Implement python types

.gitignore

@@ -24,8 +24,6 @@ docs/src/man1/*.1
 docs/src/man7/*.7
 docs/src/man7/cdist-type__*.rst
 docs/src/cdist-reference.rst
-docs/src/cdist-types.rst
-docs/src/cdist.cfg.skeleton
 
 # Ignore cdist cache for version control
 /cache/
@@ -36,7 +34,7 @@ cdist/inventory/
 # Python: cache, distutils, distribution in general
 __pycache__/
 *.pyc
-/MANIFEST
+MANIFEST
 dist/
 cdist/version.py
 cdist.egg-info/

.gitlab-ci.yml

@@ -1,18 +0,0 @@
-stages:
-    - test
-
-unit_tests:
-    stage: test
-    script:
-        - ./bin/build-helper version
-        - ./bin/build-helper test
-
-pycodestyle:
-    stage: test
-    script:
-        - ./bin/build-helper pycodestyle
-
-shellcheck:
-    stage: test
-    script:
-        - ./bin/build-helper shellcheck

LICENSE

@@ -1,674 +0,0 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 3, 29 June 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
-
-  The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works.  By contrast,
-the GNU General Public License is intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users.  We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors.  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
-  To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights.  Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received.  You must make sure that they, too, receive
-or can get the source code.  And you must show them these terms so they
-know their rights.
-
-  Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
-
-  For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software.  For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
-  Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so.  This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software.  The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable.  Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products.  If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
-  Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary.  To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                       TERMS AND CONDITIONS
-
-  0. Definitions.
-
-  "This License" refers to version 3 of the GNU General Public License.
-
-  "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
-  "The Program" refers to any copyrightable work licensed under this
-License.  Each licensee is addressed as "you".  "Licensees" and
-"recipients" may be individuals or organizations.
-
-  To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy.  The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
-  A "covered work" means either the unmodified Program or a work based
-on the Program.
-
-  To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy.  Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
-  To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies.  Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
-  An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License.  If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
-  1. Source Code.
-
-  The "source code" for a work means the preferred form of the work
-for making modifications to it.  "Object code" means any non-source
-form of a work.
-
-  A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
-  The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form.  A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
-  The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities.  However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work.  For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
-  The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
-  The Corresponding Source for a work in source code form is that
-same work.
-
-  2. Basic Permissions.
-
-  All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met.  This License explicitly affirms your unlimited
-permission to run the unmodified Program.  The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work.  This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
-  You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force.  You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright.  Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
-  Conveying under any other circumstances is permitted solely under
-the conditions stated below.  Sublicensing is not allowed; section 10
-makes it unnecessary.
-
-  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
-  No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
-  When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
-  4. Conveying Verbatim Copies.
-
-  You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
-  You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
-  5. Conveying Modified Source Versions.
-
-  You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
-    a) The work must carry prominent notices stating that you modified
-    it, and giving a relevant date.
-
-    b) The work must carry prominent notices stating that it is
-    released under this License and any conditions added under section
-    7.  This requirement modifies the requirement in section 4 to
-    "keep intact all notices".
-
-    c) You must license the entire work, as a whole, under this
-    License to anyone who comes into possession of a copy.  This
-    License will therefore apply, along with any applicable section 7
-    additional terms, to the whole of the work, and all its parts,
-    regardless of how they are packaged.  This License gives no
-    permission to license the work in any other way, but it does not
-    invalidate such permission if you have separately received it.
-
-    d) If the work has interactive user interfaces, each must display
-    Appropriate Legal Notices; however, if the Program has interactive
-    interfaces that do not display Appropriate Legal Notices, your
-    work need not make them do so.
-
-  A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit.  Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
-  6. Conveying Non-Source Forms.
-
-  You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
-    a) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by the
-    Corresponding Source fixed on a durable physical medium
-    customarily used for software interchange.
-
-    b) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by a
-    written offer, valid for at least three years and valid for as
-    long as you offer spare parts or customer support for that product
-    model, to give anyone who possesses the object code either (1) a
-    copy of the Corresponding Source for all the software in the
-    product that is covered by this License, on a durable physical
-    medium customarily used for software interchange, for a price no
-    more than your reasonable cost of physically performing this
-    conveying of source, or (2) access to copy the
-    Corresponding Source from a network server at no charge.
-
-    c) Convey individual copies of the object code with a copy of the
-    written offer to provide the Corresponding Source.  This
-    alternative is allowed only occasionally and noncommercially, and
-    only if you received the object code with such an offer, in accord
-    with subsection 6b.
-
-    d) Convey the object code by offering access from a designated
-    place (gratis or for a charge), and offer equivalent access to the
-    Corresponding Source in the same way through the same place at no
-    further charge.  You need not require recipients to copy the
-    Corresponding Source along with the object code.  If the place to
-    copy the object code is a network server, the Corresponding Source
-    may be on a different server (operated by you or a third party)
-    that supports equivalent copying facilities, provided you maintain
-    clear directions next to the object code saying where to find the
-    Corresponding Source.  Regardless of what server hosts the
-    Corresponding Source, you remain obligated to ensure that it is
-    available for as long as needed to satisfy these requirements.
-
-    e) Convey the object code using peer-to-peer transmission, provided
-    you inform other peers where the object code and Corresponding
-    Source of the work are being offered to the general public at no
-    charge under subsection 6d.
-
-  A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
-  A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling.  In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage.  For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product.  A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
-  "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source.  The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
-  If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information.  But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
-  The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed.  Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
-  Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
-  7. Additional Terms.
-
-  "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law.  If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
-  When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it.  (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.)  You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
-  Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
-    a) Disclaiming warranty or limiting liability differently from the
-    terms of sections 15 and 16 of this License; or
-
-    b) Requiring preservation of specified reasonable legal notices or
-    author attributions in that material or in the Appropriate Legal
-    Notices displayed by works containing it; or
-
-    c) Prohibiting misrepresentation of the origin of that material, or
-    requiring that modified versions of such material be marked in
-    reasonable ways as different from the original version; or
-
-    d) Limiting the use for publicity purposes of names of licensors or
-    authors of the material; or
-
-    e) Declining to grant rights under trademark law for use of some
-    trade names, trademarks, or service marks; or
-
-    f) Requiring indemnification of licensors and authors of that
-    material by anyone who conveys the material (or modified versions of
-    it) with contractual assumptions of liability to the recipient, for
-    any liability that these contractual assumptions directly impose on
-    those licensors and authors.
-
-  All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10.  If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term.  If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
-  If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
-  Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
-  8. Termination.
-
-  You may not propagate or modify a covered work except as expressly
-provided under this License.  Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
-  However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
-  Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
-  Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License.  If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
-  9. Acceptance Not Required for Having Copies.
-
-  You are not required to accept this License in order to receive or
-run a copy of the Program.  Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance.  However,
-nothing other than this License grants you permission to propagate or
-modify any covered work.  These actions infringe copyright if you do
-not accept this License.  Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
-  10. Automatic Licensing of Downstream Recipients.
-
-  Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License.  You are not responsible
-for enforcing compliance by third parties with this License.
-
-  An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations.  If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
-  You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License.  For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
-  11. Patents.
-
-  A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based.  The
-work thus licensed is called the contributor's "contributor version".
-
-  A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version.  For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
-  Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
-  In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement).  To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
-  If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients.  "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
-  If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
-  A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License.  You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
-  Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
-  12. No Surrender of Others' Freedom.
-
-  If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all.  For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
-  13. Use with the GNU Affero General Public License.
-
-  Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
-combined work, and to convey the resulting work.  The terms of this
-License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
-
-  14. Revised Versions of this License.
-
-  The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation.  If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
-  If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
-  Later license versions may give you additional or different
-permissions.  However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
-  15. Disclaimer of Warranty.
-
-  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. Limitation of Liability.
-
-  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
-  17. Interpretation of Sections 15 and 16.
-
-  If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    cdist
-    Copyright (C) 2019  ungleich-public
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
-  If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
-    cdist  Copyright (C) 2019  ungleich-public
-    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
-
-  You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-<http://www.gnu.org/licenses/>.
-
-  The GNU General Public License does not permit incorporating your program
-into proprietary programs.  If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.  But first, please read
-<http://www.gnu.org/philosophy/why-not-lgpl.html>.

Makefile

@@ -31,9 +31,9 @@ help:
 	@echo "docs-clean      clean documentation"
 	@echo "clean           clean"
 
-DOCS_SRC_DIR=./docs/src
-SPEECHDIR=./docs/speeches
-TYPEDIR=./cdist/conf/type
+DOCS_SRC_DIR=docs/src
+SPEECHDIR=docs/speeches
+TYPEDIR=cdist/conf/type
 
 SPHINXM=make -C $(DOCS_SRC_DIR) man
 SPHINXH=make -C $(DOCS_SRC_DIR) html
@@ -63,18 +63,6 @@ DOCSREFSH=$(DOCS_SRC_DIR)/cdist-reference.rst.sh
 $(DOCSREF): $(DOCSREFSH)
 	$(DOCSREFSH)
 
-# Html types list with references
-DOCSTYPESREF=$(MAN7DSTDIR)/cdist-types.rst
-DOCSTYPESREFSH=$(DOCS_SRC_DIR)/cdist-types.rst.sh
-
-$(DOCSTYPESREF): $(DOCSTYPESREFSH)
-	$(DOCSTYPESREFSH)
-
-DOCSCFGSKEL=./configuration/cdist.cfg.skeleton
-
-configskel: $(DOCSCFGSKEL)
-	cp -f "$(DOCSCFGSKEL)" "$(DOCS_SRC_DIR)/"
-
 version:
 	@[ -f "cdist/version.py" ] || { \
 		printf "Missing 'cdist/version.py', please generate it first.\n" && exit 1; \
@@ -84,7 +72,7 @@ version:
 man: version $(MANTYPES) $(DOCSREF)
 	$(SPHINXM)
 
-html: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF)
+html: version $(MANTYPES) $(DOCSREF)
 	$(SPHINXH)
 
 docs: man html
@@ -126,8 +114,6 @@ speeches: $(SPEECHES)
 #
 clean: docs-clean
 	rm -f $(DOCS_SRC_DIR)/cdist-reference.rst
-	rm -f $(DOCS_SRC_DIR)/cdist-types.rst
-	rm -f $(DOCS_SRC_DIR)/cdist.cfg.skeleton
 
 	find "$(DOCS_SRC_DIR)" -mindepth 2 -type l \
 	| xargs rm -f

bin/build-helper

@@ -23,8 +23,9 @@
 #
 
 usage() {
-    printf "usage: %s TARGET [TARGET-ARGS...]
+    printf "usage: %s TARGET RUN-AS
     Available targets:
+        print-runas
         changelog-changes
         changelog-version
         check-date
@@ -57,30 +58,64 @@ usage() {
         version
         target-version
         clean
-        distclean\n" "$1"
+        distclean
+    Run as:
+        nico
+        darko - default, if empty string specified\n" "$1"
 }
 
 basename="${0##*/}"
 
-if [ $# -lt 1 ]
+if [ $# -lt 2 ]
 then
     usage "${basename}"
     exit 1
 fi
 
 option=$1; shift
+run_as="$1"; shift
+
+case "$run_as" in
+    nico)
+        from_a=nico.schottelius
+        from_d=ungleich.ch
+        ml_name="Nico Schottelius"
+        ml_sig_name="Nico"
+    ;;
+    darko|'')
+        from_a=darko.poljak
+        from_d=gmail.com
+        ml_name="Darko Poljak"
+        ml_sig_name="Darko"
+        if [ -z "${run_as}" ]
+        then
+            run_as="darko"
+        fi
+    ;;
+    *)
+        printf "Unsupported RUN-AS value: '%s'.\n" "${run_as}" >&2
+        usage "${basename}"
+        exit 1
+    ;;
+esac
 
 SHELLCHECKCMD="shellcheck -s sh -f gcc -x"
 # Skip SC2154 for variables starting with __ since such variables are cdist
 # environment variables.
 SHELLCHECK_SKIP=': __.*is referenced but not assigned.*\[SC2154\]'
-SHELLCHECKTMP=".shellcheck.tmp"
+
+to_a="cdist-configuration-management"
+to_d="googlegroups.com"
 
 # Change to checkout directory
 basedir="${0%/*}/../"
 cd "$basedir"
 
 case "$option" in
+    print-runas)
+        printf "run_as: '%s'\n" "$run_as"
+    ;;
+
     changelog-changes)
         if [ "$#" -eq 1 ]; then
             start=$1
@@ -124,7 +159,7 @@ case "$option" in
     ;;
 
     check-unittest)
-        "$0" test
+        "$0" test "${run_as}"
     ;;
 
     ml-release)
@@ -133,10 +168,20 @@ case "$option" in
             exit 1
         fi
 
+        # Send mail only once - lock until new changelog things happened.
+        [ ! -f .lock-ml ] && touch .lock-ml
+        x=$(find 'docs' -name changelog -type f -newer .lock-ml)
+        [ -z "${x}" ] && exit 0
+
         version=$1; shift
 
+        to=${to_a}@${to_d}
+        from=${from_a}@${from_d}
+
         ( 
         cat << eof
+From: ${ml_name} <$from>
+To: cdist mailing list <$to>
 Subject: cdist $version has been released
 
 Hello .*,
@@ -145,11 +190,23 @@ cdist $version has been released with the following changes:
 
 eof
 
-        "$0" changelog-changes "$version"
+        "$0" changelog-changes "${run_as}" "$version"
         cat << eof
 
+Cheers,
+${ml_sig_name}
+
+-- 
+Automatisation at its best level. With cdist.
 eof
         ) > mailinglist.tmp
+
+        if [ "$run_as" = "nico" ]
+        then
+            /usr/sbin/sendmail -f "$from" "$to" < mailinglist.tmp && rm -f mailinglist.tmp
+        fi
+
+        touch .lock-ml
     ;;
 
     archlinux-release)
@@ -168,7 +225,7 @@ eof
 
     pypi-release)
         # Ensure that pypi release has the right version
-        "$0" version
+        "$0" version "${run_as}"
 
         make docs-clean
         make docs
@@ -176,7 +233,7 @@ eof
     ;;
 
     release-git-tag)
-        target_version=$($0 changelog-version)
+        target_version=$($0 changelog-version "${run_as}")
         if git rev-parse --verify "refs/tags/${target_version}" 2>/dev/null; then
             printf "Tag for %s exists, aborting\n" "${target_version}"
             exit 1
@@ -230,7 +287,7 @@ eof
             git archive --prefix="cdist-${tag}/" -o "${archivename}" "${tag}" \
                 || exit 1
             # make sure target version is generated
-            "$0" target-version
+            "$0" target-version "${run_as}"
             tar -x -f "${archivename}" || exit 1
             cp cdist/version.py "cdist-${tag}/cdist/version.py" || exit 1
             tar -c -f "${archivename}" "cdist-${tag}/" || exit 1
@@ -260,7 +317,7 @@ eof
              | sed "${sed_cmd}") || exit 1
 
         # make release
-        changelog=$("$0" changelog-changes "$1" | sed 's/^[[:space:]]*//')
+        changelog=$("$0" changelog-changes "${run_as}" "$1" | sed 's/^[[:space:]]*//')
         release_notes=$(
             printf "%s\n\n%s\n\n**Changelog**\n\n%s\n" \
                 "${response_archive}" "${response_archive_sig}" "${changelog}"
@@ -281,19 +338,19 @@ eof
 
     release)
         set -e
-        target_version=$($0 changelog-version)
-        target_branch=$($0 version-branch)
+        target_version=$($0 changelog-version "${run_as}")
+        target_branch=$($0 version-branch "${run_as}")
 
         printf "Beginning release process for %s\n" "${target_version}"
 
         # First check everything is sane
-        "$0" check-date
-        "$0" check-unittest
-        "$0" check-pycodestyle
-        "$0" check-shellcheck
+        "$0" check-date "${run_as}"
+        "$0" check-unittest "${run_as}"
+        "$0" check-pycodestyle "${run_as}"
+        "$0" check-shellcheck "${run_as}"
 
         # Generate version file to be included in packaging
-        "$0" target-version
+        "$0" target-version "${run_as}"
 
         # Ensure the git status is clean, else abort
         if ! git diff-index --name-only --exit-code HEAD ; then
@@ -328,8 +385,8 @@ eof
         fi
 
         # Verify that after the merge everything works
-        "$0" check-date
-        "$0" check-unittest
+        "$0" check-date "${run_as}"
+        "$0" check-unittest "${run_as}"
 
         # Generate documentation (man and html)
         # First, clean old generated docs
@@ -340,7 +397,7 @@ eof
         # Everything green, let's do the release
 
         # Tag the current commit
-        "$0" release-git-tag
+        "$0" release-git-tag "${run_as}"
 
         # Also merge back the version branch
         if [ "$masterbranch" = yes ]; then
@@ -349,28 +406,37 @@ eof
         fi
 
         # Publish git changes
-        # if you want to have mirror locally then uncomment this and comment below
+        # if you want to have mirror locally then uncomment this support
+        # if [ "$run_as" = "nico" ]
+        # then
         #     git push --mirror
+        # else
+            # if we are not Nico :) then just push, no mirror
             git push
             # push also new branch and set up tracking
             git push -u origin "${target_branch}"
         # fi
 
         # Create and publish package for pypi
-        "$0" pypi-release
+        "$0" pypi-release "${run_as}"
+
+        if [ "$run_as" = "nico" ]
+        then
+            # Archlinux release is based on pypi
+            "$0" archlinux-release "${run_as}"
+        fi
 
         # sign git tag
         printf "Enter upstream repository authentication token: "
         read -r token
-        "$0" sign-git-release "${target_version}" "${token}"
+        "$0" sign-git-release "${run_as}" "${target_version}" "${token}"
 
         # Announce change on ML
-        "$0" ml-release "${target_version}"
+        "$0" ml-release "${run_as}" "${target_version}"
 
         cat << eof
 Manual steps post release:
     - cdist-web
-    - send generated mailinglist.tmp mail
     - twitter
 eof
     ;;
@@ -406,11 +472,11 @@ eof
     ;;
 
     pycodestyle|pep8)
-        pycodestyle "${basedir}" "${basedir}/scripts/cdist"
+        pycodestyle "${basedir}" "${basedir}/scripts/cdist" | less
     ;;
 
     check-pycodestyle)
-        "$0" pycodestyle
+        "$0" pycodestyle "${run_as}"
         printf "\\nPlease review pycodestyle report.\\n"
         while true
         do
@@ -432,67 +498,53 @@ eof
     ;;
 
     shellcheck-global-explorers)
-        # shellcheck disable=SC2086
-        find cdist/conf/explorer -type f -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}"
-        test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
+        find cdist/conf/explorer -type f -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
     ;;
 
     shellcheck-type-explorers)
-        # shellcheck disable=SC2086
-        find cdist/conf/type -type f -path "*/explorer/*" -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}"
-        test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
+        find cdist/conf/type -type f -path "*/explorer/*" -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
     ;;
 
     shellcheck-manifests)
-        # shellcheck disable=SC2086
-        find cdist/conf/type -type f -name manifest -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}"
-        test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
+        find cdist/conf/type -type f -name manifest -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
     ;;
 
     shellcheck-local-gencodes)
-        # shellcheck disable=SC2086
-        find cdist/conf/type -type f -name gencode-local -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}"
-        test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
+        find cdist/conf/type -type f -name gencode-local -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
     ;;
 
     shellcheck-remote-gencodes)
-        # shellcheck disable=SC2086
-        find cdist/conf/type -type f -name gencode-remote -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}"
-        test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
+        find cdist/conf/type -type f -name gencode-remote -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
     ;;
 
     shellcheck-scripts)
-        # shellcheck disable=SC2086
-        ${SHELLCHECKCMD} scripts/cdist-dump scripts/cdist-new-type > "${SHELLCHECKTMP}"
-        test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
+        ${SHELLCHECKCMD} scripts/cdist-dump || exit 0
     ;;
 
     shellcheck-gencodes)
-        "$0" shellcheck-local-gencodes || exit 1
-        "$0" shellcheck-remote-gencodes || exit 1
+        "$0" shellcheck-local-gencodes "${run_as}"
+        "$0" shellcheck-remote-gencodes "${run_as}"
     ;;
 
     shellcheck-types)
-        "$0" shellcheck-type-explorers || exit 1
-        "$0" shellcheck-manifests || exit 1
-        "$0" shellcheck-gencodes || exit 1
+        "$0" shellcheck-type-explorers "${run_as}"
+        "$0" shellcheck-manifests "${run_as}"
+        "$0" shellcheck-gencodes "${run_as}"
     ;;
 
     shellcheck)
-        "$0" shellcheck-global-explorers || exit 1
-        "$0" shellcheck-types || exit 1
-        "$0" shellcheck-scripts || exit 1
+        "$0" shellcheck-global-explorers "${run_as}"
+        "$0" shellcheck-types "${run_as}"
+        "$0" shellcheck-scripts "${run_as}"
     ;;
 
     shellcheck-type-files)
-        # shellcheck disable=SC2086
-        find cdist/conf/type -type f -path "*/files/*" -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}"
-        test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
+        find cdist/conf/type -type f -path "*/files/*" -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
     ;;
 
     shellcheck-with-files)
-        "$0" shellcheck || exit 1
-        "$0" shellcheck-type-files || exit 1
+        "$0" shellcheck "${run_as}"
+        "$0" shellcheck-type-files "${run_as}"
     ;;
 
     shellcheck-build-helper)
@@ -500,7 +552,7 @@ eof
     ;;
 
     check-shellcheck)
-        "$0" shellcheck
+        "$0" shellcheck "${run_as}"
         printf "\\nPlease review shellcheck report.\\n"
         while true
         do
@@ -522,7 +574,7 @@ eof
     ;;
 
     version-branch)
-        "$0" changelog-version | cut -d. -f '1,2'
+        "$0" changelog-version "${run_as}" | cut -d. -f '1,2'
     ;;
 
     version)
@@ -530,7 +582,7 @@ eof
     ;;
 
     target-version)
-        target_version=$($0 changelog-version)
+        target_version=$($0 changelog-version "${run_as}")
         printf "VERSION = \"%s\"\n" "${target_version}" > cdist/version.py
     ;;
 
@@ -550,11 +602,10 @@ eof
 
         # Temp files
         rm -f ./*.tmp
-        rm -f ./.*.tmp
     ;;
 
     distclean)
-        "$0" clean
+        "$0" clean "${run_as}"
         rm -f cdist/version.py
     ;;
     *)

cdist/argparse.py

@@ -5,12 +5,12 @@ import logging
 import collections
 import functools
 import cdist.configuration
+import cdist.trigger
 import cdist.preos
-import cdist.info
 
 
 # set of beta sub-commands
-BETA_COMMANDS = set(('install', 'inventory', ))
+BETA_COMMANDS = set(('install', 'inventory', 'preos', 'trigger', ))
 # set of beta arguments for sub-commands
 BETA_ARGS = {
     'config': set(('tag', 'all_tagged_hosts', 'use_archiving', )),
@@ -22,7 +22,6 @@ parser = None
 
 _verbosity_level_off = -2
 _verbosity_level = {
-    None: logging.WARNING,
     _verbosity_level_off: logging.OFF,
     -1: logging.ERROR,
     0: logging.WARNING,
@@ -104,7 +103,7 @@ def get_parsers():
                                    name="log level"),
             help=('Set the specified verbosity level. '
                   'The levels, in order from the lowest to the highest, are: '
-                  'ERROR (-1), WARNING (0), INFO (1), VERBOSE (2), DEBUG (3), '
+                  'ERROR (-1), WARNING (0), INFO (1), VERBOSE (2), DEBUG (3) '
                   'TRACE (4 or higher). If used along with -v then -v '
                   'increases last set value and -l overwrites last set '
                   'value.'),
@@ -425,7 +424,7 @@ def get_parsers():
     parser['inventory'].set_defaults(
             func=cdist.inventory.Inventory.commandline)
 
-    # PreOS
+    # PreOs
     parser['preos'] = parser['sub'].add_parser('preos', add_help=False)
 
     # Shell
@@ -437,36 +436,27 @@ def get_parsers():
                   ' should be POSIX compatible shell.'))
     parser['shell'].set_defaults(func=cdist.shell.Shell.commandline)
 
-    # Info
-    parser['info'] = parser['sub'].add_parser('info')
-    parser['info'].add_argument(
-            '-a', '--all', help='Display all info. This is the default.',
-            action='store_true', default=False)
-    parser['info'].add_argument(
-            '-c', '--conf-dir',
-            help='Add configuration directory (can be repeated).',
-            action='append')
-    parser['info'].add_argument(
-            '-e', '--global-explorers',
-            help='Display info for global explorers.', action='store_true',
-            default=False)
-    parser['info'].add_argument(
-            '-F', '--fixed-string',
-            help='Interpret pattern as a fixed string.', action='store_true',
-            default=False)
-    parser['info'].add_argument(
-            '-f', '--full', help='Display full details.',
-            action='store_true', default=False)
-    parser['info'].add_argument(
-           '-g', '--config-file',
-           help='Use specified custom configuration file.',
-           dest="config_file", required=False)
-    parser['info'].add_argument(
-            '-t', '--types', help='Display info for types.',
-            action='store_true', default=False)
-    parser['info'].add_argument(
-            'pattern', nargs='?', help='Glob pattern.')
-    parser['info'].set_defaults(func=cdist.info.Info.commandline)
+    # Trigger
+    parser['trigger'] = parser['sub'].add_parser(
+            'trigger', parents=[parser['loglevel'],
+                                parser['beta'],
+                                parser['common'],
+                                parser['config_main']])
+    parser['trigger'].add_argument(
+            '-D', '--directory', action='store', required=False,
+            help=('Where to create local files'))
+    parser['trigger'].add_argument(
+            '-H', '--http-port', action='store', default=3000, required=False,
+            help=('Create trigger listener via http on specified port'))
+    parser['trigger'].add_argument(
+            '--ipv6', default=False,
+            help=('Listen to both IPv4 and IPv6 (instead of only IPv4)'),
+            action='store_true')
+    parser['trigger'].add_argument(
+            '-O', '--source', action='store', required=False,
+            help=('Which file to copy for creation'))
+
+    parser['trigger'].set_defaults(func=cdist.trigger.Trigger.commandline)
 
     for p in parser:
         parser[p].epilog = EPILOG

cdist/conf/explorer/hostname

@@ -1,6 +1,7 @@
 #!/bin/sh
 #
-# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
+# 2010-2014 Nico Schottelius (nico-cdist at schottelius.org)
+# 2012 Steven Armstrong (steven-cdist at armstrong.cc)
 #
 # This file is part of cdist.
 #
@@ -18,12 +19,7 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 #
-# Retrieve the running hostname
-#
 
-if command -v hostname >/dev/null
-then
-	hostname
-else
-	uname -n
+if command -v uname >/dev/null; then
+   uname -n
 fi

cdist/conf/explorer/interfaces

@@ -18,11 +18,13 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
-if command -v ip >/dev/null
+if command -v ip > /dev/null
 then
-	ip -o link show | sed -n 's/^[0-9]\+: \(.\+\): <.*/\1/p'
-elif command -v ifconfig >/dev/null
+    ip -o link show | sed -n 's/^[0-9]\+: \(.\+\): <.*/\1/p'
+
+elif command -v ifconfig > /dev/null
 then
-	ifconfig -a | sed -n -E 's/^(.*)(:[[:space:]]*flags=|Link encap).*/\1/p'
-fi \
- | sort -u
+    ifconfig -a \
+        | sed -n -E 's/^(.*)(:[[:space:]]*flags=|Link encap).*/\1/p' \
+        | sort -u
+fi

cdist/conf/explorer/os

@@ -145,7 +145,7 @@ esac
 if [ -f /etc/os-release ]; then
    # already lowercase, according to:
    # https://www.freedesktop.org/software/systemd/man/os-release.html
-   awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release
+   awk -F= '/^ID=/ {print $2;}' /etc/os-release
    exit 0
 fi
 

cdist/conf/type/__acl/explorer/missing_users_groups

@@ -18,22 +18,30 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
-# TODO check if filesystem has ACL turned on etc
+[ ! -e "/$__object_id" ] && exit 0
 
-if [ -f "$__object/parameter/acl" ]
-then
-    grep -E '^(default:)?(user|group):' "$__object/parameter/acl" \
-    | while read -r acl
+for parameter in user group
+do
+    if [ ! -f "$__object/parameter/$parameter" ]
+    then
+        continue
+    fi
+
+    while read -r acl
     do
-        param="$( echo "$acl" | awk -F: '{print $(NF-2)}' )"
-        check="$( echo "$acl" | awk -F: '{print $(NF-1)}' )"
+        check="$( echo "$acl" | awk -F: '{print $1}' )"
 
-        [ "$param" = 'user' ] && db=passwd || db="$param"
-
-        if ! getent "$db" "$check" > /dev/null
+        if [ "$parameter" = 'user' ]
         then
-            echo "missing $param '$check'" >&2
-            exit 1
+            getent_db=passwd
+        else
+            getent_db="$parameter"
         fi
-    done
-fi
+
+        if ! getent "$getent_db" "$check" > /dev/null
+        then
+            echo "missing $parameter '$check'"
+        fi
+    done \
+        < "$__object/parameter/$parameter"
+done

cdist/conf/type/__acl/gencode-remote

@@ -20,68 +20,59 @@
 
 file_is="$( cat "$__object/explorer/file_is" )"
 
-[ "$file_is" = 'missing' ] && [ -z "$__cdist_dry_run" ] && exit 0
+[ "$file_is" = 'missing' ] && exit 0
 
-os="$( cat "$__global/explorer/os" )"
+missing_users_groups="$( cat "$__object/explorer/missing_users_groups" )"
 
-acl_path="/$__object_id"
-
-acl_is="$( cat "$__object/explorer/acl_is" )"
-
-if [ -f "$__object/parameter/entry" ]
+if [ -n "$missing_users_groups" ]
 then
-    acl_should="$( cat "$__object/parameter/entry" )"
-elif [ -f "$__object/parameter/acl" ]
-then
-    acl_should="$( cat "$__object/parameter/acl" )"
-elif
-    [ -f "$__object/parameter/user" ] \
-        || [ -f "$__object/parameter/group" ] \
-        || [ -f "$__object/parameter/mask" ] \
-        || [ -f "$__object/parameter/other" ]
-then
-    acl_should="$( for param in user group mask other
-    do
-        [ ! -f "$__object/parameter/$param" ] && continue
-
-        echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=:
-
-        echo "$param$sep$( cat "$__object/parameter/$param" )"
-    done )"
-else
-    echo 'no parameters set' >&2
+    echo "$missing_users_groups" >&2
     exit 1
 fi
 
-if [ -f "$__object/parameter/default" ]
+os="$( cat "$__global/explorer/os" )"
+
+acl_is="$( cat "$__object/explorer/acl_is" )"
+
+acl_path="/$__object_id"
+
+if [ -f "$__object/parameter/default" ] && [ "$file_is" = 'directory' ]
 then
-    acl_should="$( echo "$acl_should" \
-        | sed 's/^default://' \
-        | sort -u \
-        | sed 's/\(.*\)/default:\1\n\1/' )"
+    set_default=1
+else
+    set_default=0
 fi
 
-if [ "$file_is" = 'regular' ] \
-    && echo "$acl_should" | grep -Eq '^default:'
-then
-    # only directories can have default ACLs,
-    # but instead of error,
-    # let's just remove default entries
-    acl_should="$( echo "$acl_should" | grep -Ev '^default:' )"
-fi
+acl_should="$( for parameter in user group mask other
+do
+    if [ ! -f "$__object/parameter/$parameter" ]
+    then
+        continue
+    fi
 
-if echo "$acl_should" | awk -F: '{ print $NF }' | grep -Fq 'X'
-then
-    [ "$file_is" = 'directory' ] && rep=x || rep=-
+    while read -r acl
+    do
+        if echo "$acl" | awk -F: '{ print $NF }' | grep -Fq 'X'
+        then
+            [ "$file_is" = 'directory' ] && rep=x || rep=-
 
-    acl_should="$( echo "$acl_should" | sed "s/\\(.*\\)X/\\1$rep/" )"
-fi
+            acl="$( echo "$acl" | sed "s/\(.*\)X/\1$rep/" )"
+        fi
+
+        echo "$parameter" | grep -Eq '(mask|other)' && sep=:: || sep=:
+
+        echo "$parameter$sep$acl"
+
+        [ "$set_default" = '1' ] && echo "default:$parameter$sep$acl"
+    done \
+        < "$__object/parameter/$parameter"
+done )"
 
 setfacl_exec='setfacl'
 
 if [ -f "$__object/parameter/recursive" ]
 then
-    if echo "$os" | grep -Fq 'freebsd'
+    if echo "$os" | grep -Eq 'macosx|freebsd'
     then
         echo "$os setfacl do not support recursive operations" >&2
     else
@@ -91,36 +82,44 @@ fi
 
 if [ -f "$__object/parameter/remove" ]
 then
-    echo "$acl_is" | while read -r acl
-    do
-        # skip wanted ACL entries which already exist
-        # and skip mask and other entries, because we
-        # can't actually remove them, but only change.
-        if echo "$acl_should" | grep -Eq "^$acl" \
-            || echo "$acl" | grep -Eq '^(default:)?(mask|other)'
-        then continue
-        fi
+    if echo "$os" | grep -Fq 'solaris'
+    then
+        # Solaris setfacl behaves differently.
+        # We will not support Solaris for now, because no way to test it.
+        # But adding support should be easy (use -s instead of -m on modify).
+        echo "$os setfacl do not support -x flag for ACL remove" >&2
+    else
+        echo "$acl_is" | while read -r acl
+        do
+            # Skip wanted ACL entries which already exist
+            # and skip mask and other entries, because we
+            # can't actually remove them, but only change.
+            if echo "$acl_should" | grep -Eq "^$acl" \
+                || echo "$acl" | grep -Eq '^(default:)?(mask|other)'
+            then continue
+            fi
 
-        if echo "$os" | grep -Fq 'freebsd'
-        then
-            remove="$acl"
-        else
-            remove="$( echo "$acl" | sed 's/:...$//' )"
-        fi
+            if echo "$os" | grep -Eq 'macosx|freebsd'
+            then
+                remove="$acl"
+            else
+                remove="$( echo "$acl" | sed 's/:...$//' )"
+            fi
 
-        echo "$setfacl_exec -x \"$remove\" \"$acl_path\""
-        echo "removed '$remove'" >> "$__messages_out"
-    done
+            echo "$setfacl_exec -x \"$remove\" \"$acl_path\""
+            echo "removed '$remove'" >> "$__messages_out"
+        done
+    fi
 fi
 
 for acl in $acl_should
 do
     if ! echo "$acl_is" | grep -Eq "^$acl"
     then
-        if echo "$os" | grep -Fq 'freebsd' \
+        if echo "$os" | grep -Eq 'macosx|freebsd' \
             && echo "$acl" | grep -Eq '^default:'
         then
-            echo "setting default ACL in $os is currently not supported" >&2
+            echo "setting default ACL in $os is currently not supported. sorry :(" >&2
         else
             echo "$setfacl_exec -m \"$acl\" \"$acl_path\""
             echo "added '$acl'" >> "$__messages_out"

cdist/conf/type/__acl/man.rst

@@ -8,36 +8,46 @@ cdist-type__acl - Set ACL entries
 
 DESCRIPTION
 -----------
-Fully supported and tested on Linux (ext4 filesystem), partial support for FreeBSD.
+ACL must be defined as 3-symbol combination, using ``r``, ``w``, ``x`` and ``-``.
+
+Fully supported on Linux (tested on Debian and CentOS).
+
+Partial support for FreeBSD, OSX and Solaris.
+
+OpenBSD and NetBSD support is not possible.
 
 See ``setfacl`` and ``acl`` manpages for more details.
 
 
-REQUIRED MULTIPLE PARAMETERS
+OPTIONAL MULTIPLE PARAMETERS
 ----------------------------
-entry
-   Set ACL entry following ``getfacl`` output syntax.
+user
+   Add user ACL entry.
+
+group
+   Add group ACL entry.
+
+
+OPTIONAL PARAMETERS
+-------------------
+mask
+   Add mask ACL entry.
+
+other
+   Add other ACL entry.
 
 
 BOOLEAN PARAMETERS
 ------------------
-default
-   Set all ACL entries as default too.
-   Only directories can have default ACLs.
-   Setting default ACL in FreeBSD is currently not supported.
-
 recursive
    Make ``setfacl`` recursive (Linux only), but not ``getfacl`` in explorer.
 
+default
+   Add default ACL entries (FreeBSD not supported).
+
 remove
-   Remove undefined ACL entries.
-   ``mask`` and ``other`` entries can't be removed, but only changed.
-
-
-DEPRECATED PARAMETERS
----------------------
-Parameters ``acl``, ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
-will be removed in future versions. Please use ``entry`` parameter instead.
+   Remove undefined ACL entries (Solaris not supported).
+   ACL entries for ``mask`` and ``other`` can't be removed.
 
 
 EXAMPLES
@@ -46,30 +56,15 @@ EXAMPLES
 .. code-block:: sh
 
     __acl /srv/project \
-        --default \
         --recursive \
-        --remove \
-        --entry user:alice:rwx \
-        --entry user:bob:r-x \
-        --entry group:project-group:rwx \
-        --entry group:some-other-group:r-x \
-        --entry mask::r-x \
-        --entry other::r-x
-
-    # give Alice read-only access to subdir,
-    # but don't allow her to see parent content.
-
-    __acl /srv/project2 \
-        --remove \
-        --entry default:group:secret-project:rwx \
-        --entry group:secret-project:rwx \
-        --entry user:alice:--x
-
-    __acl /srv/project2/subdir \
         --default \
         --remove \
-        --entry group:secret-project:rwx \
-        --entry user:alice:r-x
+        --user alice:rwx \
+        --user bob:r-x \
+        --group project-group:rwx \
+        --group some-other-group:r-x \
+        --mask r-x \
+        --other r-x
 
 
 AUTHORS

cdist/conf/type/__acl/parameter/deprecated/acl

@@ -1 +0,0 @@
-see manual for details

cdist/conf/type/__acl/parameter/deprecated/group

@@ -1 +0,0 @@
-see manual for details

cdist/conf/type/__acl/parameter/deprecated/mask

@@ -1 +0,0 @@
-see manual for details

cdist/conf/type/__acl/parameter/deprecated/other

@@ -1 +0,0 @@
-see manual for details

cdist/conf/type/__acl/parameter/deprecated/user

@@ -1 +0,0 @@
-see manual for details

cdist/conf/type/__acl/parameter/optional_multiple

@@ -1,4 +1,2 @@
-entry
-acl
 user
 group

cdist/conf/type/__apt_key/explorer/state

@@ -27,18 +27,6 @@ else
    keyid="$__object_id"
 fi
 
-keydir="$(cat "$__object/parameter/keydir")"
-keyfile="$keydir/$__object_id.gpg"
-
-if [ -d "$keydir" ]
-then
-   if [ -f "$keyfile" ]
-   then echo present
-   else echo absent
-   fi
-else
-   # fallback to deprecated apt-key
-   apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK" \
-      && echo present \
-      || echo absent
-fi
+apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK" \
+   && echo present \
+   || echo absent

cdist/conf/type/__apt_key/gencode-remote

@@ -31,82 +31,12 @@ if [ "$state_should" = "$state_is" ]; then
    exit 0
 fi
 
-keydir="$(cat "$__object/parameter/keydir")"
-keyfile="$keydir/$__object_id.gpg"
-
 case "$state_should" in
    present)
       keyserver="$(cat "$__object/parameter/keyserver")"
-
-      if [ -f "$__object/parameter/uri" ]; then
-         uri="$(cat "$__object/parameter/uri")"
-
-         if [ -d "$keydir" ]; then
-            cat << EOF
-
-curl -s -L \\
-    -o "$keyfile" \\
-    "$uri"
-
-key="\$( cat "$keyfile" )"
-
-if echo "\$key" | grep -Fq 'BEGIN PGP PUBLIC KEY BLOCK'
-then
-    echo "\$key" | gpg --dearmor > "$keyfile"
-fi
-
-EOF
-         else
-            # fallback to deprecated apt-key
-            echo "curl -s -L '$uri' | apt-key add -"
-         fi
-      elif [ -d "$keydir" ]; then
-         # we need to kill gpg after 30 seconds, because gpg
-         # can get stuck if keyserver is not responding.
-         # exporting env var and not exit 1,
-         # because we need to clean up and kill dirmngr.
-         cat << EOF
-
-gpgtmphome="\$( mktemp -d )"
-
-if timeout 30s \\
-    gpg --homedir "\$gpgtmphome" \\
-        --keyserver "$keyserver" \\
-        --recv-keys "$keyid"
-then
-    gpg --homedir "\$gpgtmphome" \\
-        --export "$keyid" \\
-        > "$keyfile"
-else
-    export GPG_GOT_STUCK=1
-fi
-
-GNUPGHOME="\$gpgtmphome" gpgconf --kill dirmngr
-
-rm -rf "\$gpgtmphome"
-
-if [ -n "\$GPG_GOT_STUCK" ]
-then
-    echo "GPG GOT STUCK - no response from keyserver after 30 seconds" >&2
-    exit 1
-fi
-
-EOF
-      else
-         # fallback to deprecated apt-key
-         echo "apt-key adv --keyserver \"$keyserver\" --recv-keys \"$keyid\""
-      fi
-
-      echo "added '$keyid'" >> "$__messages_out"
+      echo "apt-key adv --keyserver \"$keyserver\" --recv-keys \"$keyid\""
    ;;
    absent)
-      if [ -f "$keyfile" ]; then
-         echo "rm '$keyfile'"
-      else
-         # fallback to deprecated apt-key
-         echo "apt-key del \"$keyid\""
-      fi
-
-      echo "removed '$keyid'" >> "$__messages_out"
+      echo "apt-key del \"$keyid\""
    ;;
 esac

cdist/conf/type/__apt_key/man.rst

@@ -28,12 +28,6 @@ keyserver
    the keyserver from which to fetch the key. If omitted the default set
    in ./parameter/default/keyserver is used.
 
-keydir
-   key save location, defaults to ``/etc/apt/trusted.pgp.d``
-
-uri
-   the URI from which to download the key
-
 
 EXAMPLES
 --------
@@ -53,20 +47,15 @@ EXAMPLES
     # same thing with other keyserver
     __apt_key UbuntuArchiveKey --keyid 437D05B5 --keyserver keyserver.ubuntu.com
 
-    # download key from the internet
-    __apt_key rabbitmq \
-       --uri http://www.rabbitmq.com/rabbitmq-signing-key-public.asc
-
 
 AUTHORS
 -------
 Steven Armstrong <steven-cdist--@--armstrong.cc>
-Ander Punnar <ander-at-kvlt-dot-ee>
 
 
 COPYING
 -------
-Copyright \(C) 2011-2019 Steven Armstrong and Ander Punnar. You can
-redistribute it and/or modify it under the terms of the GNU General Public
-License as published by the Free Software Foundation, either version 3 of the
+Copyright \(C) 2011-2014 Steven Armstrong. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
 License, or (at your option) any later version.

cdist/conf/type/__apt_key/manifest

@@ -1,8 +0,0 @@
-#!/bin/sh -e
-
-__package gnupg
-
-if [ -f "$__object/parameter/uri" ]
-then __package curl
-else __package dirmngr
-fi

cdist/conf/type/__apt_key/parameter/default/keydir

@@ -1 +0,0 @@
-/etc/apt/trusted.gpg.d

cdist/conf/type/__apt_key/parameter/optional

@@ -1,5 +1,3 @@
 state
 keyid
 keyserver
-keydir
-uri

cdist/conf/type/__cdist_preos_trigger/gencode-remote

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+os=$(cat "$__global/explorer/os")
+
+case "$os" in
+    devuan)
+        echo "update-rc.d cdist-preos-trigger defaults > /dev/null"
+    ;;
+    *)
+    ;;
+esac
+

cdist/conf/type/__cdist_preos_trigger/man.rst

@@ -0,0 +1,45 @@
+cdist-type__cdist_preos_trigger(7)
+==================================
+
+NAME
+----
+cdist-type__cdist_preos_trigger - configure cdist preos trigger
+
+
+DESCRIPTION
+-----------
+Create cdist PreOS trigger by creating systemd unit file that will be started
+at boot and will execute trigger command - connect to specified host and port.
+
+
+REQUIRED PARAMETERS
+-------------------
+trigger-command
+    Command that will be executed as a PreOS cdist trigger.
+
+
+OPTIONAL PARAMETERS
+-------------------
+None
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    # Configure default curl trigger for host cdist.ungleich.ch at port 80.
+    __cdist_preos_trigger http --trigger-command '/usr/bin/curl cdist.ungleich.ch:80'
+
+
+AUTHORS
+-------
+Darko Poljak <darko.poljak--@--ungleich.ch>
+
+
+COPYING
+-------
+Copyright \(C) 2016 Darko Poljak. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.

cdist/conf/type/__cdist_preos_trigger/manifest

@@ -0,0 +1,67 @@
+#!/bin/sh
+
+os="$(cat "$__global/explorer/os")"
+trigger_command=$(cat "$__object/parameter/trigger-command")
+
+case "$os" in
+    devuan)
+        __file /etc/init.d/cdist-preos-trigger --owner root \
+            --group root \
+            --mode 755 \
+            --source - << EOF
+#!/bin/sh
+# /etc/init.d/cdist-preos-trigger
+
+### BEGIN INIT INFO
+# Provides:          cdist-preos-trigger
+# Required-Start:    \$all
+# Required-Stop:
+# Default-Start:     2 3 4 5 S
+# Default-Stop:      0 1 6
+# Short-Description: Execute cdist preos trigger command
+# Description:       Execute cdist preos trigger commnad.
+### END INIT INFO
+
+case "\$1" in
+    start)
+        echo "Starting cdist-preos-trigger command"
+        ${trigger_command} &
+        ;;
+    stop)
+        # no-op
+        ;;
+    *)
+        echo "Usage: /etc/init.d/cdist-preos-trigger {start|stop}"
+        exit 1
+        ;;
+esac
+
+exit 0
+EOF
+    ;;
+    *)
+        __file /etc/systemd/system/cdist-preos-trigger.service --owner root \
+            --group root \
+            --mode 644 \
+            --source - << EOF
+[Unit]
+Description=preos trigger
+Wants=network-online.target
+After=network.target network-online.target
+
+[Service]
+Type=simple
+Restart=no
+# Broken systemd
+ExecStartPre=/bin/sleep 5
+ExecStart=${trigger_command}
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+        require="__file/etc/systemd/system/cdist-preos-trigger.service" \
+            __start_on_boot cdist-preos-trigger
+    ;;
+esac
+

cdist/conf/type/__cdist_preos_trigger/parameter/required

@@ -0,0 +1 @@
+trigger-command

cdist/conf/type/__consul/files/versions/1.5.0/cksum

@@ -1 +0,0 @@
-886614099 103959898 consul

cdist/conf/type/__consul/files/versions/1.5.0/source

@@ -1 +0,0 @@
-https://releases.hashicorp.com/consul/1.5.0/consul_1.5.0_linux_amd64.zip

cdist/conf/type/__consul/gencode-remote

@@ -42,7 +42,7 @@ source_file_name="${source##*/}"
 cksum_should=$(cut -d' ' -f1,2 "$version_dir/cksum")
 
 cat << eof
-    tmpdir=\$(mktemp -d -p /tmp "${__type##*/}.XXXXXXXXXX")
+    tmpdir=\$(mktemp -d --tmpdir="/tmp" "${__type##*/}.XXXXXXXXXX")
     curl -s -L "$source" > "\$tmpdir/$source_file_name"
     unzip -p "\$tmpdir/$source_file_name" > "${destination}.tmp"
     rm -rf "\$tmpdir"

cdist/conf/type/__consul/manifest

@@ -24,7 +24,7 @@
 os=$(cat "$__global/explorer/os")
 
 case "$os" in
-   alpine|scientific|centos|redhat|ubuntu|debian|devuan|archlinux|gentoo)
+   scientific|centos|redhat|ubuntu|debian|devuan|archlinux|gentoo)
       # any linux should work
       :
    ;;
@@ -47,7 +47,6 @@ fi
 
 if [ -f "$__object/parameter/direct" ]; then
     __package unzip
-    __package curl
 else
     __staged_file /usr/local/bin/consul \
        --source "$(cat "$version_dir/source")" \

cdist/conf/type/__consul_agent/files/consul.sys-openrc

@@ -1,38 +0,0 @@
-#!/sbin/openrc-run
-# 2019 Nico Schottelius (nico-cdist at schottelius.org)
-
-description="consul agent"
-
-pidfile="${CONSUL_PIDFILE:-"/var/run/$RC_SVCNAME/pidfile"}"
-command="${CONSUL_BINARY:-"/usr/local/bin/consul"}"
-
-
-checkconfig() {
-	if [ ! -d /var/run/consul ] ; then
-		mkdir -p /var/run/consul || return 1
-        chown consul:consul /var/run/$NAME || return 1
-        chmod 2770 /var/run/$NAME || return 1
-	fi
-}
-
-start() {
-    need net
-
-    start-stop-daemon --start --quiet --oknodo \
-            --pidfile "$pidfile" --background \
-            --exec $command -- agent -pid-file="$pidfile" -config-dir /etc/consul/conf.d
-}
-start_pre() {
-	checkconfig
-}
-
-stop() {
-	if [ "${RC_CMD}" = "restart" ] ; then
-		checkconfig || return 1
-	fi
-
-	ebegin "Stopping $RC_SVCNAME"
-	start-stop-daemon --stop --exec "$command" \
-		--pidfile "$pidfile" --quiet
-	eend $?
-}

cdist/conf/type/__consul_agent/manifest

@@ -1,7 +1,7 @@
 #!/bin/sh -e
 #
 # 2015 Steven Armstrong (steven-cdist at armstrong.cc)
-# 2015-2019 Nico Schottelius (nico-cdist at schottelius.org)
+# 2015 Nico Schottelius (nico-cdist at schottelius.org)
 #
 # This file is part of cdist.
 #
@@ -23,7 +23,7 @@
 os=$(cat "$__global/explorer/os")
 
 case "$os" in
-   alpine|scientific|centos|debian|devuan|redhat|ubuntu)
+   scientific|centos|debian|devuan|redhat|ubuntu)
       # whitelist safeguard
       :
    ;;
@@ -181,25 +181,22 @@ init_upstart()
 
 # Install init script to start on boot
 case "$os" in
-    devuan)
-        init_sysvinit debian
-        ;;
-    centos|redhat)
-        os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
-        major_version="${os_version%%.*}"
-        case "$major_version" in
-            [456])
-                init_sysvinit redhat
-                ;;
-            7)
-                init_systemd
-                ;;
-            *)
-                echo "Unsupported CentOS/Redhat version: $os_version" >&2
-                exit 1
-                ;;
-        esac
-        ;;
+   centos|redhat)
+      os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
+      major_version="${os_version%%.*}"
+      case "$major_version" in
+         [456])
+            init_sysvinit redhat
+         ;;
+         7)
+            init_systemd
+         ;;
+         *)
+            echo "Unsupported CentOS/Redhat version: $os_version" >&2
+            exit 1
+         ;;
+      esac
+   ;;
 
     debian)
         os_version=$(cat "$__global/explorer/os_version")
@@ -217,9 +214,13 @@ case "$os" in
                 exit 1
             ;;
         esac
-        ;;
+    ;;
+
+    devuan)
+        init_sysvinit debian
+    ;;
 
     ubuntu)
         init_upstart
-        ;;
+    ;;
 esac

cdist/conf/type/__docker/manifest

@@ -64,43 +64,6 @@ case "$os" in
         require="__apt_source/docker" __package docker-ce --state "${state}"
       fi
    ;;
-   devuan)
-      os_version="$(cat "$__global/explorer/os_version")"
-
-      case "$os_version" in
-        ascii)
-          distribution="stretch"
-        ;;
-        jessie)
-          distribution="jessie"
-        ;;
-        *)
-          echo "Your devuan release ($os_version) is currently not supported by this type (${__type##*/}).">&2
-          echo "Please contribute an implementation for it if you can." >&2
-          exit 1
-        ;;
-      esac
-
-      if [ "${state}" = "present" ]; then
-        __package apt-transport-https
-        __package ca-certificates
-        __package gnupg2
-      fi
-      __apt_key_uri docker --name "Docker Release (CE deb) <docker@docker.com>" \
-        --uri "https://download.docker.com/linux/${os}/gpg" --state "${state}"
-
-      require="__apt_key_uri/docker" __apt_source docker \
-         --uri "https://download.docker.com/linux/${os}" \
-         --distribution "${distribution}" \
-         --state "${state}" \
-         --component "stable"
-      if [ "$version" != "latest" ]; then
-        require="__apt_source/docker" __package docker-ce --version "${version}" --state "${state}"
-      else
-        require="__apt_source/docker" __package docker-ce --state "${state}"
-      fi
-
-   ;;
    *)
       echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
       echo "Please contribute an implementation for it if you can." >&2

cdist/conf/type/__docker_swarm/explorer/swarm-state

@@ -18,4 +18,4 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
-docker info 2>/dev/null | grep '^ *Swarm: ' | awk '{print $2}'
+docker info 2>/dev/null | grep "^Swarm: " | cut -d " " -f 2-

cdist/conf/type/__file_py/__init__.py

@@ -0,0 +1,103 @@
+import os
+import re
+import sys
+from cdist.core import PythonType
+
+
+class FileType(PythonType):
+    def get_attribute(self, stat_file, attribute, value_should):
+        if os.path.exists(stat_file):
+            if re.match('[0-9]', value_should):
+                index = 1
+            else:
+                index = 2
+            with open(stat_file, 'r') as f:
+                for line in f:
+                    if re.match(attribute + ":", line):
+                        fields = line.split()
+                        return fields[index]
+            return None
+
+    def set_attribute(self, attribute, value_should, destination):
+        cmd = {
+            'group': 'chgrp',
+            'owner': 'chown',
+            'mode': 'chmod',
+        }
+        self.send_message("{} '{}'".format(cmd[attribute], value_should))
+        return "{} '{}' '{}'".format(cmd[attribute], value_should, destination)
+
+    def type_manifest(self):
+        yield from ()
+
+    def type_gencode(self):
+        typeis = self.get_explorer('type')
+        state_should = self.get_parameter('state')
+
+        if state_should == 'exists' and typeis == 'file':
+            return
+
+        source = self.get_parameter('source')
+        if source == '-':
+            source = self.stdin_path
+        destination = '/' + self.object_id
+        if state_should == 'pre-exists':
+            if source is not None:
+                self.die('--source cannot be used with --state pre-exists')
+            if typeis == 'file':
+                return None
+            else:
+                self.die('File {} does not exist'.format(destination))
+
+        create_file = False
+        upload_file = False
+        set_attributes = False
+        code = []
+        if state_should == 'present' or state_should == 'exists':
+            if source is None:
+                remote_stat = self.get_explorer('stat')
+                if not remote_stat:
+                    create_file = True
+            else:
+                if os.path.exists(source):
+                    if typeis == 'file':
+                        local_cksum = self.run_local(['cksum', source, ])
+                        local_cksum = local_cksum.split()[0]
+                        remote_cksum = self.get_explorer('cksum')
+                        remote_cksum = remote_cksum.split()[0]
+                        upload_file = local_cksum != remote_cksum
+                    else:
+                        upload_file = True
+                else:
+                    self.die('Source {} does not exist'.format(source))
+            if create_file or upload_file:
+                set_attributes = True
+                tempfile_template = '{}.cdist.XXXXXXXXXX'.format(destination)
+                destination_upload = self.run_remote(
+                    ["mktemp", tempfile_template, ])
+                if upload_file:
+                    self.transfer(source, destination_upload)
+                code.append('rm -rf {}'.format(destination))
+                code.append('mv {} {}'.format(destination_upload, destination))
+
+        if state_should in ('present', 'exists', 'pre-exists', ):
+            for attribute in ('group', 'owner', 'mode', ):
+                if attribute in self.parameters:
+                    value_should = self.get_parameter(attribute)
+                    if attribute == 'mode':
+                        value_should = re.sub('^0', '', value_should)
+                    stat_file = self.get_explorer_file('stat')
+                    value_is = self.get_attribute(stat_file, attribute,
+                                                  value_should)
+                    if set_attributes or value_should != value_is:
+                        code.append(self.set_attribute(attribute,
+                                                       value_should,
+                                                       destination))
+        elif state_should == 'absent':
+            if typeis == 'file':
+                code.append('rm -f {}'.format(destination))
+                self.send_message('remove')
+        else:
+            self.die('Unknown state {}'.format(state_should))
+
+        return "\n".join(code)

cdist/conf/type/__file_py/explorer/cksum

@@ -1,6 +1,6 @@
-#!/bin/sh -e
+#!/bin/sh
 #
-# 2018-2019 Thomas Eckert (tom at it-eckert.de)
+# 2011-2012 Nico Schottelius (nico-cdist at schottelius.org)
 #
 # This file is part of cdist.
 #
@@ -16,8 +16,19 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Retrieve the md5sum of a file to be created, if it is already existing.
+#
 
-## to speed up config-reload we send a HUP to the server process:
-cat <<-EOT
-	pkill -HUP xymond || { echo "HUPing xymond failed" >&2; exit 1; }
-EOT
+destination="/$__object_id"
+
+if [ -e "$destination" ]; then
+    if [ -f  "$destination" ]; then
+        cksum < "$destination"
+    else
+        echo "NO REGULAR FILE"
+    fi
+else
+    echo "NO FILE FOUND, NO CHECKSUM CALCULATED."
+fi

cdist/conf/type/__file_py/explorer/stat

@@ -1,6 +1,6 @@
-#!/bin/sh -e
+#!/bin/sh
 #
-# 2018-2019 Thomas Eckert (tom at it-eckert.de)
+# 2013 Steven Armstrong (steven-cdist armstrong.cc)
 #
 # This file is part of cdist.
 #
@@ -16,27 +16,41 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
 
-state=$(cat "$__object/parameter/state")
+destination="/$__object_id"
 
-os=$(cat "$__global/explorer/os")
+# nothing to work with, nothing we could do
+[ -e "$destination" ] || exit 0
+
+os=$("$__explorer/os")
 case "$os" in
-	debian|ubuntu)
-		:
-	;;
-	*)
-		echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
-		echo "Please contribute an implementation for it if you can." >&2
-		exit 1
-	;;
+   "freebsd"|"netbsd"|"openbsd")
+      # FIXME: should be something like this based on man page, but can not test
+      stat -f "type: %ST
+owner: %Du %Su
+group: %Dg %Sg
+mode: %Op %Sp
+size: %Dz
+links: %Dl
+" "$destination"
+   ;;
+   "macosx")
+     stat -f "type: %HT
+owner: %Du %Su
+group: %Dg %Sg
+mode: %Lp %Sp
+size: %Dz
+links: %Dl
+" "$destination"
+   ;;
+   *)
+      stat --printf="type: %F
+owner: %u %U
+group: %g %G
+mode: %a %A
+size: %s
+links: %h
+" "$destination"
+   ;;
 esac
-
-__package apache2 --state "$state"
-
-## edit xymon.conf IP-ranges
-if [ -f "$__object/parameter/ipacl" ]; then
-	require="__package/xymon" __line /etc/apache2/conf-available/xymon.conf \
-		--line "        Require ip $(cat "$__object/parameter/ipacl")" \
-		--after "^[[:space:]]*Require local" \
-		--state "present"
-fi

cdist/conf/type/__file_py/explorer/type

@@ -1,6 +1,6 @@
-#!/bin/sh -e
+#!/bin/sh
 #
-# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
+# 2013 Steven Armstrong (steven-cdist armstrong.cc)
 #
 # This file is part of cdist.
 #
@@ -18,16 +18,16 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
-if [ -f "$__object/parameter/name" ]
-then
-    name="$( cat "$__object/parameter/name" )"
-else
-    name="$__object_id"
-fi
+destination="/$__object_id"
 
-if [ -n "$( mysql -B -N -e "show databases like '$name'" )" ]
-then
-    echo 'present'
+if [ ! -e "$destination" ]; then
+   echo none
+elif [ -h "$destination" ]; then
+   echo symlink
+elif [ -f "$destination" ]; then
+   echo file
+elif [ -d "$destination" ]; then
+   echo directory
 else
-    echo 'absent'
+   echo unknown
 fi

cdist/conf/type/__file_py/parameter/optional

@@ -0,0 +1,5 @@
+state
+group
+mode
+owner
+source

cdist/conf/type/__git/gencode-remote

@@ -19,34 +19,32 @@
 #
 #
 
-state_is=$(cat "$__object/explorer/state")
-owner_is=$(cat "$__object/explorer/owner")
-group_is=$(cat "$__object/explorer/group")
+state_is="$(cat "$__object/explorer/state")"
+owner_is="$(cat "$__object/explorer/owner")"
+group_is="$(cat "$__object/explorer/group")"
 
-state_should=$(cat "$__object/parameter/state")
+state_should="$(cat "$__object/parameter/state")"
 
-branch=$(cat "$__object/parameter/branch")
+branch="$(cat "$__object/parameter/branch")"
 
-source=$(cat "$__object/parameter/source")
+source="$(cat "$__object/parameter/source")"
 
 destination="/$__object_id"
 
-owner=$(cat "$__object/parameter/owner")
-group=$(cat "$__object/parameter/group")
-mode=$(cat "$__object/parameter/mode")
+owner="$(cat "$__object/parameter/owner")"
+group="$(cat "$__object/parameter/group")"
+mode="$(cat "$__object/parameter/mode")"
 
-[ -f "$__object/parameter/recursive" ] && recursive='--recurse-submodules' || recursive=''
-[ -f "$__object/parameter/shallow" ] && shallow='--depth 1 --shallow-submodules' || shallow=''
-
-[ "$state_should" = "$state_is" ] \
- && [ "$owner" = "$owner_is" ] \
- && [ "$group" = "$group_is" ] \
- && [ -n "$mode" ] && exit 0
+[  "$state_should" = "$state_is" ] && \
+[  "$owner" = "$owner_is" ] && \
+[  "$group" = "$group_is" ] && \
+[  -n "$mode" ] && exit 0
 
 case $state_should in
     present)
+
         if [ "$state_should" != "$state_is" ]; then
-            echo git clone --quiet "$recursive" "$shallow" --branch "$branch" "$source" "$destination"
+            echo git clone --quiet --branch "$branch" "$source" "$destination"
         fi
         if { [ -n "$owner" ] && [ "$owner_is" != "$owner" ]; } || \
            { [ -n "$group" ] && [ "$group_is" != "$group" ]; }; then
@@ -56,9 +54,8 @@ case $state_should in
             echo chmod -R "$mode" "$destination"
         fi
     ;;
-
+    # Handled in manifest
     absent)
-        # Handled in manifest
     ;;
 
     *)

cdist/conf/type/__git/man.rst

@@ -35,12 +35,6 @@ mode
 owner
    User to chown to.
 
-recursive
-   Passes the --recurse-submodules flag to git when cloning the repository.
-
-shallow
-   Sets --depth=1 and --shallow-submodules for cloning repositories with big history.
-
 
 EXAMPLES
 --------

cdist/conf/type/__git/parameter/boolean

@@ -1,2 +0,0 @@
-recursive
-shallow

cdist/conf/type/__grafana_dashboard/manifest

@@ -8,16 +8,10 @@ case $os in
     debian|devuan)
         case $os_version in
             8*|jessie)
-                # Differntation not needed anymore
-                apt_source_distribution=stable
+                apt_source_distribution=jessie
                 ;;
             9*|ascii/ceres|ascii)
-                # Differntation not needed anymore
-                apt_source_distribution=stable
-                ;;
-            10*)
-                # Differntation not needed anymore
-                apt_source_distribution=stable
+                apt_source_distribution=stretch
                 ;;
             *)
                 echo "Don't know how to install Grafana on $os $os_version. Send us a pull request!" >&2
@@ -27,15 +21,16 @@ case $os in
 
         __apt_key_uri grafana \
             --name 'Grafana Release Signing Key' \
-            --uri https://packages.grafana.com/gpg.key
+            --uri https://packagecloud.io/gpg.key
 
         require="$require __apt_key_uri/grafana" __apt_source grafana \
-                    --uri https://packages.grafana.com/oss/deb \
+                    --uri https://packagecloud.io/grafana/stable/debian/ \
                     --distribution $apt_source_distribution \
                     --component main
+
         __package apt-transport-https
-        require="$require __apt_source/grafana" __apt_update_index
-        require="$require  __package/apt-transport-https __apt_update_index" __package grafana
+
+        require="$require __apt_source/grafana __package/apt-transport-https" __package grafana
         require="$require __package/grafana" __start_on_boot grafana-server
         require="$require __start_on_boot/grafana-server" __process grafana-server --start "service grafana-server start"
         ;;

cdist/conf/type/__group/explorer/group

@@ -1,7 +1,6 @@
 #!/bin/sh
 #
 # 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
-# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@@ -22,21 +21,7 @@
 # Get an existing groups group entry.
 #
 
-not_supported() {
-	echo "Your operating system ($("$__explorer/os")) is currently not supported." >&2
-	echo "Cannot extract group information." >&2
-	echo "Please contribute an implementation for it if you can." >&2
-	exit 1
-}
-
 name=$__object_id
 
-if command -v getent >/dev/null
-then
-	getent group "$name" || true
-elif [ -f /etc/group ]
-then
-	grep "^${name}:" /etc/group || true
-else
-	not_supported
-fi
+getent group "$name" || true
+

cdist/conf/type/__group/explorer/gshadow

@@ -1,7 +1,6 @@
 #!/bin/sh
 #
 # 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
-# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@@ -23,28 +22,13 @@
 #
 
 name=$__object_id
-os=$("$__explorer/os")
+os="$("$__explorer/os")"
 
-not_supported() {
-	echo "Your operating system ($os) is currently not supported." >&2
-	echo "Cannot extract group information." >&2
-	echo "Please contribute an implementation for it if you can." >&2
-	exit 1
-}
-
-case $os in
-	"freebsd"|"netbsd")
-		echo "$os does not have getent gshadow" >&2
-		exit 0
-	;;
+case "$os" in
+    "freebsd"|"netbsd")
+	echo "$os does not have getent gshadow"
+	exit 0
+    ;;
 esac
 
-if command -v getent >/dev/null
-then
-	getent gshadow "$name" || true
-elif [ -f /etc/gshadow ]
-then
-	grep "^${name}:" /etc/gshadow || true
-else
-	not_supported
-fi
+getent gshadow "$name" || true

cdist/conf/type/__hostname/explorer/has_hostnamectl

@@ -21,4 +21,4 @@
 # Check whether system has hostnamectl
 #
 
-command -v hostnamectl 2>/dev/null || true
+command -v hostnamectl || true

cdist/conf/type/__hostname/explorer/hostname_file

@@ -1,6 +1,6 @@
-#!/bin/sh -e
+#!/bin/sh
 #
-# 2018-2019 Thomas Eckert (tom at it-eckert.de)
+# 2014 Nico Schottelius (nico-cdist at schottelius.org)
 #
 # This file is part of cdist.
 #
@@ -16,7 +16,15 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Retrieve the contents of /etc/hostname
+#
 
-if [ -d /etc/apache2/mods-enabled ]; then
-	ls -1 /etc/apache2/conf-enabled/
+# Almost any distribution
+if [ -f /etc/hostname ]; then
+    cat /etc/hostname
+# SuSE
+elif [ -f /etc/HOSTNAME ]; then
+    cat /etc/HOSTNAME
 fi

cdist/conf/type/__hostname/explorer/hostname_sysconfig

@@ -1,6 +1,6 @@
-#!/bin/sh -e
+#!/bin/sh
 #
-# 2019 Nico Schottelius (nico-cdist at schottelius.org)
+# 2014 Nico Schottelius (nico-cdist at schottelius.org)
 #
 # This file is part of cdist.
 #
@@ -18,15 +18,9 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 #
-# Manage users.
+# Retrieve the contents of /etc/hostname
+#
 
-os=$(cat "$__global/explorer/os")
-
-case "$os" in
-    alpine)
-        __package shadow
-        ;;
-    *)
-        :
-        ;;
-esac
+if [ -f /etc/sysconfig/network ]; then
+    awk -F= '/^HOSTNAME=/ { print $2 }' /etc/sysconfig/network
+fi

cdist/conf/type/__hostname/explorer/max_len

@@ -1,10 +0,0 @@
-#!/bin/sh -e
-
-command -v getconf >/dev/null || exit 0
-
-val=$(getconf HOST_NAME_MAX 2>/dev/null) || exit 0
-
-if test -n "${val}" -a "${val}" != 'undefined'
-then
-	echo "${val}"
-fi

cdist/conf/type/__hostname/gencode-remote

@@ -2,7 +2,6 @@
 #
 # 2014-2017 Steven Armstrong (steven-cdist at armstrong.cc)
 # 2014 Nico Schottelius (nico-cdist at schottelius.org)
-# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@@ -20,81 +19,60 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
-os=$(cat "$__global/explorer/os")
-name_running=$(cat "$__global/explorer/hostname")
-has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
-
-
-if test -s "$__object/parameter/name"
-then
-    name_should=$(cat "$__object/parameter/name")
+if [ -f "$__object/parameter/name" ]; then
+    name_should="$(cat "$__object/parameter/name")"
 else
-    case $os
-    in
-        # RedHat-derivatives and BSDs
-        centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd)
-            # Hostname is FQDN
-            name_should="${__target_host}"
-        ;;
-        *)
-            # Hostname is only first component of FQDN
-            name_should="${__target_host%%.*}"
-        ;;
-    esac
+    name_should="${__target_host%%.*}"
 fi
 
+os=$(cat "$__global/explorer/os")
+name_running=$(cat "$__global/explorer/hostname")
+name_config=$(cat "$__object/explorer/hostname_file")
+name_sysconfig=$(cat "$__object/explorer/hostname_sysconfig")
+has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
 
 ################################################################################
-# Check if the (running) hostname is already correct
+# If everything is ok -> exit
 #
-test "$name_running" != "$name_should" || exit 0
-
+case "$os" in
+    archlinux|debian|suse|ubuntu|devuan|coreos|alpine)
+        if [ "$name_config" = "$name_should" ] && [ "$name_running" = "$name_should" ]; then
+            exit 0
+        fi
+    ;;
+    scientific|centos|freebsd|openbsd)
+        if [ "$name_sysconfig" = "$name_should" ] && [ "$name_running" = "$name_should" ]; then
+            exit 0
+        fi
+    ;;
+    *)
+        echo "Unsupported os: $os" >&2
+        exit 1
+    ;;
+esac
 
 ################################################################################
 # Setup hostname
 #
-echo 'changed' >>"$__messages_out"
+echo changed >> "$__messages_out"
 
-# Use the good old way to set the hostname.
-case $os
-in
-    alpine|debian|devuan|ubuntu)
-        echo 'hostname -F /etc/hostname'
+# Use the good old way to set the hostname even on machines running systemd.
+case "$os" in
+    archlinux|debian|ubuntu|devuan|centos|coreos|alpine)
+        printf "printf '%%s\\\\n' '$name_should' > /etc/hostname\\n"
+        echo "hostname -F /etc/hostname"
     ;;
-    archlinux)
-        echo 'command -v hostnamectl >/dev/null 2>&1' \
-            "&& hostnamectl set-hostname '$name_should'" \
-            "|| hostname '$name_should'"
-    ;;
-    centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void)
+    freebsd|openbsd)
         echo "hostname '$name_should'"
     ;;
-    macosx)
-        echo "scutil --set HostName '$name_should'"
-    ;;
-    solaris)
-        echo "uname -S '$name_should'"
-    ;;
-    slackware|suse|opensuse-leap)
-        # We do not read from /etc/HOSTNAME, because the running
-        # hostname is the first component only while the file contains
-        # the FQDN.
+    suse)
         echo "hostname '$name_should'"
-    ;;
-    *)
-        # Fall back to set the hostname using hostnamectl, if available.
-        if test -n "$has_hostnamectl"
-        then
-            # Don't use hostnamectl as the primary means to set the hostname for
-            # systemd systems, because it cannot be trusted to work reliably and
-            # exit with non-zero when it fails (e.g. hostname too long,
-            # D-Bus failure, etc.).
-
-            echo "hostnamectl set-hostname \"\$(cat /etc/hostname)\""
-            echo "test \"\$(hostname)\" = \"\$(cat /etc/hostname)\"" \
-                 " || hostname -F /etc/hostname"
-        else
-            printf "echo 'Unsupported OS: %s' >&2\nexit 1\n" "$os"
-        fi
+        printf "printf '%%s\\\\n' '$name_should' > /etc/HOSTNAME\\n"
     ;;
 esac
+
+if [ "$has_hostnamectl" ]; then
+    # Allow hostnamectl set-hostname to fail silently.
+    # Who the fuck invented a tool that needs dbus to set the hostname anyway ...
+    echo "hostnamectl set-hostname '$name_should' || true"
+fi

cdist/conf/type/__hostname/man.rst

@@ -8,10 +8,7 @@ cdist-type__hostname - Set the hostname
 
 DESCRIPTION
 -----------
-Sets the hostname on various operating systems.
-
-**Tip:** For advice on choosing a hostname, see
-`RFC 1178 <https://tools.ietf.org/html/rfc1178>`_.
+Set's the hostname on various operating systems.
 
 
 REQUIRED PARAMETERS
@@ -21,7 +18,7 @@ None.
 OPTIONAL PARAMETERS
 -------------------
 name
-   The hostname to set. Defaults to the first segment of __target_host
+   The hostname to set. Defaults to the first segment of __target_host 
    (${__target_host%%.*})
 
 

cdist/conf/type/__hostname/manifest

@@ -2,7 +2,6 @@
 #
 # 2012 Steven Armstrong (steven-cdist at armstrong.cc)
 # 2014 Nico Schottelius (nico-cdist at schottelius.org)
-# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@@ -20,170 +19,50 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
-not_supported() {
-    echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
-    echo "Please contribute an implementation for it if you can." >&2
-    exit 1
-}
-
-set_hostname_systemd() {
-    echo "$1" | __file /etc/hostname --source -
-}
-
 os=$(cat "$__global/explorer/os")
-os_version=$(cat "$__global/explorer/os_version")
-os_major=$(echo "$os_version" | grep -o '^[0-9][0-9]*' || true)
-
-max_len=$(cat "$__object/explorer/max_len")
-has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
-
-if test -s "$__object/parameter/name"
-then
-    name_should=$(cat "$__object/parameter/name")
+if [ -f "$__object/parameter/name" ]; then
+    name_should="$(cat "$__object/parameter/name")"
 else
-    case $os
-    in
-        # RedHat-derivatives and BSDs
-        centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware)
-            # Hostname is FQDN
-            name_should="${__target_host}"
-        ;;
-        suse|opensuse-leap)
-            # Classic SuSE stores the FQDN in /etc/HOSTNAME, while
-            # systemd does not. The running hostname is the first
-            # component in both cases.
-            # In versions before 15.x, the FQDN is stored in /etc/hostname.
-            if test -n "$has_hostnamectl" && test "$os_major" -ge 15 \
-                    && test "$os_major" -ne 42
-            then
-                name_should="${__target_host%%.*}"
-            else
-                name_should="${__target_host}"
-            fi
-        ;;
-        *)
-            # Hostname is only first component of FQDN on all other systems.
-            name_should="${__target_host%%.*}"
-        ;;
+    case "$os" in
+    openbsd)
+        name_should="${__target_host}"
+    ;;
+    *)
+        name_should="${__target_host%%.*}"
+    ;;
     esac
 fi
 
-if test -n "$max_len" && test "$(printf '%s' "$name_should" | wc -c)" -gt "$max_len"
-then
-    printf "Host name too long. Up to %u characters allowed.\n" "${max_len}" >&2
-    exit 1
-fi
 
-case $os
-in
-    alpine|debian|devuan|ubuntu|void)
-        echo "$name_should" | __file /etc/hostname --source -
-    ;;
-    archlinux)
-        if test -n "$has_hostnamectl"
-        then
-            set_hostname_systemd "$name_should"
-        else
-            echo 'Ancient ArchLinux variants without hostnamectl are not supported.' >&2
-            exit 1
-            # Only for ancient ArchLinux, write to /etc/rc.conf on pre-systemd
-            # versions.  There are some versions which use /etc/hostname but not
-            # systemd. It is unclear which ones these are.
+not_supported() {
+   echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
+   echo "Please contribute an implementation for it if you can." >&2
+   exit 1
+}
 
-            # __key_value '/etc/rc.conf:HOSTNAME' \
-            #     --file /etc/rc.conf \
-            #     --delimiter '=' --exact_delimiter \
-            #     --key 'HOSTNAME' \
-            #     --value "\"$name_should\""
-        fi
-        ;;
-    centos|fedora|redhat|scientific)
-        if test -z "$has_hostnamectl"
-        then
-            # Only write to /etc/sysconfig/network on non-systemd versions.
-            # On systemd-based versions this entry is ignored.
-            __key_value '/etc/sysconfig/network:HOSTNAME' \
-                --file /etc/sysconfig/network \
-                --delimiter '=' --exact_delimiter \
-                --key HOSTNAME \
-                --value "\"$name_should\""
-        else
-            set_hostname_systemd "$name_should"
-        fi
-    ;;
-    gentoo)
-        # Only write to /etc/conf.d/hostname on OpenRC-based installations.
-        # On systemd use hostnamectl(1) in gencode-remote.
-        if test -z "$has_hostnamectl"
-        then
-            __key_value '/etc/conf.d/hostname:hostname' \
-                --file /etc/conf.d/hostname \
-                --delimiter '=' --exact_delimiter \
-                --key 'hostname' \
-                --value "\"$name_should\""
-        else
-            set_hostname_systemd "$name_should"
-        fi
-    ;;
-    freebsd)
-        __key_value '/etc/rc.conf:hostname' \
-            --file /etc/rc.conf \
-            --delimiter '=' --exact_delimiter \
-            --key 'hostname' \
-            --value "\"$name_should\""
-    ;;
-    macosx)
+case "$os" in
+    archlinux|debian|suse|ubuntu|devuan|coreos|alpine)
         # handled in gencode-remote
         :
     ;;
-    netbsd)
-        __key_value '/etc/rc.conf:hostname' \
+    scientific|centos)
+        __key_value sysconfig-hostname \
+            --file /etc/sysconfig/network \
+            --delimiter '=' \
+            --key HOSTNAME \
+            --value "$name_should" --exact_delimiter
+    ;;
+    freebsd)
+        __key_value rcconf-hostname \
             --file /etc/rc.conf \
-            --delimiter '=' --exact_delimiter \
+            --delimiter '=' \
             --key 'hostname' \
-            --value "\"$name_should\""
-
-        # To avoid confusion, ensure that the hostname is only stored once.
-        __file /etc/myname --state absent
+            --value "$name_should"
     ;;
     openbsd)
         echo "$name_should" | __file /etc/myname --source -
     ;;
-    slackware)
-        # We write the FQDN into /etc/HOSTNAME.  But /etc/rc.d/rc.M will only
-        # read the first component from this file and set it as the running
-        # hostname on boot.
-        echo "$name_should" | __file /etc/HOSTNAME --source -
-    ;;
-    solaris)
-        echo "$name_should" | __file /etc/nodename --source -
-    ;;
-    suse|opensuse-leap)
-        # Modern SuSE provides /etc/HOSTNAME as a symlink for
-        # backwards-compatibility. Unfortunately it cannot be used
-        # here as __file does not follow the symlink.
-        # Therefore, we use the presence of the hostnamectl binary as
-        # an indication of which file to use.  This unfortunately does
-        # not work correctly on openSUSE 12.x which provides
-        # hostnamectl but not /etc/hostname.
-
-        if test -n "$has_hostnamectl" -a "$os_major" -gt 12
-        then
-            hostname_file='/etc/hostname'
-        else
-            hostname_file='/etc/HOSTNAME'
-        fi
-
-        echo "$name_should" | __file "$hostname_file" --source -
-    ;;
     *)
-        # On other operating systems we fall back to systemd's
-        # hostnamectl if available…
-        if test -n "$has_hostnamectl"
-        then
-            set_hostname_systemd "$name_should"
-        else
-            not_supported
-        fi
+        not_supported
     ;;
 esac

cdist/conf/type/__install_chroot_umount/manifest

@@ -1 +0,0 @@
-../__chroot_umount/manifest

cdist/conf/type/__install_directory/man.rst

@@ -1,101 +0,0 @@
-cdist-type__install_directory(7)
-================================
-
-NAME
-----
-cdist-type__install_directory - Manage a directory with install command
-
-
-DESCRIPTION
------------
-This cdist type allows you to create or remove directories on the target.
-
-
-REQUIRED PARAMETERS
--------------------
-None.
-
-
-OPTIONAL PARAMETERS
--------------------
-state
-   'present' or 'absent', defaults to 'present'
-
-group
-   Group to chgrp to.
-
-mode
-   Unix permissions, suitable for chmod.
-
-owner
-   User to chown to.
-
-
-BOOLEAN PARAMETERS
-------------------
-parents
-   Whether to create parents as well (mkdir -p behaviour).
-   Warning: all intermediate directory permissions default
-   to whatever mkdir -p does. 
-
-   Usually this means root:root, 0700.
-
-recursive
-   If supplied the chgrp and chown call will run recursively.
-   This does *not* influence the behaviour of chmod.
-
-MESSAGES
---------
-chgrp <group>
-    Changed group membership
-chown <owner>
-    Changed owner
-chmod <mode>
-    Changed mode
-create
-    Empty directory was created
-remove
-    Directory exists, but state is absent, directory will be removed by generated code.
-remove non directory
-    Something other than a directory with the same name exists and was removed prior to create.
-
-
-EXAMPLES
---------
-
-.. code-block:: sh
-
-    # A silly example
-    __install_directory /tmp/foobar
-
-    # Remove a directory
-    __install_directory /tmp/foobar --state absent
-
-    # Ensure /etc exists correctly
-    __install_directory /etc --owner root --group root --mode 0755
-
-    # Create nfs service directory, including parents
-    __install_directory /home/services/nfs --parents
-
-    # Change permissions recursively
-    __install_directory /home/services --recursive --owner root --group root
-
-    # Setup a temp directory
-    __install_directory /local --mode 1777
-
-    # Take it all
-    __install_directory /home/services/kvm --recursive --parents \
-        --owner root --group root --mode 0755 --state present
-
-
-AUTHORS
--------
-Nico Schottelius <nico-cdist--@--schottelius.org>
-
-
-COPYING
--------
-Copyright \(C) 2011 Nico Schottelius. You can redistribute it
-and/or modify it under the terms of the GNU General Public License as
-published by the Free Software Foundation, either version 3 of the
-License, or (at your option) any later version.

cdist/conf/type/__install_directory/man.rst

@@ -0,0 +1 @@
+../__directory/man.rst

cdist/conf/type/__install_file/man.rst

@@ -23,10 +23,6 @@ symlink
 directory
   replace it with the source file
 
-One exception is that when state is pre-exists, an error is raised if
-the file would have been created otherwise (e.g. it is not present or
-not a regular file).
-
 In any case, make sure that the file attributes are as specified.
 
 
@@ -37,7 +33,7 @@ None.
 OPTIONAL PARAMETERS
 -------------------
 state
-   'present', 'absent', 'exists' or 'pre-exists', defaults to 'present' where:
+   'present', 'absent' or 'exists', defaults to 'present' where:
 
    present
       the file is exactly the one from source
@@ -45,9 +41,6 @@ state
       the file does not exist
    exists
       the file from source but only if it doesn't already exist
-   pre-exists
-      check that the file exists and is a regular file, but do not
-      create or modify it
 
 group
    Group to chgrp to.
@@ -63,9 +56,6 @@ source
    If not supplied, an empty file or directory will be created.
    If source is '-' (dash), take what was written to stdin as the file content.
 
-onchange
-   The code to run if file is modified.
-
 MESSAGES
 --------
 chgrp <group>
@@ -103,8 +93,6 @@ EXAMPLES
     __install_file /home/frodo/.bashrc --source "/etc/skel/.bashrc" \
        --state exists \
        --owner frodo --mode 0600
-    # Check that the file is present, show an error when it is not
-    __install_file /etc/somefile --state pre-exists
     # Take file content from stdin
     __install_file /tmp/whatever --owner root --group root --mode 644 --source - << DONE
         Here goes the content for /tmp/whatever

cdist/conf/type/__letsencrypt_cert/manifest

@@ -7,12 +7,6 @@ if [ -z "${certbot_fullpath}" ]; then
 	os_version="$(cat "${__global}/explorer/os_version")"
 
 	case "$os" in
-        archlinux)
-            __package certbot
-            ;;
-        alpine)
-            __package certbot
-            ;;
 		debian)
 			case "$os_version" in
 				8*)
@@ -39,10 +33,6 @@ if [ -z "${certbot_fullpath}" ]; then
 					require="__apt_source/stretch-backports" __package_apt certbot \
 						--target-release stretch-backports
 				;;
-				10*)
-					__package_apt certbot
-				;;
-
 				*)
 					echo "Unsupported OS version: $os_version" >&2
 					exit 1
@@ -72,12 +62,11 @@ if [ -z "${certbot_fullpath}" ]; then
 								 --distribution ascii-backports \
 								 --component main
 
+					require="__apt_source/ascii-backports" __package_apt python-certbot \
+						--target-release ascii-backports
 					require="__apt_source/ascii-backports" __package_apt certbot \
 						--target-release ascii-backports
 				;;
-				beowulf*)
-					__package_apt certbot
-				;;
 				*)
 					echo "Unsupported OS version: $os_version" >&2
 					exit 1

cdist/conf/type/__mysql_database/gencode-remote

@@ -1,6 +1,6 @@
 #!/bin/sh -e
 #
-# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
+# 2012 Benedikt Koeppel (code@benediktkoeppel.ch)
 #
 # This file is part of cdist.
 #
@@ -17,30 +17,38 @@
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
+#
 
-state_is="$( cat "$__object/explorer/state" )"
-
-state_should="$( cat "$__object/parameter/state" )"
-
-if [ "$state_is" = "$state_should" ]
-then
-    exit 0
+# if --database was specified
+if [ -f "$__object/parameter/name" ]; then
+   database="$(cat "$__object/parameter/name")"
+else # otherwise use the object id as database name
+   database="$__object_id"
 fi
 
-if [ -f "$__object/parameter/name" ]
-then
-    name="$( cat "$__object/parameter/name" )"
-else
-    name="$__object_id"
-fi
+cat <<-EOFF
+mysql -u root <<-EOF
+	CREATE DATABASE IF NOT EXISTS $database
+EOF
+EOFF
 
-case "$state_should" in
-    present)
-        echo "mysql -e 'create database \`$name\`'"
-        echo "create database $name" >> "$__messages_out"
-    ;;
-    absent)
-        echo "mysql -e 'drop database \`$name\`'"
-        echo "drop database $name" >> "$__messages_out"
-    ;;
-esac
+# if --user was specified
+if [ -f "$__object/parameter/user" ]; then
+   user="$(cat "$__object/parameter/user")"
+
+   # if --password was specified
+   if [ -f "$__object/parameter/password" ]; then
+      password="$(cat "$__object/parameter/password")"
+      cat <<-EOFF
+      mysql -u root <<-EOF
+      	GRANT ALL PRIVILEGES ON $database.* to '$user'@'localhost' IDENTIFIED BY '$password';
+EOF
+EOFF
+   else
+      cat <<-EOFF
+      mysql -u root <<-EOF
+      	GRANT ALL PRIVILEGES ON $database.* to '$user'@'localhost';
+EOF
+EOFF
+   fi
+fi

cdist/conf/type/__mysql_database/man.rst

@@ -8,24 +8,24 @@ cdist-type__mysql_database - Manage a MySQL database
 
 DESCRIPTION
 -----------
+This cdist type allows you to install a MySQL database.
 
-Create MySQL database and optionally user with all privileges.
 
+REQUIRED PARAMETERS
+-------------------
+None.
 
 OPTIONAL PARAMETERS
 -------------------
 name
-   Name of database. Defaults to object id.
+   The name of the database to install
+   defaults to the object id
 
 user
-   Create user and give all privileges to database.
+   A user that should have access to the database
 
 password
-   Password for user.
-
-state
-   Defaults to present.
-   If absent and user is also set, both will be removed (with privileges).
+   The password for the user who manages the database
 
 
 EXAMPLES
@@ -33,23 +33,17 @@ EXAMPLES
 
 .. code-block:: sh
 
-    # just create database
-    __mysql_database foo
-
-    # create database with respective user with all privileges to database
-    __mysql_database bar \
-        --user name \
-        --password secret
+    __mysql_database "cdist" --name "cdist" --user "myuser" --password "mypwd"
 
 
 AUTHORS
 -------
-Ander Punnar <ander-at-kvlt-dot-ee>
+Benedikt Koeppel <code@benediktkoeppel.ch>
 
 
 COPYING
 -------
-Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it
-under the terms of the GNU General Public License as published by the Free
-Software Foundation, either version 3 of the License, or (at your option) any
-later version.
+Copyright \(C) 2012 Benedikt Koeppel. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.

cdist/conf/type/__mysql_database/manifest

@@ -1,52 +0,0 @@
-#!/bin/sh -e
-#
-# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see <http://www.gnu.org/licenses/>.
-#
-
-if [ -f "$__object/parameter/user" ]
-then
-    user="$( cat "$__object/parameter/user" )"
-fi
-
-if [ -f "$__object/parameter/password" ]
-then
-    password="$( cat "$__object/parameter/password" )"
-fi
-
-if [ -n "$user" ] && [ -n "$password" ]
-then
-    if [ -f "$__object/parameter/name" ]
-    then
-        database="$( cat "$__object/parameter/name" )"
-    else
-        database="$__object_id"
-    fi
-
-    state_should="$( cat "$__object/parameter/state" )"
-
-    __mysql_user "$user" \
-        --password "$password" \
-        --state "$state_should"
-
-    # removing user should remove all user's privileges
-    require="__mysql_user/$user" \
-        __mysql_privileges "$database/$user" \
-            --database "$database" \
-            --user "$user" \
-            --state "$state_should"
-fi

cdist/conf/type/__mysql_database/parameter/optional

@@ -1,4 +1,3 @@
 name
 user
 password
-state

cdist/conf/type/__mysql_privileges/explorer/state

@@ -1,40 +0,0 @@
-#!/bin/sh -e
-#
-# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see <http://www.gnu.org/licenses/>.
-#
-
-privileges="$( cat "$__object/parameter/privileges" )"
-
-database="$( cat "$__object/parameter/database" )"
-
-table="$( cat "$__object/parameter/table" )"
-
-user="$( cat "$__object/parameter/user" )"
-
-host="$( cat "$__object/parameter/host" )"
-
-check_privileges="$( 
-    mysql -B -N -e "show grants for '$user'@'$host'" \
-        | grep -Ei "^grant $privileges on .$database.\..$table. to " || true )"
-
-if [ -n "$check_privileges" ]
-then
-    echo 'present'
-else
-    echo 'absent'
-fi

cdist/conf/type/__mysql_privileges/gencode-remote

@@ -1,49 +0,0 @@
-#!/bin/sh -e
-#
-# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see <http://www.gnu.org/licenses/>.
-#
-
-state_is="$( cat "$__object/explorer/state" )"
-
-state_should="$( cat "$__object/parameter/state" )"
-
-if [ "$state_is" = "$state_should" ]
-then
-    exit 0
-fi
-
-privileges="$( cat "$__object/parameter/privileges" )"
-
-database="$( cat "$__object/parameter/database" )"
-
-table="$( cat "$__object/parameter/table" )"
-
-user="$( cat "$__object/parameter/user" )"
-
-host="$( cat "$__object/parameter/host" )"
-
-case "$state_should" in
-    present)
-        echo "mysql -e 'grant $privileges on \`$database\`.\`$table\` to \`$user\`@\`$host\`'"
-        echo "grant $privileges on $database.$table to $user@$host" >> "$__messages_out"
-    ;;
-    absent)
-        echo "mysql -e 'revoke $privileges on \`$database\`.\`$table\` from \`$user\`@\`$host\`'"
-        echo "revoke $privileges on $database.$table from $user@$host" >> "$__messages_out"
-    ;;
-esac

cdist/conf/type/__mysql_privileges/man.rst

@@ -1,57 +0,0 @@
-cdist-type__mysql_privileges(7)
-===============================
-
-NAME
-----
-cdist-type__mysql_privileges - Manage MySQL privileges
-
-
-DESCRIPTION
------------
-
-Grant and revoke privileges of MySQL user.
-
-
-REQUIRED PARAMETERS
--------------------
-database
-   Name of database.
-
-User
-   Name of user.
-
-
-OPTIONAL PARAMETERS
--------------------
-privileges
-   Defaults to "all".
-
-table
-   Defaults to "*".
-
-host
-   Defaults to localhost.
-
-state
-   "present" grants and "absent" revokes. Defaults to present.
-
-
-EXAMPLES
---------
-
-.. code-block:: sh
-
-    __mysql_privileges user-to-db --database db --user user
-
-
-AUTHORS
--------
-Ander Punnar <ander-at-kvlt-dot-ee>
-
-
-COPYING
--------
-Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it
-under the terms of the GNU General Public License as published by the Free
-Software Foundation, either version 3 of the License, or (at your option) any
-later version.

cdist/conf/type/__mysql_privileges/parameter/default/host

@@ -1 +0,0 @@
-localhost

cdist/conf/type/__mysql_privileges/parameter/default/privileges

@@ -1 +0,0 @@
-all privileges

cdist/conf/type/__mysql_privileges/parameter/default/state

@@ -1 +0,0 @@
-present

cdist/conf/type/__mysql_privileges/parameter/default/table

@@ -1 +0,0 @@
-*

cdist/conf/type/__mysql_privileges/parameter/optional

@@ -1,4 +0,0 @@
-privileges
-table
-host
-state

cdist/conf/type/__mysql_privileges/parameter/required

@@ -1,2 +0,0 @@
-database
-user

cdist/conf/type/__mysql_user/explorer/state

@@ -1,54 +0,0 @@
-#!/bin/sh -e
-#
-# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see <http://www.gnu.org/licenses/>.
-#
-
-if [ -f "$__object/parameter/name" ]
-then
-    name="$( cat "$__object/parameter/name" )"
-else
-    name="$__object_id"
-fi
-
-if [ -f "$__object/parameter/password" ]
-then
-    password="$( cat "$__object/parameter/password" )"
-else
-    password=''
-fi
-
-host="$( cat "$__object/parameter/host" )"
-
-check_user="$( mysql -B -N -e "select user from mysql.user where user = '$name' and host = '$host'" )"
-
-if [ -n "$check_user" ]
-then
-    if [ -n "$password" ]
-    then
-        check_password="$( mysql -B -N -e "select user from mysql.user where user = '$name' and host = '$host' and password = password( '$password' )" )"
-    fi
-
-    if [ -n "$password" ] && [ -z "$check_password" ]
-    then
-        echo 'change-password'
-    else
-        echo 'present'
-    fi
-else
-    echo 'absent'
-fi

cdist/conf/type/__mysql_user/gencode-remote

@@ -1,68 +0,0 @@
-#!/bin/sh -e
-#
-# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see <http://www.gnu.org/licenses/>.
-#
-
-state_is="$( cat "$__object/explorer/state" )"
-
-state_should="$( cat "$__object/parameter/state" )"
-
-if [ "$state_is" = "$state_should" ]
-then
-    exit 0
-fi
-
-if [ -f "$__object/parameter/name" ]
-then
-    name="$( cat "$__object/parameter/name" )"
-else
-    name="$__object_id"
-fi
-
-host="$( cat "$__object/parameter/host" )"
-
-if [ -f "$__object/parameter/password" ]
-then
-    password="$( cat "$__object/parameter/password" )"
-else
-    if [ "$state_should" = 'present' ]
-    then
-        echo '--password needed' >&2
-        exit 1
-    else
-        password=''
-    fi
-fi
-
-if [ "$state_is" = 'absent' ] && [ "$state_should" = 'present' ]
-then
-    echo "mysql -e 'create user \`$name\`@\`$host\` identified by \"$password\"'"
-    echo "create user $name@$host" >> "$__messages_out"
-
-elif [ "$state_is" != 'absent' ] && [ "$state_should" = 'absent' ]
-then
-    echo "mysql -e 'drop user \`$name\`@\`$host\`'"
-    echo "drop user $name@$host" >> "$__messages_out"
-
-elif [ "$state_is" = 'change-password' ]
-then
-    # this only works with MySQL 5.7.6 and later or MariaDB 10.1.20 and later
-    echo "mysql -e 'alter user \`$name\`@\`$host\` identified by \"$password\"'"
-    echo "mysql -e 'flush privileges'"
-    echo "change password $name@$host" >> "$__messages_out"
-fi

cdist/conf/type/__mysql_user/man.rst

@@ -1,48 +0,0 @@
-cdist-type__mysql_user(7)
-=========================
-
-NAME
-----
-cdist-type__mysql_user - Manage a MySQL user
-
-
-DESCRIPTION
------------
-
-Create MySQL user or change password for the user.
-
-
-OPTIONAL PARAMETERS
--------------------
-name
-   Name of user. Defaults to object id.
-
-host
-   Host of user. Defaults to localhost.
-
-password
-   Password of user.
-
-state
-   Defaults to present.
-
-
-EXAMPLES
---------
-
-.. code-block:: sh
-
-    __mysql_user user --password secret
-
-
-AUTHORS
--------
-Ander Punnar <ander-at-kvlt-dot-ee>
-
-
-COPYING
--------
-Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it
-under the terms of the GNU General Public License as published by the Free
-Software Foundation, either version 3 of the License, or (at your option) any
-later version.

cdist/conf/type/__mysql_user/parameter/default/host

@@ -1 +0,0 @@
-localhost

cdist/conf/type/__mysql_user/parameter/default/state

@@ -1 +0,0 @@
-present

cdist/conf/type/__mysql_user/parameter/optional

@@ -1,4 +0,0 @@
-name
-host
-password
-state

cdist/conf/type/__openldap_server/gencode-remote

@@ -1,44 +0,0 @@
-#!/bin/sh
-
-manager_dn=$(cat "${__object}/parameter/manager-dn")
-manager_password=$(cat "${__object}/parameter/manager-password")
-description=$(cat "${__object}/parameter/description")
-suffix=$(cat "${__object}/parameter/suffix")
-suffix_dc=$(printf "%s" "${suffix}" | awk -F',' '{print $1}' | awk -F'=' '{print $2}')
-
-SLAPD_IPC=$(tr '\n' ' ' < "${__object}/parameter/slapd-url" | awk '{ print $1}')
-
-cat <<DONE # | tee /dev/stderr
-# Restart service
-service slapd restart
-# It can sometimes take a tiny bit to bind
-sleep 1
-# Create or update base object
-if ldapsearch -xZ -D "${manager_dn}" -w "${manager_password}" -H '${SLAPD_IPC}' -b '${suffix}' -s base 2>&1 > /dev/null; then
-    # Already exists, use ldapmodify
-    ldapmodify -xZ -D "${manager_dn}" -w "${manager_password}" -H '${SLAPD_IPC}' <<EOF
-dn: ${suffix}
-changetype: modify
-replace: objectClass
-objectClass: top
-objectClass: dcObject
-objectClass: organization
--
-replace: o
-o: ${description}
--
-replace: dc
-dc: ${suffix_dc}
-EOF
-else
-    # Does not exist, use ldapadd
-    ldapadd -xZ -D "${manager_dn}" -w "${manager_password}" -H '${SLAPD_IPC}' <<EOF
-dn: ${suffix}
-objectClass: top
-objectClass: dcObject
-objectClass: organization
-o: ${description}
-dc: ${suffix_dc}
-EOF
-fi
-DONE

cdist/conf/type/__openldap_server/man.rst

@@ -1,212 +0,0 @@
-cdist-type__openldap_server(7)
-==============================
-
-NAME
-----
-cdist-type__openldap_server - Setup an openldap(4) server instance
-
-
-DESCRIPTION
------------
-This type can be used to bootstrap an LDAP environment using openldap as slapd.
-
-It bootstraps the LDAP server with sane defaults and creates and manages the
-base DN defined by `suffix`.
-
-
-REQUIRED PARAMETERS
--------------------
-manager-dn
-    The rootdn to set up in the directory.
-    E.g. `cn=manager,dc=ungleich,dc=ch`. See `slapd.conf(5)`.
-
-manager-password
-    The password for `manager-dn` in the directory.
-    This will be used to connect to the LDAP server on the first `slapd-url`
-    with the given `manager-dn`.
-
-manager-password-hash
-    The password for `manager-dn` in the directory.
-    This should be valid for `slapd.conf` like `{SSHA}qV+mCs3u8Q2sCmUXT4Ybw7MebHTASMyr`.
-    Generate e.g. with: `slappasswd -s weneedgoodsecurity`.
-    See `slappasswd(8C)`, `slapd.conf(5)`.
-    TODO: implement this: http://blog.adamsbros.org/2015/06/09/openldap-ssha-salted-hashes-by-hand/
-      to derive from the manager-password parameter and ensure idempotency (care with salts).
-      At that point, manager-password-hash should be deprecated and ignored.
-
-serverid
-    The server for the directory.
-    E.g. `dc=ungleich,dc=ch`. See `slapd.conf(5)`.
-
-suffix
-    The suffix for the directory.
-    E.g. `dc=ungleich,dc=ch`. See `slapd.conf(5)`.
-
-
-REQUIRED MULTIPLE PARAMETERS
-----------------------------
-slapd-url
-    A URL for slapd to listen on.
-    Pass once for each URL you want to support,
-    e.g.: `--slapd-url ldaps://my.fqdn/ --slapd-url ldap://my.fqdn/`.
-    The first instance that is passed will be used as the main URL to
-    connect to this LDAP server
-    See the `-h` flag in `slapd(8C)`.
-
-
-OPTIONAL PARAMETERS
--------------------
-syncrepl-credentials
-    Only has an effect if `replicate` is set; required in that case.
-    This secret is shared amongst the hosts that will replicate the directory.
-    Note that each replication server needs this secret and it is saved in
-    plain text in the directory.
-
-syncrepl-searchbase
-    Only has an effect if `replicate` is set; required in that case.
-    The searchbase to use for replication.
-    E.g. `dc=ungleich,dc=ch`. See `slapd.conf(5)`.
-
-admin-email
-    Passed to `cdist-type__letsencrypt_cert`; has otherwise no use.
-    Required if using `__letsencrypt_cert`.
-    Where to send Let's Encrypt emails like "certificate needs renewal".
-
-tls-cipher-suite
-    Setting for TLSCipherSuite.
-    Defaults to `NORMAL` in a Debian-like OS and `HIGH:MEDIUM:+SSLv2` on FreeBSD.
-    See `slapd.conf(5)`.
-
-tls-cert
-    If defined, `__letsencrypt_cert` is not used and this must be the path in
-    the remote hosts to the PEM-encoded TLS certificate.
-    Requires: `tls-privkey` and `tls-ca`.
-    Permissions, existence and renewal of these files are left up to the
-    type's user.
-
-tls-privkey
-    Required if `tls-cert` is defined.
-    Path in the remote hosts to the PEM-encoded private key file.
-
-tls-ca
-    Required if `tls-cert` is defined.
-    Path in the remote hosts to the PEM-encoded CA certificate file.
-
-
-OPTIONAL MULTIPLE PARAMETERS
-----------------------------
-syncrepl-host
-    Only has an effect if `replicate` is set; required in that case.
-    Set once per host that will replicate the directory.
-
-module
-    LDAP module to load. See `slapd.conf(5)`.
-    Default value is OS-dependent, see manifest.
-
-schema
-    Name of LDAP schema to load. Must be the name without extension of a
-    `.schema` file in slapd's schema directory (usually `/etc/slapd/schema` or
-    `/usr/local/etc/openldap/schema`).
-    Example value: `inetorgperson`
-    The type user must ensure that the schema file is deployed.
-    This defaults to a sensible subset, for details see the type definition.
-
-description
-    The description of the base DN passed in the `suffix` parameter.
-    Defaults to `Managed by cdist, do not edit manually.`
-
-
-BOOLEAN PARAMETERS
-------------------
-staging
-    Passed to `cdist-type__letsencrypt_cert`; has otherwise no use.
-    Obtain a test certificate from a staging server.
-
-replicate
-    Whether to setup replication or not.
-    If present `syncrepl-credentials` and `syncrepl-host` are also required.
-
-
-EXAMPLES
---------
-
-.. code-block:: sh
-
-    # Example of a simple server with manual certificate management.
-    pki_prefix="/usr/local/etc/pki/realms/ldap.camilion.cloud"
-    __openldap_server \
-        --manager-dn 'cn=manager,dc=camilion,dc=cloud' \
-        --manager-password "foo" \
-        --manager-password-hash '{SSHA}foo' \
-        --serverid 0 \
-        --suffix 'dc=camilion,dc=cloud' \
-        --slapd-url 'ldaps://ldap.camilion.cloud' \
-        --tls-cert "${pki_prefix}/default.crt" \
-        --tls-privkey "${pki_prefix}/default.key" \
-        --tls-ca "${pki_prefix}/CA.crt"
-
-    # The created basedn looks as follows:
-    #
-    # dn: dc=camilion,dc=cloud
-    # objectClass: top
-    # objectClass: dcObject
-    # objectClass: organization
-    # o: Managed by cdist, do not edit manually.
-    # dc: camilion
-    #
-    # Do not change it manually, the type will overwrite your changes.
-
-
-    #
-    # Changing to a replicated setup is a simple change to something like:
-    #
-    # Example for multiple servers with replication and automatic
-    # Let's Encrypt certificate management through certbot.
-    id=1
-    for host in ldap-test1.ungleich.ch ldap-test2.ungleich.ch; do
-        echo "__ungleich_ldap \
-            --manager-dn 'cn=manager,dc=ungleich,dc=ch' \
-            --manager-psasword 'foo' \
-            --manager-password-hash '{SSHA}fooo' \
-            --serverid '${id}' \
-            --suffix 'dc=ungleich,dc=ch' \
-            --slapd-url ldap://${host} \
-            --searchbase 'dc=ungleich,dc=ch' \
-            --syncrepl-credentials 'fooo' \
-            --syncrepl-host 'ldap-test1.ungleich.ch' \
-            --syncrepl-host 'ldap-test2.ungleich.ch' \
-            --description 'Ungleich LDAP server'" \
-            --staging \
-            | cdist config -i - -v ${host}
-        id=$((id + 1))
-    done
-
-    # The created basedn looks as follows:
-    #
-    # dn: dc=ungleich,dc=ch
-    # objectClass: top
-    # objectClass: dcObject
-    # objectClass: organization
-    # o: Ungleich LDAP server
-    # dc: ungleich
-    #
-    # Do not change it manually, the type will overwrite your changes.
-
-
-SEE ALSO
---------
-:strong:`cdist-type__letsencrypt_cert`\ (7)
-
-
-AUTHORS
--------
-ungleich <foss--@--ungleich.ch>
-Evilham <contact--@--evilham.com>
-
-
-COPYING
--------
-Copyright \(C) 2020 ungleich glarus ag. You can redistribute it
-and/or modify it under the terms of the GNU General Public License as
-published by the Free Software Foundation, either version 3 of the
-License, or (at your option) any later version.

cdist/conf/type/__openldap_server/manifest

@@ -1,263 +0,0 @@
-#!/bin/sh
-
-name="${__target_host}"
-manager_dn=$(cat "${__object}/parameter/manager-dn")
-manager_password_hash=$(cat "${__object}/parameter/manager-password-hash")
-serverid=$(cat "${__object}/parameter/serverid")
-suffix=$(cat "${__object}/parameter/suffix")
-slapd_modules=$(cat "${__object}/parameter/module" 2>/dev/null || true)
-schemas=$(cat "${__object}/parameter/schema")
-slapd_urls=$(tr '\n' ' ' < "${__object}/parameter/slapd-url")
-tls_cipher_suite=$(cat "${__object}/parameter/tls-cipher-suite" 2>/dev/null || true)
-
-
-os="$(cat "${__global}/explorer/os")"
-
-# Setup OS-dependent vars
-CONF_OWNER="root"
-CONF_GROUP="root"
-case "${os}" in
-    freebsd)
-        PKGS="openldap-server"
-        ETC="/usr/local/etc"
-        SLAPD_DIR="/usr/local/etc/openldap"
-        SLAPD_DATA_DIR="/var/db/openldap-data"
-        SLAPD_RUN_DIR="/var/run/openldap"
-        SLAPD_MODULE_PATH="/usr/local/libexec/openldap"
-        if [ -z "${slapd_modules}" ]; then
-            # It looks like ppolicy and syncprov must be compiled
-            slapd_modules="back_mdb back_monitor"
-        fi
-        CONF_OWNER="ldap"
-        CONF_GROUP="ldap"
-        if [ -z "${tls_cipher_suite}" ]; then
-            # TODO: research default for FreeBSD. 'NORMAL' appears to not work
-            tls_cipher_suite="HIGH:MEDIUM:+SSLv2"
-        fi
-        ;;
-    debian|ubuntu|devuan)
-        PKGS="slapd ldap-utils"
-        ETC="/etc"
-        SLAPD_DIR="/etc/ldap"
-        SLAPD_DATA_DIR="/var/lib/ldap"
-        SLAPD_RUN_DIR="/var/run/slapd"
-        SLAPD_MODULE_PATH="/usr/lib/ldap"
-        if [ -z "${slapd_modules}" ]; then
-            slapd_modules="back_mdb ppolicy syncprov back_monitor"
-        fi
-        if [ -z "${tls_cipher_suite}" ]; then
-            tls_cipher_suite="NORMAL"
-        fi
-        ;;
-    *)
-        echo "Don't know the openldap defaults for: $os" >&2
-        exit 1
-        ;;
-esac
-
-PKG_MAIN=$(echo "${PKGS}" | awk '{print $1;}')
-
-
-# Determine if __letsencrypt_cert is to be used and setup vars accordingly
-if [ -f "${__object}/parameter/tls-cert" ]; then
-    tls_cert=$(cat "${__object}/parameter/tls-cert")
-
-    if [ ! -f "${__object}/parameter/tls-privkey" ]; then
-        echo "When tls-cert is defined, tls-privkey is also required." >&2
-        exit 1
-    fi
-    tls_privkey=$(cat "${__object}/parameter/tls-privkey")
-
-    if [ ! -f "${__object}/parameter/tls-ca" ]; then
-        echo "When tls-cert is defined, tls-ca is also required." >&2
-        exit 1
-    fi
-    tls_ca=$(cat "${__object}/parameter/tls-ca")
-
-    _skip_letsencrypt_cert="YES"
-else
-    if [ ! -f "${__object}/parameter/admin-email" ]; then
-        echo "When using __letsencrypt_cert, admin-email is also required." >&2
-        exit 1
-    fi
-    admin_email=$(cat "${__object}/parameter/admin-email")
-
-    tls_cert="${SLAPD_DIR}/sasl2/cert.pem"
-    tls_privkey="${SLAPD_DIR}/sasl2/privkey.pem"
-    tls_ca="${SLAPD_DIR}/sasl2/chain.pem"
-fi
-
-mkdir "${__object}/files"
-ldapconf="${__object}/files/ldapconf"
-
-replication=""
-if [ -f "${__object}/parameter/replicate" ]; then
-    replication=yes
-
-    if [ ! -f "${__object}/parameter/syncrepl-searchbase" ]; then
-        echo "Requiring the searchbase for replication" >&2
-        exit 1
-    fi
-    syncrepl_searchbase=$(cat "${__object}/parameter/syncrepl-searchbase")
-
-    if [ ! -f "${__object}/parameter/syncrepl-credentials" ]; then
-        echo "Requiring credentials for replication" >&2
-        exit 1
-    fi
-
-    syncrepl_credentials=$(cat "${__object}/parameter/syncrepl-credentials")
-
-    if [ ! -f "${__object}/parameter/syncrepl-host" ]; then
-        echo "Requiring host(s) for replication" >&2
-        exit 1
-    fi
-    syncrepl_hosts=$(cat "${__object}/parameter/syncrepl-host")
-
-fi
-
-# Install required packages
-for pkg in ${PKGS}; do
-    __package "${pkg}"
-done
-
-
-require="__package/${PKG_MAIN}" __start_on_boot slapd
-
-# Setup -h flag for the listeners. See man slapd (-h flag).
-case "${os}" in
-    freebsd)
-        require="__start_on_boot/slapd" __key_value \
-               --file "/etc/rc.conf" \
-               --key "slapd_flags" \
-               --value "\"-h '${slapd_urls}'\"" \
-               --delimiter "=" \
-               --comment "# LDAP Listener URLs" \
-               "${__target_host}__slapd_flags"
-        ;;
-    debian|ubuntu|devuan)
-        require="__package/${PKG_MAIN}" __line rm_slapd_conf \
-               --file ${ETC}/default/slapd \
-               --regex 'SLAPD_CONF=.*' \
-               --state absent
-
-        require="__package/${PKG_MAIN}" __line rm_slapd_services \
-               --file ${ETC}/default/slapd \
-               --regex 'SLAPD_SERVICES=.*' \
-               --state absent
-
-        require="__line/rm_slapd_conf" __line add_slapd_conf \
-               --file ${ETC}/default/slapd \
-               --line "SLAPD_CONF=${SLAPD_DIR}/slapd.conf" \
-               --state present
-
-        require="__line/rm_slapd_services" __line add_slapd_services \
-               --file ${ETC}/default/slapd \
-               --line "SLAPD_SERVICES=\"${slapd_urls}\"" \
-               --state present
-        ;;
-    *)
-        # Nothing to do here, move on.
-        ;;
-esac
-
-
-if [ -z "${_skip_letsencrypt_cert}" ]; then
-    if [ -f "${__object}/parameter/staging" ]; then
-        staging="--staging"
-    else
-        staging=""
-    fi
-
-    __letsencrypt_cert "${name}" --admin-email "${admin_email}" \
-        --renew-hook "cp ${ETC}/letsencrypt/live/${name}/*.pem ${SLAPD_DIR}/sasl2 && chown -R openldap:openldap ${SLAPD_DIR}/sasl2 && service slapd restart" \
-        --automatic-renewal ${staging}
-fi
-
-require="__package/${PKG_MAIN}" __directory ${SLAPD_DIR}/slapd.d --state absent
-
-if [ -z "${_skip_letsencrypt_cert}" ]; then
-    require="__package/${PKG_MAIN} __letsencrypt_cert/${name}" \
-           __file ${SLAPD_DIR}/slapd.conf --owner ${CONF_OWNER} --group ${CONF_GROUP} --mode 644 \
-           --source "${ldapconf}"
-else
-    require="__package/${PKG_MAIN}" \
-           __file ${SLAPD_DIR}/slapd.conf --owner ${CONF_OWNER} --group ${CONF_GROUP} --mode 644 \
-           --source "${ldapconf}"
-fi
-
-# Start slapd.conf
-cat << EOF > "${ldapconf}"
-pidfile ${SLAPD_RUN_DIR}/slapd.pid
-argsfile ${SLAPD_RUN_DIR}/slapd.args
-
-TLSCipherSuite ${tls_cipher_suite}
-TLSCertificateFile ${tls_cert}
-TLSCertificateKeyFile ${tls_privkey}
-TLSCACertificateFile ${tls_ca}
-
-disallow bind_anon
-require bind
-security tls=1
-EOF
-
-# Add specified schemas
-for schema in ${schemas}; do
-    echo "include ${SLAPD_DIR}/schema/${schema}.schema" >> "${ldapconf}"
-done
-
-# Add specified modules
-echo "modulepath ${SLAPD_MODULE_PATH}" >> "${ldapconf}"
-for module in ${slapd_modules}; do
-    echo "moduleload ${module}.la" >> "${ldapconf}"
-done
-
-# Rest of the config
-cat << EOF >> "${ldapconf}"
-loglevel 1024
-
-database mdb
-maxsize 1073741824
-
-suffix "${suffix}"
-directory ${SLAPD_DATA_DIR}
-rootdn "${manager_dn}"
-rootpw "${manager_password_hash}"
-
-index objectClass eq,pres
-index ou,cn,mail,surname,givenname eq,pres,sub
-index uidNumber,gidNumber,loginShell eq,pres
-index uid,memberUid eq,pres,sub
-index nisMapName,nisMapEntry eq,pres,sub
-index entryCSN,entryUUID eq
-
-serverid ${serverid}
-EOF
-
-# Setup replication
-if [ "${replication}" ]; then
-    rid=1;
-    for syncrepl in ${syncrepl_hosts}; do
-    cat <<EOF >> "${ldapconf}"
-syncrepl rid=${rid}
- provider=ldap://${syncrepl}
- bindmethod=simple
- starttls=yes
- binddn="${manager_dn}"
- credentials=${syncrepl_credentials}
- searchbase="${syncrepl_searchbase}"
- type=refreshAndPersist
- retry="5 + 5 +"
- interval=00:00:00:05
-EOF
-    rid=$((rid + 1))
-    done
-    cat <<EOF >> "${ldapconf}"
-mirrormode true
-overlay syncprov
-syncprov-checkpoint 100 5
-syncprov-sessionlog 100
-
-database monitor
-limits dn.exact="${manager_dn}" time=unlimited size=unlimited
-EOF
-fi

cdist/conf/type/__openldap_server/parameter/boolean

@@ -1,2 +0,0 @@
-staging
-replicate

cdist/conf/type/__openldap_server/parameter/default/description

@@ -1 +0,0 @@
-Managed by cdist, do not edit manually.

cdist/conf/type/__openldap_server/parameter/default/schema

@@ -1,12 +0,0 @@
-corba
-core
-cosine
-duaconf
-dyngroup
-inetorgperson
-java
-misc
-nis
-openldap
-ppolicy
-collective

cdist/conf/type/__openldap_server/parameter/optional

@@ -1,8 +0,0 @@
-description
-syncrepl-credentials
-syncrepl-searchbase
-admin-email
-tls-cipher-suite
-tls-cert
-tls-privkey
-tls-ca

cdist/conf/type/__openldap_server/parameter/optional_multiple

@@ -1,3 +0,0 @@
-syncrepl-host
-module
-schema

cdist/conf/type/__openldap_server/parameter/required

@@ -1,5 +0,0 @@
-manager-dn
-manager-password
-manager-password-hash
-serverid
-suffix

cdist/conf/type/__openldap_server/parameter/required_multiple

@@ -1 +0,0 @@
-slapd-url

cdist/conf/type/__package_apk/explorer/state

@@ -27,10 +27,6 @@ else
    name="$__object_id"
 fi
 
-# Remove the @.. repo tag for finding out whether it is installed
-# f.i. pass@testing => pass
-name="$(echo "$name" | sed 's/@.*//')"
-
 if [ "$(apk list -I "$name")" ]; then
     echo present
 else

cdist/conf/type/__package_update_index/explorer/currage

@@ -34,9 +34,6 @@ case "$type" in
             echo 0
         fi
         ;;
-    alpine)
-        echo 0
-        ;;
     *)  echo "Your specified type ($type) is currently not supported." >&2
         echo "Please contribute an implementation for it if you can." >&2
         ;;

cdist/conf/type/__package_update_index/explorer/type

@@ -26,7 +26,6 @@ else
         amazon|scientific|centos|fedora|redhat) echo "yum" ;;
         debian|ubuntu|devuan) echo "apt" ;;
         archlinux) echo "pacman" ;;
-        alpine) echo "apk" ;;
         *)
             echo "Don't know how to manage packages on: $os" >&2
             exit 1

cdist/conf/type/__package_update_index/gencode-remote

@@ -47,10 +47,6 @@ case "$type" in
         echo "pacman --noprogressbar --sync --refresh"
         echo "pacman package database synced (age was: $currage)" >> "$__messages_out"
         ;;
-    apk)
-        echo "apk update"
-        echo "apk package database updated." >>"$__messages_out"
-        ;;
     *)
         echo "Don't know how to manage packages for type: $type" >&2
         exit 1

cdist/conf/type/__postfix/manifest

@@ -1,7 +1,6 @@
 #!/bin/sh -e
 #
 # 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc)
-# 2019 Nico Schottelius (nico-cdist at schottelius.org)
 #
 # This file is part of cdist.
 #
@@ -23,7 +22,7 @@
 os=$(cat "$__global/explorer/os")
 
 case "$os" in
-   alpine|ubuntu|debian|archlinux|suse|scientific|centos|devuan)
+   ubuntu|debian|archlinux|suse|scientific|centos|devuan)
       __package postfix --state present
    ;;
    *)

cdist/conf/type/__postfix_postconf/explorer/value

@@ -22,7 +22,7 @@
 os=$("$__explorer/os")
 
 case "$os" in
-   alpine|ubuntu|debian|archlinux|suse|scientific|centos|devuan)
+   ubuntu|debian|archlinux|suse|scientific|centos|devuan)
       :
    ;;
    *)

cdist/conf/type/__postfix_postconf/gencode-remote

@@ -1,7 +1,6 @@
 #!/bin/sh -e
 #
 # 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc)
-# 2019 Nico Schottelius (nico-cdist at schottelius.org)
 #
 # This file is part of cdist.
 #
@@ -22,7 +21,7 @@
 os=$(cat "$__global/explorer/os")
 
 case "$os" in
-   alpine|archlinux|centos|debian|devuan|suse|scientific|ubuntu)
+   ubuntu|debian|archlinux|suse|scientific|centos|devuan)
       :
    ;;
    *)

cdist/conf/type/__postgres_database/gencode-remote

@@ -41,16 +41,12 @@ if [ "$state_should" != "$state_is" ]; then
       present)
          owner=""
          if [ -f "$__object/parameter/owner" ]; then
-            owner="-O \"$(cat "$__object/parameter/owner")\""
+            owner="-O '$(cat "$__object/parameter/owner")'"
          fi
-         cat << EOF
-su - '$postgres_user' -c "createdb $owner \"$name\""
-EOF
+         echo "su - '$postgres_user' -c \"createdb $owner '$name'\""
       ;;
       absent)
-         cat << EOF
-su - '$postgres_user' -c "dropdb \"$name\""
-EOF
+         echo "su - '$postgres_user' -c \"dropdb '$name'\""
       ;;
    esac
 fi

cdist/conf/type/__postgres_role/gencode-remote

@@ -53,13 +53,11 @@ case "$state_should" in
         done
 
         [ -n "$password" ] && password="PASSWORD '$password'"
-        cat << EOF
-su - '$postgres_user' -c "psql postgres -wc 'CREATE ROLE \"$name\" WITH $password $booleans;'"
-EOF
+
+        cmd="CREATE ROLE $name WITH $password $booleans"
+        echo "su - '$postgres_user' -c \"psql postgres -wc \\\"$cmd\\\"\""
     ;;
     absent)
-        cat << EOF
-su - '$postgres_user' -c "dropuser \"$name\""
-EOF
+        echo "su - '$postgres_user' -c \"dropuser \\\"$name\\\"\""
     ;;
 esac

cdist/conf/type/__prometheus_alertmanager/manifest

@@ -30,7 +30,6 @@ if [ -f "$__object/parameter/install-from-backports" ]; then
 		*)
 			echo "--install-from-backports is only supported on Devuan -- ignoring." >&2
 			echo "Send a pull request if you require it." >&2
-			exit 1
 		;;
 	esac
 else
@@ -61,5 +60,5 @@ require="$require __directory/$storage_path $require_pkg" \
 __config_file $CONF \
 	--source "$config" \
 	--group prometheus --mode 640 \
-	--onchange "service prometheus-alertmanager restart"  # TODO when a config-check tool is available, check config here
+	--onchange "service prometheus-alertmanager reload"  # TODO when a config-check tool is available, check config here