debug

2019-12-02 12:31:46 +01:00 · 2019-12-02 11:33:53 +01:00 · 2019-12-02 09:35:18 +01:00 · 2019-12-02 09:33:41 +01:00 · 2019-12-02 09:31:20 +01:00 · 2019-12-02 09:25:48 +01:00
186 changed files with 772 additions and 4253 deletions
--- a/.gitignore
+++ b/.gitignore
@ -24,8 +24,6 @@ docs/src/man1/*.1
 docs/src/man7/*.7
 docs/src/man7/cdist-type__*.rst
 docs/src/cdist-reference.rst
 docs/src/cdist-types.rst
 docs/src/cdist.cfg.skeleton
 # Ignore cdist cache for version control
 /cache/
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,8 +1,6 @@
 stages:
    - test
 image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest
 unit_tests:
    stage: test
    script:
--- a/16
+++ b/16
@ -63,18 +63,6 @@ DOCSREFSH=$(DOCS_SRC_DIR)/cdist-reference.rst.sh
 $(DOCSREF): $(DOCSREFSH)
 	$(DOCSREFSH)
 # Html types list with references
 DOCSTYPESREF=$(MAN7DSTDIR)/cdist-types.rst
 DOCSTYPESREFSH=$(DOCS_SRC_DIR)/cdist-types.rst.sh
 $(DOCSTYPESREF): $(DOCSTYPESREFSH)
 	$(DOCSTYPESREFSH)
 DOCSCFGSKEL=./configuration/cdist.cfg.skeleton
 configskel: $(DOCSCFGSKEL)
 	cp -f "$(DOCSCFGSKEL)" "$(DOCS_SRC_DIR)/"
 version:
 	@[ -f "cdist/version.py" ] || { \
 		printf "Missing 'cdist/version.py', please generate it first.\n" && exit 1; \
@ -84,7 +72,7 @@ version:
 man: version $(MANTYPES) $(DOCSREF)
 	$(SPHINXM)
-html: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF)
+html: version $(MANTYPES) $(DOCSREF)
 	$(SPHINXH)
 docs: man html
@ -126,8 +114,6 @@ speeches: $(SPEECHES)
 #
 clean: docs-clean
 	rm -f $(DOCS_SRC_DIR)/cdist-reference.rst
 	rm -f $(DOCS_SRC_DIR)/cdist-types.rst
 	rm -f $(DOCS_SRC_DIR)/cdist.cfg.skeleton
 	find "$(DOCS_SRC_DIR)" -mindepth 2 -type l \
 	| xargs rm -f
--- a/bin/build-helper
+++ b/bin/build-helper
@ -74,7 +74,6 @@ SHELLCHECKCMD="shellcheck -s sh -f gcc -x"
 # Skip SC2154 for variables starting with __ since such variables are cdist
 # environment variables.
 SHELLCHECK_SKIP=': __.*is referenced but not assigned.*\[SC2154\]'
 SHELLCHECKTMP=".shellcheck.tmp"
 # Change to checkout directory
 basedir="${0%/*}/../"
@ -370,7 +369,7 @@ eof
        cat << eof
 Manual steps post release:
    - cdist-web
-    - send generated mailinglist.tmp mail
+    - send mail body generated in mailinglist.tmp and inform Dmitry for deb
    - twitter
 eof
    ;;
@ -432,67 +431,53 @@ eof
    ;;
    shellcheck-global-explorers)
-        # shellcheck disable=SC2086
+        find cdist/conf/explorer -type f -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
        find cdist/conf/explorer -type f -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}"
        test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
    ;;
    shellcheck-type-explorers)
-        # shellcheck disable=SC2086
+        find cdist/conf/type -type f -path "*/explorer/*" -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
        find cdist/conf/type -type f -path "*/explorer/*" -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}"
        test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
    ;;
    shellcheck-manifests)
-        # shellcheck disable=SC2086
+        find cdist/conf/type -type f -name manifest -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
        find cdist/conf/type -type f -name manifest -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}"
        test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
    ;;
    shellcheck-local-gencodes)
-        # shellcheck disable=SC2086
+        find cdist/conf/type -type f -name gencode-local -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
        find cdist/conf/type -type f -name gencode-local -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}"
        test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
    ;;
    shellcheck-remote-gencodes)
-        # shellcheck disable=SC2086
+        find cdist/conf/type -type f -name gencode-remote -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
        find cdist/conf/type -type f -name gencode-remote -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}"
        test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
    ;;
    shellcheck-scripts)
-        # shellcheck disable=SC2086
+        ${SHELLCHECKCMD} scripts/cdist-dump scripts/cdist-new-type || exit 0
        ${SHELLCHECKCMD} scripts/cdist-dump scripts/cdist-new-type > "${SHELLCHECKTMP}"
        test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
    ;;
    shellcheck-gencodes)
-        "$0" shellcheck-local-gencodes || exit 1
+        "$0" shellcheck-local-gencodes
-        "$0" shellcheck-remote-gencodes || exit 1
+        "$0" shellcheck-remote-gencodes
    ;;
    shellcheck-types)
-        "$0" shellcheck-type-explorers || exit 1
+        "$0" shellcheck-type-explorers
-        "$0" shellcheck-manifests || exit 1
+        "$0" shellcheck-manifests
-        "$0" shellcheck-gencodes || exit 1
+        "$0" shellcheck-gencodes
    ;;
    shellcheck)
-        "$0" shellcheck-global-explorers || exit 1
+        "$0" shellcheck-global-explorers
-        "$0" shellcheck-types || exit 1
+        "$0" shellcheck-types
-        "$0" shellcheck-scripts || exit 1
+        "$0" shellcheck-scripts
    ;;
    shellcheck-type-files)
-        # shellcheck disable=SC2086
+        find cdist/conf/type -type f -path "*/files/*" -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
        find cdist/conf/type -type f -path "*/files/*" -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}"
        test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
    ;;
    shellcheck-with-files)
-        "$0" shellcheck || exit 1
+        "$0" shellcheck
-        "$0" shellcheck-type-files || exit 1
+        "$0" shellcheck-type-files
    ;;
    shellcheck-build-helper)
@ -550,7 +535,6 @@ eof
        # Temp files
        rm -f ./*.tmp
        rm -f ./.*.tmp
    ;;
    distclean)
--- a/cdist/argparse.py
+++ b/cdist/argparse.py
@ -6,7 +6,6 @@ import collections
 import functools
 import cdist.configuration
 import cdist.preos
 import cdist.info
 # set of beta sub-commands
@ -104,7 +103,7 @@ def get_parsers():
                                   name="log level"),
            help=('Set the specified verbosity level. '
                  'The levels, in order from the lowest to the highest, are: '
-                  'ERROR (-1), WARNING (0), INFO (1), VERBOSE (2), DEBUG (3), '
+                  'ERROR (-1), WARNING (0), INFO (1), VERBOSE (2), DEBUG (3) '
                  'TRACE (4 or higher). If used along with -v then -v '
                  'increases last set value and -l overwrites last set '
                  'value.'),
@ -425,7 +424,7 @@ def get_parsers():
    parser['inventory'].set_defaults(
            func=cdist.inventory.Inventory.commandline)
-    # PreOS
+    # PreOs
    parser['preos'] = parser['sub'].add_parser('preos', add_help=False)
    # Shell
@ -437,37 +436,6 @@ def get_parsers():
                  ' should be POSIX compatible shell.'))
    parser['shell'].set_defaults(func=cdist.shell.Shell.commandline)
    # Info
    parser['info'] = parser['sub'].add_parser('info')
    parser['info'].add_argument(
            '-a', '--all', help='Display all info. This is the default.',
            action='store_true', default=False)
    parser['info'].add_argument(
            '-c', '--conf-dir',
            help='Add configuration directory (can be repeated).',
            action='append')
    parser['info'].add_argument(
            '-e', '--global-explorers',
            help='Display info for global explorers.', action='store_true',
            default=False)
    parser['info'].add_argument(
            '-F', '--fixed-string',
            help='Interpret pattern as a fixed string.', action='store_true',
            default=False)
    parser['info'].add_argument(
            '-f', '--full', help='Display full details.',
            action='store_true', default=False)
    parser['info'].add_argument(
           '-g', '--config-file',
           help='Use specified custom configuration file.',
           dest="config_file", required=False)
    parser['info'].add_argument(
            '-t', '--types', help='Display info for types.',
            action='store_true', default=False)
    parser['info'].add_argument(
            'pattern', nargs='?', help='Glob pattern.')
    parser['info'].set_defaults(func=cdist.info.Info.commandline)
    for p in parser:
        parser[p].epilog = EPILOG
--- a/cdist/conf/explorer/disks
+++ b/cdist/conf/explorer/disks
@ -1,67 +1,27 @@
-#!/bin/sh -e
+#!/bin/sh
 #
 # based on previous work by other people, modified by:
 # 2020 Dennis Camera <dennis.camera at ssrq-sds-fds.ch>
 #
 # This file is part of cdist.
 #
 # cdist is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # cdist is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 # Finds disks of the system (excl. ram disks, floppy, cdrom)
 uname_s="$(uname -s)"
-case $uname_s in
+case "${uname_s}" in
    FreeBSD)
        sysctl -n kern.disks
    ;;
-    OpenBSD)
+    OpenBSD|NetBSD)
-        sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+'
+        sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+' | xargs
    ;;
    NetBSD)
        PATH="${PATH}:/usr/local/sbin:/usr/sbin:/sbin"
        sysctl -n hw.disknames \
        | awk 'BEGIN { RS = " " } /^[lsw]d[0-9]+/'
    ;;
    Linux)
-        # list of major device numbers toexclude:
+        if command -v lsblk > /dev/null
        #  ram disks, floppies, cdroms
        # https://www.kernel.org/doc/Documentation/admin-guide/devices.txt
        ign_majors='1 2 11'
        if command -v lsblk >/dev/null 2>&1
        then
-            lsblk -e "$(echo "$ign_majors" | tr ' ' ',')" -dno name
+            # exclude ram disks, floppies and cdroms
-        elif test -d /sys/block/
+            # https://www.kernel.org/doc/Documentation/admin-guide/devices.txt
-        then
+            lsblk -e 1,2,11 -dno name | xargs
            # shellcheck disable=SC2012
            ls -1 /sys/block/ \
            | awk -v ign_majors="$(echo "$ign_majors" | tr ' ' '|')" '
                {
                  devfile = "/sys/block/" $0 "/dev"
                  getline devno < devfile
                  close(devfile)
                  if (devno !~ "^(" ign_majors "):") print
                }'
        else
-            echo "Don't know how to list disks on Linux without lsblk and sysfs." >&2
+            printf "Don't know how to list disks for %s operating system without lsblk, if you can please submit a patch\n" "${uname_s}" >&2
            echo 'If you can, please submit a patch.'>&2
        fi
    ;;
    *)
-        printf "Don't know how to list disks for %s operating system.\n" "${uname_s}" >&2
+        printf "Don't know how to list disks for %s operating system, if you can please submit a patch\n" "${uname_s}" >&2
        printf 'If you can please submit a patch\n' >&2
    ;;
-esac \
+esac
-| xargs
+
 exit 0
--- a/cdist/conf/explorer/init
+++ b/cdist/conf/explorer/init
@ -1,8 +1,7 @@
-#!/bin/sh -e
+#!/bin/sh
 #
 # 2016 Daniel Heule (hda at sfs.biz)
 # Copyright 2017, Philippe Gregoire <pg@pgregoire.xyz>
 # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -20,423 +19,21 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 #
-# Returns the name of the init system (PID 1)
+# Returns the process name of pid 1 ( normaly the init system )
-
+# for example at linux this value is "init" or "systemd" in most cases
 # Expected values:
 # Linux:
 #  Adélie Linux:
 #    sysvinit+openrc
 #  Alpine Linux:
 #    busybox-init+openrc
 #  ArchLinux:
 #    systemd, sysvinit
 #  CRUX:
 #    sysvinit
 #  Debian:
 #    systemd, upstart, sysvinit, openrc, ???
 #  Devuan:
 #    sysvinit, sysvinit+openrc
 #  Gentoo:
 #    sysvinit+openrc, openrc-init, systemd
 #  OpenBMC:
 #    systemd
 #  OpenWrt:
 #    procd, init???
 #  RedHat (RHEL, CentOS, Fedora, RedHat Linux, ...):
 #    systemd, upstart, upstart-legacy, sysvinit
 #  Slackware:
 #    sysvinit
 #  SuSE:
 #    systemd, sysvinit
 #  Ubuntu:
 #    systemd, upstart, upstart-legacy, sysvinit
 #  VoidLinux:
 #    runit
 #
 # GNU:
 #   Debian:
 #     sysvinit, hurd-init
 #
 # BSD:
 #  {Free,Open,Net}BSD:
 #    init
 #
 # Mac OS X:
 #   launchd, init+SystemStarter
 #
 # Solaris/Illumos:
 #   smf, init???
-# NOTE: init systems can be stacked. This is popular to run OpenRC on top of
+uname_s="$(uname -s)"
 # sysvinit (Gentoo) or busybox-init (Alpine), but can also be used to run runit
 # as a systemd service.  This makes init system detection very complicated
 # (which result is expected?)  This script tries to untangle some combinations,
 # OpenRC on top of sysv or busybox (X+openrc), but will ignore others (runit as
 # a systemd service)
-# NOTE: When we have no idea, nothing will be printed!
+case "$uname_s" in
-
+    Linux)
-# NOTE:
+        (pgrep -P0 -l | awk '/^1[ \t]/ {print $2;}') || true
-# When trying to gather information about the init system make sure to do so
+    ;;
-# without calling the binary!   On some systems this triggers a reinitialisation
+    FreeBSD|OpenBSD)
-# of the system which we don't want (e.g. embedded systems).
+        ps -o comm= -p 1 || true
-
+    ;;
-
+    *)
-set -e
+        # return a empty string as unknown value
-
+        echo ""
-KERNEL_NAME=$(uname -s)
+    ;;
-
+esac
 KNOWN_INIT_SYSTEMS=$(cat <<EOF
 systemd
 sysvinit
 upstart
 runit
 procd
 smf
 launchd
 init
 hurd_init
 systemstarter
 EOF
 )
 common_candidates_by_kernel() {
 	case $KERNEL_NAME
 	in
 		FreeBSD|NetBSD|OpenBSD)
 			echo init
 			;;
 		Linux)
 			echo systemd
 			echo sysvinit
 			echo upstart
 			;;
 		GNU)
 			echo sysvinit
 			echo hurd-init
 			;;
 		Darwin)
 			echo launchd
 			echo systemstarter
 			;;
 		SunOS)
 			echo smf
 			;;
 	esac
 }
 ## Helpers
 trim() {
 	sed -e 's/^[[:blank:]]*//' -e 's/[[:blank:]]*$//' -e '/^[[:blank:]]*$/d'
 }
 unique() {
 	# Delete duplicate lines (keeping input order)
 	# NOTE: Solaris AWK breaks without if/print construct.
 	awk '{ if (!x[$0]++) print }'
 }
 ## Check functions
 # These functions are used to verify if a guess is correct by checking some
 # common property of a running system (presence of a directory in /run etc.)
 check_busybox_init() (
 	busybox_path=${1:-/bin/busybox}
 	test -x "${busybox_path}" || return 1
 	grep -q 'BusyBox v[0-9]' "${busybox_path}" || return 1
 	# It is quite common to use Busybox init to stack other init systemd
 	# (like OpenRC) on top of it. So we check for that, too.
 	if stacked=$(check_openrc)
 	then
 		echo "busybox-init+${stacked}"
 	else
 		echo busybox-init
 	fi
 )
 check_hurd_init() (
 	init_exe=${1:-/hurd/init}
 	test -x "${init_exe}" || return 1
 	grep -q 'GNU Hurd' "${init_exe}" || return 1
 	echo hurd-init
 )
 check_init() {
 	# Checks for various BSD inits...
 	test -x /sbin/init || return 1
 	if grep -q -E '(Free|Net|Open)BSD' /sbin/init
 	then
 		echo init
 		return 0
 	fi
 }
 check_launchd() {
 	command -v launchctl >/dev/null 2>&1 || return 1
 	launchctl getenv PATH >/dev/null || return 1
 	echo launchd
 }
 check_openrc() {
 	test -f /run/openrc/softlevel || return 1
 	echo openrc
 }
 check_procd() (
 	procd_path=${1:-/sbin/procd}
 	test -x "${procd_path}" || return 1
 	grep -q 'procd' "${procd_path}" || return 1
 	echo procd
 )
 check_runit() {
 	test -d /run/runit || return 1
 	echo runit
 }
 check_smf() {
 	# XXX: Is this the correct way??
 	test -f /etc/svc/volatile/svc_nonpersist.db || return 1
 	echo smf
 }
 check_systemd() {
 	# NOTE: sd_booted(3)
 	test -d /run/systemd/system/ || return 1
 	# systemctl --version | sed -e '/^systemd/!d;s/^systemd //'
 	echo systemd
 }
 check_systemstarter() {
 	test -d /System/Library/StartupItems/ || return 1
 	test -f /System/Library/StartupItems/LoginWindow/StartupParameters.plist || return 1
 	echo init+SystemStarter
 }
 check_sysvinit() (
 	init_path=${1:-/sbin/init}
 	test -x "${init_path}" || return 1
 	grep -q 'INIT_VERSION=sysvinit-[0-9.]*' "${init_path}" || return 1
 	# It is quite common to use SysVinit to stack other init systemd
 	# (like OpenRC) on top of it. So we check for that, too.
 	if stacked=$(check_openrc)
 	then
 		echo "sysvinit+${stacked}"
 	else
 		echo sysvinit
 	fi
 	unset stacked
 )
 check_upstart() {
 	test -x "$(command -v initctl)" || return 1
 	case $(initctl version)
 	in
 		*'(upstart '*')')
 			if test -d /etc/init
 			then
 				# modern (DBus-based?) upstart >= 0.5
 				echo upstart
 			elif test -d /etc/event.d
 			then
 				# ancient upstart
 				echo upstart-legacy
 			else
 				# whatever...
 				echo upstart
 			fi
 			;;
 		*)
 			return 1
 			;;
 	esac
 }
 find_init_procfs() (
 	# First, check if the required file in procfs exists...
 	test -h /proc/1/exe || return 1
 	# Find init executable
 	init_exe=$(ls -l /proc/1/exe 2>/dev/null) || return 1
 	init_exe=${init_exe#* -> }
 	if ! test -x "$init_exe"
 	then
 		# On some rare occasions it can happen that the
 		# running init's binary has been replaced. In this
 		# case Linux adjusts the symlink to "X (deleted)"
 		# [root@fedora-12 ~]# readlink /proc/1/exe
 		# /sbin/init (deleted)
 		# [root@fedora-12 ~]# ls -l /proc/1/exe
 		# lrwxrwxrwx. 1 root root 0 2020-01-30 23:00 /proc/1/exe -> /sbin/init (deleted)
 		init_exe=${init_exe% (deleted)}
 		test -x "$init_exe" || return 1
 	fi
 	echo "${init_exe}"
 )
 guess_by_path() {
 	case $1
 	in
 		/bin/busybox)
 			check_busybox_init "$1" && return
 			;;
 		/lib/systemd/systemd)
 			check_systemd "$1" && return
 			;;
 		/hurd/init)
 			check_hurd_init "$1" && return
 			;;
 		/sbin/launchd)
 			check_launchd "$1" && return
 			;;
 		/usr/bin/runit|/sbin/runit)
 			check_runit "$1" && return
 			;;
 		/sbin/openrc-init)
 			if check_openrc "$1" >/dev/null
 			then
 				echo openrc-init
 				return
 			fi
 			;;
 		/sbin/procd)
 			check_procd "$1" && return
 			;;
 		/sbin/init|*/init)
 			# init: it could be anything -> (explicit) no match
 			return 1
 			;;
 	esac
 	# No match
 	return 1
 }
 guess_by_comm_name() {
 	case $1
 	in
 		busybox)
 			check_busybox_init && return
 			;;
 		openrc-init)
 			if check_openrc >/dev/null
 			then
 				echo openrc-init
 				return 0
 			fi
 			;;
 		init)
 			# init could be anything -> no match
 			return 1
 			;;
 		*)
 			# Run check function by comm name if available.
 			# Fall back to comm name if either it does not exist or
 			# returns non-zero.
 			if type "check_$1" >/dev/null
 			then
 				"check_$1" && return
 			else
 				echo "$1" ; return 0
 			fi
 	esac
 	return 1
 }
 check_list() (
 	# List must be a multi-line input on stdin (one name per line)
 	while read -r init
 	do
 		"check_${init}" || continue
 		return 0
 	done
 	return 1
 )
 # BusyBox's versions of ps and pgrep do not support some options
 # depending on which compile-time options have been used.
 find_init_pgrep() {
 	pgrep -P0 -fl 2>/dev/null | awk -F '[[:blank:]]' '$1 == 1 { print $2 }'
 }
 find_init_ps() {
 	case $KERNEL_NAME
 	in
 		Darwin)
 			ps -o command -p 1 2>/dev/null | tail -n +2
 			;;
 		FreeBSD)
 			ps -o args= -p 1 2>/dev/null | cut -d ' ' -f 1
 			;;
 		Linux)
 			ps -o comm= -p 1 2>/dev/null
 			;;
 		NetBSD)
 			ps -o comm= -p 1 2>/dev/null
 			;;
 		OpenBSD)
 			ps -o args -p 1 2>/dev/null | tail -n +2 | cut -d ' ' -f 1
 			;;
 		*)
 			ps -o args= -p 1 2>/dev/null
 			;;
 	esac | trim  # trim trailing whitespace (some ps like Darwin add it)
 }
 find_init() {
 	case $KERNEL_NAME
 	in
 		Linux|GNU|NetBSD)
 			find_init_procfs || find_init_pgrep || find_init_ps
 			;;
 		FreeBSD)
 			find_init_procfs || find_init_ps
 			;;
 		OpenBSD)
 			find_init_pgrep || find_init_ps
 			;;
 		Darwin|SunOS)
 			find_init_ps
 			;;
 		*)
 			echo "Don't know how to determine init." >&2
 			echo 'Please send a patch.' >&2
 			exit 1
 	esac
 }
 # -----
 init=$(find_init)
 # If we got a path, guess by the path first (fall back to file name if no match)
 # else guess by file name directly.
 # shellcheck disable=SC2015
 {
 	test -x "${init}" \
 		&& guess_by_path "${init}" \
 		|| guess_by_comm_name "$(basename "${init}")"
 } && exit 0 || true
 # Guessing based on the file path and name didn’t lead to a definitive result.
 #
 # We go through all of the checks until we find a match. To speed up the
 # process, common cases will be checked first based on the underlying kernel.
 { common_candidates_by_kernel; echo "${KNOWN_INIT_SYSTEMS}"; } \
 	| unique | check_list
--- a/cdist/conf/explorer/os_release
+++ b/cdist/conf/explorer/os_release
@ -1,7 +1,6 @@
 #!/bin/sh
 #
 # 2018 Adam Dej (dejko.a at gmail.com)
 # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -22,17 +21,6 @@
 # See os-release(5) and http://0pointer.de/blog/projects/os-release
-if test -f /etc/os-release
+set +e
 then
 	# Linux and FreeBSD (usually a symlink)
 	cat /etc/os-release
 elif test -f /usr/lib/os-release
 then
 	# systemd
 	cat /usr/lib/os-release
 elif test -f /var/run/os-release
 then
 	# FreeBSD (created by os-release service)
 	cat /var/run/os-release
 fi
 cat /etc/os-release || cat /usr/lib/os-release || true
--- a/cdist/conf/explorer/os_version
+++ b/cdist/conf/explorer/os_version
@ -70,7 +70,4 @@ case "$("$__explorer/os")" in
   ubuntu)
      lsb_release -sr
   ;;
-   alpine)
+esac
       cat /etc/alpine-release
   ;;
 esac
--- a/cdist/conf/type/__acl/gencode-remote
+++ b/cdist/conf/type/__acl/gencode-remote
@ -20,13 +20,7 @@
 file_is="$( cat "$__object/explorer/file_is" )"
-if [ "$file_is" = 'missing' ] \
+[ "$file_is" = 'missing' ] && [ -z "$__cdist_dry_run" ] && exit 0
    && [ -z "$__cdist_dry_run" ] \
    && \( [ ! -f "$__object/parameter/file" ] \
        || [ ! -f "$__object/parameter/directory" ] \)
 then
    exit 0
 fi
 os="$( cat "$__global/explorer/os" )"
@ -34,20 +28,7 @@ acl_path="/$__object_id"
 acl_is="$( cat "$__object/explorer/acl_is" )"
-if [ -f "$__object/parameter/source" ]
+if [ -f "$__object/parameter/acl" ]
 then
    acl_source="$( cat "$__object/parameter/source" )"
    if [ "$acl_source" = '-' ]
    then
        acl_should="$( cat "$__object/stdin" )"
    else
        acl_should="$( grep -Ev '^#|^$' "$acl_source" )"
    fi
 elif [ -f "$__object/parameter/entry" ]
 then
    acl_should="$( cat "$__object/parameter/entry" )"
 elif [ -f "$__object/parameter/acl" ]
 then
    acl_should="$( cat "$__object/parameter/acl" )"
 elif
--- a/cdist/conf/type/__acl/man.rst
+++ b/cdist/conf/type/__acl/man.rst
@ -15,24 +15,10 @@ See ``setfacl`` and ``acl`` manpages for more details.
 REQUIRED MULTIPLE PARAMETERS
 ----------------------------
-entry
+acl
   Set ACL entry following ``getfacl`` output syntax.
 OPTIONAL PARAMETERS
 -------------------
 source
   Read ACL entries from stdin or file.
   Ordering of entries is not important.
   When reading from file, comments and empty lines are ignored.
 file
   Create/change file with ``__file`` using ``user:group:mode`` pattern.
 directory
   Create/change directory with ``__directory`` using ``user:group:mode`` pattern.
 BOOLEAN PARAMETERS
 ------------------
 default
@ -50,8 +36,8 @@ remove
 DEPRECATED PARAMETERS
 ---------------------
-Parameters ``acl``, ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
+Parameters ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
-will be removed in future versions. Please use ``entry`` parameter instead.
+will be removed in future versions. Please use ``acl`` parameter instead.
 EXAMPLES
@ -63,38 +49,27 @@ EXAMPLES
        --default \
        --recursive \
        --remove \
-        --entry user:alice:rwx \
+        --acl user:alice:rwx \
-        --entry user:bob:r-x \
+        --acl user:bob:r-x \
-        --entry group:project-group:rwx \
+        --acl group:project-group:rwx \
-        --entry group:some-other-group:r-x \
+        --acl group:some-other-group:r-x \
-        --entry mask::r-x \
+        --acl mask::r-x \
-        --entry other::r-x
+        --acl other::r-x
    # give Alice read-only access to subdir,
    # but don't allow her to see parent content.
    __acl /srv/project2 \
        --remove \
-        --entry default:group:secret-project:rwx \
+        --acl default:group:secret-project:rwx \
-        --entry group:secret-project:rwx \
+        --acl group:secret-project:rwx \
-        --entry user:alice:--x
+        --acl user:alice:--x
    __acl /srv/project2/subdir \
        --default \
        --remove \
-        --entry group:secret-project:rwx \
+        --acl group:secret-project:rwx \
-        --entry user:alice:r-x
+        --acl user:alice:r-x
    # read acl from stdin
    echo 'user:alice:rwx' \
        | __acl /path/to/directory --source -
    # create/change directory too
    __acl /path/to/directory \
        --default \
        --remove \
        --directory root:root:770 \
        --entry user:nobody:rwx
 AUTHORS
--- a/cdist/conf/type/__acl/manifest
+++ b/cdist/conf/type/__acl/manifest
@ -1,11 +0,0 @@
 #!/bin/sh -e
 for p in file directory
 do
    [ ! -f "$__object/parameter/$p" ] && continue
    "__$p" "/$__object_id" \
        --owner "$( awk -F: '{print $1}' "$__object/parameter/$p" )" \
        --group "$( awk -F: '{print $2}' "$__object/parameter/$p" )" \
        --mode  "$( awk -F: '{print $3}' "$__object/parameter/$p" )"
 done
--- a/cdist/conf/type/__acl/parameter/deprecated/acl
+++ b/cdist/conf/type/__acl/parameter/deprecated/acl
@ -1 +0,0 @@
 see manual for details
--- a/cdist/conf/type/__acl/parameter/optional
+++ b/cdist/conf/type/__acl/parameter/optional
@ -1,5 +1,2 @@
 mask
 other
 source
 file
 directory
--- a/cdist/conf/type/__acl/parameter/optional_multiple
+++ b/cdist/conf/type/__acl/parameter/optional_multiple
@ -1,4 +1,3 @@
 entry
 acl
 user
 group
--- a/cdist/conf/type/__apt_unattended_upgrades/man.rst
+++ b/cdist/conf/type/__apt_unattended_upgrades/man.rst
@ -1,68 +0,0 @@
 cdist-type__apt_unattended_upgrades(7)
 ======================================
 NAME
 ----
 cdist-type__apt_unattended_upgrades - automatic installation of updates
 DESCRIPTION
 -----------
 Install and configure unattended-upgrades package.
 For more information see https://wiki.debian.org/UnattendedUpgrades.
 OPTIONAL MULTIPLE PARAMETERS
 ----------------------------
 option
   Set options for unattended-upgrades. See examples.
   Supported options with default values (as of 2020-01-17) are:
   - AutoFixInterruptedDpkg, default is "true"
   - MinimalSteps, default is "true"
   - InstallOnShutdown, default is "false"
   - Mail, default is "" (empty)
   - MailOnlyOnError, default is "false"
   - Remove-Unused-Kernel-Packages, default is "true"
   - Remove-New-Unused-Dependencies, default is "true"
   - Remove-Unused-Dependencies, default is "false"
   - Automatic-Reboot, default is "false"
   - Automatic-Reboot-WithUsers, default is "true"
   - Automatic-Reboot-Time, default is "02:00"
   - SyslogEnable, default is "false"
   - SyslogFacility, default is "daemon"
   - OnlyOnACPower, default is "true"
   - Skip-Updates-On-Metered-Connections, default is "true"
   - Verbose, default is "false"
   - Debug, default is "false"
 blacklist
   Python regular expressions, matching packages to exclude from upgrading.
 EXAMPLES
 --------
 .. code-block:: sh
    __apt_unattended_upgrades \
        --option Mail=root \
        --option MailOnlyOnError=true \
        --blacklist multipath-tools \
        --blacklist open-iscsi
 AUTHORS
 -------
 Ander Punnar <ander-at-kvlt-dot-ee>
 COPYING
 -------
 Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by the Free
 Software Foundation, either version 3 of the License, or (at your option) any
 later version.
--- a/cdist/conf/type/__apt_unattended_upgrades/manifest
+++ b/cdist/conf/type/__apt_unattended_upgrades/manifest
@ -1,80 +0,0 @@
 #!/bin/sh -e
 #
 # 2020 Ander Punnar (ander-at-kvlt-dot-ee)
 #
 # This file is part of cdist.
 #
 # cdist is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # cdist is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 __package unattended-upgrades
 export require='__package/unattended-upgrades'
 # in normal circumstances 20auto-upgrades is managed
 # by debconf and it can only contain these lines
 __file /etc/apt/apt.conf.d/20auto-upgrades \
    --owner root \
    --group root \
    --mode 644 \
    --source - << EOF
 APT::Periodic::Update-Package-Lists "1";
 APT::Periodic::Unattended-Upgrade "1";
 EOF
 # lets not write into upstream 50unattended-upgrades file,
 # but use our own config file to avoid clashes
 conf_file='/etc/apt/apt.conf.d/51unattended-upgrades-cdist'
 conf='# this file is managed by cdist'
 if [ -f "$__object/parameter/option" ]
 then
    o=''
    while read -r l
    do
        o="$( printf '%s\nUnattended-Upgrade::%s "%s";\n' "$o" "${l%%=*}" "${l#*=}" )"
    done \
        < "$__object/parameter/option"
    conf="$( printf '%s\n%s\n' "$conf" "$o" )"
 fi
 if [ -f "$__object/parameter/blacklist" ]
 then
    b='Unattended-Upgrade::Package-Blacklist {'
    while read -r l
    do
        b="$( printf '%s\n"%s";\n' "$b" "$l" )"
    done \
        < "$__object/parameter/blacklist"
    conf="$( printf '%s\n%s\n}\n' "$conf" "$b" )"
 fi
 if [ "$( echo "$conf" | wc -l )" -gt 1 ]
 then
    echo "$conf" \
        | __file "$conf_file" \
            --owner root \
            --group root \
            --mode 644 \
            --source -
 else
    __file "$conf_file" --state absent
 fi
--- a/cdist/conf/type/__apt_unattended_upgrades/parameter/optional_multiple
+++ b/cdist/conf/type/__apt_unattended_upgrades/parameter/optional_multiple
@ -1,2 +0,0 @@
 option
 blacklist
--- a/cdist/conf/type/__apt_unattended_upgrades/singleton
+++ b/cdist/conf/type/__apt_unattended_upgrades/singleton
--- a/cdist/conf/type/__cdist/manifest
+++ b/cdist/conf/type/__cdist/manifest
@ -37,7 +37,6 @@ source="$(cat "$__object/parameter/source")"
 # out of it
 home=/home/$username
 # shellcheck disable=SC2086
 __user "$username" --home "$home" $shell
 require="__user/$username" __directory "$home" \
--- a/cdist/conf/type/__consul_agent/man.rst
+++ b/cdist/conf/type/__consul_agent/man.rst
@ -116,9 +116,6 @@ verify-incoming
 verify-outgoing
   enforce the use of TLS and verify the peers authenticity on outgoing connections
 use-distribution-package
   uses distribution package instead of upstream binary
 EXAMPLES
 --------
--- a/cdist/conf/type/__consul_agent/manifest
+++ b/cdist/conf/type/__consul_agent/manifest
@ -1,8 +1,7 @@
 #!/bin/sh -e
 #
 # 2015 Steven Armstrong (steven-cdist at armstrong.cc)
-# 2015-2020 Nico Schottelius (nico-cdist at schottelius.org)
+# 2015-2019 Nico Schottelius (nico-cdist at schottelius.org)
 # 2019 Timothée Floure (timothee.floure at ungleich.ch)
 #
 # This file is part of cdist.
 #
@ -20,87 +19,133 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 os=$(cat "$__global/explorer/os")
-###
+case "$os" in
-# Type parameters.
+   alpine|scientific|centos|debian|devuan|redhat|ubuntu)
      # whitelist safeguard
      :
   ;;
   *)
      echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
      echo "Please contribute an implementation for it if you can." >&2
      exit 1
   ;;
 esac
 state="$(cat "$__object/parameter/state")"
 user="$(cat "$__object/parameter/user")"
 group="$(cat "$__object/parameter/group")"
 release=$(cat "$__global/explorer/lsb_release")
 if [ -f "$__object/parameter/use-distribution-package" ]; then
  use_distribution_package=1
 fi
 ###
 # Those are default that might be overriden by os-specific logic.
 data_dir="/var/lib/consul"
 conf_dir="/etc/consul/conf.d"
 conf_file="config.json"
-
+# FIXME: there has got to be a better way to handle the dependencies in this case
-
+case "$state" in
-tls_dir="$conf_dir/tls"
+   present)
-
+      __group "$group" --system --state "$state"
-case "$os" in
+      require="__group/$group" \
-    alpine)
+         __user "$user" --system --gid "$group" \
-        conf_dir="/etc/consul"
+            --home "$data_dir" --state "$state"
-        conf_file="server.json"
+      export require="__user/consul"
-        ;;
+   ;;
-    *)
+   absent)
-        conf_dir="/etc/consul/conf.d"
+      echo "Sorry, state=absent currently not supported :-(" >&2
-        conf_file="config.json"
+      exit 1
-        ;;
+      require="$__object_name" \
         __user "$user" --system --gid "$group" --state "$state"
      require="__user/$user" \
         __group "$group" --system --state "$state"
   ;;
 esac
-###
+__directory /etc/consul \
-# Sane deployment, based on distribution package when available.
+   --owner root --group "$group" --mode 750 --state "$state"
 require="__directory/etc/consul" \
   __directory "$conf_dir" \
      --owner root --group "$group" --mode 750 --state "$state"
-distribution_setup () {
+if [ -f "$__object/parameter/ca-file-source" ] || [ -f "$__object/parameter/cert-file-source" ] || [ -f "$__object/parameter/key-file-source" ]; then
-  case "$os" in
+   # create directory for ssl certs
-     debian)
+   require="__directory/etc/consul" \
-       # consul is only available starting Debian 10 (buster).
+      __directory /etc/consul/ssl \
-       # See https://packages.debian.org/buster/consul
+         --owner root --group "$group" --mode 750 --state "$state"
-       if [ "$release" -lt 10 ]; then
+fi
         echo "Consul is not available for your debian release." >&2
         echo "Please use the 'manual' (i.e. non-package) installation or \
           upgrade the target system." >&2
         exit 1
       fi
-       # Override previously defined environment to match debian packaging.
+__directory "$data_dir" \
-       conf_dir='/etc/consul.d'
+   --owner "$user" --group "$group" --mode 770 --state "$state"
       user='consul'
       group='consul'
     ;;
     alpine)
       # consul is only available starting Alpine 3.12 (= edge during the 3.11 cycle).
       # See https://pkgs.alpinelinux.org/packages?name=consul&branch=edge
       # Override previously defined environment to match alpine packaging.
       conf_dir='/etc/consul'
       conf_file='server.json'
       data_dir='/var/consul'
       user='consul'
       group='consul'
     ;;
     *)
        echo "Your operating system ($os) is currently not supported with the \
          --use-distribution-package flag (${__type##*/})." >&2
        echo "Please use non-package installation or contribute an \
          implementation for if you can." >&2
        exit 1
     ;;
  esac
-  # Install consul package.
+# Generate json config file
-  __package consul --state "$state"
+(
 echo "{"
-  export config_deployment_requires="__package/consul"
+# parameters we define ourself
-}
+printf '   "data_dir": "%s"\n' "$data_dir"
-###
+cd "$__object/parameter/"
-# LEGACY manual deployment, kept for compatibility reasons.
+for param in *; do
   case "$param" in
      state|user|group|json-config) continue ;;
      ca-file-source|cert-file-source|key-file-source)
         source="$(cat "$__object/parameter/$param")"
         destination="/etc/consul/ssl/${source##*/}"
         require="__directory/etc/consul/ssl" \
            __file "$destination" \
               --owner root --group consul --mode 640 \
               --source "$source" \
               --state "$state"
         key="$(echo "${param%-*}" | tr '-' '_')"
         printf '   ,"%s": "%s"\n' "$key" "$destination"
      ;;
      disable-remote-exec|disable-update-check|leave-on-terminate|rejoin-after-leave|server|enable-syslog|verify-incoming|verify-outgoing)
         # handle boolean parameters
         key="$(echo "$param" | tr '-' '_')"
         printf '   ,"%s": true\n' "$key"
      ;;
      retry-join)
         # join multiple parameters into json array
         retry_join="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join")"
         # remove trailing ,
         printf '   ,"retry_join": [%s]\n' "${retry_join%*,}"
      ;;
      retry-join-wan)
         # join multiple parameters into json array over wan
         retry_join_wan="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join-wan")"
         # remove trailing ,
         printf '   ,"retry_join_wan": [%s]\n' "${retry_join_wan%*,}"
      ;;
      bootstrap-expect)
         # integer key=value parameters
         key="$(echo "$param" | tr '-' '_')"
         printf '   ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")"
      ;;
      *)
         # string key=value parameters
         key="$(echo "$param" | tr '-' '_')"
         printf '   ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
      ;;
   esac
 done
 if [ -f "$__object/parameter/json-config" ]; then
   json_config="$(cat "$__object/parameter/json-config")"
   if [ "$json_config" = "-" ]; then
      json_config="$__object/stdin"
   fi
   # remove leading and trailing whitespace and commas from first and last line
   # indent each line with 3 spaces for consistency
   json=$(sed -e 's/^[ \t]*/   /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config")
   printf '   ,%s\n' "$json"
 fi
 echo "}"
 ) | \
 require="__directory${conf_dir}" \
   __config_file "${conf_dir}/${conf_file}" \
      --owner root --group "$group" --mode 640 \
      --state "$state" \
      --onchange 'service consul status >/dev/null && service consul reload || true' \
      --source -
 init_sysvinit()
 {
@ -134,186 +179,47 @@ init_upstart()
    require="__file/etc/init/consul.conf" __start_on_boot consul
 }
-manual_setup () {
+# Install init script to start on boot
-  case "$os" in
+case "$os" in
-     alpine|scientific|centos|debian|devuan|redhat|ubuntu)
+    alpine|devuan)
-        # whitelist safeguard
+        init_sysvinit debian
        :
     ;;
     *)
        echo "Your operating system ($os) is currently not supported by this \
          type (${__type##*/})." >&2
        echo "Please contribute an implementation for it if you can." >&2
        exit 1
     ;;
  esac
  # FIXME: there has got to be a better way to handle the dependencies in this case
  case "$state" in
     present)
        __group "$group" --system --state "$state"
        require="__group/$group" __user "$user" \
          --system --gid "$group" --home "$data_dir" --state "$state"
     ;;
     *)
        echo "The $state state is not (yet?) supported by this type." >&2
        exit 1
     ;;
  esac
  # Create data directory.
  require="__user/consul" __directory "$data_dir" \
    --owner "$user" --group "$group" --mode 770 --state "$state"
  # Create config directory.
  require="__user/consul" __directory "$conf_dir" \
    --parents --owner root --group "$group" --mode 750 --state "$state"
  # Install init script to start on boot
  case "$os" in
      devuan)
          init_sysvinit debian
          ;;
      centos|redhat)
          os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
          major_version="${os_version%%.*}"
          case "$major_version" in
              [456])
                  init_sysvinit redhat
                  ;;
              7)
                  init_systemd
                  ;;
              *)
                  echo "Unsupported CentOS/Redhat version: $os_version" >&2
                  exit 1
                  ;;
          esac
          ;;
      debian)
          os_version=$(cat "$__global/explorer/os_version")
          major_version="${os_version%%.*}"
          case "$major_version" in
              [567])
                  init_sysvinit debian
              ;;
              [89]|10)
                  init_systemd
              ;;
              *)
                  echo "Unsupported Debian version $os_version" >&2
                  exit 1
              ;;
          esac
          ;;
      ubuntu)
          init_upstart
          ;;
  esac
  config_deployment_requires="__user/consul __directory/$conf_dir"
 }
 ###
 # Trigger requested installation method.
 if [ $use_distribution_package ]; then
  distribution_setup
 else
  manual_setup
 fi
 ###
 # Install TLS certificates.
 if [ -f "$__object/parameter/ca-file-source" ] || \
   [ -f "$__object/parameter/cert-file-source" ] || \
   [ -f "$__object/parameter/key-file-source" ]; then
   requires="$config_deployment_requires" __directory "$tls_dir" \
     --owner root --group "$group" --mode 750 --state "$state"
   # Append to service restart requirements.
   restart_requires="$restart_requires __directory/$conf_dir/tls"
 fi
 ###
 # Generate and deploy configuration.
 json_configuration=$(
  echo "{"
  # parameters we define ourself
  printf '   "data_dir": "%s"\n' "$data_dir"
  cd "$__object/parameter/"
  for param in *; do
     case "$param" in
        state|user|group|json-config|use-distribution-package) continue ;;
        ca-file-source|cert-file-source|key-file-source)
           source="$(cat "$__object/parameter/$param")"
           destination="$tls_dir/${source##*/}"
           require="__directory/$tls_dir" \
              __file "$destination" \
                 --owner root --group consul --mode 640 \
                 --source "$source" \
                 --state "$state"
           key="$(echo "${param%-*}" | tr '-' '_')"
           printf '   ,"%s": "%s"\n' "$key" "$destination"
        ;;
-        disable-remote-exec|disable-update-check|leave-on-terminate\
+    centos|redhat)
-          |rejoin-after-leave|server|enable-syslog|verify-incoming|verify-outgoing)
+        os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
-           # handle boolean parameters
+        major_version="${os_version%%.*}"
-           key="$(echo "$param" | tr '-' '_')"
+        case "$major_version" in
-           printf '   ,"%s": true\n' "$key"
+            [456])
                init_sysvinit redhat
                ;;
            7)
                init_systemd
                ;;
            *)
                echo "Unsupported CentOS/Redhat version: $os_version" >&2
                exit 1
                ;;
        esac
        ;;
        retry-join)
           # join multiple parameters into json array
           retry_join="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join")"
           # remove trailing ,
           printf '   ,"retry_join": [%s]\n' "${retry_join%*,}"
        ;;
        retry-join-wan)
           # join multiple parameters into json array over wan
           retry_join_wan="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join-wan")"
           # remove trailing ,
           printf '   ,"retry_join_wan": [%s]\n' "${retry_join_wan%*,}"
        ;;
        bootstrap-expect)
           # integer key=value parameters
           key="$(echo "$param" | tr '-' '_')"
           printf '   ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")"
        ;;
        *)
           # string key=value parameters
           key="$(echo "$param" | tr '-' '_')"
           printf '   ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
        ;;
     esac
  done
  if [ -f "$__object/parameter/json-config" ]; then
     json_config="$(cat "$__object/parameter/json-config")"
     if [ "$json_config" = "-" ]; then
        json_config="$__object/stdin"
     fi
     # remove leading and trailing whitespace and commas from first and last line
     # indent each line with 3 spaces for consistency
     json=$(sed -e 's/^[ \t]*/   /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config")
     printf '   ,%s\n' "$json"
  fi
  echo "}"
 )
 echo "$json_configuration" | require="$config_deployment_requires" \
  __file "$conf_dir/$conf_file" \
      --owner root --group "$group" --mode 640 \
      --state "$state" \
      --source -
-# Set configuration deployment as requirement for service restart.
+    debian)
-restart_requires="__file/$conf_dir/$conf_file"
+        os_version=$(cat "$__global/explorer/os_version")
        major_version="${os_version%%.*}"
-###
+        case "$major_version" in
-# Restart consul agent after everything else.
+            [567])
-require="$restart_requires" __service consul --action restart
+                init_sysvinit debian
            ;;
            [89])
                init_systemd
            ;;
            *)
                echo "Unsupported Debian version $os_version" >&2
                exit 1
            ;;
        esac
        ;;
    ubuntu)
        init_upstart
        ;;
 esac
--- a/cdist/conf/type/__consul_agent/parameter/boolean
+++ b/cdist/conf/type/__consul_agent/parameter/boolean
@ -6,4 +6,3 @@ server
 enable-syslog
 verify-incoming
 verify-outgoing
 use-distribution-package
--- a/cdist/conf/type/__consul_check/explorer/conf-dir
+++ b/cdist/conf/type/__consul_check/explorer/conf-dir
@ -1 +0,0 @@
 ../../__consul_service/explorer/conf-dir
--- a/cdist/conf/type/__consul_check/manifest
+++ b/cdist/conf/type/__consul_check/manifest
@ -19,7 +19,7 @@
 #
 name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")"
-conf_dir=$(cat "$__object/explorer/conf-dir")
+conf_dir="/etc/consul/conf.d"
 conf_file="check_${name}.json"
 state="$(cat "$__object/parameter/state")"
--- a/cdist/conf/type/__consul_service/explorer/conf-dir
+++ b/cdist/conf/type/__consul_service/explorer/conf-dir
@ -1,15 +0,0 @@
 # Determine the configuration directory used by consul.
 check_dir () {
  if [ -d "$1" ]; then
    printf '%s' "$1"
    exit
  fi
 }
 check_dir '/etc/consul/conf.d'
 check_dir '/etc/consul.d'
 check_dir '/etc/consul'
 echo 'Could not determine consul configuration dir. Exiting.' >&2
 exit 1
--- a/cdist/conf/type/__consul_service/manifest
+++ b/cdist/conf/type/__consul_service/manifest
@ -19,7 +19,7 @@
 #
 name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")"
-conf_dir=$(cat "$__object/explorer/conf-dir")
+conf_dir="/etc/consul/conf.d"
 conf_file="service_${name}.json"
 state="$(cat "$__object/parameter/state")"
@ -45,7 +45,7 @@ printf '      "name": "%s"\n' "$name"
 cd "$__object/parameter/"
 for param in *; do
   case "$param" in
-      state|name|check-interval|conf-dir) continue ;;
+      state|name|check-interval) continue ;;
      check-script)
         printf '     ,"check": {\n'
         printf '         "script": "%s"\n' "$(cat "$__object/parameter/check-script")"
@ -86,6 +86,7 @@ echo "   }"
 # end json file
 echo "}"
 ) | \
 require="__directory${conf_dir}" \
   __config_file "${conf_dir}/${conf_file}" \
      --owner root --group consul --mode 640 \
      --state "$state" \
--- a/cdist/conf/type/__consul_watch_checks/explorer/conf-dir
+++ b/cdist/conf/type/__consul_watch_checks/explorer/conf-dir
@ -1 +0,0 @@
 ../../__consul_service/explorer/conf-dir
--- a/cdist/conf/type/__consul_watch_checks/manifest
+++ b/cdist/conf/type/__consul_watch_checks/manifest
@ -20,7 +20,7 @@
 cdist_type="${__type##*/}"
 watch_type="${cdist_type##*_}"
-conf_dir=$(cat "$__object/explorer/conf-dir")
+conf_dir="/etc/consul/conf.d"
 conf_file="watch_${watch_type}_${__object_id}.json"
 state="$(cat "$__object/parameter/state")"
--- a/cdist/conf/type/__consul_watch_event/explorer/conf-dir
+++ b/cdist/conf/type/__consul_watch_event/explorer/conf-dir
@ -1 +0,0 @@
 ../../__consul_service/explorer/conf-dir
--- a/cdist/conf/type/__consul_watch_event/manifest
+++ b/cdist/conf/type/__consul_watch_event/manifest
@ -20,7 +20,7 @@
 cdist_type="${__type##*/}"
 watch_type="${cdist_type##*_}"
-conf_dir=$(cat "$__object/explorer/conf-dir")
+conf_dir="/etc/consul/conf.d"
 conf_file="watch_${watch_type}_${__object_id}.json"
 state="$(cat "$__object/parameter/state")"
--- a/cdist/conf/type/__consul_watch_key/explorer/conf-dir
+++ b/cdist/conf/type/__consul_watch_key/explorer/conf-dir
@ -1 +0,0 @@
 ../../__consul_service/explorer/conf-dir
--- a/cdist/conf/type/__consul_watch_key/manifest
+++ b/cdist/conf/type/__consul_watch_key/manifest
@ -20,7 +20,7 @@
 cdist_type="${__type##*/}"
 watch_type="${cdist_type##*_}"
-conf_dir=$(cat "$__object/explorer/conf-dir")
+conf_dir="/etc/consul/conf.d"
 conf_file="watch_${watch_type}_${__object_id}.json"
 state="$(cat "$__object/parameter/state")"
--- a/cdist/conf/type/__consul_watch_keyprefix/explorer/conf-dir
+++ b/cdist/conf/type/__consul_watch_keyprefix/explorer/conf-dir
@ -1 +0,0 @@
 ../../__consul_service/explorer/conf-dir
--- a/cdist/conf/type/__consul_watch_keyprefix/manifest
+++ b/cdist/conf/type/__consul_watch_keyprefix/manifest
@ -20,7 +20,7 @@
 cdist_type="${__type##*/}"
 watch_type="${cdist_type##*_}"
-conf_dir=$(cat "$__object/explorer/conf-dir")
+conf_dir="/etc/consul/conf.d"
 conf_file="watch_${watch_type}_${__object_id}.json"
 state="$(cat "$__object/parameter/state")"
--- a/cdist/conf/type/__consul_watch_nodes/explorer/conf-dir
+++ b/cdist/conf/type/__consul_watch_nodes/explorer/conf-dir
@ -1 +0,0 @@
 ../../__consul_service/explorer/conf-dir
--- a/cdist/conf/type/__consul_watch_nodes/manifest
+++ b/cdist/conf/type/__consul_watch_nodes/manifest
@ -20,7 +20,7 @@
 cdist_type="${__type##*/}"
 watch_type="${cdist_type##*_}"
-conf_dir=$(cat "$__object/explorer/conf-dir")
+conf_dir="/etc/consul/conf.d"
 conf_file="watch_${watch_type}_${__object_id}.json"
 state="$(cat "$__object/parameter/state")"
--- a/cdist/conf/type/__consul_watch_service/explorer/conf-dir
+++ b/cdist/conf/type/__consul_watch_service/explorer/conf-dir
@ -1 +0,0 @@
 ../../__consul_service/explorer/conf-dir
--- a/cdist/conf/type/__consul_watch_service/manifest
+++ b/cdist/conf/type/__consul_watch_service/manifest
@ -20,7 +20,7 @@
 cdist_type="${__type##*/}"
 watch_type="${cdist_type##*_}"
-conf_dir=$(cat "$__object/explorer/conf-dir")
+conf_dir="/etc/consul/conf.d"
 conf_file="watch_${watch_type}_${__object_id}.json"
 state="$(cat "$__object/parameter/state")"
--- a/cdist/conf/type/__consul_watch_services/explorer/conf-dir
+++ b/cdist/conf/type/__consul_watch_services/explorer/conf-dir
@ -1 +0,0 @@
 ../../__consul_service/explorer/conf-dir
--- a/cdist/conf/type/__consul_watch_services/manifest
+++ b/cdist/conf/type/__consul_watch_services/manifest
@ -20,7 +20,7 @@
 cdist_type="${__type##*/}"
 watch_type="${cdist_type##*_}"
-conf_dir=$(cat "$__object/explorer/conf-dir")
+conf_dir="/etc/consul/conf.d"
 conf_file="watch_${watch_type}_${__object_id}.json"
 state="$(cat "$__object/parameter/state")"
--- a/cdist/conf/type/__cron/gencode-remote
+++ b/cdist/conf/type/__cron/gencode-remote
@ -31,28 +31,24 @@ if [ -f "$__object/parameter/raw" ]; then
 elif [ -f "$__object/parameter/raw_command" ]; then
   entry="$command"
 else
-   minute="$(cat "$__object/parameter/minute")"
+   minute="$(cat "$__object/parameter/minute" 2>/dev/null || echo "*")"
-   hour="$(cat "$__object/parameter/hour")"
+   hour="$(cat "$__object/parameter/hour" 2>/dev/null || echo "*")"
-   day_of_month="$(cat "$__object/parameter/day_of_month")"
+   day_of_month="$(cat "$__object/parameter/day_of_month" 2>/dev/null || echo "*")"
-   month="$(cat "$__object/parameter/month")"
+   month="$(cat "$__object/parameter/month" 2>/dev/null || echo "*")"
-   day_of_week="$(cat "$__object/parameter/day_of_week")"
+   day_of_week="$(cat "$__object/parameter/day_of_week" 2>/dev/null || echo "*")"
   entry="$minute $hour $day_of_month $month $day_of_week $command # $name"
 fi
 mkdir "$__object/files"
 echo "$entry" > "$__object/files/entry"
-if [ -s "$__object/explorer/entry" ]; then
+if diff -q "$__object/files/entry" "$__object/explorer/entry" >/dev/null; then
-    if diff -q "$__object/files/entry" "$__object/explorer/entry" >/dev/null; then
+    state_is=present
        state_is=present
    else
        state_is=modified
    fi
 else
    state_is=absent
 fi
-state_should="$(cat "$__object/parameter/state")"
+state_should="$(cat "$__object/parameter/state" 2>/dev/null || echo "present")"
 [ "$state_is" = "$state_should" ] && exit 0
--- a/cdist/conf/type/__cron/manifest
+++ b/cdist/conf/type/__cron/manifest
@ -22,12 +22,3 @@ if [ -f "$__object/parameter/raw" ] && [ -f "$__object/parameter/raw_command" ];
    echo "ERROR: both raw and raw_command specified" >&2
    exit 1
 fi
 case "$(cat "$__object/parameter/state")" in
    present) ;;
    absent) ;;
    *)
        echo "ERROR: unkown cron state" >&2
        exit 2
 esac
--- a/cdist/conf/type/__cron/nonparallel
+++ b/cdist/conf/type/__cron/nonparallel
--- a/cdist/conf/type/__cron/parameter/default/day_of_month
+++ b/cdist/conf/type/__cron/parameter/default/day_of_month
@ -1 +0,0 @@
 *
--- a/cdist/conf/type/__cron/parameter/default/day_of_week
+++ b/cdist/conf/type/__cron/parameter/default/day_of_week
@ -1 +0,0 @@
 *
--- a/cdist/conf/type/__cron/parameter/default/hour
+++ b/cdist/conf/type/__cron/parameter/default/hour
@ -1 +0,0 @@
 *
--- a/cdist/conf/type/__cron/parameter/default/minute
+++ b/cdist/conf/type/__cron/parameter/default/minute
@ -1 +0,0 @@
 *
--- a/cdist/conf/type/__cron/parameter/default/month
+++ b/cdist/conf/type/__cron/parameter/default/month
@ -1 +0,0 @@
 *
--- a/cdist/conf/type/__cron/parameter/default/state
+++ b/cdist/conf/type/__cron/parameter/default/state
@ -1 +0,0 @@
 present
--- a/cdist/conf/type/__daemontools_service/man.rst
+++ b/cdist/conf/type/__daemontools_service/man.rst
@ -40,12 +40,6 @@ run-file
 log-run
   Command to run for log consumption. Default: `multilog t ./main`
 owner
   User to chown to.
 group
   User to chgrp to.
 servicedir
   Directory to install into. Default: `/service`
--- a/cdist/conf/type/__daemontools_service/manifest
+++ b/cdist/conf/type/__daemontools_service/manifest
@ -9,8 +9,6 @@ servicedir=$(cat "$__object/parameter/servicedir")
 run=$(cat "$__object/parameter/run")
 runfile=$(cat "$__object/parameter/run-file")
 logrun=$(cat "$__object/parameter/log-run")
 owner=$(cat "$__object/parameter/owner")
 group=$(cat "$__object/parameter/group")
 svc=$(cat "$__type/explorer/svc")
@ -27,22 +25,14 @@ badusage() {
 [ -z "$run$runfile" ] && badusage
 [ -n "$run" ] && [ -n "$runfile" ] && badusage
-flags=""
+__directory "$servicedir/$name/log/main" --parents
 if [ -n "$owner" ]; then
  flags="$flags --owner $owner"
 fi
 if [ -n "$group" ]; then
  flags="$flags --group $group"
 fi
 __directory "$servicedir/$name/log/main" --parents $flags
 echo "$RUN_PREFIX$run" | require="__directory/$servicedir/$name/log/main" __config_file "$servicedir/$name/run" \
 	--onchange "svc -t '$servicedir/$name' 2>/dev/null" \
-	--mode 755 $flags \
+	--mode 755 \
 	--source "${runfile:--}"
 echo "$RUN_PREFIX$logrun" | require="__directory/$servicedir/$name/log/main" __config_file "$servicedir/$name/log/run" \
 	--onchange "svc -t '$servicedir/$name/log' 2>/dev/null" \
-	--mode 755 $flags \
+	--mode 755 \
 	--source "-"
--- a/cdist/conf/type/__daemontools_service/parameter/default/group
+++ b/cdist/conf/type/__daemontools_service/parameter/default/group
--- a/cdist/conf/type/__daemontools_service/parameter/default/owner
+++ b/cdist/conf/type/__daemontools_service/parameter/default/owner
--- a/cdist/conf/type/__daemontools_service/parameter/optional
+++ b/cdist/conf/type/__daemontools_service/parameter/optional
@ -1,6 +1,4 @@
 group
 log-run
 owner
 run
 run-file
 servicedir
--- a/cdist/conf/type/__directory/explorer/stat
+++ b/cdist/conf/type/__directory/explorer/stat
@ -1,7 +1,6 @@
 #!/bin/sh
 #
 # 2013 Steven Armstrong (steven-cdist armstrong.cc)
 # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -21,43 +20,24 @@
 destination="/$__object_id"
 fallback() {
   # Patch the output together, manually
   ls_line=$(ls -ldn "$destination")
   uid=$(echo "$ls_line" | awk '{ print $3 }')
   gid=$(echo "$ls_line" | awk '{ print $4 }')
   owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd)
   group=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group)
   mode_text=$(echo "$ls_line" | awk '{ print $1 }')
   mode=$(echo "$mode_text" | awk '{ k=0; for (i=0; i<=8; i++) k += ((substr($1, i+2, 1) ~ /[rwx]/) * 2^(8-i)); printf("%0o", k) }')
   printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\n' \
      "$("$__type_explorer/type")" \
      "$uid" "$owner" \
      "$gid" "$group" \
      "$mode" "$mode_text"
 }
 # nothing to work with, nothing we could do
 [ -e "$destination" ] || exit 0
-if ! command -v stat >/dev/null
+os=$("$__explorer/os")
-then
+case "$os" in
   fallback
   exit
 fi
 case $("$__explorer/os") in
   "freebsd"|"netbsd"|"openbsd"|"macosx")
      stat -f "type: %HT
 owner: %Du %Su
 group: %Dg %Sg
 mode: %Lp %Sp
-" "$destination" | awk '/^type/ { print tolower($0); next } { print }'
+" "$destination" | awk '/^type/ { print tolower($0); next; } { print; }'
      ;;
   alpine)
      stat -c "type: %F
 owner: %u %U
 group: %g %G
 mode: %a %A
 " "$destination"
      ;;
    solaris)
        ls1="$( ls -ld "$destination" )"
@ -89,12 +69,10 @@ mode: %Lp %Sp
        echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )"
    ;;
   *)
-      # NOTE: Do not use --printf here as it is not supported by BusyBox stat.
+       stat --printf="type: %F
      # NOTE: BusyBox's stat might not support the "-c" option, in which case
      #       we fall through to the shell fallback.
       stat -c "type: %F
 owner: %u %U
 group: %g %G
-mode: %a %A" "$destination" 2>/dev/null || fallback
+mode: %a %A
 " "$destination"
   ;;
 esac
--- a/cdist/conf/type/__directory/gencode-remote
+++ b/cdist/conf/type/__directory/gencode-remote
@ -3,7 +3,6 @@
 # 2011-2013 Nico Schottelius (nico-cdist at schottelius.org)
 # 2013 Steven Armstrong (steven-cdist armstrong.cc)
 # 2014 Daniel Heule (hda at sfs.biz)
 # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -22,8 +21,8 @@
 #
 destination="/$__object_id"
-state_should=$(cat "$__object/parameter/state")
+state_should="$(cat "$__object/parameter/state")"
-type=$(cat "$__object/explorer/type")
+type="$(cat "$__object/explorer/type")"
 stat_file="$__object/explorer/stat"
 # variable to keep track if we have to set directory attributes
@ -73,7 +72,7 @@ set_mode() {
 }
 case "$state_should" in
-   present|exists)
+   present)
      if [ "$type" != "directory" ]; then
         set_attributes=1
         if [ "$type" != "none" ]; then
@ -84,10 +83,6 @@ case "$state_should" in
         fi
         echo "mkdir $mkdiropt '$destination'"
         echo "create" >> "$__messages_out"
      elif [ "$state_should" = 'exists' ]; then
         # The type is directory and --state exists. We are done and do not
         # check or set the attributes.
         exit 0
      fi
      # Note: Mode - needs to happen last as a chown/chgrp can alter mode by
@ -108,26 +103,6 @@ case "$state_should" in
         fi
      done
   ;;
   pre-exists)
      case $type in
         directory)
            # all good
            exit 0
         ;;
         none)
            printf 'Directory "%s" does not exist\n' "$destination" >&2
            exit 1
         ;;
         file|symlink)
            printf 'File "%s" exists and is a %s, but should be a directory\n' "$destination" "$type" >&2
            exit 1
         ;;
         *)
            printf 'File or directory "%s" is in an unknown state\n' "$destination" >&2
            exit 1
         ;;
      esac
   ;;
   absent)
        if [ "$type" = "directory" ]; then
            echo "rm -rf '$destination'"
--- a/cdist/conf/type/__directory/man.rst
+++ b/cdist/conf/type/__directory/man.rst
@ -19,18 +19,7 @@ None.
 OPTIONAL PARAMETERS
 -------------------
 state
-   'present', 'absent', 'exists' or 'pre-exists', defaults to 'present' where:
+   'present' or 'absent', defaults to 'present'
   present
      the directory exists and the given attributes are set.
   absent
      the directory does not exist.
   exists
      the directory exists, but its attributes are not altered if it already
      existed.
   pre-exists
      check that the directory exists and is indeed a directory, but do not
      create or modify it.
 group
   Group to chgrp to.
@ -47,7 +36,7 @@ BOOLEAN PARAMETERS
 parents
   Whether to create parents as well (mkdir -p behaviour).
   Warning: all intermediate directory permissions default
-   to whatever mkdir -p does.
+   to whatever mkdir -p does. 
   Usually this means root:root, 0700.
--- a/cdist/conf/type/__file/explorer/stat
+++ b/cdist/conf/type/__file/explorer/stat
@ -2,7 +2,6 @@
 #
 # 2013 Steven Armstrong (steven-cdist armstrong.cc)
 # 2019 Nico Schottelius (nico-cdist at schottelius.org)
 # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -22,54 +21,29 @@
 destination="/$__object_id"
 fallback() {
   # Fallback: Patch the output together, manually.
   ls_line=$(ls -ldn "$destination")
   uid=$(echo "$ls_line" | awk '{ print $3 }')
   gid=$(echo "$ls_line" | awk '{ print $4 }')
   owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd)
   group=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group)
   mode_text=$(echo "$ls_line" | awk '{ print $1 }')
   mode=$(echo "$mode_text" | awk '{ k=0; for (i=0; i<=8; i++) k += ((substr($1, i+2, 1) ~ /[rwx]/) * 2^(8-i)); printf("%0o", k) }')
   size=$(echo "$ls_line" | awk '{ print $5 }')
   links=$(echo "$ls_line" | awk '{ print $2 }')
   printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\nsize: %d\nlinks: %d\n' \
      "$("$__type_explorer/type")" \
      "$uid" "$owner" \
      "$gid" "$group" \
      "$mode" "$mode_text" \
      "$size" \
      "$links"
 }
 # nothing to work with, nothing we could do
 [ -e "$destination" ] || exit 0
-
+os=$("$__explorer/os")
-if ! command -v stat >/dev/null
+case "$os" in
-then
+   "freebsd"|"netbsd"|"openbsd"|"macosx")
   fallback
   exit
 fi
 case $("$__explorer/os")
 in
   freebsd|netbsd|openbsd|macosx)
      stat -f "type: %HT
 owner: %Du %Su
 group: %Dg %Sg
 mode: %Lp %Sp
 size: %Dz
 links: %Dl
-" "$destination" | awk '/^type/ { print tolower($0); next } { print }'
+" "$destination" | awk '/^type/ { print tolower($0); next; } { print; }'
      ;;
   alpine)
       # busybox stat
      stat -c "type: %F
 owner: %u %U
 group: %g %G
 mode: %a %A
 size: %s
 links: %h
 " "$destination"
      ;;
    solaris)
        ls1="$( ls -ld "$destination" )"
@ -103,14 +77,12 @@ links: %Dl
        echo "links: $( echo "$ls1" | awk '{print $2}' )"
    ;;
   *)
-      # NOTE: Do not use --printf here as it is not supported by BusyBox stat.
+      stat --printf="type: %F
      # NOTE: BusyBox's stat might not support the "-c" option, in which case
      #       we fall through to the shell fallback.
      stat -c "type: %F
 owner: %u %U
 group: %g %G
 mode: %a %A
 size: %s
-links: %h" "$destination" 2>/dev/null || fallback
+links: %h
-         ;;
+" "$destination"
      ;;
 esac
--- a/cdist/conf/type/__file/gencode-local
+++ b/cdist/conf/type/__file/gencode-local
@ -31,24 +31,12 @@ if [ "$state_should" = "pre-exists" ]; then
      exit 1
   fi
-   case $type in
+   if [ "$type" = "file" ]; then
-      file)
+      exit 0 # nothing to do
-         # nothing to do
+   else
-         exit 0
+      echo "File \"$destination\" does not exist"
-      ;;
+      exit 1
-      none)
+   fi
         printf 'File "%s" does not exist\n' "$destination" >&2
         exit 1
      ;;
      directory|symlink)
         printf 'File "%s" exists and is a %s, but should be a regular file\n' "$destination" "$type" >&2
         exit 1
      ;;
      *)
         printf 'File or directory "%s" is in an unknown state\n' "$destination" >&2
         exit 1
      ;;
   esac
 fi
 upload_file=
--- a/cdist/conf/type/__file/gencode-remote
+++ b/cdist/conf/type/__file/gencode-remote
@ -55,40 +55,36 @@ set_owner() {
 }
 set_mode() {
-    echo "chmod '$1' '$destination'"
+   echo "chmod '$1' '$destination'"
-    echo "chmod '$1'" >> "$__messages_out"
+   echo "chmod '$1'" >> "$__messages_out"
-    fire_onchange=1
+   fire_onchange=1
 }
 case "$state_should" in
-    present|exists)
+    present|exists|pre-exists)
-        # Note: Mode - needs to happen last as a chown/chgrp can alter mode by
+    # Note: Mode - needs to happen last as a chown/chgrp can alter mode by
-        #  clearing S_ISUID and S_ISGID bits (see chown(2))
+    #  clearing S_ISUID and S_ISGID bits (see chown(2))
-        for attribute in group owner mode; do
+    for attribute in group owner mode; do
-            if [ -f "$__object/parameter/$attribute" ]; then
+        if [ -f "$__object/parameter/$attribute" ]; then
-                value_should="$(cat "$__object/parameter/$attribute")"
+            value_should="$(cat "$__object/parameter/$attribute")"
-                # change 0xxx format to xxx format => same as stat returns
+            # change 0xxx format to xxx format => same as stat returns
-                if [ "$attribute" = mode ]; then
+            if [ "$attribute" = mode ]; then
-                    value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')"
+                value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')"
-                fi
+            fi
-
+            
-                value_is="$(get_current_value "$attribute" "$value_should")"
+            value_is="$(get_current_value "$attribute" "$value_should")"
-                if [ -f "$__object/files/set-attributes" ] || [ "$value_should" != "$value_is" ]; then
+            if [ -f "$__object/files/set-attributes" ] || [ "$value_should" != "$value_is" ]; then
-                    "set_$attribute" "$value_should"
+                "set_$attribute" "$value_should"
                fi
            fi
        done
        if [ -f "$__object/files/set-attributes" ]; then
            # set-attributes is created if file is created or uploaded in gencode-local
            fire_onchange=1
        fi
-    ;;
+    done
    if [ -f "$__object/files/set-attributes" ]; then
        # set-attributes is created if file is created or uploaded in gencode-local
        fire_onchange=1
    fi
-    pre-exists)
+    ;;
        # pre-exists should never reach gencode-remote…
        exit 1
   ;;
    absent)
        if [ "$type" = "file" ]; then
@ -105,7 +101,7 @@ case "$state_should" in
 esac
 if [ -f "$__object/parameter/onchange" ]; then
-    if [ -n "$fire_onchange" ]; then
+   if [ -n "$fire_onchange" ]; then
-        cat "$__object/parameter/onchange"
+      cat "$__object/parameter/onchange"
-    fi
+   fi
 fi
--- a/cdist/conf/type/__install_chroot_umount/manifest
+++ b/cdist/conf/type/__install_chroot_umount/manifest
@ -1 +0,0 @@
 ../__chroot_umount/manifest
--- a/cdist/conf/type/__install_directory/man.rst
+++ b/cdist/conf/type/__install_directory/man.rst
@ -1,101 +0,0 @@
 cdist-type__install_directory(7)
 ================================
 NAME
 ----
 cdist-type__install_directory - Manage a directory with install command
 DESCRIPTION
 -----------
 This cdist type allows you to create or remove directories on the target.
 REQUIRED PARAMETERS
 -------------------
 None.
 OPTIONAL PARAMETERS
 -------------------
 state
   'present' or 'absent', defaults to 'present'
 group
   Group to chgrp to.
 mode
   Unix permissions, suitable for chmod.
 owner
   User to chown to.
 BOOLEAN PARAMETERS
 ------------------
 parents
   Whether to create parents as well (mkdir -p behaviour).
   Warning: all intermediate directory permissions default
   to whatever mkdir -p does. 
   Usually this means root:root, 0700.
 recursive
   If supplied the chgrp and chown call will run recursively.
   This does *not* influence the behaviour of chmod.
 MESSAGES
 --------
 chgrp <group>
    Changed group membership
 chown <owner>
    Changed owner
 chmod <mode>
    Changed mode
 create
    Empty directory was created
 remove
    Directory exists, but state is absent, directory will be removed by generated code.
 remove non directory
    Something other than a directory with the same name exists and was removed prior to create.
 EXAMPLES
 --------
 .. code-block:: sh
    # A silly example
    __install_directory /tmp/foobar
    # Remove a directory
    __install_directory /tmp/foobar --state absent
    # Ensure /etc exists correctly
    __install_directory /etc --owner root --group root --mode 0755
    # Create nfs service directory, including parents
    __install_directory /home/services/nfs --parents
    # Change permissions recursively
    __install_directory /home/services --recursive --owner root --group root
    # Setup a temp directory
    __install_directory /local --mode 1777
    # Take it all
    __install_directory /home/services/kvm --recursive --parents \
        --owner root --group root --mode 0755 --state present
 AUTHORS
 -------
 Nico Schottelius <nico-cdist--@--schottelius.org>
 COPYING
 -------
 Copyright \(C) 2011 Nico Schottelius. You can redistribute it
 and/or modify it under the terms of the GNU General Public License as
 published by the Free Software Foundation, either version 3 of the
 License, or (at your option) any later version.
--- a/cdist/conf/type/__install_directory/man.rst
+++ b/cdist/conf/type/__install_directory/man.rst
@ -0,0 +1 @@
 ../__directory/man.rst
--- a/cdist/conf/type/__install_file/man.rst
+++ b/cdist/conf/type/__install_file/man.rst
@ -23,10 +23,6 @@ symlink
 directory
  replace it with the source file
 One exception is that when state is pre-exists, an error is raised if
 the file would have been created otherwise (e.g. it is not present or
 not a regular file).
 In any case, make sure that the file attributes are as specified.
@ -37,7 +33,7 @@ None.
 OPTIONAL PARAMETERS
 -------------------
 state
-   'present', 'absent', 'exists' or 'pre-exists', defaults to 'present' where:
+   'present', 'absent' or 'exists', defaults to 'present' where:
   present
      the file is exactly the one from source
@ -45,9 +41,6 @@ state
      the file does not exist
   exists
      the file from source but only if it doesn't already exist
   pre-exists
      check that the file exists and is a regular file, but do not
      create or modify it
 group
   Group to chgrp to.
@ -63,9 +56,6 @@ source
   If not supplied, an empty file or directory will be created.
   If source is '-' (dash), take what was written to stdin as the file content.
 onchange
   The code to run if file is modified.
 MESSAGES
 --------
 chgrp <group>
@ -103,8 +93,6 @@ EXAMPLES
    __install_file /home/frodo/.bashrc --source "/etc/skel/.bashrc" \
       --state exists \
       --owner frodo --mode 0600
    # Check that the file is present, show an error when it is not
    __install_file /etc/somefile --state pre-exists
    # Take file content from stdin
    __install_file /tmp/whatever --owner root --group root --mode 644 --source - << DONE
        Here goes the content for /tmp/whatever
--- a/cdist/conf/type/__iocage_clone/gencode-remote
+++ b/cdist/conf/type/__iocage_clone/gencode-remote
@ -1,152 +0,0 @@
 #!/bin/sh
 state="$(cat $__object/parameter/state)"
 template="$(cat $__object/parameter/template)"
 ip4_addr="$(cat $__object/parameter/bridge)|$(cat $__object/parameter/ip)"
 interfaces="none:none"
 defaultrouter="none"
 vnet="off"
 jail_zfs_dataset="$(cat $__object/parameter/jail_zfs_dataset)"
 devfs_ruleset="$(cat $__object/parameter/devfs_ruleset)"
 allow_socket_af="$(cat $__object/parameter/allow_socket_af)"
 mount_procfs="$(cat $__object/parameter/mount_procfs)"
 mount_linprocfs="$(cat $__object/parameter/mount_linprocfs)"
 if [ "X$state" = "Xabsent" ]; then
  cat <<EOF
    iocage stop $__object_id || true
    iocage destroy -f $__object_id || true
    rm -f /iocage/jails/$__object_id
 EOF
 else 
  cat <<EOF
 get_property_zfs () {
  zfs get -H -o value \$1 "\$2"
 }
 get_property_iocage () {
  get_property_zfs "org.freebsd.iocage:\$1" "/iocage/jails/\$2"
 }
 create_new=0
 if [ ! -d /iocage/jails/"$__object_id" ]; then
  echo "Jail $__object_id does not exist, going to create."
  create_new=1
 else
  base=\$(get_property_zfs origin "/iocage/jails/$__object_id")
  current_template=\$(get_property_zfs org.freebsd.iocage:tag "\$base")
  if [ "X\$current_template" != "X$template" ]; then
    echo "Jail $__object_id has base \$current_template, which is not $template. " >&2
    create_new=1
  fi
 fi
 if [ \$create_new -eq 0 ]; then
  if [ "off" == "\$(get_property_iocage jail_zfs "$__object_id")" ]; then
    current_jail_zfs_dataset=""
  else
    current_jail_zfs_dataset="\$(get_property_iocage jail_zfs_dataset "$__object_id")"
  fi
 fi
 configure=0
 if [ \$create_new -eq 1 ]; then
  configure=1
 elif [ "X$vnet" != "X\$(get_property_iocage vnet "$__object_id")" ]; then
  configure=1
 elif [ "X$ip4_addr" != "X\$(get_property_iocage ip4_addr "$__object_id")" ]; then
  configure=1
 elif [ "X$interfaces" != "X\$(get_property_iocage interfaces "$__object_id")" ]; then
  configure=1
 elif [ "X$defaultrouter" != "X\$(get_property_iocage defaultrouter "$__object_id")" ]; then
  configure=1
 elif [ "X$mount_procfs" != "X\$(get_property_iocage mount_procfs "$__object_id")" ]; then
  configure=1
 elif [ "X$devfs_ruleset" != "X\$(get_property_iocage devfs_ruleset "$__object_id")" ]; then
  configure=1
 elif [ "X$allow_socket_af" != "X\$(get_property_iocage allow_socket_af "$__object_id")" ]; then
  configure=1
 elif [ "X$jail_zfs_dataset" != "X\$current_jail_zfs_dataset" ]; then
  configure=1
 fi
 if [ \$create_new -eq 1 ]; then
  echo "Creating jail $__object_id" >&2
  iocage stop $__object_id || true
  iocage destroy -f $__object_id || true
  # Without VNETs, we should not need this.
  # TODO(riso): Use nicer path
  # /root/cdist/ioc deconfigure $__object_id
  rm -f /iocage/jails/$__object_id
  iocage clone $template tag=$__object_id
  iocage set boot=on $__object_id
  UUID=\$(iocage list | grep " $__object_id " | awk "{ print \\\$2; }")
  rm -f /iocage/jails/$__object_id
  ln -s /iocage/jails/\$UUID /iocage/jails/$__object_id
 else
  UUID=\$(iocage list | grep " $__object_id " | awk "{ print \\\$2; }")
  echo "Jail $__object_id already exists, UUID=\$UUID" >&2
 fi
 ROOT="/iocage/jails/\$UUID/root"
 FSTAB="/iocage/jails/\$UUID/fstab"
 rm -f \$FSTAB.new
 touch \$FSTAB.new
 cat $__object/parameter/mount 2>/dev/null | \\
 while read mount; do
  src=\$(echo \$mount | awk -F: "{ print \\\$1; }")
  dst_rel=\$(echo \$mount | awk -F: "{ print \\\$2; }")
  dst="/iocage/jails/\$UUID/root/\$dst_rel"
  mkdir -p "\$dst"
  echo "\$src	\$dst	nullfs	rw	0	0" >>\$FSTAB.new
 done
 if [ $mount_linprocfs -eq 1 ]; then
  echo "linproc /iocage/jails/\$UUID/root/compat/linux/proc linprocfs rw 0 0" >>\$FSTAB.new
 fi
 fstab_changed=0
 if diff -q \$FSTAB \$FSTAB.new >/dev/null; then
  # pass
 else
  configure=1
  fstab_changed=1
 fi
 if [ \$configure -eq 1 ]; then
  echo "Configuring jail $__object_id." >&2
  iocage stop $__object_id || true
  iocage set vnet="$vnet" $__object_id
  iocage set interfaces="$interfaces" $__object_id
  iocage set hostname="$__object_id" $__object_id
  iocage set ip4_addr="$ip4_addr" $__object_id
  iocage set defaultrouter="$defaultrouter" $__object_id
  iocage set mount_procfs="$mount_procfs" $__object_id
  iocage set devfs_ruleset="$devfs_ruleset" $__object_id
  iocage set allow_socket_af="$allow_socket_af" $__object_id
  if [ -n "$jail_zfs_dataset" ]; then
    iocage set jail_zfs=on $__object_id
    iocage set jail_zfs_dataset="$jail_zfs_dataset" $__object_id
  else
    iocage set jail_zfs=off $__object_id
  fi
  if [ \$fstab_changed -eq 1 ]; then
    umount -afF \$FSTAB || true
    mv \$FSTAB.new \$FSTAB
  fi
  iocage start $__object_id || true
  # Iocage creates new mac address, but arp can have an old mac cached.
  # TODO(riso): Is this true without VNETs?
  arp -d -a
 else
  echo "Jail $__object_id is already configured." >&2
 fi
 rm -f \$FSTAB.new
 EOF
 fi
--- a/cdist/conf/type/__iocage_clone/manifest
+++ b/cdist/conf/type/__iocage_clone/manifest
@ -1 +0,0 @@
 __package iocage
--- a/cdist/conf/type/__iocage_clone/parameter/default/allow_socket_af
+++ b/cdist/conf/type/__iocage_clone/parameter/default/allow_socket_af
@ -1 +0,0 @@
 0
--- a/cdist/conf/type/__iocage_clone/parameter/default/bridge
+++ b/cdist/conf/type/__iocage_clone/parameter/default/bridge
@ -1 +0,0 @@
 bridge0
--- a/cdist/conf/type/__iocage_clone/parameter/default/devfs_ruleset
+++ b/cdist/conf/type/__iocage_clone/parameter/default/devfs_ruleset
@ -1 +0,0 @@
 4
--- a/cdist/conf/type/__iocage_clone/parameter/default/jail_zfs_dataset
+++ b/cdist/conf/type/__iocage_clone/parameter/default/jail_zfs_dataset
--- a/cdist/conf/type/__iocage_clone/parameter/default/mount_linprocfs
+++ b/cdist/conf/type/__iocage_clone/parameter/default/mount_linprocfs
@ -1 +0,0 @@
 0
--- a/cdist/conf/type/__iocage_clone/parameter/default/mount_procfs
+++ b/cdist/conf/type/__iocage_clone/parameter/default/mount_procfs
@ -1 +0,0 @@
 0
--- a/cdist/conf/type/__iocage_clone/parameter/default/net
+++ b/cdist/conf/type/__iocage_clone/parameter/default/net
@ -1 +0,0 @@
 24
--- a/cdist/conf/type/__iocage_clone/parameter/default/state
+++ b/cdist/conf/type/__iocage_clone/parameter/default/state
@ -1 +0,0 @@
 present
--- a/cdist/conf/type/__iocage_clone/parameter/optional
+++ b/cdist/conf/type/__iocage_clone/parameter/optional
@ -1,7 +0,0 @@
 state
 bridge
 jail_zfs_dataset
 mount_procfs
 mount_linprocfs
 devfs_ruleset
 allow_socket_af
--- a/cdist/conf/type/__iocage_clone/parameter/optional_multiple
+++ b/cdist/conf/type/__iocage_clone/parameter/optional_multiple
@ -1 +0,0 @@
 mount
--- a/cdist/conf/type/__iocage_clone/parameter/required
+++ b/cdist/conf/type/__iocage_clone/parameter/required
@ -1,2 +0,0 @@
 ip
 template
--- a/cdist/conf/type/__letsencrypt_acmetiny/gencode-remote
+++ b/cdist/conf/type/__letsencrypt_acmetiny/gencode-remote
@ -1,112 +0,0 @@
 #!/bin/sh -e
 ACME_TINY_CERT_REQUEST_DIR="/var/acme-tiny/cert-requests"
 ACME_TINY_ACCOUNT_KEY="/var/acme-tiny/account.key"
 ACME_CHALLENGE_DIR="/srv/www/sites/acme/public/.well-known/acme-challenge"
 REALM="${__object_id}"
 EXTRA_DOMAINS=""
 if [ -f "${__object}/parameter/extra-domain" ]; then
  EXTRA_DOMAINS="$(cat "${__object}/parameter/extra-domain")"
 fi
 #TODO: support linux too
 REALMS_DIR="/usr/local/etc/pki/realms"
 REALM_DIR="${REALMS_DIR}/${REALM}"
 REALM_CERT="${REALM_DIR}/default.crt"
 REALM_KEY="${REALM_DIR}/default.key"
 REALM_CERT_REQUEST="${ACME_TINY_CERT_REQUEST_DIR}/${REALM}.csr"
 REALM_CERT_REQUEST_CNF="${ACME_TINY_CERT_REQUEST_DIR}/${REALM}.cnf"
 CSR_ALT_NAMES=""
 REALM_CERT_REQUEST_CNF_LINE=""
 if [ -n "${EXTRA_DOMAINS}" ]; then
  CSR_ALT_NAMES="DNS:${REALM}"
  for domain in ${EXTRA_DOMAINS}; do
    CSR_ALT_NAMES="${CSR_ALT_NAMES},DNS:${domain}"
  done
  # CSR requests are executed always against .new, only after succeeding .new replaces the .cnf
  REALM_CERT_REQUEST_CNF_LINE="-reqexts SAN -config '${REALM_CERT_REQUEST_CNF}.new'"
 fi
 cat << EOF
 if [ ! -d '${REALM_DIR}' ]; then
  mkdir -p '${REALM_DIR}'
 fi
 if [ ! -f '${REALM_KEY}' ]; then
  openssl genrsa 4096 > '${REALM_KEY}'
 fi
 if [ ! -d '${ACME_TINY_CERT_REQUEST_DIR}' ]; then
  mkdir '${ACME_TINY_CERT_REQUEST_DIR}'
 fi
 FORCE_CSR_REGEN=""
 if [ -n '${CSR_ALT_NAMES}' ]; then
  # Generate new config
  cat /etc/ssl/openssl.cnf > '${REALM_CERT_REQUEST_CNF}.new'
  printf '[SAN]\nsubjectAltName=${CSR_ALT_NAMES}' >> '${REALM_CERT_REQUEST_CNF}.new'
  # Compare to previous config if necessary
  if [ -f '${REALM_CERT_REQUEST_CNF}' ]; then
    CNF_DIFF=\$(diff -q '${REALM_CERT_REQUEST_CNF}' '${REALM_CERT_REQUEST_CNF}.new' || true)
    if [ -n "\${CNF_DIFF}" ]; then
      # Options have changed
      FORCE_CSR_REGEN="YES"
    else
      # Since they match, we won't be using this, clean it
      rm '${REALM_CERT_REQUEST_CNF}.new'
    fi
  else
    # We never used SAN here, CSR regen needed.
    FORCE_CSR_REGEN="YES"
  fi
 else
  # We used SAN at some point, not any more
  if [ -f '${REALM_CERT_REQUEST_CNF}' ]; then
    rm '${REALM_CERT_REQUEST_CNF}'
    FORCE_CSR_REGEN="YES"
  fi
 fi
 # Create or re-create when params have changed
 if [ ! -f '${REALM_CERT_REQUEST}' -o -n "\${FORCE_CSR_REGEN}" ]; then
  openssl req -new -sha256 -key '${REALM_KEY}' -subj '/CN=${REALM}' -out '${REALM_CERT_REQUEST}' ${REALM_CERT_REQUEST_CNF_LINE}
 fi
 # Check if cert exists, and if so whether or not it's older than a month
 if [ -f '${REALM_CERT}' ]; then
  MODIFIED_IN_30d="\$(find '${REALM_CERT}' -mtime -30d)"
  if [ -z "\${MODIFIED_IN_30d}" ]; then
    # Cert is over a month old, it's fine to regenerate
    FORCE_CRT_REGEN="YES"
  fi
 else
  # This cert doesn't exist
  FORCE_CRT_REGEN="YES"
 fi
 # Only request certificate when needed
 # TODO: support linux too
 if [ -n "\${FORCE_CSR_REGEN}" -o -n "\${FORCE_CRT_REGEN}" ]; then
  doas -u acme-tiny -- acme_tiny \
    --account '${ACME_TINY_ACCOUNT_KEY}' \
    --csr '${REALM_CERT_REQUEST}' \
    --acme-dir '${ACME_CHALLENGE_DIR}' > '${REALM_CERT}.new'
  if [ -s '${REALM_CERT}.new' ]; then
    mv '${REALM_CERT}.new' '${REALM_CERT}'
  else
    echo "Failed to generate cert for realm '${REALM}'."
    exit 1
  fi
 fi
 cat "${REALM_CERT}" "${REALMS_DIR}/chain.pem" > ${REALM_DIR}/fullchain.pem
 if [ -n '${REALM_CERT_REQUEST_CNF_LINE}' -a -f '${REALM_CERT_REQUEST_CNF}.new' ]; then
  # CSR and cert generation succeded with a new config, put new config in-place.
  # This is the last thing we do, so we try again next time if sth fails.
  mv '${REALM_CERT_REQUEST_CNF}.new' '${REALM_CERT_REQUEST_CNF}'
 fi
 EOF
--- a/cdist/conf/type/__letsencrypt_acmetiny/manifest
+++ b/cdist/conf/type/__letsencrypt_acmetiny/manifest
@ -1 +0,0 @@
 #__letsencrypt_acmetiny_base
--- a/cdist/conf/type/__letsencrypt_acmetiny/nonparallel
+++ b/cdist/conf/type/__letsencrypt_acmetiny/nonparallel
--- a/cdist/conf/type/__letsencrypt_acmetiny/parameter/optional_multiple
+++ b/cdist/conf/type/__letsencrypt_acmetiny/parameter/optional_multiple
@ -1 +0,0 @@
 extra-domain
--- a/cdist/conf/type/__letsencrypt_acmetiny_base/gencode-remote
+++ b/cdist/conf/type/__letsencrypt_acmetiny_base/gencode-remote
@ -1,12 +0,0 @@
 #!/bin/sh -e
 ACME_HOME="/var/acme-tiny"
 ACME_ACCOUNT_KEY="${ACME_HOME}/account.key"
 cat << EOF
 if [ ! -f '${ACME_ACCOUNT_KEY}' ]; then
  openssl genrsa 4096 > '${ACME_ACCOUNT_KEY}'
  chown acme-tiny:acme-tiny '${ACME_ACCOUNT_KEY}'
  chmod 640 '${ACME_ACCOUNT_KEY}'
 fi
 EOF
--- a/cdist/conf/type/__letsencrypt_acmetiny_base/manifest
+++ b/cdist/conf/type/__letsencrypt_acmetiny_base/manifest
@ -1,227 +0,0 @@
 # Arguments
 ACME_DOMAIN="$(cat "${__object}/parameter/acme_domain" || true)"
 if [ -z "${ACME_DOMAIN}" ]; then
  ACME_DOMAIN="${__target_host}"
 fi
 # Install needed stuffz
 ## TODO: consider not depending on nginx? It is... practical though.
 ## TODO: Maybe just move this out to a sepecial type?
 __package "nginx"
 NGINX_ETC="/usr/local/etc/nginx"
 # Setup the acme-challenge snippet
 require="__package/nginx" __directory "${NGINX_ETC}/snippets" --state present
 require="__directory${NGINX_ETC}/snippets" __file "${NGINX_ETC}/snippets/acme-challenge.conf" \
  --mode 644 \
  --source - << EOF
 # This file is managed remotely, all changes will be lost
 # This was heavily inspired by debops.org.
 # Automatic Certificate Management Environment (ACME) support.
 # https://tools.ietf.org/html/draft-ietf-acme-acme-01
 # https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment
 # Return the ACME challenge present in the server public root.
 # If not found, switch to global web server root.
 location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        try_files \$uri @well-known-acme-challenge;
 }
 # Return the ACME challenge present in the global server public root.
 # If not present, redirect request to a specified domain.
 location @well-known-acme-challenge {
        root /srv/www/sites/acme/public;
        default_type "text/plain";
        try_files \$uri @redirect-acme-challenge;
 }
 # Redirect the ACME challenge to a different host. If a redirect loop is
 # detected, return 404.
 location @redirect-acme-challenge {
        if (\$arg_redirect) {
                return 404;
        }
        return 307 \$scheme://${ACME_DOMAIN}\$request_uri?redirect=yes;
 }
 # Return 404 if ACME challenge well known path is accessed directly.
 location = /.well-known/acme-challenge/ {
    return 404;
 }
 EOF
 require="__package/nginx" __directory "${NGINX_ETC}/sites-enabled" --state present
 require="__directory${NGINX_ETC}/sites-enabled" __file "${NGINX_ETC}/nginx.conf" \
  --mode 644 \
  --source - << EOF
 # This file is managed remotely, all changes will be lost
 worker_processes  1;
 # This default error log path is compiled-in to make sure configuration parsing
 # errors are logged somewhere, especially during unattended boot when stderr
 # isn't normally logged anywhere. This path will be touched on every nginx
 # start regardless of error log location configured here. See
 # https://trac.nginx.org/nginx/ticket/147 for more info. 
 #
 #error_log  /var/log/nginx/error.log;
 #
 #pid        logs/nginx.pid;
 events {
        worker_connections  1024;
 }
 http {
        include       mime.types;
        default_type  application/octet-stream;
        server_tokens off;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 5m;
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        types_hash_max_size 2048;
        gzip on;
        gzip_disable "msie6";
        gzip_comp_level    5;
        gzip_min_length    256;
        gzip_proxied       any;
        gzip_vary          on;
        gzip_types
          application/atom+xml
          application/javascript
          application/json
          application/ld+json
          application/manifest+json
          application/rss+xml
          application/vnd.geo+json
          application/vnd.ms-fontobject
          application/x-font-ttf
          application/x-web-app-manifest+json
          application/xhtml+xml
          application/xml
          font/opentype
          image/bmp
          image/svg+xml
          image/x-icon
          text/cache-manifest
          text/css
          text/plain
          text/vcard
          text/vnd.rim.location.xloc
          text/vtt
          text/x-component
          text/x-cross-domain-policy;
        # Logging
        access_log /var/log/nginx/access.log;
        error_log  /var/log/nginx/error.log;
        #add_header X-Clacks-Overhead "GNU Terry Pratchett";
        # Virtual Hosts Configs
        include ${NGINX_ETC}/sites-enabled/*.conf;
 }
 EOF
 require="__directory${NGINX_ETC}/sites-enabled" __file "${NGINX_ETC}/sites-enabled/welcome.conf" \
  --mode 644 \
  --source - << EOF
 # This file is managed remotely, all changes will be lost
 # nginx server configuration for:
 #    - https://welcome/
 server {
        listen [::]:80;
        server_name welcome;
        root /srv/www/sites/welcome/public;
        include snippets/acme-challenge.conf;
        location / {
                return 301 https://\$host\$request_uri;
        }
 }
 EOF
 ## TODO: this is kinda bad, don't restart every time.
 ##       Otherwise this isn't idempotent.
 require="__package/nginx" __service nginx --action onerestart
 require="__package/nginx" __start_on_boot nginx
 __package "acme-tiny"
 # Create acme-tiny user and secure home dir
 ACME_TINY_HOME="/var/acme-tiny"
 require="__package/acme-tiny" __user acme-tiny --system --home ${ACME_TINY_HOME} --comment "acme-tiny client"
 require="__user/acme-tiny" __directory "${ACME_TINY_HOME}" --state present --mode 0750 --owner acme-tiny --group acme-tiny
 # Create ACME challenge dirs to be served by nginx
 ACME_PUBLIC_DIR="/srv/www/sites/acme/public"
 ACME_WELLKNOWN_DIR="${ACME_PUBLIC_DIR}/.well-known"
 ACME_CHALLENGE_DIR="${ACME_WELLKNOWN_DIR}/acme-challenge"
 __directory "${ACME_PUBLIC_DIR}" \
  --parents \
  --state present \
  --owner acme-tiny --group www \
  --mode 2750 # TODO: check whether this does require gid?
 require="__directory${ACME_PUBLIC_DIR}" __directory "${ACME_WELLKNOWN_DIR}" \
  --state present \
  --owner acme-tiny --group www \
  --mode 0750
 require="__directory${ACME_WELLKNOWN_DIR}" __directory "${ACME_CHALLENGE_DIR}" \
  --state present \
  --owner acme-tiny --group www \
  --mode 0750
 __package doas
 DOAS_CONF="/usr/local/etc/doas.conf"
 require="__package/doas" __file "${DOAS_CONF}" --mode 0640
 require="__file${DOAS_CONF}" __line "${DOAS_CONF}" \
  --regex 'root as acme-tiny' \
  --line 'permit nopass root as acme-tiny'
 # Setup CA 
 REALMS_DIR="/usr/local/etc/pki/realms"
 __directory "${REALMS_DIR}" \
  --parents \
  --state present \
  --mode 0755
 require="__directory${REALMS_DIR}" __file ${REALMS_DIR}/intermediate.pem \
  --mode 0644 \
  --source - << EOF
 $(curl -s https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt)
 EOF
 require="__directory${REALMS_DIR}" __file ${REALMS_DIR}/root.pem \
  --mode 0644 \
  --source - << EOF
 $(curl -s https://letsencrypt.org/certs/trustid-x3-root.pem.txt)
 EOF
 require="__directory${REALMS_DIR}" __file ${REALMS_DIR}/chain.pem \
  --mode 0644 \
  --source - << EOF
 $(curl -s https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt)
 $(curl -s https://letsencrypt.org/certs/trustid-x3-root.pem.txt)
 EOF
--- a/cdist/conf/type/__letsencrypt_acmetiny_base/parameter/optional
+++ b/cdist/conf/type/__letsencrypt_acmetiny_base/parameter/optional
@ -1 +0,0 @@
 acme_domain
--- a/cdist/conf/type/__letsencrypt_acmetiny_base/singleton
+++ b/cdist/conf/type/__letsencrypt_acmetiny_base/singleton
--- a/cdist/conf/type/__letsencrypt_cert/man.rst
+++ b/cdist/conf/type/__letsencrypt_cert/man.rst
@ -59,13 +59,13 @@ MESSAGES
 --------
 change
-    Certificate was changed.
+    Certificte was changed.
 create
-    Certificate was created.
+    Certificte was created.
 remove
-    Certificate was removed.
+    Certificte was removed.
 EXAMPLES
 --------
--- a/cdist/conf/type/__line/explorer/state
+++ b/cdist/conf/type/__line/explorer/state
@ -1,7 +1,6 @@
 #!/bin/sh -e
 #
 # 2018 Steven Armstrong (steven-cdist at armstrong.cc)
 # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -19,14 +18,6 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 if [ -f "$__object/parameter/file" ]; then
   file=$(cat "$__object/parameter/file")
 else
   file="/$__object_id"
 fi
 [ -f "$file" ] || exit 0
 if [ -f "$__object/parameter/before" ]; then
   position="before"
 elif [ -f "$__object/parameter/after" ]; then
@ -42,56 +33,63 @@ else
   needle="line"
 fi
 if [ -f "$__object/parameter/file" ]; then
   file="$(cat "$__object/parameter/file")"
 else
   file="/$__object_id"
 fi
 if [ ! -f "$file" ]; then
  echo "file_missing"
  exit 0
 fi
 awk -v position="$position" -v needle="$needle" '
 function _find(_text, _pattern) {
   if (needle == "regex") {
      return match(_text, _pattern)
   } else {
-      return index(_text, _pattern) == 1
+      return index(_text, _pattern)
   }
 }
 BEGIN {
   getline anchor < (ENVIRON["__object"] "/parameter/" position)
   getline pattern < (ENVIRON["__object"] "/parameter/" needle)
-
+   state = "absent"
   found_line = 0
   correct_pos = (position != "after" && position != "before")
 }
 {
   if (position == "after") {
      if (match($0, anchor)) {
         getline
         if (_find($0, pattern)) {
-            found_line++
+            state = "present"
            correct_pos = 1
            exit 0
         }
-      } else if (_find($0, pattern)) {
+         else {
-         found_line++
+            state = "wrongposition"
         }
         exit 0
      }
-   } else if (position == "before") {
+   }
   else if (position == "before") {
      if (_find($0, pattern)) {
         found_line++
         getline
         if (match($0, anchor)) {
-            correct_pos = 1
+            state = "present"
            exit 0
         }
         else {
            state = "wrongposition"
         }
         exit 0
      }
-   } else {
+   }
   else {
      if (_find($0, pattern)) {
-         found_line++
+         state = "present"
         exit 0
      }
   }
 }
 END {
-   if (found_line && correct_pos) {
+   print state
      print "present"
   } else if (found_line) {
      print "wrongposition"
   } else {
      print "absent"
   }
 }
 ' "$file"
--- a/cdist/conf/type/__line/gencode-remote
+++ b/cdist/conf/type/__line/gencode-remote
@ -1,7 +1,6 @@
 #!/bin/sh -e
 #
 # 2018 Steven Armstrong (steven-cdist at armstrong.cc)
 # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -24,20 +23,9 @@ if [ -f "$__object/parameter/before" ] && [ -f "$__object/parameter/after" ]; th
   exit 1
 fi
 if [ -f "$__object/parameter/file" ]; then
   file="$(cat "$__object/parameter/file")"
 else
   file="/$__object_id"
 fi
 state_should="$(cat "$__object/parameter/state")"
 state_is="$(cat "$__object/explorer/state")"
 if [ -z "$state_is" ]; then
   printf 'The file "%s" is missing. Please create it before using %s on it.\n' "$file" "${__type##*/}" >&2
   exit 1
 fi
 if [ "$state_should" = "$state_is" ]; then
   # nothing to do
   exit 0
@ -58,6 +46,12 @@ else
   needle="line"
 fi
 if [ -f "$__object/parameter/file" ]; then
   file="$(cat "$__object/parameter/file")"
 else
   file="/$__object_id"
 fi
 add=0
 remove=0
 case "$state_should" in
@ -110,12 +104,10 @@ BEGIN {
      if (anchor && match(\$0, anchor)) {
         if (position == "before") {
            print line
            add = 0
            print
         } else if (position == "after") {
            print
            print line
            add = 0
         }
         next
      }
@ -123,7 +115,7 @@ BEGIN {
   print
 }
 END {
-   if (add) {
+   if (add && position == "end") {
      print line
   }
 }
--- a/cdist/conf/type/__motd/gencode-remote
+++ b/cdist/conf/type/__motd/gencode-remote
@ -29,18 +29,7 @@ case "$os" in
        echo "uname -snrvm > /var/run/motd"
        echo "cat /etc/motd.tail >> /var/run/motd"
    ;;
    freebsd)
        # FreeBSD only updates /etc/motd on boot,
 	# as seen in /etc/rc.d/motd
 	echo "uname -sri > /etc/motd"
 	echo "cat /etc/motd.template >> /etc/motd"
 	# FreeBSD 13 starts treating motd slightly different from previous
 	# versions this ensures hosts have the expected config.
 	echo "rm /etc/motd.template || true"
 	echo "service motd start"
    ;;
    *)
        # Other OS tend to treat /etc/motd statically
        exit 0
    ;;
 esac
--- a/cdist/conf/type/__motd/man.rst
+++ b/cdist/conf/type/__motd/man.rst
@ -10,13 +10,6 @@ DESCRIPTION
 -----------
 This cdist type allows you to easily setup /etc/motd.
 .. note::
      In some OS, motd is a bit special, check `motd(5)`.
      Currently Debian, Devuan, Ubuntu and FreeBSD are taken into account.
      If your OS of choice does something besides /etc/motd, check the source
      and contribute support for it.
      Otherwise it will likely just work.
 REQUIRED PARAMETERS
 -------------------
@ -27,7 +20,6 @@ OPTIONAL PARAMETERS
 -------------------
 source
   If supplied, copy this file from the host running cdist to the target.
   If source is '-' (dash), take what was written to stdin as the file content.
   If not supplied, a default message will be placed onto the target.
@ -42,15 +34,6 @@ EXAMPLES
    # Supply source file from a different type
    __motd --source "$__type/files/my-motd"
    # Supply source from stdin
    __motd --source "-" <<EOF
    Take this kiss upon the brow!
    And, in parting from you now,
    Thus much let me avow-
    You are not wrong, who deem
    That my days have been a dream
    EOF
 AUTHORS
 -------
@ -59,7 +42,7 @@ Nico Schottelius <nico-cdist--@--schottelius.org>
 COPYING
 -------
-Copyright \(C) 2020 Nico Schottelius. You can redistribute it
+Copyright \(C) 2011 Nico Schottelius. You can redistribute it
 and/or modify it under the terms of the GNU General Public License as
 published by the Free Software Foundation, either version 3 of the
 License, or (at your option) any later version.
--- a/cdist/conf/type/__motd/manifest
+++ b/cdist/conf/type/__motd/manifest
@ -34,17 +34,9 @@ os=$(cat "$__global/explorer/os")
 case "$os" in
   debian|ubuntu|devuan)
      # Debian-based systems use /etc/motd.tail as a template
      destination=/etc/motd.tail
   ;;
   freebsd)
      # FreeBSD uses motd.template to prepend system information on boot
      # (this actually only applies starting with version 13,
      #  but we fix that for whatever version in gencode-remote)
      destination=/etc/motd.template
   ;;
   *)
      # Most UNIX systems, including other Linux and OpenBSD just use /etc/motd
      destination=/etc/motd
   ;;
 esac
--- a/cdist/conf/type/__mysql_database/explorer/state
+++ b/cdist/conf/type/__mysql_database/explorer/state
@ -1,33 +0,0 @@
 #!/bin/sh -e
 #
 # 2020 Ander Punnar (ander-at-kvlt-dot-ee)
 #
 # This file is part of cdist.
 #
 # cdist is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # cdist is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 if [ -f "$__object/parameter/name" ]
 then
    name="$( cat "$__object/parameter/name" )"
 else
    name="$__object_id"
 fi
 if [ -n "$( mysql -B -N -e "show databases like '$name'" )" ]
 then
    echo 'present'
 else
    echo 'absent'
 fi
--- a/cdist/conf/type/__mysql_database/gencode-remote
+++ b/cdist/conf/type/__mysql_database/gencode-remote
@ -1,6 +1,6 @@
 #!/bin/sh -e
 #
-# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
+# 2012 Benedikt Koeppel (code@benediktkoeppel.ch)
 #
 # This file is part of cdist.
 #
@ -17,30 +17,38 @@
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 #
-state_is="$( cat "$__object/explorer/state" )"
+# if --database was specified
-
+if [ -f "$__object/parameter/name" ]; then
-state_should="$( cat "$__object/parameter/state" )"
+   database="$(cat "$__object/parameter/name")"
-
+else # otherwise use the object id as database name
-if [ "$state_is" = "$state_should" ]
+   database="$__object_id"
 then
    exit 0
 fi
-if [ -f "$__object/parameter/name" ]
+cat <<-EOFF
-then
+mysql -u root <<-EOF
-    name="$( cat "$__object/parameter/name" )"
+	CREATE DATABASE IF NOT EXISTS $database
-else
+EOF
-    name="$__object_id"
+EOFF
 fi
-case "$state_should" in
+# if --user was specified
-    present)
+if [ -f "$__object/parameter/user" ]; then
-        echo "mysql -e 'create database \`$name\`'"
+   user="$(cat "$__object/parameter/user")"
-        echo "create database $name" >> "$__messages_out"
+
-    ;;
+   # if --password was specified
-    absent)
+   if [ -f "$__object/parameter/password" ]; then
-        echo "mysql -e 'drop database \`$name\`'"
+      password="$(cat "$__object/parameter/password")"
-        echo "drop database $name" >> "$__messages_out"
+      cat <<-EOFF
-    ;;
+      mysql -u root <<-EOF
-esac
+      	GRANT ALL PRIVILEGES ON $database.* to '$user'@'localhost' IDENTIFIED BY '$password';
 EOF
 EOFF
   else
      cat <<-EOFF
      mysql -u root <<-EOF
      	GRANT ALL PRIVILEGES ON $database.* to '$user'@'localhost';
 EOF
 EOFF
   fi
 fi
--- a/cdist/conf/type/__mysql_database/man.rst
+++ b/cdist/conf/type/__mysql_database/man.rst
@ -8,24 +8,24 @@ cdist-type__mysql_database - Manage a MySQL database
 DESCRIPTION
 -----------
 This cdist type allows you to install a MySQL database.
 Create MySQL database and optionally user with all privileges.
 REQUIRED PARAMETERS
 -------------------
 None.
 OPTIONAL PARAMETERS
 -------------------
 name
-   Name of database. Defaults to object id.
+   The name of the database to install
   defaults to the object id
 user
-   Create user and give all privileges to database.
+   A user that should have access to the database
 password
-   Password for user.
+   The password for the user who manages the database
 state
   Defaults to present.
   If absent and user is also set, both will be removed (with privileges).
 EXAMPLES
@ -33,23 +33,17 @@ EXAMPLES
 .. code-block:: sh
-    # just create database
+    __mysql_database "cdist" --name "cdist" --user "myuser" --password "mypwd"
    __mysql_database foo
    # create database with respective user with all privileges to database
    __mysql_database bar \
        --user name \
        --password secret
 AUTHORS
 -------
-Ander Punnar <ander-at-kvlt-dot-ee>
+Benedikt Koeppel <code@benediktkoeppel.ch>
 COPYING
 -------
-Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it
+Copyright \(C) 2012 Benedikt Koeppel. You can redistribute it
-under the terms of the GNU General Public License as published by the Free
+and/or modify it under the terms of the GNU General Public License as
-Software Foundation, either version 3 of the License, or (at your option) any
+published by the Free Software Foundation, either version 3 of the
-later version.
+License, or (at your option) any later version.
--- a/cdist/conf/type/__mysql_database/manifest
+++ b/cdist/conf/type/__mysql_database/manifest
@ -1,52 +0,0 @@
 #!/bin/sh -e
 #
 # 2020 Ander Punnar (ander-at-kvlt-dot-ee)
 #
 # This file is part of cdist.
 #
 # cdist is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # cdist is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 if [ -f "$__object/parameter/user" ]
 then
    user="$( cat "$__object/parameter/user" )"
 fi
 if [ -f "$__object/parameter/password" ]
 then
    password="$( cat "$__object/parameter/password" )"
 fi
 if [ -n "$user" ] && [ -n "$password" ]
 then
    if [ -f "$__object/parameter/name" ]
    then
        database="$( cat "$__object/parameter/name" )"
    else
        database="$__object_id"
    fi
    state_should="$( cat "$__object/parameter/state" )"
    __mysql_user "$user" \
        --password "$password" \
        --state "$state_should"
    # removing user should remove all user's privileges
    require="__mysql_user/$user" \
        __mysql_privileges "$database/$user" \
            --database "$database" \
            --user "$user" \
            --state "$state_should"
 fi
--- a/cdist/conf/type/__mysql_database/parameter/default/state
+++ b/cdist/conf/type/__mysql_database/parameter/default/state
@ -1 +0,0 @@
 present
--- a/cdist/conf/type/__mysql_database/parameter/optional
+++ b/cdist/conf/type/__mysql_database/parameter/optional
@ -1,4 +1,3 @@
 name
 user
 password
 state
--- a/cdist/conf/type/__mysql_privileges/explorer/state
+++ b/cdist/conf/type/__mysql_privileges/explorer/state
@ -1,40 +0,0 @@
 #!/bin/sh -e
 #
 # 2020 Ander Punnar (ander-at-kvlt-dot-ee)
 #
 # This file is part of cdist.
 #
 # cdist is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # cdist is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 privileges="$( cat "$__object/parameter/privileges" )"
 database="$( cat "$__object/parameter/database" )"
 table="$( cat "$__object/parameter/table" )"
 user="$( cat "$__object/parameter/user" )"
 host="$( cat "$__object/parameter/host" )"
 check_privileges="$( 
    mysql -B -N -e "show grants for '$user'@'$host'" \
        | grep -Ei "^grant $privileges on .$database.\..?$table.? to " || true )"
 if [ -n "$check_privileges" ]
 then
    echo 'present'
 else
    echo 'absent'
 fi
--- a/cdist/conf/type/__mysql_privileges/gencode-remote
+++ b/cdist/conf/type/__mysql_privileges/gencode-remote
@ -1,55 +0,0 @@
 #!/bin/sh -e
 #
 # 2020 Ander Punnar (ander-at-kvlt-dot-ee)
 #
 # This file is part of cdist.
 #
 # cdist is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # cdist is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 state_is="$( cat "$__object/explorer/state" )"
 state_should="$( cat "$__object/parameter/state" )"
 if [ "$state_is" = "$state_should" ]
 then
    exit 0
 fi
 privileges="$( cat "$__object/parameter/privileges" )"
 database="$( cat "$__object/parameter/database" )"
 table="$( cat "$__object/parameter/table" )"
 user="$( cat "$__object/parameter/user" )"
 host="$( cat "$__object/parameter/host" )"
 if [ "$table" != '*' ]
 then
    # shellcheck disable=SC2016
    table="$( printf '`%s`' "$table" )"
 fi
 case "$state_should" in
    present)
        echo "mysql -e 'grant $privileges on \`$database\`.$table to \`$user\`@\`$host\`'"
        echo "grant $privileges on $database.$table to $user@$host" >> "$__messages_out"
    ;;
    absent)
        echo "mysql -e 'revoke $privileges on \`$database\`.$table from \`$user\`@\`$host\`'"
        echo "revoke $privileges on $database.$table from $user@$host" >> "$__messages_out"
    ;;
 esac
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
Darko Poljak	654637c9dd	debug	2019-12-02 12:31:46 +01:00
Darko Poljak	20ccb3ec06	debug	2019-12-02 11:33:53 +01:00
Darko Poljak	399828545f	debug	2019-12-02 09:35:18 +01:00
Darko Poljak	f259c93796	debug	2019-12-02 09:33:41 +01:00
Darko Poljak	936019b699	debug	2019-12-02 09:31:20 +01:00
Darko Poljak	75b2f521d9	debug runner :)	2019-12-02 09:25:48 +01:00
Darko Poljak	553c11ca95	gitlab CI runner should have necessary tools	2019-12-02 09:22:31 +01:00