diff --git a/cdist/conf/explorer/memory b/cdist/conf/explorer/memory index 63aba9c6..5ea15ada 100755 --- a/cdist/conf/explorer/memory +++ b/cdist/conf/explorer/memory @@ -1,9 +1,8 @@ -#!/bin/sh -e +#!/bin/sh # # 2014 Daniel Heule (hda at sfs.biz) # 2014 Thomas Oettli (otho at sfs.biz) # Copyright 2017, Philippe Gregoire -# 2020 Dennis Camera # # This file is part of cdist. # @@ -20,74 +19,24 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # -# Returns the amount of memory physically installed in the system, or if that -# cannot be determined the amount available to the operating system kernel, -# in kibibytes (kiB). +# -str2bytes() { - awk -F' ' ' - $2 == "B" || !$2 { print $1 } - $2 == "kB" { print $1 * 1000 } - $2 == "MB" { print $1 * 1000 * 1000 } - $2 == "GB" { print $1 * 1000 * 1000 * 1000 } - $2 == "TB" { print $1 * 1000 * 1000 * 1000 * 1000 } - $2 == "kiB" { print $1 * 1024 } - $2 == "MiB" { print $1 * 1024 * 1024 } - $2 == "GiB" { print $1 * 1024 * 1024 * 1024 } - $2 == "TiB" { print $1 * 1024 * 1024 * 1024 * 1024 }' -} +# FIXME: other system types (not linux ...) -bytes2kib() { - set -- "$(cat)" - test "$1" -gt 0 && echo $(($1 / 1024)) -} +os=$("$__explorer/os") +case "$os" in + "macosx") + echo "$(sysctl -n hw.memsize)/1024" | bc + ;; + *"bsd") + PATH=$(getconf PATH) + echo "$(sysctl -n hw.physmem) / 1048576" | bc + ;; -case $(uname -s) -in - (Darwin) - sysctl -n hw.memsize | bytes2kib - ;; - (FreeBSD) - sysctl -n hw.realmem | bytes2kib - ;; - (NetBSD|OpenBSD) - # NOTE: This reports "usable" memory, not physically installed memory. - command -p sysctl -n hw.physmem | bytes2kib - ;; - (SunOS) - # Make sure that awk from xpg4 is used for the scripts to work - export PATH="/usr/xpg4/bin:${PATH}" - prtconf \ - | awk -F ': ' ' - $1 == "Memory size" { sub(/Megabytes/, "MiB", $2); print $2 } - /^$/ { exit }' \ - | str2bytes \ - | bytes2kib - ;; - (Linux) - if test -d /sys/devices/system/memory - then - # Use memory blocks if the architecture (e.g. x86, PPC64, s390) - # supports them (they denote physical memory) - num_mem_blocks=$(cat /sys/devices/system/memory/memory[0-9]*/state | grep -cxF online) - mem_block_size=$(cat /sys/devices/system/memory/block_size_bytes) - - echo $((num_mem_blocks * 0x$mem_block_size)) | bytes2kib && exit - fi - if test -r /proc/meminfo - then - # Fall back to meminfo file on other architectures (e.g. ARM, MIPS, - # PowerPC) - # NOTE: This is "usable" memory, not physically installed memory. - awk -F ': +' '$1 == "MemTotal" { sub(/B$/, "iB", $2); print $2 }' /proc/meminfo \ - | str2bytes \ - | bytes2kib - fi - ;; - (*) - printf "Your kernel (%s) is currently not supported by the memory explorer\n" "$(uname -s)" >&2 - printf "Please contribute an implementation for it if you can.\n" >&2 - exit 1 - ;; + *) + if [ -r /proc/meminfo ]; then + grep "MemTotal:" /proc/meminfo | awk '{print $2}' + fi + ;; esac diff --git a/cdist/conf/explorer/os_version b/cdist/conf/explorer/os_version index 3b02dedd..a7b1d3bc 100755 --- a/cdist/conf/explorer/os_version +++ b/cdist/conf/explorer/os_version @@ -70,11 +70,6 @@ case "$("$__explorer/os")" in macosx) sw_vers -productVersion ;; - freebsd) - # Apparently uname -r is not a reliable way to get the patch level. - # See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743 - freebsd-version - ;; *bsd|solaris) uname -r ;; diff --git a/cdist/conf/type/__apt_backports/man.rst b/cdist/conf/type/__apt_backports/man.rst deleted file mode 100644 index 7036fb84..00000000 --- a/cdist/conf/type/__apt_backports/man.rst +++ /dev/null @@ -1,104 +0,0 @@ -cdist-type__debian_backports(7) -=============================== - -NAME ----- -cdist-type__apt_backports - Install backports - - -DESCRIPTION ------------ -This singleton type installs backports for the current OS release. -It aborts if backports are not supported for the specified OS or -no version codename could be fetched (like Debian unstable). - -The package index will be automatically updated if required. - -It supports backports from following OSes: - -- Debian -- Devuan -- Ubuntu - - -REQUIRED PARAMETERS -------------------- -None. - - -OPTIONAL PARAMETERS -------------------- -state - Represents the state of the backports repository. ``present`` or - ``absent``, defaults to ``present``. - - Will be directly passed to :strong:`cdist-type__apt_source`\ (7). - -mirror - The mirror to fetch the backports from. Will defaults to the generic - mirror of the current OS. - - Will be directly passed to :strong:`cdist-type__apt_source`\ (7). - - -BOOLEAN PARAMETERS ------------------- -None. - - -MESSAGES --------- -None. - - -EXAMPLES --------- - -.. code-block:: sh - - # setup the backports - __apt_backports - __apt_backports --state absent - __apt_backports --state present --mirror "http://ftp.de.debian.org/debian/" - - # install a backports package - # currently for the buster release backports - require="__apt_backports" __package_apt wireguard \ - --target-release buster-backports - - -ABORTS ------- -Aborts if the detected os is not Debian. - -Aborts if no distribuition codename could be detected. This is common for the -unstable distribution, but there is no backports repository for it already. - - -CAVEATS -------- -For Ubuntu, it setup all componenents for the backports repository: ``main``, -``restricted``, ``universe`` and ``multiverse``. The user may not want to -install proprietary packages, which will only be installed if the user -explicitly uses the backports target-release. The user may change this behavior -to install backports packages without the need of explicitly select it. - - -SEE ALSO --------- -`Official Debian Backports site `_ - -:strong:`cdist-type__apt_source`\ (7) - - -AUTHORS -------- -Matthias Stecher - - -COPYING -------- -Copyright \(C) 2020 Matthias Stecher. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/cdist/conf/type/__apt_backports/manifest b/cdist/conf/type/__apt_backports/manifest deleted file mode 100755 index bc47d8de..00000000 --- a/cdist/conf/type/__apt_backports/manifest +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/sh -e -# __apt_backports/manifest -# -# 2020 Matthias Stecher (matthiasstecher at gmx.de) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# -# Enables/disables backports repository. Utilises __apt_source for it. -# - - -# Get the distribution codename by /etc/os-release. -# is already executed in a subshell by string substitution -# lsb_release may not be given in all installations -codename_os_release() { - # shellcheck disable=SC1090 - . "$__global/explorer/os_release" - printf "%s" "$VERSION_CODENAME" -} - -# detect backport distribution -os="$(cat "$__global/explorer/os")" -case "$os" in - debian) - dist="$( codename_os_release )" - components="main" - mirror="http://deb.debian.org/debian/" - ;; - devuan) - dist="$( codename_os_release )" - components="main" - mirror="http://deb.devuan.org/merged" - ;; - ubuntu) - dist="$( codename_os_release )" - components="main restricted universe multiverse" - mirror="http://archive.ubuntu.com/ubuntu" - ;; - - *) - printf "Backports for %s are not supported!\n" "$os" >&2 - exit 1 - ;; -esac - -# error if no codename given (e.g. on Debian unstable) -if [ -z "$dist" ]; then - printf "No backports for unkown version of distribution %s!\n" "$os" >&2 - exit 1 -fi - - -# parameters -state="$(cat "$__object/parameter/state")" - -# mirror already set for the os, only override user-values -if [ -f "$__object/parameter/mirror" ]; then - mirror="$(cat "$__object/parameter/mirror")" -fi - - -# install the given backports repository -__apt_source "${dist}-backports" \ - --state "$state" \ - --distribution "${dist}-backports" \ - --component "$components" \ - --uri "$mirror" diff --git a/cdist/conf/type/__apt_backports/parameter/default/state b/cdist/conf/type/__apt_backports/parameter/default/state deleted file mode 100644 index e7f6134f..00000000 --- a/cdist/conf/type/__apt_backports/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -present diff --git a/cdist/conf/type/__apt_backports/parameter/optional b/cdist/conf/type/__apt_backports/parameter/optional deleted file mode 100644 index 4b05c235..00000000 --- a/cdist/conf/type/__apt_backports/parameter/optional +++ /dev/null @@ -1,2 +0,0 @@ -state -mirror diff --git a/cdist/conf/type/__apt_backports/singleton b/cdist/conf/type/__apt_backports/singleton deleted file mode 100644 index e69de29b..00000000 diff --git a/cdist/conf/type/__block/gencode-remote b/cdist/conf/type/__block/gencode-remote index 7a1f4064..1f5cc033 100755 --- a/cdist/conf/type/__block/gencode-remote +++ b/cdist/conf/type/__block/gencode-remote @@ -46,29 +46,28 @@ fi remove_block() { cat << DONE -tmpfile=\$(mktemp ${quoted_file}.cdist.XXXXXXXXXX) +tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX) # preserve ownership and permissions of existing file -if [ -f $quoted_file ]; then - cp -p $quoted_file "\$tmpfile" +if [ -f "$file" ]; then + cp -p "$file" "\$tmpfile" fi -awk -v prefix=$(quote "$prefix") -v suffix=$(quote "$suffix") ' +awk -v prefix=^$(quote "$prefix")\$ -v suffix=^$(quote "$suffix")\$ ' { - if (\$0 == prefix) { + if (match(\$0,prefix)) { triggered=1 } if (triggered) { - if (\$0 == suffix) { + if (match(\$0,suffix)) { triggered=0 } } else { print } -}' $quoted_file > "\$tmpfile" -mv -f "\$tmpfile" $quoted_file +}' "$file" > "\$tmpfile" +mv -f "\$tmpfile" "$file" DONE } -quoted_file="$(quote "$file")" case "$state_should" in present) if [ "$state_is" = "changed" ]; then @@ -78,7 +77,7 @@ case "$state_should" in echo add >> "$__messages_out" fi cat << DONE -cat >> $quoted_file << '${__type##*/}_DONE' +cat >> "$file" << ${__type##*/}_DONE $(cat "$block") ${__type##*/}_DONE DONE diff --git a/cdist/conf/type/__dot_file/man.rst b/cdist/conf/type/__dot_file/man.rst index ba7621a1..ae65eb95 100644 --- a/cdist/conf/type/__dot_file/man.rst +++ b/cdist/conf/type/__dot_file/man.rst @@ -25,9 +25,6 @@ user OPTIONAL PARAMETERS ------------------- -dirmode - forwarded to :strong:`__directory` type as mode - mode forwarded to :strong:`__file` type diff --git a/cdist/conf/type/__dot_file/manifest b/cdist/conf/type/__dot_file/manifest index 02dadf05..5e4957e5 100755 --- a/cdist/conf/type/__dot_file/manifest +++ b/cdist/conf/type/__dot_file/manifest @@ -19,7 +19,6 @@ set -eu user="$(cat "${__object}/parameter/user")" home="$(cat "${__object}/explorer/home")" primary_group="$(cat "${__object}/explorer/primary_group")" -dirmode="$(cat "${__object}/parameter/dirmode")" # Create parent directory. Type __directory has flag 'parents', but it # will leave us with root-owned directory in user home, which is not @@ -37,7 +36,6 @@ export CDIST_ORDER_DEPENDENCY for dir ; do __directory "${home}/${dir}" \ --group "${primary_group}" \ - --mode "${dirmode}" \ --owner "${user}" done diff --git a/cdist/conf/type/__dot_file/parameter/default/dirmode b/cdist/conf/type/__dot_file/parameter/default/dirmode deleted file mode 100644 index e9745d1f..00000000 --- a/cdist/conf/type/__dot_file/parameter/default/dirmode +++ /dev/null @@ -1 +0,0 @@ -0700 diff --git a/cdist/conf/type/__dot_file/parameter/optional b/cdist/conf/type/__dot_file/parameter/optional index 9f7f83fb..ccab9fa6 100644 --- a/cdist/conf/type/__dot_file/parameter/optional +++ b/cdist/conf/type/__dot_file/parameter/optional @@ -1,4 +1,3 @@ state mode source -dirmode diff --git a/cdist/conf/type/__hostname/gencode-remote b/cdist/conf/type/__hostname/gencode-remote index c1a97ac8..02afcbfb 100755 --- a/cdist/conf/type/__hostname/gencode-remote +++ b/cdist/conf/type/__hostname/gencode-remote @@ -20,27 +20,26 @@ # along with cdist. If not, see . # -os=$(cat "${__global:?}/explorer/os") -name_running=$(cat "${__global:?}/explorer/hostname") -has_hostnamectl=$(cat "${__object:?}/explorer/has_hostnamectl") +os=$(cat "$__global/explorer/os") +name_running=$(cat "$__global/explorer/hostname") +has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl") -if test -s "${__object:?}/parameter/name" +if test -s "$__object/parameter/name" then - name_should=$(cat "${__object:?}/parameter/name") + name_should=$(cat "$__object/parameter/name") else - case ${os} + case $os in # RedHat-derivatives and BSDs - (centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd) + centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd) # Hostname is FQDN - name_should=${__target_host:?} - ;; - (*) + name_should="${__target_host}" + ;; + *) # Hostname is only first component of FQDN - name_should=${__target_host:?} - name_should=${name_should%%.*} - ;; + name_should="${__target_host%%.*}" + ;; esac fi @@ -48,46 +47,46 @@ fi ################################################################################ # Check if the (running) hostname is already correct # -test "${name_running}" != "${name_should}" || exit 0 +test "$name_running" != "$name_should" || exit 0 ################################################################################ # Setup hostname # -echo 'changed' >>"${__messages_out:?}" +echo 'changed' >>"$__messages_out" # Use the good old way to set the hostname. -case ${os} +case $os in - (alpine|debian|devuan|ubuntu) + alpine|debian|devuan|ubuntu) echo 'hostname -F /etc/hostname' - ;; - (archlinux) + ;; + archlinux) echo 'command -v hostnamectl >/dev/null 2>&1' \ - "&& hostnamectl set-hostname '${name_should}'" \ - "|| hostname '${name_should}'" - ;; - (centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void) - echo "hostname '${name_should}'" - ;; - (openwrt) - echo "echo '${name_should}' >/proc/sys/kernel/hostname" - ;; - (macosx) - echo "scutil --set HostName '${name_should}'" - ;; - (solaris) - echo "uname -S '${name_should}'" - ;; - (slackware|suse) + "&& hostnamectl set-hostname '$name_should'" \ + "|| hostname '$name_should'" + ;; + centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void) + echo "hostname '$name_should'" + ;; + openwrt) + echo "echo '$name_should' >/proc/sys/kernel/hostname" + ;; + macosx) + echo "scutil --set HostName '$name_should'" + ;; + solaris) + echo "uname -S '$name_should'" + ;; + slackware|suse|opensuse-leap) # We do not read from /etc/HOSTNAME, because the running # hostname is the first component only while the file contains # the FQDN. - echo "hostname '${name_should}'" - ;; - (*) + echo "hostname '$name_should'" + ;; + *) # Fall back to set the hostname using hostnamectl, if available. - if test -n "${has_hostnamectl}" + if test -n "$has_hostnamectl" then # Don't use hostnamectl as the primary means to set the hostname for # systemd systems, because it cannot be trusted to work reliably and @@ -98,8 +97,7 @@ in echo "test \"\$(hostname)\" = \"\$(cat /etc/hostname)\"" \ " || hostname -F /etc/hostname" else - printf "echo 'Unsupported OS: %s' >&2\n" "${os}" - printf 'exit 1\n' + printf "echo 'Unsupported OS: %s' >&2\nexit 1\n" "$os" fi - ;; + ;; esac diff --git a/cdist/conf/type/__hostname/manifest b/cdist/conf/type/__hostname/manifest index b80aa2ef..bf8a331c 100755 --- a/cdist/conf/type/__hostname/manifest +++ b/cdist/conf/type/__hostname/manifest @@ -20,49 +20,69 @@ # along with cdist. If not, see . # +not_supported() { + echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 + echo "Please contribute an implementation for it if you can." >&2 + exit 1 +} + set_hostname_systemd() { echo "$1" | __file /etc/hostname --source - } -os=$(cat "${__global:?}/explorer/os") +os=$(cat "$__global/explorer/os") +os_version=$(cat "$__global/explorer/os_version") +os_major=$(echo "$os_version" | grep -o '^[0-9][0-9]*' || true) -max_len=$(cat "${__object:?}/explorer/max_len") -has_hostnamectl=$(cat "${__object:?}/explorer/has_hostnamectl") +max_len=$(cat "$__object/explorer/max_len") +has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl") -if test -s "${__object:?}/parameter/name" +if test -s "$__object/parameter/name" then - name_should=$(cat "${__object:?}/parameter/name") + name_should=$(cat "$__object/parameter/name") else - case ${os} + case $os in # RedHat-derivatives and BSDs - (centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware|suse) + centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware) # Hostname is FQDN - name_should=${__target_host:?} - ;; + name_should="${__target_host}" + ;; + suse|opensuse-leap) + # Classic SuSE stores the FQDN in /etc/HOSTNAME, while + # systemd does not. The running hostname is the first + # component in both cases. + # In versions before 15.x, the FQDN is stored in /etc/hostname. + if test -n "$has_hostnamectl" && test "$os_major" -ge 15 \ + && test "$os_major" -ne 42 + then + name_should="${__target_host%%.*}" + else + name_should="${__target_host}" + fi + ;; *) # Hostname is only first component of FQDN on all other systems. - name_should=${__target_host:?} - name_should=${name_should%%.*} - ;; + name_should="${__target_host%%.*}" + ;; esac fi -if test -n "${max_len}" && test "$(printf '%s' "${name_should}" | wc -c)" -gt "${max_len}" +if test -n "$max_len" && test "$(printf '%s' "$name_should" | wc -c)" -gt "$max_len" then printf "Host name too long. Up to %u characters allowed.\n" "${max_len}" >&2 exit 1 fi -case ${os} +case $os in - (alpine|debian|devuan|ubuntu|void) - echo "${name_should}" | __file /etc/hostname --source - - ;; - (archlinux) - if test -n "${has_hostnamectl}" + alpine|debian|devuan|ubuntu|void) + echo "$name_should" | __file /etc/hostname --source - + ;; + archlinux) + if test -n "$has_hostnamectl" then - set_hostname_systemd "${name_should}" + set_hostname_systemd "$name_should" else echo 'Ancient ArchLinux variants without hostnamectl are not supported.' >&2 exit 1 @@ -77,8 +97,8 @@ in # --value "\"$name_should\"" fi ;; - (centos|fedora|redhat|scientific) - if test -z "${has_hostnamectl}" + centos|fedora|redhat|scientific) + if test -z "$has_hostnamectl" then # Only write to /etc/sysconfig/network on non-systemd versions. # On systemd-based versions this entry is ignored. @@ -86,83 +106,63 @@ in --file /etc/sysconfig/network \ --delimiter '=' --exact_delimiter \ --key HOSTNAME \ - --value "\"${name_should}\"" + --value "\"$name_should\"" else - set_hostname_systemd "${name_should}" + set_hostname_systemd "$name_should" fi - ;; - (gentoo) + ;; + gentoo) # Only write to /etc/conf.d/hostname on OpenRC-based installations. # On systemd use hostnamectl(1) in gencode-remote. - if test -z "${has_hostnamectl}" + if test -z "$has_hostnamectl" then __key_value '/etc/conf.d/hostname:hostname' \ --file /etc/conf.d/hostname \ --delimiter '=' --exact_delimiter \ --key 'hostname' \ - --value "\"${name_should}\"" + --value "\"$name_should\"" else set_hostname_systemd "$name_should" fi - ;; - (freebsd) + ;; + freebsd) __key_value '/etc/rc.conf:hostname' \ --file /etc/rc.conf \ --delimiter '=' --exact_delimiter \ --key 'hostname' \ - --value "\"${name_should}\"" - ;; - (macosx) + --value "\"$name_should\"" + ;; + macosx) # handled in gencode-remote - ;; - (netbsd) + : + ;; + netbsd) __key_value '/etc/rc.conf:hostname' \ --file /etc/rc.conf \ --delimiter '=' --exact_delimiter \ --key 'hostname' \ - --value "\"${name_should}\"" + --value "\"$name_should\"" # To avoid confusion, ensure that the hostname is only stored once. __file /etc/myname --state absent - ;; - (openbsd) - echo "${name_should}" | __file /etc/myname --source - - ;; - (openwrt) - __uci system.@system[0].hostname --value "${name_should}" + ;; + openbsd) + echo "$name_should" | __file /etc/myname --source - + ;; + openwrt) + __uci system.@system[0].hostname --value "$name_should" # --transaction hostname - ;; - (slackware) + ;; + slackware) # We write the FQDN into /etc/HOSTNAME. But /etc/rc.d/rc.M will only # read the first component from this file and set it as the running # hostname on boot. - echo "${name_should}" | __file /etc/HOSTNAME --source - - ;; - (solaris) - echo "${name_should}" | __file /etc/nodename --source - - ;; - (suse) - if test -s "${__global:?}/explorer/os_release" - then - # shellcheck source=/dev/null - os_version=$(. "${__global:?}/explorer/os_release" && echo "${VERSION}") - else - os_version=$(sed -n 's/^VERSION\ *=\ *//p' "${__global:?}/explorer/os_version") - fi - os_major=$(expr "${os_version}" : '\([0-9]\{1,\}\)') - - # Classic SuSE stores the FQDN in /etc/HOSTNAME, while - # systemd does not. The running hostname is the first - # component in both cases. - # In versions before 15.x, the FQDN is stored in /etc/hostname. - if test -n "${has_hostnamectl}" \ - && test "${os_major}" -ge 15 \ - && test "${os_major}" -ne 42 - then - # strip away everything but the first part from $name_should - name_should=${name_should%%.*} - fi - + echo "$name_should" | __file /etc/HOSTNAME --source - + ;; + solaris) + echo "$name_should" | __file /etc/nodename --source - + ;; + suse|opensuse-leap) # Modern SuSE provides /etc/HOSTNAME as a symlink for # backwards-compatibility. Unfortunately it cannot be used # here as __file does not follow the symlink. @@ -171,25 +171,23 @@ in # not work correctly on openSUSE 12.x which provides # hostnamectl but not /etc/hostname. - if test -n "${has_hostnamectl}" -a "${os_major}" -gt 12 + if test -n "$has_hostnamectl" -a "$os_major" -gt 12 then - hostname_file=/etc/hostname + hostname_file='/etc/hostname' else - hostname_file=/etc/HOSTNAME + hostname_file='/etc/HOSTNAME' fi - echo "${name_should}" | __file "${hostname_file}" --source - - ;; - (*) + echo "$name_should" | __file "$hostname_file" --source - + ;; + *) # On other operating systems we fall back to systemd's # hostnamectl if available… - if test -n "${has_hostnamectl}" + if test -n "$has_hostnamectl" then - set_hostname_systemd "${name_should}" + set_hostname_systemd "$name_should" else - echo "Your operating system (${os}) is currently not supported by this type (${__type##*/})." >&2 - echo "Please contribute an implementation for it if you can." >&2 - exit 1 + not_supported fi - ;; + ;; esac diff --git a/cdist/conf/type/__iptables_apply/files/init-script b/cdist/conf/type/__iptables_apply/files/init-script index e42017ae..d9c79ef7 100644 --- a/cdist/conf/type/__iptables_apply/files/init-script +++ b/cdist/conf/type/__iptables_apply/files/init-script @@ -1,4 +1,7 @@ #!/bin/sh +# Nico Schottelius +# Zürisee, Mon Sep 2 18:38:27 CEST 2013 +# ### BEGIN INIT INFO # Provides: iptables # Required-Start: $local_fs $remote_fs @@ -11,72 +14,34 @@ # and saves/restores previous status ### END INIT INFO -# Originally written by: -# Nico Schottelius -# Zürisee, Mon Sep 2 18:38:27 CEST 2013 -# -# 2013 Nico Schottelius (nico-cdist at schottelius.org) -# 2020 Matthias Stecher (matthiasstecher at gmx.de) -# -# This file is distributed with cdist and licenced under the -# GNU GPLv3+ WITHOUT ANY WARRANTY. - - -# Read files and execute the content with the given commands -# -# Arguments: -# 1: Directory -# 2..n: Commands which should be used to execute the file content -gothrough() { - cd "$1" || return - shift - - # iterate through all rules and continue if it's not a file - for rule in *; do - [ -f "$rule" ] || continue - echo "Appling iptables rule $rule ..." - - # execute it with all commands specificed - ruleparam="$(cat "$rule")" - for cmd in "$@"; do - # Command and Rule should be split. - # shellcheck disable=SC2046 - command $cmd $ruleparam - done - done -} - -# Shortcut for iptables command to do IPv4 and v6 -# only applies to the "reset" target -iptables() { - command iptables "$@" - command ip6tables "$@" -} basedir=/etc/iptables.d -status4="${basedir}/.pre-start" -status6="${basedir}/.pre-start6" +status="${basedir}/.pre-start" case $1 in start) # Save status - iptables-save > "$status4" - ip6tables-save > "$status6" + iptables-save > "$status" # Apply our ruleset - gothrough "$basedir" iptables - #gothrough "$basedir/v4" iptables # conflicts with $basedir - gothrough "$basedir/v6" ip6tables - gothrough "$basedir/all" iptables ip6tables + cd "$basedir" || exit + count="$(find . ! -name . -prune | wc -l)" + + # Only do something if there are rules + if [ "$count" -ge 1 ]; then + for rule in *; do + echo "Applying iptables rule $rule ..." + # Rule should be split. + # shellcheck disable=SC2046 + iptables $(cat "$rule") + done + fi ;; stop) # Restore from status before, if there is something to restore - if [ -f "$status4" ]; then - iptables-restore < "$status4" - fi - if [ -f "$status6" ]; then - ip6tables-restore < "$status6" + if [ -f "$status" ]; then + iptables-restore < "$status" fi ;; restart) diff --git a/cdist/conf/type/__iptables_apply/man.rst b/cdist/conf/type/__iptables_apply/man.rst index 3bef92cc..76e1f6bf 100644 --- a/cdist/conf/type/__iptables_apply/man.rst +++ b/cdist/conf/type/__iptables_apply/man.rst @@ -10,24 +10,7 @@ DESCRIPTION ----------- This cdist type deploys an init script that triggers the configured rules and also re-applies them on -configuration. Rules are written from __iptables_rule -into the folder ``/etc/iptables.d/``. - -It reads all rules from the base folder as rules for IPv4. -Rules in the subfolder ``v6/`` are IPv6 rules. Rules in -the subfolder ``all/`` are applied to both rule tables. All -files contain the arguments for a single ``iptables`` and/or -``ip6tables`` command. - -Rules are applied in the following order: -1. All IPv4 rules -2. All IPv6 rules -2. All rules that should be applied to both tables - -The order of the rules that will be applied are definite -from the result the shell glob returns, which should be -alphabetical. If rules must be applied in a special order, -prefix them with a number like ``02-some-rule``. +configuration. REQUIRED PARAMETERS @@ -41,7 +24,7 @@ None EXAMPLES -------- -None (__iptables_apply is used by __iptables_rule automatically) +None (__iptables_apply is used by __iptables_rule) SEE ALSO @@ -52,13 +35,11 @@ SEE ALSO AUTHORS ------- Nico Schottelius -Matthias Stecher COPYING ------- -Copyright \(C) 2013 Nico Schottelius. -Copyright \(C) 2020 Matthias Stecher. -You can redistribute it and/or modify it under the terms of the GNU -General Public License as published by the Free Software Foundation, -either version 3 of the License, or (at your option) any later version. +Copyright \(C) 2013 Nico Schottelius. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__iptables_rule/man.rst b/cdist/conf/type/__iptables_rule/man.rst index afb71e01..92d8859f 100644 --- a/cdist/conf/type/__iptables_rule/man.rst +++ b/cdist/conf/type/__iptables_rule/man.rst @@ -11,10 +11,6 @@ DESCRIPTION This cdist type allows you to manage iptable rules in a distribution independent manner. -See :strong:`cdist-type__iptables_apply`\ (7) for the -execution order of these rules. It will be executed -automaticly to apply all rules non-volaite. - REQUIRED PARAMETERS ------------------- @@ -29,24 +25,6 @@ state 'present' or 'absent', defaults to 'present' -BOOLEAN PARAMETERS ------------------- -All rules without any of these parameters will be treated like ``--v4`` because -of backward compatibility. - -v4 - Explicitly set it as rule for IPv4. If IPv6 is set, too, it will be - threaten like ``--all``. Will be the default if nothing else is set. - -v6 - Explicitly set it as rule for IPv6. If IPv4 is set, too, it will be - threaten like ``--all``. - -all - Set the rule for both IPv4 and IPv6. It will be saved separately from the - other rules. - - EXAMPLES -------- @@ -70,16 +48,6 @@ EXAMPLES --state absent - # IPv4-only rule for ICMPv4 - __iptables_rule icmp-v4 --v4 --rule "-A INPUT -p icmp -j ACCEPT" - # IPv6-only rule for ICMPv6 - __iptables_rule icmp-v6 --v6 --rule "-A INPUT -p icmpv6 -j ACCEPT" - - # doing something for the dual stack - __iptables_rule fwd-eth0-eth1 --v4 --v6 --rule "-A INPUT -i eth0 -o eth1 -j ACCEPT" - __iptables_rule fwd-eth1-eth0 --all --rule "-A -o eth1 -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT" - - SEE ALSO -------- :strong:`cdist-type__iptables_apply`\ (7), :strong:`iptables`\ (8) @@ -88,13 +56,11 @@ SEE ALSO AUTHORS ------- Nico Schottelius -Matthias Stecher COPYING ------- -Copyright \(C) 2013 Nico Schottelius. -Copyright \(C) 2020 Matthias Stecher. -You can redistribute it and/or modify it under the terms of the GNU -General Public License as published by the Free Software Foundation, -either version 3 of the License, or (at your option) any later version. +Copyright \(C) 2013 Nico Schottelius. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__iptables_rule/manifest b/cdist/conf/type/__iptables_rule/manifest index d4394c25..ed78787f 100755 --- a/cdist/conf/type/__iptables_rule/manifest +++ b/cdist/conf/type/__iptables_rule/manifest @@ -1,7 +1,6 @@ #!/bin/sh -e # # 2013 Nico Schottelius (nico-cdist at schottelius.org) -# 2020 Matthias Stecher (matthiasstecher at gmx.de) # # This file is part of cdist. # @@ -25,36 +24,12 @@ base_dir=/etc/iptables.d name="$__object_id" state="$(cat "$__object/parameter/state")" -if [ -f "$__object/parameter/v4" ]; then - only_v4="yes" - # $specific_dir is $base_dir -fi -if [ -f "$__object/parameter/v6" ]; then - only_v6="yes" - specific_dir="$base_dir/v6" -fi -# If rules should be set for both protocols -if { [ "$only_v4" = "yes" ] && [ "$only_v6" = "yes" ]; } || - [ -f "$__object/parameter/all" ]; then - - # all to a specific directory - specific_dir="$base_dir/all" -fi - -# set rule directory based on if it's the base or subdirectory -rule_dir="${specific_dir:-$base_dir}" - ################################################################################ # Basic setup # __directory "$base_dir" --state present -# sub-directory if required -if [ "$specific_dir" ]; then - require="__directory/$base_dir" __directory "$specific_dir" --state present -fi - # Have apply do the real job require="$__object_name" __iptables_apply @@ -62,15 +37,6 @@ require="$__object_name" __iptables_apply # The rule # -for dir in "$base_dir" "$base_dir/v6" "$base_dir/all"; do - # defaults to absent except the directory that should contain the file - if [ "$rule_dir" = "$dir" ]; then - curr_state="$state" - else - curr_state="absent" - fi - - require="__directory/$rule_dir" __file "$dir/$name" \ - --source "$__object/parameter/rule" \ - --state "$curr_state" -done +require="__directory/$base_dir" __file "$base_dir/${name}" \ + --source "$__object/parameter/rule" \ + --state "$state" diff --git a/cdist/conf/type/__iptables_rule/parameter/boolean b/cdist/conf/type/__iptables_rule/parameter/boolean deleted file mode 100644 index 76882272..00000000 --- a/cdist/conf/type/__iptables_rule/parameter/boolean +++ /dev/null @@ -1,3 +0,0 @@ -all -v4 -v6 diff --git a/cdist/conf/type/__letsencrypt_cert/files/gen_hook.sh b/cdist/conf/type/__letsencrypt_cert/files/gen_hook.sh deleted file mode 100644 index 81ea4856..00000000 --- a/cdist/conf/type/__letsencrypt_cert/files/gen_hook.sh +++ /dev/null @@ -1,84 +0,0 @@ -#!/bin/sh -e - -# It is expected that this defines hook_contents - -# Reasonable defaults -hook_source="${__object}/parameter/${hook}-hook" -hook_state="absent" -hook_contents_head="#!/bin/sh -e" -hook_contents_logic="" -hook_contents_tail="" - -# Backwards compatibility -# Remove this when renew-hook is removed -# Falling back to renew-hook if deploy-hook is not passed -if [ "${hook}" = "deploy" ] && [ ! -f "${hook_source}" ]; then - hook_source="${__object}/parameter/renew-hook" -fi -if [ "${state}" = "present" ] && \ - [ -f "${hook_source}" ]; then - # This hook is to be installed, let's generate it with some - # safety boilerplate - # Since certbot runs all hooks for all renewal processes - # (at each state for deploy, pre, post), it is up to us to - # differentiate whether or not the hook must run - hook_state="present" - hook_contents_head="$(cat <> /dev/stderr - exit 1 - ;; - esac - - hook_contents_tail="$(cat < | Darko Poljak | Ľubomír Kučera -| Evilham - COPYING ------- -Copyright \(C) 2017-2021 Nico Schottelius, Kamila Součková, Darko Poljak and +Copyright \(C) 2017-2018 Nico Schottelius, Kamila Součková, Darko Poljak and Ľubomír Kučera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. diff --git a/cdist/conf/type/__letsencrypt_cert/manifest b/cdist/conf/type/__letsencrypt_cert/manifest old mode 100644 new mode 100755 index 1df3574a..b4464366 --- a/cdist/conf/type/__letsencrypt_cert/manifest +++ b/cdist/conf/type/__letsencrypt_cert/manifest @@ -1,20 +1,18 @@ #!/bin/sh certbot_fullpath="$(cat "${__object:?}/explorer/certbot-path")" -state=$(cat "${__object}/parameter/state") -os="$(cat "${__global:?}/explorer/os")" if [ -z "${certbot_fullpath}" ]; then + os="$(cat "${__global:?}/explorer/os")" os_version="$(cat "${__global}/explorer/os_version")" - # Use this, very common value, as a default. It is OS-dependent - certbot_fullpath="/usr/bin/certbot" + case "$os" in - archlinux) - __package certbot - ;; - alpine) - __package certbot - ;; + archlinux) + __package certbot + ;; + alpine) + __package certbot + ;; debian) case "$os_version" in 8*) @@ -50,7 +48,9 @@ if [ -z "${certbot_fullpath}" ]; then exit 1 ;; esac - ;; + + certbot_fullpath=/usr/bin/certbot + ;; devuan) case "$os_version" in jessie) @@ -83,14 +83,17 @@ if [ -z "${certbot_fullpath}" ]; then exit 1 ;; esac + + certbot_fullpath=/usr/bin/certbot ;; freebsd) - __package py37-certbot - certbot_fullpath="/usr/local/bin/certbot" + __package py27-certbot + + certbot_fullpath=/usr/local/bin/certbot ;; ubuntu) - __package certbot - ;; + __package certbot + ;; *) echo "Unsupported os: $os" >&2 exit 1 @@ -98,61 +101,18 @@ if [ -z "${certbot_fullpath}" ]; then esac fi -# Other OS-dependent values that we want to set every time -LE_DIR="/etc/letsencrypt" -certbot_cronjob_state="absent" -case "$os" in - archlinux|alpine) - certbot_cronjob_state="present" - ;; - freebsd) - LE_DIR="/usr/local/etc/letsencrypt" - # FreeBSD uses periodic(8) instead of crontabs for this - __line "periodic.conf_weekly_certbot" \ - --file "/etc/periodic.conf" \ - --regex "^(#[[:space:]]*)?weekly_certbot_enable=.*" \ - --state "replace" \ - --line 'weekly_certbot_enable="YES"' - ;; - *) - ;; -esac +if [ -f "${__object}/parameter/automatic-renewal" ]; then + renew_hook_param="${__object}/parameter/renew-hook" + renew_hook="" + if [ -f "${renew_hook_param}" ]; then + while read -r hook; do + renew_hook="${renew_hook} --renew-hook \"${hook}\"" + done < "${renew_hook_param}" + fi -# This is only necessary in certain OS -__cron letsencrypt-certbot \ - --user root \ - --command "${certbot_fullpath} renew -q" \ - --hour 0 \ - --minute 47 \ - --state "${certbot_cronjob_state}" - -# Ensure hook directories -HOOKS_DIR="${LE_DIR}/renewal-hooks" -__directory "${LE_DIR}" --mode 0755 -require="__directory/${LE_DIR}" __directory "${HOOKS_DIR}" --mode 0755 - -if [ -f "${__object}/parameter/domain" ]; then - domains="$(sort "${__object}/parameter/domain")" -else - domains="${__object_id}" + __cron letsencrypt-certbot \ + --user root \ + --command "${certbot_fullpath} renew -q ${renew_hook}" \ + --hour 0 \ + --minute 47 fi - -# Install hooks as needed -for hook in deploy pre post; do - # Using something unique and specific to this object - hook_file="${HOOKS_DIR}/${hook}/${__object_id}.cdist.sh" - - # This defines hook_contents - # shellcheck source=cdist/conf/type/__letsencrypt_cert/files/gen_hook.sh - . "${__type}/files/gen_hook.sh" - - # Ensure hook directory exists - require="__directory/${HOOKS_DIR}" __directory "${HOOKS_DIR}/${hook}" \ - --mode 0755 - require="__directory/${HOOKS_DIR}/${hook}" __file "${hook_file}" \ - --mode 0555 \ - --source '-' \ - --state "${hook_state}" <. -# -# This explorer determines if the locale is defined on the target system. -# Will print nothing on error. -# -# Possible output: -# present: -# the main locale (and possibly aliases) is present -# absent: -# neither the main locale nor any aliases are present -# alias-present: -# the main locale is absent, but at least one of its aliases is present -# - -# Hardcoded, create a pull request in case it is at another location for -# some other distro. (cf. gencode-remote) -aliasfile='/usr/share/locale/locale.alias' - -command -v locale >/dev/null 2>&1 || exit 0 - -locales=$(locale -a) - -parse_locale() { - # This function will split locales into their parts. Locale strings are - # usually of the form: [language[_territory][.codeset][@modifier]] - # For simplicity, language and territory are not separated by this function. - # Old Linux systems were also using "english" or "german" as locale strings. - # Usage: parse_locale locale_str lang_var codeset_var modifier_var - eval "${2:?}"="$(expr "$1" : '\([^.@]*\)')" - eval "${3:?}"="$(expr "$1" : '[^.]*\.\([^@]*\)')" - eval "${4:?}"="$(expr "$1" : '.*@\(.*\)$')" -} - -format_locale() { - # Usage: format_locale language codeset modifier - printf '%s' "$1" - test -z "$2" || printf '.%s' "$2" - test -z "$3" || printf '@%s' "$3" - printf '\n' -} - -gnu_normalize_codeset() { - # reimplementation of glibc/locale/programs/localedef.c normalize_codeset() - echo "$*" | tr '[:upper:]' '[:lower:]' | tr -cd '[:alnum:]' -} - -locale_available() ( - echo "${locales}" | grep -qxF "$1" || { - # glibc uses "normalized" locale names in archives. - # If a locale is stored in an archive, the normalized name will be - # printed by locale, so that needs to be checked, too. - localename=$( - parse_locale "$1" _lang _codeset _modifier \ - && format_locale "${_lang:?}" "$(gnu_normalize_codeset "${_codeset?}")" \ - "${_modifier?}") - echo "${locales}" | grep -qxF "${localename}" - } -) - -if locale_available "${__object_id:?}" -then - echo present -else - # NOTE: locale.alias can be symlinked. - if test -e "${aliasfile}" - then - # Check if one of the aliases of the locale is defined - baselocale=$( - parse_locale "${__object_id:?}" _lang _codeset _modifiers \ - && format_locale "${_lang}" "${_codeset}") - while read -r _alias _localename - do - if test "${_localename}" = "${baselocale}" \ - && echo "${locales}" | grep -qxF "${_alias}" - then - echo alias-present - exit 0 - fi - done <"${aliasfile}" - fi - - echo absent -fi diff --git a/cdist/conf/type/__localedef/files/lib/glibc.sh b/cdist/conf/type/__localedef/files/lib/glibc.sh deleted file mode 100644 index 6ace80d4..00000000 --- a/cdist/conf/type/__localedef/files/lib/glibc.sh +++ /dev/null @@ -1,5 +0,0 @@ -# -*- mode: sh; indent-tabs-mode: t -*- - -gnu_normalize_codeset() { - echo "$*" | tr -cd '[:alnum:]' | tr '[:upper:]' '[:lower:]' -} diff --git a/cdist/conf/type/__localedef/files/lib/locale.sh b/cdist/conf/type/__localedef/files/lib/locale.sh deleted file mode 100644 index b5e61374..00000000 --- a/cdist/conf/type/__localedef/files/lib/locale.sh +++ /dev/null @@ -1,20 +0,0 @@ -# -*- mode: sh; indent-tabs-mode:t -*- - -parse_locale() { - # This function will split locales into their parts. Locale strings are - # usually of the form: [language[_territory][.codeset][@modifier]] - # For simplicity, language and territory are not separated by this function. - # Old Linux systems were also using "english" or "german" as locale strings. - # Usage: parse_locale locale_str lang_var codeset_var modifier_var - eval "${2:?}"="$(expr "$1" : '\([^.@]*\)')" - eval "${3:?}"="$(expr "$1" : '[^.]*\.\([^@]*\)')" - eval "${4:?}"="$(expr "$1" : '.*@\(.*\)$')" -} - -format_locale() { - # Usage: format_locale language codeset modifier - printf '%s' "$1" - test -z "$2" || printf '.%s' "$2" - test -z "$3" || printf '@%s' "$3" - printf '\n' -} diff --git a/cdist/conf/type/__localedef/gencode-remote b/cdist/conf/type/__localedef/gencode-remote deleted file mode 100755 index 4538151f..00000000 --- a/cdist/conf/type/__localedef/gencode-remote +++ /dev/null @@ -1,136 +0,0 @@ -#!/bin/sh -e -# -# 2013-2019 Nico Schottelius (nico-cdist at schottelius.org) -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# Manage system locales using localedef(1). -# - -# shellcheck source=cdist/conf/type/__localedef/files/lib/locale.sh -. "${__type:?}/files/lib/locale.sh" -# shellcheck source=cdist/conf/type/__localedef/files/lib/glibc.sh -. "${__type:?}/files/lib/glibc.sh" - -state_is=$(cat "${__object:?}/explorer/state") -state_should=$(cat "${__object:?}/parameter/state") - -test "${state_should}" = 'present' -o "${state_should}" = 'absent' || { - printf 'Invalid state: %s\n' "${state_should}" >&2 - exit 1 -} - -# NOTE: If state explorer fails (e.g. locale(1) missing), the following check -# will always fail and let definition/removal run. -if test "${state_is}" = "${state_should}" -then - exit 0 -fi - -locale=${__object_id:?} -os=$(cat "${__global:?}/explorer/os") - -if expr "${locale}" : '.*/' >/dev/null -then - printf 'Paths as locales are not supported.\n' >&2 - printf '__object_id is: %s\n' "${locale}" >&2 - exit 1 -fi - -: "${lang=}" "${codeset=}" "${modifier=}" # declare variables for shellcheck -parse_locale "${locale}" lang codeset modifier - - -case ${os} -in - (alpine|openwrt) - printf '%s does not support locales.\n' "${os}" >&2 - exit 1 - ;; - (archlinux|debian|devuan|ubuntu|suse|centos|fedora|redhat|scientific) - # FIXME: The code below only works for glibc-based installations. - - # NOTE: Hardcoded, create a pull request in case it is at another - # location for some opther distro. - # NOTE: locale.alias can be symlinked (e.g. Debian) - aliasfile='/usr/share/locale/locale.alias' - - case ${state_should} - in - (present) - input=$(format_locale "${lang}" '' "${modifier}") - cat <<-EOF - set -- - if test -e '${aliasfile}' - then - set -- -A '${aliasfile}' - fi - - localedef -i '${input}' -f '${codeset}' "\$@" '${locale}' - EOF - ;; - (absent) - main_localename=$(format_locale "${lang}" "$(gnu_normalize_codeset "${codeset}")" "${modifier}") - - cat <<-EOF - while read -r _alias _localename - do - if test "\${_localename}" = '$(format_locale "${lang}" "${codeset}")' - then - localedef --delete-from-archive "\${_alias}" - fi - done <'${aliasfile}' - EOF - - if test "${state_is}" = present - then - printf "localedef --delete-from-archive '%s'\n" "${main_localename}" - fi - ;; - esac - ;; - (freebsd) - case ${state_should} - in - (present) - if expr "$(grep -oe '^[0-9]*' "${__global:?}/explorer/os_version")" '>=' 11 >/dev/null - then - # localedef(1) is available with FreeBSD >= 11 - printf "localedef -i '%s' -f '%s' '%s'\n" "${input}" "${codeset}" "${locale}" - else - printf 'localedef(1) was added to FreeBSD starting with version 11.\n' >&2 - printf 'Please upgrade your FreeBSD installation to use %s.\n' "${__type##*/}" >&2 - exit 1 - fi - ;; - (absent) - printf "rm -R '/usr/share/locale/%s'\n" "${locale}" - ;; - esac - ;; - (netbsd|openbsd) - # NetBSD/OpenBSD are missing localedef(1). - # We also do not delete defined locales because they can't be recreated. - echo "${os} is lacking localedef(1). Locale management unavailable." >&2 - exit 1 - ;; - (*) - echo "Your operating system (${os}) is currently not supported by this type (${__type##*/})." >&2 - echo "Please contribute an implementation for it if you can." >&2 - exit 1 - ;; -esac diff --git a/cdist/conf/type/__localedef/man.rst b/cdist/conf/type/__localedef/man.rst deleted file mode 100644 index 454ce9d1..00000000 --- a/cdist/conf/type/__localedef/man.rst +++ /dev/null @@ -1,60 +0,0 @@ -cdist-type__localedef(7) -======================== - -NAME ----- -cdist-type__localedef - Define and remove system locales - - -DESCRIPTION ------------ -This cdist type allows you to define locales on the system using -:strong:`localedef`\ (1) or remove them. -On systems that don't support definition of new locales, the type will raise an -error. - -**NB:** This type respects the glibc ``locale.alias`` file, -i.e. it defines alias locales or deletes aliases of a locale when it is removed. -It is not possible, however, to use alias names to define locales or only remove -certain aliases of a locale. - - -OPTIONAL PARAMETERS -------------------- -state - ``present`` or ``absent``. Defaults to ``present``. - - -EXAMPLES --------- - -.. code-block:: sh - - # Add locale de_CH.UTF-8 - __localedef de_CH.UTF-8 - - # Same as above, but more explicit - __localedef de_CH.UTF-8 --state present - - # Remove colourful British English - __localedef en_GB.UTF-8 --state absent - - -SEE ALSO --------- -:strong:`locale`\ (1), -:strong:`localedef`\ (1), -:strong:`cdist-type__locale_system`\ (7) - - -AUTHORS -------- -| Dennis Camera -| Nico Schottelius - - -COPYING -------- -Copyright \(C) 2013-2019 Nico Schottelius, 2020 Dennis Camera. Free use of this -software is granted under the terms of the GNU General Public License version 3 -or later (GPLv3+). diff --git a/cdist/conf/type/__localedef/manifest b/cdist/conf/type/__localedef/manifest deleted file mode 100755 index 3ab3ad8c..00000000 --- a/cdist/conf/type/__localedef/manifest +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh -e -# -# 2013-2019 Nico Schottelius (nico-cdist at schottelius.org) -# 2015 David Hürlimann (david at ungleich.ch) -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# Install required packages. -# - -case $(cat "${__global:?}/explorer/os") -in - (debian|devuan) - __package_apt locales --state present - ;; -esac diff --git a/cdist/conf/type/__localedef/parameter/default/state b/cdist/conf/type/__localedef/parameter/default/state deleted file mode 100644 index e7f6134f..00000000 --- a/cdist/conf/type/__localedef/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -present diff --git a/cdist/conf/type/__localedef/parameter/optional b/cdist/conf/type/__localedef/parameter/optional deleted file mode 100644 index ff72b5c7..00000000 --- a/cdist/conf/type/__localedef/parameter/optional +++ /dev/null @@ -1 +0,0 @@ -state diff --git a/cdist/conf/type/__package_pip/explorer/distinfo-dir b/cdist/conf/type/__package_pip/explorer/distinfo-dir deleted file mode 100755 index 18e169ae..00000000 --- a/cdist/conf/type/__package_pip/explorer/distinfo-dir +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh -# -# 2021 Matthias Stecher (matthiasstecher at gmx.de) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - - -nameparam="$__object/parameter/name" -if [ -f "$nameparam" ]; then - name=$(cat "$nameparam") -else - name="$__object_id" -fi - -pipparam="$__object/parameter/pip" -if [ -f "$pipparam" ]; then - pip=$(cat "$pipparam") -else - pip="$( "$__type_explorer/pip" )" -fi - - -if command -v "$pip" >/dev/null 2>&1; then - # assemble the path where pip stores all pip package info - "$pip" show "$name" \ - | awk -F': ' ' - $1 == "Name" {name=$2; gsub(/-/,"_",name); next} - $1 == "Version" {version=$2; next} - $1 == "Location" {location=$2; next} - END {if (version != "") printf "%s/%s-%s.dist-info", location, name, version}' -fi diff --git a/cdist/conf/type/__package_pip/explorer/extras b/cdist/conf/type/__package_pip/explorer/extras deleted file mode 100755 index bbdc17ab..00000000 --- a/cdist/conf/type/__package_pip/explorer/extras +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/sh -# -# 2021 Matthias Stecher (matthiasstecher at gmx.de) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# -# Checks if the given extras are really installed or not. It will be -# done by querring all dependencies for that extra and return it as -# "to be installed" if no dependency was found. -# - - -distinfo_dir="$("$__type_explorer/distinfo-dir")" - -# check if we have something to check -if [ "$distinfo_dir" ] && [ -s "$__object/parameter/extra" ] -then - # save cause freezing is slow - mkdir "$__object/files" - pip_freeze="$__object/files/pip-freeze.tmp" - pip3 freeze > "$pip_freeze" - - # If all is set, it searches all available extras to separatly check them. - # It would work with just 'all' (cause dependencies are specified for - # 'all'), but will not update if one extra is already present. Side effect - # is that it will not use [all] but instead name all extras seperatly. - for extra in $(if grep -qFx all "$__object/parameter/extra"; - then awk -F': ' '$1 == "Provides-Extra" && $2 != "all"{print $2}' "$distinfo_dir/METADATA"; - else tr ',' '\n' < "$__object/parameter/extra"; - fi) - do - # create a grep BRE pattern to search all packages - # maybe a file full of patterns for -F could be written - grep_pattern="$( - awk -F'(: | ; )' -v check="$extra" ' - $1 == "Requires-Dist" { - split($2, r, " "); - sub("extra == ", "", $3); gsub("'"'"'", "", $3); - if($3 == check) print r[1] - }' "$distinfo_dir/METADATA" \ - | sed ':a; $!N; s/\n/\\|/; ta' - )" - - # echo the extra if no packages where found for it - # if there is no pattern, we don't need to search ;-) - # pip matches packages case-insensetive, we need to do that, too - if [ "$grep_pattern" ] && ! grep -qi "$grep_pattern" "$pip_freeze" - then - echo "$extra" - fi - done -fi diff --git a/cdist/conf/type/__package_pip/explorer/state b/cdist/conf/type/__package_pip/explorer/state old mode 100755 new mode 100644 diff --git a/cdist/conf/type/__package_pip/gencode-remote b/cdist/conf/type/__package_pip/gencode-remote index 9abe28bf..a1375c2d 100755 --- a/cdist/conf/type/__package_pip/gencode-remote +++ b/cdist/conf/type/__package_pip/gencode-remote @@ -2,7 +2,6 @@ # # 2012 Nico Schottelius (nico-cdist at schottelius.org) # 2016 Darko Poljak (darko.poljak at gmail.com) -# 2021 Matthias Stecher (matthiasstecher at gmx.de) # # This file is part of cdist. # @@ -26,10 +25,7 @@ state_is=$(cat "$__object/explorer/state") state_should="$(cat "$__object/parameter/state")" -# short circuit if state is the same and no extras to install -[ "$state_is" = "$state_should" ] && ! [ -s "$__object/explorer/extras" ] \ - && exit 0 - +[ "$state_is" = "$state_should" ] && exit 0 nameparam="$__object/parameter/name" if [ -f "$nameparam" ]; then @@ -60,14 +56,6 @@ fi case "$state_should" in present) - if [ -s "$__object/explorer/extras" ] - then - # all extras are passed to pip in a comma-separated list in the name - # sed loops through all input lines and add commas between them - extras="$(sed ':a; $!N; s/\n/,/; ta' "$__object/explorer/extras")" - name="${name}[${extras}]" - fi - if [ "$runas" ] then echo "su -c '$pip install -q $name' $runas" diff --git a/cdist/conf/type/__package_pip/man.rst b/cdist/conf/type/__package_pip/man.rst index 5a2bc673..234ceee2 100644 --- a/cdist/conf/type/__package_pip/man.rst +++ b/cdist/conf/type/__package_pip/man.rst @@ -22,16 +22,6 @@ OPTIONAL PARAMETERS name If supplied, use the name and not the object id as the package name. -extra - Extra optional dependencies which should be installed along the selected - package. Can be specified multiple times. Multiple extras can be passed - in one `--extra` as a comma-separated list. - - Extra optional dependencies will be installed even when the base package - is already installed. Notice that the type will not remove installed extras - that are not explicitly named for the type because pip does not offer a - management for orphaned packages and they may be used by other packages. - pip Instead of using pip from PATH, use the specific pip path. @@ -56,14 +46,6 @@ EXAMPLES # Use pip in a virtualenv located at /foo/shinken_virtualenv as user foo __package_pip pyro --state present --pip /foo/shinken_virtualenv/bin/pip --runas foo - # Install package with optional dependencies - __package_pip mautrix-telegram --extra speedups --extra webp_convert --extra hq_thumbnails - # the extras can also be specified comma-separated - __package_pip mautrix-telegram --extra speedups,webp_convert,hq_thumbnails --extra postgres - - # or take all extras - __package_pip mautrix-telegram --extra all - SEE ALSO -------- @@ -72,13 +54,12 @@ SEE ALSO AUTHORS ------- -| Nico Schottelius -| Matthias Stecher +Nico Schottelius COPYING ------- -Copyright \(C) 2012 Nico Schottelius, 2021 Matthias Stecher. You can -redistribute it and/or modify it under the terms of the GNU General -Public License as published by the Free Software Foundation, either -version 3 of the License, or (at your option) any later version. +Copyright \(C) 2012 Nico Schottelius. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__package_pip/parameter/optional_multiple b/cdist/conf/type/__package_pip/parameter/optional_multiple deleted file mode 100644 index 0f228715..00000000 --- a/cdist/conf/type/__package_pip/parameter/optional_multiple +++ /dev/null @@ -1 +0,0 @@ -extra diff --git a/cdist/conf/type/__package_pkgng_freebsd/gencode-remote b/cdist/conf/type/__package_pkgng_freebsd/gencode-remote index 05ba4cb2..b5944177 100755 --- a/cdist/conf/type/__package_pkgng_freebsd/gencode-remote +++ b/cdist/conf/type/__package_pkgng_freebsd/gencode-remote @@ -75,7 +75,7 @@ execcmd(){ esac if [ -z "${pkg_bootstrapped}" ]; then - echo "ASSUME_ALWAYS_YES=yes pkg bootstrap >/dev/null 2>&1" + echo "pkg bootstrap -y >/dev/null 2>&1" fi echo "$_cmd >/dev/null 2>&1" # Silence the output of the command diff --git a/cdist/conf/type/__postgres_role/explorer/state b/cdist/conf/type/__postgres_role/explorer/state index 34069de9..c8e1fa9d 100755 --- a/cdist/conf/type/__postgres_role/explorer/state +++ b/cdist/conf/type/__postgres_role/explorer/state @@ -1,7 +1,6 @@ -#!/bin/sh -e +#!/bin/sh # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -12,140 +11,32 @@ # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # -case $("${__explorer:?}/os") +case "$("${__explorer}/os")" in - (netbsd) - postgres_user='pgsql' - ;; - (openbsd) - postgres_user='_postgresql' - ;; - (*) - postgres_user='postgres' - ;; + netbsd) + postgres_user='pgsql' + ;; + openbsd) + postgres_user='_postgresql' + ;; + *) + postgres_user='postgres' + ;; esac -rolename=${__object_id:?} +name="$__object_id" -psql_query() { - su -l "${postgres_user}" -c "$( - printf "psql -q -F '\034' -R '\036' -wAc '%s'" \ - "$(printf %s "$*" | sed "s/'/'\\\\''/g")" - )" -} - -password_check_login() ( - PGPASSWORD=$(cat "${__object:?}/parameter/password"; printf .) - PGPASSWORD=${PGPASSWORD%?.} - export PGPASSWORD - psql -q -w -h localhost -U "${rolename}" template1 -c '\q' >/dev/null 2>&1 -) - -role_properties=$( - psql_query "SELECT * FROM pg_roles WHERE rolname = '${rolename}'" \ - | awk ' - BEGIN { RS = "\036"; FS = "\034" } - /^\([0-9]+ rows?\)/ { exit } - NR == 1 { for (i = 1; i <= NF; i++) cols[i] = $i; next } - NR == 2 { for (i = 1; i <= NF; i++) printf "%s=%s\n", cols[i], $i } - ' -) - -if test -n "${role_properties}" +if test -n "$(su - "$postgres_user" -c "psql postgres -twAc \"SELECT 1 FROM pg_roles WHERE rolname='$name'\"")" then - # Check if the user's properties match the parameters - for prop in login createdb createrole superuser - do - bool_should=$(test -f "${__object:?}/parameter/${prop}" && echo 't' || echo 'f') - bool_is=$( - printf '%s\n' "${role_properties}" | - awk -F '=' -v key="${prop}" ' - BEGIN { - if (key == "login") - key = "canlogin" - else if (key == "superuser") - key = "super" - key = "rol" key - } - $1 == key { - sub(/^[^=]*=/, "") - print - } - ' - ) - - test "${bool_is}" = "${bool_should}" || { - state='different properties' - } - done - - # Check password - passwd_stored=$( - psql_query "SELECT rolpassword FROM pg_authid WHERE rolname = '${rolename}'" \ - | awk 'BEGIN { RS = "\036" } NR == 2' - printf . - ) - passwd_stored=${passwd_stored%?.} - - if test -f "${__object:?}/parameter/password" - then - passwd_should=$(cat "${__object:?}/parameter/password"; printf .) - fi - passwd_should=${passwd_should%?.} - - if test -z "${passwd_stored}" - then - test -z "${passwd_should}" || state="${state:-different} password" - elif expr "${passwd_stored}" : 'SCRAM-SHA-256\$.*$' >/dev/null - then - # SCRAM-SHA-256 "encrypted" password - # NOTE: There is currently no easy way to check SCRAM passwords without - # logging in - password_check_login || state="${state:-different} password" - elif expr "${passwd_stored}" : 'md5[0-9a-f]\{32\}$' >/dev/null - then - # MD5 "encrypted" password - if command -v md5sum >/dev/null 2>&1 - then - should_md5=$( - printf '%s%s' "${passwd_should}" "${rolename}" \ - | md5sum - | sed -e 's/[^0-9a-f]*$//') - elif command -v gmd5sum >/dev/null 2>&1 - then - should_md5=$( - printf '%s%s' "${passwd_should}" "${rolename}" \ - | gmd5sum - | sed -e 's/[^0-9a-f]*$//') - elif command -v openssl >/dev/null 2>&1 - then - should_md5=$( - printf '%s%s' "${passwd_should}" "${rolename}" \ - | openssl dgst -md5 | sed 's/^.* //') - fi - - if test -n "${should_md5}" - then - test "${passwd_stored}" = "md5${should_md5}" \ - || state="${state:-different} password" - else - password_check_login || state="${state:-different} password" - fi - else - # unencrypted password (unsupported since PostgreSQL 10) - test "${passwd_stored}" = "${passwd_should}" \ - || state="${state:-different} password" - fi - - test -n "${state}" || state='present' + echo 'present' else - state='absent' + echo 'absent' fi - -echo "${state}" diff --git a/cdist/conf/type/__postgres_role/gencode-remote b/cdist/conf/type/__postgres_role/gencode-remote index d7631fbd..282294c9 100755 --- a/cdist/conf/type/__postgres_role/gencode-remote +++ b/cdist/conf/type/__postgres_role/gencode-remote @@ -1,7 +1,6 @@ #!/bin/sh -e # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -12,117 +11,55 @@ # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # -quote() { - if test $# -gt 0 - then - printf '%s' "$*" - else - cat - - fi | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/" -} - -case $(cat "${__global:?}/explorer/os") +case "$(cat "${__global}/explorer/os")" in - (netbsd) - postgres_user='pgsql' - ;; - (openbsd) - postgres_user='_postgresql' - ;; - (*) - postgres_user='postgres' - ;; + netbsd) + postgres_user='pgsql' + ;; + openbsd) + postgres_user='_postgresql' + ;; + *) + postgres_user='postgres' + ;; esac -rolename=${__object_id:?} -state_is=$(cat "${__object:?}/explorer/state") -state_should=$(cat "${__object:?}/parameter/state") +name="$__object_id" +state_is="$(cat "$__object/explorer/state")" +state_should="$(cat "$__object/parameter/state")" -if test "${state_is}" = "${state_should}" -then - exit 0 -fi +[ "$state_is" = "$state_should" ] && exit 0 -psql_query() { - printf 'su -l %s -c %s\n' \ - "$(quote "${postgres_user}")" \ - "$(quote "psql postgres -q -w -c $(quote "$1")")" -} +case "$state_should" in + present) + if [ -f "$__object/parameter/password" ]; then + password="$(cat "$__object/parameter/password")" + fi + booleans="" + for boolean in login createdb createrole superuser; do + if [ ! -f "$__object/parameter/$boolean" ]; then + boolean="no${boolean}" + fi + upper=$(echo $boolean | tr '[:lower:]' '[:upper:]') + booleans="$booleans $upper" + done -psql_set_password() { - # NOTE: Always make sure that the password does not end up in psql_history! - # NOTE: Never set an empty string as the password, because they can be - # interpreted differently by different tooling. - if test -s "${__object:?}/parameter/password" - then - cat <<-EOF - exec 3< "\${__object:?}/parameter/password" - su -l '${postgres_user}' -c 'psql -q -w postgres' <<'SQL' - \set HISTFILE /dev/null - \set pw \`cat <&3\` - ALTER ROLE "${rolename}" WITH PASSWORD :'pw'; - SQL - exec 3<&- - EOF - else - psql_query "ALTER ROLE \"${rolename}\" WITH PASSWORD NULL;" - fi -} - -role_properties_should() { - _props= - for _prop in login createdb createrole superuser - do - _props="${_props}${_props:+ }$( - if test -f "${__object:?}/parameter/${_prop}" - then - echo "${_prop}" - else - echo "no${_prop}" - fi \ - | tr '[:lower:]' '[:upper:]')" - done - printf '%s\n' "${_props}" - unset _prop _props -} - -case ${state_should} -in - (present) - case ${state_is} - in - (absent) - psql_query "CREATE ROLE \"${rolename}\" WITH $(role_properties_should);" - psql_set_password - ;; - (different*) - if expr "${state_is}" : 'different.*properties' >/dev/null - then - psql_query "ALTER ROLE \"${rolename}\" WITH $(role_properties_should);" - fi - - if expr "${state_is}" : 'different.*password' >/dev/null - then - psql_set_password - fi - ;; - (*) - printf 'Invalid state reported by state explorer: %s\n' "${state_is}" >&2 - exit 1 - ;; - esac - ;; - (absent) - printf 'su -l %s -c %s\n' \ - "$(quote "${postgres_user}")" \ - "$(quote "dropuser $(quote "${rolename}")")" - ;; + [ -n "$password" ] && password="PASSWORD '$password'" + cat << EOF +su - '$postgres_user' -c "psql postgres -wc \"CREATE ROLE \\\\\"$name\\\\\" WITH $password $booleans;\"" +EOF + ;; + absent) + cat << EOF +su - '$postgres_user' -c "dropuser \"$name\"" +EOF + ;; esac diff --git a/cdist/conf/type/__pyvenv/man.rst b/cdist/conf/type/__pyvenv/man.rst index e2e4a1e6..8085ff12 100644 --- a/cdist/conf/type/__pyvenv/man.rst +++ b/cdist/conf/type/__pyvenv/man.rst @@ -61,7 +61,7 @@ EXAMPLES __pyvenv /home/foo/fooenv --pyvenv /usr/local/bin/pyvenv-3.4 # Create python virtualenv for user foo. - __pyvenv /home/foo/fooenv --group foo --owner foo + __pyvenv /home/foo/fooenv --group foo --user foo # Create python virtualenv with specific parameters. __pyvenv /home/services/djangoenv --venvparams "--copies --system-site-packages" diff --git a/cdist/conf/type/__ssh_authorized_key/explorer/entry b/cdist/conf/type/__ssh_authorized_key/explorer/entry index aca0f2b9..ccab0afc 100755 --- a/cdist/conf/type/__ssh_authorized_key/explorer/entry +++ b/cdist/conf/type/__ssh_authorized_key/explorer/entry @@ -25,7 +25,6 @@ type_and_key="$(tr ' ' '\n' < "$__object/parameter/key"| awk '/^(ssh|ecdsa)-[^ ] if [ -n "${type_and_key}" ] then file="$(cat "$__object/parameter/file")" - test -e "$file" || exit 0 # get any entries that match the type and key diff --git a/cdist/conf/type/__ssh_authorized_key/gencode-remote b/cdist/conf/type/__ssh_authorized_key/gencode-remote index 61c77fb9..f37aa565 100755 --- a/cdist/conf/type/__ssh_authorized_key/gencode-remote +++ b/cdist/conf/type/__ssh_authorized_key/gencode-remote @@ -37,9 +37,9 @@ tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX) # preserve ownership and permissions of existing file if [ -f "$file" ]; then cp -p "$file" "\$tmpfile" - grep -v -F -x '$line' '$file' >\$tmpfile fi -cat "\$tmpfile" >"$file" +grep -v -F -x '$line' '$file' > \$tmpfile || true +mv -f "\$tmpfile" "$file" DONE } diff --git a/cdist/conf/type/__sshd_config/explorer/state b/cdist/conf/type/__sshd_config/explorer/state deleted file mode 100644 index 75c68b8a..00000000 --- a/cdist/conf/type/__sshd_config/explorer/state +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# Determines the current state of the config option. -# Possible output: -# - present: "should" option present in config file -# - default: the "should" option is the default -> don’t know if present -# - absent: no such option present in config file -# - -joinlines() { sed -n -e H -e "\${x;s/^\\n//;s/\\n/${1:?}/g;p;}"; } -trlower() { tr '[:upper:]' '[:lower:]'; } -tolower() { printf '%s' "$*" | trlower; } - -default_value() { - sshd -T -f /dev/null -C "$(make_conn_spec)" \ - | sed -n -e 's/^'"$(tolower "${1:?}")"'[[:blank:]]\{1,\}//p' -} - -make_conn_spec() { - if test -s "${__object:?}/parameter/match" - then - _match_file="${__object:?}/parameter/match" - else - _match_file='/dev/null' - fi - - for _kw in \ - addr=Address \ - user=User \ - host=Host \ - laddr=LocalAddress \ - lport=LocalPort \ - rdomain=RDomain - do - _specname=${_kw%%=*} - _confname=$(tolower "${_kw#*=}") - while read -r _k _v - do - if test "$(tolower "${_k}")" = "${_confname}" - then - printf '%s=%s\n' "${_specname}" "${_v}" - continue 2 - fi - done <"${_match_file}" - - # NOTE: Print test spec even for empty keys to suppress errors like: - # 'Match User' in configuration but 'user' not in connection test specification. - # except lport: - # Invalid port '' in test mode specification lport= - test "${_specname}" = 'lport' || printf '%s=\n' "${_specname}" - done \ - | joinlines ',' - unset _match_file -} - -sshd_config_file=$(cat "${__object:?}/parameter/file") -state_should=$(cat "${__object:?}/parameter/state") - -if test -s "${__object:?}/parameter/option" -then - option_name=$(cat "${__object:?}/parameter/option") -else - option_name=${__object_id:?} -fi - -value_should=$(cat "${__object:?}/parameter/value" 2>/dev/null) \ -|| test "${state_should}" = absent || exit 0 # param optional if --state absent - -command -v sshd >/dev/null 2>&1 || { - echo 'Cannot find sshd.' >&2 - exit 1 -} - -test -e "${sshd_config_file}" || { - echo 'absent' - exit 0 -} - -value_is=$( - sshd -T -f "${sshd_config_file}" -C "$(make_conn_spec)" \ - | sed -n -e 's/^'"$(tolower "${option_name}")"'[[:blank:]]\{1,\}//p') - -if printf '%s\n' "${value_is}" | { - if test -n "${value_should}" - then - grep -q -x -F "${value_should}" - else - # if no value provided, assume "any" value - grep -q -e . - fi - } -then - if default_value "${option_name}" | grep -q -x -F "${value_is}" - then - # Might produce false positives for default values. - # TODO: Manual checking should be done, but for simplicity, this case is - # currently ignored here. - echo default - else - echo present - fi -else - echo absent -fi diff --git a/cdist/conf/type/__sshd_config/files/update_sshd_config.awk b/cdist/conf/type/__sshd_config/files/update_sshd_config.awk deleted file mode 100644 index f7f30e87..00000000 --- a/cdist/conf/type/__sshd_config/files/update_sshd_config.awk +++ /dev/null @@ -1,293 +0,0 @@ -# -*- mode: awk; indent-tabs-mode: t -*- - -function usage() { - print_err("Usage: awk -f update_sshd_config.awk -- -o set|unset [-m 'User git'] -l 'X11Forwarding no' /etc/ssh/sshd_config") -} - -function print_err(s) { print s | "cat >&2" } - -function alength(a, i) { - for (i = 0; (i + 1) in a; ++i); - return i -} - -function join(sep, a, i, s) { - for (i = i ? i : 1; i in a; i++) - s = s sep a[i] - return substr(s, 2) -} - -function getopt(opts, argv, target, files, i, c, lv, idx, nf) { - # trivial getopt(3) implementation; only basic functionality - if (argv[1] == "--") i++ - for (i += 1; i in argv; i++) { - if (lv) { target[c] = argv[i]; lv = 0; continue } - if (argv[i] ~ /^-/) { - c = substr(argv[i], 2, 1) - idx = index(opts, c) - if (!idx) { - print_err(sprintf("invalid option -%c\n", c)) - continue - } - if (substr(opts, idx + 1, 1) == ":") { - # option takes argument - if (length(argv[i]) > 2) - target[c] = substr(argv[i], 3) - else - lv = 1 - } else { - target[c] = 1 - } - } else - files[++nf] = argv[i] - } -} - -# tokenise configuration line -# this function mimics the counterpart in OpenSSH (misc.c) -# but it returns two (next token SUBSEP rest) because I didn’t want to have to -# simulate any pointer magic. -function strdelim_internal(s, split_equals, old) { - if (!s) - return "" - - old = s - - if (!match(s, WHITESPACE "|" QUOTE "" (split_equals ? "|" EQUALS : ""))) - return s - - s = substr(s, RSTART) - old = substr(old, 1, RSTART - 1) - - if (s ~ "^" QUOTE) { - old = substr(old, 2) - - # Find matching quote - if (match(s, QUOTE)) { - old = substr(old, 1, RSTART) - # s = substr() - if (match(s, "^" WHITESPACE "*")) - s = substr(s, RLENGTH) - return old - } else { - # no matching quote - return "" - } - } - - if (match(s, "^" WHITESPACE "+")) { - sub("^" WHITESPACE "+", "", s) - if (split_equals) - sub(EQUALS WHITESPACE "*", "", s) - } else if (s ~ "^" EQUALS) { - s = substr(s, 2) - } - - return old SUBSEP s -} -function strdelim(s) { return strdelim_internal(s, 1) } -function strdelimw(s) { return strdelim_internal(s, 0) } - -function singleton_option(opt) { - return tolower(opt) !~ /^(acceptenv|allowgroups|allowusers|denygroups|denyusers|hostcertificate|hostkey|listenaddress|logverbose|permitlisten|permitopen|port|setenv|subsystem)$/ -} - -function print_update() { - if (mode) { - if (match_only) printf "\t" - printf "%s\n", line_should - updated = 1 - } -} - -BEGIN { - FS = "\n" # disable field splitting - - WHITESPACE = "[ \t]" # servconf.c, misc.c:strdelim_internal (without line breaks, cf. bugs) - QUOTE = "[\"]" # misc.c:strdelim_internal - EQUALS = "[=]" - - split("", opts) - split("", files) - getopt("ho:l:m:", ARGV, opts, files) - - if (opts["h"]) { usage(); exit (e="0") } - - line_should = opts["l"] - match_only = opts["m"] - num_files = alength(files) - - if (num_files != 1 || !opts["o"] || !line_should) { - usage() - exit (e=126) - } - - if (opts["o"] == "set") { - mode = 1 - } else if (opts["o"] == "unset") { - mode = 0 - } else { - print_err(sprintf("invalid mode %s\n", mode)) - exit (e=1) - } - - if (mode) { - # loop over sshd_config twice! - ARGV[2] = ARGV[1] = files[1] - ARGC = 3 - } else { - # only loop once - ARGV[1] = files[1] - ARGC = 2 - } - - split(strdelim(line_should), should, SUBSEP) - option_should = tolower(should[1]) - value_should = should[2] -} - -{ - line = $0 - - # Strip trailing whitespace. Allow \f (form feed) at EOL only - sub("(" WHITESPACE "|\f)*$", "", line) - - # Strip leading whitespace - sub("^" WHITESPACE "*", "", line) - - if (match(line, "^#" WHITESPACE "*")) { - prefix = substr(line, RSTART, RLENGTH) - line = substr(line, RSTART + RLENGTH) - } else { - prefix = "" - } - - line_type = "invalid" - option_is = value_is = "" - - if (line) { - split(strdelim(line), toks, SUBSEP) - - if (tolower(toks[1]) == "match") { - MATCH = (prefix ~ /^#/ ? "#" : "") join(" ", toks, 2) - line_type = "match" - } else if (toks[1] ~ /^[A-Za-z][A-Za-z0-9]+$/) { - # This could be an option line - line_type = "option" - option_is = tolower(toks[1]) - value_is = toks[2] - } - } else { - line_type = "empty" - } -} - -# mode: unset - -!mode { - # delete matching config - if (prefix !~ /^#/) - if (MATCH == match_only && option_is == option_should) - if (!value_should || value_should == value_is) - next - - print - next -} - - -# mode: set - -mode && NR == FNR { - if (line_type == "option") { - if (MATCH !~ /^#/) { - if (prefix ~ /^#/) { - # comment line - last_occ[MATCH, "#" option_is] = FNR - } else { - # option line - last_occ[MATCH, option_is] = FNR - } - last_occ[MATCH] = FNR - } - } else if (line_type == "invalid" && !prefix) { - # INVALID LINE - print_err(sprintf("%s: syntax error on line %u\n", ARGV[0], FNR)) - } - - next -} - -# before second pass prepare hashes containing location information to be used -# in the second pass. -mode && NR > FNR && FNR == 1 { - # First we drop the locations of commented-out options if a non-commented - # option is available. If a non-commented option is available, we will - # append new config options there to have them all at one place. - for (k in last_occ) { - if (k ~ /^#/) { - # delete entries of commented out match blocks - delete last_occ[k] - continue - } - - split(k, parts, SUBSEP) - - if (parts[2] ~ /^#/ && ((parts[1], substr(parts[2], 2)) in last_occ)) - delete last_occ[k] - } - - # Reverse the option => line mapping. The line_map allows for easier lookups - # in the second pass. - # We only keep options, not top-level keywords, because we can only have - # one entry per line and there are conflicts with last lines of "sections". - for (k in last_occ) { - if (!index(k, SUBSEP)) continue - line_map[last_occ[k]] = k - } -} - -# Second pass -mode && line_map[FNR] == match_only SUBSEP option_should && !updated { - split(line_map[FNR], parts, SUBSEP) - - # If option allows multiple values, print current value - if (!singleton_option(parts[2])) { - if (value_should != value_is) - print - } - - print_update() - - next -} - -mode { print } - -# Is a comment option -mode && line_map[FNR] == match_only SUBSEP "#" option_should && !updated { - print_update() -} - -# Last line of the should match section -mode && last_occ[match_only] == FNR && !updated { - # NOTE: Inserting empty lines is only cosmetic. It is only done if - # different options are next to each other and not in a match block - # (match blocks are usually not in the default config and thus don’t - # contain commented blocks.) - if (line && option_is != option_should && !MATCH) - print "" - print_update() -} - -END { - if (e) exit e - - if (mode && !updated) { - if (match_only && MATCH != match_only) { - printf "\nMatch %s\n", match_only - } - - print_update() - } -} diff --git a/cdist/conf/type/__sshd_config/gencode-remote b/cdist/conf/type/__sshd_config/gencode-remote deleted file mode 100755 index 275db4aa..00000000 --- a/cdist/conf/type/__sshd_config/gencode-remote +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -joinlines() { sed -n -e H -e "\${x;s/^\\n//;s/\\n/${1:?}/g;p;}"; } - -state_is=$(cat "${__object:?}/explorer/state") -state_should=$(cat "${__object:?}/parameter/state") - -if test "${state_is}" = "${state_should}" -o "${state_is}" = 'default' -then - # nothing to do (if the value is the default, ignore its state) - exit 0 -fi - -case ${state_should} -in - (present) - mode='set' - ;; - (absent) - mode='unset' - ;; - (*) - printf 'Invalid --state: %s\n' "${state_should}" >&2 - exit 1 - ;; -esac - -sshd_config_file=$(cat "${__object:?}/parameter/file") - -quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; } -drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; } - -# Ensure the sshd_config file is there -cat <$(quote "${sshd_config_file}") - chown 0:0 $(quote "${sshd_config_file}") - chmod 0644 $(quote "${sshd_config_file}") -} - -EOF - -match_only= -if test -s "${__object:?}/parameter/match" -then - match_only=$(joinlines ' ' <"${__object:?}/parameter/match") -fi - -if test -s "${__object:?}/parameter/option" -then - option_line=$(cat "${__object:?}/parameter/option") -else - option_line=${__object_id:?} -fi - -if test -s "${__object:?}/parameter/value" -then - option_line="${option_line} $(cat "${__object:?}/parameter/value")" -fi - -# Send message on config update -printf '%s%s %s\n' "${mode}" "${match_only:+ [${match_only}]}" \ - "${option_line}" >>"${__messages_out:?}" - -# Update sshd_config (remote code) -cat <$(quote "${sshd_config_file}.tmp") \\ -|| exit - -cmp -s $(quote "${sshd_config_file}") $(quote "${sshd_config_file}.tmp") || { - sshd -t -f $(quote "${sshd_config_file}.tmp") \\ - && cat $(quote "${sshd_config_file}.tmp") >$(quote "${sshd_config_file}") \\ - || exit # stop if sshd_config file check fails -} -rm -f $(quote "${sshd_config_file}.tmp") -EOF diff --git a/cdist/conf/type/__sshd_config/man.rst b/cdist/conf/type/__sshd_config/man.rst deleted file mode 100644 index c8e6b8ad..00000000 --- a/cdist/conf/type/__sshd_config/man.rst +++ /dev/null @@ -1,98 +0,0 @@ -cdist-type__sshd_config(7) -========================== - -NAME ----- -cdist-type__sshd_config - Manage options in sshd_config - - -DESCRIPTION ------------ -This space intentionally left blank. - - -REQUIRED PARAMETERS -------------------- -None. - - -OPTIONAL PARAMETERS -------------------- -file - The path to the sshd_config file to edit. - Defaults to ``/etc/ssh/sshd_config``. -match - Restrict this option to apply only for certain connections. - Allowed values are what would be allowed to be written after a ``Match`` - keyword in ``sshd_config``, e.g. ``--match 'User anoncvs'``. - - Can be used multiple times. All of the values are ANDed together. -option - The name of the option to manipulate. Defaults to ``__object_id``. -state - Can be: - - - ``present``: ensure a matching config line is present (or the default - value). - - ``absent``: ensure no matching config line is present. -value - The option's value to be assigned to the option (if ``--state present``) or - removed (if ``--state absent``). - - This option is required if ``--state present``. If not specified and - ``--state absent``, all values for the given option are removed. - - -BOOLEAN PARAMETERS ------------------- -None. - - -EXAMPLES --------- - -.. code-block:: sh - - # Disallow root logins with password - __sshd_config PermitRootLogin --value without-password - - # Disallow password-based authentication - __sshd_config PasswordAuthentication --value no - - # Accept the EDITOR environment variable - __sshd_config AcceptEnv:EDITOR --option AcceptEnv --value EDITOR - - # Force command for connections as git user - __sshd_config git@ForceCommand --match 'User git' --option ForceCommand \ - --value 'cd ~git && exec git-shell ${SSH_ORIGINAL_COMMAND:+-c "${SSH_ORIGINAL_COMMAND}"}' - - -SEE ALSO --------- -:strong:`sshd_config`\ (5) - - -BUGS ----- -- This type assumes a nicely formatted config file, - i.e. no config options spanning multiple lines. -- ``Include`` directives are ignored. -- Config options are not added/removed to/from the config file if their value is - the default value. -- | The explorer will incorrectly report ``absent`` if OpenSSH internally - transforms one value to another (e.g. ``permitrootlogin prohibit-password`` - is transformed to ``permitrootlogin without-password``). - | Workaround: Use the value that OpenSSH uses internally. - - -AUTHORS -------- -Dennis Camera - - -COPYING -------- -Copyright \(C) 2020 Dennis Camera. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/cdist/conf/type/__sshd_config/manifest b/cdist/conf/type/__sshd_config/manifest deleted file mode 100755 index e37afebb..00000000 --- a/cdist/conf/type/__sshd_config/manifest +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -os=$(cat "${__global:?}/explorer/os") - -state_should=$(cat "${__object:?}/parameter/state") - -case ${os} -in - (alpine|centos|fedora|redhat|scientific|debian|devuan|ubuntu) - if test "${state_should}" != 'absent' - then - __package openssh-server --state present - fi - ;; - (archlinux|gentoo|slackware|suse) - if test "${state_should}" != 'absent' - then - __package openssh --state present - fi - ;; - (freebsd|netbsd|openbsd) - # whitelist - ;; - (openbmc-phosphor) - # whitelist - # OpenBMC can be configured with dropbear and OpenSSH. - # If dropbear is used, the state explorer will already fail because it - # cannot find the sshd binary. - ;; - (*) - : "${__type:?}" # make shellcheck happy - printf 'Your operating system (%s) is currently not supported by this type (%s)\n' \ - "${os}" "${__type##*/}" >&2 - printf 'Please contribute an implementation for it if you can.\n' >&2 - exit 1 - ;; -esac diff --git a/cdist/conf/type/__sshd_config/parameter/default/file b/cdist/conf/type/__sshd_config/parameter/default/file deleted file mode 100644 index d8ea5dfc..00000000 --- a/cdist/conf/type/__sshd_config/parameter/default/file +++ /dev/null @@ -1 +0,0 @@ -/etc/ssh/sshd_config diff --git a/cdist/conf/type/__sshd_config/parameter/default/state b/cdist/conf/type/__sshd_config/parameter/default/state deleted file mode 100644 index e7f6134f..00000000 --- a/cdist/conf/type/__sshd_config/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -present diff --git a/cdist/conf/type/__sshd_config/parameter/optional b/cdist/conf/type/__sshd_config/parameter/optional deleted file mode 100644 index 922ab093..00000000 --- a/cdist/conf/type/__sshd_config/parameter/optional +++ /dev/null @@ -1,4 +0,0 @@ -file -option -state -value diff --git a/cdist/conf/type/__sshd_config/parameter/optional_multiple b/cdist/conf/type/__sshd_config/parameter/optional_multiple deleted file mode 100644 index 02b1d1a9..00000000 --- a/cdist/conf/type/__sshd_config/parameter/optional_multiple +++ /dev/null @@ -1 +0,0 @@ -match diff --git a/cdist/config.py b/cdist/config.py index 19d5bd70..e84f6f84 100644 --- a/cdist/config.py +++ b/cdist/config.py @@ -420,9 +420,6 @@ class Config: exec_path=sys.argv[0], save_output_streams=args.save_output_streams) - # Make __global state dir available to custom remote scripts. - os.environ['__global'] = local.base_path - remote = cdist.exec.remote.Remote( target_host=target_host, remote_exec=remote_exec, diff --git a/cdist/preos/debootstrap/files/code b/cdist/preos/debootstrap/files/code index d836848c..9e37003b 100755 --- a/cdist/preos/debootstrap/files/code +++ b/cdist/preos/debootstrap/files/code @@ -22,7 +22,7 @@ set -e if [ "${debug}" ] then set -x - cdist_params="${cdist_params} -l 3" + cdist_params="${cdist_params} -d" fi bootstrap_dir="${target_dir}" diff --git a/cdist/scan/scan.py b/cdist/scan/scan.py index b1d0e9e1..0ce4dff3 100644 --- a/cdist/scan/scan.py +++ b/cdist/scan/scan.py @@ -59,8 +59,6 @@ from scapy.all import * # Datetime overwrites scapy.all.datetime - needs to be imported AFTER import datetime -import cdist.config - log = logging.getLogger("scan") @@ -127,18 +125,6 @@ class Scanner(object): with open(fname, "w") as fd: fd.write(f"{now}\n") - def config(self): - """ - Configure a host - - - Assume we are only called if necessary - - However we need to ensure to not run in parallel - - Maybe keep dict storing per host processes - - Save the result - - Save the output -> probably aligned to config mode - - """ - def start(self): self.process = Process(target=self.scan) self.process.start() diff --git a/cdist/test/__main__.py b/cdist/test/__main__.py index 8049c752..c8c7df3b 100644 --- a/cdist/test/__main__.py +++ b/cdist/test/__main__.py @@ -20,7 +20,7 @@ # # -import importlib +import imp import os import sys import unittest @@ -37,9 +37,8 @@ for possible_test in os.listdir(base_dir): suites = [] for test_module in test_modules: - module_spec = importlib.util.find_spec("cdist.test.{}".format(test_module)) - module = importlib.util.module_from_spec(module_spec) - module_spec.loader.exec_module(module) + module_parameters = imp.find_module(test_module, [base_dir]) + module = imp.load_module("cdist.test." + test_module, *module_parameters) suite = unittest.defaultTestLoader.loadTestsFromModule(module) # print("Got suite: " + suite.__str__()) diff --git a/docs/changelog b/docs/changelog index 42a74d04..ff411a46 100644 --- a/docs/changelog +++ b/docs/changelog @@ -2,40 +2,10 @@ Changelog --------- next: - * Type __pyvenv: Fix user example in man page (Dennis Camera) - * Core: config: Make local state directory available to custom remotes (Steven Armstrong - * Type __ssh_authorized_key: grep only if file exists (Dennis Camera) - * Type __sshd_config: Whitelist OpenBMC (Dennis Camera) - -6.9.5: 2021-02-28 - * Core: preos: Fix passing cdist debug parameter (Darko Poljak) - * Type __sshd_config: Produce error if invalid config is generated, fix processing of AuthenticationMethods and AuthorizedKeysFile, document explorer bug (Dennis Camera) - * Explorer memory: Fix result units; support Solaris (Dennis Camera) - * Type __postgres_role: Implement modification of roles (Dennis Camera) - * Type __letsencrypt_cert: Fix issues with hooks (Evil Ham) - * Type __package_pip: Add optional extra dependencies param (Matthias Stecher) - -6.9.4: 2020-12-21 - * Type __package_pkgng_freebsd: Fix bootstrapping pkg (Dennis Camera) - * Core: Deal with deprecated imp in unit tests (Evil Ham) - * Type __iptables: Add IPv6 support (Matthias Stecher) - * Type __block: Fix escaping in here-doc (Matthias Stecher) - * Explorer os_version: Improve FreeBSD support (Evil Ham) - * New type: __apt_backports (Matthias Stecher) - * Type __dot_file: Add dirmode parameter (Mark Verboom) - -6.9.3: 2020-12-04 - * pip install: Add cdist.scan to packages in setup.py (Dennis Camera) - -6.9.2: 2020-11-20 * Documentation: Fix examples in best practice (Dennis Camera) * Type __locale: Add state explorer (Matthias Stecher) * Core: Reorganize scripts, version generation (Ander Punnar, Dennis Camera) * New type: __hwclock (Dennis Camera) - * Type __hostname: Fix guessing SuSE OS version (Dennis Camera) - * New type: __sshd_config (Dennis Camera) - * New type: __localedef (Dennis Camera) - * Type __locale: Deprecate in favor of __localedef (Dennis Camera) 6.9.1: 2020-11-08 * Type __file: Fix state pre-exists (Dennis Camera) diff --git a/docs/dev/logs/2020-10-29.org b/docs/dev/logs/2020-10-29.org index 03d6b3f4..4461be8c 100644 --- a/docs/dev/logs/2020-10-29.org +++ b/docs/dev/logs/2020-10-29.org @@ -54,12 +54,4 @@ VERBOSE: scan: Host fe80::f29f:c2ff:fe7c:275e is alive VERBOSE: scan: Host fe80::ba69:f4ff:fec5:8db7 is alive VERBOSE: scan: Host fe80::42b0:34ff:fe6f:f863 is alive VERBOSE: scan: Host fe80::21b:fcff:feee:f4bc is alive -** Better usage -> saving the env - sudo -E cdist scan -b -I wlan0 -vv -** TODO Implement actual configuration step - - Also serves as a nice PoC - - Might need to escape literal IPv6 addresses for scp -** TODO Define how to map link local address to something useful - - via reverse DNS? - - via link local in manifest? -** TODO define ignorehosts? +... diff --git a/setup.py b/setup.py index bfc8b495..858c2c17 100644 --- a/setup.py +++ b/setup.py @@ -54,7 +54,7 @@ os.chdir(cur) setup( name="cdist", - packages=["cdist", "cdist.core", "cdist.exec", "cdist.scan", "cdist.util"], + packages=["cdist", "cdist.core", "cdist.exec", "cdist.util", ], package_data={'cdist': package_data}, scripts=["bin/cdist", "bin/cdist-dump", "bin/cdist-new-type"], version=cdist.version.VERSION,