rouxdo/cdist
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: rouxdo:master
Branches Tags
rouxdo:master
rouxdo:b/prometheus-server
rouxdo:beta
rouxdo:5.1
rouxdo:feature/support-type-deprecation
rouxdo:5.0
rouxdo:feature/python-types
rouxdo:4.11
rouxdo:4.10
rouxdo:shellcheck
rouxdo:4.9
rouxdo:4.8
rouxdo:freebsd-improvements
rouxdo:new-prometheus
rouxdo:key_value-onchange
rouxdo:feature/output_streams
rouxdo:AnotherKamila-patch-1
rouxdo:__letsencrypt_cert-fixes
rouxdo:letsencrypt-cron-fix
rouxdo:4.7
rouxdo:newtype-__letsencrypt_cert
rouxdo:os_explorer_devuan_fix
rouxdo:prometheus-exporter-fixes
rouxdo:daemontools-for-fbsd
rouxdo:type-prometheus-exporter-from-master
rouxdo:prometheus-more-fixes
rouxdo:4.6
rouxdo:4.5
rouxdo:fix-j
rouxdo:steven-backport
rouxdo:4.4
rouxdo:prometheus-fixes
rouxdo:grafana_dashboard
rouxdo:prometheus
rouxdo:daemontools
rouxdo:consul_improvements
rouxdo:feature/trigger
rouxdo:4.3
rouxdo:4.0-pre-not-stable
rouxdo:4.2
rouxdo:4.1
rouxdo:4.0
rouxdo:feature_install_and_preos
rouxdo:3.1
rouxdo:no-dot-cdist
rouxdo:random_dot_cdist
rouxdo:feature_yum_url
rouxdo:feature_files_export
rouxdo:3.0
rouxdo:2.3
rouxdo:2.2
rouxdo:2.1
rouxdo:ssh_callback
rouxdo:2.0
rouxdo:archive_shell_function_approach
rouxdo:1.7
rouxdo:1.6
rouxdo:1.5
rouxdo:1.4
rouxdo:1.3
rouxdo:1.2
rouxdo:1.1
rouxdo:1.0
rouxdo:5.1.2
rouxdo:5.1.1
rouxdo:5.1.0
rouxdo:5.0.2
rouxdo:5.0.1
rouxdo:5.0.0
rouxdo:4.11.1
rouxdo:4.11.0
rouxdo:4.10.11
rouxdo:4.10.10
rouxdo:4.10.9
rouxdo:4.10.8
rouxdo:4.10.7
rouxdo:4.10.6
rouxdo:4.10.5
rouxdo:4.10.4
rouxdo:4.10.3
rouxdo:4.10.2
rouxdo:4.10.1
rouxdo:4.10.0
rouxdo:4.9.1
rouxdo:4.9.0
rouxdo:4.8.4
rouxdo:4.8.3
rouxdo:4.8.2
rouxdo:4.8.1
rouxdo:4.8.0
rouxdo:4.7.3
rouxdo:4.7.2
rouxdo:4.7.1
rouxdo:4.7.0
rouxdo:4.6.1
rouxdo:4.6.0
rouxdo:4.5.0
rouxdo:4.4.4
rouxdo:4.4.3
rouxdo:4.4.2
rouxdo:4.4.1
rouxdo:4.4.0
rouxdo:4.3.2
rouxdo:4.3.1
rouxdo:4.3.0
rouxdo:4.2.2
rouxdo:4.2.1
rouxdo:4.2.0
rouxdo:4.1.0
rouxdo:4.0.0
rouxdo:3.1.13
rouxdo:tn1
rouxdo:3.1.12
rouxdo:3.1.11
rouxdo:3.1.10
rouxdo:3.1.9
rouxdo:3.1.8
rouxdo:3.1.7
rouxdo:3.1.6
rouxdo:4.0.0pre3
rouxdo:3.1.5
rouxdo:3.1.4
rouxdo:3.1.3
rouxdo:3.1.2
rouxdo:3.1.1
rouxdo:3.1.0
rouxdo:4.0.0pre2
rouxdo:3.0.9
rouxdo:3.0.8
rouxdo:3.0.7
rouxdo:3.0.6
rouxdo:3.0.5
rouxdo:3.0.4
rouxdo:3.0.3
rouxdo:4.0.0pre1
rouxdo:3.0.2
rouxdo:3.0.1
rouxdo:3.0.0
rouxdo:2.3.7
rouxdo:2.3.6
rouxdo:2.3.5
rouxdo:2.3.4
rouxdo:2.3.3
rouxdo:2.3.2
rouxdo:2.3.1
rouxdo:2.3.0
rouxdo:2.2.0
rouxdo:2.1.2
rouxdo:2.1.1
rouxdo:2.1.0
rouxdo:2.1.0pre8
rouxdo:2.1.0pre7
rouxdo:2.1.0pre6
rouxdo:2.0.15
rouxdo:2.1.0pre5
rouxdo:2.1.0pre4
rouxdo:2.1.0pre3
rouxdo:2.1.0pre2
rouxdo:2.1.0pre1
rouxdo:2.0.14
rouxdo:2.0.13
rouxdo:2.0.12
rouxdo:2.0.11
rouxdo:2.0.10
rouxdo:2.0.9
rouxdo:2.0.8
rouxdo:2.0.7
rouxdo:2.0.6
rouxdo:2.0.5
rouxdo:2.0.4
rouxdo:2.0.3
rouxdo:2.0.2
rouxdo:2.0.1
rouxdo:2.0.0
rouxdo:1.7.1
rouxdo:1.7.0
rouxdo:1.6.2
rouxdo:1.6.1
rouxdo:1.6.0
rouxdo:1.5.0
rouxdo:1.4.1
rouxdo:1.4.0
rouxdo:1.3.2
rouxdo:1.3.1
rouxdo:1.3.0
rouxdo:1.2.0
rouxdo:1.1.0
rouxdo:1.0.4
rouxdo:1.0.3
rouxdo:1.0.2
rouxdo:1.0.1
rouxdo:1.0.0
rouxdo:0.9.9
rouxdo:0.9.8
rouxdo:0.9.7
rouxdo:0.9.6
rouxdo:0.9.5
rouxdo:0.9.4
rouxdo:0.9.3
rouxdo:0.9.2
rouxdo:0.9.1
rouxdo:0.9
rouxdo:0.8
rouxdo:0.7
rouxdo:0.6
rouxdo:0.5
rouxdo:0.4
rouxdo:0.3
rouxdo:0.2
rouxdo:0.1
..
compare: rouxdo:4.10.7
Branches Tags
rouxdo:b/prometheus-server
rouxdo:master
rouxdo:beta
rouxdo:5.1
rouxdo:feature/support-type-deprecation
rouxdo:5.0
rouxdo:feature/python-types
rouxdo:4.11
rouxdo:4.10
rouxdo:shellcheck
rouxdo:4.9
rouxdo:4.8
rouxdo:freebsd-improvements
rouxdo:new-prometheus
rouxdo:key_value-onchange
rouxdo:feature/output_streams
rouxdo:AnotherKamila-patch-1
rouxdo:__letsencrypt_cert-fixes
rouxdo:letsencrypt-cron-fix
rouxdo:4.7
rouxdo:newtype-__letsencrypt_cert
rouxdo:os_explorer_devuan_fix
rouxdo:prometheus-exporter-fixes
rouxdo:daemontools-for-fbsd
rouxdo:type-prometheus-exporter-from-master
rouxdo:prometheus-more-fixes
rouxdo:4.6
rouxdo:4.5
rouxdo:fix-j
rouxdo:steven-backport
rouxdo:4.4
rouxdo:prometheus-fixes
rouxdo:grafana_dashboard
rouxdo:prometheus
rouxdo:daemontools
rouxdo:consul_improvements
rouxdo:feature/trigger
rouxdo:4.3
rouxdo:4.0-pre-not-stable
rouxdo:4.2
rouxdo:4.1
rouxdo:4.0
rouxdo:feature_install_and_preos
rouxdo:3.1
rouxdo:no-dot-cdist
rouxdo:random_dot_cdist
rouxdo:feature_yum_url
rouxdo:feature_files_export
rouxdo:3.0
rouxdo:2.3
rouxdo:2.2
rouxdo:2.1
rouxdo:ssh_callback
rouxdo:2.0
rouxdo:archive_shell_function_approach
rouxdo:1.7
rouxdo:1.6
rouxdo:1.5
rouxdo:1.4
rouxdo:1.3
rouxdo:1.2
rouxdo:1.1
rouxdo:1.0
rouxdo:5.1.2
rouxdo:5.1.1
rouxdo:5.1.0
rouxdo:5.0.2
rouxdo:5.0.1
rouxdo:5.0.0
rouxdo:4.11.1
rouxdo:4.11.0
rouxdo:4.10.11
rouxdo:4.10.10
rouxdo:4.10.9
rouxdo:4.10.8
rouxdo:4.10.7
rouxdo:4.10.6
rouxdo:4.10.5
rouxdo:4.10.4
rouxdo:4.10.3
rouxdo:4.10.2
rouxdo:4.10.1
rouxdo:4.10.0
rouxdo:4.9.1
rouxdo:4.9.0
rouxdo:4.8.4
rouxdo:4.8.3
rouxdo:4.8.2
rouxdo:4.8.1
rouxdo:4.8.0
rouxdo:4.7.3
rouxdo:4.7.2
rouxdo:4.7.1
rouxdo:4.7.0
rouxdo:4.6.1
rouxdo:4.6.0
rouxdo:4.5.0
rouxdo:4.4.4
rouxdo:4.4.3
rouxdo:4.4.2
rouxdo:4.4.1
rouxdo:4.4.0
rouxdo:4.3.2
rouxdo:4.3.1
rouxdo:4.3.0
rouxdo:4.2.2
rouxdo:4.2.1
rouxdo:4.2.0
rouxdo:4.1.0
rouxdo:4.0.0
rouxdo:3.1.13
rouxdo:tn1
rouxdo:3.1.12
rouxdo:3.1.11
rouxdo:3.1.10
rouxdo:3.1.9
rouxdo:3.1.8
rouxdo:3.1.7
rouxdo:3.1.6
rouxdo:4.0.0pre3
rouxdo:3.1.5
rouxdo:3.1.4
rouxdo:3.1.3
rouxdo:3.1.2
rouxdo:3.1.1
rouxdo:3.1.0
rouxdo:4.0.0pre2
rouxdo:3.0.9
rouxdo:3.0.8
rouxdo:3.0.7
rouxdo:3.0.6
rouxdo:3.0.5
rouxdo:3.0.4
rouxdo:3.0.3
rouxdo:4.0.0pre1
rouxdo:3.0.2
rouxdo:3.0.1
rouxdo:3.0.0
rouxdo:2.3.7
rouxdo:2.3.6
rouxdo:2.3.5
rouxdo:2.3.4
rouxdo:2.3.3
rouxdo:2.3.2
rouxdo:2.3.1
rouxdo:2.3.0
rouxdo:2.2.0
rouxdo:2.1.2
rouxdo:2.1.1
rouxdo:2.1.0
rouxdo:2.1.0pre8
rouxdo:2.1.0pre7
rouxdo:2.1.0pre6
rouxdo:2.0.15
rouxdo:2.1.0pre5
rouxdo:2.1.0pre4
rouxdo:2.1.0pre3
rouxdo:2.1.0pre2
rouxdo:2.1.0pre1
rouxdo:2.0.14
rouxdo:2.0.13
rouxdo:2.0.12
rouxdo:2.0.11
rouxdo:2.0.10
rouxdo:2.0.9
rouxdo:2.0.8
rouxdo:2.0.7
rouxdo:2.0.6
rouxdo:2.0.5
rouxdo:2.0.4
rouxdo:2.0.3
rouxdo:2.0.2
rouxdo:2.0.1
rouxdo:2.0.0
rouxdo:1.7.1
rouxdo:1.7.0
rouxdo:1.6.2
rouxdo:1.6.1
rouxdo:1.6.0
rouxdo:1.5.0
rouxdo:1.4.1
rouxdo:1.4.0
rouxdo:1.3.2
rouxdo:1.3.1
rouxdo:1.3.0
rouxdo:1.2.0
rouxdo:1.1.0
rouxdo:1.0.4
rouxdo:1.0.3
rouxdo:1.0.2
rouxdo:1.0.1
rouxdo:1.0.0
rouxdo:0.9.9
rouxdo:0.9.8
rouxdo:0.9.7
rouxdo:0.9.6
rouxdo:0.9.5
rouxdo:0.9.4
rouxdo:0.9.3
rouxdo:0.9.2
rouxdo:0.9.1
rouxdo:0.9
rouxdo:0.8
rouxdo:0.7
rouxdo:0.6
rouxdo:0.5
rouxdo:0.4
rouxdo:0.3
rouxdo:0.2
rouxdo:0.1

No commits in common. "master" and "4.10.7" have entirely different histories.
master ... 4.10.7

242 changed files with 1754 additions and 13173 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitattributes vendored
View file

@ -4,5 +4,3 @@
docs/speeches export-ignore docs/speeches export-ignore
docs/video export-ignore docs/video export-ignore
docs/src/man7 export-ignore docs/src/man7 export-ignore
bin/build-helper export-ignore
README-maintainers export-ignore

2
.gitignore vendored
View file

@ -12,7 +12,6 @@ Session.vim
# Temporary # Temporary
.netrwhist .netrwhist
*~ *~
*.tmp
# Auto-generated tag files # Auto-generated tag files
tags tags
# Persistent undo # Persistent undo
@ -44,7 +43,6 @@ _build/
docs/dist docs/dist
# Ignore temp files used for signing # Ignore temp files used for signing
cdist-*.tar
cdist-*.tar.gz cdist-*.tar.gz
cdist-*.tar.gz.asc cdist-*.tar.gz.asc

216
Makefile
View file

@ -18,30 +18,36 @@
# #
# #
.PHONY: help helper=./bin/build-helper
help:
@echo "Please use \`make <target>' where <target> is one of"
@echo "man build only man user documentation"
@echo "html build only html user documentation"
@echo "docs build both man and html user documentation"
@echo "dotman build man pages for types in your ~/.cdist directory"
@echo "speeches build speeches pdf files"
@echo "install install in the system site-packages directory"
@echo "install-user install in the user site-packages directory"
@echo "docs-clean clean documentation"
@echo "clean clean"
DOCS_SRC_DIR=./docs/src DOCS_SRC_DIR=docs/src
SPEECHDIR=./docs/speeches SPEECHDIR=docs/speeches
TYPEDIR=./cdist/conf/type TYPEDIR=cdist/conf/type
WEBSRCDIR=docs/web
WEBDIR=$$HOME/vcs/www.nico.schottelius.org
WEBBLOG=$(WEBDIR)/blog
WEBBASE=$(WEBDIR)/software/cdist
WEBPAGE=$(WEBBASE).mdwn
CHANGELOG_VERSION=$(shell $(helper) changelog-version)
CHANGELOG_FILE=docs/changelog
PYTHON_VERSION=cdist/version.py
SPHINXM=make -C $(DOCS_SRC_DIR) man SPHINXM=make -C $(DOCS_SRC_DIR) man
SPHINXH=make -C $(DOCS_SRC_DIR) html SPHINXH=make -C $(DOCS_SRC_DIR) html
SPHINXC=make -C $(DOCS_SRC_DIR) clean SPHINXC=make -C $(DOCS_SRC_DIR) clean
SHELLCHECKCMD=shellcheck -s sh -f gcc -x
# Skip SC2154 for variables starting with __ since such variables are cdist
# environment variables.
SHELLCHECK_SKIP=grep -v ': __.*is referenced but not assigned.*\[SC2154\]'
################################################################################ ################################################################################
# Manpages # Manpages
# #
MAN1DSTDIR=$(DOCS_SRC_DIR)/man1
MAN7DSTDIR=$(DOCS_SRC_DIR)/man7 MAN7DSTDIR=$(DOCS_SRC_DIR)/man7
# Manpages #1: Types # Manpages #1: Types
@ -63,16 +69,11 @@ DOCSREFSH=$(DOCS_SRC_DIR)/cdist-reference.rst.sh
$(DOCSREF): $(DOCSREFSH) $(DOCSREF): $(DOCSREFSH)
$(DOCSREFSH) $(DOCSREFSH)
version:
@[ -f "cdist/version.py" ] || { \
printf "Missing 'cdist/version.py', please generate it first.\n" && exit 1; \
}
# Manpages #3: generic part # Manpages #3: generic part
man: version $(MANTYPES) $(DOCSREF) man: $(MANTYPES) $(DOCSREF) $(PYTHON_VERSION)
$(SPHINXM) $(SPHINXM)
html: version $(MANTYPES) $(DOCSREF) html: $(MANTYPES) $(DOCSREF) $(PYTHON_VERSION)
$(SPHINXH) $(SPHINXH)
docs: man html docs: man html
@ -80,6 +81,24 @@ docs: man html
docs-clean: docs-clean:
$(SPHINXC) $(SPHINXC)
# Manpages #5: release part
MANWEBDIR=$(WEBBASE)/man/$(CHANGELOG_VERSION)
HTMLBUILDDIR=docs/dist/html
docs-dist: html
rm -rf "${MANWEBDIR}"
mkdir -p "${MANWEBDIR}"
# mkdir -p "${MANWEBDIR}/man1" "${MANWEBDIR}/man7"
# cp ${MAN1DSTDIR}/*.html ${MAN1DSTDIR}/*.css ${MANWEBDIR}/man1
# cp ${MAN7DSTDIR}/*.html ${MAN7DSTDIR}/*.css ${MANWEBDIR}/man7
cp -R ${HTMLBUILDDIR}/* ${MANWEBDIR}
cd ${MANWEBDIR} && git add . && git commit -m "cdist manpages update: $(CHANGELOG_VERSION)" || true
man-latest-link: web-pub
# Fix ikiwiki, which does not like symlinks for pseudo security
ssh staticweb.ungleich.ch \
"cd /home/services/www/nico/nico.schottelius.org/www/software/cdist/man/ && rm -f latest && ln -sf "$(CHANGELOG_VERSION)" latest"
# Manpages: .cdist Types # Manpages: .cdist Types
DOT_CDIST_PATH=${HOME}/.cdist DOT_CDIST_PATH=${HOME}/.cdist
DOTMAN7DSTDIR=$(MAN7DSTDIR) DOTMAN7DSTDIR=$(MAN7DSTDIR)
@ -92,7 +111,8 @@ DOTMANTYPES=$(subst /man.rst,.rst,$(DOTMANTYPEPREFIX))
$(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst $(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst
ln -sf "$^" $@ ln -sf "$^" $@
dotman: version $(DOTMANTYPES) # Manpages #3: generic part
dotman: $(DOTMANTYPES)
$(SPHINXM) $(SPHINXM)
################################################################################ ################################################################################
@ -100,6 +120,7 @@ dotman: version $(DOTMANTYPES)
# #
SPEECHESOURCES=$(SPEECHDIR)/*.tex SPEECHESOURCES=$(SPEECHDIR)/*.tex
SPEECHES=$(SPEECHESOURCES:.tex=.pdf) SPEECHES=$(SPEECHESOURCES:.tex=.pdf)
SPEECHESWEBDIR=$(WEBBASE)/speeches
# Create speeches and ensure Toc is up-to-date # Create speeches and ensure Toc is up-to-date
$(SPEECHDIR)/%.pdf: $(SPEECHDIR)/%.tex $(SPEECHDIR)/%.pdf: $(SPEECHDIR)/%.tex
@ -109,26 +130,157 @@ $(SPEECHDIR)/%.pdf: $(SPEECHDIR)/%.tex
speeches: $(SPEECHES) speeches: $(SPEECHES)
speeches-dist: speeches
rm -rf "${SPEECHESWEBDIR}"
mkdir -p "${SPEECHESWEBDIR}"
cp ${SPEECHES} "${SPEECHESWEBDIR}"
cd ${SPEECHESWEBDIR} && git add . && git commit -m "cdist speeches updated" || true
################################################################################ ################################################################################
# Misc # Website
# #
clean: docs-clean
BLOGFILE=$(WEBBLOG)/cdist-$(CHANGELOG_VERSION)-released.mdwn
$(BLOGFILE): $(CHANGELOG_FILE)
$(helper) blog $(CHANGELOG_VERSION) $(BLOGFILE)
web-blog: $(BLOGFILE)
web-doc:
# Go to top level, because of cdist.mdwn
rsync -av "$(WEBSRCDIR)/" "${WEBBASE}/.."
cd "${WEBBASE}/.." && git add cdist* && git commit -m "cdist doc update" cdist* || true
web-dist: web-blog web-doc
web-pub: web-dist docs-dist speeches-dist
cd "${WEBDIR}" && make pub
web-release-all: man-latest-link
web-release-all-no-latest: web-pub
################################################################################
# Release: Mailinglist
#
ML_FILE=.lock-ml
# Only send mail once - lock until new changelog things happened
$(ML_FILE): $(CHANGELOG_FILE)
$(helper) ml-release $(CHANGELOG_VERSION)
touch $@
ml-release: $(ML_FILE)
################################################################################
# pypi
#
PYPI_FILE=.pypi-release
$(PYPI_FILE): man $(PYTHON_VERSION)
python3 setup.py sdist upload
touch $@
pypi-release: $(PYPI_FILE)
################################################################################
# archlinux
#
ARCHLINUX_FILE=.lock-archlinux
ARCHLINUXTAR=cdist-$(CHANGELOG_VERSION)-1.src.tar.gz
$(ARCHLINUXTAR): PKGBUILD
umask 022; mkaurball
PKGBUILD: PKGBUILD.in $(PYTHON_VERSION)
./PKGBUILD.in $(CHANGELOG_VERSION)
$(ARCHLINUX_FILE): $(ARCHLINUXTAR) $(PYTHON_VERSION)
burp -c system $(ARCHLINUXTAR)
touch $@
archlinux-release: $(ARCHLINUX_FILE)
################################################################################
# Release
#
$(PYTHON_VERSION) version: .git/refs/heads/master
$(helper) version
# Code that is better handled in a shell script
check-%:
$(helper) $@
release:
$(helper) $@
################################################################################
# Cleanup
#
clean:
rm -f $(DOCS_SRC_DIR)/cdist-reference.rst rm -f $(DOCS_SRC_DIR)/cdist-reference.rst
find "$(DOCS_SRC_DIR)" -mindepth 2 -type l \ find "$(DOCS_SRC_DIR)" -mindepth 2 -type l \
| xargs rm -f | xargs rm -f
make -C $(DOCS_SRC_DIR) clean
find * -name __pycache__ | xargs rm -rf find * -name __pycache__ | xargs rm -rf
# distutils # Archlinux
rm -rf ./build rm -f cdist-*.pkg.tar.xz cdist-*.tar.gz
rm -rf pkg/ src/
rm -f MANIFEST PKGBUILD
rm -rf dist/
# Signed release
rm -f cdist-*.tar.gz
rm -f cdist-*.tar.gz.asc
distclean: clean
rm -f cdist/version.py
################################################################################ ################################################################################
# install # Misc
# #
install: # The pub is Nico's "push to all git remotes" way ("make pub")
python3 setup.py install pub:
git push --mirror
install-user: test:
python3 setup.py install --user $(helper) $@
test-remote:
$(helper) $@
pycodestyle pep8:
$(helper) $@
shellcheck-global-explorers:
@find cdist/conf/explorer -type f -exec $(SHELLCHECKCMD) {} + | $(SHELLCHECK_SKIP) || exit 0
shellcheck-type-explorers:
@find cdist/conf/type -type f -path "*/explorer/*" -exec $(SHELLCHECKCMD) {} + | $(SHELLCHECK_SKIP) || exit 0
shellcheck-manifests:
@find cdist/conf/type -type f -name manifest -exec $(SHELLCHECKCMD) {} + | $(SHELLCHECK_SKIP) || exit 0
shellcheck-local-gencodes:
@find cdist/conf/type -type f -name gencode-local -exec $(SHELLCHECKCMD) {} + | $(SHELLCHECK_SKIP) || exit 0
shellcheck-remote-gencodes:
@find cdist/conf/type -type f -name gencode-remote -exec $(SHELLCHECKCMD) {} + | $(SHELLCHECK_SKIP) || exit 0
shellcheck-gencodes: shellcheck-local-gencodes shellcheck-remote-gencodes
shellcheck-types: shellcheck-type-explorers shellcheck-manifests shellcheck-gencodes
shellcheck: shellcheck-global-explorers shellcheck-types
shellcheck-type-files:
@find cdist/conf/type -type f -path "*/files/*" -exec $(SHELLCHECKCMD) {} + | $(SHELLCHECK_SKIP) || exit 0
shellcheck-with-files: shellcheck shellcheck-type-files

2
PKGBUILD.in
View file

@ -9,7 +9,7 @@ pkgver=$version
pkgrel=1 pkgrel=1
pkgdesc='A Usable Configuration Management System"' pkgdesc='A Usable Configuration Management System"'
arch=('any') arch=('any')
url='https://www.cdi.st/' url='http://www.nico.schottelius.org/software/cdist/'
license=('GPL3') license=('GPL3')
depends=('python>=3.2.0') depends=('python>=3.2.0')
source=("http://pypi.python.org/packages/source/c/cdist/cdist-\${pkgver}.tar.gz") source=("http://pypi.python.org/packages/source/c/cdist/cdist-\${pkgver}.tar.gz")

3
README
View file

@ -3,5 +3,4 @@ cdist
cdist is a usable configuration management system. cdist is a usable configuration management system.
For the web documentation have a look at https://www.cdi.st/ For the web documentation have a look at docs/web/.
or at docs/src for reStructuredText manual.

4
README-maintainers
View file

@ -1,4 +0,0 @@
Maintainers should use ./bin/build-helper script.
Makefile is intended for end users. It can be used for non-maintaining
targets that can be run from pure source (without git repository).

388
bin/build-helper
View file

@ -1,7 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# 2011-2013 Nico Schottelius (nico-cdist at schottelius.org) # 2011-2013 Nico Schottelius (nico-cdist at schottelius.org)
# 2016-2019 Darko Poljak (darko.poljak at gmail.com)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -19,66 +18,17 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
# #
# This file contains the heavy lifting found usually in the Makefile. # This file contains the heavy lifting found usually in the Makefile
# #
usage() { basedir=${0%/*}/../
printf "usage: %s TARGET [TARGET-ARGS...] # Change to checkout directory
Available targets: cd "$basedir"
changelog-changes
changelog-version
check-date
check-unittest
ml-release
archlinux-release
pypi-release
release-git-tag
sign-git-release
release
test
test-remote
pycodestyle
pep8
check-pycodestyle
shellcheck-global-explorers
shellcheck-type-explorers
shellcheck-manifests
shellcheck-local-gencodes
shellcheck-remote-gencodes
shellcheck-scripts
shellcheck-gencodes
shellcheck-types
shellcheck
shellcheck-type-files
shellcheck-with-files
shellcheck-build-helper
check-shellcheck
version-branch
version
target-version
clean
distclean\n" "$1"
}
basename="${0##*/}" version=$(git describe)
if [ $# -lt 1 ]
then
usage "${basename}"
exit 1
fi
option=$1; shift option=$1; shift
SHELLCHECKCMD="shellcheck -s sh -f gcc -x"
# Skip SC2154 for variables starting with __ since such variables are cdist
# environment variables.
SHELLCHECK_SKIP=': __.*is referenced but not assigned.*\[SC2154\]'
# Change to checkout directory
basedir="${0%/*}/../"
cd "$basedir"
case "$option" in case "$option" in
changelog-changes) changelog-changes)
if [ "$#" -eq 1 ]; then if [ "$#" -eq 1 ]; then
@ -116,8 +66,8 @@ case "$option" in
date_changelog=$(grep '^[[:digit:]]' "$basedir/docs/changelog" | head -n1 | sed 's/.*: //') date_changelog=$(grep '^[[:digit:]]' "$basedir/docs/changelog" | head -n1 | sed 's/.*: //')
if [ "$date_today" != "$date_changelog" ]; then if [ "$date_today" != "$date_changelog" ]; then
printf "Date in changelog is not today\n" echo "Date in changelog is not today"
printf "Changelog date: %s\n" "${date_changelog}" echo "Changelog: $date_changelog"
exit 1 exit 1
fi fi
;; ;;
@ -126,17 +76,54 @@ case "$option" in
"$0" test "$0" test
;; ;;
blog)
version=$1; shift
blogfile=$1; shift
dir=${blogfile%/*}
file=${blogfile##*/}
cat << eof > "$blogfile"
[[!meta title="Cdist $version released"]]
Here's a short overview about the changes found in version ${version}:
eof
$0 changelog-changes "$version" >> "$blogfile"
cat << eof >> "$blogfile"
For more information visit the [[cdist homepage|software/cdist]].
[[!tag cdist config unix]]
eof
cd "$dir"
git add "$file"
# Allow git commit to fail if there are no changes
git commit -m "cdist blog update: $version" "$blogfile" || true
;;
ml-release) ml-release)
if [ $# -ne 1 ]; then if [ $# -ne 1 ]; then
printf "%s ml-release version\n" "$0" >&2 echo "$0 ml-release version" >&2
exit 1 exit 1
fi fi
version=$1; shift version=$1; shift
to_a=cdist
to_d=l.schottelius.org
to=${to_a}@${to_d}
from_a=nico-cdist
from_d=schottelius.org
from=${from_a}@${from_d}
( (
cat << eof cat << eof
Subject: cdist $version has been released From: Nico -telmich- Schottelius <$from>
To: cdist mailing list <$to>
Subject: cdist $version released
Hello .*, Hello .*,
@ -147,41 +134,25 @@ eof
"$0" changelog-changes "$version" "$0" changelog-changes "$version"
cat << eof cat << eof
Cheers,
Nico
--
Automatisation at its best level. With cdist.
eof eof
) > mailinglist.tmp ) | /usr/sbin/sendmail -f "$from" "$to"
;; ;;
archlinux-release)
if [ $# -ne 1 ]; then
printf "%s archlinux-release version\n" "$0" >&2
exit 1
fi
version=$1; shift
ARCHLINUXTAR="cdist-${version}-1.src.tar.gz"
./PKGBUILD.in "${version}"
umask 022
mkaurball
burp -c system "${ARCHLINUXTAR}"
;;
pypi-release)
# Ensure that pypi release has the right version
"$0" version
make docs-clean
make docs
python3 setup.py sdist upload
;;
release-git-tag) release-git-tag)
target_version=$($0 changelog-version) target_version=$($0 changelog-version)
if git rev-parse --verify "refs/tags/${target_version}" 2>/dev/null; then if git rev-parse --verify refs/tags/$target_version 2>/dev/null; then
printf "Tag for %s exists, aborting\n" "${target_version}" echo "Tag for $target_version exists, aborting"
exit 1 exit 1
fi fi
printf "Enter tag description for %s: " "${target_version}" printf "Enter tag description for ${target_version}: "
read -r tagmessage read tagmessage
# setup for signed tags: # setup for signed tags:
# gpg --fulL-gen-key # gpg --fulL-gen-key
@ -199,8 +170,7 @@ eof
# gpg --verify <asc-file> <file> # gpg --verify <asc-file> <file>
# gpg --no-default-keyring --keyring <pubkey.gpg> --verify <asc-file> <file> # gpg --no-default-keyring --keyring <pubkey.gpg> --verify <asc-file> <file>
# Ensure gpg-agent is running. # Ensure gpg-agent is running.
GPG_TTY=$(tty) export GPG_TTY=$(tty)
export GPG_TTY
gpg-agent gpg-agent
git tag -s "$target_version" -m "$tagmessage" git tag -s "$target_version" -m "$tagmessage"
@ -210,14 +180,14 @@ eof
sign-git-release) sign-git-release)
if [ $# -lt 2 ] if [ $# -lt 2 ]
then then
printf "usage: %s sign-git-release TAG TOKEN [ARCHIVE]\n" "$0" printf "usage: $0 sign-git-release TAG TOKEN [ARCHIVE]\n"
printf " if ARCHIVE is not specified then it is created\n" printf " if ARCHIVE is not specified then it is created\n"
exit 1 exit 1
fi fi
tag="$1" tag="$1"
if ! git rev-parse -q --verify "${tag}" >/dev/null 2>&1 if ! git rev-parse -q --verify "${tag}" >/dev/null 2>&1
then then
printf "Tag \"%s\" not found.\n" "${tag}" printf "Tag \"${tag}\" not found.\n"
exit 1 exit 1
fi fi
token="$2" token="$2"
@ -225,53 +195,44 @@ eof
then then
archivename="$3" archivename="$3"
else else
archivename="cdist-${tag}.tar" archivename="cdist-${tag}.tar.gz"
git archive --prefix="cdist-${tag}/" -o "${archivename}" "${tag}" \ git archive --prefix="cdist-${tag}/" -o "${archivename}" "${tag}" \
|| exit 1 || exit 1
# make sure target version is generated
"$0" target-version
tar -x -f "${archivename}" || exit 1
cp cdist/version.py "cdist-${tag}/cdist/version.py" || exit 1
tar -c -f "${archivename}" "cdist-${tag}/" || exit 1
rm -r -f "cdist-${tag}/"
gzip "${archivename}" || exit 1
archivename="${archivename}.gz"
fi fi
gpg --armor --detach-sign "${archivename}" || exit 1 gpg --armor --detach-sign "${archivename}" || exit 1
project="ungleich-public%2Fcdist" # make github release
sed_cmd='s/^.*"markdown":"\([^"]*\)".*$/\1/' curl -H "Authorization: token ${token}" \
--request POST \
--data "{ \"tag_name\":\"${tag}\", \
\"target_commitish\":\"master\", \
\"name\": \"${tag}\", \
\"body\":\"${tag}\", \
\"draft\":false, \
\"prerelease\": false}" \
"https://api.github.com/repos/ungleich/cdist/releases" || exit 1
# upload archive # get release ID
response_archive=$(curl -f -X POST \ repoid=$(curl "https://api.github.com/repos/ungleich/cdist/releases/tags/${tag}" \
--http1.1 \ | python3 -c 'import json; import sys; print(json.loads(sys.stdin.read())["id"])') \
-H "PRIVATE-TOKEN: ${token}" \ || exit 1
-F "file=@${archivename}" \
"https://code.ungleich.ch/api/v4/projects/${project}/uploads" \
| sed "${sed_cmd}") || exit 1
# upload archive signature # upload archive and then signature
response_archive_sig=$(curl -f -X POST \ curl -H "Authorization: token ${token}" \
--http1.1 \ -H "Accept: application/vnd.github.manifold-preview" \
-H "PRIVATE-TOKEN: ${token}" \ -H "Content-Type: application/x-gtar" \
-F "file=@${archivename}.asc" \ --data-binary @${archivename} \
"https://code.ungleich.ch/api/v4/projects/${project}/uploads" \ "https://uploads.github.com/repos/ungleich/cdist/releases/${repoid}/assets?name=${archivename}" \
| sed "${sed_cmd}") || exit 1 || exit 1
curl -H "Authorization: token ${token}" \
# make release -H "Accept: application/vnd.github.manifold-preview" \
changelog=$("$0" changelog-changes "$1" | sed 's/^[[:space:]]*//') -H "Content-Type: application/pgp-signature" \
release_notes=$( --data-binary @${archivename}.asc \
printf "%s\n\n%s\n\n**Changelog**\n\n%s\n" \ "https://uploads.github.com/repos/ungleich/cdist/releases/${repoid}/assets?name=${archivename}.asc" \
"${response_archive}" "${response_archive_sig}" "${changelog}"
)
curl -f -X POST \
-H "PRIVATE-TOKEN: ${token}" \
-F "description=${release_notes}" \
"https://code.ungleich.ch/api/v4/projects/${project}/repository/tags/${tag}/release" \
|| exit 1 || exit 1
# remove generated files (archive and asc) # remove generated files (archive and asc)
if [ $# -eq 2 ] if [ $# -eq 2]
then then
rm -f "${archivename}" rm -f "${archivename}"
fi fi
@ -283,30 +244,30 @@ eof
target_version=$($0 changelog-version) target_version=$($0 changelog-version)
target_branch=$($0 version-branch) target_branch=$($0 version-branch)
printf "Beginning release process for %s\n" "${target_version}" echo "Beginning release process for $target_version"
# First check everything is sane # First check everything is sane
"$0" check-date "$0" check-date
"$0" check-unittest "$0" check-unittest
"$0" check-pycodestyle "$0" check-pycodestyle
"$0" check-shellcheck "$0" shellcheck
# Generate version file to be included in packaging # Generate version file to be included in packaging
"$0" target-version "$0" target-version
# Ensure the git status is clean, else abort # Ensure the git status is clean, else abort
if ! git diff-index --name-only --exit-code HEAD ; then if ! git diff-index --name-only --exit-code HEAD ; then
printf "Unclean tree, see files above, aborting.\n" echo "Unclean tree, see files above, aborting"
exit 1 exit 1
fi fi
# Ensure we are on the master branch # Ensure we are on the master branch
masterbranch=yes masterbranch=yes
if [ "$(git rev-parse --abbrev-ref HEAD)" != "master" ]; then if [ "$(git rev-parse --abbrev-ref HEAD)" != "master" ]; then
printf "Releases are happening from the master branch, aborting.\n" echo "Releases are happening from the master branch, aborting"
printf "Enter the magic word to release anyway:" echo "Enter the magic word to release anyway"
read -r magicword read magicword
if [ "$magicword" = "iknowwhatido" ]; then if [ "$magicword" = "iknowwhatido" ]; then
masterbranch=no masterbranch=no
@ -317,7 +278,7 @@ eof
if [ "$masterbranch" = yes ]; then if [ "$masterbranch" = yes ]; then
# Ensure version branch exists # Ensure version branch exists
if ! git rev-parse --verify "refs/heads/${target_branch}" 2>/dev/null; then if ! git rev-parse --verify refs/heads/$target_branch 2>/dev/null; then
git branch "$target_branch" git branch "$target_branch"
fi fi
@ -335,12 +296,20 @@ eof
make docs-clean make docs-clean
make docs make docs
# Generate speeches (indirect check if they build)
make speeches
############################################################# #############################################################
# Everything green, let's do the release # Everything green, let's do the release
# Tag the current commit # Tag the current commit
"$0" release-git-tag "$0" release-git-tag
# sign git tag
printf "Enter github authentication token: "
read token
"$0" sign-git-release "${target_version}" "${token}"
# Also merge back the version branch # Also merge back the version branch
if [ "$masterbranch" = yes ]; then if [ "$masterbranch" = yes ]; then
git checkout master git checkout master
@ -348,41 +317,41 @@ eof
fi fi
# Publish git changes # Publish git changes
# if you want to have mirror locally then uncomment this and comment below make pub
# git push --mirror
git push # publish man, speeches, website
# push also new branch and set up tracking if [ "$masterbranch" = yes ]; then
git push -u origin "${target_branch}" make web-release-all
# fi else
make web-release-all-no-latest
fi
# Ensure that pypi release has the right version
"$0" version
# Create and publish package for pypi # Create and publish package for pypi
"$0" pypi-release make pypi-release
# sign git tag # Archlinux release is based on pypi
printf "Enter upstream repository authentication token: " make archlinux-release
read -r token
"$0" sign-git-release "${target_version}" "${token}"
# Announce change on ML # Announce change on ML
"$0" ml-release "${target_version}" make ml-release
cat << eof cat << eof
Manual steps post release: Manual steps post release:
- cdist-web
- send mail body generated in mailinglist.tmp and inform Dmitry for deb - linkedin
- hackernews
- reddit
- twitter - twitter
eof eof
;; ;;
test) test)
if [ ! -f "cdist/version.py" ] export PYTHONPATH="$(pwd -P)"
then
printf "cdist/version.py is missing, generate it first.\n"
exit 1
fi
PYTHONPATH="$(pwd -P)"
export PYTHONPATH
if [ $# -lt 1 ]; then if [ $# -lt 1 ]; then
python3 -m cdist.test python3 -m cdist.test
@ -392,15 +361,7 @@ eof
;; ;;
test-remote) test-remote)
if [ ! -f "cdist/version.py" ] export PYTHONPATH="$(pwd -P)"
then
printf "cdist/version.py is missing, generate it first.\n"
exit 1
fi
PYTHONPATH="$(pwd -P)"
export PYTHONPATH
python3 -m cdist.test.exec.remote python3 -m cdist.test.exec.remote
;; ;;
@ -413,9 +374,9 @@ eof
printf "\\nPlease review pycodestyle report.\\n" printf "\\nPlease review pycodestyle report.\\n"
while true while true
do do
printf "Continue (yes/no)?\n" echo "Continue (yes/no)?"
any= any=
read -r any read any
case "$any" in case "$any" in
yes) yes)
break break
@ -424,74 +385,20 @@ eof
exit 1 exit 1
;; ;;
*) *)
printf "Please answer with 'yes' or 'no' explicitly.\n" echo "Please answer with 'yes' or 'no' explicitly."
;; ;;
esac esac
done done
;; ;;
shellcheck-global-explorers)
find cdist/conf/explorer -type f -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
;;
shellcheck-type-explorers)
find cdist/conf/type -type f -path "*/explorer/*" -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
;;
shellcheck-manifests)
find cdist/conf/type -type f -name manifest -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
;;
shellcheck-local-gencodes)
find cdist/conf/type -type f -name gencode-local -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
;;
shellcheck-remote-gencodes)
find cdist/conf/type -type f -name gencode-remote -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
;;
shellcheck-scripts)
${SHELLCHECKCMD} scripts/cdist-dump scripts/cdist-new-type || exit 0
;;
shellcheck-gencodes)
"$0" shellcheck-local-gencodes
"$0" shellcheck-remote-gencodes
;;
shellcheck-types)
"$0" shellcheck-type-explorers
"$0" shellcheck-manifests
"$0" shellcheck-gencodes
;;
shellcheck) shellcheck)
"$0" shellcheck-global-explorers make helper=${helper} WEBDIR=${WEBDIR} shellcheck
"$0" shellcheck-types
"$0" shellcheck-scripts
;;
shellcheck-type-files)
find cdist/conf/type -type f -path "*/files/*" -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
;;
shellcheck-with-files)
"$0" shellcheck
"$0" shellcheck-type-files
;;
shellcheck-build-helper)
${SHELLCHECKCMD} ./bin/build-helper
;;
check-shellcheck)
"$0" shellcheck
printf "\\nPlease review shellcheck report.\\n" printf "\\nPlease review shellcheck report.\\n"
while true while true
do do
printf "Continue (yes/no)?\n" echo "Continue (yes/no)?"
any= any=
read -r any read any
case "$any" in case "$any" in
yes) yes)
break break
@ -500,7 +407,7 @@ eof
exit 1 exit 1
;; ;;
*) *)
printf "Please answer with 'yes' or 'no' explicitly.\n" echo "Please answer with 'yes' or 'no' explicitly."
;; ;;
esac esac
done done
@ -511,39 +418,16 @@ eof
;; ;;
version) version)
printf "VERSION = \"%s\"\n" "$(git describe)" > cdist/version.py echo "VERSION = \"$(git describe)\"" > cdist/version.py
;; ;;
target-version) target-version)
target_version=$($0 changelog-version) target_version=$($0 changelog-version)
printf "VERSION = \"%s\"\n" "${target_version}" > cdist/version.py echo "VERSION = \"${target_version}\"" > cdist/version.py
;; ;;
clean)
make clean
# Archlinux
rm -f cdist-*.pkg.tar.xz cdist-*.tar.gz
rm -rf pkg/ src/
rm -f MANIFEST PKGBUILD
rm -rf dist/
# Signed release
rm -f cdist-*.tar.gz
rm -f cdist-*.tar.gz.asc
# Temp files
rm -f ./*.tmp
;;
distclean)
"$0" clean
rm -f cdist/version.py
;;
*) *)
printf "Unknown target: '%s'.\n" "${option}" >&2 echo "Unknown helper target $@ - aborting"
usage "${basename}"
exit 1 exit 1
;; ;;

496
bin/build-helper.freebsd Executable file
View file

@ -0,0 +1,496 @@
#!/bin/sh
#
# 2011-2013 Nico Schottelius (nico-cdist at schottelius.org)
# 2016 Darko Poljak (darko.poljak at gmail.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# This file contains the heavy lifting found usually in the Makefile
#
# vars for make
helper=$0
basedir=${0%/*}/../
# run_as is used to check how the script is called (by $0 value)
# currently supported sufixes for $0 are:
# .freebsd - run as freebsd
basename=${0##*/}
run_as=${basename#*.}
case "$run_as" in
freebsd)
to_a=cdist-configuration-management
to_d=googlegroups.com
from_a=darko.poljak
from_d=gmail.com
ml_name="Darko Poljak"
ml_sig_name="Darko"
# vars for make
WEBDIR=../vcs/www.nico.schottelius.org
;;
*)
to_a=cdist
to_d=l.schottelius.org
from_a=nico-cdist
from_d=schottelius.org
ml_name="Nico -telmich- Schottelius"
ml_sig_name="Nico"
# vars for make
WEBDIR=$$HOME/vcs/www.nico.schottelius.org
;;
esac
# Change to checkout directory
cd "$basedir"
version=$(git describe)
option=$1; shift
case "$option" in
print-make-vars)
printf "helper: ${helper}\n"
printf "WEBDIR: ${WEBDIR}\n"
;;
print-runas)
printf "run_as: $run_as\n"
;;
changelog-changes)
if [ "$#" -eq 1 ]; then
start=$1
else
start="[[:digit:]]"
fi
end="[[:digit:]]"
awk -F: "BEGIN { start=0 }
{
if(start == 0) {
if (\$0 ~ /^$start/) {
start = 1
}
} else {
if (\$0 ~ /^$end/) {
exit
} else {
print \$0
}
}
}" "$basedir/docs/changelog"
;;
changelog-version)
# get version from changelog
grep '^[[:digit:]]' "$basedir/docs/changelog" | head -n1 | sed 's/:.*//'
;;
check-date)
# verify date in changelog is today
date_today="$(date +%Y-%m-%d)"
date_changelog=$(grep '^[[:digit:]]' "$basedir/docs/changelog" | head -n1 | sed 's/.*: //')
if [ "$date_today" != "$date_changelog" ]; then
echo "Date in changelog is not today"
echo "Changelog: $date_changelog"
exit 1
fi
;;
check-unittest)
"$0" test
;;
blog)
version=$1; shift
blogfile=$1; shift
dir=${blogfile%/*}
file=${blogfile##*/}
cat << eof > "$blogfile"
[[!meta title="Cdist $version released"]]
Here's a short overview about the changes found in version ${version}:
eof
$0 changelog-changes "$version" >> "$blogfile"
cat << eof >> "$blogfile"
For more information visit the [[cdist homepage|software/cdist]].
[[!tag cdist config unix]]
eof
cd "$dir"
git add "$file"
# Allow git commit to fail if there are no changes
git commit -m "cdist blog update: $version" "$blogfile" || true
;;
ml-release)
if [ $# -ne 1 ]; then
echo "$0 ml-release version" >&2
exit 1
fi
version=$1; shift
to=${to_a}@${to_d}
from=${from_a}@${from_d}
(
cat << eof
From: ${ml_name} <$from>
To: cdist mailing list <$to>
Subject: cdist $version released
Hello .*,
cdist $version has been released with the following changes:
eof
"$0" changelog-changes "$version"
cat << eof
Cheers,
${ml_sig_name}
--
Automatisation at its best level. With cdist.
eof
) | /usr/sbin/sendmail -f "$from" "$to"
;;
release-git-tag)
target_version=$($0 changelog-version)
if git rev-parse --verify refs/tags/$target_version 2>/dev/null; then
echo "Tag for $target_version exists, aborting"
exit 1
fi
printf "Enter tag description for ${target_version}: "
read tagmessage
# setup for signed tags:
# gpg --fulL-gen-key
# gpg --list-secret-keys --keyid-format LONG
# git config --local user.signingkey <id>
# for exporting pub key:
# gpg --armor --export <id> > pubkey.asc
# gpg --output pubkey.gpg --export <id>
# show tag with signature
# git show <tag>
# verify tag signature
# git tag -v <tag>
#
# gpg verify signature
# gpg --verify <asc-file> <file>
# gpg --no-default-keyring --keyring <pubkey.gpg> --verify <asc-file> <file>
# Ensure gpg-agent is running.
export GPG_TTY=$(tty)
gpg-agent
git tag -s "$target_version" -m "$tagmessage"
git push --tags
;;
sign-git-release)
if [ $# -lt 2 ]
then
printf "usage: $0 sign-git-release TAG TOKEN [ARCHIVE]\n"
printf " if ARCHIVE is not specified then it is created\n"
exit 1
fi
tag="$1"
if ! git rev-parse -q --verify "${tag}" >/dev/null 2>&1
then
printf "Tag \"${tag}\" not found.\n"
exit 1
fi
token="$2"
if [ $# -gt 2 ]
then
archivename="$3"
else
archivename="cdist-${tag}.tar.gz"
git archive --prefix="cdist-${tag}/" -o "${archivename}" "${tag}" \
|| exit 1
fi
gpg --armor --detach-sign "${archivename}" || exit 1
# make github release
curl -H "Authorization: token ${token}" \
--request POST \
--data "{ \"tag_name\":\"${tag}\", \
\"target_commitish\":\"master\", \
\"name\": \"${tag}\", \
\"body\":\"${tag}\", \
\"draft\":false, \
\"prerelease\": false}" \
"https://api.github.com/repos/ungleich/cdist/releases" || exit 1
# get release ID
repoid=$(curl "https://api.github.com/repos/ungleich/cdist/releases/tags/${tag}" \
| python3 -c 'import json; import sys; print(json.loads(sys.stdin.read())["id"])') \
|| exit 1
# upload archive and then signature
curl -H "Authorization: token ${token}" \
-H "Accept: application/vnd.github.manifold-preview" \
-H "Content-Type: application/x-gtar" \
--data-binary @${archivename} \
"https://uploads.github.com/repos/ungleich/cdist/releases/${repoid}/assets?name=${archivename}" \
|| exit 1
curl -H "Authorization: token ${token}" \
-H "Accept: application/vnd.github.manifold-preview" \
-H "Content-Type: application/pgp-signature" \
--data-binary @${archivename}.asc \
"https://uploads.github.com/repos/ungleich/cdist/releases/${repoid}/assets?name=${archivename}.asc" \
|| exit 1
# remove generated files (archive and asc)
if [ $# -eq 2]
then
rm -f "${archivename}"
fi
rm -f "${archivename}.asc"
;;
release)
set -e
target_version=$($0 changelog-version)
target_branch=$($0 version-branch)
echo "Beginning release process for $target_version"
# First check everything is sane
"$0" check-date
"$0" check-unittest
"$0" check-pycodestyle
"$0" shellcheck
# Generate version file to be included in packaging
"$0" target-version
# Ensure the git status is clean, else abort
if ! git diff-index --name-only --exit-code HEAD ; then
echo "Unclean tree, see files above, aborting"
exit 1
fi
# Ensure we are on the master branch
masterbranch=yes
if [ "$(git rev-parse --abbrev-ref HEAD)" != "master" ]; then
echo "Releases are happening from the master branch, aborting"
echo "Enter the magic word to release anyway"
read magicword
if [ "$magicword" = "iknowwhatido" ]; then
masterbranch=no
else
exit 1
fi
fi
if [ "$masterbranch" = yes ]; then
# Ensure version branch exists
if ! git rev-parse --verify refs/heads/$target_branch 2>/dev/null; then
git branch "$target_branch"
fi
# Merge master branch into version branch
git checkout "$target_branch"
git merge master
fi
# Verify that after the merge everything works
"$0" check-date
"$0" check-unittest
# Generate documentation (man and html)
# First, clean old generated docs
make helper=${helper} WEBDIR=${WEBDIR} docs-clean
make helper=${helper} WEBDIR=${WEBDIR} docs
# Generate speeches (indirect check if they build)
make helper=${helper} WEBDIR=${WEBDIR} speeches
#############################################################
# Everything green, let's do the release
# Tag the current commit
"$0" release-git-tag
# sign git tag
printf "Enter github authentication token: "
read token
"$0" sign-git-release "${target_version}" "${token}"
# Also merge back the version branch
if [ "$masterbranch" = yes ]; then
git checkout master
git merge "$target_branch"
fi
# Publish git changes
case "$run_as" in
freebsd)
# if we are not Nico :) then just push, no mirror
git push
# push also new branch and set up tracking
git push -u origin "${target_branch}"
;;
*)
make helper=${helper} WEBDIR=${WEBDIR} pub
;;
esac
# publish man, speeches, website
if [ "$masterbranch" = yes ]; then
make helper=${helper} WEBDIR=${WEBDIR} web-release-all
else
make helper=${helper} WEBDIR=${WEBDIR} web-release-all-no-latest
fi
# Ensure that pypi release has the right version
"$0" version
# Create and publish package for pypi
make helper=${helper} WEBDIR=${WEBDIR} pypi-release
case "$run_as" in
freebsd)
;;
*)
# Archlinux release is based on pypi
make archlinux-release
;;
esac
# Announce change on ML
make helper=${helper} WEBDIR=${WEBDIR} ml-release
cat << eof
Manual steps post release:
- linkedin
- hackernews
- reddit
- twitter
eof
case "$run_as" in
freebsd)
cat <<eof
Additional steps post release:
- archlinux release
eof
;;
*)
;;
esac
;;
test)
export PYTHONPATH="$(pwd -P)"
if [ $# -lt 1 ]; then
python3 -m cdist.test
else
python3 -m unittest "$@"
fi
;;
test-remote)
export PYTHONPATH="$(pwd -P)"
python3 -m cdist.test.exec.remote
;;
pycodestyle|pep8)
pycodestyle "${basedir}" "${basedir}/scripts/cdist" | less
;;
check-pycodestyle)
"$0" pycodestyle
printf "\\nPlease review pycodestyle report.\\n"
while true
do
echo "Continue (yes/no)?"
any=
read any
case "$any" in
yes)
break
;;
no)
exit 1
;;
*)
echo "Please answer with 'yes' or 'no' explicitly."
;;
esac
done
;;
shellcheck)
make helper=${helper} WEBDIR=${WEBDIR} shellcheck
printf "\\nPlease review shellcheck report.\\n"
while true
do
echo "Continue (yes/no)?"
any=
read any
case "$any" in
yes)
break
;;
no)
exit 1
;;
*)
echo "Please answer with 'yes' or 'no' explicitly."
;;
esac
done
;;
version-branch)
"$0" changelog-version | cut -d. -f '1,2'
;;
version)
echo "VERSION = \"$(git describe)\"" > cdist/version.py
;;
target-version)
target_version=$($0 changelog-version)
echo "VERSION = \"${target_version}\"" > cdist/version.py
;;
*)
echo "Unknown helper target $@ - aborting"
exit 1
;;
esac

41
cdist/__init__.py
View file

@ -181,40 +181,17 @@ class CdistObjectError(CdistEntityError):
params, stdout_paths, stderr_paths, subject) params, stdout_paths, stderr_paths, subject)
class CdistObjectExplorerError(CdistEntityError):
"""
Something went wrong while working on a specific
cdist object explorer
"""
def __init__(self, cdist_object, explorer_name, explorer_path,
stderr_path, subject=''):
params = [
('object name', cdist_object.name, ),
('object path', cdist_object.absolute_path, ),
('object source', " ".join(cdist_object.source), ),
('object type', os.path.realpath(
cdist_object.cdist_type.absolute_path), ),
('explorer name', explorer_name, ),
('explorer path', explorer_path, ),
]
stdout_paths = []
stderr_paths = [
('remote', stderr_path, ),
]
super().__init__("explorer '{}' of object '{}'".format(
explorer_name, cdist_object.name), params, stdout_paths,
stderr_paths, subject)
class InitialManifestError(CdistEntityError): class InitialManifestError(CdistEntityError):
"""Something went wrong while executing initial manifest""" """Something went wrong while executing initial manifest"""
def __init__(self, initial_manifest, stdout_path, stderr_path, subject=''): def __init__(self, initial_manifest, stdout_path, stderr_path, subject=''):
params = [ params = [
('path', initial_manifest, ), ('path', initial_manifest, ),
] ]
stdout_paths = []
stdout_paths = [ stdout_paths = [
('init', stdout_path, ), ('init', stdout_path, ),
] ]
stderr_paths = []
stderr_paths = [ stderr_paths = [
('init', stderr_path, ), ('init', stderr_path, ),
] ]
@ -222,20 +199,6 @@ class InitialManifestError(CdistEntityError):
stderr_paths, subject) stderr_paths, subject)
class GlobalExplorerError(CdistEntityError):
"""Something went wrong while executing global explorer"""
def __init__(self, name, path, stderr_path, subject=''):
params = [
('name', name, ),
('path', path, ),
]
stderr_paths = [
('remote', stderr_path, ),
]
super().__init__("global explorer '{}'".format(name),
params, [], stderr_paths, subject)
def file_to_list(filename): def file_to_list(filename):
"""Return list from \n seperated file""" """Return list from \n seperated file"""
if os.path.isfile(filename): if os.path.isfile(filename):

12
cdist/argparse.py
View file

@ -5,23 +5,21 @@ import logging
import collections import collections
import functools import functools
import cdist.configuration import cdist.configuration
import cdist.preos
# set of beta sub-commands # set of beta sub-commands
BETA_COMMANDS = set(('install', 'inventory', )) BETA_COMMANDS = set(('install', 'inventory', ))
# set of beta arguments for sub-commands # set of beta arguments for sub-commands
BETA_ARGS = { BETA_ARGS = {
'config': set(('tag', 'all_tagged_hosts', 'use_archiving', )), 'config': set(('jobs', 'tag', 'all_tagged_hosts', 'use_archiving', )),
} }
EPILOG = "Get cdist at https://code.ungleich.ch/ungleich-public/cdist" EPILOG = "Get cdist at http://www.nico.schottelius.org/software/cdist/"
# Parser others can reuse # Parser others can reuse
parser = None parser = None
_verbosity_level_off = -2 _verbosity_level_off = -2
_verbosity_level = { _verbosity_level = {
None: logging.WARNING,
_verbosity_level_off: logging.OFF, _verbosity_level_off: logging.OFF,
-1: logging.ERROR, -1: logging.ERROR,
0: logging.WARNING, 0: logging.WARNING,
@ -193,7 +191,8 @@ def get_parsers():
name="positive int"), name="positive int"),
help=('Operate in parallel in specified maximum number of jobs. ' help=('Operate in parallel in specified maximum number of jobs. '
'Global explorers, object prepare and object run are ' 'Global explorers, object prepare and object run are '
'supported. Without argument CPU count is used by default. '), 'supported. Without argument CPU count is used by default. '
'Currently in beta.'),
action='store', dest='jobs', action='store', dest='jobs',
const=multiprocessing.cpu_count()) const=multiprocessing.cpu_count())
parser['config_main'].add_argument( parser['config_main'].add_argument(
@ -424,9 +423,6 @@ def get_parsers():
parser['inventory'].set_defaults( parser['inventory'].set_defaults(
func=cdist.inventory.Inventory.commandline) func=cdist.inventory.Inventory.commandline)
# PreOs
parser['preos'] = parser['sub'].add_parser('preos', add_help=False)
# Shell # Shell
parser['shell'] = parser['sub'].add_parser( parser['shell'] = parser['sub'].add_parser(
'shell', parents=[parser['loglevel']]) 'shell', parents=[parser['loglevel']])

33
cdist/conf/explorer/disks
View file

@ -1,27 +1,16 @@
#!/bin/sh #!/bin/sh -e
uname_s="$(uname -s)" os=$("$__explorer/os")
case "$os" in
openbsd)
IFS=',' disks=$(sysctl -n hw.disknames)
for d in $disks; do
echo "${d%%:*}"
done | sed -n '/^[sw]d[0-9][0-9]*/p'
;;
case "${uname_s}" in
FreeBSD)
sysctl -n kern.disks
;;
OpenBSD|NetBSD)
sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+' | xargs
;;
Linux)
if command -v lsblk > /dev/null
then
# exclude ram disks, floppies and cdroms
# https://www.kernel.org/doc/Documentation/admin-guide/devices.txt
lsblk -e 1,2,11 -dno name | xargs
else
printf "Don't know how to list disks for %s operating system without lsblk, if you can please submit a patch\n" "${uname_s}" >&2
fi
;;
*) *)
printf "Don't know how to list disks for %s operating system, if you can please submit a patch\n" "${uname_s}" >&2 cd /dev || exit 0
echo sd? hd? vd?
;; ;;
esac esac
exit 0

2
cdist/conf/explorer/init
View file

@ -29,7 +29,7 @@ case "$uname_s" in
Linux) Linux)
(pgrep -P0 -l | awk '/^1[ \t]/ {print $2;}') || true (pgrep -P0 -l | awk '/^1[ \t]/ {print $2;}') || true
;; ;;
FreeBSD|OpenBSD) FreeBSD)
ps -o comm= -p 1 || true ps -o comm= -p 1 || true
;; ;;
*) *)

43
cdist/conf/explorer/interfaces
View file

@ -1,6 +1,6 @@
#!/bin/sh -e #!/bin/sh
# #
# 2019 Ander Punnar (ander-at-kvlt-dot-ee) # 2012 Sébastien Gross <seb•ɑƬ•chezwam•ɖɵʈ•org>
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -17,12 +17,35 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
#
# List all network interfaces in explorer/ifaces. One interface per line.
#
# If your OS is not supported please provide a ifconfig output
#
if command -v ip >/dev/null # Use ip, if available
then if command -v ip >/dev/null; then
ip -o link show | sed -n 's/^[0-9]\+: \(.\+\): <.*/\1/p' ip -o link show | sed -n 's/^[0-9]\+: \(.\+\): <.*/\1/p'
elif command -v ifconfig >/dev/null exit 0
then fi
ifconfig -a | sed -n -E 's/^(.*)(:[[:space:]]*flags=|Link encap).*/\1/p'
fi \ if ! command -v ifconfig >/dev/null; then
| sort -u # no ifconfig, nothing we could do
exit 0
fi
uname_s="$(uname -s)"
REGEXP='s/^(.*)(:[[:space:]]*flags=|Link encap).*/\1/p'
case "$uname_s" in
Darwin)
ifconfig -a | sed -n -E "$REGEXP"
;;
Linux|*BSD)
ifconfig -a | sed -n -r "$REGEXP"
;;
*)
echo "Unsupported ifconfig output for $uname_s" >&2
exit 1
;;
esac

2
cdist/conf/explorer/os
View file

@ -145,7 +145,7 @@ esac
if [ -f /etc/os-release ]; then if [ -f /etc/os-release ]; then
# already lowercase, according to: # already lowercase, according to:
# https://www.freedesktop.org/software/systemd/man/os-release.html # https://www.freedesktop.org/software/systemd/man/os-release.html
awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release awk -F= '/^ID=/ {print $2;}' /etc/os-release
exit 0 exit 0
fi fi

12
cdist/conf/type/__acl/explorer/acl_is
View file

@ -18,14 +18,6 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
[ ! -e "/$__object_id" ] && exit 0 if [ -e "/$__object_id" ]
then getfacl "/$__object_id" | grep -E '^((default:|)(user|group)):[a-z]' || true
if ! command -v getfacl > /dev/null
then
echo 'getfacl not available' >&2
exit 1
fi fi
getfacl "/$__object_id" 2>/dev/null \
| grep -Eo '^(default:)?(user|group|(mask|other):):[^:][[:graph:]]+' \
|| true

39
cdist/conf/type/__acl/explorer/checks
View file

@ -1,39 +0,0 @@
#!/bin/sh -e
#
# 2019 Ander Punnar (ander-at-kvlt-dot-ee)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# TODO check if filesystem has ACL turned on etc
if [ -f "$__object/parameter/acl" ]
then
grep -E '^(default:)?(user|group):' "$__object/parameter/acl" \
| while read -r acl
do
param="$( echo "$acl" | awk -F: '{print $(NF-2)}' )"
check="$( echo "$acl" | awk -F: '{print $(NF-1)}' )"
[ "$param" = 'user' ] && db=passwd || db="$param"
if ! getent "$db" "$check" > /dev/null
then
echo "missing $param '$check'" >&2
exit 1
fi
done
fi

31
cdist/conf/type/__acl/explorer/file_is
View file

@ -1,31 +0,0 @@
#!/bin/sh -e
#
# 2018 Ander Punnar (ander-at-kvlt-dot-ee)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
if [ -e "/$__object_id" ]
then
if [ -d "/$__object_id" ]
then echo directory
elif [ -f "/$__object_id" ]
then echo regular
else echo other
fi
else
echo missing
fi

105
cdist/conf/type/__acl/gencode-remote
View file

@ -18,67 +18,32 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
file_is="$( cat "$__object/explorer/file_is" )"
[ "$file_is" = 'missing' ] && [ -z "$__cdist_dry_run" ] && exit 0
os="$( cat "$__global/explorer/os" )" os="$( cat "$__global/explorer/os" )"
acl_path="/$__object_id" acl_path="/$__object_id"
acl_is="$( cat "$__object/explorer/acl_is" )" acl_is="$( cat "$__object/explorer/acl_is" )"
if [ -f "$__object/parameter/acl" ] acl_should="$( for parameter in user group
then do
acl_should="$( cat "$__object/parameter/acl" )" if [ ! -f "$__object/parameter/$parameter" ]
elif then continue
[ -f "$__object/parameter/user" ] \ fi
|| [ -f "$__object/parameter/group" ] \ while read -r l
|| [ -f "$__object/parameter/mask" ] \
|| [ -f "$__object/parameter/other" ]
then
acl_should="$( for param in user group mask other
do do
[ ! -f "$__object/parameter/$param" ] && continue echo "$parameter:$l"
echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=: if [ -f "$__object/parameter/default" ]
then echo "default:$parameter:$l"
echo "$param$sep$( cat "$__object/parameter/$param" )" fi
done )" done < "$__object/parameter/$parameter"
else done )"
echo 'no parameters set' >&2
exit 1
fi
if [ -f "$__object/parameter/default" ]
then
acl_should="$( echo "$acl_should" \
| sed 's/^default://' \
| sort -u \
| sed 's/\(.*\)/default:\1\n\1/' )"
fi
if [ "$file_is" = 'regular' ] \
&& echo "$acl_should" | grep -Eq '^default:'
then
# only directories can have default ACLs,
# but instead of error,
# let's just remove default entries
acl_should="$( echo "$acl_should" | grep -Ev '^default:' )"
fi
if echo "$acl_should" | awk -F: '{ print $NF }' | grep -Fq 'X'
then
[ "$file_is" = 'directory' ] && rep=x || rep=-
acl_should="$( echo "$acl_should" | sed "s/\\(.*\\)X/\\1$rep/" )"
fi
setfacl_exec='setfacl' setfacl_exec='setfacl'
if [ -f "$__object/parameter/recursive" ] if [ -f "$__object/parameter/recursive" ]
then then
if echo "$os" | grep -Fq 'freebsd' if echo "$os" | grep -E 'macosx|netbsd|freebsd|openbsd'
then then
echo "$os setfacl do not support recursive operations" >&2 echo "$os setfacl do not support recursive operations" >&2
else else
@ -88,39 +53,29 @@ fi
if [ -f "$__object/parameter/remove" ] if [ -f "$__object/parameter/remove" ]
then then
echo "$acl_is" | while read -r acl if echo "$os" | grep 'solaris'
do then
# skip wanted ACL entries which already exist # Solaris setfacl behaves differently.
# and skip mask and other entries, because we # We will not support Solaris for now, because no way to test it.
# can't actually remove them, but only change. # But adding support should be easy (use -s instead of -m on modify).
if echo "$acl_should" | grep -Eq "^$acl" \ echo "$os setfacl do not support -x flag for ACL remove" >&2
|| echo "$acl" | grep -Eq '^(default:)?(mask|other)' else
then continue echo "$acl_is" | while read -r acl
fi do
if echo "$acl_should" | grep -Fq "$acl"
then continue
fi
if echo "$os" | grep -Fq 'freebsd' no_bits="$( echo "$acl" | sed -r 's/:[rwx-]+$//' )"
then
remove="$acl"
else
remove="$( echo "$acl" | sed 's/:...$//' )"
fi
echo "$setfacl_exec -x \"$remove\" \"$acl_path\"" echo "$setfacl_exec -x \"$no_bits\" \"$acl_path\""
echo "removed '$remove'" >> "$__messages_out" done
done fi
fi fi
for acl in $acl_should for acl in $acl_should
do do
if ! echo "$acl_is" | grep -Eq "^$acl" if ! echo "$acl_is" | grep -Eq "^$acl"
then then echo "$setfacl_exec -m \"$acl\" \"$acl_path\""
if echo "$os" | grep -Fq 'freebsd' \
&& echo "$acl" | grep -Eq '^default:'
then
echo "setting default ACL in $os is currently not supported" >&2
else
echo "$setfacl_exec -m \"$acl\" \"$acl_path\""
echo "added '$acl'" >> "$__messages_out"
fi
fi fi
done done

59
cdist/conf/type/__acl/man.rst
View file

@ -3,41 +3,35 @@ cdist-type__acl(7)
NAME NAME
---- ----
cdist-type__acl - Set ACL entries cdist-type__acl - Basic wrapper around `setfacl`
DESCRIPTION DESCRIPTION
----------- -----------
Fully supported and tested on Linux (ext4 filesystem), partial support for FreeBSD. ACL must be defined as 3-symbol combination, using `r`, `w`, `x` and `-`.
See ``setfacl`` and ``acl`` manpages for more details. See setfacl(1) and acl(5) for more details.
REQUIRED MULTIPLE PARAMETERS OPTIONAL MULTIPLE PARAMETERS
---------------------------- ----------------------------
acl user
Set ACL entry following ``getfacl`` output syntax. Add user ACL entry.
group
Add group ACL entry.
BOOLEAN PARAMETERS BOOLEAN PARAMETERS
------------------ ------------------
default
Set all ACL entries as default too.
Only directories can have default ACLs.
Setting default ACL in FreeBSD is currently not supported.
recursive recursive
Make ``setfacl`` recursive (Linux only), but not ``getfacl`` in explorer. Operate recursively (Linux only).
default
Add default ACL entries.
remove remove
Remove undefined ACL entries. Remove undefined ACL entries (Solaris not supported).
``mask`` and ``other`` entries can't be removed, but only changed.
DEPRECATED PARAMETERS
---------------------
Parameters ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
will be removed in future versions. Please use ``acl`` parameter instead.
EXAMPLES EXAMPLES
@ -46,30 +40,13 @@ EXAMPLES
.. code-block:: sh .. code-block:: sh
__acl /srv/project \ __acl /srv/project \
--default \
--recursive \ --recursive \
--remove \
--acl user:alice:rwx \
--acl user:bob:r-x \
--acl group:project-group:rwx \
--acl group:some-other-group:r-x \
--acl mask::r-x \
--acl other::r-x
# give Alice read-only access to subdir,
# but don't allow her to see parent content.
__acl /srv/project2 \
--remove \
--acl default:group:secret-project:rwx \
--acl group:secret-project:rwx \
--acl user:alice:--x
__acl /srv/project2/subdir \
--default \ --default \
--remove \ --remove \
--acl group:secret-project:rwx \ --user alice:rwx \
--acl user:alice:r-x --user bob:r-x \
--group project-group:rwx \
--group some-other-group:r-x
AUTHORS AUTHORS

1
cdist/conf/type/__acl/parameter/deprecated/group
View file

@ -1 +0,0 @@
see manual for details

1
cdist/conf/type/__acl/parameter/deprecated/mask
View file

@ -1 +0,0 @@
see manual for details

1
cdist/conf/type/__acl/parameter/deprecated/other
View file

@ -1 +0,0 @@
see manual for details

1
cdist/conf/type/__acl/parameter/deprecated/user
View file

@ -1 +0,0 @@
see manual for details

2
cdist/conf/type/__acl/parameter/optional
View file

@ -1,2 +0,0 @@
mask
other

1
cdist/conf/type/__acl/parameter/optional_multiple
View file

@ -1,3 +1,2 @@
acl
user user
group group

18
cdist/conf/type/__apt_key/explorer/state
View file

@ -27,18 +27,6 @@ else
keyid="$__object_id" keyid="$__object_id"
fi fi
keydir="$(cat "$__object/parameter/keydir")" apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK" \
keyfile="$keydir/$__object_id.gpg" && echo present \
|| echo absent
if [ -d "$keydir" ]
then
if [ -f "$keyfile" ]
then echo present
else echo absent
fi
else
# fallback to deprecated apt-key
apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK" \
&& echo present \
|| echo absent
fi

76
cdist/conf/type/__apt_key/gencode-remote
View file

@ -31,84 +31,12 @@ if [ "$state_should" = "$state_is" ]; then
exit 0 exit 0
fi fi
keydir="$(cat "$__object/parameter/keydir")"
keyfile="$keydir/$__object_id.gpg"
case "$state_should" in case "$state_should" in
present) present)
keyserver="$(cat "$__object/parameter/keyserver")" keyserver="$(cat "$__object/parameter/keyserver")"
echo "apt-key adv --keyserver \"$keyserver\" --recv-keys \"$keyid\""
if [ -f "$__object/parameter/uri" ]; then
uri="$(cat "$__object/parameter/uri")"
if [ -d "$keydir" ]; then
cat << EOF
curl -s -L \\
-o "$keyfile" \\
"$uri"
key="\$( cat "$keyfile" )"
if echo "\$key" | grep -Fq 'BEGIN PGP PUBLIC KEY BLOCK'
then
echo "\$key" | gpg --dearmor > "$keyfile"
fi
EOF
else
# fallback to deprecated apt-key
echo "curl -s -L '$uri' | apt-key add -"
fi
elif [ -d "$keydir" ]; then
tmp='/tmp/cdist_apt_key_tmp'
# we need to kill gpg after 30 seconds, because gpg
# can get stuck if keyserver is not responding.
# exporting env var and not exit 1,
# because we need to clean up and kill dirmngr.
cat << EOF
mkdir -m 700 -p "$tmp"
if timeout 30s \\
gpg --homedir "$tmp" \\
--keyserver "$keyserver" \\
--recv-keys "$keyid"
then
gpg --homedir "$tmp" \\
--export "$keyid" \\
> "$keyfile"
else
export GPG_GOT_STUCK=1
fi
GNUPGHOME="$tmp" gpgconf --kill dirmngr
rm -rf "$tmp"
if [ -n "\$GPG_GOT_STUCK" ]
then
echo "GPG GOT STUCK - no response from keyserver after 30 seconds" >&2
exit 1
fi
EOF
else
# fallback to deprecated apt-key
echo "apt-key adv --keyserver \"$keyserver\" --recv-keys \"$keyid\""
fi
echo "added '$keyid'" >> "$__messages_out"
;; ;;
absent) absent)
if [ -f "$keyfile" ]; then echo "apt-key del \"$keyid\""
echo "rm '$keyfile'"
else
# fallback to deprecated apt-key
echo "apt-key del \"$keyid\""
fi
echo "removed '$keyid'" >> "$__messages_out"
;; ;;
esac esac

17
cdist/conf/type/__apt_key/man.rst
View file

@ -28,12 +28,6 @@ keyserver
the keyserver from which to fetch the key. If omitted the default set the keyserver from which to fetch the key. If omitted the default set
in ./parameter/default/keyserver is used. in ./parameter/default/keyserver is used.
keydir
key save location, defaults to ``/etc/apt/trusted.pgp.d``
uri
the URI from which to download the key
EXAMPLES EXAMPLES
-------- --------
@ -53,20 +47,15 @@ EXAMPLES
# same thing with other keyserver # same thing with other keyserver
__apt_key UbuntuArchiveKey --keyid 437D05B5 --keyserver keyserver.ubuntu.com __apt_key UbuntuArchiveKey --keyid 437D05B5 --keyserver keyserver.ubuntu.com
# download key from the internet
__apt_key rabbitmq \
--uri http://www.rabbitmq.com/rabbitmq-signing-key-public.asc
AUTHORS AUTHORS
------- -------
Steven Armstrong <steven-cdist--@--armstrong.cc> Steven Armstrong <steven-cdist--@--armstrong.cc>
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING COPYING
------- -------
Copyright \(C) 2011-2019 Steven Armstrong and Ander Punnar. You can Copyright \(C) 2011-2014 Steven Armstrong. You can redistribute it
redistribute it and/or modify it under the terms of the GNU General Public and/or modify it under the terms of the GNU General Public License as
License as published by the Free Software Foundation, either version 3 of the published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version. License, or (at your option) any later version.

8
cdist/conf/type/__apt_key/manifest
View file

@ -1,8 +0,0 @@
#!/bin/sh -e
__package gnupg
if [ -f "$__object/parameter/uri" ]
then __package curl
else __package dirmngr
fi

1
cdist/conf/type/__apt_key/parameter/default/keydir
View file

@ -1 +0,0 @@
/etc/apt/trusted.gpg.d

2
cdist/conf/type/__apt_key/parameter/optional
View file

@ -1,5 +1,3 @@
state state
keyid keyid
keyserver keyserver
keydir
uri

7
cdist/conf/type/__block/gencode-remote
View file

@ -18,11 +18,6 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
# quote function from http://www.etalabs.net/sh_tricks.html
quote() {
printf '%s\n' "$1" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"
}
file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")" file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")"
state_should=$(cat "$__object/parameter/state") state_should=$(cat "$__object/parameter/state")
prefix=$(cat "$__object/parameter/prefix" 2>/dev/null || echo "#cdist:__block/$__object_id") prefix=$(cat "$__object/parameter/prefix" 2>/dev/null || echo "#cdist:__block/$__object_id")
@ -51,7 +46,7 @@ tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
if [ -f "$file" ]; then if [ -f "$file" ]; then
cp -p "$file" "\$tmpfile" cp -p "$file" "\$tmpfile"
fi fi
awk -v prefix=^$(quote "$prefix")\$ -v suffix=^$(quote "$suffix")\$ ' awk -v prefix="^$prefix\$" -v suffix="^$suffix\$" '
{ {
if (match(\$0,prefix)) { if (match(\$0,prefix)) {
triggered=1 triggered=1

4
cdist/conf/type/__cdist/man.rst
View file

@ -30,7 +30,7 @@ username
source source
Select the source from which to clone cdist from. Select the source from which to clone cdist from.
Defaults to "git@code.ungleich.ch:ungleich-public/cdist.git". Defaults to "git://github.com/ungleich/cdist.git".
branch branch
@ -47,7 +47,7 @@ EXAMPLES
__cdist /home/cdist/cdist __cdist /home/cdist/cdist
# Use alternative source # Use alternative source
__cdist --source "git@code.ungleich.ch:ungleich-public/cdist.git" /home/cdist/cdist __cdist --source "git://github.com/ungleich/cdist" /home/cdist/cdist
AUTHORS AUTHORS

2
cdist/conf/type/__cdist/parameter/default/source
View file

@ -1 +1 @@
git@code.ungleich.ch:ungleich-public/cdist.git git://github.com/ungleich/cdist.git

26
cdist/conf/type/__check_messages/gencode-remote
View file

@ -1,26 +0,0 @@
#!/bin/sh -e
#
# 2019 Ander Punnar (ander-at-kvlt-dot-ee)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
if grep -Eq \
"$( cat "$__object/parameter/pattern" )" \
"$__messages_in"
then
tee "$__messages_out" < "$__object/parameter/execute"
fi

52
cdist/conf/type/__check_messages/man.rst
View file

@ -1,52 +0,0 @@
cdist-type__check_messages(7)
=============================
NAME
----
cdist-type__check_messages - Check messages for pattern and execute command on match.
DESCRIPTION
-----------
Check messages for pattern and execute command on match.
This type is useful if you chain together multiple related types using
dependencies and want to restart service if at least one type changes
something.
For more information about messages see `cdist messaging <cdist-messaging.html>`_.
For more information about dependencies and execution order see
`cdist manifest <cdist-manifest.html#dependencies>`_ documentation.
REQUIRED PARAMETERS
-------------------
pattern
Extended regular expression pattern for search (passed to ``grep -E``).
execute
Command to execute on pattern match.
EXAMPLES
--------
.. code-block:: sh
__check_messages munin \
--pattern '^__(file|link|line)/etc/munin/' \
--execute 'service munin-node restart'
AUTHORS
-------
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2019 Ander Punnar. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

2
cdist/conf/type/__check_messages/parameter/required
View file

@ -1,2 +0,0 @@
pattern
execute

6
cdist/conf/type/__clean_path/explorer/list
View file

@ -20,7 +20,11 @@
path="/$__object_id" path="/$__object_id"
[ ! -d "$path" ] && exit 0 if [ ! -d "$path" ]
then
echo "$path is not a directory" >&2
exit 1
fi
pattern="$( cat "$__object/parameter/pattern" )" pattern="$( cat "$__object/parameter/pattern" )"

1
cdist/conf/type/__consul/files/versions/1.5.0/cksum
View file

@ -1 +0,0 @@
886614099 103959898 consul

1
cdist/conf/type/__consul/files/versions/1.5.0/source
View file

@ -1 +0,0 @@
https://releases.hashicorp.com/consul/1.5.0/consul_1.5.0_linux_amd64.zip

2
cdist/conf/type/__consul/gencode-remote
View file

@ -42,7 +42,7 @@ source_file_name="${source##*/}"
cksum_should=$(cut -d' ' -f1,2 "$version_dir/cksum") cksum_should=$(cut -d' ' -f1,2 "$version_dir/cksum")
cat << eof cat << eof
tmpdir=\$(mktemp -d -p /tmp "${__type##*/}.XXXXXXXXXX") tmpdir=\$(mktemp -d --tmpdir="/tmp" "${__type##*/}.XXXXXXXXXX")
curl -s -L "$source" > "\$tmpdir/$source_file_name" curl -s -L "$source" > "\$tmpdir/$source_file_name"
unzip -p "\$tmpdir/$source_file_name" > "${destination}.tmp" unzip -p "\$tmpdir/$source_file_name" > "${destination}.tmp"
rm -rf "\$tmpdir" rm -rf "\$tmpdir"

3
cdist/conf/type/__consul/manifest
View file

@ -24,7 +24,7 @@
os=$(cat "$__global/explorer/os") os=$(cat "$__global/explorer/os")
case "$os" in case "$os" in
alpine|scientific|centos|redhat|ubuntu|debian|devuan|archlinux|gentoo) scientific|centos|redhat|ubuntu|debian|devuan|archlinux|gentoo)
# any linux should work # any linux should work
: :
;; ;;
@ -47,7 +47,6 @@ fi
if [ -f "$__object/parameter/direct" ]; then if [ -f "$__object/parameter/direct" ]; then
__package unzip __package unzip
__package curl
else else
__staged_file /usr/local/bin/consul \ __staged_file /usr/local/bin/consul \
--source "$(cat "$version_dir/source")" \ --source "$(cat "$version_dir/source")" \

38
cdist/conf/type/__consul_agent/files/consul.sys-openrc
View file

@ -1,38 +0,0 @@
#!/sbin/openrc-run
# 2019 Nico Schottelius (nico-cdist at schottelius.org)
description="consul agent"
pidfile="${CONSUL_PIDFILE:-"/var/run/$RC_SVCNAME/pidfile"}"
command="${CONSUL_BINARY:-"/usr/local/bin/consul"}"
checkconfig() {
if [ ! -d /var/run/consul ] ; then
mkdir -p /var/run/consul || return 1
chown consul:consul /var/run/$NAME || return 1
chmod 2770 /var/run/$NAME || return 1
fi
}
start() {
need net
start-stop-daemon --start --quiet --oknodo \
--pidfile "$pidfile" --background \
--exec $command -- agent -pid-file="$pidfile" -config-dir /etc/consul/conf.d
}
start_pre() {
checkconfig
}
stop() {
if [ "${RC_CMD}" = "restart" ] ; then
checkconfig || return 1
fi
ebegin "Stopping $RC_SVCNAME"
start-stop-daemon --stop --exec "$command" \
--pidfile "$pidfile" --quiet
eend $?
}

47
cdist/conf/type/__consul_agent/manifest
View file

@ -1,7 +1,7 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2015 Steven Armstrong (steven-cdist at armstrong.cc) # 2015 Steven Armstrong (steven-cdist at armstrong.cc)
# 2015-2019 Nico Schottelius (nico-cdist at schottelius.org) # 2015 Nico Schottelius (nico-cdist at schottelius.org)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -23,7 +23,7 @@
os=$(cat "$__global/explorer/os") os=$(cat "$__global/explorer/os")
case "$os" in case "$os" in
alpine|scientific|centos|debian|devuan|redhat|ubuntu) scientific|centos|debian|devuan|redhat|ubuntu)
# whitelist safeguard # whitelist safeguard
: :
;; ;;
@ -181,25 +181,22 @@ init_upstart()
# Install init script to start on boot # Install init script to start on boot
case "$os" in case "$os" in
alpine|devuan) centos|redhat)
init_sysvinit debian os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
;; major_version="${os_version%%.*}"
centos|redhat) case "$major_version" in
os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")" [456])
major_version="${os_version%%.*}" init_sysvinit redhat
case "$major_version" in ;;
[456]) 7)
init_sysvinit redhat init_systemd
;; ;;
7) *)
init_systemd echo "Unsupported CentOS/Redhat version: $os_version" >&2
;; exit 1
*) ;;
echo "Unsupported CentOS/Redhat version: $os_version" >&2 esac
exit 1 ;;
;;
esac
;;
debian) debian)
os_version=$(cat "$__global/explorer/os_version") os_version=$(cat "$__global/explorer/os_version")
@ -217,9 +214,13 @@ case "$os" in
exit 1 exit 1
;; ;;
esac esac
;; ;;
devuan)
init_sysvinit debian
;;
ubuntu) ubuntu)
init_upstart init_upstart
;; ;;
esac esac

52
cdist/conf/type/__directory/explorer/stat
View file

@ -25,51 +25,23 @@ destination="/$__object_id"
os=$("$__explorer/os") os=$("$__explorer/os")
case "$os" in case "$os" in
"freebsd"|"netbsd"|"openbsd"|"macosx") "freebsd"|"netbsd"|"openbsd")
stat -f "type: %HT # FIXME: should be something like this based on man page, but can not test
stat -f "type: %ST
owner: %Du %Su owner: %Du %Su
group: %Dg %Sg group: %Dg %Sg
mode: %Lp %Sp mode: %Op %Sp
" "$destination" | awk '/^type/ { print tolower($0); next; } { print; }'
;;
alpine)
stat -c "type: %F
owner: %u %U
group: %g %G
mode: %a %A
" "$destination" " "$destination"
;; ;;
solaris) "macosx")
ls1="$( ls -ld "$destination" )" stat -f "type: %HT
ls2="$( ls -ldn "$destination" )" owner: %Du %Su
group: %Dg %Sg
if [ -f "$__object/parameter/mode" ] mode: %Lp %Sp
then mode_should="$( cat "$__object/parameter/mode" )" " "$destination"
fi
# yes, it is ugly hack, but if you know better way...
if [ -z "$( find "$destination" -perm "$mode_should" )" ]
then octets=888
else octets="$( echo "$mode_should" | sed 's/^0//' )"
fi
case "$( echo "$ls1" | cut -c1-1 )" in
-) echo 'type: regular file' ;;
d) echo 'type: directory' ;;
esac
echo "owner: $( echo "$ls2" \
| awk '{print $3}' ) $( echo "$ls1" \
| awk '{print $3}' )"
echo "group: $( echo "$ls2" \
| awk '{print $4}' ) $( echo "$ls1" \
| awk '{print $4}' )"
echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )"
;; ;;
*) *)
stat --printf="type: %F stat --printf="type: %F
owner: %u %U owner: %u %U
group: %g %G group: %g %G
mode: %a %A mode: %a %A

37
cdist/conf/type/__docker/manifest
View file

@ -64,43 +64,6 @@ case "$os" in
require="__apt_source/docker" __package docker-ce --state "${state}" require="__apt_source/docker" __package docker-ce --state "${state}"
fi fi
;; ;;
devuan)
os_version="$(cat "$__global/explorer/os_version")"
case "$os_version" in
ascii)
distribution="stretch"
;;
jessie)
distribution="jessie"
;;
*)
echo "Your devuan release ($os_version) is currently not supported by this type (${__type##*/}).">&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
if [ "${state}" = "present" ]; then
__package apt-transport-https
__package ca-certificates
__package gnupg2
fi
__apt_key_uri docker --name "Docker Release (CE deb) <docker@docker.com>" \
--uri "https://download.docker.com/linux/${os}/gpg" --state "${state}"
require="__apt_key_uri/docker" __apt_source docker \
--uri "https://download.docker.com/linux/${os}" \
--distribution "${distribution}" \
--state "${state}" \
--component "stable"
if [ "$version" != "latest" ]; then
require="__apt_source/docker" __package docker-ce --version "${version}" --state "${state}"
else
require="__apt_source/docker" __package docker-ce --state "${state}"
fi
;;
*) *)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2 echo "Please contribute an implementation for it if you can." >&2

2
cdist/conf/type/__docker_swarm/explorer/swarm-state
View file

@ -18,4 +18,4 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
docker info 2>/dev/null | grep '^ *Swarm: ' | awk '{print $2}' docker info 2>/dev/null | grep "^Swarm: " | cut -d " " -f 2-

60
cdist/conf/type/__file/explorer/stat
View file

@ -1,7 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# 2013 Steven Armstrong (steven-cdist armstrong.cc) # 2013 Steven Armstrong (steven-cdist armstrong.cc)
# 2019 Nico Schottelius (nico-cdist at schottelius.org)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -26,56 +25,25 @@ destination="/$__object_id"
os=$("$__explorer/os") os=$("$__explorer/os")
case "$os" in case "$os" in
"freebsd"|"netbsd"|"openbsd"|"macosx") "freebsd"|"netbsd"|"openbsd")
stat -f "type: %HT # FIXME: should be something like this based on man page, but can not test
stat -f "type: %ST
owner: %Du %Su
group: %Dg %Sg
mode: %Op %Sp
size: %Dz
links: %Dl
" "$destination"
;;
"macosx")
stat -f "type: %HT
owner: %Du %Su owner: %Du %Su
group: %Dg %Sg group: %Dg %Sg
mode: %Lp %Sp mode: %Lp %Sp
size: %Dz size: %Dz
links: %Dl links: %Dl
" "$destination" | awk '/^type/ { print tolower($0); next; } { print; }'
;;
alpine)
# busybox stat
stat -c "type: %F
owner: %u %U
group: %g %G
mode: %a %A
size: %s
links: %h
" "$destination" " "$destination"
;; ;;
solaris)
ls1="$( ls -ld "$destination" )"
ls2="$( ls -ldn "$destination" )"
if [ -f "$__object/parameter/mode" ]
then mode_should="$( cat "$__object/parameter/mode" )"
fi
# yes, it is ugly hack, but if you know better way...
if [ -z "$( find "$destination" -perm "$mode_should" )" ]
then octets=888
else octets="$( echo "$mode_should" | sed 's/^0//' )"
fi
case "$( echo "$ls1" | cut -c1-1 )" in
-) echo 'type: regular file' ;;
d) echo 'type: directory' ;;
esac
echo "owner: $( echo "$ls2" \
| awk '{print $3}' ) $( echo "$ls1" \
| awk '{print $3}' )"
echo "group: $( echo "$ls2" \
| awk '{print $4}' ) $( echo "$ls1" \
| awk '{print $4}' )"
echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )"
echo "size: $( echo "$ls1" | awk '{print $5}' )"
echo "links: $( echo "$ls1" | awk '{print $2}' )"
;;
*) *)
stat --printf="type: %F stat --printf="type: %F
owner: %u %U owner: %u %U
@ -84,5 +52,5 @@ mode: %a %A
size: %s size: %s
links: %h links: %h
" "$destination" " "$destination"
;; ;;
esac esac

4
cdist/conf/type/__file/gencode-remote
View file

@ -79,10 +79,6 @@ case "$state_should" in
fi fi
fi fi
done done
if [ -f "$__object/files/set-attributes" ]; then
# set-attributes is created if file is created or uploaded in gencode-local
fire_onchange=1
fi
;; ;;

34
cdist/conf/type/__git/gencode-remote
View file

@ -19,33 +19,32 @@
# #
# #
state_is=$(cat "$__object/explorer/state") state_is="$(cat "$__object/explorer/state")"
owner_is=$(cat "$__object/explorer/owner") owner_is="$(cat "$__object/explorer/owner")"
group_is=$(cat "$__object/explorer/group") group_is="$(cat "$__object/explorer/group")"
state_should=$(cat "$__object/parameter/state") state_should="$(cat "$__object/parameter/state")"
branch=$(cat "$__object/parameter/branch") branch="$(cat "$__object/parameter/branch")"
source=$(cat "$__object/parameter/source") source="$(cat "$__object/parameter/source")"
destination="/$__object_id" destination="/$__object_id"
owner=$(cat "$__object/parameter/owner") owner="$(cat "$__object/parameter/owner")"
group=$(cat "$__object/parameter/group") group="$(cat "$__object/parameter/group")"
mode=$(cat "$__object/parameter/mode") mode="$(cat "$__object/parameter/mode")"
[ -f "$__object/parameter/recursive" ] && recursive='--recursive' || recursive='' [ "$state_should" = "$state_is" ] && \
[ "$owner" = "$owner_is" ] && \
[ "$state_should" = "$state_is" ] \ [ "$group" = "$group_is" ] && \
&& [ "$owner" = "$owner_is" ] \ [ -n "$mode" ] && exit 0
&& [ "$group" = "$group_is" ] \
&& [ -n "$mode" ] && exit 0
case $state_should in case $state_should in
present) present)
if [ "$state_should" != "$state_is" ]; then if [ "$state_should" != "$state_is" ]; then
echo git clone --quiet "$recursive" --branch "$branch" "$source" "$destination" echo git clone --quiet --branch "$branch" "$source" "$destination"
fi fi
if { [ -n "$owner" ] && [ "$owner_is" != "$owner" ]; } || \ if { [ -n "$owner" ] && [ "$owner_is" != "$owner" ]; } || \
{ [ -n "$group" ] && [ "$group_is" != "$group" ]; }; then { [ -n "$group" ] && [ "$group_is" != "$group" ]; }; then
@ -55,9 +54,8 @@ case $state_should in
echo chmod -R "$mode" "$destination" echo chmod -R "$mode" "$destination"
fi fi
;; ;;
# Handled in manifest
absent) absent)
# Handled in manifest
;; ;;
*) *)

4
cdist/conf/type/__git/man.rst
View file

@ -35,8 +35,6 @@ mode
owner owner
User to chown to. User to chown to.
recursive
Passes the --recursive flag to git when cloning the repository.
EXAMPLES EXAMPLES
-------- --------
@ -46,7 +44,7 @@ EXAMPLES
__git /home/services/dokuwiki --source git://github.com/splitbrain/dokuwiki.git __git /home/services/dokuwiki --source git://github.com/splitbrain/dokuwiki.git
# Checkout cdist, stay on branch 2.1 # Checkout cdist, stay on branch 2.1
__git /home/nico/cdist --source git@code.ungleich.ch:ungleich-public/cdist.git --branch 2.1 __git /home/nico/cdist --source git://github.com/ungleich/cdist.git --branch 2.1
AUTHORS AUTHORS

1
cdist/conf/type/__git/parameter/boolean
View file

@ -1 +0,0 @@
recursive

10
cdist/conf/type/__grafana_dashboard/manifest
View file

@ -8,12 +8,10 @@ case $os in
debian|devuan) debian|devuan)
case $os_version in case $os_version in
8*|jessie) 8*|jessie)
# Differntation not needed anymore apt_source_distribution=jessie
apt_source_distribution=stable
;; ;;
9*|ascii/ceres|ascii) 9*|ascii/ceres|ascii)
# Differntation not needed anymore apt_source_distribution=stretch
apt_source_distribution=stable
;; ;;
*) *)
echo "Don't know how to install Grafana on $os $os_version. Send us a pull request!" >&2 echo "Don't know how to install Grafana on $os $os_version. Send us a pull request!" >&2
@ -23,10 +21,10 @@ case $os in
__apt_key_uri grafana \ __apt_key_uri grafana \
--name 'Grafana Release Signing Key' \ --name 'Grafana Release Signing Key' \
--uri https://packages.grafana.com/gpg.key --uri https://packagecloud.io/gpg.key
require="$require __apt_key_uri/grafana" __apt_source grafana \ require="$require __apt_key_uri/grafana" __apt_source grafana \
--uri https://packages.grafana.com/oss/deb \ --uri https://packagecloud.io/grafana/stable/debian/ \
--distribution $apt_source_distribution \ --distribution $apt_source_distribution \
--component main --component main

19
cdist/conf/type/__group/explorer/group
View file

@ -1,7 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc) # 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -22,21 +21,7 @@
# Get an existing groups group entry. # Get an existing groups group entry.
# #
not_supported() {
echo "Your operating system ($("$__explorer/os")) is currently not supported." >&2
echo "Cannot extract group information." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
}
name=$__object_id name=$__object_id
if command -v getent >/dev/null getent group "$name" || true
then
getent group "$name" || true
elif [ -f /etc/group ]
then
grep "^${name}:" /etc/group || true
else
not_supported
fi

30
cdist/conf/type/__group/explorer/gshadow
View file

@ -1,7 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc) # 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -23,28 +22,13 @@
# #
name=$__object_id name=$__object_id
os=$("$__explorer/os") os="$("$__explorer/os")"
not_supported() { case "$os" in
echo "Your operating system ($os) is currently not supported." >&2 "freebsd"|"netbsd")
echo "Cannot extract group information." >&2 echo "$os does not have getent gshadow"
echo "Please contribute an implementation for it if you can." >&2 exit 0
exit 1 ;;
}
case $os in
"freebsd"|"netbsd")
echo "$os does not have getent gshadow" >&2
exit 0
;;
esac esac
if command -v getent >/dev/null getent gshadow "$name" || true
then
getent gshadow "$name" || true
elif [ -f /etc/gshadow ]
then
grep "^${name}:" /etc/gshadow || true
else
not_supported
fi

4
cdist/conf/type/__hostname/gencode-remote
View file

@ -35,7 +35,7 @@ has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
# If everything is ok -> exit # If everything is ok -> exit
# #
case "$os" in case "$os" in
archlinux|debian|suse|ubuntu|devuan|coreos|alpine) archlinux|debian|suse|ubuntu|devuan|coreos)
if [ "$name_config" = "$name_should" ] && [ "$name_running" = "$name_should" ]; then if [ "$name_config" = "$name_should" ] && [ "$name_running" = "$name_should" ]; then
exit 0 exit 0
fi fi
@ -58,7 +58,7 @@ echo changed >> "$__messages_out"
# Use the good old way to set the hostname even on machines running systemd. # Use the good old way to set the hostname even on machines running systemd.
case "$os" in case "$os" in
archlinux|debian|ubuntu|devuan|centos|coreos|alpine) archlinux|debian|ubuntu|devuan|centos|coreos)
printf "printf '%%s\\\\n' '$name_should' > /etc/hostname\\n" printf "printf '%%s\\\\n' '$name_should' > /etc/hostname\\n"
echo "hostname -F /etc/hostname" echo "hostname -F /etc/hostname"
;; ;;

2
cdist/conf/type/__hostname/manifest
View file

@ -41,7 +41,7 @@ not_supported() {
} }
case "$os" in case "$os" in
archlinux|debian|suse|ubuntu|devuan|coreos|alpine) archlinux|debian|suse|ubuntu|devuan|coreos)
# handled in gencode-remote # handled in gencode-remote
: :
;; ;;

8
cdist/conf/type/__letsencrypt_cert/manifest
View file

@ -33,9 +33,6 @@ if [ -z "${certbot_fullpath}" ]; then
require="__apt_source/stretch-backports" __package_apt certbot \ require="__apt_source/stretch-backports" __package_apt certbot \
--target-release stretch-backports --target-release stretch-backports
;; ;;
10*)
__package_apt certbot
;;
*) *)
echo "Unsupported OS version: $os_version" >&2 echo "Unsupported OS version: $os_version" >&2
exit 1 exit 1
@ -65,12 +62,11 @@ if [ -z "${certbot_fullpath}" ]; then
--distribution ascii-backports \ --distribution ascii-backports \
--component main --component main
require="__apt_source/ascii-backports" __package_apt python-certbot \
--target-release ascii-backports
require="__apt_source/ascii-backports" __package_apt certbot \ require="__apt_source/ascii-backports" __package_apt certbot \
--target-release ascii-backports --target-release ascii-backports
;; ;;
beowulf*)
__package_apt certbot
;;
*) *)
echo "Unsupported OS version: $os_version" >&2 echo "Unsupported OS version: $os_version" >&2
exit 1 exit 1

4
cdist/conf/type/__link/gencode-remote
View file

@ -48,25 +48,21 @@ case "$state_should" in
if [ "$file_type" = "directory" ]; then if [ "$file_type" = "directory" ]; then
# our destination is currently a directory, delete it # our destination is currently a directory, delete it
printf 'rm -rf "%s" &&\n' "$destination" printf 'rm -rf "%s" &&\n' "$destination"
echo "removed '$destination' (directory)" >> "$__messages_out"
else else
if [ "$state_is" = "wrongsource" ]; then if [ "$state_is" = "wrongsource" ]; then
# our destination is a symlink but points to the wrong source, # our destination is a symlink but points to the wrong source,
# delete it # delete it
printf 'rm -f "%s" &&\n' "$destination" printf 'rm -f "%s" &&\n' "$destination"
echo "removed '$destination' (wrongsource)" >> "$__messages_out"
fi fi
fi fi
# create our link # create our link
printf 'ln %s -f "%s" "%s"\n' "$lnopt" "$source" "$destination" printf 'ln %s -f "%s" "%s"\n' "$lnopt" "$source" "$destination"
echo "created '$destination'" >> "$__messages_out"
;; ;;
absent) absent)
# only delete if it is a sym/hard link # only delete if it is a sym/hard link
if [ "$file_type" = "symlink" ] || [ "$file_type" = "hardlink" ]; then if [ "$file_type" = "symlink" ] || [ "$file_type" = "hardlink" ]; then
printf 'rm -f "%s"\n' "$destination" printf 'rm -f "%s"\n' "$destination"
echo "removed '$destination'" >> "$__messages_out"
fi fi
;; ;;
*) *)

16
cdist/conf/type/__link/man.rst
View file

@ -27,22 +27,6 @@ state
'present' or 'absent', defaults to 'present' 'present' or 'absent', defaults to 'present'
MESSAGES
--------
created <destination>
Link to destination was created.
removed <destination>
Link to destination was removed.
removed <destination> (directory)
Destination was removed because state is ``present`` and destination was directory.
removed <destination> (wrongsource)
Destination was removed because state is ``present`` and destination link source was wrong.
EXAMPLES EXAMPLES
-------- --------

11
cdist/conf/type/__locale/gencode-remote
View file

@ -1,6 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2013-2019 Nico Schottelius (nico-cdist at schottelius.org) # 2013 Nico Schottelius (nico-cdist at schottelius.org)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -37,15 +37,6 @@ locale_remove=$(echo "$locale" | sed 's/UTF-8/utf8/')
state=$(cat "$__object/parameter/state") state=$(cat "$__object/parameter/state")
os=$(cat "$__global/explorer/os")
# Nothing to be done on alpine
case "$os" in
alpine)
exit 0
;;
esac
case "$state" in case "$state" in
present) present)
echo localedef -A "$alias" -f "$charmap" -i "$input" "$locale" echo localedef -A "$alias" -f "$charmap" -i "$input" "$locale"

5
cdist/conf/type/__locale/man.rst
View file

@ -8,8 +8,7 @@ cdist-type__locale - Configure locales
DESCRIPTION DESCRIPTION
----------- -----------
This cdist type allows you to setup locales. On systems that don't This cdist type allows you to setup locales.
support locale setting like alpine/musl libc, it is a no-op.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
@ -45,6 +44,6 @@ Nico Schottelius <nico-cdist--@--schottelius.org>
COPYING COPYING
------- -------
Copyright \(C) 2013-2019 Nico Schottelius. Free use of this software is Copyright \(C) 2013-2016 Nico Schottelius. Free use of this software is
granted under the terms of the GNU General Public License version 3 or granted under the terms of the GNU General Public License version 3 or
later (GPLv3+). later (GPLv3+).

6
cdist/conf/type/__locale/manifest
View file

@ -1,6 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2013-2019 Nico Schottelius (nico-cdist at schottelius.org) # 2013-2015 Nico Schottelius (nico-cdist at schottelius.org)
# 2015 David Hürlimann (david at ungleich.ch) # 2015 David Hürlimann (david at ungleich.ch)
# #
# This file is part of cdist. # This file is part of cdist.
@ -19,7 +19,7 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
# #
# Install required packages # Install required packages
# #
os=$(cat "$__global/explorer/os") os=$(cat "$__global/explorer/os")
@ -30,7 +30,7 @@ case "$os" in
# Debian needs a seperate package # Debian needs a seperate package
__package locales --state present __package locales --state present
;; ;;
archlinux|suse|ubuntu|scientific|centos|alpine) archlinux|suse|ubuntu|scientific|centos)
: :
;; ;;
*) *)

2
cdist/conf/type/__package/manifest
View file

@ -1,7 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2011-2013 Steven Armstrong (steven-cdist at armstrong.cc) # 2011-2013 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Nico Schottelius (nico-cdist at schottelius.org)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -45,7 +44,6 @@ else
suse) type="zypper" ;; suse) type="zypper" ;;
openwrt) type="opkg" ;; openwrt) type="opkg" ;;
openbsd) type="pkg_openbsd" ;; openbsd) type="pkg_openbsd" ;;
alpine) type="apk" ;;
*) *)
echo "Don't know how to manage packages on: $os" >&2 echo "Don't know how to manage packages on: $os" >&2
exit 1 exit 1

38
cdist/conf/type/__package_apk/explorer/state
View file

@ -1,38 +0,0 @@
#!/bin/sh
#
# 2019 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Retrieve the status of a package - parsed apk output
#
if [ -f "$__object/parameter/name" ]; then
name="$(cat "$__object/parameter/name")"
else
name="$__object_id"
fi
# Remove the @.. repo tag for finding out whether it is installed
# f.i. pass@testing => pass
name="$(echo "$name" | sed 's/@.*//')"
if [ "$(apk list -I "$name")" ]; then
echo present
else
echo absent
fi

49
cdist/conf/type/__package_apk/gencode-remote
View file

@ -1,49 +0,0 @@
#!/bin/sh -e
#
# 2019 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Manage packages on Debian and co.
#
if [ -f "$__object/parameter/name" ]; then
name="$(cat "$__object/parameter/name")"
else
name="$__object_id"
fi
state_should="$(cat "$__object/parameter/state")"
state_is="$(cat "$__object/explorer/state")"
# Nothing to be done
[ "$state_is" = "$state_should" ] && exit 0
case "$state_should" in
present)
echo "apk add -q '$name'"
echo "installed" >> "$__messages_out"
;;
absent)
echo "apk del -q '$name'"
echo "removed" >> "$__messages_out"
;;
*)
echo "Unknown state: $state_should" >&2
exit 1
;;
esac

55
cdist/conf/type/__package_apk/man.rst
View file

@ -1,55 +0,0 @@
cdist-type__package_akp(7)
==========================
NAME
----
cdist-type__package_akp - Manage packages with akp
DESCRIPTION
-----------
apk is usually used on Alpine to manage packages.
REQUIRED PARAMETERS
-------------------
None
OPTIONAL PARAMETERS
-------------------
name
If supplied, use the name and not the object id as the package name.
state
Either "present" or "absent", defaults to "present"
EXAMPLES
--------
.. code-block:: sh
# Ensure zsh in installed
__package_apk zsh --state present
# Remove package
__package_apk apache2 --state absent
SEE ALSO
--------
:strong:`cdist-type__package`\ (7)
AUTHORS
-------
Nico Schottelius <nico-cdist--@--schottelius.org>
COPYING
-------
Copyright \(C) 2019 Nico Schottelius. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

0
cdist/conf/type/__package_apk/nonparallel
View file

1
cdist/conf/type/__package_apk/parameter/default/state
View file

@ -1 +0,0 @@
present

2
cdist/conf/type/__package_apk/parameter/optional
View file

@ -1,2 +0,0 @@
name
state

3
cdist/conf/type/__postfix/manifest
View file

@ -1,7 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Nico Schottelius (nico-cdist at schottelius.org)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -23,7 +22,7 @@
os=$(cat "$__global/explorer/os") os=$(cat "$__global/explorer/os")
case "$os" in case "$os" in
alpine|ubuntu|debian|archlinux|suse|scientific|centos|devuan) ubuntu|debian|archlinux|suse|scientific|centos|devuan)
__package postfix --state present __package postfix --state present
;; ;;
*) *)

2
cdist/conf/type/__postfix_postconf/explorer/value
View file

@ -22,7 +22,7 @@
os=$("$__explorer/os") os=$("$__explorer/os")
case "$os" in case "$os" in
alpine|ubuntu|debian|archlinux|suse|scientific|centos|devuan) ubuntu|debian|archlinux|suse|scientific|centos|devuan)
: :
;; ;;
*) *)

3
cdist/conf/type/__postfix_postconf/gencode-remote
View file

@ -1,7 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Nico Schottelius (nico-cdist at schottelius.org)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -22,7 +21,7 @@
os=$(cat "$__global/explorer/os") os=$(cat "$__global/explorer/os")
case "$os" in case "$os" in
alpine|archlinux|centos|debian|devuan|suse|scientific|ubuntu) ubuntu|debian|archlinux|suse|scientific|centos|devuan)
: :
;; ;;
*) *)

2
cdist/conf/type/__postgres_database/explorer/state
View file

@ -34,7 +34,7 @@ esac
name="$__object_id" name="$__object_id"
if test -n "$(su - "$postgres_user" -c "psql postgres -twAc \"SELECT 1 FROM pg_database WHERE datname='$name'\"")" if test -n "$(su - "$postgres_user" -c "psql postgres -tAc \"SELECT 1 FROM pg_database WHERE datname='$name'\"")"
then then
echo 'present' echo 'present'
else else

2
cdist/conf/type/__postgres_role/explorer/state
View file

@ -34,7 +34,7 @@ esac
name="$__object_id" name="$__object_id"
if test -n "$(su - "$postgres_user" -c "psql postgres -twAc \"SELECT 1 FROM pg_roles WHERE rolname='$name'\"")" if test -n "$(su - "$postgres_user" -c "psql postgres -tAc \"SELECT 1 FROM pg_roles WHERE rolname='$name'\"")"
then then
echo 'present' echo 'present'
else else

2
cdist/conf/type/__postgres_role/gencode-remote
View file

@ -55,7 +55,7 @@ case "$state_should" in
[ -n "$password" ] && password="PASSWORD '$password'" [ -n "$password" ] && password="PASSWORD '$password'"
cmd="CREATE ROLE $name WITH $password $booleans" cmd="CREATE ROLE $name WITH $password $booleans"
echo "su - '$postgres_user' -c \"psql postgres -wc \\\"$cmd\\\"\"" echo "su - '$postgres_user' -c \"psql postgres -c \\\"$cmd\\\"\""
;; ;;
absent) absent)
echo "su - '$postgres_user' -c \"dropuser \\\"$name\\\"\"" echo "su - '$postgres_user' -c \"dropuser \\\"$name\\\"\""

42
cdist/conf/type/__ssh_authorized_keys/explorer/file
View file

@ -1,7 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# 2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -20,42 +19,9 @@
# #
if [ -f "$__object/parameter/file" ]; then if [ -f "$__object/parameter/file" ]; then
cat "$__object/parameter/file" cat "$__object/parameter/file"
else else
if [ -s "$__object/parameter/owner" ] owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
then home=$(getent passwd "$owner" | cut -d':' -f 6)
owner=$(cat "$__object/parameter/owner") echo "$home/.ssh/authorized_keys"
else
owner="$__object_id"
fi
if command -v getent >/dev/null
then
owner_line=$(getent passwd "$owner")
elif [ -f /etc/passwd ]
then
case $owner
in
[0-9][0-9]*)
owner_line=$(awk -F: "\$3 == \"${owner}\" { print }" /etc/passwd)
;;
*)
owner_line=$(awk -F: "\$1 == \"${owner}\" { print }" /etc/passwd)
;;
esac
fi
if [ "$owner_line" ]
then
home=$(echo "$owner_line" | cut -d':' -f6)
fi
if [ ! -d "$home" ]
then
# Don't know how to determine user's home directory, fall back to ~
home="~$owner"
command -v realpath >/dev/null && home=$(realpath "$home")
fi
[ -d "$home" ] && echo "$home/.ssh/authorized_keys"
fi fi

29
cdist/conf/type/__ssh_authorized_keys/explorer/group
View file

@ -1,7 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# 2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -19,28 +18,6 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
if [ -s "$__object/parameter/owner" ] owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
then gid="$(getent passwd "$owner" | cut -d':' -f 4)"
owner=$(cat "$__object/parameter/owner") getent group "$gid" || true
else
owner="$__object_id"
fi
if command -v getent >/dev/null
then
gid=$(getent passwd "$owner" | cut -d':' -f4)
getent group "$gid" || true
else
# Fallback to local file scanning
case $owner
in
[0-9][0-9]*)
gid=$(awk -F: "\$3 == \"${owner}\" { print \$4 }" /etc/passwd)
;;
*)
gid=$(awk -F: "\$1 == \"${owner}\" { print \$4 }" /etc/passwd)
;;
esac
awk -F: "\$3 == \"$gid\" { print }" /etc/group
fi

21
cdist/conf/type/__ssh_authorized_keys/manifest
View file

@ -23,12 +23,6 @@ owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
state="$(cat "$__object/parameter/state" 2>/dev/null)" state="$(cat "$__object/parameter/state" 2>/dev/null)"
file="$(cat "$__object/explorer/file")" file="$(cat "$__object/explorer/file")"
if [ ! -f "$__object/parameter/nofile" ] && [ -z "$file" ]
then
echo "Cannot determine path of authorized_keys file" >&2
exit 1
fi
if [ ! -f "$__object/parameter/noparent" ] || [ ! -f "$__object/parameter/nofile" ]; then if [ ! -f "$__object/parameter/noparent" ] || [ ! -f "$__object/parameter/nofile" ]; then
group="$(cut -d':' -f 1 "$__object/explorer/group")" group="$(cut -d':' -f 1 "$__object/explorer/group")"
if [ -z "$group" ]; then if [ -z "$group" ]; then
@ -51,6 +45,18 @@ if [ ! -f "$__object/parameter/noparent" ] || [ ! -f "$__object/parameter/nofile
fi fi
fi fi
# Remove legacy blocks created by old versions of this type
# FIXME: remove me in 3.2+
__block "$__object_name" \
--file "$file" \
--prefix "#cdist:$__object_name" \
--suffix "#/cdist:$__object_name" \
--state 'absent' \
--text - << DONE
remove legacy block
DONE
export require="__block/$__object_name"
_cksum() { _cksum() {
echo "$1" | cksum | cut -d' ' -f 1 echo "$1" | cksum | cut -d' ' -f 1
} }
@ -63,8 +69,7 @@ while read -r key; do
set -- "$@" --key "$key" set -- "$@" --key "$key"
set -- "$@" --state "$state" set -- "$@" --state "$state"
if [ -f "$__object/parameter/option" ]; then if [ -f "$__object/parameter/option" ]; then
# shellcheck disable=SC2046 set -- "$@" --option "$(cat "$__object/parameter/option")"
set -- "$@" $(printf -- '--option %s ' $(cat "$__object/parameter/option"))
fi fi
if [ -f "$__object/parameter/comment" ]; then if [ -f "$__object/parameter/comment" ]; then
set -- "$@" --comment "$(cat "$__object/parameter/comment")" set -- "$@" --comment "$(cat "$__object/parameter/comment")"

11
cdist/conf/type/__ssh_dot_ssh/explorer/group
View file

@ -1,7 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# 2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -19,11 +18,5 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
gid=$("$__type_explorer/passwd" | cut -d':' -f4) gid="$("$__type_explorer/passwd" | cut -d':' -f 4)"
getent group "$gid" || true
if command -v getent >/dev/null
then
getent group "$gid" || true
else
awk -F: "\$3 == \"$gid\" { print }" /etc/group
fi

15
cdist/conf/type/__ssh_dot_ssh/explorer/passwd
View file

@ -2,7 +2,6 @@
# #
# 2012 Steven Armstrong (steven-cdist at armstrong.cc) # 2012 Steven Armstrong (steven-cdist at armstrong.cc)
# 2014 Nico Schottelius (nico-cdist at schottelius.org) # 2014 Nico Schottelius (nico-cdist at schottelius.org)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -22,16 +21,4 @@
owner="$__object_id" owner="$__object_id"
if command -v getent >/dev/null getent passwd "$owner" || true
then
getent passwd "$owner" || true
else
case $owner in
[0-9][0-9]*)
awk -F: "\$3 == \"$owner\" { print }" /etc/passwd
;;
*)
grep "^$owner:" /etc/passwd || true
;;
esac
fi

14
cdist/conf/type/__start_on_boot/explorer/state
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# 2012-2019 Nico Schottelius (nico-cdist at schottelius.org) # 2012-2015 Nico Schottelius (nico-cdist at schottelius.org)
# 2013 Daniel Heule (hda at sfs.biz) # 2013 Daniel Heule (hda at sfs.biz)
# #
# This file is part of cdist. # This file is part of cdist.
@ -75,14 +75,9 @@ else
state=$(chkconfig --check "$name" "$runlevel" || echo absent) state=$(chkconfig --check "$name" "$runlevel" || echo absent)
[ "$state" ] || state="present" [ "$state" ] || state="present"
;; ;;
gentoo|alpine) gentoo)
state="absent" state="present"
for d in /etc/runlevels/*; do [ -f "/etc/runlevels/${target_runlevel}/${name}" ] || state="absent"
if [ -f "/etc/runlevels/${d}/${name}" ];then
state="present"
break
fi
done
;; ;;
freebsd) freebsd)
state="absent" state="absent"
@ -93,7 +88,6 @@ else
# OpenBSD 5.7 and higher # OpenBSD 5.7 and higher
rcctl ls on | grep "^${name}$" && state='present' rcctl ls on | grep "^${name}$" && state='present'
;; ;;
*) *)
echo "Unsupported os: $os" >&2 echo "Unsupported os: $os" >&2
exit 1 exit 1

4
cdist/conf/type/__start_on_boot/gencode-remote
View file

@ -58,7 +58,7 @@ case "$state_should" in
echo "update-rc.d '$name' defaults >/dev/null" echo "update-rc.d '$name' defaults >/dev/null"
;; ;;
alpine|gentoo) gentoo)
echo "rc-update add '$name' '$target_runlevel'" echo "rc-update add '$name' '$target_runlevel'"
;; ;;
@ -106,7 +106,7 @@ case "$state_should" in
echo "update-rc.d -f '$name' remove" echo "update-rc.d -f '$name' remove"
;; ;;
alpine|gentoo) gentoo)
echo "rc-update del '$name' '$target_runlevel'" echo "rc-update del '$name' '$target_runlevel'"
;; ;;

2
cdist/conf/type/__start_on_boot/man.rst
View file

@ -55,7 +55,7 @@ Nico Schottelius <nico-cdist--@--schottelius.org>
COPYING COPYING
------- -------
Copyright \(C) 2012-2019 Nico Schottelius. You can redistribute it Copyright \(C) 2012 Nico Schottelius. You can redistribute it
and/or modify it under the terms of the GNU General Public License as and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version. License, or (at your option) any later version.

3
cdist/conf/type/__sysctl/manifest
View file

@ -2,7 +2,6 @@
# #
# 2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2018 Takashi Yoshi (takashi at yoshi.email) # 2018 Takashi Yoshi (takashi at yoshi.email)
# 2019 Nico Schottelius (nico-cdist at schottelius.org)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -25,7 +24,7 @@ os=$(cat "$__global/explorer/os")
case "$os" in case "$os" in
# Linux # Linux
alpine|redhat|centos|ubuntu|debian|devuan|archlinux|coreos) redhat|centos|ubuntu|debian|devuan|archlinux|coreos)
: :
;; ;;
# BSD # BSD

3
cdist/conf/type/__timezone/gencode-remote
View file

@ -1,7 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2012 Steven Armstrong (steven-cdist at armstrong.cc) # 2012 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Nico Schottelius (nico-cdist at schottelius.org)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -30,7 +29,7 @@ if [ "$timezone_is" = "$timezone_should" ]; then
fi fi
case "$os" in case "$os" in
ubuntu|debian|devuan|coreos|alpine) ubuntu|debian|devuan|coreos)
echo "echo \"$timezone_should\" > /etc/timezone" echo "echo \"$timezone_should\" > /etc/timezone"
;; ;;
esac esac

4
cdist/conf/type/__timezone/manifest
View file

@ -2,7 +2,7 @@
# #
# 2011 Ramon Salvadó (rsalvado at gnuine dot com) # 2011 Ramon Salvadó (rsalvado at gnuine dot com)
# 2012-2015 Steven Armstrong (steven-cdist at armstrong.cc) # 2012-2015 Steven Armstrong (steven-cdist at armstrong.cc)
# 2012-2019 Nico Schottelius (nico-cdist at schottelius.org) # 2012 Nico Schottelius (nico-cdist at schottelius.org)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -26,7 +26,7 @@ timezone="$__object_id"
os=$(cat "$__global/explorer/os") os=$(cat "$__global/explorer/os")
case "$os" in case "$os" in
archlinux|debian|ubuntu|devuan|alpine) archlinux|debian|ubuntu|devuan)
__package tzdata __package tzdata
export require="__package/tzdata" export require="__package/tzdata"
;; ;;

62
cdist/conf/type/__ufw/gencode-remote
View file

@ -1,62 +0,0 @@
#!/bin/sh -e
#
# 2019 Mark Polyakov (mark--@--markasoftware.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
state="$(cat "$__object/parameter/state")"
case "$state" in
enabled)
echo 'ufw --force enable'
;;
present)
echo 'ufw --force disable'
;;
# absent will be uninstalled in manifest
esac
if [ "$state" != absent ]; then
if [ -f "$__object/parameter/logging" ]; then
logging="$(cat "$__object/parameter/logging")"
case "$logging" in
off|low|medium|high|full)
echo "ufw --force logging $logging"
;;
*)
echo 'Logging parameter must be off, low, medium, high, or full!' >&2
exit 1
;;
esac
fi
for direction in incoming outgoing routed; do
if [ -f "$__object/parameter/default_$direction" ]; then
treatment="$(cat "$__object/parameter/default_$direction")"
case "$treatment" in
allow|deny|reject)
echo "ufw --force default $treatment $direction"
;;
*)
echo 'UFW default policies must be either "allow", "deny", or "reject".' >&2
exit 1
;;
esac
fi
done
fi

59
cdist/conf/type/__ufw/man.rst
View file

@ -1,59 +0,0 @@
cdist-type__ufw(7)
==================
NAME
----
cdist-type__ufw - Install the Uncomplicated FireWall
DESCRIPTION
-----------
Installs the Uncomplicated FireWall. Most modern distributions carry UFW in their main repositories, but on CentOS this type will automatically enable the EPEL repository.
Some global configuration can also be set with this type.
OPTIONAL PARAMETERS
-------------------
state
Either "enabled", "running", "present", or "absent". Defaults to "enabled", which registers UFW to start on boot.
logging
Either "off", "low", "medium", "high", or "full". Will be passed to `ufw logging`. If not specified, logging level is not modified.
default_incoming
Either "allow", "deny", or "reject". The default policy for dealing with ingress packets.
default_outgoing
Either "allow", "deny", or "reject". The default policy for dealing with egress packets.
default_routed
Either "allow", "deny", or "reject". The default policy for dealing with routed packets (passing through this machine).
EXAMPLES
--------
.. code-block:: sh
# Install UFW
__ufw
# Setup UFW with maximum logging and no restrictions on routed packets.
__ufw --logging full --default_routed allow
SEE ALSO
--------
:strong:`ufw`\ (8)
AUTHORS
-------
Mark Polyakov <mark@markasoftware.com>
COPYING
-------
Copyright \(C) 2019 Mark Polyakov. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

67
cdist/conf/type/__ufw/manifest
View file

@ -1,67 +0,0 @@
#!/bin/sh -e
#
# 2019 Mark Polyakov (mark--@--markasoftware.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
state="$(cat "$__object/parameter/state")"
case "$state" in
present|enabled)
os="$(cat "$__global/explorer/os")"
case "$os" in
centos)
# shellcheck source=/dev/null
if (. "$__global/explorer/os_release" && [ "${VERSION_ID}" = "7" ]); then
__package epel-release
require='__package/epel-release' __package ufw
else
echo 'CentOS version 7 is required!'
exit 1
fi
;;
*)
__package ufw
;;
esac
# ufw expects to always be enabled, then uses a switch in /etc to
# determine whether to "actually start" after the init system calls it.
# So, we have to both enable on bootup through init and run `ufw enable`
# operators ae left-associative, so if !enabled it will never run
if [ "$(cat "$__global/explorer/os")" != ubuntu ] || \
[ "$(cat "$__global/explorer/init")" != init ] && \
[ "$state" = enabled ]; then
# Why don't we disable start_on_boot when state=present|absent?
# Because UFW should always be enabled at boot -- /etc/ufw/ufw.conf
# will stop it from "really" starting
require='__package/ufw' __start_on_boot ufw
fi
;;
absent)
__package ufw --state absent
;;
*)
echo 'State must be "enabled", "present", or "absent".'
exit 1
;;
esac

1
cdist/conf/type/__ufw/parameter/default/state
View file

@ -1 +0,0 @@
enabled

5
cdist/conf/type/__ufw/parameter/optional
View file

@ -1,5 +0,0 @@
state
logging
default_incoming
default_outgoing
default_routed

0
cdist/conf/type/__ufw/singleton
View file

45
cdist/conf/type/__ufw_rule/gencode-remote
View file

@ -1,45 +0,0 @@
#!/bin/sh -e
#
# 2019 Mark Polyakov (mark@markasoftware.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# This type does not bother with checking the current state of the rules.
# While it is possible to retrieve the list of rules in a consistent format from
# `ufw status`, it is a completely different format than the one used on the
# command line. I also do not suspect it is any faster.
ufw='ufw --force rule'
case "$(cat "$__object/parameter/state")" in
present) ;;
absent)
ufw="$ufw delete"
;;
*)
echo 'State must be "present" or "absent".' >&2
exit 1
;;
esac
if [ -f "$__object/parameter/rule" ]; then
ufw="$ufw $(cat "$__object/parameter/rule")"
else
ufw="$ufw allow $__object_id"
fi
echo "$ufw"

53
cdist/conf/type/__ufw_rule/man.rst
View file

@ -1,53 +0,0 @@
cdist-type__ufw_rule(7)
=======================
NAME
----
cdist-type__ufw_rule - A single UFW rule
DESCRIPTION
-----------
Adds or removes a single UFW rule. This type supports adding and deleting rules for port ranges or applications.
Understanding what is "to" and what is "from" can be confusing. If the rule is ingress (default), then "from" is the remote machine and "to" is the local one. The opposite is true for egress traffic (--out).
OPTIONAL PARAMETERS
-------------------
state
Either "present" or "absent". Defaults to "present". If "absent", only removes rules that exactly match the rule expected.
rule
A firewall rule in UFW syntax. This is what you would usually write after `ufw` on the command line. Defaults to "allow" followed by the object ID. You can use either the short syntax (just allow|deny|reject|limit followed by a port or application name) or the full syntax. Do not include `delete` in your command. Set `--state absent` instead.
EXAMPLES
--------
.. code-block:: sh
# open port 80 (ufw allow 80)
__ufw_rule 80
# Allow mosh application (if installed)
__ufw_rule mosh
# Allow all traffic from local network (ufw allow from 10.0.0.0/24)
__ufw_rule local --rule 'allow from 10.0.0.0/24'
# Block egress traffic from port 25 to 111.55.55.55 on interface eth0
__ufw_rule block_smtp --rule 'deny out on eth0 from any port 25 to 111.55.55.55'
SEE ALSO
--------
:strong:`ufw`\ (8)
AUTHORS
-------
Mark Polyakov <mark@markasoftware.com>
COPYING
-------
Copyright \(C) 2019 Mark Polyakov. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

1
cdist/conf/type/__ufw_rule/parameter/default/state
View file

@ -1 +0,0 @@
present

2
cdist/conf/type/__ufw_rule/parameter/optional
View file

@ -1,2 +0,0 @@
state
rule

6
cdist/conf/type/__user/explorer/group
View file

@ -23,9 +23,11 @@
if [ -f "$__object/parameter/gid" ]; then if [ -f "$__object/parameter/gid" ]; then
gid=$(cat "$__object/parameter/gid") gid=$(cat "$__object/parameter/gid")
if command -v getent >/dev/null; then getent=$(command -v getent)
getent group "$gid" || true if [ X != X"${getent}" ]; then
"${getent}" group "$gid" || true
elif [ -f /etc/group ]; then elif [ -f /etc/group ]; then
grep -E "^(${gid}|([^:]+:){2}${gid}):" /etc/group || true grep -E "^(${gid}|([^:]+:){2}${gid}):" /etc/group || true
fi fi
fi fi

5
cdist/conf/type/__user/explorer/passwd
View file

@ -23,8 +23,9 @@
name=$__object_id name=$__object_id
if command -v getent >/dev/null; then getent=$(command -v getent)
getent passwd "$name" || true if [ X != X"${getent}" ]; then
"${getent}" passwd "$name" || true
elif [ -f /etc/passwd ]; then elif [ -f /etc/passwd ]; then
grep "^${name}:" /etc/passwd || true grep "^${name}:" /etc/passwd || true
fi fi

21
cdist/conf/type/__user/explorer/shadow
View file

@ -1,4 +1,4 @@
#!/bin/sh -e #!/bin/sh
# #
# 2011 Steven Armstrong (steven-cdist at armstrong.cc) # 2011 Steven Armstrong (steven-cdist at armstrong.cc)
# #
@ -22,19 +22,18 @@
# #
name=$__object_id name=$__object_id
os="$("$__explorer/os")"
# Default to using shadow passwords
database="shadow"
case $("$__explorer/os") in case "$os" in
'freebsd'|'netbsd'|'openbsd') "freebsd"|"netbsd"|"openbsd") database="passwd";;
database='passwd'
;;
# Default to using shadow passwords
*)
database='shadow'
;;
esac esac
if command -v getent >/dev/null; then getent=$(command -v getent)
getent "$database" "$name" || true if [ X != X"${getent}" ]; then
"${getent}" "$database" "$name" || true
elif [ -f /etc/shadow ]; then elif [ -f /etc/shadow ]; then
grep "^${name}:" /etc/shadow || true grep "^${name}:" /etc/shadow || true
fi fi

Some files were not shown because too many files have changed in this diff Show more