Compare commits

..

1 commit

Author SHA1 Message Date
pedro
f6b24359d8 [type/__download] bugfix checksum not found
when the checksum is not found while using __download it displays and error
saying "no checksum from target" this information is wrong and confusing. In
fact, the state explorer is missing a default condition, when the other
conditions are not satisfied
2021-06-20 10:42:59 +02:00
109 changed files with 650 additions and 3242 deletions

View file

@ -35,9 +35,9 @@ DOCS_SRC_DIR=./docs/src
SPEECHDIR=./docs/speeches SPEECHDIR=./docs/speeches
TYPEDIR=./cdist/conf/type TYPEDIR=./cdist/conf/type
SPHINXM=$(MAKE) -C $(DOCS_SRC_DIR) man SPHINXM=make -C $(DOCS_SRC_DIR) man
SPHINXH=$(MAKE) -C $(DOCS_SRC_DIR) html SPHINXH=make -C $(DOCS_SRC_DIR) html
SPHINXC=$(MAKE) -C $(DOCS_SRC_DIR) clean SPHINXC=make -C $(DOCS_SRC_DIR) clean
################################################################################ ################################################################################
# Manpages # Manpages

View file

@ -24,8 +24,8 @@ For community-maintained types there is
## Participating ## Participating
IRC: ``#cdist`` @ [libera](https://libera.chat) IRC: ``#cdist`` @ freenode
Matrix: ``#cdist:ungleich.ch`` Matrix: ``#cdist:ungleich.ch``
Matrix and IRC are bridged. Mattermost: https://chat.ungleich.ch/ungleich/channels/cdist

View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# 2011-2022 Nico Schottelius (nico-cdist at schottelius.org) # 2011-2013 Nico Schottelius (nico-cdist at schottelius.org)
# 2016-2019 Darko Poljak (darko.poljak at gmail.com) # 2016-2019 Darko Poljak (darko.poljak at gmail.com)
# #
# This file is part of cdist. # This file is part of cdist.

View file

@ -472,6 +472,9 @@ def get_parsers():
parser['info'].set_defaults(func=cdist.info.Info.commandline) parser['info'].set_defaults(func=cdist.info.Info.commandline)
# Scan = config + further # Scan = config + further
parser['scan'] = parser['sub'].add_parser('scan', add_help=False,
parents=[parser['config']])
parser['scan'] = parser['sub'].add_parser( parser['scan'] = parser['sub'].add_parser(
'scan', parents=[parser['loglevel'], 'scan', parents=[parser['loglevel'],
parser['beta'], parser['beta'],
@ -482,31 +485,19 @@ def get_parsers():
parser['scan'].add_argument( parser['scan'].add_argument(
'-m', '--mode', help='Which modes should run', '-m', '--mode', help='Which modes should run',
action='append', default=[], action='append', default=[],
choices=['scan', 'trigger', 'config']) choices=['scan', 'trigger'])
parser['scan'].add_argument(
'--list',
action='store_true',
help='List the known hosts and exit')
parser['scan'].add_argument( parser['scan'].add_argument(
'--config', '--config',
action='store_true', action='store_true',
help='Try to configure detected hosts') help='Try to configure detected hosts')
parser['scan'].add_argument( parser['scan'].add_argument(
'-I', '--interface', '-I', '--interfaces',
action='append', default=[], required=True, action='append', default=[],
help='On which interfaces to scan/trigger') help='On which interfaces to scan/trigger')
parser['scan'].add_argument( parser['scan'].add_argument(
'--name-mapper', '-d', '--delay',
action='store', default=None, action='store', default=3600,
help='Map addresses to names, required for config mode') help='How long to wait before reconfiguring after last try')
parser['scan'].add_argument(
'-d', '--config-delay',
action='store', default=3600, type=int,
help='How long (seconds) to wait before reconfiguring after last try')
parser['scan'].add_argument(
'-t', '--trigger-delay',
action='store', default=5, type=int,
help='How long (seconds) to wait between ICMPv6 echo requests')
parser['scan'].set_defaults(func=cdist.scan.commandline.commandline) parser['scan'].set_defaults(func=cdist.scan.commandline.commandline)
for p in parser: for p in parser:

View file

@ -21,9 +21,6 @@
set +e set +e
case "$("$__explorer/os")" in case "$("$__explorer/os")" in
checkpoint)
awk '{printf("%s\n", $(NF-1))}' /etc/cp-release
;;
openwrt) openwrt)
# shellcheck disable=SC1091 # shellcheck disable=SC1091
(. /etc/openwrt_release && echo "$DISTRIB_CODENAME") (. /etc/openwrt_release && echo "$DISTRIB_CODENAME")

View file

@ -21,9 +21,6 @@
set +e set +e
case "$("$__explorer/os")" in case "$("$__explorer/os")" in
checkpoint)
cat /etc/cp-release
;;
openwrt) openwrt)
# shellcheck disable=SC1091 # shellcheck disable=SC1091
(. /etc/openwrt_release && echo "$DISTRIB_DESCRIPTION") (. /etc/openwrt_release && echo "$DISTRIB_DESCRIPTION")

View file

@ -21,9 +21,6 @@
set +e set +e
case "$("$__explorer/os")" in case "$("$__explorer/os")" in
checkpoint)
echo "CheckPoint"
;;
openwrt) openwrt)
# shellcheck disable=SC1091 # shellcheck disable=SC1091
(. /etc/openwrt_release && echo "$DISTRIB_ID") (. /etc/openwrt_release && echo "$DISTRIB_ID")

View file

@ -21,9 +21,6 @@
set +e set +e
case "$("$__explorer/os")" in case "$("$__explorer/os")" in
checkpoint)
sed /etc/cp-release -e 's/.* R\([1-9][0-9]*\)\.[0-9]*$/\1/'
;;
openwrt) openwrt)
# shellcheck disable=SC1091 # shellcheck disable=SC1091
(. /etc/openwrt_release && echo "$DISTRIB_RELEASE") (. /etc/openwrt_release && echo "$DISTRIB_RELEASE")

File diff suppressed because it is too large Load diff

View file

@ -27,18 +27,19 @@
str2bytes() { str2bytes() {
awk -F' ' ' awk -F' ' '
$2 == "B" || !$2 { print $1 } $2 == "B" || !$2 { print $1 }
$2 == "kB" { printf "%.f\n", ($1 * 1000) } $2 == "kB" { print $1 * 1000 }
$2 == "MB" { printf "%.f\n", ($1 * 1000 * 1000) } $2 == "MB" { print $1 * 1000 * 1000 }
$2 == "GB" { printf "%.f\n", ($1 * 1000 * 1000 * 1000) } $2 == "GB" { print $1 * 1000 * 1000 * 1000 }
$2 == "TB" { printf "%.f\n", ($1 * 1000 * 1000 * 1000 * 1000) } $2 == "TB" { print $1 * 1000 * 1000 * 1000 * 1000 }
$2 == "kiB" { printf "%.f\n", ($1 * 1024) } $2 == "kiB" { print $1 * 1024 }
$2 == "MiB" { printf "%.f\n", ($1 * 1024 * 1024) } $2 == "MiB" { print $1 * 1024 * 1024 }
$2 == "GiB" { printf "%.f\n", ($1 * 1024 * 1024 * 1024) } $2 == "GiB" { print $1 * 1024 * 1024 * 1024 }
$2 == "TiB" { printf "%.f\n", ($1 * 1024 * 1024 * 1024 * 1024) }' $2 == "TiB" { print $1 * 1024 * 1024 * 1024 * 1024 }'
} }
bytes2kib() { bytes2kib() {
awk '$0 > 0 { printf "%.f\n", ($0 / 1024) }' set -- "$(cat)"
test "$1" -gt 0 && echo $(($1 / 1024))
} }

View file

@ -116,13 +116,6 @@ if [ -f /etc/slackware-version ]; then
exit 0 exit 0
fi fi
# Appliances
if grep -q '^Check Point Gaia' /etc/cp-release 2>/dev/null; then
echo checkpoint
exit 0
fi
uname_s="$(uname -s)" uname_s="$(uname -s)"
# Assume there is no tr on the client -> do lower case ourselves # Assume there is no tr on the client -> do lower case ourselves

View file

@ -34,9 +34,5 @@ elif test -f /var/run/os-release
then then
# FreeBSD (created by os-release service) # FreeBSD (created by os-release service)
cat /var/run/os-release cat /var/run/os-release
elif test -f /etc/cp-release
then
# Checkpoint firewall or management (actually linux based)
cat /etc/cp-release
fi fi

View file

@ -1,7 +1,6 @@
#!/bin/sh -e #!/bin/sh
# #
# 2010-2011 Nico Schottelius (nico-cdist at schottelius.org) # 2010-2011 Nico Schottelius (nico-cdist at schottelius.org)
# 2020-2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -18,22 +17,12 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
#
# All os variables are lower case # All os variables are lower case
# #
#
rc_getvar() { case "$("$__explorer/os")" in
awk -F= -v varname="$2" '
function unquote(s) {
if (s ~ /^".*"$/ || s ~ /^'\''.*'\''$/)
return substr(s, 2, length(s) - 2)
else
return s
}
$1 == varname { print unquote(substr($0, index($0, "=") + 1)) }' "$1"
}
case $("${__explorer:?}/os")
in
amazon) amazon)
cat /etc/system-release cat /etc/system-release
;; ;;
@ -41,9 +30,6 @@ in
# empty, but well... # empty, but well...
cat /etc/arch-release cat /etc/arch-release
;; ;;
checkpoint)
awk '{version=$NF; printf("%s\n", substr(version, 2))}' /etc/cp-release
;;
debian) debian)
debian_version=$(cat /etc/debian_version) debian_version=$(cat /etc/debian_version)
case $debian_version case $debian_version
@ -57,8 +43,6 @@ in
# sid versions don't have a number, so we decode by codename: # sid versions don't have a number, so we decode by codename:
case $(expr "$debian_version" : '\([a-z]\{1,\}\)/') case $(expr "$debian_version" : '\([a-z]\{1,\}\)/')
in in
trixie) echo 12.99 ;;
bookworm) echo 11.99 ;;
bullseye) echo 10.99 ;; bullseye) echo 10.99 ;;
buster) echo 9.99 ;; buster) echo 9.99 ;;
stretch) echo 8.99 ;; stretch) echo 8.99 ;;
@ -66,7 +50,7 @@ in
wheezy) echo 6.99 ;; wheezy) echo 6.99 ;;
squeeze) echo 5.99 ;; squeeze) echo 5.99 ;;
lenny) echo 4.99 ;; lenny) echo 4.99 ;;
*) echo 99.99 ;; *) exit 1
esac esac
;; ;;
*) *)
@ -75,24 +59,7 @@ in
esac esac
;; ;;
devuan) devuan)
devuan_version=$(cat /etc/devuan_version) cat /etc/devuan_version
case ${devuan_version}
in
(*/ceres)
# ceres versions don't have a number, so we decode by codename:
case ${devuan_version}
in
(daedalus/ceres) echo 4.99 ;;
(chimaera/ceres) echo 3.99 ;;
(beowulf/ceres) echo 2.99 ;;
(ascii/ceres) echo 1.99 ;;
(*) exit 1
esac
;;
(*)
echo "${devuan_version}"
;;
esac
;; ;;
fedora) fedora)
cat /etc/fedora-release cat /etc/fedora-release
@ -101,20 +68,12 @@ in
cat /etc/gentoo-release cat /etc/gentoo-release
;; ;;
macosx) macosx)
# NOTE: Legacy versions (< 10.3) do not support options sw_vers -productVersion
sw_vers | awk -F ':[ \t]+' '$1 == "ProductVersion" { print $2 }'
;; ;;
freebsd) freebsd)
# Apparently uname -r is not a reliable way to get the patch level. # Apparently uname -r is not a reliable way to get the patch level.
# See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743 # See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743
if command -v freebsd-version >/dev/null 2>&1 freebsd-version
then
# get userland version
freebsd-version -u
else
# fallback to kernel release for FreeBSD < 10.0
uname -r
fi
;; ;;
*bsd|solaris) *bsd|solaris)
uname -r uname -r
@ -139,20 +98,7 @@ in
fi fi
;; ;;
ubuntu) ubuntu)
if command -v lsb_release >/dev/null 2>&1
then
lsb_release -sr lsb_release -sr
elif test -r /usr/lib/os-release
then
# fallback to /usr/lib/os-release if lsb_release is not present (like
# on minimized Ubuntu installations)
rc_getvar /usr/lib/os-release VERSION_ID
elif test -r /etc/lsb-release
then
# extract DISTRIB_RELEASE= variable from /etc/lsb-release on old
# versions without /usr/lib/os-release.
rc_getvar /etc/lsb-release DISTRIB_RELEASE
fi
;; ;;
alpine) alpine)
cat /etc/alpine-release cat /etc/alpine-release

View file

@ -28,7 +28,6 @@
# lsb_release may not be given in all installations # lsb_release may not be given in all installations
codename_os_release() { codename_os_release() {
# shellcheck disable=SC1090 # shellcheck disable=SC1090
# shellcheck disable=SC1091
. "$__global/explorer/os_release" . "$__global/explorer/os_release"
printf "%s" "$VERSION_CODENAME" printf "%s" "$VERSION_CODENAME"
} }

View file

@ -24,4 +24,4 @@ else
name="$__object_id" name="$__object_id"
fi fi
apt-mark showhold | grep -q "^${name}$" && echo hold || echo unhold apt-mark showhold | grep -Fq "$name" && echo hold || echo unhold

View file

@ -1,79 +0,0 @@
cdist-type__apt_pin(7)
======================
NAME
----
cdist-type__apt_pin - Manage apt pinning rules
DESCRIPTION
-----------
Adds/removes/edits rules to pin some packages to a specific distribution. Useful if using multiple debian repositories at the same time. (Useful, if one wants to use a few specific packages from backports or perhaps Debain testing... or even sid.)
REQUIRED PARAMETERS
-------------------
distribution
Specifies what distribution the package should be pinned to. Accepts both codenames (buster/bullseye/sid) and suite names (stable/testing/...).
OPTIONAL PARAMETERS
-------------------
package
Package name, glob or regular expression to match (multiple) packages. If not specified `__object_id` is used.
priority
The priority value to assign to matching packages. Deafults to 500. (To match the default target distro's priority)
state
Will be passed to underlying `__file` type; see there for valid values and defaults.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Add the bullseye repo to buster, but do not install any packages by default,
# only if explicitely asked for (-1 means "never" for apt)
__apt_pin bullseye-default \
--package "*" \
--distribution bullseye \
--priority -1
require="__apt_pin/bullseye-default" __apt_source bullseye \
--uri http://deb.debian.org/debian/ \
--distribution bullseye \
--component main
__apt_pin foo --package "foo foo-*" --distribution bullseye
__foo # Assuming, this installs the `foo` package internally
__package foo-plugin-extras # Assuming we also need some extra stuff
SEE ALSO
--------
:strong:`apt_preferences`\ (5)
:strong:`cdist-type__apt_source`\ (7)
:strong:`cdist-type__apt_backports`\ (7)
:strong:`cdist-type__file`\ (7)
AUTHORS
-------
Daniel Fancsali <fancsali@gmail.com>
COPYING
-------
Copyright \(C) 2021 Daniel Fancsali. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1,68 +0,0 @@
#!/bin/sh -e
#
# 2021 Daniel Fancsali (fancsali@gmail.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
name="$__object_id"
os=$(cat "$__global/explorer/os")
state="$(cat "$__object/parameter/state")"
if [ -f "$__object/parameter/package" ]; then
package="$(cat "$__object/parameter/package")"
else
package=$name
fi
distribution="$(cat "$__object/parameter/distribution")"
priority="$(cat "$__object/parameter/priority")"
case "$os" in
debian|ubuntu|devuan)
;;
*)
printf "This type is specific to Debian and it's derivatives" >&2
exit 1
;;
esac
case $distribution in
stable|testing|unstable|experimental)
pin="release a=$distribution"
;;
*)
pin="release n=$distribution"
;;
esac
__file "/etc/apt/preferences.d/$name" \
--owner root --group root --mode 0644 \
--state "$state" \
--source - << EOF
# Created by cdist ${__type##*/}
# Do not change. Changes will be overwritten.
#
# $name
Package: $package
Pin: $pin
Pin-Priority: $priority
EOF

View file

@ -1 +0,0 @@
present

View file

@ -1,3 +0,0 @@
state
package
priority

View file

@ -1 +0,0 @@
distribution

View file

@ -0,0 +1,55 @@
#!/usr/bin/env python
#
# Remove the given apt repository.
#
# Exit with:
# 0: if it worked
# 1: if not
# 2: on other error
import os
import sys
from aptsources import distro, sourceslist
from softwareproperties import ppa
from softwareproperties.SoftwareProperties import SoftwareProperties
def remove_if_empty(file_name):
with open(file_name, 'r') as f:
if f.read().strip():
return
os.unlink(file_name)
def remove_repository(repository):
#print 'repository:', repository
codename = distro.get_distro().codename
#print 'codename:', codename
(line, file) = ppa.expand_ppa_line(repository.strip(), codename)
#print 'line:', line
#print 'file:', file
deb_source_entry = sourceslist.SourceEntry(line, file)
src_source_entry = sourceslist.SourceEntry('deb-src{}'.format(line[3:]), file)
try:
sp = SoftwareProperties()
sp.remove_source(deb_source_entry)
try:
# If there's a deb-src entry, remove that too
sp.remove_source(src_source_entry)
except:
pass
remove_if_empty(file)
return True
except ValueError:
print >> sys.stderr, "Error: '%s' doesn't exists in a sourcelist file" % line
return False
if __name__ == '__main__':
if (len(sys.argv) != 2):
print >> sys.stderr, 'Error: need a repository as argument'
sys.exit(2)
repository = sys.argv[1]
if remove_repository(repository):
sys.exit(0)
else:
sys.exit(1)

View file

@ -29,9 +29,9 @@ fi
case "$state_should" in case "$state_should" in
present) present)
echo "add-apt-repository -y '$name'" echo "add-apt-repository '$name'"
;; ;;
absent) absent)
echo "add-apt-repository -r -y '$name'" echo "remove-apt-repository '$name'"
;; ;;
esac esac

View file

@ -20,4 +20,9 @@
__package software-properties-common __package software-properties-common
require="__package/software-properties-common" \
__file /usr/local/bin/remove-apt-repository \
--source "$__type/files/remove-apt-repository" \
--mode 0755
require="$__object_name" __apt_update_index require="$__object_name" __apt_update_index

View file

@ -2,14 +2,13 @@
set -u set -u
entry="$uri $distribution $component" entry="$uri $distribution $component"
cat << DONE cat << DONE
# Created by cdist ${__type##*/} # Created by cdist ${__type##*/}
# Do not change. Changes will be overwritten. # Do not change. Changes will be overwritten.
# #
# $name # $name
deb ${options} $entry deb ${forcedarch} $entry
DONE DONE
if [ -f "$__object/parameter/include-src" ]; then if [ -f "$__object/parameter/include-src" ]; then
echo "deb-src $entry" echo "deb-src $entry"

View file

@ -22,21 +22,7 @@
name="$__object_id" name="$__object_id"
destination="/etc/apt/sources.list.d/${name}.list" destination="/etc/apt/sources.list.d/${name}.list"
# There are special arguments to apt(8) to prevent aborts if apt woudn't been
# updated after the 19th April 2021 till the bullseye release. The additional
# arguments acknoledge the happend suite change (the apt(8) update does the
# same by itself).
#
# Using '-o $config' instead of the --allow-releaseinfo-change-* parameter
# allows backward compatablility to pre-buster Debian versions.
#
# See more: ticket #861
# https://code.ungleich.ch/ungleich-public/cdist/-/issues/861
apt_opts="-o Acquire::AllowReleaseInfoChange::Suite=true -o Acquire::AllowReleaseInfoChange::Version=true"
# run 'apt-get update' only if something changed with our sources.list file
# it will be run a second time on error as a redundancy messure to success
if grep -q "^__file${destination}" "$__messages_in"; then if grep -q "^__file${destination}" "$__messages_in"; then
printf 'apt-get %s update || apt-get %s update\n' "$apt_opts" "$apt_opts" printf 'apt-get update || apt-get update\n'
fi fi

View file

@ -23,9 +23,6 @@ OPTIONAL PARAMETERS
arch arch
set this if you need to force and specific arch (ubuntu specific) set this if you need to force and specific arch (ubuntu specific)
signed-by
provide a GPG key fingerprint or keyring path for signature checks
state state
'present' or 'absent', defaults to 'present' 'present' or 'absent', defaults to 'present'
@ -59,11 +56,6 @@ EXAMPLES
--uri http://archive.canonical.com/ \ --uri http://archive.canonical.com/ \
--component partner --state present --component partner --state present
__apt_source goaccess \
--uri http://deb.goaccess.io/ \
--component main \
--signed-by C03B48887D5E56B046715D3297BD1A0133449C3D
AUTHORS AUTHORS
------- -------

View file

@ -21,7 +21,6 @@
name="$__object_id" name="$__object_id"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"
uri="$(cat "$__object/parameter/uri")" uri="$(cat "$__object/parameter/uri")"
options=""
if [ -f "$__object/parameter/distribution" ]; then if [ -f "$__object/parameter/distribution" ]; then
distribution="$(cat "$__object/parameter/distribution")" distribution="$(cat "$__object/parameter/distribution")"
@ -32,15 +31,9 @@ fi
component="$(cat "$__object/parameter/component")" component="$(cat "$__object/parameter/component")"
if [ -f "$__object/parameter/arch" ]; then if [ -f "$__object/parameter/arch" ]; then
options="arch=$(cat "$__object/parameter/arch")" forcedarch="[arch=$(cat "$__object/parameter/arch")]"
fi else
forcedarch=""
if [ -f "$__object/parameter/signed-by" ]; then
options="$options signed-by=$(cat "$__object/parameter/signed-by")"
fi
if [ "$options" ]; then
options="[$options]"
fi fi
# export variables for use in template # export variables for use in template
@ -48,7 +41,7 @@ export name
export uri export uri
export distribution export distribution
export component export component
export options export forcedarch
# generate file from template # generate file from template
mkdir "$__object/files" mkdir "$__object/files"

View file

@ -2,4 +2,3 @@ state
distribution distribution
component component
arch arch
signed-by

View file

@ -18,23 +18,9 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
# There are special arguments to apt(8) to prevent aborts if apt woudn't been
# updated after the 19th April 2021 till the bullseye release. The additional
# arguments acknoledge the happend suite change (the apt(8) update does the
# same by itself).
#
# Using '-o $config' instead of the --allow-releaseinfo-change-* parameter
# allows backward compatablility to pre-buster Debian versions.
#
# See more: ticket #861
# https://code.ungleich.ch/ungleich-public/cdist/-/issues/861
apt_opts="-o Acquire::AllowReleaseInfoChange::Suite=true -o Acquire::AllowReleaseInfoChange::Version=true"
# run 'apt-get update' if anything in /etc/apt is newer then /var/lib/apt/lists # run 'apt-get update' if anything in /etc/apt is newer then /var/lib/apt/lists
# it will be run a second time on error as a redundancy messure to success
cat << DONE cat << DONE
if find /etc/apt -mindepth 1 -cnewer /var/lib/apt/lists | grep . > /dev/null; then if find /etc/apt -mindepth 1 -cnewer /var/lib/apt/lists | grep . > /dev/null; then
apt-get $apt_opts update || apt-get $apt_opts update apt-get update || apt-get update
fi fi
DONE DONE

View file

@ -1,142 +0,0 @@
#!/bin/sh -e
#
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Determine current debconf selections' state.
# Prints one of:
# present: all selections are already set as they should.
# different: one or more of the selections have a different value.
# absent: one or more of the selections are not (currently) defined.
#
test -x /usr/bin/perl || {
# cannot find perl (no perl ~ no debconf)
echo 'absent'
exit 0
}
linesfile="${__object:?}/parameter/line"
test -s "${linesfile}" || {
if test -s "${__object:?}/parameter/file"
then
echo absent
else
echo present
fi
exit 0
}
# assert __type_explorer is set (because it is used by the Perl script)
: "${__type_explorer:?}"
/usr/bin/perl -- - "${linesfile}" <<'EOF'
use strict;
use warnings "all";
use Fcntl qw(:DEFAULT :flock);
use Debconf::Db;
use Debconf::Question;
# Extract @known... arrays from debconf-set-selections
# These values are required to distinguish flags and values in the given lines.
# DC: I couldn't think of a more ugly solution to the problem…
my @knownflags;
my @knowntypes;
my $debconf_set_selections = '/usr/bin/debconf-set-selections';
if (-e $debconf_set_selections) {
my $sed_known = 's/^my \(@known\(flags\|types\) = qw([a-z ]*);\).*$/\1/p';
eval `sed -n '$sed_known' '$debconf_set_selections'`;
}
sub mungeline ($) {
my $line = shift;
chomp $line;
$line =~ s/\r$//;
return $line;
}
sub fatal { printf STDERR @_; exit 1; }
my $state = 'present';
sub state {
my $new = shift;
if ($state eq 'present'
or ($state eq 'different' and $new eq 'absent')) {
$state = $new;
}
}
# Load Debconf DB but manually lock on the state explorer script,
# because Debconf aborts immediately if executed concurrently.
# This is not really an ideal solution because the Debconf DB could be locked by
# another process (e.g. apt-get), but no way to achieve this could be found.
# If you know how to, please provide a patch.
my $lockfile = "%ENV{'__type_explorer'}/state";
if (open my $lock_fh, '+<', $lockfile) {
flock $lock_fh, LOCK_EX or die "Cannot lock $lockfile";
}
{
Debconf::Db->load(readonly => 'true');
}
while (<>) {
# Read and process lines (taken from debconf-set-selections)
$_ = mungeline($_);
while (/\\$/ && ! eof) {
s/\\$//;
$_ .= mungeline(<>);
}
next if /^\s*$/ || /^\s*\#/;
my ($owner, $label, $type, $content) = /^\s*(\S+)\s+(\S+)\s+(\S+)(?:\s(.*))?/
or fatal "invalid line: %s\n", $_;
$content = '' unless defined $content;
# Compare is and should state
my $q = Debconf::Question->get($label);
unless (defined $q) {
# probably a preseed
state 'absent';
next;
}
if (grep { $_ eq $q->type } @knownflags) {
# This line wants to set a flag, presumably.
if ($q->flag($q->type) ne $content) {
state 'different';
}
} else {
# Otherwise, it's probably a value…
if ($q->value ne $content) {
state 'different';
}
unless (grep { $_ eq $owner } (split /, /, $q->owners)) {
state 'different';
}
}
}
printf "%s\n", $state;
EOF

View file

@ -1,7 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2011-2014 Nico Schottelius (nico-cdist at schottelius.org) # 2011-2014 Nico Schottelius (nico-cdist at schottelius.org)
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -18,37 +17,16 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
#
# Setup selections
#
if test -f "${__object:?}/parameter/line" filename="$(cat "$__object/parameter/file")"
then
filename="${__object:?}/parameter/line" if [ "$filename" = "-" ]; then
elif test -s "${__object:?}/parameter/file" filename="$__object/stdin"
then
filename=$(cat "${__object:?}/parameter/file")
if test "${filename}" = '-'
then
filename="${__object:?}/stdin"
fi
else
printf 'Neither --line nor --file set.\n' >&2
exit 1
fi fi
# setting no lines makes no sense echo "debconf-set-selections << __file-eof"
test -s "${filename}" || exit 0 cat "$filename"
echo "__file-eof"
state_is=$(cat "${__object:?}/explorer/state")
if test "${state_is}" != 'present'
then
cat <<-CODE
debconf-set-selections <<'EOF'
$(cat "${filename}")
EOF
CODE
awk '
{
printf "set %s %s %s %s\n", $1, $2, $3, $4
}' "${filename}" >>"${__messages_out:?}"
fi

View file

@ -8,33 +8,15 @@ cdist-type__debconf_set_selections - Setup debconf selections
DESCRIPTION DESCRIPTION
----------- -----------
On Debian and alike systems :strong:`debconf-set-selections`\ (1) can be used On Debian and alike systems debconf-set-selections(1) can be used
to setup configuration parameters. to setup configuration parameters.
REQUIRED PARAMETERS REQUIRED PARAMETERS
------------------- -------------------
cf. ``--line``.
OPTIONAL PARAMETERS
-------------------
file file
Use the given filename as input for :strong:`debconf-set-selections`\ (1) Use the given filename as input for debconf-set-selections(1)
If filename is ``-``, read from stdin. If filename is "-", read from stdin.
**This parameter is deprecated, because it doesn't work with state detection.**
line
A line in :strong:`debconf-set-selections`\ (1) compatible format.
This parameter can be used multiple times to set multiple options.
(This parameter is actually required, but marked optional because the
deprecated ``--file`` is still accepted.)
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES EXAMPLES
@ -42,29 +24,30 @@ EXAMPLES
.. code-block:: sh .. code-block:: sh
# Setup gitolite's gituser # Setup configuration for nslcd
__debconf_set_selections nslcd --line 'gitolite gitolite/gituser string git' __debconf_set_selections nslcd --file /path/to/file
# Setup configuration for nslcd from a file. # Setup configuration for nslcd from another type
# NB: Multiple lines can be passed to --line, although this can be considered a hack. __debconf_set_selections nslcd --file "$__type/files/preseed/nslcd"
__debconf_set_selections nslcd --line "$(cat "${__files:?}/preseed/nslcd.debconf")"
__debconf_set_selections nslcd --file - << eof
gitolite gitolite/gituser string git
eof
SEE ALSO SEE ALSO
-------- --------
- :strong:`cdist-type__update_alternatives`\ (7) :strong:`debconf-set-selections`\ (1), :strong:`cdist-type__update_alternatives`\ (7)
- :strong:`debconf-set-selections`\ (1)
AUTHORS AUTHORS
------- -------
| Nico Schottelius <nico-cdist--@--schottelius.org> Nico Schottelius <nico-cdist--@--schottelius.org>
| Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
COPYING COPYING
------- -------
Copyright \(C) 2011-2014 Nico Schottelius, 2021 Dennis Camera. Copyright \(C) 2011-2014 Nico Schottelius. You can redistribute it
You can redistribute it and/or modify it under the terms of the GNU General and/or modify it under the terms of the GNU General Public License as
Public License as published by the Free Software Foundation, either version 3 of published by the Free Software Foundation, either version 3 of the
the License, or (at your option) any later version. License, or (at your option) any later version.

View file

@ -1 +0,0 @@
'file' has been deprecated in favour of 'line' in order to provide idempotency.

View file

@ -37,12 +37,6 @@ state
source source
forwarded to :strong:`__file` type forwarded to :strong:`__file` type
file
forwarded to :strong:`__file` type
This can be used if multiple users need to have a dotfile updated,
which will result in duplicate object id errors. When using the
file parameter the object id can be some unique value.
MESSAGES MESSAGES
-------- --------
@ -67,15 +61,6 @@ EXAMPLES
# Install default xmonad config for user 'eve'. Parent directory is created automatically. # Install default xmonad config for user 'eve'. Parent directory is created automatically.
__dot_file .xmonad/xmonad.hs --user eve --state exists --source "$__files/xmonad.hs" __dot_file .xmonad/xmonad.hs --user eve --state exists --source "$__files/xmonad.hs"
# install .vimrc for root and some users
for user in root userx usery userz; do
__dot_file "${user}_dot_vimrc" \
--user $user \
--file .vimrc \
--state exists \
--source "$__files/$user/.vimrc"
done
SEE ALSO SEE ALSO
-------- --------

View file

@ -20,19 +20,13 @@ user="$(cat "${__object}/parameter/user")"
home="$(cat "${__object}/explorer/home")" home="$(cat "${__object}/explorer/home")"
primary_group="$(cat "${__object}/explorer/primary_group")" primary_group="$(cat "${__object}/explorer/primary_group")"
dirmode="$(cat "${__object}/parameter/dirmode")" dirmode="$(cat "${__object}/parameter/dirmode")"
if [ -f "${__object}/parameter/file" ]; then
file="$(cat "${__object}/parameter/file")"
else
file="${__object_id}"
fi
# Create parent directory. Type __directory has flag 'parents', but it # Create parent directory. Type __directory has flag 'parents', but it
# will leave us with root-owned directory in user home, which is not # will leave us with root-owned directory in user home, which is not
# acceptable. So we create parent directories one-by-one. XXX: maybe # acceptable. So we create parent directories one-by-one. XXX: maybe
# it should be fixed in '__directory'? # it should be fixed in '__directory'?
set -- set --
subpath=${file} subpath=${__object_id}
while subpath="$(dirname "${subpath}")" ; do while subpath="$(dirname "${subpath}")" ; do
[ "${subpath}" = . ] && break [ "${subpath}" = . ] && break
set -- "${subpath}" "$@" set -- "${subpath}" "$@"
@ -70,4 +64,4 @@ if [ "${source}" = "-" ] ; then
fi fi
unset source unset source
__file "${home}/${file}" --owner "$user" --group "$primary_group" "$@" __file "${home}/${__object_id}" --owner "$user" --group "$primary_group" "$@"

View file

@ -0,0 +1,19 @@
#!/bin/sh -e
if [ -f "$__object/parameter/cmd-get" ]
then
cmd="$( cat "$__object/parameter/cmd-get" )"
elif command -v curl > /dev/null
then
cmd="curl -L -o - '%s'"
elif command -v fetch > /dev/null
then
cmd="fetch -o - '%s'"
else
cmd="wget -O - '%s'"
fi
echo "$cmd"

View file

@ -1,16 +0,0 @@
#!/bin/sh -e
if [ -f "$__object/parameter/cmd-get" ]
then
cat "$__object/parameter/cmd-get"
elif
command -v curl > /dev/null
then
echo "curl -sSL -o - '%s'"
elif
command -v fetch > /dev/null
then
echo "fetch -o - '%s'"
else
echo "wget -O - '%s'"
fi

View file

@ -1,82 +0,0 @@
#!/bin/sh -e
if [ ! -f "$__object/parameter/sum" ]
then
exit 0
fi
if [ -f "$__object/parameter/cmd-sum" ]
then
cat "$__object/parameter/cmd-sum"
exit 0
fi
sum_should="$( cat "$__object/parameter/sum" )"
if echo "$sum_should" | grep -Fq ':'
then
sum_hash="$( echo "$sum_should" | cut -d : -f 1 )"
else
if echo "$sum_should" | grep -Eq '^[0-9]+\s[0-9]+$'
then
sum_hash='cksum'
elif
echo "$sum_should" | grep -Eiq '^[a-f0-9]{32}$'
then
sum_hash='md5'
elif
echo "$sum_should" | grep -Eiq '^[a-f0-9]{40}$'
then
sum_hash='sha1'
elif
echo "$sum_should" | grep -Eiq '^[a-f0-9]{64}$'
then
sum_hash='sha256'
else
echo 'hash format detection failed' >&2
exit 1
fi
fi
os="$( "$__explorer/os" )"
case "$sum_hash" in
cksum)
echo "cksum %s | awk '{print \$1\" \"\$2}'"
;;
md5)
case "$os" in
freebsd)
echo "md5 -q %s"
;;
*)
echo "md5sum %s | awk '{print \$1}'"
;;
esac
;;
sha1)
case "$os" in
freebsd)
echo "sha1 -q %s"
;;
*)
echo "sha1sum %s | awk '{print \$1}'"
;;
esac
;;
sha256)
case "$os" in
freebsd)
echo "sha256 -q %s"
;;
*)
echo "sha256sum %s | awk '{print \$1}'"
;;
esac
;;
*)
# we arrive here only if --sum is given with unknown format prefix
echo "unknown hash format: $sum_hash" >&2
exit 1
;;
esac

View file

@ -1,11 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
if [ -f "$__object/parameter/destination" ]
then
dst="$( cat "$__object/parameter/destination" )"
else
dst="/$__object_id" dst="/$__object_id"
fi
if [ ! -f "$dst" ] if [ ! -f "$dst" ]
then then
@ -21,19 +16,60 @@ fi
sum_should="$( cat "$__object/parameter/sum" )" sum_should="$( cat "$__object/parameter/sum" )"
if echo "$sum_should" | grep -Fq ':' if [ -f "$__object/parameter/cmd-sum" ]
then then
sum_should="$( echo "$sum_should" | cut -d : -f 2 )"
fi
sum_cmd="$( "$__type_explorer/remote_cmd_sum" )"
# shellcheck disable=SC2059 # shellcheck disable=SC2059
sum_is="$( eval "$( printf "$sum_cmd" "'$dst'" )" )" sum_is="$( eval "$( printf \
"$( cat "$__object/parameter/cmd-sum" )" \
"$dst" )" )"
else
os="$( "$__explorer/os" )"
if echo "$sum_should" | grep -Eq '^[0-9]+\s[0-9]+$'
then
sum_is="$( cksum "$dst" | awk '{print $1" "$2}' )"
elif echo "$sum_should" | grep -Eiq '^md5:[a-f0-9]{32}$'
then
case "$os" in
freebsd)
sum_is="md5:$( md5 -q "$dst" )"
;;
*)
sum_is="md5:$( md5sum "$dst" | awk '{print $1}' )"
;;
esac
elif echo "$sum_should" | grep -Eiq '^sha1:[a-f0-9]{40}$'
then
case "$os" in
freebsd)
sum_is="sha1:$( sha1 -q "$dst" )"
;;
*)
sum_is="sha1:$( sha1sum "$dst" | awk '{print $1}' )"
;;
esac
elif echo "$sum_should" | grep -Eiq '^sha256:[a-f0-9]{64}$'
then
case "$os" in
freebsd)
sum_is="sha256:$( sha256 -q "$dst" )"
;;
*)
sum_is="sha256:$( sha256sum "$dst" | awk '{print $1}' )"
;;
esac
else
echo "could not detect checksum method, check type's manual" >&2
exit 1
fi
fi
if [ -z "$sum_is" ] if [ -z "$sum_is" ]
then then
echo 'existing destination checksum failed' >&2 echo 'no checksum from target' >&2
exit 1 exit 1
fi fi

View file

@ -11,133 +11,34 @@ fi
url="$( cat "$__object/parameter/url" )" url="$( cat "$__object/parameter/url" )"
if [ -f "$__object/parameter/destination" ] tmp="$( mktemp )"
then
dst="$( cat "$__object/parameter/destination" )"
else
dst="/$__object_id" dst="/$__object_id"
fi
if [ -f "$__object/parameter/cmd-get" ] if [ -f "$__object/parameter/cmd-get" ]
then then
cmd="$( cat "$__object/parameter/cmd-get" )" cmd="$( cat "$__object/parameter/cmd-get" )"
elif command -v wget > /dev/null
then
cmd="wget -O - '%s'"
elif command -v curl > /dev/null elif command -v curl > /dev/null
then then
cmd="curl -sSL -o - '%s'" cmd="curl -L -o - '%s'"
elif command -v fetch > /dev/null elif command -v fetch > /dev/null
then then
cmd="fetch -o - '%s'" cmd="fetch -o - '%s'"
elif command -v wget > /dev/null
then
cmd="wget -O - '%s'"
else else
echo 'local download failed, no usable utility' >&2 echo 'no usable locally installed utility for downloading' >&2
exit 1 exit 1
fi fi
echo "download_tmp=\"\$( mktemp )\"" printf "$cmd > %s\n" \
"$url" \
# shellcheck disable=SC2059 "$tmp"
printf "$cmd > \"\$download_tmp\"\n" "$url"
if [ -f "$__object/parameter/sum" ]
then
sum_should="$( cat "$__object/parameter/sum" )"
if [ -f "$__object/parameter/cmd-sum" ]
then
local_cmd_sum="$( cat "$__object/parameter/cmd-sum" )"
else
if echo "$sum_should" | grep -Fq ':'
then
sum_hash="$( echo "$sum_should" | cut -d : -f 1 )"
sum_should="$( echo "$sum_should" | cut -d : -f 2 )"
else
if echo "$sum_should" | grep -Eq '^[0-9]+\s[0-9]+$'
then
sum_hash='cksum'
elif
echo "$sum_should" | grep -Eiq '^[a-f0-9]{32}$'
then
sum_hash='md5'
elif
echo "$sum_should" | grep -Eiq '^[a-f0-9]{40}$'
then
sum_hash='sha1'
elif
echo "$sum_should" | grep -Eiq '^[a-f0-9]{64}$'
then
sum_hash='sha256'
else
echo 'hash format detection failed' >&2
exit 1
fi
fi
case "$sum_hash" in
cksum)
local_cmd_sum="cksum %s | awk '{print \$1\" \"\$2}'"
;;
md5)
if command -v md5 > /dev/null
then
local_cmd_sum="md5 -q %s"
elif
command -v md5sum > /dev/null
then
local_cmd_sum="md5sum %s | awk '{print \$1}'"
fi
;;
sha1)
if command -v sha1 > /dev/null
then
local_cmd_sum="sha1 -q %s"
elif
command -v sha1sum > /dev/null
then
local_cmd_sum="sha1sum %s | awk '{print \$1}'"
fi
;;
sha256)
if command -v sha256 > /dev/null
then
local_cmd_sum="sha256 -q %s"
elif
command -v sha256sum > /dev/null
then
local_cmd_sum="sha256sum %s | awk '{print \$1}'"
fi
;;
*)
# we arrive here only if --sum is given with unknown format prefix
echo "unknown hash format: $sum_hash" >&2
exit 1
;;
esac
if [ -z "$local_cmd_sum" ]
then
echo 'local checksum verification failed, no usable utility' >&2
exit 1
fi
fi
# shellcheck disable=SC2059
echo "sum_is=\"\$( $( printf "$local_cmd_sum" "\"\$download_tmp\"" ) )\""
echo "if [ \"\$sum_is\" != '$sum_should' ]; then"
echo "echo 'local download checksum mismatch' >&2"
echo "rm -f \"\$download_tmp\""
echo 'exit 1; fi'
fi
if echo "$__target_host" | grep -Eq '^[0-9a-fA-F:]+$' if echo "$__target_host" | grep -Eq '^[0-9a-fA-F:]+$'
then then
@ -146,10 +47,12 @@ else
target_host="$__target_host" target_host="$__target_host"
fi fi
# shellcheck disable=SC2016 printf '%s %s %s:%s\n' \
printf '%s "$download_tmp" %s:%s\n' \
"$__remote_copy" \ "$__remote_copy" \
"$tmp" \
"$target_host" \ "$target_host" \
"$dst" "$dst"
echo "rm -f \"\$download_tmp\"" echo "rm -f '$tmp'"
echo 'downloaded' > "$__messages_out"

View file

@ -6,51 +6,17 @@ state_is="$( cat "$__object/explorer/state" )"
if [ "$download" = 'remote' ] && [ "$state_is" != 'present' ] if [ "$download" = 'remote' ] && [ "$state_is" != 'present' ]
then then
cmd_get="$( cat "$__object/explorer/remote_cmd_get" )" cmd="$( cat "$__object/explorer/remote_cmd" )"
url="$( cat "$__object/parameter/url" )" url="$( cat "$__object/parameter/url" )"
if [ -f "$__object/parameter/destination" ]
then
dst="$( cat "$__object/parameter/destination" )"
else
dst="/$__object_id" dst="/$__object_id"
fi
echo "download_tmp=\"\$( mktemp )\"" printf "$cmd > %s\n" \
"$url" \
"$dst"
# shellcheck disable=SC2059 echo 'downloaded' > "$__messages_out"
printf "$cmd_get > \"\$download_tmp\"\n" "$url"
if [ -f "$__object/parameter/sum" ]
then
sum_should="$( cat "$__object/parameter/sum" )"
if [ -f "$__object/parameter/cmd-sum" ]
then
remote_cmd_sum="$( cat "$__object/parameter/cmd-sum" )"
else
remote_cmd_sum="$( cat "$__object/explorer/remote_cmd_sum" )"
if echo "$sum_should" | grep -Fq ':'
then
sum_should="$( echo "$sum_should" | cut -d : -f 2 )"
fi
fi
# shellcheck disable=SC2059
echo "sum_is=\"\$( $( printf "$remote_cmd_sum" "\"\$download_tmp\"" ) )\""
echo "if [ \"\$sum_is\" != '$sum_should' ]; then"
echo "echo 'remote download checksum mismatch' >&2"
echo "rm -f \"\$download_tmp\""
echo 'exit 1; fi'
fi
echo "mv \"\$download_tmp\" '$dst'"
fi fi
if [ -f "$__object/parameter/onchange" ] && [ "$state_is" != "present" ] if [ -f "$__object/parameter/onchange" ] && [ "$state_is" != "present" ]

View file

@ -8,7 +8,7 @@ cdist-type__download - Download a file
DESCRIPTION DESCRIPTION
----------- -----------
By default type will try to use ``curl``, ``fetch`` or ``wget``. By default type will try to use ``wget``, ``curl`` or ``fetch``.
If download happens in target (see ``--download``) then type will If download happens in target (see ``--download``) then type will
fallback to (and install) ``wget``. fallback to (and install) ``wget``.
@ -16,8 +16,6 @@ If download happens in local machine, then environment variables like
``{http,https,ftp}_proxy`` etc can be used on cdist execution ``{http,https,ftp}_proxy`` etc can be used on cdist execution
(``http_proxy=foo cdist config ...``). (``http_proxy=foo cdist config ...``).
To change downloaded file's owner, group or permissions, use ``require='__download/path/to/file' __file ...``.
REQUIRED PARAMETERS REQUIRED PARAMETERS
------------------- -------------------
@ -27,29 +25,14 @@ url
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
destination
Downloaded file's destination in target. If unset, ``$__object_id`` is used.
sum sum
Supported formats: ``cksum`` output without file name, MD5, SHA1 and SHA256. Checksum is used to decide if existing destination file must be redownloaded.
By default output of ``cksum`` without filename is expected.
Type tries to detect hash format with regexes, but prefixes Other hash formats supported with prefixes: ``md5:``, ``sha1:`` and ``sha256:``.
``cksum:``, ``md5:``, ``sha1:`` and ``sha256:`` are also supported.
Checksum have two purposes - state check and post-download verification.
In state check, if destination checksum mismatches, then content of URL
will be downloaded to temporary file. If downloaded temporary file's
checksum matches, then it will be moved to destination (overwritten).
For local downloads it is expected that usable utilities for checksum
calculation exist in the system.
download download
If ``local`` (default), then file is downloaded to local storage and copied If ``local`` (default), then download file to local storage and copy
to target host. If ``remote``, then download happens in target. it to target host. If ``remote``, then download happens in target.
For local downloads it is expected that usable utilities for downloading
exist in the system. Type will try to use ``curl``, ``fetch`` or ``wget``.
cmd-get cmd-get
Command used for downloading. Command used for downloading.
@ -79,7 +62,7 @@ EXAMPLES
require='__directory/opt/cpma' \ require='__directory/opt/cpma' \
__download /opt/cpma/cnq3.zip \ __download /opt/cpma/cnq3.zip \
--url https://cdn.playmorepromode.com/files/cnq3/cnq3-1.51.zip \ --url https://cdn.playmorepromode.com/files/cnq3/cnq3-1.51.zip \
--sum 46da3021ca9eace277115ec9106c5b46 --sum md5:46da3021ca9eace277115ec9106c5b46
require='__download/opt/cpma/cnq3.zip' \ require='__download/opt/cpma/cnq3.zip' \
__unpack /opt/cpma/cnq3.zip \ __unpack /opt/cpma/cnq3.zip \

View file

@ -1,6 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
if grep -Eq '^wget' "$__object/explorer/remote_cmd_get" if grep -Eq '^wget' "$__object/explorer/remote_cmd"
then then
__package wget __package wget
fi fi

View file

@ -1,6 +1,5 @@
sum
cmd-get cmd-get
cmd-sum cmd-sum
destination
download download
onchange onchange
sum

View file

@ -1,7 +1,7 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2011-2012 Nico Schottelius (nico-cdist at schottelius.org) # 2011-2012 Nico Schottelius (nico-cdist at schottelius.org)
# 2013-2022 Steven Armstrong (steven-cdist armstrong.cc) # 2013 Steven Armstrong (steven-cdist armstrong.cc)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -72,7 +72,6 @@ if [ "$state_should" = "present" ] || [ "$state_should" = "exists" ]; then
if [ "$type" != "file" ]; then if [ "$type" != "file" ]; then
# destination is not a regular file, upload source to replace it # destination is not a regular file, upload source to replace it
upload_file=1 upload_file=1
echo upload >> "$__messages_out"
else else
local_cksum="$(cksum < "$source")" local_cksum="$(cksum < "$source")"
remote_cksum="$(cat "$__object/explorer/cksum")" remote_cksum="$(cat "$__object/explorer/cksum")"
@ -89,30 +88,13 @@ if [ "$state_should" = "present" ] || [ "$state_should" = "exists" ]; then
mkdir "$__object/files" mkdir "$__object/files"
touch "$__object/files/set-attributes" touch "$__object/files/set-attributes"
if [ "$create_file" ]; then
# When creating an empty file we create it locally and then
# upload it so that permissions can be set before moving the file
# into place.
source="$__object/files/empty"
touch "$source"
fi
# upload file to temp location # upload file to temp location
upload_destination="${destination}.cdist.${__cdist_object_marker}.$$" tempfile_template="${destination}.cdist.XXXXXXXXXX"
# Yes, we are aware that this is a race condition. cat << DONE
# However: destination_upload="\$($__remote_exec $__target_host "mktemp $tempfile_template")"
# a) cdist usually writes to directories that are not user writable DONE
# (probably > 99.9%) if [ "$upload_file" ]; then
# b) if they are user owned, the user / attacker always wins echo upload >> "$__messages_out"
# (probably < 0.1%)
# c) the only case which we could improve are tmp directories and we
# don't think managing tmp directories with cdist is a typical case
# ("the rest %)"
# Tell gencode-remote to where we uploaded the file so it can move
# it to its final destination.
echo "$upload_destination" > "$__object/files/upload-destination"
# IPv6 fix # IPv6 fix
if echo "${__target_host}" | grep -q -E '^[0-9a-fA-F:]+$' if echo "${__target_host}" | grep -q -E '^[0-9a-fA-F:]+$'
then then
@ -121,7 +103,12 @@ if [ "$state_should" = "present" ] || [ "$state_should" = "exists" ]; then
my_target_host="${__target_host}" my_target_host="${__target_host}"
fi fi
cat << DONE cat << DONE
$__remote_copy "$source" "${my_target_host}:${upload_destination}" $__remote_copy "$source" "${my_target_host}:\$destination_upload"
DONE
fi
# move uploaded file into place
cat << DONE
$__remote_exec $__target_host "rm -rf \"$destination\"; mv \"\$destination_upload\" \"$destination\""
DONE DONE
fi fi
fi fi

View file

@ -1,7 +1,7 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2011-2013 Nico Schottelius (nico-cdist at schottelius.org) # 2011-2013 Nico Schottelius (nico-cdist at schottelius.org)
# 2013-2022 Steven Armstrong (steven-cdist armstrong.cc) # 2013 Steven Armstrong (steven-cdist armstrong.cc)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -62,13 +62,6 @@ set_mode() {
case "$state_should" in case "$state_should" in
present|exists) present|exists)
if [ -f "$__object/files/upload-destination" ]; then
final_destination="$destination"
# We change the 'global' $destination variable here so we can
# change attributes of the new/uploaded file before moving it
# to it's final destination.
destination="$(cat "$__object/files/upload-destination")"
fi
# Note: Mode - needs to happen last as a chown/chgrp can alter mode by # Note: Mode - needs to happen last as a chown/chgrp can alter mode by
# clearing S_ISUID and S_ISGID bits (see chown(2)) # clearing S_ISUID and S_ISGID bits (see chown(2))
for attribute in group owner mode; do for attribute in group owner mode; do
@ -88,11 +81,6 @@ case "$state_should" in
fi fi
fi fi
done done
if [ -f "$__object/files/upload-destination" ]; then
# move uploaded file into place
printf 'rm -rf "%s"\n' "$final_destination"
printf 'mv "%s" "%s"\n' "$destination" "$final_destination"
fi
if [ -f "$__object/files/set-attributes" ]; then if [ -f "$__object/files/set-attributes" ]; then
# set-attributes is created if file is created or uploaded in gencode-local # set-attributes is created if file is created or uploaded in gencode-local
fire_onchange=1 fire_onchange=1

View file

@ -27,7 +27,7 @@ else
fi fi
case "$os" in case "$os" in
alpine|centos|fedora|gentoo|redhat|suse|ubuntu) alpine|centos|fedora|redhat|suse|gentoo)
if [ ! -x "$(command -v lsblk)" ]; then if [ ! -x "$(command -v lsblk)" ]; then
echo "lsblk is required for __filesystem type" >&2 echo "lsblk is required for __filesystem type" >&2
exit 1 exit 1

View file

@ -15,7 +15,7 @@ case $os in
# Differntation not needed anymore # Differntation not needed anymore
apt_source_distribution=stable apt_source_distribution=stable
;; ;;
10*|11*) 10*)
# Differntation not needed anymore # Differntation not needed anymore
apt_source_distribution=stable apt_source_distribution=stable
;; ;;

View file

@ -1,8 +0,0 @@
frontend http
bind BIND@:80
mode http
option httplog
default_backend http
backend http
mode http

View file

@ -1,10 +0,0 @@
frontend https
bind BIND@:443
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
default_backend https
backend https
mode tcp

View file

@ -1,12 +0,0 @@
frontend imaps
bind BIND@:143
bind BIND@:993
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
default_backend imaps
backend imaps
mode tcp

View file

@ -1,12 +0,0 @@
frontend smtps
bind BIND@:25
bind BIND@:465
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
default_backend smtps
backend smtps
mode tcp

View file

@ -1,121 +0,0 @@
cdist-type__haproxy_dualstack(7)
================================
NAME
----
cdist-type__haproxy_dualstack - Proxy services from a dual-stack server
DESCRIPTION
-----------
This (singleton) type installs and configures haproxy to act as a dual-stack
proxy for single-stack services.
This can be useful to add IPv4 support to IPv6-only services while only using
one IPv4 for many such services.
By default this type uses the plain TCP proxy mode, which means that there is no
need for TLS termination on this host when SNI is supported.
This also means that proxied services will not receive the client's IP address,
but will see the proxy's IP address instead (that of `$__target_host`).
This can be solved by using the PROXY protocol, but do take into account that,
e.g. nginx cannot serve both regular HTTP(S) and PROXY protocols on the same
port, so you will need to use other ports for that.
As a recommendation in this type: use TCP ports 8080 and 591 respectively to
serve HTTP and HTTPS using the PROXY protocol.
See the EXAMPLES for more details.
OPTIONAL PARAMETERS
-------------------
v4proxy
Proxy incoming IPv4 connections to the equivalent IPv6 endpoint.
In its simplest use, it must be a NAME with an `AAAA` DNS entry, which is
the IP address actually providing the proxied services.
The full format of this argument is:
`[proxy:]NAME[[:PROTOCOL_1=PORT_1]...[:PROTOCOL_N=PORT_N]]`
Where starting with `proxy:` determines that the PROXY protocol must be
used and each `:PROTOCOL=PORT` (e.g. `:http=8080` or `:https=591`) is a PORT
override for the given PROTOCOL (see `--protocol`), if not present the
PROTOCOL's default port will be used.
v6proxy
Proxy incoming IPv6 connections to the equivalent IPv4 endpoint.
In its simplest use, it must be a NAME with an `A` DNS entry, which is
the IP address actually providing the proxied services.
See `--v4proxy` for more options and details.
protocol
Can be passed multiple times or as a space-separated list of protocols.
Currently supported protocols are: `http`, `https`, `imaps`, `smtps`.
This defaults to: `http https imaps smtps`.
EXAMPLES
--------
.. code-block:: sh
# Proxy the IPv6-only services so IPv4-only clients can access them
# This uses HAProxy's TCP mode for http, https, imaps and smtps
__haproxy_dualstack \
--v4proxy ipv6.chat \
--v4proxy matrix.ungleich.ch
# Proxy the IPv6-only HTTP(S) services so IPv4-only clients can access them
# Note this means that the backend IPv6-only server will only see
# the IPv6 address of the haproxy host managed by cdist, which can be
# troublesome if this information is relevant for analytics/security/...
# See the PROXY example below
__haproxy_dualstack \
--protocol http --protocol https \
--v4proxy ipv6.chat \
--v4proxy matrix.ungleich.ch
# Use the PROXY protocol to proxy the IPv6-only HTTP(S) services enabling
# IPv4-only clients to access them while maintaining the client's IP address
__haproxy_dualstack \
--protocol http --protocol https \
--v4proxy proxy:ipv6.chat:http=8080:https=591 \
--v4proxy proxy:matrix.ungleich.ch:http=8080:https=591
# Note however that the PROXY protocol is not compatible with regular
# HTTP(S) protocols, so your nginx will have to listen on different ports
# with the PROXY settings.
# Note that you will need to restrict access to the 8080 port to prevent
# Client IP spoofing.
# This can be something like:
# server {
# # listen for regular HTTP connections
# listen [::]:80 default_server;
# listen 80 default_server;
# # listen for PROXY HTTP connections
# listen [::]:8080 proxy_protocol;
# # Accept the Client's IP from the PROXY protocol
# real_ip_header proxy_protocol;
# }
SEE ALSO
--------
- https://www.haproxy.com/blog/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/
- https://www.haproxy.com/blog/haproxy/proxy-protocol/
- https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
AUTHORS
-------
ungleich <foss--@--ungleich.ch>
Evilham <cvs--@--evilham.com>
COPYING
-------
Copyright \(C) 2021 ungleich glarus ag. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1,155 +0,0 @@
#!/bin/sh -eu
__package haproxy
require="__package/haproxy" __start_on_boot haproxy
tmpdir="$__object/files"
mkdir "$tmpdir"
configtmp="$__object/files/haproxy.cfg"
os=$(cat "$__global/explorer/os")
case $os in
freebsd)
CONFIG_FILE="/usr/local/etc/haproxy.conf"
cat <<EOF > "$configtmp"
global
maxconn 4000
user nobody
group nogroup
daemon
EOF
;;
*)
CONFIG_FILE="/etc/haproxy/haproxy.cfg"
cat <<EOF > "$configtmp"
global
log [::1] local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
EOF
;;
esac
cat <<EOF >> "$configtmp"
defaults
retries 3
log global
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
EOF
dig_cmd="$(command -v dig || true)"
get_ip() {
# Usage: get_ip (ipv4|ipv6) NAME
# uses "dig" if available, else fallback to "host"
case $1 in
ipv4)
if [ -n "${dig_cmd}" ]; then
${dig_cmd} +short A "$2"
else
host -t A "$2" | cut -d ' ' -f 4 | grep -v 'found:'
fi
;;
ipv6)
if [ -n "${dig_cmd}" ]; then
${dig_cmd} +short AAAA "$2"
else
host -t AAAA "$2" | cut -d ' ' -f 5 | grep -v 'NXDOMAIN'
fi
;;
esac
}
PROTOCOLS="$(cat "$__object/parameter/protocol")"
for proxy in v4proxy v6proxy; do
param=$__object/parameter/$proxy
# no backend? skip generating code
if [ ! -f "$param" ]; then
continue
fi
# turn backend name into bind parameter: v4backend -> ipv4@
bind=$(echo $proxy | sed -e 's/^/ip/' -e 's/proxy//')
case $bind in
ipv4)
backendproto=ipv6
;;
ipv6)
backendproto=ipv4
;;
esac
for proto in ${PROTOCOLS}; do
# Add protocol "header"
printf "\n# %s %s \n" "${bind}" "${proto}" >> "$configtmp"
sed -e "s/BIND/$bind/" \
-e "s/\(frontend[[:space:]].*\)/\1$bind/" \
-e "s/\(backend[[:space:]].*\)/\\1$bind/" \
"$__type/files/$proto" >> "$configtmp"
while read -r hostdefinition; do
if echo "$hostdefinition" | grep -qE '^proxy:'; then
# Proxy protocol was requested
host="$(echo "$hostdefinition" | sed -E 's/^proxy:([^:]+).*$/\1/')"
send_proxy=" send-proxy"
else
# Just use tcp proxy mode
host="$hostdefinition"
send_proxy=""
fi
if echo "$hostdefinition" | grep -qE ":${proto}="; then
# Use custom port definition if requested
port="$(echo "$hostdefinition" | sed -E "s/^(.*:)?${proto}=([0-9]+).*$/:\2/")"
else
# Else use the default
port=""
fi
servername=$host
res=$(get_ip "$bind" "$servername")
if [ -z "$res" ]; then
echo "$servername does not resolve - aborting config" >&2
exit 1
fi
# Treat protocols without TLS+SNI specially
if [ "$proto" = http ]; then
echo " use-server $servername if { hdr(host) -i $host }" >> "$configtmp"
else
echo " use-server $servername if { req_ssl_sni -i $host }" >> "$configtmp"
fi
# Create the "server" itself.
# Note that port and send_proxy will be empty unless
# they were requested by the type user
echo " server $servername ${backendproto}@${host}${port}${send_proxy}" >> "$configtmp"
done < "$param"
done
done
# Create config file
require="__package/haproxy" __file ${CONFIG_FILE} --source "$configtmp" --mode 0644
require="__file${CONFIG_FILE}" __check_messages "haproxy_reload" \
--pattern "^__file${CONFIG_FILE}" \
--execute "service haproxy reload || service haproxy restart"

View file

@ -1 +0,0 @@
http https imaps smtps

View file

@ -1,3 +0,0 @@
protocol
v4proxy
v6proxy

View file

@ -41,7 +41,7 @@ if [ -z "${certbot_fullpath}" ]; then
require="__apt_source/stretch-backports" __package_apt certbot \ require="__apt_source/stretch-backports" __package_apt certbot \
--target-release stretch-backports --target-release stretch-backports
;; ;;
10*|11*) 10*)
__package_apt certbot __package_apt certbot
;; ;;
@ -85,7 +85,7 @@ if [ -z "${certbot_fullpath}" ]; then
esac esac
;; ;;
freebsd) freebsd)
__package py39-certbot __package py37-certbot
certbot_fullpath="/usr/local/bin/certbot" certbot_fullpath="/usr/local/bin/certbot"
;; ;;
ubuntu) ubuntu)

View file

@ -81,24 +81,12 @@ aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes -o Dpkg::Options::=
case "$state_should" in case "$state_should" in
present) present)
# There are special arguments to apt(8) to prevent aborts if apt woudn't been
# updated after the 19th April 2021 till the bullseye release. The additional
# arguments acknoledge the happend suite change (the apt(8) update does the
# same by itself).
#
# Using '-o $config' instead of the --allow-releaseinfo-change-* parameter
# allows backward compatablility to pre-buster Debian versions.
#
# See more: ticket #861
# https://code.ungleich.ch/ungleich-public/cdist/-/issues/861
apt_opts="-o Acquire::AllowReleaseInfoChange::Suite=true -o Acquire::AllowReleaseInfoChange::Version=true"
# following is bit ugly, but important hack. # following is bit ugly, but important hack.
# due to how cdist config run works, there isn't # due to how cdist config run works, there isn't
# currently better way to do it :( # currently better way to do it :(
cat << EOF cat << EOF
if [ ! -f /var/cache/apt/pkgcache.bin ] || [ "\$( stat --format %Y /var/cache/apt/pkgcache.bin )" -lt "\$( date +%s -d '-1 day' )" ] if [ ! -f /var/cache/apt/pkgcache.bin ] || [ "\$( stat --format %Y /var/cache/apt/pkgcache.bin )" -lt "\$( date +%s -d '-1 day' )" ]
then echo apt-get $apt_opts update > /dev/null 2>&1 || true then echo apt-get update > /dev/null 2>&1 || true
fi fi
EOF EOF
if [ -n "$version" ]; then if [ -n "$version" ]; then

View file

@ -37,7 +37,6 @@ assert () # If condition false,
then then
echo "Assertion failed: \"$1\"" echo "Assertion failed: \"$1\""
# shellcheck disable=SC2039 # shellcheck disable=SC2039
# shellcheck disable=SC3044
echo "File \"$0\", line $lineno, called by $(caller 0)" echo "File \"$0\", line $lineno, called by $(caller 0)"
exit $E_ASSERT_FAILED exit $E_ASSERT_FAILED
fi fi

View file

@ -41,19 +41,7 @@ fi
case "$type" in case "$type" in
yum) ;; yum) ;;
apt) apt)
# There are special arguments to apt(8) to prevent aborts if apt woudn't been echo "apt-get --quiet update"
# updated after the 19th April 2021 till the bullseye release. The additional
# arguments acknoledge the happend suite change (the apt(8) update does the
# same by itself).
#
# Using '-o $config' instead of the --allow-releaseinfo-change-* parameter
# allows backward compatablility to pre-buster Debian versions.
#
# See more: ticket #861
# https://code.ungleich.ch/ungleich-public/cdist/-/issues/861
apt_opts="-o Acquire::AllowReleaseInfoChange::Suite=true -o Acquire::AllowReleaseInfoChange::Version=true"
echo "apt-get --quiet $apt_opts update"
echo "apt-cache updated (age was: $currage)" >> "$__messages_out" echo "apt-cache updated (age was: $currage)" >> "$__messages_out"
;; ;;
pacman) pacman)

View file

@ -28,10 +28,6 @@ apt_clean="$__object/parameter/apt-clean"
apt_dist_upgrade="$__object/parameter/apt-dist-upgrade" apt_dist_upgrade="$__object/parameter/apt-dist-upgrade"
if [ -f "$__object/parameter/apt-with-new-pkgs" ]; then
apt_with_new_pkgs="--with-new-pkgs"
fi
if [ -f "$type" ]; then if [ -f "$type" ]; then
type="$(cat "$type")" type="$(cat "$type")"
else else
@ -58,7 +54,7 @@ case "$type" in
apt) apt)
if [ -f "$apt_dist_upgrade" ] if [ -f "$apt_dist_upgrade" ]
then echo "$aptget dist-upgrade" then echo "$aptget dist-upgrade"
else echo "$aptget $apt_with_new_pkgs upgrade" else echo "$aptget upgrade"
fi fi
if [ -f "$apt_clean" ] if [ -f "$apt_clean" ]

View file

@ -33,14 +33,6 @@ BOOLEAN PARAMETERS
apt-dist-upgrade apt-dist-upgrade
Do dist-upgrade instead of upgrade. Do dist-upgrade instead of upgrade.
apt-with-new-pkg
Allow installing new packages when used in conjunction with
upgrade. This is useful if the update of an installed package
requires new dependencies to be installed. Instead of holding the
package back upgrade will upgrade the package and install the new
dependencies. Note that upgrade with this option will never remove
packages, only allow adding new ones.
apt-clean apt-clean
Clean out the local repository of retrieved package files. Clean out the local repository of retrieved package files.

View file

@ -1,3 +1,2 @@
apt-clean apt-clean
apt-dist-upgrade apt-dist-upgrade
apt-with-new-pkgs

View file

@ -1,104 +1,39 @@
#!/bin/sh -e #!/bin/sh -e
if ! command -v rsync > /dev/null
then
echo 'rsync is missing in local machine' >&2
exit 1
fi
src="$( cat "$__object/parameter/source" )"
if [ ! -e "$src" ]
then
echo "$src not found" >&2
exit 1
fi
if [ -f "$__object/parameter/destination" ]
then
dst="$( cat "$__object/parameter/destination" )"
else
dst="/$__object_id"
fi
# if source is directory, then make sure that
# source and destination are ending with slash,
# because this is what you almost always want when
# rsyncing two directories.
if [ -d "$src" ]
then
if ! echo "$src" | grep -Eq '/$'
then
src="$src/"
fi
if ! echo "$dst" | grep -Eq '/$'
then
dst="$dst/"
fi
fi
remote_user="$( cat "$__object/parameter/remote-user" )"
options="$( cat "$__object/parameter/options" )"
if [ -f "$__object/parameter/option" ]
then
while read -r l
do
# there's a limitation in argparse: value can't begin with '-'.
# to workaround this, let's prefix opts with '\' in manifest and remove here.
# read more about argparse issue: https://bugs.python.org/issue9334
options="$options $( echo "$l" | sed 's/\\//g' )"
done \
< "$__object/parameter/option"
fi
if [ -f "$__object/parameter/owner" ] || [ -f "$__object/parameter/group" ]
then
options="$options --chown="
if [ -f "$__object/parameter/owner" ]
then
owner="$( cat "$__object/parameter/owner" )"
options="$options$owner"
fi
if [ -f "$__object/parameter/group" ]
then
group="$( cat "$__object/parameter/group" )"
options="$options:$group"
fi
fi
if [ -f "$__object/parameter/mode" ]
then
mode="$( cat "$__object/parameter/mode" )"
options="$options --chmod=$mode"
fi
# IMPORTANT
# #
# 1. we first dry-run rsync with change summary to find out # 2015 Dominique Roux (dominique.roux4 at gmail.com)
# if there are any changes and code generation is needed. #
# 2. normally, to get current state or target host, we run # This file is part of cdist.
# such operations in type explorers, but that's not #
# possible due to how rsync works. # cdist is free software: you can redistribute it and/or modify
# 3. redirecting output of dry-run to stderr to ease debugging. # it under the terms of the GNU General Public License as published by
# 4. to understand how that cryptic regex works, please # the Free Software Foundation, either version 3 of the License, or
# open rsync manpage and read about --itemize-changes. # (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
export RSYNC_RSH="$__remote_exec" source=$(cat "$__object/parameter/source")
remote_user=$(cat "$__object/parameter/remote-user")
# shellcheck disable=SC2086 if [ -f "$__object/parameter/destination" ]; then
if ! rsync --dry-run --itemize-changes $options "$src" "$remote_user@$__target_host:$dst" \ destination=$(cat "$__object/parameter/destination")
| grep -E '^(<|>|c|h|\.|\*)[fdL][cstTpogunbax\.\+\?]+\s' >&2 else
then destination="/$__object_id"
exit 0
fi fi
echo "export RSYNC_RSH='$__remote_exec'" set --
if [ -f "$__object/parameter/rsync-opts" ]; then
while read -r opts; do
set -- "$@" "--$opts"
done < "$__object/parameter/rsync-opts"
fi
echo "rsync $options $src $remote_user@$__target_host:$dst" echo rsync -a \
--no-owner --no-group \
-q "$@" "${source}/" "${remote_user}@${__target_host}:${destination}"

View file

@ -1,6 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # 2015 Dominique Roux (dominique.roux4 at gmail.com)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -18,4 +18,20 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
__package_apt debconf if [ -f "$__object/parameter/destination" ]; then
destination=$(cat "$__object/parameter/destination")
else
destination="/$__object_id"
fi
ownergroup=""
if [ -f "$__object/parameter/owner" ]; then
ownergroup=$(cat "$__object/parameter/owner")
fi
if [ -f "$__object/parameter/group" ]; then
ownergroup="${ownergroup}:$(cat "$__object/parameter/group")"
fi
if [ "$ownergroup" ]; then
echo chown -R "$ownergroup" "$destination"
fi

View file

@ -3,73 +3,112 @@ cdist-type__rsync(7)
NAME NAME
---- ----
cdist-type__rsync - Mirror directories using ``rsync`` cdist-type__rsync - Mirror directories using rsync
DESCRIPTION DESCRIPTION
----------- -----------
The purpose of this type is to bring power of ``rsync`` into ``cdist``. WARNING: This type is of BETA quality:
- it has not been tested widely
- interfaces *may* change
- if there is a better approach to solve the problem -> the type may even vanish
If you are fine with these constraints, please read on.
This cdist type allows you to mirror local directories to the
target host using rsync. Rsync will be installed in the manifest of the type.
If group or owner are giveng, a recursive chown will be executed on the
target host.
A slash will be appended to the source directory so that only the contents
of the directory are taken and not the directory name itself.
REQUIRED PARAMETERS REQUIRED PARAMETERS
------------------- -------------------
source source
Source directory in local machine. Where to take files from
If source is directory, slash (``/``) will be added to source and destination paths.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
destination group
Destination directory. Defaults to ``$__object_id``. Group to chgrp to.
owner owner
Will be passed to ``rsync`` as ``--chown=OWNER``. User to chown to.
Read ``rsync(1)`` for more details.
group destination
Will be passed to ``rsync`` as ``--chown=:GROUP``. Use this as the base destination instead of the object id
Read ``rsync(1)`` for more details.
mode
Will be passed to ``rsync`` as ``--chmod=MODE``.
Read ``rsync(1)`` for more details.
options
Defaults to ``--recursive --links --perms --times``.
Due to `bug in Python's argparse<https://bugs.python.org/issue9334>`_, value must be prefixed with ``\``.
remote-user remote-user
Defaults to ``root``. Use this user instead of the default "root" for rsync operations.
OPTIONAL MULTIPLE PARAMETERS OPTIONAL MULTIPLE PARAMETERS
---------------------------- ----------------------------
option rsync-opts
Pass additional options to ``rsync``. Use this option to give rsync options with.
See ``rsync(1)`` for all possible options. See rsync(1) for available options.
Due to `bug in Python's argparse<https://bugs.python.org/issue9334>`_, value must be prefixed with ``\``. Only "--" options are supported.
Write the options without the beginning "--"
Can be specified multiple times.
MESSAGES
--------
NONE
EXAMPLES EXAMPLES
-------- --------
.. code-block:: sh .. code-block:: sh
__rsync /var/www/example.com \ # You can use any source directory
--owner root \ __rsync /tmp/testdir \
--group www-data \ --source /etc
--mode 'D750,F640' \
--source "$__files/example.com/www" # Use source from type
__rsync /etc \
--source "$__type/files/package"
# Allow multiple __rsync objects to write to the same dir
__rsync mystuff \
--destination /usr/local/bin \
--source "$__type/files/package"
__rsync otherstuff \
--destination /usr/local/bin \
--source "$__type/files/package2"
# Use rsync option --exclude
__rsync /tmp/testdir \
--source /etc \
--rsync-opts exclude=sshd_conf
# Use rsync with multiple options --exclude --dry-run
__rsync /tmp/testing \
--source /home/tester \
--rsync-opts exclude=id_rsa \
--rsync-opts dry-run
SEE ALSO
--------
:strong:`rsync`\ (1)
AUTHORS AUTHORS
------- -------
Ander Punnar <ander-at-kvlt-dot-ee> Nico Schottelius <nico-cdist--@--schottelius.org>
COPYING COPYING
------- -------
Copyright \(C) 2021 Ander Punnar. You can redistribute it and/or modify it Copyright \(C) 2015 Nico Schottelius. You can redistribute it
under the terms of the GNU General Public License as published by the Free and/or modify it under the terms of the GNU General Public License as
Software Foundation, either version 3 of the License, or (at your option) published by the Free Software Foundation, either version 3 of the
any later version. License, or (at your option) any later version.

View file

@ -1,3 +1,21 @@
#!/bin/sh -e #!/bin/sh -e
#
# 2015 Dominique Roux (dominique.roux4 at gmail.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
__package rsync __package rsync

View file

@ -1 +0,0 @@
--recursive --links --perms --times

View file

@ -1,6 +1,4 @@
destination destination
group
mode
options
owner owner
group
remote-user remote-user

View file

@ -1 +1 @@
option rsync-opts

View file

@ -1,16 +0,0 @@
#!/bin/sh -e
if [ -f "$__object/parameter/file" ]
then
file="$( cat "$__object/parameter/file" )"
else
file="/$__object_id"
fi
if [ ! -e "$file" ]
then
echo "$file does not exist" >&2
exit 1
fi
cat "$file"

View file

@ -1,58 +0,0 @@
#!/bin/sh -e
if [ -f "$__object/parameter/file" ]
then
file="$( cat "$__object/parameter/file" )"
else
file="/$__object_id"
fi
script="$( cat "$__object/parameter/script" )"
if [ "$script" = '-' ]
then
script="$( cat "$__object/stdin" )"
fi
# since stdin is not available in explorer, we pull file from target with explorer
file_from_target="$__object/explorer/file"
sed_cmd='sed'
if [ -f "$__object/parameter/regexp-extended" ]
then
sed_cmd="$sed_cmd -E"
fi
# do sed dry run, diff result and if no change, then there's nothing to do
# also redirect diff's output to stderr for debugging purposes
if echo "$script" | "$sed_cmd" -f - "$file_from_target" | diff -u "$file_from_target" - >&2
then
exit 0
fi
# we can't use -i, because it's not posix, so we fly with tempfile and cp
# and we use cp because we want to preserve destination file's attributes
# shellcheck disable=SC2016
echo 'tmp="$__object/tempfile"'
echo "$sed_cmd -f - '$file' > \"\$tmp\" << EOF"
echo "$script"
echo 'EOF'
echo "cp \"\$tmp\" '$file'"
# shellcheck disable=SC2016
echo 'rm -f "$tmp"'
echo 'change' >> "$__messages_out"
if [ -f "$__object/parameter/onchange" ]
then
cat "$__object/parameter/onchange"
fi

View file

@ -1,57 +0,0 @@
cdist-type__sed(7)
==================
NAME
----
cdist-type__sed - Transform text files with ``sed``
DESCRIPTION
-----------
Transform text files with ``sed``.
REQUIRED MULTIPLE PARAMETERS
----------------------------
script
``sed`` script.
If ``-`` then the script is read from ``stdin``.
OPTIONAL PARAMETERS
-------------------
file
Path to the file. Defaults to ``$__object_id``.
onchange
Execute this command if ``sed`` changes file.
BOOLEAN PARAMETERS
------------------
regexp-extended
Use extended regular expressions in the script.
Might not be supported with every ``sed`` version.
EXAMPLES
--------
.. code-block:: sh
__sed /tmp/foobar --script 's/foo/bar/'
echo 's/foo/bar/' | __sed foobar --file /tmp/foobar --script -
AUTHORS
-------
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2021 Ander Punnar. You can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option)
any later version.

View file

@ -1 +0,0 @@
regexp-extended

View file

@ -1,2 +0,0 @@
file
onchange

View file

@ -1 +0,0 @@
script

View file

@ -1,8 +0,0 @@
#!/bin/sh -e
if grep -Eq '^ssl-cert:' /etc/group
then
echo 'present'
else
echo 'absent'
fi

View file

@ -1,24 +0,0 @@
#!/bin/sh -e
key_path="$( cat "$__object/parameter/key-path" )"
if echo "$key_path" | grep -Fq '%s'
then
# shellcheck disable=SC2059
key_path="$( printf "$key_path" "$__object_id" )"
fi
cert_path="$( cat "$__object/parameter/cert-path" )"
if echo "$cert_path" | grep -Fq '%s'
then
# shellcheck disable=SC2059
cert_path="$( printf "$cert_path" "$__object_id" )"
fi
if [ ! -f "$key_path" ] || [ ! -f "$cert_path" ]
then
echo 'absent'
else
echo 'present'
fi

View file

@ -1,73 +0,0 @@
#!/bin/sh -e
state="$( cat "$__object/explorer/state" )"
if [ "$state" = 'present' ]
then
exit 0
fi
if [ -f "$__object/parameter/common-name" ]
then
common_name="$( cat "$__object/parameter/common-name" )"
else
common_name="$__object_id"
fi
key_path="$( cat "$__object/parameter/key-path" )"
if echo "$key_path" | grep -Fq '%s'
then
# shellcheck disable=SC2059
key_path="$( printf "$key_path" "$__object_id" )"
fi
cert_path="$( cat "$__object/parameter/cert-path" )"
if echo "$cert_path" | grep -Fq '%s'
then
# shellcheck disable=SC2059
cert_path="$( printf "$cert_path" "$__object_id" )"
fi
key_type="$( cat "$__object/parameter/key-type" )"
key_type_arg="$( echo "$key_type" | cut -d : -f 2 )"
case "$key_type" in
rsa:*)
echo "openssl genrsa -out '$key_path' $key_type_arg"
;;
ec:*)
echo "openssl ecparam -name $key_type_arg -genkey -noout -out '$key_path'"
;;
esac
# shellcheck disable=SC2016
echo 'csr_path="$( mktemp )"'
echo "openssl req -new -subj '/CN=$common_name' -key '$key_path' -out \"\$csr_path\""
echo "openssl x509 -req -sha256 -days 3650 -in \"\$csr_path\" -signkey '$key_path' -out '$cert_path'"
# shellcheck disable=SC2016
echo 'rm -f "$csr_path"'
if [ "$( cat "$__object/explorer/ssl-cert-group" )" = 'present' ]
then
key_group='ssl-cert'
else
key_group='root'
fi
echo "chmod 640 '$key_path'"
echo "chown root '$key_path'"
echo "chgrp $key_group '$key_path'"
echo "chmod 644 '$cert_path'"
echo "chown root '$cert_path'"
echo "chgrp root '$cert_path'"

View file

@ -1,61 +0,0 @@
cdist-type__snakeoil_cert(7)
============================
NAME
----
cdist-type__snakeoil_cert - Generate self-signed certificate
DESCRIPTION
-----------
The purpose of this type is to generate **self-signed** certificate and private key
for **testing purposes**. Certificate will expire in 3650 days.
Certificate's and key's access bits will be ``644`` and ``640`` respectively.
If target system has ``ssl-cert`` group, then it will be used as key's group.
Use ``require='__snakeoil_cert/...' __file ...`` to override.
OPTIONAL PARAMETERS
-------------------
common-name
Defaults to ``$__object_id``.
key-path
``%s`` in path will be replaced with ``$__object_id``.
Defaults to ``/etc/ssl/private/%s.pem``.
key-type
Possible values are ``rsa:$bits`` and ``ec:$name``.
For possible EC names see ``openssl ecparam -list_curves``.
Defaults to ``rsa:2048``.
cert-path
``%s`` in path will be replaced with ``$__object_id``.
Defaults to ``/etc/ssl/certs/%s.pem``.
EXAMPLES
--------
.. code-block:: sh
__snakeoil_cert localhost-rsa \
--common-name localhost \
--key-type rsa:4096
__snakeoil_cert localhost-ec \
--common-name localhost \
--key-type ec:prime256v1
AUTHORS
-------
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2021 Ander Punnar. You can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option)
any later version.

View file

@ -1 +0,0 @@
/etc/ssl/certs/%s.pem

View file

@ -1 +0,0 @@
/etc/ssl/private/%s.pem

View file

@ -1,4 +0,0 @@
common-name
key-path
key-type
cert-path

View file

@ -40,7 +40,6 @@ if [ -f "$file" ]; then
grep -v -F -x '$line' '$file' >\$tmpfile grep -v -F -x '$line' '$file' >\$tmpfile
fi fi
cat "\$tmpfile" >"$file" cat "\$tmpfile" >"$file"
rm -f "\$tmpfile"
DONE DONE
} }

View file

@ -1,7 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
# shellcheck disable=SC1090 # shellcheck disable=SC1090
# shellcheck disable=SC1091
file="$( . "$__type_explorer/file" )" file="$( . "$__type_explorer/file" )"
if [ -f "$file" ] if [ -f "$file" ]

View file

@ -1,4 +1,4 @@
#!/bin/sh -e #!/bin/sh -e
LC_ALL=C update-alternatives --display "${__object_id:?}" 2>/dev/null \ update-alternatives --display "$__object_id" 2>/dev/null \
| awk -F ' - ' '/priority [0-9]+$/ { print $1 }' | awk -F ' - ' '/priority [0-9]+$/ { print $1 }'

View file

@ -18,12 +18,12 @@ for altdir in \
/var/lib/dpkg/alternatives \ /var/lib/dpkg/alternatives \
/var/lib/alternatives /var/lib/alternatives
do do
if [ ! -f "$altdir/${__object_id:?}" ] if [ ! -f "$altdir/$__object_id" ]
then then
continue continue
fi fi
link="$( awk 'NR==2' "$altdir/${__object_id:?}" )" link="$( awk 'NR==2' "$altdir/$__object_id" )"
if [ -n "$link" ] if [ -n "$link" ]
then then
@ -31,12 +31,9 @@ do
fi fi
done done
if [ -z "$link" ] && [ -z "${__cdist_dry_run+dry run}" ] if [ -z "$link" ]
then then
# NOTE: ignore error for dry-runs because a package providing the link echo "unable to get link for $__object_id" >&2
# might be managed by another cdist object (which wasn't executed,
# because dry run…).
echo "unable to get link for ${__object_id:?}" >&2
exit 1 exit 1
fi fi

View file

@ -1,15 +1,11 @@
#!/bin/sh -e #!/bin/sh -e
path_is=$( path_is="$( update-alternatives --display "$__object_id" 2>/dev/null \
LC_ALL=C update-alternatives --display "${__object_id?}" 2>/dev/null \ | awk '/link currently points to/ {print $5}' )"
| awk '/link currently points to/ { print $5 }')
if [ -z "$path_is" ] && [ -z "${__cdist_dry_run+dry run}" ] if [ -z "$path_is" ]
then then
# NOTE: ignore error for dry-runs because a package providing the echo "unable to get current path for $__object_id" >&2
# alternative might be managed by another cdist object (which
# wasn't executed, because dry run…).
echo "unable to get current path for ${__object_id:?}" >&2
exit 1 exit 1
fi fi

View file

@ -1,6 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
if [ -f "$( cat "${__object:?}/parameter/path" )" ] if [ -f "$( cat "$__object/parameter/path" )" ]
then then
echo 'present' echo 'present'
else else

View file

@ -18,39 +18,37 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
path_is="$( cat "${__object:?}/explorer/path_is" )" path_is="$( cat "$__object/explorer/path_is" )"
path_should="$( cat "${__object:?}/parameter/path" )" path_should="$( cat "$__object/parameter/path" )"
if [ "$path_is" = "$path_should" ] if [ "$path_is" = "$path_should" ]
then then
exit 0 exit 0
fi fi
if [ "$( cat "${__object:?}/explorer/path_should_state" )" = 'absent' ] \ if [ "$( cat "$__object/explorer/path_should_state" )" = 'absent' ] && [ -z "$__cdist_dry_run" ]
&& [ -z "${__cdist_dry_run+dry run}" ]
then then
echo "$path_should does not exist in target" >&2 echo "$path_should does not exist in target" >&2
exit 1 exit 1
fi fi
name=${__object_id:?} name="$__object_id"
if ! grep -Fxq "$path_should" "${__object:?}/explorer/alternatives" alternatives="$( cat "$__object/explorer/alternatives" )"
if ! echo "$alternatives" | grep -Fxq "$path_should"
then then
if [ -f "${__object:?}/parameter/install" ] if [ ! -f "$__object/parameter/install" ]
then then
link="$( cat "${__object:?}/explorer/link" )"
echo "update-alternatives --install '$link' '$name' '$path_should' 1000"
elif [ -z "${__cdist_dry_run+dry run}" ]
then
# NOTE: ignore error for dry-runs because a package providing the link
# to be installed might be managed by another cdist object (which
# wasn't executed, because dry run…).
echo "$path_should is not in $name alternatives." >&2 echo "$path_should is not in $name alternatives." >&2
echo 'Please install missing packages or use --install to add path to alternatives.' >&2 echo 'Please install missing packages or use --install to add path to alternatives.' >&2
exit 1 exit 1
fi fi
link="$( cat "$__object/explorer/link" )"
echo "update-alternatives --install '$link' '$name' '$path_should' 1000"
fi fi
echo "update-alternatives --set '$name' '$path_should'" echo "update-alternatives --set '$name' '$path_should'"

View file

@ -84,7 +84,7 @@ def _process_hosts_simple(action, host, manifest, verbose,
""" """
if isinstance(host, str): if isinstance(host, str):
hosts = [host, ] hosts = [host, ]
elif isinstance(host, collections.abc.Iterable): elif isinstance(host, collections.Iterable):
hosts = host hosts = host
else: else:
raise cdist.Error('Invalid host argument: {}'.format(host)) raise cdist.Error('Invalid host argument: {}'.format(host))

View file

@ -36,27 +36,25 @@ import threading
logging.OFF = logging.CRITICAL + 10 # disable logging logging.OFF = logging.CRITICAL + 10 # disable logging
logging.addLevelName(logging.OFF, 'OFF') logging.addLevelName(logging.OFF, 'OFF')
logging.VERBOSE = logging.INFO - 5 logging.VERBOSE = logging.INFO - 5
logging.addLevelName(logging.VERBOSE, 'VERBOSE') logging.addLevelName(logging.VERBOSE, 'VERBOSE')
def _verbose(self, msg, *args, **kwargs): def _verbose(msg, *args, **kwargs):
self.log(logging.VERBOSE, msg, args, **kwargs) logging.log(logging.VERBOSE, msg, *args, **kwargs)
logging.Logger.verbose = _verbose logging.verbose = _verbose
logging.TRACE = logging.DEBUG - 5 logging.TRACE = logging.DEBUG - 5
logging.addLevelName(logging.TRACE, 'TRACE') logging.addLevelName(logging.TRACE, 'TRACE')
def _trace(self, msg, *args, **kwargs): def _trace(msg, *args, **kwargs):
self.log(logging.TRACE, msg, *args, **kwargs) logging.log(logging.TRACE, msg, *args, **kwargs)
logging.Logger.trace = _trace logging.trace = _trace
class CdistFormatter(logging.Formatter): class CdistFormatter(logging.Formatter):

View file

@ -20,98 +20,36 @@
# #
import logging import logging
import sys
from datetime import datetime
log = logging.getLogger("scan") log = logging.getLogger("scan")
def run(scan, args): # define this outside of the class to not handle scapy import errors by default
# We run each component in a separate process since they def commandline(args):
# must not block on each other. log.debug(args)
try:
import cdist.scan.scan as scan
except ModuleNotFoundError:
print('cdist scan requires scapy to be installed')
processes = [] processes = []
if not args.mode:
# By default scan and trigger, but do not call any action
args.mode = ['scan', 'trigger', ]
if 'trigger' in args.mode: if 'trigger' in args.mode:
t = scan.Trigger(interfaces=args.interface, t = scan.Trigger(interfaces=args.interfaces)
sleeptime=args.trigger_delay)
t.start() t.start()
processes.append(t) processes.append(t)
log.debug("Trigger started") log.debug("Trigger started")
if 'scan' in args.mode: if 'scan' in args.mode:
s = scan.Scanner( s = scan.Scanner(interfaces=args.interfaces, args=args)
autoconfigure='config' in args.mode,
interfaces=args.interface,
name_mapper=args.name_mapper)
s.start() s.start()
processes.append(s) processes.append(s)
log.debug("Scanner started") log.debug("Scanner started")
for process in processes: for process in processes:
process.join() process.join()
def list(scan, args):
s = scan.Scanner(interfaces=args.interface, name_mapper=args.name_mapper)
hosts = s.list()
# A full IPv6 addresses id composed of 8 blocks of 4 hexa chars +
# 6 colons.
ipv6_max_size = 8 * 4 + 10
date_max_size = len(datetime.now().strftime(scan.datetime_format))
name_max_size = 25
print("{} | {} | {} | {}".format(
'name'.ljust(name_max_size),
'address'.ljust(ipv6_max_size),
'last seen'.ljust(date_max_size),
'last configured'.ljust(date_max_size)))
print('=' * (name_max_size + 3 + ipv6_max_size + 2 * (3 + date_max_size)))
for host in hosts:
last_seen = host.last_seen()
if last_seen:
last_seen = last_seen.strftime(scan.datetime_format)
else:
last_seen = '-'
last_configured = host.last_configured()
if last_configured is not None:
last_configured = last_configured.strftime(scan.datetime_format)
else:
last_configured = '-'
print("{} | {} | {} | {}".format(
host.name(default='-').ljust(name_max_size),
host.address().ljust(ipv6_max_size),
last_seen.ljust(date_max_size),
last_configured.ljust(date_max_size)))
# CLI processing is defined outside of the main scan class to handle
# non-available optional scapy dependency (instead of crashing mid-flight).
def commandline(args):
log.debug(args)
# Check if we have the optional scapy dependency available.
try:
import cdist.scan.scan as scan
except ModuleNotFoundError:
log.error('cdist scan requires scapy to be installed. Exiting.')
sys.exit(1)
# Set default operation mode.
if not args.mode:
# By default scan and trigger, but do not call any action.
args.mode = ['scan', 'trigger', ]
if 'config' in args.mode and args.name_mapper is None:
print('--name-mapper must be specified for scanner config mode.',
file=sys.stderr)
sys.exit(1)
# Print known hosts and exit is --list is specified - do not start
# the scanner.
if args.list:
list(scan, args)
else:
run(scan, args)

Some files were not shown because too many files have changed in this diff Show more