dst'"
fi fi
if [ -f "$__object/parameter/onchange" ] && [ "$state_is" != "present" ] if [ -f "$__object/parameter/onchange" ] && [ "$state_is" != "present" ]

View file

@ -8,7 +8,10 @@ cdist-type__download - Download a file
DESCRIPTION DESCRIPTION
----------- -----------
By default type will try to use ``curl``, ``fetch`` or ``wget``. Destination (``$__object_id``) in target host must be persistent storage
in order to calculate checksum and decide if file must be (re-)downloaded.
By default type will try to use ``wget``, ``curl`` or ``fetch``.
If download happens in target (see ``--download``) then type will If download happens in target (see ``--download``) then type will
fallback to (and install) ``wget``. fallback to (and install) ``wget``.
@ -16,40 +19,26 @@ If download happens in local machine, then environment variables like
``{http,https,ftp}_proxy`` etc can be used on cdist execution ``{http,https,ftp}_proxy`` etc can be used on cdist execution
(``http_proxy=foo cdist config ...``). (``http_proxy=foo cdist config ...``).
To change downloaded file's owner, group or permissions, use ``require='__download/path/to/file' __file ...``.
REQUIRED PARAMETERS REQUIRED PARAMETERS
------------------- -------------------
url url
File's URL. File's URL.
sum
Checksum of file going to be downloaded.
By default output of ``cksum`` without filename is expected.
Other hash formats supported with prefixes: ``md5:``, ``sha1:`` and ``sha256:``.
onchange
Execute this command after download.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
destination
Downloaded file's destination in target. If unset, ``$__object_id`` is used.
sum
Supported formats: ``cksum`` output without file name, MD5, SHA1 and SHA256.
Type tries to detect hash format with regexes, but prefixes
``cksum:``, ``md5:``, ``sha1:`` and ``sha256:`` are also supported.
Checksum have two purposes - state check and post-download verification.
In state check, if destination checksum mismatches, then content of URL
will be downloaded to temporary file. If downloaded temporary file's
checksum matches, then it will be moved to destination (overwritten).
For local downloads it is expected that usable utilities for checksum
calculation exist in the system.
download download
If ``local`` (default), then file is downloaded to local storage and copied If ``local`` (default), then download file to local storage and copy
to target host. If ``remote``, then download happens in target. it to target host. If ``remote``, then download happens in target.
For local downloads it is expected that usable utilities for downloading
exist in the system. Type will try to use ``curl``, ``fetch`` or ``wget``.
cmd-get cmd-get
Command used for downloading. Command used for downloading.
@ -65,9 +54,6 @@ cmd-sum
format specification ``%s`` which will become destination. format specification ``%s`` which will become destination.
For example: ``md5sum '%s' | awk '{print $1}'``. For example: ``md5sum '%s' | awk '{print $1}'``.
onchange
Execute this command after download.
EXAMPLES EXAMPLES
-------- --------
@ -79,12 +65,11 @@ EXAMPLES
require='__directory/opt/cpma' \ require='__directory/opt/cpma' \
__download /opt/cpma/cnq3.zip \ __download /opt/cpma/cnq3.zip \
--url https://cdn.playmorepromode.com/files/cnq3/cnq3-1.51.zip \ --url https://cdn.playmorepromode.com/files/cnq3/cnq3-1.51.zip \
--sum 46da3021ca9eace277115ec9106c5b46 --sum md5:46da3021ca9eace277115ec9106c5b46
require='__download/opt/cpma/cnq3.zip' \ require='__download/opt/cpma/cnq3.zip' \
__unpack /opt/cpma/cnq3.zip \ __unpack /opt/cpma/cnq3.zip \
--backup-destination \ --move-existing-destination \
--preserve-archive \
--destination /opt/cpma/server --destination /opt/cpma/server
@ -95,7 +80,7 @@ Ander Punnar <ander-at-kvlt-dot-ee>
COPYING COPYING
------- -------
Copyright \(C) 2021 Ander Punnar. You can redistribute it Copyright \(C) 2020 Ander Punnar. You can redistribute it
and/or modify it under the terms of the GNU General Public License as and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version. License, or (at your option) any later version.

View file

@ -1,6 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
if grep -Eq '^wget' "$__object/explorer/remote_cmd_get" if grep -Eq '^wget' "$__object/explorer/remote_cmd"
then then
__package wget __package wget
fi fi

View file

@ -1,6 +1,4 @@
cmd-get cmd-get
cmd-sum cmd-sum
destination
download download
onchange onchange
sum

View file

@ -1 +1,2 @@
url url
sum

View file

@ -1,26 +0,0 @@
#!/bin/sh -e
# __dpkg_architecture/explorer/architecture
#
# 2020 Matthias Stecher <matthiasstecher at gmx.de>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Get the main architecture of this machine
# print or die in the gencode-remote
dpkg --print-architecture || true

View file

@ -1,26 +0,0 @@
#!/bin/sh -e
# __dpkg_architecture/explorer/foreign-architectures
#
# 2020 Matthias Stecher <matthiasstecher at gmx.de>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Print all additional architectures
# print or die in the gencode-remote
dpkg --print-foreign-architectures || true

View file

@ -1,82 +0,0 @@
#!/bin/sh -e
# __dpkg_architecture/gencode-remote
#
# 2020 Matthias Stecher <matthiasstecher at gmx.de>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Get parameter and explorer
state_should="$(cat "$__object/parameter/state")"
arch_wanted="$__object_id"
main_arch="$(cat "$__object/explorer/architecture")"
# Exit here if dpkg do not work (empty explorer)
if [ -z "$main_arch" ]; then
echo "dpkg is not available or unable to detect a architecture!" >&2
exit 1
fi
# Check if requested architecture is the main one
if [ "$arch_wanted" = "$main_arch" ]; then
# higher than present; we can not remove it
state_is="present"
caution="yes"
# Check if the architecture not already used
elif grep -qFx "$arch_wanted" "$__object/explorer/foreign-architectures"; then
state_is="present"
# arch does not exist
else
state_is="absent"
fi
# Check what to do
if [ "$state_is" != "$state_should" ]; then
case "$state_should" in
present)
# print add code
printf "dpkg --add-architecture '%s'\n" "$arch_wanted"
# updating the index to make the new architecture available
echo "apt update"
echo added >> "$__messages_out"
;;
absent)
if [ "$caution" ]; then
printf "can not remove the main arch '%s' of the system!\n" "$main_arch" >&2
exit 1
fi
# removing all existing packages for the architecture
printf "apt purge '.*:%s'\n" "$arch_wanted"
# print remove code
printf "dpkg --remove-architecture '%s'\n" "$arch_wanted"
echo removed >> "$__messages_out"
;;
*)
printf "state '%s' is unknown!\n" "$state_should" >&2
exit 1
;;
esac
fi

View file

@ -1,103 +0,0 @@
cdist-type__dpkg_architecture(7)
================================
NAME
----
cdist-type__dpkg_architecture - Handles foreign architectures on debian-like
systems managed by `dpkg`
DESCRIPTION
-----------
This type handles foreign architectures on systems managed by
:strong:`dpkg`\ (1). The object id is the name of the architecture accepted by
`dpkg`, which should be added or removed.
If the architecture is not setup on the system, it adds a new architecture as a
new foreign architecture in `dpkg`. Then, it updates the apt package index to
make packages from the new architecture available.
If the architecture should be removed, it will remove it if it is not the base
architecture on where the system was installed on. Before it, it will purge
every package based on the "to be removed" architecture via `apt` to be able to
remove the selected architecture.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
``present`` or ``absent``. Defaults to ``present``.
MESSAGES
--------
added
Added the specified architecture
removed
Removed the specified architecture
ABORTS
------
Aborts in the following cases:
If :strong:`dpkg`\ (1) is not available. It will abort with a proper error
message.
If the architecture is the same as the base architecture the system is build
upon it (returned by ``dpkg --print-architecture``) and it should be removed.
It will fail if it can not execute :strong:`apt`\ (8). It is assumed that it is
already installed.
EXAMPLES
--------
.. code-block:: sh
# add i386 (32 bit) architecture
__dpkg_architecture i386
# remove it again :)
__dpkg_architecture i386 --state absent
SEE ALSO
--------
`Multiarch on Debian systems <https://wiki.debian.org/Multiarch>`_
`How to setup multiarch on Debian <https://wiki.debian.org/Multiarch/HOWTO>`_
:strong:`dpkg`\ (1)
:strong:`cdist-type__package_dpkg`\ (7)
:strong:`cdist-type__package_apt`\ (7)
Useful commands:
.. code-block:: sh
# base architecture installed on this system
dpkg --print-architecture
# extra architectures added
dpkg --print-foreign-architectures
AUTHORS
-------
Matthias Stecher <matthiasstecher at gmx.de>
COPYING
-------
Copyright \(C) 2020 Matthias Stecher. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
ublished by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -87,6 +87,11 @@ case "$state_should" in
fi fi
;; ;;
pre-exists)
# pre-exists should never reach gencode-remote…
exit 1
;;
absent) absent)
if [ "$type" = "file" ]; then if [ "$type" = "file" ]; then
echo "rm -f '$destination'" echo "rm -f '$destination'"
@ -95,10 +100,6 @@ case "$state_should" in
fi fi
;; ;;
pre-exists)
:
;;
*) *)
echo "Unknown state: $state_should" >&2 echo "Unknown state: $state_should" >&2
exit 1 exit 1

View file

@ -18,16 +18,16 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
os=$("${__explorer:?}/os") os=$("$__explorer/os")
if [ -f "${__object:?}/parameter/device" ]; then if [ -f "$__object/parameter/device" ]; then
blkdev="$(cat "$__object/parameter/device")" blkdev="$(cat "$__object/parameter/device")"
else else
blkdev="${__object_id:?}" blkdev="$__object_id"
fi fi
case "$os" in case "$os" in
alpine|centos|fedora|gentoo|redhat|suse|ubuntu) centos|fedora|redhat|suse|gentoo)
if [ ! -x "$(command -v lsblk)" ]; then if [ ! -x "$(command -v lsblk)" ]; then
echo "lsblk is required for __filesystem type" >&2 echo "lsblk is required for __filesystem type" >&2
exit 1 exit 1

View file

@ -1,24 +1,5 @@
#!/bin/sh -e #!/bin/sh
destination="/${__object_id:?}/.git" destination="/$__object_id/.git"
# shellcheck disable=SC2012 stat --print "%G" "${destination}" 2>/dev/null || exit 0
group_gid=$(ls -ldn "${destination}" | awk '{ print $4 }')
# NOTE: +1 because $((notanum)) prints 0.
if test $((group_gid + 1)) -ge 0
then
group_should=$(cat "${__object:?}/parameter/group")
if expr "${group_should}" : '[0-9]*$' >/dev/null
then
printf '%u\n' "${group_gid}"
else
if command -v getent > /dev/null
then
getent group "${group_gid}" | cut -d : -f 1
else
awk -F: -v gid="${group_gid}" '$3 == gid { print $1 }' /etc/group
fi
fi
fi

View file

@ -1,19 +1,5 @@
#!/bin/sh -e #!/bin/sh
destination="/${__object_id:?}/.git" destination="/$__object_id/.git"
# shellcheck disable=SC2012 stat --print "%U" "${destination}" 2>/dev/null || exit 0
owner_uid=$(ls -ldn "${destination}" | awk '{ print $3 }')
# NOTE: +1 because $((notanum)) prints 0.
if test $((owner_uid + 1)) -ge 0
then
owner_should=$(cat "${__object:?}/parameter/owner")
if expr "${owner_should}" : '[0-9]*$' >/dev/null
then
printf '%u\n' "${owner_uid}"
else
printf '%s\n' "$(id -u -n "${owner_uid}")"
fi
fi

View file

@ -15,7 +15,7 @@ case $os in
# Differntation not needed anymore # Differntation not needed anymore
apt_source_distribution=stable apt_source_distribution=stable
;; ;;
10*|11*) 10*)
# Differntation not needed anymore # Differntation not needed anymore
apt_source_distribution=stable apt_source_distribution=stable
;; ;;

View file

@ -20,27 +20,26 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
os=$(cat "${__global:?}/explorer/os") os=$(cat "$__global/explorer/os")
name_running=$(cat "${__global:?}/explorer/hostname") name_running=$(cat "$__global/explorer/hostname")
has_hostnamectl=$(cat "${__object:?}/explorer/has_hostnamectl") has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
if test -s "${__object:?}/parameter/name" if test -s "$__object/parameter/name"
then then
name_should=$(cat "${__object:?}/parameter/name") name_should=$(cat "$__object/parameter/name")
else else
case ${os} case $os
in in
# RedHat-derivatives and BSDs # RedHat-derivatives and BSDs
(centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd) centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd)
# Hostname is FQDN # Hostname is FQDN
name_should=${__target_host:?} name_should="${__target_host}"
;; ;;
(*) *)
# Hostname is only first component of FQDN # Hostname is only first component of FQDN
name_should=${__target_host:?} name_should="${__target_host%%.*}"
name_should=${name_should%%.*} ;;
;;
esac esac
fi fi
@ -48,46 +47,43 @@ fi
################################################################################ ################################################################################
# Check if the (running) hostname is already correct # Check if the (running) hostname is already correct
# #
test "${name_running}" != "${name_should}" || exit 0 test "$name_running" != "$name_should" || exit 0
################################################################################ ################################################################################
# Setup hostname # Setup hostname
# #
echo 'changed' >>"${__messages_out:?}" echo 'changed' >>"$__messages_out"
# Use the good old way to set the hostname. # Use the good old way to set the hostname.
case ${os} case $os
in in
(alpine|debian|devuan|ubuntu) alpine|debian|devuan|ubuntu)
echo 'hostname -F /etc/hostname' echo 'hostname -F /etc/hostname'
;; ;;
(archlinux) archlinux)
echo 'command -v hostnamectl >/dev/null 2>&1' \ echo 'command -v hostnamectl >/dev/null 2>&1' \
"&& hostnamectl set-hostname '${name_should}'" \ "&& hostnamectl set-hostname '$name_should'" \
"|| hostname '${name_should}'" "|| hostname '$name_should'"
;; ;;
(centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void) centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void)
echo "hostname '${name_should}'" echo "hostname '$name_should'"
;; ;;
(openwrt) macosx)
echo "echo '${name_should}' >/proc/sys/kernel/hostname" echo "scutil --set HostName '$name_should'"
;; ;;
(macosx) solaris)
echo "scutil --set HostName '${name_should}'" echo "uname -S '$name_should'"
;; ;;
(solaris) slackware|suse|opensuse-leap)
echo "uname -S '${name_should}'"
;;
(slackware|suse)
# We do not read from /etc/HOSTNAME, because the running # We do not read from /etc/HOSTNAME, because the running
# hostname is the first component only while the file contains # hostname is the first component only while the file contains
# the FQDN. # the FQDN.
echo "hostname '${name_should}'" echo "hostname '$name_should'"
;; ;;
(*) *)
# Fall back to set the hostname using hostnamectl, if available. # Fall back to set the hostname using hostnamectl, if available.
if test -n "${has_hostnamectl}" if test -n "$has_hostnamectl"
then then
# Don't use hostnamectl as the primary means to set the hostname for # Don't use hostnamectl as the primary means to set the hostname for
# systemd systems, because it cannot be trusted to work reliably and # systemd systems, because it cannot be trusted to work reliably and
@ -98,8 +94,7 @@ in
echo "test \"\$(hostname)\" = \"\$(cat /etc/hostname)\"" \ echo "test \"\$(hostname)\" = \"\$(cat /etc/hostname)\"" \
" || hostname -F /etc/hostname" " || hostname -F /etc/hostname"
else else
printf "echo 'Unsupported OS: %s' >&2\n" "${os}" printf "echo 'Unsupported OS: %s' >&2\nexit 1\n" "$os"
printf 'exit 1\n'
fi fi
;; ;;
esac esac

View file

@ -20,49 +20,69 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
not_supported() {
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
}
set_hostname_systemd() { set_hostname_systemd() {
echo "$1" | __file /etc/hostname --source - echo "$1" | __file /etc/hostname --source -
} }
os=$(cat "${__global:?}/explorer/os") os=$(cat "$__global/explorer/os")
os_version=$(cat "$__global/explorer/os_version")
os_major=$(echo "$os_version" | grep -o '^[0-9][0-9]*' || true)
max_len=$(cat "${__object:?}/explorer/max_len") max_len=$(cat "$__object/explorer/max_len")
has_hostnamectl=$(cat "${__object:?}/explorer/has_hostnamectl") has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
if test -s "${__object:?}/parameter/name" if test -s "$__object/parameter/name"
then then
name_should=$(cat "${__object:?}/parameter/name") name_should=$(cat "$__object/parameter/name")
else else
case ${os} case $os
in in
# RedHat-derivatives and BSDs # RedHat-derivatives and BSDs
(centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware|suse) centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware)
# Hostname is FQDN # Hostname is FQDN
name_should=${__target_host:?} name_should="${__target_host}"
;; ;;
suse|opensuse-leap)
# Classic SuSE stores the FQDN in /etc/HOSTNAME, while
# systemd does not. The running hostname is the first
# component in both cases.
# In versions before 15.x, the FQDN is stored in /etc/hostname.
if test -n "$has_hostnamectl" && test "$os_major" -ge 15 \
&& test "$os_major" -ne 42
then
name_should="${__target_host%%.*}"
else
name_should="${__target_host}"
fi
;;
*) *)
# Hostname is only first component of FQDN on all other systems. # Hostname is only first component of FQDN on all other systems.
name_should=${__target_host:?} name_should="${__target_host%%.*}"
name_should=${name_should%%.*} ;;
;;
esac esac
fi fi
if test -n "${max_len}" && test "$(printf '%s' "${name_should}" | wc -c)" -gt "${max_len}" if test -n "$max_len" && test "$(printf '%s' "$name_should" | wc -c)" -gt "$max_len"
then then
printf "Host name too long. Up to %u characters allowed.\n" "${max_len}" >&2 printf "Host name too long. Up to %u characters allowed.\n" "${max_len}" >&2
exit 1 exit 1
fi fi
case ${os} case $os
in in
(alpine|debian|devuan|ubuntu|void) alpine|debian|devuan|ubuntu|void)
echo "${name_should}" | __file /etc/hostname --source - echo "$name_should" | __file /etc/hostname --source -
;; ;;
(archlinux) archlinux)
if test -n "${has_hostnamectl}" if test -n "$has_hostnamectl"
then then
set_hostname_systemd "${name_should}" set_hostname_systemd "$name_should"
else else
echo 'Ancient ArchLinux variants without hostnamectl are not supported.' >&2 echo 'Ancient ArchLinux variants without hostnamectl are not supported.' >&2
exit 1 exit 1
@ -77,8 +97,8 @@ in
# --value "\"$name_should\"" # --value "\"$name_should\""
fi fi
;; ;;
(centos|fedora|redhat|scientific) centos|fedora|redhat|scientific)
if test -z "${has_hostnamectl}" if test -z "$has_hostnamectl"
then then
# Only write to /etc/sysconfig/network on non-systemd versions. # Only write to /etc/sysconfig/network on non-systemd versions.
# On systemd-based versions this entry is ignored. # On systemd-based versions this entry is ignored.
@ -86,83 +106,59 @@ in
--file /etc/sysconfig/network \ --file /etc/sysconfig/network \
--delimiter '=' --exact_delimiter \ --delimiter '=' --exact_delimiter \
--key HOSTNAME \ --key HOSTNAME \
--value "\"${name_should}\"" --value "\"$name_should\""
else else
set_hostname_systemd "${name_should}" set_hostname_systemd "$name_should"
fi fi
;; ;;
(gentoo) gentoo)
# Only write to /etc/conf.d/hostname on OpenRC-based installations. # Only write to /etc/conf.d/hostname on OpenRC-based installations.
# On systemd use hostnamectl(1) in gencode-remote. # On systemd use hostnamectl(1) in gencode-remote.
if test -z "${has_hostnamectl}" if test -z "$has_hostnamectl"
then then
__key_value '/etc/conf.d/hostname:hostname' \ __key_value '/etc/conf.d/hostname:hostname' \
--file /etc/conf.d/hostname \ --file /etc/conf.d/hostname \
--delimiter '=' --exact_delimiter \ --delimiter '=' --exact_delimiter \
--key 'hostname' \ --key 'hostname' \
--value "\"${name_should}\"" --value "\"$name_should\""
else else
set_hostname_systemd "$name_should" set_hostname_systemd "$name_should"
fi fi
;; ;;
(freebsd) freebsd)
__key_value '/etc/rc.conf:hostname' \ __key_value '/etc/rc.conf:hostname' \
--file /etc/rc.conf \ --file /etc/rc.conf \
--delimiter '=' --exact_delimiter \ --delimiter '=' --exact_delimiter \
--key 'hostname' \ --key 'hostname' \
--value "\"${name_should}\"" --value "\"$name_should\""
;; ;;
(macosx) macosx)
# handled in gencode-remote # handled in gencode-remote
;; :
(netbsd) ;;
netbsd)
__key_value '/etc/rc.conf:hostname' \ __key_value '/etc/rc.conf:hostname' \
--file /etc/rc.conf \ --file /etc/rc.conf \
--delimiter '=' --exact_delimiter \ --delimiter '=' --exact_delimiter \
--key 'hostname' \ --key 'hostname' \
--value "\"${name_should}\"" --value "\"$name_should\""
# To avoid confusion, ensure that the hostname is only stored once. # To avoid confusion, ensure that the hostname is only stored once.
__file /etc/myname --state absent __file /etc/myname --state absent
;; ;;
(openbsd) openbsd)
echo "${name_should}" | __file /etc/myname --source - echo "$name_should" | __file /etc/myname --source -
;; ;;
(openwrt) slackware)
__uci system.@system[0].hostname --value "${name_should}"
# --transaction hostname
;;
(slackware)
# We write the FQDN into /etc/HOSTNAME. But /etc/rc.d/rc.M will only # We write the FQDN into /etc/HOSTNAME. But /etc/rc.d/rc.M will only
# read the first component from this file and set it as the running # read the first component from this file and set it as the running
# hostname on boot. # hostname on boot.
echo "${name_should}" | __file /etc/HOSTNAME --source - echo "$name_should" | __file /etc/HOSTNAME --source -
;; ;;
(solaris) solaris)
echo "${name_should}" | __file /etc/nodename --source - echo "$name_should" | __file /etc/nodename --source -
;; ;;
(suse) suse|opensuse-leap)
if test -s "${__global:?}/explorer/os_release"
then
# shellcheck source=/dev/null
os_version=$(. "${__global:?}/explorer/os_release" && echo "${VERSION}")
else
os_version=$(sed -n 's/^VERSION\ *=\ *//p' "${__global:?}/explorer/os_version")
fi
os_major=$(expr "${os_version}" : '\([0-9]\{1,\}\)')
# Classic SuSE stores the FQDN in /etc/HOSTNAME, while
# systemd does not. The running hostname is the first
# component in both cases.
# In versions before 15.x, the FQDN is stored in /etc/hostname.
if test -n "${has_hostnamectl}" \
&& test "${os_major}" -ge 15 \
&& test "${os_major}" -ne 42
then
# strip away everything but the first part from $name_should
name_should=${name_should%%.*}
fi
# Modern SuSE provides /etc/HOSTNAME as a symlink for # Modern SuSE provides /etc/HOSTNAME as a symlink for
# backwards-compatibility. Unfortunately it cannot be used # backwards-compatibility. Unfortunately it cannot be used
# here as __file does not follow the symlink. # here as __file does not follow the symlink.
@ -171,25 +167,23 @@ in
# not work correctly on openSUSE 12.x which provides # not work correctly on openSUSE 12.x which provides
# hostnamectl but not /etc/hostname. # hostnamectl but not /etc/hostname.
if test -n "${has_hostnamectl}" -a "${os_major}" -gt 12 if test -n "$has_hostnamectl" -a "$os_major" -gt 12
then then
hostname_file=/etc/hostname hostname_file='/etc/hostname'
else else
hostname_file=/etc/HOSTNAME hostname_file='/etc/HOSTNAME'
fi fi
echo "${name_should}" | __file "${hostname_file}" --source - echo "$name_should" | __file "$hostname_file" --source -
;; ;;
(*) *)
# On other operating systems we fall back to systemd's # On other operating systems we fall back to systemd's
# hostnamectl if available… # hostnamectl if available…
if test -n "${has_hostnamectl}" if test -n "$has_hostnamectl"
then then
set_hostname_systemd "${name_should}" set_hostname_systemd "$name_should"
else else
echo "Your operating system (${os}) is currently not supported by this type (${__type##*/})." >&2 not_supported
echo "Please contribute an implementation for it if you can." >&2
exit 1
fi fi
;; ;;
esac esac

View file

@ -1,28 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Prints the clock mode read from the /etc/adjtime file, if present.
#
# not all operating systems use an adjfile
test -f /etc/adjtime || exit 0
# 3rd line is clock mode
# adjtime(5) https://man7.org/linux/man-pages/man5/adjtime.5.html
sed -n 3p /etc/adjtime

View file

@ -1,27 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Prints the LocalRTC property using timedatectl on systemd-based systems.
#
command -v timedatectl >/dev/null 2>&1 || exit 0
# NOTE: Older versions of timedatectl do not support `timedatectl show'
timedatectl --no-pager status \
| awk -F': ' '$1 ~ "RTC in local TZ$" { sub(/[ \t]*$/, "", $2); print $2 }'

View file

@ -1,62 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
mode=$(cat "${__object:?}/parameter/mode")
timedatectl_localrtc=$(cat "${__object:?}/explorer/timedatectl_localrtc")
adjtime_mode=$(cat "${__object:?}/explorer/adjtime_mode")
case ${mode}
in
(localtime)
adjtime_str=LOCAL
local_rtc_str=yes
;;
(UTC|utc)
adjtime_str=UTC
local_rtc_str=no
;;
(*)
printf 'Invalid value for --mode: %s\n' "${mode}" >&2
printf 'Acceptable values are: localtime, utc.\n' >&2
exit 1
esac
if test -n "${timedatectl_localrtc}"
then
# systemd
timedatectl_should=${local_rtc_str}
if test "${timedatectl_localrtc}" != "${timedatectl_should}"
then
printf 'timedatectl set-local-rtc %s\n' "${timedatectl_should}"
fi
elif test -n "${adjtime_mode}"
then
# others (update /etc/adjtime if present)
if test "${adjtime_mode}" != "${adjtime_str}"
then
# Update /etc/adjtime (3rd line is clock mode)
# adjtime(5) https://man7.org/linux/man-pages/man5/adjtime.5.html
# FIXME: Should maybe add third line if adjfile only contains two lines
printf "sed -i '3c\\\\\\n%s\\n' /etc/adjtime\\n" "${adjtime_str}"
fi
fi

View file

@ -1,63 +0,0 @@
cdist-type__hwclock(7)
======================
NAME
----
cdist-type__hwclock - Manage the hardware real time clock.
DESCRIPTION
-----------
This type can be used to control how the hardware clock is used by the operating
system.
REQUIRED PARAMETERS
-------------------
mode
What mode the hardware clock is in.
Acceptable values:
localtime
The hardware clock is set to local time (common for systems also running
Windows.)
UTC
The hardware clock is set to UTC (common on UNIX systems.)
OPTIONAL PARAMETERS
-------------------
None.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Make the operating system treat the time read from the hwclock as UTC.
__hwclock --mode UTC
SEE ALSO
--------
:strong:`hwclock`\ (8)
AUTHORS
-------
Dennis Camera <dennis.camera@ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2020 Dennis Camera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1,222 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# TODO: Consider supporting BADYEAR
os=$(cat "${__global:?}/explorer/os")
mode=$(cat "${__object:?}/parameter/mode")
has_systemd_timedatectl=$(test -s "${__object:?}/explorer/timedatectl_localrtc" && echo true || echo false)
case ${mode}
in
(localtime)
local_clock=true
;;
(UTC|utc)
local_clock=false
;;
(*)
printf 'Invalid value for --mode: %s\n' "${mode}" >&2
printf 'Acceptable values are: UTC, localtime.\n' >&2
exit 1
esac
case ${os}
in
(alpine|gentoo)
if ! $has_systemd_timedatectl
then
# NOTE: Gentoo also supports systemd, in which case /etc/conf.d is
# not used. So we check for systemd presence here and only
# update /etc/conf.d if systemd is not installed.
# https://wiki.gentoo.org/wiki/System_time#Hardware_clock
export CDIST_ORDER_DEPENDENCY=true
__file /etc/conf.d/hwclock --state present \
--owner root --group root --mode 0644
__key_value /etc/conf.d/hwclock:clock \
--file /etc/conf.d/hwclock \
--key clock \
--delimiter '=' --exact_delimiter \
--value "\"$($local_clock && echo local || echo UTC)\""
unset CDIST_ORDER_DEPENDENCY
fi
;;
(centos|fedora|redhat|scientific)
os_version=$(cat "${__global:?}/explorer/os_version")
os_major=$(expr "${os_version}" : '.* release \([0-9]*\)')
case ${os}
in
(centos|scientific)
update_sysconfig=$(test "${os_major}" -lt 6 && echo true || echo false)
;;
(fedora)
update_sysconfig=$(test "${os_major}" -lt 10 && echo true || echo false)
;;
(redhat|*)
case ${os_version}
in
('Red Hat Enterprise Linux'*)
update_sysconfig=$(test "${os_major}" -lt 6 && echo true || echo false)
;;
('Red Hat Linux'*)
update_sysconfig=true
;;
(*)
printf 'Could not determine Red Hat distribution.\n' >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
;;
esac
;;
esac
if ${update_sysconfig:?}
then
export CDIST_ORDER_DEPENDENCY=true
__file /etc/sysconfig/clock --state present \
--owner root --group root --mode 0644
__key_value /etc/sysconfig/clock:UTC \
--file /etc/sysconfig/clock \
--key UTC \
--delimiter '=' --exact_delimiter \
--value "$($local_clock && echo false || echo true)"
unset CDIST_ORDER_DEPENDENCY
fi
;;
(debian|devuan|ubuntu)
os_major=$(sed 's/[^0-9].*$//' "${__global:?}/explorer/os_version")
case ${os}
in
(debian)
if test "${os_major}" -ge 7
then
update_rcS=false
elif test "${os_major}" -ge 3
then
update_rcS=true
else
# Debian 2.2 should be supportable using rcS.
# Debian 2.1 uses the ancient GMT key.
# Debian 1.3 does not have rcS.
printf "Your operating system (Debian %s) is currently not supported by this type (%s)\n" \
"$(cat "${__global:?}/explorer/os_version")" "${__type##*/}" >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
fi
;;
(devuan)
update_rcS=false
;;
(ubuntu)
update_rcS=$(test "${os_major}" -lt 16 && echo true || echo false)
;;
esac
if ${update_rcS}
then
export CDIST_ORDER_DEPENDENCY=true
__file /etc/default/rcS --state present \
--owner root --group root --mode 0644
__key_value /etc/default/rcS:UTC \
--file /etc/default/rcS \
--key UTC \
--delimiter '=' --exact_delimiter \
--value "$($local_clock && echo no || echo yes)"
unset CDIST_ORDER_DEPENDENCY
fi
;;
(freebsd)
# cf. adjkerntz(8)
__file /etc/wall_cmos_clock \
--state "$($local_clock && echo present || echo absent)" \
--owner root --group wheel --mode 0444
;;
(netbsd)
# https://wiki.netbsd.org/guide/boot/#index9h2
__key_value /etc/rc.conf:rtclocaltime \
--file /etc/rc.conf \
--key rtclocaltime \
--delimiter '=' --exact_delimiter \
--value "$($local_clock && echo YES || echo NO)"
;;
(slackware)
__file /etc/hardwareclock --owner root --group root --mode 0644 \
--source - <<-EOF
# /etc/hardwareclock
#
# Tells how the hardware clock time is stored.
# This file is managed by cdist.
$($local_clock && echo localtime || echo UTC)
EOF
;;
(suse)
if test -s "${__global:?}/explorer/os_release"
then
# shellcheck source=/dev/null
os_version=$(. "${__global:?}/explorer/os_release" && echo "${VERSION}")
else
os_version=$(sed -n 's/^VERSION\ *=\ *//p' "${__global:?}/explorer/os_version")
fi
os_major=$(expr "${os_version}" : '\([0-9]\{1,\}\)')
# TODO: Consider using `yast2 timezone set hwclock' instead
if expr "${os_major}" \< 12
then
# Starting with SuSE 12 (first systemd-based version)
# /etc/sysconfig/clock does not contain the HWCLOCK line
# anymore.
# With SuSE 13, it has been reduced to TIMEZONE configuration.
__key_value /etc/sysconfig/clock:HWCLOCK \
--file /etc/sysconfig/clock \
--delimiter '=' --exact_delimiter \
--key HWCLOCK \
--value "$($local_clock && echo '"--localtime"' || echo '"-u"')"
fi
;;
(void)
export CDIST_ORDER_DEPENDENCY=true
__file /etc/rc.conf \
--owner root --group root --mode 0644 \
--state present
__key_value /etc/rc.conf:HARDWARECLOCK \
--file /etc/rc.conf \
--delimiter '=' --exact_delimiter \
--key HARDWARECLOCK \
--value "\"$($local_clock && echo localtime || echo UTC)\""
unset CDIST_ORDER_DEPENDENCY
;;
(*)
if ! $has_systemd_timedatectl
then
printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
fi
;;
esac
# NOTE: timedatectl set-local-rtc for systemd is in gencode-remote
# NOTE: /etc/adjtime is also updated in gencode-remote

View file

@ -1 +0,0 @@
mode

View file

@ -1,4 +1,7 @@
#!/bin/sh #!/bin/sh
# Nico Schottelius
# Zürisee, Mon Sep 2 18:38:27 CEST 2013
#
### BEGIN INIT INFO ### BEGIN INIT INFO
# Provides: iptables # Provides: iptables
# Required-Start: $local_fs $remote_fs # Required-Start: $local_fs $remote_fs
@ -11,72 +14,34 @@
# and saves/restores previous status # and saves/restores previous status
### END INIT INFO ### END INIT INFO
# Originally written by:
# Nico Schottelius
# Zürisee, Mon Sep 2 18:38:27 CEST 2013
#
# 2013 Nico Schottelius (nico-cdist at schottelius.org)
# 2020 Matthias Stecher (matthiasstecher at gmx.de)
#
# This file is distributed with cdist and licenced under the
# GNU GPLv3+ WITHOUT ANY WARRANTY.
# Read files and execute the content with the given commands
#
# Arguments:
# 1: Directory
# 2..n: Commands which should be used to execute the file content
gothrough() {
cd "$1" || return
shift
# iterate through all rules and continue if it's not a file
for rule in *; do
[ -f "$rule" ] || continue
echo "Appling iptables rule $rule ..."
# execute it with all commands specificed
ruleparam="$(cat "$rule")"
for cmd in "$@"; do
# Command and Rule should be split.
# shellcheck disable=SC2046
command $cmd $ruleparam
done
done
}
# Shortcut for iptables command to do IPv4 and v6
# only applies to the "reset" target
iptables() {
command iptables "$@"
command ip6tables "$@"
}
basedir=/etc/iptables.d basedir=/etc/iptables.d
status4="${basedir}/.pre-start" status="${basedir}/.pre-start"
status6="${basedir}/.pre-start6"
case $1 in case $1 in
start) start)
# Save status # Save status
iptables-save > "$status4" iptables-save > "$status"
ip6tables-save > "$status6"
# Apply our ruleset # Apply our ruleset
gothrough "$basedir" iptables cd "$basedir" || exit
#gothrough "$basedir/v4" iptables # conflicts with $basedir count="$(find . ! -name . -prune | wc -l)"
gothrough "$basedir/v6" ip6tables
gothrough "$basedir/all" iptables ip6tables # Only do something if there are rules
if [ "$count" -ge 1 ]; then
for rule in *; do
echo "Applying iptables rule $rule ..."
# Rule should be split.
# shellcheck disable=SC2046
iptables $(cat "$rule")
done
fi
;; ;;
stop) stop)
# Restore from status before, if there is something to restore # Restore from status before, if there is something to restore
if [ -f "$status4" ]; then if [ -f "$status" ]; then
iptables-restore < "$status4" iptables-restore < "$status"
fi
if [ -f "$status6" ]; then
ip6tables-restore < "$status6"
fi fi
;; ;;
restart) restart)

View file

@ -10,24 +10,7 @@ DESCRIPTION
----------- -----------
This cdist type deploys an init script that triggers This cdist type deploys an init script that triggers
the configured rules and also re-applies them on the configured rules and also re-applies them on
configuration. Rules are written from __iptables_rule configuration.
into the folder ``/etc/iptables.d/``.
It reads all rules from the base folder as rules for IPv4.
Rules in the subfolder ``v6/`` are IPv6 rules. Rules in
the subfolder ``all/`` are applied to both rule tables. All
files contain the arguments for a single ``iptables`` and/or
``ip6tables`` command.
Rules are applied in the following order:
1. All IPv4 rules
2. All IPv6 rules
2. All rules that should be applied to both tables
The order of the rules that will be applied are definite
from the result the shell glob returns, which should be
alphabetical. If rules must be applied in a special order,
prefix them with a number like ``02-some-rule``.
REQUIRED PARAMETERS REQUIRED PARAMETERS
@ -41,7 +24,7 @@ None
EXAMPLES EXAMPLES
-------- --------
None (__iptables_apply is used by __iptables_rule automatically) None (__iptables_apply is used by __iptables_rule)
SEE ALSO SEE ALSO
@ -52,13 +35,11 @@ SEE ALSO
AUTHORS AUTHORS
------- -------
Nico Schottelius <nico-cdist--@--schottelius.org> Nico Schottelius <nico-cdist--@--schottelius.org>
Matthias Stecher <matthiasstecher--@--gmx.de>
COPYING COPYING
------- -------
Copyright \(C) 2013 Nico Schottelius. Copyright \(C) 2013 Nico Schottelius. You can redistribute it
Copyright \(C) 2020 Matthias Stecher. and/or modify it under the terms of the GNU General Public License as
You can redistribute it and/or modify it under the terms of the GNU published by the Free Software Foundation, either version 3 of the
General Public License as published by the Free Software Foundation, License, or (at your option) any later version.
either version 3 of the License, or (at your option) any later version.

View file

@ -11,10 +11,6 @@ DESCRIPTION
This cdist type allows you to manage iptable rules This cdist type allows you to manage iptable rules
in a distribution independent manner. in a distribution independent manner.
See :strong:`cdist-type__iptables_apply`\ (7) for the
execution order of these rules. It will be executed
automaticly to apply all rules non-volaite.
REQUIRED PARAMETERS REQUIRED PARAMETERS
------------------- -------------------
@ -29,24 +25,6 @@ state
'present' or 'absent', defaults to 'present' 'present' or 'absent', defaults to 'present'
BOOLEAN PARAMETERS
------------------
All rules without any of these parameters will be treated like ``--v4`` because
of backward compatibility.
v4
Explicitly set it as rule for IPv4. If IPv6 is set, too, it will be
threaten like ``--all``. Will be the default if nothing else is set.
v6
Explicitly set it as rule for IPv6. If IPv4 is set, too, it will be
threaten like ``--all``.
all
Set the rule for both IPv4 and IPv6. It will be saved separately from the
other rules.
EXAMPLES EXAMPLES
-------- --------
@ -70,16 +48,6 @@ EXAMPLES
--state absent --state absent
# IPv4-only rule for ICMPv4
__iptables_rule icmp-v4 --v4 --rule "-A INPUT -p icmp -j ACCEPT"
# IPv6-only rule for ICMPv6
__iptables_rule icmp-v6 --v6 --rule "-A INPUT -p icmpv6 -j ACCEPT"
# doing something for the dual stack
__iptables_rule fwd-eth0-eth1 --v4 --v6 --rule "-A INPUT -i eth0 -o eth1 -j ACCEPT"
__iptables_rule fwd-eth1-eth0 --all --rule "-A -o eth1 -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT"
SEE ALSO SEE ALSO
-------- --------
:strong:`cdist-type__iptables_apply`\ (7), :strong:`iptables`\ (8) :strong:`cdist-type__iptables_apply`\ (7), :strong:`iptables`\ (8)
@ -88,13 +56,11 @@ SEE ALSO
AUTHORS AUTHORS
------- -------
Nico Schottelius <nico-cdist--@--schottelius.org> Nico Schottelius <nico-cdist--@--schottelius.org>
Matthias Stecher <matthiasstecher--@--gmx.de>
COPYING COPYING
------- -------
Copyright \(C) 2013 Nico Schottelius. Copyright \(C) 2013 Nico Schottelius. You can redistribute it
Copyright \(C) 2020 Matthias Stecher. and/or modify it under the terms of the GNU General Public License as
You can redistribute it and/or modify it under the terms of the GNU published by the Free Software Foundation, either version 3 of the
General Public License as published by the Free Software Foundation, License, or (at your option) any later version.
either version 3 of the License, or (at your option) any later version.

View file

@ -1,7 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2013 Nico Schottelius (nico-cdist at schottelius.org) # 2013 Nico Schottelius (nico-cdist at schottelius.org)
# 2020 Matthias Stecher (matthiasstecher at gmx.de)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -25,36 +24,12 @@ base_dir=/etc/iptables.d
name="$__object_id" name="$__object_id"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"
if [ -f "$__object/parameter/v4" ]; then
only_v4="yes"
# $specific_dir is $base_dir
fi
if [ -f "$__object/parameter/v6" ]; then
only_v6="yes"
specific_dir="$base_dir/v6"
fi
# If rules should be set for both protocols
if { [ "$only_v4" = "yes" ] && [ "$only_v6" = "yes" ]; } ||
[ -f "$__object/parameter/all" ]; then
# all to a specific directory
specific_dir="$base_dir/all"
fi
# set rule directory based on if it's the base or subdirectory
rule_dir="${specific_dir:-$base_dir}"
################################################################################ ################################################################################
# Basic setup # Basic setup
# #
__directory "$base_dir" --state present __directory "$base_dir" --state present
# sub-directory if required
if [ "$specific_dir" ]; then
require="__directory/$base_dir" __directory "$specific_dir" --state present
fi
# Have apply do the real job # Have apply do the real job
require="$__object_name" __iptables_apply require="$__object_name" __iptables_apply
@ -62,15 +37,6 @@ require="$__object_name" __iptables_apply
# The rule # The rule
# #
for dir in "$base_dir" "$base_dir/v6" "$base_dir/all"; do require="__directory/$base_dir" __file "$base_dir/${name}" \
# defaults to absent except the directory that should contain the file --source "$__object/parameter/rule" \
if [ "$rule_dir" = "$dir" ]; then --state "$state"
curr_state="$state"
else
curr_state="absent"
fi
require="__directory/$rule_dir" __file "$dir/$name" \
--source "$__object/parameter/rule" \
--state "$curr_state"
done

View file

@ -1,3 +0,0 @@
all
v4
v6

View file

@ -0,0 +1,3 @@
#!/bin/sh -e
command -v certbot 2>/dev/null || true

View file

@ -1,78 +0,0 @@
#!/bin/sh -e
certbot_path="$(command -v certbot 2>/dev/null || true)"
# Defaults
certificate_exists="no"
certificate_is_test="no"
if [ -n "${certbot_path}" ]; then
# Find python executable that has access to certbot's module
python_path=$(sed -n '1s/^#! *//p' "${certbot_path}")
# Use a lock for cdist due to certbot not exiting with failure
# or having any flags for concurrent use.
_certbot() {
${python_path} - 2>/dev/null <<EOF
from certbot.main import main
import fcntl
lock_file = "/tmp/certbot.cdist.lock"
timeout=60
with open(lock_file, 'w') as fd:
for i in range(timeout):
try:
# Get exclusive lock
fcntl.flock(fd, fcntl.LOCK_EX | fcntl.LOCK_NB)
break
except:
# Wait if that fails
import time
time.sleep(1)
else:
# Timed out, exit with failure
import sys
sys.exit(1)
# Do list certificates
main(["certificates", "--cert-name", "${__object_id:?}"])
EOF
}
_certificate_exists() {
if grep -q " Certificate Name: ${__object_id:?}$"; then
echo yes
else
echo no
fi
}
_certificate_is_test() {
if grep -q 'INVALID: TEST_CERT'; then
echo yes
else
echo no
fi
}
_certificate_domains() {
grep ' Domains: ' | cut -d ' ' -f 6- | tr ' ' '\n'
}
# Get data about all available certificates
certificates="$(_certbot)"
# Check whether or not the certificate exists
certificate_exists="$(echo "${certificates}" | _certificate_exists)"
# Check whether or not the certificate is for testing
certificate_is_test="$(echo "${certificates}" | _certificate_is_test)"
# Get domains for certificate
certificate_domains="$(echo "${certificates}" | _certificate_domains)"
fi
# Return received data
cat <<EOF
certbot_path:${certbot_path}
certificate_exists:${certificate_exists}
certificate_is_test:${certificate_is_test}
${certificate_domains}
EOF

View file

@ -0,0 +1,8 @@
#!/bin/sh -e
certbot_path=$("${__type_explorer}/certbot-path")
if [ -n "${certbot_path}" ]
then
certbot certificates --cert-name "${__object_id:?}" | grep ' Domains: ' | \
cut -d ' ' -f 6- | tr ' ' '\n'
fi

View file

@ -0,0 +1,13 @@
#!/bin/sh -e
certbot_path=$("${__type_explorer}/certbot-path")
if [ -n "${certbot_path}" ]
then
if certbot certificates | grep -q " Certificate Name: ${__object_id:?}$"; then
echo yes
else
echo no
fi
else
echo no
fi

Some files were not shown because too many files have changed in this diff Show more