From 84172550df9e1800bc795dc51da01c9d3a0be9e0 Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Mon, 30 Nov 2020 20:29:51 +0100 Subject: [PATCH 01/25] __iptables*: add IPv6 support Because it currently only support IPv4. To implement this, it falls back to IPv4 for backward compatibilty, but now supports rules for IPv6 and both protocols at the same time. --- .../type/__iptables_apply/files/init-script | 84 +++++++++++++++---- cdist/conf/type/__iptables_rule/man.rst | 38 ++++++++- cdist/conf/type/__iptables_rule/manifest | 40 ++++++++- .../type/__iptables_rule/parameter/boolean | 3 + 4 files changed, 140 insertions(+), 25 deletions(-) create mode 100644 cdist/conf/type/__iptables_rule/parameter/boolean diff --git a/cdist/conf/type/__iptables_apply/files/init-script b/cdist/conf/type/__iptables_apply/files/init-script index d9c79ef7..196f019b 100644 --- a/cdist/conf/type/__iptables_apply/files/init-script +++ b/cdist/conf/type/__iptables_apply/files/init-script @@ -1,6 +1,27 @@ #!/bin/sh -# Nico Schottelius -# Zürisee, Mon Sep 2 18:38:27 CEST 2013 +# +# 2013 Nico Schottelius (nico-cdist at schottelius.org) +# 2020 Matthias Stecher (matthiasstecher at gmx.de) +# +# This file is distributed with cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Originally written by: +# Nico Schottelius +# Zürisee, Mon Sep 2 18:38:27 CEST 2013 # ### BEGIN INIT INFO # Provides: iptables @@ -15,33 +36,60 @@ ### END INIT INFO +# Read files and execute the content with the given commands +# +# Arguments: +# 1: Directory +# 2..n: Commands which should be used to execute the file content +gothrough() { + cd "$1" || return + shift + + # iterate through all rules and continue if it's not a file + for rule in *; do + [ -f "$rule" ] || continue + echo "Appling iptables rule $rule ..." + + # execute it with all commands specificed + ruleparam="$(cat "$rule")" + for cmd in "$@"; do + # Command and Rule should be split. + # shellcheck disable=SC2046 + command $cmd $ruleparam + done + done +} + +# Shortcut for iptables command to do IPv4 and v6 +iptables() { + command iptables "$@" + command ip6tables "$@" +} + basedir=/etc/iptables.d -status="${basedir}/.pre-start" +status4="${basedir}/.pre-start" +status6="${basedir}/.pre-start6" case $1 in start) # Save status - iptables-save > "$status" + iptables-save > "$status4" + ip6tables-save > "$status6" # Apply our ruleset - cd "$basedir" || exit - count="$(find . ! -name . -prune | wc -l)" - - # Only do something if there are rules - if [ "$count" -ge 1 ]; then - for rule in *; do - echo "Applying iptables rule $rule ..." - # Rule should be split. - # shellcheck disable=SC2046 - iptables $(cat "$rule") - done - fi + gothrough "$basedir" iptables + #gothrough "$basedir/v4" iptables # conflicts with $basedir + gothrough "$basedir/v6" ip6tables + gothrough "$basedir/all" iptables ip6tables ;; stop) # Restore from status before, if there is something to restore - if [ -f "$status" ]; then - iptables-restore < "$status" + if [ -f "$status4" ]; then + iptables-restore < "$status4" + fi + if [ -f "$status6" ]; then + ip6tables-restore < "$status6" fi ;; restart) diff --git a/cdist/conf/type/__iptables_rule/man.rst b/cdist/conf/type/__iptables_rule/man.rst index 92d8859f..75d0740b 100644 --- a/cdist/conf/type/__iptables_rule/man.rst +++ b/cdist/conf/type/__iptables_rule/man.rst @@ -25,6 +25,24 @@ state 'present' or 'absent', defaults to 'present' +BOOLEAN PARAMETERS +------------------ +All rules without any of this parameter will be threaten like ``--v4`` because +of backward compatibility. + +v4 + Explicitly set it as rule for IPv4. If IPv6 is set, too, it will be + threaten like ``--all``. Will be the default if nothing else is set. + +v6 + Explicitly set it as rule for IPv6. If IPv4 is set, too, it will be + threaten like ``--all``. + +all + Set the rule for both IPv4 and IPv6. It will be saved separately from the + other rules. + + EXAMPLES -------- @@ -48,6 +66,16 @@ EXAMPLES --state absent + # IPv4-only rule for ICMPv4 + __iptables_rule icmp-v4 --v4 --rule "-A INPUT -p icmp -j ACCEPT" + # IPv6-only rule for ICMPv6 + __iptables_rule icmp-v6 --v6 --rule "-A INPUT -p icmpv6 -j ACCEPT" + + # doing something for the dual stack + __iptables_rule fwd-eth0-eth1 --v4 --v6 --rule "-A INPUT -i eth0 -o eth1 -j ACCEPT" + __iptables_rule fwd-eth1-eth0 --all --rule "-A -o eth1 -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT" + + SEE ALSO -------- :strong:`cdist-type__iptables_apply`\ (7), :strong:`iptables`\ (8) @@ -56,11 +84,13 @@ SEE ALSO AUTHORS ------- Nico Schottelius +Matthias Stecher COPYING ------- -Copyright \(C) 2013 Nico Schottelius. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. +Copyright \(C) 2013 Nico Schottelius. +Copyright \(C) 2020 Matthias Stecher. +You can redistribute it and/or modify it under the terms of the GNU +General Public License as published by the Free Software Foundation, +either version 3 of the License, or (at your option) any later version. diff --git a/cdist/conf/type/__iptables_rule/manifest b/cdist/conf/type/__iptables_rule/manifest index ed78787f..27d00024 100755 --- a/cdist/conf/type/__iptables_rule/manifest +++ b/cdist/conf/type/__iptables_rule/manifest @@ -1,6 +1,7 @@ #!/bin/sh -e # # 2013 Nico Schottelius (nico-cdist at schottelius.org) +# 2020 Matthias Stecher (matthiasstecher at gmx.de) # # This file is part of cdist. # @@ -24,12 +25,36 @@ base_dir=/etc/iptables.d name="$__object_id" state="$(cat "$__object/parameter/state")" +if [ -f "$__object/parameter/v4" ]; then + only_v4="yes" + # $specific_dir is $base_dir +fi +if [ -f "$__object/parameter/v6" ]; then + only_v6="yes" + specific_dir="$base_dir/v6" +fi +# If rules should be set for both protocols +if ([ "$only_v4" = "yes" ] && [ "$only_v6" = "yes" ]) \ + || [ -f "$__object/parameter/all" ]; then + + # all to a specific directory + specific_dir="$base_dir/all" +fi + +# set rule directory based on if it's the base or subdirectory +rule_dir="${specific_dir:-$base_dir}" + ################################################################################ # Basic setup # __directory "$base_dir" --state present +# sub-directory if required +if [ "$specific_dir" ]; then + require="__directory/$base_dir" __directory "$specific_dir" --state present +fi + # Have apply do the real job require="$__object_name" __iptables_apply @@ -37,6 +62,15 @@ require="$__object_name" __iptables_apply # The rule # -require="__directory/$base_dir" __file "$base_dir/${name}" \ - --source "$__object/parameter/rule" \ - --state "$state" +for dir in "$base_dir" "$base_dir/v6" "$base_dir/all"; do + # defaults to absent except the directory that should contain the file + if [ "$rule_dir" = "$dir" ]; then + curr_state="$state" + else + curr_state="absent" + fi + + require="__directory/$rule_dir" __file "$dir/$name" \ + --source "$__object/parameter/rule" \ + --state "$curr_state" +done diff --git a/cdist/conf/type/__iptables_rule/parameter/boolean b/cdist/conf/type/__iptables_rule/parameter/boolean new file mode 100644 index 00000000..76882272 --- /dev/null +++ b/cdist/conf/type/__iptables_rule/parameter/boolean @@ -0,0 +1,3 @@ +all +v4 +v6 From f568462e4981c8b6437c29f96963c3d8e7bed742 Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Wed, 2 Dec 2020 17:48:41 +0100 Subject: [PATCH 02/25] __iptables_rule: fix shellcheck SC2235 --- cdist/conf/type/__iptables_rule/manifest | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cdist/conf/type/__iptables_rule/manifest b/cdist/conf/type/__iptables_rule/manifest index 27d00024..d4394c25 100755 --- a/cdist/conf/type/__iptables_rule/manifest +++ b/cdist/conf/type/__iptables_rule/manifest @@ -34,8 +34,8 @@ if [ -f "$__object/parameter/v6" ]; then specific_dir="$base_dir/v6" fi # If rules should be set for both protocols -if ([ "$only_v4" = "yes" ] && [ "$only_v6" = "yes" ]) \ - || [ -f "$__object/parameter/all" ]; then +if { [ "$only_v4" = "yes" ] && [ "$only_v6" = "yes" ]; } || + [ -f "$__object/parameter/all" ]; then # all to a specific directory specific_dir="$base_dir/all" From bee255c1ae0039e3d532317007f06fcd2e64e3bc Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Wed, 2 Dec 2020 18:04:50 +0100 Subject: [PATCH 03/25] __iptables_apply: man updates --- .../type/__iptables_apply/files/init-script | 1 + cdist/conf/type/__iptables_apply/man.rst | 21 +++++++++++++------ 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/cdist/conf/type/__iptables_apply/files/init-script b/cdist/conf/type/__iptables_apply/files/init-script index 196f019b..7faa2f92 100644 --- a/cdist/conf/type/__iptables_apply/files/init-script +++ b/cdist/conf/type/__iptables_apply/files/init-script @@ -61,6 +61,7 @@ gothrough() { } # Shortcut for iptables command to do IPv4 and v6 +# only applies to the "reset" target iptables() { command iptables "$@" command ip6tables "$@" diff --git a/cdist/conf/type/__iptables_apply/man.rst b/cdist/conf/type/__iptables_apply/man.rst index 76e1f6bf..db0e7869 100644 --- a/cdist/conf/type/__iptables_apply/man.rst +++ b/cdist/conf/type/__iptables_apply/man.rst @@ -10,7 +10,14 @@ DESCRIPTION ----------- This cdist type deploys an init script that triggers the configured rules and also re-applies them on -configuration. +configuration. Rules are written from __iptables_rule +into the folder ``/etc/iptables.d/``. + +It reads all rules from the base folder as rules for IPv4. +Rules in the subfolder ``v6/`` are IPv6 rules. Rules in +the subfolder ``all/`` are applied to both rule tables. All +files contain the arguments for a single ``iptables`` and/or +``ip6tables`` command. REQUIRED PARAMETERS @@ -24,7 +31,7 @@ None EXAMPLES -------- -None (__iptables_apply is used by __iptables_rule) +None (__iptables_apply is used by __iptables_rule automaticly) SEE ALSO @@ -35,11 +42,13 @@ SEE ALSO AUTHORS ------- Nico Schottelius +Matthias Stecher COPYING ------- -Copyright \(C) 2013 Nico Schottelius. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. +Copyright \(C) 2013 Nico Schottelius. +Copyright \(C) 2020 Matthias Stecher. +You can redistribute it and/or modify it under the terms of the GNU +General Public License as published by the Free Software Foundation, +either version 3 of the License, or (at your option) any later version. From a1db5c3d0e7b5899f1a877c5bab28ac4d4796f8c Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Wed, 2 Dec 2020 18:22:31 +0100 Subject: [PATCH 04/25] __iptables*: Update manpages for execution order To make some thinks clear if someone needs it .. --- cdist/conf/type/__iptables_apply/man.rst | 10 ++++++++++ cdist/conf/type/__iptables_rule/man.rst | 4 ++++ 2 files changed, 14 insertions(+) diff --git a/cdist/conf/type/__iptables_apply/man.rst b/cdist/conf/type/__iptables_apply/man.rst index db0e7869..4109e789 100644 --- a/cdist/conf/type/__iptables_apply/man.rst +++ b/cdist/conf/type/__iptables_apply/man.rst @@ -19,6 +19,16 @@ the subfolder ``all/`` are applied to both rule tables. All files contain the arguments for a single ``iptables`` and/or ``ip6tables`` command. +Rules are applied in the following order: +1. All IPv4 rules +2. All IPv6 rules +2. All rules that should be applied to both tables + +The order of the rules that will be applied are definite +from the result the shell glob returns, which should be +alphabetical. If rules must be applied in a special order, +prefix them with a number like ``02-some-rule``. + REQUIRED PARAMETERS ------------------- diff --git a/cdist/conf/type/__iptables_rule/man.rst b/cdist/conf/type/__iptables_rule/man.rst index 75d0740b..86d38a34 100644 --- a/cdist/conf/type/__iptables_rule/man.rst +++ b/cdist/conf/type/__iptables_rule/man.rst @@ -11,6 +11,10 @@ DESCRIPTION This cdist type allows you to manage iptable rules in a distribution independent manner. +See :strong:`cdist-type__iptables_apply`\ (7) for the +execution order of these rules. It will be executed +automaticly to apply all rules non-volaite. + REQUIRED PARAMETERS ------------------- From ba7d16a155cef46230d1dc650119f3d542a7f7f4 Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Fri, 4 Dec 2020 17:57:55 +0100 Subject: [PATCH 05/25] __iptables_*: correct manpage spelling --- cdist/conf/type/__iptables_apply/man.rst | 2 +- cdist/conf/type/__iptables_rule/man.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cdist/conf/type/__iptables_apply/man.rst b/cdist/conf/type/__iptables_apply/man.rst index 4109e789..3bef92cc 100644 --- a/cdist/conf/type/__iptables_apply/man.rst +++ b/cdist/conf/type/__iptables_apply/man.rst @@ -41,7 +41,7 @@ None EXAMPLES -------- -None (__iptables_apply is used by __iptables_rule automaticly) +None (__iptables_apply is used by __iptables_rule automatically) SEE ALSO diff --git a/cdist/conf/type/__iptables_rule/man.rst b/cdist/conf/type/__iptables_rule/man.rst index 86d38a34..afb71e01 100644 --- a/cdist/conf/type/__iptables_rule/man.rst +++ b/cdist/conf/type/__iptables_rule/man.rst @@ -31,7 +31,7 @@ state BOOLEAN PARAMETERS ------------------ -All rules without any of this parameter will be threaten like ``--v4`` because +All rules without any of these parameters will be treated like ``--v4`` because of backward compatibility. v4 From 2d19856840400af57bd6667cc868ab314a3e07c2 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Fri, 4 Dec 2020 18:26:03 +0100 Subject: [PATCH 06/25] [type/__package_pkgng_freebsd] Set ASSUME_ALWAYS_YES instead of -y --- cdist/conf/type/__package_pkgng_freebsd/gencode-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__package_pkgng_freebsd/gencode-remote b/cdist/conf/type/__package_pkgng_freebsd/gencode-remote index b5944177..05ba4cb2 100755 --- a/cdist/conf/type/__package_pkgng_freebsd/gencode-remote +++ b/cdist/conf/type/__package_pkgng_freebsd/gencode-remote @@ -75,7 +75,7 @@ execcmd(){ esac if [ -z "${pkg_bootstrapped}" ]; then - echo "pkg bootstrap -y >/dev/null 2>&1" + echo "ASSUME_ALWAYS_YES=yes pkg bootstrap >/dev/null 2>&1" fi echo "$_cmd >/dev/null 2>&1" # Silence the output of the command From 087be130fa67d3fe195387ae0ab079f39c5066e1 Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Fri, 4 Dec 2020 19:23:49 +0100 Subject: [PATCH 07/25] __iptables_apply: shorten copyright header Do we need all the copyright header or is this sufficient? The licence is given for cdist, but not on the target host. But it should be clear anyway. --- .../type/__iptables_apply/files/init-script | 34 ++++++------------- 1 file changed, 10 insertions(+), 24 deletions(-) diff --git a/cdist/conf/type/__iptables_apply/files/init-script b/cdist/conf/type/__iptables_apply/files/init-script index 7faa2f92..e42017ae 100644 --- a/cdist/conf/type/__iptables_apply/files/init-script +++ b/cdist/conf/type/__iptables_apply/files/init-script @@ -1,28 +1,4 @@ #!/bin/sh -# -# 2013 Nico Schottelius (nico-cdist at schottelius.org) -# 2020 Matthias Stecher (matthiasstecher at gmx.de) -# -# This file is distributed with cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# -# Originally written by: -# Nico Schottelius -# Zürisee, Mon Sep 2 18:38:27 CEST 2013 -# ### BEGIN INIT INFO # Provides: iptables # Required-Start: $local_fs $remote_fs @@ -35,6 +11,16 @@ # and saves/restores previous status ### END INIT INFO +# Originally written by: +# Nico Schottelius +# Zürisee, Mon Sep 2 18:38:27 CEST 2013 +# +# 2013 Nico Schottelius (nico-cdist at schottelius.org) +# 2020 Matthias Stecher (matthiasstecher at gmx.de) +# +# This file is distributed with cdist and licenced under the +# GNU GPLv3+ WITHOUT ANY WARRANTY. + # Read files and execute the content with the given commands # From 3930f69456fd5a0d108a107e4ee61d87c9a73a56 Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Sun, 6 Dec 2020 16:45:58 +0100 Subject: [PATCH 08/25] __block: fix escaping in here-doc This changes the here-document to do not interpret any shell-things. It also single-quotes some more strings that are printed to code-remote. Fixes #838 --- cdist/conf/type/__block/gencode-remote | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/cdist/conf/type/__block/gencode-remote b/cdist/conf/type/__block/gencode-remote index 1f5cc033..acdb3286 100755 --- a/cdist/conf/type/__block/gencode-remote +++ b/cdist/conf/type/__block/gencode-remote @@ -46,10 +46,10 @@ fi remove_block() { cat << DONE -tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX) +tmpfile=\$(mktemp '${file}.cdist.XXXXXXXXXX') # preserve ownership and permissions of existing file -if [ -f "$file" ]; then - cp -p "$file" "\$tmpfile" +if [ -f '$file' ]; then + cp -p '$file' "\$tmpfile" fi awk -v prefix=^$(quote "$prefix")\$ -v suffix=^$(quote "$suffix")\$ ' { @@ -63,8 +63,8 @@ awk -v prefix=^$(quote "$prefix")\$ -v suffix=^$(quote "$suffix")\$ ' } else { print } -}' "$file" > "\$tmpfile" -mv -f "\$tmpfile" "$file" +}' '$file' > "\$tmpfile" +mv -f "\$tmpfile" '$file' DONE } @@ -77,7 +77,7 @@ case "$state_should" in echo add >> "$__messages_out" fi cat << DONE -cat >> "$file" << ${__type##*/}_DONE +cat >> '$file' << '${__type##*/}_DONE' $(cat "$block") ${__type##*/}_DONE DONE From bed08c2c5c71ec4252743e0b64b75e7d8fedbd92 Mon Sep 17 00:00:00 2001 From: Evilham Date: Sun, 6 Dec 2020 20:24:00 +0100 Subject: [PATCH 09/25] Deal with deprecation of imp module. importlib has been a thing since Python 3.1, and imp has been deprecated since 3.4. Insert random complaint here about not being able to use f-strings because they were introduced in Python 3.6 and apparently we support Python 3.5 >,<. Output diff before to after for ./bin/cdist-build-helper test (on heavy load): ``` 1,2d0 < /usr/home/evilham/s/cdist/cdist/cdist/test/__main__.py:23: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses < import imp 72c70 < ERROR: cdisttesthost: __file/tmp/foobar requires object __file without object id. Defined at /tmp/tmp.cdist.test.g87lx7c8/tmp.cdist.test.6ramsakx --- > ERROR: cdisttesthost: __file/tmp/foobar requires object __file without object id. Defined at /tmp/tmp.cdist.test.aqdf6vjz/tmp.cdist.test.jgv3udel 76c74 < test_nonexistent_type_requirement (cdist.test.emulator.EmulatorTestCase) ... ERROR: cdisttesthost: __file/tmp/foobar requires object __does-not-exist/some-id, but type __does-not-exist does not exist. Defined at /tmp/tmp.cdist.test.mma5j8ln/tmp.cdist.test.3zg4by4d --- > test_nonexistent_type_requirement (cdist.test.emulator.EmulatorTestCase) ... ERROR: cdisttesthost: __file/tmp/foobar requires object __does-not-exist/some-id, but type __does-not-exist does not exist. Defined at /tmp/tmp.cdist.test.t8d6ockr/tmp.cdist.test.uimxurg9 86c84 < test_initial_manifest_environment (cdist.test.manifest.ManifestTestCase) ... VERBOSE: cdisttesthost: Running initial manifest /tmp/tmp.cdist.test.uvid60ij/759547ff4356de6e3d9e08522b0d0807/data/conf/manifest/dump_environment --- > test_initial_manifest_environment (cdist.test.manifest.ManifestTestCase) ... VERBOSE: cdisttesthost: Running initial manifest /tmp/tmp.cdist.test._cttcnrj/759547ff4356de6e3d9e08522b0d0807/data/conf/manifest/dump_environment 89c87 < test_type_manifest_environment (cdist.test.manifest.ManifestTestCase) ... VERBOSE: cdisttesthost: Running type manifest /tmp/tmp.cdist.test.k1i2onpb/759547ff4356de6e3d9e08522b0d0807/data/conf/type/__dump_environment/manifest for object __dump_environment/whatever --- > test_type_manifest_environment (cdist.test.manifest.ManifestTestCase) ... VERBOSE: cdisttesthost: Running type manifest /tmp/tmp.cdist.test.ukr7lrzd/759547ff4356de6e3d9e08522b0d0807/data/conf/type/__dump_environment/manifest for object __dump_environment/whatever 272c270 < Ran 225 tests in 44.457s --- > Ran 225 tests in 43.750s ``` --- cdist/test/__main__.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/cdist/test/__main__.py b/cdist/test/__main__.py index c8c7df3b..8049c752 100644 --- a/cdist/test/__main__.py +++ b/cdist/test/__main__.py @@ -20,7 +20,7 @@ # # -import imp +import importlib import os import sys import unittest @@ -37,8 +37,9 @@ for possible_test in os.listdir(base_dir): suites = [] for test_module in test_modules: - module_parameters = imp.find_module(test_module, [base_dir]) - module = imp.load_module("cdist.test." + test_module, *module_parameters) + module_spec = importlib.util.find_spec("cdist.test.{}".format(test_module)) + module = importlib.util.module_from_spec(module_spec) + module_spec.loader.exec_module(module) suite = unittest.defaultTestLoader.loadTestsFromModule(module) # print("Got suite: " + suite.__str__()) From 29662961731ef07fbc20213d0d87da1469f0d27c Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Mon, 7 Dec 2020 19:47:52 +0100 Subject: [PATCH 10/25] ++changelog --- docs/changelog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/changelog b/docs/changelog index 6c272fd7..8b35901b 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,6 +1,10 @@ Changelog --------- +next: + * __package_pkgng_freebsd: Fix bootstrapping pkg (Dennis Camera) + * Core: Deal with deprecated imp in unit tests (Evil Ham) + 6.9.3: 2020-12-04 * pip install: Add cdist.scan to packages in setup.py (Dennis Camera) From c5ca4cd2e13516dfb55371c1600e32297c3343e9 Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Mon, 7 Dec 2020 19:59:05 +0100 Subject: [PATCH 11/25] __block: securly quote via the quote function Because the function already exists, it will be used for the file to be changed, too. Therefor, no quotes are required for that value. The prefix and suffix match was also improved: There is no regex check any more (the regex did checked the whole line); instead it will do it simple. --- cdist/conf/type/__block/gencode-remote | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/cdist/conf/type/__block/gencode-remote b/cdist/conf/type/__block/gencode-remote index acdb3286..7a1f4064 100755 --- a/cdist/conf/type/__block/gencode-remote +++ b/cdist/conf/type/__block/gencode-remote @@ -46,28 +46,29 @@ fi remove_block() { cat << DONE -tmpfile=\$(mktemp '${file}.cdist.XXXXXXXXXX') +tmpfile=\$(mktemp ${quoted_file}.cdist.XXXXXXXXXX) # preserve ownership and permissions of existing file -if [ -f '$file' ]; then - cp -p '$file' "\$tmpfile" +if [ -f $quoted_file ]; then + cp -p $quoted_file "\$tmpfile" fi -awk -v prefix=^$(quote "$prefix")\$ -v suffix=^$(quote "$suffix")\$ ' +awk -v prefix=$(quote "$prefix") -v suffix=$(quote "$suffix") ' { - if (match(\$0,prefix)) { + if (\$0 == prefix) { triggered=1 } if (triggered) { - if (match(\$0,suffix)) { + if (\$0 == suffix) { triggered=0 } } else { print } -}' '$file' > "\$tmpfile" -mv -f "\$tmpfile" '$file' +}' $quoted_file > "\$tmpfile" +mv -f "\$tmpfile" $quoted_file DONE } +quoted_file="$(quote "$file")" case "$state_should" in present) if [ "$state_is" = "changed" ]; then @@ -77,7 +78,7 @@ case "$state_should" in echo add >> "$__messages_out" fi cat << DONE -cat >> '$file' << '${__type##*/}_DONE' +cat >> $quoted_file << '${__type##*/}_DONE' $(cat "$block") ${__type##*/}_DONE DONE From 14c81d6c7e20a2ed04c7318f6e8ecb51098390e8 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Tue, 8 Dec 2020 07:16:26 +0100 Subject: [PATCH 12/25] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 8b35901b..4be08ae9 100644 --- a/docs/changelog +++ b/docs/changelog @@ -4,6 +4,7 @@ Changelog next: * __package_pkgng_freebsd: Fix bootstrapping pkg (Dennis Camera) * Core: Deal with deprecated imp in unit tests (Evil Ham) + * Type __iptables: Add IPv6 support (Matthias Stecher) 6.9.3: 2020-12-04 * pip install: Add cdist.scan to packages in setup.py (Dennis Camera) From a58f5ffa7f59a7e28ba0a414097f154e4a497e88 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Tue, 8 Dec 2020 19:36:44 +0100 Subject: [PATCH 13/25] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 4be08ae9..3d6084f1 100644 --- a/docs/changelog +++ b/docs/changelog @@ -5,6 +5,7 @@ next: * __package_pkgng_freebsd: Fix bootstrapping pkg (Dennis Camera) * Core: Deal with deprecated imp in unit tests (Evil Ham) * Type __iptables: Add IPv6 support (Matthias Stecher) + * Type __block: Fix escaping in here-doc (Matthias Stecher) 6.9.3: 2020-12-04 * pip install: Add cdist.scan to packages in setup.py (Dennis Camera) From a5169ad858a4d6e9c378184db5736f55a86306e0 Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Thu, 10 Dec 2020 21:24:26 +0100 Subject: [PATCH 14/25] new type __debian_backports This new type will setup the backports distribution for the current Debian release. --- cdist/conf/type/__debian_backports/man.rst | 90 +++++++++++++++++++ cdist/conf/type/__debian_backports/manifest | 59 ++++++++++++ .../parameter/default/mirror | 1 + .../parameter/default/state | 1 + .../__debian_backports/parameter/optional | 2 + cdist/conf/type/__debian_backports/singleton | 0 6 files changed, 153 insertions(+) create mode 100644 cdist/conf/type/__debian_backports/man.rst create mode 100755 cdist/conf/type/__debian_backports/manifest create mode 100644 cdist/conf/type/__debian_backports/parameter/default/mirror create mode 100644 cdist/conf/type/__debian_backports/parameter/default/state create mode 100644 cdist/conf/type/__debian_backports/parameter/optional create mode 100644 cdist/conf/type/__debian_backports/singleton diff --git a/cdist/conf/type/__debian_backports/man.rst b/cdist/conf/type/__debian_backports/man.rst new file mode 100644 index 00000000..ba353f4e --- /dev/null +++ b/cdist/conf/type/__debian_backports/man.rst @@ -0,0 +1,90 @@ +cdist-type__debian_backports(7) +=============================== + +NAME +---- +cdist-type__debian_backports - Install backports for Debain systems + + +DESCRIPTION +----------- +This singleton type installs backports for the current Debian version. +It aborts if backports are not supported for the specified os or no +version codename could be fetched (like Debian unstable). + + +REQUIRED PARAMETERS +------------------- +None. + + +OPTIONAL PARAMETERS +------------------- +state + Represents the state of the backports repository. ``present`` or + ``absent``, defaults to ``present``. + + Will be directly passed to :strong:`cdist-type__apt_source`\ (7). + +mirror + The mirror to fetch the backports from. Will defaults to the Debian default + ``_. + + Will be directly passed to :strong:`cdist-type__apt_source`\ (7). + + +BOOLEAN PARAMETERS +------------------ +None. + + +MESSAGES +-------- +None. + + +EXAMPLES +-------- + +.. code-block:: sh + + # setup the backports + __debian_backports + __debian_backports --state absent + __debian_backports --state present --mirror "http://ftp.de.debian.org/debian/" + + # update + require="__debian_backports" __apt_update_index + + # install a backports package + # currently for the buster release backports + require="__apt_update_index" __package_apt wireguard \ + --target-release buster-backports + + +ABORTS +------ +Aborts if the detected os is not Debian. + +Aborts if no distribuition codename could be detected. This is common for the +unstable distribution, but there is no backports repository for it already. + + +SEE ALSO +-------- +`Official Debian Backports site `_ + +:strong:`cdist-type__apt_source`\ (7) + + +AUTHORS +------- +Matthias Stecher + + +COPYING +------- +Copyright \(C) 2020 Matthias Stecher. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__debian_backports/manifest b/cdist/conf/type/__debian_backports/manifest new file mode 100755 index 00000000..29bf9a43 --- /dev/null +++ b/cdist/conf/type/__debian_backports/manifest @@ -0,0 +1,59 @@ +#!/bin/sh -e +# __debian_backports/manifest +# +# 2020 Matthias Stecher (matthiasstecher at gmx.de) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Enables/disables backports repository. Utilies __apt_source for it. +# + + +# detect backport distribution +os="$(cat "$__global/explorer/os")" +case "$os" in + debian) + # distribution codename from /etc/os-release + # lsb_release may not be given in all debian installations + dist="$( + . "$__global/explorer/os-release" + printf "%s" "$VERSION_CODENAME" + )" + ;; + *) + printf "Backports for %s are not supported!\n" "$os" >&2 + exit 1 + ;; +esac + +# error if no codename given (e.g. on Debian unstable) +if [ -z "$dist" ]; then + printf "No backports for unkown version of distribution %s!\n" "$os" >&2 + exit 1 +fi + + +# parameters +state="$(cat "$__object/parameter/state")" +mirror="$(cat "$__object/parameter/mirror")" + +# install the given backports repository +__apt_source "${dist}-backports" \ + --state "$state" \ + --distribution "${dist}-backports" \ + --component main \ + --uri "$mirror" diff --git a/cdist/conf/type/__debian_backports/parameter/default/mirror b/cdist/conf/type/__debian_backports/parameter/default/mirror new file mode 100644 index 00000000..0965ef04 --- /dev/null +++ b/cdist/conf/type/__debian_backports/parameter/default/mirror @@ -0,0 +1 @@ +http://deb.debian.org/debian/ diff --git a/cdist/conf/type/__debian_backports/parameter/default/state b/cdist/conf/type/__debian_backports/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__debian_backports/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__debian_backports/parameter/optional b/cdist/conf/type/__debian_backports/parameter/optional new file mode 100644 index 00000000..4b05c235 --- /dev/null +++ b/cdist/conf/type/__debian_backports/parameter/optional @@ -0,0 +1,2 @@ +state +mirror diff --git a/cdist/conf/type/__debian_backports/singleton b/cdist/conf/type/__debian_backports/singleton new file mode 100644 index 00000000..e69de29b From 0d96b31b5696f95b559450e17c71914d0746c0ce Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Fri, 11 Dec 2020 18:13:44 +0100 Subject: [PATCH 15/25] __debian_backports: pass shellcheck for sourced file Because the sourced explorer can't be detected by shellcheck, it will be completely disabled. Changing the path to /etc/os-release isn't deterministic either. The shellcheck wiki page suggests to use `source=/dev/null` instead of `disable=SC1090`, but it was choosen to completely avoid that check .. --- cdist/conf/type/__debian_backports/manifest | 1 + 1 file changed, 1 insertion(+) diff --git a/cdist/conf/type/__debian_backports/manifest b/cdist/conf/type/__debian_backports/manifest index 29bf9a43..661e5281 100755 --- a/cdist/conf/type/__debian_backports/manifest +++ b/cdist/conf/type/__debian_backports/manifest @@ -30,6 +30,7 @@ case "$os" in # distribution codename from /etc/os-release # lsb_release may not be given in all debian installations dist="$( + # shellcheck disable=SC1090 . "$__global/explorer/os-release" printf "%s" "$VERSION_CODENAME" )" From c4d19a23193ec13eda96a3d7536ba338d0801825 Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Sat, 12 Dec 2020 09:36:17 +0100 Subject: [PATCH 16/25] __debian_backports -> __apt_backports; add wider os support As discussed in the chat, this type now supports a broader list of OSes which it supports backports for. Because of this, it was renamed to something more generic. "apt" should fit in. --- .../man.rst | 27 ++++++++---- .../manifest | 41 ++++++++++++++----- .../parameter/default/state | 0 .../parameter/optional | 0 .../singleton | 0 .../parameter/default/mirror | 1 - 6 files changed, 49 insertions(+), 20 deletions(-) rename cdist/conf/type/{__debian_backports => __apt_backports}/man.rst (66%) rename cdist/conf/type/{__debian_backports => __apt_backports}/manifest (59%) rename cdist/conf/type/{__debian_backports => __apt_backports}/parameter/default/state (100%) rename cdist/conf/type/{__debian_backports => __apt_backports}/parameter/optional (100%) rename cdist/conf/type/{__debian_backports => __apt_backports}/singleton (100%) delete mode 100644 cdist/conf/type/__debian_backports/parameter/default/mirror diff --git a/cdist/conf/type/__debian_backports/man.rst b/cdist/conf/type/__apt_backports/man.rst similarity index 66% rename from cdist/conf/type/__debian_backports/man.rst rename to cdist/conf/type/__apt_backports/man.rst index ba353f4e..7d269fbb 100644 --- a/cdist/conf/type/__debian_backports/man.rst +++ b/cdist/conf/type/__apt_backports/man.rst @@ -3,13 +3,13 @@ cdist-type__debian_backports(7) NAME ---- -cdist-type__debian_backports - Install backports for Debain systems +cdist-type__apt_backports - Install backports DESCRIPTION ----------- -This singleton type installs backports for the current Debian version. -It aborts if backports are not supported for the specified os or no +This singleton type installs backports for the current OS release. +It aborts if backports are not supported for the specified OS or no version codename could be fetched (like Debian unstable). @@ -27,8 +27,8 @@ state Will be directly passed to :strong:`cdist-type__apt_source`\ (7). mirror - The mirror to fetch the backports from. Will defaults to the Debian default - ``_. + The mirror to fetch the backports from. Will defaults to the generic + mirror of the current OS. Will be directly passed to :strong:`cdist-type__apt_source`\ (7). @@ -49,12 +49,12 @@ EXAMPLES .. code-block:: sh # setup the backports - __debian_backports - __debian_backports --state absent - __debian_backports --state present --mirror "http://ftp.de.debian.org/debian/" + __apt_backports + __apt_backports --state absent + __apt_backports --state present --mirror "http://ftp.de.debian.org/debian/" # update - require="__debian_backports" __apt_update_index + require="__apt_backports" __apt_update_index # install a backports package # currently for the buster release backports @@ -70,6 +70,15 @@ Aborts if no distribuition codename could be detected. This is common for the unstable distribution, but there is no backports repository for it already. +CAVEATS +------- +For Ubuntu, it setup all componenents for the backports repository: ``main``, +``restricted``, ``universe`` and ``multiverse``. The user may not want to +install proprietary packages, which will only be installed if the user +explicitly uses the backports target-release. The user may change this behavior +to install backports packages without the need of explicitly select it. + + SEE ALSO -------- `Official Debian Backports site `_ diff --git a/cdist/conf/type/__debian_backports/manifest b/cdist/conf/type/__apt_backports/manifest similarity index 59% rename from cdist/conf/type/__debian_backports/manifest rename to cdist/conf/type/__apt_backports/manifest index 661e5281..e5358dea 100755 --- a/cdist/conf/type/__debian_backports/manifest +++ b/cdist/conf/type/__apt_backports/manifest @@ -1,5 +1,5 @@ #!/bin/sh -e -# __debian_backports/manifest +# __apt_backports/manifest # # 2020 Matthias Stecher (matthiasstecher at gmx.de) # @@ -23,18 +23,34 @@ # +# Get the distribution codename by /etc/os-release. +# is already executed in a subshell by string substitution +# lsb_release may not be given in all installations +codename_os_release() { + # shellcheck disable=SC1090 + . "$__global/explorer/os-release" + printf "%s" "$VERSION_CODENAME" +} + # detect backport distribution os="$(cat "$__global/explorer/os")" case "$os" in debian) - # distribution codename from /etc/os-release - # lsb_release may not be given in all debian installations - dist="$( - # shellcheck disable=SC1090 - . "$__global/explorer/os-release" - printf "%s" "$VERSION_CODENAME" - )" + dist="$( codename_os_release )" + components="main" + mirror="http://deb.debian.org/debian/" ;; + devuan) + dist="$( codename_os_release )" + components="main" + mirror="http://deb.devuan.org/merged" + ;; + ubuntu) + dist="$( codename_os_release )" + components="main restricted universe multiverse" + mirror="http://archive.ubuntu.com/ubuntu" + ;; + *) printf "Backports for %s are not supported!\n" "$os" >&2 exit 1 @@ -50,11 +66,16 @@ fi # parameters state="$(cat "$__object/parameter/state")" -mirror="$(cat "$__object/parameter/mirror")" + +# mirror already set for the os, only override user-values +if [ -f "$__object/parameter/mirror" ]; then + mirror="$(cat "$__object/parameter/mirror")" +fi + # install the given backports repository __apt_source "${dist}-backports" \ --state "$state" \ --distribution "${dist}-backports" \ - --component main \ + --component "$components" \ --uri "$mirror" diff --git a/cdist/conf/type/__debian_backports/parameter/default/state b/cdist/conf/type/__apt_backports/parameter/default/state similarity index 100% rename from cdist/conf/type/__debian_backports/parameter/default/state rename to cdist/conf/type/__apt_backports/parameter/default/state diff --git a/cdist/conf/type/__debian_backports/parameter/optional b/cdist/conf/type/__apt_backports/parameter/optional similarity index 100% rename from cdist/conf/type/__debian_backports/parameter/optional rename to cdist/conf/type/__apt_backports/parameter/optional diff --git a/cdist/conf/type/__debian_backports/singleton b/cdist/conf/type/__apt_backports/singleton similarity index 100% rename from cdist/conf/type/__debian_backports/singleton rename to cdist/conf/type/__apt_backports/singleton diff --git a/cdist/conf/type/__debian_backports/parameter/default/mirror b/cdist/conf/type/__debian_backports/parameter/default/mirror deleted file mode 100644 index 0965ef04..00000000 --- a/cdist/conf/type/__debian_backports/parameter/default/mirror +++ /dev/null @@ -1 +0,0 @@ -http://deb.debian.org/debian/ From 49aec0b5e40ba05e7703565731aae6b0a9e5936a Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Sat, 12 Dec 2020 09:40:47 +0100 Subject: [PATCH 17/25] __apt_backports: list supported OSes The manpage now lists all OSes where this type supports backports. --- cdist/conf/type/__apt_backports/man.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cdist/conf/type/__apt_backports/man.rst b/cdist/conf/type/__apt_backports/man.rst index 7d269fbb..fd311361 100644 --- a/cdist/conf/type/__apt_backports/man.rst +++ b/cdist/conf/type/__apt_backports/man.rst @@ -12,6 +12,12 @@ This singleton type installs backports for the current OS release. It aborts if backports are not supported for the specified OS or no version codename could be fetched (like Debian unstable). +It supports backports from following OSes: + +- Debian +- Devuan +- Ubuntu + REQUIRED PARAMETERS ------------------- From fafa3d9ea55f38ae0a350a463d64b7ef1d70c7bb Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Sat, 12 Dec 2020 10:00:23 +0100 Subject: [PATCH 18/25] __apt_backports: update index if required This type now automatically calls the type __apt_update_index to update the package index if something changed. --- cdist/conf/type/__apt_backports/man.rst | 13 +++++++------ cdist/conf/type/__apt_backports/manifest | 5 ++++- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/cdist/conf/type/__apt_backports/man.rst b/cdist/conf/type/__apt_backports/man.rst index fd311361..c578ce6b 100644 --- a/cdist/conf/type/__apt_backports/man.rst +++ b/cdist/conf/type/__apt_backports/man.rst @@ -9,8 +9,11 @@ cdist-type__apt_backports - Install backports DESCRIPTION ----------- This singleton type installs backports for the current OS release. -It aborts if backports are not supported for the specified OS or no -version codename could be fetched (like Debian unstable). +It aborts if backports are not supported for the specified OS or +no version codename could be fetched (like Debian unstable). + +The package index will be automatically updated by the type +:strong:`cdist-type__apt_update_index`\ (7) if required. It supports backports from following OSes: @@ -59,12 +62,9 @@ EXAMPLES __apt_backports --state absent __apt_backports --state present --mirror "http://ftp.de.debian.org/debian/" - # update - require="__apt_backports" __apt_update_index - # install a backports package # currently for the buster release backports - require="__apt_update_index" __package_apt wireguard \ + require="__apt_backports" __package_apt wireguard \ --target-release buster-backports @@ -90,6 +90,7 @@ SEE ALSO `Official Debian Backports site `_ :strong:`cdist-type__apt_source`\ (7) +:strong:`cdist-type__apt_update_index`\ (7) AUTHORS diff --git a/cdist/conf/type/__apt_backports/manifest b/cdist/conf/type/__apt_backports/manifest index e5358dea..c490a103 100755 --- a/cdist/conf/type/__apt_backports/manifest +++ b/cdist/conf/type/__apt_backports/manifest @@ -19,7 +19,7 @@ # along with cdist. If not, see . # # -# Enables/disables backports repository. Utilies __apt_source for it. +# Enables/disables backports repository. Utilises __apt_source for it. # @@ -79,3 +79,6 @@ __apt_source "${dist}-backports" \ --distribution "${dist}-backports" \ --component "$components" \ --uri "$mirror" + +# update the index if the source changed +require="__apt_source/${dist}-backports" __apt_update_index From 645734c62959c694597826598be3b34c0edc79d2 Mon Sep 17 00:00:00 2001 From: Evilham Date: Sat, 12 Dec 2020 12:15:17 +0100 Subject: [PATCH 19/25] [explorer/os_version] Improve FreeBSD support. It looks like uname -r is not the most reliable way to get the target patch level for the target system. For more information see: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743 --- cdist/conf/explorer/os_version | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cdist/conf/explorer/os_version b/cdist/conf/explorer/os_version index a7b1d3bc..3b02dedd 100755 --- a/cdist/conf/explorer/os_version +++ b/cdist/conf/explorer/os_version @@ -70,6 +70,11 @@ case "$("$__explorer/os")" in macosx) sw_vers -productVersion ;; + freebsd) + # Apparently uname -r is not a reliable way to get the patch level. + # See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743 + freebsd-version + ;; *bsd|solaris) uname -r ;; From fca35fc858d09fc649dc5e7f0964cef4af9e09f0 Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Sat, 12 Dec 2020 17:29:58 +0100 Subject: [PATCH 20/25] __apt_backports: fix explorer call s/-/_/ because the explorers are following an other convention :-) --- cdist/conf/type/__apt_backports/manifest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__apt_backports/manifest b/cdist/conf/type/__apt_backports/manifest index c490a103..c2943725 100755 --- a/cdist/conf/type/__apt_backports/manifest +++ b/cdist/conf/type/__apt_backports/manifest @@ -28,7 +28,7 @@ # lsb_release may not be given in all installations codename_os_release() { # shellcheck disable=SC1090 - . "$__global/explorer/os-release" + . "$__global/explorer/os_release" printf "%s" "$VERSION_CODENAME" } From 27aca06fb893c84601e14bc30890ea6be9300dcd Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Sat, 12 Dec 2020 17:34:51 +0100 Subject: [PATCH 21/25] __apt_backports: undo __apt_update_index call Becuase it is already done by __apt_source. --- cdist/conf/type/__apt_backports/man.rst | 4 +--- cdist/conf/type/__apt_backports/manifest | 3 --- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/cdist/conf/type/__apt_backports/man.rst b/cdist/conf/type/__apt_backports/man.rst index c578ce6b..7036fb84 100644 --- a/cdist/conf/type/__apt_backports/man.rst +++ b/cdist/conf/type/__apt_backports/man.rst @@ -12,8 +12,7 @@ This singleton type installs backports for the current OS release. It aborts if backports are not supported for the specified OS or no version codename could be fetched (like Debian unstable). -The package index will be automatically updated by the type -:strong:`cdist-type__apt_update_index`\ (7) if required. +The package index will be automatically updated if required. It supports backports from following OSes: @@ -90,7 +89,6 @@ SEE ALSO `Official Debian Backports site `_ :strong:`cdist-type__apt_source`\ (7) -:strong:`cdist-type__apt_update_index`\ (7) AUTHORS diff --git a/cdist/conf/type/__apt_backports/manifest b/cdist/conf/type/__apt_backports/manifest index c2943725..bc47d8de 100755 --- a/cdist/conf/type/__apt_backports/manifest +++ b/cdist/conf/type/__apt_backports/manifest @@ -79,6 +79,3 @@ __apt_source "${dist}-backports" \ --distribution "${dist}-backports" \ --component "$components" \ --uri "$mirror" - -# update the index if the source changed -require="__apt_source/${dist}-backports" __apt_update_index From 71f22831175ec41e9348a759fcdaf0eceb1a2a52 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sun, 13 Dec 2020 16:03:39 +0100 Subject: [PATCH 22/25] ++changelog --- docs/changelog | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/changelog b/docs/changelog index 3d6084f1..290f94d0 100644 --- a/docs/changelog +++ b/docs/changelog @@ -2,10 +2,12 @@ Changelog --------- next: - * __package_pkgng_freebsd: Fix bootstrapping pkg (Dennis Camera) + * Type __package_pkgng_freebsd: Fix bootstrapping pkg (Dennis Camera) * Core: Deal with deprecated imp in unit tests (Evil Ham) * Type __iptables: Add IPv6 support (Matthias Stecher) * Type __block: Fix escaping in here-doc (Matthias Stecher) + * Explorer os_version: Improve FreeBSD support (Evil Ham) + * New type: __apt_backports (Matthias Stecher) 6.9.3: 2020-12-04 * pip install: Add cdist.scan to packages in setup.py (Dennis Camera) From 8dc2c4207cdd826b9e64cc91cfc7c918cddd5f35 Mon Sep 17 00:00:00 2001 From: Mark Verboom Date: Fri, 18 Dec 2020 11:16:28 +0100 Subject: [PATCH 23/25] Added optional dirmode parameter to set the mode of (optional) the directory. --- cdist/conf/type/__dot_file/man.rst | 3 +++ cdist/conf/type/__dot_file/manifest | 2 ++ cdist/conf/type/__dot_file/parameter/default/dirmode | 1 + cdist/conf/type/__dot_file/parameter/optional | 1 + 4 files changed, 7 insertions(+) create mode 100644 cdist/conf/type/__dot_file/parameter/default/dirmode diff --git a/cdist/conf/type/__dot_file/man.rst b/cdist/conf/type/__dot_file/man.rst index ae65eb95..ba7621a1 100644 --- a/cdist/conf/type/__dot_file/man.rst +++ b/cdist/conf/type/__dot_file/man.rst @@ -25,6 +25,9 @@ user OPTIONAL PARAMETERS ------------------- +dirmode + forwarded to :strong:`__directory` type as mode + mode forwarded to :strong:`__file` type diff --git a/cdist/conf/type/__dot_file/manifest b/cdist/conf/type/__dot_file/manifest index 5e4957e5..02dadf05 100755 --- a/cdist/conf/type/__dot_file/manifest +++ b/cdist/conf/type/__dot_file/manifest @@ -19,6 +19,7 @@ set -eu user="$(cat "${__object}/parameter/user")" home="$(cat "${__object}/explorer/home")" primary_group="$(cat "${__object}/explorer/primary_group")" +dirmode="$(cat "${__object}/parameter/dirmode")" # Create parent directory. Type __directory has flag 'parents', but it # will leave us with root-owned directory in user home, which is not @@ -36,6 +37,7 @@ export CDIST_ORDER_DEPENDENCY for dir ; do __directory "${home}/${dir}" \ --group "${primary_group}" \ + --mode "${dirmode}" \ --owner "${user}" done diff --git a/cdist/conf/type/__dot_file/parameter/default/dirmode b/cdist/conf/type/__dot_file/parameter/default/dirmode new file mode 100644 index 00000000..e9745d1f --- /dev/null +++ b/cdist/conf/type/__dot_file/parameter/default/dirmode @@ -0,0 +1 @@ +0700 diff --git a/cdist/conf/type/__dot_file/parameter/optional b/cdist/conf/type/__dot_file/parameter/optional index ccab9fa6..9f7f83fb 100644 --- a/cdist/conf/type/__dot_file/parameter/optional +++ b/cdist/conf/type/__dot_file/parameter/optional @@ -1,3 +1,4 @@ state mode source +dirmode From 4bae2863dbc1f6b60b8e797c2f121e1616a94c94 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Fri, 18 Dec 2020 12:54:33 +0100 Subject: [PATCH 24/25] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 290f94d0..3a623236 100644 --- a/docs/changelog +++ b/docs/changelog @@ -8,6 +8,7 @@ next: * Type __block: Fix escaping in here-doc (Matthias Stecher) * Explorer os_version: Improve FreeBSD support (Evil Ham) * New type: __apt_backports (Matthias Stecher) + * Type __dot_file: Add dirmode parameter (Mark Verboom) 6.9.3: 2020-12-04 * pip install: Add cdist.scan to packages in setup.py (Dennis Camera) From 7cf85c465980c74049f8e0258758c0fd8ea178b2 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Mon, 21 Dec 2020 19:21:51 +0100 Subject: [PATCH 25/25] Release 6.9.4 --- docs/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/changelog b/docs/changelog index 3a623236..35953a88 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,7 +1,7 @@ Changelog --------- -next: +6.9.4: 2020-12-21 * Type __package_pkgng_freebsd: Fix bootstrapping pkg (Dennis Camera) * Core: Deal with deprecated imp in unit tests (Evil Ham) * Type __iptables: Add IPv6 support (Matthias Stecher)