Merge branch 'master' into 4.0-pre-not-stable

.version

@@ -1 +0,0 @@
-2.1.0-pre1

Makefile

@@ -170,17 +170,6 @@ $(ML_FILE): $(CHANGELOG_FILE)
 ml-release: $(ML_FILE)
 
 
-################################################################################
-# Release: Freecode
-#
-FREECODE_FILE=.lock-freecode
-
-$(FREECODE_FILE): $(CHANGELOG_FILE)
-	$(helper) freecode-release $(CHANGELOG_VERSION)
-	touch $@
-
-freecode-release: $(FREECODE_FILE)
-
 ################################################################################
 # pypi
 #
@@ -197,7 +186,7 @@ ARCHLINUX_FILE=.lock-archlinux
 ARCHLINUXTAR=cdist-$(CHANGELOG_VERSION)-1.src.tar.gz
 
 $(ARCHLINUXTAR): PKGBUILD
-	makepkg -c --source
+	umask 022; mkaurball
 
 PKGBUILD: PKGBUILD.in $(PYTHON_VERSION)
 	./PKGBUILD.in $(CHANGELOG_VERSION)

PKGBUILD.in

@@ -17,7 +17,13 @@ source=("http://pypi.python.org/packages/source/c/cdist/cdist-\${pkgver}.tar.gz"
 package() {
     cd cdist-\${pkgver}
     python3 setup.py build install --root="\${pkgdir}"
+    find "\$pkgdir" -type d -exec chmod 0755 {} \;
+    find "\$pkgdir" -type f -exec chmod a+r {} \;
 }
 eof
 
 makepkg -g >> "${outfile}"
+
+# Fix this issue:
+# error: failed to upload cdist-3.1.6-1.src.tar.gz: Error - all files must have permissions of 644 or 755.
+chmod a+r "${outfile}"

bin/build-helper

@@ -145,21 +145,6 @@ eof
     ;;
 
 
-    freecode-release)
-        version=$1; shift
-        printf "Enter tag list for freecode release %s> " "$version"
-        read taglist
-
-        printf "Enter changelog for freecode release %s> " "$version"
-        read changelog
-
-        echo "Submitting to freecode ..."
-        python2 ~/p/foreign/freecode-submit-2.7/freecode-submit -P cdist \
-            -v "$version" -c "$changelog" \
-            -t "$taglist" \
-            -n
-    ;;
-
     release-git-tag)
         target_version=$($0 changelog-version)
         if git rev-parse --verify refs/tags/$target_version 2>/dev/null; then
@@ -258,9 +243,6 @@ eof
         # Archlinux release is based on pypi
         make archlinux-release
 
-        # Announce change on Freecode
-        make freecode-release
-
         # Announce change on ML
         make ml-release
 

cdist/conf/explorer/cpu_cores

@@ -22,10 +22,19 @@
 
 # FIXME: other system types (not linux ...)
 
-if [ -r /proc/cpuinfo ]; then
-    cores="$(cat /proc/cpuinfo | grep "core id" | sort | uniq | wc -l)"
-    if [ ${cores} -eq 0 ]; then
-        cores="1"
-    fi
-    echo "${cores}"
-fi
+os=$("$__explorer/os")
+case "$os" in
+    "macosx")
+        echo "$(sysctl -n hw.physicalcpu)"
+    ;;
+
+    *)
+        if [ -r /proc/cpuinfo ]; then
+            cores="$(grep "core id" /proc/cpuinfo | sort | uniq | wc -l)"
+            if [ ${cores} -eq 0 ]; then
+                cores="1"
+            fi
+            echo "$cores"
+        fi
+    ;;
+esac

cdist/conf/explorer/cpu_sockets

@@ -22,10 +22,19 @@
 
 # FIXME: other system types (not linux ...)
 
-if [ -r /proc/cpuinfo ]; then
-    sockets="$(cat /proc/cpuinfo | grep "physical id" | sort | uniq | wc -l)"
-    if [ ${sockets} -eq 0 ]; then
-        sockets="$(cat /proc/cpuinfo | grep "processor" | wc -l)"
+os=$("$__explorer/os")
+case "$os" in
+    "macosx")
+        echo "$(system_profiler SPHardwareDataType | grep "Number of Processors" | awk -F': ' '{print $2}')"
+    ;;
+
+    *)
+    if [ -r /proc/cpuinfo ]; then
+        sockets="$(grep "physical id" /proc/cpuinfo | sort | uniq | wc -l)"
+        if [ ${sockets} -eq 0 ]; then
+            sockets="$(cat /proc/cpuinfo | grep "processor" | wc -l)"
+        fi
+        echo "${sockets}"
     fi
-    echo "${sockets}"
-fi
+    ;;
+esac

cdist/conf/explorer/memory

@@ -22,6 +22,15 @@
 
 # FIXME: other system types (not linux ...)
 
-if [ -r /proc/meminfo ]; then
-    echo "$(cat /proc/meminfo | grep "MemTotal:" | awk '{print $2}')"
-fi
+os=$("$__explorer/os")
+case "$os" in
+    "macosx")
+        echo "$(sysctl -n hw.memsize)/1024" | bc
+    ;;
+
+    *)
+    if [ -r /proc/meminfo ]; then
+        grep "MemTotal:" /proc/meminfo | awk '{print $2}'
+    fi
+    ;;
+esac

cdist/conf/type/__apt_update_index/man.text

@@ -5,7 +5,7 @@ Steven Armstrong <steven-cdist--@--armstrong.cc>
 
 NAME
 ----
-cdist-type__apt_update_index - update apt's package index
+cdist-type__apt_update_index - Update apt's package index
 
 
 DESCRIPTION

cdist/conf/type/__block/explorer/block

@@ -1,5 +1,24 @@
 #!/bin/sh
-# 2013 Steven Armstrong (steven-cdist at armstrong.cc)
+#
+# 2013 Steven Armstrong (steven-cdist armstrong.cc)
+# 2014 Nico Schottelius (nico-cdist at schottelius.org)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
 
 file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")"
 
@@ -8,12 +27,12 @@ file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")"
 
 prefix=$(cat "$__object/parameter/prefix" 2>/dev/null || echo "#cdist:__block/$__object_id")
 suffix=$(cat "$__object/parameter/suffix" 2>/dev/null || echo "#/cdist:__block/$__object_id")
-awk -v prefix="$prefix" -v suffix="$suffix" '{
-   if (index($0,prefix)) {
+awk -v prefix="^$prefix\$" -v suffix="^$suffix\$" '{
+   if (match($0,prefix)) {
       triggered=1
    }
    if (triggered) {
-      if (index($0,suffix)) {
+      if (match($0,suffix)) {
             triggered=0
       }
       print

cdist/conf/type/__block/gencode-remote

@@ -46,13 +46,13 @@ tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
 if [ -f "$file" ]; then
    cp -p "$file" "\$tmpfile"
 fi
-awk -v prefix="$prefix" -v suffix="$suffix" '
+awk -v prefix="^$prefix\$" -v suffix="^$suffix\$" '
 {
-   if (index(\$0,prefix)) {
+   if (match(\$0,prefix)) {
       triggered=1
    }
    if (triggered) {
-      if (index(\$0,suffix)) {
+      if (match(\$0,suffix)) {
          triggered=0
       }
    } else {

cdist/conf/type/__cdistmarker/man.text

@@ -40,7 +40,7 @@ EXAMPLES
 __cdistmarker
 
 # Creates the marker differently.
-__cdistmarker --file /tmp/cdist_marker --format '+%s'
+__cdistmarker --destination /tmp/cdist_marker --format '+%s'
 --------------------------------------------------------------------------------
 
 

cdist/conf/type/__file/gencode-local

@@ -67,7 +67,7 @@ DONE
       if [ "$upload_file" ]; then
          echo upload >> "$__messages_out"
          cat << DONE
-$__remote_copy $source ${__target_host}:\$destination_upload
+$__remote_copy "$source" "${__target_host}:\$destination_upload"
 DONE
       fi
 # move uploaded file into place

cdist/conf/type/__iptables_apply/files/init-script

@@ -45,4 +45,14 @@ case $1 in
     restart)
         "$0" stop &&  "$0" start
     ;;
+    reset)
+        for table in INPUT FORWARD OUTPUT; do
+            iptables -P "$table" ACCEPT
+            iptables -F "$table"
+        done
+        for table in PREROUTING POSTROUTING OUTPUT; do
+            iptables -t nat -P "$table" ACCEPT
+            iptables -t nat -F "$table"
+        done
+    ;;
 esac

cdist/conf/type/__locale/manifest

@@ -29,7 +29,7 @@ case "$os" in
         # Debian needs a seperate package
         __package locales --state present
     ;;
-    suse)
+    archlinux|suse)
         :
     ;;
     *)

cdist/conf/type/__package/explorer/pkgng_exists

@@ -0,0 +1,27 @@
+#!/bin/sh
+#
+# 2014 Jake Guffey (jake.guffey at eprotex.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Retrieve the status of a package - parsed dpkg output
+#
+
+if [ "$($__explorer/os)" = "freebsd" ]; then
+   command -v pkg
+fi
+

cdist/conf/type/__package/manifest

@@ -19,7 +19,7 @@
 #
 #
 # __package is an abstract type which dispatches to the lower level
-# __package_$name types which do the actual interaction with the packaging
+# __package_$type types which do the actual interaction with the packaging
 # system.
 #
 
@@ -33,7 +33,13 @@ else
          amazon|centos|fedora|redhat) type="yum" ;;
          archlinux) type="pacman" ;;
          debian|ubuntu) type="apt" ;;
-         freebsd) type="pkg_freebsd" ;;
+         freebsd)
+            if [ -n "$(cat "$__object/explorer/pkgng_exists")" ]; then
+               type="pkgng_freebsd"
+            else
+               type="pkg_freebsd"
+            fi
+            ;;
          gentoo) type="emerge" ;;
          suse) type="zypper" ;;
          openwrt) type="opkg" ;;

cdist/conf/type/__package_apt/gencode-remote

@@ -33,6 +33,14 @@ else
    state_should="present"
 fi
 
+if [ -f "$__object/parameter/target-release" ]; then
+   target_release="--target-release $(cat "$__object/parameter/target-release")"
+else
+   target_release=""
+fi
+
+
+
 # FIXME: use grep directly, state is a list, not a line!
 state_is="$(cat "$__object/explorer/state")"
 case "$state_is" in
@@ -44,13 +52,13 @@ esac
 
 # Hint if we need to avoid questions at some point:
 # DEBIAN_PRIORITY=critical can reduce the number of questions
-aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes --no-install-recommends -o DPkg::Options::=\"--force-confold\""
+aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes --no-install-recommends -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\""
 
 [ "$state_is" = "$state_should" ] && exit 0
 
 case "$state_should" in
     present)
-        echo $aptget install \"$name\"
+        echo $aptget install $target_release \"$name\"
     ;;
     absent)
         echo $aptget remove \"$name\"

cdist/conf/type/__package_apt/man.text

@@ -27,6 +27,9 @@ name::
 state::
     Either "present" or "absent", defaults to "present"
 
+target-release::
+    Passed on to apt-get install, see apt-get(8).
+    Essentially allows you to retrieve packages from a different release
 
 EXAMPLES
 --------

cdist/conf/type/__package_apt/parameter/optional

@@ -1,3 +1,4 @@
 name
 version
 state
+target-release

cdist/conf/type/__package_emerge/gencode-remote

@@ -27,37 +27,40 @@ else
    name="$__object_id"
 fi
 
-if [ -f "$__object/parameter/state" ]; then
-   state_should="$(cat "$__object/parameter/state")"
-else
-   state_should="present"
+state_should="$(cat "$__object/parameter/state")"
+
+version="$(cat "$__object/parameter/version")"
+
+if [ -n "$version" ]; then
+    name="=$name-$version"
 fi
 
 pkg_version="$(cat "$__object/explorer/pkg_version")"
 if [ -z "$pkg_version" ]; then
     state_is="absent"
-elif [ $(echo "$pkg_version" | wc -l) -gt 1 ]; then
+elif [ -z "$version" -a $(echo "$pkg_version" | wc -l) -gt 1 ]; then
+    echo "Package name is not unique! The following packages are installed:"
+    echo "$pkg_version"
+    exit 1
+elif [ -n "$version" -a $(echo "$pkg_version" | cut -d " " -f 1 | sort | uniq | wc -l) -gt 1 ]; then
     echo "Package name is not unique! The following packages are installed:"
     echo "$pkg_version"
     exit 1
 else
     state_is="present"
-    installed_version="$(echo "$pkg_version" | cut -d " " -f 2)"
+    if [ -n "$version" ] && echo "$pkg_version" | cut -d " " -f 2 | grep -q -x "$version"; then
+        installed_version="$(echo "$pkg_version" | cut -d " " -f 2 | grep -x "$version")"
+    else
+        installed_version="$(echo "$pkg_version" | cut -d " " -f 2 | tail -n 1)"
+    fi
 fi
 
-if [ -f "$__object/parameter/version" ]; then
-    version="$(cat "$__object/parameter/version")"
-    if [ ! -z "$version" ]; then
-        name="=$name-$version"
-    fi
-else
-    version=""
-fi
 
 # Exit if nothing is needed to be done
 [ "$state_is" = "$state_should" ] && ( [ -z "$version" ] || [ "$installed_version" = "$version" ] ) && exit 0
 [ "$state_should" = "absent" ] && [ ! -z "$version" ] && [ "$installed_version" != "$version" ] && exit 0
 
+
 case "$state_should" in
    present)
         echo "emerge \"$name\" &>/dev/null || exit 1"

cdist/conf/type/__package_emerge/parameter/default/state

@@ -0,0 +1 @@
+present

cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version

@@ -0,0 +1,37 @@
+#!/bin/sh
+#
+# 2014 Jake Guffey (jake.guffey at eprotex.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Retrieve the status of a package - parsed dpkg output
+#
+
+if [ -f "$__object/parameter/name" ]; then
+   name="$(cat "$__object/parameter/name")"
+else
+   name="$__object_id"
+fi
+
+# Don't produce "no pkgs installed" output -- breaks things
+PKG_OUTPUT=$(pkg info 2>&1)
+echo -n "$(echo "$PKG_OUTPUT" \
+   | awk '{print $1}' \
+   | sed 's/^\(.*\)-\([^-]*\)$/name:\1 ver:\2/g' \
+   | grep "name:$name ver:" \
+   | sed 's/^.*ver:\(.*\)/\1/g')"
+

cdist/conf/type/__package_pkgng_freebsd/gencode-remote

@@ -0,0 +1,139 @@
+#!/bin/sh
+#
+# 2014 Jake Guffey (jake.guffey at eprotex.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Manage packages with pkg on FreeBSD
+#
+
+# Debug
+#exec >&2
+#set -x
+
+if [ -f "$__object/parameter/name" ]; then
+   name="$(cat "$__object/parameter/name")"
+else
+   name="$__object_id"
+fi
+
+if [ -f "$__object/parameter/flavor" ]; then
+   flavor="$(cat "$__object/parameter/flavor")"
+fi
+
+if [ -f "$__object/parameter/version" ]; then
+   version="$(cat "$__object/parameter/version")"
+fi
+
+if [ -f "$__object/parameter/upgrade" ]; then
+   upgrade="true"
+else
+   upgrade="false"
+fi
+
+if [ -f "$__object/parameter/repo" ]; then
+   repo="$(cat "$__object/parameter/repo")"
+fi
+
+if [ -f "$__object/parameter/state" ]; then
+   state="$(cat "$__object/parameter/state")"
+else
+   state="present"
+fi
+curr_version="$(cat "$__object/explorer/pkg_version")"
+add_cmd="pkg install -y"
+rm_cmd="pkg delete -y"
+upg_cmd="pkg upgrade -y"
+cmd=""
+
+# Print the command to be executed
+# Parms: $1 -- mode, "rm", "add", or "upg"
+#        $2 -- the command to be echoed
+execcmd(){
+   local _cmd=""
+
+   case "$1" in
+      add)
+         _cmd="${add_cmd} $2"
+         ;;
+      rm)
+         _cmd="${rm_cmd} $2"
+         ;;
+      upg)
+         _cmd="${upg_cmd} $2"
+         ;;
+      *)
+         printf "Error. Don't understand command: %s" "$1" >&2
+         exit 1
+         ;;
+   esac
+
+   echo "$_cmd 2>&- >&-"   # Silence the output of the command
+   echo "status=\$?"
+   echo "if [ \"\$status\" -ne \"0\" ]; then"
+   echo "	echo \"Error: ${_cmd} exited nonzero with \$status\"'!' >&2"
+   echo "	exit 1"
+   echo "fi"
+}
+
+if [ -n "$curr_version" ]; then  # PKG *is* installed
+   if [ -n "$repo" ]; then
+      cmd="-r ${repo} ${name}"
+   else
+      cmd="${name}"
+   fi
+   if [ -n "$flavor" ]; then
+      cmd="${cmd}-${flavor}"
+   fi
+   # PKG is supposed to be removed
+   if [ "$state" = "absent" ]; then
+      execcmd "rm" "${cmd}"
+   # PKG is supposed to be installed to a particular version
+   elif [ -n "$version" ] && [ "$version" != "$curr_version" ]; then
+      if [ "$upgrade" = "true" ]; then
+         execcmd "upg" "${cmd}"
+      else
+         printf "Version %s is already installed and pkg-ng can't upgrade directly to version %s.\nTo upgrade to the latest version, use the --upgrade flag.\n" "$curr_version" "$version" >&2
+         exit 1
+      fi
+   # PKG is supposed to be installed to the latest version
+   else
+      :  # Do nothing.
+   fi
+else  # PKG *isn't* installed
+   if [ "$state" = "absent" ]; then # Shouldn't be installed
+      exit 0
+   else  # Should be installed
+      if [ -n "$repo" ]; then
+         cmd="-r ${repo} ${name}"
+      else
+         cmd="${name}"
+      fi
+      if [ -n "$flavor" ]; then
+         cmd="${cmd}-${flavor}"
+      fi
+      if [ -n "$version" ]; then
+         cmd="${cmd}-${version}"
+      fi
+
+      execcmd "add" "$cmd"
+      exit 0
+   fi
+fi
+
+# Debug
+#set +x

cdist/conf/type/__package_pkgng_freebsd/man.text

@@ -0,0 +1,97 @@
+cdist-type__package_pkgng_freebsd(7)
+==================================
+Jake Guffey <jake.guffey--@--eprotex.com>
+
+
+NAME
+----
+cdist-type__package_pkgng_freebsd - Manage FreeBSD packages with pkg-ng
+
+
+DESCRIPTION
+-----------
+This type is usually used on FreeBSD to manage packages.
+
+
+REQUIRED PARAMETERS
+-------------------
+None
+
+
+OPTIONAL PARAMETERS
+-------------------
+name::
+    If supplied, use the name and not the object id as the package name.
+
+flavor::
+    If supplied, use to avoid ambiguity.
+
+version::
+    If supplied, use to install a specific version of the package named.
+
+repo::
+    If supplied, use to install the package named from a particular repo.
+
+state::
+    Either "present" or "absent", defaults to "present"
+
+
+BOOLEAN PARAMETERS
+------------------
+upgrade::
+    If supplied, allow upgrading to the latest version of a package.
+
+
+CAVEATS
+-------
+This type requires that repository definitions already exist in /etc/pkg/*.conf.
+Ensure that they exist prior to use of this type with __file.
+
+pkg-ng can't upgrade a package to a specific version. If this type needs to
+upgrade a package, it can only ugprade to the latest available version. If the
+"upgrade" parameter is not given and an upgrade needs to occur, an error will result.
+
+
+MESSAGES
+--------
+install::
+   The package was installed
+remove::
+   The package was removed
+upgrade::
+   The package was upgraded
+exist::
+   The package was already present and thus not installed
+
+
+EXAMPLES
+--------
+
+--------------------------------------------------------------------------------
+# Ensure zsh is installed
+__package_pkgng_freebsd zsh --state present
+
+# Ensure vim is installed, use flavor no_x11
+__package_pkgng_freebsd vim --state present --flavor no_x11
+
+# If you don't want to follow pythonX packages, but always use python
+__package_pkgng_freebsd python --state present --name python2
+
+# Install a package from a particular repository when multiples exist
+__package_pkgng_freebsd bash --state present --repo myrepo
+
+# Remove obsolete package
+__package_pkgng_freebsd puppet --state absent
+--------------------------------------------------------------------------------
+
+
+SEE ALSO
+--------
+- cdist-type(7)
+- cdist-type__package(7)
+
+
+COPYING
+-------
+Copyright \(C) 2014 Jake Guffey. Free use of this software is
+granted under the terms of the GNU General Public License version 3 (GPLv3).

cdist/conf/type/__package_pkgng_freebsd/parameter/boolean

@@ -0,0 +1 @@
+upgrade

cdist/conf/type/__package_pkgng_freebsd/parameter/optional

@@ -0,0 +1,5 @@
+name
+flavor
+version
+repo
+state

cdist/conf/type/__package_update_index/gencode-remote

@@ -0,0 +1,50 @@
+#!/bin/sh
+#
+# 2014 Ricardo Catalinas Jiménez (jimenezrick at gmail.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Update the package index with the appropriate package manager
+#
+
+type="$__object/parameter/type"
+
+if [ -f "$type" ]; then
+    type="$(cat "$type")"
+else
+    # By default determine package manager based on operating system
+    os="$(cat "$__global/explorer/os")"
+    case "$os" in
+        amazon|centos|fedora|redhat) type="yum" ;;
+        debian|ubuntu) type="apt" ;;
+        archlinux) type="pacman" ;;
+        *)
+            echo "Don't know how to manage packages on: $os" >&2
+            exit 1
+            ;;
+    esac
+fi
+
+case "$type" in
+    yum) ;;
+    apt) echo "apt-get --quiet update" ;;
+    pacman) echo "pacman --noprogressbar --sync --refresh" ;;
+    *)
+        echo "Don't know how to manage packages on: $os" >&2
+        exit 1
+        ;;
+esac

cdist/conf/type/__package_update_index/man.text

@@ -0,0 +1,52 @@
+cdist-type__package_update_index(7)
+===================================
+Ricardo Catalinas Jiménez <jimenezrick--@--gmail.com>
+
+
+NAME
+----
+cdist-type__package_update_index - Update the package index
+
+
+DESCRIPTION
+-----------
+This cdist type allows you to update the package index on the target.
+It will automatically use the appropriate package manager.
+
+
+REQUIRED PARAMETERS
+-------------------
+None
+
+
+OPTIONAL PARAMETERS
+-------------------
+type::
+    The package manager to use. Default is determined based on the $os
+    explorer variable.
+    e.g. apt for Debian
+         yum for Red Hat
+         pacman for Arch Linux
+
+
+EXAMPLES
+--------
+
+--------------------------------------------------------------------------------
+# Update the package index on the target
+__package_update_index
+
+# Force use of a specific package manager
+__package_update_index --type apt
+--------------------------------------------------------------------------------
+
+
+SEE ALSO
+--------
+- cdist-type(7)
+
+
+COPYING
+-------
+Copyright \(C) 2014 Ricardo Catalinas Jiménez. Free use of this software is
+granted under the terms of the GNU General Public License version 3 (GPLv3).

cdist/conf/type/__package_update_index/parameter/optional

@@ -0,0 +1 @@
+type

cdist/conf/type/__package_upgrade_all/gencode-remote

@@ -0,0 +1,62 @@
+#!/bin/sh
+#
+# 2014 Ricardo Catalinas Jiménez (jimenezrick at gmail.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Upgrade all the already installed packages with the appropriate package
+# manager
+#
+
+type="$__object/parameter/type"
+
+if [ -f "$type" ]; then
+    type="$(cat "$type")"
+else
+    # By default determine package manager based on operating system
+    os="$(cat "$__global/explorer/os")"
+    case "$os" in
+        amazon|centos|fedora|redhat) type="yum" ;;
+        debian|ubuntu) type="apt" ;;
+        archlinux) type="pacman" ;;
+        *)
+            echo "Don't know how to manage packages on: $os" >&2
+            exit 1
+            ;;
+    esac
+fi
+
+aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes --no-install-recommends -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\""
+
+case "$type" in
+    yum)
+        echo "yum --quiet --assumeyes update"
+        echo "yum --quiet clean all"
+        ;;
+    apt)
+        echo $aptget dist-upgrade
+        echo "apt-get --quiet autoclean"
+        ;;
+    pacman)
+        echo "pacman --noprogressbar --noconfirm --sync --sysupgrade"
+        echo "pacman --noprogressbar --noconfirm --sync --clean"
+        ;;
+    *)
+        echo "Don't know how to manage packages on: $os" >&2
+        exit 1
+        ;;
+esac

cdist/conf/type/__package_upgrade_all/man.text

@@ -0,0 +1,52 @@
+cdist-type__package_upgrade_all(7)
+==================================
+Ricardo Catalinas Jiménez <jimenezrick--@--gmail.com>
+
+
+NAME
+----
+cdist-type__package_upgrade_all - Upgrade all the installed packages
+
+
+DESCRIPTION
+-----------
+This cdist type allows you to upgrade all the installed packages on the
+target. It will automatically use the appropriate package manager.
+
+
+REQUIRED PARAMETERS
+-------------------
+None
+
+
+OPTIONAL PARAMETERS
+-------------------
+type::
+    The package manager to use. Default is determined based on the $os
+    explorer variable.
+    e.g. apt for Debian
+         yum for Red Hat
+         pacman for Arch Linux
+
+
+EXAMPLES
+--------
+
+--------------------------------------------------------------------------------
+# Upgrade all the installed packages on the target
+__package_upgrade_all
+
+# Force use of a specific package manager
+__package_upgrade_all --type apt
+--------------------------------------------------------------------------------
+
+
+SEE ALSO
+--------
+- cdist-type(7)
+
+
+COPYING
+-------
+Copyright \(C) 2014 Ricardo Catalinas Jiménez. Free use of this software is
+granted under the terms of the GNU General Public License version 3 (GPLv3).

cdist/conf/type/__package_upgrade_all/parameter/optional

@@ -0,0 +1 @@
+type

cdist/conf/type/__qemu_img/man.text

@@ -1,5 +1,5 @@
 cdist-type__qemu_img(7)
-========================
+=======================
 Nico Schottelius <nico-cdist--@--schottelius.org>
 
 

cdist/conf/type/__ssh_authorized_key/explorer/entry

@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# extract the keytype and base64 encoded key ignoring any options and comment
+type_and_key="$(cat "$__object/parameter/key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')"
+file="$(cat $__object/parameter/file)"
+
+# get any entries that match the type and key
+grep ".*$type_and_key[ \n]" "$file" || true

cdist/conf/type/__ssh_authorized_key/gencode-remote

@@ -0,0 +1,109 @@
+#!/bin/sh
+#
+# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+set -u
+
+remove_line() {
+   file="$1"
+   line="$2"
+   cat << DONE
+tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
+# preserve ownership and permissions of existing file
+if [ -f "$file" ]; then
+   cp -p "$file" "\$tmpfile"
+fi
+grep -v -F -x '$line' '$file' > \$tmpfile || true
+mv -f "\$tmpfile" "$file"
+DONE
+}
+
+add_line() {
+   file="$1"
+   line="$2"
+   # escape single quotes
+   line_sanitised=$(echo "$line" | sed -e "s/'/'\"'\"'/g")
+   printf '%s' "printf '%s\n' '$line_sanitised' >> $file"
+}
+
+
+file="$(cat "$__object/parameter/file")"
+mkdir "$__object/files"
+
+# Generate the entry as it should be
+(
+   if [ -f "$__object/parameter/option" ]; then
+      # comma seperated list of options
+      options="$(cat "$__object/parameter/option" | tr '\n' ',')"
+      printf '%s ' "${options%*,}"
+   fi
+   if [ -f "$__object/parameter/comment" ]; then
+      # extract the keytype and base64 encoded key ignoring any options and comment
+      printf '%s ' "$(cat "$__object/parameter/key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')"
+      # override the comment with the one explicitly given
+      printf '%s' "$(cat "$__object/parameter/comment")"
+   else
+      printf '%s' "$(cat "$__object/parameter/key")"
+   fi
+   printf '\n'
+) > "$__object/files/should"
+
+# Remove conflicting entries if any
+if [ -s "$__object/explorer/entry" ]; then
+   # Note that the files have to be sorted for comparison with `comm`.
+   sort "$__object/explorer/entry" > "$__object/files/is"
+   comm -13 "$__object/files/should" "$__object/files/is" | {
+      while read entry; do
+         remove_line "$file" "$entry"
+      done
+   }
+fi
+
+# Determine the current state
+entry="$(cat "$__object/files/should")"
+state_should="$(cat "$__object/parameter/state")"
+num_existing_entries=$(grep -c -F -x "$entry" "$__object/explorer/entry" || true)
+if [ $num_existing_entries -eq 1 ]; then
+   state_is="present"
+else
+   # Posix grep does not define the -m option, so we can not remove a single
+   # occurence of a string from a file in the `remove_line` function. Instead
+   # _all_ occurences are removed.
+   # By using `comm` to detect conflicting entries this could lead to the
+   # situation that the key we want to add is actually removed.
+   # To workaround this we must treat 0 or more then 1 existing entries to
+   # mean current state is 'absent'. By doing this, the key is readded
+   # again after cleaning up conflicting entries.
+   state_is="absent"
+fi
+
+# Manage the actual entry as it should be
+if [ "$state_should" = "$state_is" ]; then
+   # Nothing to do
+   exit 0
+fi
+
+case "$state_should" in
+   present)
+      add_line "$file" "$entry"
+   ;;
+   absent)
+      remove_line "$file" "$entry"
+   ;;
+esac

cdist/conf/type/__ssh_authorized_key/man.text

@@ -0,0 +1,67 @@
+cdist-type__ssh_authorized_key(7)
+=================================
+Steven Armstrong <steven-cdist--@--armstrong.cc>
+
+
+NAME
+----
+cdist-type__ssh_authorized_key - manage a single ssh authorized key entry
+
+
+DESCRIPTION
+-----------
+Manage a single authorized key entry in an authorized_key file.
+This type was created to be used by the __ssh_authorized_keys type.
+
+
+REQUIRED PARAMETERS
+-------------------
+file::
+   the authorized_keys file to which the given key should be added
+
+key::
+   a string containing the ssh keytype, base 64 encoded key and optional
+   trailing comment which shall be added to the given authorized_keys file.
+
+
+OPTIONAL PARAMETERS
+-------------------
+comment::
+   explicit comment instead of the one which may be trailing the given key
+
+option::
+   an option to set for this authorized_key entry.
+   Can be specified multiple times.
+   See sshd(8) for available options.
+
+state::
+   if the given keys should be 'present' or 'absent', defaults to 'present'.
+
+
+EXAMPLES
+--------
+
+--------------------------------------------------------------------------------
+__ssh_authorized_key some-id \
+   --file "/home/user/.ssh/autorized_keys" \
+   --key "$(cat ~/.ssh/id_rsa.pub)"
+
+__ssh_authorized_key some-id \
+   --file "/home/user/.ssh/autorized_keys" \
+   --key "$(cat ~/.ssh/id_rsa.pub)" \
+   --option 'command="/path/to/script"' \
+   --option 'environment="FOO=bar"' \
+   --comment 'one to rule them all'
+--------------------------------------------------------------------------------
+
+
+SEE ALSO
+--------
+- cdist-type(7)
+- cdist__ssh_authorized_keys(7)
+- sshd(8)
+
+COPYING
+-------
+Copyright \(C) 2014 Steven Armstrong. Free use of this software is
+granted under the terms of the GNU General Public License version 3 (GPLv3).

cdist/conf/type/__ssh_authorized_key/parameter/default/state

@@ -0,0 +1 @@
+present

cdist/conf/type/__ssh_authorized_key/parameter/optional

@@ -0,0 +1,2 @@
+comment
+state

cdist/conf/type/__ssh_authorized_key/parameter/optional_multiple

@@ -0,0 +1 @@
+option

cdist/conf/type/__ssh_authorized_key/parameter/required

@@ -0,0 +1,2 @@
+file
+key

cdist/conf/type/__ssh_authorized_keys/explorer/file

@@ -0,0 +1,27 @@
+#!/bin/sh
+#
+# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+if [ -f "$__object/parameter/file" ]; then
+   cat "$__object/parameter/file"
+else
+   owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
+   home=$(getent passwd "$owner" | cut -d':' -f 6)
+   echo "$home/.ssh/authorized_keys"
+fi

cdist/conf/type/__ssh_authorized_keys/explorer/group

@@ -18,5 +18,6 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
-gid="$("$__type_explorer/passwd" | cut -d':' -f 4)"
+owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
+gid="$(getent passwd "$owner" | cut -d':' -f 4)"
 getent group "$gid" || true

cdist/conf/type/__ssh_authorized_keys/man.text

@@ -12,13 +12,13 @@ DESCRIPTION
 -----------
 Adds or removes ssh keys from a authorized_keys file.
 
-This type also manages the directory containing the authorized_keys
-file and sets strict ownership and permissions. You can disable this feature
-with the --noparent boolean parameter.
+This type uses the __ssh_dot_ssh type to manage the directory containing
+the authorized_keys file. You can disable this feature with the --noparent
+boolean parameter.
 
 The existence, ownership and permissions of the authorized_keys file itself are
 also managed. This can be disabled with the --nofile boolean parameter. It is
-then left to the user to ensure that the file exists and that ownership and 
+then left to the user to ensure that the file exists and that ownership and
 permissions work with ssh.
 
 
@@ -31,15 +31,23 @@ key::
 
 OPTIONAL PARAMETERS
 -------------------
+comment::
+   explicit comment instead of the one which may be trailing the given key
+
+file::
+   an alternative destination file, defaults to ~$owner/.ssh/authorized_keys
+
+option::
+   an option to set for all created authorized_key entries.
+   Can be specified multiple times.
+   See sshd(8) for available options.
+
 owner::
    the user owning the authorized_keys file, defaults to object_id.
 
 state::
    if the given keys should be 'present' or 'absent', defaults to 'present'.
 
-file::
-   an alternative destination file, defaults to ~$owner/.ssh/authorized_keys
-
 
 BOOLEAN PARAMETERS
 ------------------
@@ -64,13 +72,24 @@ __ssh_authorized_keys root \
 __ssh_authorized_keys user-name \
    --key "ssh-rsa AXYZAAB3NzaC1yc2..."
 
+# allow key to login as user-name with options and expicit comment
+__ssh_authorized_keys user-name \
+   --key "ssh-rsa AXYZAAB3NzaC1yc2..." \
+   --option no-agent-forwarding \
+   --option 'from="*.example.com"' \
+   --comment 'backup server'
+
 # same as above, but with explicit owner and two keys
+# note that the options are set for all given keys
 __ssh_authorized_keys some-fancy-id \
    --owner user-name \
    --key "ssh-rsa AXYZAAB3NzaC1yc2..." \
-   --key "ssh-rsa AZXYAAB3NzaC1yc2..."
+   --key "ssh-rsa AZXYAAB3NzaC1yc2..." \
+   --option no-agent-forwarding \
+   --option 'from="*.example.com"' \
+   --comment 'backup server'
 
-# same as above, but authorized_keys file in non standard location
+# authorized_keys file in non standard location
 __ssh_authorized_keys some-fancy-id \
    --file /etc/ssh/keys/user-name/authorized_keys \
    --owner user-name \
@@ -89,6 +108,7 @@ __ssh_authorized_keys some-fancy-id \
 SEE ALSO
 --------
 - cdist-type(7)
+- sshd(8)
 
 
 COPYING

cdist/conf/type/__ssh_authorized_keys/manifest

@@ -21,16 +21,7 @@
 
 owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
 state="$(cat "$__object/parameter/state" 2>/dev/null)"
-if [ -f "$__object/parameter/file" ]; then
-   file="$(cat "$__object/parameter/file")"
-else
-   home="$(cut -d':' -f 6 "$__object/explorer/passwd")"
-   if [ -z "$home" ]; then
-      echo "Failed to get home directory from explorer." >&2
-      exit 1
-   fi
-   file="$home/.ssh/authorized_keys"
-fi
+file="$(cat "$__object/explorer/file")"
 
 if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ]; then
    group="$(cut -d':' -f 1 "$__object/explorer/group")"
@@ -40,12 +31,8 @@ if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ];
    fi
 
    if [ ! -f "$__object/parameter/noparent" ]; then
-      # Ensure that the directory in which the authorized_keys shall be exists and
-      # has the right permissions.
-      ssh_directory="${file%/*}"
-      __directory "$ssh_directory" --state present --parents \
-         --owner "$owner" --group "$group" --mode 0700
-      export require="__directory/$ssh_directory"
+      __ssh_dot_ssh "$owner"
+      export require="__ssh_dot_ssh/$owner"
    fi
    if [ ! -f "$__object/parameter/nofile" ]; then
       # Ensure that authorized_keys file exists and has the right permissions.
@@ -54,6 +41,7 @@ if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ];
          --group "$group" \
          --mode 0600 \
          --state exists
+      export require="__file/$file"
    fi
 fi
 
@@ -67,22 +55,25 @@ __block "$__object_name" \
    --text - << DONE
 remove legacy block
 DONE
+export require="__block/$__object_name"
 
 _cksum() {
    echo "$1" | cksum | cut -d' ' -f 1
 }
 
 while read key; do
-   cksum_key="$(_cksum "$key")"
-   line_id="${owner}-${cksum_key}"
-
-   set -- "$line_id"
+   type_and_key="$(echo "$key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')"
+   object_id="$(_cksum "$file")-$(_cksum "$type_and_key")"
+   set -- "$object_id"
    set -- "$@" --file "$file"
-   set -- "$@" --regex ".*$key.*"
-   if [ "$state" = 'present' ]; then
-      set -- "$@" --line "$key"
-   fi
+   set -- "$@" --key "$key"
    set -- "$@" --state "$state"
-   # Ensure __line does not read stdin
-   require="__block/$__object_name" __line "$@" < /dev/null
+   if [ -f "$__object/parameter/option" ]; then
+      set -- "$@" --option "$(cat "$__object/parameter/option")"
+   fi
+   if [ -f "$__object/parameter/comment" ]; then
+      set -- "$@" --comment "$(cat "$__object/parameter/comment")"
+   fi
+   # Ensure __ssh_authorized_key does not read stdin
+   __ssh_authorized_key "$@" < /dev/null
 done < "$__object/parameter/key"

cdist/conf/type/__ssh_authorized_keys/parameter/optional

@@ -1,3 +1,5 @@
+comment
+file
+option
 owner
 state
-file

cdist/conf/type/__ssh_dot_ssh/explorer/group

@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+gid="$("$__type_explorer/passwd" | cut -d':' -f 4)"
+getent group "$gid" || true

cdist/conf/type/__ssh_dot_ssh/explorer/passwd

@@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2012 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2014 Nico Schottelius (nico-cdist at schottelius.org)
 #
 # This file is part of cdist.
 #
@@ -18,6 +19,6 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
-owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
+owner="$__object_id"
 
 getent passwd "$owner" || true

cdist/conf/type/__ssh_dot_ssh/man.text

@@ -0,0 +1,44 @@
+cdist-type__ssh_dot_ssh(7)
+==========================
+Nico Schottelius <nico-cdist--@--schottelius.org>
+
+
+NAME
+----
+cdist-type__ssh_dot_ssh - Manage .ssh directory
+
+
+DESCRIPTION
+-----------
+Adds or removes .ssh directory to a user home.
+
+This type is being used by __ssh_authorized_keys.
+
+OPTIONAL PARAMETERS
+-------------------
+state::
+   if the directory should be 'present' or 'absent', defaults to 'present'.
+
+
+EXAMPLES
+--------
+
+--------------------------------------------------------------------------------
+# Ensure root has ~/.ssh with the right permissions
+__ssh_dot_ssh root
+
+# Nico does not need ~/.ssh anymore
+__ssh_dot_ssh nico --state absent
+--------------------------------------------------------------------------------
+
+
+SEE ALSO
+--------
+- cdist-type(7)
+- cdist-type__ssh_authorized_keys(7)
+
+
+COPYING
+-------
+Copyright \(C) 2014 Nico Schottelius. Free use of this software is
+granted under the terms of the GNU General Public License version 3 (GPLv3).

cdist/conf/type/__ssh_dot_ssh/manifest

@@ -0,0 +1,44 @@
+#!/bin/sh
+#
+# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2014 Nico Schottelius (nico-cdist at schottelius.org)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+# Hacked in Kalamata, Greece
+#
+
+owner="$__object_id"
+state="$(cat "$__object/parameter/state")"
+
+group="$(cut -d':' -f 1 "$__object/explorer/group")"
+if [ -z "$group" ]; then
+    echo "Failed to get owners group from explorer." >&2
+    exit 1
+fi
+
+home="$(cut -d':' -f 6 "$__object/explorer/passwd")"
+if [ -z "$home" ]; then
+   echo "Failed to get home directory from explorer." >&2
+   exit 1
+fi
+ssh_directory="${home}/.ssh"
+
+# Ensure that the directory in which the authorized_keys shall be exists and
+# has the right permissions.
+__directory "$ssh_directory" \
+    --state "$state" \
+    --owner "$owner" --group "$group" --mode 0700

cdist/conf/type/__ssh_dot_ssh/parameter/default/state

@@ -0,0 +1 @@
+present

cdist/conf/type/__ssh_dot_ssh/parameter/optional

@@ -0,0 +1 @@
+state

cdist/conf/type/__zypper_repo/explorer/repo_id

@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# 2013 Daniel Heule (hda at sfs.biz)
+# 2013-2014 Daniel Heule (hda at sfs.biz)
 #
 # This file is part of cdist.
 #
@@ -26,4 +26,4 @@ if [ -f "$__object/parameter/uri" ]; then
 else
    uri="$__object_id"
 fi
-echo $(zypper lr -u | grep -E "\<$uri\>" | cut -d'|' -f 1 | grep -E '^[0-9]' )
+echo $(zypper lr -u | grep -F "$uri" | cut -d'|' -f 1 | grep -E '^[0-9]' )

cdist/core/manifest.py

@@ -144,4 +144,4 @@ class Manifest(object):
         type_manifest = os.path.join(self.local.type_path, cdist_object.cdist_type.manifest_path)
         message_prefix = cdist_object.name
         if os.path.isfile(type_manifest):
-           self.local.run_script(type_manifest, env=self.env_type_manifest(cdist_object))
+            self.local.run_script(type_manifest, env=self.env_type_manifest(cdist_object), message_prefix=message_prefix)

cdist/message.py

@@ -37,12 +37,14 @@ class Message(object):
         self.prefix = prefix
         self.global_messages = messages
 
-        self.messages_in  = tempfile.mkstemp(suffix='.cdist_message_in')[1]
-        self.messages_out = tempfile.mkstemp(suffix='.cdist_message_out')[1]
+        in_fd, self.messages_in  = tempfile.mkstemp(suffix='.cdist_message_in')
+        out_fd, self.messages_out = tempfile.mkstemp(suffix='.cdist_message_out')
+
+        os.close(in_fd)
+        os.close(out_fd)
 
         self._copy_messages()
 
-
     @property
     def env(self):
         env = {}

docs/changelog

@@ -15,12 +15,41 @@ Changelog
 	* Core: Integrate initial preos support
 
 
-3.1.6:
+3.1.10:
+	* Core: Fix too many open files bug (#343)
+	* Type __ssh_authorized_keys: Remove unneeded explorer (Steven Armstrong)
+	* Type __ssh_authorized_keys: Fix empty output bug of entry explorer (Steven Armstrong)
+	* Type __package_apt: Add support for --target-release
+
+3.1.9: 2014-10-17
+	* Type __package_emerge: Fix handling of slotted packages (Daniel Heule)
+	* Type __package_apt: Use --force-confdef (Ricardo Catalinas Jiménez)
+	* Type __package_update_index: Decrease verbosity (Ricardo Catalinas Jiménez)
+	* Type __package_upgrade_all: Decrease verbosity (Ricardo Catalinas Jiménez)
+
+3.1.8: 2014-10-01
+	* New Type: __package_update_index (Ricardo Catalinas Jiménez)
+	* New Type: __package_upgrade_all  (Ricardo Catalinas Jiménez)
+
+3.1.7: 2014-09-29
+	* Type __cdistmarker: Fix typo (Ricardo Catalinas Jiménez)
+	* Core: Bugfix: Export messaging to manifests (Ricardo Catalinas Jiménez)
+	* Explorer cpu_cores, cpu_sockets, memory: Add Mac OS X support (Manuel Hutter)
+	* Type __ssh_authorized_keys: Ensure keys are correctly added (Steven Armstrong)
+	* New Type: __ssh_authorized_key (Steven Armstrong)
+	* New Type: __package_pkgng_freebsd (Jake Guffey)
+
+3.1.6: 2014-08-18
+	* New Type: __ssh_dot_ssh
 	* Type __package_yum: Support retrieving package via URL
 	* Type __hostname: Support SuSE and have CentOS use sysconfig value
 	* Type __locale: Support SuSE
+	* Type __locale: Support Archlinux
 	* Type __timezone: Support SuSE
 	* Type __file: Support MacOS X (Manuel Hutter)
+	* Type __iptables_apply: Add "reset" to init.d script of iptables
+	* Type __ssh_authorized_key: Use new type __ssh_dot_ssh
+	* Type __zypper_repo: Bugfix for pattern matching (Daniel Heule)
 
 3.1.5: 2014-05-05
 	* Type __zypper_repo: Automatically import gpg keys (Daniel Heule)

docs/dev/logs/2014-09-10.preos-keys

@@ -0,0 +1,18 @@
+
+cdist preos keyramfs --keyfile --keyfile
+
+[17:51] freiheit:vcs% mkdir preos-keys
+[17:51] freiheit:vcs% mkdir -p preos-keys/root/.ssh 
+[17:56] freiheit:vcs% 
+
+chown root:root -R preos-keys/
+chmod 0600 preos-keys/root/.ssh/authorized_keys 
+
+chmod 0700 preos-keys/root/
+chmod 0700 preos-keys/root/.ssh/
+
+[18:20:17] freiheit:/home/users/nico/.ungleich/ungleich/vcs/preos-keys# find . | cpio -H newc -o | gzip -9 >  ../initramfs.cpio.gz
+4 blocks
+[18:21:08] freiheit:/home/users/nico/.ungleich/ungleich/vcs/preos-keys# 
+
+

docs/dev/logs/2014-11-11.discussion

@@ -0,0 +1,104 @@
+- logging/cache destination
+    local:
+        ~/.cdist/log/by-host/$__target/host/config/YYYY/MM/DD/hhmmss/
+        ~/.cdist/log/by-session/YYYY/MM/DD/hhmmss/$__target_host/
+            config/
+            install/
+            export/
+    remote:
+        /var/lib/cdist/YYYY-MM-DD-hhmmss-$sourcehost.$pid
+
+    rm old directories on remote side
+
+- support for tags
+    - for partial configuration
+    - supports also install
+    - on object definition, define
+        - a) don't care (i.e. no tags)
+        - b) require tag (only if this tag is setup)
+        - c) require not tag (only if this tag is *not* setup)
+        - d) what if both given (conflicting)
+    - names for parameters:
+        - cdist config / cdist type
+            --if-tag / --not-if-tag / --require-tag
+            --not-if-tag
+
+- logging
+    - command line
+    - stdin of cdist
+    - stdout/stderr/stdin of types
+        - new: stdout/stderr
+    - initial manifest
+        - if coming from stdin
+
+- logging configurable
+    - to be discussed
+
+- sudo remote
+    - cp to tmp & mv
+    - umask issue?
+
+- install
+    - via tagged types
+    - 
+
+- export
+    - one /export script per type
+    - exports of type running after object's code is done
+    - global export should also exist after everything
+    - PR & merge
+    - change DONE status to CODE_DONE
+    - introduce EXPORT_DONE
+
+
+- preos
+    - merge with debian support only
+    - we are open to support --os-type later
+
+- stackable remotes
+    - change API for remote_exec and remote_copy
+    - new minor version
+    - PR & merge
+
+- locking
+    - optional
+    - remote lock
+    - based on $(ls /var/lib/cdist/) > 0
+
+- ideas for parallelisation
+    - run explorer in parallel
+        - type
+        - object
+    - objects without dependencies can be run in parallel
+
+- connection test
+    - just implement
+
+- multi user environment
+    - not really needed [at the moment]
+    - can be implemented by 
+        - git branches
+        - setting the output dir
+
+- python2 support with __future__
+    - steven votes against it
+    - nico does not care too much to object
+
+
+- pull based
+    - sshd / stdin + stdout
+    - use Use ProxyCommand with stdin/stdout
+        - http://www.nico.schottelius.org/blog/openssh-6.2-add-callback-functionality-using-dynamic-remote-port-forwarding/
+
+    - cdist grant-pull-access <targethost>
+        - generate user
+        - ssh pubkeypair
+    - call wraper script on targethost
+        - it is shell!
+        - ssh cdistuser@controlhost 
+
+- config replay/redo/undo
+    - not now
+
+
+- have a new discussion about handling uris

docs/dev/todo/TAKEME

@@ -5,10 +5,6 @@ Feel free to pick one!
 
 CORE
 ----
-- support default parameter
-- document and add paremeters for remote-copy and remote-exec!
-    - remove hack, make a feature of it
-
 - remove var=foo calls on remote side. Use -o SendEnv (yeah, see ssh_config(5))
 
 TESTS
@@ -23,9 +19,6 @@ TESTS
 
 USER INTERFACE
 --------------
-- How to cleanly implement "restart service if config file changed"
-    -> document
-
 - Cache
    - add example how to use 
    - export variable $__cache
@@ -45,7 +38,6 @@ TYPES
 - Add testing framework (proposed by Evax Software)
 - __user
    add option to include --create-home
-- Merge __addifnosuchline and __removeline into __line + --state present|absent
 - __cron: Support --file to be used instead of user cron (probably direct support
     of /etc/cron.d)
 

docs/man/cdist-reference.text.sh

@@ -203,10 +203,10 @@ __global::
     Directory that contains generic output like explorer.
     Available for: initial manifest, type manifest, type gencode, shell
 __messages_in::
-    File to read messages from
+    File to read messages from.
     Available for: initial manifest, type manifest, type gencode
 __messages_out::
-    File to write messages
+    File to write messages.
     Available for: initial manifest, type manifest, type gencode
 __object::
     Directory that contains the current object.

docs/man/man7/cdist-explorer.text

@@ -50,7 +50,7 @@ else
    name="$__object_id"
 fi
 
-# Except dpkg failing, if package is not known / installed
+# Expect dpkg failing, if package is not known / installed
 dpkg -s "$name" 2>/dev/null || exit 0
 --------------------------------------------------------------------------------
 
@@ -64,5 +64,5 @@ SEE ALSO
 
 COPYING
 -------
-Copyright \(C) 2010-2012 Nico Schottelius. Free use of this software is
+Copyright \(C) 2010-2014 Nico Schottelius. Free use of this software is
 granted under the terms of the GNU General Public License version 3 (GPLv3).

docs/man/man7/cdist-manifest.text

@@ -110,6 +110,7 @@ setup the variable "require" to contain the requirements. Multiple
 requirements can be added white space separated.
 
 --------------------------------------------------------------------------------
+
  1 # No dependency
  2 __file /etc/cdist-configured
  3 
@@ -121,21 +122,43 @@ requirements can be added white space separated.
  9 require="__file/etc/cdist-configured __link/tmp/cdist-testfile" \
 10    __file /tmp/cdist-another-testfile
 
-
 --------------------------------------------------------------------------------
 
 Above the "require" variable is only set for the command that is 
-immediately following it. Dependencies should allways be declared that way.
+immediately following it. Dependencies should always be declared that way.
 
-On line 4 you can see that the instantion of a type "__link" object needs
+On line 4 you can see that the instantion of a type "\__link" object needs
 the object "__file/etc/cdist-configured" to be present, before it can proceed.
 
-This also means that the "__link" command must make sure, that either
-"__file/etc/cdist-configured" allready is present, or, if it's not, it needs
+This also means that the "\__link" command must make sure, that either
+"\__file/etc/cdist-configured" allready is present, or, if it's not, it needs
 to be created. The task of cdist is to make sure, that the dependency will be
-resolved appropriately and thus "__file/etc/cdist-configured" be created
+resolved appropriately and thus "\__file/etc/cdist-configured" be created
 if necessary before "__link" proceeds (or to abort execution with an error).
 
+If you really need to make all types depend on a common dependency, you can
+export the "require" variable as well. But then, if you need to add extra
+dependencies to a specific type, you have to make sure that you append these
+to the globally already defined one.
+
+--------------------------------------------------------------------------------
+
+# First of all, update the package index
+__package_update_index
+# Upgrade all the installed packages afterwards
+require="__package_update_index" __package_upgrade_all
+# Create a common dependency for all the next types so that they get to
+# be executed only after the package upgrade has finished
+export require="__package_upgrade_all"
+
+# Ensure that lighttpd is installed after we have upgraded all the packages
+__package lighttpd --state present
+# Ensure that munin is installed after lighttpd is present and after all
+# the packages are upgraded
+require="$require __package/lighttpd" __package munin --state present
+
+--------------------------------------------------------------------------------
+
 All objects that are created in a type manifest are automatically required
 from the type that is calling them. This is called "autorequirement" in
 cdist jargon.

docs/man/man7/cdist-messaging.text

@@ -57,6 +57,48 @@ if grep -q "^__your_type/object/id:something" "$__messages_in"; then
 fi
 --------------------------------------------------------------------------------
 
+Some real life examples:
+--------------------------------------------------------------------------------
+# Reacting on changes from block for keepalive
+if grep -q "^__block/keepalive-vrrp" "$__messages_in"; then
+    echo /etc/init.d/keepalived restart
+fi
+
+# Reacting on changes of configuration files
+if grep -q "^__file/etc/one" $__messages_in; then
+    echo 'for init in /etc/init.d/opennebula*; do $init restart; done'
+fi
+--------------------------------------------------------------------------------
+
+Restart sshd on changes
+--------------------------------------------------------------------------------
+os="$(cat "$__global/explorer/os")"
+
+case "$os" in
+    centos|redhat|suse)
+        restart="/etc/init.d/sshd restart"
+    ;;
+    debian|ubuntu)
+        restart="/etc/init.d/ssh restart"
+    ;;
+    *)
+        cat << eof >&2
+Unsupported os $os.
+If you would like to have this type running on $os,
+you can either develop the changes and send a pull
+request or ask for a quote at www.ungleich.ch
+eof
+        exit 1
+    ;;
+esac
+
+if grep -q "^__key_value/PermitRootLogin" "$__messages_in"; then
+    echo $restart
+fi
+--------------------------------------------------------------------------------
+
+
+
 
 SEE ALSO
 --------

docs/man/man7/cdist-type.text

@@ -100,7 +100,7 @@ echo use_ssl >> cdist/conf/type/__nginx_vhost/parameter/boolean
 USING PARAMETERS
 ----------------
 The parameters given to a type can be accessed and used in all type scripts
-(e.g manifest, gencode-*, explorer/*). Note that boolean parameters are
+(e.g manifest, gencode, explorer). Note that boolean parameters are
 represented by file existence. File exists -> True,
 file does not exist -> False
 
@@ -281,7 +281,7 @@ on the target, there must be another type that provides this tool and the first
 type should create an object of the specific type.
 
 If your type wants to save temporary data, that may be used by other types
-later on (for instance __file), you can save them in the subdirectory
+later on (for instance \__file), you can save them in the subdirectory
 "files" below $__object (but you must create it yourself).
 cdist will not touch this directory.