diff --git a/Makefile b/Makefile
index 112b1411..396551fb 100644
--- a/Makefile
+++ b/Makefile
@@ -170,17 +170,6 @@ $(ML_FILE): $(CHANGELOG_FILE)
ml-release: $(ML_FILE)
-################################################################################
-# Release: Freecode
-#
-FREECODE_FILE=.lock-freecode
-
-$(FREECODE_FILE): $(CHANGELOG_FILE)
- $(helper) freecode-release $(CHANGELOG_VERSION)
- touch $@
-
-freecode-release: $(FREECODE_FILE)
-
################################################################################
# pypi
#
@@ -197,7 +186,7 @@ ARCHLINUX_FILE=.lock-archlinux
ARCHLINUXTAR=cdist-$(CHANGELOG_VERSION)-1.src.tar.gz
$(ARCHLINUXTAR): PKGBUILD
- makepkg -c --source
+ umask 022; makepkg -c --source
PKGBUILD: PKGBUILD.in $(PYTHON_VERSION)
./PKGBUILD.in $(CHANGELOG_VERSION)
diff --git a/PKGBUILD.in b/PKGBUILD.in
index e3ae4619..c967249d 100755
--- a/PKGBUILD.in
+++ b/PKGBUILD.in
@@ -17,7 +17,13 @@ source=("http://pypi.python.org/packages/source/c/cdist/cdist-\${pkgver}.tar.gz"
package() {
cd cdist-\${pkgver}
python3 setup.py build install --root="\${pkgdir}"
+ find "\$pkgdir" -type d -exec chmod 0755 {} \;
+ find "\$pkgdir" -type f -exec chmod a+r {} \;
}
eof
makepkg -g >> "${outfile}"
+
+# Fix this issue:
+# error: failed to upload cdist-3.1.6-1.src.tar.gz: Error - all files must have permissions of 644 or 755.
+chmod a+r "${outfile}"
diff --git a/bin/build-helper b/bin/build-helper
index d28c0616..31789a2e 100755
--- a/bin/build-helper
+++ b/bin/build-helper
@@ -145,21 +145,6 @@ eof
;;
- freecode-release)
- version=$1; shift
- printf "Enter tag list for freecode release %s> " "$version"
- read taglist
-
- printf "Enter changelog for freecode release %s> " "$version"
- read changelog
-
- echo "Submitting to freecode ..."
- python2 ~/p/foreign/freecode-submit-2.7/freecode-submit -P cdist \
- -v "$version" -c "$changelog" \
- -t "$taglist" \
- -n
- ;;
-
release-git-tag)
target_version=$($0 changelog-version)
if git rev-parse --verify refs/tags/$target_version 2>/dev/null; then
@@ -258,9 +243,6 @@ eof
# Archlinux release is based on pypi
make archlinux-release
- # Announce change on Freecode
- make freecode-release
-
# Announce change on ML
make ml-release
diff --git a/cdist/conf/type/__block/explorer/block b/cdist/conf/type/__block/explorer/block
index 6c35bc46..e1ca3441 100755
--- a/cdist/conf/type/__block/explorer/block
+++ b/cdist/conf/type/__block/explorer/block
@@ -1,5 +1,24 @@
#!/bin/sh
-# 2013 Steven Armstrong (steven-cdist at armstrong.cc)
+#
+# 2013 Steven Armstrong (steven-cdist armstrong.cc)
+# 2014 Nico Schottelius (nico-cdist at schottelius.org)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see .
+#
+
file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")"
@@ -8,12 +27,12 @@ file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")"
prefix=$(cat "$__object/parameter/prefix" 2>/dev/null || echo "#cdist:__block/$__object_id")
suffix=$(cat "$__object/parameter/suffix" 2>/dev/null || echo "#/cdist:__block/$__object_id")
-awk -v prefix="$prefix" -v suffix="$suffix" '{
- if (index($0,prefix)) {
+awk -v prefix="^$prefix\$" -v suffix="^$suffix\$" '{
+ if (match($0,prefix)) {
triggered=1
}
if (triggered) {
- if (index($0,suffix)) {
+ if (match($0,suffix)) {
triggered=0
}
print
diff --git a/cdist/conf/type/__block/gencode-remote b/cdist/conf/type/__block/gencode-remote
index 0a5eea18..973e9922 100755
--- a/cdist/conf/type/__block/gencode-remote
+++ b/cdist/conf/type/__block/gencode-remote
@@ -46,7 +46,7 @@ tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
if [ -f "$file" ]; then
cp -p "$file" "\$tmpfile"
fi
-awk -v prefix="$prefix" -v suffix="$suffix" '
+awk -v prefix="^$prefix\\\$" -v suffix="^$suffix\\\$" '
{
if (index(\$0,prefix)) {
triggered=1
diff --git a/cdist/conf/type/__iptables_apply/files/init-script b/cdist/conf/type/__iptables_apply/files/init-script
index 2dc952e9..2247dcf5 100644
--- a/cdist/conf/type/__iptables_apply/files/init-script
+++ b/cdist/conf/type/__iptables_apply/files/init-script
@@ -45,4 +45,14 @@ case $1 in
restart)
"$0" stop && "$0" start
;;
+ reset)
+ for table in INPUT FORWARD OUTPUT; do
+ iptables -P "$table" ACCEPT
+ iptables -F "$table"
+ done
+ for table in PREROUTING POSTROUTING OUTPUT; do
+ iptables -t nat -P "$table" ACCEPT
+ iptables -t nat -F "$table"
+ done
+ ;;
esac
diff --git a/cdist/conf/type/__locale/manifest b/cdist/conf/type/__locale/manifest
index ac953662..8384e0c6 100644
--- a/cdist/conf/type/__locale/manifest
+++ b/cdist/conf/type/__locale/manifest
@@ -29,7 +29,7 @@ case "$os" in
# Debian needs a seperate package
__package locales --state present
;;
- suse)
+ archlinux|suse)
:
;;
*)
diff --git a/cdist/conf/type/__ssh_authorized_keys/man.text b/cdist/conf/type/__ssh_authorized_keys/man.text
index 9fd683fd..2e4202a7 100644
--- a/cdist/conf/type/__ssh_authorized_keys/man.text
+++ b/cdist/conf/type/__ssh_authorized_keys/man.text
@@ -12,9 +12,9 @@ DESCRIPTION
-----------
Adds or removes ssh keys from a authorized_keys file.
-This type also manages the directory containing the authorized_keys
-file and sets strict ownership and permissions. You can disable this feature
-with the --noparent boolean parameter.
+This type uses the __ssh_dot_ssh type to the directory containing
+the authorized_keys file.
+You can disable this feature with the --noparent boolean parameter.
The existence, ownership and permissions of the authorized_keys file itself are
also managed. This can be disabled with the --nofile boolean parameter. It is
diff --git a/cdist/conf/type/__ssh_authorized_keys/manifest b/cdist/conf/type/__ssh_authorized_keys/manifest
index 1c9df208..5885ec77 100755
--- a/cdist/conf/type/__ssh_authorized_keys/manifest
+++ b/cdist/conf/type/__ssh_authorized_keys/manifest
@@ -40,12 +40,8 @@ if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ];
fi
if [ ! -f "$__object/parameter/noparent" ]; then
- # Ensure that the directory in which the authorized_keys shall be exists and
- # has the right permissions.
- ssh_directory="${file%/*}"
- __directory "$ssh_directory" --state present --parents \
- --owner "$owner" --group "$group" --mode 0700
- export require="__directory/$ssh_directory"
+ __ssh_dot_ssh "$owner"
+ export require="__ssh_dot_ssh/$owner"
fi
if [ ! -f "$__object/parameter/nofile" ]; then
# Ensure that authorized_keys file exists and has the right permissions.
diff --git a/cdist/conf/type/__ssh_dot_ssh/explorer/group b/cdist/conf/type/__ssh_dot_ssh/explorer/group
new file mode 100755
index 00000000..cdea6fe7
--- /dev/null
+++ b/cdist/conf/type/__ssh_dot_ssh/explorer/group
@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see .
+#
+
+gid="$("$__type_explorer/passwd" | cut -d':' -f 4)"
+getent group "$gid" || true
diff --git a/cdist/conf/type/__ssh_dot_ssh/explorer/passwd b/cdist/conf/type/__ssh_dot_ssh/explorer/passwd
new file mode 100755
index 00000000..3fbad06f
--- /dev/null
+++ b/cdist/conf/type/__ssh_dot_ssh/explorer/passwd
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# 2012 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2014 Nico Schottelius (nico-cdist at schottelius.org)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see .
+#
+
+owner="$__object_id"
+
+getent passwd "$owner" || true
diff --git a/cdist/conf/type/__ssh_dot_ssh/man.text b/cdist/conf/type/__ssh_dot_ssh/man.text
new file mode 100644
index 00000000..2cd2001c
--- /dev/null
+++ b/cdist/conf/type/__ssh_dot_ssh/man.text
@@ -0,0 +1,44 @@
+cdist-type__ssh_dot_ssh(7)
+==========================
+Nico Schottelius
+
+
+NAME
+----
+cdist-type__ssh_dot_ssh - Manage .ssh directory
+
+
+DESCRIPTION
+-----------
+Adds or removes .ssh directory to a user home.
+
+This type is being used by __ssh_authorized_keys.
+
+OPTIONAL PARAMETERS
+-------------------
+state::
+ if the directory should be 'present' or 'absent', defaults to 'present'.
+
+
+EXAMPLES
+--------
+
+--------------------------------------------------------------------------------
+# Ensure root has ~/.ssh with the right permissions
+__ssh_dot_ssh root
+
+# Nico does not need ~/.ssh anymore
+__ssh_dot_ssh nico --state absent
+--------------------------------------------------------------------------------
+
+
+SEE ALSO
+--------
+- cdist-type(7)
+- cdist-type__ssh_authorized_keys(7)
+
+
+COPYING
+-------
+Copyright \(C) 2014 Nico Schottelius. Free use of this software is
+granted under the terms of the GNU General Public License version 3 (GPLv3).
diff --git a/cdist/conf/type/__ssh_dot_ssh/manifest b/cdist/conf/type/__ssh_dot_ssh/manifest
new file mode 100755
index 00000000..4b797afb
--- /dev/null
+++ b/cdist/conf/type/__ssh_dot_ssh/manifest
@@ -0,0 +1,44 @@
+#!/bin/sh
+#
+# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2014 Nico Schottelius (nico-cdist at schottelius.org)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see .
+#
+# Hacked in Kalamata, Greece
+#
+
+owner="$__object_id"
+state="$(cat "$__object/parameter/state")"
+
+group="$(cut -d':' -f 1 "$__object/explorer/group")"
+if [ -z "$group" ]; then
+ echo "Failed to get owners group from explorer." >&2
+ exit 1
+fi
+
+home="$(cut -d':' -f 6 "$__object/explorer/passwd")"
+if [ -z "$home" ]; then
+ echo "Failed to get home directory from explorer." >&2
+ exit 1
+fi
+ssh_directory="${home}/.ssh"
+
+# Ensure that the directory in which the authorized_keys shall be exists and
+# has the right permissions.
+__directory "$ssh_directory" \
+ --state "$state" \
+ --owner "$owner" --group "$group" --mode 0700
diff --git a/cdist/conf/type/__ssh_dot_ssh/parameter/default/state b/cdist/conf/type/__ssh_dot_ssh/parameter/default/state
new file mode 100644
index 00000000..e7f6134f
--- /dev/null
+++ b/cdist/conf/type/__ssh_dot_ssh/parameter/default/state
@@ -0,0 +1 @@
+present
diff --git a/cdist/conf/type/__ssh_dot_ssh/parameter/optional b/cdist/conf/type/__ssh_dot_ssh/parameter/optional
new file mode 100644
index 00000000..ff72b5c7
--- /dev/null
+++ b/cdist/conf/type/__ssh_dot_ssh/parameter/optional
@@ -0,0 +1 @@
+state
diff --git a/cdist/conf/type/__zypper_repo/explorer/repo_id b/cdist/conf/type/__zypper_repo/explorer/repo_id
index be0b9771..6a4791e6 100644
--- a/cdist/conf/type/__zypper_repo/explorer/repo_id
+++ b/cdist/conf/type/__zypper_repo/explorer/repo_id
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# 2013 Daniel Heule (hda at sfs.biz)
+# 2013-2014 Daniel Heule (hda at sfs.biz)
#
# This file is part of cdist.
#
@@ -26,4 +26,4 @@ if [ -f "$__object/parameter/uri" ]; then
else
uri="$__object_id"
fi
-echo $(zypper lr -u | grep -E "\<$uri\>" | cut -d'|' -f 1 | grep -E '^[0-9]' )
+echo $(zypper lr -u | grep -F "$uri" | cut -d'|' -f 1 | grep -E '^[0-9]' )
diff --git a/docs/changelog b/docs/changelog
index 094e140e..e54da541 100644
--- a/docs/changelog
+++ b/docs/changelog
@@ -5,12 +5,17 @@ Changelog
* Exception: No braces means author == Nico Schottelius
-3.1.6:
+3.1.6: 2014-08-18
+ * New Type: __ssh_dot_ssh
* Type __package_yum: Support retrieving package via URL
* Type __hostname: Support SuSE and have CentOS use sysconfig value
* Type __locale: Support SuSE
+ * Type __locale: Support Archlinux
* Type __timezone: Support SuSE
* Type __file: Support MacOS X (Manuel Hutter)
+ * Type __iptables_apply: Add "reset" to init.d script of iptables
+ * Type __ssh_authorized_key: Use new type __ssh_dot_ssh
+ * Type __zypper_repo: Bugfix for pattern matching (Daniel Heule)
3.1.5: 2014-05-05
* Type __zypper_repo: Automatically import gpg keys (Daniel Heule)
diff --git a/docs/dev/todo/TAKEME b/docs/dev/todo/TAKEME
index 87fc91c5..4d097091 100644
--- a/docs/dev/todo/TAKEME
+++ b/docs/dev/todo/TAKEME
@@ -5,10 +5,6 @@ Feel free to pick one!
CORE
----
-- support default parameter
-- document and add paremeters for remote-copy and remote-exec!
- - remove hack, make a feature of it
-
- remove var=foo calls on remote side. Use -o SendEnv (yeah, see ssh_config(5))
TESTS
@@ -23,9 +19,6 @@ TESTS
USER INTERFACE
--------------
-- How to cleanly implement "restart service if config file changed"
- -> document
-
- Cache
- add example how to use
- export variable $__cache
@@ -45,7 +38,6 @@ TYPES
- Add testing framework (proposed by Evax Software)
- __user
add option to include --create-home
-- Merge __addifnosuchline and __removeline into __line + --state present|absent
- __cron: Support --file to be used instead of user cron (probably direct support
of /etc/cron.d)
diff --git a/docs/man/man7/cdist-messaging.text b/docs/man/man7/cdist-messaging.text
index 0e53871e..a6258564 100644
--- a/docs/man/man7/cdist-messaging.text
+++ b/docs/man/man7/cdist-messaging.text
@@ -57,6 +57,48 @@ if grep -q "^__your_type/object/id:something" "$__messages_in"; then
fi
--------------------------------------------------------------------------------
+Some real life examples:
+--------------------------------------------------------------------------------
+# Reacting on changes from block for keepalive
+if grep -q "^__block/keepalive-vrrp" "$__messages_in"; then
+ echo /etc/init.d/keepalived restart
+fi
+
+# Reacting on changes of configuration files
+if grep -q "^__file/etc/one" $__messages_in; then
+ echo 'for init in /etc/init.d/opennebula*; do $init restart; done'
+fi
+--------------------------------------------------------------------------------
+
+Restart sshd on changes
+--------------------------------------------------------------------------------
+os="$(cat "$__global/explorer/os")"
+
+case "$os" in
+ centos|redhat|suse)
+ restart="/etc/init.d/sshd restart"
+ ;;
+ debian|ubuntu)
+ restart="/etc/init.d/ssh restart"
+ ;;
+ *)
+ cat << eof >&2
+Unsupported os $os.
+If you would like to have this type running on $os,
+you can either develop the changes and send a pull
+request or ask for a quote at www.ungleich.ch
+eof
+ exit 1
+ ;;
+esac
+
+if grep -q "^__key_value/PermitRootLogin" "$__messages_in"; then
+ echo $restart
+fi
+--------------------------------------------------------------------------------
+
+
+
SEE ALSO
--------
diff --git a/docs/speeches/2014-05-19_cdi.st-zkb_linux_erfa.odp b/docs/speeches/2014-05-19_cdi.st-zkb_linux_erfa.odp
index f722a9cc..a09db845 100644
Binary files a/docs/speeches/2014-05-19_cdi.st-zkb_linux_erfa.odp and b/docs/speeches/2014-05-19_cdi.st-zkb_linux_erfa.odp differ
diff --git a/docs/speeches/2014-06-10_openclouddays.odp b/docs/speeches/2014-06-10_openclouddays.odp
new file mode 100644
index 00000000..e85451c8
Binary files /dev/null and b/docs/speeches/2014-06-10_openclouddays.odp differ
diff --git a/docs/speeches/2014-06-10_openclouddays_teaser.odp b/docs/speeches/2014-06-10_openclouddays_teaser.odp
new file mode 100644
index 00000000..16ec8e95
Binary files /dev/null and b/docs/speeches/2014-06-10_openclouddays_teaser.odp differ
diff --git a/docs/speeches/2014-06-10_openclouddays_teaser.pdf b/docs/speeches/2014-06-10_openclouddays_teaser.pdf
new file mode 100644
index 00000000..c5a052b8
Binary files /dev/null and b/docs/speeches/2014-06-10_openclouddays_teaser.pdf differ
diff --git a/docs/speeches/2014-06-19_ucms14_cdi.st.odp b/docs/speeches/2014-06-19_ucms14_cdi.st.odp
new file mode 100644
index 00000000..9338abe4
Binary files /dev/null and b/docs/speeches/2014-06-19_ucms14_cdi.st.odp differ
diff --git a/docs/speeches/2014-06-19_ucms14_cdist_cinv_bof.odp b/docs/speeches/2014-06-19_ucms14_cdist_cinv_bof.odp
new file mode 100644
index 00000000..21f59ee8
Binary files /dev/null and b/docs/speeches/2014-06-19_ucms14_cdist_cinv_bof.odp differ