forked from ungleich-public/cdist
Compare commits
15 Commits
3f9f3e07e0
...
d0271e4cd1
| Author | SHA1 | Date |
|---|---|---|
 fancsali
|
d0271e4cd1 | |
Nico Schottelius
|
77d9a757ec | |
 nico14571
|
e5adcf451b | |
|
Nico Schottelius
|
9839c2d8ec | |
|
nico14571
|
1edc4d0a60 | |
 stephan
|
3d58c9b24f | |
Steven Armstrong
|
6c8c692a22 | |
|
Steven Armstrong
|
abbc7dfc37 | |
|
Steven Armstrong
|
8b915b15b5 | |
|
Steven Armstrong
|
2df2578e36 | |
|
Steven Armstrong
|
6f8c774cb0 | |
 romain-dartigues
|
54a5cb17b7 | |
|
romain-dartigues
|
cb0fa0f2e4 | |
|
Steven Armstrong
|
af54fe6feb | |
|
Steven Armstrong
|
22039284f5 |
|
|
@ -1,55 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
#
|
||||
# Remove the given apt repository.
|
||||
#
|
||||
# Exit with:
|
||||
# 0: if it worked
|
||||
# 1: if not
|
||||
# 2: on other error
|
||||
|
||||
import os
|
||||
import sys
|
||||
from aptsources import distro, sourceslist
|
||||
from softwareproperties import ppa
|
||||
from softwareproperties.SoftwareProperties import SoftwareProperties
|
||||
|
||||
|
||||
def remove_if_empty(file_name):
|
||||
with open(file_name, 'r') as f:
|
||||
if f.read().strip():
|
||||
return
|
||||
os.unlink(file_name)
|
||||
|
||||
def remove_repository(repository):
|
||||
#print 'repository:', repository
|
||||
codename = distro.get_distro().codename
|
||||
#print 'codename:', codename
|
||||
(line, file) = ppa.expand_ppa_line(repository.strip(), codename)
|
||||
#print 'line:', line
|
||||
#print 'file:', file
|
||||
deb_source_entry = sourceslist.SourceEntry(line, file)
|
||||
src_source_entry = sourceslist.SourceEntry('deb-src{}'.format(line[3:]), file)
|
||||
|
||||
try:
|
||||
sp = SoftwareProperties()
|
||||
sp.remove_source(deb_source_entry)
|
||||
try:
|
||||
# If there's a deb-src entry, remove that too
|
||||
sp.remove_source(src_source_entry)
|
||||
except:
|
||||
pass
|
||||
remove_if_empty(file)
|
||||
return True
|
||||
except ValueError:
|
||||
print >> sys.stderr, "Error: '%s' doesn't exists in a sourcelist file" % line
|
||||
return False
|
||||
|
||||
if __name__ == '__main__':
|
||||
if (len(sys.argv) != 2):
|
||||
print >> sys.stderr, 'Error: need a repository as argument'
|
||||
sys.exit(2)
|
||||
repository = sys.argv[1]
|
||||
if remove_repository(repository):
|
||||
sys.exit(0)
|
||||
else:
|
||||
sys.exit(1)
|
||||
|
|
@ -29,9 +29,9 @@ fi
|
|||
|
||||
case "$state_should" in
|
||||
present)
|
||||
echo "add-apt-repository '$name'"
|
||||
echo "add-apt-repository -y '$name'"
|
||||
;;
|
||||
absent)
|
||||
echo "remove-apt-repository '$name'"
|
||||
echo "add-apt-repository -r -y '$name'"
|
||||
;;
|
||||
esac
|
||||
|
|
|
|||
|
|
@ -20,9 +20,4 @@
|
|||
|
||||
__package software-properties-common
|
||||
|
||||
require="__package/software-properties-common" \
|
||||
__file /usr/local/bin/remove-apt-repository \
|
||||
--source "$__type/files/remove-apt-repository" \
|
||||
--mode 0755
|
||||
|
||||
require="$__object_name" __apt_update_index
|
||||
|
|
|
|||
|
|
@ -2,13 +2,14 @@
|
|||
set -u
|
||||
|
||||
entry="$uri $distribution $component"
|
||||
|
||||
cat << DONE
|
||||
# Created by cdist ${__type##*/}
|
||||
# Do not change. Changes will be overwritten.
|
||||
#
|
||||
|
||||
# $name
|
||||
deb ${forcedarch} $entry
|
||||
deb ${options} $entry
|
||||
DONE
|
||||
if [ -f "$__object/parameter/include-src" ]; then
|
||||
echo "deb-src $entry"
|
||||
|
|
|
|||
|
|
@ -23,6 +23,9 @@ OPTIONAL PARAMETERS
|
|||
arch
|
||||
set this if you need to force and specific arch (ubuntu specific)
|
||||
|
||||
signed-by
|
||||
provide a GPG key fingerprint or keyring path for signature checks
|
||||
|
||||
state
|
||||
'present' or 'absent', defaults to 'present'
|
||||
|
||||
|
|
@ -56,6 +59,11 @@ EXAMPLES
|
|||
--uri http://archive.canonical.com/ \
|
||||
--component partner --state present
|
||||
|
||||
__apt_source goaccess \
|
||||
--uri http://deb.goaccess.io/ \
|
||||
--component main \
|
||||
--signed-by C03B48887D5E56B046715D3297BD1A0133449C3D
|
||||
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
|
|
|
|||
|
|
@ -31,9 +31,15 @@ fi
|
|||
component="$(cat "$__object/parameter/component")"
|
||||
|
||||
if [ -f "$__object/parameter/arch" ]; then
|
||||
forcedarch="[arch=$(cat "$__object/parameter/arch")]"
|
||||
else
|
||||
forcedarch=""
|
||||
options="arch=$(cat "$__object/parameter/arch")"
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/signed-by" ]; then
|
||||
options="$options signed-by=$(cat "$__object/parameter/signed-by")"
|
||||
fi
|
||||
|
||||
if [ "$options" != "" ]; then
|
||||
options="[$options]"
|
||||
fi
|
||||
|
||||
# export variables for use in template
|
||||
|
|
@ -41,7 +47,7 @@ export name
|
|||
export uri
|
||||
export distribution
|
||||
export component
|
||||
export forcedarch
|
||||
export options
|
||||
|
||||
# generate file from template
|
||||
mkdir "$__object/files"
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
state
|
||||
distribution
|
||||
component
|
||||
arch
|
||||
arch
|
||||
signed-by
|
||||
|
|
|
|||
|
|
@ -37,6 +37,12 @@ state
|
|||
source
|
||||
forwarded to :strong:`__file` type
|
||||
|
||||
file
|
||||
forwarded to :strong:`__file` type
|
||||
This can be used if multiple users need to have a dotfile updated,
|
||||
which will result in duplicate object id errors. When using the
|
||||
file parameter the object id can be some unique value.
|
||||
|
||||
MESSAGES
|
||||
--------
|
||||
|
||||
|
|
@ -61,6 +67,15 @@ EXAMPLES
|
|||
# Install default xmonad config for user 'eve'. Parent directory is created automatically.
|
||||
__dot_file .xmonad/xmonad.hs --user eve --state exists --source "$__files/xmonad.hs"
|
||||
|
||||
# install .vimrc for root and some users
|
||||
for user in root userx usery userz; do
|
||||
__dot_file "${user}_dot_vimrc" \
|
||||
--user $user \
|
||||
--file .vimrc \
|
||||
--state exists \
|
||||
--source "$__files/$user/.vimrc"
|
||||
done
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
|
||||
|
|
|
|||
|
|
@ -20,13 +20,19 @@ user="$(cat "${__object}/parameter/user")"
|
|||
home="$(cat "${__object}/explorer/home")"
|
||||
primary_group="$(cat "${__object}/explorer/primary_group")"
|
||||
dirmode="$(cat "${__object}/parameter/dirmode")"
|
||||
if [ -f "${__object}/parameter/file" ]; then
|
||||
file="$(cat "${__object}/parameter/file")"
|
||||
else
|
||||
file="${__object_id}"
|
||||
fi
|
||||
|
||||
|
||||
# Create parent directory. Type __directory has flag 'parents', but it
|
||||
# will leave us with root-owned directory in user home, which is not
|
||||
# acceptable. So we create parent directories one-by-one. XXX: maybe
|
||||
# it should be fixed in '__directory'?
|
||||
set --
|
||||
subpath=${__object_id}
|
||||
subpath=${file}
|
||||
while subpath="$(dirname "${subpath}")" ; do
|
||||
[ "${subpath}" = . ] && break
|
||||
set -- "${subpath}" "$@"
|
||||
|
|
@ -64,4 +70,4 @@ if [ "${source}" = "-" ] ; then
|
|||
fi
|
||||
unset source
|
||||
|
||||
__file "${home}/${__object_id}" --owner "$user" --group "$primary_group" "$@"
|
||||
__file "${home}/${file}" --owner "$user" --group "$primary_group" "$@"
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2011-2012 Nico Schottelius (nico-cdist at schottelius.org)
|
||||
# 2013 Steven Armstrong (steven-cdist armstrong.cc)
|
||||
# 2013-2022 Steven Armstrong (steven-cdist armstrong.cc)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
|
|
@ -72,6 +72,7 @@ if [ "$state_should" = "present" ] || [ "$state_should" = "exists" ]; then
|
|||
if [ "$type" != "file" ]; then
|
||||
# destination is not a regular file, upload source to replace it
|
||||
upload_file=1
|
||||
echo upload >> "$__messages_out"
|
||||
else
|
||||
local_cksum="$(cksum < "$source")"
|
||||
remote_cksum="$(cat "$__object/explorer/cksum")"
|
||||
|
|
@ -88,27 +89,39 @@ if [ "$state_should" = "present" ] || [ "$state_should" = "exists" ]; then
|
|||
mkdir "$__object/files"
|
||||
touch "$__object/files/set-attributes"
|
||||
|
||||
# upload file to temp location
|
||||
tempfile_template="${destination}.cdist.XXXXXXXXXX"
|
||||
cat << DONE
|
||||
destination_upload="\$($__remote_exec $__target_host "mktemp $tempfile_template")"
|
||||
DONE
|
||||
if [ "$upload_file" ]; then
|
||||
echo upload >> "$__messages_out"
|
||||
# IPv6 fix
|
||||
if echo "${__target_host}" | grep -q -E '^[0-9a-fA-F:]+$'
|
||||
then
|
||||
my_target_host="[${__target_host}]"
|
||||
else
|
||||
my_target_host="${__target_host}"
|
||||
fi
|
||||
cat << DONE
|
||||
$__remote_copy "$source" "${my_target_host}:\$destination_upload"
|
||||
DONE
|
||||
if [ "$create_file" ]; then
|
||||
# When creating an empty file we create it locally and then
|
||||
# upload it so that permissions can be set before moving the file
|
||||
# into place.
|
||||
source="$__object/files/empty"
|
||||
touch "$source"
|
||||
fi
|
||||
# move uploaded file into place
|
||||
cat << DONE
|
||||
$__remote_exec $__target_host "rm -rf \"$destination\"; mv \"\$destination_upload\" \"$destination\""
|
||||
|
||||
# upload file to temp location
|
||||
upload_destination="${destination}.cdist.${__cdist_object_marker}.$$"
|
||||
# Yes, we are aware that this is a race condition.
|
||||
# However:
|
||||
# a) cdist usually writes to directories that are not user writable
|
||||
# (probably > 99.9%)
|
||||
# b) if they are user owned, the user / attacker always wins
|
||||
# (probably < 0.1%)
|
||||
# c) the only case which we could improve are tmp directories and we
|
||||
# don't think managing tmp directories with cdist is a typical case
|
||||
# ("the rest %)"
|
||||
|
||||
# Tell gencode-remote to where we uploaded the file so it can move
|
||||
# it to its final destination.
|
||||
echo "$upload_destination" > "$__object/files/upload-destination"
|
||||
|
||||
# IPv6 fix
|
||||
if echo "${__target_host}" | grep -q -E '^[0-9a-fA-F:]+$'
|
||||
then
|
||||
my_target_host="[${__target_host}]"
|
||||
else
|
||||
my_target_host="${__target_host}"
|
||||
fi
|
||||
cat << DONE
|
||||
$__remote_copy "$source" "${my_target_host}:${upload_destination}"
|
||||
DONE
|
||||
fi
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2011-2013 Nico Schottelius (nico-cdist at schottelius.org)
|
||||
# 2013 Steven Armstrong (steven-cdist armstrong.cc)
|
||||
# 2013-2022 Steven Armstrong (steven-cdist armstrong.cc)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
|
|
@ -62,6 +62,13 @@ set_mode() {
|
|||
|
||||
case "$state_should" in
|
||||
present|exists)
|
||||
if [ -f "$__object/files/upload-destination" ]; then
|
||||
final_destination="$destination"
|
||||
# We change the 'global' $destination variable here so we can
|
||||
# change attributes of the new/uploaded file before moving it
|
||||
# to it's final destination.
|
||||
destination="$(cat "$__object/files/upload-destination")"
|
||||
fi
|
||||
# Note: Mode - needs to happen last as a chown/chgrp can alter mode by
|
||||
# clearing S_ISUID and S_ISGID bits (see chown(2))
|
||||
for attribute in group owner mode; do
|
||||
|
|
@ -81,6 +88,11 @@ case "$state_should" in
|
|||
fi
|
||||
fi
|
||||
done
|
||||
if [ -f "$__object/files/upload-destination" ]; then
|
||||
# move uploaded file into place
|
||||
printf 'rm -rf "%s"\n' "$final_destination"
|
||||
printf 'mv "%s" "%s"\n' "$destination" "$final_destination"
|
||||
fi
|
||||
if [ -f "$__object/files/set-attributes" ]; then
|
||||
# set-attributes is created if file is created or uploaded in gencode-local
|
||||
fire_onchange=1
|
||||
|
|
|
|||
|
|
@ -14,6 +14,9 @@ next:
|
|||
* Types __letsencrypt_cert, __grafana_dashboard: Improve bullseye support (Evilham)
|
||||
* Type __ssh_authorized_key: Also remove tmpfile if removing line (Mark Verboom)
|
||||
* Type __apt_pin: Add default priority, add comment in generated files (Daniel Fancsali)
|
||||
* Type __file: make file uploading and attribute changes more atomic (Steven Armstrong)
|
||||
* Type __dot_file: Add support for using --file parameter (Stephan Leemburg)
|
||||
* Type __apt_ppa: Replace custom "remove-apt-repository" with add-apt-repository -r (Romain Dartigues)
|
||||
|
||||
6.9.8: 2021-08-24
|
||||
* Type __rsync: Rewrite (Ander Punnar)
|
||||
|
|
|
|||
Loading…
Reference in New Issue