From e5099d32f3e1e85de3a22a993af0077eedab45d2 Mon Sep 17 00:00:00 2001
From: Mesar Hameed <mesar.hameed@gmail.com>
Date: Sat, 9 Jan 2021 09:34:01 +0000
Subject: [PATCH] __ipset: ignore ipset errors when non-existing item is
 removed, or item is added twice.

We might choose to include human readable hostnames, rather than ip addresses.
In these cases, we are unable to correctly detect membership, but ipset will resolve and error on duplicate.

the sets contain ip addresses and not resolvable names, gencode-remote will produce output, but ipset will eventually resolve to ip
addresses/check for real membership.

For example:

    __ipset good-sites --type hash:ip --add cdi.st

or:

    __ipset blocked-sites --type hash:ip --del cdi.st
---
 cdist/conf/type/__ipset/gencode-remote | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cdist/conf/type/__ipset/gencode-remote b/cdist/conf/type/__ipset/gencode-remote
index f3ec8c2a..1cd0c5ef 100755
--- a/cdist/conf/type/__ipset/gencode-remote
+++ b/cdist/conf/type/__ipset/gencode-remote
@@ -55,7 +55,7 @@ if [ "$state_should" = "present" ]; then
     if [ -f "$p/add" ]; then
         while read -r value; do
             if ! grep -q "$value" "$e/content"; then
-                echo "ipset add $name $value"
+                echo "ipset -! add $name $value"
                 needToSave=1
             fi
         done < "$p/add"
@@ -64,7 +64,7 @@ if [ "$state_should" = "present" ]; then
     if [ -f "$p/del" ]; then
         while read -r value; do
             if grep -q "$value" "$e/content"; then
-                echo "ipset del $name $value"
+                echo "ipset -! del $name $value"
                 needToSave=1
             fi
         done < "$p/del"