inrin/cdist
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[type/__sshd_config] Produce error if invalid config file is generated

Browse source 
Previously, cdist would silently swallow the error (no invalid config file was
generated).

Reason: `set -e` does not exit if a command in a sub-command group fails,
it merely returns with a non-zero exit status.

e.g. the following snippet does not abort the script if sshd -t returns with a
non-zero exit status:

    set -e
    cmp -s old new || {
        # check config file and update it
        sshd -t -f new \
        && cat new >old
    }

or compressed:

    set -e
    false || { false && true; }
    echo $?
    # prints 1
This commit is contained in:
Dennis Camera 2021-01-05 15:50:21 +01:00
commit 766198912d
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
cdist/conf/type/__sshd_config/gencode-remote
View file

@ -91,7 +91,8 @@ awk $(drop_awk_comments "${__type:?}/files/update_sshd_config.awk") \\
cmp -s $(quote "${sshd_config_file}") $(quote "${sshd_config_file}.tmp") || { cmp -s $(quote "${sshd_config_file}") $(quote "${sshd_config_file}.tmp") || {
sshd -t -f $(quote "${sshd_config_file}.tmp") \\ sshd -t -f $(quote "${sshd_config_file}.tmp") \\
&& cat $(quote "${sshd_config_file}.tmp") >$(quote "${sshd_config_file}") && cat $(quote "${sshd_config_file}.tmp") >$(quote "${sshd_config_file}") \\
|| exit # stop if sshd_config file check fails
} }
rm -f $(quote "${sshd_config_file}.tmp") rm -f $(quote "${sshd_config_file}.tmp")
EOF EOF