Compare commits

..

5 commits

Author SHA1 Message Date
Darko Poljak
449426d362 Note that type rewrites network interface files 2020-01-23 14:43:33 +01:00
Darko Poljak
7408ddc134 Rewrite man page in rst 2020-01-23 14:40:25 +01:00
Darko Poljak
a30b4e3619 Fix shellcheck issues 2020-01-23 14:40:25 +01:00
Darko Poljak
f03299ebf3 __service -> __start_on_boot 2020-01-23 14:40:25 +01:00
Darko Poljak
e3553b15b6 Add Steven's __netowrk_interface type 2020-01-23 14:40:25 +01:00
419 changed files with 3562 additions and 12274 deletions

2
.gitattributes vendored
View file

@ -4,5 +4,5 @@
docs/speeches export-ignore
docs/video export-ignore
docs/src/man7 export-ignore
bin/cdist-build-helper export-ignore
bin/build-helper export-ignore
README-maintainers export-ignore

View file

@ -1,23 +1,18 @@
---
image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest
stages:
- test
before_script:
- ./bin/cdist-build-helper version
shellcheck:
stage: test
script:
- ./bin/cdist-build-helper shellcheck
pycodestyle:
stage: test
script:
- ./bin/cdist-build-helper pycodestyle
unit_tests:
stage: test
script:
- ./bin/cdist-build-helper test
- ./bin/build-helper version
- ./bin/build-helper test
pycodestyle:
stage: test
script:
- ./bin/build-helper pycodestyle
shellcheck:
stage: test
script:
- ./bin/build-helper shellcheck

View file

@ -35,9 +35,9 @@ DOCS_SRC_DIR=./docs/src
SPEECHDIR=./docs/speeches
TYPEDIR=./cdist/conf/type
SPHINXM=$(MAKE) -C $(DOCS_SRC_DIR) man
SPHINXH=$(MAKE) -C $(DOCS_SRC_DIR) html
SPHINXC=$(MAKE) -C $(DOCS_SRC_DIR) clean
SPHINXM=make -C $(DOCS_SRC_DIR) man
SPHINXH=make -C $(DOCS_SRC_DIR) html
SPHINXC=make -C $(DOCS_SRC_DIR) clean
################################################################################
# Manpages
@ -81,7 +81,7 @@ version:
}
# Manpages #3: generic part
man: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF)
man: version $(MANTYPES) $(DOCSREF)
$(SPHINXM)
html: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF)
@ -104,7 +104,7 @@ DOTMANTYPES=$(subst /man.rst,.rst,$(DOTMANTYPEPREFIX))
$(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst
ln -sf "$^" $@
dotman: version configskel $(DOTMANTYPES) $(DOCSREF) $(DOCSTYPESREF)
dotman: version $(DOTMANTYPES)
$(SPHINXM)
################################################################################

7
README Normal file
View file

@ -0,0 +1,7 @@
cdist
-----
cdist is a usable configuration management system.
For the web documentation have a look at https://www.cdi.st/
or at docs/src for reStructuredText manual.

View file

@ -1,4 +1,4 @@
Maintainers should use ./bin/cdist-build-helper script.
Maintainers should use ./bin/build-helper script.
Makefile is intended for end users. It can be used for non-maintaining
targets that can be run from pure source (without git repository).

View file

@ -1,31 +0,0 @@
# cdist
**cdist** is a usable configuration management system.
It adheres to the [**KISS principle**](https://en.wikipedia.org/wiki/KISS_principle)
and is being used in small up to enterprise grade environments.
For more information have a look at [**homepage**](https://cdi.st)
or at **``docs/src``** for manual in **reStructuredText** format.
## Contributing
Merge/Pull requests can be made in both
[upstream **GitLab**](https://code.ungleich.ch/ungleich-public/cdist/merge_requests)
(managed by [**ungleich**](https://ungleich.ch))
and [**GitHub** project](https://github.com/ungleich/cdist/pulls).
Issues can be made and other project management activites happen
[**only in GitLab**](https://code.ungleich.ch/ungleich-public/cdist)
(needs [**ungleich** account](https://account.ungleich.ch)).
For community-maintained types there is
[**cdist-contrib** project](https://code.ungleich.ch/ungleich-public/cdist-contrib).
## Participating
IRC: ``#cdist`` @ [libera](https://libera.chat)
Matrix: ``#cdist:ungleich.ch``
Matrix and IRC are bridged.

View file

@ -45,7 +45,7 @@ usage() {
shellcheck-manifests
shellcheck-local-gencodes
shellcheck-remote-gencodes
shellcheck-bin
shellcheck-scripts
shellcheck-gencodes
shellcheck-types
shellcheck
@ -100,7 +100,7 @@ case "$option" in
if (\$0 ~ /^$end/) {
exit
} else {
print \$0
print \$0
}
}
}" "$basedir/docs/changelog"
@ -135,7 +135,7 @@ case "$option" in
version=$1; shift
(
(
cat << eof
Subject: cdist $version has been released
@ -336,7 +336,7 @@ eof
make docs-clean
make docs
#############################################################
#############################################################
# Everything green, let's do the release
# Tag the current commit
@ -371,6 +371,7 @@ eof
Manual steps post release:
- cdist-web
- send generated mailinglist.tmp mail
- twitter
eof
;;
@ -405,7 +406,7 @@ eof
;;
pycodestyle|pep8)
pycodestyle "${basedir}" "${basedir}/bin/cdist"
pycodestyle "${basedir}" "${basedir}/scripts/cdist"
;;
check-pycodestyle)
@ -460,34 +461,27 @@ eof
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
;;
# NOTE: shellcheck-scripts is kept for compatibility
shellcheck-bin|shellcheck-scripts)
shellcheck-scripts)
# shellcheck disable=SC2086
${SHELLCHECKCMD} bin/cdist-dump bin/cdist-new-type > "${SHELLCHECKTMP}"
${SHELLCHECKCMD} scripts/cdist-dump scripts/cdist-new-type > "${SHELLCHECKTMP}"
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
;;
shellcheck-gencodes)
errors=false
"$0" shellcheck-local-gencodes || errors=true
"$0" shellcheck-remote-gencodes || errors=true
! $errors || exit 1
"$0" shellcheck-local-gencodes || exit 1
"$0" shellcheck-remote-gencodes || exit 1
;;
shellcheck-types)
errors=false
"$0" shellcheck-type-explorers || errors=true
"$0" shellcheck-manifests || errors=true
"$0" shellcheck-gencodes || errors=true
! $errors || exit 1
"$0" shellcheck-type-explorers || exit 1
"$0" shellcheck-manifests || exit 1
"$0" shellcheck-gencodes || exit 1
;;
shellcheck)
errors=false
"$0" shellcheck-global-explorers || errors=true
"$0" shellcheck-types || errors=true
"$0" shellcheck-bin || errors=true
! $errors || exit 1
"$0" shellcheck-global-explorers || exit 1
"$0" shellcheck-types || exit 1
"$0" shellcheck-scripts || exit 1
;;
shellcheck-type-files)
@ -497,14 +491,12 @@ eof
;;
shellcheck-with-files)
errors=false
"$0" shellcheck || errors=true
"$0" shellcheck-type-files || errors=true
! $errors || exit 1
"$0" shellcheck || exit 1
"$0" shellcheck-type-files || exit 1
;;
shellcheck-build-helper)
${SHELLCHECKCMD} ./bin/cdist-build-helper
${SHELLCHECKCMD} ./bin/build-helper
;;
check-shellcheck)

View file

@ -1,8 +1,7 @@
#!/usr/bin/env python3
#!/bin/sh
# -*- coding: utf-8 -*-
#
# 2010-2016 Nico Schottelius (nico-cdist at schottelius.org)
# 2016 Darko Poljak (darko.poljak at gmail.com)
# 2012 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
@ -21,83 +20,14 @@
#
#
import logging
import os
import sys
# Wrapper for real script to allow execution from checkout
dir=${0%/*}
# See if this file's parent is cdist module
# and if so add it to module search path.
cdist_dir = os.path.realpath(
os.path.join(
os.path.dirname(os.path.realpath(__file__)),
os.pardir))
cdist_init_dir = os.path.join(cdist_dir, 'cdist', '__init__.py')
if os.path.exists(cdist_init_dir):
sys.path.insert(0, cdist_dir)
# Ensure version is present - the bundled/shipped version contains a static version,
# the git version contains a dynamic version
"$dir/build-helper" version
import cdist # noqa 402
import cdist.argparse # noqa 402
import cdist.banner # noqa 402
import cdist.config # noqa 402
import cdist.install # noqa 402
import cdist.shell # noqa 402
import cdist.inventory # noqa 402
libdir=$(cd "${dir}/../" && pwd -P)
export PYTHONPATH="${libdir}"
def commandline():
"""Parse command line"""
# preos subcommand hack
if len(sys.argv) > 1 and sys.argv[1] == 'preos':
return cdist.preos.PreOS.commandline(sys.argv[1:])
parser, cfg = cdist.argparse.parse_and_configure(sys.argv[1:])
args = cfg.get_args()
# Work around python 3.3 bug:
# http://bugs.python.org/issue16308
# http://bugs.python.org/issue9253
# FIXME: catching AttributeError also hides
# real problems.. try a different way
# FIXME: we always print main help, not
# the help of the actual parser being used!
try:
getattr(args, "func")
except AttributeError:
parser['main'].print_help()
sys.exit(0)
args.func(args)
if __name__ == "__main__":
if sys.version_info[:3] < cdist.MIN_SUPPORTED_PYTHON_VERSION:
print(
'Python >= {} is required on the source host.'.format(
".".join(map(str, cdist.MIN_SUPPORTED_PYTHON_VERSION))),
file=sys.stderr)
sys.exit(1)
exit_code = 0
try:
import re
import os
if re.match("__", os.path.basename(sys.argv[0])):
import cdist.emulator
emulator = cdist.emulator.Emulator(sys.argv)
emulator.run()
else:
commandline()
except KeyboardInterrupt:
exit_code = 2
except cdist.Error as e:
log = logging.getLogger("cdist")
log.error(e)
exit_code = 1
sys.exit(exit_code)
"$dir/../scripts/cdist" "$@"

View file

@ -22,27 +22,11 @@
import os
import hashlib
import subprocess
import cdist.log
import cdist.version
VERSION = 'unknown version'
try:
import cdist.version
VERSION = cdist.version.VERSION
except ModuleNotFoundError:
cdist_dir = os.path.abspath(
os.path.join(os.path.dirname(__file__), os.pardir))
if os.path.isdir(os.path.join(cdist_dir, '.git')):
try:
VERSION = subprocess.check_output(
['git', 'describe', '--always'],
cwd=cdist_dir,
universal_newlines=True)
except Exception:
pass
VERSION = cdist.version.VERSION
BANNER = """
.. . .x+=:. s
@ -64,9 +48,6 @@ REMOTE_EXEC = "ssh -o User=root"
REMOTE_CMDS_CLEANUP_PATTERN = "ssh -o User=root -O exit -S {}"
MIN_SUPPORTED_PYTHON_VERSION = (3, 5)
class Error(Exception):
"""Base exception class for this project"""
pass

View file

@ -5,14 +5,12 @@ import logging
import collections
import functools
import cdist.configuration
import cdist.log
import cdist.preos
import cdist.info
import cdist.scan.commandline
# set of beta sub-commands
BETA_COMMANDS = set(('install', 'inventory', 'scan', ))
BETA_COMMANDS = set(('install', 'inventory', ))
# set of beta arguments for sub-commands
BETA_ARGS = {
'config': set(('tag', 'all_tagged_hosts', 'use_archiving', )),
@ -127,14 +125,6 @@ def get_parsers():
'value.'),
action='count', default=None)
parser['colored_output'] = argparse.ArgumentParser(add_help=False)
parser['colored_output'].add_argument(
'--colors', metavar='WHEN',
help="Colorize cdist's output based on log level; "
"WHEN is 'always', 'never', or 'auto'.",
action='store', dest='colored_output', required=False,
choices=cdist.configuration.ColoredOutputOption.CHOICES)
parser['beta'] = argparse.ArgumentParser(add_help=False)
parser['beta'].add_argument(
'-b', '--beta',
@ -207,13 +197,6 @@ def get_parsers():
'supported. Without argument CPU count is used by default. '),
action='store', dest='jobs',
const=multiprocessing.cpu_count())
parser['config_main'].add_argument(
'--log-server',
action='store_true',
help=('Start a log server for sub processes to use. '
'This is mainly useful when running cdist nested '
'from a code-local script. Log server is alwasy '
'implicitly started for \'install\' command.'))
parser['config_main'].add_argument(
'-n', '--dry-run',
help='Do not execute code.', action='store_true')
@ -274,7 +257,8 @@ def get_parsers():
'-f', '--file',
help=('Read specified file for a list of additional hosts to '
'operate on or if \'-\' is given, read stdin (one host per '
'line).'),
'line). If no host or host file is specified then, by '
'default, read hosts from stdin.'),
dest='hostfile', required=False)
parser['config_args'].add_argument(
'-p', '--parallel', nargs='?', metavar='HOST_MAX',
@ -299,7 +283,6 @@ def get_parsers():
'host', nargs='*', help='Host(s) to operate on.')
parser['config'] = parser['sub'].add_parser(
'config', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['config_main'],
parser['inventory_common'],
@ -318,7 +301,6 @@ def get_parsers():
parser['add-host'] = parser['invsub'].add_parser(
'add-host', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['add-host'].add_argument(
@ -326,12 +308,13 @@ def get_parsers():
parser['add-host'].add_argument(
'-f', '--file',
help=('Read additional hosts to add from specified file '
'or from stdin if \'-\' (each host on separate line). '),
'or from stdin if \'-\' (each host on separate line). '
'If no host or host file is specified then, by default, '
'read from stdin.'),
dest='hostfile', required=False)
parser['add-tag'] = parser['invsub'].add_parser(
'add-tag', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['add-tag'].add_argument(
@ -340,12 +323,20 @@ def get_parsers():
parser['add-tag'].add_argument(
'-f', '--file',
help=('Read additional hosts to add tags from specified file '
'or from stdin if \'-\' (each host on separate line). '),
'or from stdin if \'-\' (each host on separate line). '
'If no host or host file is specified then, by default, '
'read from stdin. If no tags/tagfile nor hosts/hostfile'
' are specified then tags are read from stdin and are'
' added to all hosts.'),
dest='hostfile', required=False)
parser['add-tag'].add_argument(
'-T', '--tag-file',
help=('Read additional tags to add from specified file '
'or from stdin if \'-\' (each tag on separate line). '),
'or from stdin if \'-\' (each tag on separate line). '
'If no tag or tag file is specified then, by default, '
'read from stdin. If no tags/tagfile nor hosts/hostfile'
' are specified then tags are read from stdin and are'
' added to all hosts.'),
dest='tagfile', required=False)
parser['add-tag'].add_argument(
'-t', '--taglist',
@ -355,7 +346,6 @@ def get_parsers():
parser['del-host'] = parser['invsub'].add_parser(
'del-host', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['del-host'].add_argument(
@ -366,12 +356,13 @@ def get_parsers():
parser['del-host'].add_argument(
'-f', '--file',
help=('Read additional hosts to delete from specified file '
'or from stdin if \'-\' (each host on separate line). '),
'or from stdin if \'-\' (each host on separate line). '
'If no host or host file is specified then, by default, '
'read from stdin.'),
dest='hostfile', required=False)
parser['del-tag'] = parser['invsub'].add_parser(
'del-tag', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['del-tag'].add_argument(
@ -384,13 +375,20 @@ def get_parsers():
parser['del-tag'].add_argument(
'-f', '--file',
help=('Read additional hosts to delete tags for from specified '
'file or from stdin if \'-\' (each host on separate '
'line). '),
'file or from stdin if \'-\' (each host on separate line). '
'If no host or host file is specified then, by default, '
'read from stdin. If no tags/tagfile nor hosts/hostfile'
' are specified then tags are read from stdin and are'
' deleted from all hosts.'),
dest='hostfile', required=False)
parser['del-tag'].add_argument(
'-T', '--tag-file',
help=('Read additional tags from specified file '
'or from stdin if \'-\' (each tag on separate line). '),
'or from stdin if \'-\' (each tag on separate line). '
'If no tag or tag file is specified then, by default, '
'read from stdin. If no tags/tagfile nor'
' hosts/hostfile are specified then tags are read from'
' stdin and are added to all hosts.'),
dest='tagfile', required=False)
parser['del-tag'].add_argument(
'-t', '--taglist',
@ -400,7 +398,6 @@ def get_parsers():
parser['list'] = parser['invsub'].add_parser(
'list', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['list'].add_argument(
@ -433,7 +430,7 @@ def get_parsers():
# Shell
parser['shell'] = parser['sub'].add_parser(
'shell', parents=[parser['loglevel'], parser['colored_output']])
'shell', parents=[parser['loglevel']])
parser['shell'].add_argument(
'-s', '--shell',
help=('Select shell to use, defaults to current shell. Used shell'
@ -471,47 +468,6 @@ def get_parsers():
'pattern', nargs='?', help='Glob pattern.')
parser['info'].set_defaults(func=cdist.info.Info.commandline)
# Scan = config + further
parser['scan'] = parser['sub'].add_parser('scan', add_help=False,
parents=[parser['config']])
parser['scan'] = parser['sub'].add_parser(
'scan', parents=[parser['loglevel'],
parser['beta'],
parser['colored_output'],
parser['common'],
parser['config_main']])
parser['scan'].add_argument(
'-m', '--mode', help='Which modes should run',
action='append', default=[],
choices=['scan', 'trigger', 'config'])
parser['scan'].add_argument(
'--list',
action='store_true',
help='List the known hosts and exit')
parser['scan'].add_argument(
'--config',
action='store_true',
help='Try to configure detected hosts')
parser['scan'].add_argument(
'-I', '--interface',
action='append', default=[], required=True,
help='On which interfaces to scan/trigger')
parser['scan'].add_argument(
'--name-mapper',
action='store', default=None,
help='Map addresses to names, required for config mode')
parser['scan'].add_argument(
'-d', '--config-delay',
action='store', default=3600, type=int,
help='How long (seconds) to wait before reconfiguring after last try')
parser['scan'].add_argument(
'-t', '--trigger-delay',
action='store', default=5, type=int,
help='How long (seconds) to wait between ICMPv6 echo requests')
parser['scan'].set_defaults(func=cdist.scan.commandline.commandline)
for p in parser:
parser[p].epilog = EPILOG
@ -522,12 +478,7 @@ def handle_loglevel(args):
if hasattr(args, 'quiet') and args.quiet:
args.verbose = _verbosity_level_off
logging.getLogger().setLevel(_verbosity_level[args.verbose])
def handle_log_colors(args):
if cdist.configuration.ColoredOutputOption.translate(args.colored_output):
cdist.log.CdistFormatter.USE_COLORS = True
logging.root.setLevel(_verbosity_level[args.verbose])
def parse_and_configure(argv, singleton=True):
@ -541,14 +492,13 @@ def parse_and_configure(argv, singleton=True):
raise cdist.Error(str(e))
# Loglevels are handled globally in here
handle_loglevel(args)
handle_log_colors(args)
log = logging.getLogger("cdist")
log.verbose("version %s", cdist.VERSION)
log.trace('command line args: %s', cfg.command_line_args)
log.trace('configuration: %s', cfg.get_config())
log.trace('configured args: %s', args)
log.verbose("version %s" % cdist.VERSION)
log.trace('command line args: {}'.format(cfg.command_line_args))
log.trace('configuration: {}'.format(cfg.get_config()))
log.trace('configured args: {}'.format(args))
check_beta(vars(args))

View file

@ -32,11 +32,6 @@ case "$os" in
sysctl -n hw.ncpuonline
;;
"freebsd"|"netbsd")
PATH=$(getconf PATH)
sysctl -n hw.ncpu
;;
*)
if [ -r /proc/cpuinfo ]; then
cores="$(grep "core id" /proc/cpuinfo | sort | uniq | wc -l)"

View file

@ -1,66 +1,27 @@
#!/bin/sh -e
#
# based on previous work by other people, modified by:
# 2020 Dennis Camera <dennis.camera at ssrq-sds-fds.ch>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Finds disks of the system (excl. ram disks, floppy, cdrom)
#!/bin/sh
uname_s="$(uname -s)"
case $uname_s in
case "${uname_s}" in
FreeBSD)
sysctl -n kern.disks
;;
OpenBSD)
sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+'
;;
NetBSD)
PATH=$(getconf PATH)
sysctl -n hw.disknames | awk -v RS=' ' '/^[lsw]d[0-9]+/'
OpenBSD|NetBSD)
sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+' | xargs
;;
Linux)
# list of major device numbers toexclude:
# ram disks, floppies, cdroms
# https://www.kernel.org/doc/Documentation/admin-guide/devices.txt
ign_majors='1 2 11'
if command -v lsblk >/dev/null 2>&1
if command -v lsblk > /dev/null
then
lsblk -e "$(echo "$ign_majors" | tr ' ' ',')" -dno name
elif test -d /sys/block/
then
# shellcheck disable=SC2012
ls -1 /sys/block/ \
| awk -v ign_majors="$(echo "$ign_majors" | tr ' ' '|')" '
{
devfile = "/sys/block/" $0 "/dev"
getline devno < devfile
close(devfile)
if (devno !~ "^(" ign_majors "):") print
}'
# exclude ram disks, floppies and cdroms
# https://www.kernel.org/doc/Documentation/admin-guide/devices.txt
lsblk -e 1,2,11 -dno name | xargs
else
echo "Don't know how to list disks on Linux without lsblk and sysfs." >&2
echo 'If you can, please submit a patch.'>&2
printf "Don't know how to list disks for %s operating system without lsblk, if you can please submit a patch\n" "${uname_s}" >&2
fi
;;
*)
printf "Don't know how to list disks for %s operating system.\n" "${uname_s}" >&2
printf 'If you can please submit a patch\n' >&2
printf "Don't know how to list disks for %s operating system, if you can please submit a patch\n" "${uname_s}" >&2
;;
esac \
| xargs
esac
exit 0

View file

@ -1,8 +1,7 @@
#!/bin/sh -e
#!/bin/sh
#
# 2016 Daniel Heule (hda at sfs.biz)
# Copyright 2017, Philippe Gregoire <pg@pgregoire.xyz>
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -20,423 +19,21 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Returns the name of the init system (PID 1)
# Expected values:
# Linux:
# Adélie Linux:
# sysvinit+openrc
# Alpine Linux:
# busybox-init+openrc
# ArchLinux:
# systemd, sysvinit
# CRUX:
# sysvinit
# Debian:
# systemd, upstart, sysvinit, openrc, ???
# Devuan:
# sysvinit, sysvinit+openrc
# Gentoo:
# sysvinit+openrc, openrc-init, systemd
# OpenBMC:
# systemd
# OpenWrt:
# procd, init???
# RedHat (RHEL, CentOS, Fedora, RedHat Linux, ...):
# systemd, upstart, upstart-legacy, sysvinit
# Slackware:
# sysvinit
# SuSE:
# systemd, sysvinit
# Ubuntu:
# systemd, upstart, upstart-legacy, sysvinit
# VoidLinux:
# runit
# Returns the process name of pid 1 ( normaly the init system )
# for example at linux this value is "init" or "systemd" in most cases
#
# GNU:
# Debian:
# sysvinit, hurd-init
#
# BSD:
# {Free,Open,Net}BSD:
# init
#
# Mac OS X:
# launchd, init+SystemStarter
#
# Solaris/Illumos:
# smf, init???
# NOTE: init systems can be stacked. This is popular to run OpenRC on top of
# sysvinit (Gentoo) or busybox-init (Alpine), but can also be used to run runit
# as a systemd service. This makes init system detection very complicated
# (which result is expected?) This script tries to untangle some combinations,
# OpenRC on top of sysv or busybox (X+openrc), but will ignore others (runit as
# a systemd service)
uname_s="$(uname -s)"
# NOTE: When we have no idea, nothing will be printed!
# NOTE:
# When trying to gather information about the init system make sure to do so
# without calling the binary! On some systems this triggers a reinitialisation
# of the system which we don't want (e.g. embedded systems).
set -e
KERNEL_NAME=$(uname -s)
KNOWN_INIT_SYSTEMS=$(cat <<EOF
systemd
sysvinit
upstart
runit
procd
smf
launchd
init
hurd_init
systemstarter
EOF
)
common_candidates_by_kernel() {
case $KERNEL_NAME
in
FreeBSD|NetBSD|OpenBSD)
echo init
;;
Linux)
echo systemd
echo sysvinit
echo upstart
;;
GNU)
echo sysvinit
echo hurd-init
;;
Darwin)
echo launchd
echo systemstarter
;;
SunOS)
echo smf
;;
esac
}
## Helpers
trim() {
sed -e 's/^[[:blank:]]*//' -e 's/[[:blank:]]*$//' -e '/^[[:blank:]]*$/d'
}
unique() {
# Delete duplicate lines (keeping input order)
# NOTE: Solaris AWK breaks without if/print construct.
awk '{ if (!x[$0]++) print }'
}
## Check functions
# These functions are used to verify if a guess is correct by checking some
# common property of a running system (presence of a directory in /run etc.)
check_busybox_init() (
busybox_path=${1:-/bin/busybox}
test -x "${busybox_path}" || return 1
grep -q 'BusyBox v[0-9]' "${busybox_path}" || return 1
# It is quite common to use Busybox init to stack other init systemd
# (like OpenRC) on top of it. So we check for that, too.
if stacked=$(check_openrc)
then
echo "busybox-init+${stacked}"
else
echo busybox-init
fi
)
check_hurd_init() (
init_exe=${1:-/hurd/init}
test -x "${init_exe}" || return 1
grep -q 'GNU Hurd' "${init_exe}" || return 1
echo hurd-init
)
check_init() {
# Checks for various BSD inits...
test -x /sbin/init || return 1
if grep -q -E '(Free|Net|Open)BSD' /sbin/init
then
echo init
return 0
fi
}
check_launchd() {
command -v launchctl >/dev/null 2>&1 || return 1
launchctl getenv PATH >/dev/null || return 1
echo launchd
}
check_openrc() {
test -f /run/openrc/softlevel || return 1
echo openrc
}
check_procd() (
procd_path=${1:-/sbin/procd}
test -x "${procd_path}" || return 1
grep -q 'procd' "${procd_path}" || return 1
echo procd
)
check_runit() {
test -d /run/runit || return 1
echo runit
}
check_smf() {
# XXX: Is this the correct way??
test -f /etc/svc/volatile/svc_nonpersist.db || return 1
echo smf
}
check_systemd() {
# NOTE: sd_booted(3)
test -d /run/systemd/system/ || return 1
# systemctl --version | sed -e '/^systemd/!d;s/^systemd //'
echo systemd
}
check_systemstarter() {
test -d /System/Library/StartupItems/ || return 1
test -f /System/Library/StartupItems/LoginWindow/StartupParameters.plist || return 1
echo init+SystemStarter
}
check_sysvinit() (
init_path=${1:-/sbin/init}
test -x "${init_path}" || return 1
grep -q 'INIT_VERSION=sysvinit-[0-9.]*' "${init_path}" || return 1
# It is quite common to use SysVinit to stack other init systemd
# (like OpenRC) on top of it. So we check for that, too.
if stacked=$(check_openrc)
then
echo "sysvinit+${stacked}"
else
echo sysvinit
fi
unset stacked
)
check_upstart() {
test -x "$(command -v initctl)" || return 1
case $(initctl version)
in
*'(upstart '*')')
if test -d /etc/init
then
# modern (DBus-based?) upstart >= 0.5
echo upstart
elif test -d /etc/event.d
then
# ancient upstart
echo upstart-legacy
else
# whatever...
echo upstart
fi
;;
*)
return 1
;;
esac
}
find_init_procfs() (
# First, check if the required file in procfs exists...
test -h /proc/1/exe || return 1
# Find init executable
init_exe=$(ls -l /proc/1/exe 2>/dev/null) || return 1
init_exe=${init_exe#* -> }
if ! test -x "$init_exe"
then
# On some rare occasions it can happen that the
# running init's binary has been replaced. In this
# case Linux adjusts the symlink to "X (deleted)"
# [root@fedora-12 ~]# readlink /proc/1/exe
# /sbin/init (deleted)
# [root@fedora-12 ~]# ls -l /proc/1/exe
# lrwxrwxrwx. 1 root root 0 2020-01-30 23:00 /proc/1/exe -> /sbin/init (deleted)
init_exe=${init_exe% (deleted)}
test -x "$init_exe" || return 1
fi
echo "${init_exe}"
)
guess_by_path() {
case $1
in
/bin/busybox)
check_busybox_init "$1" && return
;;
/lib/systemd/systemd)
check_systemd "$1" && return
;;
/hurd/init)
check_hurd_init "$1" && return
;;
/sbin/launchd)
check_launchd "$1" && return
;;
/usr/bin/runit|/sbin/runit)
check_runit "$1" && return
;;
/sbin/openrc-init)
if check_openrc "$1" >/dev/null
then
echo openrc-init
return
fi
;;
/sbin/procd)
check_procd "$1" && return
;;
/sbin/init|*/init)
# init: it could be anything -> (explicit) no match
return 1
;;
esac
# No match
return 1
}
guess_by_comm_name() {
case $1
in
busybox)
check_busybox_init && return
;;
openrc-init)
if check_openrc >/dev/null
then
echo openrc-init
return 0
fi
;;
init)
# init could be anything -> no match
return 1
;;
*)
# Run check function by comm name if available.
# Fall back to comm name if either it does not exist or
# returns non-zero.
if type "check_$1" >/dev/null
then
"check_$1" && return
else
echo "$1" ; return 0
fi
esac
return 1
}
check_list() (
# List must be a multi-line input on stdin (one name per line)
while read -r init
do
"check_${init}" || continue
return 0
done
return 1
)
# BusyBox's versions of ps and pgrep do not support some options
# depending on which compile-time options have been used.
find_init_pgrep() {
pgrep -P0 -fl 2>/dev/null | awk -F '[[:blank:]]' '$1 == 1 { print $2 }'
}
find_init_ps() {
case $KERNEL_NAME
in
Darwin)
ps -o command -p 1 2>/dev/null | tail -n +2
;;
FreeBSD)
ps -o args= -p 1 2>/dev/null | cut -d ' ' -f 1
;;
Linux)
ps -o comm= -p 1 2>/dev/null
;;
NetBSD)
ps -o comm= -p 1 2>/dev/null
;;
OpenBSD)
ps -o args -p 1 2>/dev/null | tail -n +2 | cut -d ' ' -f 1
;;
*)
ps -o args= -p 1 2>/dev/null
;;
esac | trim # trim trailing whitespace (some ps like Darwin add it)
}
find_init() {
case $KERNEL_NAME
in
Linux|GNU|NetBSD)
find_init_procfs || find_init_pgrep || find_init_ps
;;
FreeBSD)
find_init_procfs || find_init_ps
;;
OpenBSD)
find_init_pgrep || find_init_ps
;;
Darwin|SunOS)
find_init_ps
;;
*)
echo "Don't know how to determine init." >&2
echo 'Please send a patch.' >&2
exit 1
esac
}
# -----
init=$(find_init)
# If we got a path, guess by the path first (fall back to file name if no match)
# else guess by file name directly.
# shellcheck disable=SC2015
{
test -x "${init}" \
&& guess_by_path "${init}" \
|| guess_by_comm_name "$(basename "${init}")"
} && exit 0 || true
# Guessing based on the file path and name didnt lead to a definitive result.
#
# We go through all of the checks until we find a match. To speed up the
# process, common cases will be checked first based on the underlying kernel.
{ common_candidates_by_kernel; echo "${KNOWN_INIT_SYSTEMS}"; } \
| unique | check_list
case "$uname_s" in
Linux)
(pgrep -P0 -l | awk '/^1[ \t]/ {print $2;}') || true
;;
FreeBSD|OpenBSD)
ps -o comm= -p 1 || true
;;
*)
# return a empty string as unknown value
echo ""
;;
esac

File diff suppressed because it is too large Load diff

View file

@ -1,9 +1,8 @@
#!/bin/sh -e
#!/bin/sh
#
# 2014 Daniel Heule (hda at sfs.biz)
# 2014 Thomas Oettli (otho at sfs.biz)
# Copyright 2017, Philippe Gregoire <pg@pgregoire.xyz>
# 2020 Dennis Camera <dennis.camera at ssrq-sds-fds.ch>
#
# This file is part of cdist.
#
@ -20,73 +19,23 @@
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Returns the amount of memory physically installed in the system, or if that
# cannot be determined the amount available to the operating system kernel,
# in kibibytes (kiB).
#
str2bytes() {
awk -F' ' '
$2 == "B" || !$2 { print $1 }
$2 == "kB" { printf "%.f\n", ($1 * 1000) }
$2 == "MB" { printf "%.f\n", ($1 * 1000 * 1000) }
$2 == "GB" { printf "%.f\n", ($1 * 1000 * 1000 * 1000) }
$2 == "TB" { printf "%.f\n", ($1 * 1000 * 1000 * 1000 * 1000) }
$2 == "kiB" { printf "%.f\n", ($1 * 1024) }
$2 == "MiB" { printf "%.f\n", ($1 * 1024 * 1024) }
$2 == "GiB" { printf "%.f\n", ($1 * 1024 * 1024 * 1024) }
$2 == "TiB" { printf "%.f\n", ($1 * 1024 * 1024 * 1024 * 1024) }'
}
# FIXME: other system types (not linux ...)
bytes2kib() {
awk '$0 > 0 { printf "%.f\n", ($0 / 1024) }'
}
os=$("$__explorer/os")
case "$os" in
"macosx")
echo "$(sysctl -n hw.memsize)/1024" | bc
;;
"openbsd")
echo "$(sysctl -n hw.physmem) / 1048576" | bc
;;
case $(uname -s)
in
(Darwin)
sysctl -n hw.memsize | bytes2kib
;;
(FreeBSD)
sysctl -n hw.realmem | bytes2kib
;;
(NetBSD|OpenBSD)
# NOTE: This reports "usable" memory, not physically installed memory.
command -p sysctl -n hw.physmem | bytes2kib
;;
(SunOS)
# Make sure that awk from xpg4 is used for the scripts to work
export PATH="/usr/xpg4/bin:${PATH}"
prtconf \
| awk -F ': ' '
$1 == "Memory size" { sub(/Megabytes/, "MiB", $2); print $2 }
/^$/ { exit }' \
| str2bytes \
| bytes2kib
;;
(Linux)
if test -d /sys/devices/system/memory
then
# Use memory blocks if the architecture (e.g. x86, PPC64, s390)
# supports them (they denote physical memory)
num_mem_blocks=$(cat /sys/devices/system/memory/memory[0-9]*/state | grep -cxF online)
mem_block_size=$(cat /sys/devices/system/memory/block_size_bytes)
echo $((num_mem_blocks * 0x$mem_block_size)) | bytes2kib && exit
fi
if test -r /proc/meminfo
then
# Fall back to meminfo file on other architectures (e.g. ARM, MIPS,
# PowerPC)
# NOTE: This is "usable" memory, not physically installed memory.
awk -F ': +' '$1 == "MemTotal" { sub(/B$/, "iB", $2); print $2 }' /proc/meminfo \
| str2bytes \
| bytes2kib
fi
;;
(*)
printf "Your kernel (%s) is currently not supported by the memory explorer\n" "$(uname -s)" >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
;;
*)
if [ -r /proc/meminfo ]; then
grep "MemTotal:" /proc/meminfo | awk '{print $2}'
fi
;;
esac

View file

@ -143,13 +143,6 @@ case "$uname_s" in
esac
if [ -f /etc/os-release ]; then
# after sles15, suse don't provide an /etc/SuSE-release anymore, but there is almost no difference between sles and opensuse leap, so call it suse
# shellcheck disable=SC1091
if (. /etc/os-release && echo "${ID_LIKE}" | grep -q '\(^\|\ \)suse\($\|\ \)')
then
echo suse
exit 0
fi
# already lowercase, according to:
# https://www.freedesktop.org/software/systemd/man/os-release.html
awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release

View file

@ -1,7 +1,6 @@
#!/bin/sh
#
# 2018 Adam Dej (dejko.a at gmail.com)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -22,17 +21,6 @@
# See os-release(5) and http://0pointer.de/blog/projects/os-release
if test -f /etc/os-release
then
# Linux and FreeBSD (usually a symlink)
cat /etc/os-release
elif test -f /usr/lib/os-release
then
# systemd
cat /usr/lib/os-release
elif test -f /var/run/os-release
then
# FreeBSD (created by os-release service)
cat /var/run/os-release
fi
set +e
cat /etc/os-release || cat /usr/lib/os-release || true

View file

@ -1,7 +1,6 @@
#!/bin/sh -e
#!/bin/sh
#
# 2010-2011 Nico Schottelius (nico-cdist at schottelius.org)
# 2020-2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -18,22 +17,12 @@
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# All os variables are lower case
#
#
rc_getvar() {
awk -F= -v varname="$2" '
function unquote(s) {
if (s ~ /^".*"$/ || s ~ /^'\''.*'\''$/)
return substr(s, 2, length(s) - 2)
else
return s
}
$1 == varname { print unquote(substr($0, index($0, "=") + 1)) }' "$1"
}
case $("${__explorer:?}/os")
in
case "$("$__explorer/os")" in
amazon)
cat /etc/system-release
;;
@ -42,53 +31,10 @@ in
cat /etc/arch-release
;;
debian)
debian_version=$(cat /etc/debian_version)
case $debian_version
in
testing/unstable)
# previous to Debian 4.0 testing/unstable was used
# cf. https://metadata.ftp-master.debian.org/changelogs/main/b/base-files/base-files_11_changelog
echo 3.99
;;
*/sid)
# sid versions don't have a number, so we decode by codename:
case $(expr "$debian_version" : '\([a-z]\{1,\}\)/')
in
trixie) echo 12.99 ;;
bookworm) echo 11.99 ;;
bullseye) echo 10.99 ;;
buster) echo 9.99 ;;
stretch) echo 8.99 ;;
jessie) echo 7.99 ;;
wheezy) echo 6.99 ;;
squeeze) echo 5.99 ;;
lenny) echo 4.99 ;;
*) echo 99.99 ;;
esac
;;
*)
echo "$debian_version"
;;
esac
cat /etc/debian_version
;;
devuan)
devuan_version=$(cat /etc/devuan_version)
case ${devuan_version}
in
(*/ceres)
# ceres versions don't have a number, so we decode by codename:
case ${devuan_version}
in
(chimaera/ceres) echo 3.99 ;;
(beowulf/ceres) echo 2.99 ;;
(ascii/ceres) echo 1.99 ;;
(*) exit 1
esac
;;
(*)
echo "${devuan_version}"
;;
esac
cat /etc/devuan_version
;;
fedora)
cat /etc/fedora-release
@ -97,20 +43,7 @@ in
cat /etc/gentoo-release
;;
macosx)
# NOTE: Legacy versions (< 10.3) do not support options
sw_vers | awk -F ':[ \t]+' '$1 == "ProductVersion" { print $2 }'
;;
freebsd)
# Apparently uname -r is not a reliable way to get the patch level.
# See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743
if command -v freebsd-version >/dev/null 2>&1
then
# get userland version
freebsd-version -u
else
# fallback to kernel release for FreeBSD < 10.0
uname -r
fi
sw_vers -productVersion
;;
*bsd|solaris)
uname -r
@ -135,22 +68,6 @@ in
fi
;;
ubuntu)
if command -v lsb_release >/dev/null 2>&1
then
lsb_release -sr
elif test -r /usr/lib/os-release
then
# fallback to /usr/lib/os-release if lsb_release is not present (like
# on minimized Ubuntu installations)
rc_getvar /usr/lib/os-release VERSION_ID
elif test -r /etc/lsb-release
then
# extract DISTRIB_RELEASE= variable from /etc/lsb-release on old
# versions without /usr/lib/os-release.
rc_getvar /etc/lsb-release DISTRIB_RELEASE
fi
;;
alpine)
cat /etc/alpine-release
lsb_release -sr
;;
esac

View file

@ -1,7 +1,6 @@
#!/bin/sh -e
# -*- mode: sh; indent-tabs-mode: t -*-
#
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# 2019 Ander Punnar (ander-at-kvlt-dot-ee)
#
# This file is part of cdist.
#
@ -18,24 +17,23 @@
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Prints "present" if the extension is currently installed.
# "absent" otherwise.
quote() { printf '%s\n' "$*" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"; }
# TODO check if filesystem has ACL turned on etc
postgres_user=$("${__type_explorer:?}/postgres_user")
IFS=: read -r dbname extname <<EOF
${__object_id:?}
EOF
psql_exec() {
su - "${postgres_user}" -c "psql $(quote "$1") -twAc $(quote "$2")"
}
if psql_exec "${dbname}" 'SELECT extname FROM pg_extension' | grep -qFx "${extname}"
if [ -f "$__object/parameter/acl" ]
then
echo present
else
echo absent
grep -E '^(default:)?(user|group):' "$__object/parameter/acl" \
| while read -r acl
do
param="$( echo "$acl" | awk -F: '{print $(NF-2)}' )"
check="$( echo "$acl" | awk -F: '{print $(NF-1)}' )"
[ "$param" = 'user' ] && db=passwd || db="$param"
if ! getent "$db" "$check" > /dev/null
then
echo "missing $param '$check'" >&2
exit 1
fi
done
fi

View file

@ -1,4 +0,0 @@
#!/bin/sh -e
getent passwd | awk -F: '{print "user:"$1}'
getent group | awk -F: '{print "group:"$1}'

View file

@ -22,8 +22,8 @@ file_is="$( cat "$__object/explorer/file_is" )"
if [ "$file_is" = 'missing' ] \
&& [ -z "$__cdist_dry_run" ] \
&& [ ! -f "$__object/parameter/file" ] \
&& [ ! -f "$__object/parameter/directory" ]
&& \( [ ! -f "$__object/parameter/file" ] \
|| [ ! -f "$__object/parameter/directory" ] \)
then
exit 0
fi
@ -47,26 +47,28 @@ then
elif [ -f "$__object/parameter/entry" ]
then
acl_should="$( cat "$__object/parameter/entry" )"
elif [ -f "$__object/parameter/acl" ]
then
acl_should="$( cat "$__object/parameter/acl" )"
elif
[ -f "$__object/parameter/user" ] \
|| [ -f "$__object/parameter/group" ] \
|| [ -f "$__object/parameter/mask" ] \
|| [ -f "$__object/parameter/other" ]
then
acl_should="$( for param in user group mask other
do
[ ! -f "$__object/parameter/$param" ] && continue
echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=:
echo "$param$sep$( cat "$__object/parameter/$param" )"
done )"
else
echo 'no parameters set' >&2
exit 1
fi
# instead of setfacl's non-helpful message "Option -m: Invalid argument near character X"
# let's check if target has necessary users and groups, since mistyped or missing
# users/groups in target is most common reason.
echo "$acl_should" \
| grep -Po '(user|group):[^:]+' \
| sort -u \
| while read -r l
do
if ! grep "$l" -Fxq "$__object/explorer/getent"
then
echo "no $l' in target" | sed "s/:/ '/" >&2
exit 1
fi
done
if [ -f "$__object/parameter/default" ]
then
acl_should="$( echo "$acl_should" \

View file

@ -12,14 +12,11 @@ Fully supported and tested on Linux (ext4 filesystem), partial support for FreeB
See ``setfacl`` and ``acl`` manpages for more details.
One of ``--entry`` or ``--source`` must be used.
OPTIONAL MULTIPLE PARAMETERS
REQUIRED MULTIPLE PARAMETERS
----------------------------
entry
Set ACL entry following ``getfacl`` output syntax.
Must be used if ``--source`` is not used.
OPTIONAL PARAMETERS
@ -28,7 +25,6 @@ source
Read ACL entries from stdin or file.
Ordering of entries is not important.
When reading from file, comments and empty lines are ignored.
Must be used if ``--entry`` is not used.
file
Create/change file with ``__file`` using ``user:group:mode`` pattern.
@ -52,6 +48,12 @@ remove
``mask`` and ``other`` entries can't be removed, but only changed.
DEPRECATED PARAMETERS
---------------------
Parameters ``acl``, ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
will be removed in future versions. Please use ``entry`` parameter instead.
EXAMPLES
--------

View file

@ -0,0 +1 @@
see manual for details

View file

@ -0,0 +1 @@
see manual for details

View file

@ -0,0 +1 @@
see manual for details

View file

@ -0,0 +1 @@
see manual for details

View file

@ -0,0 +1 @@
see manual for details

View file

@ -1,3 +1,5 @@
mask
other
source
file
directory

View file

@ -1 +1,4 @@
entry
acl
user
group

View file

@ -1,104 +0,0 @@
cdist-type__debian_backports(7)
===============================
NAME
----
cdist-type__apt_backports - Install backports
DESCRIPTION
-----------
This singleton type installs backports for the current OS release.
It aborts if backports are not supported for the specified OS or
no version codename could be fetched (like Debian unstable).
The package index will be automatically updated if required.
It supports backports from following OSes:
- Debian
- Devuan
- Ubuntu
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
Represents the state of the backports repository. ``present`` or
``absent``, defaults to ``present``.
Will be directly passed to :strong:`cdist-type__apt_source`\ (7).
mirror
The mirror to fetch the backports from. Will defaults to the generic
mirror of the current OS.
Will be directly passed to :strong:`cdist-type__apt_source`\ (7).
BOOLEAN PARAMETERS
------------------
None.
MESSAGES
--------
None.
EXAMPLES
--------
.. code-block:: sh
# setup the backports
__apt_backports
__apt_backports --state absent
__apt_backports --state present --mirror "http://ftp.de.debian.org/debian/"
# install a backports package
# currently for the buster release backports
require="__apt_backports" __package_apt wireguard \
--target-release buster-backports
ABORTS
------
Aborts if the detected os is not Debian.
Aborts if no distribuition codename could be detected. This is common for the
unstable distribution, but there is no backports repository for it already.
CAVEATS
-------
For Ubuntu, it setup all componenents for the backports repository: ``main``,
``restricted``, ``universe`` and ``multiverse``. The user may not want to
install proprietary packages, which will only be installed if the user
explicitly uses the backports target-release. The user may change this behavior
to install backports packages without the need of explicitly select it.
SEE ALSO
--------
`Official Debian Backports site <https://backports.debian.org/>`_
:strong:`cdist-type__apt_source`\ (7)
AUTHORS
-------
Matthias Stecher <matthiasstecher at gmx.de>
COPYING
-------
Copyright \(C) 2020 Matthias Stecher. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1,82 +0,0 @@
#!/bin/sh -e
# __apt_backports/manifest
#
# 2020 Matthias Stecher (matthiasstecher at gmx.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Enables/disables backports repository. Utilises __apt_source for it.
#
# Get the distribution codename by /etc/os-release.
# is already executed in a subshell by string substitution
# lsb_release may not be given in all installations
codename_os_release() {
# shellcheck disable=SC1090
# shellcheck disable=SC1091
. "$__global/explorer/os_release"
printf "%s" "$VERSION_CODENAME"
}
# detect backport distribution
os="$(cat "$__global/explorer/os")"
case "$os" in
debian)
dist="$( codename_os_release )"
components="main"
mirror="http://deb.debian.org/debian/"
;;
devuan)
dist="$( codename_os_release )"
components="main"
mirror="http://deb.devuan.org/merged"
;;
ubuntu)
dist="$( codename_os_release )"
components="main restricted universe multiverse"
mirror="http://archive.ubuntu.com/ubuntu"
;;
*)
printf "Backports for %s are not supported!\n" "$os" >&2
exit 1
;;
esac
# error if no codename given (e.g. on Debian unstable)
if [ -z "$dist" ]; then
printf "No backports for unkown version of distribution %s!\n" "$os" >&2
exit 1
fi
# parameters
state="$(cat "$__object/parameter/state")"
# mirror already set for the os, only override user-values
if [ -f "$__object/parameter/mirror" ]; then
mirror="$(cat "$__object/parameter/mirror")"
fi
# install the given backports repository
__apt_source "${dist}-backports" \
--state "$state" \
--distribution "${dist}-backports" \
--component "$components" \
--uri "$mirror"

View file

@ -1,2 +0,0 @@
state
mirror

View file

@ -27,25 +27,18 @@ else
keyid="$__object_id"
fi
# From apt-key(8):
# Use of apt-key is deprecated, except for the use of apt-key del in
# maintainer scripts to remove existing keys from the main keyring.
# If such usage of apt-key is desired the additional installation of
# the GNU Privacy Guard suite (packaged in gnupg) is required.
if [ -f "${__object}/parameter/use-deprecated-apt-key" ]; then
if apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK"
then echo present
else echo absent
fi
exit
fi
keydir="$(cat "$__object/parameter/keydir")"
keyfile="$keydir/$__object_id.gpg"
if [ -f "$keyfile" ]
if [ -d "$keydir" ]
then
echo present
exit
if [ -f "$keyfile" ]
then echo present
else echo absent
fi
else
# fallback to deprecated apt-key
apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK" \
&& echo present \
|| echo absent
fi
echo absent

View file

@ -25,7 +25,11 @@ else
fi
state_should="$(cat "$__object/parameter/state")"
state_is="$(cat "$__object/explorer/state")"
method="$(cat "$__object/key_method")"
if [ "$state_should" = "$state_is" ]; then
# nothing to do
exit 0
fi
keydir="$(cat "$__object/parameter/keydir")"
keyfile="$keydir/$__object_id.gpg"
@ -33,18 +37,30 @@ keyfile="$keydir/$__object_id.gpg"
case "$state_should" in
present)
keyserver="$(cat "$__object/parameter/keyserver")"
# Using __download or __file as key source
# Propagate messages if needed
if [ "${method}" = "uri" ] || [ "${method}" = "source" ]; then
if grep -Eq "^__(file|download)$keyfile" "$__messages_in"; then
echo "added '$keyid'" >> "$__messages_out"
if [ -f "$__object/parameter/uri" ]; then
uri="$(cat "$__object/parameter/uri")"
if [ -d "$keydir" ]; then
cat << EOF
curl -s -L \\
-o "$keyfile" \\
"$uri"
key="\$( cat "$keyfile" )"
if echo "\$key" | grep -Fq 'BEGIN PGP PUBLIC KEY BLOCK'
then
echo "\$key" | gpg --dearmor > "$keyfile"
fi
EOF
else
# fallback to deprecated apt-key
echo "curl -s -L '$uri' | apt-key add -"
fi
exit 0
elif [ "${state_is}" = "present" ]; then
exit 0
fi
# Using key servers to fetch the key
if [ ! -f "$__object/parameter/use-deprecated-apt-key" ]; then
elif [ -d "$keydir" ]; then
# we need to kill gpg after 30 seconds, because gpg
# can get stuck if keyserver is not responding.
# exporting env var and not exit 1,
@ -84,16 +100,13 @@ EOF
echo "added '$keyid'" >> "$__messages_out"
;;
absent)
# Removal for keys added from a keyserver without this flag
# is done in the manifest
if [ "$state_is" != "absent" ] && \
[ -f "$__object/parameter/use-deprecated-apt-key" ]; then
if [ -f "$keyfile" ]; then
echo "rm '$keyfile'"
else
# fallback to deprecated apt-key
echo "apt-key del \"$keyid\""
echo "removed '$keyid'" >> "$__messages_out"
# Propagate messages if needed
elif grep -Eq "^__file$keyfile" "$__messages_in"; then
echo "removed '$keyid'" >> "$__messages_out"
fi
echo "removed '$keyid'" >> "$__messages_out"
;;
esac

View file

@ -10,14 +10,6 @@ DESCRIPTION
-----------
Manages the list of keys used by apt to authenticate packages.
This is done by placing the requested key in a file named
``$__object_id.gpg`` in the ``keydir`` directory.
This is supported by modern releases of Debian-based distributions.
In order of preference, exactly one of: ``source``, ``uri`` or ``keyid``
must be specified.
REQUIRED PARAMETERS
-------------------
@ -26,49 +18,21 @@ None.
OPTIONAL PARAMETERS
-------------------
keydir
keyring directory, defaults to ``/etc/apt/trusted.pgp.d``, which is
enabled system-wide by default.
source
path to a file containing the GPG key of the repository.
Using this is recommended as it ensures that the manifest/type manintainer
has validated the key.
If ``-``, the GPG key is read from the type's stdin.
state
'present' or 'absent'. Defaults to 'present'
uri
the URI from which to download the key.
It is highly recommended that you only use protocols with TLS like HTTPS.
This uses ``__download`` but does not use checksums, if you want to ensure
that the key doesn't change, you are better off downloading it and using
``--source``.
DEPRECATED OPTIONAL PARAMETERS
------------------------------
keyid
the id of the key to download from the ``keyserver``.
This is to be used in absence of ``--source`` and ``--uri`` or together
with ``--use-deprecated-apt-key`` for key removal.
Defaults to ``$__object_id``.
the id of the key to add. Defaults to __object_id
keyserver
the keyserver from which to fetch the key.
Defaults to ``pool.sks-keyservers.net``.
the keyserver from which to fetch the key. If omitted the default set
in ./parameter/default/keyserver is used.
keydir
key save location, defaults to ``/etc/apt/trusted.pgp.d``
DEPRECATED BOOLEAN PARAMETERS
-----------------------------
use-deprecated-apt-key
``apt-key(8)`` will last be available in Debian 11 and Ubuntu 22.04.
You can use this parameter to force usage of ``apt-key(8)``.
Please only use this parameter to *remove* keys from the keyring,
in order to prepare for removal of ``apt-key``.
Adding keys should be done without this parameter.
This parameter will be removed when Debian 11 stops being supported.
uri
the URI from which to download the key
EXAMPLES
@ -76,39 +40,33 @@ EXAMPLES
.. code-block:: sh
# add a key that has been verified by a type maintainer
__apt_key jitsi_meet_2021 \
--source cdist-contrib/type/__jitsi_meet/files/apt_2021.gpg
# Add Ubuntu Archive Automatic Signing Key
__apt_key 437D05B5
# Same thing
__apt_key 437D05B5 --state present
# Get rid of it
__apt_key 437D05B5 --state absent
# remove an old, deprecated or expired key
__apt_key jitsi_meet_2016 --state absent
# same thing with human readable name and explicit keyid
__apt_key UbuntuArchiveKey --keyid 437D05B5
# Get rid of a key that might have been added to
# /etc/apt/trusted.gpg with apt-key
__apt_key 0x40976EAF437D05B5 --use-deprecated-apt-key --state absent
# same thing with other keyserver
__apt_key UbuntuArchiveKey --keyid 437D05B5 --keyserver keyserver.ubuntu.com
# add a key that we define in-line
__apt_key jitsi_meet_2021 --source '-' <<EOF
-----BEGIN PGP PUBLIC KEY BLOCK-----
[...]
-----END PGP PUBLIC KEY BLOCK-----
EOF
# download or update key from the internet
__apt_key rabbitmq_2007 \
--uri https://www.rabbitmq.com/rabbitmq-signing-key-public.asc
# download key from the internet
__apt_key rabbitmq \
--uri http://www.rabbitmq.com/rabbitmq-signing-key-public.asc
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
Ander Punnar <ander-at-kvlt-dot-ee>
Evilham <contact~~@~~evilham.com>
COPYING
-------
Copyright \(C) 2011-2021 Steven Armstrong, Ander Punnar and Evilham. You can
Copyright \(C) 2011-2019 Steven Armstrong and Ander Punnar. You can
redistribute it and/or modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -2,105 +2,7 @@
__package gnupg
state_should="$(cat "${__object}/parameter/state")"
incompatible_args()
{
cat >> /dev/stderr <<-EOF
This type does not support --${1} and --${method} simultaneously.
EOF
exit 1
}
if [ -f "${__object}/parameter/source" ]; then
method="source"
src="$(cat "${__object}/parameter/source")"
if [ "${src}" = "-" ]; then
src="${__object}/stdin"
fi
fi
if [ -f "${__object}/parameter/uri" ]; then
if [ -n "${method}" ]; then
incompatible_args uri
fi
method="uri"
src="$(cat "${__object}/parameter/uri")"
fi
if [ -f "${__object}/parameter/keyid" ]; then
if [ -n "${method}" ]; then
incompatible_args keyid
fi
method="keyid"
fi
# Keep old default
if [ -z "${method}" ]; then
method="keyid"
fi
# Save this for later in gencode-remote
echo "${method}" > "${__object}/key_method"
# Required remotely (most likely already installed)
__package dirmngr
# We need this in case a key has to be dearmor'd
__package gnupg
export require="__package/gnupg"
if [ -f "${__object}/parameter/use-deprecated-apt-key" ]; then
# This is required if apt-key(8) is to be used
if [ "${method}" = "source" ] || [ "${method}" = "uri" ]; then
incompatible_args use-deprecated-apt-key
fi
else
if [ "${state_should}" = "absent" ] && \
[ -f "${__object}/parameter/keyid" ]; then
cat >> /dev/stderr <<EOF
You can't reliably remove by keyid without --use-deprecated-apt-key.
This would very likely do something you do not intend.
EOF
exit 1
fi
fi
keydir="$(cat "${__object}/parameter/keydir")"
keyfile="${keydir}/${__object_id}.gpg"
keyfilecdist="${keyfile}.cdist"
if [ "${state_should}" != "absent" ]; then
# Ensure keydir exists
__directory "${keydir}" --state exists --mode 0755
fi
if [ "${state_should}" = "absent" ]; then
__file "${keyfile}" --state "absent"
__file "${keyfilecdist}" --state "absent"
elif [ "${method}" = "source" ] || [ "${method}" = "uri" ]; then
dearmor="$(cat <<-EOF
if [ '${state_should}' = 'present' ]; then
# Dearmor if necessary
if grep -Fq 'BEGIN PGP PUBLIC KEY BLOCK' '${keyfilecdist}'; then
gpg --dearmor < '${keyfilecdist}' > '${keyfile}'
else
cp '${keyfilecdist}' '${keyfile}'
fi
# Ensure permissions
chown root '${keyfile}'
chmod 0444 '${keyfile}'
fi
EOF
)"
if [ "${method}" = "uri" ]; then
__download "${keyfilecdist}" \
--url "${src}" \
--onchange "${dearmor}"
require="__download${keyfilecdist}" \
__file "${keyfile}" \
--owner root \
--mode 0444 \
--state pre-exists
else
__file "${keyfilecdist}" --state "${state_should}" \
--mode 0444 \
--source "${src}" \
--onchange "${dearmor}"
fi
if [ -f "$__object/parameter/uri" ]
then __package curl
else __package dirmngr
fi

View file

@ -1 +0,0 @@
use-deprecated-apt-key

View file

@ -1,3 +0,0 @@
apt-key(8) will last be available in Debian 11 and Ubuntu 22.04.
Use this flag *only* to migrate to placing a keyring directly in the
/etc/apt/trusted.gpg.d/ directory with a descriptive name.

View file

@ -1,6 +1,5 @@
keydir
state
keyid
keyserver
source
state
keydir
uri

View file

@ -1 +0,0 @@
Please migrate to using __apt_key key_id --uri URI.

View file

@ -32,12 +32,11 @@ EXAMPLES
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2014 Steven Armstrong, 2020 Dennis Camera.
You can redistribute it and/or modify it under the terms of the GNU General
Public License as published by the Free Software Foundation, either version 3 of
the License, or (at your option) any later version.
Copyright \(C) 2014 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1,7 +1,6 @@
#!/bin/sh -e
#
# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -20,28 +19,26 @@
#
os=$(cat "${__global:?}/explorer/os")
os=$(cat "$__global/explorer/os")
case ${os}
in
(ubuntu|debian|devuan)
__file /etc/apt/apt.conf.d/00InstallRecommends --state present \
--owner root --group root --mode 0644 --source - <<-'EOF'
APT::Install-Recommends "false";
APT::Install-Suggests "false";
APT::AutoRemove::RecommendsImportant "false";
APT::AutoRemove::SuggestsImportant "false";
EOF
# TODO: Remove the following object after some time
require=__file/etc/apt/apt.conf.d/00InstallRecommends \
__file /etc/apt/apt.conf.d/99-no-recommends --state absent
;;
(*)
cat >&2 <<EOF
case "$os" in
ubuntu|debian|devuan)
# No stinking recommends thank you very much.
# If I want something installed I will do so myself.
__file /etc/apt/apt.conf.d/99-no-recommends \
--owner root --group root --mode 644 \
--source - << DONE
APT::Install-Recommends "0";
APT::Install-Suggests "0";
APT::AutoRemove::RecommendsImportant "0";
APT::AutoRemove::SuggestsImportant "0";
DONE
;;
*)
cat >&2 << DONE
The developer of this type (${__type##*/}) did not think your operating system
($os) would have any use for it. If you think otherwise please submit a patch.
EOF
exit 1
;;
DONE
exit 1
;;
esac

View file

@ -1,79 +0,0 @@
cdist-type__apt_pin(7)
======================
NAME
----
cdist-type__apt_pin - Manage apt pinning rules
DESCRIPTION
-----------
Adds/removes/edits rules to pin some packages to a specific distribution. Useful if using multiple debian repositories at the same time. (Useful, if one wants to use a few specific packages from backports or perhaps Debain testing... or even sid.)
REQUIRED PARAMETERS
-------------------
distribution
Specifies what distribution the package should be pinned to. Accepts both codenames (buster/bullseye/sid) and suite names (stable/testing/...).
OPTIONAL PARAMETERS
-------------------
package
Package name, glob or regular expression to match (multiple) packages. If not specified `__object_id` is used.
priority
The priority value to assign to matching packages. Deafults to 500. (To match the default target distro's priority)
state
Will be passed to underlying `__file` type; see there for valid values and defaults.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Add the bullseye repo to buster, but do not install any packages by default,
# only if explicitely asked for (-1 means "never" for apt)
__apt_pin bullseye-default \
--package "*" \
--distribution bullseye \
--priority -1
require="__apt_pin/bullseye-default" __apt_source bullseye \
--uri http://deb.debian.org/debian/ \
--distribution bullseye \
--component main
__apt_pin foo --package "foo foo-*" --distribution bullseye
__foo # Assuming, this installs the `foo` package internally
__package foo-plugin-extras # Assuming we also need some extra stuff
SEE ALSO
--------
:strong:`apt_preferences`\ (5)
:strong:`cdist-type__apt_source`\ (7)
:strong:`cdist-type__apt_backports`\ (7)
:strong:`cdist-type__file`\ (7)
AUTHORS
-------
Daniel Fancsali <fancsali@gmail.com>
COPYING
-------
Copyright \(C) 2021 Daniel Fancsali. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1,63 +0,0 @@
#!/bin/sh -e
#
# 2021 Daniel Fancsali (fancsali@gmail.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
name="$__object_id"
os=$(cat "$__global/explorer/os")
state="$(cat "$__object/parameter/state")"
if [ -f "$__object/parameter/package" ]; then
package="$(cat "$__object/parameter/package")"
else
package=$name
fi
distribution="$(cat "$__object/parameter/distribution")"
priority="$(cat "$__object/parameter/priority")"
case "$os" in
debian|ubuntu|devuan)
;;
*)
printf "This type is specific to Debian and it's derivatives" >&2
exit 1
;;
esac
case $distribution in
stable|testing|unstable|experimental)
pin="release a=$distribution"
;;
*)
pin="release n=$distribution"
;;
esac
__file "/etc/apt/preferences.d/$name" \
--owner root --group root --mode 0644 \
--state "$state" \
--source - << EOF
Package: $package
Pin: $pin
Pin-Priority: $priority
EOF

View file

@ -1 +0,0 @@
present

View file

@ -1,2 +0,0 @@
state
package

View file

@ -1,2 +0,0 @@
distribution
priority

View file

@ -22,21 +22,7 @@
name="$__object_id"
destination="/etc/apt/sources.list.d/${name}.list"
# There are special arguments to apt(8) to prevent aborts if apt woudn't been
# updated after the 19th April 2021 till the bullseye release. The additional
# arguments acknoledge the happend suite change (the apt(8) update does the
# same by itself).
#
# Using '-o $config' instead of the --allow-releaseinfo-change-* parameter
# allows backward compatablility to pre-buster Debian versions.
#
# See more: ticket #861
# https://code.ungleich.ch/ungleich-public/cdist/-/issues/861
apt_opts="-o Acquire::AllowReleaseInfoChange::Suite=true -o Acquire::AllowReleaseInfoChange::Version=true"
# run 'apt-get update' only if something changed with our sources.list file
# it will be run a second time on error as a redundancy messure to success
if grep -q "^__file${destination}" "$__messages_in"; then
printf 'apt-get %s update || apt-get %s update\n' "$apt_opts" "$apt_opts"
printf 'apt-get update || apt-get update\n'
fi

View file

@ -18,23 +18,9 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# There are special arguments to apt(8) to prevent aborts if apt woudn't been
# updated after the 19th April 2021 till the bullseye release. The additional
# arguments acknoledge the happend suite change (the apt(8) update does the
# same by itself).
#
# Using '-o $config' instead of the --allow-releaseinfo-change-* parameter
# allows backward compatablility to pre-buster Debian versions.
#
# See more: ticket #861
# https://code.ungleich.ch/ungleich-public/cdist/-/issues/861
apt_opts="-o Acquire::AllowReleaseInfoChange::Suite=true -o Acquire::AllowReleaseInfoChange::Version=true"
# run 'apt-get update' if anything in /etc/apt is newer then /var/lib/apt/lists
# it will be run a second time on error as a redundancy messure to success
cat << DONE
if find /etc/apt -mindepth 1 -cnewer /var/lib/apt/lists | grep . > /dev/null; then
apt-get $apt_opts update || apt-get $apt_opts update
apt-get update || apt-get update
fi
DONE

View file

@ -46,29 +46,28 @@ fi
remove_block() {
cat << DONE
tmpfile=\$(mktemp ${quoted_file}.cdist.XXXXXXXXXX)
tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
# preserve ownership and permissions of existing file
if [ -f $quoted_file ]; then
cp -p $quoted_file "\$tmpfile"
if [ -f "$file" ]; then
cp -p "$file" "\$tmpfile"
fi
awk -v prefix=$(quote "$prefix") -v suffix=$(quote "$suffix") '
awk -v prefix=^$(quote "$prefix")\$ -v suffix=^$(quote "$suffix")\$ '
{
if (\$0 == prefix) {
if (match(\$0,prefix)) {
triggered=1
}
if (triggered) {
if (\$0 == suffix) {
if (match(\$0,suffix)) {
triggered=0
}
} else {
print
}
}' $quoted_file > "\$tmpfile"
mv -f "\$tmpfile" $quoted_file
}' "$file" > "\$tmpfile"
mv -f "\$tmpfile" "$file"
DONE
}
quoted_file="$(quote "$file")"
case "$state_should" in
present)
if [ "$state_is" = "changed" ]; then
@ -78,7 +77,7 @@ case "$state_should" in
echo add >> "$__messages_out"
fi
cat << DONE
cat >> $quoted_file << '${__type##*/}_DONE'
cat >> "$file" << ${__type##*/}_DONE
$(cat "$block")
${__type##*/}_DONE
DONE

View file

@ -37,7 +37,6 @@ source="$(cat "$__object/parameter/source")"
# out of it
home=/home/$username
# shellcheck disable=SC2086
__user "$username" --home "$home" $shell
require="__user/$username" __directory "$home" \

View file

@ -18,12 +18,7 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
if [ -f "$__object/parameter/path" ]
then
path="$( cat "$__object/parameter/path" )"
else
path="/$__object_id"
fi
path="/$__object_id"
[ ! -d "$path" ] && exit 0

View file

@ -20,12 +20,7 @@
[ ! -s "$__object/explorer/list" ] && exit 0
if [ -f "$__object/parameter/path" ]
then
path="$( cat "$__object/parameter/path" )"
else
path="/$__object_id"
fi
path="/$__object_id"
pattern="$( cat "$__object/parameter/pattern" )"

View file

@ -10,7 +10,7 @@ DESCRIPTION
-----------
Remove files and directories which match the pattern.
Provided path must be a directory.
Provided path (as __object_id) must be a directory.
Patterns are passed to ``find``'s ``-regex`` - see ``find(1)`` for more details.
@ -29,9 +29,6 @@ pattern
OPTIONAL PARAMETERS
-------------------
path
Path which will be cleaned. Defaults to ``$__object_id``.
exclude
Pattern of files which are excluded from removal.
@ -49,11 +46,6 @@ EXAMPLES
--exclude '.+\(charset\.conf\|security\.conf\)' \
--onchange 'service apache2 restart'
__clean_path apache2-conf-enabled \
--path /etc/apache2/conf-enabled \
--pattern '.+' \
--exclude '.+\(charset\.conf\|security\.conf\)' \
--onchange 'service apache2 restart'
AUTHORS
-------

View file

@ -1,3 +1,2 @@
exclude
onchange
path

View file

@ -116,9 +116,6 @@ verify-incoming
verify-outgoing
enforce the use of TLS and verify the peers authenticity on outgoing connections
use-distribution-package
uses distribution package instead of upstream binary
EXAMPLES
--------

View file

@ -1,8 +1,7 @@
#!/bin/sh -e
#
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
# 2015-2020 Nico Schottelius (nico-cdist at schottelius.org)
# 2019 Timothée Floure (timothee.floure at ungleich.ch)
# 2015-2019 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
@ -20,87 +19,133 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os=$(cat "$__global/explorer/os")
###
# Type parameters.
case "$os" in
alpine|scientific|centos|debian|devuan|redhat|ubuntu)
# whitelist safeguard
:
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
state="$(cat "$__object/parameter/state")"
user="$(cat "$__object/parameter/user")"
group="$(cat "$__object/parameter/group")"
release=$(cat "$__global/explorer/lsb_release")
if [ -f "$__object/parameter/use-distribution-package" ]; then
use_distribution_package=1
fi
###
# Those are default that might be overriden by os-specific logic.
data_dir="/var/lib/consul"
conf_dir="/etc/consul/conf.d"
conf_file="config.json"
tls_dir="$conf_dir/tls"
case "$os" in
alpine)
conf_dir="/etc/consul"
conf_file="server.json"
;;
*)
conf_dir="/etc/consul/conf.d"
conf_file="config.json"
;;
# FIXME: there has got to be a better way to handle the dependencies in this case
case "$state" in
present)
__group "$group" --system --state "$state"
require="__group/$group" \
__user "$user" --system --gid "$group" \
--home "$data_dir" --state "$state"
export require="__user/consul"
;;
absent)
echo "Sorry, state=absent currently not supported :-(" >&2
exit 1
require="$__object_name" \
__user "$user" --system --gid "$group" --state "$state"
require="__user/$user" \
__group "$group" --system --state "$state"
;;
esac
###
# Sane deployment, based on distribution package when available.
__directory /etc/consul \
--owner root --group "$group" --mode 750 --state "$state"
require="__directory/etc/consul" \
__directory "$conf_dir" \
--owner root --group "$group" --mode 750 --state "$state"
distribution_setup () {
case "$os" in
debian)
# consul is only available starting Debian 10 (buster).
# See https://packages.debian.org/buster/consul
if [ "$release" -lt 10 ]; then
echo "Consul is not available for your debian release." >&2
echo "Please use the 'manual' (i.e. non-package) installation or \
upgrade the target system." >&2
exit 1
fi
if [ -f "$__object/parameter/ca-file-source" ] || [ -f "$__object/parameter/cert-file-source" ] || [ -f "$__object/parameter/key-file-source" ]; then
# create directory for ssl certs
require="__directory/etc/consul" \
__directory /etc/consul/ssl \
--owner root --group "$group" --mode 750 --state "$state"
fi
# Override previously defined environment to match debian packaging.
conf_dir='/etc/consul.d'
user='consul'
group='consul'
;;
alpine)
# consul is only available starting Alpine 3.12 (= edge during the 3.11 cycle).
# See https://pkgs.alpinelinux.org/packages?name=consul&branch=edge
__directory "$data_dir" \
--owner "$user" --group "$group" --mode 770 --state "$state"
# Override previously defined environment to match alpine packaging.
conf_dir='/etc/consul'
conf_file='server.json'
data_dir='/var/consul'
user='consul'
group='consul'
;;
*)
echo "Your operating system ($os) is currently not supported with the \
--use-distribution-package flag (${__type##*/})." >&2
echo "Please use non-package installation or contribute an \
implementation for if you can." >&2
exit 1
;;
esac
# Install consul package.
__package consul --state "$state"
# Generate json config file
(
echo "{"
export config_deployment_requires="__package/consul"
}
# parameters we define ourself
printf ' "data_dir": "%s"\n' "$data_dir"
###
# LEGACY manual deployment, kept for compatibility reasons.
cd "$__object/parameter/"
for param in *; do
case "$param" in
state|user|group|json-config) continue ;;
ca-file-source|cert-file-source|key-file-source)
source="$(cat "$__object/parameter/$param")"
destination="/etc/consul/ssl/${source##*/}"
require="__directory/etc/consul/ssl" \
__file "$destination" \
--owner root --group consul --mode 640 \
--source "$source" \
--state "$state"
key="$(echo "${param%-*}" | tr '-' '_')"
printf ' ,"%s": "%s"\n' "$key" "$destination"
;;
disable-remote-exec|disable-update-check|leave-on-terminate|rejoin-after-leave|server|enable-syslog|verify-incoming|verify-outgoing)
# handle boolean parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": true\n' "$key"
;;
retry-join)
# join multiple parameters into json array
retry_join="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join")"
# remove trailing ,
printf ' ,"retry_join": [%s]\n' "${retry_join%*,}"
;;
retry-join-wan)
# join multiple parameters into json array over wan
retry_join_wan="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join-wan")"
# remove trailing ,
printf ' ,"retry_join_wan": [%s]\n' "${retry_join_wan%*,}"
;;
bootstrap-expect)
# integer key=value parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")"
;;
*)
# string key=value parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
;;
esac
done
if [ -f "$__object/parameter/json-config" ]; then
json_config="$(cat "$__object/parameter/json-config")"
if [ "$json_config" = "-" ]; then
json_config="$__object/stdin"
fi
# remove leading and trailing whitespace and commas from first and last line
# indent each line with 3 spaces for consistency
json=$(sed -e 's/^[ \t]*/ /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config")
printf ' ,%s\n' "$json"
fi
echo "}"
) | \
require="__directory${conf_dir}" \
__config_file "${conf_dir}/${conf_file}" \
--owner root --group "$group" --mode 640 \
--state "$state" \
--onchange 'service consul status >/dev/null && service consul reload || true' \
--source -
init_sysvinit()
{
@ -134,186 +179,47 @@ init_upstart()
require="__file/etc/init/consul.conf" __start_on_boot consul
}
manual_setup () {
case "$os" in
alpine|scientific|centos|debian|devuan|redhat|ubuntu)
# whitelist safeguard
:
;;
*)
echo "Your operating system ($os) is currently not supported by this \
type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
# FIXME: there has got to be a better way to handle the dependencies in this case
case "$state" in
present)
__group "$group" --system --state "$state"
require="__group/$group" __user "$user" \
--system --gid "$group" --home "$data_dir" --state "$state"
;;
*)
echo "The $state state is not (yet?) supported by this type." >&2
exit 1
;;
esac
# Create data directory.
require="__user/consul" __directory "$data_dir" \
--owner "$user" --group "$group" --mode 770 --state "$state"
# Create config directory.
require="__user/consul" __directory "$conf_dir" \
--parents --owner root --group "$group" --mode 750 --state "$state"
# Install init script to start on boot
case "$os" in
devuan)
init_sysvinit debian
;;
centos|redhat)
os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
major_version="${os_version%%.*}"
case "$major_version" in
[456])
init_sysvinit redhat
;;
7)
init_systemd
;;
*)
echo "Unsupported CentOS/Redhat version: $os_version" >&2
exit 1
;;
esac
;;
debian)
os_version=$(cat "$__global/explorer/os_version")
major_version="${os_version%%.*}"
case "$major_version" in
[567])
init_sysvinit debian
;;
[89]|10)
init_systemd
;;
*)
echo "Unsupported Debian version $os_version" >&2
exit 1
;;
esac
;;
ubuntu)
init_upstart
;;
esac
config_deployment_requires="__user/consul __directory/$conf_dir"
}
###
# Trigger requested installation method.
if [ $use_distribution_package ]; then
distribution_setup
else
manual_setup
fi
###
# Install TLS certificates.
if [ -f "$__object/parameter/ca-file-source" ] || \
[ -f "$__object/parameter/cert-file-source" ] || \
[ -f "$__object/parameter/key-file-source" ]; then
requires="$config_deployment_requires" __directory "$tls_dir" \
--owner root --group "$group" --mode 750 --state "$state"
# Append to service restart requirements.
restart_requires="$restart_requires __directory/$conf_dir/tls"
fi
###
# Generate and deploy configuration.
json_configuration=$(
echo "{"
# parameters we define ourself
printf ' "data_dir": "%s"\n' "$data_dir"
cd "$__object/parameter/"
for param in *; do
case "$param" in
state|user|group|json-config|use-distribution-package) continue ;;
ca-file-source|cert-file-source|key-file-source)
source="$(cat "$__object/parameter/$param")"
destination="$tls_dir/${source##*/}"
require="__directory/$tls_dir" \
__file "$destination" \
--owner root --group consul --mode 640 \
--source "$source" \
--state "$state"
key="$(echo "${param%-*}" | tr '-' '_')"
printf ' ,"%s": "%s"\n' "$key" "$destination"
# Install init script to start on boot
case "$os" in
devuan)
init_sysvinit debian
;;
disable-remote-exec|disable-update-check|leave-on-terminate\
|rejoin-after-leave|server|enable-syslog|verify-incoming|verify-outgoing)
# handle boolean parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": true\n' "$key"
centos|redhat)
os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
major_version="${os_version%%.*}"
case "$major_version" in
[456])
init_sysvinit redhat
;;
7)
init_systemd
;;
*)
echo "Unsupported CentOS/Redhat version: $os_version" >&2
exit 1
;;
esac
;;
retry-join)
# join multiple parameters into json array
retry_join="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join")"
# remove trailing ,
printf ' ,"retry_join": [%s]\n' "${retry_join%*,}"
;;
retry-join-wan)
# join multiple parameters into json array over wan
retry_join_wan="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join-wan")"
# remove trailing ,
printf ' ,"retry_join_wan": [%s]\n' "${retry_join_wan%*,}"
;;
bootstrap-expect)
# integer key=value parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")"
;;
*)
# string key=value parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
;;
esac
done
if [ -f "$__object/parameter/json-config" ]; then
json_config="$(cat "$__object/parameter/json-config")"
if [ "$json_config" = "-" ]; then
json_config="$__object/stdin"
fi
# remove leading and trailing whitespace and commas from first and last line
# indent each line with 3 spaces for consistency
json=$(sed -e 's/^[ \t]*/ /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config")
printf ' ,%s\n' "$json"
fi
echo "}"
)
echo "$json_configuration" | require="$config_deployment_requires" \
__file "$conf_dir/$conf_file" \
--owner root --group "$group" --mode 640 \
--state "$state" \
--source -
# Set configuration deployment as requirement for service restart.
restart_requires="__file/$conf_dir/$conf_file"
debian)
os_version=$(cat "$__global/explorer/os_version")
major_version="${os_version%%.*}"
###
# Restart consul agent after everything else.
require="$restart_requires" __service consul --action restart
case "$major_version" in
[567])
init_sysvinit debian
;;
[89])
init_systemd
;;
*)
echo "Unsupported Debian version $os_version" >&2
exit 1
;;
esac
;;
ubuntu)
init_upstart
;;
esac

View file

@ -6,4 +6,3 @@ server
enable-syslog
verify-incoming
verify-outgoing
use-distribution-package

View file

@ -1 +0,0 @@
../../__consul_service/explorer/conf-dir

View file

@ -19,7 +19,7 @@
#
name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")"
conf_dir=$(cat "$__object/explorer/conf-dir")
conf_dir="/etc/consul/conf.d"
conf_file="check_${name}.json"
state="$(cat "$__object/parameter/state")"

View file

@ -1,15 +0,0 @@
# Determine the configuration directory used by consul.
check_dir () {
if [ -d "$1" ]; then
printf '%s' "$1"
exit
fi
}
check_dir '/etc/consul/conf.d'
check_dir '/etc/consul.d'
check_dir '/etc/consul'
echo 'Could not determine consul configuration dir. Exiting.' >&2
exit 1

View file

@ -19,7 +19,7 @@
#
name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")"
conf_dir=$(cat "$__object/explorer/conf-dir")
conf_dir="/etc/consul/conf.d"
conf_file="service_${name}.json"
state="$(cat "$__object/parameter/state")"
@ -45,7 +45,7 @@ printf ' "name": "%s"\n' "$name"
cd "$__object/parameter/"
for param in *; do
case "$param" in
state|name|check-interval|conf-dir) continue ;;
state|name|check-interval) continue ;;
check-script)
printf ' ,"check": {\n'
printf ' "script": "%s"\n' "$(cat "$__object/parameter/check-script")"
@ -86,6 +86,7 @@ echo " }"
# end json file
echo "}"
) | \
require="__directory${conf_dir}" \
__config_file "${conf_dir}/${conf_file}" \
--owner root --group consul --mode 640 \
--state "$state" \

View file

@ -1 +0,0 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}"
conf_dir=$(cat "$__object/explorer/conf-dir")
conf_dir="/etc/consul/conf.d"
conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")"

View file

@ -1 +0,0 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}"
conf_dir=$(cat "$__object/explorer/conf-dir")
conf_dir="/etc/consul/conf.d"
conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")"

View file

@ -1 +0,0 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}"
conf_dir=$(cat "$__object/explorer/conf-dir")
conf_dir="/etc/consul/conf.d"
conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")"

View file

@ -1 +0,0 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}"
conf_dir=$(cat "$__object/explorer/conf-dir")
conf_dir="/etc/consul/conf.d"
conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")"

View file

@ -1 +0,0 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}"
conf_dir=$(cat "$__object/explorer/conf-dir")
conf_dir="/etc/consul/conf.d"
conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")"

View file

@ -1 +0,0 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}"
conf_dir=$(cat "$__object/explorer/conf-dir")
conf_dir="/etc/consul/conf.d"
conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")"

View file

@ -1 +0,0 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}"
conf_dir=$(cat "$__object/explorer/conf-dir")
conf_dir="/etc/consul/conf.d"
conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")"

View file

@ -31,28 +31,24 @@ if [ -f "$__object/parameter/raw" ]; then
elif [ -f "$__object/parameter/raw_command" ]; then
entry="$command"
else
minute="$(cat "$__object/parameter/minute")"
hour="$(cat "$__object/parameter/hour")"
day_of_month="$(cat "$__object/parameter/day_of_month")"
month="$(cat "$__object/parameter/month")"
day_of_week="$(cat "$__object/parameter/day_of_week")"
minute="$(cat "$__object/parameter/minute" 2>/dev/null || echo "*")"
hour="$(cat "$__object/parameter/hour" 2>/dev/null || echo "*")"
day_of_month="$(cat "$__object/parameter/day_of_month" 2>/dev/null || echo "*")"
month="$(cat "$__object/parameter/month" 2>/dev/null || echo "*")"
day_of_week="$(cat "$__object/parameter/day_of_week" 2>/dev/null || echo "*")"
entry="$minute $hour $day_of_month $month $day_of_week $command # $name"
fi
mkdir "$__object/files"
echo "$entry" > "$__object/files/entry"
if [ -s "$__object/explorer/entry" ]; then
if diff -q "$__object/files/entry" "$__object/explorer/entry" >/dev/null; then
state_is=present
else
state_is=modified
fi
if diff -q "$__object/files/entry" "$__object/explorer/entry" >/dev/null; then
state_is=present
else
state_is=absent
fi
state_should="$(cat "$__object/parameter/state")"
state_should="$(cat "$__object/parameter/state" 2>/dev/null || echo "present")"
[ "$state_is" = "$state_should" ] && exit 0

View file

@ -21,11 +21,6 @@ command
OPTIONAL PARAMETERS
-------------------
**NOTE**: All time-related parameters (``--minute``, ``--hour``, ``--day_of_month``
``--month`` and ``--day_of_week``) defaults to ``*``, which means to execute it
**always**. If you set ``--hour 0`` to execute the cronjob only at midnight, it
will execute **every** minute in the first hour of the morning all days.
state
Either present or absent. Defaults to present.
minute

View file

@ -22,12 +22,3 @@ if [ -f "$__object/parameter/raw" ] && [ -f "$__object/parameter/raw_command" ];
echo "ERROR: both raw and raw_command specified" >&2
exit 1
fi
case "$(cat "$__object/parameter/state")" in
present) ;;
absent) ;;
*)
echo "ERROR: unkown cron state" >&2
exit 2
esac

View file

@ -1 +0,0 @@
*

View file

@ -1 +0,0 @@
present

View file

@ -1,142 +0,0 @@
#!/bin/sh -e
#
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Determine current debconf selections' state.
# Prints one of:
# present: all selections are already set as they should.
# different: one or more of the selections have a different value.
# absent: one or more of the selections are not (currently) defined.
#
test -x /usr/bin/perl || {
# cannot find perl (no perl ~ no debconf)
echo 'absent'
exit 0
}
linesfile="${__object:?}/parameter/line"
test -s "${linesfile}" || {
if test -s "${__object:?}/parameter/file"
then
echo absent
else
echo present
fi
exit 0
}
# assert __type_explorer is set (because it is used by the Perl script)
: "${__type_explorer:?}"
/usr/bin/perl -- - "${linesfile}" <<'EOF'
use strict;
use warnings "all";
use Fcntl qw(:DEFAULT :flock);
use Debconf::Db;
use Debconf::Question;
# Extract @known... arrays from debconf-set-selections
# These values are required to distinguish flags and values in the given lines.
# DC: I couldn't think of a more ugly solution to the problem…
my @knownflags;
my @knowntypes;
my $debconf_set_selections = '/usr/bin/debconf-set-selections';
if (-e $debconf_set_selections) {
my $sed_known = 's/^my \(@known\(flags\|types\) = qw([a-z ]*);\).*$/\1/p';
eval `sed -n '$sed_known' '$debconf_set_selections'`;
}
sub mungeline ($) {
my $line = shift;
chomp $line;
$line =~ s/\r$//;
return $line;
}
sub fatal { printf STDERR @_; exit 1; }
my $state = 'present';
sub state {
my $new = shift;
if ($state eq 'present'
or ($state eq 'different' and $new eq 'absent')) {
$state = $new;
}
}
# Load Debconf DB but manually lock on the state explorer script,
# because Debconf aborts immediately if executed concurrently.
# This is not really an ideal solution because the Debconf DB could be locked by
# another process (e.g. apt-get), but no way to achieve this could be found.
# If you know how to, please provide a patch.
my $lockfile = "%ENV{'__type_explorer'}/state";
if (open my $lock_fh, '+<', $lockfile) {
flock $lock_fh, LOCK_EX or die "Cannot lock $lockfile";
}
{
Debconf::Db->load(readonly => 'true');
}
while (<>) {
# Read and process lines (taken from debconf-set-selections)
$_ = mungeline($_);
while (/\\$/ && ! eof) {
s/\\$//;
$_ .= mungeline(<>);
}
next if /^\s*$/ || /^\s*\#/;
my ($owner, $label, $type, $content) = /^\s*(\S+)\s+(\S+)\s+(\S+)(?:\s(.*))?/
or fatal "invalid line: %s\n", $_;
$content = '' unless defined $content;
# Compare is and should state
my $q = Debconf::Question->get($label);
unless (defined $q) {
# probably a preseed
state 'absent';
next;
}
if (grep { $_ eq $q->type } @knownflags) {
# This line wants to set a flag, presumably.
if ($q->flag($q->type) ne $content) {
state 'different';
}
} else {
# Otherwise, it's probably a value…
if ($q->value ne $content) {
state 'different';
}
unless (grep { $_ eq $owner } (split /, /, $q->owners)) {
state 'different';
}
}
}
printf "%s\n", $state;
EOF

View file

@ -1,7 +1,6 @@
#!/bin/sh -e
#
# 2011-2014 Nico Schottelius (nico-cdist at schottelius.org)
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -18,37 +17,16 @@
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Setup selections
#
if test -f "${__object:?}/parameter/line"
then
filename="${__object:?}/parameter/line"
elif test -s "${__object:?}/parameter/file"
then
filename=$(cat "${__object:?}/parameter/file")
if test "${filename}" = '-'
then
filename="${__object:?}/stdin"
fi
else
printf 'Neither --line nor --file set.\n' >&2
exit 1
filename="$(cat "$__object/parameter/file")"
if [ "$filename" = "-" ]; then
filename="$__object/stdin"
fi
# setting no lines makes no sense
test -s "${filename}" || exit 0
state_is=$(cat "${__object:?}/explorer/state")
if test "${state_is}" != 'present'
then
cat <<-CODE
debconf-set-selections <<'EOF'
$(cat "${filename}")
EOF
CODE
awk '
{
printf "set %s %s %s %s\n", $1, $2, $3, $4
}' "${filename}" >>"${__messages_out:?}"
fi
echo "debconf-set-selections << __file-eof"
cat "$filename"
echo "__file-eof"

View file

@ -8,33 +8,15 @@ cdist-type__debconf_set_selections - Setup debconf selections
DESCRIPTION
-----------
On Debian and alike systems :strong:`debconf-set-selections`\ (1) can be used
On Debian and alike systems debconf-set-selections(1) can be used
to setup configuration parameters.
REQUIRED PARAMETERS
-------------------
cf. ``--line``.
OPTIONAL PARAMETERS
-------------------
file
Use the given filename as input for :strong:`debconf-set-selections`\ (1)
If filename is ``-``, read from stdin.
**This parameter is deprecated, because it doesn't work with state detection.**
line
A line in :strong:`debconf-set-selections`\ (1) compatible format.
This parameter can be used multiple times to set multiple options.
(This parameter is actually required, but marked optional because the
deprecated ``--file`` is still accepted.)
BOOLEAN PARAMETERS
------------------
None.
Use the given filename as input for debconf-set-selections(1)
If filename is "-", read from stdin.
EXAMPLES
@ -42,29 +24,30 @@ EXAMPLES
.. code-block:: sh
# Setup gitolite's gituser
__debconf_set_selections nslcd --line 'gitolite gitolite/gituser string git'
# Setup configuration for nslcd
__debconf_set_selections nslcd --file /path/to/file
# Setup configuration for nslcd from a file.
# NB: Multiple lines can be passed to --line, although this can be considered a hack.
__debconf_set_selections nslcd --line "$(cat "${__files:?}/preseed/nslcd.debconf")"
# Setup configuration for nslcd from another type
__debconf_set_selections nslcd --file "$__type/files/preseed/nslcd"
__debconf_set_selections nslcd --file - << eof
gitolite gitolite/gituser string git
eof
SEE ALSO
--------
- :strong:`cdist-type__update_alternatives`\ (7)
- :strong:`debconf-set-selections`\ (1)
:strong:`debconf-set-selections`\ (1), :strong:`cdist-type__update_alternatives`\ (7)
AUTHORS
-------
| Nico Schottelius <nico-cdist--@--schottelius.org>
| Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
Nico Schottelius <nico-cdist--@--schottelius.org>
COPYING
-------
Copyright \(C) 2011-2014 Nico Schottelius, 2021 Dennis Camera.
You can redistribute it and/or modify it under the terms of the GNU General
Public License as published by the Free Software Foundation, either version 3 of
the License, or (at your option) any later version.
Copyright \(C) 2011-2014 Nico Schottelius. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1,21 +0,0 @@
#!/bin/sh -e
#
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
__package_apt debconf

View file

@ -1 +0,0 @@
'file' has been deprecated in favour of 'line' in order to provide idempotency.

View file

@ -1,7 +1,6 @@
#!/bin/sh
#
# 2013 Steven Armstrong (steven-cdist armstrong.cc)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -21,51 +20,59 @@
destination="/$__object_id"
fallback() {
# Patch the output together, manually
ls_line=$(ls -ldn "$destination")
uid=$(echo "$ls_line" | awk '{ print $3 }')
gid=$(echo "$ls_line" | awk '{ print $4 }')
owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd)
group=$(awk -F: -v gid="$gid" '$3 == gid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group)
mode_text=$(echo "$ls_line" | awk '{ print $1 }')
mode=$(echo "$mode_text" | awk '{for(i=8;i>=0;--i){c=substr($1,10-i,1);k+=((c~/[rwxst]/)*2^i);if(!(i%3))k+=(tolower(c)~/[lst]/)*2^(9+i/3)}printf("%04o",k)}')
printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\n' \
"$("$__type_explorer/type")" \
"$uid" "$owner" \
"$gid" "$group" \
"$mode" "$mode_text"
}
# nothing to work with, nothing we could do
[ -e "$destination" ] || exit 0
command -v stat >/dev/null 2>&1 || {
fallback
exit
}
case $("$__explorer/os")
in
freebsd|netbsd|openbsd|macosx)
stat -f 'type: %HT
os=$("$__explorer/os")
case "$os" in
"freebsd"|"netbsd"|"openbsd"|"macosx")
stat -f "type: %HT
owner: %Du %Su
group: %Dg %Sg
mode: %Mp%03Lp %Sp
' "$destination" | awk '/^type/ { print tolower($0); next } { print }'
mode: %Lp %Sp
" "$destination" | awk '/^type/ { print tolower($0); next; } { print; }'
;;
*)
# NOTE: Do not use --printf here as it is not supported by BusyBox stat.
# NOTE: BusyBox's stat might not support the "-c" option, in which case
# we fall through to the shell fallback.
stat -c 'type: %F
alpine)
stat -c "type: %F
owner: %u %U
group: %g %G
mode: %04a %A' "$destination" 2>/dev/null || fallback
mode: %a %A
" "$destination"
;;
solaris)
ls1="$( ls -ld "$destination" )"
ls2="$( ls -ldn "$destination" )"
if [ -f "$__object/parameter/mode" ]
then mode_should="$( cat "$__object/parameter/mode" )"
fi
# yes, it is ugly hack, but if you know better way...
if [ -z "$( find "$destination" -perm "$mode_should" )" ]
then octets=888
else octets="$( echo "$mode_should" | sed 's/^0//' )"
fi
case "$( echo "$ls1" | cut -c1-1 )" in
-) echo 'type: regular file' ;;
d) echo 'type: directory' ;;
esac
echo "owner: $( echo "$ls2" \
| awk '{print $3}' ) $( echo "$ls1" \
| awk '{print $3}' )"
echo "group: $( echo "$ls2" \
| awk '{print $4}' ) $( echo "$ls1" \
| awk '{print $4}' )"
echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )"
;;
*)
stat --printf="type: %F
owner: %u %U
group: %g %G
mode: %a %A
" "$destination"
;;
esac

View file

@ -3,7 +3,6 @@
# 2011-2013 Nico Schottelius (nico-cdist at schottelius.org)
# 2013 Steven Armstrong (steven-cdist armstrong.cc)
# 2014 Daniel Heule (hda at sfs.biz)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -22,8 +21,8 @@
#
destination="/$__object_id"
state_should=$(cat "$__object/parameter/state")
type=$(cat "$__object/explorer/type")
state_should="$(cat "$__object/parameter/state")"
type="$(cat "$__object/explorer/type")"
stat_file="$__object/explorer/stat"
# variable to keep track if we have to set directory attributes
@ -73,7 +72,7 @@ set_mode() {
}
case "$state_should" in
present|exists)
present)
if [ "$type" != "directory" ]; then
set_attributes=1
if [ "$type" != "none" ]; then
@ -84,10 +83,6 @@ case "$state_should" in
fi
echo "mkdir $mkdiropt '$destination'"
echo "create" >> "$__messages_out"
elif [ "$state_should" = 'exists' ]; then
# The type is directory and --state exists. We are done and do not
# check or set the attributes.
exit 0
fi
# Note: Mode - needs to happen last as a chown/chgrp can alter mode by
@ -97,11 +92,9 @@ case "$state_should" in
value_should="$(cat "$__object/parameter/$attribute")"
value_is="$(get_current_value "$attribute" "$value_should")"
# format mode in four digits => same as stat returns
# change 0xxx format to xxx format => same as stat returns
if [ "$attribute" = mode ]; then
# Convert to four-digit octal number (printf interprets
# strings with leading 0s as octal!)
value_should=$(printf '%04o' "0${value_should}")
value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')"
fi
if [ "$set_attributes" = 1 ] || [ "$value_should" != "$value_is" ]; then
@ -110,26 +103,6 @@ case "$state_should" in
fi
done
;;
pre-exists)
case $type in
directory)
# all good
exit 0
;;
none)
printf 'Directory "%s" does not exist\n' "$destination" >&2
exit 1
;;
file|symlink)
printf 'File "%s" exists and is a %s, but should be a directory\n' "$destination" "$type" >&2
exit 1
;;
*)
printf 'File or directory "%s" is in an unknown state\n' "$destination" >&2
exit 1
;;
esac
;;
absent)
if [ "$type" = "directory" ]; then
echo "rm -rf '$destination'"

View file

@ -19,18 +19,7 @@ None.
OPTIONAL PARAMETERS
-------------------
state
'present', 'absent', 'exists' or 'pre-exists', defaults to 'present' where:
present
the directory exists and the given attributes are set.
absent
the directory does not exist.
exists
the directory exists, but its attributes are not altered if it already
existed.
pre-exists
check that the directory exists and is indeed a directory, but do not
create or modify it.
'present' or 'absent', defaults to 'present'
group
Group to chgrp to.
@ -47,7 +36,7 @@ BOOLEAN PARAMETERS
parents
Whether to create parents as well (mkdir -p behaviour).
Warning: all intermediate directory permissions default
to whatever mkdir -p does.
to whatever mkdir -p does.
Usually this means root:root, 0700.

View file

@ -25,9 +25,6 @@ user
OPTIONAL PARAMETERS
-------------------
dirmode
forwarded to :strong:`__directory` type as mode
mode
forwarded to :strong:`__file` type

View file

@ -19,7 +19,6 @@ set -eu
user="$(cat "${__object}/parameter/user")"
home="$(cat "${__object}/explorer/home")"
primary_group="$(cat "${__object}/explorer/primary_group")"
dirmode="$(cat "${__object}/parameter/dirmode")"
# Create parent directory. Type __directory has flag 'parents', but it
# will leave us with root-owned directory in user home, which is not
@ -37,7 +36,6 @@ export CDIST_ORDER_DEPENDENCY
for dir ; do
__directory "${home}/${dir}" \
--group "${primary_group}" \
--mode "${dirmode}" \
--owner "${user}"
done

Some files were not shown because too many files have changed in this diff Show more