1. 10 Jul, 2021 1 commit
  2. 08 Jul, 2021 2 commits
  3. 05 Jul, 2021 4 commits
  4. 02 Jul, 2021 5 commits
  5. 01 Jul, 2021 2 commits
  6. 28 Jun, 2021 2 commits
  7. 22 Jun, 2021 1 commit
    • Ander Punnar's avatar
      [__download] improvements · 7b3f268d
      Ander Punnar authored
      1. post download checksum verification
      2. detect hashes without prefix
      3. add optional --destination
      4. updated man
      7b3f268d
  8. 10 Jun, 2021 2 commits
  9. 08 Jun, 2021 1 commit
  10. 31 May, 2021 1 commit
  11. 29 May, 2021 2 commits
  12. 26 May, 2021 4 commits
  13. 23 May, 2021 1 commit
    • Ander Punnar's avatar
      [__git] fix group explorer · 503a06ed
      Ander Punnar authored
      group name from numberic id wasn't resolved correctly.
      
      try to use getent and fallback to reading /etc/group directly.
      503a06ed
  14. 10 May, 2021 6 commits
    • Evil Ham's avatar
      ++changelog · 6210cccb
      Evil Ham authored
      6210cccb
    • Evil Ham's avatar
      ++changelog · f14623e4
      Evil Ham authored
      f14623e4
    • Evil Ham's avatar
      [__letsencrypt_cert] Revamp explorers, add locking. · 81b426e4
      Evil Ham authored
      Closes #839
      
      See merge request ungleich-public/cdist!976
      
      This patch joins all explorers in one to avoid starting multiple remote python
      processes and uses a cdist-specific lock in /tmp/certbot.cdist.lock with a
      60 seconds timeout.
      81b426e4
    • Evil Ham's avatar
      [__letsencrypt_cert] Revamp explorers, add locking. · a696f3cf
      Evil Ham authored
      This would fix #839
      
      Certbot uses locking [1] even for read-only operations and does not properly
      use exit codes, which means that sometimes it would print:
      "Another instance of Certbot is already running" and exit with success.
      
      However, the previous explorers would take that as the certificate being absent
      and would trigger code generation.
      
      The issue was made worse by having many explorers running certbot, so for N
      certificates, we'd run certbot N*4 times, potentially "in parallel".
      
      [1]: https://certbot.eff.org/docs/using.html#id5
      
      This patch joins all explorers in one to avoid starting multiple remote python
      processes and uses a cdist-specific lock in /tmp/certbot.cdist.lock with a
      60 seconds timeout.
      
      It has been tested with certbot 0.31.0 and 0.17 that the:
      
          from certbot.main import main
      
      trick works. It is somewhat well documented so it can be somewhat relied upon.
      a696f3cf
    • Evil Ham's avatar
      [__apt_key*] Deprecate __apt_key_uri and improve __apt_key · 0b05a8f5
      Evil Ham authored
      See: ungleich-public/cdist!994
      
      Previously this type was falling back to using the deprecated apt-key(8) by
      checking for existence of files/directories on the controller host in
      gencode-remote.
      
      Adding `--use-deprecated-apt-key` as an explicit boolean serves two purposes:
      1. It prevents fallbacks that might end up doing the wrong thing
         (as was the case)
      2. It allows for a simple way to remove keys from the keyring that were
         previously added with apt-key(8) to /etc/apt/trusted.gpg
      
      This parameter is added marked as deprecated as is only intended use is to
      migrate to directory-based keyrings as recommended by Debian for a few releases.
      It will be removed when Debian 11 stops being supported.
      
      During the review process of this merge request, it was noted that the state of
      PGP Key Servers is somewhat suboptimal, that the examples encouraged bad
      practise (it is trivial to produce collisions for short key IDs), and that 
      this use does not require the Web of Trust, but instead only the public key
      that is signing the repository.
      
      That is why this also adds `--source` as an argument allowing for in-type or
      in-manifest provision of such public keys by the type/manifest maintainer and
      the use of Key Servers is still supported, but discouraged.
      0b05a8f5
    • Evil Ham's avatar
      [__apt_key*] Deprecate __apt_key_uri and improve __apt_key · c00c8c20
      Evil Ham authored
      Previously this type was falling back to using the deprecated apt-key(8) by
      checking for existence of files/directories on the controller host in
      gencode-remote.
      
      Adding `--use-deprecated-apt-key` as an explicit boolean serves two purposes:
      1. It prevents fallbacks that might end up doing the wrong thing
         (as was the case)
      2. It allows for a simple way to remove keys from the keyring that were
         previously added with apt-key(8) to /etc/apt/trusted.gpg
      
      This parameter is added marked as deprecated as is only intended use is to
      migrate to directory-based keyrings as recommended by Debian for a few releases.
      It will be removed when Debian 11 stops being supported.
      
      During the review process of this merge request, it was noted that the state of
      PGP Key Servers is somewhat suboptimal, that the examples encouraged bad
      practise (it is trivial to produce collisions for short key IDs), and that
      this use does not require the Web of Trust, but instead only the public key
      that is signing the repository.
      
      That is why this also adds `--source` as an argument allowing for in-type or
      in-manifest provision of such public keys by the type/manifest maintainer and
      the use of Key Servers is still supported, but discouraged.
      c00c8c20
  15. 27 Apr, 2021 1 commit
  16. 26 Apr, 2021 5 commits