diff --git a/.gitattributes b/.gitattributes index 01d20f30..45c10d7b 100644 --- a/.gitattributes +++ b/.gitattributes @@ -4,5 +4,5 @@ docs/speeches export-ignore docs/video export-ignore docs/src/man7 export-ignore -bin/cdist-build-helper export-ignore +bin/build-helper export-ignore README-maintainers export-ignore diff --git a/.gitignore b/.gitignore index 85a8ccc7..ed8b453a 100644 --- a/.gitignore +++ b/.gitignore @@ -24,8 +24,6 @@ docs/src/man1/*.1 docs/src/man7/*.7 docs/src/man7/cdist-type__*.rst docs/src/cdist-reference.rst -docs/src/cdist-types.rst -docs/src/cdist.cfg.skeleton # Ignore cdist cache for version control /cache/ diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index a4bc67aa..00000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest - -stages: - - test - -before_script: - - ./bin/cdist-build-helper version - -shellcheck: - stage: test - script: - - ./bin/cdist-build-helper shellcheck - -pycodestyle: - stage: test - script: - - ./bin/cdist-build-helper pycodestyle - -unit_tests: - stage: test - script: - - ./bin/cdist-build-helper test diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 14682ad6..00000000 --- a/LICENSE +++ /dev/null @@ -1,674 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU General Public License is a free, copyleft license for -software and other kinds of works. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -the GNU General Public License is intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. We, the Free Software Foundation, use the -GNU General Public License for most of our software; it applies also to -any other work released this way by its authors. You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - To protect your rights, we need to prevent others from denying you -these rights or asking you to surrender the rights. Therefore, you have -certain responsibilities if you distribute copies of the software, or if -you modify it: responsibilities to respect the freedom of others. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must pass on to the recipients the same -freedoms that you received. You must make sure that they, too, receive -or can get the source code. And you must show them these terms so they -know their rights. - - Developers that use the GNU GPL protect your rights with two steps: -(1) assert copyright on the software, and (2) offer you this License -giving you legal permission to copy, distribute and/or modify it. - - For the developers' and authors' protection, the GPL clearly explains -that there is no warranty for this free software. For both users' and -authors' sake, the GPL requires that modified versions be marked as -changed, so that their problems will not be attributed erroneously to -authors of previous versions. - - Some devices are designed to deny users access to install or run -modified versions of the software inside them, although the manufacturer -can do so. This is fundamentally incompatible with the aim of -protecting users' freedom to change the software. The systematic -pattern of such abuse occurs in the area of products for individuals to -use, which is precisely where it is most unacceptable. Therefore, we -have designed this version of the GPL to prohibit the practice for those -products. If such problems arise substantially in other domains, we -stand ready to extend this provision to those domains in future versions -of the GPL, as needed to protect the freedom of users. - - Finally, every program is threatened constantly by software patents. -States should not allow patents to restrict development and use of -software on general-purpose computers, but in those that do, we wish to -avoid the special danger that patents applied to a free program could -make it effectively proprietary. To prevent this, the GPL assures that -patents cannot be used to render the program non-free. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Use with the GNU Affero General Public License. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU Affero General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the special requirements of the GNU Affero General Public License, -section 13, concerning interaction through a network will apply to the -combination as such. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - cdist - Copyright (C) 2019 ungleich-public - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -Also add information on how to contact you by electronic and paper mail. - - If the program does terminal interaction, make it output a short -notice like this when it starts in an interactive mode: - - cdist Copyright (C) 2019 ungleich-public - This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, your program's commands -might be different; for a GUI interface, you would use an "about box". - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU GPL, see -. - - The GNU General Public License does not permit incorporating your program -into proprietary programs. If your program is a subroutine library, you -may consider it more useful to permit linking proprietary applications with -the library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. But first, please read -. diff --git a/Makefile b/Makefile index 3712511c..fa3327d1 100644 --- a/Makefile +++ b/Makefile @@ -63,28 +63,16 @@ DOCSREFSH=$(DOCS_SRC_DIR)/cdist-reference.rst.sh $(DOCSREF): $(DOCSREFSH) $(DOCSREFSH) -# Html types list with references -DOCSTYPESREF=$(MAN7DSTDIR)/cdist-types.rst -DOCSTYPESREFSH=$(DOCS_SRC_DIR)/cdist-types.rst.sh - -$(DOCSTYPESREF): $(DOCSTYPESREFSH) - $(DOCSTYPESREFSH) - -DOCSCFGSKEL=./configuration/cdist.cfg.skeleton - -configskel: $(DOCSCFGSKEL) - cp -f "$(DOCSCFGSKEL)" "$(DOCS_SRC_DIR)/" - version: @[ -f "cdist/version.py" ] || { \ printf "Missing 'cdist/version.py', please generate it first.\n" && exit 1; \ } # Manpages #3: generic part -man: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF) +man: version $(MANTYPES) $(DOCSREF) $(SPHINXM) -html: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF) +html: version $(MANTYPES) $(DOCSREF) $(SPHINXH) docs: man html @@ -104,7 +92,7 @@ DOTMANTYPES=$(subst /man.rst,.rst,$(DOTMANTYPEPREFIX)) $(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst ln -sf "$^" $@ -dotman: version configskel $(DOTMANTYPES) $(DOCSREF) $(DOCSTYPESREF) +dotman: version $(DOTMANTYPES) $(SPHINXM) ################################################################################ @@ -126,8 +114,6 @@ speeches: $(SPEECHES) # clean: docs-clean rm -f $(DOCS_SRC_DIR)/cdist-reference.rst - rm -f $(DOCS_SRC_DIR)/cdist-types.rst - rm -f $(DOCS_SRC_DIR)/cdist.cfg.skeleton find "$(DOCS_SRC_DIR)" -mindepth 2 -type l \ | xargs rm -f diff --git a/README b/README new file mode 100644 index 00000000..caf2dac8 --- /dev/null +++ b/README @@ -0,0 +1,7 @@ +cdist +----- + +cdist is a usable configuration management system. + +For the web documentation have a look at https://www.cdi.st/ +or at docs/src for reStructuredText manual. diff --git a/README-maintainers b/README-maintainers index 5766dd7d..af57f475 100644 --- a/README-maintainers +++ b/README-maintainers @@ -1,4 +1,4 @@ -Maintainers should use ./bin/cdist-build-helper script. +Maintainers should use ./bin/build-helper script. Makefile is intended for end users. It can be used for non-maintaining targets that can be run from pure source (without git repository). diff --git a/README.md b/README.md deleted file mode 100644 index de6901c7..00000000 --- a/README.md +++ /dev/null @@ -1,31 +0,0 @@ -# cdist - -**cdist** is a usable configuration management system. - -It adheres to the [**KISS principle**](https://en.wikipedia.org/wiki/KISS_principle) -and is being used in small up to enterprise grade environments. - -For more information have a look at [**homepage**](https://cdi.st) -or at **``docs/src``** for manual in **reStructuredText** format. - -## Contributing - -Merge/Pull requests can be made in both -[upstream **GitLab**](https://code.ungleich.ch/ungleich-public/cdist/merge_requests) -(managed by [**ungleich**](https://ungleich.ch)) -and [**GitHub** project](https://github.com/ungleich/cdist/pulls). - -Issues can be made and other project management activites happen -[**only in GitLab**](https://code.ungleich.ch/ungleich-public/cdist) -(needs [**ungleich** account](https://account.ungleich.ch)). - -For community-maintained types there is -[**cdist-contrib** project](https://code.ungleich.ch/ungleich-public/cdist-contrib). - -## Participating - -IRC: ``#cdist`` @ freenode - -Matrix: ``#cdist:ungleich.ch`` - -Mattermost: https://chat.ungleich.ch/ungleich/channels/cdist diff --git a/bin/cdist-build-helper b/bin/build-helper similarity index 85% rename from bin/cdist-build-helper rename to bin/build-helper index 0380b3f8..9a776491 100755 --- a/bin/cdist-build-helper +++ b/bin/build-helper @@ -45,7 +45,7 @@ usage() { shellcheck-manifests shellcheck-local-gencodes shellcheck-remote-gencodes - shellcheck-bin + shellcheck-scripts shellcheck-gencodes shellcheck-types shellcheck @@ -74,7 +74,6 @@ SHELLCHECKCMD="shellcheck -s sh -f gcc -x" # Skip SC2154 for variables starting with __ since such variables are cdist # environment variables. SHELLCHECK_SKIP=': __.*is referenced but not assigned.*\[SC2154\]' -SHELLCHECKTMP=".shellcheck.tmp" # Change to checkout directory basedir="${0%/*}/../" @@ -100,7 +99,7 @@ case "$option" in if (\$0 ~ /^$end/) { exit } else { - print \$0 + print \$0 } } }" "$basedir/docs/changelog" @@ -135,7 +134,7 @@ case "$option" in version=$1; shift - ( + ( cat << eof Subject: cdist $version has been released @@ -336,7 +335,7 @@ eof make docs-clean make docs - ############################################################# + ############################################################# # Everything green, let's do the release # Tag the current commit @@ -370,7 +369,8 @@ eof cat << eof Manual steps post release: - cdist-web - - send generated mailinglist.tmp mail + - send mail body generated in mailinglist.tmp and inform Dmitry for deb + - twitter eof ;; @@ -405,7 +405,7 @@ eof ;; pycodestyle|pep8) - pycodestyle "${basedir}" "${basedir}/bin/cdist" + pycodestyle "${basedir}" "${basedir}/scripts/cdist" | less ;; check-pycodestyle) @@ -431,80 +431,57 @@ eof ;; shellcheck-global-explorers) - # shellcheck disable=SC2086 - find cdist/conf/explorer -type f -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}" - test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; } + find cdist/conf/explorer -type f -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0 ;; shellcheck-type-explorers) - # shellcheck disable=SC2086 - find cdist/conf/type -type f -path "*/explorer/*" -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}" - test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; } + find cdist/conf/type -type f -path "*/explorer/*" -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0 ;; shellcheck-manifests) - # shellcheck disable=SC2086 - find cdist/conf/type -type f -name manifest -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}" - test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; } + find cdist/conf/type -type f -name manifest -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0 ;; shellcheck-local-gencodes) - # shellcheck disable=SC2086 - find cdist/conf/type -type f -name gencode-local -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}" - test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; } + find cdist/conf/type -type f -name gencode-local -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0 ;; shellcheck-remote-gencodes) - # shellcheck disable=SC2086 - find cdist/conf/type -type f -name gencode-remote -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}" - test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; } + find cdist/conf/type -type f -name gencode-remote -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0 ;; - # NOTE: shellcheck-scripts is kept for compatibility - shellcheck-bin|shellcheck-scripts) - # shellcheck disable=SC2086 - ${SHELLCHECKCMD} bin/cdist-dump bin/cdist-new-type > "${SHELLCHECKTMP}" - test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; } + shellcheck-scripts) + ${SHELLCHECKCMD} scripts/cdist-dump scripts/cdist-new-type || exit 0 ;; shellcheck-gencodes) - errors=false - "$0" shellcheck-local-gencodes || errors=true - "$0" shellcheck-remote-gencodes || errors=true - ! $errors || exit 1 + "$0" shellcheck-local-gencodes + "$0" shellcheck-remote-gencodes ;; shellcheck-types) - errors=false - "$0" shellcheck-type-explorers || errors=true - "$0" shellcheck-manifests || errors=true - "$0" shellcheck-gencodes || errors=true - ! $errors || exit 1 + "$0" shellcheck-type-explorers + "$0" shellcheck-manifests + "$0" shellcheck-gencodes ;; shellcheck) - errors=false - "$0" shellcheck-global-explorers || errors=true - "$0" shellcheck-types || errors=true - "$0" shellcheck-bin || errors=true - ! $errors || exit 1 + "$0" shellcheck-global-explorers + "$0" shellcheck-types + "$0" shellcheck-scripts ;; shellcheck-type-files) - # shellcheck disable=SC2086 - find cdist/conf/type -type f -path "*/files/*" -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}" - test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; } + find cdist/conf/type -type f -path "*/files/*" -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0 ;; shellcheck-with-files) - errors=false - "$0" shellcheck || errors=true - "$0" shellcheck-type-files || errors=true - ! $errors || exit 1 + "$0" shellcheck + "$0" shellcheck-type-files ;; shellcheck-build-helper) - ${SHELLCHECKCMD} ./bin/cdist-build-helper + ${SHELLCHECKCMD} ./bin/build-helper ;; check-shellcheck) @@ -558,7 +535,6 @@ eof # Temp files rm -f ./*.tmp - rm -f ./.*.tmp ;; distclean) diff --git a/bin/cdist b/bin/cdist index ddaffa7f..645020a1 100755 --- a/bin/cdist +++ b/bin/cdist @@ -1,8 +1,7 @@ -#!/usr/bin/env python3 +#!/bin/sh # -*- coding: utf-8 -*- # -# 2010-2016 Nico Schottelius (nico-cdist at schottelius.org) -# 2016 Darko Poljak (darko.poljak at gmail.com) +# 2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # @@ -21,81 +20,14 @@ # # -import logging -import os -import sys +# Wrapper for real script to allow execution from checkout +dir=${0%/*} -# See if this file's parent is cdist module -# and if so add it to module search path. -cdist_dir = os.path.realpath( - os.path.join( - os.path.dirname(os.path.realpath(__file__)), - os.pardir)) -cdist_init_dir = os.path.join(cdist_dir, 'cdist', '__init__.py') -if os.path.exists(cdist_init_dir): - sys.path.insert(0, cdist_dir) +# Ensure version is present - the bundled/shipped version contains a static version, +# the git version contains a dynamic version +"$dir/build-helper" version -import cdist # noqa 402 -import cdist.argparse # noqa 402 -import cdist.banner # noqa 402 -import cdist.config # noqa 402 -import cdist.install # noqa 402 -import cdist.shell # noqa 402 -import cdist.inventory # noqa 402 +libdir=$(cd "${dir}/../" && pwd -P) +export PYTHONPATH="${libdir}" - -def commandline(): - """Parse command line""" - - # preos subcommand hack - if len(sys.argv) > 1 and sys.argv[1] == 'preos': - return cdist.preos.PreOS.commandline(sys.argv[1:]) - parser, cfg = cdist.argparse.parse_and_configure(sys.argv[1:]) - args = cfg.get_args() - - # Work around python 3.3 bug: - # http://bugs.python.org/issue16308 - # http://bugs.python.org/issue9253 - - # FIXME: catching AttributeError also hides - # real problems.. try a different way - - # FIXME: we always print main help, not - # the help of the actual parser being used! - try: - getattr(args, "func") - except AttributeError: - parser['main'].print_help() - sys.exit(0) - - args.func(args) - - -if __name__ == "__main__": - if sys.version < cdist.MIN_SUPPORTED_PYTHON_VERSION: - print('Python >= {} is required on the source host.'.format( - cdist.MIN_SUPPORTED_PYTHON_VERSIO), file=sys.stderr) - sys.exit(1) - - exit_code = 0 - - try: - import re - import os - - if re.match("__", os.path.basename(sys.argv[0])): - import cdist.emulator - emulator = cdist.emulator.Emulator(sys.argv) - emulator.run() - else: - commandline() - - except KeyboardInterrupt: - exit_code = 2 - - except cdist.Error as e: - log = logging.getLogger("cdist") - log.error(e) - exit_code = 1 - - sys.exit(exit_code) +"$dir/../scripts/cdist" "$@" diff --git a/cdist/__init__.py b/cdist/__init__.py index 44366cd0..c673b3ba 100644 --- a/cdist/__init__.py +++ b/cdist/__init__.py @@ -22,27 +22,11 @@ import os import hashlib -import subprocess import cdist.log +import cdist.version - -VERSION = 'unknown version' - -try: - import cdist.version - VERSION = cdist.version.VERSION -except ModuleNotFoundError: - cdist_dir = os.path.abspath( - os.path.join(os.path.dirname(__file__), os.pardir)) - if os.path.isdir(os.path.join(cdist_dir, '.git')): - try: - VERSION = subprocess.check_output( - ['git', 'describe', '--always'], - cwd=cdist_dir, - universal_newlines=True) - except Exception: - pass +VERSION = cdist.version.VERSION BANNER = """ .. . .x+=:. s @@ -64,9 +48,6 @@ REMOTE_EXEC = "ssh -o User=root" REMOTE_CMDS_CLEANUP_PATTERN = "ssh -o User=root -O exit -S {}" -MIN_SUPPORTED_PYTHON_VERSION = '3.5' - - class Error(Exception): """Base exception class for this project""" pass diff --git a/cdist/argparse.py b/cdist/argparse.py index 88759d7b..ca69cdae 100644 --- a/cdist/argparse.py +++ b/cdist/argparse.py @@ -5,14 +5,11 @@ import logging import collections import functools import cdist.configuration -import cdist.log import cdist.preos -import cdist.info -import cdist.scan.commandline # set of beta sub-commands -BETA_COMMANDS = set(('install', 'inventory', 'scan', )) +BETA_COMMANDS = set(('install', 'inventory', )) # set of beta arguments for sub-commands BETA_ARGS = { 'config': set(('tag', 'all_tagged_hosts', 'use_archiving', )), @@ -106,7 +103,7 @@ def get_parsers(): name="log level"), help=('Set the specified verbosity level. ' 'The levels, in order from the lowest to the highest, are: ' - 'ERROR (-1), WARNING (0), INFO (1), VERBOSE (2), DEBUG (3), ' + 'ERROR (-1), WARNING (0), INFO (1), VERBOSE (2), DEBUG (3) ' 'TRACE (4 or higher). If used along with -v then -v ' 'increases last set value and -l overwrites last set ' 'value.'), @@ -127,14 +124,6 @@ def get_parsers(): 'value.'), action='count', default=None) - parser['colored_output'] = argparse.ArgumentParser(add_help=False) - parser['colored_output'].add_argument( - '--colors', metavar='WHEN', - help="Colorize cdist's output based on log level; " - "WHEN is 'always', 'never', or 'auto'.", - action='store', dest='colored_output', required=False, - choices=cdist.configuration.ColoredOutputOption.CHOICES) - parser['beta'] = argparse.ArgumentParser(add_help=False) parser['beta'].add_argument( '-b', '--beta', @@ -207,13 +196,6 @@ def get_parsers(): 'supported. Without argument CPU count is used by default. '), action='store', dest='jobs', const=multiprocessing.cpu_count()) - parser['config_main'].add_argument( - '--log-server', - action='store_true', - help=('Start a log server for sub processes to use. ' - 'This is mainly useful when running cdist nested ' - 'from a code-local script. Log server is alwasy ' - 'implicitly started for \'install\' command.')) parser['config_main'].add_argument( '-n', '--dry-run', help='Do not execute code.', action='store_true') @@ -274,7 +256,8 @@ def get_parsers(): '-f', '--file', help=('Read specified file for a list of additional hosts to ' 'operate on or if \'-\' is given, read stdin (one host per ' - 'line).'), + 'line). If no host or host file is specified then, by ' + 'default, read hosts from stdin.'), dest='hostfile', required=False) parser['config_args'].add_argument( '-p', '--parallel', nargs='?', metavar='HOST_MAX', @@ -299,7 +282,6 @@ def get_parsers(): 'host', nargs='*', help='Host(s) to operate on.') parser['config'] = parser['sub'].add_parser( 'config', parents=[parser['loglevel'], parser['beta'], - parser['colored_output'], parser['common'], parser['config_main'], parser['inventory_common'], @@ -318,7 +300,6 @@ def get_parsers(): parser['add-host'] = parser['invsub'].add_parser( 'add-host', parents=[parser['loglevel'], parser['beta'], - parser['colored_output'], parser['common'], parser['inventory_common']]) parser['add-host'].add_argument( @@ -326,12 +307,13 @@ def get_parsers(): parser['add-host'].add_argument( '-f', '--file', help=('Read additional hosts to add from specified file ' - 'or from stdin if \'-\' (each host on separate line). '), + 'or from stdin if \'-\' (each host on separate line). ' + 'If no host or host file is specified then, by default, ' + 'read from stdin.'), dest='hostfile', required=False) parser['add-tag'] = parser['invsub'].add_parser( 'add-tag', parents=[parser['loglevel'], parser['beta'], - parser['colored_output'], parser['common'], parser['inventory_common']]) parser['add-tag'].add_argument( @@ -340,12 +322,20 @@ def get_parsers(): parser['add-tag'].add_argument( '-f', '--file', help=('Read additional hosts to add tags from specified file ' - 'or from stdin if \'-\' (each host on separate line). '), + 'or from stdin if \'-\' (each host on separate line). ' + 'If no host or host file is specified then, by default, ' + 'read from stdin. If no tags/tagfile nor hosts/hostfile' + ' are specified then tags are read from stdin and are' + ' added to all hosts.'), dest='hostfile', required=False) parser['add-tag'].add_argument( '-T', '--tag-file', help=('Read additional tags to add from specified file ' - 'or from stdin if \'-\' (each tag on separate line). '), + 'or from stdin if \'-\' (each tag on separate line). ' + 'If no tag or tag file is specified then, by default, ' + 'read from stdin. If no tags/tagfile nor hosts/hostfile' + ' are specified then tags are read from stdin and are' + ' added to all hosts.'), dest='tagfile', required=False) parser['add-tag'].add_argument( '-t', '--taglist', @@ -355,7 +345,6 @@ def get_parsers(): parser['del-host'] = parser['invsub'].add_parser( 'del-host', parents=[parser['loglevel'], parser['beta'], - parser['colored_output'], parser['common'], parser['inventory_common']]) parser['del-host'].add_argument( @@ -366,12 +355,13 @@ def get_parsers(): parser['del-host'].add_argument( '-f', '--file', help=('Read additional hosts to delete from specified file ' - 'or from stdin if \'-\' (each host on separate line). '), + 'or from stdin if \'-\' (each host on separate line). ' + 'If no host or host file is specified then, by default, ' + 'read from stdin.'), dest='hostfile', required=False) parser['del-tag'] = parser['invsub'].add_parser( 'del-tag', parents=[parser['loglevel'], parser['beta'], - parser['colored_output'], parser['common'], parser['inventory_common']]) parser['del-tag'].add_argument( @@ -384,13 +374,20 @@ def get_parsers(): parser['del-tag'].add_argument( '-f', '--file', help=('Read additional hosts to delete tags for from specified ' - 'file or from stdin if \'-\' (each host on separate ' - 'line). '), + 'file or from stdin if \'-\' (each host on separate line). ' + 'If no host or host file is specified then, by default, ' + 'read from stdin. If no tags/tagfile nor hosts/hostfile' + ' are specified then tags are read from stdin and are' + ' deleted from all hosts.'), dest='hostfile', required=False) parser['del-tag'].add_argument( '-T', '--tag-file', help=('Read additional tags from specified file ' - 'or from stdin if \'-\' (each tag on separate line). '), + 'or from stdin if \'-\' (each tag on separate line). ' + 'If no tag or tag file is specified then, by default, ' + 'read from stdin. If no tags/tagfile nor' + ' hosts/hostfile are specified then tags are read from' + ' stdin and are added to all hosts.'), dest='tagfile', required=False) parser['del-tag'].add_argument( '-t', '--taglist', @@ -400,7 +397,6 @@ def get_parsers(): parser['list'] = parser['invsub'].add_parser( 'list', parents=[parser['loglevel'], parser['beta'], - parser['colored_output'], parser['common'], parser['inventory_common']]) parser['list'].add_argument( @@ -428,78 +424,18 @@ def get_parsers(): parser['inventory'].set_defaults( func=cdist.inventory.Inventory.commandline) - # PreOS + # PreOs parser['preos'] = parser['sub'].add_parser('preos', add_help=False) # Shell parser['shell'] = parser['sub'].add_parser( - 'shell', parents=[parser['loglevel'], parser['colored_output']]) + 'shell', parents=[parser['loglevel']]) parser['shell'].add_argument( '-s', '--shell', help=('Select shell to use, defaults to current shell. Used shell' ' should be POSIX compatible shell.')) parser['shell'].set_defaults(func=cdist.shell.Shell.commandline) - # Info - parser['info'] = parser['sub'].add_parser('info') - parser['info'].add_argument( - '-a', '--all', help='Display all info. This is the default.', - action='store_true', default=False) - parser['info'].add_argument( - '-c', '--conf-dir', - help='Add configuration directory (can be repeated).', - action='append') - parser['info'].add_argument( - '-e', '--global-explorers', - help='Display info for global explorers.', action='store_true', - default=False) - parser['info'].add_argument( - '-F', '--fixed-string', - help='Interpret pattern as a fixed string.', action='store_true', - default=False) - parser['info'].add_argument( - '-f', '--full', help='Display full details.', - action='store_true', default=False) - parser['info'].add_argument( - '-g', '--config-file', - help='Use specified custom configuration file.', - dest="config_file", required=False) - parser['info'].add_argument( - '-t', '--types', help='Display info for types.', - action='store_true', default=False) - parser['info'].add_argument( - 'pattern', nargs='?', help='Glob pattern.') - parser['info'].set_defaults(func=cdist.info.Info.commandline) - - # Scan = config + further - parser['scan'] = parser['sub'].add_parser('scan', add_help=False, - parents=[parser['config']]) - - parser['scan'] = parser['sub'].add_parser( - 'scan', parents=[parser['loglevel'], - parser['beta'], - parser['colored_output'], - parser['common'], - parser['config_main']]) - - parser['scan'].add_argument( - '-m', '--mode', help='Which modes should run', - action='append', default=[], - choices=['scan', 'trigger']) - parser['scan'].add_argument( - '--config', - action='store_true', - help='Try to configure detected hosts') - parser['scan'].add_argument( - '-I', '--interfaces', - action='append', default=[], - help='On which interfaces to scan/trigger') - parser['scan'].add_argument( - '-d', '--delay', - action='store', default=3600, - help='How long to wait before reconfiguring after last try') - parser['scan'].set_defaults(func=cdist.scan.commandline.commandline) - for p in parser: parser[p].epilog = EPILOG @@ -510,12 +446,7 @@ def handle_loglevel(args): if hasattr(args, 'quiet') and args.quiet: args.verbose = _verbosity_level_off - logging.getLogger().setLevel(_verbosity_level[args.verbose]) - - -def handle_log_colors(args): - if cdist.configuration.ColoredOutputOption.translate(args.colored_output): - cdist.log.CdistFormatter.USE_COLORS = True + logging.root.setLevel(_verbosity_level[args.verbose]) def parse_and_configure(argv, singleton=True): @@ -529,7 +460,6 @@ def parse_and_configure(argv, singleton=True): raise cdist.Error(str(e)) # Loglevels are handled globally in here handle_loglevel(args) - handle_log_colors(args) log = logging.getLogger("cdist") diff --git a/cdist/conf/explorer/cpu_cores b/cdist/conf/explorer/cpu_cores index 81e5294e..a52bddac 100755 --- a/cdist/conf/explorer/cpu_cores +++ b/cdist/conf/explorer/cpu_cores @@ -32,11 +32,6 @@ case "$os" in sysctl -n hw.ncpuonline ;; - "freebsd"|"netbsd") - PATH=$(getconf PATH) - sysctl -n hw.ncpu - ;; - *) if [ -r /proc/cpuinfo ]; then cores="$(grep "core id" /proc/cpuinfo | sort | uniq | wc -l)" diff --git a/cdist/conf/explorer/disks b/cdist/conf/explorer/disks index 56d62d10..87a6b5c6 100755 --- a/cdist/conf/explorer/disks +++ b/cdist/conf/explorer/disks @@ -1,66 +1,27 @@ -#!/bin/sh -e -# -# based on previous work by other people, modified by: -# 2020 Dennis Camera -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# Finds disks of the system (excl. ram disks, floppy, cdrom) +#!/bin/sh uname_s="$(uname -s)" -case $uname_s in +case "${uname_s}" in FreeBSD) sysctl -n kern.disks ;; - OpenBSD) - sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+' - ;; - NetBSD) - PATH=$(getconf PATH) - sysctl -n hw.disknames | awk -v RS=' ' '/^[lsw]d[0-9]+/' + OpenBSD|NetBSD) + sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+' | xargs ;; Linux) - # list of major device numbers toexclude: - # ram disks, floppies, cdroms - # https://www.kernel.org/doc/Documentation/admin-guide/devices.txt - ign_majors='1 2 11' - - if command -v lsblk >/dev/null 2>&1 + if command -v lsblk > /dev/null then - lsblk -e "$(echo "$ign_majors" | tr ' ' ',')" -dno name - elif test -d /sys/block/ - then - # shellcheck disable=SC2012 - ls -1 /sys/block/ \ - | awk -v ign_majors="$(echo "$ign_majors" | tr ' ' '|')" ' - { - devfile = "/sys/block/" $0 "/dev" - getline devno < devfile - close(devfile) - if (devno !~ "^(" ign_majors "):") print - }' + # exclude ram disks, floppies and cdroms + # https://www.kernel.org/doc/Documentation/admin-guide/devices.txt + lsblk -e 1,2,11 -dno name | xargs else - echo "Don't know how to list disks on Linux without lsblk and sysfs." >&2 - echo 'If you can, please submit a patch.'>&2 + printf "Don't know how to list disks for %s operating system without lsblk, if you can please submit a patch\n" "${uname_s}" >&2 fi ;; *) - printf "Don't know how to list disks for %s operating system.\n" "${uname_s}" >&2 - printf 'If you can please submit a patch\n' >&2 + printf "Don't know how to list disks for %s operating system, if you can please submit a patch\n" "${uname_s}" >&2 ;; -esac \ -| xargs +esac + +exit 0 diff --git a/cdist/conf/explorer/hostname b/cdist/conf/explorer/hostname index dca004d1..7715c6b0 100755 --- a/cdist/conf/explorer/hostname +++ b/cdist/conf/explorer/hostname @@ -1,6 +1,7 @@ #!/bin/sh # -# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) +# 2010-2014 Nico Schottelius (nico-cdist at schottelius.org) +# 2012 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # @@ -18,12 +19,7 @@ # along with cdist. If not, see . # # -# Retrieve the running hostname -# -if command -v hostname >/dev/null -then - hostname -else - uname -n +if command -v uname >/dev/null; then + uname -n fi diff --git a/cdist/conf/explorer/init b/cdist/conf/explorer/init index f27c77ef..a8a7857e 100755 --- a/cdist/conf/explorer/init +++ b/cdist/conf/explorer/init @@ -1,8 +1,7 @@ -#!/bin/sh -e +#!/bin/sh # # 2016 Daniel Heule (hda at sfs.biz) # Copyright 2017, Philippe Gregoire -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -20,423 +19,21 @@ # along with cdist. If not, see . # # -# Returns the name of the init system (PID 1) - -# Expected values: -# Linux: -# Adélie Linux: -# sysvinit+openrc -# Alpine Linux: -# busybox-init+openrc -# ArchLinux: -# systemd, sysvinit -# CRUX: -# sysvinit -# Debian: -# systemd, upstart, sysvinit, openrc, ??? -# Devuan: -# sysvinit, sysvinit+openrc -# Gentoo: -# sysvinit+openrc, openrc-init, systemd -# OpenBMC: -# systemd -# OpenWrt: -# procd, init??? -# RedHat (RHEL, CentOS, Fedora, RedHat Linux, ...): -# systemd, upstart, upstart-legacy, sysvinit -# Slackware: -# sysvinit -# SuSE: -# systemd, sysvinit -# Ubuntu: -# systemd, upstart, upstart-legacy, sysvinit -# VoidLinux: -# runit +# Returns the process name of pid 1 ( normaly the init system ) +# for example at linux this value is "init" or "systemd" in most cases # -# GNU: -# Debian: -# sysvinit, hurd-init -# -# BSD: -# {Free,Open,Net}BSD: -# init -# -# Mac OS X: -# launchd, init+SystemStarter -# -# Solaris/Illumos: -# smf, init??? -# NOTE: init systems can be stacked. This is popular to run OpenRC on top of -# sysvinit (Gentoo) or busybox-init (Alpine), but can also be used to run runit -# as a systemd service. This makes init system detection very complicated -# (which result is expected?) This script tries to untangle some combinations, -# OpenRC on top of sysv or busybox (X+openrc), but will ignore others (runit as -# a systemd service) +uname_s="$(uname -s)" -# NOTE: When we have no idea, nothing will be printed! - -# NOTE: -# When trying to gather information about the init system make sure to do so -# without calling the binary! On some systems this triggers a reinitialisation -# of the system which we don't want (e.g. embedded systems). - - -set -e - -KERNEL_NAME=$(uname -s) - -KNOWN_INIT_SYSTEMS=$(cat </dev/null 2>&1 || return 1 - launchctl getenv PATH >/dev/null || return 1 - echo launchd -} - -check_openrc() { - test -f /run/openrc/softlevel || return 1 - echo openrc -} - -check_procd() ( - procd_path=${1:-/sbin/procd} - test -x "${procd_path}" || return 1 - grep -q 'procd' "${procd_path}" || return 1 - echo procd -) - -check_runit() { - test -d /run/runit || return 1 - echo runit -} - -check_smf() { - # XXX: Is this the correct way?? - test -f /etc/svc/volatile/svc_nonpersist.db || return 1 - echo smf -} - -check_systemd() { - # NOTE: sd_booted(3) - test -d /run/systemd/system/ || return 1 - # systemctl --version | sed -e '/^systemd/!d;s/^systemd //' - echo systemd -} - -check_systemstarter() { - test -d /System/Library/StartupItems/ || return 1 - test -f /System/Library/StartupItems/LoginWindow/StartupParameters.plist || return 1 - echo init+SystemStarter -} - -check_sysvinit() ( - init_path=${1:-/sbin/init} - test -x "${init_path}" || return 1 - grep -q 'INIT_VERSION=sysvinit-[0-9.]*' "${init_path}" || return 1 - - # It is quite common to use SysVinit to stack other init systemd - # (like OpenRC) on top of it. So we check for that, too. - if stacked=$(check_openrc) - then - echo "sysvinit+${stacked}" - else - echo sysvinit - fi - unset stacked -) - -check_upstart() { - test -x "$(command -v initctl)" || return 1 - case $(initctl version) - in - *'(upstart '*')') - if test -d /etc/init - then - # modern (DBus-based?) upstart >= 0.5 - echo upstart - elif test -d /etc/event.d - then - # ancient upstart - echo upstart-legacy - else - # whatever... - echo upstart - fi - ;; - *) - return 1 - ;; - esac -} - -find_init_procfs() ( - # First, check if the required file in procfs exists... - test -h /proc/1/exe || return 1 - - # Find init executable - init_exe=$(ls -l /proc/1/exe 2>/dev/null) || return 1 - init_exe=${init_exe#* -> } - - if ! test -x "$init_exe" - then - # On some rare occasions it can happen that the - # running init's binary has been replaced. In this - # case Linux adjusts the symlink to "X (deleted)" - - # [root@fedora-12 ~]# readlink /proc/1/exe - # /sbin/init (deleted) - # [root@fedora-12 ~]# ls -l /proc/1/exe - # lrwxrwxrwx. 1 root root 0 2020-01-30 23:00 /proc/1/exe -> /sbin/init (deleted) - - init_exe=${init_exe% (deleted)} - test -x "$init_exe" || return 1 - fi - - echo "${init_exe}" -) - -guess_by_path() { - case $1 - in - /bin/busybox) - check_busybox_init "$1" && return - ;; - /lib/systemd/systemd) - check_systemd "$1" && return - ;; - /hurd/init) - check_hurd_init "$1" && return - ;; - /sbin/launchd) - check_launchd "$1" && return - ;; - /usr/bin/runit|/sbin/runit) - check_runit "$1" && return - ;; - /sbin/openrc-init) - if check_openrc "$1" >/dev/null - then - echo openrc-init - return - fi - ;; - /sbin/procd) - check_procd "$1" && return - ;; - /sbin/init|*/init) - # init: it could be anything -> (explicit) no match - return 1 - ;; - esac - - # No match - return 1 -} - -guess_by_comm_name() { - case $1 - in - busybox) - check_busybox_init && return - ;; - openrc-init) - if check_openrc >/dev/null - then - echo openrc-init - return 0 - fi - ;; - init) - # init could be anything -> no match - return 1 - ;; - *) - # Run check function by comm name if available. - # Fall back to comm name if either it does not exist or - # returns non-zero. - if type "check_$1" >/dev/null - then - "check_$1" && return - else - echo "$1" ; return 0 - fi - esac - - return 1 -} - -check_list() ( - # List must be a multi-line input on stdin (one name per line) - while read -r init - do - "check_${init}" || continue - return 0 - done - return 1 -) - - -# BusyBox's versions of ps and pgrep do not support some options -# depending on which compile-time options have been used. - -find_init_pgrep() { - pgrep -P0 -fl 2>/dev/null | awk -F '[[:blank:]]' '$1 == 1 { print $2 }' -} - -find_init_ps() { - case $KERNEL_NAME - in - Darwin) - ps -o command -p 1 2>/dev/null | tail -n +2 - ;; - FreeBSD) - ps -o args= -p 1 2>/dev/null | cut -d ' ' -f 1 - ;; - Linux) - ps -o comm= -p 1 2>/dev/null - ;; - NetBSD) - ps -o comm= -p 1 2>/dev/null - ;; - OpenBSD) - ps -o args -p 1 2>/dev/null | tail -n +2 | cut -d ' ' -f 1 - ;; - *) - ps -o args= -p 1 2>/dev/null - ;; - esac | trim # trim trailing whitespace (some ps like Darwin add it) -} - -find_init() { - case $KERNEL_NAME - in - Linux|GNU|NetBSD) - find_init_procfs || find_init_pgrep || find_init_ps - ;; - FreeBSD) - find_init_procfs || find_init_ps - ;; - OpenBSD) - find_init_pgrep || find_init_ps - ;; - Darwin|SunOS) - find_init_ps - ;; - *) - echo "Don't know how to determine init." >&2 - echo 'Please send a patch.' >&2 - exit 1 - esac -} - -# ----- - -init=$(find_init) - -# If we got a path, guess by the path first (fall back to file name if no match) -# else guess by file name directly. -# shellcheck disable=SC2015 -{ - test -x "${init}" \ - && guess_by_path "${init}" \ - || guess_by_comm_name "$(basename "${init}")" -} && exit 0 || true - - -# Guessing based on the file path and name didn’t lead to a definitive result. -# -# We go through all of the checks until we find a match. To speed up the -# process, common cases will be checked first based on the underlying kernel. - -{ common_candidates_by_kernel; echo "${KNOWN_INIT_SYSTEMS}"; } \ - | unique | check_list +case "$uname_s" in + Linux) + (pgrep -P0 -l | awk '/^1[ \t]/ {print $2;}') || true + ;; + FreeBSD|OpenBSD) + ps -o comm= -p 1 || true + ;; + *) + # return a empty string as unknown value + echo "" + ;; +esac diff --git a/cdist/conf/explorer/machine_type b/cdist/conf/explorer/machine_type index 1c84f4d7..bb21f69c 100755 --- a/cdist/conf/explorer/machine_type +++ b/cdist/conf/explorer/machine_type @@ -2,7 +2,6 @@ # # 2014 Daniel Heule (hda at sfs.biz) # 2014 Thomas Oettli (otho at sfs.biz) -# 2020 Evilham (contact at evilham.com) # # This file is part of cdist. # @@ -19,91 +18,63 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # +# -os=$("$__explorer/os") +# FIXME: other system types (not linux ...) -vendor_string_to_machine_type() { - for vendor in vmware bochs kvm qemu virtualbox bhyve; do - if echo "${1}" | grep -q -i "${vendor}"; then - if [ "${vendor}" = "bochs" ] || [ "${vendor}" = "qemu" ]; then - vendor="kvm" +if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then + echo openvz + exit +fi + +if [ -e "/proc/1/environ" ] && + tr '\000' '\n' < "/proc/1/environ" | grep -Eiq '^container='; then + echo lxc + exit +fi + +if [ -r /proc/cpuinfo ]; then + # this should only exist on virtual guest machines, + # tested on vmware, xen, kvm + if grep -q "hypervisor" /proc/cpuinfo; then + # this file is aviable in xen guest systems + if [ -r /sys/hypervisor/type ]; then + if grep -q -i "xen" /sys/hypervisor/type; then + echo virtual_by_xen + exit fi - echo "virtual_by_${vendor}" - exit - fi - done -} - -case "$os" in - "freebsd") - # FreeBSD does not have /proc/cpuinfo even when procfs is used. - # Instead there is a sysctl kern.vm_guest. - # Which is 'none' if physical, else the virtualisation. - vm_guest="$(sysctl -n kern.vm_guest 2>/dev/null || true)" - if [ -n "${vm_guest}" ]; then - if [ "${vm_guest}" = "none" ]; then - echo "physical" - exit - fi - echo "virtual_by_${vm_guest}" - exit - fi - ;; - - "openbsd") - # OpenBSD can also use the sysctl's: hw.vendor or hw.product. - # Note we can be reasonably sure about a machine being virtualised - # as long as we can identify the virtualisation technology. - # But not so much about it being physical... - # Patches are welcome / reach out if you have better ideas. - for sysctl in hw.vendor hw.product; do - # This exits if we can make a reasonable judgement - vendor_string_to_machine_type "$(sysctl -n "${sysctl}")" - done - ;; - - *) - # Defaulting to linux for compatibility with previous cdist behaviour - - if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then - echo openvz - exit - fi - - if [ -e "/proc/1/environ" ] && - tr '\000' '\n' < "/proc/1/environ" | grep -Eiq '^container='; then - echo lxc - exit - fi - - if [ -r /proc/cpuinfo ]; then - # this should only exist on virtual guest machines, - # tested on vmware, xen, kvm, bhyve - if grep -q "hypervisor" /proc/cpuinfo; then - # this file is aviable in xen guest systems - if [ -r /sys/hypervisor/type ]; then - if grep -q -i "xen" /sys/hypervisor/type; then - echo virtual_by_xen - exit - fi - else - for vendor_file in /sys/class/dmi/id/product_name \ - /sys/class/dmi/id/sys_vendor \ - /sys/class/dmi/id/chasis_vendor; do - if [ -r ${vendor_file} ]; then - # This exits if we can make a reasonable judgement - vendor_string_to_machine_type "$(cat "${vendor_file}")" - fi - done + else + if [ -r /sys/class/dmi/id/product_name ]; then + if grep -q -i 'vmware' /sys/class/dmi/id/product_name; then + echo "virtual_by_vmware" + exit + elif grep -q -i 'bochs' /sys/class/dmi/id/product_name; then + echo "virtual_by_kvm" + exit + elif grep -q -i 'virtualbox' /sys/class/dmi/id/product_name; then + echo "virtual_by_virtualbox" + exit fi - echo "virtual_by_unknown" - exit - else - echo "physical" - exit fi - fi - ;; -esac -echo "unknown" + if [ -r /sys/class/dmi/id/sys_vendor ]; then + if grep -q -i 'qemu' /sys/class/dmi/id/sys_vendor; then + echo "virtual_by_kvm" + exit + fi + fi + + if [ -r /sys/class/dmi/id/chassis_vendor ]; then + if grep -q -i 'qemu' /sys/class/dmi/id/chassis_vendor; then + echo "virtual_by_kvm" + exit + fi + fi + fi + echo "virtual_by_unknown" + else + echo "physical" + fi +else + echo "unknown" +fi diff --git a/cdist/conf/explorer/memory b/cdist/conf/explorer/memory index 5ea15ada..4e3efff8 100755 --- a/cdist/conf/explorer/memory +++ b/cdist/conf/explorer/memory @@ -29,8 +29,7 @@ case "$os" in echo "$(sysctl -n hw.memsize)/1024" | bc ;; - *"bsd") - PATH=$(getconf PATH) + "openbsd") echo "$(sysctl -n hw.physmem) / 1048576" | bc ;; diff --git a/cdist/conf/explorer/os b/cdist/conf/explorer/os index 46d87f3e..563fa4cf 100755 --- a/cdist/conf/explorer/os +++ b/cdist/conf/explorer/os @@ -143,13 +143,6 @@ case "$uname_s" in esac if [ -f /etc/os-release ]; then - # after sles15, suse don't provide an /etc/SuSE-release anymore, but there is almost no difference between sles and opensuse leap, so call it suse - # shellcheck disable=SC1091 - if (. /etc/os-release && echo "${ID_LIKE}" | grep -q '\(^\|\ \)suse\($\|\ \)') - then - echo suse - exit 0 - fi # already lowercase, according to: # https://www.freedesktop.org/software/systemd/man/os-release.html awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release diff --git a/cdist/conf/explorer/os_release b/cdist/conf/explorer/os_release index 6489446b..cfc01004 100644 --- a/cdist/conf/explorer/os_release +++ b/cdist/conf/explorer/os_release @@ -1,7 +1,6 @@ #!/bin/sh # # 2018 Adam Dej (dejko.a at gmail.com) -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -22,17 +21,6 @@ # See os-release(5) and http://0pointer.de/blog/projects/os-release -if test -f /etc/os-release -then - # Linux and FreeBSD (usually a symlink) - cat /etc/os-release -elif test -f /usr/lib/os-release -then - # systemd - cat /usr/lib/os-release -elif test -f /var/run/os-release -then - # FreeBSD (created by os-release service) - cat /var/run/os-release -fi +set +e +cat /etc/os-release || cat /usr/lib/os-release || true diff --git a/cdist/conf/explorer/os_version b/cdist/conf/explorer/os_version index 3b02dedd..4c41695b 100755 --- a/cdist/conf/explorer/os_version +++ b/cdist/conf/explorer/os_version @@ -31,32 +31,7 @@ case "$("$__explorer/os")" in cat /etc/arch-release ;; debian) - debian_version=$(cat /etc/debian_version) - case $debian_version - in - testing/unstable) - # previous to Debian 4.0 testing/unstable was used - # cf. https://metadata.ftp-master.debian.org/changelogs/main/b/base-files/base-files_11_changelog - echo 3.99 - ;; - */sid) - # sid versions don't have a number, so we decode by codename: - case $(expr "$debian_version" : '\([a-z]\{1,\}\)/') - in - bullseye) echo 10.99 ;; - buster) echo 9.99 ;; - stretch) echo 8.99 ;; - jessie) echo 7.99 ;; - wheezy) echo 6.99 ;; - squeeze) echo 5.99 ;; - lenny) echo 4.99 ;; - *) exit 1 - esac - ;; - *) - echo "$debian_version" - ;; - esac + cat /etc/debian_version ;; devuan) cat /etc/devuan_version @@ -70,11 +45,6 @@ case "$("$__explorer/os")" in macosx) sw_vers -productVersion ;; - freebsd) - # Apparently uname -r is not a reliable way to get the patch level. - # See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743 - freebsd-version - ;; *bsd|solaris) uname -r ;; @@ -100,7 +70,4 @@ case "$("$__explorer/os")" in ubuntu) lsb_release -sr ;; - alpine) - cat /etc/alpine-release - ;; esac diff --git a/cdist/conf/type/__mysql_privileges/explorer/state b/cdist/conf/type/__acl/explorer/checks similarity index 54% rename from cdist/conf/type/__mysql_privileges/explorer/state rename to cdist/conf/type/__acl/explorer/checks index 4f13a70c..70bb0412 100755 --- a/cdist/conf/type/__mysql_privileges/explorer/state +++ b/cdist/conf/type/__acl/explorer/checks @@ -1,6 +1,6 @@ #!/bin/sh -e # -# 2020 Ander Punnar (ander-at-kvlt-dot-ee) +# 2019 Ander Punnar (ander-at-kvlt-dot-ee) # # This file is part of cdist. # @@ -18,23 +18,22 @@ # along with cdist. If not, see . # -privileges="$( cat "$__object/parameter/privileges" )" +# TODO check if filesystem has ACL turned on etc -database="$( cat "$__object/parameter/database" )" - -table="$( cat "$__object/parameter/table" )" - -user="$( cat "$__object/parameter/user" )" - -host="$( cat "$__object/parameter/host" )" - -check_privileges="$( - mysql -B -N -e "show grants for '$user'@'$host'" \ - | grep -Ei "^grant $privileges on .$database.\..?$table.? to " || true )" - -if [ -n "$check_privileges" ] +if [ -f "$__object/parameter/acl" ] then - echo 'present' -else - echo 'absent' + grep -E '^(default:)?(user|group):' "$__object/parameter/acl" \ + | while read -r acl + do + param="$( echo "$acl" | awk -F: '{print $(NF-2)}' )" + check="$( echo "$acl" | awk -F: '{print $(NF-1)}' )" + + [ "$param" = 'user' ] && db=passwd || db="$param" + + if ! getent "$db" "$check" > /dev/null + then + echo "missing $param '$check'" >&2 + exit 1 + fi + done fi diff --git a/cdist/conf/type/__acl/explorer/getent b/cdist/conf/type/__acl/explorer/getent deleted file mode 100755 index 7e6c2c30..00000000 --- a/cdist/conf/type/__acl/explorer/getent +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -e - -getent passwd | awk -F: '{print "user:"$1}' -getent group | awk -F: '{print "group:"$1}' diff --git a/cdist/conf/type/__acl/gencode-remote b/cdist/conf/type/__acl/gencode-remote index 32318e91..6dab4d09 100755 --- a/cdist/conf/type/__acl/gencode-remote +++ b/cdist/conf/type/__acl/gencode-remote @@ -20,13 +20,7 @@ file_is="$( cat "$__object/explorer/file_is" )" -if [ "$file_is" = 'missing' ] \ - && [ -z "$__cdist_dry_run" ] \ - && [ ! -f "$__object/parameter/file" ] \ - && [ ! -f "$__object/parameter/directory" ] -then - exit 0 -fi +[ "$file_is" = 'missing' ] && [ -z "$__cdist_dry_run" ] && exit 0 os="$( cat "$__global/explorer/os" )" @@ -34,39 +28,28 @@ acl_path="/$__object_id" acl_is="$( cat "$__object/explorer/acl_is" )" -if [ -f "$__object/parameter/source" ] +if [ -f "$__object/parameter/acl" ] then - acl_source="$( cat "$__object/parameter/source" )" + acl_should="$( cat "$__object/parameter/acl" )" +elif + [ -f "$__object/parameter/user" ] \ + || [ -f "$__object/parameter/group" ] \ + || [ -f "$__object/parameter/mask" ] \ + || [ -f "$__object/parameter/other" ] +then + acl_should="$( for param in user group mask other + do + [ ! -f "$__object/parameter/$param" ] && continue - if [ "$acl_source" = '-' ] - then - acl_should="$( cat "$__object/stdin" )" - else - acl_should="$( grep -Ev '^#|^$' "$acl_source" )" - fi -elif [ -f "$__object/parameter/entry" ] -then - acl_should="$( cat "$__object/parameter/entry" )" + echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=: + + echo "$param$sep$( cat "$__object/parameter/$param" )" + done )" else echo 'no parameters set' >&2 exit 1 fi -# instead of setfacl's non-helpful message "Option -m: Invalid argument near character X" -# let's check if target has necessary users and groups, since mistyped or missing -# users/groups in target is most common reason. -echo "$acl_should" \ - | grep -Po '(user|group):[^:]+' \ - | sort -u \ - | while read -r l - do - if ! grep "$l" -Fxq "$__object/explorer/getent" - then - echo "no $l' in target" | sed "s/:/ '/" >&2 - exit 1 - fi - done - if [ -f "$__object/parameter/default" ] then acl_should="$( echo "$acl_should" \ diff --git a/cdist/conf/type/__acl/man.rst b/cdist/conf/type/__acl/man.rst index 307be72b..85e946ce 100644 --- a/cdist/conf/type/__acl/man.rst +++ b/cdist/conf/type/__acl/man.rst @@ -12,29 +12,11 @@ Fully supported and tested on Linux (ext4 filesystem), partial support for FreeB See ``setfacl`` and ``acl`` manpages for more details. -One of ``--entry`` or ``--source`` must be used. - -OPTIONAL MULTIPLE PARAMETERS +REQUIRED MULTIPLE PARAMETERS ---------------------------- -entry +acl Set ACL entry following ``getfacl`` output syntax. - Must be used if ``--source`` is not used. - - -OPTIONAL PARAMETERS -------------------- -source - Read ACL entries from stdin or file. - Ordering of entries is not important. - When reading from file, comments and empty lines are ignored. - Must be used if ``--entry`` is not used. - -file - Create/change file with ``__file`` using ``user:group:mode`` pattern. - -directory - Create/change directory with ``__directory`` using ``user:group:mode`` pattern. BOOLEAN PARAMETERS @@ -52,6 +34,12 @@ remove ``mask`` and ``other`` entries can't be removed, but only changed. +DEPRECATED PARAMETERS +--------------------- +Parameters ``user``, ``group``, ``mask`` and ``other`` are deprecated and they +will be removed in future versions. Please use ``acl`` parameter instead. + + EXAMPLES -------- @@ -61,38 +49,27 @@ EXAMPLES --default \ --recursive \ --remove \ - --entry user:alice:rwx \ - --entry user:bob:r-x \ - --entry group:project-group:rwx \ - --entry group:some-other-group:r-x \ - --entry mask::r-x \ - --entry other::r-x + --acl user:alice:rwx \ + --acl user:bob:r-x \ + --acl group:project-group:rwx \ + --acl group:some-other-group:r-x \ + --acl mask::r-x \ + --acl other::r-x # give Alice read-only access to subdir, # but don't allow her to see parent content. __acl /srv/project2 \ --remove \ - --entry default:group:secret-project:rwx \ - --entry group:secret-project:rwx \ - --entry user:alice:--x + --acl default:group:secret-project:rwx \ + --acl group:secret-project:rwx \ + --acl user:alice:--x __acl /srv/project2/subdir \ --default \ --remove \ - --entry group:secret-project:rwx \ - --entry user:alice:r-x - - # read acl from stdin - echo 'user:alice:rwx' \ - | __acl /path/to/directory --source - - - # create/change directory too - __acl /path/to/directory \ - --default \ - --remove \ - --directory root:root:770 \ - --entry user:nobody:rwx + --acl group:secret-project:rwx \ + --acl user:alice:r-x AUTHORS diff --git a/cdist/conf/type/__acl/manifest b/cdist/conf/type/__acl/manifest deleted file mode 100755 index 5fd23110..00000000 --- a/cdist/conf/type/__acl/manifest +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -e - -for p in file directory -do - [ ! -f "$__object/parameter/$p" ] && continue - - "__$p" "/$__object_id" \ - --owner "$( awk -F: '{print $1}' "$__object/parameter/$p" )" \ - --group "$( awk -F: '{print $2}' "$__object/parameter/$p" )" \ - --mode "$( awk -F: '{print $3}' "$__object/parameter/$p" )" -done diff --git a/cdist/conf/type/__acl/parameter/deprecated/group b/cdist/conf/type/__acl/parameter/deprecated/group new file mode 100644 index 00000000..94e14159 --- /dev/null +++ b/cdist/conf/type/__acl/parameter/deprecated/group @@ -0,0 +1 @@ +see manual for details diff --git a/cdist/conf/type/__acl/parameter/deprecated/mask b/cdist/conf/type/__acl/parameter/deprecated/mask new file mode 100644 index 00000000..94e14159 --- /dev/null +++ b/cdist/conf/type/__acl/parameter/deprecated/mask @@ -0,0 +1 @@ +see manual for details diff --git a/cdist/conf/type/__acl/parameter/deprecated/other b/cdist/conf/type/__acl/parameter/deprecated/other new file mode 100644 index 00000000..94e14159 --- /dev/null +++ b/cdist/conf/type/__acl/parameter/deprecated/other @@ -0,0 +1 @@ +see manual for details diff --git a/cdist/conf/type/__acl/parameter/deprecated/user b/cdist/conf/type/__acl/parameter/deprecated/user new file mode 100644 index 00000000..94e14159 --- /dev/null +++ b/cdist/conf/type/__acl/parameter/deprecated/user @@ -0,0 +1 @@ +see manual for details diff --git a/cdist/conf/type/__acl/parameter/optional b/cdist/conf/type/__acl/parameter/optional index 5a0c29a3..4b32086b 100644 --- a/cdist/conf/type/__acl/parameter/optional +++ b/cdist/conf/type/__acl/parameter/optional @@ -1,3 +1,2 @@ -source -file -directory +mask +other diff --git a/cdist/conf/type/__acl/parameter/optional_multiple b/cdist/conf/type/__acl/parameter/optional_multiple index 4c884f03..95c25d55 100644 --- a/cdist/conf/type/__acl/parameter/optional_multiple +++ b/cdist/conf/type/__acl/parameter/optional_multiple @@ -1 +1,3 @@ -entry +acl +user +group diff --git a/cdist/conf/type/__apt_backports/man.rst b/cdist/conf/type/__apt_backports/man.rst deleted file mode 100644 index 7036fb84..00000000 --- a/cdist/conf/type/__apt_backports/man.rst +++ /dev/null @@ -1,104 +0,0 @@ -cdist-type__debian_backports(7) -=============================== - -NAME ----- -cdist-type__apt_backports - Install backports - - -DESCRIPTION ------------ -This singleton type installs backports for the current OS release. -It aborts if backports are not supported for the specified OS or -no version codename could be fetched (like Debian unstable). - -The package index will be automatically updated if required. - -It supports backports from following OSes: - -- Debian -- Devuan -- Ubuntu - - -REQUIRED PARAMETERS -------------------- -None. - - -OPTIONAL PARAMETERS -------------------- -state - Represents the state of the backports repository. ``present`` or - ``absent``, defaults to ``present``. - - Will be directly passed to :strong:`cdist-type__apt_source`\ (7). - -mirror - The mirror to fetch the backports from. Will defaults to the generic - mirror of the current OS. - - Will be directly passed to :strong:`cdist-type__apt_source`\ (7). - - -BOOLEAN PARAMETERS ------------------- -None. - - -MESSAGES --------- -None. - - -EXAMPLES --------- - -.. code-block:: sh - - # setup the backports - __apt_backports - __apt_backports --state absent - __apt_backports --state present --mirror "http://ftp.de.debian.org/debian/" - - # install a backports package - # currently for the buster release backports - require="__apt_backports" __package_apt wireguard \ - --target-release buster-backports - - -ABORTS ------- -Aborts if the detected os is not Debian. - -Aborts if no distribuition codename could be detected. This is common for the -unstable distribution, but there is no backports repository for it already. - - -CAVEATS -------- -For Ubuntu, it setup all componenents for the backports repository: ``main``, -``restricted``, ``universe`` and ``multiverse``. The user may not want to -install proprietary packages, which will only be installed if the user -explicitly uses the backports target-release. The user may change this behavior -to install backports packages without the need of explicitly select it. - - -SEE ALSO --------- -`Official Debian Backports site `_ - -:strong:`cdist-type__apt_source`\ (7) - - -AUTHORS -------- -Matthias Stecher - - -COPYING -------- -Copyright \(C) 2020 Matthias Stecher. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/cdist/conf/type/__apt_backports/manifest b/cdist/conf/type/__apt_backports/manifest deleted file mode 100755 index bc47d8de..00000000 --- a/cdist/conf/type/__apt_backports/manifest +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/sh -e -# __apt_backports/manifest -# -# 2020 Matthias Stecher (matthiasstecher at gmx.de) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# -# Enables/disables backports repository. Utilises __apt_source for it. -# - - -# Get the distribution codename by /etc/os-release. -# is already executed in a subshell by string substitution -# lsb_release may not be given in all installations -codename_os_release() { - # shellcheck disable=SC1090 - . "$__global/explorer/os_release" - printf "%s" "$VERSION_CODENAME" -} - -# detect backport distribution -os="$(cat "$__global/explorer/os")" -case "$os" in - debian) - dist="$( codename_os_release )" - components="main" - mirror="http://deb.debian.org/debian/" - ;; - devuan) - dist="$( codename_os_release )" - components="main" - mirror="http://deb.devuan.org/merged" - ;; - ubuntu) - dist="$( codename_os_release )" - components="main restricted universe multiverse" - mirror="http://archive.ubuntu.com/ubuntu" - ;; - - *) - printf "Backports for %s are not supported!\n" "$os" >&2 - exit 1 - ;; -esac - -# error if no codename given (e.g. on Debian unstable) -if [ -z "$dist" ]; then - printf "No backports for unkown version of distribution %s!\n" "$os" >&2 - exit 1 -fi - - -# parameters -state="$(cat "$__object/parameter/state")" - -# mirror already set for the os, only override user-values -if [ -f "$__object/parameter/mirror" ]; then - mirror="$(cat "$__object/parameter/mirror")" -fi - - -# install the given backports repository -__apt_source "${dist}-backports" \ - --state "$state" \ - --distribution "${dist}-backports" \ - --component "$components" \ - --uri "$mirror" diff --git a/cdist/conf/type/__apt_backports/parameter/default/state b/cdist/conf/type/__apt_backports/parameter/default/state deleted file mode 100644 index e7f6134f..00000000 --- a/cdist/conf/type/__apt_backports/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -present diff --git a/cdist/conf/type/__apt_backports/parameter/optional b/cdist/conf/type/__apt_backports/parameter/optional deleted file mode 100644 index 4b05c235..00000000 --- a/cdist/conf/type/__apt_backports/parameter/optional +++ /dev/null @@ -1,2 +0,0 @@ -state -mirror diff --git a/cdist/conf/type/__apt_key/gencode-remote b/cdist/conf/type/__apt_key/gencode-remote index 0c96ff67..e9daa524 100755 --- a/cdist/conf/type/__apt_key/gencode-remote +++ b/cdist/conf/type/__apt_key/gencode-remote @@ -61,29 +61,31 @@ EOF echo "curl -s -L '$uri' | apt-key add -" fi elif [ -d "$keydir" ]; then + tmp='/tmp/cdist_apt_key_tmp' + # we need to kill gpg after 30 seconds, because gpg # can get stuck if keyserver is not responding. # exporting env var and not exit 1, # because we need to clean up and kill dirmngr. cat << EOF -gpgtmphome="\$( mktemp -d )" +mkdir -m 700 -p "$tmp" if timeout 30s \\ - gpg --homedir "\$gpgtmphome" \\ + gpg --homedir "$tmp" \\ --keyserver "$keyserver" \\ --recv-keys "$keyid" then - gpg --homedir "\$gpgtmphome" \\ + gpg --homedir "$tmp" \\ --export "$keyid" \\ > "$keyfile" else export GPG_GOT_STUCK=1 fi -GNUPGHOME="\$gpgtmphome" gpgconf --kill dirmngr +GNUPGHOME="$tmp" gpgconf --kill dirmngr -rm -rf "\$gpgtmphome" +rm -rf "$tmp" if [ -n "\$GPG_GOT_STUCK" ] then diff --git a/cdist/conf/type/__apt_norecommends/man.rst b/cdist/conf/type/__apt_norecommends/man.rst index 9297b518..001fffe4 100644 --- a/cdist/conf/type/__apt_norecommends/man.rst +++ b/cdist/conf/type/__apt_norecommends/man.rst @@ -32,12 +32,11 @@ EXAMPLES AUTHORS ------- Steven Armstrong -Dennis Camera COPYING ------- -Copyright \(C) 2014 Steven Armstrong, 2020 Dennis Camera. -You can redistribute it and/or modify it under the terms of the GNU General -Public License as published by the Free Software Foundation, either version 3 of -the License, or (at your option) any later version. +Copyright \(C) 2014 Steven Armstrong. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__apt_norecommends/manifest b/cdist/conf/type/__apt_norecommends/manifest index fc187784..e737df89 100755 --- a/cdist/conf/type/__apt_norecommends/manifest +++ b/cdist/conf/type/__apt_norecommends/manifest @@ -1,7 +1,6 @@ #!/bin/sh -e # # 2014 Steven Armstrong (steven-cdist at armstrong.cc) -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -20,28 +19,26 @@ # -os=$(cat "${__global:?}/explorer/os") +os=$(cat "$__global/explorer/os") -case ${os} -in - (ubuntu|debian|devuan) - __file /etc/apt/apt.conf.d/00InstallRecommends --state present \ - --owner root --group root --mode 0644 --source - <<-'EOF' - APT::Install-Recommends "false"; - APT::Install-Suggests "false"; - APT::AutoRemove::RecommendsImportant "false"; - APT::AutoRemove::SuggestsImportant "false"; - EOF - - # TODO: Remove the following object after some time - require=__file/etc/apt/apt.conf.d/00InstallRecommends \ - __file /etc/apt/apt.conf.d/99-no-recommends --state absent - ;; - (*) - cat >&2 <&2 << DONE The developer of this type (${__type##*/}) did not think your operating system ($os) would have any use for it. If you think otherwise please submit a patch. -EOF - exit 1 - ;; +DONE + exit 1 + ;; esac diff --git a/cdist/conf/type/__apt_unattended_upgrades/man.rst b/cdist/conf/type/__apt_unattended_upgrades/man.rst deleted file mode 100644 index 2231b5f9..00000000 --- a/cdist/conf/type/__apt_unattended_upgrades/man.rst +++ /dev/null @@ -1,68 +0,0 @@ -cdist-type__apt_unattended_upgrades(7) -====================================== - -NAME ----- -cdist-type__apt_unattended_upgrades - automatic installation of updates - - -DESCRIPTION ------------ - -Install and configure unattended-upgrades package. - -For more information see https://wiki.debian.org/UnattendedUpgrades. - - -OPTIONAL MULTIPLE PARAMETERS ----------------------------- -option - Set options for unattended-upgrades. See examples. - - Supported options with default values (as of 2020-01-17) are: - - - AutoFixInterruptedDpkg, default is "true" - - MinimalSteps, default is "true" - - InstallOnShutdown, default is "false" - - Mail, default is "" (empty) - - MailOnlyOnError, default is "false" - - Remove-Unused-Kernel-Packages, default is "true" - - Remove-New-Unused-Dependencies, default is "true" - - Remove-Unused-Dependencies, default is "false" - - Automatic-Reboot, default is "false" - - Automatic-Reboot-WithUsers, default is "true" - - Automatic-Reboot-Time, default is "02:00" - - SyslogEnable, default is "false" - - SyslogFacility, default is "daemon" - - OnlyOnACPower, default is "true" - - Skip-Updates-On-Metered-Connections, default is "true" - - Verbose, default is "false" - - Debug, default is "false" - -blacklist - Python regular expressions, matching packages to exclude from upgrading. - - -EXAMPLES --------- - -.. code-block:: sh - - __apt_unattended_upgrades \ - --option Mail=root \ - --option MailOnlyOnError=true \ - --blacklist multipath-tools \ - --blacklist open-iscsi - - -AUTHORS -------- -Ander Punnar - - -COPYING -------- -Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it -under the terms of the GNU General Public License as published by the Free -Software Foundation, either version 3 of the License, or (at your option) any -later version. diff --git a/cdist/conf/type/__apt_unattended_upgrades/manifest b/cdist/conf/type/__apt_unattended_upgrades/manifest deleted file mode 100755 index 3c00e2f4..00000000 --- a/cdist/conf/type/__apt_unattended_upgrades/manifest +++ /dev/null @@ -1,80 +0,0 @@ -#!/bin/sh -e -# -# 2020 Ander Punnar (ander-at-kvlt-dot-ee) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -__package unattended-upgrades - -export require='__package/unattended-upgrades' - -# in normal circumstances 20auto-upgrades is managed -# by debconf and it can only contain these lines - -__file /etc/apt/apt.conf.d/20auto-upgrades \ - --owner root \ - --group root \ - --mode 644 \ - --source - << EOF -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Unattended-Upgrade "1"; -EOF - -# lets not write into upstream 50unattended-upgrades file, -# but use our own config file to avoid clashes - -conf_file='/etc/apt/apt.conf.d/51unattended-upgrades-cdist' - -conf='# this file is managed by cdist' - -if [ -f "$__object/parameter/option" ] -then - o='' - - while read -r l - do - o="$( printf '%s\nUnattended-Upgrade::%s "%s";\n' "$o" "${l%%=*}" "${l#*=}" )" - done \ - < "$__object/parameter/option" - - conf="$( printf '%s\n%s\n' "$conf" "$o" )" -fi - -if [ -f "$__object/parameter/blacklist" ] -then - b='Unattended-Upgrade::Package-Blacklist {' - - while read -r l - do - b="$( printf '%s\n"%s";\n' "$b" "$l" )" - done \ - < "$__object/parameter/blacklist" - - conf="$( printf '%s\n%s\n}\n' "$conf" "$b" )" -fi - -if [ "$( echo "$conf" | wc -l )" -gt 1 ] -then - echo "$conf" \ - | __file "$conf_file" \ - --owner root \ - --group root \ - --mode 644 \ - --source - -else - __file "$conf_file" --state absent -fi diff --git a/cdist/conf/type/__apt_unattended_upgrades/parameter/optional_multiple b/cdist/conf/type/__apt_unattended_upgrades/parameter/optional_multiple deleted file mode 100644 index ea4fba2b..00000000 --- a/cdist/conf/type/__apt_unattended_upgrades/parameter/optional_multiple +++ /dev/null @@ -1,2 +0,0 @@ -option -blacklist diff --git a/cdist/conf/type/__apt_unattended_upgrades/singleton b/cdist/conf/type/__apt_unattended_upgrades/singleton deleted file mode 100644 index e69de29b..00000000 diff --git a/cdist/conf/type/__block/gencode-remote b/cdist/conf/type/__block/gencode-remote index 7a1f4064..1f5cc033 100755 --- a/cdist/conf/type/__block/gencode-remote +++ b/cdist/conf/type/__block/gencode-remote @@ -46,29 +46,28 @@ fi remove_block() { cat << DONE -tmpfile=\$(mktemp ${quoted_file}.cdist.XXXXXXXXXX) +tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX) # preserve ownership and permissions of existing file -if [ -f $quoted_file ]; then - cp -p $quoted_file "\$tmpfile" +if [ -f "$file" ]; then + cp -p "$file" "\$tmpfile" fi -awk -v prefix=$(quote "$prefix") -v suffix=$(quote "$suffix") ' +awk -v prefix=^$(quote "$prefix")\$ -v suffix=^$(quote "$suffix")\$ ' { - if (\$0 == prefix) { + if (match(\$0,prefix)) { triggered=1 } if (triggered) { - if (\$0 == suffix) { + if (match(\$0,suffix)) { triggered=0 } } else { print } -}' $quoted_file > "\$tmpfile" -mv -f "\$tmpfile" $quoted_file +}' "$file" > "\$tmpfile" +mv -f "\$tmpfile" "$file" DONE } -quoted_file="$(quote "$file")" case "$state_should" in present) if [ "$state_is" = "changed" ]; then @@ -78,7 +77,7 @@ case "$state_should" in echo add >> "$__messages_out" fi cat << DONE -cat >> $quoted_file << '${__type##*/}_DONE' +cat >> "$file" << ${__type##*/}_DONE $(cat "$block") ${__type##*/}_DONE DONE diff --git a/cdist/conf/type/__cdist/manifest b/cdist/conf/type/__cdist/manifest index 0b0f1263..a97cf288 100755 --- a/cdist/conf/type/__cdist/manifest +++ b/cdist/conf/type/__cdist/manifest @@ -37,7 +37,6 @@ source="$(cat "$__object/parameter/source")" # out of it home=/home/$username -# shellcheck disable=SC2086 __user "$username" --home "$home" $shell require="__user/$username" __directory "$home" \ diff --git a/cdist/conf/type/__clean_path/explorer/list b/cdist/conf/type/__clean_path/explorer/list index 2bdc63a5..07d38127 100755 --- a/cdist/conf/type/__clean_path/explorer/list +++ b/cdist/conf/type/__clean_path/explorer/list @@ -18,12 +18,7 @@ # along with cdist. If not, see . # -if [ -f "$__object/parameter/path" ] -then - path="$( cat "$__object/parameter/path" )" -else - path="/$__object_id" -fi +path="/$__object_id" [ ! -d "$path" ] && exit 0 diff --git a/cdist/conf/type/__clean_path/gencode-remote b/cdist/conf/type/__clean_path/gencode-remote index 2899c4a5..998a70d8 100755 --- a/cdist/conf/type/__clean_path/gencode-remote +++ b/cdist/conf/type/__clean_path/gencode-remote @@ -20,12 +20,7 @@ [ ! -s "$__object/explorer/list" ] && exit 0 -if [ -f "$__object/parameter/path" ] -then - path="$( cat "$__object/parameter/path" )" -else - path="/$__object_id" -fi +path="/$__object_id" pattern="$( cat "$__object/parameter/pattern" )" diff --git a/cdist/conf/type/__clean_path/man.rst b/cdist/conf/type/__clean_path/man.rst index 31d90701..826f4589 100644 --- a/cdist/conf/type/__clean_path/man.rst +++ b/cdist/conf/type/__clean_path/man.rst @@ -10,7 +10,7 @@ DESCRIPTION ----------- Remove files and directories which match the pattern. -Provided path must be a directory. +Provided path (as __object_id) must be a directory. Patterns are passed to ``find``'s ``-regex`` - see ``find(1)`` for more details. @@ -29,9 +29,6 @@ pattern OPTIONAL PARAMETERS ------------------- -path - Path which will be cleaned. Defaults to ``$__object_id``. - exclude Pattern of files which are excluded from removal. @@ -49,11 +46,6 @@ EXAMPLES --exclude '.+\(charset\.conf\|security\.conf\)' \ --onchange 'service apache2 restart' - __clean_path apache2-conf-enabled \ - --path /etc/apache2/conf-enabled \ - --pattern '.+' \ - --exclude '.+\(charset\.conf\|security\.conf\)' \ - --onchange 'service apache2 restart' AUTHORS ------- diff --git a/cdist/conf/type/__clean_path/parameter/optional b/cdist/conf/type/__clean_path/parameter/optional index 3b97f71c..6f313474 100644 --- a/cdist/conf/type/__clean_path/parameter/optional +++ b/cdist/conf/type/__clean_path/parameter/optional @@ -1,3 +1,2 @@ exclude onchange -path diff --git a/cdist/conf/type/__consul_agent/man.rst b/cdist/conf/type/__consul_agent/man.rst index 62ee70bb..966abc60 100644 --- a/cdist/conf/type/__consul_agent/man.rst +++ b/cdist/conf/type/__consul_agent/man.rst @@ -116,9 +116,6 @@ verify-incoming verify-outgoing enforce the use of TLS and verify the peers authenticity on outgoing connections -use-distribution-package - uses distribution package instead of upstream binary - EXAMPLES -------- diff --git a/cdist/conf/type/__consul_agent/manifest b/cdist/conf/type/__consul_agent/manifest index 7b54529c..a88d26ed 100755 --- a/cdist/conf/type/__consul_agent/manifest +++ b/cdist/conf/type/__consul_agent/manifest @@ -1,8 +1,7 @@ #!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) -# 2015-2020 Nico Schottelius (nico-cdist at schottelius.org) -# 2019 Timothée Floure (timothee.floure at ungleich.ch) +# 2015-2019 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # @@ -20,87 +19,133 @@ # along with cdist. If not, see . # + os=$(cat "$__global/explorer/os") -### -# Type parameters. +case "$os" in + alpine|scientific|centos|debian|devuan|redhat|ubuntu) + # whitelist safeguard + : + ;; + *) + echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 + echo "Please contribute an implementation for it if you can." >&2 + exit 1 + ;; +esac state="$(cat "$__object/parameter/state")" user="$(cat "$__object/parameter/user")" group="$(cat "$__object/parameter/group")" -release=$(cat "$__global/explorer/lsb_release") -if [ -f "$__object/parameter/use-distribution-package" ]; then - use_distribution_package=1 -fi - -### -# Those are default that might be overriden by os-specific logic. - data_dir="/var/lib/consul" +conf_dir="/etc/consul/conf.d" +conf_file="config.json" - - -tls_dir="$conf_dir/tls" - -case "$os" in - alpine) - conf_dir="/etc/consul" - conf_file="server.json" - ;; - *) - conf_dir="/etc/consul/conf.d" - conf_file="config.json" - ;; +# FIXME: there has got to be a better way to handle the dependencies in this case +case "$state" in + present) + __group "$group" --system --state "$state" + require="__group/$group" \ + __user "$user" --system --gid "$group" \ + --home "$data_dir" --state "$state" + export require="__user/consul" + ;; + absent) + echo "Sorry, state=absent currently not supported :-(" >&2 + exit 1 + require="$__object_name" \ + __user "$user" --system --gid "$group" --state "$state" + require="__user/$user" \ + __group "$group" --system --state "$state" + ;; esac -### -# Sane deployment, based on distribution package when available. +__directory /etc/consul \ + --owner root --group "$group" --mode 750 --state "$state" +require="__directory/etc/consul" \ + __directory "$conf_dir" \ + --owner root --group "$group" --mode 750 --state "$state" -distribution_setup () { - case "$os" in - debian) - # consul is only available starting Debian 10 (buster). - # See https://packages.debian.org/buster/consul - if [ "$release" -lt 10 ]; then - echo "Consul is not available for your debian release." >&2 - echo "Please use the 'manual' (i.e. non-package) installation or \ - upgrade the target system." >&2 - exit 1 - fi +if [ -f "$__object/parameter/ca-file-source" ] || [ -f "$__object/parameter/cert-file-source" ] || [ -f "$__object/parameter/key-file-source" ]; then + # create directory for ssl certs + require="__directory/etc/consul" \ + __directory /etc/consul/ssl \ + --owner root --group "$group" --mode 750 --state "$state" +fi - # Override previously defined environment to match debian packaging. - conf_dir='/etc/consul.d' - user='consul' - group='consul' - ;; - alpine) - # consul is only available starting Alpine 3.12 (= edge during the 3.11 cycle). - # See https://pkgs.alpinelinux.org/packages?name=consul&branch=edge +__directory "$data_dir" \ + --owner "$user" --group "$group" --mode 770 --state "$state" - # Override previously defined environment to match alpine packaging. - conf_dir='/etc/consul' - conf_file='server.json' - data_dir='/var/consul' - user='consul' - group='consul' - ;; - *) - echo "Your operating system ($os) is currently not supported with the \ - --use-distribution-package flag (${__type##*/})." >&2 - echo "Please use non-package installation or contribute an \ - implementation for if you can." >&2 - exit 1 - ;; - esac - # Install consul package. - __package consul --state "$state" +# Generate json config file +( +echo "{" - export config_deployment_requires="__package/consul" -} +# parameters we define ourself +printf ' "data_dir": "%s"\n' "$data_dir" -### -# LEGACY manual deployment, kept for compatibility reasons. +cd "$__object/parameter/" +for param in *; do + case "$param" in + state|user|group|json-config) continue ;; + ca-file-source|cert-file-source|key-file-source) + source="$(cat "$__object/parameter/$param")" + destination="/etc/consul/ssl/${source##*/}" + require="__directory/etc/consul/ssl" \ + __file "$destination" \ + --owner root --group consul --mode 640 \ + --source "$source" \ + --state "$state" + key="$(echo "${param%-*}" | tr '-' '_')" + printf ' ,"%s": "%s"\n' "$key" "$destination" + ;; + disable-remote-exec|disable-update-check|leave-on-terminate|rejoin-after-leave|server|enable-syslog|verify-incoming|verify-outgoing) + # handle boolean parameters + key="$(echo "$param" | tr '-' '_')" + printf ' ,"%s": true\n' "$key" + ;; + retry-join) + # join multiple parameters into json array + retry_join="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join")" + # remove trailing , + printf ' ,"retry_join": [%s]\n' "${retry_join%*,}" + ;; + retry-join-wan) + # join multiple parameters into json array over wan + retry_join_wan="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join-wan")" + # remove trailing , + printf ' ,"retry_join_wan": [%s]\n' "${retry_join_wan%*,}" + ;; + bootstrap-expect) + # integer key=value parameters + key="$(echo "$param" | tr '-' '_')" + printf ' ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")" + ;; + *) + # string key=value parameters + key="$(echo "$param" | tr '-' '_')" + printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" + ;; + esac +done +if [ -f "$__object/parameter/json-config" ]; then + json_config="$(cat "$__object/parameter/json-config")" + if [ "$json_config" = "-" ]; then + json_config="$__object/stdin" + fi + # remove leading and trailing whitespace and commas from first and last line + # indent each line with 3 spaces for consistency + json=$(sed -e 's/^[ \t]*/ /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config") + printf ' ,%s\n' "$json" +fi +echo "}" +) | \ +require="__directory${conf_dir}" \ + __config_file "${conf_dir}/${conf_file}" \ + --owner root --group "$group" --mode 640 \ + --state "$state" \ + --onchange 'service consul status >/dev/null && service consul reload || true' \ + --source - init_sysvinit() { @@ -134,186 +179,47 @@ init_upstart() require="__file/etc/init/consul.conf" __start_on_boot consul } -manual_setup () { - case "$os" in - alpine|scientific|centos|debian|devuan|redhat|ubuntu) - # whitelist safeguard - : - ;; - *) - echo "Your operating system ($os) is currently not supported by this \ - type (${__type##*/})." >&2 - echo "Please contribute an implementation for it if you can." >&2 - exit 1 - ;; - esac - - # FIXME: there has got to be a better way to handle the dependencies in this case - case "$state" in - present) - __group "$group" --system --state "$state" - require="__group/$group" __user "$user" \ - --system --gid "$group" --home "$data_dir" --state "$state" - ;; - *) - echo "The $state state is not (yet?) supported by this type." >&2 - exit 1 - ;; - esac - - # Create data directory. - require="__user/consul" __directory "$data_dir" \ - --owner "$user" --group "$group" --mode 770 --state "$state" - - # Create config directory. - require="__user/consul" __directory "$conf_dir" \ - --parents --owner root --group "$group" --mode 750 --state "$state" - - # Install init script to start on boot - case "$os" in - devuan) - init_sysvinit debian - ;; - centos|redhat) - os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")" - major_version="${os_version%%.*}" - case "$major_version" in - [456]) - init_sysvinit redhat - ;; - 7) - init_systemd - ;; - *) - echo "Unsupported CentOS/Redhat version: $os_version" >&2 - exit 1 - ;; - esac - ;; - - debian) - os_version=$(cat "$__global/explorer/os_version") - major_version="${os_version%%.*}" - - case "$major_version" in - [567]) - init_sysvinit debian - ;; - [89]|10) - init_systemd - ;; - *) - echo "Unsupported Debian version $os_version" >&2 - exit 1 - ;; - esac - ;; - - ubuntu) - init_upstart - ;; - esac - - config_deployment_requires="__user/consul __directory/$conf_dir" -} - -### -# Trigger requested installation method. -if [ $use_distribution_package ]; then - distribution_setup -else - manual_setup -fi - -### -# Install TLS certificates. - -if [ -f "$__object/parameter/ca-file-source" ] || \ - [ -f "$__object/parameter/cert-file-source" ] || \ - [ -f "$__object/parameter/key-file-source" ]; then - - requires="$config_deployment_requires" __directory "$tls_dir" \ - --owner root --group "$group" --mode 750 --state "$state" - - # Append to service restart requirements. - restart_requires="$restart_requires __directory/$conf_dir/tls" -fi - -### -# Generate and deploy configuration. - -json_configuration=$( - echo "{" - - # parameters we define ourself - printf ' "data_dir": "%s"\n' "$data_dir" - - cd "$__object/parameter/" - for param in *; do - case "$param" in - state|user|group|json-config|use-distribution-package) continue ;; - ca-file-source|cert-file-source|key-file-source) - source="$(cat "$__object/parameter/$param")" - destination="$tls_dir/${source##*/}" - require="__directory/$tls_dir" \ - __file "$destination" \ - --owner root --group consul --mode 640 \ - --source "$source" \ - --state "$state" - key="$(echo "${param%-*}" | tr '-' '_')" - printf ' ,"%s": "%s"\n' "$key" "$destination" +# Install init script to start on boot +case "$os" in + alpine|devuan) + init_sysvinit debian ;; - disable-remote-exec|disable-update-check|leave-on-terminate\ - |rejoin-after-leave|server|enable-syslog|verify-incoming|verify-outgoing) - # handle boolean parameters - key="$(echo "$param" | tr '-' '_')" - printf ' ,"%s": true\n' "$key" + centos|redhat) + os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")" + major_version="${os_version%%.*}" + case "$major_version" in + [456]) + init_sysvinit redhat + ;; + 7) + init_systemd + ;; + *) + echo "Unsupported CentOS/Redhat version: $os_version" >&2 + exit 1 + ;; + esac ;; - retry-join) - # join multiple parameters into json array - retry_join="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join")" - # remove trailing , - printf ' ,"retry_join": [%s]\n' "${retry_join%*,}" - ;; - retry-join-wan) - # join multiple parameters into json array over wan - retry_join_wan="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join-wan")" - # remove trailing , - printf ' ,"retry_join_wan": [%s]\n' "${retry_join_wan%*,}" - ;; - bootstrap-expect) - # integer key=value parameters - key="$(echo "$param" | tr '-' '_')" - printf ' ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")" - ;; - *) - # string key=value parameters - key="$(echo "$param" | tr '-' '_')" - printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" - ;; - esac - done - if [ -f "$__object/parameter/json-config" ]; then - json_config="$(cat "$__object/parameter/json-config")" - if [ "$json_config" = "-" ]; then - json_config="$__object/stdin" - fi - # remove leading and trailing whitespace and commas from first and last line - # indent each line with 3 spaces for consistency - json=$(sed -e 's/^[ \t]*/ /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config") - printf ' ,%s\n' "$json" - fi - echo "}" -) -echo "$json_configuration" | require="$config_deployment_requires" \ - __file "$conf_dir/$conf_file" \ - --owner root --group "$group" --mode 640 \ - --state "$state" \ - --source - -# Set configuration deployment as requirement for service restart. -restart_requires="__file/$conf_dir/$conf_file" + debian) + os_version=$(cat "$__global/explorer/os_version") + major_version="${os_version%%.*}" -### -# Restart consul agent after everything else. -require="$restart_requires" __service consul --action restart + case "$major_version" in + [567]) + init_sysvinit debian + ;; + [89]) + init_systemd + ;; + *) + echo "Unsupported Debian version $os_version" >&2 + exit 1 + ;; + esac + ;; + + ubuntu) + init_upstart + ;; +esac diff --git a/cdist/conf/type/__consul_agent/parameter/boolean b/cdist/conf/type/__consul_agent/parameter/boolean index c86853c3..91f7f17e 100644 --- a/cdist/conf/type/__consul_agent/parameter/boolean +++ b/cdist/conf/type/__consul_agent/parameter/boolean @@ -6,4 +6,3 @@ server enable-syslog verify-incoming verify-outgoing -use-distribution-package diff --git a/cdist/conf/type/__consul_check/explorer/conf-dir b/cdist/conf/type/__consul_check/explorer/conf-dir deleted file mode 120000 index daa712c3..00000000 --- a/cdist/conf/type/__consul_check/explorer/conf-dir +++ /dev/null @@ -1 +0,0 @@ -../../__consul_service/explorer/conf-dir \ No newline at end of file diff --git a/cdist/conf/type/__consul_check/manifest b/cdist/conf/type/__consul_check/manifest index 522aa1a9..c9f7add9 100755 --- a/cdist/conf/type/__consul_check/manifest +++ b/cdist/conf/type/__consul_check/manifest @@ -19,7 +19,7 @@ # name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")" -conf_dir=$(cat "$__object/explorer/conf-dir") +conf_dir="/etc/consul/conf.d" conf_file="check_${name}.json" state="$(cat "$__object/parameter/state")" diff --git a/cdist/conf/type/__consul_service/explorer/conf-dir b/cdist/conf/type/__consul_service/explorer/conf-dir deleted file mode 100644 index 0fc9ef84..00000000 --- a/cdist/conf/type/__consul_service/explorer/conf-dir +++ /dev/null @@ -1,15 +0,0 @@ -# Determine the configuration directory used by consul. - -check_dir () { - if [ -d "$1" ]; then - printf '%s' "$1" - exit - fi -} - -check_dir '/etc/consul/conf.d' -check_dir '/etc/consul.d' -check_dir '/etc/consul' - -echo 'Could not determine consul configuration dir. Exiting.' >&2 -exit 1 diff --git a/cdist/conf/type/__consul_service/manifest b/cdist/conf/type/__consul_service/manifest index d16f18e0..60397db7 100755 --- a/cdist/conf/type/__consul_service/manifest +++ b/cdist/conf/type/__consul_service/manifest @@ -19,7 +19,7 @@ # name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")" -conf_dir=$(cat "$__object/explorer/conf-dir") +conf_dir="/etc/consul/conf.d" conf_file="service_${name}.json" state="$(cat "$__object/parameter/state")" @@ -45,7 +45,7 @@ printf ' "name": "%s"\n' "$name" cd "$__object/parameter/" for param in *; do case "$param" in - state|name|check-interval|conf-dir) continue ;; + state|name|check-interval) continue ;; check-script) printf ' ,"check": {\n' printf ' "script": "%s"\n' "$(cat "$__object/parameter/check-script")" @@ -86,6 +86,7 @@ echo " }" # end json file echo "}" ) | \ +require="__directory${conf_dir}" \ __config_file "${conf_dir}/${conf_file}" \ --owner root --group consul --mode 640 \ --state "$state" \ diff --git a/cdist/conf/type/__consul_watch_checks/explorer/conf-dir b/cdist/conf/type/__consul_watch_checks/explorer/conf-dir deleted file mode 120000 index daa712c3..00000000 --- a/cdist/conf/type/__consul_watch_checks/explorer/conf-dir +++ /dev/null @@ -1 +0,0 @@ -../../__consul_service/explorer/conf-dir \ No newline at end of file diff --git a/cdist/conf/type/__consul_watch_checks/manifest b/cdist/conf/type/__consul_watch_checks/manifest index 4976b25a..5fdd7a74 100755 --- a/cdist/conf/type/__consul_watch_checks/manifest +++ b/cdist/conf/type/__consul_watch_checks/manifest @@ -20,7 +20,7 @@ cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" -conf_dir=$(cat "$__object/explorer/conf-dir") +conf_dir="/etc/consul/conf.d" conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" diff --git a/cdist/conf/type/__consul_watch_event/explorer/conf-dir b/cdist/conf/type/__consul_watch_event/explorer/conf-dir deleted file mode 120000 index daa712c3..00000000 --- a/cdist/conf/type/__consul_watch_event/explorer/conf-dir +++ /dev/null @@ -1 +0,0 @@ -../../__consul_service/explorer/conf-dir \ No newline at end of file diff --git a/cdist/conf/type/__consul_watch_event/manifest b/cdist/conf/type/__consul_watch_event/manifest index b17680c1..61934656 100755 --- a/cdist/conf/type/__consul_watch_event/manifest +++ b/cdist/conf/type/__consul_watch_event/manifest @@ -20,7 +20,7 @@ cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" -conf_dir=$(cat "$__object/explorer/conf-dir") +conf_dir="/etc/consul/conf.d" conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" diff --git a/cdist/conf/type/__consul_watch_key/explorer/conf-dir b/cdist/conf/type/__consul_watch_key/explorer/conf-dir deleted file mode 120000 index daa712c3..00000000 --- a/cdist/conf/type/__consul_watch_key/explorer/conf-dir +++ /dev/null @@ -1 +0,0 @@ -../../__consul_service/explorer/conf-dir \ No newline at end of file diff --git a/cdist/conf/type/__consul_watch_key/manifest b/cdist/conf/type/__consul_watch_key/manifest index b17680c1..61934656 100755 --- a/cdist/conf/type/__consul_watch_key/manifest +++ b/cdist/conf/type/__consul_watch_key/manifest @@ -20,7 +20,7 @@ cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" -conf_dir=$(cat "$__object/explorer/conf-dir") +conf_dir="/etc/consul/conf.d" conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" diff --git a/cdist/conf/type/__consul_watch_keyprefix/explorer/conf-dir b/cdist/conf/type/__consul_watch_keyprefix/explorer/conf-dir deleted file mode 120000 index daa712c3..00000000 --- a/cdist/conf/type/__consul_watch_keyprefix/explorer/conf-dir +++ /dev/null @@ -1 +0,0 @@ -../../__consul_service/explorer/conf-dir \ No newline at end of file diff --git a/cdist/conf/type/__consul_watch_keyprefix/manifest b/cdist/conf/type/__consul_watch_keyprefix/manifest index b17680c1..61934656 100755 --- a/cdist/conf/type/__consul_watch_keyprefix/manifest +++ b/cdist/conf/type/__consul_watch_keyprefix/manifest @@ -20,7 +20,7 @@ cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" -conf_dir=$(cat "$__object/explorer/conf-dir") +conf_dir="/etc/consul/conf.d" conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" diff --git a/cdist/conf/type/__consul_watch_nodes/explorer/conf-dir b/cdist/conf/type/__consul_watch_nodes/explorer/conf-dir deleted file mode 120000 index daa712c3..00000000 --- a/cdist/conf/type/__consul_watch_nodes/explorer/conf-dir +++ /dev/null @@ -1 +0,0 @@ -../../__consul_service/explorer/conf-dir \ No newline at end of file diff --git a/cdist/conf/type/__consul_watch_nodes/manifest b/cdist/conf/type/__consul_watch_nodes/manifest index b17680c1..61934656 100755 --- a/cdist/conf/type/__consul_watch_nodes/manifest +++ b/cdist/conf/type/__consul_watch_nodes/manifest @@ -20,7 +20,7 @@ cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" -conf_dir=$(cat "$__object/explorer/conf-dir") +conf_dir="/etc/consul/conf.d" conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" diff --git a/cdist/conf/type/__consul_watch_service/explorer/conf-dir b/cdist/conf/type/__consul_watch_service/explorer/conf-dir deleted file mode 120000 index daa712c3..00000000 --- a/cdist/conf/type/__consul_watch_service/explorer/conf-dir +++ /dev/null @@ -1 +0,0 @@ -../../__consul_service/explorer/conf-dir \ No newline at end of file diff --git a/cdist/conf/type/__consul_watch_service/manifest b/cdist/conf/type/__consul_watch_service/manifest index e8d18328..db38eb18 100755 --- a/cdist/conf/type/__consul_watch_service/manifest +++ b/cdist/conf/type/__consul_watch_service/manifest @@ -20,7 +20,7 @@ cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" -conf_dir=$(cat "$__object/explorer/conf-dir") +conf_dir="/etc/consul/conf.d" conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" diff --git a/cdist/conf/type/__consul_watch_services/explorer/conf-dir b/cdist/conf/type/__consul_watch_services/explorer/conf-dir deleted file mode 120000 index daa712c3..00000000 --- a/cdist/conf/type/__consul_watch_services/explorer/conf-dir +++ /dev/null @@ -1 +0,0 @@ -../../__consul_service/explorer/conf-dir \ No newline at end of file diff --git a/cdist/conf/type/__consul_watch_services/manifest b/cdist/conf/type/__consul_watch_services/manifest index b17680c1..61934656 100755 --- a/cdist/conf/type/__consul_watch_services/manifest +++ b/cdist/conf/type/__consul_watch_services/manifest @@ -20,7 +20,7 @@ cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" -conf_dir=$(cat "$__object/explorer/conf-dir") +conf_dir="/etc/consul/conf.d" conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" diff --git a/cdist/conf/type/__cron/gencode-remote b/cdist/conf/type/__cron/gencode-remote index 9debbc47..59398058 100755 --- a/cdist/conf/type/__cron/gencode-remote +++ b/cdist/conf/type/__cron/gencode-remote @@ -31,28 +31,24 @@ if [ -f "$__object/parameter/raw" ]; then elif [ -f "$__object/parameter/raw_command" ]; then entry="$command" else - minute="$(cat "$__object/parameter/minute")" - hour="$(cat "$__object/parameter/hour")" - day_of_month="$(cat "$__object/parameter/day_of_month")" - month="$(cat "$__object/parameter/month")" - day_of_week="$(cat "$__object/parameter/day_of_week")" + minute="$(cat "$__object/parameter/minute" 2>/dev/null || echo "*")" + hour="$(cat "$__object/parameter/hour" 2>/dev/null || echo "*")" + day_of_month="$(cat "$__object/parameter/day_of_month" 2>/dev/null || echo "*")" + month="$(cat "$__object/parameter/month" 2>/dev/null || echo "*")" + day_of_week="$(cat "$__object/parameter/day_of_week" 2>/dev/null || echo "*")" entry="$minute $hour $day_of_month $month $day_of_week $command # $name" fi mkdir "$__object/files" echo "$entry" > "$__object/files/entry" -if [ -s "$__object/explorer/entry" ]; then - if diff -q "$__object/files/entry" "$__object/explorer/entry" >/dev/null; then - state_is=present - else - state_is=modified - fi +if diff -q "$__object/files/entry" "$__object/explorer/entry" >/dev/null; then + state_is=present else state_is=absent fi -state_should="$(cat "$__object/parameter/state")" +state_should="$(cat "$__object/parameter/state" 2>/dev/null || echo "present")" [ "$state_is" = "$state_should" ] && exit 0 diff --git a/cdist/conf/type/__cron/man.rst b/cdist/conf/type/__cron/man.rst index e39bfb5c..d0694738 100644 --- a/cdist/conf/type/__cron/man.rst +++ b/cdist/conf/type/__cron/man.rst @@ -21,11 +21,6 @@ command OPTIONAL PARAMETERS ------------------- -**NOTE**: All time-related parameters (``--minute``, ``--hour``, ``--day_of_month`` -``--month`` and ``--day_of_week``) defaults to ``*``, which means to execute it -**always**. If you set ``--hour 0`` to execute the cronjob only at midnight, it -will execute **every** minute in the first hour of the morning all days. - state Either present or absent. Defaults to present. minute diff --git a/cdist/conf/type/__cron/manifest b/cdist/conf/type/__cron/manifest index e7b51863..53973e07 100755 --- a/cdist/conf/type/__cron/manifest +++ b/cdist/conf/type/__cron/manifest @@ -22,12 +22,3 @@ if [ -f "$__object/parameter/raw" ] && [ -f "$__object/parameter/raw_command" ]; echo "ERROR: both raw and raw_command specified" >&2 exit 1 fi - -case "$(cat "$__object/parameter/state")" in - present) ;; - absent) ;; - - *) - echo "ERROR: unkown cron state" >&2 - exit 2 -esac diff --git a/cdist/conf/type/__cron/nonparallel b/cdist/conf/type/__cron/nonparallel deleted file mode 100644 index e69de29b..00000000 diff --git a/cdist/conf/type/__cron/parameter/default/day_of_month b/cdist/conf/type/__cron/parameter/default/day_of_month deleted file mode 100644 index 72e8ffc0..00000000 --- a/cdist/conf/type/__cron/parameter/default/day_of_month +++ /dev/null @@ -1 +0,0 @@ -* diff --git a/cdist/conf/type/__cron/parameter/default/day_of_week b/cdist/conf/type/__cron/parameter/default/day_of_week deleted file mode 100644 index 72e8ffc0..00000000 --- a/cdist/conf/type/__cron/parameter/default/day_of_week +++ /dev/null @@ -1 +0,0 @@ -* diff --git a/cdist/conf/type/__cron/parameter/default/hour b/cdist/conf/type/__cron/parameter/default/hour deleted file mode 100644 index 72e8ffc0..00000000 --- a/cdist/conf/type/__cron/parameter/default/hour +++ /dev/null @@ -1 +0,0 @@ -* diff --git a/cdist/conf/type/__cron/parameter/default/minute b/cdist/conf/type/__cron/parameter/default/minute deleted file mode 100644 index 72e8ffc0..00000000 --- a/cdist/conf/type/__cron/parameter/default/minute +++ /dev/null @@ -1 +0,0 @@ -* diff --git a/cdist/conf/type/__cron/parameter/default/month b/cdist/conf/type/__cron/parameter/default/month deleted file mode 100644 index 72e8ffc0..00000000 --- a/cdist/conf/type/__cron/parameter/default/month +++ /dev/null @@ -1 +0,0 @@ -* diff --git a/cdist/conf/type/__cron/parameter/default/state b/cdist/conf/type/__cron/parameter/default/state deleted file mode 100644 index e7f6134f..00000000 --- a/cdist/conf/type/__cron/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -present diff --git a/cdist/conf/type/__directory/explorer/stat b/cdist/conf/type/__directory/explorer/stat index f817cb02..03d466ba 100755 --- a/cdist/conf/type/__directory/explorer/stat +++ b/cdist/conf/type/__directory/explorer/stat @@ -1,7 +1,6 @@ #!/bin/sh # # 2013 Steven Armstrong (steven-cdist armstrong.cc) -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -21,51 +20,59 @@ destination="/$__object_id" -fallback() { - # Patch the output together, manually - - ls_line=$(ls -ldn "$destination") - - uid=$(echo "$ls_line" | awk '{ print $3 }') - gid=$(echo "$ls_line" | awk '{ print $4 }') - - owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd) - group=$(awk -F: -v gid="$gid" '$3 == gid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group) - - mode_text=$(echo "$ls_line" | awk '{ print $1 }') - mode=$(echo "$mode_text" | awk '{for(i=8;i>=0;--i){c=substr($1,10-i,1);k+=((c~/[rwxst]/)*2^i);if(!(i%3))k+=(tolower(c)~/[lst]/)*2^(9+i/3)}printf("%04o",k)}') - - printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\n' \ - "$("$__type_explorer/type")" \ - "$uid" "$owner" \ - "$gid" "$group" \ - "$mode" "$mode_text" -} - # nothing to work with, nothing we could do [ -e "$destination" ] || exit 0 -command -v stat >/dev/null 2>&1 || { - fallback - exit -} - -case $("$__explorer/os") -in - freebsd|netbsd|openbsd|macosx) - stat -f 'type: %HT +os=$("$__explorer/os") +case "$os" in + "freebsd"|"netbsd"|"openbsd"|"macosx") + stat -f "type: %HT owner: %Du %Su group: %Dg %Sg -mode: %Mp%03Lp %Sp -' "$destination" | awk '/^type/ { print tolower($0); next } { print }' +mode: %Lp %Sp +" "$destination" | awk '/^type/ { print tolower($0); next; } { print; }' ;; - *) - # NOTE: Do not use --printf here as it is not supported by BusyBox stat. - # NOTE: BusyBox's stat might not support the "-c" option, in which case - # we fall through to the shell fallback. - stat -c 'type: %F + alpine) + stat -c "type: %F owner: %u %U group: %g %G -mode: %04a %A' "$destination" 2>/dev/null || fallback +mode: %a %A +" "$destination" ;; + solaris) + ls1="$( ls -ld "$destination" )" + ls2="$( ls -ldn "$destination" )" + + if [ -f "$__object/parameter/mode" ] + then mode_should="$( cat "$__object/parameter/mode" )" + fi + + # yes, it is ugly hack, but if you know better way... + if [ -z "$( find "$destination" -perm "$mode_should" )" ] + then octets=888 + else octets="$( echo "$mode_should" | sed 's/^0//' )" + fi + + case "$( echo "$ls1" | cut -c1-1 )" in + -) echo 'type: regular file' ;; + d) echo 'type: directory' ;; + esac + + echo "owner: $( echo "$ls2" \ + | awk '{print $3}' ) $( echo "$ls1" \ + | awk '{print $3}' )" + + echo "group: $( echo "$ls2" \ + | awk '{print $4}' ) $( echo "$ls1" \ + | awk '{print $4}' )" + + echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )" + ;; + *) + stat --printf="type: %F +owner: %u %U +group: %g %G +mode: %a %A +" "$destination" + ;; esac diff --git a/cdist/conf/type/__directory/gencode-remote b/cdist/conf/type/__directory/gencode-remote index d9c00b56..374db47a 100755 --- a/cdist/conf/type/__directory/gencode-remote +++ b/cdist/conf/type/__directory/gencode-remote @@ -3,7 +3,6 @@ # 2011-2013 Nico Schottelius (nico-cdist at schottelius.org) # 2013 Steven Armstrong (steven-cdist armstrong.cc) # 2014 Daniel Heule (hda at sfs.biz) -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -22,8 +21,8 @@ # destination="/$__object_id" -state_should=$(cat "$__object/parameter/state") -type=$(cat "$__object/explorer/type") +state_should="$(cat "$__object/parameter/state")" +type="$(cat "$__object/explorer/type")" stat_file="$__object/explorer/stat" # variable to keep track if we have to set directory attributes @@ -73,7 +72,7 @@ set_mode() { } case "$state_should" in - present|exists) + present) if [ "$type" != "directory" ]; then set_attributes=1 if [ "$type" != "none" ]; then @@ -84,10 +83,6 @@ case "$state_should" in fi echo "mkdir $mkdiropt '$destination'" echo "create" >> "$__messages_out" - elif [ "$state_should" = 'exists' ]; then - # The type is directory and --state exists. We are done and do not - # check or set the attributes. - exit 0 fi # Note: Mode - needs to happen last as a chown/chgrp can alter mode by @@ -97,11 +92,9 @@ case "$state_should" in value_should="$(cat "$__object/parameter/$attribute")" value_is="$(get_current_value "$attribute" "$value_should")" - # format mode in four digits => same as stat returns + # change 0xxx format to xxx format => same as stat returns if [ "$attribute" = mode ]; then - # Convert to four-digit octal number (printf interprets - # strings with leading 0s as octal!) - value_should=$(printf '%04o' "0${value_should}") + value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')" fi if [ "$set_attributes" = 1 ] || [ "$value_should" != "$value_is" ]; then @@ -110,26 +103,6 @@ case "$state_should" in fi done ;; - pre-exists) - case $type in - directory) - # all good - exit 0 - ;; - none) - printf 'Directory "%s" does not exist\n' "$destination" >&2 - exit 1 - ;; - file|symlink) - printf 'File "%s" exists and is a %s, but should be a directory\n' "$destination" "$type" >&2 - exit 1 - ;; - *) - printf 'File or directory "%s" is in an unknown state\n' "$destination" >&2 - exit 1 - ;; - esac - ;; absent) if [ "$type" = "directory" ]; then echo "rm -rf '$destination'" diff --git a/cdist/conf/type/__directory/man.rst b/cdist/conf/type/__directory/man.rst index 7755334c..74b00afe 100644 --- a/cdist/conf/type/__directory/man.rst +++ b/cdist/conf/type/__directory/man.rst @@ -19,18 +19,7 @@ None. OPTIONAL PARAMETERS ------------------- state - 'present', 'absent', 'exists' or 'pre-exists', defaults to 'present' where: - - present - the directory exists and the given attributes are set. - absent - the directory does not exist. - exists - the directory exists, but its attributes are not altered if it already - existed. - pre-exists - check that the directory exists and is indeed a directory, but do not - create or modify it. + 'present' or 'absent', defaults to 'present' group Group to chgrp to. @@ -47,7 +36,7 @@ BOOLEAN PARAMETERS parents Whether to create parents as well (mkdir -p behaviour). Warning: all intermediate directory permissions default - to whatever mkdir -p does. + to whatever mkdir -p does. Usually this means root:root, 0700. diff --git a/cdist/conf/type/__dot_file/man.rst b/cdist/conf/type/__dot_file/man.rst index ba7621a1..ae65eb95 100644 --- a/cdist/conf/type/__dot_file/man.rst +++ b/cdist/conf/type/__dot_file/man.rst @@ -25,9 +25,6 @@ user OPTIONAL PARAMETERS ------------------- -dirmode - forwarded to :strong:`__directory` type as mode - mode forwarded to :strong:`__file` type diff --git a/cdist/conf/type/__dot_file/manifest b/cdist/conf/type/__dot_file/manifest index 02dadf05..5e4957e5 100755 --- a/cdist/conf/type/__dot_file/manifest +++ b/cdist/conf/type/__dot_file/manifest @@ -19,7 +19,6 @@ set -eu user="$(cat "${__object}/parameter/user")" home="$(cat "${__object}/explorer/home")" primary_group="$(cat "${__object}/explorer/primary_group")" -dirmode="$(cat "${__object}/parameter/dirmode")" # Create parent directory. Type __directory has flag 'parents', but it # will leave us with root-owned directory in user home, which is not @@ -37,7 +36,6 @@ export CDIST_ORDER_DEPENDENCY for dir ; do __directory "${home}/${dir}" \ --group "${primary_group}" \ - --mode "${dirmode}" \ --owner "${user}" done diff --git a/cdist/conf/type/__dot_file/parameter/default/dirmode b/cdist/conf/type/__dot_file/parameter/default/dirmode deleted file mode 100644 index e9745d1f..00000000 --- a/cdist/conf/type/__dot_file/parameter/default/dirmode +++ /dev/null @@ -1 +0,0 @@ -0700 diff --git a/cdist/conf/type/__dot_file/parameter/optional b/cdist/conf/type/__dot_file/parameter/optional index 9f7f83fb..ccab9fa6 100644 --- a/cdist/conf/type/__dot_file/parameter/optional +++ b/cdist/conf/type/__dot_file/parameter/optional @@ -1,4 +1,3 @@ state mode source -dirmode diff --git a/cdist/conf/type/__download/explorer/remote_cmd b/cdist/conf/type/__download/explorer/remote_cmd deleted file mode 100755 index e3e35b45..00000000 --- a/cdist/conf/type/__download/explorer/remote_cmd +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -e - -if [ -f "$__object/parameter/cmd-get" ] -then - cmd="$( cat "$__object/parameter/cmd-get" )" - -elif command -v curl > /dev/null -then - cmd="curl -L -o - '%s'" - -elif command -v fetch > /dev/null -then - cmd="fetch -o - '%s'" - -else - cmd="wget -O - '%s'" -fi - -echo "$cmd" diff --git a/cdist/conf/type/__download/explorer/state b/cdist/conf/type/__download/explorer/state deleted file mode 100755 index 00362545..00000000 --- a/cdist/conf/type/__download/explorer/state +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/sh -e - -dst="/$__object_id" - -if [ ! -f "$dst" ] -then - echo 'absent' - exit 0 -fi - -sum_should="$( cat "$__object/parameter/sum" )" - -if [ -f "$__object/parameter/cmd-sum" ] -then - # shellcheck disable=SC2059 - sum_is="$( eval "$( printf \ - "$( cat "$__object/parameter/cmd-sum" )" \ - "$dst" )" )" -else - os="$( "$__explorer/os" )" - - if echo "$sum_should" | grep -Eq '^[0-9]+\s[0-9]+$' - then - sum_is="$( cksum "$dst" | awk '{print $1" "$2}' )" - - elif echo "$sum_should" | grep -Eiq '^md5:[a-f0-9]{32}$' - then - case "$os" in - freebsd) - sum_is="md5:$( md5 -q "$dst" )" - ;; - *) - sum_is="md5:$( md5sum "$dst" | awk '{print $1}' )" - ;; - esac - - elif echo "$sum_should" | grep -Eiq '^sha1:[a-f0-9]{40}$' - then - case "$os" in - freebsd) - sum_is="sha1:$( sha1 -q "$dst" )" - ;; - *) - sum_is="sha1:$( sha1sum "$dst" | awk '{print $1}' )" - ;; - esac - - elif echo "$sum_should" | grep -Eiq '^sha256:[a-f0-9]{64}$' - then - case "$os" in - freebsd) - sum_is="sha256:$( sha256 -q "$dst" )" - ;; - *) - sum_is="sha256:$( sha256sum "$dst" | awk '{print $1}' )" - ;; - esac - fi -fi - -if [ -z "$sum_is" ] -then - echo 'no checksum from target' >&2 - exit 1 -fi - -if [ "$sum_is" = "$sum_should" ] -then - echo 'present' -else - echo 'mismatch' -fi diff --git a/cdist/conf/type/__download/gencode-local b/cdist/conf/type/__download/gencode-local deleted file mode 100755 index 571d2c3c..00000000 --- a/cdist/conf/type/__download/gencode-local +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/sh -e - -download="$( cat "$__object/parameter/download" )" - -state_is="$( cat "$__object/explorer/state" )" - -if [ "$download" != 'local' ] || [ "$state_is" = 'present' ] -then - exit 0 -fi - -url="$( cat "$__object/parameter/url" )" - -tmp="$( mktemp )" - -dst="/$__object_id" - -if [ -f "$__object/parameter/cmd-get" ] -then - cmd="$( cat "$__object/parameter/cmd-get" )" - -elif command -v wget > /dev/null -then - cmd="wget -O - '%s'" - -elif command -v curl > /dev/null -then - cmd="curl -L -o - '%s'" - -elif command -v fetch > /dev/null -then - cmd="fetch -o - '%s'" - -else - echo 'no usable locally installed utility for downloading' >&2 - exit 1 -fi - -printf "$cmd > %s\n" \ - "$url" \ - "$tmp" - -if echo "$__target_host" | grep -Eq '^[0-9a-fA-F:]+$' -then - target_host="[$__target_host]" -else - target_host="$__target_host" -fi - -printf '%s %s %s:%s\n' \ - "$__remote_copy" \ - "$tmp" \ - "$target_host" \ - "$dst" - -echo "rm -f '$tmp'" - -echo 'downloaded' > "$__messages_out" diff --git a/cdist/conf/type/__download/gencode-remote b/cdist/conf/type/__download/gencode-remote deleted file mode 100755 index 029a0801..00000000 --- a/cdist/conf/type/__download/gencode-remote +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/sh -e - -download="$( cat "$__object/parameter/download" )" - -state_is="$( cat "$__object/explorer/state" )" - -if [ "$download" = 'remote' ] && [ "$state_is" != 'present' ] -then - cmd="$( cat "$__object/explorer/remote_cmd" )" - - url="$( cat "$__object/parameter/url" )" - - dst="/$__object_id" - - printf "$cmd > %s\n" \ - "$url" \ - "$dst" - - echo 'downloaded' > "$__messages_out" -fi - -if [ -f "$__object/parameter/onchange" ] && [ "$state_is" != "present" ] -then - cat "$__object/parameter/onchange" -fi diff --git a/cdist/conf/type/__download/man.rst b/cdist/conf/type/__download/man.rst deleted file mode 100644 index 54503470..00000000 --- a/cdist/conf/type/__download/man.rst +++ /dev/null @@ -1,87 +0,0 @@ -cdist-type__download(7) -======================= - -NAME ----- -cdist-type__download - Download a file - - -DESCRIPTION ------------ -Destination (``$__object_id``) in target host must be persistent storage -in order to calculate checksum and decide if file must be (re-)downloaded. - -By default type will try to use ``wget``, ``curl`` or ``fetch``. -If download happens in target (see ``--download``) then type will -fallback to (and install) ``wget``. - -If download happens in local machine, then environment variables like -``{http,https,ftp}_proxy`` etc can be used on cdist execution -(``http_proxy=foo cdist config ...``). - - -REQUIRED PARAMETERS -------------------- -url - File's URL. - -sum - Checksum of file going to be downloaded. - By default output of ``cksum`` without filename is expected. - Other hash formats supported with prefixes: ``md5:``, ``sha1:`` and ``sha256:``. - - -OPTIONAL PARAMETERS -------------------- -download - If ``local`` (default), then download file to local storage and copy - it to target host. If ``remote``, then download happens in target. - -cmd-get - Command used for downloading. - Command must output to ``stdout``. - Parameter will be used for ``printf`` and must include only one - format specification ``%s`` which will become URL. - For example: ``wget -O - '%s'``. - -cmd-sum - Command used for checksum calculation. - Command output and ``--sum`` parameter must match. - Parameter will be used for ``printf`` and must include only one - format specification ``%s`` which will become destination. - For example: ``md5sum '%s' | awk '{print $1}'``. - -onchange - Execute this command after download. - - -EXAMPLES --------- - -.. code-block:: sh - - __directory /opt/cpma - - require='__directory/opt/cpma' \ - __download /opt/cpma/cnq3.zip \ - --url https://cdn.playmorepromode.com/files/cnq3/cnq3-1.51.zip \ - --sum md5:46da3021ca9eace277115ec9106c5b46 - - require='__download/opt/cpma/cnq3.zip' \ - __unpack /opt/cpma/cnq3.zip \ - --backup-destination \ - --preserve-archive \ - --destination /opt/cpma/server - - -AUTHORS -------- -Ander Punnar - - -COPYING -------- -Copyright \(C) 2020 Ander Punnar. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/cdist/conf/type/__download/manifest b/cdist/conf/type/__download/manifest deleted file mode 100755 index 7ec8d86d..00000000 --- a/cdist/conf/type/__download/manifest +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -e - -if grep -Eq '^wget' "$__object/explorer/remote_cmd" -then - __package wget -fi diff --git a/cdist/conf/type/__download/parameter/default/download b/cdist/conf/type/__download/parameter/default/download deleted file mode 100644 index 40830374..00000000 --- a/cdist/conf/type/__download/parameter/default/download +++ /dev/null @@ -1 +0,0 @@ -local diff --git a/cdist/conf/type/__download/parameter/optional b/cdist/conf/type/__download/parameter/optional deleted file mode 100644 index 838e2fbf..00000000 --- a/cdist/conf/type/__download/parameter/optional +++ /dev/null @@ -1,4 +0,0 @@ -cmd-get -cmd-sum -download -onchange diff --git a/cdist/conf/type/__download/parameter/required b/cdist/conf/type/__download/parameter/required deleted file mode 100644 index 6ea4c38f..00000000 --- a/cdist/conf/type/__download/parameter/required +++ /dev/null @@ -1,2 +0,0 @@ -url -sum diff --git a/cdist/conf/type/__dpkg_architecture/explorer/architecture b/cdist/conf/type/__dpkg_architecture/explorer/architecture deleted file mode 100755 index 03e7e386..00000000 --- a/cdist/conf/type/__dpkg_architecture/explorer/architecture +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -e -# __dpkg_architecture/explorer/architecture -# -# 2020 Matthias Stecher -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -# Get the main architecture of this machine - - -# print or die in the gencode-remote -dpkg --print-architecture || true diff --git a/cdist/conf/type/__dpkg_architecture/explorer/foreign-architectures b/cdist/conf/type/__dpkg_architecture/explorer/foreign-architectures deleted file mode 100755 index a150d307..00000000 --- a/cdist/conf/type/__dpkg_architecture/explorer/foreign-architectures +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -e -# __dpkg_architecture/explorer/foreign-architectures -# -# 2020 Matthias Stecher -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -# Print all additional architectures - - -# print or die in the gencode-remote -dpkg --print-foreign-architectures || true diff --git a/cdist/conf/type/__dpkg_architecture/gencode-remote b/cdist/conf/type/__dpkg_architecture/gencode-remote deleted file mode 100755 index 47fb24e7..00000000 --- a/cdist/conf/type/__dpkg_architecture/gencode-remote +++ /dev/null @@ -1,82 +0,0 @@ -#!/bin/sh -e -# __dpkg_architecture/gencode-remote -# -# 2020 Matthias Stecher -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - - -# Get parameter and explorer -state_should="$(cat "$__object/parameter/state")" -arch_wanted="$__object_id" -main_arch="$(cat "$__object/explorer/architecture")" - -# Exit here if dpkg do not work (empty explorer) -if [ -z "$main_arch" ]; then - echo "dpkg is not available or unable to detect a architecture!" >&2 - exit 1 -fi - - -# Check if requested architecture is the main one -if [ "$arch_wanted" = "$main_arch" ]; then - # higher than present; we can not remove it - state_is="present" - caution="yes" - -# Check if the architecture not already used -elif grep -qFx "$arch_wanted" "$__object/explorer/foreign-architectures"; then - state_is="present" - -# arch does not exist -else - state_is="absent" -fi - - -# Check what to do -if [ "$state_is" != "$state_should" ]; then - case "$state_should" in - present) - # print add code - printf "dpkg --add-architecture '%s'\n" "$arch_wanted" - # updating the index to make the new architecture available - echo "apt update" - - echo added >> "$__messages_out" - ;; - - absent) - if [ "$caution" ]; then - printf "can not remove the main arch '%s' of the system!\n" "$main_arch" >&2 - exit 1 - fi - - # removing all existing packages for the architecture - printf "apt purge '.*:%s'\n" "$arch_wanted" - # print remove code - printf "dpkg --remove-architecture '%s'\n" "$arch_wanted" - - echo removed >> "$__messages_out" - ;; - - *) - printf "state '%s' is unknown!\n" "$state_should" >&2 - exit 1 - ;; - esac -fi diff --git a/cdist/conf/type/__dpkg_architecture/man.rst b/cdist/conf/type/__dpkg_architecture/man.rst deleted file mode 100644 index fa196229..00000000 --- a/cdist/conf/type/__dpkg_architecture/man.rst +++ /dev/null @@ -1,103 +0,0 @@ -cdist-type__dpkg_architecture(7) -================================ - -NAME ----- -cdist-type__dpkg_architecture - Handles foreign architectures on debian-like -systems managed by `dpkg` - - -DESCRIPTION ------------ -This type handles foreign architectures on systems managed by -:strong:`dpkg`\ (1). The object id is the name of the architecture accepted by -`dpkg`, which should be added or removed. - -If the architecture is not setup on the system, it adds a new architecture as a -new foreign architecture in `dpkg`. Then, it updates the apt package index to -make packages from the new architecture available. - -If the architecture should be removed, it will remove it if it is not the base -architecture on where the system was installed on. Before it, it will purge -every package based on the "to be removed" architecture via `apt` to be able to -remove the selected architecture. - - -REQUIRED PARAMETERS -------------------- -None. - - -OPTIONAL PARAMETERS -------------------- -state - ``present`` or ``absent``. Defaults to ``present``. - - -MESSAGES --------- -added - Added the specified architecture - -removed - Removed the specified architecture - - -ABORTS ------- -Aborts in the following cases: - -If :strong:`dpkg`\ (1) is not available. It will abort with a proper error -message. - -If the architecture is the same as the base architecture the system is build -upon it (returned by ``dpkg --print-architecture``) and it should be removed. - -It will fail if it can not execute :strong:`apt`\ (8). It is assumed that it is -already installed. - - -EXAMPLES --------- - -.. code-block:: sh - - # add i386 (32 bit) architecture - __dpkg_architecture i386 - - # remove it again :) - __dpkg_architecture i386 --state absent - - -SEE ALSO --------- -`Multiarch on Debian systems `_ - -`How to setup multiarch on Debian `_ - -:strong:`dpkg`\ (1) -:strong:`cdist-type__package_dpkg`\ (7) -:strong:`cdist-type__package_apt`\ (7) - -Useful commands: - -.. code-block:: sh - - # base architecture installed on this system - dpkg --print-architecture - - # extra architectures added - dpkg --print-foreign-architectures - - -AUTHORS -------- -Matthias Stecher - - -COPYING -------- -Copyright \(C) 2020 Matthias Stecher. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -ublished by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/cdist/conf/type/__dpkg_architecture/nonparallel b/cdist/conf/type/__dpkg_architecture/nonparallel deleted file mode 100644 index e69de29b..00000000 diff --git a/cdist/conf/type/__dpkg_architecture/parameter/default/state b/cdist/conf/type/__dpkg_architecture/parameter/default/state deleted file mode 100644 index e7f6134f..00000000 --- a/cdist/conf/type/__dpkg_architecture/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -present diff --git a/cdist/conf/type/__dpkg_architecture/parameter/optional b/cdist/conf/type/__dpkg_architecture/parameter/optional deleted file mode 100644 index ff72b5c7..00000000 --- a/cdist/conf/type/__dpkg_architecture/parameter/optional +++ /dev/null @@ -1 +0,0 @@ -state diff --git a/cdist/conf/type/__file/explorer/stat b/cdist/conf/type/__file/explorer/stat index 29b3c8a3..13c1c208 100755 --- a/cdist/conf/type/__file/explorer/stat +++ b/cdist/conf/type/__file/explorer/stat @@ -2,7 +2,6 @@ # # 2013 Steven Armstrong (steven-cdist armstrong.cc) # 2019 Nico Schottelius (nico-cdist at schottelius.org) -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -22,63 +21,68 @@ destination="/$__object_id" -fallback() { - # Fallback: Patch the output together, manually. - - ls_line=$(ls -ldn "$destination") - - uid=$(echo "$ls_line" | awk '{ print $3 }') - gid=$(echo "$ls_line" | awk '{ print $4 }') - - owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd) - group=$(awk -F: -v gid="$gid" '$3 == gid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group) - - mode_text=$(echo "$ls_line" | awk '{ print $1 }') - mode=$(echo "$mode_text" | awk '{for(i=8;i>=0;--i){c=substr($1,10-i,1);k+=((c~/[rwxst]/)*2^i);if(!(i%3))k+=(tolower(c)~/[lst]/)*2^(9+i/3)}printf("%04o",k)}') - - size=$(echo "$ls_line" | awk '{ print $5 }') - links=$(echo "$ls_line" | awk '{ print $2 }') - - printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\nsize: %d\nlinks: %d\n' \ - "$("$__type_explorer/type")" \ - "$uid" "$owner" \ - "$gid" "$group" \ - "$mode" "$mode_text" \ - "$size" \ - "$links" -} - - # nothing to work with, nothing we could do [ -e "$destination" ] || exit 0 - -command -v stat >/dev/null 2>&1 || { - fallback - exit -} - - -case $("$__explorer/os") -in - freebsd|netbsd|openbsd|macosx) - stat -f 'type: %HT +os=$("$__explorer/os") +case "$os" in + "freebsd"|"netbsd"|"openbsd"|"macosx") + stat -f "type: %HT owner: %Du %Su group: %Dg %Sg -mode: %Mp%03Lp %Sp +mode: %Lp %Sp size: %Dz links: %Dl -' "$destination" | awk '/^type/ { print tolower($0); next } { print }' +" "$destination" | awk '/^type/ { print tolower($0); next; } { print; }' ;; - *) - # NOTE: Do not use --printf here as it is not supported by BusyBox stat. - # NOTE: BusyBox's stat might not support the "-c" option, in which case - # we fall through to the shell fallback. - stat -c 'type: %F + alpine) + # busybox stat + stat -c "type: %F owner: %u %U group: %g %G -mode: %04a %A +mode: %a %A size: %s -links: %h' "$destination" 2>/dev/null || fallback +links: %h +" "$destination" + ;; + solaris) + ls1="$( ls -ld "$destination" )" + ls2="$( ls -ldn "$destination" )" + + if [ -f "$__object/parameter/mode" ] + then mode_should="$( cat "$__object/parameter/mode" )" + fi + + # yes, it is ugly hack, but if you know better way... + if [ -z "$( find "$destination" -perm "$mode_should" )" ] + then octets=888 + else octets="$( echo "$mode_should" | sed 's/^0//' )" + fi + + case "$( echo "$ls1" | cut -c1-1 )" in + -) echo 'type: regular file' ;; + d) echo 'type: directory' ;; + esac + + echo "owner: $( echo "$ls2" \ + | awk '{print $3}' ) $( echo "$ls1" \ + | awk '{print $3}' )" + + echo "group: $( echo "$ls2" \ + | awk '{print $4}' ) $( echo "$ls1" \ + | awk '{print $4}' )" + + echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )" + echo "size: $( echo "$ls1" | awk '{print $5}' )" + echo "links: $( echo "$ls1" | awk '{print $2}' )" + ;; + *) + stat --printf="type: %F +owner: %u %U +group: %g %G +mode: %a %A +size: %s +links: %h +" "$destination" ;; esac diff --git a/cdist/conf/type/__file/gencode-local b/cdist/conf/type/__file/gencode-local index 231b6927..fb9f9a92 100755 --- a/cdist/conf/type/__file/gencode-local +++ b/cdist/conf/type/__file/gencode-local @@ -31,24 +31,12 @@ if [ "$state_should" = "pre-exists" ]; then exit 1 fi - case $type in - file) - # nothing to do - exit 0 - ;; - none) - printf 'File "%s" does not exist\n' "$destination" >&2 - exit 1 - ;; - directory|symlink) - printf 'File "%s" exists and is a %s, but should be a regular file\n' "$destination" "$type" >&2 - exit 1 - ;; - *) - printf 'File or directory "%s" is in an unknown state\n' "$destination" >&2 - exit 1 - ;; - esac + if [ "$type" = "file" ]; then + exit 0 # nothing to do + else + echo "File \"$destination\" does not exist" + exit 1 + fi fi upload_file= diff --git a/cdist/conf/type/__file/gencode-remote b/cdist/conf/type/__file/gencode-remote index f7a528fd..b04c471e 100755 --- a/cdist/conf/type/__file/gencode-remote +++ b/cdist/conf/type/__file/gencode-remote @@ -55,36 +55,35 @@ set_owner() { } set_mode() { - echo "chmod '$1' '$destination'" - echo "chmod '$1'" >> "$__messages_out" - fire_onchange=1 + echo "chmod '$1' '$destination'" + echo "chmod '$1'" >> "$__messages_out" + fire_onchange=1 } case "$state_should" in - present|exists) - # Note: Mode - needs to happen last as a chown/chgrp can alter mode by - # clearing S_ISUID and S_ISGID bits (see chown(2)) - for attribute in group owner mode; do - if [ -f "$__object/parameter/$attribute" ]; then - value_should="$(cat "$__object/parameter/$attribute")" + present|exists|pre-exists) + # Note: Mode - needs to happen last as a chown/chgrp can alter mode by + # clearing S_ISUID and S_ISGID bits (see chown(2)) + for attribute in group owner mode; do + if [ -f "$__object/parameter/$attribute" ]; then + value_should="$(cat "$__object/parameter/$attribute")" - # format mode in four digits => same as stat returns - if [ "$attribute" = mode ]; then - # Convert to four-digit octal number (printf interprets - # strings with leading 0s as octal!) - value_should=$(printf '%04o' "0${value_should}") - fi - - value_is="$(get_current_value "$attribute" "$value_should")" - if [ -f "$__object/files/set-attributes" ] || [ "$value_should" != "$value_is" ]; then - "set_$attribute" "$value_should" - fi + # change 0xxx format to xxx format => same as stat returns + if [ "$attribute" = mode ]; then + value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')" + fi + + value_is="$(get_current_value "$attribute" "$value_should")" + if [ -f "$__object/files/set-attributes" ] || [ "$value_should" != "$value_is" ]; then + "set_$attribute" "$value_should" fi - done - if [ -f "$__object/files/set-attributes" ]; then - # set-attributes is created if file is created or uploaded in gencode-local - fire_onchange=1 fi + done + if [ -f "$__object/files/set-attributes" ]; then + # set-attributes is created if file is created or uploaded in gencode-local + fire_onchange=1 + fi + ;; absent) @@ -95,10 +94,6 @@ case "$state_should" in fi ;; - pre-exists) - : - ;; - *) echo "Unknown state: $state_should" >&2 exit 1 @@ -106,7 +101,7 @@ case "$state_should" in esac if [ -f "$__object/parameter/onchange" ]; then - if [ -n "$fire_onchange" ]; then - cat "$__object/parameter/onchange" - fi + if [ -n "$fire_onchange" ]; then + cat "$__object/parameter/onchange" + fi fi diff --git a/cdist/conf/type/__file/man.rst b/cdist/conf/type/__file/man.rst index 2f3b9e69..7a0603bb 100644 --- a/cdist/conf/type/__file/man.rst +++ b/cdist/conf/type/__file/man.rst @@ -50,13 +50,13 @@ state create or modify it group - Group to chgrp to. Defaults to ``root``. + Group to chgrp to. mode - Unix permissions, suitable for chmod. Defaults to a very secure ``0600``. + Unix permissions, suitable for chmod. owner - User to chown to. Defaults to ``root``. + User to chown to. source If supplied, copy this file from the host running cdist to the target. diff --git a/cdist/conf/type/__filesystem/explorer/lsblk b/cdist/conf/type/__filesystem/explorer/lsblk index 9be3c575..9ae544ac 100644 --- a/cdist/conf/type/__filesystem/explorer/lsblk +++ b/cdist/conf/type/__filesystem/explorer/lsblk @@ -18,16 +18,16 @@ # along with cdist. If not, see . # -os=$("${__explorer:?}/os") +os=$("$__explorer/os") -if [ -f "${__object:?}/parameter/device" ]; then +if [ -f "$__object/parameter/device" ]; then blkdev="$(cat "$__object/parameter/device")" else - blkdev="${__object_id:?}" + blkdev="$__object_id" fi case "$os" in - alpine|centos|fedora|redhat|suse|gentoo) + centos|fedora|redhat|suse|gentoo) if [ ! -x "$(command -v lsblk)" ]; then echo "lsblk is required for __filesystem type" >&2 exit 1 diff --git a/cdist/conf/type/__group/gencode-remote b/cdist/conf/type/__group/gencode-remote index ff63e218..6091c548 100755 --- a/cdist/conf/type/__group/gencode-remote +++ b/cdist/conf/type/__group/gencode-remote @@ -88,7 +88,7 @@ if [ "$state" = "present" ]; then fi done if [ "$os" = "freebsd" ]; then - echo pw groupadd "$name" "$@" + echo pw groupadd "$@" "$name" else echo groupadd "$@" "$name" fi diff --git a/cdist/conf/type/__hostname/explorer/has_hostnamectl b/cdist/conf/type/__hostname/explorer/has_hostnamectl index 2f531f30..9040023d 100755 --- a/cdist/conf/type/__hostname/explorer/has_hostnamectl +++ b/cdist/conf/type/__hostname/explorer/has_hostnamectl @@ -21,4 +21,4 @@ # Check whether system has hostnamectl # -command -v hostnamectl 2>/dev/null || true +command -v hostnamectl || true diff --git a/cdist/conf/type/__ipset/explorer/type b/cdist/conf/type/__hostname/explorer/hostname_file similarity index 73% rename from cdist/conf/type/__ipset/explorer/type rename to cdist/conf/type/__hostname/explorer/hostname_file index 9413cdad..6a00aa9f 100755 --- a/cdist/conf/type/__ipset/explorer/type +++ b/cdist/conf/type/__hostname/explorer/hostname_file @@ -1,6 +1,6 @@ #!/bin/sh # -# 2021 Mesar Hameed (mesar.hameed at gmail.com) +# 2014 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # @@ -17,10 +17,14 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # +# +# Retrieve the contents of /etc/hostname +# -name="$__object_id" -if ipset -t list | grep -qFx "Name: $name"; then - ipset -t list "$name" | grep "^Type: " | awk '{print $2}' -else - echo "x_missing_x" +# Almost any distribution +if [ -f /etc/hostname ]; then + cat /etc/hostname +# SuSE +elif [ -f /etc/HOSTNAME ]; then + cat /etc/HOSTNAME fi diff --git a/cdist/conf/type/__ipset/explorer/state b/cdist/conf/type/__hostname/explorer/hostname_sysconfig similarity index 76% rename from cdist/conf/type/__ipset/explorer/state rename to cdist/conf/type/__hostname/explorer/hostname_sysconfig index 9ece28df..d0d7b4e7 100755 --- a/cdist/conf/type/__ipset/explorer/state +++ b/cdist/conf/type/__hostname/explorer/hostname_sysconfig @@ -1,6 +1,6 @@ #!/bin/sh # -# 2021 Mesar Hameed (mesar.hameed at gmail.com) +# 2014 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # @@ -17,10 +17,10 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # +# +# Retrieve the contents of /etc/hostname +# -name="$__object_id" -if ipset -t list "$name" >/dev/null; then - echo "present" -else - echo "absent" +if [ -f /etc/sysconfig/network ]; then + awk -F= '/^HOSTNAME=/ { print $2 }' /etc/sysconfig/network fi diff --git a/cdist/conf/type/__hostname/explorer/max_len b/cdist/conf/type/__hostname/explorer/max_len deleted file mode 100644 index fb863949..00000000 --- a/cdist/conf/type/__hostname/explorer/max_len +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -e - -command -v getconf >/dev/null || exit 0 - -val=$(getconf HOST_NAME_MAX 2>/dev/null) || exit 0 - -if test -n "${val}" -a "${val}" != 'undefined' -then - echo "${val}" -fi diff --git a/cdist/conf/type/__hostname/gencode-remote b/cdist/conf/type/__hostname/gencode-remote index c1a97ac8..8b5797dd 100755 --- a/cdist/conf/type/__hostname/gencode-remote +++ b/cdist/conf/type/__hostname/gencode-remote @@ -2,7 +2,6 @@ # # 2014-2017 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Nico Schottelius (nico-cdist at schottelius.org) -# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -20,86 +19,60 @@ # along with cdist. If not, see . # -os=$(cat "${__global:?}/explorer/os") -name_running=$(cat "${__global:?}/explorer/hostname") -has_hostnamectl=$(cat "${__object:?}/explorer/has_hostnamectl") - - -if test -s "${__object:?}/parameter/name" -then - name_should=$(cat "${__object:?}/parameter/name") +if [ -f "$__object/parameter/name" ]; then + name_should="$(cat "$__object/parameter/name")" else - case ${os} - in - # RedHat-derivatives and BSDs - (centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd) - # Hostname is FQDN - name_should=${__target_host:?} - ;; - (*) - # Hostname is only first component of FQDN - name_should=${__target_host:?} - name_should=${name_should%%.*} - ;; - esac + name_should="${__target_host%%.*}" fi +os=$(cat "$__global/explorer/os") +name_running=$(cat "$__global/explorer/hostname") +name_config=$(cat "$__object/explorer/hostname_file") +name_sysconfig=$(cat "$__object/explorer/hostname_sysconfig") +has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl") ################################################################################ -# Check if the (running) hostname is already correct +# If everything is ok -> exit # -test "${name_running}" != "${name_should}" || exit 0 - +case "$os" in + archlinux|debian|suse|ubuntu|devuan|coreos|alpine) + if [ "$name_config" = "$name_should" ] && [ "$name_running" = "$name_should" ]; then + exit 0 + fi + ;; + scientific|centos|freebsd|openbsd) + if [ "$name_sysconfig" = "$name_should" ] && [ "$name_running" = "$name_should" ]; then + exit 0 + fi + ;; + *) + echo "Unsupported os: $os" >&2 + exit 1 + ;; +esac ################################################################################ # Setup hostname # -echo 'changed' >>"${__messages_out:?}" +echo changed >> "$__messages_out" -# Use the good old way to set the hostname. -case ${os} -in - (alpine|debian|devuan|ubuntu) - echo 'hostname -F /etc/hostname' - ;; - (archlinux) - echo 'command -v hostnamectl >/dev/null 2>&1' \ - "&& hostnamectl set-hostname '${name_should}'" \ - "|| hostname '${name_should}'" - ;; - (centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void) - echo "hostname '${name_should}'" - ;; - (openwrt) - echo "echo '${name_should}' >/proc/sys/kernel/hostname" - ;; - (macosx) - echo "scutil --set HostName '${name_should}'" - ;; - (solaris) - echo "uname -S '${name_should}'" - ;; - (slackware|suse) - # We do not read from /etc/HOSTNAME, because the running - # hostname is the first component only while the file contains - # the FQDN. - echo "hostname '${name_should}'" - ;; - (*) - # Fall back to set the hostname using hostnamectl, if available. - if test -n "${has_hostnamectl}" - then - # Don't use hostnamectl as the primary means to set the hostname for - # systemd systems, because it cannot be trusted to work reliably and - # exit with non-zero when it fails (e.g. hostname too long, - # D-Bus failure, etc.). - - echo "hostnamectl set-hostname \"\$(cat /etc/hostname)\"" - echo "test \"\$(hostname)\" = \"\$(cat /etc/hostname)\"" \ - " || hostname -F /etc/hostname" - else - printf "echo 'Unsupported OS: %s' >&2\n" "${os}" - printf 'exit 1\n' - fi - ;; +# Use the good old way to set the hostname even on machines running systemd. +case "$os" in + archlinux|debian|ubuntu|devuan|centos|coreos|alpine) + printf "printf '%%s\\\\n' '$name_should' > /etc/hostname\\n" + echo "hostname -F /etc/hostname" + ;; + freebsd|openbsd) + echo "hostname '$name_should'" + ;; + suse) + echo "hostname '$name_should'" + printf "printf '%%s\\\\n' '$name_should' > /etc/HOSTNAME\\n" + ;; esac + +if [ "$has_hostnamectl" ]; then + # Allow hostnamectl set-hostname to fail silently. + # Who the fuck invented a tool that needs dbus to set the hostname anyway ... + echo "hostnamectl set-hostname '$name_should' || true" +fi diff --git a/cdist/conf/type/__hostname/man.rst b/cdist/conf/type/__hostname/man.rst index 72aefbab..d23a3b8a 100644 --- a/cdist/conf/type/__hostname/man.rst +++ b/cdist/conf/type/__hostname/man.rst @@ -8,10 +8,7 @@ cdist-type__hostname - Set the hostname DESCRIPTION ----------- -Sets the hostname on various operating systems. - -**Tip:** For advice on choosing a hostname, see -`RFC 1178 `_. +Set's the hostname on various operating systems. REQUIRED PARAMETERS @@ -21,7 +18,7 @@ None. OPTIONAL PARAMETERS ------------------- name - The hostname to set. Defaults to the first segment of __target_host + The hostname to set. Defaults to the first segment of __target_host (${__target_host%%.*}) diff --git a/cdist/conf/type/__hostname/manifest b/cdist/conf/type/__hostname/manifest index b80aa2ef..8f1adf12 100755 --- a/cdist/conf/type/__hostname/manifest +++ b/cdist/conf/type/__hostname/manifest @@ -2,7 +2,6 @@ # # 2012 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Nico Schottelius (nico-cdist at schottelius.org) -# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -20,176 +19,50 @@ # along with cdist. If not, see . # -set_hostname_systemd() { - echo "$1" | __file /etc/hostname --source - -} - -os=$(cat "${__global:?}/explorer/os") - -max_len=$(cat "${__object:?}/explorer/max_len") -has_hostnamectl=$(cat "${__object:?}/explorer/has_hostnamectl") - -if test -s "${__object:?}/parameter/name" -then - name_should=$(cat "${__object:?}/parameter/name") +os=$(cat "$__global/explorer/os") +if [ -f "$__object/parameter/name" ]; then + name_should="$(cat "$__object/parameter/name")" else - case ${os} - in - # RedHat-derivatives and BSDs - (centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware|suse) - # Hostname is FQDN - name_should=${__target_host:?} - ;; - *) - # Hostname is only first component of FQDN on all other systems. - name_should=${__target_host:?} - name_should=${name_should%%.*} - ;; + case "$os" in + openbsd) + name_should="${__target_host}" + ;; + *) + name_should="${__target_host%%.*}" + ;; esac fi -if test -n "${max_len}" && test "$(printf '%s' "${name_should}" | wc -c)" -gt "${max_len}" -then - printf "Host name too long. Up to %u characters allowed.\n" "${max_len}" >&2 - exit 1 -fi -case ${os} -in - (alpine|debian|devuan|ubuntu|void) - echo "${name_should}" | __file /etc/hostname --source - - ;; - (archlinux) - if test -n "${has_hostnamectl}" - then - set_hostname_systemd "${name_should}" - else - echo 'Ancient ArchLinux variants without hostnamectl are not supported.' >&2 - exit 1 - # Only for ancient ArchLinux, write to /etc/rc.conf on pre-systemd - # versions. There are some versions which use /etc/hostname but not - # systemd. It is unclear which ones these are. +not_supported() { + echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 + echo "Please contribute an implementation for it if you can." >&2 + exit 1 +} - # __key_value '/etc/rc.conf:HOSTNAME' \ - # --file /etc/rc.conf \ - # --delimiter '=' --exact_delimiter \ - # --key 'HOSTNAME' \ - # --value "\"$name_should\"" - fi - ;; - (centos|fedora|redhat|scientific) - if test -z "${has_hostnamectl}" - then - # Only write to /etc/sysconfig/network on non-systemd versions. - # On systemd-based versions this entry is ignored. - __key_value '/etc/sysconfig/network:HOSTNAME' \ - --file /etc/sysconfig/network \ - --delimiter '=' --exact_delimiter \ - --key HOSTNAME \ - --value "\"${name_should}\"" - else - set_hostname_systemd "${name_should}" - fi - ;; - (gentoo) - # Only write to /etc/conf.d/hostname on OpenRC-based installations. - # On systemd use hostnamectl(1) in gencode-remote. - if test -z "${has_hostnamectl}" - then - __key_value '/etc/conf.d/hostname:hostname' \ - --file /etc/conf.d/hostname \ - --delimiter '=' --exact_delimiter \ - --key 'hostname' \ - --value "\"${name_should}\"" - else - set_hostname_systemd "$name_should" - fi - ;; - (freebsd) - __key_value '/etc/rc.conf:hostname' \ - --file /etc/rc.conf \ - --delimiter '=' --exact_delimiter \ - --key 'hostname' \ - --value "\"${name_should}\"" - ;; - (macosx) +case "$os" in + archlinux|debian|suse|ubuntu|devuan|coreos|alpine) # handled in gencode-remote - ;; - (netbsd) - __key_value '/etc/rc.conf:hostname' \ + : + ;; + scientific|centos) + __key_value sysconfig-hostname \ + --file /etc/sysconfig/network \ + --delimiter '=' \ + --key HOSTNAME \ + --value "$name_should" --exact_delimiter + ;; + freebsd) + __key_value rcconf-hostname \ --file /etc/rc.conf \ - --delimiter '=' --exact_delimiter \ + --delimiter '=' \ --key 'hostname' \ - --value "\"${name_should}\"" - - # To avoid confusion, ensure that the hostname is only stored once. - __file /etc/myname --state absent - ;; - (openbsd) - echo "${name_should}" | __file /etc/myname --source - - ;; - (openwrt) - __uci system.@system[0].hostname --value "${name_should}" - # --transaction hostname - ;; - (slackware) - # We write the FQDN into /etc/HOSTNAME. But /etc/rc.d/rc.M will only - # read the first component from this file and set it as the running - # hostname on boot. - echo "${name_should}" | __file /etc/HOSTNAME --source - - ;; - (solaris) - echo "${name_should}" | __file /etc/nodename --source - - ;; - (suse) - if test -s "${__global:?}/explorer/os_release" - then - # shellcheck source=/dev/null - os_version=$(. "${__global:?}/explorer/os_release" && echo "${VERSION}") - else - os_version=$(sed -n 's/^VERSION\ *=\ *//p' "${__global:?}/explorer/os_version") - fi - os_major=$(expr "${os_version}" : '\([0-9]\{1,\}\)') - - # Classic SuSE stores the FQDN in /etc/HOSTNAME, while - # systemd does not. The running hostname is the first - # component in both cases. - # In versions before 15.x, the FQDN is stored in /etc/hostname. - if test -n "${has_hostnamectl}" \ - && test "${os_major}" -ge 15 \ - && test "${os_major}" -ne 42 - then - # strip away everything but the first part from $name_should - name_should=${name_should%%.*} - fi - - # Modern SuSE provides /etc/HOSTNAME as a symlink for - # backwards-compatibility. Unfortunately it cannot be used - # here as __file does not follow the symlink. - # Therefore, we use the presence of the hostnamectl binary as - # an indication of which file to use. This unfortunately does - # not work correctly on openSUSE 12.x which provides - # hostnamectl but not /etc/hostname. - - if test -n "${has_hostnamectl}" -a "${os_major}" -gt 12 - then - hostname_file=/etc/hostname - else - hostname_file=/etc/HOSTNAME - fi - - echo "${name_should}" | __file "${hostname_file}" --source - - ;; - (*) - # On other operating systems we fall back to systemd's - # hostnamectl if available… - if test -n "${has_hostnamectl}" - then - set_hostname_systemd "${name_should}" - else - echo "Your operating system (${os}) is currently not supported by this type (${__type##*/})." >&2 - echo "Please contribute an implementation for it if you can." >&2 - exit 1 - fi - ;; + --value "$name_should" + ;; + openbsd) + echo "$name_should" | __file /etc/myname --source - + ;; + *) + not_supported + ;; esac diff --git a/cdist/conf/type/__hosts/man.rst b/cdist/conf/type/__hosts/man.rst index 1ac706cb..bece7967 100644 --- a/cdist/conf/type/__hosts/man.rst +++ b/cdist/conf/type/__hosts/man.rst @@ -25,10 +25,6 @@ ip state is ``present``, this parameter is mandatory, if state is ``absent``, this parameter is silently ignored. -alias - An alias for the hostname. - This parameter can be specified multiple times (once per alias). - EXAMPLES -------- @@ -40,8 +36,6 @@ EXAMPLES # previously configured via __hosts. __hosts happy --state absent - __hosts srv1.example.com --ip 192.168.0.42 --alias srv1 - SEE ALSO -------- @@ -49,14 +43,13 @@ SEE ALSO AUTHORS ------- -| Dmitry Bogatov -| Dennis Camera + +Dmitry Bogatov COPYING ------- -Copyright \(C) 2015-2016 Dmitry Bogatov, 2019 Dennis Camera. -You can redistribute it and/or modify it under the terms of the GNU General -Public License as published by the Free Software Foundation, either version 3 of -the License, or (at your option) any later version. +Copyright (C) 2015,2016 Dmitry Bogatov. Free use of this software is granted +under the terms of the GNU General Public License version 3 or later +(GPLv3+). diff --git a/cdist/conf/type/__hosts/manifest b/cdist/conf/type/__hosts/manifest index 8103ebd5..c536b83b 100755 --- a/cdist/conf/type/__hosts/manifest +++ b/cdist/conf/type/__hosts/manifest @@ -1,42 +1,29 @@ #!/bin/sh -e -# # Copyright (C) 2015 Bogatov Dmitry -# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify +# This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # -# cdist is distributed in the hope that it will be useful, +# This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . -# +set -ue -set -e +hostname="$__object_id" +state="$(cat "$__object/parameter/state")" +marker="# __hosts/$hostname" -hostname=$__object_id -state=$(cat "${__object}/parameter/state") -marker="# __hosts/${hostname}" +set -- "__hosts/$hostname" --file /etc/hosts --state "$state" -if test "${state}" != 'absent' -then - ip=$(cat "${__object}/parameter/ip") - if test -s "${__object}/parameter/alias" - then - aliases=$(while read -r a; do printf '\t%s' "$a"; done <"$__object/parameter/alias") - fi - - set -- --line "$(printf '%s\t%s%s %s' \ - "${ip}" "${hostname}" "${aliases}" "${marker}")" +if [ "$state" = absent ] ; then + __line "$@" --regex "$marker" else - set -- --regex "$(echo "${marker}" | sed -e 's/\./\\./')$" + ip="$(cat "$__object/parameter/ip")" + __line "$@" --line "$ip $hostname $marker" fi - -__line "/etc/hosts:${hostname}" --file /etc/hosts --state "${state}" "$@" diff --git a/cdist/conf/type/__hosts/parameter/optional_multiple b/cdist/conf/type/__hosts/parameter/optional_multiple deleted file mode 100644 index d077ed80..00000000 --- a/cdist/conf/type/__hosts/parameter/optional_multiple +++ /dev/null @@ -1 +0,0 @@ -alias diff --git a/cdist/conf/type/__hwclock/explorer/adjtime_mode b/cdist/conf/type/__hwclock/explorer/adjtime_mode deleted file mode 100755 index 2b27bedc..00000000 --- a/cdist/conf/type/__hwclock/explorer/adjtime_mode +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# Prints the clock mode read from the /etc/adjtime file, if present. -# - -# not all operating systems use an adjfile -test -f /etc/adjtime || exit 0 - -# 3rd line is clock mode -# adjtime(5) https://man7.org/linux/man-pages/man5/adjtime.5.html -sed -n 3p /etc/adjtime diff --git a/cdist/conf/type/__hwclock/explorer/timedatectl_localrtc b/cdist/conf/type/__hwclock/explorer/timedatectl_localrtc deleted file mode 100755 index 8239122e..00000000 --- a/cdist/conf/type/__hwclock/explorer/timedatectl_localrtc +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# Prints the LocalRTC property using timedatectl on systemd-based systems. -# - -command -v timedatectl >/dev/null 2>&1 || exit 0 - -# NOTE: Older versions of timedatectl do not support `timedatectl show' -timedatectl --no-pager status \ -| awk -F': ' '$1 ~ "RTC in local TZ$" { sub(/[ \t]*$/, "", $2); print $2 }' diff --git a/cdist/conf/type/__hwclock/gencode-remote b/cdist/conf/type/__hwclock/gencode-remote deleted file mode 100755 index 5995fb23..00000000 --- a/cdist/conf/type/__hwclock/gencode-remote +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -mode=$(cat "${__object:?}/parameter/mode") - -timedatectl_localrtc=$(cat "${__object:?}/explorer/timedatectl_localrtc") -adjtime_mode=$(cat "${__object:?}/explorer/adjtime_mode") - - -case ${mode} -in - (localtime) - adjtime_str=LOCAL - local_rtc_str=yes - ;; - (UTC|utc) - adjtime_str=UTC - local_rtc_str=no - ;; - (*) - printf 'Invalid value for --mode: %s\n' "${mode}" >&2 - printf 'Acceptable values are: localtime, utc.\n' >&2 - exit 1 -esac - - -if test -n "${timedatectl_localrtc}" -then - # systemd - timedatectl_should=${local_rtc_str} - if test "${timedatectl_localrtc}" != "${timedatectl_should}" - then - printf 'timedatectl set-local-rtc %s\n' "${timedatectl_should}" - fi -elif test -n "${adjtime_mode}" -then - # others (update /etc/adjtime if present) - if test "${adjtime_mode}" != "${adjtime_str}" - then - # Update /etc/adjtime (3rd line is clock mode) - # adjtime(5) https://man7.org/linux/man-pages/man5/adjtime.5.html - # FIXME: Should maybe add third line if adjfile only contains two lines - printf "sed -i '3c\\\\\\n%s\\n' /etc/adjtime\\n" "${adjtime_str}" - fi -fi diff --git a/cdist/conf/type/__hwclock/man.rst b/cdist/conf/type/__hwclock/man.rst deleted file mode 100644 index 65eb648f..00000000 --- a/cdist/conf/type/__hwclock/man.rst +++ /dev/null @@ -1,63 +0,0 @@ -cdist-type__hwclock(7) -====================== - -NAME ----- -cdist-type__hwclock - Manage the hardware real time clock. - - -DESCRIPTION ------------ -This type can be used to control how the hardware clock is used by the operating -system. - - -REQUIRED PARAMETERS -------------------- -mode - What mode the hardware clock is in. - - Acceptable values: - - localtime - The hardware clock is set to local time (common for systems also running - Windows.) - UTC - The hardware clock is set to UTC (common on UNIX systems.) - - -OPTIONAL PARAMETERS -------------------- -None. - - -BOOLEAN PARAMETERS ------------------- -None. - - -EXAMPLES --------- - -.. code-block:: sh - - # Make the operating system treat the time read from the hwclock as UTC. - __hwclock --mode UTC - - -SEE ALSO --------- -:strong:`hwclock`\ (8) - - -AUTHORS -------- -Dennis Camera - - -COPYING -------- -Copyright \(C) 2020 Dennis Camera. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/cdist/conf/type/__hwclock/manifest b/cdist/conf/type/__hwclock/manifest deleted file mode 100755 index 7d9ab88f..00000000 --- a/cdist/conf/type/__hwclock/manifest +++ /dev/null @@ -1,222 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -# TODO: Consider supporting BADYEAR - -os=$(cat "${__global:?}/explorer/os") -mode=$(cat "${__object:?}/parameter/mode") - -has_systemd_timedatectl=$(test -s "${__object:?}/explorer/timedatectl_localrtc" && echo true || echo false) - - -case ${mode} -in - (localtime) - local_clock=true - ;; - (UTC|utc) - local_clock=false - ;; - (*) - printf 'Invalid value for --mode: %s\n' "${mode}" >&2 - printf 'Acceptable values are: UTC, localtime.\n' >&2 - exit 1 -esac - - -case ${os} -in - (alpine|gentoo) - if ! $has_systemd_timedatectl - then - # NOTE: Gentoo also supports systemd, in which case /etc/conf.d is - # not used. So we check for systemd presence here and only - # update /etc/conf.d if systemd is not installed. - # https://wiki.gentoo.org/wiki/System_time#Hardware_clock - - export CDIST_ORDER_DEPENDENCY=true - __file /etc/conf.d/hwclock --state present \ - --owner root --group root --mode 0644 - __key_value /etc/conf.d/hwclock:clock \ - --file /etc/conf.d/hwclock \ - --key clock \ - --delimiter '=' --exact_delimiter \ - --value "\"$($local_clock && echo local || echo UTC)\"" - unset CDIST_ORDER_DEPENDENCY - fi - ;; - (centos|fedora|redhat|scientific) - os_version=$(cat "${__global:?}/explorer/os_version") - os_major=$(expr "${os_version}" : '.* release \([0-9]*\)') - case ${os} - in - (centos|scientific) - update_sysconfig=$(test "${os_major}" -lt 6 && echo true || echo false) - ;; - (fedora) - update_sysconfig=$(test "${os_major}" -lt 10 && echo true || echo false) - ;; - (redhat|*) - case ${os_version} - in - ('Red Hat Enterprise Linux'*) - update_sysconfig=$(test "${os_major}" -lt 6 && echo true || echo false) - ;; - ('Red Hat Linux'*) - update_sysconfig=true - ;; - (*) - printf 'Could not determine Red Hat distribution.\n' >&2 - printf "Please contribute an implementation for it if you can.\n" >&2 - exit 1 - ;; - esac - ;; - esac - - if ${update_sysconfig:?} - then - export CDIST_ORDER_DEPENDENCY=true - __file /etc/sysconfig/clock --state present \ - --owner root --group root --mode 0644 - __key_value /etc/sysconfig/clock:UTC \ - --file /etc/sysconfig/clock \ - --key UTC \ - --delimiter '=' --exact_delimiter \ - --value "$($local_clock && echo false || echo true)" - unset CDIST_ORDER_DEPENDENCY - fi - ;; - (debian|devuan|ubuntu) - os_major=$(sed 's/[^0-9].*$//' "${__global:?}/explorer/os_version") - - case ${os} - in - (debian) - if test "${os_major}" -ge 7 - then - update_rcS=false - elif test "${os_major}" -ge 3 - then - update_rcS=true - else - # Debian 2.2 should be supportable using rcS. - # Debian 2.1 uses the ancient GMT key. - # Debian 1.3 does not have rcS. - printf "Your operating system (Debian %s) is currently not supported by this type (%s)\n" \ - "$(cat "${__global:?}/explorer/os_version")" "${__type##*/}" >&2 - printf "Please contribute an implementation for it if you can.\n" >&2 - exit 1 - fi - ;; - (devuan) - update_rcS=false - ;; - (ubuntu) - update_rcS=$(test "${os_major}" -lt 16 && echo true || echo false) - ;; - esac - - if ${update_rcS} - then - export CDIST_ORDER_DEPENDENCY=true - __file /etc/default/rcS --state present \ - --owner root --group root --mode 0644 - __key_value /etc/default/rcS:UTC \ - --file /etc/default/rcS \ - --key UTC \ - --delimiter '=' --exact_delimiter \ - --value "$($local_clock && echo no || echo yes)" - unset CDIST_ORDER_DEPENDENCY - fi - ;; - (freebsd) - # cf. adjkerntz(8) - __file /etc/wall_cmos_clock \ - --state "$($local_clock && echo present || echo absent)" \ - --owner root --group wheel --mode 0444 - ;; - (netbsd) - # https://wiki.netbsd.org/guide/boot/#index9h2 - __key_value /etc/rc.conf:rtclocaltime \ - --file /etc/rc.conf \ - --key rtclocaltime \ - --delimiter '=' --exact_delimiter \ - --value "$($local_clock && echo YES || echo NO)" - ;; - (slackware) - __file /etc/hardwareclock --owner root --group root --mode 0644 \ - --source - <<-EOF - # /etc/hardwareclock - # - # Tells how the hardware clock time is stored. - # This file is managed by cdist. - - $($local_clock && echo localtime || echo UTC) - EOF - ;; - (suse) - if test -s "${__global:?}/explorer/os_release" - then - # shellcheck source=/dev/null - os_version=$(. "${__global:?}/explorer/os_release" && echo "${VERSION}") - else - os_version=$(sed -n 's/^VERSION\ *=\ *//p' "${__global:?}/explorer/os_version") - fi - os_major=$(expr "${os_version}" : '\([0-9]\{1,\}\)') - - # TODO: Consider using `yast2 timezone set hwclock' instead - if expr "${os_major}" \< 12 - then - # Starting with SuSE 12 (first systemd-based version) - # /etc/sysconfig/clock does not contain the HWCLOCK line - # anymore. - # With SuSE 13, it has been reduced to TIMEZONE configuration. - __key_value /etc/sysconfig/clock:HWCLOCK \ - --file /etc/sysconfig/clock \ - --delimiter '=' --exact_delimiter \ - --key HWCLOCK \ - --value "$($local_clock && echo '"--localtime"' || echo '"-u"')" - fi - ;; - (void) - export CDIST_ORDER_DEPENDENCY=true - __file /etc/rc.conf \ - --owner root --group root --mode 0644 \ - --state present - __key_value /etc/rc.conf:HARDWARECLOCK \ - --file /etc/rc.conf \ - --delimiter '=' --exact_delimiter \ - --key HARDWARECLOCK \ - --value "\"$($local_clock && echo localtime || echo UTC)\"" - unset CDIST_ORDER_DEPENDENCY - ;; - (*) - if ! $has_systemd_timedatectl - then - printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 - printf "Please contribute an implementation for it if you can.\n" >&2 - exit 1 - fi - ;; -esac - -# NOTE: timedatectl set-local-rtc for systemd is in gencode-remote -# NOTE: /etc/adjtime is also updated in gencode-remote diff --git a/cdist/conf/type/__hwclock/parameter/required b/cdist/conf/type/__hwclock/parameter/required deleted file mode 100644 index 17ab372f..00000000 --- a/cdist/conf/type/__hwclock/parameter/required +++ /dev/null @@ -1 +0,0 @@ -mode diff --git a/cdist/conf/type/__hwclock/singleton b/cdist/conf/type/__hwclock/singleton deleted file mode 100644 index e69de29b..00000000 diff --git a/cdist/conf/type/__install_chroot_umount/manifest b/cdist/conf/type/__install_chroot_umount/manifest deleted file mode 120000 index f17af67a..00000000 --- a/cdist/conf/type/__install_chroot_umount/manifest +++ /dev/null @@ -1 +0,0 @@ -../__chroot_umount/manifest \ No newline at end of file diff --git a/cdist/conf/type/__install_directory/man.rst b/cdist/conf/type/__install_directory/man.rst deleted file mode 100644 index c402cbad..00000000 --- a/cdist/conf/type/__install_directory/man.rst +++ /dev/null @@ -1,101 +0,0 @@ -cdist-type__install_directory(7) -================================ - -NAME ----- -cdist-type__install_directory - Manage a directory with install command - - -DESCRIPTION ------------ -This cdist type allows you to create or remove directories on the target. - - -REQUIRED PARAMETERS -------------------- -None. - - -OPTIONAL PARAMETERS -------------------- -state - 'present' or 'absent', defaults to 'present' - -group - Group to chgrp to. - -mode - Unix permissions, suitable for chmod. - -owner - User to chown to. - - -BOOLEAN PARAMETERS ------------------- -parents - Whether to create parents as well (mkdir -p behaviour). - Warning: all intermediate directory permissions default - to whatever mkdir -p does. - - Usually this means root:root, 0700. - -recursive - If supplied the chgrp and chown call will run recursively. - This does *not* influence the behaviour of chmod. - -MESSAGES --------- -chgrp - Changed group membership -chown - Changed owner -chmod - Changed mode -create - Empty directory was created -remove - Directory exists, but state is absent, directory will be removed by generated code. -remove non directory - Something other than a directory with the same name exists and was removed prior to create. - - -EXAMPLES --------- - -.. code-block:: sh - - # A silly example - __install_directory /tmp/foobar - - # Remove a directory - __install_directory /tmp/foobar --state absent - - # Ensure /etc exists correctly - __install_directory /etc --owner root --group root --mode 0755 - - # Create nfs service directory, including parents - __install_directory /home/services/nfs --parents - - # Change permissions recursively - __install_directory /home/services --recursive --owner root --group root - - # Setup a temp directory - __install_directory /local --mode 1777 - - # Take it all - __install_directory /home/services/kvm --recursive --parents \ - --owner root --group root --mode 0755 --state present - - -AUTHORS -------- -Nico Schottelius - - -COPYING -------- -Copyright \(C) 2011 Nico Schottelius. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/cdist/conf/type/__install_directory/man.rst b/cdist/conf/type/__install_directory/man.rst new file mode 120000 index 00000000..1ad7fa84 --- /dev/null +++ b/cdist/conf/type/__install_directory/man.rst @@ -0,0 +1 @@ +../__directory/man.rst \ No newline at end of file diff --git a/cdist/conf/type/__install_file/man.rst b/cdist/conf/type/__install_file/man.rst index 977ed77c..c5409167 100644 --- a/cdist/conf/type/__install_file/man.rst +++ b/cdist/conf/type/__install_file/man.rst @@ -23,10 +23,6 @@ symlink directory replace it with the source file -One exception is that when state is pre-exists, an error is raised if -the file would have been created otherwise (e.g. it is not present or -not a regular file). - In any case, make sure that the file attributes are as specified. @@ -37,7 +33,7 @@ None. OPTIONAL PARAMETERS ------------------- state - 'present', 'absent', 'exists' or 'pre-exists', defaults to 'present' where: + 'present', 'absent' or 'exists', defaults to 'present' where: present the file is exactly the one from source @@ -45,9 +41,6 @@ state the file does not exist exists the file from source but only if it doesn't already exist - pre-exists - check that the file exists and is a regular file, but do not - create or modify it group Group to chgrp to. @@ -63,9 +56,6 @@ source If not supplied, an empty file or directory will be created. If source is '-' (dash), take what was written to stdin as the file content. -onchange - The code to run if file is modified. - MESSAGES -------- chgrp @@ -103,8 +93,6 @@ EXAMPLES __install_file /home/frodo/.bashrc --source "/etc/skel/.bashrc" \ --state exists \ --owner frodo --mode 0600 - # Check that the file is present, show an error when it is not - __install_file /etc/somefile --state pre-exists # Take file content from stdin __install_file /tmp/whatever --owner root --group root --mode 644 --source - << DONE Here goes the content for /tmp/whatever diff --git a/cdist/conf/type/__ipset/files/ipset-persistent b/cdist/conf/type/__ipset/files/ipset-persistent deleted file mode 100755 index e812c30f..00000000 --- a/cdist/conf/type/__ipset/files/ipset-persistent +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh -# -# 2021 Mesar Hameed (mesar.hameed at gmail.com) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# -### BEGIN INIT INFO -# Provides: ipset -# Required-Start: $local_fs $remote_fs -# Required-Stop: $local_fs $remote_fs -# X-Start-Before: iptables -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Create ipset lists before iptables rules require them -# Description: Applies lists found in /etc/ipset.d/*.saved -# and saves/restores previous status -### END INIT INFO - -case $1 in - start) - # Restore previous state: - /usr/local/bin/ipsets-restore - ;; - stop) - # Save current state before exiting: - /usr/local/bin/ipsets-save - ;; - restart) - "$0" stop && "$0" start - ;; - reset) - ipset flush - ;; -esac diff --git a/cdist/conf/type/__ipset/files/ipsets-save b/cdist/conf/type/__ipset/files/ipsets-save deleted file mode 100755 index 9f5a9f3a..00000000 --- a/cdist/conf/type/__ipset/files/ipsets-save +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh -# -# 2021 Mesar Hameed (mesar.hameed at gmail.com) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -mkdir -p /etc/ipset.d/ -if [ -n "$1" ]; then - ipset save "$1" > "/etc/ipset.d/${1}.saved" -else -ipset -t list | grep "^Name:" | awk '{print $2}' | while read s; do - ipset save $s > /etc/ipset.d/$s.saved -done -fi diff --git a/cdist/conf/type/__ipset/gencode-remote b/cdist/conf/type/__ipset/gencode-remote deleted file mode 100755 index 38437a6c..00000000 --- a/cdist/conf/type/__ipset/gencode-remote +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/sh -# -# 2021 Mesar Hameed (mesar.hameed at gmail.com) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -e="$__object/explorer" -p="$__object/parameter" -name="$__object_id" -type_is="$(cat "$e/type")" -type_should="$(cat "$p/type")" -state_is="$(cat "$e/state")" -state_should="$(cat "$p/state")" -needToSave=0 - -case $state_should in - present) - if [ "$state_is" = "absent" ]; then - echo ipset create "$name" "$type_should" - needToSave=1 - elif [ "$state_is" = "present" ] && [ "$type_is" != "$type_should" ]; then - echo ipset destroy "$name" - echo "rm \"/etc/ipset.d/${name}.saved\" || true" - echo ipset create "$name" "$type_should" - needToSave=1 - fi - ;; - absent) - if [ "$state_is" = "present" ]; then - echo ipset destroy "$name" - echo "rm \"/etc/ipset.d/${name}.saved\" || true" - fi - ;; - *) - echo "Unknown state: $state_should" >&2 - exit 1 - ;; -esac - -if [ "$state_should" = "present" ]; then - if [ -f "$p/add" ]; then - while read -r value; do - if ! grep -qFx "$value" "$e/content"; then - echo "ipset -! add $name $value" - needToSave=1 - fi - done < "$p/add" - fi - - if [ -f "$p/del" ]; then - while read -r value; do - if grep -qFx "$value" "$e/content"; then - echo "ipset -! del $name $value" - needToSave=1 - fi - done < "$p/del" - fi -elif [ "$state_should" = "absent" ] && \( [ -f "$p/add" ] || [ -f "$p/del" ] \); then - echo "Error: ipset state absent is incompatible with --add or --del" >&2 - exit 1 -fi - -if [ $needToSave -ne 0 ]; then - echo /usr/local/bin/ipsets-save "$name" -fi diff --git a/cdist/conf/type/__ipset/man.rst b/cdist/conf/type/__ipset/man.rst deleted file mode 100644 index f376470e..00000000 --- a/cdist/conf/type/__ipset/man.rst +++ /dev/null @@ -1,69 +0,0 @@ -cdist-type__ipset(7) -==================== - -NAME ----- -cdist-type__ipset - Manage ipset sets - -DESCRIPTION ------------ -Making use of ipset sets in iptable rules can make your rules more expressive, maintainable and efficient. - -REQUIRED PARAMETERS -------------------- -type - One of the supported ipset set types, for a full list see: - - ``ipset help`` - -OPTIONAL PARAMETERS -------------------- -add - The entry that must exist in the given set. - - Can be used multiple times. -del - The entry that must not exist in the given set. - - Can be used multiple times. -state - Can be: - - - ``present``: ensure that the given set exists. - - ``absent``: ensure the given set doesn't exist. - -BOOLEAN PARAMETERS ------------------- -None. - -EXAMPLES --------- - -.. code-block:: sh - - # Make sure a set with the given name/type exists: - __ipset testset1 --type hash:ip - - # Ensure allowed_ssh_clients contains private range: - __ipset allowed_ssh_hosts --type hash:net \ - --add 192.168.0.0/24 --add 10.0.0.0/8 - - # Make sure host is not on the blocked list: - __ipset blocked_hosts --type hash:ip \ - --del 1.2.3.4 - - -SEE ALSO --------- -:strong:`cdist-type__iptables_rule`\ (7), :strong:`iptables`\ (8) - -AUTHORS -------- -Mesar Hameed - -COPYING -------- -Copyright \(C) 2021 Mesar Hameed. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/cdist/conf/type/__ipset/manifest b/cdist/conf/type/__ipset/manifest deleted file mode 100755 index 769a50b8..00000000 --- a/cdist/conf/type/__ipset/manifest +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh -e -# -# 2021 Mesar Hameed (mesar.hameed at gmail.com) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -os=$(cat "$__global/explorer/os") -case "$os" in - debian) - : - ;; - ubuntu) - : - ;; - *) - echo "OS $os currently not supported" >&2 - exit 1 - ;; -esac - -export CDIST_ORDER_DEPENDENCY=on - -# install packages -__package ipset - -__file /etc/init.d/ipset-persistent --mode 0755 --source "${__type}/files/ipset-persistent" -__file /usr/local/bin/ipsets-restore --mode 0755 --source "${__type}/files/ipsets-restore" -__file /usr/local/bin/ipsets-save --mode 0755 --source "${__type}/files/ipsets-save" -__systemd_unit ipset-persistent --enablement-state enabled --restart - -unset CDIST_ORDER_DEPENDENCY diff --git a/cdist/conf/type/__ipset/parameter/default/state b/cdist/conf/type/__ipset/parameter/default/state deleted file mode 100644 index e7f6134f..00000000 --- a/cdist/conf/type/__ipset/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -present diff --git a/cdist/conf/type/__ipset/parameter/optional b/cdist/conf/type/__ipset/parameter/optional deleted file mode 100644 index ff72b5c7..00000000 --- a/cdist/conf/type/__ipset/parameter/optional +++ /dev/null @@ -1 +0,0 @@ -state diff --git a/cdist/conf/type/__ipset/parameter/optional_multiple b/cdist/conf/type/__ipset/parameter/optional_multiple deleted file mode 100644 index 4f890061..00000000 --- a/cdist/conf/type/__ipset/parameter/optional_multiple +++ /dev/null @@ -1,2 +0,0 @@ -add -del diff --git a/cdist/conf/type/__ipset/parameter/required b/cdist/conf/type/__ipset/parameter/required deleted file mode 100644 index aa80e646..00000000 --- a/cdist/conf/type/__ipset/parameter/required +++ /dev/null @@ -1 +0,0 @@ -type diff --git a/cdist/conf/type/__iptables_apply/files/init-script b/cdist/conf/type/__iptables_apply/files/init-script index e42017ae..d9c79ef7 100644 --- a/cdist/conf/type/__iptables_apply/files/init-script +++ b/cdist/conf/type/__iptables_apply/files/init-script @@ -1,4 +1,7 @@ #!/bin/sh +# Nico Schottelius +# Zürisee, Mon Sep 2 18:38:27 CEST 2013 +# ### BEGIN INIT INFO # Provides: iptables # Required-Start: $local_fs $remote_fs @@ -11,72 +14,34 @@ # and saves/restores previous status ### END INIT INFO -# Originally written by: -# Nico Schottelius -# Zürisee, Mon Sep 2 18:38:27 CEST 2013 -# -# 2013 Nico Schottelius (nico-cdist at schottelius.org) -# 2020 Matthias Stecher (matthiasstecher at gmx.de) -# -# This file is distributed with cdist and licenced under the -# GNU GPLv3+ WITHOUT ANY WARRANTY. - - -# Read files and execute the content with the given commands -# -# Arguments: -# 1: Directory -# 2..n: Commands which should be used to execute the file content -gothrough() { - cd "$1" || return - shift - - # iterate through all rules and continue if it's not a file - for rule in *; do - [ -f "$rule" ] || continue - echo "Appling iptables rule $rule ..." - - # execute it with all commands specificed - ruleparam="$(cat "$rule")" - for cmd in "$@"; do - # Command and Rule should be split. - # shellcheck disable=SC2046 - command $cmd $ruleparam - done - done -} - -# Shortcut for iptables command to do IPv4 and v6 -# only applies to the "reset" target -iptables() { - command iptables "$@" - command ip6tables "$@" -} basedir=/etc/iptables.d -status4="${basedir}/.pre-start" -status6="${basedir}/.pre-start6" +status="${basedir}/.pre-start" case $1 in start) # Save status - iptables-save > "$status4" - ip6tables-save > "$status6" + iptables-save > "$status" # Apply our ruleset - gothrough "$basedir" iptables - #gothrough "$basedir/v4" iptables # conflicts with $basedir - gothrough "$basedir/v6" ip6tables - gothrough "$basedir/all" iptables ip6tables + cd "$basedir" || exit + count="$(find . ! -name . -prune | wc -l)" + + # Only do something if there are rules + if [ "$count" -ge 1 ]; then + for rule in *; do + echo "Applying iptables rule $rule ..." + # Rule should be split. + # shellcheck disable=SC2046 + iptables $(cat "$rule") + done + fi ;; stop) # Restore from status before, if there is something to restore - if [ -f "$status4" ]; then - iptables-restore < "$status4" - fi - if [ -f "$status6" ]; then - ip6tables-restore < "$status6" + if [ -f "$status" ]; then + iptables-restore < "$status" fi ;; restart) diff --git a/cdist/conf/type/__iptables_apply/man.rst b/cdist/conf/type/__iptables_apply/man.rst index 3bef92cc..76e1f6bf 100644 --- a/cdist/conf/type/__iptables_apply/man.rst +++ b/cdist/conf/type/__iptables_apply/man.rst @@ -10,24 +10,7 @@ DESCRIPTION ----------- This cdist type deploys an init script that triggers the configured rules and also re-applies them on -configuration. Rules are written from __iptables_rule -into the folder ``/etc/iptables.d/``. - -It reads all rules from the base folder as rules for IPv4. -Rules in the subfolder ``v6/`` are IPv6 rules. Rules in -the subfolder ``all/`` are applied to both rule tables. All -files contain the arguments for a single ``iptables`` and/or -``ip6tables`` command. - -Rules are applied in the following order: -1. All IPv4 rules -2. All IPv6 rules -2. All rules that should be applied to both tables - -The order of the rules that will be applied are definite -from the result the shell glob returns, which should be -alphabetical. If rules must be applied in a special order, -prefix them with a number like ``02-some-rule``. +configuration. REQUIRED PARAMETERS @@ -41,7 +24,7 @@ None EXAMPLES -------- -None (__iptables_apply is used by __iptables_rule automatically) +None (__iptables_apply is used by __iptables_rule) SEE ALSO @@ -52,13 +35,11 @@ SEE ALSO AUTHORS ------- Nico Schottelius -Matthias Stecher COPYING ------- -Copyright \(C) 2013 Nico Schottelius. -Copyright \(C) 2020 Matthias Stecher. -You can redistribute it and/or modify it under the terms of the GNU -General Public License as published by the Free Software Foundation, -either version 3 of the License, or (at your option) any later version. +Copyright \(C) 2013 Nico Schottelius. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__iptables_rule/man.rst b/cdist/conf/type/__iptables_rule/man.rst index afb71e01..92d8859f 100644 --- a/cdist/conf/type/__iptables_rule/man.rst +++ b/cdist/conf/type/__iptables_rule/man.rst @@ -11,10 +11,6 @@ DESCRIPTION This cdist type allows you to manage iptable rules in a distribution independent manner. -See :strong:`cdist-type__iptables_apply`\ (7) for the -execution order of these rules. It will be executed -automaticly to apply all rules non-volaite. - REQUIRED PARAMETERS ------------------- @@ -29,24 +25,6 @@ state 'present' or 'absent', defaults to 'present' -BOOLEAN PARAMETERS ------------------- -All rules without any of these parameters will be treated like ``--v4`` because -of backward compatibility. - -v4 - Explicitly set it as rule for IPv4. If IPv6 is set, too, it will be - threaten like ``--all``. Will be the default if nothing else is set. - -v6 - Explicitly set it as rule for IPv6. If IPv4 is set, too, it will be - threaten like ``--all``. - -all - Set the rule for both IPv4 and IPv6. It will be saved separately from the - other rules. - - EXAMPLES -------- @@ -70,16 +48,6 @@ EXAMPLES --state absent - # IPv4-only rule for ICMPv4 - __iptables_rule icmp-v4 --v4 --rule "-A INPUT -p icmp -j ACCEPT" - # IPv6-only rule for ICMPv6 - __iptables_rule icmp-v6 --v6 --rule "-A INPUT -p icmpv6 -j ACCEPT" - - # doing something for the dual stack - __iptables_rule fwd-eth0-eth1 --v4 --v6 --rule "-A INPUT -i eth0 -o eth1 -j ACCEPT" - __iptables_rule fwd-eth1-eth0 --all --rule "-A -o eth1 -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT" - - SEE ALSO -------- :strong:`cdist-type__iptables_apply`\ (7), :strong:`iptables`\ (8) @@ -88,13 +56,11 @@ SEE ALSO AUTHORS ------- Nico Schottelius -Matthias Stecher COPYING ------- -Copyright \(C) 2013 Nico Schottelius. -Copyright \(C) 2020 Matthias Stecher. -You can redistribute it and/or modify it under the terms of the GNU -General Public License as published by the Free Software Foundation, -either version 3 of the License, or (at your option) any later version. +Copyright \(C) 2013 Nico Schottelius. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__iptables_rule/manifest b/cdist/conf/type/__iptables_rule/manifest index d4394c25..ed78787f 100755 --- a/cdist/conf/type/__iptables_rule/manifest +++ b/cdist/conf/type/__iptables_rule/manifest @@ -1,7 +1,6 @@ #!/bin/sh -e # # 2013 Nico Schottelius (nico-cdist at schottelius.org) -# 2020 Matthias Stecher (matthiasstecher at gmx.de) # # This file is part of cdist. # @@ -25,36 +24,12 @@ base_dir=/etc/iptables.d name="$__object_id" state="$(cat "$__object/parameter/state")" -if [ -f "$__object/parameter/v4" ]; then - only_v4="yes" - # $specific_dir is $base_dir -fi -if [ -f "$__object/parameter/v6" ]; then - only_v6="yes" - specific_dir="$base_dir/v6" -fi -# If rules should be set for both protocols -if { [ "$only_v4" = "yes" ] && [ "$only_v6" = "yes" ]; } || - [ -f "$__object/parameter/all" ]; then - - # all to a specific directory - specific_dir="$base_dir/all" -fi - -# set rule directory based on if it's the base or subdirectory -rule_dir="${specific_dir:-$base_dir}" - ################################################################################ # Basic setup # __directory "$base_dir" --state present -# sub-directory if required -if [ "$specific_dir" ]; then - require="__directory/$base_dir" __directory "$specific_dir" --state present -fi - # Have apply do the real job require="$__object_name" __iptables_apply @@ -62,15 +37,6 @@ require="$__object_name" __iptables_apply # The rule # -for dir in "$base_dir" "$base_dir/v6" "$base_dir/all"; do - # defaults to absent except the directory that should contain the file - if [ "$rule_dir" = "$dir" ]; then - curr_state="$state" - else - curr_state="absent" - fi - - require="__directory/$rule_dir" __file "$dir/$name" \ - --source "$__object/parameter/rule" \ - --state "$curr_state" -done +require="__directory/$base_dir" __file "$base_dir/${name}" \ + --source "$__object/parameter/rule" \ + --state "$state" diff --git a/cdist/conf/type/__iptables_rule/parameter/boolean b/cdist/conf/type/__iptables_rule/parameter/boolean deleted file mode 100644 index 76882272..00000000 --- a/cdist/conf/type/__iptables_rule/parameter/boolean +++ /dev/null @@ -1,3 +0,0 @@ -all -v4 -v6 diff --git a/cdist/conf/type/__key_value/explorer/state b/cdist/conf/type/__key_value/explorer/state index d24600af..7b2de1df 100755 --- a/cdist/conf/type/__key_value/explorer/state +++ b/cdist/conf/type/__key_value/explorer/state @@ -40,9 +40,7 @@ else fi export key state delimiter value exact_delimiter -awk_bin=$(PATH=$(getconf PATH 2>/dev/null) && command -v awk || echo awk) - -"${awk_bin}" -f - "$file" <<"AWK_EOF" +awk -f - "$file" <<"AWK_EOF" BEGIN { state=ENVIRON["state"] key=ENVIRON["key"] diff --git a/cdist/conf/type/__key_value/files/remote_script.sh b/cdist/conf/type/__key_value/files/remote_script.sh index faf080cb..f7a1add5 100644 --- a/cdist/conf/type/__key_value/files/remote_script.sh +++ b/cdist/conf/type/__key_value/files/remote_script.sh @@ -24,10 +24,7 @@ if [ -f "$file" ]; then else touch "$file" fi - -awk_bin=$(PATH=$(getconf PATH 2>/dev/null) && command -v awk || echo awk) - -"${awk_bin}" -f - "$file" >"$tmpfile" <<"AWK_EOF" +awk -f - "$file" >"$tmpfile" <<"AWK_EOF" BEGIN { # import variables in a secure way .. state=ENVIRON["state"] diff --git a/cdist/conf/type/__key_value/gencode-remote b/cdist/conf/type/__key_value/gencode-remote index 1174400e..13cc27c7 100755 --- a/cdist/conf/type/__key_value/gencode-remote +++ b/cdist/conf/type/__key_value/gencode-remote @@ -25,7 +25,7 @@ state_should="$(cat "$__object/parameter/state")" state_is="$(cat "$__object/explorer/state")" fire_onchange='' -if [ "$state_is" = "$state_should" ]; then +if [ "$state_is" = "$state_should" ]; then exit 0 fi diff --git a/cdist/conf/type/__letsencrypt_cert/man.rst b/cdist/conf/type/__letsencrypt_cert/man.rst index 85eb88ea..c4ffc6bc 100644 --- a/cdist/conf/type/__letsencrypt_cert/man.rst +++ b/cdist/conf/type/__letsencrypt_cert/man.rst @@ -59,13 +59,13 @@ MESSAGES -------- change - Certificate was changed. + Certificte was changed. create - Certificate was created. + Certificte was created. remove - Certificate was removed. + Certificte was removed. EXAMPLES -------- diff --git a/cdist/conf/type/__letsencrypt_cert/manifest b/cdist/conf/type/__letsencrypt_cert/manifest index b4464366..bc039e44 100755 --- a/cdist/conf/type/__letsencrypt_cert/manifest +++ b/cdist/conf/type/__letsencrypt_cert/manifest @@ -8,9 +8,6 @@ if [ -z "${certbot_fullpath}" ]; then case "$os" in archlinux) - __package certbot - ;; - alpine) __package certbot ;; debian) @@ -91,9 +88,6 @@ if [ -z "${certbot_fullpath}" ]; then certbot_fullpath=/usr/local/bin/certbot ;; - ubuntu) - __package certbot - ;; *) echo "Unsupported os: $os" >&2 exit 1 diff --git a/cdist/conf/type/__line/explorer/state b/cdist/conf/type/__line/explorer/state index 9d480b19..2ef252c8 100755 --- a/cdist/conf/type/__line/explorer/state +++ b/cdist/conf/type/__line/explorer/state @@ -1,7 +1,6 @@ #!/bin/sh -e # # 2018 Steven Armstrong (steven-cdist at armstrong.cc) -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -19,14 +18,6 @@ # along with cdist. If not, see . # -if [ -f "$__object/parameter/file" ]; then - file=$(cat "$__object/parameter/file") -else - file="/$__object_id" -fi - -[ -f "$file" ] || exit 0 - if [ -f "$__object/parameter/before" ]; then position="before" elif [ -f "$__object/parameter/after" ]; then @@ -42,66 +33,63 @@ else needle="line" fi +if [ -f "$__object/parameter/file" ]; then + file="$(cat "$__object/parameter/file")" +else + file="/$__object_id" +fi + +if [ ! -f "$file" ]; then + echo "file_missing" + exit 0 +fi + awk -v position="$position" -v needle="$needle" ' function _find(_text, _pattern) { if (needle == "regex") { return match(_text, _pattern) } else { - return index(_text, _pattern) == 1 + return index(_text, _pattern) } } BEGIN { getline anchor < (ENVIRON["__object"] "/parameter/" position) getline pattern < (ENVIRON["__object"] "/parameter/" needle) - getline line < (ENVIRON["__object"] "/parameter/line") - - found_line = 0 - correct_line = 0 - correct_pos = (position != "after" && position != "before") + state = "absent" } { if (position == "after") { if (match($0, anchor)) { getline if (_find($0, pattern)) { - found_line++ - if (index($0, line) == 1) { correct_line++ } - correct_pos = 1 - exit 0 + state = "present" } - } else if (_find($0, pattern)) { - found_line++ - if (index($0, line) == 1) { correct_line++ } + else { + state = "wrongposition" + } + exit 0 } - } else if (position == "before") { + } + else if (position == "before") { if (_find($0, pattern)) { - found_line++ - if (index($0, line) == 1) { correct_line++ } getline if (match($0, anchor)) { - correct_pos = 1 - exit 0 + state = "present" } + else { + state = "wrongposition" + } + exit 0 } - } else { + } + else { if (_find($0, pattern)) { - found_line++ - if (index($0, line) == 1) { correct_line++ } + state = "present" exit 0 } } } END { - if (found_line && correct_pos) { - if (correct_line) { - print "present" - } else { - print "matching" - } - } else if (found_line) { - print "wrongposition" - } else { - print "absent" - } + print state } ' "$file" diff --git a/cdist/conf/type/__line/gencode-remote b/cdist/conf/type/__line/gencode-remote index a89886da..03e90c1b 100755 --- a/cdist/conf/type/__line/gencode-remote +++ b/cdist/conf/type/__line/gencode-remote @@ -1,7 +1,6 @@ #!/bin/sh -e # # 2018 Steven Armstrong (steven-cdist at armstrong.cc) -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -24,25 +23,10 @@ if [ -f "$__object/parameter/before" ] && [ -f "$__object/parameter/after" ]; th exit 1 fi -if [ -f "$__object/parameter/file" ]; then - file="$(cat "$__object/parameter/file")" -else - file="/$__object_id" -fi - state_should="$(cat "$__object/parameter/state")" state_is="$(cat "$__object/explorer/state")" -if [ -z "$state_is" ]; then - printf 'The file "%s" is missing. Please create it before using %s on it.\n' "$file" "${__type##*/}" >&2 - exit 1 -fi - -if [ "$state_should" = "$state_is" ] || \ - { [ "$state_should" = "present" ] && [ "$state_is" = "matching" ] ;} || \ - { [ "$state_should" = "replace" ] && [ "$state_is" = "present" ] ;} ; then - # If state matches already, or 'present' is used and regex matches - # or 'replace' is used and the exact line is present, then there is +if [ "$state_should" = "$state_is" ]; then # nothing to do exit 0 fi @@ -62,11 +46,17 @@ else needle="line" fi +if [ -f "$__object/parameter/file" ]; then + file="$(cat "$__object/parameter/file")" +else + file="/$__object_id" +fi + add=0 remove=0 case "$state_should" in - present|replace) - if [ "$state_is" = "wrongposition" ] || [ "$state_is" = "matching" ]; then + present) + if [ "$state_is" = "wrongposition" ]; then echo updated >> "$__messages_out" remove=1 else @@ -114,12 +104,10 @@ BEGIN { if (anchor && match(\$0, anchor)) { if (position == "before") { print line - add = 0 print } else if (position == "after") { print print line - add = 0 } next } @@ -127,7 +115,7 @@ BEGIN { print } END { - if (add) { + if (add && position == "end") { print line } } diff --git a/cdist/conf/type/__line/man.rst b/cdist/conf/type/__line/man.rst index 70490f68..f76cab64 100644 --- a/cdist/conf/type/__line/man.rst +++ b/cdist/conf/type/__line/man.rst @@ -31,7 +31,7 @@ file line Specifies the line which should be absent or present. - Must be present, if state is 'present' or 'replace'. + Must be present, if state is 'present'. Ignored if regex is given and state is 'absent'. regex @@ -41,13 +41,10 @@ regex If state is 'absent', ensure all lines matching the regular expression are absent. - If state is 'replace', ensure all lines matching the regular expression - are exactly 'line'. - The regular expression is interpreted by awk's match function. state - 'present', 'absent' or 'replace', defaults to 'present'. + 'present' or 'absent', defaults to 'present' onchange The code to run if line is added, removed or updated. @@ -102,12 +99,6 @@ EXAMPLES --line '-session required pam_exec.so debug log=/tmp/classify.log /usr/local/libexec/classify' \ --after '^session[[:space:]]+include[[:space:]]+password-auth-ac$' - # Uncomment as needed and set a value in a configuration file. - __line /etc/example.conf \ - --line 'SomeSetting SomeValue' \ - --regex '^(#[[:space:]]*)?SomeSetting[[:space:]]' \ - --state replace - SEE ALSO -------- diff --git a/cdist/conf/type/__link/man.rst b/cdist/conf/type/__link/man.rst index 2e81aea9..fe0ce425 100644 --- a/cdist/conf/type/__link/man.rst +++ b/cdist/conf/type/__link/man.rst @@ -18,7 +18,7 @@ source Specifies the link source. type - Specifies the link type: Either hard or symbolic. + Specifies the link type: Either hard or symoblic. OPTIONAL PARAMETERS diff --git a/cdist/conf/type/__locale/deprecated b/cdist/conf/type/__locale/deprecated deleted file mode 100644 index 5a06b28e..00000000 --- a/cdist/conf/type/__locale/deprecated +++ /dev/null @@ -1 +0,0 @@ -This type is deprecated. Please use __localedef instead. diff --git a/cdist/conf/type/__locale/explorer/state b/cdist/conf/type/__locale/explorer/state deleted file mode 100755 index 4494fcbc..00000000 --- a/cdist/conf/type/__locale/explorer/state +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh -e -# __locale/explorer/state -# -# 2020 Matthias Stecher (matthiasstecher at gmx.de) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# -# Check if the locale is already installed on the system. -# Outputs 'present' or 'absent' depending if the locale exists. -# - - -# Get user-defined locale -# locale name is echoed differently than the user propably set it (for UTF-8) -locale="$(echo "$__object_id" | sed 's/UTF-8/utf8/')" - -# Check if the given locale exists on the system -if localedef --list-archive | grep -qFx "$locale"; then - echo present -else - echo absent -fi diff --git a/cdist/conf/type/__locale/gencode-remote b/cdist/conf/type/__locale/gencode-remote index 4639cef8..1feb9884 100755 --- a/cdist/conf/type/__locale/gencode-remote +++ b/cdist/conf/type/__locale/gencode-remote @@ -23,15 +23,6 @@ locale="$__object_id" -state_is=$(cat "$__object/explorer/state") -state_should=$(cat "$__object/parameter/state") - -# short circuit if there is nothing to do -if [ "$state_is" = "$state_should" ]; then - exit 0 -fi - - # Hardcoded, create a pull request with # branching on $os in case it is at another location alias=/usr/share/locale/locale.alias @@ -44,6 +35,8 @@ charmap=$(echo "$locale" | cut -d . -f 2) # W-T-F! locale_remove=$(echo "$locale" | sed 's/UTF-8/utf8/') +state=$(cat "$__object/parameter/state") + os=$(cat "$__global/explorer/os") # Nothing to be done on alpine @@ -53,7 +46,7 @@ case "$os" in ;; esac -case "$state_should" in +case "$state" in present) echo localedef -A "$alias" -f "$charmap" -i "$input" "$locale" ;; @@ -61,7 +54,7 @@ case "$state_should" in echo localedef --delete-from-archive "$locale_remove" ;; *) - echo "Unsupported state: $state_should" >&2 + echo "Unsupported state: $state" >&2 exit 1 ;; esac diff --git a/cdist/conf/type/__locale_system/manifest b/cdist/conf/type/__locale_system/manifest index 4b996ebc..80f7401b 100755 --- a/cdist/conf/type/__locale_system/manifest +++ b/cdist/conf/type/__locale_system/manifest @@ -3,7 +3,6 @@ # 2012-2016 Steven Armstrong (steven-cdist at armstrong.cc) # 2016 Carlos Ortigoza (carlos.ortigoza at ungleich.ch) # 2016 Nico Schottelius (nico.schottelius at ungleich.ch) -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -24,171 +23,17 @@ # Configure system-wide locale by modifying i18n file. # -version_ge() { - awk -F '[^0-9.]' -v target="${1:?}" ' - function max(x, y) { return x > y ? x : y } - BEGIN { - getline - nx = split($1, x, ".") - ny = split(target, y, ".") - for (i = 1; i <= max(nx, ny); ++i) { - diff = int(x[i]) - int(y[i]) - if (diff == 0) continue - exit (diff < 0) - } - }' -} - - -key=$__object_id -onchange_cmd= # none, by default -quote_value=false - -catval() { - # shellcheck disable=SC2059 - printf "$($quote_value && echo '"%s"' || echo '%s')" "$(cat "$1")" -} - -state_should=$(cat "${__object}/parameter/state") - os=$(cat "$__global/explorer/os") -case $os -in - debian) - if version_ge 4 <"${__global}/explorer/os_version" - then - # Debian 4 (etch) and later - locale_conf="/etc/default/locale" - else - locale_conf="/etc/environment" - fi - ;; - devuan) +case "$os" in + debian|ubuntu) locale_conf="/etc/default/locale" ;; - ubuntu) - if version_ge 6.10 <"${__global}/explorer/os_version" - then - # Ubuntu 6.10 (edgy) and later - locale_conf="/etc/default/locale" - else - locale_conf="/etc/environment" - fi - ;; archlinux) locale_conf="/etc/locale.conf" ;; - centos|redhat|scientific) - # shellcheck source=/dev/null - version_id=$(. "${__global}/explorer/os_release" && echo "${VERSION_ID:-0}") - if echo "${version_id}" | version_ge 7 - then - locale_conf="/etc/locale.conf" - else - locale_conf="/etc/sysconfig/i18n" - fi - ;; - fedora) - # shellcheck source=/dev/null - version_id=$(. "${__global}/explorer/os_release" && echo "${VERSION_ID:-0}") - if echo "${version_id}" | version_ge 18 - then - locale_conf="/etc/locale.conf" - quote_value=false - else - locale_conf="/etc/sysconfig/i18n" - fi - ;; - gentoo) - case $(cat "${__global}/explorer/init") - in - (*openrc*) - locale_conf="/etc/env.d/02locale" - onchange_cmd="env-update --no-ldconfig" - quote_value=true - ;; - (systemd) - locale_conf="/etc/locale.conf" - ;; - esac - ;; - freebsd|netbsd) - # NetBSD doesn't have a separate configuration file to set locales. - # In FreeBSD locales could be configured via /etc/login.conf but parsing - # that would be annoying, so the shell login file will have to do. - # "Non-POSIX" shells like csh will not be updated here. - - locale_conf="/etc/profile" - quote_value=true - value="$(catval "${__object}/parameter/value"); export ${key}" - ;; - solaris) - locale_conf="/etc/default/init" - locale_conf_group="sys" - - if version_ge 5.11 <"${__global}/explorer/os_version" - then - # mode on Oracle Solaris 11 is actually 0444, - # but the write bit makes sense, IMO - locale_conf_mode=0644 - - # Oracle Solaris 11.2 and later uses SMF to store environment info. - # This is a hack, but I didn't feel like modifying the whole type - # just for some Oracle nonsense. - # 11.3 apparently added nlsadm(1m), but it is missing from 11.2. - # Illumos continues to use /etc/default/init - # NOTE: Remember not to use "cool" POSIX features like -q or -e with - # Solaris grep. - release_regex='Oracle Solaris 11.[2-9][0-9]*' - case $state_should - in - (present) - svccfg_cmd="svccfg -s svc:/system/environment:init setprop environment/${key} = astring: '$(cat "${__object}/parameter/value")'" - ;; - (absent) - svccfg_cmd="svccfg -s svc:/system/environment:init delprop environment/${key}" - ;; - esac - refresh_cmd='svcadm refresh svc:/system/environment' - onchange_cmd="grep '${release_regex}' /etc/release >&- || exit 0; ${svccfg_cmd:-:} && ${refresh_cmd}" - else - locale_conf_mode=0555 - fi - ;; - slackware) - # NOTE: lang.csh (csh config) is ignored here. - locale_conf="/etc/profile.d/lang.sh" - locale_conf_mode=0755 - key="export ${__object_id}" - ;; - suse) - if test -s "${__global}/explorer/os_release" - then - # shellcheck source=/dev/null - os_version=$(. "${__global}/explorer/os_release" && echo "${VERSION}") - else - os_version=$(sed -n 's/^VERSION\ *=\ *//p' "${__global}/explorer/os_version") - fi - os_major=$(expr "${os_version}" : '\([0-9]\{1,\}\)') - - # https://documentation.suse.com/sles/15-SP2/html/SLES-all/cha-suse.html#sec-suse-l10n - if expr "${os_major}" '>=' 15 \& "${os_major}" != 42 - then - # It seems that starting with SuSE 15 the systemd /etc/locale.conf - # is the preferred way to set locales, although - # /etc/sysconfig/language is still available. - # Older documentation doesn't mention /etc/locale.conf, even though - # is it created when localectl is used. - locale_conf="/etc/locale.conf" - else - locale_conf="/etc/sysconfig/language" - quote_value=true - key="RC_${__object_id}" - fi - ;; - voidlinux) - locale_conf="/etc/locale.conf" + redhat|centos) + locale_conf="/etc/sysconfig/i18n" ;; *) echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 @@ -197,16 +42,14 @@ in ;; esac -__file "${locale_conf}" --state exists \ - --owner "${locale_conf_owner:-0}" \ - --group "${locale_conf_group:-0}" \ - --mode "${locale_conf_mode:-0644}" +__file "$locale_conf" \ + --owner root --group root --mode 644 \ + --state exists -require="__file/${locale_conf}" \ -__key_value "${locale_conf}:${key#export }" \ - --file "${locale_conf}" \ - --key "${key}" \ - --delimiter '=' --exact_delimiter \ - --state "${state_should}" \ - --value "${value:-$(catval "${__object}/parameter/value")}" \ - --onchange "${onchange_cmd}" +require="__file/$locale_conf" \ + __key_value "$locale_conf:$__object_id" \ + --file "$locale_conf" \ + --key "$__object_id" \ + --delimiter = \ + --state "$(cat "$__object/parameter/state")" \ + --value "$(cat "$__object/parameter/value")" diff --git a/cdist/conf/type/__localedef/explorer/state b/cdist/conf/type/__localedef/explorer/state deleted file mode 100755 index 3ba57661..00000000 --- a/cdist/conf/type/__localedef/explorer/state +++ /dev/null @@ -1,100 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# This explorer determines if the locale is defined on the target system. -# Will print nothing on error. -# -# Possible output: -# present: -# the main locale (and possibly aliases) is present -# absent: -# neither the main locale nor any aliases are present -# alias-present: -# the main locale is absent, but at least one of its aliases is present -# - -# Hardcoded, create a pull request in case it is at another location for -# some other distro. (cf. gencode-remote) -aliasfile='/usr/share/locale/locale.alias' - -command -v locale >/dev/null 2>&1 || exit 0 - -locales=$(locale -a) - -parse_locale() { - # This function will split locales into their parts. Locale strings are - # usually of the form: [language[_territory][.codeset][@modifier]] - # For simplicity, language and territory are not separated by this function. - # Old Linux systems were also using "english" or "german" as locale strings. - # Usage: parse_locale locale_str lang_var codeset_var modifier_var - eval "${2:?}"="$(expr "$1" : '\([^.@]*\)')" - eval "${3:?}"="$(expr "$1" : '[^.]*\.\([^@]*\)')" - eval "${4:?}"="$(expr "$1" : '.*@\(.*\)$')" -} - -format_locale() { - # Usage: format_locale language codeset modifier - printf '%s' "$1" - test -z "$2" || printf '.%s' "$2" - test -z "$3" || printf '@%s' "$3" - printf '\n' -} - -gnu_normalize_codeset() { - # reimplementation of glibc/locale/programs/localedef.c normalize_codeset() - echo "$*" | tr '[:upper:]' '[:lower:]' | tr -cd '[:alnum:]' -} - -locale_available() ( - echo "${locales}" | grep -qxF "$1" || { - # glibc uses "normalized" locale names in archives. - # If a locale is stored in an archive, the normalized name will be - # printed by locale, so that needs to be checked, too. - localename=$( - parse_locale "$1" _lang _codeset _modifier \ - && format_locale "${_lang:?}" "$(gnu_normalize_codeset "${_codeset?}")" \ - "${_modifier?}") - echo "${locales}" | grep -qxF "${localename}" - } -) - -if locale_available "${__object_id:?}" -then - echo present -else - # NOTE: locale.alias can be symlinked. - if test -e "${aliasfile}" - then - # Check if one of the aliases of the locale is defined - baselocale=$( - parse_locale "${__object_id:?}" _lang _codeset _modifiers \ - && format_locale "${_lang}" "${_codeset}") - while read -r _alias _localename - do - if test "${_localename}" = "${baselocale}" \ - && echo "${locales}" | grep -qxF "${_alias}" - then - echo alias-present - exit 0 - fi - done <"${aliasfile}" - fi - - echo absent -fi diff --git a/cdist/conf/type/__localedef/files/lib/glibc.sh b/cdist/conf/type/__localedef/files/lib/glibc.sh deleted file mode 100644 index 6ace80d4..00000000 --- a/cdist/conf/type/__localedef/files/lib/glibc.sh +++ /dev/null @@ -1,5 +0,0 @@ -# -*- mode: sh; indent-tabs-mode: t -*- - -gnu_normalize_codeset() { - echo "$*" | tr -cd '[:alnum:]' | tr '[:upper:]' '[:lower:]' -} diff --git a/cdist/conf/type/__localedef/files/lib/locale.sh b/cdist/conf/type/__localedef/files/lib/locale.sh deleted file mode 100644 index b5e61374..00000000 --- a/cdist/conf/type/__localedef/files/lib/locale.sh +++ /dev/null @@ -1,20 +0,0 @@ -# -*- mode: sh; indent-tabs-mode:t -*- - -parse_locale() { - # This function will split locales into their parts. Locale strings are - # usually of the form: [language[_territory][.codeset][@modifier]] - # For simplicity, language and territory are not separated by this function. - # Old Linux systems were also using "english" or "german" as locale strings. - # Usage: parse_locale locale_str lang_var codeset_var modifier_var - eval "${2:?}"="$(expr "$1" : '\([^.@]*\)')" - eval "${3:?}"="$(expr "$1" : '[^.]*\.\([^@]*\)')" - eval "${4:?}"="$(expr "$1" : '.*@\(.*\)$')" -} - -format_locale() { - # Usage: format_locale language codeset modifier - printf '%s' "$1" - test -z "$2" || printf '.%s' "$2" - test -z "$3" || printf '@%s' "$3" - printf '\n' -} diff --git a/cdist/conf/type/__localedef/gencode-remote b/cdist/conf/type/__localedef/gencode-remote deleted file mode 100755 index 4538151f..00000000 --- a/cdist/conf/type/__localedef/gencode-remote +++ /dev/null @@ -1,136 +0,0 @@ -#!/bin/sh -e -# -# 2013-2019 Nico Schottelius (nico-cdist at schottelius.org) -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# Manage system locales using localedef(1). -# - -# shellcheck source=cdist/conf/type/__localedef/files/lib/locale.sh -. "${__type:?}/files/lib/locale.sh" -# shellcheck source=cdist/conf/type/__localedef/files/lib/glibc.sh -. "${__type:?}/files/lib/glibc.sh" - -state_is=$(cat "${__object:?}/explorer/state") -state_should=$(cat "${__object:?}/parameter/state") - -test "${state_should}" = 'present' -o "${state_should}" = 'absent' || { - printf 'Invalid state: %s\n' "${state_should}" >&2 - exit 1 -} - -# NOTE: If state explorer fails (e.g. locale(1) missing), the following check -# will always fail and let definition/removal run. -if test "${state_is}" = "${state_should}" -then - exit 0 -fi - -locale=${__object_id:?} -os=$(cat "${__global:?}/explorer/os") - -if expr "${locale}" : '.*/' >/dev/null -then - printf 'Paths as locales are not supported.\n' >&2 - printf '__object_id is: %s\n' "${locale}" >&2 - exit 1 -fi - -: "${lang=}" "${codeset=}" "${modifier=}" # declare variables for shellcheck -parse_locale "${locale}" lang codeset modifier - - -case ${os} -in - (alpine|openwrt) - printf '%s does not support locales.\n' "${os}" >&2 - exit 1 - ;; - (archlinux|debian|devuan|ubuntu|suse|centos|fedora|redhat|scientific) - # FIXME: The code below only works for glibc-based installations. - - # NOTE: Hardcoded, create a pull request in case it is at another - # location for some opther distro. - # NOTE: locale.alias can be symlinked (e.g. Debian) - aliasfile='/usr/share/locale/locale.alias' - - case ${state_should} - in - (present) - input=$(format_locale "${lang}" '' "${modifier}") - cat <<-EOF - set -- - if test -e '${aliasfile}' - then - set -- -A '${aliasfile}' - fi - - localedef -i '${input}' -f '${codeset}' "\$@" '${locale}' - EOF - ;; - (absent) - main_localename=$(format_locale "${lang}" "$(gnu_normalize_codeset "${codeset}")" "${modifier}") - - cat <<-EOF - while read -r _alias _localename - do - if test "\${_localename}" = '$(format_locale "${lang}" "${codeset}")' - then - localedef --delete-from-archive "\${_alias}" - fi - done <'${aliasfile}' - EOF - - if test "${state_is}" = present - then - printf "localedef --delete-from-archive '%s'\n" "${main_localename}" - fi - ;; - esac - ;; - (freebsd) - case ${state_should} - in - (present) - if expr "$(grep -oe '^[0-9]*' "${__global:?}/explorer/os_version")" '>=' 11 >/dev/null - then - # localedef(1) is available with FreeBSD >= 11 - printf "localedef -i '%s' -f '%s' '%s'\n" "${input}" "${codeset}" "${locale}" - else - printf 'localedef(1) was added to FreeBSD starting with version 11.\n' >&2 - printf 'Please upgrade your FreeBSD installation to use %s.\n' "${__type##*/}" >&2 - exit 1 - fi - ;; - (absent) - printf "rm -R '/usr/share/locale/%s'\n" "${locale}" - ;; - esac - ;; - (netbsd|openbsd) - # NetBSD/OpenBSD are missing localedef(1). - # We also do not delete defined locales because they can't be recreated. - echo "${os} is lacking localedef(1). Locale management unavailable." >&2 - exit 1 - ;; - (*) - echo "Your operating system (${os}) is currently not supported by this type (${__type##*/})." >&2 - echo "Please contribute an implementation for it if you can." >&2 - exit 1 - ;; -esac diff --git a/cdist/conf/type/__localedef/man.rst b/cdist/conf/type/__localedef/man.rst deleted file mode 100644 index 454ce9d1..00000000 --- a/cdist/conf/type/__localedef/man.rst +++ /dev/null @@ -1,60 +0,0 @@ -cdist-type__localedef(7) -======================== - -NAME ----- -cdist-type__localedef - Define and remove system locales - - -DESCRIPTION ------------ -This cdist type allows you to define locales on the system using -:strong:`localedef`\ (1) or remove them. -On systems that don't support definition of new locales, the type will raise an -error. - -**NB:** This type respects the glibc ``locale.alias`` file, -i.e. it defines alias locales or deletes aliases of a locale when it is removed. -It is not possible, however, to use alias names to define locales or only remove -certain aliases of a locale. - - -OPTIONAL PARAMETERS -------------------- -state - ``present`` or ``absent``. Defaults to ``present``. - - -EXAMPLES --------- - -.. code-block:: sh - - # Add locale de_CH.UTF-8 - __localedef de_CH.UTF-8 - - # Same as above, but more explicit - __localedef de_CH.UTF-8 --state present - - # Remove colourful British English - __localedef en_GB.UTF-8 --state absent - - -SEE ALSO --------- -:strong:`locale`\ (1), -:strong:`localedef`\ (1), -:strong:`cdist-type__locale_system`\ (7) - - -AUTHORS -------- -| Dennis Camera -| Nico Schottelius - - -COPYING -------- -Copyright \(C) 2013-2019 Nico Schottelius, 2020 Dennis Camera. Free use of this -software is granted under the terms of the GNU General Public License version 3 -or later (GPLv3+). diff --git a/cdist/conf/type/__localedef/manifest b/cdist/conf/type/__localedef/manifest deleted file mode 100755 index 3ab3ad8c..00000000 --- a/cdist/conf/type/__localedef/manifest +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh -e -# -# 2013-2019 Nico Schottelius (nico-cdist at schottelius.org) -# 2015 David Hürlimann (david at ungleich.ch) -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# Install required packages. -# - -case $(cat "${__global:?}/explorer/os") -in - (debian|devuan) - __package_apt locales --state present - ;; -esac diff --git a/cdist/conf/type/__localedef/parameter/default/state b/cdist/conf/type/__localedef/parameter/default/state deleted file mode 100644 index e7f6134f..00000000 --- a/cdist/conf/type/__localedef/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -present diff --git a/cdist/conf/type/__localedef/parameter/optional b/cdist/conf/type/__localedef/parameter/optional deleted file mode 100644 index ff72b5c7..00000000 --- a/cdist/conf/type/__localedef/parameter/optional +++ /dev/null @@ -1 +0,0 @@ -state diff --git a/cdist/conf/type/__motd/gencode-remote b/cdist/conf/type/__motd/gencode-remote index cb7bfc84..bc842cc8 100755 --- a/cdist/conf/type/__motd/gencode-remote +++ b/cdist/conf/type/__motd/gencode-remote @@ -22,18 +22,14 @@ os=$(cat "$__global/explorer/os") case "$os" in - freebsd) - # FreeBSD only updates /etc/motd on boot, - # as seen in /etc/rc.d/motd - echo "uname -sri > /etc/motd" - echo "cat /etc/motd.template >> /etc/motd" - # FreeBSD 13 starts treating motd slightly different from previous - # versions this ensures hosts have the expected config. - echo "rm /etc/motd.template || true" - echo "service motd start" + debian|ubuntu|devuan) + + # Debian and Ubuntu need to be updated, + # as seen in /etc/init.d/bootlogs + echo "uname -snrvm > /var/run/motd" + echo "cat /etc/motd.tail >> /var/run/motd" ;; *) - # Other OS tend to treat /etc/motd statically exit 0 ;; esac diff --git a/cdist/conf/type/__motd/man.rst b/cdist/conf/type/__motd/man.rst index a567dc80..17369684 100644 --- a/cdist/conf/type/__motd/man.rst +++ b/cdist/conf/type/__motd/man.rst @@ -10,13 +10,6 @@ DESCRIPTION ----------- This cdist type allows you to easily setup /etc/motd. -.. note:: - In some OS, motd is a bit special, check `motd(5)`. - Currently Debian, Devuan, Ubuntu and FreeBSD are taken into account. - If your OS of choice does something besides /etc/motd, check the source - and contribute support for it. - Otherwise it will likely just work. - REQUIRED PARAMETERS ------------------- @@ -27,7 +20,6 @@ OPTIONAL PARAMETERS ------------------- source If supplied, copy this file from the host running cdist to the target. - If source is '-' (dash), take what was written to stdin as the file content. If not supplied, a default message will be placed onto the target. @@ -42,15 +34,6 @@ EXAMPLES # Supply source file from a different type __motd --source "$__type/files/my-motd" - # Supply source from stdin - __motd --source "-" < COPYING ------- -Copyright \(C) 2020 Nico Schottelius. You can redistribute it +Copyright \(C) 2011 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. diff --git a/cdist/conf/type/__motd/manifest b/cdist/conf/type/__motd/manifest index b8f74ebf..cd741cf4 100755 --- a/cdist/conf/type/__motd/manifest +++ b/cdist/conf/type/__motd/manifest @@ -33,14 +33,10 @@ os=$(cat "$__global/explorer/os") case "$os" in - freebsd) - # FreeBSD uses motd.template to prepend system information on boot - # (this actually only applies starting with version 13, - # but we fix that for whatever version in gencode-remote) - destination=/etc/motd.template + debian|ubuntu|devuan) + destination=/etc/motd.tail ;; *) - # Most UNIX systems, including other Linux and OpenBSD just use /etc/motd destination=/etc/motd ;; esac diff --git a/cdist/conf/type/__mysql_database/explorer/state b/cdist/conf/type/__mysql_database/explorer/state deleted file mode 100755 index 79858695..00000000 --- a/cdist/conf/type/__mysql_database/explorer/state +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh -e -# -# 2020 Ander Punnar (ander-at-kvlt-dot-ee) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -if [ -f "$__object/parameter/name" ] -then - name="$( cat "$__object/parameter/name" )" -else - name="$__object_id" -fi - -if [ -n "$( mysql -B -N -e "show databases like '$name'" )" ] -then - echo 'present' -else - echo 'absent' -fi diff --git a/cdist/conf/type/__mysql_database/gencode-remote b/cdist/conf/type/__mysql_database/gencode-remote index 1bdb2b11..23e51b05 100755 --- a/cdist/conf/type/__mysql_database/gencode-remote +++ b/cdist/conf/type/__mysql_database/gencode-remote @@ -1,6 +1,6 @@ #!/bin/sh -e # -# 2020 Ander Punnar (ander-at-kvlt-dot-ee) +# 2012 Benedikt Koeppel (code@benediktkoeppel.ch) # # This file is part of cdist. # @@ -17,30 +17,38 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # +# -state_is="$( cat "$__object/explorer/state" )" - -state_should="$( cat "$__object/parameter/state" )" - -if [ "$state_is" = "$state_should" ] -then - exit 0 +# if --database was specified +if [ -f "$__object/parameter/name" ]; then + database="$(cat "$__object/parameter/name")" +else # otherwise use the object id as database name + database="$__object_id" fi -if [ -f "$__object/parameter/name" ] -then - name="$( cat "$__object/parameter/name" )" -else - name="$__object_id" -fi +cat <<-EOFF +mysql -u root <<-EOF + CREATE DATABASE IF NOT EXISTS $database +EOF +EOFF -case "$state_should" in - present) - echo "mysql -e 'create database \`$name\`'" - echo "create database $name" >> "$__messages_out" - ;; - absent) - echo "mysql -e 'drop database \`$name\`'" - echo "drop database $name" >> "$__messages_out" - ;; -esac +# if --user was specified +if [ -f "$__object/parameter/user" ]; then + user="$(cat "$__object/parameter/user")" + + # if --password was specified + if [ -f "$__object/parameter/password" ]; then + password="$(cat "$__object/parameter/password")" + cat <<-EOFF + mysql -u root <<-EOF + GRANT ALL PRIVILEGES ON $database.* to '$user'@'localhost' IDENTIFIED BY '$password'; +EOF +EOFF + else + cat <<-EOFF + mysql -u root <<-EOF + GRANT ALL PRIVILEGES ON $database.* to '$user'@'localhost'; +EOF +EOFF + fi +fi diff --git a/cdist/conf/type/__mysql_database/man.rst b/cdist/conf/type/__mysql_database/man.rst index b3b56b5f..1e245a08 100644 --- a/cdist/conf/type/__mysql_database/man.rst +++ b/cdist/conf/type/__mysql_database/man.rst @@ -8,24 +8,24 @@ cdist-type__mysql_database - Manage a MySQL database DESCRIPTION ----------- +This cdist type allows you to install a MySQL database. -Create MySQL database and optionally user with all privileges. +REQUIRED PARAMETERS +------------------- +None. OPTIONAL PARAMETERS ------------------- name - Name of database. Defaults to object id. + The name of the database to install + defaults to the object id user - Create user and give all privileges to database. + A user that should have access to the database password - Password for user. - -state - Defaults to present. - If absent and user is also set, both will be removed (with privileges). + The password for the user who manages the database EXAMPLES @@ -33,23 +33,17 @@ EXAMPLES .. code-block:: sh - # just create database - __mysql_database foo - - # create database with respective user with all privileges to database - __mysql_database bar \ - --user name \ - --password secret + __mysql_database "cdist" --name "cdist" --user "myuser" --password "mypwd" AUTHORS ------- -Ander Punnar +Benedikt Koeppel COPYING ------- -Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it -under the terms of the GNU General Public License as published by the Free -Software Foundation, either version 3 of the License, or (at your option) any -later version. +Copyright \(C) 2012 Benedikt Koeppel. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__mysql_database/manifest b/cdist/conf/type/__mysql_database/manifest deleted file mode 100755 index a3c9ed5d..00000000 --- a/cdist/conf/type/__mysql_database/manifest +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh -e -# -# 2020 Ander Punnar (ander-at-kvlt-dot-ee) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -if [ -f "$__object/parameter/user" ] -then - user="$( cat "$__object/parameter/user" )" -fi - -if [ -f "$__object/parameter/password" ] -then - password="$( cat "$__object/parameter/password" )" -fi - -if [ -n "$user" ] && [ -n "$password" ] -then - if [ -f "$__object/parameter/name" ] - then - database="$( cat "$__object/parameter/name" )" - else - database="$__object_id" - fi - - state_should="$( cat "$__object/parameter/state" )" - - __mysql_user "$user" \ - --password "$password" \ - --state "$state_should" - - # removing user should remove all user's privileges - require="__mysql_user/$user" \ - __mysql_privileges "$database/$user" \ - --database "$database" \ - --user "$user" \ - --state "$state_should" -fi diff --git a/cdist/conf/type/__mysql_database/parameter/default/state b/cdist/conf/type/__mysql_database/parameter/default/state deleted file mode 100644 index e7f6134f..00000000 --- a/cdist/conf/type/__mysql_database/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -present diff --git a/cdist/conf/type/__mysql_database/parameter/optional b/cdist/conf/type/__mysql_database/parameter/optional index 6c0b1e85..756afee7 100644 --- a/cdist/conf/type/__mysql_database/parameter/optional +++ b/cdist/conf/type/__mysql_database/parameter/optional @@ -1,4 +1,3 @@ name user password -state diff --git a/cdist/conf/type/__mysql_privileges/gencode-remote b/cdist/conf/type/__mysql_privileges/gencode-remote deleted file mode 100755 index 0656699f..00000000 --- a/cdist/conf/type/__mysql_privileges/gencode-remote +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh -e -# -# 2020 Ander Punnar (ander-at-kvlt-dot-ee) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -state_is="$( cat "$__object/explorer/state" )" - -state_should="$( cat "$__object/parameter/state" )" - -if [ "$state_is" = "$state_should" ] -then - exit 0 -fi - -privileges="$( cat "$__object/parameter/privileges" )" - -database="$( cat "$__object/parameter/database" )" - -table="$( cat "$__object/parameter/table" )" - -user="$( cat "$__object/parameter/user" )" - -host="$( cat "$__object/parameter/host" )" - -if [ "$table" != '*' ] -then - # shellcheck disable=SC2016 - table="$( printf '`%s`' "$table" )" -fi - -case "$state_should" in - present) - echo "mysql -e 'grant $privileges on \`$database\`.$table to \`$user\`@\`$host\`'" - echo "grant $privileges on $database.$table to $user@$host" >> "$__messages_out" - ;; - absent) - echo "mysql -e 'revoke $privileges on \`$database\`.$table from \`$user\`@\`$host\`'" - echo "revoke $privileges on $database.$table from $user@$host" >> "$__messages_out" - ;; -esac diff --git a/cdist/conf/type/__mysql_privileges/man.rst b/cdist/conf/type/__mysql_privileges/man.rst deleted file mode 100644 index b72c9eba..00000000 --- a/cdist/conf/type/__mysql_privileges/man.rst +++ /dev/null @@ -1,57 +0,0 @@ -cdist-type__mysql_privileges(7) -=============================== - -NAME ----- -cdist-type__mysql_privileges - Manage MySQL privileges - - -DESCRIPTION ------------ - -Grant and revoke privileges of MySQL user. - - -REQUIRED PARAMETERS -------------------- -database - Name of database. - -user - Name of user. - - -OPTIONAL PARAMETERS -------------------- -privileges - Defaults to "all". - -table - Defaults to "*". - -host - Defaults to localhost. - -state - "present" grants and "absent" revokes. Defaults to present. - - -EXAMPLES --------- - -.. code-block:: sh - - __mysql_privileges user-to-db --database db --user user - - -AUTHORS -------- -Ander Punnar - - -COPYING -------- -Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it -under the terms of the GNU General Public License as published by the Free -Software Foundation, either version 3 of the License, or (at your option) any -later version. diff --git a/cdist/conf/type/__mysql_privileges/parameter/default/host b/cdist/conf/type/__mysql_privileges/parameter/default/host deleted file mode 100644 index 2fbb50c4..00000000 --- a/cdist/conf/type/__mysql_privileges/parameter/default/host +++ /dev/null @@ -1 +0,0 @@ -localhost diff --git a/cdist/conf/type/__mysql_privileges/parameter/default/privileges b/cdist/conf/type/__mysql_privileges/parameter/default/privileges deleted file mode 100644 index 5472efad..00000000 --- a/cdist/conf/type/__mysql_privileges/parameter/default/privileges +++ /dev/null @@ -1 +0,0 @@ -all privileges diff --git a/cdist/conf/type/__mysql_privileges/parameter/default/state b/cdist/conf/type/__mysql_privileges/parameter/default/state deleted file mode 100644 index e7f6134f..00000000 --- a/cdist/conf/type/__mysql_privileges/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -present diff --git a/cdist/conf/type/__mysql_privileges/parameter/default/table b/cdist/conf/type/__mysql_privileges/parameter/default/table deleted file mode 100644 index 72e8ffc0..00000000 --- a/cdist/conf/type/__mysql_privileges/parameter/default/table +++ /dev/null @@ -1 +0,0 @@ -* diff --git a/cdist/conf/type/__mysql_privileges/parameter/optional b/cdist/conf/type/__mysql_privileges/parameter/optional deleted file mode 100644 index d4ed5bc5..00000000 --- a/cdist/conf/type/__mysql_privileges/parameter/optional +++ /dev/null @@ -1,4 +0,0 @@ -privileges -table -host -state diff --git a/cdist/conf/type/__mysql_privileges/parameter/required b/cdist/conf/type/__mysql_privileges/parameter/required deleted file mode 100644 index 152b4a1e..00000000 --- a/cdist/conf/type/__mysql_privileges/parameter/required +++ /dev/null @@ -1,2 +0,0 @@ -database -user diff --git a/cdist/conf/type/__mysql_user/explorer/state b/cdist/conf/type/__mysql_user/explorer/state deleted file mode 100755 index 6817ee9d..00000000 --- a/cdist/conf/type/__mysql_user/explorer/state +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh -e -# -# 2020 Ander Punnar (ander-at-kvlt-dot-ee) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -if [ -f "$__object/parameter/name" ] -then - name="$( cat "$__object/parameter/name" )" -else - name="$__object_id" -fi - -if [ -f "$__object/parameter/password" ] -then - password="$( cat "$__object/parameter/password" )" -else - password='' -fi - -host="$( cat "$__object/parameter/host" )" - -check_user="$( mysql -B -N -e "select user from mysql.user where user = '$name' and host = '$host'" )" - -if [ -n "$check_user" ] -then - if [ -n "$password" ] - then - check_password="$( mysql -B -N -e "select user from mysql.user where user = '$name' and host = '$host' and password = password( '$password' )" )" - fi - - if [ -n "$password" ] && [ -z "$check_password" ] - then - echo 'change-password' - else - echo 'present' - fi -else - echo 'absent' -fi diff --git a/cdist/conf/type/__mysql_user/gencode-remote b/cdist/conf/type/__mysql_user/gencode-remote deleted file mode 100755 index 5f13bc87..00000000 --- a/cdist/conf/type/__mysql_user/gencode-remote +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/sh -e -# -# 2020 Ander Punnar (ander-at-kvlt-dot-ee) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -state_is="$( cat "$__object/explorer/state" )" - -state_should="$( cat "$__object/parameter/state" )" - -if [ "$state_is" = "$state_should" ] -then - exit 0 -fi - -if [ -f "$__object/parameter/name" ] -then - name="$( cat "$__object/parameter/name" )" -else - name="$__object_id" -fi - -host="$( cat "$__object/parameter/host" )" - -if [ -f "$__object/parameter/password" ] -then - password="$( cat "$__object/parameter/password" )" -else - if [ "$state_should" = 'present' ] - then - echo '--password needed' >&2 - exit 1 - else - password='' - fi -fi - -if [ "$state_is" = 'absent' ] && [ "$state_should" = 'present' ] -then - echo "mysql -e 'create user \`$name\`@\`$host\` identified by \"$password\"'" - echo "create user $name@$host" >> "$__messages_out" - -elif [ "$state_is" != 'absent' ] && [ "$state_should" = 'absent' ] -then - echo "mysql -e 'drop user \`$name\`@\`$host\`'" - echo "drop user $name@$host" >> "$__messages_out" - -elif [ "$state_is" = 'change-password' ] -then - # this only works with MySQL 5.7.6 and later or MariaDB 10.1.20 and later - echo "mysql -e 'alter user \`$name\`@\`$host\` identified by \"$password\"'" - echo "mysql -e 'flush privileges'" - echo "change password $name@$host" >> "$__messages_out" -fi diff --git a/cdist/conf/type/__mysql_user/man.rst b/cdist/conf/type/__mysql_user/man.rst deleted file mode 100644 index c2b222d5..00000000 --- a/cdist/conf/type/__mysql_user/man.rst +++ /dev/null @@ -1,48 +0,0 @@ -cdist-type__mysql_user(7) -========================= - -NAME ----- -cdist-type__mysql_user - Manage a MySQL user - - -DESCRIPTION ------------ - -Create MySQL user or change password for the user. - - -OPTIONAL PARAMETERS -------------------- -name - Name of user. Defaults to object id. - -host - Host of user. Defaults to localhost. - -password - Password of user. - -state - Defaults to present. - - -EXAMPLES --------- - -.. code-block:: sh - - __mysql_user user --password secret - - -AUTHORS -------- -Ander Punnar - - -COPYING -------- -Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it -under the terms of the GNU General Public License as published by the Free -Software Foundation, either version 3 of the License, or (at your option) any -later version. diff --git a/cdist/conf/type/__mysql_user/parameter/default/host b/cdist/conf/type/__mysql_user/parameter/default/host deleted file mode 100644 index 2fbb50c4..00000000 --- a/cdist/conf/type/__mysql_user/parameter/default/host +++ /dev/null @@ -1 +0,0 @@ -localhost diff --git a/cdist/conf/type/__mysql_user/parameter/default/state b/cdist/conf/type/__mysql_user/parameter/default/state deleted file mode 100644 index e7f6134f..00000000 --- a/cdist/conf/type/__mysql_user/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -present diff --git a/cdist/conf/type/__mysql_user/parameter/optional b/cdist/conf/type/__mysql_user/parameter/optional deleted file mode 100644 index a286266c..00000000 --- a/cdist/conf/type/__mysql_user/parameter/optional +++ /dev/null @@ -1,4 +0,0 @@ -name -host -password -state diff --git a/cdist/conf/type/__openldap_server/gencode-remote b/cdist/conf/type/__openldap_server/gencode-remote deleted file mode 100644 index b1e98f8c..00000000 --- a/cdist/conf/type/__openldap_server/gencode-remote +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh - -manager_dn=$(cat "${__object}/parameter/manager-dn") -manager_password=$(cat "${__object}/parameter/manager-password") -description=$(cat "${__object}/parameter/description") -suffix=$(cat "${__object}/parameter/suffix") -suffix_dc=$(printf "%s" "${suffix}" | awk -F',' '{print $1}' | awk -F'=' '{print $2}') - -SLAPD_IPC=$(tr '\n' ' ' < "${__object}/parameter/slapd-url" | awk '{ print $1}') - -cat <&1 > /dev/null; then - # Already exists, use ldapmodify - ldapmodify -xZ -D "${manager_dn}" -w "${manager_password}" -H '${SLAPD_IPC}' < -Evilham - - -COPYING -------- -Copyright \(C) 2020 ungleich glarus ag. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/cdist/conf/type/__openldap_server/manifest b/cdist/conf/type/__openldap_server/manifest deleted file mode 100644 index 2aeece26..00000000 --- a/cdist/conf/type/__openldap_server/manifest +++ /dev/null @@ -1,297 +0,0 @@ -#!/bin/sh - -name="${__target_host}" -manager_dn=$(cat "${__object}/parameter/manager-dn") -manager_password_hash=$(cat "${__object}/parameter/manager-password-hash") -serverid=$(cat "${__object}/parameter/serverid") -suffix=$(cat "${__object}/parameter/suffix") -slapd_modules=$(cat "${__object}/parameter/module" 2>/dev/null || true) -schemas=$(cat "${__object}/parameter/schema") -slapd_urls=$(tr '\n' ' ' < "${__object}/parameter/slapd-url") -tls_cipher_suite=$(cat "${__object}/parameter/tls-cipher-suite" 2>/dev/null || true) -extra_config=$(cat "${__object}/parameter/extra-config" || true) - - -os="$(cat "${__global}/explorer/os")" - -# Setup OS-dependent vars -CONF_OWNER="root" -CONF_GROUP="root" -case "${os}" in - freebsd) - PKGS="openldap-server" - ETC="/usr/local/etc" - SLAPD_DIR="/usr/local/etc/openldap" - SLAPD_DATA_DIR="/var/db/openldap-data" - SLAPD_RUN_DIR="/var/run/openldap" - SLAPD_MODULE_PATH="/usr/local/libexec/openldap" - SLAPD_MODULE_TYPE="la" - if [ -z "${slapd_modules}" ]; then - # It looks like ppolicy and syncprov must be compiled - slapd_modules="back_mdb back_monitor" - fi - CONF_OWNER="ldap" - CONF_GROUP="ldap" - if [ -z "${tls_cipher_suite}" ]; then - # TODO: research default for FreeBSD. 'NORMAL' appears to not work - tls_cipher_suite="HIGH:MEDIUM:+SSLv2" - fi - ;; - debian|ubuntu|devuan) - PKGS="slapd ldap-utils" - ETC="/etc" - SLAPD_DIR="/etc/ldap" - SLAPD_DATA_DIR="/var/lib/ldap" - SLAPD_RUN_DIR="/var/run/slapd" - SLAPD_MODULE_PATH="/usr/lib/ldap" - SLAPD_MODULE_TYPE="la" - if [ -z "${slapd_modules}" ]; then - slapd_modules="back_mdb ppolicy syncprov back_monitor" - fi - CONF_OWNER="openldap" - CONF_GROUP="openldap" - if [ -z "${tls_cipher_suite}" ]; then - tls_cipher_suite="NORMAL" - fi - ;; - alpine) - PKGS="openldap openldap-clients" - ETC="/etc" - SLAPD_DIR="/etc/openldap" - SLAPD_DATA_DIR="/var/lib/openldap" - SLAPD_RUN_DIR="/var/run/openldap" - SLAPD_MODULE_PATH="/usr/lib/openldap" - SLAPD_MODULE_TYPE="so" - if [ -z "${slapd_modules}" ]; then - slapd_modules="back_mdb ppolicy syncprov back_monitor" - PKGS="$PKGS openldap-back-mdb openldap-back-monitor openldap-overlay-all" - fi - CONF_OWNER="ldap" - CONF_GROUP="$SLAPD_USER" - if [ -z "${tls_cipher_suite}" ]; then - tls_cipher_suite="DEFAULT" - fi - ;; - *) - echo "Don't know the openldap defaults for: $os" >&2 - exit 1 - ;; -esac - -PKG_MAIN=$(echo "${PKGS}" | awk '{print $1;}') - - -# Determine if __letsencrypt_cert is to be used and setup vars accordingly -if [ -f "${__object}/parameter/tls-cert" ]; then - tls_cert=$(cat "${__object}/parameter/tls-cert") - - if [ ! -f "${__object}/parameter/tls-privkey" ]; then - echo "When tls-cert is defined, tls-privkey is also required." >&2 - exit 1 - fi - tls_privkey=$(cat "${__object}/parameter/tls-privkey") - - if [ ! -f "${__object}/parameter/tls-ca" ]; then - echo "When tls-cert is defined, tls-ca is also required." >&2 - exit 1 - fi - tls_ca=$(cat "${__object}/parameter/tls-ca") - - _skip_letsencrypt_cert="YES" -else - if [ ! -f "${__object}/parameter/admin-email" ]; then - echo "When using __letsencrypt_cert, admin-email is also required." >&2 - exit 1 - fi - admin_email=$(cat "${__object}/parameter/admin-email") - - tls_cert="${SLAPD_DIR}/sasl2/cert.pem" - tls_privkey="${SLAPD_DIR}/sasl2/privkey.pem" - tls_ca="${SLAPD_DIR}/sasl2/chain.pem" -fi - -mkdir "${__object}/files" -ldapconf="${__object}/files/ldapconf" - -replication="" -if [ -f "${__object}/parameter/replicate" ]; then - replication=yes - - if [ ! -f "${__object}/parameter/syncrepl-searchbase" ]; then - echo "Requiring the searchbase for replication" >&2 - exit 1 - fi - syncrepl_searchbase=$(cat "${__object}/parameter/syncrepl-searchbase") - - if [ ! -f "${__object}/parameter/syncrepl-credentials" ]; then - echo "Requiring credentials for replication" >&2 - exit 1 - fi - - syncrepl_credentials=$(cat "${__object}/parameter/syncrepl-credentials") - - if [ ! -f "${__object}/parameter/syncrepl-host" ]; then - echo "Requiring host(s) for replication" >&2 - exit 1 - fi - syncrepl_hosts=$(cat "${__object}/parameter/syncrepl-host") - -fi - -# Install required packages -for pkg in ${PKGS}; do - __package "${pkg}" -done - - -require="__package/${PKG_MAIN}" __start_on_boot slapd - -# Setup -h flag for the listeners. See man slapd (-h flag). -case "${os}" in - freebsd) - require="__start_on_boot/slapd" __key_value \ - --file "/etc/rc.conf" \ - --key "slapd_flags" \ - --value "\"-h '${slapd_urls}'\"" \ - --delimiter "=" \ - --comment "# LDAP Listener URLs" \ - "${__target_host}__slapd_flags" - ;; - debian|ubuntu|devuan) - require="__package/${PKG_MAIN}" __line rm_slapd_conf \ - --file ${ETC}/default/slapd \ - --regex 'SLAPD_CONF=.*' \ - --state absent - - require="__package/${PKG_MAIN}" __line rm_slapd_services \ - --file ${ETC}/default/slapd \ - --regex 'SLAPD_SERVICES=.*' \ - --state absent - - require="__line/rm_slapd_conf" __line add_slapd_conf \ - --file ${ETC}/default/slapd \ - --line "SLAPD_CONF=${SLAPD_DIR}/slapd.conf" \ - --state present - - require="__line/rm_slapd_services" __line add_slapd_services \ - --file ${ETC}/default/slapd \ - --line "SLAPD_SERVICES=\"${slapd_urls}\"" \ - --state present - ;; - alpine) - require="__package/${PKG_MAIN}" __line add_slapd_services \ - --file ${ETC}/conf.d/slapd \ - --line "command_args=\"-h '${slapd_urls}'\"" \ - --state present - ;; - *) - # Nothing to do here, move on. - ;; -esac - - -if [ -z "${_skip_letsencrypt_cert}" ]; then - if [ -f "${__object}/parameter/staging" ]; then - staging="--staging" - else - staging="" - fi - - # shellcheck disable=SC2086 - __directory ${SLAPD_DIR}/sasl2 - require="__directory/${SLAPD_DIR}/sasl2" __letsencrypt_cert "${name}" \ - --admin-email "${admin_email}" \ - --renew-hook "cp ${ETC}/letsencrypt/live/${name}/*.pem ${SLAPD_DIR}/sasl2 && chown -R ${CONF_OWNER}:${CONF_GROUP} ${SLAPD_DIR}/sasl2 && service slapd restart" \ - --automatic-renewal "${staging}" -fi - -require="__package/${PKG_MAIN}" __directory ${SLAPD_DIR}/slapd.d --state absent - -if [ -z "${_skip_letsencrypt_cert}" ]; then - require="__package/${PKG_MAIN} __letsencrypt_cert/${name}" \ - __file "${SLAPD_DIR}/slapd.conf" --owner "${CONF_OWNER}" --group "${CONF_GROUP}" --mode 644 \ - --source "${ldapconf}" -else - require="__package/${PKG_MAIN}" \ - __file "${SLAPD_DIR}/slapd.conf" --owner "${CONF_OWNER}" --group "${CONF_GROUP}" --mode 644 \ - --source "${ldapconf}" -fi - -# Start slapd.conf -cat << EOF > "${ldapconf}" -pidfile ${SLAPD_RUN_DIR}/slapd.pid -argsfile ${SLAPD_RUN_DIR}/slapd.args - -TLSCipherSuite ${tls_cipher_suite} -TLSCertificateFile ${tls_cert} -TLSCertificateKeyFile ${tls_privkey} -TLSCACertificateFile ${tls_ca} - -disallow bind_anon -require bind -security tls=1 -EOF - -# Add specified schemas -for schema in ${schemas}; do - echo "include ${SLAPD_DIR}/schema/${schema}.schema" >> "${ldapconf}" -done - -# Add specified modules -echo "modulepath ${SLAPD_MODULE_PATH}" >> "${ldapconf}" -for module in ${slapd_modules}; do - echo "moduleload ${module}.${SLAPD_MODULE_TYPE}" >> "${ldapconf}" -done - -# Rest of the config -cat << EOF >> "${ldapconf}" -loglevel 1024 - -database mdb -maxsize 1073741824 - -suffix "${suffix}" -directory ${SLAPD_DATA_DIR} -rootdn "${manager_dn}" -rootpw "${manager_password_hash}" - -index objectClass eq,pres -index ou,cn,mail,surname,givenname eq,pres,sub -index uidNumber,gidNumber,loginShell eq,pres -index uid,memberUid eq,pres,sub -index nisMapName,nisMapEntry eq,pres,sub -index entryCSN,entryUUID eq - -${extra_config} - -serverid ${serverid} -EOF - -# Setup replication -if [ "${replication}" ]; then - rid=1; - for syncrepl in ${syncrepl_hosts}; do - cat <> "${ldapconf}" -syncrepl rid=${rid} - provider=ldap://${syncrepl} - bindmethod=simple - starttls=yes - binddn="${manager_dn}" - credentials=${syncrepl_credentials} - searchbase="${syncrepl_searchbase}" - type=refreshAndPersist - retry="5 + 5 +" - interval=00:00:00:05 -EOF - rid=$((rid + 1)) - done - cat <> "${ldapconf}" -mirrormode true -overlay syncprov -syncprov-checkpoint 100 5 -syncprov-sessionlog 100 - -database monitor -limits dn.exact="${manager_dn}" time=unlimited size=unlimited -EOF -fi diff --git a/cdist/conf/type/__openldap_server/parameter/boolean b/cdist/conf/type/__openldap_server/parameter/boolean deleted file mode 100644 index 45056fe9..00000000 --- a/cdist/conf/type/__openldap_server/parameter/boolean +++ /dev/null @@ -1,2 +0,0 @@ -staging -replicate diff --git a/cdist/conf/type/__openldap_server/parameter/default/description b/cdist/conf/type/__openldap_server/parameter/default/description deleted file mode 100644 index 6d8e37e1..00000000 --- a/cdist/conf/type/__openldap_server/parameter/default/description +++ /dev/null @@ -1 +0,0 @@ -Managed by cdist, do not edit manually. diff --git a/cdist/conf/type/__openldap_server/parameter/default/schema b/cdist/conf/type/__openldap_server/parameter/default/schema deleted file mode 100644 index 825bdb15..00000000 --- a/cdist/conf/type/__openldap_server/parameter/default/schema +++ /dev/null @@ -1,12 +0,0 @@ -corba -core -cosine -duaconf -dyngroup -inetorgperson -java -misc -nis -openldap -ppolicy -collective diff --git a/cdist/conf/type/__openldap_server/parameter/optional b/cdist/conf/type/__openldap_server/parameter/optional deleted file mode 100644 index 71c64659..00000000 --- a/cdist/conf/type/__openldap_server/parameter/optional +++ /dev/null @@ -1,9 +0,0 @@ -description -syncrepl-credentials -syncrepl-searchbase -admin-email -tls-cipher-suite -tls-cert -tls-privkey -tls-ca -extra-config diff --git a/cdist/conf/type/__openldap_server/parameter/optional_multiple b/cdist/conf/type/__openldap_server/parameter/optional_multiple deleted file mode 100644 index 52a83d5c..00000000 --- a/cdist/conf/type/__openldap_server/parameter/optional_multiple +++ /dev/null @@ -1,3 +0,0 @@ -syncrepl-host -module -schema diff --git a/cdist/conf/type/__openldap_server/parameter/required b/cdist/conf/type/__openldap_server/parameter/required deleted file mode 100644 index ff58158d..00000000 --- a/cdist/conf/type/__openldap_server/parameter/required +++ /dev/null @@ -1,5 +0,0 @@ -manager-dn -manager-password -manager-password-hash -serverid -suffix diff --git a/cdist/conf/type/__openldap_server/parameter/required_multiple b/cdist/conf/type/__openldap_server/parameter/required_multiple deleted file mode 100644 index 848b8dc2..00000000 --- a/cdist/conf/type/__openldap_server/parameter/required_multiple +++ /dev/null @@ -1 +0,0 @@ -slapd-url \ No newline at end of file diff --git a/cdist/conf/type/__openldap_server/singleton b/cdist/conf/type/__openldap_server/singleton deleted file mode 100644 index e69de29b..00000000 diff --git a/cdist/conf/type/__package_apt/gencode-remote b/cdist/conf/type/__package_apt/gencode-remote index fbfca330..699eb0c9 100755 --- a/cdist/conf/type/__package_apt/gencode-remote +++ b/cdist/conf/type/__package_apt/gencode-remote @@ -42,13 +42,6 @@ else target_release="" fi -if [ -f "$__object/parameter/install-recommends" ]; then - # required if __apt_norecommends is used - recommendsparam="-o APT::Install-Recommends=1" -else - recommendsparam="-o APT::Install-Recommends=0" -fi - if [ -f "$__object/parameter/purge-if-absent" ]; then purgeparam="--purge" else @@ -69,30 +62,22 @@ case "$state_is" in ;; esac +# Hint if we need to avoid questions at some point: +# DEBIAN_PRIORITY=critical can reduce the number of questions +aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes --no-install-recommends -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\"" + if [ "$state_is" = "$state_should" ]; then if [ -z "$version" ] || [ "$version" = "$version_is" ]; then exit 0; fi fi -# Hint if we need to avoid questions at some point: -# DEBIAN_PRIORITY=critical can reduce the number of questions -aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\"" - case "$state_should" in present) - # following is bit ugly, but important hack. - # due to how cdist config run works, there isn't - # currently better way to do it :( - cat << EOF -if [ ! -f /var/cache/apt/pkgcache.bin ] || [ "\$( stat --format %Y /var/cache/apt/pkgcache.bin )" -lt "\$( date +%s -d '-1 day' )" ] -then echo apt-get update > /dev/null 2>&1 || true -fi -EOF if [ -n "$version" ]; then name="${name}=${version}" fi - echo "$aptget $recommendsparam install $target_release '$name'" + echo "$aptget install $target_release '$name'" echo "installed" >> "$__messages_out" ;; absent) diff --git a/cdist/conf/type/__package_apt/man.rst b/cdist/conf/type/__package_apt/man.rst index 4e6101a5..a3a70d91 100644 --- a/cdist/conf/type/__package_apt/man.rst +++ b/cdist/conf/type/__package_apt/man.rst @@ -9,12 +9,7 @@ cdist-type__package_apt - Manage packages with apt-get DESCRIPTION ----------- apt-get is usually used on Debian and variants (like Ubuntu) to -manage packages. The package will be installed without recommended -or suggested packages. If such packages are required, install them -separatly or use the parameter ``--install-recommends``. - -This type will also update package index, if it is older -than one day, to avoid missing package error messages. +manage packages. REQUIRED PARAMETERS @@ -25,7 +20,7 @@ None OPTIONAL PARAMETERS ------------------- name - If supplied, use the name and not the object id as the package name. + If supplied, use the name and not the object id as the package name. state Either "present" or "absent", defaults to "present" @@ -41,15 +36,6 @@ version BOOLEAN PARAMETERS ------------------ -install-recommends - If the package will be installed, it also installs recommended packages - with it. It will not install recommended packages if the original package - is already installed. - - In most cases, it is recommended to install recommended packages separatly - to control which additional packages will be installed to avoid useless - installed packages. - purge-if-absent If this parameter is given when state is `absent`, the package is purged from the system (using `--purge`). diff --git a/cdist/conf/type/__package_apt/parameter/boolean b/cdist/conf/type/__package_apt/parameter/boolean index a2e433f3..f9a0f6b0 100644 --- a/cdist/conf/type/__package_apt/parameter/boolean +++ b/cdist/conf/type/__package_apt/parameter/boolean @@ -1,2 +1 @@ -install-recommends purge-if-absent diff --git a/cdist/conf/type/__package_opkg/explorer/pkg_status b/cdist/conf/type/__package_opkg/explorer/pkg_status index de7b896b..5da4f742 100755 --- a/cdist/conf/type/__package_opkg/explorer/pkg_status +++ b/cdist/conf/type/__package_opkg/explorer/pkg_status @@ -1,8 +1,7 @@ -#!/bin/sh -e +#!/bin/sh # # 2011 Nico Schottelius (nico-cdist at schottelius.org) # 2012 Giel van Schijndel (giel plus cdist at mortis dot eu) -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -20,78 +19,21 @@ # along with cdist. If not, see . # # -# Retrieve the status of a package - parses opkg output +# Retrieve the status of a package - parsed opkg output # -readonly __type_path=${__object%%${__object_id}*} -test -d "${__type_path}" || { echo 'Cannot determine __type_path' >&2; exit 1; } -readonly LOCKFILE="${__type_path:?}/.cdist_opkg.lock" - -if command -v flock >/dev/null 2>&1 -then - # use flock (if available) on FD 9 - _lock() { - exec 9<>"${LOCKFILE:?}" - flock -x 9 - echo $$>&9 - } - _unlock() { - :>"${LOCKFILE:?}" - flock -u 9 - exec 9<&- - } +if [ -f "$__object/parameter/name" ]; then + name="$(cat "$__object/parameter/name")" else - # fallback to mkdir if flock is missing - _lock() { - until mkdir "${LOCKFILE:?}.dir" 2>/dev/null - do - while test -d "${LOCKFILE}.dir" - do - # DEBUG: - # printf 'Locked by PID: %u\n' "$(cat "${LOCKFILE}.dir/pid")" - sleep 1 - done - done - echo $$ >"${LOCKFILE:?}.dir/pid" - } - _unlock() { - test -d "${LOCKFILE}.dir" || return 0 - if test -s "${LOCKFILE}.dir/pid" - then - test "$(cat "${LOCKFILE}.dir/pid")" = $$ || return 1 - rm "${LOCKFILE:?}.dir/pid" - fi - rmdir "${LOCKFILE:?}.dir" - } + name="$__object_id" fi - -if test -f "${__object}/parameter/name" -then - pkg_name=$(cat "${__object}/parameter/name") -else - pkg_name=$__object_id -fi - - -# NOTE: We need to lock parallel execution of type explorers and code-remote -# because opkg will try to acquire the OPKG lock (usually /var/lock/opkg.lock) -# using lockf(2) for every operation. -# It will not wait for the lock but terminate with an error. -# This leads to incorrect 'absent notpresent' statuses when parallel execution -# is enabled. -trap _unlock EXIT -_lock - - -# Except opkg failing, if package is not known / installed -if opkg status "${pkg_name}" 2>/dev/null \ - | grep -q -e '^Status: [^ ][^ ]* [^ ][^ ]* installed$' -then - echo 'present' -elif opkg info "${pkg_name}" 2>/dev/null | grep -q . -then - echo 'absent notpresent' -else - echo 'absent' +# Except dpkg failing, if package is not known / installed +if opkg status "$name" 2>/dev/null | grep -q "^Status: install user installed$"; then + echo "present" + exit 0 +elif [ "$(opkg info "$name" 2> /dev/null | wc -l)" -eq 0 ]; then + echo "absent notpresent" + exit 0 fi +echo "absent" diff --git a/cdist/conf/type/__package_opkg/gencode-remote b/cdist/conf/type/__package_opkg/gencode-remote index 28caff71..269d5f49 100755 --- a/cdist/conf/type/__package_opkg/gencode-remote +++ b/cdist/conf/type/__package_opkg/gencode-remote @@ -2,7 +2,6 @@ # # 2011,2013 Nico Schottelius (nico-cdist at schottelius.org) # 2012 Giel van Schijndel (giel plus cdist at mortis dot eu) -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -20,50 +19,41 @@ # along with cdist. If not, see . # # -# Manage packages on OpenWrt, optware, and co. +# Manage packages on OpenWRT and co. # -if test -f "${__object}/parameter/name" -then - name=$(cat "${__object}/parameter/name") +if [ -f "$__object/parameter/name" ]; then + name="$(cat "$__object/parameter/name")" else - name=$__object_id + name="$__object_id" fi -state_should=$(cat "${__object}/parameter/state") -state_is=$(cat "${__object}/explorer/pkg_status") +state_should="$(cat "$__object/parameter/state")" -case $state_is -in - (absent*) - presence=$(echo "${state_is}" | cut -d ' ' -f 2) - state_is='absent' - ;; +state_is="$(cat "$__object/explorer/pkg_status")" +case "$state_is" in + absent*) + present="$(echo "$state_is" | cut -d ' ' -f 2)" + state_is="absent" + ;; esac -if test "${state_is}" = "${state_should}" -then - exit 0 -fi +[ "$state_is" = "$state_should" ] && exit 0 - -case $state_should -in - (present) - if test "${presence}" = 'notpresent' - then - echo 'opkg --verbosity=0 update' - fi - - printf "opkg --verbosity=0 install '%s'\n" "${name}" - echo 'installed' >>"${__messages_out}" - ;; - (absent) - printf "opkg --verbosity=0 remove '%s'" "${name}" - echo 'removed' >>"${__messages_out}" - ;; - (*) - printf 'Unknown state: %s\n' "${state_should}" >&2 - exit 1 - ;; +case "$state_should" in + present) + if [ "$present" = "notpresent" ]; then + echo "opkg --verbosity=0 update" + fi + echo "opkg --verbosity=0 install '$name'" + echo "installed" >> "$__messages_out" + ;; + absent) + echo "opkg --verbosity=0 remove '$name'" + echo "removed" >> "$__messages_out" + ;; + *) + echo "Unknown state: ${state_should}" >&2 + exit 1 + ;; esac diff --git a/cdist/conf/type/__package_pip/explorer/pip b/cdist/conf/type/__package_pip/explorer/pip deleted file mode 100755 index cf9fae89..00000000 --- a/cdist/conf/type/__package_pip/explorer/pip +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -e - -for bin in pip3 pip -do - if check="$( command -v "$bin" )" - then - echo "$check" - break - fi -done diff --git a/cdist/conf/type/__package_pip/explorer/state b/cdist/conf/type/__package_pip/explorer/state index 3cc98ab9..5be07280 100644 --- a/cdist/conf/type/__package_pip/explorer/state +++ b/cdist/conf/type/__package_pip/explorer/state @@ -32,7 +32,7 @@ pipparam="$__object/parameter/pip" if [ -f "$pipparam" ]; then pip=$(cat "$pipparam") else - pip="$( "$__type_explorer/pip" )" + pip="pip" fi # If there is no pip, it may get created from somebody else. diff --git a/cdist/conf/type/__package_pip/gencode-remote b/cdist/conf/type/__package_pip/gencode-remote index a1375c2d..dcc4fdf9 100755 --- a/cdist/conf/type/__package_pip/gencode-remote +++ b/cdist/conf/type/__package_pip/gencode-remote @@ -38,12 +38,7 @@ pipparam="$__object/parameter/pip" if [ -f "$pipparam" ]; then pip=$(cat "$pipparam") else - pip="$( cat "$__object/explorer/pip" )" - if [ -z "$pip" ] - then - echo 'pip not found in path' >&2 - exit 1 - fi + pip="pip" fi runasparam="$__object/parameter/runas" @@ -60,7 +55,7 @@ case "$state_should" in then echo "su -c '$pip install -q $name' $runas" else - echo "$pip" install -q "$name" + echo $pip install -q "$name" fi echo "installed" >> "$__messages_out" ;; @@ -69,7 +64,7 @@ case "$state_should" in then echo "su -c '$pip uninstall -q -y $name' $runas" else - echo "$pip" uninstall -q -y "$name" + echo $pip uninstall -q -y "$name" fi echo "removed" >> "$__messages_out" ;; diff --git a/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_bootstrapped b/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_bootstrapped deleted file mode 100755 index 429f15d3..00000000 --- a/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_bootstrapped +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -e -if pkg -N >/dev/null 2>&1; then - echo "YES" -fi diff --git a/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version b/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version index 1c6ba5e5..92ce0623 100755 --- a/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version +++ b/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version @@ -18,14 +18,9 @@ # along with cdist. If not, see . # # -# Retrieve the status of a package - parsed pkgng output +# Retrieve the status of a package - parsed dpkg output # -if ! pkg -N >/dev/null 2>&1; then - # Nothing to do if pkg is not bootstrapped - exit -fi - if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else diff --git a/cdist/conf/type/__package_pkgng_freebsd/gencode-remote b/cdist/conf/type/__package_pkgng_freebsd/gencode-remote index 05ba4cb2..dd36efda 100755 --- a/cdist/conf/type/__package_pkgng_freebsd/gencode-remote +++ b/cdist/conf/type/__package_pkgng_freebsd/gencode-remote @@ -43,7 +43,6 @@ fi repo="$(cat "$__object/parameter/repo")" state="$(cat "$__object/parameter/state")" curr_version="$(cat "$__object/explorer/pkg_version")" -pkg_bootstrapped="$(cat "$__object/explorer/pkg_bootstrapped")" add_cmd="pkg install -y" rm_cmd="pkg delete -y" upg_cmd="pkg upgrade -y" @@ -74,10 +73,6 @@ execcmd(){ ;; esac - if [ -z "${pkg_bootstrapped}" ]; then - echo "ASSUME_ALWAYS_YES=yes pkg bootstrap >/dev/null 2>&1" - fi - echo "$_cmd >/dev/null 2>&1" # Silence the output of the command echo "status=\$?" echo "if [ \"\$status\" -ne \"0\" ]; then" diff --git a/cdist/conf/type/__package_update_index/explorer/currage b/cdist/conf/type/__package_update_index/explorer/currage index 8eadaf53..3539b8e1 100644 --- a/cdist/conf/type/__package_update_index/explorer/currage +++ b/cdist/conf/type/__package_update_index/explorer/currage @@ -24,19 +24,16 @@ case "$type" in if [ -f "/var/cache/apt/pkgcache.bin" ]; then echo $(($(date +"%s")-$(stat --format '%Y' /var/cache/apt/pkgcache.bin))) else - echo -- -1 + echo 0 fi ;; pacman) if [ -d "/var/lib/pacman/sync" ]; then echo $(($(date +"%s")-$(stat --format '%Y' /var/lib/pacman/sync))) else - echo -- -1 + echo 0 fi ;; - alpine) - echo -- -1 - ;; *) echo "Your specified type ($type) is currently not supported." >&2 echo "Please contribute an implementation for it if you can." >&2 ;; diff --git a/cdist/conf/type/__package_update_index/explorer/type b/cdist/conf/type/__package_update_index/explorer/type index c98e1e67..35254c5f 100644 --- a/cdist/conf/type/__package_update_index/explorer/type +++ b/cdist/conf/type/__package_update_index/explorer/type @@ -26,7 +26,6 @@ else amazon|scientific|centos|fedora|redhat) echo "yum" ;; debian|ubuntu|devuan) echo "apt" ;; archlinux) echo "pacman" ;; - alpine) echo "apk" ;; *) echo "Don't know how to manage packages on: $os" >&2 exit 1 diff --git a/cdist/conf/type/__package_update_index/gencode-remote b/cdist/conf/type/__package_update_index/gencode-remote index 803468b5..738d38eb 100755 --- a/cdist/conf/type/__package_update_index/gencode-remote +++ b/cdist/conf/type/__package_update_index/gencode-remote @@ -31,8 +31,7 @@ if [ -n "$maxage" ]; then if [ "$type" != "apt" ] && [ "$type" != "pacman" ]; then echo "ERROR: \"--maxage\" only supported for \"apt\" or \"pacman\" pkg-manager." >&2 exit 1 - # do not exit if no value found (represented as -1) - elif [ "$currage" -ne -1 ] && [ "$currage" -lt "$maxage" ]; then + elif [ "$currage" -lt "$maxage" ]; then exit 0 # no need to update fi fi @@ -48,10 +47,6 @@ case "$type" in echo "pacman --noprogressbar --sync --refresh" echo "pacman package database synced (age was: $currage)" >> "$__messages_out" ;; - apk) - echo "apk update" - echo "apk package database updated." >>"$__messages_out" - ;; *) echo "Don't know how to manage packages for type: $type" >&2 exit 1 diff --git a/cdist/conf/type/__ipset/files/ipsets-restore b/cdist/conf/type/__pf_apply/explorer/rcvar similarity index 65% rename from cdist/conf/type/__ipset/files/ipsets-restore rename to cdist/conf/type/__pf_apply/explorer/rcvar index 30df3a13..7c8d535f 100755 --- a/cdist/conf/type/__ipset/files/ipsets-restore +++ b/cdist/conf/type/__pf_apply/explorer/rcvar @@ -1,6 +1,6 @@ #!/bin/sh # -# 2021 Mesar Hameed (mesar.hameed at gmail.com) +# 2012 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # @@ -17,12 +17,20 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # +# +# Get the location of the pf ruleset on the target host. +# + +# Debug +#exec >&2 +#set -x + +# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf + +RC="/etc/rc.conf" +PFCONF="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')" +echo "${PFCONF:-"/etc/pf.conf"}" + +# Debug +#set +x -mkdir -p /etc/ipset.d/ -if [ -n "$1" ]; then - ipset -! restore < "/etc/ipset.d/$1" -else -find /etc/ipset.d/ -iname "*.saved" | while read s; do - ipset -! restore <$s -done -fi diff --git a/cdist/conf/type/__pf_apply/gencode-remote b/cdist/conf/type/__pf_apply/gencode-remote new file mode 100755 index 00000000..c8f7a25a --- /dev/null +++ b/cdist/conf/type/__pf_apply/gencode-remote @@ -0,0 +1,51 @@ +#!/bin/sh -e +# +# 2012 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Apply pf(4) ruleset on *BSD +# + +# Debug +#exec >&2 +#set -x + +rcvar=$(cat "$__object/explorer/rcvar") + +cat <&2 + fi +fi +EOF + +# Debug +#set +x + diff --git a/cdist/conf/type/__pf_apply/man.rst b/cdist/conf/type/__pf_apply/man.rst new file mode 100644 index 00000000..eee345e7 --- /dev/null +++ b/cdist/conf/type/__pf_apply/man.rst @@ -0,0 +1,55 @@ +cdist-type__pf_apply(7) +======================= + +NAME +---- +cdist-type__pf_apply - Apply pf(4) ruleset on \*BSD + + +DESCRIPTION +----------- +This type is used on \*BSD systems to manage the pf firewall's active ruleset. + + +REQUIRED PARAMETERS +------------------- +NONE + + +OPTIONAL PARAMETERS +------------------- +NONE + + +EXAMPLES +-------- + +.. code-block:: sh + + # Modify the ruleset on $__target_host: + __pf_ruleset --state present --source /my/pf/ruleset.conf + require="__pf_ruleset" \ + __pf_apply + + # Remove the ruleset on $__target_host (implies disabling pf(4): + __pf_ruleset --state absent + require="__pf_ruleset" \ + __pf_apply + + +SEE ALSO +-------- +:strong:`pf`\ (4), :strong:`cdist-type__pf_ruleset`\ (7) + + +AUTHORS +------- +Jake Guffey + + +COPYING +------- +Copyright \(C) 2012 Jake Guffey. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__apt_backports/singleton b/cdist/conf/type/__pf_apply/singleton similarity index 100% rename from cdist/conf/type/__apt_backports/singleton rename to cdist/conf/type/__pf_apply/singleton diff --git a/cdist/conf/type/__pf_apply_anchor/gencode-remote b/cdist/conf/type/__pf_apply_anchor/gencode-remote deleted file mode 100755 index 36c26521..00000000 --- a/cdist/conf/type/__pf_apply_anchor/gencode-remote +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh -e -# -# 2016 Kamila Součková (coding at kamila.is) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# -# Apply pf(4) ruleset on *BSD -# - -ANCHORS_DIR="/etc/pf.d" - -if [ -f "${__object}/parameter/anchor_name" ]; then - anchor_name="$(cat "${__object}/parameter/anchor_name")" -else - anchor_name="${__object_id}" -fi -anchor_file="${ANCHORS_DIR}/${anchor_name}" - -echo "pfctl -a \"${anchor_name}\" -f \"${anchor_file}\"" diff --git a/cdist/conf/type/__pf_apply_anchor/man.rst b/cdist/conf/type/__pf_apply_anchor/man.rst deleted file mode 100644 index aef6cdf4..00000000 --- a/cdist/conf/type/__pf_apply_anchor/man.rst +++ /dev/null @@ -1,62 +0,0 @@ -cdist-type__pf_apply_anchor(7) -============================== - -NAME ----- -cdist-type__pf_apply_anchor - Apply a pf(4) anchor on $__target_host - - -DESCRIPTION ------------ -This type is used on \*BSD systems to manage anchors for the pf firewall. - -Notice this type does not take care of copying the ruleset, that must be -done by the user with, e.g. `__file`. - - -OPTIONAL PARAMETERS -------------------- -anchor_name - The name of the anchor to apply. If not set, `${__object_id}` is used. - This type requires `/etc/pf.d/${anchor_name}` to exist on - `$__target_host`. - - -EXAMPLES --------- - -.. code-block:: sh - - # Copy anchor file to ${__target_host} - __file "/etc/pf.d/80_dns" --source - < -Kamila Součková -Jake Guffey - - -COPYING -------- -Copyright \(C) 2020 Evilham. -Copyright \(C) 2016 Kamila Součková. -Copyright \(C) 2012 Jake Guffey. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/cdist/conf/type/__pf_apply_anchor/parameter/optional b/cdist/conf/type/__pf_apply_anchor/parameter/optional deleted file mode 100644 index b9f61e28..00000000 --- a/cdist/conf/type/__pf_apply_anchor/parameter/optional +++ /dev/null @@ -1 +0,0 @@ -anchor_name diff --git a/cdist/conf/type/__ipset/explorer/content b/cdist/conf/type/__pf_ruleset/explorer/cksum similarity index 55% rename from cdist/conf/type/__ipset/explorer/content rename to cdist/conf/type/__pf_ruleset/explorer/cksum index 87f6b517..9be6c901 100755 --- a/cdist/conf/type/__ipset/explorer/content +++ b/cdist/conf/type/__pf_ruleset/explorer/cksum @@ -1,6 +1,6 @@ #!/bin/sh # -# 2021 Mesar Hameed (mesar.hameed at gmail.com) +# 2012 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # @@ -17,10 +17,25 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # +# +# Get the 256 bit SHA2 checksum of the pf ruleset on the target host. +# -name="$__object_id" -if ipset -t list | grep -qFx "Name: $name"; then - ipset list "$name" | sed '0,/^Members:/d' -else - echo "x_missing_x" +# Debug +#exec >&2 +#set -x + +# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf +# See if file exists and if so, get checksum + +RC="/etc/rc.conf" +TMP="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')" +PFCONF="${TMP:-"/etc/pf.conf"}" + +if [ -f "${PFCONF}" ]; then # The pf config file exists, find its cksum. + cksum -o 1 "${PFCONF}" | cut -d= -f2 | awk '{print $1}' fi + +# Debug +#set +x + diff --git a/cdist/conf/type/__pf_ruleset/gencode-local b/cdist/conf/type/__pf_ruleset/gencode-local new file mode 100755 index 00000000..11bfb0b1 --- /dev/null +++ b/cdist/conf/type/__pf_ruleset/gencode-local @@ -0,0 +1,81 @@ +#!/bin/sh -e +# +# 2012 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Manage pf(4) on *BSD +# + +# Debug +#exec >&2 +#set -x + +# Send files to $__target_host via $__remote_copy + +uname=$(uname) # Need to know what the cdist host is running so we know how to compute the ruleset's checksum +state=$(cat "$__object/parameter/state") + +if [ "$state" = "absent" ]; then # There is nothing more for a *local* script to do + exit 0 +fi + +if [ -f "$__object/parameter/source" ]; then + source=$(cat "$__object/parameter/source") +fi + +rcvar=$(cat "$__object/explorer/rcvar") +cksum=$(cat "$__object/explorer/cksum") + + +cat <&2 + exit 1 + ;; +esac + +# IPv6 fix +if $(echo "${__target_host}" | grep -q -E '^[0-9a-fA-F:]+$') +then + my_target_host="[${__target_host}]" +else + my_target_host="${__target_host}" +fi + +if [ -n "${cksum}" ]; then + if [ ! "\${currentSum}" = "${cksum}" ]; then + $__remote_copy "${source}" "\${my_target_host}:${rcvar}.new" + fi +else # File just doesn't exist yet + $__remote_copy "${source}" "\${my_target_host}:${rcvar}.new" +fi +EOF + +# Debug +#exec +x + diff --git a/cdist/conf/type/__pf_ruleset/manifest b/cdist/conf/type/__pf_ruleset/gencode-remote similarity index 51% rename from cdist/conf/type/__pf_ruleset/manifest rename to cdist/conf/type/__pf_ruleset/gencode-remote index 27b35328..12760fdf 100755 --- a/cdist/conf/type/__pf_ruleset/manifest +++ b/cdist/conf/type/__pf_ruleset/gencode-remote @@ -1,6 +1,6 @@ #!/bin/sh -e # -# 2016 Kamila Součková (coding at kamila.is) +# 2012 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # @@ -21,26 +21,29 @@ # Manage pf(4) on *BSD # -rcvar="$(cat "${__object}/explorer/rcvar")" -state="$(cat "${__object}/parameter/state")" -if [ -f "${__object}/parameter/source" ]; then - source="$(cat "${__object}/parameter/source")" -fi +# Debug +#exec >&2 +#set -x -if [ "${state}" = "absent" ]; then - action="/etc/rc.d/pf stop" +# Remove ${rcvar} in the case of --state absent + +state=$(cat "$__object/parameter/state") +rcvar=$(cat "$__object/explorer/rcvar") + +if [ "$state" = "present" ]; then # There is nothing more for a *remote* script to do + exit 0 +elif [ "$state" = "absent" ]; then + # --state absent, so ensure that .new doesn't exist and that conf is renamed to .old + cat <&2 + exit 1 fi -__key_value __pf_ruleset/rcvar \ - --state "${state}" \ - --file /etc/rc.conf \ - --delimiter "=" \ - --key "pf_enable" \ - --value "YES" - -require="__key_value/__pf_ruleset/rcvar" __config_file "${rcvar}" \ - --source "${source}" \ - --state "${state}" \ - --onchange "${action}" diff --git a/cdist/conf/type/__pf_ruleset/man.rst b/cdist/conf/type/__pf_ruleset/man.rst index db8873ac..5719e94e 100644 --- a/cdist/conf/type/__pf_ruleset/man.rst +++ b/cdist/conf/type/__pf_ruleset/man.rst @@ -10,9 +10,6 @@ DESCRIPTION ----------- This type is used on \*BSD systems to manage the pf firewall's ruleset. -It will also enable and disable the pf firewall as requested in the `state` -parameter. - REQUIRED PARAMETERS ------------------- @@ -23,8 +20,9 @@ state OPTIONAL PARAMETERS ------------------- source - Required when state is "present". - Defines the ruleset to load onto the $__target_host for `pf(4)`. + If supplied, use to define the ruleset to load onto the $__target_host for pf(4). + Note that this type is almost useless without a ruleset defined, but it's technically not + needed, e.g. for the case of disabling the firewall temporarily. EXAMPLES @@ -32,10 +30,10 @@ EXAMPLES .. code-block:: sh - # Remove the current ruleset in place and disable pf + # Remove the current ruleset in place __pf_ruleset --state absent - # Enable pf with the ruleset defined in $__manifest/files/pf.conf + # Enable the firewall with the ruleset defined in $__manifest/files/pf.conf __pf_ruleset --state present --source $__manifest/files/pf.conf @@ -46,13 +44,11 @@ SEE ALSO AUTHORS ------- -Kamila Součková Jake Guffey COPYING ------- -Copyright \(C) 2016 Kamila Součková. Copyright \(C) 2012 Jake Guffey. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the diff --git a/cdist/conf/type/__postfix/manifest b/cdist/conf/type/__postfix/manifest index 121bba96..f3616979 100755 --- a/cdist/conf/type/__postfix/manifest +++ b/cdist/conf/type/__postfix/manifest @@ -19,4 +19,16 @@ # along with cdist. If not, see . # -__package postfix --state present + +os=$(cat "$__global/explorer/os") + +case "$os" in + alpine|ubuntu|debian|archlinux|suse|scientific|centos|devuan) + __package postfix --state present + ;; + *) + echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 + echo "Please contribute an implementation for it if you can." >&2 + exit 1 + ;; +esac diff --git a/cdist/conf/type/__postfix_master/gencode-remote b/cdist/conf/type/__postfix_master/gencode-remote index 73de1088..7c109a69 100755 --- a/cdist/conf/type/__postfix_master/gencode-remote +++ b/cdist/conf/type/__postfix_master/gencode-remote @@ -67,7 +67,7 @@ case "$state_should" in remove_entry fi cat << DONE -cat >> "$config" << "${__type##*/}_DONE" +cat >> "$config" << ${__type##*/}_DONE $(cat "$entry") ${__type##*/}_DONE DONE diff --git a/cdist/conf/type/__postfix_master/parameter/optional b/cdist/conf/type/__postfix_master/parameter/optional index 410482b8..792b42c5 100644 --- a/cdist/conf/type/__postfix_master/parameter/optional +++ b/cdist/conf/type/__postfix_master/parameter/optional @@ -4,5 +4,6 @@ unpriv chroot wakeup maxproc +option comment state diff --git a/cdist/conf/type/__postfix_master/parameter/optional_multiple b/cdist/conf/type/__postfix_master/parameter/optional_multiple deleted file mode 100644 index 01925a15..00000000 --- a/cdist/conf/type/__postfix_master/parameter/optional_multiple +++ /dev/null @@ -1 +0,0 @@ -option diff --git a/cdist/conf/type/__postgres_database/gencode-remote b/cdist/conf/type/__postgres_database/gencode-remote index 0f11cff4..61cfa50d 100755 --- a/cdist/conf/type/__postgres_database/gencode-remote +++ b/cdist/conf/type/__postgres_database/gencode-remote @@ -41,37 +41,12 @@ if [ "$state_should" != "$state_is" ]; then present) owner="" if [ -f "$__object/parameter/owner" ]; then - owner="-O \"$(cat "$__object/parameter/owner")\"" + owner="-O '$(cat "$__object/parameter/owner")'" fi - - template="" - if [ -f "$__object/parameter/template" ]; then - template="--template \"$(cat "$__object/parameter/template")\"" - fi - - encoding="" - if [ -f "$__object/parameter/encoding" ]; then - encoding="--encoding \"$(cat "$__object/parameter/encoding")\"" - fi - - lc_collate="" - if [ -f "$__object/parameter/lc-collate" ]; then - lc_collate="--lc-collate \"$(cat "$__object/parameter/lc-collate")\"" - fi - - lc_ctype="" - if [ -f "$__object/parameter/lc-ctype" ]; then - lc_ctype="--lc-ctype \"$(cat "$__object/parameter/lc-ctype")\"" - fi - - cat << EOF -su - '$postgres_user' -c "createdb $owner \"$name\" $template $encoding $lc_collate $lc_ctype" -EOF + echo "su - '$postgres_user' -c \"createdb $owner '$name'\"" ;; absent) - cat << EOF -su - '$postgres_user' -c "dropdb \"$name\"" -EOF + echo "su - '$postgres_user' -c \"dropdb '$name'\"" ;; esac fi diff --git a/cdist/conf/type/__postgres_database/man.rst b/cdist/conf/type/__postgres_database/man.rst index 870b4917..acceec9b 100644 --- a/cdist/conf/type/__postgres_database/man.rst +++ b/cdist/conf/type/__postgres_database/man.rst @@ -14,22 +14,10 @@ This cdist type allows you to create or drop postgres databases. OPTIONAL PARAMETERS ------------------- state - Either 'present' or 'absent', defaults to 'present'. + either 'present' or 'absent', defaults to 'present'. owner - Specifies the database user who will own the new database. - -encoding - Specifies the character encoding scheme to be used in this database. - -lc-collate - Specifies the LC_COLLATE setting to be used in this database. - -lc-ctype - Specifies the LC_CTYPE setting to be used in this database. - -template - Specifies the template database from which to build this database. + the role owning this database EXAMPLES diff --git a/cdist/conf/type/__postgres_database/parameter/optional b/cdist/conf/type/__postgres_database/parameter/optional index 877fbf32..d86b6469 100644 --- a/cdist/conf/type/__postgres_database/parameter/optional +++ b/cdist/conf/type/__postgres_database/parameter/optional @@ -1,6 +1,2 @@ state owner -encoding -lc-collate -lc-ctype -template diff --git a/cdist/conf/type/__postgres_role/gencode-remote b/cdist/conf/type/__postgres_role/gencode-remote index 282294c9..fd56e85d 100755 --- a/cdist/conf/type/__postgres_role/gencode-remote +++ b/cdist/conf/type/__postgres_role/gencode-remote @@ -53,13 +53,11 @@ case "$state_should" in done [ -n "$password" ] && password="PASSWORD '$password'" - cat << EOF -su - '$postgres_user' -c "psql postgres -wc \"CREATE ROLE \\\\\"$name\\\\\" WITH $password $booleans;\"" -EOF + + cmd="CREATE ROLE $name WITH $password $booleans" + echo "su - '$postgres_user' -c \"psql postgres -wc \\\"$cmd\\\"\"" ;; absent) - cat << EOF -su - '$postgres_user' -c "dropuser \"$name\"" -EOF + echo "su - '$postgres_user' -c \"dropuser \\\"$name\\\"\"" ;; esac diff --git a/cdist/conf/type/__pyvenv/gencode-remote b/cdist/conf/type/__pyvenv/gencode-remote index c5b64eff..04700683 100755 --- a/cdist/conf/type/__pyvenv/gencode-remote +++ b/cdist/conf/type/__pyvenv/gencode-remote @@ -1,7 +1,6 @@ #!/bin/sh -e # # 2016 Darko Poljak (darko.poljak at gmail.com) -# 2020 Nico Schotetlius (nico.schottelius at ungleich.ch) # # This file is part of cdist. # @@ -38,21 +37,11 @@ mode="$(cat "$__object/parameter/mode")" destination="/$__object_id" venvparams="$(cat "$__object/parameter/venvparams")" pyvenvparam="$__object/parameter/pyvenv" - -os=$(cat "$__global/explorer/os") - if [ -f "$pyvenvparam" ] then pyvenv=$(cat "$pyvenvparam") else - case "$os" in - alpine|ubuntu) # no pyvenv on alpine - I assume others will follow - pyvenv="python3 -m venv" - ;; - *) - pyvenv="pyvenv" - ;; - esac + pyvenv="pyvenv" fi case $state_should in diff --git a/cdist/conf/type/__pyvenv/man.rst b/cdist/conf/type/__pyvenv/man.rst index 8085ff12..d7de92fa 100644 --- a/cdist/conf/type/__pyvenv/man.rst +++ b/cdist/conf/type/__pyvenv/man.rst @@ -9,7 +9,7 @@ cdist-type__pyvenv - Create or remove python virtual environment DESCRIPTION ----------- This cdist type allows you to create or remove python virtual -environment using pyvenv on python3 -m venv. +environment using pyvenv. It assumes pyvenv is already installed. Concrete package depends on concrete OS and/or OS version/distribution. Ensure this for e.g. in your init manifest as in the following example: @@ -57,7 +57,7 @@ EXAMPLES __pyvenv /home/services/djangoenv - # Use specific pyvenv + # Use specific pyvenv __pyvenv /home/foo/fooenv --pyvenv /usr/local/bin/pyvenv-3.4 # Create python virtualenv for user foo. @@ -76,3 +76,4 @@ COPYING ------- Copyright \(C) 2016 Darko Poljak. Free use of this software is granted under the terms of the GNU General Public License v3 or later (GPLv3+). + diff --git a/cdist/conf/type/__service/explorer/service-manager b/cdist/conf/type/__service/explorer/service-manager deleted file mode 100755 index 55a873fa..00000000 --- a/cdist/conf/type/__service/explorer/service-manager +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -# Assume systemd if systemctl is in PATH. -if [ "$(command -v systemctl)" ]; then - printf "systemd" -else - printf "unknown" -fi diff --git a/cdist/conf/type/__service/gencode-remote b/cdist/conf/type/__service/gencode-remote deleted file mode 100755 index ac62e05f..00000000 --- a/cdist/conf/type/__service/gencode-remote +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -manager="$(cat "$__object/explorer/service-manager")" -name=$__object_id -action="$(cat "$__object/parameter/action")" - -if [ "$manager" = "unknown" ]; then - echo "service '$name' '$action'" -fi diff --git a/cdist/conf/type/__service/man.rst b/cdist/conf/type/__service/man.rst deleted file mode 100644 index f9b23d5b..00000000 --- a/cdist/conf/type/__service/man.rst +++ /dev/null @@ -1,51 +0,0 @@ -cdist-type__service(7) -====================== - -NAME ----- -cdist-type__service - Run action on a system service - - -DESCRIPTION ------------ -This type allows you to run an action against a system service. - - -REQUIRED PARAMETERS -------------------- -action - Arbitrary parameter passed as action. Usually 'start', 'stop', 'reload' or 'restart'. - -OPTIONAL PARAMETERS -------------------- -None. - - -BOOLEAN PARAMETERS ------------------- -None. - - -EXAMPLES --------- - -.. code-block:: sh - - # Restart nginx service. - __service nginx --action restart - - # Stop postfix service. - __service postfix --action stop - - -AUTHORS -------- -Timothée Floure - - -COPYING -------- -Copyright \(C) 2019 Timothée Floure. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/cdist/conf/type/__service/manifest b/cdist/conf/type/__service/manifest deleted file mode 100644 index beb0713c..00000000 --- a/cdist/conf/type/__service/manifest +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh - -manager="$(cat "$__object/explorer/service-manager")" - -name=$__object_id -action="$(cat "$__object/parameter/action")" - -case "$manager" in - systemd) - test "$action" = "start" && action="running" - test "$action" = "stop" && action="stopped" - __systemd_service "$name" --state "$action" - ;; - *) - # Unknown: handled by `service $NAME $action` in gencode-remote. - ;; -esac diff --git a/cdist/conf/type/__service/parameter/required b/cdist/conf/type/__service/parameter/required deleted file mode 100644 index a9f84d41..00000000 --- a/cdist/conf/type/__service/parameter/required +++ /dev/null @@ -1 +0,0 @@ -action diff --git a/cdist/conf/type/__ssh_authorized_key/man.rst b/cdist/conf/type/__ssh_authorized_key/man.rst index 5bae02aa..087a3dae 100644 --- a/cdist/conf/type/__ssh_authorized_key/man.rst +++ b/cdist/conf/type/__ssh_authorized_key/man.rst @@ -15,27 +15,25 @@ This type was created to be used by the __ssh_authorized_keys type. REQUIRED PARAMETERS ------------------- file - The authorized_keys file where the given key should be managed. + the authorized_keys file to which the given key should be added key - The ssh key which shall be managed in this authorized_keys file. - Must be a string containing the ssh keytype, base 64 encoded key and - optional trailing comment which shall be added to the given - authorized_keys file. + a string containing the ssh keytype, base 64 encoded key and optional + trailing comment which shall be added to the given authorized_keys file. OPTIONAL PARAMETERS ------------------- comment - Use this comment instead of the one which may be trailing in the key. + explicit comment instead of the one which may be trailing the given key option - An option to set for this authorized_key entry. + an option to set for this authorized_key entry. Can be specified multiple times. See sshd(8) for available options. state - If the managed key should be 'present' or 'absent', defaults to 'present'. + if the given keys should be 'present' or 'absent', defaults to 'present'. MESSAGES @@ -66,7 +64,7 @@ EXAMPLES SEE ALSO -------- -:strong:`cdist-type__ssh_authorized_keys`\ (7), :strong:`sshd`\ (8) +:strong:`cdist__ssh_authorized_keys`\ (7), :strong:`sshd`\ (8) AUTHORS diff --git a/cdist/conf/type/__ssh_authorized_keys/explorer/keys b/cdist/conf/type/__ssh_authorized_keys/explorer/keys deleted file mode 100755 index cec25746..00000000 --- a/cdist/conf/type/__ssh_authorized_keys/explorer/keys +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -e - -# shellcheck disable=SC1090 -file="$( . "$__type_explorer/file" )" - -if [ -f "$file" ] -then - cat "$file" -fi diff --git a/cdist/conf/type/__ssh_authorized_keys/man.rst b/cdist/conf/type/__ssh_authorized_keys/man.rst index dac6adeb..ba310ff9 100644 --- a/cdist/conf/type/__ssh_authorized_keys/man.rst +++ b/cdist/conf/type/__ssh_authorized_keys/man.rst @@ -20,48 +20,42 @@ then left to the user to ensure that the file exists and that ownership and permissions work with ssh. -REQUIRED MULTIPLE PARAMETERS ----------------------------- +REQUIRED PARAMETERS +------------------- key - An ssh key which shall be managed in this authorized_keys file. - Must be a string containing the ssh keytype, base 64 encoded key and - optional trailing comment which shall be added to the given - authorized_keys file. - Can be specified multiple times. + the ssh key which shall be added to this authorized_keys file. + Must be a string and can be specified multiple times. OPTIONAL PARAMETERS ------------------- comment - Use this comment instead of the one which may be trailing in each key. + explicit comment instead of the one which may be trailing the given key file - An alternative destination file, defaults to ~$owner/.ssh/authorized_keys. + an alternative destination file, defaults to ~$owner/.ssh/authorized_keys option - An option to set for all authorized_key entries in the key parameter. + an option to set for all created authorized_key entries. Can be specified multiple times. See sshd(8) for available options. owner - The user owning the authorized_keys file, defaults to object_id. + the user owning the authorized_keys file, defaults to object_id. state - If the given keys should be 'present' or 'absent', defaults to 'present'. + if the given keys should be 'present' or 'absent', defaults to 'present'. BOOLEAN PARAMETERS ------------------ noparent - Don't create or change ownership and permissions of the directory containing - the authorized_keys file. + don't create or change ownership and permissions of the directory containing + the authorized_keys file nofile - Don't manage existence, ownership and permissions of the the authorized_keys - file. - -remove-unknown - Remove undefined keys. + don't manage existence, ownership and permissions of the the authorized_keys + file EXAMPLES @@ -73,12 +67,6 @@ EXAMPLES __ssh_authorized_keys root \ --key "$(cat ~/.ssh/id_rsa.pub)" - # same as above, but make sure your key is only key in - # root's authorized_keys file - __ssh_authorized_keys root \ - --key "$(cat ~/.ssh/id_rsa.pub)" \ - --remove-unknown - # allow key to login as user-name __ssh_authorized_keys user-name \ --key "ssh-rsa AXYZAAB3NzaC1yc2..." diff --git a/cdist/conf/type/__ssh_authorized_keys/manifest b/cdist/conf/type/__ssh_authorized_keys/manifest index b319316b..b9f0582e 100755 --- a/cdist/conf/type/__ssh_authorized_keys/manifest +++ b/cdist/conf/type/__ssh_authorized_keys/manifest @@ -55,12 +55,8 @@ _cksum() { echo "$1" | cksum | cut -d' ' -f 1 } -_type_and_key() { - echo "$1" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }' -} - while read -r key; do - type_and_key="$( _type_and_key "$key" )" + type_and_key="$(echo "$key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')" object_id="$(_cksum "$file")-$(_cksum "$type_and_key")" set -- "$object_id" set -- "$@" --file "$file" @@ -76,24 +72,3 @@ while read -r key; do # Ensure __ssh_authorized_key does not read stdin __ssh_authorized_key "$@" < /dev/null done < "$__object/parameter/key" - -if [ -f "$__object/parameter/remove-unknown" ] && - [ -s "$__object/explorer/keys" ] -then - while read -r key - do - type_and_key="$( _type_and_key "$key" )" - - if grep -Fq "$type_and_key" "$__object/parameter/key" - then - continue - fi - - __ssh_authorized_key "remove-$( _cksum "$file$key" )" \ - --file "$file" \ - --key "$key" \ - --state absent \ - < /dev/null - done \ - < "$__object/explorer/keys" -fi diff --git a/cdist/conf/type/__ssh_authorized_keys/parameter/boolean b/cdist/conf/type/__ssh_authorized_keys/parameter/boolean index 7388fed5..4bb126fe 100644 --- a/cdist/conf/type/__ssh_authorized_keys/parameter/boolean +++ b/cdist/conf/type/__ssh_authorized_keys/parameter/boolean @@ -1,3 +1,2 @@ noparent nofile -remove-unknown diff --git a/cdist/conf/type/__ssh_authorized_keys/parameter/optional b/cdist/conf/type/__ssh_authorized_keys/parameter/optional index fa64fc43..21f9bc29 100644 --- a/cdist/conf/type/__ssh_authorized_keys/parameter/optional +++ b/cdist/conf/type/__ssh_authorized_keys/parameter/optional @@ -1,4 +1,5 @@ comment file +option owner state diff --git a/cdist/conf/type/__ssh_authorized_keys/parameter/optional_multiple b/cdist/conf/type/__ssh_authorized_keys/parameter/optional_multiple deleted file mode 100644 index 01925a15..00000000 --- a/cdist/conf/type/__ssh_authorized_keys/parameter/optional_multiple +++ /dev/null @@ -1 +0,0 @@ -option diff --git a/cdist/conf/type/__sshd_config/explorer/state b/cdist/conf/type/__sshd_config/explorer/state deleted file mode 100644 index 75c68b8a..00000000 --- a/cdist/conf/type/__sshd_config/explorer/state +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# Determines the current state of the config option. -# Possible output: -# - present: "should" option present in config file -# - default: the "should" option is the default -> don’t know if present -# - absent: no such option present in config file -# - -joinlines() { sed -n -e H -e "\${x;s/^\\n//;s/\\n/${1:?}/g;p;}"; } -trlower() { tr '[:upper:]' '[:lower:]'; } -tolower() { printf '%s' "$*" | trlower; } - -default_value() { - sshd -T -f /dev/null -C "$(make_conn_spec)" \ - | sed -n -e 's/^'"$(tolower "${1:?}")"'[[:blank:]]\{1,\}//p' -} - -make_conn_spec() { - if test -s "${__object:?}/parameter/match" - then - _match_file="${__object:?}/parameter/match" - else - _match_file='/dev/null' - fi - - for _kw in \ - addr=Address \ - user=User \ - host=Host \ - laddr=LocalAddress \ - lport=LocalPort \ - rdomain=RDomain - do - _specname=${_kw%%=*} - _confname=$(tolower "${_kw#*=}") - while read -r _k _v - do - if test "$(tolower "${_k}")" = "${_confname}" - then - printf '%s=%s\n' "${_specname}" "${_v}" - continue 2 - fi - done <"${_match_file}" - - # NOTE: Print test spec even for empty keys to suppress errors like: - # 'Match User' in configuration but 'user' not in connection test specification. - # except lport: - # Invalid port '' in test mode specification lport= - test "${_specname}" = 'lport' || printf '%s=\n' "${_specname}" - done \ - | joinlines ',' - unset _match_file -} - -sshd_config_file=$(cat "${__object:?}/parameter/file") -state_should=$(cat "${__object:?}/parameter/state") - -if test -s "${__object:?}/parameter/option" -then - option_name=$(cat "${__object:?}/parameter/option") -else - option_name=${__object_id:?} -fi - -value_should=$(cat "${__object:?}/parameter/value" 2>/dev/null) \ -|| test "${state_should}" = absent || exit 0 # param optional if --state absent - -command -v sshd >/dev/null 2>&1 || { - echo 'Cannot find sshd.' >&2 - exit 1 -} - -test -e "${sshd_config_file}" || { - echo 'absent' - exit 0 -} - -value_is=$( - sshd -T -f "${sshd_config_file}" -C "$(make_conn_spec)" \ - | sed -n -e 's/^'"$(tolower "${option_name}")"'[[:blank:]]\{1,\}//p') - -if printf '%s\n' "${value_is}" | { - if test -n "${value_should}" - then - grep -q -x -F "${value_should}" - else - # if no value provided, assume "any" value - grep -q -e . - fi - } -then - if default_value "${option_name}" | grep -q -x -F "${value_is}" - then - # Might produce false positives for default values. - # TODO: Manual checking should be done, but for simplicity, this case is - # currently ignored here. - echo default - else - echo present - fi -else - echo absent -fi diff --git a/cdist/conf/type/__sshd_config/files/update_sshd_config.awk b/cdist/conf/type/__sshd_config/files/update_sshd_config.awk deleted file mode 100644 index d0bc2b4b..00000000 --- a/cdist/conf/type/__sshd_config/files/update_sshd_config.awk +++ /dev/null @@ -1,293 +0,0 @@ -# -*- mode: awk; indent-tabs-mode: t -*- - -function usage() { - print_err("Usage: awk -f update_sshd_config.awk -- -o set|unset [-m 'User git'] -l 'X11Forwarding no' /etc/ssh/sshd_config") -} - -function print_err(s) { print s | "cat >&2" } - -function alength(a, i) { - for (i = 0; (i + 1) in a; ++i); - return i -} - -function join(sep, a, i, s) { - for (i = i ? i : 1; i in a; i++) - s = s sep a[i] - return substr(s, 2) -} - -function getopt(opts, argv, target, files, i, c, lv, idx, nf) { - # trivial getopt(3) implementation; only basic functionality - if (argv[1] == "--") i++ - for (i += 1; i in argv; i++) { - if (lv) { target[c] = argv[i]; lv = 0; continue } - if (argv[i] ~ /^-/) { - c = substr(argv[i], 2, 1) - idx = index(opts, c) - if (!idx) { - print_err(sprintf("invalid option -%c\n", c)) - continue - } - if (substr(opts, idx + 1, 1) == ":") { - # option takes argument - if (length(argv[i]) > 2) - target[c] = substr(argv[i], 3) - else - lv = 1 - } else { - target[c] = 1 - } - } else - files[++nf] = argv[i] - } -} - -# tokenise configuration line -# this function mimics the counterpart in OpenSSH (misc.c) -# but it returns two (next token SUBSEP rest) because I didn’t want to have to -# simulate any pointer magic. -function strdelim_internal(s, split_equals, old) { - if (!s) - return "" - - old = s - - if (!match(s, WHITESPACE "|" QUOTE "" (split_equals ? "|" EQUALS : ""))) - return s - - s = substr(s, RSTART) - old = substr(old, 1, RSTART - 1) - - if (s ~ "^" QUOTE) { - old = substr(old, 2) - - # Find matching quote - if (match(s, QUOTE)) { - old = substr(old, 1, RSTART) - # s = substr() - if (match(s, "^" WHITESPACE "*")) - s = substr(s, RLENGTH) - return old - } else { - # no matching quote - return "" - } - } - - if (match(s, "^" WHITESPACE "+")) { - sub("^" WHITESPACE "+", "", s) - if (split_equals) - sub(EQUALS WHITESPACE "*", "", s) - } else if (s ~ "^" EQUALS) { - s = substr(s, 2) - } - - return old SUBSEP s -} -function strdelim(s) { return strdelim_internal(s, 1) } -function strdelimw(s) { return strdelim_internal(s, 0) } - -function singleton_option(opt) { - return tolower(opt) !~ /^(acceptenv|allowgroups|allowusers|authenticationmethods|authorizedkeysfile|denygroups|denyusers|hostcertificate|hostkey|listenaddress|logverbose|permitlisten|permitopen|port|setenv|subsystem)$/ -} - -function print_update() { - if (mode) { - if (match_only) printf "\t" - printf "%s\n", line_should - updated = 1 - } -} - -BEGIN { - FS = "\n" # disable field splitting - - WHITESPACE = "[ \t]" # servconf.c, misc.c:strdelim_internal (without line breaks, cf. bugs) - QUOTE = "[\"]" # misc.c:strdelim_internal - EQUALS = "[=]" - - split("", opts) - split("", files) - getopt("ho:l:m:", ARGV, opts, files) - - if (opts["h"]) { usage(); exit (e="0") } - - line_should = opts["l"] - match_only = opts["m"] - num_files = alength(files) - - if (num_files != 1 || !opts["o"] || !line_should) { - usage() - exit (e=126) - } - - if (opts["o"] == "set") { - mode = 1 - } else if (opts["o"] == "unset") { - mode = 0 - } else { - print_err(sprintf("invalid mode %s\n", mode)) - exit (e=1) - } - - if (mode) { - # loop over sshd_config twice! - ARGV[2] = ARGV[1] = files[1] - ARGC = 3 - } else { - # only loop once - ARGV[1] = files[1] - ARGC = 2 - } - - split(strdelim(line_should), should, SUBSEP) - option_should = tolower(should[1]) - value_should = should[2] -} - -{ - line = $0 - - # Strip trailing whitespace. Allow \f (form feed) at EOL only - sub("(" WHITESPACE "|\f)*$", "", line) - - # Strip leading whitespace - sub("^" WHITESPACE "*", "", line) - - if (match(line, "^#" WHITESPACE "*")) { - prefix = substr(line, RSTART, RLENGTH) - line = substr(line, RSTART + RLENGTH) - } else { - prefix = "" - } - - line_type = "invalid" - option_is = value_is = "" - - if (line) { - split(strdelim(line), toks, SUBSEP) - - if (tolower(toks[1]) == "match") { - MATCH = (prefix ~ /^#/ ? "#" : "") join(" ", toks, 2) - line_type = "match" - } else if (toks[1] ~ /^[A-Za-z][A-Za-z0-9]+$/) { - # This could be an option line - line_type = "option" - option_is = tolower(toks[1]) - value_is = toks[2] - } - } else { - line_type = "empty" - } -} - -# mode: unset - -!mode { - # delete matching config - if (prefix !~ /^#/) - if (MATCH == match_only && option_is == option_should) - if (!value_should || value_should == value_is) - next - - print - next -} - - -# mode: set - -mode && NR == FNR { - if (line_type == "option") { - if (MATCH !~ /^#/) { - if (prefix ~ /^#/) { - # comment line - last_occ[MATCH, "#" option_is] = FNR - } else { - # option line - last_occ[MATCH, option_is] = FNR - } - last_occ[MATCH] = FNR - } - } else if (line_type == "invalid" && !prefix) { - # INVALID LINE - print_err(sprintf("%s: syntax error on line %u\n", ARGV[0], FNR)) - } - - next -} - -# before second pass prepare hashes containing location information to be used -# in the second pass. -mode && NR > FNR && FNR == 1 { - # First we drop the locations of commented-out options if a non-commented - # option is available. If a non-commented option is available, we will - # append new config options there to have them all at one place. - for (k in last_occ) { - if (k ~ /^#/) { - # delete entries of commented out match blocks - delete last_occ[k] - continue - } - - split(k, parts, SUBSEP) - - if (parts[2] ~ /^#/ && ((parts[1], substr(parts[2], 2)) in last_occ)) - delete last_occ[k] - } - - # Reverse the option => line mapping. The line_map allows for easier lookups - # in the second pass. - # We only keep options, not top-level keywords, because we can only have - # one entry per line and there are conflicts with last lines of "sections". - for (k in last_occ) { - if (!index(k, SUBSEP)) continue - line_map[last_occ[k]] = k - } -} - -# Second pass -mode && line_map[FNR] == match_only SUBSEP option_should && !updated { - split(line_map[FNR], parts, SUBSEP) - - # If option allows multiple values, print current value - if (!singleton_option(parts[2])) { - if (value_should != value_is) - print - } - - print_update() - - next -} - -mode { print } - -# Is a comment option -mode && line_map[FNR] == match_only SUBSEP "#" option_should && !updated { - print_update() -} - -# Last line of the should match section -mode && last_occ[match_only] == FNR && !updated { - # NOTE: Inserting empty lines is only cosmetic. It is only done if - # different options are next to each other and not in a match block - # (match blocks are usually not in the default config and thus don’t - # contain commented blocks.) - if (line && option_is != option_should && !MATCH) - print "" - print_update() -} - -END { - if (e) exit e - - if (mode && !updated) { - if (match_only && MATCH != match_only) { - printf "\nMatch %s\n", match_only - } - - print_update() - } -} diff --git a/cdist/conf/type/__sshd_config/gencode-remote b/cdist/conf/type/__sshd_config/gencode-remote deleted file mode 100755 index 0b44dfa7..00000000 --- a/cdist/conf/type/__sshd_config/gencode-remote +++ /dev/null @@ -1,97 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -joinlines() { sed -n -e H -e "\${x;s/^\\n//;s/\\n/${1:?}/g;p;}"; } - -state_is=$(cat "${__object:?}/explorer/state") -state_should=$(cat "${__object:?}/parameter/state") - -if test "${state_is}" = "${state_should}" -o "${state_is}" = 'default' -then - # nothing to do (if the value is the default, ignore its state) - exit 0 -fi - -case ${state_should} -in - (present) - mode='set' - ;; - (absent) - mode='unset' - ;; - (*) - printf 'Invalid --state: %s\n' "${state_should}" >&2 - exit 1 - ;; -esac - -sshd_config_file=$(cat "${__object:?}/parameter/file") - -quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; } -drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; } - -# Ensure the sshd_config file is there -cat <$(quote "${sshd_config_file}") - chown 0:0 $(quote "${sshd_config_file}") - chmod 0644 $(quote "${sshd_config_file}") -} - -EOF - -match_only= -if test -s "${__object:?}/parameter/match" -then - match_only=$(joinlines ' ' <"${__object:?}/parameter/match") -fi - -if test -s "${__object:?}/parameter/option" -then - option_line=$(cat "${__object:?}/parameter/option") -else - option_line=${__object_id:?} -fi - -if test -s "${__object:?}/parameter/value" -then - option_line="${option_line} $(cat "${__object:?}/parameter/value")" -fi - -# Send message on config update -printf '%s%s %s\n' "${mode}" "${match_only:+ [${match_only}]}" \ - "${option_line}" >>"${__messages_out:?}" - -# Update sshd_config (remote code) -cat <$(quote "${sshd_config_file}.tmp") \\ -|| exit - -cmp -s $(quote "${sshd_config_file}") $(quote "${sshd_config_file}.tmp") || { - sshd -t -f $(quote "${sshd_config_file}.tmp") \\ - && cat $(quote "${sshd_config_file}.tmp") >$(quote "${sshd_config_file}") -} -rm -f $(quote "${sshd_config_file}.tmp") -EOF diff --git a/cdist/conf/type/__sshd_config/man.rst b/cdist/conf/type/__sshd_config/man.rst deleted file mode 100644 index 8b0069ac..00000000 --- a/cdist/conf/type/__sshd_config/man.rst +++ /dev/null @@ -1,94 +0,0 @@ -cdist-type__sshd_config(7) -========================== - -NAME ----- -cdist-type__sshd_config - Manage options in sshd_config - - -DESCRIPTION ------------ -This space intentionally left blank. - - -REQUIRED PARAMETERS -------------------- -None. - - -OPTIONAL PARAMETERS -------------------- -file - The path to the sshd_config file to edit. - Defaults to ``/etc/ssh/sshd_config``. -match - Restrict this option to apply only for certain connections. - Allowed values are what would be allowed to be written after a ``Match`` - keyword in ``sshd_config``, e.g. ``--match 'User anoncvs'``. - - Can be used multiple times. All of the values are ANDed together. -option - The name of the option to manipulate. Defaults to ``__object_id``. -state - Can be: - - - ``present``: ensure a matching config line is present (or the default - value). - - ``absent``: ensure no matching config line is present. -value - The option's value to be assigned to the option (if ``--state present``) or - removed (if ``--state absent``). - - This option is required if ``--state present``. If not specified and - ``--state absent``, all values for the given option are removed. - - -BOOLEAN PARAMETERS ------------------- -None. - - -EXAMPLES --------- - -.. code-block:: sh - - # Disallow root logins with password - __sshd_config PermitRootLogin --value without-password - - # Disallow password-based authentication - __sshd_config PasswordAuthentication --value no - - # Accept the EDITOR environment variable - __sshd_config AcceptEnv:EDITOR --option AcceptEnv --value EDITOR - - # Force command for connections as git user - __sshd_config git@ForceCommand --match 'User git' --option ForceCommand \ - --value 'cd ~git && exec git-shell ${SSH_ORIGINAL_COMMAND:+-c "${SSH_ORIGINAL_COMMAND}"}' - - -SEE ALSO --------- -:strong:`sshd_config`\ (5) - - -BUGS ----- -- This type assumes a nicely formatted config file, - i.e. no config options spanning multiple lines. -- ``Include`` directives are ignored. -- Config options are not added/removed to/from the config file if their value is - the default value. - - -AUTHORS -------- -Dennis Camera - - -COPYING -------- -Copyright \(C) 2020 Dennis Camera. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/cdist/conf/type/__sshd_config/manifest b/cdist/conf/type/__sshd_config/manifest deleted file mode 100755 index 566bde90..00000000 --- a/cdist/conf/type/__sshd_config/manifest +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -os=$(cat "${__global:?}/explorer/os") - -state_should=$(cat "${__object:?}/parameter/state") - -case ${os} -in - (alpine|centos|fedora|redhat|scientific|debian|devuan|ubuntu) - if test "${state_should}" != 'absent' - then - __package openssh-server --state present - fi - ;; - (archlinux|gentoo|slackware|suse) - if test "${state_should}" != 'absent' - then - __package openssh --state present - fi - ;; - (freebsd|netbsd|openbsd) - # whitelist - ;; - (*) - printf 'Your operating system (%s) is currently not supported by this type (%s)\n' \ - "${os}" "${__type##*/}" >&2 - printf 'Please contribute an implementation for it if you can.\n' >&2 - exit 1 - ;; -esac diff --git a/cdist/conf/type/__sshd_config/parameter/default/file b/cdist/conf/type/__sshd_config/parameter/default/file deleted file mode 100644 index d8ea5dfc..00000000 --- a/cdist/conf/type/__sshd_config/parameter/default/file +++ /dev/null @@ -1 +0,0 @@ -/etc/ssh/sshd_config diff --git a/cdist/conf/type/__sshd_config/parameter/default/state b/cdist/conf/type/__sshd_config/parameter/default/state deleted file mode 100644 index e7f6134f..00000000 --- a/cdist/conf/type/__sshd_config/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -present diff --git a/cdist/conf/type/__sshd_config/parameter/optional b/cdist/conf/type/__sshd_config/parameter/optional deleted file mode 100644 index 922ab093..00000000 --- a/cdist/conf/type/__sshd_config/parameter/optional +++ /dev/null @@ -1,4 +0,0 @@ -file -option -state -value diff --git a/cdist/conf/type/__sshd_config/parameter/optional_multiple b/cdist/conf/type/__sshd_config/parameter/optional_multiple deleted file mode 100644 index 02b1d1a9..00000000 --- a/cdist/conf/type/__sshd_config/parameter/optional_multiple +++ /dev/null @@ -1 +0,0 @@ -match diff --git a/cdist/conf/type/__start_on_boot/man.rst b/cdist/conf/type/__start_on_boot/man.rst index f8afe94b..b7c73ab1 100644 --- a/cdist/conf/type/__start_on_boot/man.rst +++ b/cdist/conf/type/__start_on_boot/man.rst @@ -12,7 +12,7 @@ This cdist type allows you to enable or disable stuff to be started at boot of your operating system. Warning: This type has not been tested intensively and is not fully -supported. +supported (i.e. \*BSD are not implemented). REQUIRED PARAMETERS diff --git a/cdist/conf/type/__sysctl/explorer/value b/cdist/conf/type/__sysctl/explorer/value index 3e93c151..fc85b3d8 100755 --- a/cdist/conf/type/__sysctl/explorer/value +++ b/cdist/conf/type/__sysctl/explorer/value @@ -1,4 +1,4 @@ -#!/bin/sh -e +#!/bin/sh # # 2014 Steven Armstrong (steven-cdist at armstrong.cc) # @@ -18,10 +18,5 @@ # along with cdist. If not, see . # -if test "$(uname -s)" = NetBSD -then - PATH=$(getconf PATH) -fi - # get the current runtime value -sysctl -n "${__object_id}" || true +sysctl -n "$__object_id" || true diff --git a/cdist/conf/type/__sysctl/gencode-remote b/cdist/conf/type/__sysctl/gencode-remote index f0f6deef..711d54e5 100755 --- a/cdist/conf/type/__sysctl/gencode-remote +++ b/cdist/conf/type/__sysctl/gencode-remote @@ -44,8 +44,6 @@ case "$os" in flag='-w' ;; netbsd) - # shellcheck disable=SC2016 - echo 'PATH=$(getconf PATH)' flag='-w' ;; freebsd|openbsd) diff --git a/cdist/conf/type/__sysctl/man.rst b/cdist/conf/type/__sysctl/man.rst index dbb9a1ac..6873003e 100644 --- a/cdist/conf/type/__sysctl/man.rst +++ b/cdist/conf/type/__sysctl/man.rst @@ -26,13 +26,6 @@ EXAMPLES __sysctl net.ipv4.ip_forward --value 1 - # On some operating systems, e.g. NetBSD, to prevent an error if the - # MIB style name does not exist (e.g. optional kernel components), - # name and value can be separated by `?=`. The same effect can be achieved - # in cdist by appending a `?` to the key: - - __sysctl ddb.onpanic? --value -1 - AUTHORS ------- diff --git a/cdist/conf/type/__systemd_service/explorer/state b/cdist/conf/type/__systemd_service/explorer/state deleted file mode 100755 index f5f751d4..00000000 --- a/cdist/conf/type/__systemd_service/explorer/state +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh -e -# explorer/state -# -# 2020 Matthias Stecher -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -# Check if the service is running or stopped. -# -# The explorer must check before if the service exist, because 'systemctl is-active' -# will return "inactive" even if there is no service there: -# systemctl cat foo # does not exist -# systemctl is-active foo # is "inactive" - - -# get name of the service -if [ -f "$__object/parameter/name" ]; then - name="$(cat "$__object/parameter/name")" -else - name="$__object_id" -fi - - -# check if the service exist, else exit without output (also if systemd doesn't exist) -# do not exit here with an error code, will be done in the gencode-remote script -systemctl cat "$name" > /dev/null 2>&1 || exit 0 - -# print if the service is running or not -systemctl is-active -q "$name" && printf "running" || printf "stopped" diff --git a/cdist/conf/type/__systemd_service/gencode-remote b/cdist/conf/type/__systemd_service/gencode-remote deleted file mode 100755 index c867ff22..00000000 --- a/cdist/conf/type/__systemd_service/gencode-remote +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/sh -e -# gencode-remote -# -# 2020 Matthias Stecher -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -# Checks the given state of the service and set it to the given -# state. Optionally, it executes the action if service running. - - -# get name of the service -name="$__object/parameter/name" -if [ -f "$name" ]; then - name="$(cat "$name")" -else - name="$__object_id" -fi - - -# read current status and parameters -state="$(cat "$__object/explorer/state")" -should="$(cat "$__object/parameter/state")" - -# if systemd/service does not exist -if [ -z "$state" ]; then - printf "systemd or service '%s' does not exist!\n" "$name" >&2 - exit 1 -fi - - -# save the action required -required_action="" - -# check the state of the service that should be -if [ "$state" != "$should" ]; then - # select what to do to get the $should state - case "$should" in - running) - if [ "$state" = "stopped" ]; then required_action="start"; fi - ;; - - stopped) - if [ "$state" = "running" ]; then required_action="stop"; fi - ;; - esac -fi - -# check if the action can be achieved if given -if [ -f "$__object/parameter/action" ] \ - && [ -z "$required_action" ] && [ "$state" = "running" ]; then - - # there must be an action - action="$(cat "$__object/parameter/action")" - - # select the action to the required element - case "$action" in - restart) - required_action="restart" - ;; - - reload) - required_action="reload" - ;; - - *) - printf "action '%s' does not exist!" "$action" >&2 - exit 2 - esac - - # Make a special check: only do this action if a dependency did something - # it is required that the dependencies write there action to $__messages_in - if [ -f "$__object/parameter/if-required" ]; then - # exit here if there are no changes from the dependencies affected (nothing to do) - if ! grep -q -f "$__object/require" "$__messages_in"; then exit 0; fi - fi -fi - -# print the execution command if a action given -if [ -n "$required_action" ]; then - # also print it as message - echo "$required_action" >> "$__messages_out" - echo "systemctl $required_action '$name'" -fi diff --git a/cdist/conf/type/__systemd_service/man.rst b/cdist/conf/type/__systemd_service/man.rst deleted file mode 100644 index cd14c985..00000000 --- a/cdist/conf/type/__systemd_service/man.rst +++ /dev/null @@ -1,117 +0,0 @@ -cdist-type__systemd_service(7) -============================== - -NAME ----- -cdist-type__systemd_service - Controls a systemd service state - - -DESCRIPTION ------------ -This type controls systemd services to define a state of the service, -or an action like reloading or restarting. It is useful to reload a -service after configuration applied or shutdown one service. - -The activation or deactivation is out of scope. Look for the -:strong:`cdist-type__systemd_util`\ (7) type instead. - - -REQUIRED PARAMETERS -------------------- -None. - - -OPTIONAL PARAMETERS -------------------- - -name - String which will used as name instead of the object id. - -state - The state which the service should be in: - - running - Service should run (default) - - stopped - Service should be stopped - -action - Executes an action on on the service. It will only execute it if the - service keeps the state ``running``. There are following actions, where: - - reload - Reloads the service - - restart - Restarts the service - -BOOLEAN PARAMETERS ------------------- - -if-required - Only execute the action if at minimum one required type outputs a message - to ``$__messages_out``. Through this, the action should only executed if a - dependency did something. The action will not executed if no dependencies - given. - - -MESSAGES --------- - -start - Started the service - -stop - Stopped the service - -restart - Restarted the service - -reload - Reloaded the service - - -ABORTS ------- -Aborts in following cases: - -systemd or the service does not exist - - -EXAMPLES --------- -.. code-block:: sh - - # service must run - __systemd_service nginx - - # service must stopped - __systemd_service sshd \ - --state stopped - - # restart the service - __systemd_service apache2 \ - --action restart - - # makes sure the service exist with an alternative name - __systemd_service foo \ - --name sshd - - # reload the service for a modified configuration file - # only reloads the service if the file really changed - require="__file/etc/foo.conf" __systemd_service foo \ - --action reload --if-required - - -AUTHORS -------- -Matthias Stecher - - -COPYRIGHT ---------- -Copyright \(C) 2020 Matthias Stecher. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/cdist/conf/type/__systemd_service/parameter/boolean b/cdist/conf/type/__systemd_service/parameter/boolean deleted file mode 100644 index a4bccb66..00000000 --- a/cdist/conf/type/__systemd_service/parameter/boolean +++ /dev/null @@ -1 +0,0 @@ -if-required diff --git a/cdist/conf/type/__systemd_service/parameter/default/state b/cdist/conf/type/__systemd_service/parameter/default/state deleted file mode 100644 index a2ae71b3..00000000 --- a/cdist/conf/type/__systemd_service/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -running diff --git a/cdist/conf/type/__systemd_service/parameter/optional b/cdist/conf/type/__systemd_service/parameter/optional deleted file mode 100644 index fc78265f..00000000 --- a/cdist/conf/type/__systemd_service/parameter/optional +++ /dev/null @@ -1,3 +0,0 @@ -name -state -action diff --git a/cdist/conf/type/__timezone/gencode-remote b/cdist/conf/type/__timezone/gencode-remote index b685c990..5299f548 100755 --- a/cdist/conf/type/__timezone/gencode-remote +++ b/cdist/conf/type/__timezone/gencode-remote @@ -22,7 +22,7 @@ # This type allows to configure the desired localtime timezone. timezone_is=$(cat "$__object/explorer/timezone_is") -timezone_should=$(cat "$__object/parameter/tz") +timezone_should="$__object_id" os=$(cat "$__global/explorer/os") if [ "$timezone_is" = "$timezone_should" ]; then diff --git a/cdist/conf/type/__timezone/man.rst b/cdist/conf/type/__timezone/man.rst index 6012c552..8a945c16 100644 --- a/cdist/conf/type/__timezone/man.rst +++ b/cdist/conf/type/__timezone/man.rst @@ -14,8 +14,7 @@ This type creates a symlink (/etc/localtime) to the selected timezone REQUIRED PARAMETERS ------------------- -tz - The name of timezone to set. +None. OPTIONAL PARAMETERS @@ -28,24 +27,19 @@ EXAMPLES .. code-block:: sh - # Set up Europe/Andorra as our timezone. - __timezone --tz Europe/Andorra + #Set up Europe/Andorra as our timezone. + __timezone Europe/Andorra - # Set up US/Central as our timezone. - __timezone --tz US/Central + #Set up US/Central as our timezone. + __timezone US/Central AUTHORS ------- -| Steven Armstrong -| Nico Schottelius -| Ramon Salvadó -| Dennis Camera +Ramon Salvadó COPYING ------- -Copyright \(C) 2012-2020 the `AUTHORS`_. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. +Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__timezone/manifest b/cdist/conf/type/__timezone/manifest index 0eb7fb9c..3d28ccba 100755 --- a/cdist/conf/type/__timezone/manifest +++ b/cdist/conf/type/__timezone/manifest @@ -22,7 +22,7 @@ # # This type allows to configure the desired localtime timezone. -timezone=$(cat "$__object/parameter/tz") +timezone="$__object_id" os=$(cat "$__global/explorer/os") case "$os" in diff --git a/cdist/conf/type/__timezone/parameter/required b/cdist/conf/type/__timezone/parameter/required deleted file mode 100644 index 975445e4..00000000 --- a/cdist/conf/type/__timezone/parameter/required +++ /dev/null @@ -1 +0,0 @@ -tz diff --git a/cdist/conf/type/__timezone/singleton b/cdist/conf/type/__timezone/singleton deleted file mode 100644 index e69de29b..00000000 diff --git a/cdist/conf/type/__uci/explorer/state b/cdist/conf/type/__uci/explorer/state deleted file mode 100644 index d7363dbf..00000000 --- a/cdist/conf/type/__uci/explorer/state +++ /dev/null @@ -1,110 +0,0 @@ -#!/bin/sh -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# This explorer retrieves the current state of the configuration option -# The output of this explorer is one of these values: -# present -# The configuration option is present and has the value of the -# parameter --value. -# absent -# The configuration option is not defined. -# different -# The configuration option is present but has a different value than the -# parameter --value. -# rearranged -# The configuration option is present (a list) and has the same values as -# the parameter --value, but in a different order. - -RS=$(printf '\036') - -option=${__object_id:?} - -values_is=$(uci -s -N -d "${RS}" get "${option}" 2>/dev/null) || { - echo absent - exit 0 -} - -if test -f "${__object:?}/parameter/value" -then - should_file="${__object:?}/parameter/value" -else - should_file='/dev/null' -fi - - -# strip off trailing newline -printf '%s' "${values_is}" \ -| awk ' -function unquote(s) { - # simplified dequoting of single quoted strings - if (s ~ /^'\''.*'\''$/) { - s = substr(s, 2, length(s) - 2) - sub(/'"'\\\\''"'/, "'\''", s) - } - return s -} - -BEGIN { - state = "present" # assume all is fine -} -NR == FNR { - # memoize "should" state - should[FNR] = $0 - should_count++ - - # go to next line (important!) - next -} - -# compare "is" state - -{ $0 = unquote($0) } - -$0 == should[FNR] { next } - -FNR > should_count { - # there are more "is" records than "should" -> definitely different - state = "different" - exit -} - -{ - # see if we can find the value somewhere in should - for (i in should) { - if ($0 == should[i]) { - # ... value found -> rearranged - # FIXME: Duplicate values are not properly handled here. Do they matter? - state = "rearranged" - next - } - } - - state = "different" - exit -} - -END { - if (FNR < should_count) { - # "is" was shorter than "should" -> different - state = "different" - } - - print state -} -' "${should_file}" RS="${RS}" - diff --git a/cdist/conf/type/__uci/files/functions.sh b/cdist/conf/type/__uci/files/functions.sh deleted file mode 100644 index 277f648c..00000000 --- a/cdist/conf/type/__uci/files/functions.sh +++ /dev/null @@ -1,73 +0,0 @@ -# -*- mode: sh; indent-tabs-mode: t -*- - -in_list() { - printf '%s\n' "$@" | { grep -qxF "$(read -r ndl; echo "${ndl}")"; } -} - -quote() { - for _arg - do - shift - if test -n "$(printf %s "${_arg}" | tr -d -c '\t\n \042-\047\050-\052\073-\077\133\\`|~' | tr -c '' '.')" - then - # needs quoting - set -- "$@" "$(printf "'%s'" "$(printf %s "${_arg}" | sed -e "s/'/'\\\\''/g")")" - else - set -- "$@" "${_arg}" - fi - done - unset _arg - - # NOTE: Use printf because POSIX echo interprets escape sequences - printf '%s' "$*" -} - -uci_cmd() { - # Usage: uci_cmd [UCI ARGUMENTS]... - mkdir -p "${__object:?}/files" - printf '%s\n' "$(quote "$@")" >>"${__object:?}/files/uci_batch.txt" -} - -uci_validate_name() { - # like util.c uci_validate_name() - test -n "$*" && test -z "$(echo "$*" | tr -d '[:alnum:]_')" -} - -uci_validate_tuple() ( - tok=${1:?} - case $tok - in - (*.*.*) - # check option - option=${tok##*.} - uci_validate_name "${option}" || { - printf 'Invalid option: %s\n' "${option}" >&2 - return 1 - } - tok=${tok%.*} - ;; - (*.*) - # no option (section definition) - ;; - (*) - printf 'Invalid tuple: %s\n' "$1" >&2 - return 1 - ;; - esac - - case ${tok#*.} - in - (@*) section=$(expr "${tok#*.}" : '@\(.*\)\[-*[0-9]*\]$') ;; - (*) section=${tok#*.} ;; - esac - uci_validate_name "${section}" || { - printf 'Invalid section: %s\n' "${1#*.}" >&2 - return 1 - } - - config=${tok%%.*} - uci_validate_name "${config}" || { - printf 'Invalid config: %s\n' "${config}" >&2 - return 1 - } -) diff --git a/cdist/conf/type/__uci/files/uci_apply.sh b/cdist/conf/type/__uci/files/uci_apply.sh deleted file mode 100644 index 63f94290..00000000 --- a/cdist/conf/type/__uci/files/uci_apply.sh +++ /dev/null @@ -1,43 +0,0 @@ -changes=$(uci changes) - -if test -n "${changes}" -then - echo 'Uncommited UCI changes were found on the target:' - printf '%s\n\n' "${changes}" - echo 'This can be caused by manual changes or due to a previous failed run.' - echo 'Please investigate the situation, revert or commit the changes, and try again.' - exit 1 -fi >&2 - -check_errors() { - # reads stdin and forwards non-empty lines to stderr. - # returns 0 if stdin is empty, else 1. - ! grep -e . >&2 -} - -commit() { - uci commit -} - -rollback() { - printf '\nAn error occurred when trying to commit UCI transaction!\n' >&2 - - uci changes \ - | sed -e 's/^-//' -e 's/\..*\$//' \ - | sort -u \ - | while read -r _package - do - uci revert "${_package}" - echo "${_package}" # for logging - done \ - | awk ' - BEGIN { printf "Reverted changes in: " } - { printf "%s%s", (FNR > 1 ? ", " : ""), $0 } - END { printf "\n" }' >&2 - - return 1 -} - -uci_apply() { - uci batch 2>&1 | check_errors && commit || rollback -} diff --git a/cdist/conf/type/__uci/gencode-remote b/cdist/conf/type/__uci/gencode-remote deleted file mode 100755 index 70a3d3e0..00000000 --- a/cdist/conf/type/__uci/gencode-remote +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -# shellcheck source=cdist/conf/type/__uci/files/functions.sh -. "${__type:?}/files/functions.sh" - -state_is=$(cat "${__object:?}/explorer/state") -state_should=$(cat "${__object:?}/parameter/state") - -config=${__object_id:?} -uci_validate_tuple "${config}" - - -case ${state_should} -in - (present) - if in_list "${state_is}" 'present' 'rearranged' - then - # NOTE: order is ignored so rearranged is also fine. - exit 0 - fi - - # Determine type - type=$(cat "${__object:?}/parameter/type" 2>/dev/null || true) - case ${type} - in - (option|list) ;; - ('') - # Guess type by the number of values - test "$(wc -l "${__object:?}/parameter/value")" -gt 1 \ - && type=list \ - || type=option - ;; - (*) - printf 'Invalid --type: %s\n' "${type}" >&2 - exit 1 - ;; - esac - - case ${type} - in - (list) - printf 'set_list %s\n' "${config}" >>"${__messages_out:?}" - - if test "${state_is}" != 'absent' - then - uci_cmd delete "${config}" - fi - - while read -r value - do - uci_cmd add_list "${config}"="${value}" - done <"${__object:?}/parameter/value" - ;; - (option) - printf 'set %s\n' "${config}" >>"${__messages_out:?}" - - value=$(cat "${__object:?}/parameter/value") - uci_cmd set "${config}"="${value}" - ;; - esac - ;; - (absent) - if in_list "${state_is}" 'absent' - then - exit 0 - fi - - printf 'delete %s\n' "${config}" >>"${__messages_out:?}" - uci_cmd delete "${config}" - ;; - (*) - printf 'Invalid --state: %s\n' "${state_should}" >&2 - exit 1 - ;; -esac - -if test -s "${__object:?}/files/uci_batch.txt" -then - cat "${__type:?}/files/uci_apply.sh" - printf "uci_apply <<'EOF'\n" - cat "${__object:?}/files/uci_batch.txt" - printf '\nEOF\n' -fi diff --git a/cdist/conf/type/__uci/man.rst b/cdist/conf/type/__uci/man.rst deleted file mode 100644 index 81a53473..00000000 --- a/cdist/conf/type/__uci/man.rst +++ /dev/null @@ -1,78 +0,0 @@ -cdist-type__uci(7) -================== - -NAME ----- -cdist-type__uci - Manage configuration values in UCI - - -DESCRIPTION ------------ -This cdist type can be used to alter configuration options in OpenWrt's -Unified Configuration Interface (UCI) system. - - -REQUIRED PARAMETERS -------------------- -value - The value to be set. Can be used multiple times. - This parameter is ignored if ``--state`` is ``absent``. - - Due to the way cdist handles arguments, values **must not** contain newline - characters. - - Values do not need special quoting for UCI. The only requirement is that the - value is passed to the type as a single shell argument. - -OPTIONAL PARAMETERS -------------------- -state - ``present`` or ``absent``, defaults to ``present``. -type - If the type should generate an option or a list. - One of: ``option`` or ``list``. - Defaults to auto-detect based on the number of ``--value`` parameters. - - -BOOLEAN PARAMETERS ------------------- -None. - - -EXAMPLES --------- - -.. code-block:: sh - - # Set the system hostname - __uci system.@system[0].hostname --value 'OpenWrt' - - # Set DHCP option 252: tell DHCP clients to not ask for proxy information. - __uci dhcp.lan.dhcp_option --type list --value '252,"\n"' - - # Enable NTP and NTPd (each is applied individually) - __uci system.ntp.enabled --value 1 - __uci system.ntp.enable_server --value 1 - __uci system.ntp.server --type list \ - --value '0.openwrt.pool.ntp.org' \ - --value '1.openwrt.pool.ntp.org' \ - --value '2.openwrt.pool.ntp.org' \ - --value '3.openwrt.pool.ntp.org' - - -SEE ALSO --------- -- https://openwrt.org/docs/guide-user/base-system/uci - - -AUTHORS -------- -Dennis Camera - - -COPYING -------- -Copyright \(C) 2020 Dennis Camera. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/cdist/conf/type/__uci/manifest b/cdist/conf/type/__uci/manifest deleted file mode 100755 index 26920011..00000000 --- a/cdist/conf/type/__uci/manifest +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -os=$(cat "${__global:?}/explorer/os") - -state_should=$(cat "${__object:?}/parameter/state") - -case ${os} -in - (openwrt) - # okay - ;; - (*) - printf "Your operating system (%s) is currently not supported by this type (%s)\n" "${os}" "${__type##*/}" >&2 - printf "Please contribute an implementation for it if you can.\n" >&2 - exit 1 - ;; -esac - -case ${state_should} -in - (present) - test -s "${__object:?}/parameter/value" || { - echo 'The parameter --value is required.' >&2 - exit 1 - } - ;; - (absent) - ;; - (*) - printf 'Invalid --state: %s\n' "${state_should}" >&2 - exit 1 - ;; -esac diff --git a/cdist/conf/type/__uci/nonparallel b/cdist/conf/type/__uci/nonparallel deleted file mode 100644 index e69de29b..00000000 diff --git a/cdist/conf/type/__uci/parameter/default/state b/cdist/conf/type/__uci/parameter/default/state deleted file mode 100644 index e7f6134f..00000000 --- a/cdist/conf/type/__uci/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -present diff --git a/cdist/conf/type/__uci/parameter/optional b/cdist/conf/type/__uci/parameter/optional deleted file mode 100644 index d9080e3a..00000000 --- a/cdist/conf/type/__uci/parameter/optional +++ /dev/null @@ -1,2 +0,0 @@ -state -type diff --git a/cdist/conf/type/__uci/parameter/optional_multiple b/cdist/conf/type/__uci/parameter/optional_multiple deleted file mode 100644 index 6d4e1507..00000000 --- a/cdist/conf/type/__uci/parameter/optional_multiple +++ /dev/null @@ -1 +0,0 @@ -value diff --git a/cdist/conf/type/__uci_section/explorer/match b/cdist/conf/type/__uci_section/explorer/match deleted file mode 100644 index 0768e404..00000000 --- a/cdist/conf/type/__uci_section/explorer/match +++ /dev/null @@ -1,103 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# This explorer determines the "prefix" of the --type section matching --match -# if set, or __object_id otherwise. - -RS=$(printf '\036') -NL=$(printf '\n '); NL=${NL% } - -squote_values() { - sed -e '/=".*"$/{s/="/='\''/;s/"$/'\''/}' \ - -e "/='.*'$/"'!{s/=/='\''/;s/$/'\''/}' -} -count_lines() ( - IFS=${NL?} - # shellcheck disable=SC2048,SC2086 - set -f -- $*; echo $# -) - -echo "${__object_id:?}" | grep -q -e '^[^.]\{1,\}\.[^.]\{1,\}$' || { - echo 'Section identifiers are a package and section name separated by a "." (period).' >&2 - exit 1 -} - -test -s "${__object:?}/parameter/match" || { - # If no --match is given, we take the __object_id as the section identifier. - echo "${__object_id:?}" - exit 0 -} -test -s "${__object:?}/parameter/type" || { - echo 'Parameters --match and --type must be used together.' >&2 - exit 1 -} - -sect_type_param=$(cat "${__object:?}/parameter/type") -expr "${sect_type_param}" : '[^.]\{1,\}\.[^.]\{1,\}$' >/dev/null 2>&1 || { - echo 'Section types are a package name and section type separated by a "." (period).' >&2 - exit 1 -} -package_filter=${sect_type_param%%.*} -section_filter=${sect_type_param#*.} - -# Find by --match -# NOTE: Apart from section types all values are printed in single quotes by uci show. -match=$(head -n 1 "${__object:?}/parameter/match" | squote_values) - -if uci -s -N get "${__object_id:?}" >/dev/null 2>&1 -then - # Named section exists: ensure if --match applies to it - # if the "matched" option does not exist (e.g. empty section) we use the - # section unconditionally. - if match_value_is=$(uci -s -N get "${__object_id:?}.${match%%=*}" 2>/dev/null) - then - match_value_should=$(expr "${match}" : ".*='\\(.*\\)'$") - - test "${match_value_is}" = "${match_value_should}" || { - printf 'Named section "%s" does not match --match "%s"\n' \ - "${__object_id:?}" "${match}" >&2 - exit 1 - } - fi - - echo "${__object_id:?}" - exit 0 -fi - -# No correctly named section exists already: find one to which --match applies -regex="^${package_filter}\\.@${section_filter}\\[[0-9]\\{1,\\}\\]\\.${match%%=*}=" - -matched_sections=$( - uci -s -N -d "${RS}" show "${package_filter}" 2>/dev/null \ - | grep -e "${regex}" \ - | while read -r _line - do - if test "${_line#*=}" = "${match#*=}" - then - echo "${_line}" - fi - done \ - | sed -e 's/\.[^.]*=.*$//') - -test "$(count_lines "${matched_sections}")" -le 1 || { - printf 'Found multiple matching sections:\n%s\n' "${matched_sections}" >&2 - exit 1 -} - -echo "${matched_sections}" diff --git a/cdist/conf/type/__uci_section/explorer/options b/cdist/conf/type/__uci_section/explorer/options deleted file mode 100644 index e1e60668..00000000 --- a/cdist/conf/type/__uci_section/explorer/options +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# This explorer retrieves the current options of the configuration section. - -RS=$(printf '\036') - -section=$("${__type_explorer:?}/match") -test -n "${section}" || exit 0 - -uci -s -N -d "${RS}" show "${section}" 2>/dev/null \ -| awk -v VSEP="${RS}" ' - { - # Strip off the config and section parts - is_opt = sub(/^([^.]*\.){2}/, "") - - if (!is_opt) { - # this line represents the section -> skip - next - } - - if (index($0, VSEP)) { - # Put values each on a line, like --option and --list parameters - opt = substr($0, 1, index($0, "=") - 1) - split(substr($0, length(opt) + 2), values, VSEP) - for (i in values) { - printf "%s=%s\n", opt, values[i] - } - } else { - print - } - }' diff --git a/cdist/conf/type/__uci_section/explorer/type b/cdist/conf/type/__uci_section/explorer/type deleted file mode 100644 index 1675c2e0..00000000 --- a/cdist/conf/type/__uci_section/explorer/type +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# This explorer retrieves the current section type. - -section=$("${__type_explorer:?}/match") -test -n "${section}" || exit 0 - -uci -s -N get "${section}" 2>/dev/null || true diff --git a/cdist/conf/type/__uci_section/files/functions.sh b/cdist/conf/type/__uci_section/files/functions.sh deleted file mode 100644 index 60cb9148..00000000 --- a/cdist/conf/type/__uci_section/files/functions.sh +++ /dev/null @@ -1,59 +0,0 @@ -# -*- mode: sh; indent-tabs-mode: t -*- - -NL=$(printf '\n '); NL=${NL% } - -grep_line() { - { shift; printf '%s\n' "$@"; } | grep -qxF "$1" -} - -print_errors() { - awk -v prefix="${1:-Found errors:}" -v suffix="${2-}" ' - BEGIN { - if (getline) { - print prefix - print - rc = 1 - } - } - { print } - END { - if (rc && suffix) print suffix - exit rc - }' >&2 -} - -quote() { - for _arg - do - shift - if test -n "$(printf %s "${_arg}" | tr -d -c '\t\n \042-\047\050-\052\073-\077\133\\`|~' | tr -c '' '.')" - then - # needs quoting - set -- "$@" "$(printf "'%s'" "$(printf %s "${_arg}" | sed -e "s/'/'\\\\''/g")")" - else - set -- "$@" "${_arg}" - fi - done - unset _arg - printf '%s' "$*" -} - -uci_cmd() { - # Usage: uci_cmd [UCI ARGUMENTS]... - mkdir -p "${__object:?}/files" - printf '%s\n' "$(quote "$@")" >>"${__object:?}/files/uci_batch.txt" -} - -uci_validate_name() { - # like util.c uci_validate_name() - test -n "$*" && test -z "$(printf %s "$*" | tr -d '[:alnum:]_' | tr -c '' .)" -} - -unquote_lines() { - sed -e '/^".*"$/{s/^"//;s/"$//}' \ - -e '/'"^'.*'"'$/{s/'"^'"'//;s/'"'$"'//}' -} - -validate_options() { - grep -shv -e '^[[:alnum:]_]\{1,\}=' "$@" -} diff --git a/cdist/conf/type/__uci_section/files/option_state.awk b/cdist/conf/type/__uci_section/files/option_state.awk deleted file mode 100644 index 97cd94fb..00000000 --- a/cdist/conf/type/__uci_section/files/option_state.awk +++ /dev/null @@ -1,91 +0,0 @@ -# -*- mode: awk; indent-tabs-mode:t -*- -# Usage: awk -f option_state.awk option_type option_name -# e.g. awk -f option_state.awk option title -# awk -f option_state.awk list entry - -function unquote(s) { - # simplified dequoting of single quoted strings - if (s ~ /^'.*'$/) { - s = substr(s, 2, length(s) - 2) - sub(/'\\''/, "'", s) - } - return s -} - -function valueof(line) { - if (line !~ /^[[:alpha:]_]+=/) return 0 - return unquote(substr(line, index(line, "=") + 1)) -} - -BEGIN { - __object = ENVIRON["__object"] - if (!__object) exit 1 - - opttype = ARGV[1] - optname = ARGV[2] - - if (opttype !~ /^(option|list)/ || !optname) { - print "invalid" - exit (e=1) - } - - ARGV[1] = __object "/parameter/" opttype - ARGV[2] = __object "/explorer/options" - - state = "present" -} - -NR == FNR { - # memoize "should" state - if (index($0, optname "=") == 1) { - should[++should_count] = valueof($0) - } - - # go to next line (important!) - next -} - -{ - # compare "is" state - if (index($0, optname "=") != 1) - next - ++is_count - - v = valueof($0) - - if (v == should[is_count]) { - # looks good, but can't say definitely just from this line - } else if (is_count > should_count) { - # there are more "is" records than "should" -> definitely different - state = "different" - exit - } else { - # see if we can find the "is" value somewhere in "should" - for (i in should) { - if (v == should[i]) { - # value found -> could be rearranged - # FIXME: Duplicate values are not properly handled here. Do they matter? - state = "rearranged" - next - } - } - - # "is" value could not be found in "should" -> definitely different - state = "different" - exit - } -} - -END { - if (e) exit - - if (!is_count) { - # no "is" values -> absent - state = "absent" - } else if (is_count < should_count) { - # "is" was shorter than "should" -> different - state = "different" - } - - print state -} diff --git a/cdist/conf/type/__uci_section/files/uci_apply.sh b/cdist/conf/type/__uci_section/files/uci_apply.sh deleted file mode 120000 index 4209151f..00000000 --- a/cdist/conf/type/__uci_section/files/uci_apply.sh +++ /dev/null @@ -1 +0,0 @@ -../../__uci/files/uci_apply.sh \ No newline at end of file diff --git a/cdist/conf/type/__uci_section/gencode-remote b/cdist/conf/type/__uci_section/gencode-remote deleted file mode 100755 index 50fdfa4e..00000000 --- a/cdist/conf/type/__uci_section/gencode-remote +++ /dev/null @@ -1,174 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -# shellcheck source=cdist/conf/type/__uci_section/files/functions.sh -. "${__type:?}/files/functions.sh" - - -section=$(cat "${__object:?}/explorer/match") - -state_is=$(test -s "${__object:?}/explorer/type" && echo present || echo absent) -state_should=$(cat "${__object:?}/parameter/state") - -case $state_should -in - (present) - test -f "${__object:?}/parameter/type" || { - echo 'Parameter --type is required.' >&2 - exit 1 - } - - type_is=$(cat "${__object:?}/explorer/type") - type_should=$(cat "${__object:?}/parameter/type") - - if test -n "${type_is}" - then - sect_type=${type_is} - else - sect_type=${type_should##*.} - fi - - if test -z "${section}" - then - # No section exists and --match was used. - # So we generate a new section identifier from $__object_id. - case ${__object_id:?} - in - (*.*) section=${__object_id:?} ;; - (*) section="${type_should%%.*}.${__object_id:?}" ;; - esac - fi - - # Collect option names - if test -f "${__object:?}/parameter/list" - then - listnames_should=$( - sed -e 's/=.*$//' "${__object:?}/parameter/list" | sort -u) - fi - - if test -f "${__object:?}/parameter/option" - then - optnames_should=$( - sed -e 's/=.*$//' "${__object:?}/parameter/option" | sort -u) - fi - - # Make sure the section itself is present - if test "${state_is}" = absent \ - || test "${type_is}" != "${type_should#*.}" - then - printf 'set %s\n' "${section}" >>"${__messages_out:?}" - # shellcheck disable=SC2140 - uci_cmd set "${section}"="${sect_type}" - fi - - # Delete options/lists not in "should" - sed -e 's/=.*$//' "${__object:?}/explorer/options" \ - | while read -r _optname - do - grep_line "${_optname}" "${listnames_should}" "${optnames_should}" || { - printf 'delete %s\n' "${section}.${_optname}" >>"${__messages_out:?}" - uci_cmd delete "${section}.${_optname}" - } &2 - exit 1 - } - - # Set "should" options - echo "${optnames_should}" \ - | grep -e . \ - | while read -r _optname - do - _opt_state=$(awk -f "${__type:?}/files/option_state.awk" option "${_optname}") \ - || opt_proc_error "${_optname}" - case ${_opt_state} - in - (invalid) - opt_proc_error "${_optname}" - ;; - (present) - ;; - (*) - printf 'set %s\n' "${section}.${_optname}" >>"${__messages_out:?}" - - # shellcheck disable=SC2140 - uci_cmd set "${section}.${_optname}"="$( - grep -e "^${_optname}=" "${__object:?}/parameter/option" \ - | sed -e 's/^.*=//' \ - | unquote_lines \ - | head -n 1)" - ;; - esac - done - - echo "${listnames_should}" \ - | grep -e . \ - | while read -r _optname - do - _list_state=$(awk -f "${__type:?}/files/option_state.awk" list "${_optname}") \ - || opt_proc_error "${_optname}" - case ${_list_state} - in - (invalid) - opt_proc_error "${_optname}" - ;; - (present) - ;; - (*) - printf 'set_list %s\n' "${section}.${_optname}" >>"${__messages_out:?}" - - if test "${_list_state}" != absent - then - uci_cmd delete "${section}.${_optname}" - fi - - grep "^${_optname}=" "${__object:?}/parameter/list" \ - | sed -e 's/^.*=//' \ - | unquote_lines \ - | while read -r _value - do - # shellcheck disable=SC2140 - uci_cmd add_list "${section}.${_optname}"="${_value}" - done - ;; - esac - done - ;; - (absent) - if test "${state_is}" = absent - then - # if explorer found no section there is nothing to delete - exit 0 - fi - - printf 'delete %s\n' "${section}" >>"${__messages_out:?}" - uci_cmd delete "${section}" - ;; -esac - -if test -s "${__object:?}/files/uci_batch.txt" -then - cat "${__type:?}/files/uci_apply.sh" - printf "uci_apply <<'EOF'\n" - cat "${__object:?}/files/uci_batch.txt" - printf '\nEOF\n' -fi diff --git a/cdist/conf/type/__uci_section/man.rst b/cdist/conf/type/__uci_section/man.rst deleted file mode 100644 index a0ab78e8..00000000 --- a/cdist/conf/type/__uci_section/man.rst +++ /dev/null @@ -1,119 +0,0 @@ -cdist-type__uci_section(7) -========================== - -NAME ----- -cdist-type__uci_section - Manage configuration sections in UCI - - -DESCRIPTION ------------ -This cdist type can be used to replace whole configuration sections in OpenWrt's -Unified Configuration Interface (UCI) system. -It can be thought of as syntactic sugar for :strong:`cdist-type__uci`\ (7), -as this type will generate the required `__uci` objects to make the section -contain exactly the options specified using ``--option``. - -Since many default UCI sections are unnamed, this type allows to find the -matching section by one of its options using the ``--match`` parameter. - -**NOTE:** Options already present on the target and not listed in ``--option`` -or ``--list`` will be deleted. - - -REQUIRED PARAMETERS -------------------- -None. - - -OPTIONAL PARAMETERS -------------------- -list - An option that is part of a list and should be present in the section (as - part of a list). Lists with multiple options can be expressed by using the - same ``