thijso/cdist
1
0
Fork 0
forked from ungleich-public/cdist
Code Issues Pull requests Projects Releases Wiki Activity

Merge branch 'master' into reorg

Browse source
This commit is contained in:
ander 2020-10-21 20:26:51 +03:00
commit aa5e882fce
21 changed files with 138 additions and 92 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
cdist/conf/type/__acl/explorer/checks
View file

@ -1,39 +0,0 @@
#!/bin/sh -e
#
# 2019 Ander Punnar (ander-at-kvlt-dot-ee)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# TODO check if filesystem has ACL turned on etc
if [ -f "$__object/parameter/acl" ]
then
grep -E '^(default:)?(user|group):' "$__object/parameter/acl" \
| while read -r acl
do
param="$( echo "$acl" | awk -F: '{print $(NF-2)}' )"
check="$( echo "$acl" | awk -F: '{print $(NF-1)}' )"
[ "$param" = 'user' ] && db=passwd || db="$param"
if ! getent "$db" "$check" > /dev/null
then
echo "missing $param '$check'" >&2
exit 1
fi
done
fi

4
cdist/conf/type/__acl/explorer/getent Executable file
View file

@ -0,0 +1,4 @@
#!/bin/sh -e
getent passwd | awk -F: '{print "user:"$1}'
getent group | awk -F: '{print "group:"$1}'

36
cdist/conf/type/__acl/gencode-remote
View file

@ -22,8 +22,8 @@ file_is="$( cat "$__object/explorer/file_is" )"
if [ "$file_is" = 'missing' ] \ if [ "$file_is" = 'missing' ] \
&& [ -z "$__cdist_dry_run" ] \ && [ -z "$__cdist_dry_run" ] \
&& \( [ ! -f "$__object/parameter/file" ] \ && [ ! -f "$__object/parameter/file" ] \
|| [ ! -f "$__object/parameter/directory" ] \) && [ ! -f "$__object/parameter/directory" ]
then then
exit 0 exit 0
fi fi
@ -47,28 +47,26 @@ then
elif [ -f "$__object/parameter/entry" ] elif [ -f "$__object/parameter/entry" ]
then then
acl_should="$( cat "$__object/parameter/entry" )" acl_should="$( cat "$__object/parameter/entry" )"
elif [ -f "$__object/parameter/acl" ]
then
acl_should="$( cat "$__object/parameter/acl" )"
elif
[ -f "$__object/parameter/user" ] \
|| [ -f "$__object/parameter/group" ] \
|| [ -f "$__object/parameter/mask" ] \
|| [ -f "$__object/parameter/other" ]
then
acl_should="$( for param in user group mask other
do
[ ! -f "$__object/parameter/$param" ] && continue
echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=:
echo "$param$sep$( cat "$__object/parameter/$param" )"
done )"
else else
echo 'no parameters set' >&2 echo 'no parameters set' >&2
exit 1 exit 1
fi fi
# instead of setfacl's non-helpful message "Option -m: Invalid argument near character X"
# let's check if target has necessary users and groups, since mistyped or missing
# users/groups in target is most common reason.
echo "$acl_should" \
| grep -Po '(user|group):[^:]+' \
| sort -u \
| while read -r l
do
if ! grep "$l" -Fxq "$__object/explorer/getent"
then
echo "no $l' in target" | sed "s/:/ '/" >&2
exit 1
fi
done
if [ -f "$__object/parameter/default" ] if [ -f "$__object/parameter/default" ]
then then
acl_should="$( echo "$acl_should" \ acl_should="$( echo "$acl_should" \

12
cdist/conf/type/__acl/man.rst
View file

@ -12,11 +12,14 @@ Fully supported and tested on Linux (ext4 filesystem), partial support for FreeB
See ``setfacl`` and ``acl`` manpages for more details. See ``setfacl`` and ``acl`` manpages for more details.
One of ``--entry`` or ``--source`` must be used.
REQUIRED MULTIPLE PARAMETERS
OPTIONAL MULTIPLE PARAMETERS
---------------------------- ----------------------------
entry entry
Set ACL entry following ``getfacl`` output syntax. Set ACL entry following ``getfacl`` output syntax.
Must be used if ``--source`` is not used.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
@ -25,6 +28,7 @@ source
Read ACL entries from stdin or file. Read ACL entries from stdin or file.
Ordering of entries is not important. Ordering of entries is not important.
When reading from file, comments and empty lines are ignored. When reading from file, comments and empty lines are ignored.
Must be used if ``--entry`` is not used.
file file
Create/change file with ``__file`` using ``user:group:mode`` pattern. Create/change file with ``__file`` using ``user:group:mode`` pattern.
@ -48,12 +52,6 @@ remove
``mask`` and ``other`` entries can't be removed, but only changed. ``mask`` and ``other`` entries can't be removed, but only changed.
DEPRECATED PARAMETERS
---------------------
Parameters ``acl``, ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
will be removed in future versions. Please use ``entry`` parameter instead.
EXAMPLES EXAMPLES
-------- --------

1
cdist/conf/type/__acl/parameter/deprecated/acl
View file

@ -1 +0,0 @@
see manual for details

1
cdist/conf/type/__acl/parameter/deprecated/group
View file

@ -1 +0,0 @@
see manual for details

1
cdist/conf/type/__acl/parameter/deprecated/mask
View file

@ -1 +0,0 @@
see manual for details

1
cdist/conf/type/__acl/parameter/deprecated/other
View file

@ -1 +0,0 @@
see manual for details

1
cdist/conf/type/__acl/parameter/deprecated/user
View file

@ -1 +0,0 @@
see manual for details

2
cdist/conf/type/__acl/parameter/optional
View file

@ -1,5 +1,3 @@
mask
other
source source
file file
directory directory

3
cdist/conf/type/__acl/parameter/optional_multiple
View file

@ -1,4 +1 @@
entry entry
acl
user
group

3
cdist/conf/type/__download/man.rst
View file

@ -69,7 +69,8 @@ EXAMPLES
require='__download/opt/cpma/cnq3.zip' \ require='__download/opt/cpma/cnq3.zip' \
__unpack /opt/cpma/cnq3.zip \ __unpack /opt/cpma/cnq3.zip \
--move-existing-destination \ --backup-destination \
--preserve-archive \
--destination /opt/cpma/server --destination /opt/cpma/server

4
cdist/conf/type/__update_alternatives/explorer/alternatives Executable file
View file

@ -0,0 +1,4 @@
#!/bin/sh -e
update-alternatives --display "$__object_id" 2>/dev/null \
| awk -F ' - ' '/priority [0-9]+$/ { print $1 }'

40
cdist/conf/type/__update_alternatives/explorer/link Executable file
View file

@ -0,0 +1,40 @@
#!/bin/sh -e
# fedora's (update-)alternatives --display output doesn't have
# "link <name> is <path>" line, but debian does. so, let's find
# out how they store this information.
#
# debian and friends:
# https://salsa.debian.org/dpkg-team/dpkg/-/blob/master/utils/update-alternatives.c
# see calls to altdb_print_line function
#
# fedora and friends:
# https://github.com/fedora-sysv/chkconfig/blob/master/alternatives.c
# see calls to parseLine function
#
# conclusion: it is safe to assume that (master) link is on second line
for altdir in \
/var/lib/dpkg/alternatives \
/var/lib/alternatives
do
if [ ! -f "$altdir/$__object_id" ]
then
continue
fi
link="$( awk 'NR==2' "$altdir/$__object_id" )"
if [ -n "$link" ]
then
break
fi
done
if [ -z "$link" ]
then
echo "unable to get link for $__object_id" >&2
exit 1
fi
echo "$link"

12
cdist/conf/type/__update_alternatives/explorer/path_is Executable file
View file

@ -0,0 +1,12 @@
#!/bin/sh -e
path_is="$( update-alternatives --display "$__object_id" 2>/dev/null \
| awk '/link currently points to/ {print $5}' )"
if [ -z "$path_is" ]
then
echo "unable to get current path for $__object_id" >&2
exit 1
fi
echo "$path_is"

8
cdist/conf/type/__update_alternatives/explorer/path_should_state Executable file
View file

@ -0,0 +1,8 @@
#!/bin/sh -e
if [ -f "$( cat "$__object/parameter/path" )" ]
then
echo 'present'
else
echo 'absent'
fi

8
cdist/conf/type/__update_alternatives/explorer/state
View file

@ -1,8 +0,0 @@
#!/bin/sh -e
path="$(cat "$__object/parameter/path")"
name="$__object_id"
link="$(readlink "/etc/alternatives/$name")"
if [ "$path" = "$link" ]
then echo present
else echo absent
fi

37
cdist/conf/type/__update_alternatives/gencode-remote
View file

@ -1,6 +1,7 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2013 Nico Schottelius (nico-cdist at schottelius.org) # 2013 Nico Schottelius (nico-cdist at schottelius.org)
# 2020 Ander Punnar (ander@kvlt.ee)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -16,12 +17,38 @@
# #
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
if [ "$(cat "$__object/explorer/state")" = 'present' ] path_is="$( cat "$__object/explorer/path_is" )"
then exit 0
path_should="$( cat "$__object/parameter/path" )"
if [ "$path_is" = "$path_should" ]
then
exit 0
fi
if [ "$( cat "$__object/explorer/path_should_state" )" = 'absent' ] && [ -z "$__cdist_dry_run" ]
then
echo "$path_should does not exist in target" >&2
exit 1
fi fi
path="$(cat "$__object/parameter/path")"
name="$__object_id" name="$__object_id"
echo "update-alternatives --quiet --set '$name' '$path'"
alternatives="$( cat "$__object/explorer/alternatives" )"
if ! echo "$alternatives" | grep -Fxq "$path_should"
then
if [ ! -f "$__object/parameter/install" ]
then
echo "$path_should is not in $name alternatives." >&2
echo 'Please install missing packages or use --install to add path to alternatives.' >&2
exit 1
fi
link="$( cat "$__object/explorer/link" )"
echo "update-alternatives --install '$link' '$name' '$path_should' 1000"
fi
echo "update-alternatives --set '$name' '$path_should'"

13
cdist/conf/type/__update_alternatives/man.rst
View file

@ -19,6 +19,12 @@ path
Use this path for the given alternative Use this path for the given alternative
BOOLEAN PARAMETERS
------------------
install
Add (``update-alternatives --install``) missing path to alternatives.
EXAMPLES EXAMPLES
-------- --------
@ -36,11 +42,12 @@ SEE ALSO
AUTHORS AUTHORS
------- -------
Nico Schottelius <nico-cdist--@--schottelius.org> Nico Schottelius <nico-cdist--@--schottelius.org>
Ander Punnar <ander@kvlt.ee>
COPYING COPYING
------- -------
Copyright \(C) 2013 Nico Schottelius. You can redistribute it Copyright \(C) 2013 Nico Schottelius and 2020 Ander Punnar. You can
and/or modify it under the terms of the GNU General Public License as redistribute it and/or modify it under the terms of the GNU General Public
published by the Free Software Foundation, either version 3 of the License as published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version. License, or (at your option) any later version.

1
cdist/conf/type/__update_alternatives/parameter/boolean Normal file
View file

@ -0,0 +1 @@
install

3
docs/changelog
View file

@ -8,6 +8,9 @@ next:
* Type __package_pkgng_freebsd: Bootstrap pkg if necessary (Evil Ham) * Type __package_pkgng_freebsd: Bootstrap pkg if necessary (Evil Ham)
* Type __service: Fix calling __systemd_service (Mark Verboom) * Type __service: Fix calling __systemd_service (Mark Verboom)
* Type __line: Add 'replace' state (Evil Ham) * Type __line: Add 'replace' state (Evil Ham)
* Type __download: Fix man page (Matthias Stecher)
* Type __acl: Remove deprecated parameters, fix bugs (Ander Punnar)
* Type __update_alternatives: Rewrite, support --install (Ander Punnar)
6.8.0: 2020-09-11 6.8.0: 2020-09-11
* Type __locale_system: Fix for debian and ubuntu (Ander Punnar) * Type __locale_system: Fix for debian and ubuntu (Ander Punnar)