Compare commits

...

697 commits

Author SHA1 Message Date
Nico Schottelius
7dd2d1025a ++changelog 2023-02-03 22:54:18 +01:00
513a8ae177 Merge pull request 'Make sure flag is followed by end of line or space.' (#349) from mark/cdist:machine_type into master
Reviewed-on: ungleich-public/cdist#349
2023-02-03 21:53:12 +00:00
2a2f91959e Merge pull request 'Updated the python version of cerbot freebsd' (#359) from CamilionEU/cdist:cerbot-freebsd into master
Reviewed-on: ungleich-public/cdist#359
2023-02-03 21:43:02 +00:00
fcf76cdb2c Merge pull request 'Added support for Devuan Daedalus' (#358) from CamilionEU/cdist:explorer-devuan-update into master
Reviewed-on: ungleich-public/cdist#358
2023-02-03 21:40:33 +00:00
Michelle
1450861e26
Updated the python version of cerbot freebsd
The package referenced for cerbot to be install in the FreeBSD platform
used python 3.7 package, updated to python 3.9
2023-02-02 18:21:43 -05:00
Michelle
08a6b467fa
Added support for Devuan Daedalus
Added one line that allows cdist to support Devuan Daedelus version
2023-01-25 16:06:35 -05:00
Nico Schottelius
ed3da3c829 ++changes 2022-12-26 21:02:41 +01:00
Nico Schottelius
b974969f28 Remove double definition of scan parser
Fixes #353
2022-12-26 20:59:16 +01:00
Nico Schottelius
bdfd92dc37 ++changes 2022-12-21 09:41:33 +01:00
5c85b04309 Merge pull request 'Initialise options variable to avoid unset variable expansion' (#351) from mark/cdist:options-initialise into master
Reviewed-on: ungleich-public/cdist#351
2022-12-20 17:04:45 +00:00
Nico Schottelius
f36069754c ++changelog 2022-12-20 18:03:15 +01:00
d4dfe95a97 Merge pull request 'Make grep more specific' (#352) from marcoduif/cdist:master into master
Reviewed-on: ungleich-public/cdist#352
2022-12-20 17:02:16 +00:00
ffeaafe9b6 Make grep more specific
package name should be an exact match, not a substring
2022-10-07 07:22:31 +00:00
Mark Verboom
62db96bb37 Initialise options variable so expansion when running files/source.list.template
there will not be an error when the variable is not set.
2022-09-29 16:19:07 +02:00
Mark Verboom
c85184dcb4 Make sure flag is followed by end of line or space. 2022-09-18 08:49:37 +02:00
Nico Schottelius
90488d2e9e [doc] add release process documentation 2022-08-01 00:03:51 +02:00
Nico Schottelius
be6e7fcc08 Prepare release of cdist 7.0.0 2022-07-31 21:59:35 +02:00
Nico Schottelius
d4bf41ce3b ++changelog 2022-07-29 10:57:01 +02:00
7de931829a Merge pull request 'Add Check Point Gaia (FW1) management and firewall appliances to explorers' (#339) from stephan/cdist:master into master
Reviewed-on: ungleich-public/cdist#339
2022-07-29 08:56:09 +00:00
17466452f0 revert __line for clean PR history 2022-07-28 17:53:41 +02:00
7d8fc8a5c3 improve checkpoint sed, add __line changes 2022-07-28 17:18:41 +02:00
6243165645 add create and ifexists to line type 2022-07-28 16:27:12 +02:00
483f0c1614 add Check Point Gaia 2022-07-13 14:50:17 +02:00
ff6b2d0abf Merge pull request 'master' (#2) from ungleich-public/cdist:master into master
Reviewed-on: stephan/cdist#2
2022-07-13 11:58:31 +00:00
Nico Schottelius
339ca9347b ++changelog 2022-07-02 19:21:27 +02:00
5a7542db75 Merge pull request 'Handle signed-by option in __apt_source' (#335) from fancsali/cdist:apt-source-signed-by into master
Reviewed-on: ungleich-public/cdist#335
2022-07-02 17:20:29 +00:00
0ae37b3445 Handle signed-by option in __apt_source
Allow users to specify a GPG key fingerprint or keyring file to be
included as the 'signed-by' option.
2022-07-01 16:14:38 +01:00
5e6cde1398 Merge pull request 'master' (#1) from ungleich-public/cdist:master into master
Reviewed-on: stephan/cdist#1
2022-05-20 13:17:47 +00:00
Nico Schottelius
77d9a757ec ++changelog 2022-05-20 14:58:45 +02:00
e5adcf451b Merge pull request 'bug: apt-ppa-noninteractive' (#327) from romain-dartigues/cdist:apt-ppa-noninteractive into master
Reviewed-on: ungleich-public/cdist#327
2022-05-20 12:57:08 +00:00
Nico Schottelius
9839c2d8ec ++changelog
Signed-off-by: Nico Schottelius <nico@nico-notebook.schottelius.org>
2022-05-20 14:55:12 +02:00
1edc4d0a60 Merge pull request 'add optional file parameter to allow for use in a loop without object_id clashes' (#334) from stephan/cdist:master into master
Reviewed-on: ungleich-public/cdist#334
2022-05-20 12:53:13 +00:00
3d58c9b24f add optional file parameter to allow for use in a loop without object_id clashes 2022-05-20 13:48:07 +02:00
Steven Armstrong
6c8c692a22 __file: kiss and fix regression on Mac OSX
Signed-off-by: Steven Armstrong <steven@armstrong.cc>
2022-05-02 23:25:59 +02:00
Steven Armstrong
abbc7dfc37 since we already remove the destination, we have no need to use -T on move, fixes #333
Signed-off-by: Steven Armstrong <steven@armstrong.cc>
2022-04-16 19:05:31 +02:00
Steven Armstrong
8b915b15b5 __file: make the create-empty-file case work again
Signed-off-by: Steven Armstrong <steven@armstrong.cc>
2022-04-14 00:46:13 +02:00
Steven Armstrong
2df2578e36 __file: remove the questionable check for uploadfile existence
Signed-off-by: Steven Armstrong <steven@armstrong.cc>
2022-04-14 00:27:28 +02:00
Steven Armstrong
6f8c774cb0 workaround mktemp -u checking for write access
Signed-off-by: Steven Armstrong <steven@armstrong.cc>
2022-04-14 00:16:10 +02:00
54a5cb17b7 use add-apt-repository instead of add-apt-repository
Remove `remove-apt-repository` which is now no longer needed;
use `add-apt-repository` which allow removal through the `-r` flag.
2022-04-11 21:09:31 +02:00
cb0fa0f2e4 force add-apt-repository to act in non-interactive mode 2022-04-11 21:05:56 +02:00
Steven Armstrong
af54fe6feb changelog++
Signed-off-by: Steven Armstrong <steven@armstrong.cc>
2022-04-11 00:04:41 +02:00
Steven Armstrong
22039284f5 __file: make file uploading and attribute changes more atomic
Fixes ungleich-public/cdist#331

Signed-off-by: Steven Armstrong <steven@armstrong.cc>
2022-04-10 23:52:53 +02:00
bd44c023d3 Fix typos; add default priority; comments in generated files 2022-03-09 16:17:11 +01:00
Nico Schottelius
e0150e7796 ++changes 2022-03-09 16:16:49 +01:00
15e1ce6450 Merge pull request 'Added rm of tmpfile.' (#330) from mark/cdist:__ssh_authorized_keys-rm into master
Reviewed-on: ungleich-public/cdist#330
2022-03-09 15:12:21 +00:00
Mark Verboom
08ff41efde Added rm of tmpfile. 2022-03-08 12:04:58 +01:00
c2c5668b70 ++changelog 2021-12-23 20:08:49 +01:00
6e3ad11ea0 [__package_upgrade_all] Add new --apt-with-new-pkgs argument 2021-12-23 20:07:28 +01:00
fnux
fc6ddac718 Merge pull request 'Python 3.10: collections.X -> collections.abc.X' (#323) from py3.10 into master
Reviewed-on: ungleich-public/cdist#323
2021-12-16 13:04:51 +00:00
3a321469a8
Python 3.10: collections.X -> collections.abc.X 2021-12-02 12:02:36 +01:00
e2500248f2 ++changelog 2021-11-03 11:03:33 +01:00
0b710c6173 Merge branch 'haproxy-dualstack' into 'master'
[__haproxy_dualstack] New type with PROXY protocol support

See merge request ungleich-public/cdist!1027
2021-11-03 07:38:24 +01:00
c33d99ee12 [__haproxy_dualstack] New type with PROXY protocol support
This is backwards compatible with what is already used internally @ungleich, but
adds on top of that the ability to customise ports and, most importantly, it
adds PROXY protocol support.
2021-10-31 17:38:10 +01:00
560374a686 ++changelog 2021-10-01 13:16:11 +02:00
fc9bd40c9a Improve bullseye support, perticularly __letsencrypt_cert 2021-10-01 13:14:57 +02:00
5b7cca99f7 ++changelog 2021-10-01 12:09:42 +02:00
15c642a9b7 [__debconf_set_selections] Fix --file not being supported
Even if deprecated, the parameter *must* be supported, which isn't the case
right now.

This was due to a misunderstanding of how deprecating parameters work, see:
https://www.cdi.st/manual/latest/cdist-type.html#deprecated-parameters
2021-10-01 12:06:45 +02:00
Darko Poljak
bf222d0543 ++changelog 2021-09-21 08:55:54 +02:00
433399d4dc Merge branch 'fix/__package_apt/allow-releaseinfo-change' into 'master'
__package_apt: fix complain about suite change

See merge request ungleich-public/cdist!1023
2021-09-21 08:55:06 +02:00
12c536dbf9 Merge branch 'fix/__apt_source/allow-releaseinfo-change' into 'master'
__apt_source: fix complain about suite change

See merge request ungleich-public/cdist!1022
2021-09-21 08:54:49 +02:00
67a6965e1d Merge branch 'fix/__package_update_index/allow-releaseinfo-change' into 'master'
__package_update_index: fix complain about suite change

See merge request ungleich-public/cdist!1021
2021-09-21 08:54:27 +02:00
398ee1e416 Merge branch 'fix/__apt_update_index/allow-releaseinfo-change' into 'master'
__apt_update_index: fix complain about suite change

See merge request ungleich-public/cdist!1020
2021-09-21 08:53:29 +02:00
b209adcfca Merge branch 'ander/__sed' into 'master'
new type: __sed

See merge request ungleich-public/cdist!1006
2021-09-21 08:52:29 +02:00
72ff48154c
add comments, add -u to diff 2021-09-16 21:36:39 +03:00
3d7b31cbb4 __package_apt: fix complain about suite change
the last fix for ticket #861 :-)
2021-09-15 15:22:16 +02:00
d246e06710 __apt_update_index: fix complain about suite change
1 of 4th fix for ticket #861
2021-09-15 15:15:49 +02:00
12787ffe2c __apt_source: fix complain about suite change
3 of 4th fix for ticket #861
2021-09-15 15:13:52 +02:00
7b6789ddeb __package_update_index: fix complain about suite change
2 of 4th fix for ticket #861
2021-09-15 15:04:12 +02:00
cd4acde67e
grammar 2021-09-15 09:22:27 +03:00
5bf0c71e7a
update man 2021-09-14 22:45:36 +03:00
aabef7f44a
remove reading script from file 2021-09-14 22:40:06 +03:00
b7f392fa37
use -E for better compat (not really sure if it is posix at all) 2021-09-14 22:38:55 +03:00
90488fcebc
use -e 2021-09-14 22:27:42 +03:00
0f6e48dbc6
use $__object/tempfile in target instead of mktemp, add comments 2021-09-14 22:24:26 +03:00
d7fdc8006f
allow empty file 2021-09-14 21:54:45 +03:00
fcd730f905
Merge branch 'master' into ander/__sed 2021-09-14 21:52:12 +03:00
Darko Poljak
b8eb6e984c ++changelog 2021-08-24 20:48:14 +02:00
b762ea0233 Merge branch 'feature/explorer/machine_type/rewrite' into 'master'
explorer/machine type: Rewrite

See merge request ungleich-public/cdist!1010
2021-08-24 20:46:28 +02:00
Darko Poljak
44741e714b Release 6.9.8 2021-08-24 20:33:17 +02:00
Darko Poljak
0546283d0e Update shellcheck disable 2021-08-24 20:33:17 +02:00
Darko Poljak
46ed48d546 ++changelog 2021-08-24 08:09:47 +02:00
c683bce66e Merge branch 'ander/os_version_debian_sid' into 'master'
[explorer/os_version] add new debian code names: bookworm and trixie

See merge request ungleich-public/cdist!1019
2021-08-24 08:08:59 +02:00
e1e1348998
[explorer/os_version] use 99.99 as fallback for unknown code names in */sid 2021-08-23 10:47:21 +03:00
67f85546ec
[explorer/os_version] add new debian code names: bookworm and trixie 2021-08-23 10:09:41 +03:00
Dennis Camera
05c2a62191 [explorer/machine_type] Implement chroot detection using /proc/.../mountinfo 2021-08-05 13:52:51 +02:00
Dennis Camera
5af1317c29 [explorer/machine_type] Try to detect chroot path 2021-08-05 13:52:51 +02:00
Dennis Camera
4a05669765 [explorer/machine_type] Implement chroot detection 2021-08-05 13:52:51 +02:00
Dennis Camera
23fbfaf035 [explorer/machine_type] Use systemd-detect-virt (if available) to detect containers and VMs 2021-08-05 13:52:51 +02:00
Dennis Camera
2ffa895f57 [explorer/machine_type] Remove CPUID check
it's a lot of code and depends on a binary helper unlikely to be installed.
2021-08-05 13:52:51 +02:00
Dennis Camera
abc6d009b2 [explorer/machine_type] Print top most machine layer as first line (fallback to physical) 2021-08-05 13:52:51 +02:00
Dennis Camera
edcac70b2a [explorer/machine_type] Reimplement 2021-08-05 13:52:51 +02:00
Darko Poljak
3ae5a606ca ++changelog 2021-08-05 10:27:51 +02:00
841ebb9b88 Merge branch 'fix/explorer/os_version/old-freebsd' into 'master'
explorer/os_version: fix for FreeBSD < 10.0 (again)

See merge request ungleich-public/cdist!1017
2021-08-05 10:26:33 +02:00
39dcb41349 Merge branch 'fix/explorer/os_version/legacy-macosx' into 'master'
explorer/os_version: Fix for legacy Mac OS X versions

See merge request ungleich-public/cdist!1018
2021-08-05 10:25:17 +02:00
d37772f3ea Merge branch 'fix/type/__update_alternatives/dry-run' into 'master'
update alternatives: fixes for dry runs and non-English systems

See merge request ungleich-public/cdist!1016
2021-08-05 10:23:29 +02:00
49a9bcdf93 Merge branch 'fix/explorer/memory/gt-2g' into 'master'
explorer/memory: fix conversion of large numbers (>= 2GiB)

See merge request ungleich-public/cdist!1015
2021-08-05 10:23:20 +02:00
f9ce4bc33a Merge branch 'feature/explorer/os_version/ubuntu-os-release-fallback' into 'master'
explorer/os_version: Fall back to os-release/lsb-release file on Ubuntu

See merge request ungleich-public/cdist!1014
2021-08-05 10:20:53 +02:00
Dennis Camera
2a0c073d40 [explorer/os_version] Fix for legacy Mac OS X versions 2021-08-04 21:55:56 +02:00
Dennis Camera
bbcc81a984 [type/__update_alternatives] Fix for non-English locales
Since update-alternatives(1) is localized, screen scraping its output breaks
if the locale is set to non-English.
2021-08-04 21:44:04 +02:00
Dennis Camera
0b3b47396f [type/__update_alternatives] dry-run fixes 2021-08-04 21:39:39 +02:00
Dennis Camera
a7d6481a7d [type/__update_alternatives] Secure cdist-defined environment variables with :? 2021-08-04 21:38:21 +02:00
Dennis Camera
83fe6e9f5b [explorer/memory] Fix conversion of large numbers (>= 2GiB)
At least mawk uses scientific notation when using print for
numbers >=2^31 (INT_MAX of a signed 32-bit int).

`printf "%.f\n"` works around this.
2021-08-04 20:45:14 +02:00
Dennis Camera
e108cbc205 [explorer/os_version] Ubuntu: fall back to os-release/lsb-release files 2021-08-04 20:44:17 +02:00
Dennis Camera
53334fb4eb [explorer/os_version] Fix for FreeBSD < 10.0 (again) 2021-08-04 19:50:10 +02:00
Darko Poljak
542674dae8 ++changelog 2021-07-30 10:30:33 +02:00
b0e00efe64 Merge branch 'filesystem-ubuntu' into 'master'
[filesystem] Add ubuntu as supported distribution.

See merge request ungleich-public/cdist!1013
2021-07-30 10:29:55 +02:00
4156fea900
[filesystem] Add ubuntu as supported distribution. 2021-07-28 12:56:39 +02:00
Darko Poljak
cb8695cc88 ++changelog 2021-07-24 12:53:39 +02:00
7ce68e3cb7 Merge branch 'evilham-compatibility-fixes' into 'master'
Improve Makefile compatibility and build docs

See merge request ungleich-public/cdist!1012
2021-07-24 12:52:41 +02:00
67bcc6cae3 Improve Makefile compatibility and build docs
We now use `$(MAKE)` for subsequent calls to `make`.
This means that systems that do not default to GNU make can run `gmake man` and
produce the man pages.

While there also document a dependency on the rtd theme for sphinx.
2021-07-24 02:37:58 +02:00
Darko Poljak
71fee1fd6b ++changelog 2021-07-23 08:06:45 +02:00
4307e8e7fa Merge branch 'fix/logging/custom-levels' into 'master'
Define custom log functions on logging.Logger

See merge request ungleich-public/cdist!1011
2021-07-23 08:06:13 +02:00
Dennis Camera
fed01ded83 [cdist.log] Define custom log functions on logging.Logger
Define out custom logger functions on logging.Logger so that they are passed on
to all other loggers.

Also, the logger functions need to take a self argument so that they can log on
the corrent Logger.
2021-07-22 11:28:48 +02:00
f730aa7679 Merge branch 'feature/docs/bump-copyright' into 'master'
docs: Bump copyright year to 2021

See merge request ungleich-public/cdist!1009
2021-07-20 14:29:46 +02:00
Dennis Camera
c7daaabc6c [docs] Bump copyright year to 2021 2021-07-20 09:03:16 +02:00
Darko Poljak
fbc9594729 ++changelog 2021-07-20 06:38:46 +02:00
bf0c355fe7 Merge branch 'feature/explorer/os_version/devuan-ceres' into 'master'
explorer/os_version: Convert Devuan ceres to version number

See merge request ungleich-public/cdist!1008
2021-07-20 06:37:40 +02:00
Dennis Camera
24c9406ea0 [explorer/os_version] Convert Devuan ceres to version number
Conversion of Devuan ceres to version numbers is done based on Devuan codenames.
The version number is the version number of the final release - 0.01.

Analogous to Debian.
2021-07-19 12:14:20 +02:00
Darko Poljak
de11666161 ++changelog 2021-07-18 17:45:19 +02:00
8b160841ad Merge branch 'apt-pin-type' into 'master'
New type: __apt_pin - manage apt pinning

See merge request ungleich-public/cdist!1005
2021-07-18 17:44:04 +02:00
Darko Poljak
5229337611 ++changelog 2021-07-18 17:41:29 +02:00
917a5d1aa8 Merge branch 'ander/__rsync' into 'master'
[__rsync] rewrite

See merge request ungleich-public/cdist!1007
2021-07-18 17:40:51 +02:00
46b5c24cd2
use $__remote_exec for RSYNC_RSH 2021-07-18 16:25:00 +03:00
0e611af2a6
[__rsync] rewrite 2021-07-17 11:44:09 +03:00
Darko Poljak
65c43d3c1d Fix docs code block errors 2021-07-10 21:02:27 +02:00
Darko Poljak
77dab4c5c6 Release 6.9.7 2021-07-10 20:37:02 +02:00
Darko Poljak
3e76d1cd3f ++changelog 2021-07-08 08:09:05 +02:00
b8f601ee15 Merge branch 'rsync-ssh-multiplex' into 'master'
__rsync: Use $__remote_exec and thus the ssh multiplexing

See merge request ungleich-public/cdist!1001
2021-07-08 08:05:52 +02:00
cf0032d667
add messaging and exit earlier 2021-07-07 21:28:00 +03:00
7a5896acfa
add --onchange, fix shellcheck 2021-07-07 21:23:25 +03:00
485283f2e5
new type: __sed 2021-07-07 20:47:22 +03:00
166b58aeea Fix typo in distro names... 2021-07-05 15:32:27 +02:00
521241d741 Refine docs even more 2021-07-05 15:28:05 +02:00
be92731c5c Shell check quoting
We're actually echo-ing the command, hence the escape in front of the
quotes - the issue Shellcheck alludes too would actually occur, had the
escaping bakcslashes been omitted.
2021-07-05 12:44:09 +01:00
Darko Poljak
853e5cf7b4 ++changelog 2021-07-05 09:07:06 +02:00
d8da298cdf Merge branch '__snakeoil_cert' into 'master'
new type: __snakeoil_cert

See merge request ungleich-public/cdist!1002
2021-07-05 08:59:59 +02:00
fnux
44eeb4bbfc Merge branch 'scanner' into 'master'
usable cdist scan

See merge request ungleich-public/cdist!993
2021-07-05 07:44:28 +02:00
30ba796d06
new type: __snakeoil_cert 2021-07-02 10:09:38 +03:00
Darko Poljak
243a4b904a ++changelog 2021-07-02 06:50:02 +02:00
6528fd1c77 Merge branch 'feature/type/__debconf_set_selections/state-explorer' into 'master'
__debconf set selections: Add state explorer

See merge request ungleich-public/cdist!999
2021-07-02 06:49:24 +02:00
99188b4822 Merge branch '__download_improvements' into 'master'
[__download] improvements

See merge request ungleich-public/cdist!1003
2021-07-02 06:38:15 +02:00
62ea1d2721 Merge branch 'ander/update_readme' into 'master'
update README

See merge request ungleich-public/cdist!1004
2021-07-02 06:33:53 +02:00
a90e642c13
update README 2021-07-01 14:50:40 +03:00
60753ddfcc
fix shellcheck 2021-07-01 14:42:10 +03:00
d937d53f3d Add quotes to rsync command 2021-06-28 18:09:35 +01:00
2db40d8d70 Use $__remote_exec and thus the ssh multiplexing 2021-06-28 12:54:20 +02:00
7b3f268df2
[__download] improvements
1. post download checksum verification
2. detect hashes without prefix
3. add optional --destination
4. updated man
2021-06-22 16:36:30 +03:00
b726697e07 Add documentation 2021-06-11 15:05:33 +01:00
a3102022e1 More sensible defaults; reword debian-only error message 2021-06-11 15:05:17 +01:00
Darko Poljak
c308a28969 ++changelog 2021-06-10 06:39:55 +02:00
02aa88463a Merge branch 'fix/type/__pyvenv/group-explorer' into 'master'
__pyvenv: Fix group explorer

See merge request ungleich-public/cdist!998
2021-06-10 06:37:21 +02:00
Dennis Camera
6ede76b08b [type/__debconf_set_selections] man.rst: Fix line break in AUTHORS 2021-06-08 16:20:55 +02:00
Dennis Camera
d596986af8 [type/__pyvenv] Fix group explorer 2021-05-31 09:06:52 +02:00
Darko Poljak
defa3c22ea ++changelog 2021-05-29 11:21:34 +02:00
d2ce55ea6e Merge branch '__git_fix_group_explorer' into 'master'
[__git] fix group explorer

See merge request ungleich-public/cdist!992
2021-05-29 11:20:20 +02:00
e0c52d0e1d
[scanner] remove mention of non-implemented trigger soruce script 2021-05-26 11:27:11 +02:00
b8733c65f5
[scanner] fix minor CLI handling and --list bugs / typo 2021-05-26 11:26:35 +02:00
ab10b453f2
[scanner] populate cdist(1) 2021-05-26 11:15:41 +02:00
75c71f69c1
[scanner] pycodestyle compliance 2021-05-26 10:18:12 +02:00
503a06ed28
[__git] fix group explorer
group name from numberic id wasn't resolved correctly.

try to use getent and fallback to reading /etc/group directly.
2021-05-23 13:35:33 +03:00
6210cccb28 ++changelog 2021-05-10 12:34:04 +02:00
f14623e45f ++changelog 2021-05-10 12:17:08 +02:00
81b426e4e2 [__letsencrypt_cert] Revamp explorers, add locking.
Closes #839

See merge request ungleich-public/cdist!976

This patch joins all explorers in one to avoid starting multiple remote python
processes and uses a cdist-specific lock in /tmp/certbot.cdist.lock with a
60 seconds timeout.
2021-05-10 12:10:01 +02:00
a696f3cf00 [__letsencrypt_cert] Revamp explorers, add locking.
This would fix #839

Certbot uses locking [1] even for read-only operations and does not properly
use exit codes, which means that sometimes it would print:
"Another instance of Certbot is already running" and exit with success.

However, the previous explorers would take that as the certificate being absent
and would trigger code generation.

The issue was made worse by having many explorers running certbot, so for N
certificates, we'd run certbot N*4 times, potentially "in parallel".

[1]: https://certbot.eff.org/docs/using.html#id5

This patch joins all explorers in one to avoid starting multiple remote python
processes and uses a cdist-specific lock in /tmp/certbot.cdist.lock with a
60 seconds timeout.

It has been tested with certbot 0.31.0 and 0.17 that the:

    from certbot.main import main

trick works. It is somewhat well documented so it can be somewhat relied upon.
2021-05-10 12:10:00 +02:00
0b05a8f5f7 [__apt_key*] Deprecate __apt_key_uri and improve __apt_key
See: https://code.ungleich.ch/ungleich-public/cdist/-/merge_requests/994

Previously this type was falling back to using the deprecated apt-key(8) by
checking for existence of files/directories on the controller host in
gencode-remote.

Adding `--use-deprecated-apt-key` as an explicit boolean serves two purposes:
1. It prevents fallbacks that might end up doing the wrong thing
   (as was the case)
2. It allows for a simple way to remove keys from the keyring that were
   previously added with apt-key(8) to /etc/apt/trusted.gpg

This parameter is added marked as deprecated as is only intended use is to
migrate to directory-based keyrings as recommended by Debian for a few releases.
It will be removed when Debian 11 stops being supported.

During the review process of this merge request, it was noted that the state of
PGP Key Servers is somewhat suboptimal, that the examples encouraged bad
practise (it is trivial to produce collisions for short key IDs), and that 
this use does not require the Web of Trust, but instead only the public key
that is signing the repository.

That is why this also adds `--source` as an argument allowing for in-type or
in-manifest provision of such public keys by the type/manifest maintainer and
the use of Key Servers is still supported, but discouraged.
2021-05-10 12:08:23 +02:00
c00c8c2012 [__apt_key*] Deprecate __apt_key_uri and improve __apt_key
Previously this type was falling back to using the deprecated apt-key(8) by
checking for existence of files/directories on the controller host in
gencode-remote.

Adding `--use-deprecated-apt-key` as an explicit boolean serves two purposes:
1. It prevents fallbacks that might end up doing the wrong thing
   (as was the case)
2. It allows for a simple way to remove keys from the keyring that were
   previously added with apt-key(8) to /etc/apt/trusted.gpg

This parameter is added marked as deprecated as is only intended use is to
migrate to directory-based keyrings as recommended by Debian for a few releases.
It will be removed when Debian 11 stops being supported.

During the review process of this merge request, it was noted that the state of
PGP Key Servers is somewhat suboptimal, that the examples encouraged bad
practise (it is trivial to produce collisions for short key IDs), and that
this use does not require the Web of Trust, but instead only the public key
that is signing the repository.

That is why this also adds `--source` as an argument allowing for in-type or
in-manifest provision of such public keys by the type/manifest maintainer and
the use of Key Servers is still supported, but discouraged.
2021-05-10 12:08:22 +02:00
Dennis Camera
a42ebc7a78 [type/__debconf_set_selections] Synchronise objects
Works around locking error:

	debconf: DbDriver "config": /var/cache/debconf/config.dat is locked by another process: Resource temporarily unavailable
2021-04-27 19:46:07 +02:00
Darko Poljak
3a25b80466 ++changelog 2021-04-26 21:27:15 +02:00
3e190c3481 Merge branch 'feature/type/__postgres/postgres_user-explorer' into 'master'
__postgres_*: Improve OS support and some cleanup

See merge request ungleich-public/cdist!990
2021-04-26 21:26:38 +02:00
Dennis Camera
9cf19388ab [type/__debconf_set_selections] Send message about each debconf setting that is changed 2021-04-26 16:47:44 +02:00
Dennis Camera
a4122882f2 [type/__debconf_set_selections] Add state explorer
…and to make it work, replace --file with --line.

--file is deprecated because it does not work with the state explorer as the
contents of the file are not available on the target.
2021-04-26 16:39:51 +02:00
2232435c22
[scanner] initial documentation
Note: still needs to patch main cdist(1) manpage
2021-04-26 14:39:26 +02:00
3a9dd5b166
[scanner] add minimal (non-configurable) config mode 2021-04-26 12:09:55 +02:00
92fff7cb77
[scanner] fix crash on --list with name mapper provided 2021-04-26 12:09:44 +02:00
Dennis Camera
0f05f38384 [type/__postgres_role] Treat --password '' like no --password 2021-04-25 20:01:36 +02:00
Dennis Camera
0d33407b18 [type/__postgres_database] Proper quoting in state explorer 2021-04-25 20:01:36 +02:00
Dennis Camera
8296051653 [type/__postgres_extension] Add state explorer 2021-04-25 20:01:36 +02:00
Dennis Camera
3cf93249c3 [type/__postgres_extension] Include postgres_user explorer from __postgres_conf 2021-04-25 20:01:36 +02:00
Dennis Camera
beb8da6d5f [type/__postgres_role] Include postgres_user explorer from __postgres_conf 2021-04-25 20:01:36 +02:00
Dennis Camera
58b279a8d0 [type/__postgres_database] Improve quoting 2021-04-25 20:01:36 +02:00
Dennis Camera
6ac8cbf98f [type/__postgres_database] Include postgres_user explorer from __postgres_conf 2021-04-25 20:01:36 +02:00
Darko Poljak
512e9b23c0 ++changelog 2021-04-25 15:53:40 +02:00
71d79ed6ee Merge branch 'feature/type/__postgres_conf' into 'master'
__postgres_conf: new type

See merge request ungleich-public/cdist!972
2021-04-25 15:49:19 +02:00
13e2ad175f
[scanner] add host class, name mapper and pre-config logic 2021-04-25 12:45:34 +02:00
bb24d632d6
[scanner] implement the --list flag 2021-04-22 10:20:49 +02:00
a4464209b6
[scanner] add minimal error handling, consolidate CLI args processing 2021-04-22 09:31:06 +02:00
acf9bf91f1
[scanner] error to stderr and exit when scapy is not available 2021-04-22 08:55:14 +02:00
Darko Poljak
1bb696a410 Release 6.9.6 2021-04-20 07:33:07 +02:00
2f05467358 Merge branch 'fix/py-version-check' into 'master'
Fix Python version check

See merge request ungleich-public/cdist!991
2021-04-19 07:02:15 +02:00
Dennis Camera
1c047353a9 [bin/cdist] Fix Python version check 2021-04-17 09:57:10 +02:00
Dennis Camera
19bf37be1a [type/__postgres_conf] Update man.rst 2021-04-15 15:56:15 +02:00
Dennis Camera
686e4f0f2d [type/__postgres_conf] Reverse state logic (decide based on source first) 2021-04-15 15:50:03 +02:00
Dennis Camera
bef1433ba3 [type/__postgres_conf] Accept empty values 2021-04-15 15:50:03 +02:00
Dennis Camera
12c2995494 [type/__postgres_conf] Implement complex state compare logic 2021-04-15 15:50:02 +02:00
Dennis Camera
e0416403c4 [type/__postgres_conf] Add psql_conf_source function to state explorer 2021-04-15 15:50:02 +02:00
Dennis Camera
2ccc03fef1 [type/__postgres_conf] Add psql_conf_cmp function to state explorer 2021-04-15 15:50:02 +02:00
Dennis Camera
92b8942a8c [type/__postgres_conf] Add psql_exec function to state explorer 2021-04-15 15:50:02 +02:00
Darko Poljak
9ec01d9f97 ++changelog 2021-04-13 12:22:45 +02:00
e27e88512b Merge branch '__download_optional_sum' into 'master'
[__download] make --sum optional

See merge request ungleich-public/cdist!989
2021-04-13 12:21:49 +02:00
d2eec60668
[__download] make --sum optional 2021-04-11 23:16:00 +03:00
Darko Poljak
750c71fb5a Minor refactoring and remove code duplication 2021-04-07 10:25:26 +02:00
Darko Poljak
199effb7ef Improve unfinished object requirements bool check
When we need only boolean value for unfinished object requirements then
we don't need to determine the whole list of unfinished objects.
2021-04-06 19:35:14 +02:00
Darko Poljak
ab811ad282 ++changelog 2021-04-01 15:37:11 +02:00
ce79a2069c Merge branch 'fix/type/__pyvenv/numeric-owner' into 'master'
__pyvenv: Fix if --owner / --group is numeric

See merge request ungleich-public/cdist!988
2021-04-01 15:36:02 +02:00
c981f654f1 Merge branch 'fix/type/__git/numeric-owner' into 'master'
__git: Fix if --owner / --group is numeric

See merge request ungleich-public/cdist!987
2021-04-01 15:35:46 +02:00
87698395b8 Merge branch 'cleanup/string-formatting' into 'master'
Cleanup/string formatting

Closes #855

See merge request ungleich-public/cdist!985
2021-03-31 08:28:21 +02:00
Darko Poljak
4c2d273f07 Unify string formatting
Use one way of string formatting: replace old `%` style with new `str.format`.

Resolve #855.
2021-03-31 08:19:34 +02:00
Darko Poljak
f984a918b9 Fix log message string formatting
Use logging message format with args, instead of direct `%` or `str.format`.

Resolve #855.
2021-03-31 08:19:28 +02:00
Darko Poljak
1e765fcab7 ++changelog 2021-03-31 07:54:00 +02:00
28c13bd29b Merge branch 'feature/type-relationship-graph' into 'master'
Implement maintaining object relationship graph

See merge request ungleich-public/cdist!986
2021-03-31 07:52:42 +02:00
Dennis Camera
985252585c [type/__pyvenv] Fix if --owner / --group is numeric
Before, if --owner and/or --group was numeric, gencode-remote would generate
`chown` code every time.
2021-03-30 13:26:21 +02:00
Dennis Camera
167c2ad7ea [type/__git] Fix if --owner / --group is numeric
Before, if --owner and/or --group was numeric, gencode-remote would generate
`chown` code every time.
2021-03-30 13:24:56 +02:00
Darko Poljak
7a0b697f4c Implement maintaining object relationship graph
For each object maintain parent-child relationship graph, i.e. list of
parent objects ('parents' property) and list of children objects ('children'
property).

Objects without parent(s) are objects specified in init manifest.
Objects without children are object of types that do not reuse other types.
2021-03-30 12:09:59 +02:00
Darko Poljak
10ca1c12fd ++changelog 2021-03-12 08:21:03 +01:00
c55397766e Merge branch 'feature/type/__sshd_config/whitelist-openbmc' into 'master'
__sshd_config: Whitelist OpenBMC

See merge request ungleich-public/cdist!980
2021-03-12 08:20:35 +01:00
Dennis Camera
e47c4dd8a4 [type/__sshd_config] Whitelist OpenBMC in manifest 2021-03-11 14:17:44 +01:00
Darko Poljak
31cc592aa1 ++changelog 2021-03-10 19:25:04 +01:00
2f4a7e1a94 Merge branch 'fix/type/__ssh_authorized_key/grep-only-if-file-exists' into 'master'
__ssh_authorized_key: only grep if file exists

See merge request ungleich-public/cdist!979
2021-03-10 19:24:23 +01:00
Dennis Camera
fb19f34266 [type/__ssh_authorized_key] Only grep if file exists 2021-03-09 21:15:26 +01:00
Steven Armstrong
ecba284fc8 changelog++
Signed-off-by: Steven Armstrong <steven@icarus.ethz.ch>
2021-03-05 16:13:02 +01:00
Steven Armstrong
ea0126dd81 Make local state dir available to custom remote scripts
Signed-off-by: Steven Armstrong <steven@icarus.ethz.ch>
2021-03-05 16:11:49 +01:00
Darko Poljak
e7d33891df ++changelog 2021-03-02 09:29:33 +01:00
1bc0d912bf Merge branch 'fix/type/__pyvenv/man-typo' into 'master'
__pyvenv: Fix user example

See merge request ungleich-public/cdist!978
2021-03-02 09:28:50 +01:00
Dennis Camera
8ef19d47f6 [type/__pyvenv] Fix example (--user -> --owner) 2021-03-01 17:59:45 +01:00
Darko Poljak
60fd7ba1f3 Release 6.9.5 2021-02-28 13:37:23 +01:00
dc66efa690 Fix shellcheck issues 2021-02-23 11:59:09 +00:00
1a74470c4d __apt_pin: Always use $__object_id as preferences.d filename 2021-02-23 09:43:02 +00:00
0734288483 First draft of __apt_pin 2021-02-23 09:43:02 +00:00
Darko Poljak
22f637c15b ++changelog 2021-02-23 06:29:24 +01:00
6358885d26 Merge branch 'feature/__package_pip/extras' into 'master'
__package_pip: add optional (extra) dependencies

See merge request ungleich-public/cdist!975
2021-02-23 06:27:09 +01:00
Darko Poljak
5e0572189f ++changelog 2021-02-22 09:11:22 +01:00
b3a9c907ad Merge branch '__letsencrypt_cert-fix-hooks' into 'master'
[__letsencrypt_cert] Fix various issues with hooks.

Closes #853

See merge request ungleich-public/cdist!977
2021-02-22 09:09:45 +01:00
e854db096e Merge branch 'fix/type/__postgres_role/implement-alter' into 'master'
__postgres_role: implement modification of roles

See merge request ungleich-public/cdist!973
2021-02-22 08:58:58 +01:00
d1f45d3524 __package_pip: corrected typo in man
.. by fully replacing it with a smaller sentence.
2021-02-19 09:03:56 +01:00
Dennis Camera
0835f414a5 [type/__postgres_conf] Extract PostgreSQL service user detection to separate explorer 2021-02-16 16:03:23 +01:00
2ce1fce767 __package_pip: match package names case insensitive
Pip matches them insensitive, so we need to do the same to avoid
problems by saying extras are not installed but already is there in
place.
2021-02-15 16:17:46 +01:00
951712740f __package_pip: update man.rst
Adjusted comments for `explorer/extras` and updated the man page for the
new behaviour of updating the extras.
2021-02-12 13:42:51 +01:00
a9d7dfb2ed __package_pip: split extra 'all' to a list of all extras
This will fix if a package will be upgraded from some extras to all
extras. Previously, it will not work because some dependencies of 'all'
are already installed, so the feature 'all' is already installed.

Now, it will use a list of all extras to iterate over them separatly. This
will result it will never install all extras via `[all]`, but rather
`[foo,bar]`.
2021-02-12 09:17:02 +01:00
7398382890 __package_pip: fix shellcheck
Useless `cat $file`, use `< $file` instead.
2021-02-11 23:12:10 +01:00
2db0ef7c98 __package_pip: updating real detection of extras
As the previous detection took the wrong values, this explorer now
checks if packages for an extra are installed or not. If not, the extra
is not installed.

Based on the information of the explorer, it will install the package
again with the absent extras.
2021-02-11 22:53:26 +01:00
8dc6ab9738 __package_pip: install not found extras
Compares the explorer against the parameters and install those extras
that are not already installed.
2021-02-11 13:49:53 +01:00
4717e5ceff __package_pip: add extras explorer
The two new explorers detect all installed extras for this package.
2021-02-11 10:31:07 +01:00
aa80c09c80 [__letsencrypt_cert] Move hook contents generation out of manifest
While there address some minor issues in the comments in the hook contents.
2021-02-10 10:10:21 +01:00
b832af5e3b [__letsencrypt_cert] Don't mess with user script indentation
This could break in odd ways if they passed sth like:
cat <<eof
bla bla
eof
2021-02-09 20:53:58 +01:00
e49da474c4 [__letsencrypt_cert] Remove problematic trailing slash in sed.
Happy fingers are happy and like adding slashes places.
2021-02-09 20:29:17 +01:00
bc145bbc27 [__letsencrypt_cert] Fix various issues with hooks.
Closes #853, see issue for full description / discussion.

Short summary:
- There was about 6.53% chances of `--renewal-hook` not being applied
- Using --automatic-renewal in one cert and not in another was an error.
- It was not possible to use different hooks for different certificates.
- FreeBSD support was utterly broken.
2021-02-09 19:58:47 +01:00
Darko Poljak
65a6a2ed52 ++changelog 2021-02-08 08:28:31 +01:00
c8141d28c3 Merge branch 'fix/explorer/memory' into 'master'
explorer/memory: fix to return result in kiB for all systems and add support for Solaris

See merge request ungleich-public/cdist!967
2021-02-08 08:27:07 +01:00
cda17be38a [explorer/memory] Clean up, return kiB for all systems, add SunOS
BSDs were MiB before.
2021-02-08 08:27:03 +01:00
73a03d75d7 __package_pip: fix shellcheck 2021-02-04 19:18:02 +01:00
8eccacec59 __package_pip: add optional dependencies
This is a poor implementation of optional dependencies for pip packages.
It ensures to install them if the package will be installed, but does
not take into account if they must be added/removed after the package is
already installed. Also, it will not be autoremoved, as all dependencies
will not be removed.
2021-02-04 19:09:26 +01:00
Dennis Camera
6b18cace75 [type/__postgres_conf] Catch connection errors early 2021-01-26 14:01:44 +01:00
Dennis Camera
f9ebb4333c [type/__postgres_conf] Add NetBSD PostgreSQL UNIX user 2021-01-26 14:01:44 +01:00
Dennis Camera
4967c7ebbb [type/__postgres_conf] Silence psql output 2021-01-26 14:01:44 +01:00
Dennis Camera
3f605c31ac [type/__postgres_conf] Add support for more init systems to restart service 2021-01-26 14:01:44 +01:00
Dennis Camera
0f2ff47738 [type/__postgres_conf] Restart PostgreSQL server based on pending_restart column of pg_settings 2021-01-26 14:01:44 +01:00
Dennis Camera
5051d4f40b [type/__postgres_conf] Catch invalid values 2021-01-26 14:01:44 +01:00
Dennis Camera
891c98567e [type/__postgres_conf] Compare configuration parameter names case insensitively 2021-01-26 14:01:44 +01:00
Dennis Camera
803367b316 [type/__postgres_conf] Fix default detection when default is also set in config file
e.g. port is usually also set to the default value in postgresql.conf
2021-01-26 14:01:44 +01:00
Dennis Camera
1b49fec972 [type/__postgres_conf] Refactor 2021-01-26 14:01:43 +01:00
Beni Ruef
b4060720dc [type/__postgres_conf] Fix psql options for ALTER command 2021-01-26 14:01:43 +01:00
Beni Ruef
50bcd95105 [type/__postgres_conf] Remove faulty quotes 2021-01-26 14:01:43 +01:00
Beni Ruef
534d5f6bb5 [type/__postgres_conf] Fix errors found by ShellCheck 2021-01-26 14:01:43 +01:00
Beni Ruef
c51d68a737 [type/__postgres_conf] New type based on ALTER SYSTEM command 2021-01-26 14:01:43 +01:00
Dennis Camera
35cde3e666 [type/__postgres_role] Fix state explorer when stored password is empty 2021-01-18 13:09:29 +01:00
Darko Poljak
92a50da487 Fix pycodestyle issues 2021-01-18 06:28:09 +01:00
Darko Poljak
6e9b13d949 ++changelog 2021-01-18 06:22:32 +01:00
878a65a8b7 Merge branch 'fix/type/__sshd_config/error-on-invalid' into 'master'
sshd config: Produce error if invalid config is generated, fix processing of AuthenticationMethods and AuthorizedKeysFile, document explorer bug

See merge request ungleich-public/cdist!968
2021-01-18 06:22:02 +01:00
cce470b556 Merge branch 'bugfix/preos-debug' into 'master'
Fix debug parameter

Closes #849

See merge request ungleich-public/cdist!970
2021-01-18 06:17:36 +01:00
Dennis Camera
2954347771 [type/__postgres_role] Add note regarding empty passwords 2021-01-14 13:46:40 +01:00
Nico Schottelius
f0e1b3b849 Merge branch 'master' of code.ungleich.ch:ungleich-public/cdist 2021-01-11 22:20:50 +01:00
Darko Poljak
c819548343 Fix debug parameter
-d was removed from cdist in favor of mulitple -v and -l parameters, but
-d was not removed from preos.

Resolve #849.
2021-01-11 09:51:52 +01:00
Dennis Camera
bd8ab8f26f [type/__sshd_config] Document "bug" in state explorer 2021-01-05 17:02:42 +01:00
Dennis Camera
8753b7eedf [type/__sshd_config] Make AuthenticationMethods and AuthorizedKeysFile singleton options
They were incorrectly treated as non-singleton options before.

cf. https://github.com/openssh/openssh-portable/blob/V_8_4/servconf.c#L2273
and https://github.com/openssh/openssh-portable/blob/V_8_4/servconf.c#L1899 resp.
2021-01-05 16:59:04 +01:00
Dennis Camera
766198912d [type/__sshd_config] Produce error if invalid config file is generated
Previously, cdist would silently swallow the error (no invalid config file was
generated).

Reason: `set -e` does not exit if a command in a sub-command group fails,
it merely returns with a non-zero exit status.

e.g. the following snippet does not abort the script if sshd -t returns with a
non-zero exit status:

    set -e
    cmp -s old new || {
        # check config file and update it
        sshd -t -f new \
        && cat new >old
    }

or compressed:

    set -e
    false || { false && true; }
    echo $?
    # prints 1
2021-01-05 15:50:21 +01:00
Darko Poljak
7cf85c4659 Release 6.9.4 2020-12-21 19:21:51 +01:00
Nico Schottelius
a10d43bc69 Merge branch 'master' of code.ungleich.ch:ungleich-public/cdist 2020-12-20 11:42:44 +01:00
Darko Poljak
4bae2863db ++changelog 2020-12-18 12:54:33 +01:00
3566901e1c Merge branch '__dot_file-dirmode' into 'master'
Added optional dirmode parameter to set the mode of (optional) the directory.

See merge request ungleich-public/cdist!966
2020-12-18 12:50:30 +01:00
Mark Verboom
8dc2c4207c Added optional dirmode parameter to set the mode of (optional) the directory. 2020-12-18 11:16:28 +01:00
Dennis Camera
99d82fd0d5 [type/__postgres_role] Always set psql -q 2020-12-17 17:05:58 +01:00
Dennis Camera
1180f13ed6 [type/__postgres_role] Fix setting password
We need to make sure that the password does not end up in ~/.psql_history.
2020-12-17 17:03:58 +01:00
Dennis Camera
4859c27900 [type/__postgres_role] Refactor gencode-remote 2020-12-17 16:57:43 +01:00
Dennis Camera
7b7ca4d385 [type/__postgres_role] Handle password changes 2020-12-16 19:07:05 +01:00
Dennis Camera
c36df82882 [type/__postgres_role] ALTER ROLE when parameters change 2020-12-15 21:11:48 +01:00
Dennis Camera
932e2496ed [type/__postgres_role] Lint 2020-12-15 18:40:39 +01:00
Darko Poljak
71f2283117 ++changelog 2020-12-13 16:03:39 +01:00
f87da8150c Merge branch 'type/__debian_backports' into 'master'
__apt_backports type

See merge request ungleich-public/cdist!964
2020-12-13 16:03:31 +01:00
ae747ac021 Merge branch 'os_version-freebsd' into 'master'
[explorer/os_version] Improve FreeBSD support.

See merge request ungleich-public/cdist!965
2020-12-13 16:00:45 +01:00
27aca06fb8 __apt_backports: undo __apt_update_index call
Becuase it is already done by __apt_source.
2020-12-12 17:34:51 +01:00
fca35fc858 __apt_backports: fix explorer call
s/-/_/ because the explorers are following an other convention :-)
2020-12-12 17:29:58 +01:00
645734c629 [explorer/os_version] Improve FreeBSD support.
It looks like uname -r is not the most reliable way to get the target patch
level for the target system.

For more information see:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743
2020-12-12 12:15:17 +01:00
fafa3d9ea5 __apt_backports: update index if required
This type now automatically calls the type __apt_update_index to update
the package index if something changed.
2020-12-12 10:00:23 +01:00
49aec0b5e4 __apt_backports: list supported OSes
The manpage now lists all OSes where this type supports backports.
2020-12-12 09:40:47 +01:00
c4d19a2319 __debian_backports -> __apt_backports; add wider os support
As discussed in the chat, this type now supports a broader list of OSes
which it supports backports for. Because of this, it was renamed to
something more generic. "apt" should fit in.
2020-12-12 09:36:17 +01:00
Nico Schottelius
69b8bc9af0 Merge branch 'master' of code.ungleich.ch:ungleich-public/cdist 2020-12-11 19:38:03 +01:00
Nico Schottelius
bc2948a8a5 ++scan stuff 2020-12-11 19:37:53 +01:00
0d96b31b56 __debian_backports: pass shellcheck for sourced file
Because the sourced explorer can't be detected by shellcheck, it will be
completely disabled. Changing the path to /etc/os-release isn't
deterministic either.

The shellcheck wiki page suggests to use `source=/dev/null` instead of
`disable=SC1090`, but it was choosen to completely avoid that check ..
2020-12-11 18:13:44 +01:00
a5169ad858 new type __debian_backports
This new type will setup the backports distribution for the current
Debian release.
2020-12-10 21:24:26 +01:00
Darko Poljak
a58f5ffa7f ++changelog 2020-12-08 19:36:44 +01:00
0546d6e476 Merge branch 'fix/__block/escape' into 'master'
__block: fix escaping in here-doc

Closes #838

See merge request ungleich-public/cdist!962
2020-12-08 19:36:45 +01:00
Darko Poljak
14c81d6c7e ++changelog 2020-12-08 07:16:26 +01:00
a1987fe410 Merge branch 'feature/__iptables_rule/ipv6' into 'master'
__iptables*: add IPv6 support

See merge request ungleich-public/cdist!959
2020-12-08 07:10:29 +01:00
c5ca4cd2e1 __block: securly quote via the quote function
Because the function already exists, it will be used for the file to be
changed, too. Therefor, no quotes are required for that value.

The prefix and suffix match was also improved: There is no regex check
any more (the regex did checked the whole line); instead it will do it
simple.
2020-12-07 19:59:05 +01:00
Darko Poljak
2966296173 ++changelog 2020-12-07 19:47:52 +01:00
226f665fb5 Merge branch 'imp-deprecation' into 'master'
Deal with deprecation of imp module.

See merge request ungleich-public/cdist!963
2020-12-07 19:48:08 +01:00
1c61989c03 Merge branch 'fix/type/__package_pkgng_freebsd/bootstrap' into 'master'
__package_pkgng_freebsd: Fix bootstrapping pkg(7)

See merge request ungleich-public/cdist!961
2020-12-07 19:42:21 +01:00
bed08c2c5c Deal with deprecation of imp module.
importlib has been a thing since Python 3.1, and imp has been deprecated since
3.4.

Insert random complaint here about not being able to use f-strings because they
were introduced in Python 3.6 and apparently we support Python 3.5 >,<.

Output diff before to after for ./bin/cdist-build-helper test (on heavy load):
```
1,2d0
< /usr/home/evilham/s/cdist/cdist/cdist/test/__main__.py:23: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses
<   import imp
72c70
< ERROR: cdisttesthost: __file/tmp/foobar requires object __file without object id. Defined at /tmp/tmp.cdist.test.g87lx7c8/tmp.cdist.test.6ramsakx
---
> ERROR: cdisttesthost: __file/tmp/foobar requires object __file without object id. Defined at /tmp/tmp.cdist.test.aqdf6vjz/tmp.cdist.test.jgv3udel
76c74
< test_nonexistent_type_requirement (cdist.test.emulator.EmulatorTestCase) ... ERROR: cdisttesthost: __file/tmp/foobar requires object __does-not-exist/some-id, but type __does-not-exist does not exist. Defined at /tmp/tmp.cdist.test.mma5j8ln/tmp.cdist.test.3zg4by4d
---
> test_nonexistent_type_requirement (cdist.test.emulator.EmulatorTestCase) ... ERROR: cdisttesthost: __file/tmp/foobar requires object __does-not-exist/some-id, but type __does-not-exist does not exist. Defined at /tmp/tmp.cdist.test.t8d6ockr/tmp.cdist.test.uimxurg9
86c84
< test_initial_manifest_environment (cdist.test.manifest.ManifestTestCase) ... VERBOSE: cdisttesthost: Running initial manifest /tmp/tmp.cdist.test.uvid60ij/759547ff4356de6e3d9e08522b0d0807/data/conf/manifest/dump_environment
---
> test_initial_manifest_environment (cdist.test.manifest.ManifestTestCase) ... VERBOSE: cdisttesthost: Running initial manifest /tmp/tmp.cdist.test._cttcnrj/759547ff4356de6e3d9e08522b0d0807/data/conf/manifest/dump_environment
89c87
< test_type_manifest_environment (cdist.test.manifest.ManifestTestCase) ... VERBOSE: cdisttesthost: Running type manifest /tmp/tmp.cdist.test.k1i2onpb/759547ff4356de6e3d9e08522b0d0807/data/conf/type/__dump_environment/manifest for object __dump_environment/whatever
---
> test_type_manifest_environment (cdist.test.manifest.ManifestTestCase) ... VERBOSE: cdisttesthost: Running type manifest /tmp/tmp.cdist.test.ukr7lrzd/759547ff4356de6e3d9e08522b0d0807/data/conf/type/__dump_environment/manifest for object __dump_environment/whatever
272c270
< Ran 225 tests in 44.457s
---
> Ran 225 tests in 43.750s
```
2020-12-06 20:24:00 +01:00
3930f69456 __block: fix escaping in here-doc
This changes the here-document to do not interpret any shell-things. It
also single-quotes some more strings that are printed to code-remote.

Fixes #838
2020-12-06 16:45:58 +01:00
087be130fa __iptables_apply: shorten copyright header
Do we need all the copyright header or is this sufficient? The licence
is given for cdist, but not on the target host. But it should be clear
anyway.
2020-12-04 19:23:49 +01:00
Dennis Camera
2d19856840 [type/__package_pkgng_freebsd] Set ASSUME_ALWAYS_YES instead of -y 2020-12-04 18:26:03 +01:00
ba7d16a155 __iptables_*: correct manpage spelling 2020-12-04 17:57:55 +01:00
Darko Poljak
d44b5cfdc9 Release 6.9.3 2020-12-04 15:31:35 +01:00
Darko Poljak
c7fa2efe6b ++changelog 2020-12-04 15:30:08 +01:00
74426a7827 Merge branch 'fix/pip-install' into 'master'
Hotfix: Add cdist.scan to packages

See merge request ungleich-public/cdist!960
2020-12-04 15:30:12 +01:00
Dennis Camera
1055e92545 [setup.py] Add cdist.scan to packages 2020-12-02 19:54:41 +01:00
a1db5c3d0e __iptables*: Update manpages for execution order
To make some thinks clear if someone needs it ..
2020-12-02 18:22:31 +01:00
bee255c1ae __iptables_apply: man updates 2020-12-02 18:04:50 +01:00
f568462e49 __iptables_rule: fix shellcheck SC2235 2020-12-02 17:48:41 +01:00
84172550df __iptables*: add IPv6 support
Because it currently only support IPv4. To implement this, it falls back
to IPv4 for backward compatibilty, but now supports rules for IPv6 and
both protocols at the same time.
2020-11-30 20:35:19 +01:00
Darko Poljak
23e0da521c Release 6.9.2 2020-11-20 19:46:55 +01:00
Darko Poljak
803a9d62a7 ++changelog 2020-11-20 19:46:03 +01:00
a234445e85 Merge branch 'feature/type/__localedef' into 'master'
__localedef: Add new type to replace __locale

See merge request ungleich-public/cdist!951
2020-11-20 19:42:52 +01:00
Darko Poljak
82eadb6994 ++changelog 2020-11-19 19:34:43 +01:00
58b28d2d75 Merge branch 'feature/type/__sshd_config' into 'master'
__sshd config: New type

See merge request ungleich-public/cdist!958
2020-11-19 19:33:49 +01:00
9d4f69250e __sshd config: New type 2020-11-19 19:33:47 +01:00
6c539d67af Merge branch 'fix/type/__hostname/fix-os-version-detection' into 'master'
__hostname: fix guessing of SuSE OS version

See merge request ungleich-public/cdist!953
2020-11-19 19:31:53 +01:00
d30cd5c2b2 Merge branch 'bugfix/in-script-import' into 'master'
Fix importing cdist module

Closes #845

See merge request ungleich-public/cdist!957
2020-11-14 15:09:42 +01:00
Dennis Camera
87faffd875 [type/__localdef] Also check for aliases in state explorer 2020-11-14 11:45:31 +01:00
Dennis Camera
eeb9871919 [type/__localedef] glibc: Also delete aliases when removing a locale 2020-11-14 11:45:31 +01:00
Dennis Camera
575bb62dc5 [type/__localedef] Externalise functions to separate files 2020-11-14 11:45:31 +01:00
Dennis Camera
c1c60e3374 [type/__localedef] Blacklist OpenBSD and NetBSD 2020-11-14 11:45:31 +01:00
Dennis Camera
dcef2c19f5 [type/__localedef] Add support for FreeBSD 2020-11-14 11:45:31 +01:00
Dennis Camera
f44888f192 [type/__localedef] Only install dependencies in manifest. OS checking moved to gencode-remote 2020-11-14 11:45:31 +01:00
Dennis Camera
cc29e54b85 [type/__localedef] Differentiate between OSes and better handling of normalized locale names 2020-11-14 11:45:31 +01:00
Dennis Camera
54e689f7c2 [type/__localedef] Add state explorer 2020-11-14 10:48:18 +01:00
Dennis Camera
f75d477209 Deprecate __locale and replace with __localedef 2020-11-14 10:48:18 +01:00
Darko Poljak
76aa00b12e Fix importing cdist module
Resolve #845.
2020-11-14 10:23:43 +01:00
Darko Poljak
5092752786 Update build helper script in .gitattributes 2020-11-14 09:59:30 +01:00
Darko Poljak
a07a458871 ++changelog 2020-11-13 06:43:01 +01:00
105797ccb4 Merge branch 'feature/type/__hwclock' into 'master'
__hwclock: New type

See merge request ungleich-public/cdist!956
2020-11-13 06:35:58 +01:00
17fb8bb5d5 Merge branch 'feature/tests/keep-going' into 'master'
cdist-build-helper shellcheck* keep going

See merge request ungleich-public/cdist!955
2020-11-13 06:32:31 +01:00
ac31e95ec0 Merge branch 'fix/ci' into 'master'
Make the pipeline green again

See merge request ungleich-public/cdist!954
2020-11-13 06:30:37 +01:00
Dennis Camera
ebf471e8d0 [type/__hwclock] Add new type 2020-11-13 02:32:45 +01:00
Dennis Camera
2f70a8b540 [bin/cdist-build-helper] Keep going in shellcheck targets 2020-11-11 15:25:46 +01:00
Dennis Camera
c39eb1dbce [cdist.emulator] Fix setting of log level (tests OK) 2020-11-11 15:16:33 +01:00
Dennis Camera
0ee3fda94d Fix paths to cdist executable 2020-11-11 15:05:04 +01:00
Dennis Camera
f82e0167aa [.gitlab-ci.yml] Make version before other targets 2020-11-11 14:49:04 +01:00
Dennis Camera
e2d4f8037a [bin/cdist-build-helper] Fix paths to ex scripts/ scripts 2020-11-11 14:45:05 +01:00
Dennis Camera
21dd500c05 Make pycodestyle pipeline happy 2020-11-11 14:44:44 +01:00
Dennis Camera
87a0d91587 [type/__hostname] Fix OS version detection for SuSE
everything should be suse now…
2020-11-11 14:21:35 +01:00
Dennis Camera
702f3eba4f [type/__hostname] Remove opensuse-leap OS string
everything should be suse now…
2020-11-11 14:21:35 +01:00
Dennis Camera
3e48ef9e11 [type/__hostname] Lint
- Error if expected environment variables are unset
- Always wrap variable expansions in {}
2020-11-11 14:21:35 +01:00
Darko Poljak
ba90651052 ++changelog 2020-11-11 07:49:32 +01:00
bf9d70bb8c Merge branch 'reorg' into 'master'
small reorganization

See merge request ungleich-public/cdist!942
2020-11-11 07:49:08 +01:00
461c287323 Merge branch 'feature/__locale/explorer' into 'master'
__locale: add state explorer

See merge request ungleich-public/cdist!950
2020-11-11 07:42:41 +01:00
304f420072 Merge branch 'docs/cdist-best-practice/24-9' into 'master'
docs: Add missing 'config' command in 24.9. Testing a new type

See merge request ungleich-public/cdist!952
2020-11-11 07:41:53 +01:00
792b4b1076 Add missing 'config' command 2020-11-09 12:08:54 +01:00
a95eab77a5 __locale: add state explorer
.. so it doesn't execute code all the time.
2020-11-08 15:28:14 +01:00
Darko Poljak
d2506ac04e Release 6.9.1 2020-11-08 13:31:57 +01:00
Darko Poljak
fded60bd0f ++changelog 2020-11-08 13:27:01 +01:00
fe8920740f Merge branch 'feature/__package_apt/recommends' into 'master'
__package_apt: add --install-recommends parameter

See merge request ungleich-public/cdist!949
2020-11-08 13:26:39 +01:00
729fdb9c1a Merge branch 'type/__dpkg_architecture' into 'master'
New type __dpkg_architecture

See merge request ungleich-public/cdist!948
2020-11-08 13:24:58 +01:00
1b3e1acd22 Merge branch 'feature/type/__hostname/openwrt-support' into 'master'
__hostname: Add support for OpenWrt

See merge request ungleich-public/cdist!947
2020-11-08 13:23:36 +01:00
77397514ca Merge branch 'fix/type/__file/pre-exists' into 'master'
__file: Fix --state pre-exists (this time for real)

See merge request ungleich-public/cdist!946
2020-11-08 13:22:06 +01:00
9fc6ee0948 __package_apt: add --install-recommends parameter
For a good reason, __package_apt doesn't install recommended packages as
default. But the option --install-recommends comes handy if you want to
install a package where you want to install all recommended packages
(and not to install all of them separately).

Also, the manpage now explains that the type won't install recommended
packages by default.
2020-11-08 13:19:46 +01:00
91bcc2a293 __dpkg_architecture: make type nonparallel
I think it's not good that dpkg or apt is running in parallel.
2020-11-07 21:03:38 +01:00
7777580d8f __dpkg_architecture: add copyright headers 2020-11-07 20:56:17 +01:00
b0f3bb3350 New type __dpkg_architecture
This type handles foreign architectures added to dpkg.
2020-11-07 18:24:27 +01:00
Dennis Camera
10abe514b8 [type/__hostname] Add support for OpenWrt 2020-11-07 12:20:16 +01:00
Darko Poljak
348c6eedc9 Release 6.9.0 2020-11-07 12:12:20 +01:00
Darko Poljak
c7c3075f62 ++changelog 2020-11-07 12:10:14 +01:00
Darko Poljak
0f1df5ef68 Fix shellcheck source directives 2020-11-07 12:07:58 +01:00
bd9b21394f Merge branch 'type/openwrt-uci' into 'master'
Add OpenWrt UCI types

See merge request ungleich-public/cdist!886
2020-11-07 11:59:56 +01:00
Darko Poljak
d28a70a73c ++changelog 2020-11-06 08:32:40 +01:00
67f1475a20 Merge branch 'feature/type/__apt_norecommends/reuse-file' into 'master'
__apt_norecommends: Use 00InstallRecommends file as debian-installer does

See merge request ungleich-public/cdist!945
2020-11-06 08:26:36 +01:00
Dennis Camera
df881c0f98 [type/__file] Fix --state pre-exists also for non-dry-runs 2020-11-04 08:34:17 +01:00
Darko Poljak
2be8c63458 pycodestyle fixes 2020-11-03 06:43:57 +01:00
Dennis Camera
ade69729dd [type/__uci_section] Only generate UCI commands if state differs 2020-11-01 21:36:21 +01:00
Dennis Camera
9d40500570 [type/__uci_section] Apply all commands in a single batch 2020-11-01 21:36:21 +01:00
Dennis Camera
3e5f18d409 [type/__uci] Apply all commands in a single batch 2020-11-01 21:36:21 +01:00
Dennis Camera
ec984f81b5 [type/__uci] Delete --transaction parameter 2020-11-01 21:36:21 +01:00
Dennis Camera
dfe9e08c28 [type/__uci_commit] Delete type 2020-11-01 21:36:21 +01:00
Dennis Camera
e264fb004f [type/__uci] Convert to immediate remote execution 2020-11-01 21:36:21 +01:00
Dennis Camera
c1ae3ccb2f [type/__uci*] Remove public-facing transaction "interface" 2020-11-01 21:36:16 +01:00
Dennis Camera
a6c37095f1 [type/__uci_section] Externalise functions to separate file 2020-11-01 21:35:24 +01:00
Dennis Camera
7b30119504 [type/__uci] Externalise functions to separate file 2020-11-01 21:35:24 +01:00
Dennis Camera
63d41a1053 [type/__uci_section] Improve --match support with existing named sections
Use section if named section exists without --match option (e.g. empty section).
2020-11-01 21:35:24 +01:00
Dennis Camera
4aebb1f127 [type/__uci*] Update man.rst regarding quoting requirements 2020-11-01 21:35:24 +01:00
Dennis Camera
8728817af6 [type/__uci] Unquote UCI reported values
Without unquoting values printed in single quotes by UCI would always lead to
the state explorer reporting "different".
2020-11-01 21:35:24 +01:00
Dennis Camera
b99ca3cbdf [type/__uci_section] Split up --option and --list 2020-11-01 21:35:16 +01:00
Dennis Camera
49e867fab4 [type/__uci_section] Add more parameter checks 2020-11-01 15:49:17 +01:00
Dennis Camera
0840afce03 [type/__uci] Add --type parameter 2020-11-01 15:49:13 +01:00
Dennis Camera
fe26c119b5 [type/__uci*] Update man pages 2020-11-01 13:34:31 +01:00
Dennis Camera
c37253b852 [type/__uci_section] Check __object_id for syntax errors 2020-11-01 13:34:31 +01:00
Dennis Camera
3a6b085145 [type/__uci] Check __object_id for syntax errors 2020-11-01 13:34:31 +01:00
Dennis Camera
f782a5a370 [type/__uci] Refactor to do proper quoting of UCI commands 2020-11-01 13:34:31 +01:00
Dennis Camera
d453d964e1 [type/__uci_section] Fix in section matching 2020-11-01 13:34:31 +01:00
Dennis Camera
179815b5e9 [type/__uci_section] Ignore SC2015 error (notabug) 2020-11-01 13:34:31 +01:00
Dennis Camera
4da3968118 [type/__uci_section] Add type 2020-11-01 13:34:31 +01:00
Dennis Camera
3ef638a611 [type/__uci_commit] Fail when uci(1) reports errors 2020-11-01 13:34:31 +01:00
Dennis Camera
cc599dab15 [type/__uci_commit] Move uncommited changes check from explorer to code-remote
This is done to prevent false positives/negatives (see NOTE in code)
2020-11-01 13:34:22 +01:00
Dennis Camera
e7369a1f99 [type/__uci_commit] Abort if uncommited changes are present on the target 2020-11-01 13:32:00 +01:00
Dennis Camera
3a3be36310 [type/__uci_commit] Send message on commit of a transaction 2020-11-01 11:01:25 +01:00
Dennis Camera
d3574b2d3e [type/__uci] Send messages when options are set to be altered 2020-11-01 11:01:25 +01:00
Dennis Camera
d8f20a6a20 [type/__uci] Implement "real" transactions using batch files 2020-11-01 11:01:25 +01:00
Dennis Camera
a09120977f [type/__uci] Allow omission of --value parameter if --state absent 2020-11-01 11:01:25 +01:00
Dennis Camera
55e7b32449 [type/__uci] Only generate __uci_commit if changes are required 2020-11-01 11:01:25 +01:00
Dennis Camera
e30ecdda53 Add __uci and __uci_commit types 2020-11-01 11:01:25 +01:00
Nico Schottelius
09dfcfe81e [scanner] add to beta commands 2020-10-29 23:16:08 +01:00
Nico Schottelius
91d99bf08a [RFC] scanner documentation 2020-10-29 21:22:36 +01:00
Nico Schottelius
87b46a6224 [scanner] finish prototype
ping @poljakowski - it's your turn now
2020-10-29 18:49:20 +01:00
Nico Schottelius
b9ad22595f [scanner] begin scanner implementation - non invasive 2020-10-29 18:03:27 +01:00
Dennis Camera
82a9aa7902 [type/__apt_norecommends] Use 00InstallRecommends file as debian-installer does
debian-installer can be preseeded with `base-installer/install-recommends` to
disable installation of recommended packages already during OS installation.
d-i will then create the file `/etc/apt/apt.conf.d/00InstallRecommends`
(cf. https://salsa.debian.org/installer-team/base-installer/-/blob/master/library.sh).

__apt_norecommends should use the same file to avoid having two config files
effectively doing the same thing.
2020-10-29 10:45:18 +01:00
Darko Poljak
9277e0ba19 ++changelog 2020-10-29 09:30:58 +01:00
eda96a06a0 Merge branch 'fix/type/__file/pre-exists-dryrun' into 'master'
__file: Fix --state pre-exists

See merge request ungleich-public/cdist!944
2020-10-29 09:29:41 +01:00
Dennis Camera
367da4b77e [type/__file] Fix --state pre-exists 2020-10-28 18:18:24 +01:00
aa5e882fce Merge branch 'master' into reorg 2020-10-21 20:26:51 +03:00
Darko Poljak
687c1d2dd9 ++changelog 2020-10-19 06:57:00 +02:00
b139ba2a5c Merge branch '__update_alternatives_improvements' into 'master'
[__update_alternatives] rewrite and support --install

See merge request ungleich-public/cdist!936
2020-10-19 06:55:35 +02:00
f96f23e970 Merge branch '__acl_remove_deprecated' into 'master'
[__acl] remove deprecated parameters, fix some bugs and improve manual

Closes #823

See merge request ungleich-public/cdist!933
2020-10-19 06:54:13 +02:00
716cd37281 [__update_alternatives] rewrite and support --install 2020-10-18 23:57:25 +03:00
e3d906a85f [__acl] remove deprecated parameters, fix some bugs and improve manual 2020-10-18 23:54:01 +03:00
6964070282 s/build-helper/cdist-build-helper/ 2020-10-18 17:13:22 +03:00
Darko Poljak
955b847276 ++changelog 2020-10-18 15:55:14 +02:00
112fb984c7 Merge branch 'fix/__download/manpage' into 'master'
__download: fix non-existent parameter of __unpack in manpage

See merge request ungleich-public/cdist!943
2020-10-18 15:51:58 +02:00
b2e6afb57e __download: adapt download+unpack example in manpage 2020-10-17 23:01:36 +02:00
d20fb74324 use os.path.realpath instead, because it eliminates any symbolic links encountered in the path 2020-10-17 23:16:42 +03:00
507fa6fa93 __download: fix non-existent parameter of __unpack
Probably happened due to renaming .. guess it's correct now.
2020-10-17 17:09:41 +02:00
54d83a6211 there is no single author anymore, also remove www. 2020-10-16 15:50:50 +03:00
e55db1b427 use check_output for git describe execution and define fallback VERSION earlier 2020-10-16 15:41:38 +03:00
b41d80075a update paths in setup.py 2020-10-16 14:16:04 +03:00
42d5d6c3e2 redundant str() 2020-10-16 14:12:39 +03:00
65c8af4ba3 overengineered version discovery 2020-10-16 14:11:12 +03:00
174aa77280 __file__ already is absolute 2020-10-16 14:11:00 +03:00
1614b62f70 fallback VERSION to "unknown version" 2020-10-16 13:48:28 +03:00
fd04c03613 add parent dir to module search path only when importing fails 2020-10-16 13:42:16 +03:00
86057cef19 don't die if there is no version.py 2020-10-14 02:20:58 +03:00
fdc1ab93e9 move scripts/* to bin/ 2020-10-14 02:20:58 +03:00
3f1939716f enable running scripts/cdist directly and symlinked 2020-10-14 02:20:30 +03:00
45d51c0e15 rename build-helper -> cdist-build-helper 2020-10-14 02:18:25 +03:00
8ecae42199 remove bin/cdist script 2020-10-14 02:18:25 +03:00
Darko Poljak
4df5c91912 ++changelog 2020-10-09 06:52:52 +02:00
1057ceef01 Merge branch 'line-replace' into 'master'
[__line] Add support for '--state replace'

See merge request ungleich-public/cdist!939
2020-10-09 06:51:45 +02:00
c030deea3d [__line] Add support for '--state replace'
It is currently counter-intuitive that something like:

    # File '/thing' contents
    #SomeSetting WrongValue

    # Manifest
    __line '/thing' \
           --line 'SomeSeting GoodValue' \
           --regex '^(#[[:space:]]*)?SomeSetting[[:space:]]'

Produces:

    # Resulting '/thing' contents
    #SomeSetting WrongValue

This makes sense given the implementation, but it masks a very common use-case.

Changing the default behaviour for such a base type is not really an option, so
instead we add a `replace` as a valid value for `--state`, which would result
in:

    # Resulting '/thing' contents with: --state replace
    SomeSetting GoodValue

For compatibility, if the regex is missing, `--state replace` behaves just as
`--state present`.
2020-10-09 06:51:44 +02:00
68a280d51a Merge branch '__service-fix' into 'master'
Fixed calling of __systemd_service type with correct arguments.

See merge request ungleich-public/cdist!941
2020-10-09 06:47:54 +02:00
Mark Verboom
5aeed14b1b Fixed calling of __systemd_service type with correct arguments. 2020-10-08 16:15:20 +02:00
Darko Poljak
3fa74b454a Fix typo 2020-09-30 15:43:32 +02:00
Darko Poljak
52b5f05163 ++changelog 2020-09-30 08:56:31 +02:00
34a7d8c280 Merge branch 'pkgng_freebsd-bootstrap' into 'master'
[__package_pkgng_freebsd] Bootstrap pkg if necessary

See merge request ungleich-public/cdist!940
2020-09-30 08:42:43 +02:00
f994226d0e [__package_pkgng_freebsd] Bootstrap pkg if necessary
In a pristine FreeBSD base installation, pkg is really a bootstrapper utility,
in such cases the type used to fail instead of automatically bootstrapping pkg.
2020-09-29 19:47:59 +02:00
Darko Poljak
652c891858 ++changelog 2020-09-29 05:57:54 +02:00
84ade29ca9 Merge branch 'docs/custom-remote-exec-copy-examples' into 'master'
Add custom remote copy/exec examples

See merge request ungleich-public/cdist!938
2020-09-29 05:56:38 +02:00
Darko Poljak
73d6c9d469 Add custom remote copy/exec examples 2020-09-27 10:17:35 +02:00
8ab1b6a03d Merge branch 'fix/docs-makefile' into 'master'
docs: make varaibles environment-aware

See merge request ungleich-public/cdist!937
2020-09-24 06:55:30 +02:00
84a7818121 docs: make varaibles environment-aware
There are all overwriting the environment, even the comment states
otherwise. Fixes it.
2020-09-23 20:29:47 +02:00
Darko Poljak
b6922508b9 Update helper script 2020-09-21 09:17:34 +02:00
Darko Poljak
0fc10749ed Fix shellcheck 2020-09-21 09:11:35 +02:00
Darko Poljak
89a0080e13 ++changelog 2020-09-21 09:09:26 +02:00
139a782c96 Merge branch '__package_pip_detect_pip_bin' into 'master'
[__package_pip] detect pip binary

See merge request ungleich-public/cdist!935
2020-09-21 09:06:44 +02:00
2e6c12c27c Merge branch 'clarify-stdin-input' into 'master'
Clarify stdin input

Closes #836

See merge request ungleich-public/cdist!934
2020-09-21 09:04:06 +02:00
89b6215115 Clarify stdin input
Resolve #836.
2020-09-21 09:04:05 +02:00
decc0ad54d [__package_pip] detect pip binary 2020-09-19 12:38:20 +03:00
Darko Poljak
2885c6a248 Release 6.8.0 2020-09-11 14:20:57 +02:00
Darko Poljak
53b91adbd8 Fix shellcheck 2020-09-11 14:20:57 +02:00
Darko Poljak
6b262a61c1 ++changelog 2020-09-10 13:24:58 +02:00
a20ab63e60 Merge branch 'fix/__systemd_service/manpage' into 'master'
__systemd_service: fix manpage typos

See merge request ungleich-public/cdist!931
2020-09-10 13:21:19 +02:00
b1375464cc __systemd_service: fix manpage typos 2020-09-09 21:11:40 +02:00
f5b534df71 Merge branch 'fix/type/__timezone/singleton' into 'master'
__timezone: Make singleton

See merge request ungleich-public/cdist!916
2020-09-08 07:20:01 +02:00
Darko Poljak
b5a40eb0d1 ++changelog 2020-08-27 12:25:11 +02:00
a4a3b98568 Merge branch 'feature/expand-require-separator' into 'master'
Expand and split by consecutive require delimiters

Closes #832

See merge request ungleich-public/cdist!930
2020-08-27 12:22:55 +02:00
Darko Poljak
c17541f24c Expand and split by consecutive require delimiters
Resolves #832.
2020-08-24 07:16:28 +02:00
Darko Poljak
ba26a437be ++changelog 2020-08-18 11:06:19 +02:00
a8ea56253c Merge branch 'feature/explorer/os_version/debian-sid' into 'master'
explorer/os_version: Convert Debian sid to version number.

Closes #833

See merge request ungleich-public/cdist!927
2020-08-18 11:05:12 +02:00
2c1eca9ee7 Merge branch '__download_man_fix' into 'master'
[__download] fix manual: onchange parameter in wrong section

See merge request ungleich-public/cdist!929
2020-08-18 11:02:18 +02:00
52b75e513f Merge branch '__unpack_onchange' into 'master'
[__unpack] add --onchange

See merge request ungleich-public/cdist!928
2020-08-18 10:59:55 +02:00
d239169c4f [__download] fix manual: onchange parameter in wrong section 2020-08-18 00:48:58 +03:00
502d753047 [__unpack] add --onchange 2020-08-18 00:46:07 +03:00
Dennis Camera
6fed178529 [explorer/os_version] Convert Debian sid to version number.
Conversion of Debian sid to versions is done based on Debian codenames.
The version number is the version number of the final release - 0.01.

It is unknown if Debian < 4.0 has any sort of version information
available (apart from maybe checking base-files package version).
But I don't think any of these systems are still alive,
so I think going with 3.99 is fine for those.
2020-08-17 09:31:40 +02:00
Darko Poljak
8f94a226c7 ++changelog 2020-08-15 21:54:07 +02:00
d6b44769e1 Merge branch 'fix/type/__locale_system/version-cmp' into 'master'
__locale_system: Fix version comparison

See merge request ungleich-public/cdist!923
2020-08-15 21:51:52 +02:00
ssrq
fa967631e3 Merge branch 'master' into 'fix/type/__locale_system/version-cmp'
# Conflicts:
#   cdist/conf/type/__locale_system/manifest
2020-08-15 21:17:25 +02:00
Darko Poljak
74dd47c8c3 ++changelog 2020-08-15 21:11:43 +02:00
7b0a4f6831 Merge branch 'feature/alpine-filesystem' into 'master'
Add Alpine Linux as supported for __filesystem.

See merge request ungleich-public/cdist!925
2020-08-15 21:09:37 +02:00
54c525e36c Merge branch '__unpack_tar_extra_args' into 'master'
[__unpack] add parameter --tar-extra-args

See merge request ungleich-public/cdist!922
2020-08-15 21:07:20 +02:00
4082359a2f Merge branch 'fix/explorer/os/opensuse' into 'master'
explorer/os: Fix OS detection for openSUSE

See merge request ungleich-public/cdist!924
2020-08-15 21:06:31 +02:00
6f021889ee Merge branch '__locale_system_debian_fix' into 'master'
[__locale_system] fix for debian and ubuntu

See merge request ungleich-public/cdist!921
2020-08-15 20:59:59 +02:00
17ab4bd80c
Add Alpine Linux as supported for __filesystem. 2020-08-06 11:45:05 +02:00
Dennis Camera
b370b70ff4 [explorer/os] Fix OS detection for openSUSE
All distros with ID_LIKE suse should be treated as "suse".
My openSUSE Leap 15.1 installation has:
ID_LIKE="suse opensuse"

This patch doesn't require a strict "suse" value but only the word suse to be in
the list.
2020-08-02 22:50:06 +02:00
Dennis Camera
7b480f4293 [type/__locale_system] Fix version extraction for SuSE 2020-08-02 22:47:46 +02:00
Dennis Camera
71710fa00a [type/__locale_system] Implement "proper" version comparison
Proper in the sense that it can handle all numeric version numbers even if they
are not floating point (e.g. 16.04.6).
2020-08-02 20:59:22 +02:00
Dennis Camera
885d5a58f4 [type/__locale_system] Fix floating point version comparison 2020-08-02 17:04:06 +02:00
935f2395bc [__locale_system] fix for debian and ubuntu
ubuntu 6.10 and debian etch are 10+ years old and EOL. rather than
preserving compatibility I'll just remove it. while /etc/environment
works too, correct place is /etc/default/locale (as it was before
breaking change). also /etc/debian_version (os_version explorer) may
contain minor version with dot (10.5) or string (bullseye/sid).
2020-08-02 13:54:30 +03:00
d37d2dc307 [__unpack] add parameter --tar-extra-args 2020-08-02 13:53:38 +03:00
7e1428ab3c Merge branch 'bugfix/sphinx-docs-build' into 'master'
Fix building man pages

Closes #830

See merge request ungleich-public/cdist!919
2020-07-29 16:59:26 +02:00
Darko Poljak
c053a2c4a0 Fix building man pages
Resolves #830.
2020-07-29 11:31:12 +02:00
Darko Poljak
f5b367dfdb Release 6.7.0 2020-07-28 07:14:26 +02:00
Darko Poljak
76bb214b53 ++changelog 2020-07-27 15:31:38 +02:00
a5f25faf25 Merge branch 'fix/type/__sysctl/netbsd-path' into 'master'
__sysctl: Fix on NetBSD

See merge request ungleich-public/cdist!918
2020-07-27 15:30:57 +02:00
a6cd767c8f Merge branch 'fix/explorer/netbsd' into 'master'
Fix global explorers for NetBSD

See merge request ungleich-public/cdist!917
2020-07-27 15:29:52 +02:00
Dennis Camera
3a87a447d0 [type/__sysctl] Fix on NetBSD 2020-07-27 15:22:21 +02:00
Dennis Camera
5dfc996feb Fix global explorers for NetBSD
On NetBSD sysctl is at /sbin/sysctl, but the default PATH does not
contain /sbin.
2020-07-27 15:11:02 +02:00
Darko Poljak
627d215b63 ++changelog 2020-07-27 13:09:53 +02:00
5c5890d458 Merge branch 'feature/type/__locale_system/os-support' into 'master'
__locale_system: Wider OS support

See merge request ungleich-public/cdist!914
2020-07-27 12:58:53 +02:00
Dennis Camera
d26c36914a [__timezone] Make type singleton 2020-07-27 11:06:14 +02:00
Darko Poljak
463b6cd6b5 ++changelog 2020-07-27 06:22:25 +02:00
8a8a48313c Merge branch '__unpack' into 'master'
new type: __unpack

See merge request ungleich-public/cdist!893
2020-07-27 06:20:21 +02:00
73f1937636 [__unpack] no mkdir by default, because destination can be file, but tar needs mkdir andrar needs slash at the end 2020-07-27 06:20:21 +02:00
1b18b9487e Merge branch 'fix/type/__key_value/solaris-awk' into 'master'
__key_value: Get AWK from POSIX PATH

See merge request ungleich-public/cdist!913
2020-07-27 06:01:53 +02:00
263c7a90a8 Merge branch 'fix/type/__package_apt/legacy-norecommends' into 'master'
__package_apt: Fix for legacy APT versions that do not support --no-install-recommends.

See merge request ungleich-public/cdist!912
2020-07-27 05:58:40 +02:00
Dennis Camera
70d1228dc0 [type/__locale_system] Add support for FreeBSD 2020-07-26 20:10:52 +02:00
Dennis Camera
511d8c96aa [type/__locale_system] Add support for Slackware 2020-07-26 20:10:52 +02:00
Dennis Camera
a923e75d9b [type/__locale_system] Add support for NetBSD 2020-07-26 20:10:52 +02:00
Dennis Camera
cbf22f3b2c [type/__locale_system] Add support for Solaris 2020-07-26 20:10:52 +02:00
Dennis Camera
0ae0935afa [type/__locale_system] Add support for SuSE 2020-07-26 20:10:34 +02:00
Dennis Camera
630d987d5f [type/__locale_system] Add support for Void Linux 2020-07-26 20:10:34 +02:00
Dennis Camera
0ef54a721d [type/__locale_system] Add support for Gentoo Linux 2020-07-26 20:10:34 +02:00
Dennis Camera
47e28fc441 [type/__locale_system] Support old Debian derivatives 2020-07-26 20:10:34 +02:00
Dennis Camera
a590504436 [type/__locale_system] RedHat systems on systemd use /etc/locale.conf 2020-07-26 20:10:34 +02:00
Dennis Camera
46d09392f0 [type/__key_value] Get AWK from POSIX PATH
This is required here, because Solaris /usr/bin/awk does not support the
sub() function.
So xpg4 AWK needs to be used.
2020-07-26 19:36:34 +02:00
Dennis Camera
ee71cad047 [type/__package_apt] Fix type for legacy APT versions
--no-install-recommends was introduced with Debian 5.
The APT::Install-Recommends option gets ignored by old versions and
produces no error.
2020-07-25 19:20:32 +02:00
Darko Poljak
8b53f35ffa ++changelog 2020-07-24 12:33:40 +02:00
9df29de564 Merge branch 'rm-deprecated-__pf_apply' into 'master'
Remove deprecated __pf_apply

See merge request ungleich-public/cdist!899
2020-07-24 12:30:32 +02:00
Darko Poljak
8654cbe466 ++changelog 2020-07-24 12:29:02 +02:00
1d5e3a5b06 Merge branch 'openldap-alpine' into 'master'
Add Alpine support to __openldap_server

See merge request ungleich-public/cdist!909
2020-07-24 12:26:36 +02:00
fnux
ae5f0bba0b Add Alpine support to __openldap_server 2020-07-24 12:26:35 +02:00
5d0f6caef7 Merge branch 'hotfix/stat-explorer' into 'master'
Hotfix:  Fix incorrect interpretation of --mode strings with leading 0s as octal

See merge request ungleich-public/cdist!911
2020-07-23 10:59:18 +02:00
Dennis Camera
595e43b8d5 [type/{__file,__directory}] Fix incorrect interpretation of strings with leading 0s as octal 2020-07-23 09:43:40 +02:00
Darko Poljak
fdef468f1a Fix OpenWrt spelling 2020-07-22 18:28:41 +02:00
Darko Poljak
d8b5c733f6 ++changelog 2020-07-22 06:36:27 +02:00
80a0551b36 Merge branch 'fix/type/__user/openwrt-support' into 'master'
__user: Install user{add,mod,del} packages on OpenWrt

See merge request ungleich-public/cdist!910
2020-07-22 06:35:23 +02:00
Dennis Camera
3965c7f738 [type/__user] Install user{add,mod,del} packages on OpenWrt 2020-07-21 19:42:40 +02:00
Darko Poljak
8903540e91 ++changelog 2020-07-13 07:54:12 +02:00
cc089789de Merge branch 'cherry-pick-2f433a14' into 'master'
Merge branch 'bugfix/postfix-master-option' into master

See merge request ungleich-public/cdist!907
2020-07-13 07:51:25 +02:00
bc97073131 Merge branch 'bugfix/postfix-master-option' into '6.6'
Fix broken --option parameter in __postfix_master type

See merge request ungleich-public/cdist!905

(cherry picked from commit 2f433a1458f3a1f7f8859e9ae165178a0ec5b7a0)

9496b234 The option parameter is actually multi-valued
4009bbd7 Protect postfix variables in options
2020-07-13 07:49:49 +02:00
652ffea4a8 Merge branch 'fix/stat-explorer' into 'master'
type/{__file/__directory}: Support setuid,setguid,sticky bits

See merge request ungleich-public/cdist!903
2020-07-13 07:37:50 +02:00
Dennis Camera
9fb7e151b8 [type/{__file/__directory}] Remove special Solaris blocks
Solaris 11 has GNU stat (handled by *)
Solaris 10 (and older?) does not have stat (handled by failing command -v stat)

On Solaris 10 (at least on UFS), setgid cannot be set on directories.
Unlike on other systems `chmod 2400` is not `-r----S---`, but `-r----l---`.
2020-07-12 12:41:02 +02:00
Dennis Camera
19514662b0 [type/{__file/__directory}] Fix typo 2020-07-12 12:24:00 +02:00
c62eaa6eab Merge branch 'fix/type/__hosts/no-alias' into 'master'
__hosts: Fix when used without --alias

See merge request ungleich-public/cdist!906
2020-07-12 09:31:01 +02:00
Dennis Camera
a5ae26116b [type/__hosts] Fix when used without --alias 2020-07-11 18:57:47 +02:00
Darko Poljak
b8752e9ee3 ++changelog 2020-07-10 21:03:35 +02:00
506a0f3f47 Merge branch 'bugfix/make-code-consistent' into 'master'
Make code consistent

See merge request ungleich-public/cdist!904
2020-07-10 21:01:42 +02:00
Darko Poljak
cb9933b4a0 Fix state -> state_is 2020-07-08 12:43:55 +02:00
fde5627721 Merge branch '__download_improvements' into 'master'
__download improvements

See merge request ungleich-public/cdist!895
2020-07-08 12:33:41 +02:00
e906266286 [__download] s/variable/format specification/ 2020-07-08 00:20:55 +03:00
93506d2113 [__download] curl follow redirects 2020-07-08 00:17:12 +03:00
Darko Poljak
fe193ecab8 Make code consistent
* Remove supreflous checking and warning message.
* Fix cache recording.
2020-07-01 14:08:48 +02:00
Darko Poljak
88400551f9 ++changelog 2020-06-30 23:59:45 +02:00
727f3dbb03 Merge branch 'fix/type/__user/openbsd-shadow' into 'master'
__user: Fix shadow explorer for OpenBSD

See merge request ungleich-public/cdist!902
2020-06-30 22:55:33 +02:00
c5a8004c9a Merge branch 'hosts-aliases' into 'master'
__hosts: add --alias parameter

See merge request ungleich-public/cdist!901
2020-06-30 22:52:52 +02:00
Dennis Camera
3860f1feea [type/{__file/__directory}] Support setuid,setguid,sticky bits 2020-06-30 15:10:30 +02:00
Dennis Camera
6467ccbdcc [type/__user] Make shellcheck happy 2020-06-30 14:31:11 +02:00
ssrq
9e33a8f42f Merge branch 'master' into 'fix/type/__user/openbsd-shadow'
# Conflicts:
#   cdist/conf/type/__user/explorer/shadow
2020-06-30 14:26:23 +02:00
Dennis Camera
999e7b0134 [type/__user] Fix shadow explorer for OpenBSD 2020-06-30 14:23:34 +02:00
Dennis Camera
a263fdfe58 [__hosts] Add --alias parameter
The --alias parameter allows to specify a hostname and multiple aliases on a
single /etc/hosts line.
2020-06-30 14:05:26 +02:00
99b5dcd8f0 Merge branch 'master' into __download_improvements 2020-06-28 16:57:13 +03:00
996e7fc09c Merge branch 'master' into __download_improvements 2020-06-28 16:55:11 +03:00
b6bf90e3f1 [__download] update manual 2020-06-28 16:43:45 +03:00
85614aabd6 [__download] add --download (local|remote), update manual 2020-06-28 16:38:15 +03:00
Darko Poljak
077989e8fd Remove annoying warnings
Those warnings don't have any specail meaning and usage.
Resolve #825.
2020-06-27 15:55:57 +02:00
Darko Poljak
7074f9c395 ++changelog 2020-06-25 06:32:10 +02:00
684043bf37 Merge branch 'fix/type/__package_opkg/lock' into 'master'
__package_opkg: Add locking

See merge request ungleich-public/cdist!896
2020-06-25 06:31:16 +02:00
ceedcd02f2 Merge branch 'feature/type/__locale_system/support-devuan' into 'master'
__locale_system: "Whitelist" Devuan

See merge request ungleich-public/cdist!900
2020-06-25 06:24:17 +02:00
Dennis Camera
5364d3bc90 [type/__package_opkg] Implement flock locking if available 2020-06-24 21:06:10 +02:00
Dennis Camera
a9778965be [type/__package_opkg] Use mkdir(1) to lock instead of noclobber
noclobber is potentially unsafe, because it relies on the underlying shell to
implement noclobber in a safe way that avoids race conditions between multiple
processes.
mkdir is safer because it is mandated by POSIX to "fail" if the target already
exists.
2020-06-24 08:47:22 +02:00
Darko Poljak
49dde11def Remove deprecated __pf_apply 2020-06-24 07:04:32 +02:00
Dennis Camera
3649555f35 [type/__package_opkg] Do not lock execution of code-remote (revert)
Instead, rely on `nonparallel`.
In any case cdist should never run explorer and code concurrently even if the
dependency graph would allow to do so as it would result in many more
synchronization issues than this one.
2020-06-22 09:32:57 +02:00
26dfdf37c2 [__download] support multiple checksum formats and download utilities, add --onchange and other minor changes 2020-06-21 23:39:53 +03:00
d478bef8a6 Merge branch 'lint/py3-classes' into 'master'
Consequently use Python 3-style classes

See merge request ungleich-public/cdist!898
2020-06-21 17:54:56 +02:00
e67215f93d Merge branch 'lint/no-python-shebangs' into 'master'
Remove unnecessary Python shebangs

See merge request ungleich-public/cdist!897
2020-06-21 17:53:44 +02:00
Dennis Camera
6aae58dea7 [type/__package_opkg] Mark lock variables readonly 2020-06-21 17:35:28 +02:00
Dennis Camera
ce07021580 Do not subclass object 2020-06-21 16:53:47 +02:00
Dennis Camera
a6a3fb40bf Remove unnecessary Python shebangs 2020-06-21 16:03:09 +02:00
Dennis Camera
e79b26a61f [type/__package_opkg] Also lock execution of code-remote 2020-06-21 15:53:01 +02:00
Dennis Camera
97e48be39e [type/__package_opkg] Fix explorer running in parallel 2020-06-21 15:52:57 +02:00
Darko Poljak
a6543a72ad ++changelog 2020-06-17 13:40:31 +02:00
d59ba09d71 Merge branch '__download' into 'master'
new type: __download

See merge request ungleich-public/cdist!892
2020-06-17 13:39:07 +02:00
Darko Poljak
cdb998398d Release 6.6.0 2020-06-17 12:10:58 +02:00
201050a9e5 new type: __download 2020-06-16 20:53:31 +03:00
Darko Poljak
5be8437a60 ++changelog 2020-06-13 13:48:34 +02:00
7a48b30d7a Merge branch 'log-server-new-min-py-ver' into 'master'
Log server to capture nested logging output

See merge request ungleich-public/cdist!891
2020-06-13 13:46:05 +02:00
Darko Poljak
59b98091d7 Adapt; update docs and code style 2020-06-13 13:44:01 +02:00
Steven Armstrong
57e352cd1e log server is also usefull for cdist config
Signed-off-by: Steven Armstrong <steven@icarus.ethz.ch>
2020-06-13 13:44:01 +02:00
Steven Armstrong
831bfc822b remove unused code
Signed-off-by: Steven Armstrong <steven@icarus.ethz.ch>
2020-06-13 13:44:01 +02:00
Steven Armstrong
6e9e9ad557 implement log server to capture nested logging output
Signed-off-by: Steven Armstrong <steven@icarus.ethz.ch>
2020-06-13 13:44:01 +02:00
Darko Poljak
eba3d0505b ++changelog 2020-06-12 06:29:39 +02:00
Darko Poljak
eec7ab8e45 Increase minimum supported Python version to 3.5 2020-06-12 06:08:56 +02:00
Darko Poljak
4167f9f60c Use proper format string with name 2020-06-11 14:22:54 +02:00
Darko Poljak
840e417eb7 Fix emulator colored logging 2020-06-11 14:16:37 +02:00
Darko Poljak
74e5d7182a ++changelog 2020-06-10 10:45:20 +02:00
b22e09e1af Merge branch '__clean_path_add_path_param' into 'master'
[__clean_path] add --path parameter

See merge request ungleich-public/cdist!889
2020-06-10 10:44:20 +02:00
7c490a703d [__clean_path] add --path parameter 2020-06-10 11:38:14 +03:00
Darko Poljak
955243a93b Update cdist man page copyright years 2020-06-09 12:51:19 +02:00
Darko Poljak
191f45eb7f ++changelog 2020-06-08 13:48:37 +02:00
Darko Poljak
58f101b8e8 Merge branch 'dheule-fix_os_explorer_sles15' 2020-06-08 13:44:11 +02:00
Darko Poljak
a251e53495 Merge branch 'fix_os_explorer_sles15' of https://github.com/dheule/cdist into dheule-fix_os_explorer_sles15 2020-06-08 13:43:41 +02:00
Darko Poljak
4a81c019e3 Merge branch 'jaakristioja-master' 2020-06-08 13:37:51 +02:00
Jaak Ristioja
7b262c0cec
[docs] Fixed capitalization of URLs in cdist-bootstrap.rst
Signed-off-by: Jaak Ristioja <jaak@ristioja.ee>
2020-06-08 14:12:03 +03:00
Jaak Ristioja
dc018fdb16
[docs] Fixed typo in cdist-cache.rst
Signed-off-by: Jaak Ristioja <jaak@ristioja.ee>
2020-06-08 14:12:03 +03:00
Jaak Ristioja
978e249043
[docs] Fixed capitalization of POSIX in cdist-install.rst
Signed-off-by: Jaak Ristioja <jaak@ristioja.ee>
2020-06-08 14:12:03 +03:00
Jaak Ristioja
e1ff1bfdff
[docs] Fixed two typos in cdist-real-world.rst
Signed-off-by: Jaak Ristioja <jaak@ristioja.ee>
2020-06-08 14:12:03 +03:00
Jaak Ristioja
46574fc577
[docs] Fixed three typos in cdist-upgrade.rst
Signed-off-by: Jaak Ristioja <jaak@ristioja.ee>
2020-06-08 14:12:03 +03:00
Jaak Ristioja
3d725f12da
[docs] Fixed a typo and s/posix/POSIX/ in cdist-why.rst
Signed-off-by: Jaak Ristioja <jaak@ristioja.ee>
2020-06-08 14:12:03 +03:00
Jaak Ristioja
f5630297bd
[docs] Fixed typo in cdist-configuration.rst
Signed-off-by: Jaak Ristioja <jaak@ristioja.ee>
2020-06-08 14:11:58 +03:00
Darko Poljak
be47619b1e ++changelog 2020-06-08 09:11:51 +02:00
c8a98c02ff Merge branch 'no-color' into 'master'
Respect NO_COLOR environment variable

See merge request ungleich-public/cdist!887
2020-06-08 09:09:50 +02:00
Dennis Camera
89ebd7a4f7 cdist man page: update --colors metavar name 2020-06-07 19:20:10 +02:00
Dennis Camera
23e66e08fa Restrict colored_output value to always/never/auto. 2020-06-06 13:45:31 +02:00
Dennis Camera
7a570f8692 [cdist.cfg.skeleton] Update colored_output documentation based on cdist(1) 2020-06-05 13:59:17 +02:00
Dennis Camera
790c6efae9 Update colored output documentation 2020-06-05 13:56:30 +02:00
Dennis Camera
89e48734bf Let config file and command line override NO_COLOR envvar 2020-06-05 12:23:36 +02:00
Dennis Camera
cdb0d2be41 Patch tests 2020-06-03 23:21:50 +02:00
Dennis Camera
747c6b1076 Respect NO_COLOR environment variable 2020-06-03 22:17:52 +02:00
Daniel Heule
6a611e556a fix os explorer for sles15 2020-06-02 13:40:21 +02:00
Darko Poljak
48d66b0143 ++changelog 2020-06-01 22:25:15 +02:00
fc9ce280f7 Merge branch 'bugfix/sphinx-build-failure' into 'master'
Bugfix/sphinx build failure

Closes #814

See merge request ungleich-public/cdist!885
2020-06-01 22:23:50 +02:00
Darko Poljak
55ebd1a4c5 Fix man build failure in newer sphinx versions 2020-06-01 20:22:40 +02:00
Darko Poljak
9a4e3488c2 ++changelog 2020-06-01 19:17:02 +02:00
3fc36a67a1 Merge branch 'evilham-colored-output' into 'master'
[UX] Add option to enable LogLevel-based coloured output.

See merge request ungleich-public/cdist!879
2020-06-01 19:11:58 +02:00
ba77ea9edc [UX] Add option to enable LogLevel-based coloured output.
This makes it easier for new and experienced users to run cdist with higher
verbosity levels, both to know that things are working as expected and to debug
issues.

Documentation has been modified accordingly and default behaviour is not
changed.
2020-06-01 19:11:58 +02:00
Darko Poljak
988190363a Resolve shellcheck SC1090 2020-05-30 15:10:13 +02:00
Darko Poljak
b354ea6e94 ++changelog 2020-05-30 10:49:13 +02:00
b99f1eda0f Merge branch '__ssh_authorized_keys_remove_unknown' into 'master'
[__ssh_authorized_keys] add --remove-unknown parameter

See merge request ungleich-public/cdist!884
2020-05-30 10:48:02 +02:00
29c0180204 [__ssh_authorized_keys] add --remove-unknown parameter 2020-05-28 23:31:13 +03:00
Darko Poljak
abac79d4a5 Release 6.5.6 2020-05-25 11:16:48 +02:00
Darko Poljak
ba64971a56 ++changelog 2020-05-24 17:05:01 +02:00
06cc20aa28 Merge branch 'bugfix/multiple-log-lines' into 'master'
Fix multiple log lines

Closes #813

See merge request ungleich-public/cdist!883
2020-05-24 17:01:31 +02:00
Darko Poljak
f4e1bbc87e Fix multiple log lines
Fixes #813.
2020-05-24 01:10:56 +02:00
Darko Poljak
6ba73c4be6 ++changelog 2020-05-23 19:03:13 +02:00
15e4b5ee3b Merge branch '__user_remove_freebsd_fix' into 'master'
[__user] fix user delete on freebsd

See merge request ungleich-public/cdist!882
2020-05-23 19:02:31 +02:00
b7d3da443c Merge branch 'jaakristioja-master' into github 2020-05-23 01:15:09 +03:00
716d3554f3 [__user] fix user delete on freebsd 2020-05-23 00:48:35 +03:00
Jaak Ristioja
66f4421089
[docs] Fixed two typos in cdist.cfg.skeleton
Signed-off-by: Jaak Ristioja <jaak@ristioja.ee>
2020-05-22 17:14:29 +03:00
Darko Poljak
226ed02c1c ++changelog 2020-05-22 10:09:05 +02:00
dab32b0cb6 Merge branch '__group_freebsd_fix' into 'master'
[__group] fix --gid on freebsd

See merge request ungleich-public/cdist!881
2020-05-22 10:08:29 +02:00
d1b73dd42b Merge branch '__motd_fix_for_debians' into 'master'
[__motd] debian|ubuntu|devuan use /etc/motd

See merge request ungleich-public/cdist!880
2020-05-22 10:05:50 +02:00
3bcbd95269 [__motd] debian|ubuntu|devuan use /etc/motd 2020-05-22 02:36:49 +03:00
bf25a18a04 [__group] fix --gid on freebsd 2020-05-22 02:31:38 +03:00
Darko Poljak
f354d80308 ++changelog 2020-05-18 21:03:42 +02:00
cc8dcf682c Merge branch 'evilham-authorized_keys-options-bug' into 'master'
[__ssh_authorized_keys] Fix bug where --option was not multiple

See merge request ungleich-public/cdist!878
2020-05-18 21:03:01 +02:00
ad58ea79c2 [__ssh_authorized_keys] Fix bug where --option was not multiple
This went against both documentation and intent.
2020-05-18 20:01:01 +02:00
Darko Poljak
f9afac4dd6 ++changelog 2020-05-18 19:51:08 +02:00
8d639d54d0 Merge branch 'evilham-authorized_keys-man' into 'master'
[__ssh_authorizedkey{,s}] Improve documentation.

See merge request ungleich-public/cdist!877
2020-05-18 19:49:50 +02:00
2362d89976 Merge branch 'evilham-machine_type-explorer-simplify-linux-add-openbsd' into 'master'
[explorer/machine_type] simplify linux add openbsd

See merge request ungleich-public/cdist!876
2020-05-18 19:48:47 +02:00
c5454afc72 Merge branch 'evilham-machine_type-explorer-freebsd' into 'master'
[explorer/machine_type] Add support for FreeBSD.

See merge request ungleich-public/cdist!875
2020-05-18 19:46:47 +02:00
d5075b49c5 Merge branch 'fix/manpages' into 'master'
Fix some type manpages

See merge request ungleich-public/cdist!874
2020-05-18 19:45:12 +02:00
6d502f737a [__ssh_authorizedkey{,s}] Improve documentation. 2020-05-18 18:37:16 +02:00
8b790b0a54 [explorer/machine_type] Make shellcheck happy! 2020-05-18 16:47:20 +02:00
cf44c4a01b [explorer/machine_type] Simplify Linux + basic OpenBSD support.
By abstracting away vendor-dependent pattern matching for the linux code, we can
re-use that and be reasonably sure about OpenBSD machines being virtualised when
we can identify the undelrying virtualisation technology.
It remains to be solved how to tell if an OpenBSD machine is physical; in that
case previous cdist behaviour ("unknown") remains.

For NetBSD something similar to OpenBSD could be done, with different sysctls:
hw.machine and hw.model wary of adding those without testing though, so for
NetBSD previous cdist behaviour ("unknown") remains.
https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7.i386+NetBSD-9.0
2020-05-18 16:35:50 +02:00
7ca2bfc14a [explorer/machine_type] Add support for FreeBSD.
More research is needed for {Net,Open}BSD support.

Indentation is left as-is for the linux code as I intend to simplify it in a
future MR, this way the diff is minimal.
2020-05-18 16:00:23 +02:00
086e683c99 [__file] add "default values" in manual for group, mode and owner
Because at least the --mode default value may not be expected, the
manual lists the "default values". As they are not explicitly set in the
`__file` type, it is a bit more difficult, but should resolve to
following:
  - the mode comes from the umask set in the cdist code to protect file
    creation and uses the strongest umask possible.
  - the owner and group comes from the ssh user, which should always be
    the root user. (I think this can be swaped, too, but who will?)

At the owner and group parameter, it could be replaced with something
like "the ssh user and group", which would be more correct, but less
understandable.
2020-05-16 16:33:38 +02:00
dcfabf9268 [__cron] add hint for default values of time-related parameters
This should resolve some misunderstanding when leave a time-related
parameter with it's default value.
2020-05-16 14:00:02 +02:00
42f2dceeb1 [__link] fix typo in the manual 2020-05-09 18:40:44 +02:00
Nico Schottelius
6f4649efc6 Reference the new cdist chat on matrix 2020-05-08 16:08:21 +02:00
Nico Schottelius
d4059fd29e [__letsencrypt_cert] whitelist Ubuntu 2020-05-01 15:31:23 +02:00
Nico Schottelius
f58d662b32 [__pyvenv] Switch to python3 -m venv for ubuntu 2020-05-01 15:28:01 +02:00
Darko Poljak
310045d9fb Release 6.5.5 2020-05-01 13:02:00 +02:00
Darko Poljak
250161e42d ++ 2020-04-28 23:08:03 +02:00
888cf54d99 Merge branch 'mute-return_output-warning' into 'master'
[logging] Mute warning on return_output=True when running scripts.

Closes #806

See merge request ungleich-public/cdist!872
2020-04-28 15:00:00 +02:00
ea3bd14d8b [logging] Mute warning on return_output=True when running scripts.
This fixes #806 which contains more information about the issue.

The TL;DR: this warning is not being useful and hinders debugging types because
it creates an innecessary line for each explorer.

An alternative proposal was #807 but was abandoned in favour of just dropping
the warning.
2020-04-28 14:54:51 +02:00
Darko Poljak
515992249d ++changelog 2020-04-27 22:55:57 +02:00
cd0c811d74 Merge branch 'evilham-explorers' into 'master'
[explorers] Improve *BSD support.

See merge request ungleich-public/cdist!869
2020-04-27 22:53:09 +02:00
965829e18a Merge branch 'evilham-cdist.cfg.skeleton' into 'master'
[docs] Improve cdist.cfg.skeleton

See merge request ungleich-public/cdist!868
2020-04-27 22:51:48 +02:00
bd66b6d948 Merge branch 'update_readme' into 'master'
update README

See merge request ungleich-public/cdist!870
2020-04-27 16:48:09 +02:00
b31e13eacf README: add bits about cdist-contrib 2020-04-27 16:30:52 +03:00
56a65518ab README: add participating section 2020-04-27 15:25:43 +03:00
0b3c417aef update README 2020-04-27 15:09:40 +03:00
678df1ec8a [explorers] Improve *BSD support.
cpu_cores and memory did lacked support for other BSDs.
2020-04-27 01:29:37 +02:00
fefc828780 [docs] Improve cdist.cfg.skeleton 2020-04-26 19:06:42 +02:00
Darko Poljak
04b7f240eb ++changelog 2020-04-26 10:01:18 +02:00
8074f02bb3 Merge branch 'evilham-pf' into 'master'
[__pf*] (~) __pf_ruleset (+)__pf_apply_anchor, deprecate __pf_apply

See merge request ungleich-public/cdist!867
2020-04-26 09:59:24 +02:00
71156258a4 Merge branch 'evilham-postfix' into 'master'
[__postfix] Automagically support more OSs by not checking too much.

See merge request ungleich-public/cdist!866
2020-04-26 09:52:08 +02:00
c13608fab5 Merge branch 'evilham-openldap_server' into 'master'
[__openldap_server] Support extra config parameter.

See merge request ungleich-public/cdist!865
2020-04-26 09:50:21 +02:00
b40b95d758 Merge branch 'evilham-motd' into 'master'
[__motd] Improve documentation and support for FreeBSD

See merge request ungleich-public/cdist!864
2020-04-26 09:47:54 +02:00
6ec3274598 Merge branch 'postgres-database-args' into 'master'
Add --template, --encoding, --lc-collate, --lc-support to __postgres_database type

See merge request ungleich-public/cdist!859
2020-04-26 09:41:30 +02:00
80d204368a Merge branch 'fix-configuration-file-location' into 'master'
Fix configuration file location

See merge request ungleich-public/cdist!863
2020-04-26 09:33:38 +02:00
2928795441 [__pf_ruleset] Fix shellcheck issue. 2020-04-25 14:54:29 +02:00
fefe90e9c9 [__pf*] (~) __pf_ruleset (+)__pf_apply_anchor, deprecate __pf_apply
__pf_apply the way it exists on cdist is not really useful and __pf_ruleset does
not take advantage of other types as it should, being instead overly complex and
not as reliable.

The new __pf_ruleset is compatible with the previous one, and __pf_apply_anchors
allows for a simple and powerful way of managing pf anchors.
The functionality previously provided by __pf_apply is still possible out of the
box in __pf_ruleset.

These patches were mostly contributed by Kamila Součková and made fit for
upstreaming by Evilham.
2020-04-25 12:23:27 +02:00
5981d0a5f1 [__postfix] Automagically support more OSs by not checking too much.
It is quite likely that the package is going to be called postfix, rather
than trying to have an exhaustive "allow list" for this package, we can
just add special cases for OSs where that is not the case (not aware of any
atm).
2020-04-25 00:22:28 +02:00
056c7c5400 [__openldap_server] Support extra config parameter.
This allows the user to, e.g. manually define ACLs, while this type does not
support that.
2020-04-25 00:12:24 +02:00
de37b0ce45 [__motd] Improve documentation and support for FreeBSD
This makes it easier to use the type just by reading the man page and also
treats FreeBSD's MOTD better.
2020-04-24 20:26:44 +02:00
Darko Poljak
41e59a748d Fix newly found shellcheck issues 2020-04-22 23:24:34 +02:00
Darko Poljak
38ccdfda32 Fix newly found shellcheck issues 2020-04-22 23:21:34 +02:00
e2b26aa233 Patch CI configuration to use cdist-ci image 2020-04-21 08:16:46 +02:00
7d57655470 Fix typo in cdist-ci image README 2020-04-21 08:15:51 +02:00
c9c1e7d790 Import CI image definition 2020-04-21 08:13:32 +02:00
742163e38c Fix configuration file location 2020-04-15 17:10:33 +02:00
c3f924d350 Add --template flag to __postgres_database type 2020-04-14 10:23:08 +02:00
Darko Poljak
0805fac7e9 Release 6.5.4 2020-04-11 20:35:29 +02:00
Darko Poljak
d1eecb93ee ++changelog 2020-04-11 20:30:56 +02:00
8af4f7993c Merge branch 'preserve-conf-dir-sort-order' into 'master'
remove duplicates from conf dirs while preserving order

See merge request ungleich-public/cdist!862
2020-04-11 20:30:11 +02:00
Darko Poljak
704e78322e Use OrderedDict to guarantee order
Note:
> Changed in version 3.7: Dictionary order is guaranteed to be
> insertion order. This behavior was an implementation detail of
> CPython from 3.6.
2020-04-11 20:26:20 +02:00
Darko Poljak
1ebcc219c2 ++changelog 2020-04-11 09:54:57 +02:00
Steven Armstrong
e19c1bb1e0 remove duplicates from conf dirs while preserving order
Signed-off-by: Steven Armstrong <steven@icarus.ethz.ch>
2020-04-10 21:50:39 +02:00
Steven Armstrong
76d978d3d8 explorer/init: do not grep on non-existent init
Signed-off-by: Steven Armstrong <steven@icarus.ethz.ch>
2020-04-10 10:51:17 +02:00
d53077f4e8 Add --encoding, --lc-collate, --lc-support to __postgres_database type 2020-04-06 09:30:01 +02:00
Dennis Camera
64c247026a [__locale_system] Support Devuan 2019-09-30 14:20:41 +02:00
386 changed files with 11510 additions and 2158 deletions

2
.gitattributes vendored
View file

@ -4,5 +4,5 @@
docs/speeches export-ignore
docs/video export-ignore
docs/src/man7 export-ignore
bin/build-helper export-ignore
bin/cdist-build-helper export-ignore
README-maintainers export-ignore

View file

@ -1,18 +1,23 @@
---
image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest
stages:
- test
unit_tests:
stage: test
script:
- ./bin/build-helper version
- ./bin/build-helper test
pycodestyle:
stage: test
script:
- ./bin/build-helper pycodestyle
before_script:
- ./bin/cdist-build-helper version
shellcheck:
stage: test
script:
- ./bin/build-helper shellcheck
- ./bin/cdist-build-helper shellcheck
pycodestyle:
stage: test
script:
- ./bin/cdist-build-helper pycodestyle
unit_tests:
stage: test
script:
- ./bin/cdist-build-helper test

View file

@ -35,9 +35,9 @@ DOCS_SRC_DIR=./docs/src
SPEECHDIR=./docs/speeches
TYPEDIR=./cdist/conf/type
SPHINXM=make -C $(DOCS_SRC_DIR) man
SPHINXH=make -C $(DOCS_SRC_DIR) html
SPHINXC=make -C $(DOCS_SRC_DIR) clean
SPHINXM=$(MAKE) -C $(DOCS_SRC_DIR) man
SPHINXH=$(MAKE) -C $(DOCS_SRC_DIR) html
SPHINXC=$(MAKE) -C $(DOCS_SRC_DIR) clean
################################################################################
# Manpages
@ -81,7 +81,7 @@ version:
}
# Manpages #3: generic part
man: version $(MANTYPES) $(DOCSREF)
man: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF)
$(SPHINXM)
html: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF)
@ -104,7 +104,7 @@ DOTMANTYPES=$(subst /man.rst,.rst,$(DOTMANTYPEPREFIX))
$(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst
ln -sf "$^" $@
dotman: version $(DOTMANTYPES)
dotman: version configskel $(DOTMANTYPES) $(DOCSREF) $(DOCSTYPESREF)
$(SPHINXM)
################################################################################

7
README
View file

@ -1,7 +0,0 @@
cdist
-----
cdist is a usable configuration management system.
For the web documentation have a look at https://www.cdi.st/
or at docs/src for reStructuredText manual.

View file

@ -1,4 +1,4 @@
Maintainers should use ./bin/build-helper script.
Maintainers should use ./bin/cdist-build-helper script.
Makefile is intended for end users. It can be used for non-maintaining
targets that can be run from pure source (without git repository).

31
README.md Normal file
View file

@ -0,0 +1,31 @@
# cdist
**cdist** is a usable configuration management system.
It adheres to the [**KISS principle**](https://en.wikipedia.org/wiki/KISS_principle)
and is being used in small up to enterprise grade environments.
For more information have a look at [**homepage**](https://cdi.st)
or at **``docs/src``** for manual in **reStructuredText** format.
## Contributing
Merge/Pull requests can be made in both
[upstream **GitLab**](https://code.ungleich.ch/ungleich-public/cdist/merge_requests)
(managed by [**ungleich**](https://ungleich.ch))
and [**GitHub** project](https://github.com/ungleich/cdist/pulls).
Issues can be made and other project management activites happen
[**only in GitLab**](https://code.ungleich.ch/ungleich-public/cdist)
(needs [**ungleich** account](https://account.ungleich.ch)).
For community-maintained types there is
[**cdist-contrib** project](https://code.ungleich.ch/ungleich-public/cdist-contrib).
## Participating
IRC: ``#cdist`` @ [libera](https://libera.chat)
Matrix: ``#cdist:ungleich.ch``
Matrix and IRC are bridged.

View file

@ -1,7 +1,8 @@
#!/bin/sh
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# 2012 Nico Schottelius (nico-cdist at schottelius.org)
# 2010-2016 Nico Schottelius (nico-cdist at schottelius.org)
# 2016 Darko Poljak (darko.poljak at gmail.com)
#
# This file is part of cdist.
#
@ -20,14 +21,83 @@
#
#
# Wrapper for real script to allow execution from checkout
dir=${0%/*}
import logging
import os
import sys
# Ensure version is present - the bundled/shipped version contains a static version,
# the git version contains a dynamic version
"$dir/build-helper" version
# See if this file's parent is cdist module
# and if so add it to module search path.
cdist_dir = os.path.realpath(
os.path.join(
os.path.dirname(os.path.realpath(__file__)),
os.pardir))
cdist_init_dir = os.path.join(cdist_dir, 'cdist', '__init__.py')
if os.path.exists(cdist_init_dir):
sys.path.insert(0, cdist_dir)
libdir=$(cd "${dir}/../" && pwd -P)
export PYTHONPATH="${libdir}"
import cdist # noqa 402
import cdist.argparse # noqa 402
import cdist.banner # noqa 402
import cdist.config # noqa 402
import cdist.install # noqa 402
import cdist.shell # noqa 402
import cdist.inventory # noqa 402
"$dir/../scripts/cdist" "$@"
def commandline():
"""Parse command line"""
# preos subcommand hack
if len(sys.argv) > 1 and sys.argv[1] == 'preos':
return cdist.preos.PreOS.commandline(sys.argv[1:])
parser, cfg = cdist.argparse.parse_and_configure(sys.argv[1:])
args = cfg.get_args()
# Work around python 3.3 bug:
# http://bugs.python.org/issue16308
# http://bugs.python.org/issue9253
# FIXME: catching AttributeError also hides
# real problems.. try a different way
# FIXME: we always print main help, not
# the help of the actual parser being used!
try:
getattr(args, "func")
except AttributeError:
parser['main'].print_help()
sys.exit(0)
args.func(args)
if __name__ == "__main__":
if sys.version_info[:3] < cdist.MIN_SUPPORTED_PYTHON_VERSION:
print(
'Python >= {} is required on the source host.'.format(
".".join(map(str, cdist.MIN_SUPPORTED_PYTHON_VERSION))),
file=sys.stderr)
sys.exit(1)
exit_code = 0
try:
import re
import os
if re.match("__", os.path.basename(sys.argv[0])):
import cdist.emulator
emulator = cdist.emulator.Emulator(sys.argv)
emulator.run()
else:
commandline()
except KeyboardInterrupt:
exit_code = 2
except cdist.Error as e:
log = logging.getLogger("cdist")
log.error(e)
exit_code = 1
sys.exit(exit_code)

View file

@ -1,6 +1,6 @@
#!/bin/sh
#
# 2011-2013 Nico Schottelius (nico-cdist at schottelius.org)
# 2011-2022 Nico Schottelius (nico-cdist at schottelius.org)
# 2016-2019 Darko Poljak (darko.poljak at gmail.com)
#
# This file is part of cdist.
@ -45,7 +45,7 @@ usage() {
shellcheck-manifests
shellcheck-local-gencodes
shellcheck-remote-gencodes
shellcheck-scripts
shellcheck-bin
shellcheck-gencodes
shellcheck-types
shellcheck
@ -100,7 +100,7 @@ case "$option" in
if (\$0 ~ /^$end/) {
exit
} else {
print \$0
print \$0
}
}
}" "$basedir/docs/changelog"
@ -135,7 +135,7 @@ case "$option" in
version=$1; shift
(
(
cat << eof
Subject: cdist $version has been released
@ -336,7 +336,7 @@ eof
make docs-clean
make docs
#############################################################
#############################################################
# Everything green, let's do the release
# Tag the current commit
@ -371,7 +371,6 @@ eof
Manual steps post release:
- cdist-web
- send generated mailinglist.tmp mail
- twitter
eof
;;
@ -406,7 +405,7 @@ eof
;;
pycodestyle|pep8)
pycodestyle "${basedir}" "${basedir}/scripts/cdist"
pycodestyle "${basedir}" "${basedir}/bin/cdist"
;;
check-pycodestyle)
@ -461,27 +460,34 @@ eof
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
;;
shellcheck-scripts)
# NOTE: shellcheck-scripts is kept for compatibility
shellcheck-bin|shellcheck-scripts)
# shellcheck disable=SC2086
${SHELLCHECKCMD} scripts/cdist-dump scripts/cdist-new-type > "${SHELLCHECKTMP}"
${SHELLCHECKCMD} bin/cdist-dump bin/cdist-new-type > "${SHELLCHECKTMP}"
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
;;
shellcheck-gencodes)
"$0" shellcheck-local-gencodes || exit 1
"$0" shellcheck-remote-gencodes || exit 1
errors=false
"$0" shellcheck-local-gencodes || errors=true
"$0" shellcheck-remote-gencodes || errors=true
! $errors || exit 1
;;
shellcheck-types)
"$0" shellcheck-type-explorers || exit 1
"$0" shellcheck-manifests || exit 1
"$0" shellcheck-gencodes || exit 1
errors=false
"$0" shellcheck-type-explorers || errors=true
"$0" shellcheck-manifests || errors=true
"$0" shellcheck-gencodes || errors=true
! $errors || exit 1
;;
shellcheck)
"$0" shellcheck-global-explorers || exit 1
"$0" shellcheck-types || exit 1
"$0" shellcheck-scripts || exit 1
errors=false
"$0" shellcheck-global-explorers || errors=true
"$0" shellcheck-types || errors=true
"$0" shellcheck-bin || errors=true
! $errors || exit 1
;;
shellcheck-type-files)
@ -491,12 +497,14 @@ eof
;;
shellcheck-with-files)
"$0" shellcheck || exit 1
"$0" shellcheck-type-files || exit 1
errors=false
"$0" shellcheck || errors=true
"$0" shellcheck-type-files || errors=true
! $errors || exit 1
;;
shellcheck-build-helper)
${SHELLCHECKCMD} ./bin/build-helper
${SHELLCHECKCMD} ./bin/cdist-build-helper
;;
check-shellcheck)

View file

@ -224,6 +224,7 @@ hor_line()
if [ "${do_global_explorer}" ]
then
print_verbose 2 "Dumping global explorers"
# shellcheck disable=SC2086
set -- "$@" ${or} \( \
-path "*/explorer/*" -a \
! -path "*/conf/*" -a \

View file

@ -22,11 +22,27 @@
import os
import hashlib
import subprocess
import cdist.log
import cdist.version
VERSION = cdist.version.VERSION
VERSION = 'unknown version'
try:
import cdist.version
VERSION = cdist.version.VERSION
except ModuleNotFoundError:
cdist_dir = os.path.abspath(
os.path.join(os.path.dirname(__file__), os.pardir))
if os.path.isdir(os.path.join(cdist_dir, '.git')):
try:
VERSION = subprocess.check_output(
['git', 'describe', '--always'],
cwd=cdist_dir,
universal_newlines=True)
except Exception:
pass
BANNER = """
.. . .x+=:. s
@ -48,6 +64,9 @@ REMOTE_EXEC = "ssh -o User=root"
REMOTE_CMDS_CLEANUP_PATTERN = "ssh -o User=root -O exit -S {}"
MIN_SUPPORTED_PYTHON_VERSION = (3, 5)
class Error(Exception):
"""Base exception class for this project"""
pass

View file

@ -5,12 +5,14 @@ import logging
import collections
import functools
import cdist.configuration
import cdist.log
import cdist.preos
import cdist.info
import cdist.scan.commandline
# set of beta sub-commands
BETA_COMMANDS = set(('install', 'inventory', ))
BETA_COMMANDS = set(('install', 'inventory', 'scan', ))
# set of beta arguments for sub-commands
BETA_ARGS = {
'config': set(('tag', 'all_tagged_hosts', 'use_archiving', )),
@ -125,6 +127,14 @@ def get_parsers():
'value.'),
action='count', default=None)
parser['colored_output'] = argparse.ArgumentParser(add_help=False)
parser['colored_output'].add_argument(
'--colors', metavar='WHEN',
help="Colorize cdist's output based on log level; "
"WHEN is 'always', 'never', or 'auto'.",
action='store', dest='colored_output', required=False,
choices=cdist.configuration.ColoredOutputOption.CHOICES)
parser['beta'] = argparse.ArgumentParser(add_help=False)
parser['beta'].add_argument(
'-b', '--beta',
@ -197,6 +207,13 @@ def get_parsers():
'supported. Without argument CPU count is used by default. '),
action='store', dest='jobs',
const=multiprocessing.cpu_count())
parser['config_main'].add_argument(
'--log-server',
action='store_true',
help=('Start a log server for sub processes to use. '
'This is mainly useful when running cdist nested '
'from a code-local script. Log server is alwasy '
'implicitly started for \'install\' command.'))
parser['config_main'].add_argument(
'-n', '--dry-run',
help='Do not execute code.', action='store_true')
@ -257,8 +274,7 @@ def get_parsers():
'-f', '--file',
help=('Read specified file for a list of additional hosts to '
'operate on or if \'-\' is given, read stdin (one host per '
'line). If no host or host file is specified then, by '
'default, read hosts from stdin.'),
'line).'),
dest='hostfile', required=False)
parser['config_args'].add_argument(
'-p', '--parallel', nargs='?', metavar='HOST_MAX',
@ -283,6 +299,7 @@ def get_parsers():
'host', nargs='*', help='Host(s) to operate on.')
parser['config'] = parser['sub'].add_parser(
'config', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['config_main'],
parser['inventory_common'],
@ -301,6 +318,7 @@ def get_parsers():
parser['add-host'] = parser['invsub'].add_parser(
'add-host', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['add-host'].add_argument(
@ -308,13 +326,12 @@ def get_parsers():
parser['add-host'].add_argument(
'-f', '--file',
help=('Read additional hosts to add from specified file '
'or from stdin if \'-\' (each host on separate line). '
'If no host or host file is specified then, by default, '
'read from stdin.'),
'or from stdin if \'-\' (each host on separate line). '),
dest='hostfile', required=False)
parser['add-tag'] = parser['invsub'].add_parser(
'add-tag', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['add-tag'].add_argument(
@ -323,20 +340,12 @@ def get_parsers():
parser['add-tag'].add_argument(
'-f', '--file',
help=('Read additional hosts to add tags from specified file '
'or from stdin if \'-\' (each host on separate line). '
'If no host or host file is specified then, by default, '
'read from stdin. If no tags/tagfile nor hosts/hostfile'
' are specified then tags are read from stdin and are'
' added to all hosts.'),
'or from stdin if \'-\' (each host on separate line). '),
dest='hostfile', required=False)
parser['add-tag'].add_argument(
'-T', '--tag-file',
help=('Read additional tags to add from specified file '
'or from stdin if \'-\' (each tag on separate line). '
'If no tag or tag file is specified then, by default, '
'read from stdin. If no tags/tagfile nor hosts/hostfile'
' are specified then tags are read from stdin and are'
' added to all hosts.'),
'or from stdin if \'-\' (each tag on separate line). '),
dest='tagfile', required=False)
parser['add-tag'].add_argument(
'-t', '--taglist',
@ -346,6 +355,7 @@ def get_parsers():
parser['del-host'] = parser['invsub'].add_parser(
'del-host', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['del-host'].add_argument(
@ -356,13 +366,12 @@ def get_parsers():
parser['del-host'].add_argument(
'-f', '--file',
help=('Read additional hosts to delete from specified file '
'or from stdin if \'-\' (each host on separate line). '
'If no host or host file is specified then, by default, '
'read from stdin.'),
'or from stdin if \'-\' (each host on separate line). '),
dest='hostfile', required=False)
parser['del-tag'] = parser['invsub'].add_parser(
'del-tag', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['del-tag'].add_argument(
@ -375,20 +384,13 @@ def get_parsers():
parser['del-tag'].add_argument(
'-f', '--file',
help=('Read additional hosts to delete tags for from specified '
'file or from stdin if \'-\' (each host on separate line). '
'If no host or host file is specified then, by default, '
'read from stdin. If no tags/tagfile nor hosts/hostfile'
' are specified then tags are read from stdin and are'
' deleted from all hosts.'),
'file or from stdin if \'-\' (each host on separate '
'line). '),
dest='hostfile', required=False)
parser['del-tag'].add_argument(
'-T', '--tag-file',
help=('Read additional tags from specified file '
'or from stdin if \'-\' (each tag on separate line). '
'If no tag or tag file is specified then, by default, '
'read from stdin. If no tags/tagfile nor'
' hosts/hostfile are specified then tags are read from'
' stdin and are added to all hosts.'),
'or from stdin if \'-\' (each tag on separate line). '),
dest='tagfile', required=False)
parser['del-tag'].add_argument(
'-t', '--taglist',
@ -398,6 +400,7 @@ def get_parsers():
parser['list'] = parser['invsub'].add_parser(
'list', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['list'].add_argument(
@ -430,7 +433,7 @@ def get_parsers():
# Shell
parser['shell'] = parser['sub'].add_parser(
'shell', parents=[parser['loglevel']])
'shell', parents=[parser['loglevel'], parser['colored_output']])
parser['shell'].add_argument(
'-s', '--shell',
help=('Select shell to use, defaults to current shell. Used shell'
@ -468,6 +471,44 @@ def get_parsers():
'pattern', nargs='?', help='Glob pattern.')
parser['info'].set_defaults(func=cdist.info.Info.commandline)
# Scan = config + further
parser['scan'] = parser['sub'].add_parser(
'scan', parents=[parser['loglevel'],
parser['beta'],
parser['colored_output'],
parser['common'],
parser['config_main']])
parser['scan'].add_argument(
'-m', '--mode', help='Which modes should run',
action='append', default=[],
choices=['scan', 'trigger', 'config'])
parser['scan'].add_argument(
'--list',
action='store_true',
help='List the known hosts and exit')
parser['scan'].add_argument(
'--config',
action='store_true',
help='Try to configure detected hosts')
parser['scan'].add_argument(
'-I', '--interface',
action='append', default=[], required=True,
help='On which interfaces to scan/trigger')
parser['scan'].add_argument(
'--name-mapper',
action='store', default=None,
help='Map addresses to names, required for config mode')
parser['scan'].add_argument(
'-d', '--config-delay',
action='store', default=3600, type=int,
help='How long (seconds) to wait before reconfiguring after last try')
parser['scan'].add_argument(
'-t', '--trigger-delay',
action='store', default=5, type=int,
help='How long (seconds) to wait between ICMPv6 echo requests')
parser['scan'].set_defaults(func=cdist.scan.commandline.commandline)
for p in parser:
parser[p].epilog = EPILOG
@ -478,7 +519,12 @@ def handle_loglevel(args):
if hasattr(args, 'quiet') and args.quiet:
args.verbose = _verbosity_level_off
logging.root.setLevel(_verbosity_level[args.verbose])
logging.getLogger().setLevel(_verbosity_level[args.verbose])
def handle_log_colors(args):
if cdist.configuration.ColoredOutputOption.translate(args.colored_output):
cdist.log.CdistFormatter.USE_COLORS = True
def parse_and_configure(argv, singleton=True):
@ -492,13 +538,14 @@ def parse_and_configure(argv, singleton=True):
raise cdist.Error(str(e))
# Loglevels are handled globally in here
handle_loglevel(args)
handle_log_colors(args)
log = logging.getLogger("cdist")
log.verbose("version %s" % cdist.VERSION)
log.trace('command line args: {}'.format(cfg.command_line_args))
log.trace('configuration: {}'.format(cfg.get_config()))
log.trace('configured args: {}'.format(args))
log.verbose("version %s", cdist.VERSION)
log.trace('command line args: %s', cfg.command_line_args)
log.trace('configuration: %s', cfg.get_config())
log.trace('configured args: %s', args)
check_beta(vars(args))

View file

@ -32,6 +32,11 @@ case "$os" in
sysctl -n hw.ncpuonline
;;
"freebsd"|"netbsd")
PATH=$(getconf PATH)
sysctl -n hw.ncpu
;;
*)
if [ -r /proc/cpuinfo ]; then
cores="$(grep "core id" /proc/cpuinfo | sort | uniq | wc -l)"

View file

@ -30,9 +30,8 @@ case $uname_s in
sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+'
;;
NetBSD)
PATH="${PATH}:/usr/local/sbin:/usr/sbin:/sbin"
sysctl -n hw.disknames \
| awk 'BEGIN { RS = " " } /^[lsw]d[0-9]+/'
PATH=$(getconf PATH)
sysctl -n hw.disknames | awk -v RS=' ' '/^[lsw]d[0-9]+/'
;;
Linux)
# list of major device numbers toexclude:

View file

@ -221,6 +221,7 @@ check_systemstarter() {
check_sysvinit() (
init_path=${1:-/sbin/init}
test -x "${init_path}" || return 1
grep -q 'INIT_VERSION=sysvinit-[0-9.]*' "${init_path}" || return 1
# It is quite common to use SysVinit to stack other init systemd

View file

@ -21,6 +21,9 @@
set +e
case "$("$__explorer/os")" in
checkpoint)
awk '{printf("%s\n", $(NF-1))}' /etc/cp-release
;;
openwrt)
# shellcheck disable=SC1091
(. /etc/openwrt_release && echo "$DISTRIB_CODENAME")

View file

@ -21,6 +21,9 @@
set +e
case "$("$__explorer/os")" in
checkpoint)
cat /etc/cp-release
;;
openwrt)
# shellcheck disable=SC1091
(. /etc/openwrt_release && echo "$DISTRIB_DESCRIPTION")

View file

@ -21,6 +21,9 @@
set +e
case "$("$__explorer/os")" in
checkpoint)
echo "CheckPoint"
;;
openwrt)
# shellcheck disable=SC1091
(. /etc/openwrt_release && echo "$DISTRIB_ID")

View file

@ -21,6 +21,9 @@
set +e
case "$("$__explorer/os")" in
checkpoint)
sed /etc/cp-release -e 's/.* R\([1-9][0-9]*\)\.[0-9]*$/\1/'
;;
openwrt)
# shellcheck disable=SC1091
(. /etc/openwrt_release && echo "$DISTRIB_RELEASE")

File diff suppressed because it is too large Load diff

View file

@ -1,8 +1,9 @@
#!/bin/sh
#!/bin/sh -e
#
# 2014 Daniel Heule (hda at sfs.biz)
# 2014 Thomas Oettli (otho at sfs.biz)
# Copyright 2017, Philippe Gregoire <pg@pgregoire.xyz>
# 2020 Dennis Camera <dennis.camera at ssrq-sds-fds.ch>
#
# This file is part of cdist.
#
@ -19,23 +20,73 @@
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Returns the amount of memory physically installed in the system, or if that
# cannot be determined the amount available to the operating system kernel,
# in kibibytes (kiB).
# FIXME: other system types (not linux ...)
str2bytes() {
awk -F' ' '
$2 == "B" || !$2 { print $1 }
$2 == "kB" { printf "%.f\n", ($1 * 1000) }
$2 == "MB" { printf "%.f\n", ($1 * 1000 * 1000) }
$2 == "GB" { printf "%.f\n", ($1 * 1000 * 1000 * 1000) }
$2 == "TB" { printf "%.f\n", ($1 * 1000 * 1000 * 1000 * 1000) }
$2 == "kiB" { printf "%.f\n", ($1 * 1024) }
$2 == "MiB" { printf "%.f\n", ($1 * 1024 * 1024) }
$2 == "GiB" { printf "%.f\n", ($1 * 1024 * 1024 * 1024) }
$2 == "TiB" { printf "%.f\n", ($1 * 1024 * 1024 * 1024 * 1024) }'
}
os=$("$__explorer/os")
case "$os" in
"macosx")
echo "$(sysctl -n hw.memsize)/1024" | bc
;;
bytes2kib() {
awk '$0 > 0 { printf "%.f\n", ($0 / 1024) }'
}
"openbsd")
echo "$(sysctl -n hw.physmem) / 1048576" | bc
;;
*)
if [ -r /proc/meminfo ]; then
grep "MemTotal:" /proc/meminfo | awk '{print $2}'
fi
;;
case $(uname -s)
in
(Darwin)
sysctl -n hw.memsize | bytes2kib
;;
(FreeBSD)
sysctl -n hw.realmem | bytes2kib
;;
(NetBSD|OpenBSD)
# NOTE: This reports "usable" memory, not physically installed memory.
command -p sysctl -n hw.physmem | bytes2kib
;;
(SunOS)
# Make sure that awk from xpg4 is used for the scripts to work
export PATH="/usr/xpg4/bin:${PATH}"
prtconf \
| awk -F ': ' '
$1 == "Memory size" { sub(/Megabytes/, "MiB", $2); print $2 }
/^$/ { exit }' \
| str2bytes \
| bytes2kib
;;
(Linux)
if test -d /sys/devices/system/memory
then
# Use memory blocks if the architecture (e.g. x86, PPC64, s390)
# supports them (they denote physical memory)
num_mem_blocks=$(cat /sys/devices/system/memory/memory[0-9]*/state | grep -cxF online)
mem_block_size=$(cat /sys/devices/system/memory/block_size_bytes)
echo $((num_mem_blocks * 0x$mem_block_size)) | bytes2kib && exit
fi
if test -r /proc/meminfo
then
# Fall back to meminfo file on other architectures (e.g. ARM, MIPS,
# PowerPC)
# NOTE: This is "usable" memory, not physically installed memory.
awk -F ': +' '$1 == "MemTotal" { sub(/B$/, "iB", $2); print $2 }' /proc/meminfo \
| str2bytes \
| bytes2kib
fi
;;
(*)
printf "Your kernel (%s) is currently not supported by the memory explorer\n" "$(uname -s)" >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
;;
esac

View file

@ -116,6 +116,13 @@ if [ -f /etc/slackware-version ]; then
exit 0
fi
# Appliances
if grep -q '^Check Point Gaia' /etc/cp-release 2>/dev/null; then
echo checkpoint
exit 0
fi
uname_s="$(uname -s)"
# Assume there is no tr on the client -> do lower case ourselves
@ -143,6 +150,13 @@ case "$uname_s" in
esac
if [ -f /etc/os-release ]; then
# after sles15, suse don't provide an /etc/SuSE-release anymore, but there is almost no difference between sles and opensuse leap, so call it suse
# shellcheck disable=SC1091
if (. /etc/os-release && echo "${ID_LIKE}" | grep -q '\(^\|\ \)suse\($\|\ \)')
then
echo suse
exit 0
fi
# already lowercase, according to:
# https://www.freedesktop.org/software/systemd/man/os-release.html
awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release

View file

@ -34,5 +34,9 @@ elif test -f /var/run/os-release
then
# FreeBSD (created by os-release service)
cat /var/run/os-release
elif test -f /etc/cp-release
then
# Checkpoint firewall or management (actually linux based)
cat /etc/cp-release
fi

View file

@ -1,6 +1,7 @@
#!/bin/sh
#!/bin/sh -e
#
# 2010-2011 Nico Schottelius (nico-cdist at schottelius.org)
# 2020-2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -17,12 +18,22 @@
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# All os variables are lower case
#
#
case "$("$__explorer/os")" in
rc_getvar() {
awk -F= -v varname="$2" '
function unquote(s) {
if (s ~ /^".*"$/ || s ~ /^'\''.*'\''$/)
return substr(s, 2, length(s) - 2)
else
return s
}
$1 == varname { print unquote(substr($0, index($0, "=") + 1)) }' "$1"
}
case $("${__explorer:?}/os")
in
amazon)
cat /etc/system-release
;;
@ -30,11 +41,58 @@ case "$("$__explorer/os")" in
# empty, but well...
cat /etc/arch-release
;;
checkpoint)
awk '{version=$NF; printf("%s\n", substr(version, 2))}' /etc/cp-release
;;
debian)
cat /etc/debian_version
debian_version=$(cat /etc/debian_version)
case $debian_version
in
testing/unstable)
# previous to Debian 4.0 testing/unstable was used
# cf. https://metadata.ftp-master.debian.org/changelogs/main/b/base-files/base-files_11_changelog
echo 3.99
;;
*/sid)
# sid versions don't have a number, so we decode by codename:
case $(expr "$debian_version" : '\([a-z]\{1,\}\)/')
in
trixie) echo 12.99 ;;
bookworm) echo 11.99 ;;
bullseye) echo 10.99 ;;
buster) echo 9.99 ;;
stretch) echo 8.99 ;;
jessie) echo 7.99 ;;
wheezy) echo 6.99 ;;
squeeze) echo 5.99 ;;
lenny) echo 4.99 ;;
*) echo 99.99 ;;
esac
;;
*)
echo "$debian_version"
;;
esac
;;
devuan)
cat /etc/devuan_version
devuan_version=$(cat /etc/devuan_version)
case ${devuan_version}
in
(*/ceres)
# ceres versions don't have a number, so we decode by codename:
case ${devuan_version}
in
(daedalus/ceres) echo 4.99 ;;
(chimaera/ceres) echo 3.99 ;;
(beowulf/ceres) echo 2.99 ;;
(ascii/ceres) echo 1.99 ;;
(*) exit 1
esac
;;
(*)
echo "${devuan_version}"
;;
esac
;;
fedora)
cat /etc/fedora-release
@ -43,7 +101,20 @@ case "$("$__explorer/os")" in
cat /etc/gentoo-release
;;
macosx)
sw_vers -productVersion
# NOTE: Legacy versions (< 10.3) do not support options
sw_vers | awk -F ':[ \t]+' '$1 == "ProductVersion" { print $2 }'
;;
freebsd)
# Apparently uname -r is not a reliable way to get the patch level.
# See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743
if command -v freebsd-version >/dev/null 2>&1
then
# get userland version
freebsd-version -u
else
# fallback to kernel release for FreeBSD < 10.0
uname -r
fi
;;
*bsd|solaris)
uname -r
@ -68,9 +139,22 @@ case "$("$__explorer/os")" in
fi
;;
ubuntu)
lsb_release -sr
if command -v lsb_release >/dev/null 2>&1
then
lsb_release -sr
elif test -r /usr/lib/os-release
then
# fallback to /usr/lib/os-release if lsb_release is not present (like
# on minimized Ubuntu installations)
rc_getvar /usr/lib/os-release VERSION_ID
elif test -r /etc/lsb-release
then
# extract DISTRIB_RELEASE= variable from /etc/lsb-release on old
# versions without /usr/lib/os-release.
rc_getvar /etc/lsb-release DISTRIB_RELEASE
fi
;;
alpine)
cat /etc/alpine-release
;;
esac
esac

View file

@ -0,0 +1,4 @@
#!/bin/sh -e
getent passwd | awk -F: '{print "user:"$1}'
getent group | awk -F: '{print "group:"$1}'

View file

@ -22,8 +22,8 @@ file_is="$( cat "$__object/explorer/file_is" )"
if [ "$file_is" = 'missing' ] \
&& [ -z "$__cdist_dry_run" ] \
&& \( [ ! -f "$__object/parameter/file" ] \
|| [ ! -f "$__object/parameter/directory" ] \)
&& [ ! -f "$__object/parameter/file" ] \
&& [ ! -f "$__object/parameter/directory" ]
then
exit 0
fi
@ -47,28 +47,26 @@ then
elif [ -f "$__object/parameter/entry" ]
then
acl_should="$( cat "$__object/parameter/entry" )"
elif [ -f "$__object/parameter/acl" ]
then
acl_should="$( cat "$__object/parameter/acl" )"
elif
[ -f "$__object/parameter/user" ] \
|| [ -f "$__object/parameter/group" ] \
|| [ -f "$__object/parameter/mask" ] \
|| [ -f "$__object/parameter/other" ]
then
acl_should="$( for param in user group mask other
do
[ ! -f "$__object/parameter/$param" ] && continue
echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=:
echo "$param$sep$( cat "$__object/parameter/$param" )"
done )"
else
echo 'no parameters set' >&2
exit 1
fi
# instead of setfacl's non-helpful message "Option -m: Invalid argument near character X"
# let's check if target has necessary users and groups, since mistyped or missing
# users/groups in target is most common reason.
echo "$acl_should" \
| grep -Po '(user|group):[^:]+' \
| sort -u \
| while read -r l
do
if ! grep "$l" -Fxq "$__object/explorer/getent"
then
echo "no $l' in target" | sed "s/:/ '/" >&2
exit 1
fi
done
if [ -f "$__object/parameter/default" ]
then
acl_should="$( echo "$acl_should" \

View file

@ -12,11 +12,14 @@ Fully supported and tested on Linux (ext4 filesystem), partial support for FreeB
See ``setfacl`` and ``acl`` manpages for more details.
One of ``--entry`` or ``--source`` must be used.
REQUIRED MULTIPLE PARAMETERS
OPTIONAL MULTIPLE PARAMETERS
----------------------------
entry
Set ACL entry following ``getfacl`` output syntax.
Must be used if ``--source`` is not used.
OPTIONAL PARAMETERS
@ -25,6 +28,7 @@ source
Read ACL entries from stdin or file.
Ordering of entries is not important.
When reading from file, comments and empty lines are ignored.
Must be used if ``--entry`` is not used.
file
Create/change file with ``__file`` using ``user:group:mode`` pattern.
@ -48,12 +52,6 @@ remove
``mask`` and ``other`` entries can't be removed, but only changed.
DEPRECATED PARAMETERS
---------------------
Parameters ``acl``, ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
will be removed in future versions. Please use ``entry`` parameter instead.
EXAMPLES
--------

View file

@ -1 +0,0 @@
see manual for details

View file

@ -1 +0,0 @@
see manual for details

View file

@ -1 +0,0 @@
see manual for details

View file

@ -1 +0,0 @@
see manual for details

View file

@ -1 +0,0 @@
see manual for details

View file

@ -1,5 +1,3 @@
mask
other
source
file
directory

View file

@ -1,4 +1 @@
entry
acl
user
group

View file

@ -0,0 +1,104 @@
cdist-type__debian_backports(7)
===============================
NAME
----
cdist-type__apt_backports - Install backports
DESCRIPTION
-----------
This singleton type installs backports for the current OS release.
It aborts if backports are not supported for the specified OS or
no version codename could be fetched (like Debian unstable).
The package index will be automatically updated if required.
It supports backports from following OSes:
- Debian
- Devuan
- Ubuntu
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
Represents the state of the backports repository. ``present`` or
``absent``, defaults to ``present``.
Will be directly passed to :strong:`cdist-type__apt_source`\ (7).
mirror
The mirror to fetch the backports from. Will defaults to the generic
mirror of the current OS.
Will be directly passed to :strong:`cdist-type__apt_source`\ (7).
BOOLEAN PARAMETERS
------------------
None.
MESSAGES
--------
None.
EXAMPLES
--------
.. code-block:: sh
# setup the backports
__apt_backports
__apt_backports --state absent
__apt_backports --state present --mirror "http://ftp.de.debian.org/debian/"
# install a backports package
# currently for the buster release backports
require="__apt_backports" __package_apt wireguard \
--target-release buster-backports
ABORTS
------
Aborts if the detected os is not Debian.
Aborts if no distribuition codename could be detected. This is common for the
unstable distribution, but there is no backports repository for it already.
CAVEATS
-------
For Ubuntu, it setup all componenents for the backports repository: ``main``,
``restricted``, ``universe`` and ``multiverse``. The user may not want to
install proprietary packages, which will only be installed if the user
explicitly uses the backports target-release. The user may change this behavior
to install backports packages without the need of explicitly select it.
SEE ALSO
--------
`Official Debian Backports site <https://backports.debian.org/>`_
:strong:`cdist-type__apt_source`\ (7)
AUTHORS
-------
Matthias Stecher <matthiasstecher at gmx.de>
COPYING
-------
Copyright \(C) 2020 Matthias Stecher. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,82 @@
#!/bin/sh -e
# __apt_backports/manifest
#
# 2020 Matthias Stecher (matthiasstecher at gmx.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Enables/disables backports repository. Utilises __apt_source for it.
#
# Get the distribution codename by /etc/os-release.
# is already executed in a subshell by string substitution
# lsb_release may not be given in all installations
codename_os_release() {
# shellcheck disable=SC1090
# shellcheck disable=SC1091
. "$__global/explorer/os_release"
printf "%s" "$VERSION_CODENAME"
}
# detect backport distribution
os="$(cat "$__global/explorer/os")"
case "$os" in
debian)
dist="$( codename_os_release )"
components="main"
mirror="http://deb.debian.org/debian/"
;;
devuan)
dist="$( codename_os_release )"
components="main"
mirror="http://deb.devuan.org/merged"
;;
ubuntu)
dist="$( codename_os_release )"
components="main restricted universe multiverse"
mirror="http://archive.ubuntu.com/ubuntu"
;;
*)
printf "Backports for %s are not supported!\n" "$os" >&2
exit 1
;;
esac
# error if no codename given (e.g. on Debian unstable)
if [ -z "$dist" ]; then
printf "No backports for unkown version of distribution %s!\n" "$os" >&2
exit 1
fi
# parameters
state="$(cat "$__object/parameter/state")"
# mirror already set for the os, only override user-values
if [ -f "$__object/parameter/mirror" ]; then
mirror="$(cat "$__object/parameter/mirror")"
fi
# install the given backports repository
__apt_source "${dist}-backports" \
--state "$state" \
--distribution "${dist}-backports" \
--component "$components" \
--uri "$mirror"

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1,2 @@
state
mirror

View file

@ -27,18 +27,25 @@ else
keyid="$__object_id"
fi
# From apt-key(8):
# Use of apt-key is deprecated, except for the use of apt-key del in
# maintainer scripts to remove existing keys from the main keyring.
# If such usage of apt-key is desired the additional installation of
# the GNU Privacy Guard suite (packaged in gnupg) is required.
if [ -f "${__object}/parameter/use-deprecated-apt-key" ]; then
if apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK"
then echo present
else echo absent
fi
exit
fi
keydir="$(cat "$__object/parameter/keydir")"
keyfile="$keydir/$__object_id.gpg"
if [ -d "$keydir" ]
if [ -f "$keyfile" ]
then
if [ -f "$keyfile" ]
then echo present
else echo absent
fi
else
# fallback to deprecated apt-key
apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK" \
&& echo present \
|| echo absent
echo present
exit
fi
echo absent

View file

@ -25,11 +25,7 @@ else
fi
state_should="$(cat "$__object/parameter/state")"
state_is="$(cat "$__object/explorer/state")"
if [ "$state_should" = "$state_is" ]; then
# nothing to do
exit 0
fi
method="$(cat "$__object/key_method")"
keydir="$(cat "$__object/parameter/keydir")"
keyfile="$keydir/$__object_id.gpg"
@ -37,30 +33,18 @@ keyfile="$keydir/$__object_id.gpg"
case "$state_should" in
present)
keyserver="$(cat "$__object/parameter/keyserver")"
if [ -f "$__object/parameter/uri" ]; then
uri="$(cat "$__object/parameter/uri")"
if [ -d "$keydir" ]; then
cat << EOF
curl -s -L \\
-o "$keyfile" \\
"$uri"
key="\$( cat "$keyfile" )"
if echo "\$key" | grep -Fq 'BEGIN PGP PUBLIC KEY BLOCK'
then
echo "\$key" | gpg --dearmor > "$keyfile"
fi
EOF
else
# fallback to deprecated apt-key
echo "curl -s -L '$uri' | apt-key add -"
# Using __download or __file as key source
# Propagate messages if needed
if [ "${method}" = "uri" ] || [ "${method}" = "source" ]; then
if grep -Eq "^__(file|download)$keyfile" "$__messages_in"; then
echo "added '$keyid'" >> "$__messages_out"
fi
elif [ -d "$keydir" ]; then
exit 0
elif [ "${state_is}" = "present" ]; then
exit 0
fi
# Using key servers to fetch the key
if [ ! -f "$__object/parameter/use-deprecated-apt-key" ]; then
# we need to kill gpg after 30 seconds, because gpg
# can get stuck if keyserver is not responding.
# exporting env var and not exit 1,
@ -100,13 +84,16 @@ EOF
echo "added '$keyid'" >> "$__messages_out"
;;
absent)
if [ -f "$keyfile" ]; then
echo "rm '$keyfile'"
else
# Removal for keys added from a keyserver without this flag
# is done in the manifest
if [ "$state_is" != "absent" ] && \
[ -f "$__object/parameter/use-deprecated-apt-key" ]; then
# fallback to deprecated apt-key
echo "apt-key del \"$keyid\""
echo "removed '$keyid'" >> "$__messages_out"
# Propagate messages if needed
elif grep -Eq "^__file$keyfile" "$__messages_in"; then
echo "removed '$keyid'" >> "$__messages_out"
fi
echo "removed '$keyid'" >> "$__messages_out"
;;
esac

View file

@ -10,6 +10,14 @@ DESCRIPTION
-----------
Manages the list of keys used by apt to authenticate packages.
This is done by placing the requested key in a file named
``$__object_id.gpg`` in the ``keydir`` directory.
This is supported by modern releases of Debian-based distributions.
In order of preference, exactly one of: ``source``, ``uri`` or ``keyid``
must be specified.
REQUIRED PARAMETERS
-------------------
@ -18,21 +26,49 @@ None.
OPTIONAL PARAMETERS
-------------------
keydir
keyring directory, defaults to ``/etc/apt/trusted.pgp.d``, which is
enabled system-wide by default.
source
path to a file containing the GPG key of the repository.
Using this is recommended as it ensures that the manifest/type manintainer
has validated the key.
If ``-``, the GPG key is read from the type's stdin.
state
'present' or 'absent'. Defaults to 'present'
uri
the URI from which to download the key.
It is highly recommended that you only use protocols with TLS like HTTPS.
This uses ``__download`` but does not use checksums, if you want to ensure
that the key doesn't change, you are better off downloading it and using
``--source``.
DEPRECATED OPTIONAL PARAMETERS
------------------------------
keyid
the id of the key to add. Defaults to __object_id
the id of the key to download from the ``keyserver``.
This is to be used in absence of ``--source`` and ``--uri`` or together
with ``--use-deprecated-apt-key`` for key removal.
Defaults to ``$__object_id``.
keyserver
the keyserver from which to fetch the key. If omitted the default set
in ./parameter/default/keyserver is used.
the keyserver from which to fetch the key.
Defaults to ``pool.sks-keyservers.net``.
keydir
key save location, defaults to ``/etc/apt/trusted.pgp.d``
uri
the URI from which to download the key
DEPRECATED BOOLEAN PARAMETERS
-----------------------------
use-deprecated-apt-key
``apt-key(8)`` will last be available in Debian 11 and Ubuntu 22.04.
You can use this parameter to force usage of ``apt-key(8)``.
Please only use this parameter to *remove* keys from the keyring,
in order to prepare for removal of ``apt-key``.
Adding keys should be done without this parameter.
This parameter will be removed when Debian 11 stops being supported.
EXAMPLES
@ -40,33 +76,39 @@ EXAMPLES
.. code-block:: sh
# Add Ubuntu Archive Automatic Signing Key
__apt_key 437D05B5
# Same thing
__apt_key 437D05B5 --state present
# Get rid of it
__apt_key 437D05B5 --state absent
# add a key that has been verified by a type maintainer
__apt_key jitsi_meet_2021 \
--source cdist-contrib/type/__jitsi_meet/files/apt_2021.gpg
# same thing with human readable name and explicit keyid
__apt_key UbuntuArchiveKey --keyid 437D05B5
# remove an old, deprecated or expired key
__apt_key jitsi_meet_2016 --state absent
# same thing with other keyserver
__apt_key UbuntuArchiveKey --keyid 437D05B5 --keyserver keyserver.ubuntu.com
# Get rid of a key that might have been added to
# /etc/apt/trusted.gpg with apt-key
__apt_key 0x40976EAF437D05B5 --use-deprecated-apt-key --state absent
# download key from the internet
__apt_key rabbitmq \
--uri http://www.rabbitmq.com/rabbitmq-signing-key-public.asc
# add a key that we define in-line
__apt_key jitsi_meet_2021 --source '-' <<EOF
-----BEGIN PGP PUBLIC KEY BLOCK-----
[...]
-----END PGP PUBLIC KEY BLOCK-----
EOF
# download or update key from the internet
__apt_key rabbitmq_2007 \
--uri https://www.rabbitmq.com/rabbitmq-signing-key-public.asc
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
Ander Punnar <ander-at-kvlt-dot-ee>
Evilham <contact~~@~~evilham.com>
COPYING
-------
Copyright \(C) 2011-2019 Steven Armstrong and Ander Punnar. You can
Copyright \(C) 2011-2021 Steven Armstrong, Ander Punnar and Evilham. You can
redistribute it and/or modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -2,7 +2,105 @@
__package gnupg
if [ -f "$__object/parameter/uri" ]
then __package curl
else __package dirmngr
state_should="$(cat "${__object}/parameter/state")"
incompatible_args()
{
cat >> /dev/stderr <<-EOF
This type does not support --${1} and --${method} simultaneously.
EOF
exit 1
}
if [ -f "${__object}/parameter/source" ]; then
method="source"
src="$(cat "${__object}/parameter/source")"
if [ "${src}" = "-" ]; then
src="${__object}/stdin"
fi
fi
if [ -f "${__object}/parameter/uri" ]; then
if [ -n "${method}" ]; then
incompatible_args uri
fi
method="uri"
src="$(cat "${__object}/parameter/uri")"
fi
if [ -f "${__object}/parameter/keyid" ]; then
if [ -n "${method}" ]; then
incompatible_args keyid
fi
method="keyid"
fi
# Keep old default
if [ -z "${method}" ]; then
method="keyid"
fi
# Save this for later in gencode-remote
echo "${method}" > "${__object}/key_method"
# Required remotely (most likely already installed)
__package dirmngr
# We need this in case a key has to be dearmor'd
__package gnupg
export require="__package/gnupg"
if [ -f "${__object}/parameter/use-deprecated-apt-key" ]; then
# This is required if apt-key(8) is to be used
if [ "${method}" = "source" ] || [ "${method}" = "uri" ]; then
incompatible_args use-deprecated-apt-key
fi
else
if [ "${state_should}" = "absent" ] && \
[ -f "${__object}/parameter/keyid" ]; then
cat >> /dev/stderr <<EOF
You can't reliably remove by keyid without --use-deprecated-apt-key.
This would very likely do something you do not intend.
EOF
exit 1
fi
fi
keydir="$(cat "${__object}/parameter/keydir")"
keyfile="${keydir}/${__object_id}.gpg"
keyfilecdist="${keyfile}.cdist"
if [ "${state_should}" != "absent" ]; then
# Ensure keydir exists
__directory "${keydir}" --state exists --mode 0755
fi
if [ "${state_should}" = "absent" ]; then
__file "${keyfile}" --state "absent"
__file "${keyfilecdist}" --state "absent"
elif [ "${method}" = "source" ] || [ "${method}" = "uri" ]; then
dearmor="$(cat <<-EOF
if [ '${state_should}' = 'present' ]; then
# Dearmor if necessary
if grep -Fq 'BEGIN PGP PUBLIC KEY BLOCK' '${keyfilecdist}'; then
gpg --dearmor < '${keyfilecdist}' > '${keyfile}'
else
cp '${keyfilecdist}' '${keyfile}'
fi
# Ensure permissions
chown root '${keyfile}'
chmod 0444 '${keyfile}'
fi
EOF
)"
if [ "${method}" = "uri" ]; then
__download "${keyfilecdist}" \
--url "${src}" \
--onchange "${dearmor}"
require="__download${keyfilecdist}" \
__file "${keyfile}" \
--owner root \
--mode 0444 \
--state pre-exists
else
__file "${keyfilecdist}" --state "${state_should}" \
--mode 0444 \
--source "${src}" \
--onchange "${dearmor}"
fi
fi

View file

@ -0,0 +1 @@
use-deprecated-apt-key

View file

@ -0,0 +1,3 @@
apt-key(8) will last be available in Debian 11 and Ubuntu 22.04.
Use this flag *only* to migrate to placing a keyring directly in the
/etc/apt/trusted.gpg.d/ directory with a descriptive name.

View file

@ -1,5 +1,6 @@
state
keydir
keyid
keyserver
keydir
source
state
uri

View file

@ -0,0 +1 @@
Please migrate to using __apt_key key_id --uri URI.

View file

@ -24,4 +24,4 @@ else
name="$__object_id"
fi
apt-mark showhold | grep -Fq "$name" && echo hold || echo unhold
apt-mark showhold | grep -q "^${name}$" && echo hold || echo unhold

View file

@ -32,11 +32,12 @@ EXAMPLES
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2014 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
Copyright \(C) 2014 Steven Armstrong, 2020 Dennis Camera.
You can redistribute it and/or modify it under the terms of the GNU General
Public License as published by the Free Software Foundation, either version 3 of
the License, or (at your option) any later version.

View file

@ -1,6 +1,7 @@
#!/bin/sh -e
#
# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -19,26 +20,28 @@
#
os=$(cat "$__global/explorer/os")
os=$(cat "${__global:?}/explorer/os")
case "$os" in
ubuntu|debian|devuan)
# No stinking recommends thank you very much.
# If I want something installed I will do so myself.
__file /etc/apt/apt.conf.d/99-no-recommends \
--owner root --group root --mode 644 \
--source - << DONE
APT::Install-Recommends "0";
APT::Install-Suggests "0";
APT::AutoRemove::RecommendsImportant "0";
APT::AutoRemove::SuggestsImportant "0";
DONE
;;
*)
cat >&2 << DONE
case ${os}
in
(ubuntu|debian|devuan)
__file /etc/apt/apt.conf.d/00InstallRecommends --state present \
--owner root --group root --mode 0644 --source - <<-'EOF'
APT::Install-Recommends "false";
APT::Install-Suggests "false";
APT::AutoRemove::RecommendsImportant "false";
APT::AutoRemove::SuggestsImportant "false";
EOF
# TODO: Remove the following object after some time
require=__file/etc/apt/apt.conf.d/00InstallRecommends \
__file /etc/apt/apt.conf.d/99-no-recommends --state absent
;;
(*)
cat >&2 <<EOF
The developer of this type (${__type##*/}) did not think your operating system
($os) would have any use for it. If you think otherwise please submit a patch.
DONE
exit 1
;;
EOF
exit 1
;;
esac

View file

@ -0,0 +1,79 @@
cdist-type__apt_pin(7)
======================
NAME
----
cdist-type__apt_pin - Manage apt pinning rules
DESCRIPTION
-----------
Adds/removes/edits rules to pin some packages to a specific distribution. Useful if using multiple debian repositories at the same time. (Useful, if one wants to use a few specific packages from backports or perhaps Debain testing... or even sid.)
REQUIRED PARAMETERS
-------------------
distribution
Specifies what distribution the package should be pinned to. Accepts both codenames (buster/bullseye/sid) and suite names (stable/testing/...).
OPTIONAL PARAMETERS
-------------------
package
Package name, glob or regular expression to match (multiple) packages. If not specified `__object_id` is used.
priority
The priority value to assign to matching packages. Deafults to 500. (To match the default target distro's priority)
state
Will be passed to underlying `__file` type; see there for valid values and defaults.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Add the bullseye repo to buster, but do not install any packages by default,
# only if explicitely asked for (-1 means "never" for apt)
__apt_pin bullseye-default \
--package "*" \
--distribution bullseye \
--priority -1
require="__apt_pin/bullseye-default" __apt_source bullseye \
--uri http://deb.debian.org/debian/ \
--distribution bullseye \
--component main
__apt_pin foo --package "foo foo-*" --distribution bullseye
__foo # Assuming, this installs the `foo` package internally
__package foo-plugin-extras # Assuming we also need some extra stuff
SEE ALSO
--------
:strong:`apt_preferences`\ (5)
:strong:`cdist-type__apt_source`\ (7)
:strong:`cdist-type__apt_backports`\ (7)
:strong:`cdist-type__file`\ (7)
AUTHORS
-------
Daniel Fancsali <fancsali@gmail.com>
COPYING
-------
Copyright \(C) 2021 Daniel Fancsali. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,68 @@
#!/bin/sh -e
#
# 2021 Daniel Fancsali (fancsali@gmail.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
name="$__object_id"
os=$(cat "$__global/explorer/os")
state="$(cat "$__object/parameter/state")"
if [ -f "$__object/parameter/package" ]; then
package="$(cat "$__object/parameter/package")"
else
package=$name
fi
distribution="$(cat "$__object/parameter/distribution")"
priority="$(cat "$__object/parameter/priority")"
case "$os" in
debian|ubuntu|devuan)
;;
*)
printf "This type is specific to Debian and it's derivatives" >&2
exit 1
;;
esac
case $distribution in
stable|testing|unstable|experimental)
pin="release a=$distribution"
;;
*)
pin="release n=$distribution"
;;
esac
__file "/etc/apt/preferences.d/$name" \
--owner root --group root --mode 0644 \
--state "$state" \
--source - << EOF
# Created by cdist ${__type##*/}
# Do not change. Changes will be overwritten.
#
# $name
Package: $package
Pin: $pin
Pin-Priority: $priority
EOF

View file

View file

@ -0,0 +1 @@
500

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1,3 @@
state
package
priority

View file

@ -0,0 +1 @@
distribution

View file

@ -1,55 +0,0 @@
#!/usr/bin/env python
#
# Remove the given apt repository.
#
# Exit with:
# 0: if it worked
# 1: if not
# 2: on other error
import os
import sys
from aptsources import distro, sourceslist
from softwareproperties import ppa
from softwareproperties.SoftwareProperties import SoftwareProperties
def remove_if_empty(file_name):
with open(file_name, 'r') as f:
if f.read().strip():
return
os.unlink(file_name)
def remove_repository(repository):
#print 'repository:', repository
codename = distro.get_distro().codename
#print 'codename:', codename
(line, file) = ppa.expand_ppa_line(repository.strip(), codename)
#print 'line:', line
#print 'file:', file
deb_source_entry = sourceslist.SourceEntry(line, file)
src_source_entry = sourceslist.SourceEntry('deb-src{}'.format(line[3:]), file)
try:
sp = SoftwareProperties()
sp.remove_source(deb_source_entry)
try:
# If there's a deb-src entry, remove that too
sp.remove_source(src_source_entry)
except:
pass
remove_if_empty(file)
return True
except ValueError:
print >> sys.stderr, "Error: '%s' doesn't exists in a sourcelist file" % line
return False
if __name__ == '__main__':
if (len(sys.argv) != 2):
print >> sys.stderr, 'Error: need a repository as argument'
sys.exit(2)
repository = sys.argv[1]
if remove_repository(repository):
sys.exit(0)
else:
sys.exit(1)

View file

@ -29,9 +29,9 @@ fi
case "$state_should" in
present)
echo "add-apt-repository '$name'"
echo "add-apt-repository -y '$name'"
;;
absent)
echo "remove-apt-repository '$name'"
echo "add-apt-repository -r -y '$name'"
;;
esac

View file

@ -20,9 +20,4 @@
__package software-properties-common
require="__package/software-properties-common" \
__file /usr/local/bin/remove-apt-repository \
--source "$__type/files/remove-apt-repository" \
--mode 0755
require="$__object_name" __apt_update_index

View file

@ -2,13 +2,14 @@
set -u
entry="$uri $distribution $component"
cat << DONE
# Created by cdist ${__type##*/}
# Do not change. Changes will be overwritten.
#
# $name
deb ${forcedarch} $entry
deb ${options} $entry
DONE
if [ -f "$__object/parameter/include-src" ]; then
echo "deb-src $entry"

View file

@ -22,7 +22,21 @@
name="$__object_id"
destination="/etc/apt/sources.list.d/${name}.list"
# There are special arguments to apt(8) to prevent aborts if apt woudn't been
# updated after the 19th April 2021 till the bullseye release. The additional
# arguments acknoledge the happend suite change (the apt(8) update does the
# same by itself).
#
# Using '-o $config' instead of the --allow-releaseinfo-change-* parameter
# allows backward compatablility to pre-buster Debian versions.
#
# See more: ticket #861
# https://code.ungleich.ch/ungleich-public/cdist/-/issues/861
apt_opts="-o Acquire::AllowReleaseInfoChange::Suite=true -o Acquire::AllowReleaseInfoChange::Version=true"
# run 'apt-get update' only if something changed with our sources.list file
# it will be run a second time on error as a redundancy messure to success
if grep -q "^__file${destination}" "$__messages_in"; then
printf 'apt-get update || apt-get update\n'
printf 'apt-get %s update || apt-get %s update\n' "$apt_opts" "$apt_opts"
fi

View file

@ -23,6 +23,9 @@ OPTIONAL PARAMETERS
arch
set this if you need to force and specific arch (ubuntu specific)
signed-by
provide a GPG key fingerprint or keyring path for signature checks
state
'present' or 'absent', defaults to 'present'
@ -56,6 +59,11 @@ EXAMPLES
--uri http://archive.canonical.com/ \
--component partner --state present
__apt_source goaccess \
--uri http://deb.goaccess.io/ \
--component main \
--signed-by C03B48887D5E56B046715D3297BD1A0133449C3D
AUTHORS
-------

View file

@ -21,6 +21,7 @@
name="$__object_id"
state="$(cat "$__object/parameter/state")"
uri="$(cat "$__object/parameter/uri")"
options=""
if [ -f "$__object/parameter/distribution" ]; then
distribution="$(cat "$__object/parameter/distribution")"
@ -31,9 +32,15 @@ fi
component="$(cat "$__object/parameter/component")"
if [ -f "$__object/parameter/arch" ]; then
forcedarch="[arch=$(cat "$__object/parameter/arch")]"
else
forcedarch=""
options="arch=$(cat "$__object/parameter/arch")"
fi
if [ -f "$__object/parameter/signed-by" ]; then
options="$options signed-by=$(cat "$__object/parameter/signed-by")"
fi
if [ "$options" ]; then
options="[$options]"
fi
# export variables for use in template
@ -41,7 +48,7 @@ export name
export uri
export distribution
export component
export forcedarch
export options
# generate file from template
mkdir "$__object/files"

View file

@ -1,4 +1,5 @@
state
distribution
component
arch
arch
signed-by

View file

@ -18,9 +18,23 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# There are special arguments to apt(8) to prevent aborts if apt woudn't been
# updated after the 19th April 2021 till the bullseye release. The additional
# arguments acknoledge the happend suite change (the apt(8) update does the
# same by itself).
#
# Using '-o $config' instead of the --allow-releaseinfo-change-* parameter
# allows backward compatablility to pre-buster Debian versions.
#
# See more: ticket #861
# https://code.ungleich.ch/ungleich-public/cdist/-/issues/861
apt_opts="-o Acquire::AllowReleaseInfoChange::Suite=true -o Acquire::AllowReleaseInfoChange::Version=true"
# run 'apt-get update' if anything in /etc/apt is newer then /var/lib/apt/lists
# it will be run a second time on error as a redundancy messure to success
cat << DONE
if find /etc/apt -mindepth 1 -cnewer /var/lib/apt/lists | grep . > /dev/null; then
apt-get update || apt-get update
apt-get $apt_opts update || apt-get $apt_opts update
fi
DONE

View file

@ -46,28 +46,29 @@ fi
remove_block() {
cat << DONE
tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
tmpfile=\$(mktemp ${quoted_file}.cdist.XXXXXXXXXX)
# preserve ownership and permissions of existing file
if [ -f "$file" ]; then
cp -p "$file" "\$tmpfile"
if [ -f $quoted_file ]; then
cp -p $quoted_file "\$tmpfile"
fi
awk -v prefix=^$(quote "$prefix")\$ -v suffix=^$(quote "$suffix")\$ '
awk -v prefix=$(quote "$prefix") -v suffix=$(quote "$suffix") '
{
if (match(\$0,prefix)) {
if (\$0 == prefix) {
triggered=1
}
if (triggered) {
if (match(\$0,suffix)) {
if (\$0 == suffix) {
triggered=0
}
} else {
print
}
}' "$file" > "\$tmpfile"
mv -f "\$tmpfile" "$file"
}' $quoted_file > "\$tmpfile"
mv -f "\$tmpfile" $quoted_file
DONE
}
quoted_file="$(quote "$file")"
case "$state_should" in
present)
if [ "$state_is" = "changed" ]; then
@ -77,7 +78,7 @@ case "$state_should" in
echo add >> "$__messages_out"
fi
cat << DONE
cat >> "$file" << ${__type##*/}_DONE
cat >> $quoted_file << '${__type##*/}_DONE'
$(cat "$block")
${__type##*/}_DONE
DONE

View file

@ -37,6 +37,7 @@ source="$(cat "$__object/parameter/source")"
# out of it
home=/home/$username
# shellcheck disable=SC2086
__user "$username" --home "$home" $shell
require="__user/$username" __directory "$home" \

View file

@ -18,7 +18,12 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
path="/$__object_id"
if [ -f "$__object/parameter/path" ]
then
path="$( cat "$__object/parameter/path" )"
else
path="/$__object_id"
fi
[ ! -d "$path" ] && exit 0

View file

@ -20,7 +20,12 @@
[ ! -s "$__object/explorer/list" ] && exit 0
path="/$__object_id"
if [ -f "$__object/parameter/path" ]
then
path="$( cat "$__object/parameter/path" )"
else
path="/$__object_id"
fi
pattern="$( cat "$__object/parameter/pattern" )"

View file

@ -10,7 +10,7 @@ DESCRIPTION
-----------
Remove files and directories which match the pattern.
Provided path (as __object_id) must be a directory.
Provided path must be a directory.
Patterns are passed to ``find``'s ``-regex`` - see ``find(1)`` for more details.
@ -29,6 +29,9 @@ pattern
OPTIONAL PARAMETERS
-------------------
path
Path which will be cleaned. Defaults to ``$__object_id``.
exclude
Pattern of files which are excluded from removal.
@ -46,6 +49,11 @@ EXAMPLES
--exclude '.+\(charset\.conf\|security\.conf\)' \
--onchange 'service apache2 restart'
__clean_path apache2-conf-enabled \
--path /etc/apache2/conf-enabled \
--pattern '.+' \
--exclude '.+\(charset\.conf\|security\.conf\)' \
--onchange 'service apache2 restart'
AUTHORS
-------

View file

@ -1,2 +1,3 @@
exclude
onchange
path

View file

@ -21,6 +21,11 @@ command
OPTIONAL PARAMETERS
-------------------
**NOTE**: All time-related parameters (``--minute``, ``--hour``, ``--day_of_month``
``--month`` and ``--day_of_week``) defaults to ``*``, which means to execute it
**always**. If you set ``--hour 0`` to execute the cronjob only at midnight, it
will execute **every** minute in the first hour of the morning all days.
state
Either present or absent. Defaults to present.
minute

View file

@ -0,0 +1,142 @@
#!/bin/sh -e
#
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Determine current debconf selections' state.
# Prints one of:
# present: all selections are already set as they should.
# different: one or more of the selections have a different value.
# absent: one or more of the selections are not (currently) defined.
#
test -x /usr/bin/perl || {
# cannot find perl (no perl ~ no debconf)
echo 'absent'
exit 0
}
linesfile="${__object:?}/parameter/line"
test -s "${linesfile}" || {
if test -s "${__object:?}/parameter/file"
then
echo absent
else
echo present
fi
exit 0
}
# assert __type_explorer is set (because it is used by the Perl script)
: "${__type_explorer:?}"
/usr/bin/perl -- - "${linesfile}" <<'EOF'
use strict;
use warnings "all";
use Fcntl qw(:DEFAULT :flock);
use Debconf::Db;
use Debconf::Question;
# Extract @known... arrays from debconf-set-selections
# These values are required to distinguish flags and values in the given lines.
# DC: I couldn't think of a more ugly solution to the problem…
my @knownflags;
my @knowntypes;
my $debconf_set_selections = '/usr/bin/debconf-set-selections';
if (-e $debconf_set_selections) {
my $sed_known = 's/^my \(@known\(flags\|types\) = qw([a-z ]*);\).*$/\1/p';
eval `sed -n '$sed_known' '$debconf_set_selections'`;
}
sub mungeline ($) {
my $line = shift;
chomp $line;
$line =~ s/\r$//;
return $line;
}
sub fatal { printf STDERR @_; exit 1; }
my $state = 'present';
sub state {
my $new = shift;
if ($state eq 'present'
or ($state eq 'different' and $new eq 'absent')) {
$state = $new;
}
}
# Load Debconf DB but manually lock on the state explorer script,
# because Debconf aborts immediately if executed concurrently.
# This is not really an ideal solution because the Debconf DB could be locked by
# another process (e.g. apt-get), but no way to achieve this could be found.
# If you know how to, please provide a patch.
my $lockfile = "%ENV{'__type_explorer'}/state";
if (open my $lock_fh, '+<', $lockfile) {
flock $lock_fh, LOCK_EX or die "Cannot lock $lockfile";
}
{
Debconf::Db->load(readonly => 'true');
}
while (<>) {
# Read and process lines (taken from debconf-set-selections)
$_ = mungeline($_);
while (/\\$/ && ! eof) {
s/\\$//;
$_ .= mungeline(<>);
}
next if /^\s*$/ || /^\s*\#/;
my ($owner, $label, $type, $content) = /^\s*(\S+)\s+(\S+)\s+(\S+)(?:\s(.*))?/
or fatal "invalid line: %s\n", $_;
$content = '' unless defined $content;
# Compare is and should state
my $q = Debconf::Question->get($label);
unless (defined $q) {
# probably a preseed
state 'absent';
next;
}
if (grep { $_ eq $q->type } @knownflags) {
# This line wants to set a flag, presumably.
if ($q->flag($q->type) ne $content) {
state 'different';
}
} else {
# Otherwise, it's probably a value…
if ($q->value ne $content) {
state 'different';
}
unless (grep { $_ eq $owner } (split /, /, $q->owners)) {
state 'different';
}
}
}
printf "%s\n", $state;
EOF

View file

@ -1,6 +1,7 @@
#!/bin/sh -e
#
# 2011-2014 Nico Schottelius (nico-cdist at schottelius.org)
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -17,16 +18,37 @@
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Setup selections
#
filename="$(cat "$__object/parameter/file")"
if [ "$filename" = "-" ]; then
filename="$__object/stdin"
if test -f "${__object:?}/parameter/line"
then
filename="${__object:?}/parameter/line"
elif test -s "${__object:?}/parameter/file"
then
filename=$(cat "${__object:?}/parameter/file")
if test "${filename}" = '-'
then
filename="${__object:?}/stdin"
fi
else
printf 'Neither --line nor --file set.\n' >&2
exit 1
fi
echo "debconf-set-selections << __file-eof"
cat "$filename"
echo "__file-eof"
# setting no lines makes no sense
test -s "${filename}" || exit 0
state_is=$(cat "${__object:?}/explorer/state")
if test "${state_is}" != 'present'
then
cat <<-CODE
debconf-set-selections <<'EOF'
$(cat "${filename}")
EOF
CODE
awk '
{
printf "set %s %s %s %s\n", $1, $2, $3, $4
}' "${filename}" >>"${__messages_out:?}"
fi

View file

@ -8,15 +8,33 @@ cdist-type__debconf_set_selections - Setup debconf selections
DESCRIPTION
-----------
On Debian and alike systems debconf-set-selections(1) can be used
On Debian and alike systems :strong:`debconf-set-selections`\ (1) can be used
to setup configuration parameters.
REQUIRED PARAMETERS
-------------------
cf. ``--line``.
OPTIONAL PARAMETERS
-------------------
file
Use the given filename as input for debconf-set-selections(1)
If filename is "-", read from stdin.
Use the given filename as input for :strong:`debconf-set-selections`\ (1)
If filename is ``-``, read from stdin.
**This parameter is deprecated, because it doesn't work with state detection.**
line
A line in :strong:`debconf-set-selections`\ (1) compatible format.
This parameter can be used multiple times to set multiple options.
(This parameter is actually required, but marked optional because the
deprecated ``--file`` is still accepted.)
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
@ -24,30 +42,29 @@ EXAMPLES
.. code-block:: sh
# Setup configuration for nslcd
__debconf_set_selections nslcd --file /path/to/file
# Setup gitolite's gituser
__debconf_set_selections nslcd --line 'gitolite gitolite/gituser string git'
# Setup configuration for nslcd from another type
__debconf_set_selections nslcd --file "$__type/files/preseed/nslcd"
__debconf_set_selections nslcd --file - << eof
gitolite gitolite/gituser string git
eof
# Setup configuration for nslcd from a file.
# NB: Multiple lines can be passed to --line, although this can be considered a hack.
__debconf_set_selections nslcd --line "$(cat "${__files:?}/preseed/nslcd.debconf")"
SEE ALSO
--------
:strong:`debconf-set-selections`\ (1), :strong:`cdist-type__update_alternatives`\ (7)
- :strong:`cdist-type__update_alternatives`\ (7)
- :strong:`debconf-set-selections`\ (1)
AUTHORS
-------
Nico Schottelius <nico-cdist--@--schottelius.org>
| Nico Schottelius <nico-cdist--@--schottelius.org>
| Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2011-2014 Nico Schottelius. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
Copyright \(C) 2011-2014 Nico Schottelius, 2021 Dennis Camera.
You can redistribute it and/or modify it under the terms of the GNU General
Public License as published by the Free Software Foundation, either version 3 of
the License, or (at your option) any later version.

View file

@ -0,0 +1,21 @@
#!/bin/sh -e
#
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
__package_apt debconf

View file

@ -0,0 +1 @@
'file' has been deprecated in favour of 'line' in order to provide idempotency.

View file

@ -30,10 +30,10 @@ fallback() {
gid=$(echo "$ls_line" | awk '{ print $4 }')
owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd)
group=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group)
group=$(awk -F: -v gid="$gid" '$3 == gid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group)
mode_text=$(echo "$ls_line" | awk '{ print $1 }')
mode=$(echo "$mode_text" | awk '{ k=0; for (i=0; i<=8; i++) k += ((substr($1, i+2, 1) ~ /[rwx]/) * 2^(8-i)); printf("%0o", k) }')
mode=$(echo "$mode_text" | awk '{for(i=8;i>=0;--i){c=substr($1,10-i,1);k+=((c~/[rwxst]/)*2^i);if(!(i%3))k+=(tolower(c)~/[lst]/)*2^(9+i/3)}printf("%04o",k)}')
printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\n' \
"$("$__type_explorer/type")" \
@ -45,56 +45,27 @@ fallback() {
# nothing to work with, nothing we could do
[ -e "$destination" ] || exit 0
if ! command -v stat >/dev/null
then
command -v stat >/dev/null 2>&1 || {
fallback
exit
fi
}
case $("$__explorer/os") in
"freebsd"|"netbsd"|"openbsd"|"macosx")
stat -f "type: %HT
case $("$__explorer/os")
in
freebsd|netbsd|openbsd|macosx)
stat -f 'type: %HT
owner: %Du %Su
group: %Dg %Sg
mode: %Lp %Sp
" "$destination" | awk '/^type/ { print tolower($0); next } { print }'
mode: %Mp%03Lp %Sp
' "$destination" | awk '/^type/ { print tolower($0); next } { print }'
;;
solaris)
ls1="$( ls -ld "$destination" )"
ls2="$( ls -ldn "$destination" )"
if [ -f "$__object/parameter/mode" ]
then mode_should="$( cat "$__object/parameter/mode" )"
fi
# yes, it is ugly hack, but if you know better way...
if [ -z "$( find "$destination" -perm "$mode_should" )" ]
then octets=888
else octets="$( echo "$mode_should" | sed 's/^0//' )"
fi
case "$( echo "$ls1" | cut -c1-1 )" in
-) echo 'type: regular file' ;;
d) echo 'type: directory' ;;
esac
echo "owner: $( echo "$ls2" \
| awk '{print $3}' ) $( echo "$ls1" \
| awk '{print $3}' )"
echo "group: $( echo "$ls2" \
| awk '{print $4}' ) $( echo "$ls1" \
| awk '{print $4}' )"
echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )"
;;
*)
# NOTE: Do not use --printf here as it is not supported by BusyBox stat.
# NOTE: BusyBox's stat might not support the "-c" option, in which case
# we fall through to the shell fallback.
stat -c "type: %F
stat -c 'type: %F
owner: %u %U
group: %g %G
mode: %a %A" "$destination" 2>/dev/null || fallback
;;
mode: %04a %A' "$destination" 2>/dev/null || fallback
;;
esac

View file

@ -97,9 +97,11 @@ case "$state_should" in
value_should="$(cat "$__object/parameter/$attribute")"
value_is="$(get_current_value "$attribute" "$value_should")"
# change 0xxx format to xxx format => same as stat returns
# format mode in four digits => same as stat returns
if [ "$attribute" = mode ]; then
value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')"
# Convert to four-digit octal number (printf interprets
# strings with leading 0s as octal!)
value_should=$(printf '%04o' "0${value_should}")
fi
if [ "$set_attributes" = 1 ] || [ "$value_should" != "$value_is" ]; then

View file

@ -25,6 +25,9 @@ user
OPTIONAL PARAMETERS
-------------------
dirmode
forwarded to :strong:`__directory` type as mode
mode
forwarded to :strong:`__file` type
@ -34,6 +37,12 @@ state
source
forwarded to :strong:`__file` type
file
forwarded to :strong:`__file` type
This can be used if multiple users need to have a dotfile updated,
which will result in duplicate object id errors. When using the
file parameter the object id can be some unique value.
MESSAGES
--------
@ -58,6 +67,15 @@ EXAMPLES
# Install default xmonad config for user 'eve'. Parent directory is created automatically.
__dot_file .xmonad/xmonad.hs --user eve --state exists --source "$__files/xmonad.hs"
# install .vimrc for root and some users
for user in root userx usery userz; do
__dot_file "${user}_dot_vimrc" \
--user $user \
--file .vimrc \
--state exists \
--source "$__files/$user/.vimrc"
done
SEE ALSO
--------

View file

@ -19,13 +19,20 @@ set -eu
user="$(cat "${__object}/parameter/user")"
home="$(cat "${__object}/explorer/home")"
primary_group="$(cat "${__object}/explorer/primary_group")"
dirmode="$(cat "${__object}/parameter/dirmode")"
if [ -f "${__object}/parameter/file" ]; then
file="$(cat "${__object}/parameter/file")"
else
file="${__object_id}"
fi
# Create parent directory. Type __directory has flag 'parents', but it
# will leave us with root-owned directory in user home, which is not
# acceptable. So we create parent directories one-by-one. XXX: maybe
# it should be fixed in '__directory'?
set --
subpath=${__object_id}
subpath=${file}
while subpath="$(dirname "${subpath}")" ; do
[ "${subpath}" = . ] && break
set -- "${subpath}" "$@"
@ -36,6 +43,7 @@ export CDIST_ORDER_DEPENDENCY
for dir ; do
__directory "${home}/${dir}" \
--group "${primary_group}" \
--mode "${dirmode}" \
--owner "${user}"
done
@ -62,4 +70,4 @@ if [ "${source}" = "-" ] ; then
fi
unset source
__file "${home}/${__object_id}" --owner "$user" --group "$primary_group" "$@"
__file "${home}/${file}" --owner "$user" --group "$primary_group" "$@"

View file

@ -0,0 +1 @@
0700

View file

@ -1,3 +1,4 @@
state
mode
source
dirmode

View file

@ -0,0 +1,16 @@
#!/bin/sh -e
if [ -f "$__object/parameter/cmd-get" ]
then
cat "$__object/parameter/cmd-get"
elif
command -v curl > /dev/null
then
echo "curl -sSL -o - '%s'"
elif
command -v fetch > /dev/null
then
echo "fetch -o - '%s'"
else
echo "wget -O - '%s'"
fi

View file

@ -0,0 +1,82 @@
#!/bin/sh -e
if [ ! -f "$__object/parameter/sum" ]
then
exit 0
fi
if [ -f "$__object/parameter/cmd-sum" ]
then
cat "$__object/parameter/cmd-sum"
exit 0
fi
sum_should="$( cat "$__object/parameter/sum" )"
if echo "$sum_should" | grep -Fq ':'
then
sum_hash="$( echo "$sum_should" | cut -d : -f 1 )"
else
if echo "$sum_should" | grep -Eq '^[0-9]+\s[0-9]+$'
then
sum_hash='cksum'
elif
echo "$sum_should" | grep -Eiq '^[a-f0-9]{32}$'
then
sum_hash='md5'
elif
echo "$sum_should" | grep -Eiq '^[a-f0-9]{40}$'
then
sum_hash='sha1'
elif
echo "$sum_should" | grep -Eiq '^[a-f0-9]{64}$'
then
sum_hash='sha256'
else
echo 'hash format detection failed' >&2
exit 1
fi
fi
os="$( "$__explorer/os" )"
case "$sum_hash" in
cksum)
echo "cksum %s | awk '{print \$1\" \"\$2}'"
;;
md5)
case "$os" in
freebsd)
echo "md5 -q %s"
;;
*)
echo "md5sum %s | awk '{print \$1}'"
;;
esac
;;
sha1)
case "$os" in
freebsd)
echo "sha1 -q %s"
;;
*)
echo "sha1sum %s | awk '{print \$1}'"
;;
esac
;;
sha256)
case "$os" in
freebsd)
echo "sha256 -q %s"
;;
*)
echo "sha256sum %s | awk '{print \$1}'"
;;
esac
;;
*)
# we arrive here only if --sum is given with unknown format prefix
echo "unknown hash format: $sum_hash" >&2
exit 1
;;
esac

View file

@ -0,0 +1,45 @@
#!/bin/sh -e
if [ -f "$__object/parameter/destination" ]
then
dst="$( cat "$__object/parameter/destination" )"
else
dst="/$__object_id"
fi
if [ ! -f "$dst" ]
then
echo 'absent'
exit 0
fi
if [ ! -f "$__object/parameter/sum" ]
then
echo 'present'
exit 0
fi
sum_should="$( cat "$__object/parameter/sum" )"
if echo "$sum_should" | grep -Fq ':'
then
sum_should="$( echo "$sum_should" | cut -d : -f 2 )"
fi
sum_cmd="$( "$__type_explorer/remote_cmd_sum" )"
# shellcheck disable=SC2059
sum_is="$( eval "$( printf "$sum_cmd" "'$dst'" )" )"
if [ -z "$sum_is" ]
then
echo 'existing destination checksum failed' >&2
exit 1
fi
if [ "$sum_is" = "$sum_should" ]
then
echo 'present'
else
echo 'mismatch'
fi

View file

@ -0,0 +1,155 @@
#!/bin/sh -e
download="$( cat "$__object/parameter/download" )"
state_is="$( cat "$__object/explorer/state" )"
if [ "$download" != 'local' ] || [ "$state_is" = 'present' ]
then
exit 0
fi
url="$( cat "$__object/parameter/url" )"
if [ -f "$__object/parameter/destination" ]
then
dst="$( cat "$__object/parameter/destination" )"
else
dst="/$__object_id"
fi
if [ -f "$__object/parameter/cmd-get" ]
then
cmd="$( cat "$__object/parameter/cmd-get" )"
elif command -v curl > /dev/null
then
cmd="curl -sSL -o - '%s'"
elif command -v fetch > /dev/null
then
cmd="fetch -o - '%s'"
elif command -v wget > /dev/null
then
cmd="wget -O - '%s'"
else
echo 'local download failed, no usable utility' >&2
exit 1
fi
echo "download_tmp=\"\$( mktemp )\""
# shellcheck disable=SC2059
printf "$cmd > \"\$download_tmp\"\n" "$url"
if [ -f "$__object/parameter/sum" ]
then
sum_should="$( cat "$__object/parameter/sum" )"
if [ -f "$__object/parameter/cmd-sum" ]
then
local_cmd_sum="$( cat "$__object/parameter/cmd-sum" )"
else
if echo "$sum_should" | grep -Fq ':'
then
sum_hash="$( echo "$sum_should" | cut -d : -f 1 )"
sum_should="$( echo "$sum_should" | cut -d : -f 2 )"
else
if echo "$sum_should" | grep -Eq '^[0-9]+\s[0-9]+$'
then
sum_hash='cksum'
elif
echo "$sum_should" | grep -Eiq '^[a-f0-9]{32}$'
then
sum_hash='md5'
elif
echo "$sum_should" | grep -Eiq '^[a-f0-9]{40}$'
then
sum_hash='sha1'
elif
echo "$sum_should" | grep -Eiq '^[a-f0-9]{64}$'
then
sum_hash='sha256'
else
echo 'hash format detection failed' >&2
exit 1
fi
fi
case "$sum_hash" in
cksum)
local_cmd_sum="cksum %s | awk '{print \$1\" \"\$2}'"
;;
md5)
if command -v md5 > /dev/null
then
local_cmd_sum="md5 -q %s"
elif
command -v md5sum > /dev/null
then
local_cmd_sum="md5sum %s | awk '{print \$1}'"
fi
;;
sha1)
if command -v sha1 > /dev/null
then
local_cmd_sum="sha1 -q %s"
elif
command -v sha1sum > /dev/null
then
local_cmd_sum="sha1sum %s | awk '{print \$1}'"
fi
;;
sha256)
if command -v sha256 > /dev/null
then
local_cmd_sum="sha256 -q %s"
elif
command -v sha256sum > /dev/null
then
local_cmd_sum="sha256sum %s | awk '{print \$1}'"
fi
;;
*)
# we arrive here only if --sum is given with unknown format prefix
echo "unknown hash format: $sum_hash" >&2
exit 1
;;
esac
if [ -z "$local_cmd_sum" ]
then
echo 'local checksum verification failed, no usable utility' >&2
exit 1
fi
fi
# shellcheck disable=SC2059
echo "sum_is=\"\$( $( printf "$local_cmd_sum" "\"\$download_tmp\"" ) )\""
echo "if [ \"\$sum_is\" != '$sum_should' ]; then"
echo "echo 'local download checksum mismatch' >&2"
echo "rm -f \"\$download_tmp\""
echo 'exit 1; fi'
fi
if echo "$__target_host" | grep -Eq '^[0-9a-fA-F:]+$'
then
target_host="[$__target_host]"
else
target_host="$__target_host"
fi
# shellcheck disable=SC2016
printf '%s "$download_tmp" %s:%s\n' \
"$__remote_copy" \
"$target_host" \
"$dst"
echo "rm -f \"\$download_tmp\""

View file

@ -0,0 +1,59 @@
#!/bin/sh -e
download="$( cat "$__object/parameter/download" )"
state_is="$( cat "$__object/explorer/state" )"
if [ "$download" = 'remote' ] && [ "$state_is" != 'present' ]
then
cmd_get="$( cat "$__object/explorer/remote_cmd_get" )"
url="$( cat "$__object/parameter/url" )"
if [ -f "$__object/parameter/destination" ]
then
dst="$( cat "$__object/parameter/destination" )"
else
dst="/$__object_id"
fi
echo "download_tmp=\"\$( mktemp )\""
# shellcheck disable=SC2059
printf "$cmd_get > \"\$download_tmp\"\n" "$url"
if [ -f "$__object/parameter/sum" ]
then
sum_should="$( cat "$__object/parameter/sum" )"
if [ -f "$__object/parameter/cmd-sum" ]
then
remote_cmd_sum="$( cat "$__object/parameter/cmd-sum" )"
else
remote_cmd_sum="$( cat "$__object/explorer/remote_cmd_sum" )"
if echo "$sum_should" | grep -Fq ':'
then
sum_should="$( echo "$sum_should" | cut -d : -f 2 )"
fi
fi
# shellcheck disable=SC2059
echo "sum_is=\"\$( $( printf "$remote_cmd_sum" "\"\$download_tmp\"" ) )\""
echo "if [ \"\$sum_is\" != '$sum_should' ]; then"
echo "echo 'remote download checksum mismatch' >&2"
echo "rm -f \"\$download_tmp\""
echo 'exit 1; fi'
fi
echo "mv \"\$download_tmp\" '$dst'"
fi
if [ -f "$__object/parameter/onchange" ] && [ "$state_is" != "present" ]
then
cat "$__object/parameter/onchange"
fi

View file

@ -0,0 +1,101 @@
cdist-type__download(7)
=======================
NAME
----
cdist-type__download - Download a file
DESCRIPTION
-----------
By default type will try to use ``curl``, ``fetch`` or ``wget``.
If download happens in target (see ``--download``) then type will
fallback to (and install) ``wget``.
If download happens in local machine, then environment variables like
``{http,https,ftp}_proxy`` etc can be used on cdist execution
(``http_proxy=foo cdist config ...``).
To change downloaded file's owner, group or permissions, use ``require='__download/path/to/file' __file ...``.
REQUIRED PARAMETERS
-------------------
url
File's URL.
OPTIONAL PARAMETERS
-------------------
destination
Downloaded file's destination in target. If unset, ``$__object_id`` is used.
sum
Supported formats: ``cksum`` output without file name, MD5, SHA1 and SHA256.
Type tries to detect hash format with regexes, but prefixes
``cksum:``, ``md5:``, ``sha1:`` and ``sha256:`` are also supported.
Checksum have two purposes - state check and post-download verification.
In state check, if destination checksum mismatches, then content of URL
will be downloaded to temporary file. If downloaded temporary file's
checksum matches, then it will be moved to destination (overwritten).
For local downloads it is expected that usable utilities for checksum
calculation exist in the system.
download
If ``local`` (default), then file is downloaded to local storage and copied
to target host. If ``remote``, then download happens in target.
For local downloads it is expected that usable utilities for downloading
exist in the system. Type will try to use ``curl``, ``fetch`` or ``wget``.
cmd-get
Command used for downloading.
Command must output to ``stdout``.
Parameter will be used for ``printf`` and must include only one
format specification ``%s`` which will become URL.
For example: ``wget -O - '%s'``.
cmd-sum
Command used for checksum calculation.
Command output and ``--sum`` parameter must match.
Parameter will be used for ``printf`` and must include only one
format specification ``%s`` which will become destination.
For example: ``md5sum '%s' | awk '{print $1}'``.
onchange
Execute this command after download.
EXAMPLES
--------
.. code-block:: sh
__directory /opt/cpma
require='__directory/opt/cpma' \
__download /opt/cpma/cnq3.zip \
--url https://cdn.playmorepromode.com/files/cnq3/cnq3-1.51.zip \
--sum 46da3021ca9eace277115ec9106c5b46
require='__download/opt/cpma/cnq3.zip' \
__unpack /opt/cpma/cnq3.zip \
--backup-destination \
--preserve-archive \
--destination /opt/cpma/server
AUTHORS
-------
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2021 Ander Punnar. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,6 @@
#!/bin/sh -e
if grep -Eq '^wget' "$__object/explorer/remote_cmd_get"
then
__package wget
fi

View file

@ -0,0 +1 @@
local

View file

@ -0,0 +1,6 @@
cmd-get
cmd-sum
destination
download
onchange
sum

View file

@ -0,0 +1 @@
url

View file

@ -0,0 +1,26 @@
#!/bin/sh -e
# __dpkg_architecture/explorer/architecture
#
# 2020 Matthias Stecher <matthiasstecher at gmx.de>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Get the main architecture of this machine
# print or die in the gencode-remote
dpkg --print-architecture || true

View file

@ -0,0 +1,26 @@
#!/bin/sh -e
# __dpkg_architecture/explorer/foreign-architectures
#
# 2020 Matthias Stecher <matthiasstecher at gmx.de>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Print all additional architectures
# print or die in the gencode-remote
dpkg --print-foreign-architectures || true

View file

@ -0,0 +1,82 @@
#!/bin/sh -e
# __dpkg_architecture/gencode-remote
#
# 2020 Matthias Stecher <matthiasstecher at gmx.de>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Get parameter and explorer
state_should="$(cat "$__object/parameter/state")"
arch_wanted="$__object_id"
main_arch="$(cat "$__object/explorer/architecture")"
# Exit here if dpkg do not work (empty explorer)
if [ -z "$main_arch" ]; then
echo "dpkg is not available or unable to detect a architecture!" >&2
exit 1
fi
# Check if requested architecture is the main one
if [ "$arch_wanted" = "$main_arch" ]; then
# higher than present; we can not remove it
state_is="present"
caution="yes"
# Check if the architecture not already used
elif grep -qFx "$arch_wanted" "$__object/explorer/foreign-architectures"; then
state_is="present"
# arch does not exist
else
state_is="absent"
fi
# Check what to do
if [ "$state_is" != "$state_should" ]; then
case "$state_should" in
present)
# print add code
printf "dpkg --add-architecture '%s'\n" "$arch_wanted"
# updating the index to make the new architecture available
echo "apt update"
echo added >> "$__messages_out"
;;
absent)
if [ "$caution" ]; then
printf "can not remove the main arch '%s' of the system!\n" "$main_arch" >&2
exit 1
fi
# removing all existing packages for the architecture
printf "apt purge '.*:%s'\n" "$arch_wanted"
# print remove code
printf "dpkg --remove-architecture '%s'\n" "$arch_wanted"
echo removed >> "$__messages_out"
;;
*)
printf "state '%s' is unknown!\n" "$state_should" >&2
exit 1
;;
esac
fi

Some files were not shown because too many files have changed in this diff Show more