Release 6.1.0

++changelog
Merge branch 'hostname' into 'master'
2019-11-19 21:54:56 +01:00 · 2019-11-19 21:53:40 +01:00 · 2019-11-19 21:51:54 +01:00 · 2019-11-19 21:29:45 +01:00 · 2019-11-17 19:39:09 +01:00 · 2019-11-16 23:33:23 +01:00
285 changed files with 14424 additions and 1850 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -4,3 +4,5 @@
 docs/speeches export-ignore
 docs/video export-ignore
 docs/src/man7 export-ignore
+bin/build-helper export-ignore
+README-maintainers export-ignore
--- a/.gitignore
+++ b/.gitignore
@ -12,6 +12,7 @@ Session.vim
 # Temporary
 .netrwhist
 *~
+*.tmp
 # Auto-generated tag files
 tags
 # Persistent undo
@ -33,7 +34,7 @@ cdist/inventory/
 # Python: cache, distutils, distribution in general
 __pycache__/
 *.pyc
-MANIFEST
+/MANIFEST
 dist/
 cdist/version.py
 cdist.egg-info/
@ -43,6 +44,7 @@ _build/
 docs/dist

 # Ignore temp files used for signing
+cdist-*.tar
 cdist-*.tar.gz
 cdist-*.tar.gz.asc

--- a/216
+++ b/216
@ -18,36 +18,30 @@
 #
 #

-helper=./bin/build-helper
+.PHONY: help
+help:
+	@echo "Please use \`make <target>' where <target> is one of"
+	@echo "man             build only man user documentation"
+	@echo "html            build only html user documentation"
+	@echo "docs            build both man and html user documentation"
+	@echo "dotman          build man pages for types in your ~/.cdist directory"
+	@echo "speeches        build speeches pdf files"
+	@echo "install         install in the system site-packages directory"
+	@echo "install-user    install in the user site-packages directory"
+	@echo "docs-clean      clean documentation"
+	@echo "clean           clean"

-DOCS_SRC_DIR=docs/src
-SPEECHDIR=docs/speeches
-TYPEDIR=cdist/conf/type
-
-WEBSRCDIR=docs/web
-
-WEBDIR=$$HOME/vcs/www.nico.schottelius.org
-WEBBLOG=$(WEBDIR)/blog
-WEBBASE=$(WEBDIR)/software/cdist
-WEBPAGE=$(WEBBASE).mdwn
-
-CHANGELOG_VERSION=$(shell $(helper) changelog-version)
-CHANGELOG_FILE=docs/changelog
-
-PYTHON_VERSION=cdist/version.py
+DOCS_SRC_DIR=./docs/src
+SPEECHDIR=./docs/speeches
+TYPEDIR=./cdist/conf/type

 SPHINXM=make -C $(DOCS_SRC_DIR) man
 SPHINXH=make -C $(DOCS_SRC_DIR) html
 SPHINXC=make -C $(DOCS_SRC_DIR) clean

-SHELLCHECKCMD=shellcheck -s sh -f gcc -x
-# Skip SC2154 for variables starting with __ since such variables are cdist
-# environment variables.
-SHELLCHECK_SKIP=grep -v ': __.*is referenced but not assigned.*\[SC2154\]'
 ################################################################################
 # Manpages
 #
-MAN1DSTDIR=$(DOCS_SRC_DIR)/man1
 MAN7DSTDIR=$(DOCS_SRC_DIR)/man7

 # Manpages #1: Types
@ -69,11 +63,16 @@ DOCSREFSH=$(DOCS_SRC_DIR)/cdist-reference.rst.sh
 $(DOCSREF): $(DOCSREFSH)
 	$(DOCSREFSH)

+version:
+	@[ -f "cdist/version.py" ] || { \
+		printf "Missing 'cdist/version.py', please generate it first.\n" && exit 1; \
+	}
+
 # Manpages #3: generic part
-man: $(MANTYPES) $(DOCSREF) $(PYTHON_VERSION)
+man: version $(MANTYPES) $(DOCSREF)
 	$(SPHINXM)

-html: $(MANTYPES) $(DOCSREF) $(PYTHON_VERSION)
+html: version $(MANTYPES) $(DOCSREF)
 	$(SPHINXH)

 docs: man html
@ -81,24 +80,6 @@ docs: man html
 docs-clean:
 	$(SPHINXC)

-# Manpages #5: release part
-MANWEBDIR=$(WEBBASE)/man/$(CHANGELOG_VERSION)
-HTMLBUILDDIR=docs/dist/html
-
-docs-dist: html
-	rm -rf "${MANWEBDIR}"
-	mkdir -p "${MANWEBDIR}"
-	# mkdir -p "${MANWEBDIR}/man1" "${MANWEBDIR}/man7"
-	# cp ${MAN1DSTDIR}/*.html ${MAN1DSTDIR}/*.css ${MANWEBDIR}/man1
-	# cp ${MAN7DSTDIR}/*.html ${MAN7DSTDIR}/*.css ${MANWEBDIR}/man7
-	cp -R ${HTMLBUILDDIR}/* ${MANWEBDIR}
-	cd ${MANWEBDIR} && git add . && git commit -m "cdist manpages update: $(CHANGELOG_VERSION)" || true
-
-man-latest-link: web-pub
-	# Fix ikiwiki, which does not like symlinks for pseudo security
-	ssh staticweb.ungleich.ch \
-		"cd /home/services/www/nico/nico.schottelius.org/www/software/cdist/man/ && rm -f latest && ln -sf "$(CHANGELOG_VERSION)" latest"
-
 # Manpages: .cdist Types
 DOT_CDIST_PATH=${HOME}/.cdist
 DOTMAN7DSTDIR=$(MAN7DSTDIR)
@ -111,8 +92,7 @@ DOTMANTYPES=$(subst /man.rst,.rst,$(DOTMANTYPEPREFIX))
 $(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst
 	ln -sf "$^" $@

-# Manpages #3: generic part
-dotman: $(DOTMANTYPES)
+dotman: version $(DOTMANTYPES)
 	$(SPHINXM)

 ################################################################################
@ -120,7 +100,6 @@ dotman: $(DOTMANTYPES)
 #
 SPEECHESOURCES=$(SPEECHDIR)/*.tex
 SPEECHES=$(SPEECHESOURCES:.tex=.pdf)
-SPEECHESWEBDIR=$(WEBBASE)/speeches

 # Create speeches and ensure Toc is up-to-date
 $(SPEECHDIR)/%.pdf: $(SPEECHDIR)/%.tex
@ -130,157 +109,26 @@ $(SPEECHDIR)/%.pdf: $(SPEECHDIR)/%.tex

 speeches: $(SPEECHES)

-speeches-dist: speeches
-	rm -rf "${SPEECHESWEBDIR}"
-	mkdir -p "${SPEECHESWEBDIR}"
-	cp ${SPEECHES} "${SPEECHESWEBDIR}"
-	cd ${SPEECHESWEBDIR} && git add . && git commit -m "cdist speeches updated" || true
-
 ################################################################################
-# Website
+# Misc
 #
-
-BLOGFILE=$(WEBBLOG)/cdist-$(CHANGELOG_VERSION)-released.mdwn
-
-$(BLOGFILE): $(CHANGELOG_FILE)
-	$(helper) blog $(CHANGELOG_VERSION) $(BLOGFILE)
-
-web-blog: $(BLOGFILE)
-
-web-doc:
-	# Go to top level, because of cdist.mdwn
-	rsync -av "$(WEBSRCDIR)/" "${WEBBASE}/.."
-	cd "${WEBBASE}/.." && git add cdist* && git commit -m "cdist doc update" cdist* || true
-
-web-dist: web-blog web-doc
-
-web-pub: web-dist docs-dist speeches-dist
-	cd "${WEBDIR}" && make pub
-
-web-release-all: man-latest-link
-web-release-all-no-latest: web-pub
-
-################################################################################
-# Release: Mailinglist
-#
-ML_FILE=.lock-ml
-
-# Only send mail once - lock until new changelog things happened
-$(ML_FILE): $(CHANGELOG_FILE)
-	$(helper) ml-release $(CHANGELOG_VERSION)
-	touch $@
-
-ml-release: $(ML_FILE)
-
-
-################################################################################
-# pypi
-#
-PYPI_FILE=.pypi-release
-$(PYPI_FILE): man $(PYTHON_VERSION)
-	python3 setup.py sdist upload
-	touch $@
-
-pypi-release: $(PYPI_FILE)
-################################################################################
-# archlinux
-#
-ARCHLINUX_FILE=.lock-archlinux
-ARCHLINUXTAR=cdist-$(CHANGELOG_VERSION)-1.src.tar.gz
-
-$(ARCHLINUXTAR): PKGBUILD
-	umask 022; mkaurball
-
-PKGBUILD: PKGBUILD.in $(PYTHON_VERSION)
-	./PKGBUILD.in $(CHANGELOG_VERSION)
-
-$(ARCHLINUX_FILE): $(ARCHLINUXTAR) $(PYTHON_VERSION)
-	burp -c system $(ARCHLINUXTAR)
-	touch $@
-
-archlinux-release: $(ARCHLINUX_FILE)
-
-################################################################################
-# Release
-#
-
-$(PYTHON_VERSION) version: .git/refs/heads/master
-	$(helper) version
-
-# Code that is better handled in a shell script
-check-%:
-	$(helper) $@
-
-release:
-	$(helper) $@
-
-################################################################################
-# Cleanup
-#
-
-clean:
+clean: docs-clean
 	rm -f $(DOCS_SRC_DIR)/cdist-reference.rst

 	find "$(DOCS_SRC_DIR)" -mindepth 2 -type l \
 	| xargs rm -f

-	make -C $(DOCS_SRC_DIR) clean
-
 	find * -name __pycache__  | xargs rm -rf

-	# Archlinux
-	rm -f cdist-*.pkg.tar.xz cdist-*.tar.gz
-	rm -rf pkg/ src/
-
-	rm -f MANIFEST PKGBUILD
-	rm -rf dist/
-
-	# Signed release
-	rm -f cdist-*.tar.gz
-	rm -f cdist-*.tar.gz.asc
-
-distclean: clean
-	rm -f cdist/version.py
+	# distutils
+	rm -rf ./build

 ################################################################################
-# Misc
+# install
 #

-# The pub is Nico's "push to all git remotes" way ("make pub")
-pub:
-	git push --mirror
+install:
+	python3 setup.py install

-test:
-	$(helper) $@
-
-test-remote:
-	$(helper) $@
-
-pycodestyle pep8:
-	$(helper) $@
-
-shellcheck-global-explorers:
-	@find cdist/conf/explorer -type f -exec $(SHELLCHECKCMD) {} + | $(SHELLCHECK_SKIP) || exit 0
-
-shellcheck-type-explorers:
-	@find cdist/conf/type -type f -path "*/explorer/*" -exec $(SHELLCHECKCMD) {} + | $(SHELLCHECK_SKIP) || exit 0
-
-shellcheck-manifests:
-	@find cdist/conf/type -type f -name manifest -exec $(SHELLCHECKCMD) {} + | $(SHELLCHECK_SKIP) || exit 0
-
-shellcheck-local-gencodes:
-	@find cdist/conf/type -type f -name gencode-local -exec $(SHELLCHECKCMD) {} + | $(SHELLCHECK_SKIP) || exit 0
-
-shellcheck-remote-gencodes:
-	@find cdist/conf/type -type f -name gencode-remote -exec $(SHELLCHECKCMD) {} + | $(SHELLCHECK_SKIP) || exit 0
-
-shellcheck-gencodes: shellcheck-local-gencodes shellcheck-remote-gencodes
-
-shellcheck-types: shellcheck-type-explorers shellcheck-manifests shellcheck-gencodes
-
-shellcheck: shellcheck-global-explorers shellcheck-types
-
-shellcheck-type-files:
-	@find cdist/conf/type -type f -path "*/files/*" -exec $(SHELLCHECKCMD) {} + | $(SHELLCHECK_SKIP) || exit 0
-
-shellcheck-with-files: shellcheck shellcheck-type-files
+install-user:
+	python3 setup.py install --user
--- a/PKGBUILD.in
+++ b/PKGBUILD.in
@ -9,7 +9,7 @@ pkgver=$version
 pkgrel=1
 pkgdesc='A Usable Configuration Management System"'
 arch=('any')
-url='http://www.nico.schottelius.org/software/cdist/'
+url='https://www.cdi.st/'
 license=('GPL3')
 depends=('python>=3.2.0')
 source=("http://pypi.python.org/packages/source/c/cdist/cdist-\${pkgver}.tar.gz")
--- a/3
+++ b/3
@ -3,4 +3,5 @@ cdist

 cdist is a usable configuration management system.

-For the web documentation have a look at docs/web/.
+For the web documentation have a look at https://www.cdi.st/
+or at docs/src for reStructuredText manual.
--- a/4
+++ b/4
@ -0,0 +1,4 @@
+Maintainers should use ./bin/build-helper script.
+
+Makefile is intended for end users. It can be used for non-maintaining
+targets that can be run from pure source (without git repository).
--- a/bin/build-helper
+++ b/bin/build-helper
@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2011-2013 Nico Schottelius (nico-cdist at schottelius.org)
+# 2016-2019 Darko Poljak (darko.poljak at gmail.com)
 #
 # This file is part of cdist.
 #
@ -18,17 +19,66 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 #
-# This file contains the heavy lifting found usually in the Makefile
+# This file contains the heavy lifting found usually in the Makefile.
 #

-basedir=${0%/*}/../
-# Change to checkout directory
-cd "$basedir"
+usage() {
+    printf "usage: %s TARGET [TARGET-ARGS...]
+    Available targets:
+        changelog-changes
+        changelog-version
+        check-date
+        check-unittest
+        ml-release
+        archlinux-release
+        pypi-release
+        release-git-tag
+        sign-git-release
+        release
+        test
+        test-remote
+        pycodestyle
+        pep8
+        check-pycodestyle
+        shellcheck-global-explorers
+        shellcheck-type-explorers
+        shellcheck-manifests
+        shellcheck-local-gencodes
+        shellcheck-remote-gencodes
+        shellcheck-scripts
+        shellcheck-gencodes
+        shellcheck-types
+        shellcheck
+        shellcheck-type-files
+        shellcheck-with-files
+        shellcheck-build-helper
+        check-shellcheck
+        version-branch
+        version
+        target-version
+        clean
+        distclean\n" "$1"
+}

-version=$(git describe)
+basename="${0##*/}"
+
+if [ $# -lt 1 ]
+then
+    usage "${basename}"
+    exit 1
+fi

 option=$1; shift

+SHELLCHECKCMD="shellcheck -s sh -f gcc -x"
+# Skip SC2154 for variables starting with __ since such variables are cdist
+# environment variables.
+SHELLCHECK_SKIP=': __.*is referenced but not assigned.*\[SC2154\]'
+
+# Change to checkout directory
+basedir="${0%/*}/../"
+cd "$basedir"
+
 case "$option" in
    changelog-changes)
        if [ "$#" -eq 1 ]; then
@ -66,8 +116,8 @@ case "$option" in
        date_changelog=$(grep '^[[:digit:]]' "$basedir/docs/changelog" | head -n1 | sed 's/.*: //')

        if [ "$date_today" != "$date_changelog" ]; then
-            echo "Date in changelog is not today"
-            echo "Changelog: $date_changelog"
+            printf "Date in changelog is not today\n"
+            printf "Changelog date: %s\n" "${date_changelog}"
            exit 1
        fi
    ;;
@ -76,54 +126,17 @@ case "$option" in
        "$0" test
    ;;

-    blog)
-        version=$1; shift
-        blogfile=$1; shift
-        dir=${blogfile%/*}
-        file=${blogfile##*/}
-
-
-        cat << eof > "$blogfile"
-[[!meta title="Cdist $version released"]]
-
-Here's a short overview about the changes found in version ${version}:
-
-eof
-
-        $0 changelog-changes "$version" >> "$blogfile"
-
-        cat << eof >> "$blogfile"
-For more information visit the [[cdist homepage|software/cdist]].
-
-[[!tag cdist config unix]]
-eof
-        cd "$dir"
-        git add "$file"
-        # Allow git commit to fail if there are no changes
-        git commit -m "cdist blog update: $version" "$blogfile" || true
-    ;;
-
    ml-release)
        if [ $# -ne 1 ]; then
-            echo "$0 ml-release version" >&2
+            printf "%s ml-release version\n" "$0" >&2
            exit 1
        fi

        version=$1; shift

-        to_a=cdist
-        to_d=l.schottelius.org
-        to=${to_a}@${to_d}
-
-        from_a=nico-cdist
-        from_d=schottelius.org
-        from=${from_a}@${from_d}
-
        ( 
        cat << eof
-From: Nico -telmich- Schottelius <$from>
-To: cdist mailing list <$to>
-Subject: cdist $version released
+Subject: cdist $version has been released

 Hello .*,

@ -134,25 +147,41 @@ eof
        "$0" changelog-changes "$version"
        cat << eof

-Cheers,
-
-Nico
-
-- 
-Automatisation at its best level. With cdist.
 eof
-        ) | /usr/sbin/sendmail -f "$from" "$to"
+        ) > mailinglist.tmp
    ;;

+    archlinux-release)
+        if [ $# -ne 1 ]; then
+            printf "%s archlinux-release version\n" "$0" >&2
+            exit 1
+        fi
+        version=$1; shift
+
+        ARCHLINUXTAR="cdist-${version}-1.src.tar.gz"
+        ./PKGBUILD.in "${version}"
+        umask 022
+        mkaurball
+        burp -c system "${ARCHLINUXTAR}"
+    ;;
+
+    pypi-release)
+        # Ensure that pypi release has the right version
+        "$0" version
+
+        make docs-clean
+        make docs
+        python3 setup.py sdist upload
+    ;;

    release-git-tag)
        target_version=$($0 changelog-version)
-        if git rev-parse --verify refs/tags/$target_version 2>/dev/null; then
-            echo "Tag for $target_version exists, aborting"
+        if git rev-parse --verify "refs/tags/${target_version}" 2>/dev/null; then
+            printf "Tag for %s exists, aborting\n" "${target_version}"
            exit 1
        fi
-        printf "Enter tag description for ${target_version}: "
-        read tagmessage
+        printf "Enter tag description for %s: " "${target_version}"
+        read -r tagmessage

        # setup for signed tags:
        # gpg --fulL-gen-key
@ -170,7 +199,8 @@ eof
        # gpg --verify <asc-file> <file>
        # gpg --no-default-keyring --keyring <pubkey.gpg> --verify <asc-file> <file>
        # Ensure gpg-agent is running.
-        export GPG_TTY=$(tty)
+        GPG_TTY=$(tty)
+        export GPG_TTY
        gpg-agent

        git tag -s "$target_version" -m "$tagmessage"
@ -180,14 +210,14 @@ eof
    sign-git-release)
        if [ $# -lt 2 ]
        then
-            printf "usage: $0 sign-git-release TAG TOKEN [ARCHIVE]\n"
+            printf "usage: %s sign-git-release TAG TOKEN [ARCHIVE]\n" "$0"
            printf "    if ARCHIVE is not specified then it is created\n"
            exit 1
        fi
        tag="$1"
        if ! git rev-parse -q --verify "${tag}" >/dev/null 2>&1
        then
-            printf "Tag \"${tag}\" not found.\n"
+            printf "Tag \"%s\" not found.\n" "${tag}"
            exit 1
        fi
        token="$2"
@ -195,44 +225,53 @@ eof
        then
            archivename="$3"
        else
-            archivename="cdist-${tag}.tar.gz"
+            archivename="cdist-${tag}.tar"
            git archive --prefix="cdist-${tag}/" -o "${archivename}" "${tag}" \
                || exit 1
+            # make sure target version is generated
+            "$0" target-version
+            tar -x -f "${archivename}" || exit 1
+            cp cdist/version.py "cdist-${tag}/cdist/version.py" || exit 1
+            tar -c -f "${archivename}" "cdist-${tag}/" || exit 1
+            rm -r -f "cdist-${tag}/"
+            gzip "${archivename}" || exit 1
+            archivename="${archivename}.gz"
        fi
        gpg --armor --detach-sign "${archivename}" || exit 1

-        # make github release
-        curl -H "Authorization: token ${token}" \
-            --request POST \
-            --data "{ \"tag_name\":\"${tag}\", \
-                      \"target_commitish\":\"master\", \
-                      \"name\": \"${tag}\", \
-                      \"body\":\"${tag}\", \
-                      \"draft\":false, \
-                      \"prerelease\": false}" \
-            "https://api.github.com/repos/ungleich/cdist/releases" || exit 1
+        project="ungleich-public%2Fcdist"
+        sed_cmd='s/^.*"markdown":"\([^"]*\)".*$/\1/'

-        # get release ID
-        repoid=$(curl "https://api.github.com/repos/ungleich/cdist/releases/tags/${tag}" \
-            | python3 -c 'import json; import sys; print(json.loads(sys.stdin.read())["id"])') \
-            || exit 1
+        # upload archive
+        response_archive=$(curl -f -X POST \
+             --http1.1 \
+             -H "PRIVATE-TOKEN: ${token}" \
+             -F "file=@${archivename}" \
+             "https://code.ungleich.ch/api/v4/projects/${project}/uploads" \
+             | sed "${sed_cmd}") || exit 1

-        # upload archive and then signature
-        curl -H "Authorization: token ${token}" \
-             -H "Accept: application/vnd.github.manifold-preview" \
-             -H "Content-Type: application/x-gtar" \
-             --data-binary @${archivename} \
-            "https://uploads.github.com/repos/ungleich/cdist/releases/${repoid}/assets?name=${archivename}" \
-            || exit 1
-        curl -H "Authorization: token ${token}" \
-             -H "Accept: application/vnd.github.manifold-preview" \
-             -H "Content-Type: application/pgp-signature" \
-             --data-binary @${archivename}.asc \
-            "https://uploads.github.com/repos/ungleich/cdist/releases/${repoid}/assets?name=${archivename}.asc" \
+        # upload archive signature
+        response_archive_sig=$(curl -f -X POST \
+             --http1.1 \
+             -H "PRIVATE-TOKEN: ${token}" \
+             -F "file=@${archivename}.asc" \
+            "https://code.ungleich.ch/api/v4/projects/${project}/uploads" \
+             | sed "${sed_cmd}") || exit 1
+
+        # make release
+        changelog=$("$0" changelog-changes "$1" | sed 's/^[[:space:]]*//')
+        release_notes=$(
+            printf "%s\n\n%s\n\n**Changelog**\n\n%s\n" \
+                "${response_archive}" "${response_archive_sig}" "${changelog}"
+        )
+        curl -f -X POST \
+             -H "PRIVATE-TOKEN: ${token}" \
+             -F "description=${release_notes}" \
+            "https://code.ungleich.ch/api/v4/projects/${project}/repository/tags/${tag}/release" \
            || exit 1

        # remove generated files (archive and asc)
-        if [ $# -eq 2]
+        if [ $# -eq 2 ]
        then
            rm -f "${archivename}"
        fi
@ -244,30 +283,30 @@ eof
        target_version=$($0 changelog-version)
        target_branch=$($0 version-branch)

-        echo "Beginning release process for $target_version"
+        printf "Beginning release process for %s\n" "${target_version}"

        # First check everything is sane
        "$0" check-date
        "$0" check-unittest
        "$0" check-pycodestyle
-        "$0" shellcheck
+        "$0" check-shellcheck

        # Generate version file to be included in packaging
        "$0" target-version

        # Ensure the git status is clean, else abort
        if ! git diff-index --name-only --exit-code HEAD ; then
-            echo "Unclean tree, see files above, aborting"
+            printf "Unclean tree, see files above, aborting.\n"
            exit 1
        fi

        # Ensure we are on the master branch
        masterbranch=yes
        if [ "$(git rev-parse --abbrev-ref HEAD)" != "master" ]; then
-            echo "Releases are happening from the master branch, aborting"
+            printf "Releases are happening from the master branch, aborting.\n"

-            echo "Enter the magic word to release anyway"
-            read magicword
+            printf "Enter the magic word to release anyway:"
+            read -r magicword

            if [ "$magicword" = "iknowwhatido" ]; then
                masterbranch=no
@ -278,7 +317,7 @@ eof

        if [ "$masterbranch" = yes ]; then
            # Ensure version branch exists
-            if ! git rev-parse --verify refs/heads/$target_branch 2>/dev/null; then
+            if ! git rev-parse --verify "refs/heads/${target_branch}" 2>/dev/null; then
                git branch "$target_branch"
            fi

@ -296,20 +335,12 @@ eof
        make docs-clean
        make docs

-        # Generate speeches (indirect check if they build)
-        make speeches
-
        ############################################################# 
        # Everything green, let's do the release

        # Tag the current commit
        "$0" release-git-tag

-        # sign git tag
-        printf "Enter github authentication token: "
-        read token
-        "$0" sign-git-release "${target_version}" "${token}"
-
        # Also merge back the version branch
        if [ "$masterbranch" = yes ]; then
            git checkout master
@ -317,41 +348,41 @@ eof
        fi

        # Publish git changes
-        make pub
-
-        # publish man, speeches, website
-        if [ "$masterbranch" = yes ]; then
-            make web-release-all
-        else
-            make web-release-all-no-latest
-        fi
-
-        # Ensure that pypi release has the right version
-        "$0" version
+        # if you want to have mirror locally then uncomment this and comment below
+        #     git push --mirror
+            git push
+            # push also new branch and set up tracking
+            git push -u origin "${target_branch}"
+        # fi

        # Create and publish package for pypi
-        make pypi-release
+        "$0" pypi-release

-        # Archlinux release is based on pypi
-        make archlinux-release
+        # sign git tag
+        printf "Enter upstream repository authentication token: "
+        read -r token
+        "$0" sign-git-release "${target_version}" "${token}"

        # Announce change on ML
-        make ml-release
+        "$0" ml-release "${target_version}"

        cat << eof
 Manual steps post release:
-
-    - linkedin
-    - hackernews
-    - reddit
+    - cdist-web
+    - send mail body generated in mailinglist.tmp and inform Dmitry for deb
    - twitter
-
 eof
-
    ;;

    test)
-        export PYTHONPATH="$(pwd -P)"
+        if [ ! -f "cdist/version.py" ]
+        then
+            printf "cdist/version.py is missing, generate it first.\n"
+            exit 1
+        fi
+
+        PYTHONPATH="$(pwd -P)"
+        export PYTHONPATH

        if [ $# -lt 1 ]; then
            python3 -m cdist.test
@ -361,7 +392,15 @@ eof
    ;;

    test-remote)
-        export PYTHONPATH="$(pwd -P)"
+        if [ ! -f "cdist/version.py" ]
+        then
+            printf "cdist/version.py is missing, generate it first.\n"
+            exit 1
+        fi
+
+        PYTHONPATH="$(pwd -P)"
+        export PYTHONPATH
+
        python3 -m cdist.test.exec.remote
    ;;

@ -374,9 +413,9 @@ eof
        printf "\\nPlease review pycodestyle report.\\n"
        while true
        do
-            echo "Continue (yes/no)?"
+            printf "Continue (yes/no)?\n"
            any=
-            read any
+            read -r any
            case "$any" in
                yes)
                    break
@ -385,20 +424,74 @@ eof
                    exit 1
                ;;
                *)
-                    echo "Please answer with 'yes' or 'no' explicitly."
+                    printf "Please answer with 'yes' or 'no' explicitly.\n"
                ;;
        esac
        done
    ;;

+    shellcheck-global-explorers)
+        find cdist/conf/explorer -type f -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
+    ;;
+
+    shellcheck-type-explorers)
+        find cdist/conf/type -type f -path "*/explorer/*" -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
+    ;;
+
+    shellcheck-manifests)
+        find cdist/conf/type -type f -name manifest -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
+    ;;
+
+    shellcheck-local-gencodes)
+        find cdist/conf/type -type f -name gencode-local -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
+    ;;
+
+    shellcheck-remote-gencodes)
+        find cdist/conf/type -type f -name gencode-remote -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
+    ;;
+
+    shellcheck-scripts)
+        ${SHELLCHECKCMD} scripts/cdist-dump scripts/cdist-new-type || exit 0
+    ;;
+
+    shellcheck-gencodes)
+        "$0" shellcheck-local-gencodes
+        "$0" shellcheck-remote-gencodes
+    ;;
+
+    shellcheck-types)
+        "$0" shellcheck-type-explorers
+        "$0" shellcheck-manifests
+        "$0" shellcheck-gencodes
+    ;;
+
    shellcheck)
-        make helper=${helper} WEBDIR=${WEBDIR} shellcheck
+        "$0" shellcheck-global-explorers
+        "$0" shellcheck-types
+        "$0" shellcheck-scripts
+    ;;
+
+    shellcheck-type-files)
+        find cdist/conf/type -type f -path "*/files/*" -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" || exit 0
+    ;;
+
+    shellcheck-with-files)
+        "$0" shellcheck
+        "$0" shellcheck-type-files
+    ;;
+
+    shellcheck-build-helper)
+        ${SHELLCHECKCMD} ./bin/build-helper
+    ;;
+
+    check-shellcheck)
+        "$0" shellcheck
        printf "\\nPlease review shellcheck report.\\n"
        while true
        do
-            echo "Continue (yes/no)?"
+            printf "Continue (yes/no)?\n"
            any=
-            read any
+            read -r any
            case "$any" in
                yes)
                    break
@ -407,7 +500,7 @@ eof
                    exit 1
                ;;
                *)
-                    echo "Please answer with 'yes' or 'no' explicitly."
+                    printf "Please answer with 'yes' or 'no' explicitly.\n"
                ;;
        esac
        done
@ -418,16 +511,39 @@ eof
    ;;

    version)
-        echo "VERSION = \"$(git describe)\"" > cdist/version.py
+        printf "VERSION = \"%s\"\n" "$(git describe)" > cdist/version.py
    ;;

    target-version)
        target_version=$($0 changelog-version)
-        echo "VERSION = \"${target_version}\"" > cdist/version.py
+        printf "VERSION = \"%s\"\n" "${target_version}" > cdist/version.py
    ;;

+    clean)
+        make clean
+
+        # Archlinux
+        rm -f cdist-*.pkg.tar.xz cdist-*.tar.gz
+        rm -rf pkg/ src/
+
+        rm -f MANIFEST PKGBUILD
+        rm -rf dist/
+
+        # Signed release
+        rm -f cdist-*.tar.gz
+        rm -f cdist-*.tar.gz.asc
+
+        # Temp files
+        rm -f ./*.tmp
+    ;;
+
+    distclean)
+        "$0" clean
+        rm -f cdist/version.py
+    ;;
    *)
-        echo "Unknown helper target $@ - aborting"
+        printf "Unknown target: '%s'.\n" "${option}" >&2
+        usage "${basename}"
        exit 1
    ;;

--- a/bin/build-helper.freebsd
+++ b/bin/build-helper.freebsd
@ -1,496 +0,0 @@
-#!/bin/sh
-#
-# 2011-2013 Nico Schottelius (nico-cdist at schottelius.org)
-# 2016 Darko Poljak (darko.poljak at gmail.com)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see <http://www.gnu.org/licenses/>.
-#
-#
-# This file contains the heavy lifting found usually in the Makefile
-#
-
-# vars for make
-helper=$0
-
-basedir=${0%/*}/../
-# run_as is used to check how the script is called (by $0 value)
-# currently supported sufixes for $0 are:
-# .freebsd - run as freebsd
-basename=${0##*/}
-run_as=${basename#*.}
-case "$run_as" in
-    freebsd)
-        to_a=cdist-configuration-management
-        to_d=googlegroups.com
-        from_a=darko.poljak
-        from_d=gmail.com
-        ml_name="Darko Poljak"
-        ml_sig_name="Darko"
-
-        # vars for make
-        WEBDIR=../vcs/www.nico.schottelius.org
-    ;;
-    *)
-        to_a=cdist
-        to_d=l.schottelius.org
-        from_a=nico-cdist
-        from_d=schottelius.org
-        ml_name="Nico -telmich- Schottelius"
-        ml_sig_name="Nico"
-
-        # vars for make
-        WEBDIR=$$HOME/vcs/www.nico.schottelius.org
-    ;;
-esac
-
-# Change to checkout directory
-cd "$basedir"
-
-version=$(git describe)
-
-option=$1; shift
-
-case "$option" in
-    print-make-vars)
-        printf "helper: ${helper}\n"
-        printf "WEBDIR: ${WEBDIR}\n"
-    ;;
-    print-runas)
-        printf "run_as: $run_as\n"
-    ;;
-    changelog-changes)
-        if [ "$#" -eq 1 ]; then
-            start=$1
-        else
-            start="[[:digit:]]"
-        fi
-
-        end="[[:digit:]]"
-
-        awk -F: "BEGIN { start=0 }
-            {
-                if(start == 0) {
-                    if (\$0 ~ /^$start/) {
-                        start = 1
-                    }
-                } else {
-                    if (\$0 ~ /^$end/) {
-                        exit
-                    } else {
-                        print \$0 
-                    }
-                }
-            }" "$basedir/docs/changelog"
-    ;;
-
-    changelog-version)
-        # get version from changelog
-        grep '^[[:digit:]]' "$basedir/docs/changelog" | head -n1 | sed 's/:.*//'
-    ;;
-
-    check-date)
-        # verify date in changelog is today
-        date_today="$(date +%Y-%m-%d)"
-        date_changelog=$(grep '^[[:digit:]]' "$basedir/docs/changelog" | head -n1 | sed 's/.*: //')
-
-        if [ "$date_today" != "$date_changelog" ]; then
-            echo "Date in changelog is not today"
-            echo "Changelog: $date_changelog"
-            exit 1
-        fi
-    ;;
-
-    check-unittest)
-        "$0" test
-    ;;
-
-    blog)
-        version=$1; shift
-        blogfile=$1; shift
-        dir=${blogfile%/*}
-        file=${blogfile##*/}
-
-
-        cat << eof > "$blogfile"
-[[!meta title="Cdist $version released"]]
-
-Here's a short overview about the changes found in version ${version}:
-
-eof
-
-        $0 changelog-changes "$version" >> "$blogfile"
-
-        cat << eof >> "$blogfile"
-For more information visit the [[cdist homepage|software/cdist]].
-
-[[!tag cdist config unix]]
-eof
-        cd "$dir"
-        git add "$file"
-        # Allow git commit to fail if there are no changes
-        git commit -m "cdist blog update: $version" "$blogfile" || true
-    ;;
-
-    ml-release)
-        if [ $# -ne 1 ]; then
-            echo "$0 ml-release version" >&2
-            exit 1
-        fi
-
-        version=$1; shift
-
-        to=${to_a}@${to_d}
-        from=${from_a}@${from_d}
-
-        ( 
-        cat << eof
-From: ${ml_name} <$from>
-To: cdist mailing list <$to>
-Subject: cdist $version released
-
-Hello .*,
-
-cdist $version has been released with the following changes:
-
-eof
-
-        "$0" changelog-changes "$version"
-        cat << eof
-
-Cheers,
-
-${ml_sig_name}
-
-- 
-Automatisation at its best level. With cdist.
-eof
-        ) | /usr/sbin/sendmail -f "$from" "$to"
-    ;;
-
-    release-git-tag)
-        target_version=$($0 changelog-version)
-        if git rev-parse --verify refs/tags/$target_version 2>/dev/null; then
-            echo "Tag for $target_version exists, aborting"
-            exit 1
-        fi
-        printf "Enter tag description for ${target_version}: "
-        read tagmessage
-
-        # setup for signed tags:
-        # gpg --fulL-gen-key
-        # gpg --list-secret-keys --keyid-format LONG
-        # git config --local user.signingkey <id>
-        # for exporting pub key:
-        #     gpg --armor --export <id> > pubkey.asc
-        #     gpg --output pubkey.gpg --export <id>
-        # show tag with signature
-        # git show <tag>
-        # verify tag signature
-        # git tag -v <tag>
-        #
-        # gpg verify signature
-        # gpg --verify <asc-file> <file>
-        # gpg --no-default-keyring --keyring <pubkey.gpg> --verify <asc-file> <file>
-        # Ensure gpg-agent is running.
-        export GPG_TTY=$(tty)
-        gpg-agent
-
-        git tag -s "$target_version" -m "$tagmessage"
-        git push --tags
-    ;;
-
-    sign-git-release)
-        if [ $# -lt 2 ]
-        then
-            printf "usage: $0 sign-git-release TAG TOKEN [ARCHIVE]\n"
-            printf "    if ARCHIVE is not specified then it is created\n"
-            exit 1
-        fi
-        tag="$1"
-        if ! git rev-parse -q --verify "${tag}" >/dev/null 2>&1
-        then
-            printf "Tag \"${tag}\" not found.\n"
-            exit 1
-        fi
-        token="$2"
-        if [ $# -gt 2 ]
-        then
-            archivename="$3"
-        else
-            archivename="cdist-${tag}.tar.gz"
-            git archive --prefix="cdist-${tag}/" -o "${archivename}" "${tag}" \
-                || exit 1
-        fi
-        gpg --armor --detach-sign "${archivename}" || exit 1
-
-        # make github release
-        curl -H "Authorization: token ${token}" \
-            --request POST \
-            --data "{ \"tag_name\":\"${tag}\", \
-                      \"target_commitish\":\"master\", \
-                      \"name\": \"${tag}\", \
-                      \"body\":\"${tag}\", \
-                      \"draft\":false, \
-                      \"prerelease\": false}" \
-            "https://api.github.com/repos/ungleich/cdist/releases" || exit 1
-
-        # get release ID
-        repoid=$(curl "https://api.github.com/repos/ungleich/cdist/releases/tags/${tag}" \
-            | python3 -c 'import json; import sys; print(json.loads(sys.stdin.read())["id"])') \
-            || exit 1
-
-        # upload archive and then signature
-        curl -H "Authorization: token ${token}" \
-             -H "Accept: application/vnd.github.manifold-preview" \
-             -H "Content-Type: application/x-gtar" \
-             --data-binary @${archivename} \
-            "https://uploads.github.com/repos/ungleich/cdist/releases/${repoid}/assets?name=${archivename}" \
-            || exit 1
-        curl -H "Authorization: token ${token}" \
-             -H "Accept: application/vnd.github.manifold-preview" \
-             -H "Content-Type: application/pgp-signature" \
-             --data-binary @${archivename}.asc \
-            "https://uploads.github.com/repos/ungleich/cdist/releases/${repoid}/assets?name=${archivename}.asc" \
-            || exit 1
-
-        # remove generated files (archive and asc)
-        if [ $# -eq 2]
-        then
-            rm -f "${archivename}"
-        fi
-        rm -f "${archivename}.asc"
-    ;;
-
-    release)
-        set -e
-        target_version=$($0 changelog-version)
-        target_branch=$($0 version-branch)
-
-        echo "Beginning release process for $target_version"
-
-        # First check everything is sane
-        "$0" check-date
-        "$0" check-unittest
-        "$0" check-pycodestyle
-        "$0" shellcheck
-
-        # Generate version file to be included in packaging
-        "$0" target-version
-
-        # Ensure the git status is clean, else abort
-        if ! git diff-index --name-only --exit-code HEAD ; then
-            echo "Unclean tree, see files above, aborting"
-            exit 1
-        fi
-
-        # Ensure we are on the master branch
-        masterbranch=yes
-        if [ "$(git rev-parse --abbrev-ref HEAD)" != "master" ]; then
-            echo "Releases are happening from the master branch, aborting"
-
-            echo "Enter the magic word to release anyway"
-            read magicword
-
-            if [ "$magicword" = "iknowwhatido" ]; then
-                masterbranch=no
-            else
-                exit 1
-            fi
-        fi
-
-        if [ "$masterbranch" = yes ]; then
-            # Ensure version branch exists
-            if ! git rev-parse --verify refs/heads/$target_branch 2>/dev/null; then
-                git branch "$target_branch"
-            fi
-
-            # Merge master branch into version branch
-            git checkout "$target_branch"
-            git merge master
-        fi
-
-        # Verify that after the merge everything works
-        "$0" check-date
-        "$0" check-unittest
-
-        # Generate documentation (man and html)
-        # First, clean old generated docs
-        make helper=${helper} WEBDIR=${WEBDIR} docs-clean
-        make helper=${helper} WEBDIR=${WEBDIR} docs
-
-        # Generate speeches (indirect check if they build)
-        make helper=${helper} WEBDIR=${WEBDIR} speeches
-
-        ############################################################# 
-        # Everything green, let's do the release
-
-        # Tag the current commit
-        "$0" release-git-tag
-
-        # sign git tag
-        printf "Enter github authentication token: "
-        read token
-        "$0" sign-git-release "${target_version}" "${token}"
-
-        # Also merge back the version branch
-        if [ "$masterbranch" = yes ]; then
-            git checkout master
-            git merge "$target_branch"
-        fi
-
-        # Publish git changes
-        case "$run_as" in
-            freebsd)
-                # if we are not Nico :) then just push, no mirror
-                git push
-                # push also new branch and set up tracking
-                git push -u origin "${target_branch}"
-            ;;
-            *)
-                make helper=${helper} WEBDIR=${WEBDIR} pub
-            ;;
-        esac
-
-        # publish man, speeches, website
-        if [ "$masterbranch" = yes ]; then
-            make helper=${helper} WEBDIR=${WEBDIR} web-release-all
-        else
-            make helper=${helper} WEBDIR=${WEBDIR} web-release-all-no-latest
-        fi
-
-        # Ensure that pypi release has the right version
-        "$0" version
-
-        # Create and publish package for pypi
-        make helper=${helper} WEBDIR=${WEBDIR} pypi-release
-
-        case "$run_as" in
-            freebsd)
-            ;;
-            *)
-                # Archlinux release is based on pypi
-                make archlinux-release
-            ;;
-        esac
-
-        # Announce change on ML
-        make helper=${helper} WEBDIR=${WEBDIR} ml-release
-
-        cat << eof
-Manual steps post release:
-
-    - linkedin
-    - hackernews
-    - reddit
-    - twitter
-
-eof
-
-        case "$run_as" in
-            freebsd)
-                cat <<eof
-Additional steps post release:
-    - archlinux release
-eof
-            ;;
-            *)
-            ;;
-        esac
-
-    ;;
-
-    test)
-        export PYTHONPATH="$(pwd -P)"
-
-        if [ $# -lt 1 ]; then
-            python3 -m cdist.test
-        else
-            python3 -m unittest "$@"
-        fi
-    ;;
-
-    test-remote)
-        export PYTHONPATH="$(pwd -P)"
-        python3 -m cdist.test.exec.remote
-    ;;
-
-    pycodestyle|pep8)
-        pycodestyle "${basedir}" "${basedir}/scripts/cdist" | less
-    ;;
-
-    check-pycodestyle)
-        "$0" pycodestyle
-        printf "\\nPlease review pycodestyle report.\\n"
-        while true
-        do
-            echo "Continue (yes/no)?"
-            any=
-            read any
-            case "$any" in
-                yes)
-                    break
-                ;;
-                no)
-                    exit 1
-                ;;
-                *)
-                    echo "Please answer with 'yes' or 'no' explicitly."
-                ;;
-        esac
-        done
-    ;;
-
-    shellcheck)
-        make helper=${helper} WEBDIR=${WEBDIR} shellcheck
-        printf "\\nPlease review shellcheck report.\\n"
-        while true
-        do
-            echo "Continue (yes/no)?"
-            any=
-            read any
-            case "$any" in
-                yes)
-                    break
-                ;;
-                no)
-                    exit 1
-                ;;
-                *)
-                    echo "Please answer with 'yes' or 'no' explicitly."
-                ;;
-        esac
-        done
-    ;;
-
-    version-branch)
-        "$0" changelog-version | cut -d. -f '1,2'
-    ;;
-
-    version)
-        echo "VERSION = \"$(git describe)\"" > cdist/version.py
-    ;;
-
-    target-version)
-        target_version=$($0 changelog-version)
-        echo "VERSION = \"${target_version}\"" > cdist/version.py
-    ;;
-
-    *)
-        echo "Unknown helper target $@ - aborting"
-        exit 1
-    ;;
-
-esac
--- a/cdist/init.py
+++ b/cdist/init.py
@ -181,17 +181,40 @@ class CdistObjectError(CdistEntityError):
                         params, stdout_paths, stderr_paths, subject)


+class CdistObjectExplorerError(CdistEntityError):
+    """
+    Something went wrong while working on a specific
+    cdist object explorer
+    """
+    def __init__(self, cdist_object, explorer_name, explorer_path,
+                 stderr_path, subject=''):
+        params = [
+            ('object name', cdist_object.name, ),
+            ('object path', cdist_object.absolute_path, ),
+            ('object source', " ".join(cdist_object.source), ),
+            ('object type', os.path.realpath(
+                cdist_object.cdist_type.absolute_path), ),
+            ('explorer name', explorer_name, ),
+            ('explorer path', explorer_path, ),
+        ]
+        stdout_paths = []
+        stderr_paths = [
+            ('remote', stderr_path, ),
+        ]
+        super().__init__("explorer '{}' of object '{}'".format(
+            explorer_name, cdist_object.name), params, stdout_paths,
+            stderr_paths, subject)
+
+
 class InitialManifestError(CdistEntityError):
    """Something went wrong while executing initial manifest"""
    def __init__(self, initial_manifest, stdout_path, stderr_path, subject=''):
        params = [
            ('path', initial_manifest, ),
        ]
-        stdout_paths = []
        stdout_paths = [
            ('init', stdout_path, ),
        ]
-        stderr_paths = []
        stderr_paths = [
            ('init', stderr_path, ),
        ]
@ -199,6 +222,20 @@ class InitialManifestError(CdistEntityError):
                         stderr_paths, subject)


+class GlobalExplorerError(CdistEntityError):
+    """Something went wrong while executing global explorer"""
+    def __init__(self, name, path, stderr_path, subject=''):
+        params = [
+            ('name', name, ),
+            ('path', path, ),
+        ]
+        stderr_paths = [
+            ('remote', stderr_path, ),
+        ]
+        super().__init__("global explorer '{}'".format(name),
+                         params, [], stderr_paths, subject)
+
+
 def file_to_list(filename):
    """Return list from \n seperated file"""
    if os.path.isfile(filename):
--- a/cdist/argparse.py
+++ b/cdist/argparse.py
@ -5,21 +5,23 @@ import logging
 import collections
 import functools
 import cdist.configuration
+import cdist.preos


 # set of beta sub-commands
 BETA_COMMANDS = set(('install', 'inventory', ))
 # set of beta arguments for sub-commands
 BETA_ARGS = {
-    'config': set(('jobs', 'tag', 'all_tagged_hosts', 'use_archiving', )),
+    'config': set(('tag', 'all_tagged_hosts', 'use_archiving', )),
 }
-EPILOG = "Get cdist at http://www.nico.schottelius.org/software/cdist/"
+EPILOG = "Get cdist at https://code.ungleich.ch/ungleich-public/cdist"
 # Parser others can reuse
 parser = None


 _verbosity_level_off = -2
 _verbosity_level = {
+    None: logging.WARNING,
    _verbosity_level_off: logging.OFF,
    -1: logging.ERROR,
    0: logging.WARNING,
@ -191,8 +193,7 @@ def get_parsers():
                                  name="positive int"),
           help=('Operate in parallel in specified maximum number of jobs. '
                 'Global explorers, object prepare and object run are '
-                 'supported. Without argument CPU count is used by default. '
-                 'Currently in beta.'),
+                 'supported. Without argument CPU count is used by default. '),
           action='store', dest='jobs',
           const=multiprocessing.cpu_count())
    parser['config_main'].add_argument(
@ -423,6 +424,9 @@ def get_parsers():
    parser['inventory'].set_defaults(
            func=cdist.inventory.Inventory.commandline)

+    # PreOs
+    parser['preos'] = parser['sub'].add_parser('preos', add_help=False)
+
    # Shell
    parser['shell'] = parser['sub'].add_parser(
            'shell', parents=[parser['loglevel']])
--- a/cdist/conf/explorer/disks
+++ b/cdist/conf/explorer/disks
@ -1,16 +1,27 @@
-#!/bin/sh -e
+#!/bin/sh

-os=$("$__explorer/os")
-case "$os" in
-    openbsd)
-        IFS=',' disks=$(sysctl -n hw.disknames)
-        for d in $disks; do
-            echo "${d%%:*}"
-        done | sed -n '/^[sw]d[0-9][0-9]*/p'
+uname_s="$(uname -s)"
+
+case "${uname_s}" in
+    FreeBSD)
+        sysctl -n kern.disks
+    ;;
+    OpenBSD|NetBSD)
+        sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+' | xargs
+    ;;
+    Linux)
+        if command -v lsblk > /dev/null
+        then
+            # exclude ram disks, floppies and cdroms
+            # https://www.kernel.org/doc/Documentation/admin-guide/devices.txt
+            lsblk -e 1,2,11 -dno name | xargs
+        else
+            printf "Don't know how to list disks for %s operating system without lsblk, if you can please submit a patch\n" "${uname_s}" >&2
+        fi
    ;;
-
    *)
-        cd /dev || exit 0
-        echo sd? hd? vd?
+        printf "Don't know how to list disks for %s operating system, if you can please submit a patch\n" "${uname_s}" >&2
    ;;
 esac
+
+exit 0
--- a/cdist/conf/explorer/hostname
+++ b/cdist/conf/explorer/hostname
@ -1,7 +1,6 @@
 #!/bin/sh
 #
-# 2010-2014 Nico Schottelius (nico-cdist at schottelius.org)
-# 2012 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -19,7 +18,12 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 #
+# Retrieve the running hostname
+#

-if command -v uname >/dev/null; then
-   uname -n
+if command -v hostname >/dev/null
+then
+	hostname
+else
+	uname -n
 fi
--- a/cdist/conf/explorer/init
+++ b/cdist/conf/explorer/init
@ -29,7 +29,7 @@ case "$uname_s" in
    Linux)
        (pgrep -P0 -l | awk '/^1[ \t]/ {print $2;}') || true
    ;;
-    FreeBSD)
+    FreeBSD|OpenBSD)
        ps -o comm= -p 1 || true
    ;;
    *)
--- a/cdist/conf/explorer/interfaces
+++ b/cdist/conf/explorer/interfaces
@ -1,6 +1,6 @@
-#!/bin/sh
+#!/bin/sh -e
 #
-# 2012 Sébastien Gross <seb•ɑƬ•chezwam•ɖɵʈ•org>
+# 2019 Ander Punnar (ander-at-kvlt-dot-ee)
 #
 # This file is part of cdist.
 #
@ -17,35 +17,12 @@
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
-#
-# List all network interfaces in explorer/ifaces. One interface per line.
-#
-# If your OS is not supported please provide a ifconfig output
-#

-# Use ip, if available
-if command -v ip >/dev/null; then
-    ip -o link show | sed -n 's/^[0-9]\+: \(.\+\): <.*/\1/p'
-    exit 0
-fi
-
-if ! command -v ifconfig >/dev/null; then
-   # no ifconfig, nothing we could do
-   exit 0
-fi
-
-uname_s="$(uname -s)"
-REGEXP='s/^(.*)(:[[:space:]]*flags=|Link encap).*/\1/p'
-
-case "$uname_s" in
-    Darwin)
-	ifconfig -a | sed -n -E "$REGEXP"
-	;;
-    Linux|*BSD)
-	ifconfig -a | sed -n -r "$REGEXP"
-	;;
-    *)
-	echo "Unsupported ifconfig output for $uname_s" >&2
-	exit 1
-	;;
-esac
+if command -v ip >/dev/null
+then
+	ip -o link show | sed -n 's/^[0-9]\+: \(.\+\): <.*/\1/p'
+elif command -v ifconfig >/dev/null
+then
+	ifconfig -a | sed -n -E 's/^(.*)(:[[:space:]]*flags=|Link encap).*/\1/p'
+fi \
+ | sort -u
--- a/cdist/conf/explorer/os
+++ b/cdist/conf/explorer/os
@ -145,7 +145,7 @@ esac
 if [ -f /etc/os-release ]; then
   # already lowercase, according to:
   # https://www.freedesktop.org/software/systemd/man/os-release.html
-   awk -F= '/^ID=/ {print $2;}' /etc/os-release
+   awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release
   exit 0
 fi

--- a/cdist/conf/type/__acl/explorer/acl_is
+++ b/cdist/conf/type/__acl/explorer/acl_is
@ -18,6 +18,14 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #

-if [ -e "/$__object_id" ]
-then getfacl "/$__object_id" | grep -E '^((default:|)(user|group)):[a-z]' || true
+[ ! -e "/$__object_id" ] && exit 0
+
+if ! command -v getfacl > /dev/null
+then
+    echo 'getfacl not available' >&2
+    exit 1
 fi
+
+getfacl "/$__object_id" 2>/dev/null \
+    | grep -Eo '^(default:)?(user|group|(mask|other):):[^:][[:graph:]]+' \
+    || true
--- a/cdist/conf/type/__acl/explorer/checks
+++ b/cdist/conf/type/__acl/explorer/checks
@ -0,0 +1,39 @@
+#!/bin/sh -e
+#
+# 2019 Ander Punnar (ander-at-kvlt-dot-ee)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# TODO check if filesystem has ACL turned on etc
+
+if [ -f "$__object/parameter/acl" ]
+then
+    grep -E '^(default:)?(user|group):' "$__object/parameter/acl" \
+    | while read -r acl
+    do
+        param="$( echo "$acl" | awk -F: '{print $(NF-2)}' )"
+        check="$( echo "$acl" | awk -F: '{print $(NF-1)}' )"
+
+        [ "$param" = 'user' ] && db=passwd || db="$param"
+
+        if ! getent "$db" "$check" > /dev/null
+        then
+            echo "missing $param '$check'" >&2
+            exit 1
+        fi
+    done
+fi
--- a/cdist/conf/type/__hostname/explorer/hostname_file
+++ b/cdist/conf/type/__hostname/explorer/hostname_file
@ -1,6 +1,6 @@
-#!/bin/sh
+#!/bin/sh -e
 #
-# 2014 Nico Schottelius (nico-cdist at schottelius.org)
+# 2018 Ander Punnar (ander-at-kvlt-dot-ee)
 #
 # This file is part of cdist.
 #
@ -17,14 +17,15 @@
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
-#
-# Retrieve the contents of /etc/hostname
-#

-# Almost any distribution
-if [ -f /etc/hostname ]; then
-    cat /etc/hostname
-# SuSE
-elif [ -f /etc/HOSTNAME ]; then
-    cat /etc/HOSTNAME
+if [ -e "/$__object_id" ]
+then
+    if [ -d "/$__object_id" ]
+    then echo directory
+    elif [ -f "/$__object_id" ]
+    then echo regular
+    else echo other
+    fi
+else
+    echo missing
 fi
--- a/cdist/conf/type/__acl/gencode-remote
+++ b/cdist/conf/type/__acl/gencode-remote
@ -18,32 +18,67 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #

+file_is="$( cat "$__object/explorer/file_is" )"
+
+[ "$file_is" = 'missing' ] && [ -z "$__cdist_dry_run" ] && exit 0
+
 os="$( cat "$__global/explorer/os" )"

 acl_path="/$__object_id"

 acl_is="$( cat "$__object/explorer/acl_is" )"

-acl_should="$( for parameter in user group
-do
-    if [ ! -f "$__object/parameter/$parameter" ]
-    then continue
-    fi
-    while read -r l
+if [ -f "$__object/parameter/acl" ]
+then
+    acl_should="$( cat "$__object/parameter/acl" )"
+elif
+    [ -f "$__object/parameter/user" ] \
+        || [ -f "$__object/parameter/group" ] \
+        || [ -f "$__object/parameter/mask" ] \
+        || [ -f "$__object/parameter/other" ]
+then
+    acl_should="$( for param in user group mask other
    do
-        echo "$parameter:$l"
+        [ ! -f "$__object/parameter/$param" ] && continue

-        if [ -f "$__object/parameter/default" ]
-        then echo "default:$parameter:$l"
-        fi
-    done < "$__object/parameter/$parameter"
-done )"
+        echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=:
+
+        echo "$param$sep$( cat "$__object/parameter/$param" )"
+    done )"
+else
+    echo 'no parameters set' >&2
+    exit 1
+fi
+
+if [ -f "$__object/parameter/default" ]
+then
+    acl_should="$( echo "$acl_should" \
+        | sed 's/^default://' \
+        | sort -u \
+        | sed 's/\(.*\)/default:\1\n\1/' )"
+fi
+
+if [ "$file_is" = 'regular' ] \
+    && echo "$acl_should" | grep -Eq '^default:'
+then
+    # only directories can have default ACLs,
+    # but instead of error,
+    # let's just remove default entries
+    acl_should="$( echo "$acl_should" | grep -Ev '^default:' )"
+fi
+
+if echo "$acl_should" | awk -F: '{ print $NF }' | grep -Fq 'X'
+then
+    [ "$file_is" = 'directory' ] && rep=x || rep=-
+
+    acl_should="$( echo "$acl_should" | sed "s/\\(.*\\)X/\\1$rep/" )"
+fi

 setfacl_exec='setfacl'

 if [ -f "$__object/parameter/recursive" ]
 then
-    if echo "$os" | grep -E 'macosx|netbsd|freebsd|openbsd'
+    if echo "$os" | grep -Fq 'freebsd'
    then
        echo "$os setfacl do not support recursive operations" >&2
    else
@ -53,29 +88,39 @@ fi

 if [ -f "$__object/parameter/remove" ]
 then
-    if echo "$os" | grep 'solaris'
-    then
-        # Solaris setfacl behaves differently.
-        # We will not support Solaris for now, because no way to test it.
-        # But adding support should be easy (use -s instead of -m on modify).
-        echo "$os setfacl do not support -x flag for ACL remove" >&2
-    else
-        echo "$acl_is" | while read -r acl
-        do
-            if echo "$acl_should" | grep -Fq "$acl"
-            then continue
-            fi
+    echo "$acl_is" | while read -r acl
+    do
+        # skip wanted ACL entries which already exist
+        # and skip mask and other entries, because we
+        # can't actually remove them, but only change.
+        if echo "$acl_should" | grep -Eq "^$acl" \
+            || echo "$acl" | grep -Eq '^(default:)?(mask|other)'
+        then continue
+        fi

-            no_bits="$( echo "$acl" | sed -r 's/:[rwx-]+$//' )"
+        if echo "$os" | grep -Fq 'freebsd'
+        then
+            remove="$acl"
+        else
+            remove="$( echo "$acl" | sed 's/:...$//' )"
+        fi

-            echo "$setfacl_exec -x \"$no_bits\" \"$acl_path\""
-        done
-    fi
+        echo "$setfacl_exec -x \"$remove\" \"$acl_path\""
+        echo "removed '$remove'" >> "$__messages_out"
+    done
 fi

 for acl in $acl_should
 do
    if ! echo "$acl_is" | grep -Eq "^$acl"
-    then echo "$setfacl_exec -m \"$acl\" \"$acl_path\""
+    then
+        if echo "$os" | grep -Fq 'freebsd' \
+            && echo "$acl" | grep -Eq '^default:'
+        then
+            echo "setting default ACL in $os is currently not supported" >&2
+        else
+            echo "$setfacl_exec -m \"$acl\" \"$acl_path\""
+            echo "added '$acl'" >> "$__messages_out"
+        fi
    fi
 done
--- a/cdist/conf/type/__acl/man.rst
+++ b/cdist/conf/type/__acl/man.rst
@ -3,35 +3,41 @@ cdist-type__acl(7)

 NAME
 ----
-cdist-type__acl - Basic wrapper around `setfacl`
+cdist-type__acl - Set ACL entries


 DESCRIPTION
 -----------
-ACL must be defined as 3-symbol combination, using `r`, `w`, `x` and `-`.
+Fully supported and tested on Linux (ext4 filesystem), partial support for FreeBSD.

-See setfacl(1) and acl(5) for more details.
+See ``setfacl`` and ``acl`` manpages for more details.


-OPTIONAL MULTIPLE PARAMETERS
+REQUIRED MULTIPLE PARAMETERS
 ----------------------------
-user
-   Add user ACL entry.
-
-group
-   Add group ACL entry.
+acl
+   Set ACL entry following ``getfacl`` output syntax.


 BOOLEAN PARAMETERS
 ------------------
-recursive
-   Operate recursively (Linux only).
-
 default
-   Add default ACL entries.
+   Set all ACL entries as default too.
+   Only directories can have default ACLs.
+   Setting default ACL in FreeBSD is currently not supported.
+
+recursive
+   Make ``setfacl`` recursive (Linux only), but not ``getfacl`` in explorer.

 remove
-   Remove undefined ACL entries (Solaris not supported).
+   Remove undefined ACL entries.
+   ``mask`` and ``other`` entries can't be removed, but only changed.
+
+
+DEPRECATED PARAMETERS
+---------------------
+Parameters ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
+will be removed in future versions. Please use ``acl`` parameter instead.


 EXAMPLES
@ -40,13 +46,30 @@ EXAMPLES
 .. code-block:: sh

    __acl /srv/project \
+        --default \
        --recursive \
+        --remove \
+        --acl user:alice:rwx \
+        --acl user:bob:r-x \
+        --acl group:project-group:rwx \
+        --acl group:some-other-group:r-x \
+        --acl mask::r-x \
+        --acl other::r-x
+
+    # give Alice read-only access to subdir,
+    # but don't allow her to see parent content.
+
+    __acl /srv/project2 \
+        --remove \
+        --acl default:group:secret-project:rwx \
+        --acl group:secret-project:rwx \
+        --acl user:alice:--x
+
+    __acl /srv/project2/subdir \
        --default \
        --remove \
-        --user alice:rwx \
-        --user bob:r-x \
-        --group project-group:rwx \
-        --group some-other-group:r-x
+        --acl group:secret-project:rwx \
+        --acl user:alice:r-x


 AUTHORS
--- a/cdist/conf/type/__acl/parameter/deprecated/group
+++ b/cdist/conf/type/__acl/parameter/deprecated/group
@ -0,0 +1 @@
+see manual for details
--- a/cdist/conf/type/__acl/parameter/deprecated/mask
+++ b/cdist/conf/type/__acl/parameter/deprecated/mask
@ -0,0 +1 @@
+see manual for details
--- a/cdist/conf/type/__acl/parameter/deprecated/other
+++ b/cdist/conf/type/__acl/parameter/deprecated/other
@ -0,0 +1 @@
+see manual for details
--- a/cdist/conf/type/__acl/parameter/deprecated/user
+++ b/cdist/conf/type/__acl/parameter/deprecated/user
@ -0,0 +1 @@
+see manual for details
--- a/cdist/conf/type/__acl/parameter/optional
+++ b/cdist/conf/type/__acl/parameter/optional
@ -0,0 +1,2 @@
+mask
+other
--- a/cdist/conf/type/__acl/parameter/optional_multiple
+++ b/cdist/conf/type/__acl/parameter/optional_multiple
@ -1,2 +1,3 @@
+acl
 user
 group
--- a/cdist/conf/type/__apt_key/explorer/state
+++ b/cdist/conf/type/__apt_key/explorer/state
@ -27,6 +27,18 @@ else
   keyid="$__object_id"
 fi

-apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK" \
-   && echo present \
-   || echo absent
+keydir="$(cat "$__object/parameter/keydir")"
+keyfile="$keydir/$__object_id.gpg"
+
+if [ -d "$keydir" ]
+then
+   if [ -f "$keyfile" ]
+   then echo present
+   else echo absent
+   fi
+else
+   # fallback to deprecated apt-key
+   apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK" \
+      && echo present \
+      || echo absent
+fi
--- a/cdist/conf/type/__apt_key/gencode-remote
+++ b/cdist/conf/type/__apt_key/gencode-remote
@ -31,12 +31,84 @@ if [ "$state_should" = "$state_is" ]; then
   exit 0
 fi

+keydir="$(cat "$__object/parameter/keydir")"
+keyfile="$keydir/$__object_id.gpg"
+
 case "$state_should" in
   present)
      keyserver="$(cat "$__object/parameter/keyserver")"
-      echo "apt-key adv --keyserver \"$keyserver\" --recv-keys \"$keyid\""
+
+      if [ -f "$__object/parameter/uri" ]; then
+         uri="$(cat "$__object/parameter/uri")"
+
+         if [ -d "$keydir" ]; then
+            cat << EOF
+
+curl -s -L \\
+    -o "$keyfile" \\
+    "$uri"
+
+key="\$( cat "$keyfile" )"
+
+if echo "\$key" | grep -Fq 'BEGIN PGP PUBLIC KEY BLOCK'
+then
+    echo "\$key" | gpg --dearmor > "$keyfile"
+fi
+
+EOF
+         else
+            # fallback to deprecated apt-key
+            echo "curl -s -L '$uri' | apt-key add -"
+         fi
+      elif [ -d "$keydir" ]; then
+         tmp='/tmp/cdist_apt_key_tmp'
+
+         # we need to kill gpg after 30 seconds, because gpg
+         # can get stuck if keyserver is not responding.
+         # exporting env var and not exit 1,
+         # because we need to clean up and kill dirmngr.
+         cat << EOF
+
+mkdir -m 700 -p "$tmp"
+
+if timeout 30s \\
+    gpg --homedir "$tmp" \\
+        --keyserver "$keyserver" \\
+        --recv-keys "$keyid"
+then
+    gpg --homedir "$tmp" \\
+        --export "$keyid" \\
+        > "$keyfile"
+else
+    export GPG_GOT_STUCK=1
+fi
+
+GNUPGHOME="$tmp" gpgconf --kill dirmngr
+
+rm -rf "$tmp"
+
+if [ -n "\$GPG_GOT_STUCK" ]
+then
+    echo "GPG GOT STUCK - no response from keyserver after 30 seconds" >&2
+    exit 1
+fi
+
+EOF
+      else
+         # fallback to deprecated apt-key
+         echo "apt-key adv --keyserver \"$keyserver\" --recv-keys \"$keyid\""
+      fi
+
+      echo "added '$keyid'" >> "$__messages_out"
   ;;
   absent)
-      echo "apt-key del \"$keyid\""
+      if [ -f "$keyfile" ]; then
+         echo "rm '$keyfile'"
+      else
+         # fallback to deprecated apt-key
+         echo "apt-key del \"$keyid\""
+      fi
+
+      echo "removed '$keyid'" >> "$__messages_out"
   ;;
 esac
--- a/cdist/conf/type/__apt_key/man.rst
+++ b/cdist/conf/type/__apt_key/man.rst
@ -28,6 +28,12 @@ keyserver
   the keyserver from which to fetch the key. If omitted the default set
   in ./parameter/default/keyserver is used.

+keydir
+   key save location, defaults to ``/etc/apt/trusted.pgp.d``
+
+uri
+   the URI from which to download the key
+

 EXAMPLES
 --------
@ -47,15 +53,20 @@ EXAMPLES
    # same thing with other keyserver
    __apt_key UbuntuArchiveKey --keyid 437D05B5 --keyserver keyserver.ubuntu.com

+    # download key from the internet
+    __apt_key rabbitmq \
+       --uri http://www.rabbitmq.com/rabbitmq-signing-key-public.asc
+

 AUTHORS
 -------
 Steven Armstrong <steven-cdist--@--armstrong.cc>
+Ander Punnar <ander-at-kvlt-dot-ee>


 COPYING
 -------
-Copyright \(C) 2011-2014 Steven Armstrong. You can redistribute it
-and/or modify it under the terms of the GNU General Public License as
-published by the Free Software Foundation, either version 3 of the
+Copyright \(C) 2011-2019 Steven Armstrong and Ander Punnar. You can
+redistribute it and/or modify it under the terms of the GNU General Public
+License as published by the Free Software Foundation, either version 3 of the
 License, or (at your option) any later version.
--- a/cdist/conf/type/__apt_key/manifest
+++ b/cdist/conf/type/__apt_key/manifest
@ -0,0 +1,8 @@
+#!/bin/sh -e
+
+__package gnupg
+
+if [ -f "$__object/parameter/uri" ]
+then __package curl
+else __package dirmngr
+fi
--- a/cdist/conf/type/__apt_key/parameter/default/keydir
+++ b/cdist/conf/type/__apt_key/parameter/default/keydir
@ -0,0 +1 @@
+/etc/apt/trusted.gpg.d
--- a/cdist/conf/type/__apt_key/parameter/optional
+++ b/cdist/conf/type/__apt_key/parameter/optional
@ -1,3 +1,5 @@
 state
 keyid
 keyserver
+keydir
+uri
--- a/cdist/conf/type/__block/gencode-remote
+++ b/cdist/conf/type/__block/gencode-remote
@ -18,6 +18,11 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #

+# quote function from http://www.etalabs.net/sh_tricks.html
+quote() {
+   printf '%s\n' "$1" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"
+}
+
 file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")"
 state_should=$(cat "$__object/parameter/state")
 prefix=$(cat "$__object/parameter/prefix" 2>/dev/null || echo "#cdist:__block/$__object_id")
@ -46,7 +51,7 @@ tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
 if [ -f "$file" ]; then
   cp -p "$file" "\$tmpfile"
 fi
-awk -v prefix="^$prefix\$" -v suffix="^$suffix\$" '
+awk -v prefix=^$(quote "$prefix")\$ -v suffix=^$(quote "$suffix")\$ '
 {
   if (match(\$0,prefix)) {
      triggered=1
--- a/cdist/conf/type/__cdist/man.rst
+++ b/cdist/conf/type/__cdist/man.rst
@ -30,7 +30,7 @@ username

 source
    Select the source from which to clone cdist from.
-    Defaults to "git://github.com/ungleich/cdist.git".
+    Defaults to "git@code.ungleich.ch:ungleich-public/cdist.git".


 branch
@ -47,7 +47,7 @@ EXAMPLES
    __cdist /home/cdist/cdist

    # Use alternative source
-    __cdist --source "git://github.com/ungleich/cdist" /home/cdist/cdist
+    __cdist --source "git@code.ungleich.ch:ungleich-public/cdist.git" /home/cdist/cdist


 AUTHORS
--- a/cdist/conf/type/__cdist/parameter/default/source
+++ b/cdist/conf/type/__cdist/parameter/default/source
@ -1 +1 @@
-git://github.com/ungleich/cdist.git
+git@code.ungleich.ch:ungleich-public/cdist.git
--- a/cdist/conf/type/__consul/files/versions/1.5.0/cksum
+++ b/cdist/conf/type/__consul/files/versions/1.5.0/cksum
@ -0,0 +1 @@
+886614099 103959898 consul
--- a/cdist/conf/type/__consul/files/versions/1.5.0/source
+++ b/cdist/conf/type/__consul/files/versions/1.5.0/source
@ -0,0 +1 @@
+https://releases.hashicorp.com/consul/1.5.0/consul_1.5.0_linux_amd64.zip
--- a/cdist/conf/type/__consul/gencode-remote
+++ b/cdist/conf/type/__consul/gencode-remote
@ -42,7 +42,7 @@ source_file_name="${source##*/}"
 cksum_should=$(cut -d' ' -f1,2 "$version_dir/cksum")

 cat << eof
-    tmpdir=\$(mktemp -d --tmpdir="/tmp" "${__type##*/}.XXXXXXXXXX")
+    tmpdir=\$(mktemp -d -p /tmp "${__type##*/}.XXXXXXXXXX")
    curl -s -L "$source" > "\$tmpdir/$source_file_name"
    unzip -p "\$tmpdir/$source_file_name" > "${destination}.tmp"
    rm -rf "\$tmpdir"
--- a/cdist/conf/type/__consul/manifest
+++ b/cdist/conf/type/__consul/manifest
@ -24,7 +24,7 @@
 os=$(cat "$__global/explorer/os")

 case "$os" in
-   scientific|centos|redhat|ubuntu|debian|devuan|archlinux|gentoo)
+   alpine|scientific|centos|redhat|ubuntu|debian|devuan|archlinux|gentoo)
      # any linux should work
      :
   ;;
@ -47,6 +47,7 @@ fi

 if [ -f "$__object/parameter/direct" ]; then
    __package unzip
+    __package curl
 else
    __staged_file /usr/local/bin/consul \
       --source "$(cat "$version_dir/source")" \
--- a/cdist/conf/type/__consul_agent/files/consul.sys-openrc
+++ b/cdist/conf/type/__consul_agent/files/consul.sys-openrc
@ -0,0 +1,38 @@
+#!/sbin/openrc-run
+# 2019 Nico Schottelius (nico-cdist at schottelius.org)
+
+description="consul agent"
+
+pidfile="${CONSUL_PIDFILE:-"/var/run/$RC_SVCNAME/pidfile"}"
+command="${CONSUL_BINARY:-"/usr/local/bin/consul"}"
+
+
+checkconfig() {
+	if [ ! -d /var/run/consul ] ; then
+		mkdir -p /var/run/consul || return 1
+        chown consul:consul /var/run/$NAME || return 1
+        chmod 2770 /var/run/$NAME || return 1
+	fi
+}
+
+start() {
+    need net
+
+    start-stop-daemon --start --quiet --oknodo \
+            --pidfile "$pidfile" --background \
+            --exec $command -- agent -pid-file="$pidfile" -config-dir /etc/consul/conf.d
+}
+start_pre() {
+	checkconfig
+}
+
+stop() {
+	if [ "${RC_CMD}" = "restart" ] ; then
+		checkconfig || return 1
+	fi
+
+	ebegin "Stopping $RC_SVCNAME"
+	start-stop-daemon --stop --exec "$command" \
+		--pidfile "$pidfile" --quiet
+	eend $?
+}
--- a/cdist/conf/type/__consul_agent/manifest
+++ b/cdist/conf/type/__consul_agent/manifest
@ -1,7 +1,7 @@
 #!/bin/sh -e
 #
 # 2015 Steven Armstrong (steven-cdist at armstrong.cc)
-# 2015 Nico Schottelius (nico-cdist at schottelius.org)
+# 2015-2019 Nico Schottelius (nico-cdist at schottelius.org)
 #
 # This file is part of cdist.
 #
@ -23,7 +23,7 @@
 os=$(cat "$__global/explorer/os")

 case "$os" in
-   scientific|centos|debian|devuan|redhat|ubuntu)
+   alpine|scientific|centos|debian|devuan|redhat|ubuntu)
      # whitelist safeguard
      :
   ;;
@ -181,22 +181,25 @@ init_upstart()

 # Install init script to start on boot
 case "$os" in
-   centos|redhat)
-      os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
-      major_version="${os_version%%.*}"
-      case "$major_version" in
-         [456])
-            init_sysvinit redhat
-         ;;
-         7)
-            init_systemd
-         ;;
-         *)
-            echo "Unsupported CentOS/Redhat version: $os_version" >&2
-            exit 1
-         ;;
-      esac
-   ;;
+    alpine|devuan)
+        init_sysvinit debian
+        ;;
+    centos|redhat)
+        os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
+        major_version="${os_version%%.*}"
+        case "$major_version" in
+            [456])
+                init_sysvinit redhat
+                ;;
+            7)
+                init_systemd
+                ;;
+            *)
+                echo "Unsupported CentOS/Redhat version: $os_version" >&2
+                exit 1
+                ;;
+        esac
+        ;;

    debian)
        os_version=$(cat "$__global/explorer/os_version")
@ -214,13 +217,9 @@ case "$os" in
                exit 1
            ;;
        esac
-    ;;
-
-    devuan)
-        init_sysvinit debian
-    ;;
+        ;;

    ubuntu)
        init_upstart
-    ;;
+        ;;
 esac
--- a/cdist/conf/type/__directory/explorer/stat
+++ b/cdist/conf/type/__directory/explorer/stat
@ -25,23 +25,51 @@ destination="/$__object_id"

 os=$("$__explorer/os")
 case "$os" in
-   "freebsd"|"netbsd"|"openbsd")
-      # FIXME: should be something like this based on man page, but can not test
-      stat -f "type: %ST
+   "freebsd"|"netbsd"|"openbsd"|"macosx")
+      stat -f "type: %HT
 owner: %Du %Su
 group: %Dg %Sg
-mode: %Op %Sp
+mode: %Lp %Sp
+" "$destination" | awk '/^type/ { print tolower($0); next; } { print; }'
+      ;;
+   alpine)
+      stat -c "type: %F
+owner: %u %U
+group: %g %G
+mode: %a %A
 " "$destination"
-   ;;
-    "macosx")
-       stat -f "type: %HT
- owner: %Du %Su
- group: %Dg %Sg
- mode: %Lp %Sp
- " "$destination"
+      ;;
+    solaris)
+        ls1="$( ls -ld "$destination" )"
+        ls2="$( ls -ldn "$destination" )"
+
+        if [ -f "$__object/parameter/mode" ]
+        then mode_should="$( cat "$__object/parameter/mode" )"
+        fi
+
+        # yes, it is ugly hack, but if you know better way...
+        if [ -z "$( find "$destination" -perm "$mode_should" )" ]
+        then octets=888
+        else octets="$( echo "$mode_should" | sed 's/^0//' )"
+        fi
+
+        case "$( echo "$ls1" | cut -c1-1 )" in
+            -) echo 'type: regular file' ;;
+            d) echo 'type: directory' ;;
+        esac
+
+        echo "owner: $( echo "$ls2" \
+            | awk '{print $3}' ) $( echo "$ls1" \
+                | awk '{print $3}' )"
+
+        echo "group: $( echo "$ls2" \
+            | awk '{print $4}' ) $( echo "$ls1" \
+                | awk '{print $4}' )"
+
+        echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )"
    ;;
   *)
-      stat --printf="type: %F
+       stat --printf="type: %F
 owner: %u %U
 group: %g %G
 mode: %a %A
--- a/cdist/conf/type/__docker/manifest
+++ b/cdist/conf/type/__docker/manifest
@ -64,6 +64,43 @@ case "$os" in
        require="__apt_source/docker" __package docker-ce --state "${state}"
      fi
   ;;
+   devuan)
+      os_version="$(cat "$__global/explorer/os_version")"
+
+      case "$os_version" in
+        ascii)
+          distribution="stretch"
+        ;;
+        jessie)
+          distribution="jessie"
+        ;;
+        *)
+          echo "Your devuan release ($os_version) is currently not supported by this type (${__type##*/}).">&2
+          echo "Please contribute an implementation for it if you can." >&2
+          exit 1
+        ;;
+      esac
+
+      if [ "${state}" = "present" ]; then
+        __package apt-transport-https
+        __package ca-certificates
+        __package gnupg2
+      fi
+      __apt_key_uri docker --name "Docker Release (CE deb) <docker@docker.com>" \
+        --uri "https://download.docker.com/linux/${os}/gpg" --state "${state}"
+
+      require="__apt_key_uri/docker" __apt_source docker \
+         --uri "https://download.docker.com/linux/${os}" \
+         --distribution "${distribution}" \
+         --state "${state}" \
+         --component "stable"
+      if [ "$version" != "latest" ]; then
+        require="__apt_source/docker" __package docker-ce --version "${version}" --state "${state}"
+      else
+        require="__apt_source/docker" __package docker-ce --state "${state}"
+      fi
+
+   ;;
   *)
      echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
      echo "Please contribute an implementation for it if you can." >&2
--- a/cdist/conf/type/__docker_swarm/explorer/swarm-state
+++ b/cdist/conf/type/__docker_swarm/explorer/swarm-state
@ -18,4 +18,4 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #

-docker info 2>/dev/null | grep "^Swarm: " | cut -d " " -f 2-
+docker info 2>/dev/null | grep '^ *Swarm: ' | awk '{print $2}'
--- a/cdist/conf/type/__file/explorer/stat
+++ b/cdist/conf/type/__file/explorer/stat
@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2013 Steven Armstrong (steven-cdist armstrong.cc)
+# 2019 Nico Schottelius (nico-cdist at schottelius.org)
 #
 # This file is part of cdist.
 #
@ -25,25 +26,56 @@ destination="/$__object_id"

 os=$("$__explorer/os")
 case "$os" in
-   "freebsd"|"netbsd"|"openbsd")
-      # FIXME: should be something like this based on man page, but can not test
-      stat -f "type: %ST
-owner: %Du %Su
-group: %Dg %Sg
-mode: %Op %Sp
-size: %Dz
-links: %Dl
-" "$destination"
-   ;;
-   "macosx")
-     stat -f "type: %HT
+   "freebsd"|"netbsd"|"openbsd"|"macosx")
+      stat -f "type: %HT
 owner: %Du %Su
 group: %Dg %Sg
 mode: %Lp %Sp
 size: %Dz
 links: %Dl
+" "$destination" | awk '/^type/ { print tolower($0); next; } { print; }'
+      ;;
+   alpine)
+       # busybox stat
+      stat -c "type: %F
+owner: %u %U
+group: %g %G
+mode: %a %A
+size: %s
+links: %h
 " "$destination"
-   ;;
+      ;;
+    solaris)
+        ls1="$( ls -ld "$destination" )"
+        ls2="$( ls -ldn "$destination" )"
+
+        if [ -f "$__object/parameter/mode" ]
+        then mode_should="$( cat "$__object/parameter/mode" )"
+        fi
+
+        # yes, it is ugly hack, but if you know better way...
+        if [ -z "$( find "$destination" -perm "$mode_should" )" ]
+        then octets=888
+        else octets="$( echo "$mode_should" | sed 's/^0//' )"
+        fi
+
+        case "$( echo "$ls1" | cut -c1-1 )" in
+            -) echo 'type: regular file' ;;
+            d) echo 'type: directory' ;;
+        esac
+
+        echo "owner: $( echo "$ls2" \
+            | awk '{print $3}' ) $( echo "$ls1" \
+                | awk '{print $3}' )"
+
+        echo "group: $( echo "$ls2" \
+            | awk '{print $4}' ) $( echo "$ls1" \
+                | awk '{print $4}' )"
+
+        echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )"
+        echo "size: $( echo "$ls1" | awk '{print $5}' )"
+        echo "links: $( echo "$ls1" | awk '{print $2}' )"
+    ;;
   *)
      stat --printf="type: %F
 owner: %u %U
@ -52,5 +84,5 @@ mode: %a %A
 size: %s
 links: %h
 " "$destination"
-   ;;
+      ;;
 esac
--- a/cdist/conf/type/__file/gencode-remote
+++ b/cdist/conf/type/__file/gencode-remote
@ -79,6 +79,10 @@ case "$state_should" in
            fi
        fi
    done
+    if [ -f "$__object/files/set-attributes" ]; then
+        # set-attributes is created if file is created or uploaded in gencode-local
+        fire_onchange=1
+    fi

    ;;

--- a/cdist/conf/type/__git/gencode-remote
+++ b/cdist/conf/type/__git/gencode-remote
@ -19,32 +19,34 @@
 #
 #

-state_is="$(cat "$__object/explorer/state")"
-owner_is="$(cat "$__object/explorer/owner")"
-group_is="$(cat "$__object/explorer/group")"
+state_is=$(cat "$__object/explorer/state")
+owner_is=$(cat "$__object/explorer/owner")
+group_is=$(cat "$__object/explorer/group")

-state_should="$(cat "$__object/parameter/state")"
+state_should=$(cat "$__object/parameter/state")

-branch="$(cat "$__object/parameter/branch")"
+branch=$(cat "$__object/parameter/branch")

-source="$(cat "$__object/parameter/source")"
+source=$(cat "$__object/parameter/source")

 destination="/$__object_id"

-owner="$(cat "$__object/parameter/owner")"
-group="$(cat "$__object/parameter/group")"
-mode="$(cat "$__object/parameter/mode")"
+owner=$(cat "$__object/parameter/owner")
+group=$(cat "$__object/parameter/group")
+mode=$(cat "$__object/parameter/mode")

-[  "$state_should" = "$state_is" ] && \
-[  "$owner" = "$owner_is" ] && \
-[  "$group" = "$group_is" ] && \
-[  -n "$mode" ] && exit 0
+[ -f "$__object/parameter/recursive" ] && recursive='--recurse-submodules' || recursive=''
+[ -f "$__object/parameter/shallow" ] && shallow='--depth 1 --shallow-submodules' || shallow=''
+
+[ "$state_should" = "$state_is" ] \
+ && [ "$owner" = "$owner_is" ] \
+ && [ "$group" = "$group_is" ] \
+ && [ -n "$mode" ] && exit 0

 case $state_should in
    present)
-
        if [ "$state_should" != "$state_is" ]; then
-            echo git clone --quiet --branch "$branch" "$source" "$destination"
+            echo git clone --quiet "$recursive" "$shallow" --branch "$branch" "$source" "$destination"
        fi
        if { [ -n "$owner" ] && [ "$owner_is" != "$owner" ]; } || \
           { [ -n "$group" ] && [ "$group_is" != "$group" ]; }; then
@ -54,8 +56,9 @@ case $state_should in
            echo chmod -R "$mode" "$destination"
        fi
    ;;
-    # Handled in manifest
+
    absent)
+        # Handled in manifest
    ;;

    *)
--- a/cdist/conf/type/__git/man.rst
+++ b/cdist/conf/type/__git/man.rst
@ -35,6 +35,12 @@ mode
 owner
   User to chown to.

+recursive
+   Passes the --recurse-submodules flag to git when cloning the repository.
+
+shallow
+   Sets --depth=1 and --shallow-submodules for cloning repositories with big history.
+

 EXAMPLES
 --------
@ -44,7 +50,7 @@ EXAMPLES
    __git /home/services/dokuwiki --source git://github.com/splitbrain/dokuwiki.git

    # Checkout cdist, stay on branch 2.1
-    __git /home/nico/cdist --source git://github.com/ungleich/cdist.git --branch 2.1
+    __git /home/nico/cdist --source git@code.ungleich.ch:ungleich-public/cdist.git --branch 2.1


 AUTHORS
--- a/cdist/conf/type/__git/parameter/boolean
+++ b/cdist/conf/type/__git/parameter/boolean
@ -0,0 +1,2 @@
+recursive
+shallow
--- a/cdist/conf/type/__grafana_dashboard/manifest
+++ b/cdist/conf/type/__grafana_dashboard/manifest
@ -8,10 +8,16 @@ case $os in
    debian|devuan)
        case $os_version in
            8*|jessie)
-                apt_source_distribution=jessie
+                # Differntation not needed anymore
+                apt_source_distribution=stable
                ;;
            9*|ascii/ceres|ascii)
-                apt_source_distribution=stretch
+                # Differntation not needed anymore
+                apt_source_distribution=stable
+                ;;
+            10*)
+                # Differntation not needed anymore
+                apt_source_distribution=stable
                ;;
            *)
                echo "Don't know how to install Grafana on $os $os_version. Send us a pull request!" >&2
@ -21,16 +27,15 @@ case $os in

        __apt_key_uri grafana \
            --name 'Grafana Release Signing Key' \
-            --uri https://packagecloud.io/gpg.key
+            --uri https://packages.grafana.com/gpg.key

        require="$require __apt_key_uri/grafana" __apt_source grafana \
-                    --uri https://packagecloud.io/grafana/stable/debian/ \
+                    --uri https://packages.grafana.com/oss/deb \
                    --distribution $apt_source_distribution \
                    --component main
-
        __package apt-transport-https
-
-        require="$require __apt_source/grafana __package/apt-transport-https" __package grafana
+        require="$require __apt_source/grafana" __apt_update_index
+        require="$require  __package/apt-transport-https __apt_update_index" __package grafana
        require="$require __package/grafana" __start_on_boot grafana-server
        require="$require __start_on_boot/grafana-server" __process grafana-server --start "service grafana-server start"
        ;;
--- a/cdist/conf/type/__group/explorer/group
+++ b/cdist/conf/type/__group/explorer/group
@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -21,7 +22,21 @@
 # Get an existing groups group entry.
 #

+not_supported() {
+	echo "Your operating system ($("$__explorer/os")) is currently not supported." >&2
+	echo "Cannot extract group information." >&2
+	echo "Please contribute an implementation for it if you can." >&2
+	exit 1
+}
+
 name=$__object_id

-getent group "$name" || true
-
+if command -v getent >/dev/null
+then
+	getent group "$name" || true
+elif [ -f /etc/group ]
+then
+	grep "^${name}:" /etc/group || true
+else
+	not_supported
+fi
--- a/cdist/conf/type/__group/explorer/gshadow
+++ b/cdist/conf/type/__group/explorer/gshadow
@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -22,13 +23,28 @@
 #

 name=$__object_id
-os="$("$__explorer/os")"
+os=$("$__explorer/os")

-case "$os" in
-    "freebsd"|"netbsd")
-	echo "$os does not have getent gshadow"
-	exit 0
-    ;;
+not_supported() {
+	echo "Your operating system ($os) is currently not supported." >&2
+	echo "Cannot extract group information." >&2
+	echo "Please contribute an implementation for it if you can." >&2
+	exit 1
+}
+
+case $os in
+	"freebsd"|"netbsd")
+		echo "$os does not have getent gshadow" >&2
+		exit 0
+	;;
 esac

-getent gshadow "$name" || true
+if command -v getent >/dev/null
+then
+	getent gshadow "$name" || true
+elif [ -f /etc/gshadow ]
+then
+	grep "^${name}:" /etc/gshadow || true
+else
+	not_supported
+fi
--- a/cdist/conf/type/__hostname/explorer/has_hostnamectl
+++ b/cdist/conf/type/__hostname/explorer/has_hostnamectl
@ -21,4 +21,4 @@
 # Check whether system has hostnamectl
 #

-command -v hostnamectl || true
+command -v hostnamectl 2>/dev/null || true
--- a/cdist/conf/type/__hostname/explorer/max_len
+++ b/cdist/conf/type/__hostname/explorer/max_len
@ -0,0 +1,10 @@
+#!/bin/sh -e
+
+command -v getconf >/dev/null || exit 0
+
+val=$(getconf HOST_NAME_MAX 2>/dev/null) || exit 0
+
+if test -n "${val}" -a "${val}" != 'undefined'
+then
+	echo "${val}"
+fi
--- a/cdist/conf/type/__hostname/gencode-remote
+++ b/cdist/conf/type/__hostname/gencode-remote
@ -2,6 +2,7 @@
 #
 # 2014-2017 Steven Armstrong (steven-cdist at armstrong.cc)
 # 2014 Nico Schottelius (nico-cdist at schottelius.org)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -19,60 +20,81 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #

-if [ -f "$__object/parameter/name" ]; then
-    name_should="$(cat "$__object/parameter/name")"
-else
-    name_should="${__target_host%%.*}"
-fi
-
 os=$(cat "$__global/explorer/os")
 name_running=$(cat "$__global/explorer/hostname")
-name_config=$(cat "$__object/explorer/hostname_file")
-name_sysconfig=$(cat "$__object/explorer/hostname_sysconfig")
 has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")

+
+if test -s "$__object/parameter/name"
+then
+    name_should=$(cat "$__object/parameter/name")
+else
+    case $os
+    in
+        # RedHat-derivatives and BSDs
+        centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd)
+            # Hostname is FQDN
+            name_should="${__target_host}"
+        ;;
+        *)
+            # Hostname is only first component of FQDN
+            name_should="${__target_host%%.*}"
+        ;;
+    esac
+fi
+
+
 ################################################################################
-# If everything is ok -> exit
+# Check if the (running) hostname is already correct
 #
-case "$os" in
-    archlinux|debian|suse|ubuntu|devuan|coreos)
-        if [ "$name_config" = "$name_should" ] && [ "$name_running" = "$name_should" ]; then
-            exit 0
-        fi
-    ;;
-    scientific|centos|freebsd|openbsd)
-        if [ "$name_sysconfig" = "$name_should" ] && [ "$name_running" = "$name_should" ]; then
-            exit 0
-        fi
-    ;;
-    *)
-        echo "Unsupported os: $os" >&2
-        exit 1
-    ;;
-esac
+test "$name_running" != "$name_should" || exit 0
+

 ################################################################################
 # Setup hostname
 #
-echo changed >> "$__messages_out"
+echo 'changed' >>"$__messages_out"

-# Use the good old way to set the hostname even on machines running systemd.
-case "$os" in
-    archlinux|debian|ubuntu|devuan|centos|coreos)
-        printf "printf '%%s\\\\n' '$name_should' > /etc/hostname\\n"
-        echo "hostname -F /etc/hostname"
+# Use the good old way to set the hostname.
+case $os
+in
+    alpine|debian|devuan|ubuntu)
+        echo 'hostname -F /etc/hostname'
    ;;
-    freebsd|openbsd)
+    archlinux)
+        echo 'command -v hostnamectl >/dev/null 2>&1' \
+            "&& hostnamectl set-hostname '$name_should'" \
+            "|| hostname '$name_should'"
+    ;;
+    centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void)
        echo "hostname '$name_should'"
    ;;
-    suse)
+    macosx)
+        echo "scutil --set HostName '$name_should'"
+    ;;
+    solaris)
+        echo "uname -S '$name_should'"
+    ;;
+    slackware|suse|opensuse-leap)
+        # We do not read from /etc/HOSTNAME, because the running
+        # hostname is the first component only while the file contains
+        # the FQDN.
        echo "hostname '$name_should'"
-        printf "printf '%%s\\\\n' '$name_should' > /etc/HOSTNAME\\n"
+    ;;
+    *)
+        # Fall back to set the hostname using hostnamectl, if available.
+        if test -n "$has_hostnamectl"
+        then
+            # Don't use hostnamectl as the primary means to set the hostname for
+            # systemd systems, because it cannot be trusted to work reliably and
+            # exit with non-zero when it fails (e.g. hostname too long,
+            # D-Bus failure, etc.).
+
+            echo "hostnamectl set-hostname \"\$(cat /etc/hostname)\""
+            echo "test \"\$(hostname)\" = \"\$(cat /etc/hostname)\"" \
+                 " || hostname -F /etc/hostname"
+        else
+            printf "echo 'Unsupported OS: %s' >&2\nexit 1\n" "$os"
+        fi
    ;;
 esac
-
-if [ "$has_hostnamectl" ]; then
-    # Allow hostnamectl set-hostname to fail silently.
-    # Who the fuck invented a tool that needs dbus to set the hostname anyway ...
-    echo "hostnamectl set-hostname '$name_should' || true"
-fi
--- a/cdist/conf/type/__hostname/man.rst
+++ b/cdist/conf/type/__hostname/man.rst
@ -8,7 +8,10 @@ cdist-type__hostname - Set the hostname

 DESCRIPTION
 -----------
-Set's the hostname on various operating systems.
+Sets the hostname on various operating systems.
+
+**Tip:** For advice on choosing a hostname, see
+`RFC 1178 <https://tools.ietf.org/html/rfc1178>`_.


 REQUIRED PARAMETERS
@ -18,7 +21,7 @@ None.
 OPTIONAL PARAMETERS
 -------------------
 name
-   The hostname to set. Defaults to the first segment of __target_host 
+   The hostname to set. Defaults to the first segment of __target_host
   (${__target_host%%.*})


--- a/cdist/conf/type/__hostname/manifest
+++ b/cdist/conf/type/__hostname/manifest
@ -2,6 +2,7 @@
 #
 # 2012 Steven Armstrong (steven-cdist at armstrong.cc)
 # 2014 Nico Schottelius (nico-cdist at schottelius.org)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -19,50 +20,170 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #

+not_supported() {
+    echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
+    echo "Please contribute an implementation for it if you can." >&2
+    exit 1
+}
+
+set_hostname_systemd() {
+    echo "$1" | __file /etc/hostname --source -
+}
+
 os=$(cat "$__global/explorer/os")
-if [ -f "$__object/parameter/name" ]; then
-    name_should="$(cat "$__object/parameter/name")"
+os_version=$(cat "$__global/explorer/os_version")
+os_major=$(echo "$os_version" | grep -o '^[0-9][0-9]*')
+
+max_len=$(cat "$__object/explorer/max_len")
+has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
+
+if test -s "$__object/parameter/name"
+then
+    name_should=$(cat "$__object/parameter/name")
 else
-    case "$os" in
-    openbsd)
-        name_should="${__target_host}"
-    ;;
-    *)
-        name_should="${__target_host%%.*}"
-    ;;
+    case $os
+    in
+        # RedHat-derivatives and BSDs
+        centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware)
+            # Hostname is FQDN
+            name_should="${__target_host}"
+        ;;
+        suse|opensuse-leap)
+            # Classic SuSE stores the FQDN in /etc/HOSTNAME, while
+            # systemd does not. The running hostname is the first
+            # component in both cases.
+            # In versions before 15.x, the FQDN is stored in /etc/hostname.
+            if test -n "$has_hostnamectl" && test "$os_major" -ge 15 \
+                    && test "$os_major" -ne 42
+            then
+                name_should="${__target_host%%.*}"
+            else
+                name_should="${__target_host}"
+            fi
+        ;;
+        *)
+            # Hostname is only first component of FQDN on all other systems.
+            name_should="${__target_host%%.*}"
+        ;;
    esac
 fi

+if test -n "$max_len" && test "$(printf '%s' "$name_should" | wc -c)" -gt "$max_len"
+then
+    printf "Host name too long. Up to %u characters allowed.\n" "${max_len}" >&2
+    exit 1
+fi

-not_supported() {
-   echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
-   echo "Please contribute an implementation for it if you can." >&2
-   exit 1
-}
+case $os
+in
+    alpine|debian|devuan|ubuntu|void)
+        echo "$name_should" | __file /etc/hostname --source -
+    ;;
+    archlinux)
+        if test -n "$has_hostnamectl"
+        then
+            set_hostname_systemd "$name_should"
+        else
+            echo 'Ancient ArchLinux variants without hostnamectl are not supported.' >&2
+            exit 1
+            # Only for ancient ArchLinux, write to /etc/rc.conf on pre-systemd
+            # versions.  There are some versions which use /etc/hostname but not
+            # systemd. It is unclear which ones these are.

-case "$os" in
-    archlinux|debian|suse|ubuntu|devuan|coreos)
+            # __key_value '/etc/rc.conf:HOSTNAME' \
+            #     --file /etc/rc.conf \
+            #     --delimiter '=' --exact_delimiter \
+            #     --key 'HOSTNAME' \
+            #     --value "\"$name_should\""
+        fi
+        ;;
+    centos|fedora|redhat|scientific)
+        if test -z "$has_hostnamectl"
+        then
+            # Only write to /etc/sysconfig/network on non-systemd versions.
+            # On systemd-based versions this entry is ignored.
+            __key_value '/etc/sysconfig/network:HOSTNAME' \
+                --file /etc/sysconfig/network \
+                --delimiter '=' --exact_delimiter \
+                --key HOSTNAME \
+                --value "\"$name_should\""
+        else
+            set_hostname_systemd "$name_should"
+        fi
+    ;;
+    gentoo)
+        # Only write to /etc/conf.d/hostname on OpenRC-based installations.
+        # On systemd use hostnamectl(1) in gencode-remote.
+        if test -z "$has_hostnamectl"
+        then
+            __key_value '/etc/conf.d/hostname:hostname' \
+                --file /etc/conf.d/hostname \
+                --delimiter '=' --exact_delimiter \
+                --key 'hostname' \
+                --value "\"$name_should\""
+        else
+            set_hostname_systemd "$name_should"
+        fi
+    ;;
+    freebsd)
+        __key_value '/etc/rc.conf:hostname' \
+            --file /etc/rc.conf \
+            --delimiter '=' --exact_delimiter \
+            --key 'hostname' \
+            --value "\"$name_should\""
+    ;;
+    macosx)
        # handled in gencode-remote
        :
    ;;
-    scientific|centos)
-        __key_value sysconfig-hostname \
-            --file /etc/sysconfig/network \
-            --delimiter '=' \
-            --key HOSTNAME \
-            --value "$name_should" --exact_delimiter
-    ;;
-    freebsd)
-        __key_value rcconf-hostname \
+    netbsd)
+        __key_value '/etc/rc.conf:hostname' \
            --file /etc/rc.conf \
-            --delimiter '=' \
+            --delimiter '=' --exact_delimiter \
            --key 'hostname' \
-            --value "$name_should"
+            --value "\"$name_should\""
+
+        # To avoid confusion, ensure that the hostname is only stored once.
+        __file /etc/myname --state absent
    ;;
    openbsd)
        echo "$name_should" | __file /etc/myname --source -
    ;;
+    slackware)
+        # We write the FQDN into /etc/HOSTNAME.  But /etc/rc.d/rc.M will only
+        # read the first component from this file and set it as the running
+        # hostname on boot.
+        echo "$name_should" | __file /etc/HOSTNAME --source -
+    ;;
+    solaris)
+        echo "$name_should" | __file /etc/nodename --source -
+    ;;
+    suse|opensuse-leap)
+        # Modern SuSE provides /etc/HOSTNAME as a symlink for
+        # backwards-compatibility. Unfortunately it cannot be used
+        # here as __file does not follow the symlink.
+        # Therefore, we use the presence of the hostnamectl binary as
+        # an indication of which file to use.  This unfortunately does
+        # not work correctly on openSUSE 12.x which provides
+        # hostnamectl but not /etc/hostname.
+
+        if test -n "$has_hostnamectl" -a "$os_major" -gt 12
+        then
+            hostname_file='/etc/hostname'
+        else
+            hostname_file='/etc/HOSTNAME'
+        fi
+
+        echo "$name_should" | __file "$hostname_file" --source -
+    ;;
    *)
-        not_supported
+        # On other operating systems we fall back to systemd's
+        # hostnamectl if available…
+        if test -n "$has_hostnamectl"
+        then
+            set_hostname_systemd "$name_should"
+        else
+            not_supported
+        fi
    ;;
 esac
--- a/cdist/conf/type/__letsencrypt_cert/manifest
+++ b/cdist/conf/type/__letsencrypt_cert/manifest
@ -7,6 +7,12 @@ if [ -z "${certbot_fullpath}" ]; then
 	os_version="$(cat "${__global}/explorer/os_version")"

 	case "$os" in
+        archlinux)
+            __package certbot
+            ;;
+        alpine)
+            __package certbot
+            ;;
 		debian)
 			case "$os_version" in
 				8*)
@ -33,6 +39,10 @@ if [ -z "${certbot_fullpath}" ]; then
 					require="__apt_source/stretch-backports" __package_apt certbot \
 						--target-release stretch-backports
 				;;
+				10*)
+					__package_apt certbot
+				;;
+
 				*)
 					echo "Unsupported OS version: $os_version" >&2
 					exit 1
@ -62,11 +72,12 @@ if [ -z "${certbot_fullpath}" ]; then
 								 --distribution ascii-backports \
 								 --component main

-					require="__apt_source/ascii-backports" __package_apt python-certbot \
-						--target-release ascii-backports
 					require="__apt_source/ascii-backports" __package_apt certbot \
 						--target-release ascii-backports
 				;;
+				beowulf*)
+					__package_apt certbot
+				;;
 				*)
 					echo "Unsupported OS version: $os_version" >&2
 					exit 1
--- a/cdist/conf/type/__link/gencode-remote
+++ b/cdist/conf/type/__link/gencode-remote
@ -48,21 +48,25 @@ case "$state_should" in
        if [ "$file_type" = "directory" ]; then
            # our destination is currently a directory, delete it
            printf 'rm -rf "%s" &&\n' "$destination"
+            echo "removed '$destination' (directory)" >> "$__messages_out"
        else
           if [ "$state_is" = "wrongsource" ]; then
               # our destination is a symlink but points to the wrong source,
               # delete it
               printf 'rm -f "%s" &&\n' "$destination"
+               echo "removed '$destination' (wrongsource)" >> "$__messages_out"
           fi
        fi

        # create our link
        printf 'ln %s -f "%s" "%s"\n' "$lnopt" "$source" "$destination"
+        echo "created '$destination'" >> "$__messages_out"
    ;;
    absent)
        # only delete if it is a sym/hard link
        if [ "$file_type" = "symlink" ] || [ "$file_type" = "hardlink" ]; then
            printf 'rm -f "%s"\n' "$destination"
+            echo "removed '$destination'" >> "$__messages_out"
        fi
    ;;
    *)
--- a/cdist/conf/type/__link/man.rst
+++ b/cdist/conf/type/__link/man.rst
@ -27,6 +27,22 @@ state
   'present' or 'absent', defaults to 'present'


+MESSAGES
+--------
+
+created <destination>
+   Link to destination was created.
+
+removed <destination>
+   Link to destination was removed.
+
+removed <destination> (directory)
+   Destination was removed because state is ``present`` and destination was directory.
+
+removed <destination> (wrongsource)
+   Destination was removed because state is ``present`` and destination link source was wrong.
+
+
 EXAMPLES
 --------

--- a/cdist/conf/type/__locale/gencode-remote
+++ b/cdist/conf/type/__locale/gencode-remote
@ -1,6 +1,6 @@
 #!/bin/sh -e
 #
-# 2013 Nico Schottelius (nico-cdist at schottelius.org)
+# 2013-2019 Nico Schottelius (nico-cdist at schottelius.org)
 #
 # This file is part of cdist.
 #
@ -37,6 +37,15 @@ locale_remove=$(echo "$locale" | sed 's/UTF-8/utf8/')

 state=$(cat "$__object/parameter/state")

+os=$(cat "$__global/explorer/os")
+
+# Nothing to be done on alpine
+case "$os" in
+    alpine)
+        exit 0
+        ;;
+esac
+
 case "$state" in
    present)
        echo localedef -A "$alias" -f "$charmap" -i "$input" "$locale"
--- a/cdist/conf/type/__locale/man.rst
+++ b/cdist/conf/type/__locale/man.rst
@ -8,7 +8,8 @@ cdist-type__locale - Configure locales

 DESCRIPTION
 -----------
-This cdist type allows you to setup locales.
+This cdist type allows you to setup locales. On systems that don't
+support locale setting like alpine/musl libc, it is a no-op.


 OPTIONAL PARAMETERS
@ -44,6 +45,6 @@ Nico Schottelius <nico-cdist--@--schottelius.org>

 COPYING
 -------
-Copyright \(C) 2013-2016 Nico Schottelius. Free use of this software is
+Copyright \(C) 2013-2019 Nico Schottelius. Free use of this software is
 granted under the terms of the GNU General Public License version 3 or
 later (GPLv3+).
--- a/cdist/conf/type/__locale/manifest
+++ b/cdist/conf/type/__locale/manifest
@ -1,6 +1,6 @@
 #!/bin/sh -e
 #
-# 2013-2015 Nico Schottelius (nico-cdist at schottelius.org)
+# 2013-2019 Nico Schottelius (nico-cdist at schottelius.org)
 # 2015 David Hürlimann (david at ungleich.ch)
 #
 # This file is part of cdist.
@ -19,7 +19,7 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 #
-# Install required packages 
+# Install required packages
 #

 os=$(cat "$__global/explorer/os")
@ -30,7 +30,7 @@ case "$os" in
        # Debian needs a seperate package
        __package locales --state present
    ;;
-    archlinux|suse|ubuntu|scientific|centos)
+    archlinux|suse|ubuntu|scientific|centos|alpine)
        :
    ;;
    *)
--- a/cdist/conf/type/__package/manifest
+++ b/cdist/conf/type/__package/manifest
@ -1,6 +1,7 @@
 #!/bin/sh -e
 #
 # 2011-2013 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2019 Nico Schottelius (nico-cdist at schottelius.org)
 #
 # This file is part of cdist.
 #
@ -44,6 +45,7 @@ else
         suse) type="zypper" ;;
         openwrt) type="opkg" ;;
         openbsd) type="pkg_openbsd" ;;
+         alpine) type="apk" ;;
         *)
            echo "Don't know how to manage packages on: $os" >&2
            exit 1
--- a/cdist/conf/type/__package_apk/explorer/state
+++ b/cdist/conf/type/__package_apk/explorer/state
@ -0,0 +1,38 @@
+#!/bin/sh
+#
+# 2019 Nico Schottelius (nico-cdist at schottelius.org)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Retrieve the status of a package - parsed apk output
+#
+
+if [ -f "$__object/parameter/name" ]; then
+   name="$(cat "$__object/parameter/name")"
+else
+   name="$__object_id"
+fi
+
+# Remove the @.. repo tag for finding out whether it is installed
+# f.i. pass@testing => pass
+name="$(echo "$name" | sed 's/@.*//')"
+
+if [ "$(apk list -I "$name")" ]; then
+    echo present
+else
+    echo absent
+fi
--- a/cdist/conf/type/__package_apk/gencode-remote
+++ b/cdist/conf/type/__package_apk/gencode-remote
@ -0,0 +1,49 @@
+#!/bin/sh -e
+#
+# 2019 Nico Schottelius (nico-cdist at schottelius.org)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Manage packages on Debian and co.
+#
+
+if [ -f "$__object/parameter/name" ]; then
+   name="$(cat "$__object/parameter/name")"
+else
+   name="$__object_id"
+fi
+
+state_should="$(cat "$__object/parameter/state")"
+state_is="$(cat "$__object/explorer/state")"
+
+# Nothing to be done
+[ "$state_is" = "$state_should" ] && exit 0
+
+case "$state_should" in
+    present)
+        echo "apk add -q '$name'"
+        echo "installed" >> "$__messages_out"
+    ;;
+    absent)
+        echo "apk del -q '$name'"
+        echo "removed" >> "$__messages_out"
+    ;;
+    *)
+        echo "Unknown state: $state_should" >&2
+        exit 1
+    ;;
+esac
--- a/cdist/conf/type/__package_apk/man.rst
+++ b/cdist/conf/type/__package_apk/man.rst
@ -0,0 +1,55 @@
+cdist-type__package_akp(7)
+==========================
+
+NAME
+----
+cdist-type__package_akp - Manage packages with akp
+
+
+DESCRIPTION
+-----------
+apk is usually used on Alpine to manage packages.
+
+
+REQUIRED PARAMETERS
+-------------------
+None
+
+
+OPTIONAL PARAMETERS
+-------------------
+name
+   If supplied, use the name and not the object id as the package name.
+
+state
+    Either "present" or "absent", defaults to "present"
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    # Ensure zsh in installed
+    __package_apk zsh --state present
+
+    # Remove package
+    __package_apk apache2 --state absent
+
+
+SEE ALSO
+--------
+:strong:`cdist-type__package`\ (7)
+
+
+AUTHORS
+-------
+Nico Schottelius <nico-cdist--@--schottelius.org>
+
+
+COPYING
+-------
+Copyright \(C) 2019 Nico Schottelius. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
--- a/cdist/conf/type/__package_apk/nonparallel
+++ b/cdist/conf/type/__package_apk/nonparallel
--- a/cdist/conf/type/__package_apk/parameter/default/state
+++ b/cdist/conf/type/__package_apk/parameter/default/state
@ -0,0 +1 @@
+present
--- a/cdist/conf/type/__package_apk/parameter/optional
+++ b/cdist/conf/type/__package_apk/parameter/optional
@ -0,0 +1,2 @@
+name
+state
--- a/cdist/conf/type/__package_update_index/explorer/currage
+++ b/cdist/conf/type/__package_update_index/explorer/currage
@ -34,6 +34,9 @@ case "$type" in
            echo 0
        fi
        ;;
+    alpine)
+        echo 0
+        ;;
    *)  echo "Your specified type ($type) is currently not supported." >&2
        echo "Please contribute an implementation for it if you can." >&2
        ;;
--- a/cdist/conf/type/__package_update_index/explorer/type
+++ b/cdist/conf/type/__package_update_index/explorer/type
@ -26,6 +26,7 @@ else
        amazon|scientific|centos|fedora|redhat) echo "yum" ;;
        debian|ubuntu|devuan) echo "apt" ;;
        archlinux) echo "pacman" ;;
+        alpine) echo "apk" ;;
        *)
            echo "Don't know how to manage packages on: $os" >&2
            exit 1
--- a/cdist/conf/type/__package_update_index/gencode-remote
+++ b/cdist/conf/type/__package_update_index/gencode-remote
@ -47,6 +47,10 @@ case "$type" in
        echo "pacman --noprogressbar --sync --refresh"
        echo "pacman package database synced (age was: $currage)" >> "$__messages_out"
        ;;
+    alpine)
+        echo "apk update"
+        echo "apk package database updated."
+        ;;
    *)
        echo "Don't know how to manage packages for type: $type" >&2
        exit 1
--- a/cdist/conf/type/__postfix/manifest
+++ b/cdist/conf/type/__postfix/manifest
@ -1,6 +1,7 @@
 #!/bin/sh -e
 #
 # 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2019 Nico Schottelius (nico-cdist at schottelius.org)
 #
 # This file is part of cdist.
 #
@ -22,7 +23,7 @@
 os=$(cat "$__global/explorer/os")

 case "$os" in
-   ubuntu|debian|archlinux|suse|scientific|centos|devuan)
+   alpine|ubuntu|debian|archlinux|suse|scientific|centos|devuan)
      __package postfix --state present
   ;;
   *)
--- a/cdist/conf/type/__postfix_postconf/explorer/value
+++ b/cdist/conf/type/__postfix_postconf/explorer/value
@ -22,7 +22,7 @@
 os=$("$__explorer/os")

 case "$os" in
-   ubuntu|debian|archlinux|suse|scientific|centos|devuan)
+   alpine|ubuntu|debian|archlinux|suse|scientific|centos|devuan)
      :
   ;;
   *)
--- a/cdist/conf/type/__postfix_postconf/gencode-remote
+++ b/cdist/conf/type/__postfix_postconf/gencode-remote
@ -1,6 +1,7 @@
 #!/bin/sh -e
 #
 # 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2019 Nico Schottelius (nico-cdist at schottelius.org)
 #
 # This file is part of cdist.
 #
@ -21,7 +22,7 @@
 os=$(cat "$__global/explorer/os")

 case "$os" in
-   ubuntu|debian|archlinux|suse|scientific|centos|devuan)
+   alpine|archlinux|centos|debian|devuan|suse|scientific|ubuntu)
      :
   ;;
   *)
--- a/cdist/conf/type/__postgres_database/explorer/state
+++ b/cdist/conf/type/__postgres_database/explorer/state
@ -34,7 +34,7 @@ esac

 name="$__object_id"

-if test -n "$(su - "$postgres_user" -c "psql postgres -tAc \"SELECT 1 FROM pg_database WHERE datname='$name'\"")"
+if test -n "$(su - "$postgres_user" -c "psql postgres -twAc \"SELECT 1 FROM pg_database WHERE datname='$name'\"")"
 then
    echo 'present'
 else
--- a/cdist/conf/type/__postgres_role/explorer/state
+++ b/cdist/conf/type/__postgres_role/explorer/state
@ -34,7 +34,7 @@ esac

 name="$__object_id"

-if test -n "$(su - "$postgres_user" -c "psql postgres -tAc \"SELECT 1 FROM pg_roles WHERE rolname='$name'\"")"
+if test -n "$(su - "$postgres_user" -c "psql postgres -twAc \"SELECT 1 FROM pg_roles WHERE rolname='$name'\"")"
 then
    echo 'present'
 else
--- a/cdist/conf/type/__postgres_role/gencode-remote
+++ b/cdist/conf/type/__postgres_role/gencode-remote
@ -55,7 +55,7 @@ case "$state_should" in
        [ -n "$password" ] && password="PASSWORD '$password'"

        cmd="CREATE ROLE $name WITH $password $booleans"
-        echo "su - '$postgres_user' -c \"psql postgres -c \\\"$cmd\\\"\""
+        echo "su - '$postgres_user' -c \"psql postgres -wc \\\"$cmd\\\"\""
    ;;
    absent)
        echo "su - '$postgres_user' -c \"dropuser \\\"$name\\\"\""
--- a/cdist/conf/type/__prometheus_alertmanager/manifest
+++ b/cdist/conf/type/__prometheus_alertmanager/manifest
@ -30,6 +30,7 @@ if [ -f "$__object/parameter/install-from-backports" ]; then
 		*)
 			echo "--install-from-backports is only supported on Devuan -- ignoring." >&2
 			echo "Send a pull request if you require it." >&2
+			exit 1
 		;;
 	esac
 else
@ -60,5 +61,5 @@ require="$require __directory/$storage_path $require_pkg" \
 __config_file $CONF \
 	--source "$config" \
 	--group prometheus --mode 640 \
-	--onchange "service prometheus-alertmanager reload"  # TODO when a config-check tool is available, check config here
+	--onchange "service prometheus-alertmanager restart"  # TODO when a config-check tool is available, check config here

--- a/cdist/conf/type/__prometheus_exporter/manifest
+++ b/cdist/conf/type/__prometheus_exporter/manifest
@ -5,9 +5,11 @@ export GOBIN=/opt/gocode/bin  # where to find go binaries
 exporter="$(cat "$__object/parameter/exporter")"
 [ -z "$exporter" ] && exporter="$__object_id"

-__user prometheus --system
+__user prometheus
+require="__user/prometheus" __group prometheus
+require="__group/prometheus" __user_groups prometheus --group prometheus

-require=""
+require="__user_groups/prometheus"
 case $exporter in
 	node)
 		TEXTFILES=/service/node-exporter/textfiles  # path for the textfiles collector
--- a/cdist/conf/type/__prometheus_server/manifest
+++ b/cdist/conf/type/__prometheus_server/manifest
@ -33,11 +33,13 @@ if [ -f "$__object/parameter/install-from-backports" ]; then
 		*)
 			echo "--install-from-backports is only supported on Devuan -- ignoring." >&2
 			echo "Send a pull request if you require it." >&2
+			exit 1
 		;;
 	esac
 else
 	__package prometheus
-	require_pkg="__package/prometheus"
+	__package prometheus-blackbox-exporter
+	require_pkg="__package/prometheus __package/prometheus-blackbox-exporter"
 fi

 ##### PREPARE PATHS AND SUCH ################################################
@ -58,7 +60,7 @@ require="$require __directory/$storage_path $require_pkg" \
 __config_file $CONF \
 	--source "$config" \
 	--group prometheus --mode 640 \
-	--onchange "promtool check config $CONF && service prometheus reload"
+	--onchange "promtool check config $CONF && service prometheus restart"

 for file in $rule_files; do
 	dest=$CONF_DIR/$(basename "$file")
@ -66,6 +68,6 @@ for file in $rule_files; do
 	__config_file "$dest" \
 		--source "$file" \
 		--owner prometheus \
-		--onchange "promtool check rules '$dest' && service prometheus reload"
+		--onchange "promtool check rules '$dest' && service prometheus restart"
 done

--- a/cdist/conf/type/__sensible_editor/explorer/editor_path
+++ b/cdist/conf/type/__sensible_editor/explorer/editor_path
@ -0,0 +1,131 @@
+#!/bin/sh -e
+#
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Check if the given editor is present on the target system and determine its
+# absolute path.
+#
+
+die() {
+	echo "$@" >&2
+	exit 1
+}
+
+editor_missing() { die "Editor '$1' is missing on the target system."; }
+editor_no_alternative() {
+	die "Editor '$1' is not in the alternatives list of the target system." \
+		"$(test -n "${editors}" && printf '\nPlease choose one of:\n\n%s\n' "${editors}")"
+}
+
+# No need to check for the path if the file is supposed to be removed.
+test "$(cat "${__object}/parameter/state")" != 'absent' || exit 0
+
+
+case $("${__explorer}/os")
+in
+	debian|devuan|ubuntu)
+		has_alternatives=true
+
+		# NOTE: Old versions do not support `--list`, in this case ignore the errors.
+		#       This will require an absolute path to be provided, though.
+		editors=$(update-alternatives --list editor 2>/dev/null)
+		;;
+	*)
+		# NOTE: RedHat has an alternatives system but it doesn't usually track
+		#       editors and it is a pain to extract the list.
+		has_alternatives=false
+		;;
+esac
+
+# Read --editor parameter and check its value since it is "optional"
+editor=$(cat "${__object}/parameter/editor" 2>/dev/null) || true
+test -n "${editor}" || die 'Please provide an --editor to configure.'
+
+case $editor
+in
+	/*)
+		is_abspath=true
+		;;
+	*/*)
+		die 'Relative editor paths are not supported'
+		;;
+	*)
+		is_abspath=false
+		;;
+esac
+
+
+if $has_alternatives && test -n "${editors}"
+then
+	IFS='
+'
+	if ! $is_abspath
+	then
+		# First, try to resolve the absolute path using $editors.
+		while true
+		do
+			for e in $editors
+			do
+				if test "$(basename "${e}")" = "${editor}"
+				then
+					editor="${e}"
+					break 2  # break out of both loops
+				fi
+			done
+
+			# Iterating through alternatives did not yield a result
+			editor_no_alternative "${editor}"
+			break
+		done
+	fi
+
+	# Check if editor is present
+	test -f "${editor}" || editor_missing "${editor}"
+
+	for e in $editors
+	do
+		if test "${editor}" = "${e}"
+		then
+			# Editor is part of the alternatives list -> use it!
+			echo "${editor}"
+			exit 0
+		fi
+	done
+
+	editor_no_alternative "${editor}"
+else
+	# NOTE: This branch is mostly for RedHat-based systems which do
+	#       not track editor alternatives.  To make this type useful
+	#       on RedHat at all we allow an absoloute path to be provided
+	#       in any case.
+
+	if $is_abspath
+	then
+		test -x "${editor}" || editor_missing "${editor}"
+
+		echo "${editor}"
+		exit 0
+	else
+		die "The target doesn't list any editor alternatives. " \
+		    "Please specify an absolute path or populate the alternatives list."
+	fi
+fi
+
+# The script should never reach this statement!
+exit 1
--- a/cdist/conf/type/__sensible_editor/explorer/group
+++ b/cdist/conf/type/__sensible_editor/explorer/group
@ -0,0 +1,26 @@
+#!/bin/sh -e
+#
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Determines the primary group of the user.
+#
+
+user=$__object_id
+
+id -gn "${user}" 2>/dev/null
--- a/cdist/conf/type/__sensible_editor/explorer/user_home
+++ b/cdist/conf/type/__sensible_editor/explorer/user_home
@ -0,0 +1,33 @@
+#!/bin/sh -e
+#
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Determines the home folder of the target user.
+#
+
+user=$__object_id
+home=$(getent passwd "${user}" | cut -d':' -f6)
+
+if ! test -d "${home}"
+then
+	echo "Cannot find home directory of user ${user}" >&2
+	exit 1
+fi
+
+echo "${home}"
--- a/cdist/conf/type/__sensible_editor/man.rst
+++ b/cdist/conf/type/__sensible_editor/man.rst
@ -0,0 +1,78 @@
+cdist-type__sensible_editor(7)
+==============================
+
+NAME
+----
+cdist-type__sensible_editor - Select the sensible-editor
+
+
+DESCRIPTION
+-----------
+This cdist type allows you to select the :strong:`sensible-editor` for
+a given user.
+
+
+REQUIRED PARAMETERS
+-------------------
+editor
+    Name or path of the editor to be selected.
+    On systems other than Debian derivatives an absolute path is required.
+
+	It is permissible to omit this parameter if --state is absent.
+
+
+OPTIONAL PARAMETERS
+-------------------
+state
+    'present', 'absent', or 'exists'. Defaults to 'present', where:
+
+    present
+        the sensible-editor is exactly what is specified in --editor.
+    absent
+        no sensible-editor configuration is present.
+    exists
+        the sensible-editor will be set to what is specified in --editor,
+        unless there already is a configuration on the target system.
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    __sensible_editor root --editor /bin/ed  # ed(1) is the standard
+    __sensible_editor noob --editor nano
+
+
+LIMITATIONS
+-----------
+
+This type depends upon the :strong:`sensible-editor`\ (1) script which
+is part of the sensible-utils package.
+
+Therefore, the following operating systems are supported:
+  * Debian 8 (jessie) or later
+  * Devuan
+  * Ubuntu 8.10 (intrepid) or later
+  * RHEL/CentOS 7 or later (EPEL repo required)
+  * Fedora 21 or later
+
+Note: on old versions of Ubuntu the sensible-* utils are part of the
+debianutils package.
+
+SEE ALSO
+--------
+:strong:`select-editor`\ (1), :strong:`sensible-editor`\ (1).
+
+
+AUTHOR
+-------
+Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
+
+
+COPYING
+-------
+Copyright \(C) 2019 Dennis Camera.
+You can redistribute it and/or modify it under the terms of the GNU General
+Public License as published by the Free Software Foundation, either version 3 of
+the License, or (at your option) any later version.
--- a/cdist/conf/type/__sensible_editor/manifest
+++ b/cdist/conf/type/__sensible_editor/manifest
@ -0,0 +1,94 @@
+#!/bin/sh -e
+# -*- mode: sh; indent-tabs-mode: t -*-
+#
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+version_ge() {
+	awk -F '[^0-9.]' -v target="${1:?}" '
+	function max(x, y) { return x > y ? x : y; }
+	BEGIN {
+		getline;
+		nx = split($1, x, ".");
+		ny = split(target, y, ".");
+		for (i = 1; i <= max(nx, ny); ++i) {
+			diff = int(x[i]) - int(y[i]);
+			if (diff < 0) exit 1;
+			else if (diff > 0) exit 0;
+			else continue;
+		}
+	}'
+}
+
+not_supported() {
+	echo "OS ${os} does not support __sensible_editor." >&2
+	echo 'If it does, please provide a patch.' >&2
+	exit 1
+}
+
+os=$(cat "${__global}/explorer/os")
+os_version=$(cat "${__global}/explorer/os_version")
+
+state=$(cat "${__object}/parameter/state")
+user=$__object_id
+
+if test "${state}" != 'present' && test "${state}" != 'exists' && test "${state}" != 'absent'
+then
+	echo 'Only "present", "exists", and "absent" are allowed for --state' >&2
+	exit 1
+fi
+
+package_name='sensible-utils'
+
+case $os
+in
+	debian)
+		pkg_type='apt'
+		;;
+	devuan)
+		pkg_type='apt'
+		;;
+	ubuntu)
+		(echo "${os_version}" | version_ge 10.04) || package_name='debianutils'
+		pkg_type='apt'
+		;;
+	centos|fedora|redhat|scientific)
+		pkg_type='yum'
+		;;
+	*)
+		not_supported
+		;;
+esac
+
+if test "${state}" != 'absent'
+then
+	__package "${package_name}" --state present \
+		--type "${pkg_type}"
+	export require="__package/${package_name}"
+fi
+
+editor_path=$(cat "${__object}/explorer/editor_path")
+user_home=$(cat "${__object}/explorer/user_home")
+group=$(cat "${__object}/explorer/group")
+
+__file "${user_home}/.selected_editor" --state "${state}" \
+	--owner "${user}" --group "${group}" --mode 0644 \
+	--source - <<EOF
+# Managed by cdist
+SELECTED_EDITOR="${editor_path}"
+EOF
--- a/cdist/conf/type/__sensible_editor/parameter/default/state
+++ b/cdist/conf/type/__sensible_editor/parameter/default/state
@ -0,0 +1 @@
+present
--- a/cdist/conf/type/__sensible_editor/parameter/optional
+++ b/cdist/conf/type/__sensible_editor/parameter/optional
@ -0,0 +1,2 @@
+editor
+state
--- a/cdist/conf/type/__ssh_authorized_keys/explorer/file
+++ b/cdist/conf/type/__ssh_authorized_keys/explorer/file
@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -19,9 +20,42 @@
 #

 if [ -f "$__object/parameter/file" ]; then
-   cat "$__object/parameter/file"
+	cat "$__object/parameter/file"
 else
-   owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
-   home=$(getent passwd "$owner" | cut -d':' -f 6)
-   echo "$home/.ssh/authorized_keys"
+	if [ -s "$__object/parameter/owner" ]
+	then
+		owner=$(cat "$__object/parameter/owner")
+	else
+		owner="$__object_id"
+	fi
+
+	if command -v getent >/dev/null
+	then
+		owner_line=$(getent passwd "$owner")
+	elif [ -f /etc/passwd ]
+	then
+		case $owner
+		in
+			[0-9][0-9]*)
+				owner_line=$(awk -F: "\$3 == \"${owner}\" { print }" /etc/passwd)
+				;;
+			*)
+				owner_line=$(awk -F: "\$1 == \"${owner}\" { print }" /etc/passwd)
+				;;
+		esac
+	fi
+
+	if [ "$owner_line" ]
+	then
+		home=$(echo "$owner_line" | cut -d':' -f6)
+	fi
+
+	if [ ! -d "$home" ]
+	then
+		# Don't know how to determine user's home directory, fall back to ~
+		home="~$owner"
+		command -v realpath >/dev/null && home=$(realpath "$home")
+	fi
+
+	[ -d "$home" ] && echo "$home/.ssh/authorized_keys"
 fi
--- a/cdist/conf/type/__ssh_authorized_keys/explorer/group
+++ b/cdist/conf/type/__ssh_authorized_keys/explorer/group
@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -18,6 +19,28 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #

-owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
-gid="$(getent passwd "$owner" | cut -d':' -f 4)"
-getent group "$gid" || true
+if [ -s "$__object/parameter/owner" ]
+then
+	owner=$(cat "$__object/parameter/owner")
+else
+	owner="$__object_id"
+fi
+
+if command -v getent >/dev/null
+then
+	gid=$(getent passwd "$owner" | cut -d':' -f4)
+	getent group "$gid" || true
+else
+	# Fallback to local file scanning
+	case $owner
+	in
+		[0-9][0-9]*)
+			gid=$(awk -F: "\$3 == \"${owner}\" { print \$4 }" /etc/passwd)
+			;;
+		*)
+			gid=$(awk -F: "\$1 == \"${owner}\" { print \$4 }" /etc/passwd)
+			;;
+	esac
+
+	awk -F: "\$3 == \"$gid\" { print }" /etc/group
+fi
--- a/cdist/conf/type/__ssh_authorized_keys/manifest
+++ b/cdist/conf/type/__ssh_authorized_keys/manifest
@ -23,6 +23,12 @@ owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
 state="$(cat "$__object/parameter/state" 2>/dev/null)"
 file="$(cat "$__object/explorer/file")"

+if [ ! -f "$__object/parameter/nofile" ] && [ -z "$file" ]
+then
+	echo "Cannot determine path of authorized_keys file" >&2
+	exit 1
+fi
+
 if [ ! -f "$__object/parameter/noparent" ] || [ ! -f "$__object/parameter/nofile" ]; then
   group="$(cut -d':' -f 1 "$__object/explorer/group")"
   if [ -z "$group" ]; then
@ -45,18 +51,6 @@ if [ ! -f "$__object/parameter/noparent" ] || [ ! -f "$__object/parameter/nofile
   fi
 fi

-# Remove legacy blocks created by old versions of this type
-# FIXME: remove me in 3.2+
-__block "$__object_name" \
-   --file "$file" \
-   --prefix "#cdist:$__object_name" \
-   --suffix "#/cdist:$__object_name" \
-   --state 'absent' \
-   --text - << DONE
-remove legacy block
-DONE
-export require="__block/$__object_name"
-
 _cksum() {
   echo "$1" | cksum | cut -d' ' -f 1
 }
@ -69,7 +63,8 @@ while read -r key; do
   set -- "$@" --key "$key"
   set -- "$@" --state "$state"
   if [ -f "$__object/parameter/option" ]; then
-      set -- "$@" --option "$(cat "$__object/parameter/option")"
+      # shellcheck disable=SC2046
+      set -- "$@" $(printf -- '--option %s ' $(cat "$__object/parameter/option"))
   fi
   if [ -f "$__object/parameter/comment" ]; then
      set -- "$@" --comment "$(cat "$__object/parameter/comment")"
--- a/cdist/conf/type/__ssh_dot_ssh/explorer/group
+++ b/cdist/conf/type/__ssh_dot_ssh/explorer/group
@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -18,5 +19,11 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #

-gid="$("$__type_explorer/passwd" | cut -d':' -f 4)"
-getent group "$gid" || true
+gid=$("$__type_explorer/passwd" | cut -d':' -f4)
+
+if command -v getent >/dev/null
+then
+	getent group "$gid" || true
+else
+	awk -F: "\$3 == \"$gid\" { print }" /etc/group
+fi
--- a/cdist/conf/type/__ssh_dot_ssh/explorer/passwd
+++ b/cdist/conf/type/__ssh_dot_ssh/explorer/passwd
@ -2,6 +2,7 @@
 #
 # 2012 Steven Armstrong (steven-cdist at armstrong.cc)
 # 2014 Nico Schottelius (nico-cdist at schottelius.org)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -21,4 +22,16 @@

 owner="$__object_id"

-getent passwd "$owner" || true
+if command -v getent >/dev/null
+then
+    getent passwd "$owner" || true
+else
+    case $owner in
+        [0-9][0-9]*)
+            awk -F: "\$3 == \"$owner\" { print }" /etc/passwd
+            ;;
+        *)
+            grep "^$owner:" /etc/passwd || true
+            ;;
+    esac
+fi
--- a/cdist/conf/type/__start_on_boot/explorer/state
+++ b/cdist/conf/type/__start_on_boot/explorer/state
@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# 2012-2015 Nico Schottelius (nico-cdist at schottelius.org)
+# 2012-2019 Nico Schottelius (nico-cdist at schottelius.org)
 # 2013 Daniel Heule (hda at sfs.biz)
 #
 # This file is part of cdist.
@ -75,9 +75,14 @@ else
            state=$(chkconfig --check "$name" "$runlevel" || echo absent)
            [ "$state" ] || state="present"
        ;;
-        gentoo)
-            state="present"
-            [ -f "/etc/runlevels/${target_runlevel}/${name}" ] || state="absent"
+        gentoo|alpine)
+            state="absent"
+            for d in /etc/runlevels/*; do
+                if [ -f "/etc/runlevels/${d}/${name}" ];then
+                    state="present"
+                    break
+                fi
+            done
        ;;
        freebsd)
            state="absent"
@ -88,6 +93,7 @@ else
            # OpenBSD 5.7 and higher
            rcctl ls on | grep "^${name}$" && state='present'
        ;;
+
        *)
           echo "Unsupported os: $os" >&2
           exit 1
--- a/cdist/conf/type/__start_on_boot/gencode-remote
+++ b/cdist/conf/type/__start_on_boot/gencode-remote
@ -58,7 +58,7 @@ case "$state_should" in
                    echo "update-rc.d '$name' defaults >/dev/null"
                ;;

-                gentoo)
+                alpine|gentoo)
                    echo "rc-update add '$name' '$target_runlevel'"
                ;;

@ -106,7 +106,7 @@ case "$state_should" in
                    echo "update-rc.d -f '$name' remove"
                ;;

-                gentoo)
+                alpine|gentoo)
                    echo "rc-update del '$name' '$target_runlevel'"
                ;;

--- a/cdist/conf/type/__start_on_boot/man.rst
+++ b/cdist/conf/type/__start_on_boot/man.rst
@ -55,7 +55,7 @@ Nico Schottelius <nico-cdist--@--schottelius.org>

 COPYING
 -------
-Copyright \(C) 2012 Nico Schottelius. You can redistribute it
+Copyright \(C) 2012-2019 Nico Schottelius. You can redistribute it
 and/or modify it under the terms of the GNU General Public License as
 published by the Free Software Foundation, either version 3 of the
 License, or (at your option) any later version.
--- a/cdist/conf/type/__sysctl/manifest
+++ b/cdist/conf/type/__sysctl/manifest
@ -2,6 +2,7 @@
 #
 # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
 # 2018 Takashi Yoshi (takashi at yoshi.email)
+# 2019 Nico Schottelius (nico-cdist at schottelius.org)
 #
 # This file is part of cdist.
 #
@ -24,7 +25,7 @@ os=$(cat "$__global/explorer/os")

 case "$os" in
   # Linux
-   redhat|centos|ubuntu|debian|devuan|archlinux|coreos)
+   alpine|redhat|centos|ubuntu|debian|devuan|archlinux|coreos)
      :
   ;;
   # BSD
--- a/cdist/conf/type/__timezone/gencode-remote
+++ b/cdist/conf/type/__timezone/gencode-remote
@ -1,6 +1,7 @@
 #!/bin/sh -e
 #
 # 2012 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2019 Nico Schottelius (nico-cdist at schottelius.org)
 #
 # This file is part of cdist.
 #
@ -29,7 +30,7 @@ if [ "$timezone_is" = "$timezone_should" ]; then
 fi

 case "$os" in
-   ubuntu|debian|devuan|coreos)
+   ubuntu|debian|devuan|coreos|alpine)
      echo "echo \"$timezone_should\" > /etc/timezone"
   ;;
 esac
--- a/cdist/conf/type/__timezone/manifest
+++ b/cdist/conf/type/__timezone/manifest
@ -2,7 +2,7 @@
 #
 # 2011 Ramon Salvadó (rsalvado at gnuine dot com)
 # 2012-2015 Steven Armstrong (steven-cdist at armstrong.cc)
-# 2012 Nico Schottelius (nico-cdist at schottelius.org)
+# 2012-2019 Nico Schottelius (nico-cdist at schottelius.org)
 #
 # This file is part of cdist.
 #
@ -26,7 +26,7 @@ timezone="$__object_id"
 os=$(cat "$__global/explorer/os")

 case "$os" in
-    archlinux|debian|ubuntu|devuan)
+    archlinux|debian|ubuntu|devuan|alpine)
        __package tzdata
        export require="__package/tzdata"
    ;;
--- a/Show more
+++ b/Show more
				`@ -0,0 +1 @@`
				`https://releases.hashicorp.com/consul/1.5.0/consul_1.5.0_linux_amd64.zip`