Compare commits

..

No commits in common. "master" and "bugfix/multiple-log-lines" have entirely different histories.

246 changed files with 1038 additions and 6578 deletions

2
.gitattributes vendored
View file

@ -4,5 +4,5 @@
docs/speeches export-ignore
docs/video export-ignore
docs/src/man7 export-ignore
bin/cdist-build-helper export-ignore
bin/build-helper export-ignore
README-maintainers export-ignore

View file

@ -1,23 +1,20 @@
---
image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest
stages:
- test
before_script:
- ./bin/cdist-build-helper version
shellcheck:
stage: test
script:
- ./bin/cdist-build-helper shellcheck
pycodestyle:
stage: test
script:
- ./bin/cdist-build-helper pycodestyle
image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest
unit_tests:
stage: test
script:
- ./bin/cdist-build-helper test
- ./bin/build-helper version
- ./bin/build-helper test
pycodestyle:
stage: test
script:
- ./bin/build-helper pycodestyle
shellcheck:
stage: test
script:
- ./bin/build-helper shellcheck

View file

@ -81,7 +81,7 @@ version:
}
# Manpages #3: generic part
man: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF)
man: version $(MANTYPES) $(DOCSREF)
$(SPHINXM)
html: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF)
@ -104,7 +104,7 @@ DOTMANTYPES=$(subst /man.rst,.rst,$(DOTMANTYPEPREFIX))
$(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst
ln -sf "$^" $@
dotman: version configskel $(DOTMANTYPES) $(DOCSREF) $(DOCSTYPESREF)
dotman: version $(DOTMANTYPES)
$(SPHINXM)
################################################################################

View file

@ -1,4 +1,4 @@
Maintainers should use ./bin/cdist-build-helper script.
Maintainers should use ./bin/build-helper script.
Makefile is intended for end users. It can be used for non-maintaining
targets that can be run from pure source (without git repository).

View file

@ -45,7 +45,7 @@ usage() {
shellcheck-manifests
shellcheck-local-gencodes
shellcheck-remote-gencodes
shellcheck-bin
shellcheck-scripts
shellcheck-gencodes
shellcheck-types
shellcheck
@ -371,6 +371,7 @@ eof
Manual steps post release:
- cdist-web
- send generated mailinglist.tmp mail
- twitter
eof
;;
@ -405,7 +406,7 @@ eof
;;
pycodestyle|pep8)
pycodestyle "${basedir}" "${basedir}/bin/cdist"
pycodestyle "${basedir}" "${basedir}/scripts/cdist"
;;
check-pycodestyle)
@ -460,34 +461,27 @@ eof
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
;;
# NOTE: shellcheck-scripts is kept for compatibility
shellcheck-bin|shellcheck-scripts)
shellcheck-scripts)
# shellcheck disable=SC2086
${SHELLCHECKCMD} bin/cdist-dump bin/cdist-new-type > "${SHELLCHECKTMP}"
${SHELLCHECKCMD} scripts/cdist-dump scripts/cdist-new-type > "${SHELLCHECKTMP}"
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
;;
shellcheck-gencodes)
errors=false
"$0" shellcheck-local-gencodes || errors=true
"$0" shellcheck-remote-gencodes || errors=true
! $errors || exit 1
"$0" shellcheck-local-gencodes || exit 1
"$0" shellcheck-remote-gencodes || exit 1
;;
shellcheck-types)
errors=false
"$0" shellcheck-type-explorers || errors=true
"$0" shellcheck-manifests || errors=true
"$0" shellcheck-gencodes || errors=true
! $errors || exit 1
"$0" shellcheck-type-explorers || exit 1
"$0" shellcheck-manifests || exit 1
"$0" shellcheck-gencodes || exit 1
;;
shellcheck)
errors=false
"$0" shellcheck-global-explorers || errors=true
"$0" shellcheck-types || errors=true
"$0" shellcheck-bin || errors=true
! $errors || exit 1
"$0" shellcheck-global-explorers || exit 1
"$0" shellcheck-types || exit 1
"$0" shellcheck-scripts || exit 1
;;
shellcheck-type-files)
@ -497,14 +491,12 @@ eof
;;
shellcheck-with-files)
errors=false
"$0" shellcheck || errors=true
"$0" shellcheck-type-files || errors=true
! $errors || exit 1
"$0" shellcheck || exit 1
"$0" shellcheck-type-files || exit 1
;;
shellcheck-build-helper)
${SHELLCHECKCMD} ./bin/cdist-build-helper
${SHELLCHECKCMD} ./bin/build-helper
;;
check-shellcheck)

View file

@ -1,8 +1,7 @@
#!/usr/bin/env python3
#!/bin/sh
# -*- coding: utf-8 -*-
#
# 2010-2016 Nico Schottelius (nico-cdist at schottelius.org)
# 2016 Darko Poljak (darko.poljak at gmail.com)
# 2012 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
@ -21,81 +20,14 @@
#
#
import logging
import os
import sys
# Wrapper for real script to allow execution from checkout
dir=${0%/*}
# See if this file's parent is cdist module
# and if so add it to module search path.
cdist_dir = os.path.realpath(
os.path.join(
os.path.dirname(os.path.realpath(__file__)),
os.pardir))
cdist_init_dir = os.path.join(cdist_dir, 'cdist', '__init__.py')
if os.path.exists(cdist_init_dir):
sys.path.insert(0, cdist_dir)
# Ensure version is present - the bundled/shipped version contains a static version,
# the git version contains a dynamic version
"$dir/build-helper" version
import cdist # noqa 402
import cdist.argparse # noqa 402
import cdist.banner # noqa 402
import cdist.config # noqa 402
import cdist.install # noqa 402
import cdist.shell # noqa 402
import cdist.inventory # noqa 402
libdir=$(cd "${dir}/../" && pwd -P)
export PYTHONPATH="${libdir}"
def commandline():
"""Parse command line"""
# preos subcommand hack
if len(sys.argv) > 1 and sys.argv[1] == 'preos':
return cdist.preos.PreOS.commandline(sys.argv[1:])
parser, cfg = cdist.argparse.parse_and_configure(sys.argv[1:])
args = cfg.get_args()
# Work around python 3.3 bug:
# http://bugs.python.org/issue16308
# http://bugs.python.org/issue9253
# FIXME: catching AttributeError also hides
# real problems.. try a different way
# FIXME: we always print main help, not
# the help of the actual parser being used!
try:
getattr(args, "func")
except AttributeError:
parser['main'].print_help()
sys.exit(0)
args.func(args)
if __name__ == "__main__":
if sys.version < cdist.MIN_SUPPORTED_PYTHON_VERSION:
print('Python >= {} is required on the source host.'.format(
cdist.MIN_SUPPORTED_PYTHON_VERSIO), file=sys.stderr)
sys.exit(1)
exit_code = 0
try:
import re
import os
if re.match("__", os.path.basename(sys.argv[0])):
import cdist.emulator
emulator = cdist.emulator.Emulator(sys.argv)
emulator.run()
else:
commandline()
except KeyboardInterrupt:
exit_code = 2
except cdist.Error as e:
log = logging.getLogger("cdist")
log.error(e)
exit_code = 1
sys.exit(exit_code)
"$dir/../scripts/cdist" "$@"

View file

@ -22,27 +22,11 @@
import os
import hashlib
import subprocess
import cdist.log
import cdist.version
VERSION = 'unknown version'
try:
import cdist.version
VERSION = cdist.version.VERSION
except ModuleNotFoundError:
cdist_dir = os.path.abspath(
os.path.join(os.path.dirname(__file__), os.pardir))
if os.path.isdir(os.path.join(cdist_dir, '.git')):
try:
VERSION = subprocess.check_output(
['git', 'describe', '--always'],
cwd=cdist_dir,
universal_newlines=True)
except Exception:
pass
VERSION = cdist.version.VERSION
BANNER = """
.. . .x+=:. s
@ -64,9 +48,6 @@ REMOTE_EXEC = "ssh -o User=root"
REMOTE_CMDS_CLEANUP_PATTERN = "ssh -o User=root -O exit -S {}"
MIN_SUPPORTED_PYTHON_VERSION = '3.5'
class Error(Exception):
"""Base exception class for this project"""
pass

View file

@ -5,14 +5,12 @@ import logging
import collections
import functools
import cdist.configuration
import cdist.log
import cdist.preos
import cdist.info
import cdist.scan.commandline
# set of beta sub-commands
BETA_COMMANDS = set(('install', 'inventory', 'scan', ))
BETA_COMMANDS = set(('install', 'inventory', ))
# set of beta arguments for sub-commands
BETA_ARGS = {
'config': set(('tag', 'all_tagged_hosts', 'use_archiving', )),
@ -127,14 +125,6 @@ def get_parsers():
'value.'),
action='count', default=None)
parser['colored_output'] = argparse.ArgumentParser(add_help=False)
parser['colored_output'].add_argument(
'--colors', metavar='WHEN',
help="Colorize cdist's output based on log level; "
"WHEN is 'always', 'never', or 'auto'.",
action='store', dest='colored_output', required=False,
choices=cdist.configuration.ColoredOutputOption.CHOICES)
parser['beta'] = argparse.ArgumentParser(add_help=False)
parser['beta'].add_argument(
'-b', '--beta',
@ -207,13 +197,6 @@ def get_parsers():
'supported. Without argument CPU count is used by default. '),
action='store', dest='jobs',
const=multiprocessing.cpu_count())
parser['config_main'].add_argument(
'--log-server',
action='store_true',
help=('Start a log server for sub processes to use. '
'This is mainly useful when running cdist nested '
'from a code-local script. Log server is alwasy '
'implicitly started for \'install\' command.'))
parser['config_main'].add_argument(
'-n', '--dry-run',
help='Do not execute code.', action='store_true')
@ -274,7 +257,8 @@ def get_parsers():
'-f', '--file',
help=('Read specified file for a list of additional hosts to '
'operate on or if \'-\' is given, read stdin (one host per '
'line).'),
'line). If no host or host file is specified then, by '
'default, read hosts from stdin.'),
dest='hostfile', required=False)
parser['config_args'].add_argument(
'-p', '--parallel', nargs='?', metavar='HOST_MAX',
@ -299,7 +283,6 @@ def get_parsers():
'host', nargs='*', help='Host(s) to operate on.')
parser['config'] = parser['sub'].add_parser(
'config', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['config_main'],
parser['inventory_common'],
@ -318,7 +301,6 @@ def get_parsers():
parser['add-host'] = parser['invsub'].add_parser(
'add-host', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['add-host'].add_argument(
@ -326,12 +308,13 @@ def get_parsers():
parser['add-host'].add_argument(
'-f', '--file',
help=('Read additional hosts to add from specified file '
'or from stdin if \'-\' (each host on separate line). '),
'or from stdin if \'-\' (each host on separate line). '
'If no host or host file is specified then, by default, '
'read from stdin.'),
dest='hostfile', required=False)
parser['add-tag'] = parser['invsub'].add_parser(
'add-tag', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['add-tag'].add_argument(
@ -340,12 +323,20 @@ def get_parsers():
parser['add-tag'].add_argument(
'-f', '--file',
help=('Read additional hosts to add tags from specified file '
'or from stdin if \'-\' (each host on separate line). '),
'or from stdin if \'-\' (each host on separate line). '
'If no host or host file is specified then, by default, '
'read from stdin. If no tags/tagfile nor hosts/hostfile'
' are specified then tags are read from stdin and are'
' added to all hosts.'),
dest='hostfile', required=False)
parser['add-tag'].add_argument(
'-T', '--tag-file',
help=('Read additional tags to add from specified file '
'or from stdin if \'-\' (each tag on separate line). '),
'or from stdin if \'-\' (each tag on separate line). '
'If no tag or tag file is specified then, by default, '
'read from stdin. If no tags/tagfile nor hosts/hostfile'
' are specified then tags are read from stdin and are'
' added to all hosts.'),
dest='tagfile', required=False)
parser['add-tag'].add_argument(
'-t', '--taglist',
@ -355,7 +346,6 @@ def get_parsers():
parser['del-host'] = parser['invsub'].add_parser(
'del-host', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['del-host'].add_argument(
@ -366,12 +356,13 @@ def get_parsers():
parser['del-host'].add_argument(
'-f', '--file',
help=('Read additional hosts to delete from specified file '
'or from stdin if \'-\' (each host on separate line). '),
'or from stdin if \'-\' (each host on separate line). '
'If no host or host file is specified then, by default, '
'read from stdin.'),
dest='hostfile', required=False)
parser['del-tag'] = parser['invsub'].add_parser(
'del-tag', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['del-tag'].add_argument(
@ -384,13 +375,20 @@ def get_parsers():
parser['del-tag'].add_argument(
'-f', '--file',
help=('Read additional hosts to delete tags for from specified '
'file or from stdin if \'-\' (each host on separate '
'line). '),
'file or from stdin if \'-\' (each host on separate line). '
'If no host or host file is specified then, by default, '
'read from stdin. If no tags/tagfile nor hosts/hostfile'
' are specified then tags are read from stdin and are'
' deleted from all hosts.'),
dest='hostfile', required=False)
parser['del-tag'].add_argument(
'-T', '--tag-file',
help=('Read additional tags from specified file '
'or from stdin if \'-\' (each tag on separate line). '),
'or from stdin if \'-\' (each tag on separate line). '
'If no tag or tag file is specified then, by default, '
'read from stdin. If no tags/tagfile nor'
' hosts/hostfile are specified then tags are read from'
' stdin and are added to all hosts.'),
dest='tagfile', required=False)
parser['del-tag'].add_argument(
'-t', '--taglist',
@ -400,7 +398,6 @@ def get_parsers():
parser['list'] = parser['invsub'].add_parser(
'list', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['list'].add_argument(
@ -433,7 +430,7 @@ def get_parsers():
# Shell
parser['shell'] = parser['sub'].add_parser(
'shell', parents=[parser['loglevel'], parser['colored_output']])
'shell', parents=[parser['loglevel']])
parser['shell'].add_argument(
'-s', '--shell',
help=('Select shell to use, defaults to current shell. Used shell'
@ -471,35 +468,6 @@ def get_parsers():
'pattern', nargs='?', help='Glob pattern.')
parser['info'].set_defaults(func=cdist.info.Info.commandline)
# Scan = config + further
parser['scan'] = parser['sub'].add_parser('scan', add_help=False,
parents=[parser['config']])
parser['scan'] = parser['sub'].add_parser(
'scan', parents=[parser['loglevel'],
parser['beta'],
parser['colored_output'],
parser['common'],
parser['config_main']])
parser['scan'].add_argument(
'-m', '--mode', help='Which modes should run',
action='append', default=[],
choices=['scan', 'trigger'])
parser['scan'].add_argument(
'--config',
action='store_true',
help='Try to configure detected hosts')
parser['scan'].add_argument(
'-I', '--interfaces',
action='append', default=[],
help='On which interfaces to scan/trigger')
parser['scan'].add_argument(
'-d', '--delay',
action='store', default=3600,
help='How long to wait before reconfiguring after last try')
parser['scan'].set_defaults(func=cdist.scan.commandline.commandline)
for p in parser:
parser[p].epilog = EPILOG
@ -510,12 +478,7 @@ def handle_loglevel(args):
if hasattr(args, 'quiet') and args.quiet:
args.verbose = _verbosity_level_off
logging.getLogger().setLevel(_verbosity_level[args.verbose])
def handle_log_colors(args):
if cdist.configuration.ColoredOutputOption.translate(args.colored_output):
cdist.log.CdistFormatter.USE_COLORS = True
logging.root.setLevel(_verbosity_level[args.verbose])
def parse_and_configure(argv, singleton=True):
@ -529,7 +492,6 @@ def parse_and_configure(argv, singleton=True):
raise cdist.Error(str(e))
# Loglevels are handled globally in here
handle_loglevel(args)
handle_log_colors(args)
log = logging.getLogger("cdist")

View file

@ -33,7 +33,6 @@ case "$os" in
;;
"freebsd"|"netbsd")
PATH=$(getconf PATH)
sysctl -n hw.ncpu
;;

View file

@ -30,8 +30,9 @@ case $uname_s in
sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+'
;;
NetBSD)
PATH=$(getconf PATH)
sysctl -n hw.disknames | awk -v RS=' ' '/^[lsw]d[0-9]+/'
PATH="${PATH}:/usr/local/sbin:/usr/sbin:/sbin"
sysctl -n hw.disknames \
| awk 'BEGIN { RS = " " } /^[lsw]d[0-9]+/'
;;
Linux)
# list of major device numbers toexclude:

View file

@ -30,7 +30,6 @@ case "$os" in
;;
*"bsd")
PATH=$(getconf PATH)
echo "$(sysctl -n hw.physmem) / 1048576" | bc
;;

View file

@ -143,13 +143,6 @@ case "$uname_s" in
esac
if [ -f /etc/os-release ]; then
# after sles15, suse don't provide an /etc/SuSE-release anymore, but there is almost no difference between sles and opensuse leap, so call it suse
# shellcheck disable=SC1091
if (. /etc/os-release && echo "${ID_LIKE}" | grep -q '\(^\|\ \)suse\($\|\ \)')
then
echo suse
exit 0
fi
# already lowercase, according to:
# https://www.freedesktop.org/software/systemd/man/os-release.html
awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release

View file

@ -31,32 +31,7 @@ case "$("$__explorer/os")" in
cat /etc/arch-release
;;
debian)
debian_version=$(cat /etc/debian_version)
case $debian_version
in
testing/unstable)
# previous to Debian 4.0 testing/unstable was used
# cf. https://metadata.ftp-master.debian.org/changelogs/main/b/base-files/base-files_11_changelog
echo 3.99
;;
*/sid)
# sid versions don't have a number, so we decode by codename:
case $(expr "$debian_version" : '\([a-z]\{1,\}\)/')
in
bullseye) echo 10.99 ;;
buster) echo 9.99 ;;
stretch) echo 8.99 ;;
jessie) echo 7.99 ;;
wheezy) echo 6.99 ;;
squeeze) echo 5.99 ;;
lenny) echo 4.99 ;;
*) exit 1
esac
;;
*)
echo "$debian_version"
;;
esac
cat /etc/debian_version
;;
devuan)
cat /etc/devuan_version
@ -70,11 +45,6 @@ case "$("$__explorer/os")" in
macosx)
sw_vers -productVersion
;;
freebsd)
# Apparently uname -r is not a reliable way to get the patch level.
# See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743
freebsd-version
;;
*bsd|solaris)
uname -r
;;

View file

@ -1,7 +1,6 @@
#!/bin/sh -e
# __locale/explorer/state
#
# 2020 Matthias Stecher (matthiasstecher at gmx.de)
# 2019 Ander Punnar (ander-at-kvlt-dot-ee)
#
# This file is part of cdist.
#
@ -18,19 +17,23 @@
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Check if the locale is already installed on the system.
# Outputs 'present' or 'absent' depending if the locale exists.
#
# TODO check if filesystem has ACL turned on etc
# Get user-defined locale
# locale name is echoed differently than the user propably set it (for UTF-8)
locale="$(echo "$__object_id" | sed 's/UTF-8/utf8/')"
if [ -f "$__object/parameter/acl" ]
then
grep -E '^(default:)?(user|group):' "$__object/parameter/acl" \
| while read -r acl
do
param="$( echo "$acl" | awk -F: '{print $(NF-2)}' )"
check="$( echo "$acl" | awk -F: '{print $(NF-1)}' )"
# Check if the given locale exists on the system
if localedef --list-archive | grep -qFx "$locale"; then
echo present
else
echo absent
[ "$param" = 'user' ] && db=passwd || db="$param"
if ! getent "$db" "$check" > /dev/null
then
echo "missing $param '$check'" >&2
exit 1
fi
done
fi

View file

@ -1,4 +0,0 @@
#!/bin/sh -e
getent passwd | awk -F: '{print "user:"$1}'
getent group | awk -F: '{print "group:"$1}'

View file

@ -22,8 +22,8 @@ file_is="$( cat "$__object/explorer/file_is" )"
if [ "$file_is" = 'missing' ] \
&& [ -z "$__cdist_dry_run" ] \
&& [ ! -f "$__object/parameter/file" ] \
&& [ ! -f "$__object/parameter/directory" ]
&& \( [ ! -f "$__object/parameter/file" ] \
|| [ ! -f "$__object/parameter/directory" ] \)
then
exit 0
fi
@ -47,26 +47,28 @@ then
elif [ -f "$__object/parameter/entry" ]
then
acl_should="$( cat "$__object/parameter/entry" )"
elif [ -f "$__object/parameter/acl" ]
then
acl_should="$( cat "$__object/parameter/acl" )"
elif
[ -f "$__object/parameter/user" ] \
|| [ -f "$__object/parameter/group" ] \
|| [ -f "$__object/parameter/mask" ] \
|| [ -f "$__object/parameter/other" ]
then
acl_should="$( for param in user group mask other
do
[ ! -f "$__object/parameter/$param" ] && continue
echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=:
echo "$param$sep$( cat "$__object/parameter/$param" )"
done )"
else
echo 'no parameters set' >&2
exit 1
fi
# instead of setfacl's non-helpful message "Option -m: Invalid argument near character X"
# let's check if target has necessary users and groups, since mistyped or missing
# users/groups in target is most common reason.
echo "$acl_should" \
| grep -Po '(user|group):[^:]+' \
| sort -u \
| while read -r l
do
if ! grep "$l" -Fxq "$__object/explorer/getent"
then
echo "no $l' in target" | sed "s/:/ '/" >&2
exit 1
fi
done
if [ -f "$__object/parameter/default" ]
then
acl_should="$( echo "$acl_should" \

View file

@ -12,14 +12,11 @@ Fully supported and tested on Linux (ext4 filesystem), partial support for FreeB
See ``setfacl`` and ``acl`` manpages for more details.
One of ``--entry`` or ``--source`` must be used.
OPTIONAL MULTIPLE PARAMETERS
REQUIRED MULTIPLE PARAMETERS
----------------------------
entry
Set ACL entry following ``getfacl`` output syntax.
Must be used if ``--source`` is not used.
OPTIONAL PARAMETERS
@ -28,7 +25,6 @@ source
Read ACL entries from stdin or file.
Ordering of entries is not important.
When reading from file, comments and empty lines are ignored.
Must be used if ``--entry`` is not used.
file
Create/change file with ``__file`` using ``user:group:mode`` pattern.
@ -52,6 +48,12 @@ remove
``mask`` and ``other`` entries can't be removed, but only changed.
DEPRECATED PARAMETERS
---------------------
Parameters ``acl``, ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
will be removed in future versions. Please use ``entry`` parameter instead.
EXAMPLES
--------

View file

@ -0,0 +1 @@
see manual for details

View file

@ -0,0 +1 @@
see manual for details

View file

@ -0,0 +1 @@
see manual for details

View file

@ -0,0 +1 @@
see manual for details

View file

@ -0,0 +1 @@
see manual for details

View file

@ -1,3 +1,5 @@
mask
other
source
file
directory

View file

@ -1 +1,4 @@
entry
acl
user
group

View file

@ -1,104 +0,0 @@
cdist-type__debian_backports(7)
===============================
NAME
----
cdist-type__apt_backports - Install backports
DESCRIPTION
-----------
This singleton type installs backports for the current OS release.
It aborts if backports are not supported for the specified OS or
no version codename could be fetched (like Debian unstable).
The package index will be automatically updated if required.
It supports backports from following OSes:
- Debian
- Devuan
- Ubuntu
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
Represents the state of the backports repository. ``present`` or
``absent``, defaults to ``present``.
Will be directly passed to :strong:`cdist-type__apt_source`\ (7).
mirror
The mirror to fetch the backports from. Will defaults to the generic
mirror of the current OS.
Will be directly passed to :strong:`cdist-type__apt_source`\ (7).
BOOLEAN PARAMETERS
------------------
None.
MESSAGES
--------
None.
EXAMPLES
--------
.. code-block:: sh
# setup the backports
__apt_backports
__apt_backports --state absent
__apt_backports --state present --mirror "http://ftp.de.debian.org/debian/"
# install a backports package
# currently for the buster release backports
require="__apt_backports" __package_apt wireguard \
--target-release buster-backports
ABORTS
------
Aborts if the detected os is not Debian.
Aborts if no distribuition codename could be detected. This is common for the
unstable distribution, but there is no backports repository for it already.
CAVEATS
-------
For Ubuntu, it setup all componenents for the backports repository: ``main``,
``restricted``, ``universe`` and ``multiverse``. The user may not want to
install proprietary packages, which will only be installed if the user
explicitly uses the backports target-release. The user may change this behavior
to install backports packages without the need of explicitly select it.
SEE ALSO
--------
`Official Debian Backports site <https://backports.debian.org/>`_
:strong:`cdist-type__apt_source`\ (7)
AUTHORS
-------
Matthias Stecher <matthiasstecher at gmx.de>
COPYING
-------
Copyright \(C) 2020 Matthias Stecher. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1,81 +0,0 @@
#!/bin/sh -e
# __apt_backports/manifest
#
# 2020 Matthias Stecher (matthiasstecher at gmx.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Enables/disables backports repository. Utilises __apt_source for it.
#
# Get the distribution codename by /etc/os-release.
# is already executed in a subshell by string substitution
# lsb_release may not be given in all installations
codename_os_release() {
# shellcheck disable=SC1090
. "$__global/explorer/os_release"
printf "%s" "$VERSION_CODENAME"
}
# detect backport distribution
os="$(cat "$__global/explorer/os")"
case "$os" in
debian)
dist="$( codename_os_release )"
components="main"
mirror="http://deb.debian.org/debian/"
;;
devuan)
dist="$( codename_os_release )"
components="main"
mirror="http://deb.devuan.org/merged"
;;
ubuntu)
dist="$( codename_os_release )"
components="main restricted universe multiverse"
mirror="http://archive.ubuntu.com/ubuntu"
;;
*)
printf "Backports for %s are not supported!\n" "$os" >&2
exit 1
;;
esac
# error if no codename given (e.g. on Debian unstable)
if [ -z "$dist" ]; then
printf "No backports for unkown version of distribution %s!\n" "$os" >&2
exit 1
fi
# parameters
state="$(cat "$__object/parameter/state")"
# mirror already set for the os, only override user-values
if [ -f "$__object/parameter/mirror" ]; then
mirror="$(cat "$__object/parameter/mirror")"
fi
# install the given backports repository
__apt_source "${dist}-backports" \
--state "$state" \
--distribution "${dist}-backports" \
--component "$components" \
--uri "$mirror"

View file

@ -1,2 +0,0 @@
state
mirror

View file

@ -32,12 +32,11 @@ EXAMPLES
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2014 Steven Armstrong, 2020 Dennis Camera.
You can redistribute it and/or modify it under the terms of the GNU General
Public License as published by the Free Software Foundation, either version 3 of
the License, or (at your option) any later version.
Copyright \(C) 2014 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1,7 +1,6 @@
#!/bin/sh -e
#
# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -20,28 +19,26 @@
#
os=$(cat "${__global:?}/explorer/os")
os=$(cat "$__global/explorer/os")
case ${os}
in
(ubuntu|debian|devuan)
__file /etc/apt/apt.conf.d/00InstallRecommends --state present \
--owner root --group root --mode 0644 --source - <<-'EOF'
APT::Install-Recommends "false";
APT::Install-Suggests "false";
APT::AutoRemove::RecommendsImportant "false";
APT::AutoRemove::SuggestsImportant "false";
EOF
# TODO: Remove the following object after some time
require=__file/etc/apt/apt.conf.d/00InstallRecommends \
__file /etc/apt/apt.conf.d/99-no-recommends --state absent
;;
(*)
cat >&2 <<EOF
case "$os" in
ubuntu|debian|devuan)
# No stinking recommends thank you very much.
# If I want something installed I will do so myself.
__file /etc/apt/apt.conf.d/99-no-recommends \
--owner root --group root --mode 644 \
--source - << DONE
APT::Install-Recommends "0";
APT::Install-Suggests "0";
APT::AutoRemove::RecommendsImportant "0";
APT::AutoRemove::SuggestsImportant "0";
DONE
;;
*)
cat >&2 << DONE
The developer of this type (${__type##*/}) did not think your operating system
($os) would have any use for it. If you think otherwise please submit a patch.
EOF
exit 1
;;
DONE
exit 1
;;
esac

View file

@ -46,29 +46,28 @@ fi
remove_block() {
cat << DONE
tmpfile=\$(mktemp ${quoted_file}.cdist.XXXXXXXXXX)
tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
# preserve ownership and permissions of existing file
if [ -f $quoted_file ]; then
cp -p $quoted_file "\$tmpfile"
if [ -f "$file" ]; then
cp -p "$file" "\$tmpfile"
fi
awk -v prefix=$(quote "$prefix") -v suffix=$(quote "$suffix") '
awk -v prefix=^$(quote "$prefix")\$ -v suffix=^$(quote "$suffix")\$ '
{
if (\$0 == prefix) {
if (match(\$0,prefix)) {
triggered=1
}
if (triggered) {
if (\$0 == suffix) {
if (match(\$0,suffix)) {
triggered=0
}
} else {
print
}
}' $quoted_file > "\$tmpfile"
mv -f "\$tmpfile" $quoted_file
}' "$file" > "\$tmpfile"
mv -f "\$tmpfile" "$file"
DONE
}
quoted_file="$(quote "$file")"
case "$state_should" in
present)
if [ "$state_is" = "changed" ]; then
@ -78,7 +77,7 @@ case "$state_should" in
echo add >> "$__messages_out"
fi
cat << DONE
cat >> $quoted_file << '${__type##*/}_DONE'
cat >> "$file" << ${__type##*/}_DONE
$(cat "$block")
${__type##*/}_DONE
DONE

View file

@ -18,12 +18,7 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
if [ -f "$__object/parameter/path" ]
then
path="$( cat "$__object/parameter/path" )"
else
path="/$__object_id"
fi
path="/$__object_id"
[ ! -d "$path" ] && exit 0

View file

@ -20,12 +20,7 @@
[ ! -s "$__object/explorer/list" ] && exit 0
if [ -f "$__object/parameter/path" ]
then
path="$( cat "$__object/parameter/path" )"
else
path="/$__object_id"
fi
path="/$__object_id"
pattern="$( cat "$__object/parameter/pattern" )"

View file

@ -10,7 +10,7 @@ DESCRIPTION
-----------
Remove files and directories which match the pattern.
Provided path must be a directory.
Provided path (as __object_id) must be a directory.
Patterns are passed to ``find``'s ``-regex`` - see ``find(1)`` for more details.
@ -29,9 +29,6 @@ pattern
OPTIONAL PARAMETERS
-------------------
path
Path which will be cleaned. Defaults to ``$__object_id``.
exclude
Pattern of files which are excluded from removal.
@ -49,11 +46,6 @@ EXAMPLES
--exclude '.+\(charset\.conf\|security\.conf\)' \
--onchange 'service apache2 restart'
__clean_path apache2-conf-enabled \
--path /etc/apache2/conf-enabled \
--pattern '.+' \
--exclude '.+\(charset\.conf\|security\.conf\)' \
--onchange 'service apache2 restart'
AUTHORS
-------

View file

@ -1,3 +1,2 @@
exclude
onchange
path

View file

@ -30,10 +30,10 @@ fallback() {
gid=$(echo "$ls_line" | awk '{ print $4 }')
owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd)
group=$(awk -F: -v gid="$gid" '$3 == gid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group)
group=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group)
mode_text=$(echo "$ls_line" | awk '{ print $1 }')
mode=$(echo "$mode_text" | awk '{for(i=8;i>=0;--i){c=substr($1,10-i,1);k+=((c~/[rwxst]/)*2^i);if(!(i%3))k+=(tolower(c)~/[lst]/)*2^(9+i/3)}printf("%04o",k)}')
mode=$(echo "$mode_text" | awk '{ k=0; for (i=0; i<=8; i++) k += ((substr($1, i+2, 1) ~ /[rwx]/) * 2^(8-i)); printf("%0o", k) }')
printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\n' \
"$("$__type_explorer/type")" \
@ -45,27 +45,56 @@ fallback() {
# nothing to work with, nothing we could do
[ -e "$destination" ] || exit 0
command -v stat >/dev/null 2>&1 || {
if ! command -v stat >/dev/null
then
fallback
exit
}
fi
case $("$__explorer/os")
in
freebsd|netbsd|openbsd|macosx)
stat -f 'type: %HT
case $("$__explorer/os") in
"freebsd"|"netbsd"|"openbsd"|"macosx")
stat -f "type: %HT
owner: %Du %Su
group: %Dg %Sg
mode: %Mp%03Lp %Sp
' "$destination" | awk '/^type/ { print tolower($0); next } { print }'
mode: %Lp %Sp
" "$destination" | awk '/^type/ { print tolower($0); next } { print }'
;;
solaris)
ls1="$( ls -ld "$destination" )"
ls2="$( ls -ldn "$destination" )"
if [ -f "$__object/parameter/mode" ]
then mode_should="$( cat "$__object/parameter/mode" )"
fi
# yes, it is ugly hack, but if you know better way...
if [ -z "$( find "$destination" -perm "$mode_should" )" ]
then octets=888
else octets="$( echo "$mode_should" | sed 's/^0//' )"
fi
case "$( echo "$ls1" | cut -c1-1 )" in
-) echo 'type: regular file' ;;
d) echo 'type: directory' ;;
esac
echo "owner: $( echo "$ls2" \
| awk '{print $3}' ) $( echo "$ls1" \
| awk '{print $3}' )"
echo "group: $( echo "$ls2" \
| awk '{print $4}' ) $( echo "$ls1" \
| awk '{print $4}' )"
echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )"
;;
*)
# NOTE: Do not use --printf here as it is not supported by BusyBox stat.
# NOTE: BusyBox's stat might not support the "-c" option, in which case
# we fall through to the shell fallback.
stat -c 'type: %F
stat -c "type: %F
owner: %u %U
group: %g %G
mode: %04a %A' "$destination" 2>/dev/null || fallback
;;
mode: %a %A" "$destination" 2>/dev/null || fallback
;;
esac

View file

@ -97,11 +97,9 @@ case "$state_should" in
value_should="$(cat "$__object/parameter/$attribute")"
value_is="$(get_current_value "$attribute" "$value_should")"
# format mode in four digits => same as stat returns
# change 0xxx format to xxx format => same as stat returns
if [ "$attribute" = mode ]; then
# Convert to four-digit octal number (printf interprets
# strings with leading 0s as octal!)
value_should=$(printf '%04o' "0${value_should}")
value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')"
fi
if [ "$set_attributes" = 1 ] || [ "$value_should" != "$value_is" ]; then

View file

@ -25,9 +25,6 @@ user
OPTIONAL PARAMETERS
-------------------
dirmode
forwarded to :strong:`__directory` type as mode
mode
forwarded to :strong:`__file` type

View file

@ -19,7 +19,6 @@ set -eu
user="$(cat "${__object}/parameter/user")"
home="$(cat "${__object}/explorer/home")"
primary_group="$(cat "${__object}/explorer/primary_group")"
dirmode="$(cat "${__object}/parameter/dirmode")"
# Create parent directory. Type __directory has flag 'parents', but it
# will leave us with root-owned directory in user home, which is not
@ -37,7 +36,6 @@ export CDIST_ORDER_DEPENDENCY
for dir ; do
__directory "${home}/${dir}" \
--group "${primary_group}" \
--mode "${dirmode}" \
--owner "${user}"
done

View file

@ -1,4 +1,3 @@
state
mode
source
dirmode

View file

@ -1,19 +0,0 @@
#!/bin/sh -e
if [ -f "$__object/parameter/cmd-get" ]
then
cmd="$( cat "$__object/parameter/cmd-get" )"
elif command -v curl > /dev/null
then
cmd="curl -L -o - '%s'"
elif command -v fetch > /dev/null
then
cmd="fetch -o - '%s'"
else
cmd="wget -O - '%s'"
fi
echo "$cmd"

View file

@ -1,72 +0,0 @@
#!/bin/sh -e
dst="/$__object_id"
if [ ! -f "$dst" ]
then
echo 'absent'
exit 0
fi
sum_should="$( cat "$__object/parameter/sum" )"
if [ -f "$__object/parameter/cmd-sum" ]
then
# shellcheck disable=SC2059
sum_is="$( eval "$( printf \
"$( cat "$__object/parameter/cmd-sum" )" \
"$dst" )" )"
else
os="$( "$__explorer/os" )"
if echo "$sum_should" | grep -Eq '^[0-9]+\s[0-9]+$'
then
sum_is="$( cksum "$dst" | awk '{print $1" "$2}' )"
elif echo "$sum_should" | grep -Eiq '^md5:[a-f0-9]{32}$'
then
case "$os" in
freebsd)
sum_is="md5:$( md5 -q "$dst" )"
;;
*)
sum_is="md5:$( md5sum "$dst" | awk '{print $1}' )"
;;
esac
elif echo "$sum_should" | grep -Eiq '^sha1:[a-f0-9]{40}$'
then
case "$os" in
freebsd)
sum_is="sha1:$( sha1 -q "$dst" )"
;;
*)
sum_is="sha1:$( sha1sum "$dst" | awk '{print $1}' )"
;;
esac
elif echo "$sum_should" | grep -Eiq '^sha256:[a-f0-9]{64}$'
then
case "$os" in
freebsd)
sum_is="sha256:$( sha256 -q "$dst" )"
;;
*)
sum_is="sha256:$( sha256sum "$dst" | awk '{print $1}' )"
;;
esac
fi
fi
if [ -z "$sum_is" ]
then
echo 'no checksum from target' >&2
exit 1
fi
if [ "$sum_is" = "$sum_should" ]
then
echo 'present'
else
echo 'mismatch'
fi

View file

@ -1,58 +0,0 @@
#!/bin/sh -e
download="$( cat "$__object/parameter/download" )"
state_is="$( cat "$__object/explorer/state" )"
if [ "$download" != 'local' ] || [ "$state_is" = 'present' ]
then
exit 0
fi
url="$( cat "$__object/parameter/url" )"
tmp="$( mktemp )"
dst="/$__object_id"
if [ -f "$__object/parameter/cmd-get" ]
then
cmd="$( cat "$__object/parameter/cmd-get" )"
elif command -v wget > /dev/null
then
cmd="wget -O - '%s'"
elif command -v curl > /dev/null
then
cmd="curl -L -o - '%s'"
elif command -v fetch > /dev/null
then
cmd="fetch -o - '%s'"
else
echo 'no usable locally installed utility for downloading' >&2
exit 1
fi
printf "$cmd > %s\n" \
"$url" \
"$tmp"
if echo "$__target_host" | grep -Eq '^[0-9a-fA-F:]+$'
then
target_host="[$__target_host]"
else
target_host="$__target_host"
fi
printf '%s %s %s:%s\n' \
"$__remote_copy" \
"$tmp" \
"$target_host" \
"$dst"
echo "rm -f '$tmp'"
echo 'downloaded' > "$__messages_out"

View file

@ -1,25 +0,0 @@
#!/bin/sh -e
download="$( cat "$__object/parameter/download" )"
state_is="$( cat "$__object/explorer/state" )"
if [ "$download" = 'remote' ] && [ "$state_is" != 'present' ]
then
cmd="$( cat "$__object/explorer/remote_cmd" )"
url="$( cat "$__object/parameter/url" )"
dst="/$__object_id"
printf "$cmd > %s\n" \
"$url" \
"$dst"
echo 'downloaded' > "$__messages_out"
fi
if [ -f "$__object/parameter/onchange" ] && [ "$state_is" != "present" ]
then
cat "$__object/parameter/onchange"
fi

View file

@ -1,87 +0,0 @@
cdist-type__download(7)
=======================
NAME
----
cdist-type__download - Download a file
DESCRIPTION
-----------
Destination (``$__object_id``) in target host must be persistent storage
in order to calculate checksum and decide if file must be (re-)downloaded.
By default type will try to use ``wget``, ``curl`` or ``fetch``.
If download happens in target (see ``--download``) then type will
fallback to (and install) ``wget``.
If download happens in local machine, then environment variables like
``{http,https,ftp}_proxy`` etc can be used on cdist execution
(``http_proxy=foo cdist config ...``).
REQUIRED PARAMETERS
-------------------
url
File's URL.
sum
Checksum of file going to be downloaded.
By default output of ``cksum`` without filename is expected.
Other hash formats supported with prefixes: ``md5:``, ``sha1:`` and ``sha256:``.
OPTIONAL PARAMETERS
-------------------
download
If ``local`` (default), then download file to local storage and copy
it to target host. If ``remote``, then download happens in target.
cmd-get
Command used for downloading.
Command must output to ``stdout``.
Parameter will be used for ``printf`` and must include only one
format specification ``%s`` which will become URL.
For example: ``wget -O - '%s'``.
cmd-sum
Command used for checksum calculation.
Command output and ``--sum`` parameter must match.
Parameter will be used for ``printf`` and must include only one
format specification ``%s`` which will become destination.
For example: ``md5sum '%s' | awk '{print $1}'``.
onchange
Execute this command after download.
EXAMPLES
--------
.. code-block:: sh
__directory /opt/cpma
require='__directory/opt/cpma' \
__download /opt/cpma/cnq3.zip \
--url https://cdn.playmorepromode.com/files/cnq3/cnq3-1.51.zip \
--sum md5:46da3021ca9eace277115ec9106c5b46
require='__download/opt/cpma/cnq3.zip' \
__unpack /opt/cpma/cnq3.zip \
--backup-destination \
--preserve-archive \
--destination /opt/cpma/server
AUTHORS
-------
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2020 Ander Punnar. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1,6 +0,0 @@
#!/bin/sh -e
if grep -Eq '^wget' "$__object/explorer/remote_cmd"
then
__package wget
fi

View file

@ -1,4 +0,0 @@
cmd-get
cmd-sum
download
onchange

View file

@ -1,2 +0,0 @@
url
sum

View file

@ -1,26 +0,0 @@
#!/bin/sh -e
# __dpkg_architecture/explorer/architecture
#
# 2020 Matthias Stecher <matthiasstecher at gmx.de>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Get the main architecture of this machine
# print or die in the gencode-remote
dpkg --print-architecture || true

View file

@ -1,26 +0,0 @@
#!/bin/sh -e
# __dpkg_architecture/explorer/foreign-architectures
#
# 2020 Matthias Stecher <matthiasstecher at gmx.de>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Print all additional architectures
# print or die in the gencode-remote
dpkg --print-foreign-architectures || true

View file

@ -1,82 +0,0 @@
#!/bin/sh -e
# __dpkg_architecture/gencode-remote
#
# 2020 Matthias Stecher <matthiasstecher at gmx.de>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Get parameter and explorer
state_should="$(cat "$__object/parameter/state")"
arch_wanted="$__object_id"
main_arch="$(cat "$__object/explorer/architecture")"
# Exit here if dpkg do not work (empty explorer)
if [ -z "$main_arch" ]; then
echo "dpkg is not available or unable to detect a architecture!" >&2
exit 1
fi
# Check if requested architecture is the main one
if [ "$arch_wanted" = "$main_arch" ]; then
# higher than present; we can not remove it
state_is="present"
caution="yes"
# Check if the architecture not already used
elif grep -qFx "$arch_wanted" "$__object/explorer/foreign-architectures"; then
state_is="present"
# arch does not exist
else
state_is="absent"
fi
# Check what to do
if [ "$state_is" != "$state_should" ]; then
case "$state_should" in
present)
# print add code
printf "dpkg --add-architecture '%s'\n" "$arch_wanted"
# updating the index to make the new architecture available
echo "apt update"
echo added >> "$__messages_out"
;;
absent)
if [ "$caution" ]; then
printf "can not remove the main arch '%s' of the system!\n" "$main_arch" >&2
exit 1
fi
# removing all existing packages for the architecture
printf "apt purge '.*:%s'\n" "$arch_wanted"
# print remove code
printf "dpkg --remove-architecture '%s'\n" "$arch_wanted"
echo removed >> "$__messages_out"
;;
*)
printf "state '%s' is unknown!\n" "$state_should" >&2
exit 1
;;
esac
fi

View file

@ -1,103 +0,0 @@
cdist-type__dpkg_architecture(7)
================================
NAME
----
cdist-type__dpkg_architecture - Handles foreign architectures on debian-like
systems managed by `dpkg`
DESCRIPTION
-----------
This type handles foreign architectures on systems managed by
:strong:`dpkg`\ (1). The object id is the name of the architecture accepted by
`dpkg`, which should be added or removed.
If the architecture is not setup on the system, it adds a new architecture as a
new foreign architecture in `dpkg`. Then, it updates the apt package index to
make packages from the new architecture available.
If the architecture should be removed, it will remove it if it is not the base
architecture on where the system was installed on. Before it, it will purge
every package based on the "to be removed" architecture via `apt` to be able to
remove the selected architecture.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
``present`` or ``absent``. Defaults to ``present``.
MESSAGES
--------
added
Added the specified architecture
removed
Removed the specified architecture
ABORTS
------
Aborts in the following cases:
If :strong:`dpkg`\ (1) is not available. It will abort with a proper error
message.
If the architecture is the same as the base architecture the system is build
upon it (returned by ``dpkg --print-architecture``) and it should be removed.
It will fail if it can not execute :strong:`apt`\ (8). It is assumed that it is
already installed.
EXAMPLES
--------
.. code-block:: sh
# add i386 (32 bit) architecture
__dpkg_architecture i386
# remove it again :)
__dpkg_architecture i386 --state absent
SEE ALSO
--------
`Multiarch on Debian systems <https://wiki.debian.org/Multiarch>`_
`How to setup multiarch on Debian <https://wiki.debian.org/Multiarch/HOWTO>`_
:strong:`dpkg`\ (1)
:strong:`cdist-type__package_dpkg`\ (7)
:strong:`cdist-type__package_apt`\ (7)
Useful commands:
.. code-block:: sh
# base architecture installed on this system
dpkg --print-architecture
# extra architectures added
dpkg --print-foreign-architectures
AUTHORS
-------
Matthias Stecher <matthiasstecher at gmx.de>
COPYING
-------
Copyright \(C) 2020 Matthias Stecher. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
ublished by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -31,10 +31,10 @@ fallback() {
gid=$(echo "$ls_line" | awk '{ print $4 }')
owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd)
group=$(awk -F: -v gid="$gid" '$3 == gid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group)
group=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group)
mode_text=$(echo "$ls_line" | awk '{ print $1 }')
mode=$(echo "$mode_text" | awk '{for(i=8;i>=0;--i){c=substr($1,10-i,1);k+=((c~/[rwxst]/)*2^i);if(!(i%3))k+=(tolower(c)~/[lst]/)*2^(9+i/3)}printf("%04o",k)}')
mode=$(echo "$mode_text" | awk '{ k=0; for (i=0; i<=8; i++) k += ((substr($1, i+2, 1) ~ /[rwx]/) * 2^(8-i)); printf("%0o", k) }')
size=$(echo "$ls_line" | awk '{ print $5 }')
links=$(echo "$ls_line" | awk '{ print $2 }')
@ -53,32 +53,64 @@ fallback() {
[ -e "$destination" ] || exit 0
command -v stat >/dev/null 2>&1 || {
if ! command -v stat >/dev/null
then
fallback
exit
}
fi
case $("$__explorer/os")
in
freebsd|netbsd|openbsd|macosx)
stat -f 'type: %HT
stat -f "type: %HT
owner: %Du %Su
group: %Dg %Sg
mode: %Mp%03Lp %Sp
mode: %Lp %Sp
size: %Dz
links: %Dl
' "$destination" | awk '/^type/ { print tolower($0); next } { print }'
" "$destination" | awk '/^type/ { print tolower($0); next } { print }'
;;
solaris)
ls1="$( ls -ld "$destination" )"
ls2="$( ls -ldn "$destination" )"
if [ -f "$__object/parameter/mode" ]
then mode_should="$( cat "$__object/parameter/mode" )"
fi
# yes, it is ugly hack, but if you know better way...
if [ -z "$( find "$destination" -perm "$mode_should" )" ]
then octets=888
else octets="$( echo "$mode_should" | sed 's/^0//' )"
fi
case "$( echo "$ls1" | cut -c1-1 )" in
-) echo 'type: regular file' ;;
d) echo 'type: directory' ;;
esac
echo "owner: $( echo "$ls2" \
| awk '{print $3}' ) $( echo "$ls1" \
| awk '{print $3}' )"
echo "group: $( echo "$ls2" \
| awk '{print $4}' ) $( echo "$ls1" \
| awk '{print $4}' )"
echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )"
echo "size: $( echo "$ls1" | awk '{print $5}' )"
echo "links: $( echo "$ls1" | awk '{print $2}' )"
;;
*)
# NOTE: Do not use --printf here as it is not supported by BusyBox stat.
# NOTE: BusyBox's stat might not support the "-c" option, in which case
# we fall through to the shell fallback.
stat -c 'type: %F
stat -c "type: %F
owner: %u %U
group: %g %G
mode: %04a %A
mode: %a %A
size: %s
links: %h' "$destination" 2>/dev/null || fallback
;;
links: %h" "$destination" 2>/dev/null || fallback
;;
esac

View file

@ -68,11 +68,9 @@ case "$state_should" in
if [ -f "$__object/parameter/$attribute" ]; then
value_should="$(cat "$__object/parameter/$attribute")"
# format mode in four digits => same as stat returns
# change 0xxx format to xxx format => same as stat returns
if [ "$attribute" = mode ]; then
# Convert to four-digit octal number (printf interprets
# strings with leading 0s as octal!)
value_should=$(printf '%04o' "0${value_should}")
value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')"
fi
value_is="$(get_current_value "$attribute" "$value_should")"
@ -87,6 +85,11 @@ case "$state_should" in
fi
;;
pre-exists)
# pre-exists should never reach gencode-remote…
exit 1
;;
absent)
if [ "$type" = "file" ]; then
echo "rm -f '$destination'"
@ -95,10 +98,6 @@ case "$state_should" in
fi
;;
pre-exists)
:
;;
*)
echo "Unknown state: $state_should" >&2
exit 1

View file

@ -18,16 +18,16 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os=$("${__explorer:?}/os")
os=$("$__explorer/os")
if [ -f "${__object:?}/parameter/device" ]; then
if [ -f "$__object/parameter/device" ]; then
blkdev="$(cat "$__object/parameter/device")"
else
blkdev="${__object_id:?}"
blkdev="$__object_id"
fi
case "$os" in
alpine|centos|fedora|redhat|suse|gentoo)
centos|fedora|redhat|suse|gentoo)
if [ ! -x "$(command -v lsblk)" ]; then
echo "lsblk is required for __filesystem type" >&2
exit 1

View file

@ -20,27 +20,26 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os=$(cat "${__global:?}/explorer/os")
name_running=$(cat "${__global:?}/explorer/hostname")
has_hostnamectl=$(cat "${__object:?}/explorer/has_hostnamectl")
os=$(cat "$__global/explorer/os")
name_running=$(cat "$__global/explorer/hostname")
has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
if test -s "${__object:?}/parameter/name"
if test -s "$__object/parameter/name"
then
name_should=$(cat "${__object:?}/parameter/name")
name_should=$(cat "$__object/parameter/name")
else
case ${os}
case $os
in
# RedHat-derivatives and BSDs
(centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd)
centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd)
# Hostname is FQDN
name_should=${__target_host:?}
;;
(*)
name_should="${__target_host}"
;;
*)
# Hostname is only first component of FQDN
name_should=${__target_host:?}
name_should=${name_should%%.*}
;;
name_should="${__target_host%%.*}"
;;
esac
fi
@ -48,46 +47,43 @@ fi
################################################################################
# Check if the (running) hostname is already correct
#
test "${name_running}" != "${name_should}" || exit 0
test "$name_running" != "$name_should" || exit 0
################################################################################
# Setup hostname
#
echo 'changed' >>"${__messages_out:?}"
echo 'changed' >>"$__messages_out"
# Use the good old way to set the hostname.
case ${os}
case $os
in
(alpine|debian|devuan|ubuntu)
alpine|debian|devuan|ubuntu)
echo 'hostname -F /etc/hostname'
;;
(archlinux)
;;
archlinux)
echo 'command -v hostnamectl >/dev/null 2>&1' \
"&& hostnamectl set-hostname '${name_should}'" \
"|| hostname '${name_should}'"
;;
(centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void)
echo "hostname '${name_should}'"
;;
(openwrt)
echo "echo '${name_should}' >/proc/sys/kernel/hostname"
;;
(macosx)
echo "scutil --set HostName '${name_should}'"
;;
(solaris)
echo "uname -S '${name_should}'"
;;
(slackware|suse)
"&& hostnamectl set-hostname '$name_should'" \
"|| hostname '$name_should'"
;;
centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void)
echo "hostname '$name_should'"
;;
macosx)
echo "scutil --set HostName '$name_should'"
;;
solaris)
echo "uname -S '$name_should'"
;;
slackware|suse|opensuse-leap)
# We do not read from /etc/HOSTNAME, because the running
# hostname is the first component only while the file contains
# the FQDN.
echo "hostname '${name_should}'"
;;
(*)
echo "hostname '$name_should'"
;;
*)
# Fall back to set the hostname using hostnamectl, if available.
if test -n "${has_hostnamectl}"
if test -n "$has_hostnamectl"
then
# Don't use hostnamectl as the primary means to set the hostname for
# systemd systems, because it cannot be trusted to work reliably and
@ -98,8 +94,7 @@ in
echo "test \"\$(hostname)\" = \"\$(cat /etc/hostname)\"" \
" || hostname -F /etc/hostname"
else
printf "echo 'Unsupported OS: %s' >&2\n" "${os}"
printf 'exit 1\n'
printf "echo 'Unsupported OS: %s' >&2\nexit 1\n" "$os"
fi
;;
;;
esac

View file

@ -20,49 +20,69 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
not_supported() {
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
}
set_hostname_systemd() {
echo "$1" | __file /etc/hostname --source -
}
os=$(cat "${__global:?}/explorer/os")
os=$(cat "$__global/explorer/os")
os_version=$(cat "$__global/explorer/os_version")
os_major=$(echo "$os_version" | grep -o '^[0-9][0-9]*' || true)
max_len=$(cat "${__object:?}/explorer/max_len")
has_hostnamectl=$(cat "${__object:?}/explorer/has_hostnamectl")
max_len=$(cat "$__object/explorer/max_len")
has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
if test -s "${__object:?}/parameter/name"
if test -s "$__object/parameter/name"
then
name_should=$(cat "${__object:?}/parameter/name")
name_should=$(cat "$__object/parameter/name")
else
case ${os}
case $os
in
# RedHat-derivatives and BSDs
(centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware|suse)
centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware)
# Hostname is FQDN
name_should=${__target_host:?}
;;
name_should="${__target_host}"
;;
suse|opensuse-leap)
# Classic SuSE stores the FQDN in /etc/HOSTNAME, while
# systemd does not. The running hostname is the first
# component in both cases.
# In versions before 15.x, the FQDN is stored in /etc/hostname.
if test -n "$has_hostnamectl" && test "$os_major" -ge 15 \
&& test "$os_major" -ne 42
then
name_should="${__target_host%%.*}"
else
name_should="${__target_host}"
fi
;;
*)
# Hostname is only first component of FQDN on all other systems.
name_should=${__target_host:?}
name_should=${name_should%%.*}
;;
name_should="${__target_host%%.*}"
;;
esac
fi
if test -n "${max_len}" && test "$(printf '%s' "${name_should}" | wc -c)" -gt "${max_len}"
if test -n "$max_len" && test "$(printf '%s' "$name_should" | wc -c)" -gt "$max_len"
then
printf "Host name too long. Up to %u characters allowed.\n" "${max_len}" >&2
exit 1
fi
case ${os}
case $os
in
(alpine|debian|devuan|ubuntu|void)
echo "${name_should}" | __file /etc/hostname --source -
;;
(archlinux)
if test -n "${has_hostnamectl}"
alpine|debian|devuan|ubuntu|void)
echo "$name_should" | __file /etc/hostname --source -
;;
archlinux)
if test -n "$has_hostnamectl"
then
set_hostname_systemd "${name_should}"
set_hostname_systemd "$name_should"
else
echo 'Ancient ArchLinux variants without hostnamectl are not supported.' >&2
exit 1
@ -77,8 +97,8 @@ in
# --value "\"$name_should\""
fi
;;
(centos|fedora|redhat|scientific)
if test -z "${has_hostnamectl}"
centos|fedora|redhat|scientific)
if test -z "$has_hostnamectl"
then
# Only write to /etc/sysconfig/network on non-systemd versions.
# On systemd-based versions this entry is ignored.
@ -86,83 +106,59 @@ in
--file /etc/sysconfig/network \
--delimiter '=' --exact_delimiter \
--key HOSTNAME \
--value "\"${name_should}\""
--value "\"$name_should\""
else
set_hostname_systemd "${name_should}"
set_hostname_systemd "$name_should"
fi
;;
(gentoo)
;;
gentoo)
# Only write to /etc/conf.d/hostname on OpenRC-based installations.
# On systemd use hostnamectl(1) in gencode-remote.
if test -z "${has_hostnamectl}"
if test -z "$has_hostnamectl"
then
__key_value '/etc/conf.d/hostname:hostname' \
--file /etc/conf.d/hostname \
--delimiter '=' --exact_delimiter \
--key 'hostname' \
--value "\"${name_should}\""
--value "\"$name_should\""
else
set_hostname_systemd "$name_should"
fi
;;
(freebsd)
;;
freebsd)
__key_value '/etc/rc.conf:hostname' \
--file /etc/rc.conf \
--delimiter '=' --exact_delimiter \
--key 'hostname' \
--value "\"${name_should}\""
;;
(macosx)
--value "\"$name_should\""
;;
macosx)
# handled in gencode-remote
;;
(netbsd)
:
;;
netbsd)
__key_value '/etc/rc.conf:hostname' \
--file /etc/rc.conf \
--delimiter '=' --exact_delimiter \
--key 'hostname' \
--value "\"${name_should}\""
--value "\"$name_should\""
# To avoid confusion, ensure that the hostname is only stored once.
__file /etc/myname --state absent
;;
(openbsd)
echo "${name_should}" | __file /etc/myname --source -
;;
(openwrt)
__uci system.@system[0].hostname --value "${name_should}"
# --transaction hostname
;;
(slackware)
;;
openbsd)
echo "$name_should" | __file /etc/myname --source -
;;
slackware)
# We write the FQDN into /etc/HOSTNAME. But /etc/rc.d/rc.M will only
# read the first component from this file and set it as the running
# hostname on boot.
echo "${name_should}" | __file /etc/HOSTNAME --source -
;;
(solaris)
echo "${name_should}" | __file /etc/nodename --source -
;;
(suse)
if test -s "${__global:?}/explorer/os_release"
then
# shellcheck source=/dev/null
os_version=$(. "${__global:?}/explorer/os_release" && echo "${VERSION}")
else
os_version=$(sed -n 's/^VERSION\ *=\ *//p' "${__global:?}/explorer/os_version")
fi
os_major=$(expr "${os_version}" : '\([0-9]\{1,\}\)')
# Classic SuSE stores the FQDN in /etc/HOSTNAME, while
# systemd does not. The running hostname is the first
# component in both cases.
# In versions before 15.x, the FQDN is stored in /etc/hostname.
if test -n "${has_hostnamectl}" \
&& test "${os_major}" -ge 15 \
&& test "${os_major}" -ne 42
then
# strip away everything but the first part from $name_should
name_should=${name_should%%.*}
fi
echo "$name_should" | __file /etc/HOSTNAME --source -
;;
solaris)
echo "$name_should" | __file /etc/nodename --source -
;;
suse|opensuse-leap)
# Modern SuSE provides /etc/HOSTNAME as a symlink for
# backwards-compatibility. Unfortunately it cannot be used
# here as __file does not follow the symlink.
@ -171,25 +167,23 @@ in
# not work correctly on openSUSE 12.x which provides
# hostnamectl but not /etc/hostname.
if test -n "${has_hostnamectl}" -a "${os_major}" -gt 12
if test -n "$has_hostnamectl" -a "$os_major" -gt 12
then
hostname_file=/etc/hostname
hostname_file='/etc/hostname'
else
hostname_file=/etc/HOSTNAME
hostname_file='/etc/HOSTNAME'
fi
echo "${name_should}" | __file "${hostname_file}" --source -
;;
(*)
echo "$name_should" | __file "$hostname_file" --source -
;;
*)
# On other operating systems we fall back to systemd's
# hostnamectl if available…
if test -n "${has_hostnamectl}"
if test -n "$has_hostnamectl"
then
set_hostname_systemd "${name_should}"
set_hostname_systemd "$name_should"
else
echo "Your operating system (${os}) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
not_supported
fi
;;
;;
esac

View file

@ -25,10 +25,6 @@ ip
state is ``present``, this parameter is mandatory, if state is
``absent``, this parameter is silently ignored.
alias
An alias for the hostname.
This parameter can be specified multiple times (once per alias).
EXAMPLES
--------
@ -40,8 +36,6 @@ EXAMPLES
# previously configured via __hosts.
__hosts happy --state absent
__hosts srv1.example.com --ip 192.168.0.42 --alias srv1
SEE ALSO
--------
@ -49,14 +43,13 @@ SEE ALSO
AUTHORS
-------
| Dmitry Bogatov <KAction@gnu.org>
| Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
Dmitry Bogatov <KAction@gnu.org>
COPYING
-------
Copyright \(C) 2015-2016 Dmitry Bogatov, 2019 Dennis Camera.
You can redistribute it and/or modify it under the terms of the GNU General
Public License as published by the Free Software Foundation, either version 3 of
the License, or (at your option) any later version.
Copyright (C) 2015,2016 Dmitry Bogatov. Free use of this software is granted
under the terms of the GNU General Public License version 3 or later
(GPLv3+).

View file

@ -1,42 +1,29 @@
#!/bin/sh -e
#
# Copyright (C) 2015 Bogatov Dmitry <KAction@gnu.org>
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
set -ue
set -e
hostname="$__object_id"
state="$(cat "$__object/parameter/state")"
marker="# __hosts/$hostname"
hostname=$__object_id
state=$(cat "${__object}/parameter/state")
marker="# __hosts/${hostname}"
set -- "__hosts/$hostname" --file /etc/hosts --state "$state"
if test "${state}" != 'absent'
then
ip=$(cat "${__object}/parameter/ip")
if test -s "${__object}/parameter/alias"
then
aliases=$(while read -r a; do printf '\t%s' "$a"; done <"$__object/parameter/alias")
fi
set -- --line "$(printf '%s\t%s%s %s' \
"${ip}" "${hostname}" "${aliases}" "${marker}")"
if [ "$state" = absent ] ; then
__line "$@" --regex "$marker"
else
set -- --regex "$(echo "${marker}" | sed -e 's/\./\\./')$"
ip="$(cat "$__object/parameter/ip")"
__line "$@" --line "$ip $hostname $marker"
fi
__line "/etc/hosts:${hostname}" --file /etc/hosts --state "${state}" "$@"

View file

@ -1 +0,0 @@
alias

View file

@ -1,28 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Prints the clock mode read from the /etc/adjtime file, if present.
#
# not all operating systems use an adjfile
test -f /etc/adjtime || exit 0
# 3rd line is clock mode
# adjtime(5) https://man7.org/linux/man-pages/man5/adjtime.5.html
sed -n 3p /etc/adjtime

View file

@ -1,27 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Prints the LocalRTC property using timedatectl on systemd-based systems.
#
command -v timedatectl >/dev/null 2>&1 || exit 0
# NOTE: Older versions of timedatectl do not support `timedatectl show'
timedatectl --no-pager status \
| awk -F': ' '$1 ~ "RTC in local TZ$" { sub(/[ \t]*$/, "", $2); print $2 }'

View file

@ -1,62 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
mode=$(cat "${__object:?}/parameter/mode")
timedatectl_localrtc=$(cat "${__object:?}/explorer/timedatectl_localrtc")
adjtime_mode=$(cat "${__object:?}/explorer/adjtime_mode")
case ${mode}
in
(localtime)
adjtime_str=LOCAL
local_rtc_str=yes
;;
(UTC|utc)
adjtime_str=UTC
local_rtc_str=no
;;
(*)
printf 'Invalid value for --mode: %s\n' "${mode}" >&2
printf 'Acceptable values are: localtime, utc.\n' >&2
exit 1
esac
if test -n "${timedatectl_localrtc}"
then
# systemd
timedatectl_should=${local_rtc_str}
if test "${timedatectl_localrtc}" != "${timedatectl_should}"
then
printf 'timedatectl set-local-rtc %s\n' "${timedatectl_should}"
fi
elif test -n "${adjtime_mode}"
then
# others (update /etc/adjtime if present)
if test "${adjtime_mode}" != "${adjtime_str}"
then
# Update /etc/adjtime (3rd line is clock mode)
# adjtime(5) https://man7.org/linux/man-pages/man5/adjtime.5.html
# FIXME: Should maybe add third line if adjfile only contains two lines
printf "sed -i '3c\\\\\\n%s\\n' /etc/adjtime\\n" "${adjtime_str}"
fi
fi

View file

@ -1,63 +0,0 @@
cdist-type__hwclock(7)
======================
NAME
----
cdist-type__hwclock - Manage the hardware real time clock.
DESCRIPTION
-----------
This type can be used to control how the hardware clock is used by the operating
system.
REQUIRED PARAMETERS
-------------------
mode
What mode the hardware clock is in.
Acceptable values:
localtime
The hardware clock is set to local time (common for systems also running
Windows.)
UTC
The hardware clock is set to UTC (common on UNIX systems.)
OPTIONAL PARAMETERS
-------------------
None.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Make the operating system treat the time read from the hwclock as UTC.
__hwclock --mode UTC
SEE ALSO
--------
:strong:`hwclock`\ (8)
AUTHORS
-------
Dennis Camera <dennis.camera@ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2020 Dennis Camera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1,222 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# TODO: Consider supporting BADYEAR
os=$(cat "${__global:?}/explorer/os")
mode=$(cat "${__object:?}/parameter/mode")
has_systemd_timedatectl=$(test -s "${__object:?}/explorer/timedatectl_localrtc" && echo true || echo false)
case ${mode}
in
(localtime)
local_clock=true
;;
(UTC|utc)
local_clock=false
;;
(*)
printf 'Invalid value for --mode: %s\n' "${mode}" >&2
printf 'Acceptable values are: UTC, localtime.\n' >&2
exit 1
esac
case ${os}
in
(alpine|gentoo)
if ! $has_systemd_timedatectl
then
# NOTE: Gentoo also supports systemd, in which case /etc/conf.d is
# not used. So we check for systemd presence here and only
# update /etc/conf.d if systemd is not installed.
# https://wiki.gentoo.org/wiki/System_time#Hardware_clock
export CDIST_ORDER_DEPENDENCY=true
__file /etc/conf.d/hwclock --state present \
--owner root --group root --mode 0644
__key_value /etc/conf.d/hwclock:clock \
--file /etc/conf.d/hwclock \
--key clock \
--delimiter '=' --exact_delimiter \
--value "\"$($local_clock && echo local || echo UTC)\""
unset CDIST_ORDER_DEPENDENCY
fi
;;
(centos|fedora|redhat|scientific)
os_version=$(cat "${__global:?}/explorer/os_version")
os_major=$(expr "${os_version}" : '.* release \([0-9]*\)')
case ${os}
in
(centos|scientific)
update_sysconfig=$(test "${os_major}" -lt 6 && echo true || echo false)
;;
(fedora)
update_sysconfig=$(test "${os_major}" -lt 10 && echo true || echo false)
;;
(redhat|*)
case ${os_version}
in
('Red Hat Enterprise Linux'*)
update_sysconfig=$(test "${os_major}" -lt 6 && echo true || echo false)
;;
('Red Hat Linux'*)
update_sysconfig=true
;;
(*)
printf 'Could not determine Red Hat distribution.\n' >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
;;
esac
;;
esac
if ${update_sysconfig:?}
then
export CDIST_ORDER_DEPENDENCY=true
__file /etc/sysconfig/clock --state present \
--owner root --group root --mode 0644
__key_value /etc/sysconfig/clock:UTC \
--file /etc/sysconfig/clock \
--key UTC \
--delimiter '=' --exact_delimiter \
--value "$($local_clock && echo false || echo true)"
unset CDIST_ORDER_DEPENDENCY
fi
;;
(debian|devuan|ubuntu)
os_major=$(sed 's/[^0-9].*$//' "${__global:?}/explorer/os_version")
case ${os}
in
(debian)
if test "${os_major}" -ge 7
then
update_rcS=false
elif test "${os_major}" -ge 3
then
update_rcS=true
else
# Debian 2.2 should be supportable using rcS.
# Debian 2.1 uses the ancient GMT key.
# Debian 1.3 does not have rcS.
printf "Your operating system (Debian %s) is currently not supported by this type (%s)\n" \
"$(cat "${__global:?}/explorer/os_version")" "${__type##*/}" >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
fi
;;
(devuan)
update_rcS=false
;;
(ubuntu)
update_rcS=$(test "${os_major}" -lt 16 && echo true || echo false)
;;
esac
if ${update_rcS}
then
export CDIST_ORDER_DEPENDENCY=true
__file /etc/default/rcS --state present \
--owner root --group root --mode 0644
__key_value /etc/default/rcS:UTC \
--file /etc/default/rcS \
--key UTC \
--delimiter '=' --exact_delimiter \
--value "$($local_clock && echo no || echo yes)"
unset CDIST_ORDER_DEPENDENCY
fi
;;
(freebsd)
# cf. adjkerntz(8)
__file /etc/wall_cmos_clock \
--state "$($local_clock && echo present || echo absent)" \
--owner root --group wheel --mode 0444
;;
(netbsd)
# https://wiki.netbsd.org/guide/boot/#index9h2
__key_value /etc/rc.conf:rtclocaltime \
--file /etc/rc.conf \
--key rtclocaltime \
--delimiter '=' --exact_delimiter \
--value "$($local_clock && echo YES || echo NO)"
;;
(slackware)
__file /etc/hardwareclock --owner root --group root --mode 0644 \
--source - <<-EOF
# /etc/hardwareclock
#
# Tells how the hardware clock time is stored.
# This file is managed by cdist.
$($local_clock && echo localtime || echo UTC)
EOF
;;
(suse)
if test -s "${__global:?}/explorer/os_release"
then
# shellcheck source=/dev/null
os_version=$(. "${__global:?}/explorer/os_release" && echo "${VERSION}")
else
os_version=$(sed -n 's/^VERSION\ *=\ *//p' "${__global:?}/explorer/os_version")
fi
os_major=$(expr "${os_version}" : '\([0-9]\{1,\}\)')
# TODO: Consider using `yast2 timezone set hwclock' instead
if expr "${os_major}" \< 12
then
# Starting with SuSE 12 (first systemd-based version)
# /etc/sysconfig/clock does not contain the HWCLOCK line
# anymore.
# With SuSE 13, it has been reduced to TIMEZONE configuration.
__key_value /etc/sysconfig/clock:HWCLOCK \
--file /etc/sysconfig/clock \
--delimiter '=' --exact_delimiter \
--key HWCLOCK \
--value "$($local_clock && echo '"--localtime"' || echo '"-u"')"
fi
;;
(void)
export CDIST_ORDER_DEPENDENCY=true
__file /etc/rc.conf \
--owner root --group root --mode 0644 \
--state present
__key_value /etc/rc.conf:HARDWARECLOCK \
--file /etc/rc.conf \
--delimiter '=' --exact_delimiter \
--key HARDWARECLOCK \
--value "\"$($local_clock && echo localtime || echo UTC)\""
unset CDIST_ORDER_DEPENDENCY
;;
(*)
if ! $has_systemd_timedatectl
then
printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
fi
;;
esac
# NOTE: timedatectl set-local-rtc for systemd is in gencode-remote
# NOTE: /etc/adjtime is also updated in gencode-remote

View file

@ -1 +0,0 @@
mode

View file

@ -1,26 +0,0 @@
#!/bin/sh
#
# 2021 Mesar Hameed (mesar.hameed at gmail.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
name="$__object_id"
if ipset -t list | grep -qFx "Name: $name"; then
ipset list "$name" | sed '0,/^Members:/d'
else
echo "x_missing_x"
fi

View file

@ -1,26 +0,0 @@
#!/bin/sh
#
# 2021 Mesar Hameed (mesar.hameed at gmail.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
name="$__object_id"
if ipset -t list | grep -qFx "Name: $name"; then
ipset -t list "$name" | grep "^Type: " | awk '{print $2}'
else
echo "x_missing_x"
fi

View file

@ -1,48 +0,0 @@
#!/bin/sh
#
# 2021 Mesar Hameed (mesar.hameed at gmail.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
### BEGIN INIT INFO
# Provides: ipset
# Required-Start: $local_fs $remote_fs
# Required-Stop: $local_fs $remote_fs
# X-Start-Before: iptables
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Create ipset lists before iptables rules require them
# Description: Applies lists found in /etc/ipset.d/*.saved
# and saves/restores previous status
### END INIT INFO
case $1 in
start)
# Restore previous state:
/usr/local/bin/ipsets-restore
;;
stop)
# Save current state before exiting:
/usr/local/bin/ipsets-save
;;
restart)
"$0" stop && "$0" start
;;
reset)
ipset flush
;;
esac

View file

@ -1,28 +0,0 @@
#!/bin/sh
#
# 2021 Mesar Hameed (mesar.hameed at gmail.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
mkdir -p /etc/ipset.d/
if [ -n "$1" ]; then
ipset -! restore < "/etc/ipset.d/$1"
else
find /etc/ipset.d/ -iname "*.saved" | while read s; do
ipset -! restore <$s
done
fi

View file

@ -1,28 +0,0 @@
#!/bin/sh
#
# 2021 Mesar Hameed (mesar.hameed at gmail.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
mkdir -p /etc/ipset.d/
if [ -n "$1" ]; then
ipset save "$1" > "/etc/ipset.d/${1}.saved"
else
ipset -t list | grep "^Name:" | awk '{print $2}' | while read s; do
ipset save $s > /etc/ipset.d/$s.saved
done
fi

View file

@ -1,79 +0,0 @@
#!/bin/sh
#
# 2021 Mesar Hameed (mesar.hameed at gmail.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
e="$__object/explorer"
p="$__object/parameter"
name="$__object_id"
type_is="$(cat "$e/type")"
type_should="$(cat "$p/type")"
state_is="$(cat "$e/state")"
state_should="$(cat "$p/state")"
needToSave=0
case $state_should in
present)
if [ "$state_is" = "absent" ]; then
echo ipset create "$name" "$type_should"
needToSave=1
elif [ "$state_is" = "present" ] && [ "$type_is" != "$type_should" ]; then
echo ipset destroy "$name"
echo "rm \"/etc/ipset.d/${name}.saved\" || true"
echo ipset create "$name" "$type_should"
needToSave=1
fi
;;
absent)
if [ "$state_is" = "present" ]; then
echo ipset destroy "$name"
echo "rm \"/etc/ipset.d/${name}.saved\" || true"
fi
;;
*)
echo "Unknown state: $state_should" >&2
exit 1
;;
esac
if [ "$state_should" = "present" ]; then
if [ -f "$p/add" ]; then
while read -r value; do
if ! grep -qFx "$value" "$e/content"; then
echo "ipset -! add $name $value"
needToSave=1
fi
done < "$p/add"
fi
if [ -f "$p/del" ]; then
while read -r value; do
if grep -qFx "$value" "$e/content"; then
echo "ipset -! del $name $value"
needToSave=1
fi
done < "$p/del"
fi
elif [ "$state_should" = "absent" ] && \( [ -f "$p/add" ] || [ -f "$p/del" ] \); then
echo "Error: ipset state absent is incompatible with --add or --del" >&2
exit 1
fi
if [ $needToSave -ne 0 ]; then
echo /usr/local/bin/ipsets-save "$name"
fi

View file

@ -1,69 +0,0 @@
cdist-type__ipset(7)
====================
NAME
----
cdist-type__ipset - Manage ipset sets
DESCRIPTION
-----------
Making use of ipset sets in iptable rules can make your rules more expressive, maintainable and efficient.
REQUIRED PARAMETERS
-------------------
type
One of the supported ipset set types, for a full list see:
``ipset help``
OPTIONAL PARAMETERS
-------------------
add
The entry that must exist in the given set.
Can be used multiple times.
del
The entry that must not exist in the given set.
Can be used multiple times.
state
Can be:
- ``present``: ensure that the given set exists.
- ``absent``: ensure the given set doesn't exist.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Make sure a set with the given name/type exists:
__ipset testset1 --type hash:ip
# Ensure allowed_ssh_clients contains private range:
__ipset allowed_ssh_hosts --type hash:net \
--add 192.168.0.0/24 --add 10.0.0.0/8
# Make sure host is not on the blocked list:
__ipset blocked_hosts --type hash:ip \
--del 1.2.3.4
SEE ALSO
--------
:strong:`cdist-type__iptables_rule`\ (7), :strong:`iptables`\ (8)
AUTHORS
-------
Mesar Hameed <mesar.hameed--@--gmail.com>
COPYING
-------
Copyright \(C) 2021 Mesar Hameed. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1,45 +0,0 @@
#!/bin/sh -e
#
# 2021 Mesar Hameed (mesar.hameed at gmail.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os=$(cat "$__global/explorer/os")
case "$os" in
debian)
:
;;
ubuntu)
:
;;
*)
echo "OS $os currently not supported" >&2
exit 1
;;
esac
export CDIST_ORDER_DEPENDENCY=on
# install packages
__package ipset
__file /etc/init.d/ipset-persistent --mode 0755 --source "${__type}/files/ipset-persistent"
__file /usr/local/bin/ipsets-restore --mode 0755 --source "${__type}/files/ipsets-restore"
__file /usr/local/bin/ipsets-save --mode 0755 --source "${__type}/files/ipsets-save"
__systemd_unit ipset-persistent --enablement-state enabled --restart
unset CDIST_ORDER_DEPENDENCY

View file

@ -1 +0,0 @@
present

View file

@ -1 +0,0 @@
state

View file

@ -1,2 +0,0 @@
add
del

View file

@ -1 +0,0 @@
type

View file

@ -1,4 +1,7 @@
#!/bin/sh
# Nico Schottelius
# Zürisee, Mon Sep 2 18:38:27 CEST 2013
#
### BEGIN INIT INFO
# Provides: iptables
# Required-Start: $local_fs $remote_fs
@ -11,72 +14,34 @@
# and saves/restores previous status
### END INIT INFO
# Originally written by:
# Nico Schottelius
# Zürisee, Mon Sep 2 18:38:27 CEST 2013
#
# 2013 Nico Schottelius (nico-cdist at schottelius.org)
# 2020 Matthias Stecher (matthiasstecher at gmx.de)
#
# This file is distributed with cdist and licenced under the
# GNU GPLv3+ WITHOUT ANY WARRANTY.
# Read files and execute the content with the given commands
#
# Arguments:
# 1: Directory
# 2..n: Commands which should be used to execute the file content
gothrough() {
cd "$1" || return
shift
# iterate through all rules and continue if it's not a file
for rule in *; do
[ -f "$rule" ] || continue
echo "Appling iptables rule $rule ..."
# execute it with all commands specificed
ruleparam="$(cat "$rule")"
for cmd in "$@"; do
# Command and Rule should be split.
# shellcheck disable=SC2046
command $cmd $ruleparam
done
done
}
# Shortcut for iptables command to do IPv4 and v6
# only applies to the "reset" target
iptables() {
command iptables "$@"
command ip6tables "$@"
}
basedir=/etc/iptables.d
status4="${basedir}/.pre-start"
status6="${basedir}/.pre-start6"
status="${basedir}/.pre-start"
case $1 in
start)
# Save status
iptables-save > "$status4"
ip6tables-save > "$status6"
iptables-save > "$status"
# Apply our ruleset
gothrough "$basedir" iptables
#gothrough "$basedir/v4" iptables # conflicts with $basedir
gothrough "$basedir/v6" ip6tables
gothrough "$basedir/all" iptables ip6tables
cd "$basedir" || exit
count="$(find . ! -name . -prune | wc -l)"
# Only do something if there are rules
if [ "$count" -ge 1 ]; then
for rule in *; do
echo "Applying iptables rule $rule ..."
# Rule should be split.
# shellcheck disable=SC2046
iptables $(cat "$rule")
done
fi
;;
stop)
# Restore from status before, if there is something to restore
if [ -f "$status4" ]; then
iptables-restore < "$status4"
fi
if [ -f "$status6" ]; then
ip6tables-restore < "$status6"
if [ -f "$status" ]; then
iptables-restore < "$status"
fi
;;
restart)

View file

@ -10,24 +10,7 @@ DESCRIPTION
-----------
This cdist type deploys an init script that triggers
the configured rules and also re-applies them on
configuration. Rules are written from __iptables_rule
into the folder ``/etc/iptables.d/``.
It reads all rules from the base folder as rules for IPv4.
Rules in the subfolder ``v6/`` are IPv6 rules. Rules in
the subfolder ``all/`` are applied to both rule tables. All
files contain the arguments for a single ``iptables`` and/or
``ip6tables`` command.
Rules are applied in the following order:
1. All IPv4 rules
2. All IPv6 rules
2. All rules that should be applied to both tables
The order of the rules that will be applied are definite
from the result the shell glob returns, which should be
alphabetical. If rules must be applied in a special order,
prefix them with a number like ``02-some-rule``.
configuration.
REQUIRED PARAMETERS
@ -41,7 +24,7 @@ None
EXAMPLES
--------
None (__iptables_apply is used by __iptables_rule automatically)
None (__iptables_apply is used by __iptables_rule)
SEE ALSO
@ -52,13 +35,11 @@ SEE ALSO
AUTHORS
-------
Nico Schottelius <nico-cdist--@--schottelius.org>
Matthias Stecher <matthiasstecher--@--gmx.de>
COPYING
-------
Copyright \(C) 2013 Nico Schottelius.
Copyright \(C) 2020 Matthias Stecher.
You can redistribute it and/or modify it under the terms of the GNU
General Public License as published by the Free Software Foundation,
either version 3 of the License, or (at your option) any later version.
Copyright \(C) 2013 Nico Schottelius. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -11,10 +11,6 @@ DESCRIPTION
This cdist type allows you to manage iptable rules
in a distribution independent manner.
See :strong:`cdist-type__iptables_apply`\ (7) for the
execution order of these rules. It will be executed
automaticly to apply all rules non-volaite.
REQUIRED PARAMETERS
-------------------
@ -29,24 +25,6 @@ state
'present' or 'absent', defaults to 'present'
BOOLEAN PARAMETERS
------------------
All rules without any of these parameters will be treated like ``--v4`` because
of backward compatibility.
v4
Explicitly set it as rule for IPv4. If IPv6 is set, too, it will be
threaten like ``--all``. Will be the default if nothing else is set.
v6
Explicitly set it as rule for IPv6. If IPv4 is set, too, it will be
threaten like ``--all``.
all
Set the rule for both IPv4 and IPv6. It will be saved separately from the
other rules.
EXAMPLES
--------
@ -70,16 +48,6 @@ EXAMPLES
--state absent
# IPv4-only rule for ICMPv4
__iptables_rule icmp-v4 --v4 --rule "-A INPUT -p icmp -j ACCEPT"
# IPv6-only rule for ICMPv6
__iptables_rule icmp-v6 --v6 --rule "-A INPUT -p icmpv6 -j ACCEPT"
# doing something for the dual stack
__iptables_rule fwd-eth0-eth1 --v4 --v6 --rule "-A INPUT -i eth0 -o eth1 -j ACCEPT"
__iptables_rule fwd-eth1-eth0 --all --rule "-A -o eth1 -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT"
SEE ALSO
--------
:strong:`cdist-type__iptables_apply`\ (7), :strong:`iptables`\ (8)
@ -88,13 +56,11 @@ SEE ALSO
AUTHORS
-------
Nico Schottelius <nico-cdist--@--schottelius.org>
Matthias Stecher <matthiasstecher--@--gmx.de>
COPYING
-------
Copyright \(C) 2013 Nico Schottelius.
Copyright \(C) 2020 Matthias Stecher.
You can redistribute it and/or modify it under the terms of the GNU
General Public License as published by the Free Software Foundation,
either version 3 of the License, or (at your option) any later version.
Copyright \(C) 2013 Nico Schottelius. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1,7 +1,6 @@
#!/bin/sh -e
#
# 2013 Nico Schottelius (nico-cdist at schottelius.org)
# 2020 Matthias Stecher (matthiasstecher at gmx.de)
#
# This file is part of cdist.
#
@ -25,36 +24,12 @@ base_dir=/etc/iptables.d
name="$__object_id"
state="$(cat "$__object/parameter/state")"
if [ -f "$__object/parameter/v4" ]; then
only_v4="yes"
# $specific_dir is $base_dir
fi
if [ -f "$__object/parameter/v6" ]; then
only_v6="yes"
specific_dir="$base_dir/v6"
fi
# If rules should be set for both protocols
if { [ "$only_v4" = "yes" ] && [ "$only_v6" = "yes" ]; } ||
[ -f "$__object/parameter/all" ]; then
# all to a specific directory
specific_dir="$base_dir/all"
fi
# set rule directory based on if it's the base or subdirectory
rule_dir="${specific_dir:-$base_dir}"
################################################################################
# Basic setup
#
__directory "$base_dir" --state present
# sub-directory if required
if [ "$specific_dir" ]; then
require="__directory/$base_dir" __directory "$specific_dir" --state present
fi
# Have apply do the real job
require="$__object_name" __iptables_apply
@ -62,15 +37,6 @@ require="$__object_name" __iptables_apply
# The rule
#
for dir in "$base_dir" "$base_dir/v6" "$base_dir/all"; do
# defaults to absent except the directory that should contain the file
if [ "$rule_dir" = "$dir" ]; then
curr_state="$state"
else
curr_state="absent"
fi
require="__directory/$rule_dir" __file "$dir/$name" \
--source "$__object/parameter/rule" \
--state "$curr_state"
done
require="__directory/$base_dir" __file "$base_dir/${name}" \
--source "$__object/parameter/rule" \
--state "$state"

View file

@ -1,3 +0,0 @@
all
v4
v6

View file

@ -40,9 +40,7 @@ else
fi
export key state delimiter value exact_delimiter
awk_bin=$(PATH=$(getconf PATH 2>/dev/null) && command -v awk || echo awk)
"${awk_bin}" -f - "$file" <<"AWK_EOF"
awk -f - "$file" <<"AWK_EOF"
BEGIN {
state=ENVIRON["state"]
key=ENVIRON["key"]

View file

@ -24,10 +24,7 @@ if [ -f "$file" ]; then
else
touch "$file"
fi
awk_bin=$(PATH=$(getconf PATH 2>/dev/null) && command -v awk || echo awk)
"${awk_bin}" -f - "$file" >"$tmpfile" <<"AWK_EOF"
awk -f - "$file" >"$tmpfile" <<"AWK_EOF"
BEGIN {
# import variables in a secure way ..
state=ENVIRON["state"]

View file

@ -25,7 +25,7 @@ state_should="$(cat "$__object/parameter/state")"
state_is="$(cat "$__object/explorer/state")"
fire_onchange=''
if [ "$state_is" = "$state_should" ]; then
if [ "$state_is" = "$state_should" ]; then
exit 0
fi

View file

@ -53,10 +53,8 @@ function _find(_text, _pattern) {
BEGIN {
getline anchor < (ENVIRON["__object"] "/parameter/" position)
getline pattern < (ENVIRON["__object"] "/parameter/" needle)
getline line < (ENVIRON["__object"] "/parameter/line")
found_line = 0
correct_line = 0
correct_pos = (position != "after" && position != "before")
}
{
@ -65,18 +63,15 @@ BEGIN {
getline
if (_find($0, pattern)) {
found_line++
if (index($0, line) == 1) { correct_line++ }
correct_pos = 1
exit 0
}
} else if (_find($0, pattern)) {
found_line++
if (index($0, line) == 1) { correct_line++ }
}
} else if (position == "before") {
if (_find($0, pattern)) {
found_line++
if (index($0, line) == 1) { correct_line++ }
getline
if (match($0, anchor)) {
correct_pos = 1
@ -86,18 +81,13 @@ BEGIN {
} else {
if (_find($0, pattern)) {
found_line++
if (index($0, line) == 1) { correct_line++ }
exit 0
}
}
}
END {
if (found_line && correct_pos) {
if (correct_line) {
print "present"
} else {
print "matching"
}
print "present"
} else if (found_line) {
print "wrongposition"
} else {

View file

@ -38,11 +38,7 @@ if [ -z "$state_is" ]; then
exit 1
fi
if [ "$state_should" = "$state_is" ] || \
{ [ "$state_should" = "present" ] && [ "$state_is" = "matching" ] ;} || \
{ [ "$state_should" = "replace" ] && [ "$state_is" = "present" ] ;} ; then
# If state matches already, or 'present' is used and regex matches
# or 'replace' is used and the exact line is present, then there is
if [ "$state_should" = "$state_is" ]; then
# nothing to do
exit 0
fi
@ -65,8 +61,8 @@ fi
add=0
remove=0
case "$state_should" in
present|replace)
if [ "$state_is" = "wrongposition" ] || [ "$state_is" = "matching" ]; then
present)
if [ "$state_is" = "wrongposition" ]; then
echo updated >> "$__messages_out"
remove=1
else

View file

@ -31,7 +31,7 @@ file
line
Specifies the line which should be absent or present.
Must be present, if state is 'present' or 'replace'.
Must be present, if state is 'present'.
Ignored if regex is given and state is 'absent'.
regex
@ -41,13 +41,10 @@ regex
If state is 'absent', ensure all lines matching the regular expression
are absent.
If state is 'replace', ensure all lines matching the regular expression
are exactly 'line'.
The regular expression is interpreted by awk's match function.
state
'present', 'absent' or 'replace', defaults to 'present'.
'present' or 'absent', defaults to 'present'
onchange
The code to run if line is added, removed or updated.
@ -102,12 +99,6 @@ EXAMPLES
--line '-session required pam_exec.so debug log=/tmp/classify.log /usr/local/libexec/classify' \
--after '^session[[:space:]]+include[[:space:]]+password-auth-ac$'
# Uncomment as needed and set a value in a configuration file.
__line /etc/example.conf \
--line 'SomeSetting SomeValue' \
--regex '^(#[[:space:]]*)?SomeSetting[[:space:]]' \
--state replace
SEE ALSO
--------

View file

@ -1 +0,0 @@
This type is deprecated. Please use __localedef instead.

View file

@ -23,15 +23,6 @@
locale="$__object_id"
state_is=$(cat "$__object/explorer/state")
state_should=$(cat "$__object/parameter/state")
# short circuit if there is nothing to do
if [ "$state_is" = "$state_should" ]; then
exit 0
fi
# Hardcoded, create a pull request with
# branching on $os in case it is at another location
alias=/usr/share/locale/locale.alias
@ -44,6 +35,8 @@ charmap=$(echo "$locale" | cut -d . -f 2)
# W-T-F!
locale_remove=$(echo "$locale" | sed 's/UTF-8/utf8/')
state=$(cat "$__object/parameter/state")
os=$(cat "$__global/explorer/os")
# Nothing to be done on alpine
@ -53,7 +46,7 @@ case "$os" in
;;
esac
case "$state_should" in
case "$state" in
present)
echo localedef -A "$alias" -f "$charmap" -i "$input" "$locale"
;;
@ -61,7 +54,7 @@ case "$state_should" in
echo localedef --delete-from-archive "$locale_remove"
;;
*)
echo "Unsupported state: $state_should" >&2
echo "Unsupported state: $state" >&2
exit 1
;;
esac

View file

@ -3,7 +3,6 @@
# 2012-2016 Steven Armstrong (steven-cdist at armstrong.cc)
# 2016 Carlos Ortigoza (carlos.ortigoza at ungleich.ch)
# 2016 Nico Schottelius (nico.schottelius at ungleich.ch)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -24,171 +23,17 @@
# Configure system-wide locale by modifying i18n file.
#
version_ge() {
awk -F '[^0-9.]' -v target="${1:?}" '
function max(x, y) { return x > y ? x : y }
BEGIN {
getline
nx = split($1, x, ".")
ny = split(target, y, ".")
for (i = 1; i <= max(nx, ny); ++i) {
diff = int(x[i]) - int(y[i])
if (diff == 0) continue
exit (diff < 0)
}
}'
}
key=$__object_id
onchange_cmd= # none, by default
quote_value=false
catval() {
# shellcheck disable=SC2059
printf "$($quote_value && echo '"%s"' || echo '%s')" "$(cat "$1")"
}
state_should=$(cat "${__object}/parameter/state")
os=$(cat "$__global/explorer/os")
case $os
in
debian)
if version_ge 4 <"${__global}/explorer/os_version"
then
# Debian 4 (etch) and later
locale_conf="/etc/default/locale"
else
locale_conf="/etc/environment"
fi
;;
devuan)
case "$os" in
debian|ubuntu)
locale_conf="/etc/default/locale"
;;
ubuntu)
if version_ge 6.10 <"${__global}/explorer/os_version"
then
# Ubuntu 6.10 (edgy) and later
locale_conf="/etc/default/locale"
else
locale_conf="/etc/environment"
fi
;;
archlinux)
locale_conf="/etc/locale.conf"
;;
centos|redhat|scientific)
# shellcheck source=/dev/null
version_id=$(. "${__global}/explorer/os_release" && echo "${VERSION_ID:-0}")
if echo "${version_id}" | version_ge 7
then
locale_conf="/etc/locale.conf"
else
locale_conf="/etc/sysconfig/i18n"
fi
;;
fedora)
# shellcheck source=/dev/null
version_id=$(. "${__global}/explorer/os_release" && echo "${VERSION_ID:-0}")
if echo "${version_id}" | version_ge 18
then
locale_conf="/etc/locale.conf"
quote_value=false
else
locale_conf="/etc/sysconfig/i18n"
fi
;;
gentoo)
case $(cat "${__global}/explorer/init")
in
(*openrc*)
locale_conf="/etc/env.d/02locale"
onchange_cmd="env-update --no-ldconfig"
quote_value=true
;;
(systemd)
locale_conf="/etc/locale.conf"
;;
esac
;;
freebsd|netbsd)
# NetBSD doesn't have a separate configuration file to set locales.
# In FreeBSD locales could be configured via /etc/login.conf but parsing
# that would be annoying, so the shell login file will have to do.
# "Non-POSIX" shells like csh will not be updated here.
locale_conf="/etc/profile"
quote_value=true
value="$(catval "${__object}/parameter/value"); export ${key}"
;;
solaris)
locale_conf="/etc/default/init"
locale_conf_group="sys"
if version_ge 5.11 <"${__global}/explorer/os_version"
then
# mode on Oracle Solaris 11 is actually 0444,
# but the write bit makes sense, IMO
locale_conf_mode=0644
# Oracle Solaris 11.2 and later uses SMF to store environment info.
# This is a hack, but I didn't feel like modifying the whole type
# just for some Oracle nonsense.
# 11.3 apparently added nlsadm(1m), but it is missing from 11.2.
# Illumos continues to use /etc/default/init
# NOTE: Remember not to use "cool" POSIX features like -q or -e with
# Solaris grep.
release_regex='Oracle Solaris 11.[2-9][0-9]*'
case $state_should
in
(present)
svccfg_cmd="svccfg -s svc:/system/environment:init setprop environment/${key} = astring: '$(cat "${__object}/parameter/value")'"
;;
(absent)
svccfg_cmd="svccfg -s svc:/system/environment:init delprop environment/${key}"
;;
esac
refresh_cmd='svcadm refresh svc:/system/environment'
onchange_cmd="grep '${release_regex}' /etc/release >&- || exit 0; ${svccfg_cmd:-:} && ${refresh_cmd}"
else
locale_conf_mode=0555
fi
;;
slackware)
# NOTE: lang.csh (csh config) is ignored here.
locale_conf="/etc/profile.d/lang.sh"
locale_conf_mode=0755
key="export ${__object_id}"
;;
suse)
if test -s "${__global}/explorer/os_release"
then
# shellcheck source=/dev/null
os_version=$(. "${__global}/explorer/os_release" && echo "${VERSION}")
else
os_version=$(sed -n 's/^VERSION\ *=\ *//p' "${__global}/explorer/os_version")
fi
os_major=$(expr "${os_version}" : '\([0-9]\{1,\}\)')
# https://documentation.suse.com/sles/15-SP2/html/SLES-all/cha-suse.html#sec-suse-l10n
if expr "${os_major}" '>=' 15 \& "${os_major}" != 42
then
# It seems that starting with SuSE 15 the systemd /etc/locale.conf
# is the preferred way to set locales, although
# /etc/sysconfig/language is still available.
# Older documentation doesn't mention /etc/locale.conf, even though
# is it created when localectl is used.
locale_conf="/etc/locale.conf"
else
locale_conf="/etc/sysconfig/language"
quote_value=true
key="RC_${__object_id}"
fi
;;
voidlinux)
locale_conf="/etc/locale.conf"
redhat|centos)
locale_conf="/etc/sysconfig/i18n"
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
@ -197,16 +42,14 @@ in
;;
esac
__file "${locale_conf}" --state exists \
--owner "${locale_conf_owner:-0}" \
--group "${locale_conf_group:-0}" \
--mode "${locale_conf_mode:-0644}"
__file "$locale_conf" \
--owner root --group root --mode 644 \
--state exists
require="__file/${locale_conf}" \
__key_value "${locale_conf}:${key#export }" \
--file "${locale_conf}" \
--key "${key}" \
--delimiter '=' --exact_delimiter \
--state "${state_should}" \
--value "${value:-$(catval "${__object}/parameter/value")}" \
--onchange "${onchange_cmd}"
require="__file/$locale_conf" \
__key_value "$locale_conf:$__object_id" \
--file "$locale_conf" \
--key "$__object_id" \
--delimiter = \
--state "$(cat "$__object/parameter/state")" \
--value "$(cat "$__object/parameter/value")"

View file

@ -1,100 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# This explorer determines if the locale is defined on the target system.
# Will print nothing on error.
#
# Possible output:
# present:
# the main locale (and possibly aliases) is present
# absent:
# neither the main locale nor any aliases are present
# alias-present:
# the main locale is absent, but at least one of its aliases is present
#
# Hardcoded, create a pull request in case it is at another location for
# some other distro. (cf. gencode-remote)
aliasfile='/usr/share/locale/locale.alias'
command -v locale >/dev/null 2>&1 || exit 0
locales=$(locale -a)
parse_locale() {
# This function will split locales into their parts. Locale strings are
# usually of the form: [language[_territory][.codeset][@modifier]]
# For simplicity, language and territory are not separated by this function.
# Old Linux systems were also using "english" or "german" as locale strings.
# Usage: parse_locale locale_str lang_var codeset_var modifier_var
eval "${2:?}"="$(expr "$1" : '\([^.@]*\)')"
eval "${3:?}"="$(expr "$1" : '[^.]*\.\([^@]*\)')"
eval "${4:?}"="$(expr "$1" : '.*@\(.*\)$')"
}
format_locale() {
# Usage: format_locale language codeset modifier
printf '%s' "$1"
test -z "$2" || printf '.%s' "$2"
test -z "$3" || printf '@%s' "$3"
printf '\n'
}
gnu_normalize_codeset() {
# reimplementation of glibc/locale/programs/localedef.c normalize_codeset()
echo "$*" | tr '[:upper:]' '[:lower:]' | tr -cd '[:alnum:]'
}
locale_available() (
echo "${locales}" | grep -qxF "$1" || {
# glibc uses "normalized" locale names in archives.
# If a locale is stored in an archive, the normalized name will be
# printed by locale, so that needs to be checked, too.
localename=$(
parse_locale "$1" _lang _codeset _modifier \
&& format_locale "${_lang:?}" "$(gnu_normalize_codeset "${_codeset?}")" \
"${_modifier?}")
echo "${locales}" | grep -qxF "${localename}"
}
)
if locale_available "${__object_id:?}"
then
echo present
else
# NOTE: locale.alias can be symlinked.
if test -e "${aliasfile}"
then
# Check if one of the aliases of the locale is defined
baselocale=$(
parse_locale "${__object_id:?}" _lang _codeset _modifiers \
&& format_locale "${_lang}" "${_codeset}")
while read -r _alias _localename
do
if test "${_localename}" = "${baselocale}" \
&& echo "${locales}" | grep -qxF "${_alias}"
then
echo alias-present
exit 0
fi
done <"${aliasfile}"
fi
echo absent
fi

View file

@ -1,5 +0,0 @@
# -*- mode: sh; indent-tabs-mode: t -*-
gnu_normalize_codeset() {
echo "$*" | tr -cd '[:alnum:]' | tr '[:upper:]' '[:lower:]'
}

Some files were not shown because too many files have changed in this diff Show more