Release 6.1.0

[__hostname] Support more operating systems

See merge request ungleich-public/cdist!802

.gitignore

@@ -34,7 +34,7 @@ cdist/inventory/
 # Python: cache, distutils, distribution in general
 __pycache__/
 *.pyc
-MANIFEST
+/MANIFEST
 dist/
 cdist/version.py
 cdist.egg-info/

cdist/argparse.py

@@ -5,6 +5,7 @@ import logging
 import collections
 import functools
 import cdist.configuration
+import cdist.preos
 
 
 # set of beta sub-commands
@@ -20,6 +21,7 @@ parser = None
 
 _verbosity_level_off = -2
 _verbosity_level = {
+    None: logging.WARNING,
     _verbosity_level_off: logging.OFF,
     -1: logging.ERROR,
     0: logging.WARNING,
@@ -422,6 +424,9 @@ def get_parsers():
     parser['inventory'].set_defaults(
             func=cdist.inventory.Inventory.commandline)
 
+    # PreOs
+    parser['preos'] = parser['sub'].add_parser('preos', add_help=False)
+
     # Shell
     parser['shell'] = parser['sub'].add_parser(
             'shell', parents=[parser['loglevel']])

cdist/conf/explorer/hostname

@@ -1,7 +1,6 @@
 #!/bin/sh
 #
-# 2010-2014 Nico Schottelius (nico-cdist at schottelius.org)
-# 2012 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@@ -19,7 +18,12 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 #
+# Retrieve the running hostname
+#
 
-if command -v uname >/dev/null; then
-   uname -n
+if command -v hostname >/dev/null
+then
+	hostname
+else
+	uname -n
 fi

cdist/conf/explorer/interfaces

@@ -18,13 +18,11 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
-if command -v ip > /dev/null
+if command -v ip >/dev/null
 then
-    ip -o link show | sed -n 's/^[0-9]\+: \(.\+\): <.*/\1/p'
-
-elif command -v ifconfig > /dev/null
+	ip -o link show | sed -n 's/^[0-9]\+: \(.\+\): <.*/\1/p'
+elif command -v ifconfig >/dev/null
 then
-    ifconfig -a \
-        | sed -n -E 's/^(.*)(:[[:space:]]*flags=|Link encap).*/\1/p' \
-        | sort -u
-fi
+	ifconfig -a | sed -n -E 's/^(.*)(:[[:space:]]*flags=|Link encap).*/\1/p'
+fi \
+ | sort -u

cdist/conf/explorer/os

@@ -145,7 +145,7 @@ esac
 if [ -f /etc/os-release ]; then
    # already lowercase, according to:
    # https://www.freedesktop.org/software/systemd/man/os-release.html
-   awk -F= '/^ID=/ {print $2;}' /etc/os-release
+   awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release
    exit 0
 fi
 

cdist/conf/type/__apt_key/gencode-remote

@@ -48,11 +48,11 @@ curl -s -L \\
     -o "$keyfile" \\
     "$uri"
 
-if grep -Fq 'BEGIN PGP PUBLIC KEY BLOCK' \\
-    "$keyfile"
+key="\$( cat "$keyfile" )"
+
+if echo "\$key" | grep -Fq 'BEGIN PGP PUBLIC KEY BLOCK'
 then
-    cat "$keyfile" \\
-        | gpg --export > "$keyfile"
+    echo "\$key" | gpg --dearmor > "$keyfile"
 fi
 
 EOF

cdist/conf/type/__git/gencode-remote

@@ -19,32 +19,34 @@
 #
 #
 
-state_is="$(cat "$__object/explorer/state")"
-owner_is="$(cat "$__object/explorer/owner")"
-group_is="$(cat "$__object/explorer/group")"
+state_is=$(cat "$__object/explorer/state")
+owner_is=$(cat "$__object/explorer/owner")
+group_is=$(cat "$__object/explorer/group")
 
-state_should="$(cat "$__object/parameter/state")"
+state_should=$(cat "$__object/parameter/state")
 
-branch="$(cat "$__object/parameter/branch")"
+branch=$(cat "$__object/parameter/branch")
 
-source="$(cat "$__object/parameter/source")"
+source=$(cat "$__object/parameter/source")
 
 destination="/$__object_id"
 
-owner="$(cat "$__object/parameter/owner")"
-group="$(cat "$__object/parameter/group")"
-mode="$(cat "$__object/parameter/mode")"
+owner=$(cat "$__object/parameter/owner")
+group=$(cat "$__object/parameter/group")
+mode=$(cat "$__object/parameter/mode")
 
-[  "$state_should" = "$state_is" ] && \
-[  "$owner" = "$owner_is" ] && \
-[  "$group" = "$group_is" ] && \
-[  -n "$mode" ] && exit 0
+[ -f "$__object/parameter/recursive" ] && recursive='--recurse-submodules' || recursive=''
+[ -f "$__object/parameter/shallow" ] && shallow='--depth 1 --shallow-submodules' || shallow=''
+
+[ "$state_should" = "$state_is" ] \
+ && [ "$owner" = "$owner_is" ] \
+ && [ "$group" = "$group_is" ] \
+ && [ -n "$mode" ] && exit 0
 
 case $state_should in
     present)
-
         if [ "$state_should" != "$state_is" ]; then
-            echo git clone --quiet --branch "$branch" "$source" "$destination"
+            echo git clone --quiet "$recursive" "$shallow" --branch "$branch" "$source" "$destination"
         fi
         if { [ -n "$owner" ] && [ "$owner_is" != "$owner" ]; } || \
            { [ -n "$group" ] && [ "$group_is" != "$group" ]; }; then
@@ -54,8 +56,9 @@ case $state_should in
             echo chmod -R "$mode" "$destination"
         fi
     ;;
-    # Handled in manifest
+
     absent)
+        # Handled in manifest
     ;;
 
     *)

cdist/conf/type/__git/man.rst

@@ -35,6 +35,12 @@ mode
 owner
    User to chown to.
 
+recursive
+   Passes the --recurse-submodules flag to git when cloning the repository.
+
+shallow
+   Sets --depth=1 and --shallow-submodules for cloning repositories with big history.
+
 
 EXAMPLES
 --------

cdist/conf/type/__git/parameter/boolean

@@ -0,0 +1,2 @@
+recursive
+shallow

cdist/conf/type/__grafana_dashboard/manifest

@@ -15,6 +15,10 @@ case $os in
                 # Differntation not needed anymore
                 apt_source_distribution=stable
                 ;;
+            10*)
+                # Differntation not needed anymore
+                apt_source_distribution=stable
+                ;;
             *)
                 echo "Don't know how to install Grafana on $os $os_version. Send us a pull request!" >&2
                 exit 1
@@ -29,10 +33,9 @@ case $os in
                     --uri https://packages.grafana.com/oss/deb \
                     --distribution $apt_source_distribution \
                     --component main
-
         __package apt-transport-https
-
-        require="$require __apt_source/grafana __package/apt-transport-https" __package grafana
+        require="$require __apt_source/grafana" __apt_update_index
+        require="$require  __package/apt-transport-https __apt_update_index" __package grafana
         require="$require __package/grafana" __start_on_boot grafana-server
         require="$require __start_on_boot/grafana-server" __process grafana-server --start "service grafana-server start"
         ;;

cdist/conf/type/__group/explorer/group

@@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@@ -21,7 +22,21 @@
 # Get an existing groups group entry.
 #
 
+not_supported() {
+	echo "Your operating system ($("$__explorer/os")) is currently not supported." >&2
+	echo "Cannot extract group information." >&2
+	echo "Please contribute an implementation for it if you can." >&2
+	exit 1
+}
+
 name=$__object_id
 
-getent group "$name" || true
-
+if command -v getent >/dev/null
+then
+	getent group "$name" || true
+elif [ -f /etc/group ]
+then
+	grep "^${name}:" /etc/group || true
+else
+	not_supported
+fi

cdist/conf/type/__group/explorer/gshadow

@@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@@ -22,13 +23,28 @@
 #
 
 name=$__object_id
-os="$("$__explorer/os")"
+os=$("$__explorer/os")
 
-case "$os" in
-    "freebsd"|"netbsd")
-	echo "$os does not have getent gshadow"
-	exit 0
-    ;;
+not_supported() {
+	echo "Your operating system ($os) is currently not supported." >&2
+	echo "Cannot extract group information." >&2
+	echo "Please contribute an implementation for it if you can." >&2
+	exit 1
+}
+
+case $os in
+	"freebsd"|"netbsd")
+		echo "$os does not have getent gshadow" >&2
+		exit 0
+	;;
 esac
 
-getent gshadow "$name" || true
+if command -v getent >/dev/null
+then
+	getent gshadow "$name" || true
+elif [ -f /etc/gshadow ]
+then
+	grep "^${name}:" /etc/gshadow || true
+else
+	not_supported
+fi

cdist/conf/type/__hostname/explorer/has_hostnamectl

@@ -21,4 +21,4 @@
 # Check whether system has hostnamectl
 #
 
-command -v hostnamectl || true
+command -v hostnamectl 2>/dev/null || true

cdist/conf/type/__hostname/explorer/max_len

@@ -0,0 +1,10 @@
+#!/bin/sh -e
+
+command -v getconf >/dev/null || exit 0
+
+val=$(getconf HOST_NAME_MAX 2>/dev/null) || exit 0
+
+if test -n "${val}" -a "${val}" != 'undefined'
+then
+	echo "${val}"
+fi

cdist/conf/type/__hostname/gencode-remote

@@ -2,6 +2,7 @@
 #
 # 2014-2017 Steven Armstrong (steven-cdist at armstrong.cc)
 # 2014 Nico Schottelius (nico-cdist at schottelius.org)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@@ -19,60 +20,81 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
-if [ -f "$__object/parameter/name" ]; then
-    name_should="$(cat "$__object/parameter/name")"
-else
-    name_should="${__target_host%%.*}"
-fi
-
 os=$(cat "$__global/explorer/os")
 name_running=$(cat "$__global/explorer/hostname")
-name_config=$(cat "$__object/explorer/hostname_file")
-name_sysconfig=$(cat "$__object/explorer/hostname_sysconfig")
 has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
 
+
+if test -s "$__object/parameter/name"
+then
+    name_should=$(cat "$__object/parameter/name")
+else
+    case $os
+    in
+        # RedHat-derivatives and BSDs
+        centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd)
+            # Hostname is FQDN
+            name_should="${__target_host}"
+        ;;
+        *)
+            # Hostname is only first component of FQDN
+            name_should="${__target_host%%.*}"
+        ;;
+    esac
+fi
+
+
 ################################################################################
-# If everything is ok -> exit
+# Check if the (running) hostname is already correct
 #
-case "$os" in
-    archlinux|debian|suse|ubuntu|devuan|coreos|alpine)
-        if [ "$name_config" = "$name_should" ] && [ "$name_running" = "$name_should" ]; then
-            exit 0
-        fi
-    ;;
-    scientific|centos|freebsd|openbsd)
-        if [ "$name_sysconfig" = "$name_should" ] && [ "$name_running" = "$name_should" ]; then
-            exit 0
-        fi
-    ;;
-    *)
-        echo "Unsupported os: $os" >&2
-        exit 1
-    ;;
-esac
+test "$name_running" != "$name_should" || exit 0
+
 
 ################################################################################
 # Setup hostname
 #
-echo changed >> "$__messages_out"
+echo 'changed' >>"$__messages_out"
 
-# Use the good old way to set the hostname even on machines running systemd.
-case "$os" in
-    archlinux|debian|ubuntu|devuan|centos|coreos|alpine)
-        printf "printf '%%s\\\\n' '$name_should' > /etc/hostname\\n"
-        echo "hostname -F /etc/hostname"
+# Use the good old way to set the hostname.
+case $os
+in
+    alpine|debian|devuan|ubuntu)
+        echo 'hostname -F /etc/hostname'
     ;;
-    freebsd|openbsd)
+    archlinux)
+        echo 'command -v hostnamectl >/dev/null 2>&1' \
+            "&& hostnamectl set-hostname '$name_should'" \
+            "|| hostname '$name_should'"
+    ;;
+    centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void)
         echo "hostname '$name_should'"
     ;;
-    suse)
+    macosx)
+        echo "scutil --set HostName '$name_should'"
+    ;;
+    solaris)
+        echo "uname -S '$name_should'"
+    ;;
+    slackware|suse|opensuse-leap)
+        # We do not read from /etc/HOSTNAME, because the running
+        # hostname is the first component only while the file contains
+        # the FQDN.
         echo "hostname '$name_should'"
-        printf "printf '%%s\\\\n' '$name_should' > /etc/HOSTNAME\\n"
+    ;;
+    *)
+        # Fall back to set the hostname using hostnamectl, if available.
+        if test -n "$has_hostnamectl"
+        then
+            # Don't use hostnamectl as the primary means to set the hostname for
+            # systemd systems, because it cannot be trusted to work reliably and
+            # exit with non-zero when it fails (e.g. hostname too long,
+            # D-Bus failure, etc.).
+
+            echo "hostnamectl set-hostname \"\$(cat /etc/hostname)\""
+            echo "test \"\$(hostname)\" = \"\$(cat /etc/hostname)\"" \
+                 " || hostname -F /etc/hostname"
+        else
+            printf "echo 'Unsupported OS: %s' >&2\nexit 1\n" "$os"
+        fi
     ;;
 esac
-
-if [ "$has_hostnamectl" ]; then
-    # Allow hostnamectl set-hostname to fail silently.
-    # Who the fuck invented a tool that needs dbus to set the hostname anyway ...
-    echo "hostnamectl set-hostname '$name_should' || true"
-fi

cdist/conf/type/__hostname/man.rst

@@ -8,7 +8,10 @@ cdist-type__hostname - Set the hostname
 
 DESCRIPTION
 -----------
-Set's the hostname on various operating systems.
+Sets the hostname on various operating systems.
+
+**Tip:** For advice on choosing a hostname, see
+`RFC 1178 <https://tools.ietf.org/html/rfc1178>`_.
 
 
 REQUIRED PARAMETERS
@@ -18,7 +21,7 @@ None.
 OPTIONAL PARAMETERS
 -------------------
 name
-   The hostname to set. Defaults to the first segment of __target_host 
+   The hostname to set. Defaults to the first segment of __target_host
    (${__target_host%%.*})
 
 

cdist/conf/type/__hostname/manifest

@@ -2,6 +2,7 @@
 #
 # 2012 Steven Armstrong (steven-cdist at armstrong.cc)
 # 2014 Nico Schottelius (nico-cdist at schottelius.org)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@@ -19,50 +20,170 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
+not_supported() {
+    echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
+    echo "Please contribute an implementation for it if you can." >&2
+    exit 1
+}
+
+set_hostname_systemd() {
+    echo "$1" | __file /etc/hostname --source -
+}
+
 os=$(cat "$__global/explorer/os")
-if [ -f "$__object/parameter/name" ]; then
-    name_should="$(cat "$__object/parameter/name")"
+os_version=$(cat "$__global/explorer/os_version")
+os_major=$(echo "$os_version" | grep -o '^[0-9][0-9]*')
+
+max_len=$(cat "$__object/explorer/max_len")
+has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
+
+if test -s "$__object/parameter/name"
+then
+    name_should=$(cat "$__object/parameter/name")
 else
-    case "$os" in
-    openbsd)
-        name_should="${__target_host}"
-    ;;
-    *)
-        name_should="${__target_host%%.*}"
-    ;;
+    case $os
+    in
+        # RedHat-derivatives and BSDs
+        centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware)
+            # Hostname is FQDN
+            name_should="${__target_host}"
+        ;;
+        suse|opensuse-leap)
+            # Classic SuSE stores the FQDN in /etc/HOSTNAME, while
+            # systemd does not. The running hostname is the first
+            # component in both cases.
+            # In versions before 15.x, the FQDN is stored in /etc/hostname.
+            if test -n "$has_hostnamectl" && test "$os_major" -ge 15 \
+                    && test "$os_major" -ne 42
+            then
+                name_should="${__target_host%%.*}"
+            else
+                name_should="${__target_host}"
+            fi
+        ;;
+        *)
+            # Hostname is only first component of FQDN on all other systems.
+            name_should="${__target_host%%.*}"
+        ;;
     esac
 fi
 
+if test -n "$max_len" && test "$(printf '%s' "$name_should" | wc -c)" -gt "$max_len"
+then
+    printf "Host name too long. Up to %u characters allowed.\n" "${max_len}" >&2
+    exit 1
+fi
 
-not_supported() {
-   echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
-   echo "Please contribute an implementation for it if you can." >&2
-   exit 1
-}
+case $os
+in
+    alpine|debian|devuan|ubuntu|void)
+        echo "$name_should" | __file /etc/hostname --source -
+    ;;
+    archlinux)
+        if test -n "$has_hostnamectl"
+        then
+            set_hostname_systemd "$name_should"
+        else
+            echo 'Ancient ArchLinux variants without hostnamectl are not supported.' >&2
+            exit 1
+            # Only for ancient ArchLinux, write to /etc/rc.conf on pre-systemd
+            # versions.  There are some versions which use /etc/hostname but not
+            # systemd. It is unclear which ones these are.
 
-case "$os" in
-    archlinux|debian|suse|ubuntu|devuan|coreos|alpine)
+            # __key_value '/etc/rc.conf:HOSTNAME' \
+            #     --file /etc/rc.conf \
+            #     --delimiter '=' --exact_delimiter \
+            #     --key 'HOSTNAME' \
+            #     --value "\"$name_should\""
+        fi
+        ;;
+    centos|fedora|redhat|scientific)
+        if test -z "$has_hostnamectl"
+        then
+            # Only write to /etc/sysconfig/network on non-systemd versions.
+            # On systemd-based versions this entry is ignored.
+            __key_value '/etc/sysconfig/network:HOSTNAME' \
+                --file /etc/sysconfig/network \
+                --delimiter '=' --exact_delimiter \
+                --key HOSTNAME \
+                --value "\"$name_should\""
+        else
+            set_hostname_systemd "$name_should"
+        fi
+    ;;
+    gentoo)
+        # Only write to /etc/conf.d/hostname on OpenRC-based installations.
+        # On systemd use hostnamectl(1) in gencode-remote.
+        if test -z "$has_hostnamectl"
+        then
+            __key_value '/etc/conf.d/hostname:hostname' \
+                --file /etc/conf.d/hostname \
+                --delimiter '=' --exact_delimiter \
+                --key 'hostname' \
+                --value "\"$name_should\""
+        else
+            set_hostname_systemd "$name_should"
+        fi
+    ;;
+    freebsd)
+        __key_value '/etc/rc.conf:hostname' \
+            --file /etc/rc.conf \
+            --delimiter '=' --exact_delimiter \
+            --key 'hostname' \
+            --value "\"$name_should\""
+    ;;
+    macosx)
         # handled in gencode-remote
         :
     ;;
-    scientific|centos)
-        __key_value sysconfig-hostname \
-            --file /etc/sysconfig/network \
-            --delimiter '=' \
-            --key HOSTNAME \
-            --value "$name_should" --exact_delimiter
-    ;;
-    freebsd)
-        __key_value rcconf-hostname \
+    netbsd)
+        __key_value '/etc/rc.conf:hostname' \
             --file /etc/rc.conf \
-            --delimiter '=' \
+            --delimiter '=' --exact_delimiter \
             --key 'hostname' \
-            --value "$name_should"
+            --value "\"$name_should\""
+
+        # To avoid confusion, ensure that the hostname is only stored once.
+        __file /etc/myname --state absent
     ;;
     openbsd)
         echo "$name_should" | __file /etc/myname --source -
     ;;
+    slackware)
+        # We write the FQDN into /etc/HOSTNAME.  But /etc/rc.d/rc.M will only
+        # read the first component from this file and set it as the running
+        # hostname on boot.
+        echo "$name_should" | __file /etc/HOSTNAME --source -
+    ;;
+    solaris)
+        echo "$name_should" | __file /etc/nodename --source -
+    ;;
+    suse|opensuse-leap)
+        # Modern SuSE provides /etc/HOSTNAME as a symlink for
+        # backwards-compatibility. Unfortunately it cannot be used
+        # here as __file does not follow the symlink.
+        # Therefore, we use the presence of the hostnamectl binary as
+        # an indication of which file to use.  This unfortunately does
+        # not work correctly on openSUSE 12.x which provides
+        # hostnamectl but not /etc/hostname.
+
+        if test -n "$has_hostnamectl" -a "$os_major" -gt 12
+        then
+            hostname_file='/etc/hostname'
+        else
+            hostname_file='/etc/HOSTNAME'
+        fi
+
+        echo "$name_should" | __file "$hostname_file" --source -
+    ;;
     *)
-        not_supported
+        # On other operating systems we fall back to systemd's
+        # hostnamectl if available…
+        if test -n "$has_hostnamectl"
+        then
+            set_hostname_systemd "$name_should"
+        else
+            not_supported
+        fi
     ;;
 esac

cdist/conf/type/__letsencrypt_cert/manifest

@@ -7,6 +7,12 @@ if [ -z "${certbot_fullpath}" ]; then
 	os_version="$(cat "${__global}/explorer/os_version")"
 
 	case "$os" in
+        archlinux)
+            __package certbot
+            ;;
+        alpine)
+            __package certbot
+            ;;
 		debian)
 			case "$os_version" in
 				8*)
@@ -33,6 +39,10 @@ if [ -z "${certbot_fullpath}" ]; then
 					require="__apt_source/stretch-backports" __package_apt certbot \
 						--target-release stretch-backports
 				;;
+				10*)
+					__package_apt certbot
+				;;
+
 				*)
 					echo "Unsupported OS version: $os_version" >&2
 					exit 1
@@ -65,7 +75,7 @@ if [ -z "${certbot_fullpath}" ]; then
 					require="__apt_source/ascii-backports" __package_apt certbot \
 						--target-release ascii-backports
 				;;
-				bewoulf*)
+				beowulf*)
 					__package_apt certbot
 				;;
 				*)

cdist/conf/type/__package_update_index/explorer/currage

@@ -34,6 +34,9 @@ case "$type" in
             echo 0
         fi
         ;;
+    alpine)
+        echo 0
+        ;;
     *)  echo "Your specified type ($type) is currently not supported." >&2
         echo "Please contribute an implementation for it if you can." >&2
         ;;

cdist/conf/type/__package_update_index/explorer/type

@@ -26,6 +26,7 @@ else
         amazon|scientific|centos|fedora|redhat) echo "yum" ;;
         debian|ubuntu|devuan) echo "apt" ;;
         archlinux) echo "pacman" ;;
+        alpine) echo "apk" ;;
         *)
             echo "Don't know how to manage packages on: $os" >&2
             exit 1

cdist/conf/type/__package_update_index/gencode-remote

@@ -47,6 +47,10 @@ case "$type" in
         echo "pacman --noprogressbar --sync --refresh"
         echo "pacman package database synced (age was: $currage)" >> "$__messages_out"
         ;;
+    alpine)
+        echo "apk update"
+        echo "apk package database updated."
+        ;;
     *)
         echo "Don't know how to manage packages for type: $type" >&2
         exit 1

cdist/conf/type/__prometheus_alertmanager/manifest

@@ -30,6 +30,7 @@ if [ -f "$__object/parameter/install-from-backports" ]; then
 		*)
 			echo "--install-from-backports is only supported on Devuan -- ignoring." >&2
 			echo "Send a pull request if you require it." >&2
+			exit 1
 		;;
 	esac
 else
@@ -60,5 +61,5 @@ require="$require __directory/$storage_path $require_pkg" \
 __config_file $CONF \
 	--source "$config" \
 	--group prometheus --mode 640 \
-	--onchange "service prometheus-alertmanager reload"  # TODO when a config-check tool is available, check config here
+	--onchange "service prometheus-alertmanager restart"  # TODO when a config-check tool is available, check config here
 

cdist/conf/type/__prometheus_exporter/manifest

@@ -5,9 +5,11 @@ export GOBIN=/opt/gocode/bin  # where to find go binaries
 exporter="$(cat "$__object/parameter/exporter")"
 [ -z "$exporter" ] && exporter="$__object_id"
 
-__user prometheus --system
+__user prometheus
+require="__user/prometheus" __group prometheus
+require="__group/prometheus" __user_groups prometheus --group prometheus
 
-require=""
+require="__user_groups/prometheus"
 case $exporter in
 	node)
 		TEXTFILES=/service/node-exporter/textfiles  # path for the textfiles collector

cdist/conf/type/__prometheus_server/manifest

@@ -33,11 +33,13 @@ if [ -f "$__object/parameter/install-from-backports" ]; then
 		*)
 			echo "--install-from-backports is only supported on Devuan -- ignoring." >&2
 			echo "Send a pull request if you require it." >&2
+			exit 1
 		;;
 	esac
 else
 	__package prometheus
-	require_pkg="__package/prometheus"
+	__package prometheus-blackbox-exporter
+	require_pkg="__package/prometheus __package/prometheus-blackbox-exporter"
 fi
 
 ##### PREPARE PATHS AND SUCH ################################################
@@ -58,7 +60,7 @@ require="$require __directory/$storage_path $require_pkg" \
 __config_file $CONF \
 	--source "$config" \
 	--group prometheus --mode 640 \
-	--onchange "promtool check config $CONF && service prometheus reload"
+	--onchange "promtool check config $CONF && service prometheus restart"
 
 for file in $rule_files; do
 	dest=$CONF_DIR/$(basename "$file")
@@ -66,6 +68,6 @@ for file in $rule_files; do
 	__config_file "$dest" \
 		--source "$file" \
 		--owner prometheus \
-		--onchange "promtool check rules '$dest' && service prometheus reload"
+		--onchange "promtool check rules '$dest' && service prometheus restart"
 done
 

cdist/conf/type/__sensible_editor/explorer/editor_path

@@ -0,0 +1,131 @@
+#!/bin/sh -e
+#
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Check if the given editor is present on the target system and determine its
+# absolute path.
+#
+
+die() {
+	echo "$@" >&2
+	exit 1
+}
+
+editor_missing() { die "Editor '$1' is missing on the target system."; }
+editor_no_alternative() {
+	die "Editor '$1' is not in the alternatives list of the target system." \
+		"$(test -n "${editors}" && printf '\nPlease choose one of:\n\n%s\n' "${editors}")"
+}
+
+# No need to check for the path if the file is supposed to be removed.
+test "$(cat "${__object}/parameter/state")" != 'absent' || exit 0
+
+
+case $("${__explorer}/os")
+in
+	debian|devuan|ubuntu)
+		has_alternatives=true
+
+		# NOTE: Old versions do not support `--list`, in this case ignore the errors.
+		#       This will require an absolute path to be provided, though.
+		editors=$(update-alternatives --list editor 2>/dev/null)
+		;;
+	*)
+		# NOTE: RedHat has an alternatives system but it doesn't usually track
+		#       editors and it is a pain to extract the list.
+		has_alternatives=false
+		;;
+esac
+
+# Read --editor parameter and check its value since it is "optional"
+editor=$(cat "${__object}/parameter/editor" 2>/dev/null) || true
+test -n "${editor}" || die 'Please provide an --editor to configure.'
+
+case $editor
+in
+	/*)
+		is_abspath=true
+		;;
+	*/*)
+		die 'Relative editor paths are not supported'
+		;;
+	*)
+		is_abspath=false
+		;;
+esac
+
+
+if $has_alternatives && test -n "${editors}"
+then
+	IFS='
+'
+	if ! $is_abspath
+	then
+		# First, try to resolve the absolute path using $editors.
+		while true
+		do
+			for e in $editors
+			do
+				if test "$(basename "${e}")" = "${editor}"
+				then
+					editor="${e}"
+					break 2  # break out of both loops
+				fi
+			done
+
+			# Iterating through alternatives did not yield a result
+			editor_no_alternative "${editor}"
+			break
+		done
+	fi
+
+	# Check if editor is present
+	test -f "${editor}" || editor_missing "${editor}"
+
+	for e in $editors
+	do
+		if test "${editor}" = "${e}"
+		then
+			# Editor is part of the alternatives list -> use it!
+			echo "${editor}"
+			exit 0
+		fi
+	done
+
+	editor_no_alternative "${editor}"
+else
+	# NOTE: This branch is mostly for RedHat-based systems which do
+	#       not track editor alternatives.  To make this type useful
+	#       on RedHat at all we allow an absoloute path to be provided
+	#       in any case.
+
+	if $is_abspath
+	then
+		test -x "${editor}" || editor_missing "${editor}"
+
+		echo "${editor}"
+		exit 0
+	else
+		die "The target doesn't list any editor alternatives. " \
+		    "Please specify an absolute path or populate the alternatives list."
+	fi
+fi
+
+# The script should never reach this statement!
+exit 1

cdist/conf/type/__sensible_editor/explorer/group

@@ -0,0 +1,26 @@
+#!/bin/sh -e
+#
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Determines the primary group of the user.
+#
+
+user=$__object_id
+
+id -gn "${user}" 2>/dev/null

cdist/conf/type/__sensible_editor/explorer/user_home

@@ -0,0 +1,33 @@
+#!/bin/sh -e
+#
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Determines the home folder of the target user.
+#
+
+user=$__object_id
+home=$(getent passwd "${user}" | cut -d':' -f6)
+
+if ! test -d "${home}"
+then
+	echo "Cannot find home directory of user ${user}" >&2
+	exit 1
+fi
+
+echo "${home}"

cdist/conf/type/__sensible_editor/man.rst

@@ -0,0 +1,78 @@
+cdist-type__sensible_editor(7)
+==============================
+
+NAME
+----
+cdist-type__sensible_editor - Select the sensible-editor
+
+
+DESCRIPTION
+-----------
+This cdist type allows you to select the :strong:`sensible-editor` for
+a given user.
+
+
+REQUIRED PARAMETERS
+-------------------
+editor
+    Name or path of the editor to be selected.
+    On systems other than Debian derivatives an absolute path is required.
+
+	It is permissible to omit this parameter if --state is absent.
+
+
+OPTIONAL PARAMETERS
+-------------------
+state
+    'present', 'absent', or 'exists'. Defaults to 'present', where:
+
+    present
+        the sensible-editor is exactly what is specified in --editor.
+    absent
+        no sensible-editor configuration is present.
+    exists
+        the sensible-editor will be set to what is specified in --editor,
+        unless there already is a configuration on the target system.
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    __sensible_editor root --editor /bin/ed  # ed(1) is the standard
+    __sensible_editor noob --editor nano
+
+
+LIMITATIONS
+-----------
+
+This type depends upon the :strong:`sensible-editor`\ (1) script which
+is part of the sensible-utils package.
+
+Therefore, the following operating systems are supported:
+  * Debian 8 (jessie) or later
+  * Devuan
+  * Ubuntu 8.10 (intrepid) or later
+  * RHEL/CentOS 7 or later (EPEL repo required)
+  * Fedora 21 or later
+
+Note: on old versions of Ubuntu the sensible-* utils are part of the
+debianutils package.
+
+SEE ALSO
+--------
+:strong:`select-editor`\ (1), :strong:`sensible-editor`\ (1).
+
+
+AUTHOR
+-------
+Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
+
+
+COPYING
+-------
+Copyright \(C) 2019 Dennis Camera.
+You can redistribute it and/or modify it under the terms of the GNU General
+Public License as published by the Free Software Foundation, either version 3 of
+the License, or (at your option) any later version.

cdist/conf/type/__sensible_editor/manifest

@@ -0,0 +1,94 @@
+#!/bin/sh -e
+# -*- mode: sh; indent-tabs-mode: t -*-
+#
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+version_ge() {
+	awk -F '[^0-9.]' -v target="${1:?}" '
+	function max(x, y) { return x > y ? x : y; }
+	BEGIN {
+		getline;
+		nx = split($1, x, ".");
+		ny = split(target, y, ".");
+		for (i = 1; i <= max(nx, ny); ++i) {
+			diff = int(x[i]) - int(y[i]);
+			if (diff < 0) exit 1;
+			else if (diff > 0) exit 0;
+			else continue;
+		}
+	}'
+}
+
+not_supported() {
+	echo "OS ${os} does not support __sensible_editor." >&2
+	echo 'If it does, please provide a patch.' >&2
+	exit 1
+}
+
+os=$(cat "${__global}/explorer/os")
+os_version=$(cat "${__global}/explorer/os_version")
+
+state=$(cat "${__object}/parameter/state")
+user=$__object_id
+
+if test "${state}" != 'present' && test "${state}" != 'exists' && test "${state}" != 'absent'
+then
+	echo 'Only "present", "exists", and "absent" are allowed for --state' >&2
+	exit 1
+fi
+
+package_name='sensible-utils'
+
+case $os
+in
+	debian)
+		pkg_type='apt'
+		;;
+	devuan)
+		pkg_type='apt'
+		;;
+	ubuntu)
+		(echo "${os_version}" | version_ge 10.04) || package_name='debianutils'
+		pkg_type='apt'
+		;;
+	centos|fedora|redhat|scientific)
+		pkg_type='yum'
+		;;
+	*)
+		not_supported
+		;;
+esac
+
+if test "${state}" != 'absent'
+then
+	__package "${package_name}" --state present \
+		--type "${pkg_type}"
+	export require="__package/${package_name}"
+fi
+
+editor_path=$(cat "${__object}/explorer/editor_path")
+user_home=$(cat "${__object}/explorer/user_home")
+group=$(cat "${__object}/explorer/group")
+
+__file "${user_home}/.selected_editor" --state "${state}" \
+	--owner "${user}" --group "${group}" --mode 0644 \
+	--source - <<EOF
+# Managed by cdist
+SELECTED_EDITOR="${editor_path}"
+EOF

cdist/conf/type/__sensible_editor/parameter/default/state

@@ -0,0 +1 @@
+present

cdist/conf/type/__sensible_editor/parameter/optional

@@ -0,0 +1,2 @@
+editor
+state

cdist/conf/type/__ssh_authorized_keys/explorer/file

@@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@@ -19,9 +20,42 @@
 #
 
 if [ -f "$__object/parameter/file" ]; then
-   cat "$__object/parameter/file"
+	cat "$__object/parameter/file"
 else
-   owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
-   home=$(getent passwd "$owner" | cut -d':' -f 6)
-   echo "$home/.ssh/authorized_keys"
+	if [ -s "$__object/parameter/owner" ]
+	then
+		owner=$(cat "$__object/parameter/owner")
+	else
+		owner="$__object_id"
+	fi
+
+	if command -v getent >/dev/null
+	then
+		owner_line=$(getent passwd "$owner")
+	elif [ -f /etc/passwd ]
+	then
+		case $owner
+		in
+			[0-9][0-9]*)
+				owner_line=$(awk -F: "\$3 == \"${owner}\" { print }" /etc/passwd)
+				;;
+			*)
+				owner_line=$(awk -F: "\$1 == \"${owner}\" { print }" /etc/passwd)
+				;;
+		esac
+	fi
+
+	if [ "$owner_line" ]
+	then
+		home=$(echo "$owner_line" | cut -d':' -f6)
+	fi
+
+	if [ ! -d "$home" ]
+	then
+		# Don't know how to determine user's home directory, fall back to ~
+		home="~$owner"
+		command -v realpath >/dev/null && home=$(realpath "$home")
+	fi
+
+	[ -d "$home" ] && echo "$home/.ssh/authorized_keys"
 fi

cdist/conf/type/__ssh_authorized_keys/explorer/group

@@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@@ -18,6 +19,28 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
-owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
-gid="$(getent passwd "$owner" | cut -d':' -f 4)"
-getent group "$gid" || true
+if [ -s "$__object/parameter/owner" ]
+then
+	owner=$(cat "$__object/parameter/owner")
+else
+	owner="$__object_id"
+fi
+
+if command -v getent >/dev/null
+then
+	gid=$(getent passwd "$owner" | cut -d':' -f4)
+	getent group "$gid" || true
+else
+	# Fallback to local file scanning
+	case $owner
+	in
+		[0-9][0-9]*)
+			gid=$(awk -F: "\$3 == \"${owner}\" { print \$4 }" /etc/passwd)
+			;;
+		*)
+			gid=$(awk -F: "\$1 == \"${owner}\" { print \$4 }" /etc/passwd)
+			;;
+	esac
+
+	awk -F: "\$3 == \"$gid\" { print }" /etc/group
+fi

cdist/conf/type/__ssh_authorized_keys/manifest

@@ -23,6 +23,12 @@ owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
 state="$(cat "$__object/parameter/state" 2>/dev/null)"
 file="$(cat "$__object/explorer/file")"
 
+if [ ! -f "$__object/parameter/nofile" ] && [ -z "$file" ]
+then
+	echo "Cannot determine path of authorized_keys file" >&2
+	exit 1
+fi
+
 if [ ! -f "$__object/parameter/noparent" ] || [ ! -f "$__object/parameter/nofile" ]; then
    group="$(cut -d':' -f 1 "$__object/explorer/group")"
    if [ -z "$group" ]; then

cdist/conf/type/__ssh_dot_ssh/explorer/group

@@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@@ -18,5 +19,11 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
-gid="$("$__type_explorer/passwd" | cut -d':' -f 4)"
-getent group "$gid" || true
+gid=$("$__type_explorer/passwd" | cut -d':' -f4)
+
+if command -v getent >/dev/null
+then
+	getent group "$gid" || true
+else
+	awk -F: "\$3 == \"$gid\" { print }" /etc/group
+fi

cdist/conf/type/__ssh_dot_ssh/explorer/passwd

@@ -2,6 +2,7 @@
 #
 # 2012 Steven Armstrong (steven-cdist at armstrong.cc)
 # 2014 Nico Schottelius (nico-cdist at schottelius.org)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@@ -21,4 +22,16 @@
 
 owner="$__object_id"
 
-getent passwd "$owner" || true
+if command -v getent >/dev/null
+then
+    getent passwd "$owner" || true
+else
+    case $owner in
+        [0-9][0-9]*)
+            awk -F: "\$3 == \"$owner\" { print }" /etc/passwd
+            ;;
+        *)
+            grep "^$owner:" /etc/passwd || true
+            ;;
+    esac
+fi

cdist/conf/type/__sysctl/manifest

@@ -2,6 +2,7 @@
 #
 # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
 # 2018 Takashi Yoshi (takashi at yoshi.email)
+# 2019 Nico Schottelius (nico-cdist at schottelius.org)
 #
 # This file is part of cdist.
 #
@@ -24,7 +25,7 @@ os=$(cat "$__global/explorer/os")
 
 case "$os" in
    # Linux
-   redhat|centos|ubuntu|debian|devuan|archlinux|coreos)
+   alpine|redhat|centos|ubuntu|debian|devuan|archlinux|coreos)
       :
    ;;
    # BSD

cdist/conf/type/__user/explorer/group

@@ -23,11 +23,9 @@
 
 if [ -f "$__object/parameter/gid" ]; then
    gid=$(cat "$__object/parameter/gid")
-   getent=$(command -v getent)
-   if [ X != X"${getent}" ]; then
-      "${getent}" group "$gid" || true
+   if command -v getent >/dev/null; then
+      getent group "$gid" || true
    elif [ -f /etc/group ]; then
       grep -E "^(${gid}|([^:]+:){2}${gid}):" /etc/group || true
    fi
 fi
-

cdist/conf/type/__user/explorer/passwd

@@ -23,9 +23,8 @@
 
 name=$__object_id
 
-getent=$(command -v getent)
-if [ X != X"${getent}" ]; then
-  "${getent}" passwd "$name" || true
+if command -v getent >/dev/null; then
+  getent passwd "$name" || true
 elif [ -f /etc/passwd ]; then
   grep "^${name}:" /etc/passwd || true
 fi

cdist/conf/type/__user/explorer/shadow

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/sh -e
 #
 # 2011 Steven Armstrong (steven-cdist at armstrong.cc)
 #
@@ -22,18 +22,19 @@
 #
 
 name=$__object_id
-os="$("$__explorer/os")"
-# Default to using shadow passwords
-database="shadow"
 
-case "$os" in
-  "freebsd"|"netbsd"|"openbsd")  database="passwd";;
+case $("$__explorer/os") in
+  'freebsd'|'netbsd'|'openbsd')
+    database='passwd'
+    ;;
+  # Default to using shadow passwords
+  *)
+    database='shadow'
+    ;;
 esac
-  
 
-getent=$(command -v getent)
-if [ X != X"${getent}" ]; then
-  "${getent}" "$database" "$name" || true
+if command -v getent >/dev/null; then
+  getent "$database" "$name" || true
 elif [ -f /etc/shadow ]; then
   grep "^${name}:" /etc/shadow || true
 fi

cdist/conf/type/__xymon_apache/explorer/active-conf

@@ -1,6 +1,6 @@
-#!/bin/sh
+#!/bin/sh -e
 #
-# 2014 Nico Schottelius (nico-cdist at schottelius.org)
+# 2018-2019 Thomas Eckert (tom at it-eckert.de)
 #
 # This file is part of cdist.
 #
@@ -16,11 +16,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
-#
-#
-# Retrieve the contents of /etc/hostname
-#
 
-if [ -f /etc/sysconfig/network ]; then
-    awk -F= '/^HOSTNAME=/ { print $2 }' /etc/sysconfig/network
+if [ -d /etc/apache2/mods-enabled ]; then
+	ls -1 /etc/apache2/conf-enabled/
 fi

cdist/conf/type/__xymon_apache/explorer/active-modules

@@ -0,0 +1,5 @@
+#!/bin/sh -e
+
+if [ -d /etc/apache2/mods-enabled ]; then
+	/usr/sbin/apachectl -t -D DUMP_MODULES | awk '/.*_module/ { gsub(/_module.*$/, ""); gsub(/^ /, ""); print }' 
+fi

cdist/conf/type/__xymon_apache/gencode-remote

@@ -0,0 +1,56 @@
+#!/bin/sh -e
+#
+# 2018-2019 Thomas Eckert (tom at it-eckert.de)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+
+state=$(cat "$__object/parameter/state")
+
+os=$(cat "$__global/explorer/os")
+case "$os" in
+	debian|ubuntu)
+		:
+	;;
+	*)
+		echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
+		echo "Please contribute an implementation for it if you can." >&2
+		exit 1
+	;;
+esac
+
+if [ "$state" = "present"  ]; then
+	if ! grep -q ^rewrite "$__object/explorer/active-modules"; then
+		echo "a2enmod rewrite >/dev/null"
+		echo "mod:rewrite enabled" >> "$__messages_out"
+	fi
+	if ! grep -q "^cgi$" "$__object/explorer/active-modules"; then
+		echo "a2enmod cgi >/dev/null"
+		echo "mod:cgi enabled" >> "$__messages_out"
+	fi
+
+	if ! grep -q ^xymon.conf "$__object/explorer/active-conf"; then
+		echo "a2enconf xymon >/dev/null"
+		echo "conf:xymon enabled" >> "$__messages_out"
+	fi
+fi
+
+if grep -q "^mod:.* enabled" "$__messages_out"; then
+	echo "systemctl restart apache2.service"
+	echo "apache restarted" >> "$__messages_out"
+elif grep -q "^conf:xymon enabled" "$__messages_out"; then
+	echo "systemctl reload apache2.service"
+	echo "apache reloaded" >> "$__messages_out"
+fi

cdist/conf/type/__xymon_apache/man.rst

@@ -0,0 +1,79 @@
+cdist-type__xymon_apache(7)
+===========================
+
+NAME
+----
+cdist-type__xymon_apache - Configure apache2-webserver for Xymon
+
+
+DESCRIPTION
+-----------
+This cdist type installs and configures apache2 to be used "exclusively" (in
+the sense that no other use is taken care of) with Xymon (the systems and
+network monitor).
+
+It depends on `__xymon_server`.
+
+
+REQUIRED PARAMETERS
+-------------------
+None.
+
+
+OPTIONAL PARAMETERS
+-------------------
+state
+   'present', 'absent', defaults to 'present'.
+
+ipacl
+   IP(-ranges) that have access to the Xymon webpages and CGIs. Apache2-style
+   syntax suitable for `Require ip ...`. Example: `192.168.1.0/24 10.0.0.0/8`
+
+
+MESSAGES
+--------
+mod:rewrite enabled
+   apache module enabled
+conf:xymon enabled
+   apache config for xymon enabled
+apache restarted
+   apache2.service was reloaded
+apache reloaded
+   apache2.service was restarted
+
+
+EXPLORERS
+---------
+active-conf
+   lists apache2 `conf-enabled`
+active-modules
+   lists active apache2-modules
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    # minmal, only localhost-access:
+    __xymon_apache
+    # allow more IPs to access the Xymon-webinterface:
+    __xymon_apache --ipacl "192.168.0.0/16 10.0.0.0/8" --state "present"
+
+
+SEE ALSO
+--------
+:strong:`cdist__xymon_server`\ (7)
+
+
+AUTHORS
+-------
+Thomas Eckert <tom--@--it-eckert.de>
+
+
+COPYING
+-------
+Copyright \(C) 2018-2019 Thomas Eckert. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.

cdist/conf/type/__xymon_apache/manifest

@@ -0,0 +1,42 @@
+#!/bin/sh -e
+#
+# 2018-2019 Thomas Eckert (tom at it-eckert.de)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+
+state=$(cat "$__object/parameter/state")
+
+os=$(cat "$__global/explorer/os")
+case "$os" in
+	debian|ubuntu)
+		:
+	;;
+	*)
+		echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
+		echo "Please contribute an implementation for it if you can." >&2
+		exit 1
+	;;
+esac
+
+__package apache2 --state "$state"
+
+## edit xymon.conf IP-ranges
+if [ -f "$__object/parameter/ipacl" ]; then
+	require="__package/xymon" __line /etc/apache2/conf-available/xymon.conf \
+		--line "        Require ip $(cat "$__object/parameter/ipacl")" \
+		--after "^[[:space:]]*Require local" \
+		--state "present"
+fi

cdist/conf/type/__xymon_apache/parameter/default/state

@@ -0,0 +1 @@
+present

cdist/conf/type/__xymon_apache/parameter/optional

@@ -0,0 +1,2 @@
+state
+ipacl

cdist/conf/type/__xymon_client/gencode-remote

@@ -0,0 +1,28 @@
+#!/bin/sh -e
+#
+# 2018-2019 Thomas Eckert (tom at it-eckert.de)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+
+servers=$(cat "$__object/parameter/servers")
+
+if grep -q ^__key_value/CLIENTHOSTNAME "$__messages_in" || grep -q ^__key_value/XYMONSERVERS "$__messages_in" ; then
+	echo "systemctl restart xymon-client"
+	echo "restarted" >> "$__messages_out"
+	cat <<-EOT
+		echo "xymon-client xymon-client/XYMONSERVERS string $servers" | debconf-set-selections
+	EOT
+fi	

cdist/conf/type/__xymon_client/man.rst

@@ -0,0 +1,57 @@
+cdist-type__xymon_client(7)
+===========================
+
+NAME
+----
+cdist-type__xymon_client - Install the Xymon client
+
+
+DESCRIPTION
+-----------
+This cdist type installs the Xymon client and configures it to report with
+FQDN.
+
+
+REQUIRED PARAMETERS
+-------------------
+None.
+
+
+OPTIONAL PARAMETERS
+-------------------
+state
+   'present', 'absent', defaults to 'present'.
+
+servers
+   One or more IP addresses (space separated) of the Xymon server(s) to report
+   to. While DNS-names are ok it is discouraged, defaults to 127.0.0.1.
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    # minmal, report to 127.0.0.1
+    __xymon_client
+
+    # specify server:
+    __xymon_client --servers "192.168.1.1"
+
+
+SEE ALSO
+--------
+:strong:`cdist__xymon_server`\ (7), :strong:`xymon`\ (7)
+
+
+AUTHORS
+-------
+Thomas Eckert <tom--@--it-eckert.de>
+
+
+COPYING
+-------
+Copyright \(C) 2018-2019 Thomas Eckert. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.

cdist/conf/type/__xymon_client/manifest

@@ -0,0 +1,49 @@
+#!/bin/sh -e
+#
+# 2018-2019 Thomas Eckert (tom at it-eckert.de)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+
+state=$(cat "$__object/parameter/state")
+servers=$(cat "$__object/parameter/servers")
+
+os=$(cat "$__global/explorer/os")
+case "$os" in
+	debian|ubuntu)
+		:
+	;;
+	*)
+		echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
+		echo "Please contribute an implementation for it if you can." >&2
+		exit 1
+	;;
+esac
+
+__package xymon-client --state "$state"
+
+require="__package/xymon-client" __key_value CLIENTHOSTNAME \
+       	--file /etc/default/xymon-client \
+	--value "'$__target_hostname'" \
+	--delimiter '=' \
+	--state "$state"
+require="__package/xymon-client" __key_value XYMONSERVERS \
+       	--file /etc/default/xymon-client \
+	--value "'$servers'" \
+	--delimiter '=' \
+	--state "$state"
+
+## CLI-usage often requires a shell:
+require="__package/xymon-client" __user xymon --shell "/bin/bash" --state "$state"

cdist/conf/type/__xymon_client/parameter/default/servers

@@ -0,0 +1 @@
+127.0.0.1

cdist/conf/type/__xymon_client/parameter/default/state

@@ -0,0 +1 @@
+present

cdist/conf/type/__xymon_client/parameter/optional

@@ -0,0 +1,2 @@
+state
+servers

cdist/conf/type/__xymon_config/gencode-remote

@@ -1,6 +1,6 @@
-#!/bin/sh
+#!/bin/sh -e
 #
-# 2014 Nico Schottelius (nico-cdist at schottelius.org)
+# 2018-2019 Thomas Eckert (tom at it-eckert.de)
 #
 # This file is part of cdist.
 #
@@ -16,15 +16,8 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
-#
-#
-# Retrieve the contents of /etc/hostname
-#
 
-# Almost any distribution
-if [ -f /etc/hostname ]; then
-    cat /etc/hostname
-# SuSE
-elif [ -f /etc/HOSTNAME ]; then
-    cat /etc/HOSTNAME
-fi
+## to speed up config-reload we send a HUP to the server process:
+cat <<-EOT
+	pkill -HUP xymond || { echo "HUPing xymond failed" >&2; exit 1; }
+EOT

cdist/conf/type/__xymon_config/man.rst

@@ -0,0 +1,57 @@
+cdist-type__xymon_config(7)
+===========================
+
+NAME
+----
+cdist-type__xymon_config - Deploy a Xymon configuration-directory
+
+
+DESCRIPTION
+-----------
+This cdist type deploys a full Xymon configuration directory from the files-dir
+to the host.  This type requires an installed Xymon server, e.g. deployed by
+`__xymon_server`.
+
+WARNING: This type _replaces_ the `/etc/xymon/`-directory! The previous
+contents is replaced/deleted!
+
+
+REQUIRED PARAMETERS
+-------------------
+confdir
+   The directory in `./files/` that contains the `/etc/xymon/`-content to be
+   deployed.
+
+
+REQUIRED FILES
+--------------
+The directory specified by `confdir` has to contain a valid xymon-configuration
+(`/etc/xymon/`) _plus_ the `ext/`-directory that normally resides in
+`/usr/lib/xymon/server/`.
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    __xymon_config --confdir=xymon.example.com
+    # this will replace /etc/xymon/ on the target host with
+    # the contents from __xymon_config/files/xymon.example.com/
+
+
+SEE ALSO
+--------
+:strong:`cdist__xymon_server`\ (7), :strong:`xymon`\ (7)
+
+AUTHORS
+-------
+Thomas Eckert <tom--@--it-eckert.de>
+
+
+COPYING
+-------
+Copyright \(C) 2018-2019 Thomas Eckert. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.

cdist/conf/type/__xymon_config/manifest

@@ -0,0 +1,24 @@
+#!/bin/sh -e
+#
+# 2018-2019 Thomas Eckert (tom at it-eckert.de)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+
+confdir=$(cat "$__object/parameter/confdir")
+
+__rsync /etc/xymon/ \
+	--source "$__type/files/$confdir/" \
+	--rsync-opts "delete"

cdist/conf/type/__xymon_config/parameter/required

@@ -0,0 +1 @@
+confdir

cdist/conf/type/__xymon_server/gencode-remote

@@ -0,0 +1,26 @@
+#!/bin/sh -e
+#
+# 2018-2019 Thomas Eckert (tom at it-eckert.de)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+
+## "move" user-modified dirs to /etc/xymon to be managed by __xymon_config:
+cat <<-EOT
+	if [ ! -L /usr/lib/xymon/server/ext ]; then
+		mv /usr/lib/xymon/server/ext /etc/xymon
+		ln -s /etc/xymon/ext /usr/lib/xymon/server/
+	fi	
+EOT

cdist/conf/type/__xymon_server/man.rst

@@ -0,0 +1,87 @@
+cdist-type__xymon_server(7)
+===========================
+
+NAME
+----
+cdist-type__xymon_server - Install a Xymon server
+
+
+DESCRIPTION
+-----------
+This cdist type installs a Xymon (https://www.xymon.com/) server and (optional)
+required helper packages.
+
+This includes the Xymon client as a dependency, so NO NEED to install
+`__xymon_client` separately.
+
+To access the webinterface a webserver is required.  The cdist-type
+`__xymon_apache` can be used to install and configure the apache webserver for
+the use with Xymon.
+
+Further and day-to-day configuration of Xymon can either be done manually in
+`/etc/xymon/` or the directory can be deployed and managed by `__xymon_config`.
+
+
+REQUIRED PARAMETERS
+-------------------
+None.
+
+
+OPTIONAL PARAMETERS
+-------------------
+state
+    'present', 'absent', defaults to 'present'. If '--install_helpers' is
+    specified for 'absent' the helper packages will be un-installed.
+
+
+BOOLEAN PARAMETERS
+------------------
+install_helpers
+    Install helper packages used by Xymon (fping, heirloom-mailx, traceroute,
+    ntpdate).
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    # minmal
+    __xymon_server
+
+    # the same
+    __xymon_server --state present
+
+    # also install helper packages:
+    __xymon_server --install_helpers
+
+    # examples to give a more complete picture: __xymon_server installed on
+    # `xymon.example.com` w/ IP 192.168.1.1:
+    #
+    # install webserver and grant 2 private subnets access to the webinterface:
+    __xymon_apache --ipacl "192.168.0.0/16 10.0.0.0/8"
+    # deploy server-configuration with __xymon_config:
+    __xymon_config --confdir=xymon.example.com
+
+    # install xymon-client on other machines (not needed on the server):
+    __xymon_client --servers "192.168.1.1"
+
+
+
+SEE ALSO
+--------
+:strong:`cdist__xymon_apache`\ (7), :strong:`cdist__xymon_config`\ (7),
+:strong:`cdist__xymon_client`\ (7), :strong:`xymon`\ (7)
+
+
+AUTHORS
+-------
+Thomas Eckert <tom--@--it-eckert.de>
+
+
+COPYING
+-------
+Copyright \(C) 2018-2019 Thomas Eckert. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.

cdist/conf/type/__xymon_server/manifest

@@ -0,0 +1,50 @@
+#!/bin/sh -e
+#
+# 2018-2019 Thomas Eckert (tom at it-eckert.de)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+
+state=$(cat "$__object/parameter/state")
+if [ -f "$__object/parameter/install_helpers" ]; then
+	install_helpers=1
+else
+	install_helpers=0
+fi
+
+os=$(cat "$__global/explorer/os")
+case "$os" in
+	debian|ubuntu)
+		:
+	;;
+	*)
+		echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
+		echo "Please contribute an implementation for it if you can." >&2
+		exit 1
+	;;
+esac
+
+__package xymon --state "$state"
+
+## install helper-packages/tools used by the xymon server if requested:
+if [ "$install_helpers" = "1" ]; then
+	__package fping --state "$state"
+	__package heirloom-mailx --state "$state"
+	__package traceroute --state "$state"
+	__package ntpdate --state "$state"
+fi
+
+## CLI-usage often requires a shell:
+require="__package/xymon" __user xymon --shell "/bin/bash" --state "$state"

cdist/conf/type/__xymon_server/parameter/boolean

@@ -0,0 +1 @@
+install_helpers

cdist/conf/type/__xymon_server/parameter/default/state

@@ -0,0 +1 @@
+present

cdist/conf/type/__xymon_server/parameter/optional

@@ -0,0 +1 @@
+state

cdist/preos.py

@@ -0,0 +1,101 @@
+import os
+import os.path
+import sys
+import inspect
+import argparse
+import cdist
+import logging
+
+
+_PREOS_CALL = "commandline"
+_PREOS_NAME = "_preos_name"
+_PREOS_MARKER = "_cdist_preos"
+_PLUGINS_DIR = "preos"
+_PLUGINS_PATH = [os.path.join(os.path.dirname(__file__), _PLUGINS_DIR), ]
+cdist_home = cdist.home_dir()
+if cdist_home:
+    cdist_home_preos = os.path.join(cdist_home, "preos")
+    if os.path.isdir(cdist_home_preos):
+        _PLUGINS_PATH.append(cdist_home_preos)
+sys.path.extend(_PLUGINS_PATH)
+
+
+log = logging.getLogger("PreOS")
+
+
+def preos_plugin(obj):
+    """It is preos if _PREOS_MARKER is True and has _PREOS_CALL."""
+    if hasattr(obj, _PREOS_MARKER):
+        is_preos = getattr(obj, _PREOS_MARKER)
+    else:
+        is_preos = False
+
+    if is_preos and hasattr(obj, _PREOS_CALL):
+        yield obj
+
+
+def scan_preos_dir_plugins(dir):
+    for fname in os.listdir(dir):
+        if os.path.isfile(os.path.join(dir, fname)):
+            fname = os.path.splitext(fname)[0]
+        module_name = fname
+        try:
+            module = __import__(module_name)
+            yield from preos_plugin(module)
+            clsmembers = inspect.getmembers(module, inspect.isclass)
+            for cm in clsmembers:
+                c = cm[1]
+                yield from preos_plugin(c)
+        except ImportError as e:
+            log.warning("Cannot import '{}': {}".format(module_name, e))
+
+
+def find_preos_plugins():
+    for dir in _PLUGINS_PATH:
+        yield from scan_preos_dir_plugins(dir)
+
+
+def find_preoses():
+    preoses = {}
+    for preos in find_preos_plugins():
+        if hasattr(preos, _PREOS_NAME):
+            preos_name = getattr(preos, _PREOS_NAME)
+        else:
+            preos_name = preos.__name__.lower()
+        preoses[preos_name] = preos
+    return preoses
+
+
+def check_root():
+    if os.geteuid() != 0:
+        raise cdist.Error("Must be run with root privileges")
+
+
+class PreOS(object):
+    preoses = None
+
+    @classmethod
+    def commandline(cls, argv):
+
+        if not cls.preoses:
+            cls.preoses = find_preoses()
+
+        parser = argparse.ArgumentParser(
+            description="Create PreOS", prog="cdist preos")
+        parser.add_argument('preos', help='PreOS to create, one of: {}'.format(
+            set(cls.preoses)))
+        args = parser.parse_args(argv[1:2])
+
+        preos_name = args.preos
+        if preos_name in cls.preoses:
+            preos = cls.preoses[preos_name]
+            func = getattr(preos, _PREOS_CALL)
+            if inspect.ismodule(preos):
+                func_args = [preos, argv[2:], ]
+            else:
+                func_args = [argv[2:], ]
+            log.info("Running preos : {}".format(preos_name))
+            func(*func_args)
+        else:
+            log.error("Unknown preos: {}, available preoses: {}".format(
+                preos_name, set(cls.preoses.keys())))

cdist/preos/debootstrap/__init__.py

@@ -0,0 +1 @@
+from debootstrap.debootstrap import Debian, Ubuntu, Devuan

cdist/preos/debootstrap/debootstrap.py

@@ -0,0 +1,239 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# 2016 Darko Poljak (darko.poljak at ungleich.ch)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+import cdist
+import cdist.config
+import cdist.core
+import cdist.preos
+import argparse
+import cdist.argparse
+import logging
+import os
+import subprocess
+
+
+class Debian(object):
+    _preos_name = 'debian'
+    _cdist_preos = True
+
+    _files_dir = os.path.join(os.path.dirname(__file__), "files")
+
+    @classmethod
+    def default_args(cls):
+        default_remote_exec = os.path.join(cls._files_dir, "remote-exec.sh")
+        default_remote_copy = os.path.join(cls._files_dir, "remote-copy.sh")
+        default_init_manifest = os.path.join(
+            cls._files_dir, "init-manifest-{}".format(cls._preos_name))
+
+        defargs = argparse.Namespace()
+        defargs.arch = 'amd64'
+        defargs.bootstrap = False
+        defargs.configure = False
+        defargs.cdist_params = '-v'
+        defargs.rm_bootstrap_dir = False
+        defargs.suite = 'stable'
+        defargs.remote_exec = default_remote_exec
+        defargs.remote_copy = default_remote_copy
+        defargs.manifest = default_init_manifest
+
+        return defargs
+
+    @classmethod
+    def get_parser(cls):
+        defargs = cls.default_args()
+        cdist_parser = cdist.argparse.get_parsers()
+        parser = argparse.ArgumentParser(
+                prog='cdist preos {}'.format(cls._preos_name),
+                parents=[cdist_parser['loglevel'], cdist_parser['beta']])
+        parser.add_argument('target_dir', nargs=1,
+                            help=("target directory where PreOS will be "
+                                  "bootstrapped"))
+        parser.add_argument(
+            '-a', '--arch',
+            help="target debootstrap architecture, by default '{}'".format(
+                defargs.arch), dest='arch', default=defargs.arch)
+        parser.add_argument(
+            '-B', '--bootstrap',
+            help='do bootstrap step',
+            dest='bootstrap', action='store_true', default=defargs.bootstrap)
+        parser.add_argument(
+            '-C', '--configure',
+            help='do configure step',
+            dest='configure', action='store_true', default=defargs.configure)
+        parser.add_argument(
+            '-c', '--cdist-params',
+            help=("parameters that will be passed to cdist config, by default"
+                  " '{}' is used".format(defargs.cdist_params)),
+            dest='cdist_params', default=defargs.cdist_params)
+        parser.add_argument(
+            '-D', '--drive-boot',
+            help='create bootable PreOS on specified drive',
+            dest='drive')
+        parser.add_argument(
+            '-e', '--remote-exec',
+            help=("remote exec that cdist config will use, by default "
+                  "internal script is used"),
+            dest='remote_exec', default=defargs.remote_exec)
+        parser.add_argument(
+            '-i', '--init-manifest',
+            help=("init manifest that cdist config will use, by default "
+                  "internal init manifest is used"),
+            dest='manifest', default=defargs.manifest)
+        parser.add_argument(
+            '-k', '--keyfile', action="append",
+            help=("ssh key files that will be added to cdist config; "
+                  "'__ssh_authorized_keys root ...' type is appended to "
+                  "initial manifest"),
+            dest='keyfile')
+        parser.add_argument(
+            '-m', '--mirror',
+            help='use specified mirror for debootstrap',
+            dest='mirror')
+        parser.add_argument(
+            '-P', '--root-password',
+            help='Set specified password for root, generated by default',
+            dest='root_password')
+        parser.add_argument('-p', '--pxe-boot-dir', help='PXE boot directory',
+                            dest='pxe_boot_dir')
+        parser.add_argument(
+            '-r', '--rm-bootstrap-dir',
+            help='remove target directory after finishing',
+            dest='rm_bootstrap_dir', action='store_true',
+            default=defargs.rm_bootstrap_dir)
+        parser.add_argument(
+            '-S', '--script',
+            help='use specified script for debootstrap',
+            dest='script')
+        parser.add_argument('-s', '--suite',
+                            help="suite used for debootstrap, "
+                                 "by default '{}'".format(defargs.suite),
+                            dest='suite', default=defargs.suite)
+        parser.add_argument(
+            '-y', '--remote-copy',
+            help=("remote copy that cdist config will use, by default "
+                  "internal script is used"),
+            dest='remote_copy', default=defargs.remote_copy)
+        parser.epilog = cdist.argparse.EPILOG
+
+        return parser
+
+    @classmethod
+    def update_env(cls, env):
+        pass
+
+    @classmethod
+    def commandline(cls, argv):
+        log = logging.getLogger(cls.__name__)
+
+        parser = cls.get_parser()
+        args = parser.parse_args(argv)
+        if args.script and not args.mirror:
+            raise cdist.Error("script option cannot be used without "
+                              "mirror option")
+
+        args.command = cls._preos_name
+        cdist.argparse.check_beta(vars(args))
+
+        cdist.preos.check_root()
+
+        args.target_dir = os.path.realpath(args.target_dir[0])
+        args.os = cls._preos_name
+        args.remote_exec = os.path.realpath(args.remote_exec)
+        args.remote_copy = os.path.realpath(args.remote_copy)
+        args.manifest = os.path.realpath(args.manifest)
+        if args.keyfile:
+            new_keyfile = [os.path.realpath(x) for x in args.keyfile]
+            args.keyfile = new_keyfile
+        if args.pxe_boot_dir:
+            args.pxe_boot_dir = os.path.realpath(args.pxe_boot_dir)
+
+        cdist.argparse.handle_loglevel(args)
+        log.debug("preos: {}, args: {}".format(cls._preos_name, args))
+        try:
+            env = vars(args)
+            new_env = {}
+            for key in env:
+                if key == 'verbose' and env[key]:
+                    if env[key] >= 3:
+                        new_env['debug'] = "yes"
+                    elif env[key] == 2:
+                        new_env['verbose'] = "yes"
+                elif not env[key]:
+                    new_env[key] = ''
+                elif isinstance(env[key], bool) and env[key]:
+                    new_env[key] = "yes"
+                elif isinstance(env[key], list):
+                    val = env[key]
+                    new_env[key + "_cnt"] = str(len(val))
+                    for i, v in enumerate(val):
+                        new_env[key + "_" + str(i)] = v
+                else:
+                    new_env[key] = str(env[key])
+            env = new_env
+            env.update(os.environ)
+            cls.update_env(env)
+            log.debug("preos: {} env: {}".format(cls._preos_name, env))
+            cmd = os.path.join(cls._files_dir, "code")
+            info_msg = ["Running preos: {}, suite: {}, arch: {}".format(
+                cls._preos_name, args.suite, args.arch), ]
+            if args.mirror:
+                info_msg.append("mirror: {}".format(args.mirror))
+            if args.script:
+                info_msg.append("script: {}".format(args.script))
+            if args.bootstrap:
+                info_msg.append("bootstrapping")
+            if args.configure:
+                info_msg.append("configuring")
+            if args.pxe_boot_dir:
+                info_msg.append("creating PXE")
+            if args.drive:
+                info_msg.append("creating bootable drive")
+            log.info(info_msg)
+            log.debug("cmd={}".format(cmd))
+            subprocess.check_call(cmd, env=env, shell=True)
+        except subprocess.CalledProcessError as e:
+            log.error("preos {} failed: {}".format(cls._preos_name, e))
+
+
+class Ubuntu(Debian):
+    _preos_name = "ubuntu"
+
+    @classmethod
+    def default_args(cls):
+        defargs = super().default_args()
+        defargs.suite = 'xenial'
+        return defargs
+
+
+class Devuan(Debian):
+    _preos_name = "devuan"
+
+    @classmethod
+    def default_args(cls):
+        defargs = super().default_args()
+        defargs.suite = 'jessie'
+        return defargs
+
+    @classmethod
+    def update_env(cls, env):
+        env['DEBOOTSTRAP_DIR'] = os.path.join(cls._files_dir,
+                                              'devuan-debootstrap')

cdist/preos/debootstrap/files/code

@@ -0,0 +1,274 @@
+#!/bin/sh
+##
+## 2016 Darko Poljak (darko.poljak at ungleich.ch)
+##
+## This file is part of cdist.
+##
+## cdist is free software: you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation, either version 3 of the License, or
+## (at your option) any later version.
+##
+## cdist is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+## GNU General Public License for more details.
+##
+## You should have received a copy of the GNU General Public License
+## along with cdist. If not, see <http://www.gnu.org/licenses/>.
+
+set -e
+
+if [ "${debug}" ]
+then
+    set -x
+    cdist_params="${cdist_params} -d"
+fi
+
+bootstrap_dir="${target_dir}"
+
+case "${os}" in
+    ubuntu|debian|devuan)
+        # nothing, those are valid values
+        ;;
+    *)
+        echo "ERROR: invalid os value: ${os}" >&2
+        exit 1
+        ;;
+esac
+
+check_bootstrap_dir() {
+    if [ ! -e "$1" ]
+    then
+        echo "ERROR: bootstrap directory $1 does not exist" >&2
+        exit 1
+    fi
+}
+
+# bootstrap
+if [ "${bootstrap}" ]
+then
+    if [ "${DEBOOTSTRAP_DIR}" ]
+    then
+        debootstrap_cmd="${DEBOOTSTRAP_DIR}/debootstrap"
+    else
+        command -v debootstrap 2>&1 > /dev/null || {
+            echo "ERROR: debootstrap not found" >&2
+            exit 1
+        }
+        debootstrap_cmd="debootstrap"
+    fi
+
+    # If PreOS on drive then do not check for directory emptiness.
+    # Partition can at least contain 'lost+found' directory.
+    if [ ! "${drive}" ]
+    then
+        if [ -e "${bootstrap_dir}" ]
+        then
+            dir_content=$(ls -A "${bootstrap_dir}" | wc -l)
+        else
+            dir_content=0
+        fi
+        if [ "${dir_content}" -ne 0 ]
+        then
+            echo "ERROR: "${bootstrap_dir}" not empty " >&2
+            exit 1
+        fi
+    fi
+
+    if [ "${verbose}" -o "${debug}" ]
+    then
+        echo "bootstrapping..."
+    fi
+    mkdir -p "${bootstrap_dir}"
+    "${debootstrap_cmd}" --include=openssh-server --arch=${arch} ${suite} ${bootstrap_dir} \
+        ${mirror} ${script}
+    if [ "${verbose}" -o "${debug}" ]
+    then
+        echo "bootstrap finished"
+    fi
+fi
+
+chroot_mount() {
+    mount -t proc none "${bootstrap_dir}/proc" || true
+    mount -t sysfs none "${bootstrap_dir}/sys" || true
+    mount -o bind /dev "${bootstrap_dir}/dev" || true
+    mount -t devpts none "${bootstrap_dir}/dev/pts" || true
+}
+
+chroot_umount() {
+    umount "${bootstrap_dir}/dev/pts" || true
+    umount "${bootstrap_dir}/dev" || true
+    umount "${bootstrap_dir}/sys" || true
+    umount "${bootstrap_dir}/proc" || true
+}
+
+TRAPFUNC="umount \"${bootstrap_dir}/dev/pts\" || true; \
+umount \"${bootstrap_dir}/dev\" || true; \
+umount \"${bootstrap_dir}/sys\" || true; \
+umount \"${bootstrap_dir}/proc\" || true;"
+
+# config
+if [ "${configure}" ]
+then
+    if [ ! -f "${manifest}" ]
+    then
+        echo "ERROR: ${manifest} does not exist" >&2
+        exit 1
+    fi
+    if [ ! -f "${remote_exec}" ]
+    then
+        echo "ERROR: ${remote_exec} does not exist" >&2
+        exit 1
+    fi
+    if [ ! -f "${remote_copy}" ]
+    then
+        echo "ERROR: ${remote_copy} does not exist" >&2
+        exit 1
+    fi
+
+    if [ "${keyfile_cnt}" -a "${keyfile_cnt}" -gt 0 ]
+    then
+        i="$((keyfile_cnt - 1))"
+        keyfiles=""
+        while [ "${i}" -ge 0 ]
+        do
+            kf_var="keyfile_${i}"
+            eval kf='$'"${kf_var}"
+            if [ ! -f "${kf}" ]
+            then
+                echo "ERROR: ${kf} does not exist" >&2
+                exit 1
+            fi
+            key=$(cat "${kf}")
+            keyfiles="${keyfiles} --key '${key}'"
+            i=$((i - 1))
+        done
+        ssh_auth_keys_line="__ssh_authorized_keys root ${keyfiles}\n"
+    else
+        ssh_auth_keys_line=""
+    fi
+
+    check_bootstrap_dir "${bootstrap_dir}"
+
+    if [ "${verbose}" -o "${debug}" ]
+    then
+        echo "configuring..."
+    fi
+
+    trap "${TRAPFUNC}" 0 1 2 3 15
+
+    chroot_mount
+
+    chroot "${bootstrap_dir}" /usr/bin/apt-get update
+
+    if [ "${drive}" ]
+    then
+        grub_manifest_line="__package grub-pc --state present\n"
+        grub_kern_params_line="__line linux_kernel_params \
+--file /etc/default/grub \
+--line 'GRUB_CMDLINE_LINUX_DEFAULT=\"quiet splash net.ifnames=0\"'\n"
+    else
+        grub_manifest_line=""
+        grub_kern_params_line=""
+    fi
+    grub_lines="${grub_manifest_line}${grub_kern_params_line}"
+
+    printf "${ssh_auth_keys_line}${grub_lines}" \
+        | cat "${manifest}" - |\
+        cdist config \
+            ${cdist_params} -i - \
+            --remote-exec "${remote_exec}" \
+            --remote-copy "${remote_copy}" \
+            "${bootstrap_dir}"
+
+    # __hostname with systmed uses hostnamectl which needs dbus running
+    # set hostname explicitly here instead
+    printf "preos\n" > "${bootstrap_dir}/etc/hostname"
+
+    chroot "${bootstrap_dir}" /usr/bin/apt-get autoclean
+    chroot "${bootstrap_dir}" /usr/bin/apt-get clean
+    chroot "${bootstrap_dir}" /usr/bin/apt-get autoremove
+
+    chroot_umount
+
+    trap - 0 1 2 3 15
+
+    if [ "${verbose}" -o "${debug}" ]
+    then
+        echo "configuring finished"
+    fi
+fi
+
+if [ "${pxe_boot_dir}" ]
+then
+    check_bootstrap_dir "${bootstrap_dir}"
+
+    if [ "${verbose}" -o "${debug}" ]
+    then
+        echo "creating pxe..."
+    fi
+
+    mkdir -p "${pxe_boot_dir}"
+    cp "${bootstrap_dir}"/boot/vmlinuz-* "${pxe_boot_dir}/kernel"
+    cd "${bootstrap_dir}"
+    find . -print0 | cpio --null -o --format=newc | gzip -9 > "${pxe_boot_dir}/initramfs"
+
+    mkdir -p "${pxe_boot_dir}/pxelinux.cfg"
+    cat <<EOPXEF > "${pxe_boot_dir}/pxelinux.cfg/default"
+    DEFAULT preos
+    LABEL preos
+    KERNEL kernel
+    APPEND utf8 load_ramdisk=1 root=/dev/ram nofb initrd=initramfs console=ttyS1,115200 net.ifnames=0
+EOPXEF
+
+    cp "${bootstrap_dir}/usr/lib/PXELINUX/pxelinux.0" "${pxe_boot_dir}/pxelinux.0"
+    cp "${bootstrap_dir}/usr/lib/syslinux/modules/bios/ldlinux.c32" \
+        "${pxe_boot_dir}/ldlinux.c32"
+    # network boot need all files world readable
+    chmod -R 644 "${pxe_boot_dir}"/*
+
+    if [ "${verbose}" -o "${debug}" ]
+    then
+        echo "pxe creation finished"
+    fi
+fi
+
+if [ "${drive}" ]
+then
+    trap "${TRAPFUNC}" 0 1 2 3 15
+    chroot_mount
+    chroot "${bootstrap_dir}" grub-install ${drive}
+    chroot "${bootstrap_dir}" /bin/sh -c "GRUB_DISABLE_OS_PROBER=true update-grub"
+    # set root password
+    if [ ! "${root_password}" ]
+    then
+        if ! which strings >/dev/null 2>&1
+        then
+            printf "strings is missing\n" >&2
+            exit 1
+        fi
+        root_password="$(head -n 1000 /dev/urandom | strings | \
+            grep -o '[[:alnum:]]' | head -n 30 | tr -d '\n')"
+        printf "Generated root password (without quotes):'${root_password}'\n"
+    fi
+    chroot "${bootstrap_dir}" /bin/sh -c "echo \"root:${root_password}\" | \
+        chpasswd"
+    # /etc/securetty must not be world writeable.
+    chmod 644 "${bootstrap_dir}"/etc/securetty
+    chroot_umount
+    trap - 0 1 2 3 15
+fi
+
+if [ "${rm_bootstrap_dir}" ]
+then
+    if [ "${verbose}" -o "${debug}" ]
+    then
+        echo "removing bootstrap dir..."
+    fi
+    rm -r -f "${bootstrap_dir}"
+    if [ "${verbose}" -o "${debug}" ]
+    then
+        echo "removing bootstrap dir finished"
+    fi
+fi

cdist/preos/debootstrap/files/devuan-debootstrap/Makefile

@@ -0,0 +1,18 @@
+# avoid dpkg-dev dependency; fish out the version with sed
+VERSION := $(shell sed 's/.*(\(.*\)).*/\1/; q' debian/changelog)
+
+all:
+
+clean:
+
+DSDIR=$(DESTDIR)/usr/share/debootstrap
+install:
+	mkdir -p $(DSDIR)/scripts
+	mkdir -p $(DESTDIR)/usr/sbin
+
+	cp -a scripts/* $(DSDIR)/scripts/
+	install -o root -g root -m 0644 functions $(DSDIR)/
+
+	sed 's/@VERSION@/$(VERSION)/g' debootstrap >$(DESTDIR)/usr/sbin/debootstrap
+	chown root:root $(DESTDIR)/usr/sbin/debootstrap
+	chmod 0755 $(DESTDIR)/usr/sbin/debootstrap

cdist/preos/debootstrap/files/devuan-debootstrap/README

@@ -0,0 +1,65 @@
+README for debootstrap
+======================
+
+See the manpage for (some) documentation.
+
+Running debootstrap from source
+-------------------------------
+
+You can run debootstrap from its source tree without installing it. This
+can be useful if you want a quick way to make a Debian chroot on another
+system, or if you are testing modifications to debootstrap.
+
+First, get the source.
+
+* Either by using git
+  git clone https://anonscm.debian.org/git/d-i/debootstrap.git
+
+* Or by visiting <https://packages.debian.org/source/sid/debootstrap>
+  and downloading the tar.gz file
+
+Then in the debootstrap source directory:
+
+    export DEBOOTSTRAP_DIR=`pwd`
+    sudo ./debootstrap stable my-stable-dir
+
+If you are running a multi-stage boot strap (for example for a QEMU
+rootfs) you don't even need root:
+
+    export DEBOOTSTRAP_DIR=`pwd`
+    fakeroot ./debootstrap --foreign --arch=armhf testing my-testing-dir http://deb.debian.org/debian
+
+Of course you will need to execute the second stage as root to finish the bootstrap:
+
+   (on foreign hardware)
+   /debootstrap/debootstrap --second-stage
+
+
+Future
+------
+
+  * Cross-strap support - so you can bootstrap a filesystem to the
+    point where it will successfully boot, and finish installing itself
+    without having to be running the target architecture or OS yourself.
+
+	debootstrap --arch powerpc sarge ./sarge-ppc-chroot ...
+
+    on an i386 system, boot a powerpc box with sarge-ppc-chroot as its
+    root files system, and have it "work". The cross-hurd package does
+    something similar, and should be replaced by this feature.
+
+  * There should be some (better) way of telling debootstrap what "base"
+    packages you want to install -- this varies between making a chroot,
+    doing an install, and doing a buildd. Also, some installs want
+    different base packages (to setup networking, or kernels, eg)
+
+
+NMUing
+------
+
+If there's a problem with debootstrap that you need fixed, feel free to do
+an NMU to fix it. Usual rules: try not to break anything, and mail the
+patch to the BTS. Don't worry about asking first though.
+
+However, note that debootstrap is now team maintained. Anyone in d-i can do
+a release without the bother of a NMU.

cdist/preos/debootstrap/files/devuan-debootstrap/TODO

@@ -0,0 +1,11 @@
+
+Features:
+  ++ second stage via chroot debootstrap/debootstrap
+  ++ debootstrap/deb file to record deb destinations/information
+
+  -- configuration file
+      -- versus command line
+      -- support for sources (vs mirrors)
+      -- faux-pinning for packages 
+
+  ++ makedev in second stage

cdist/preos/debootstrap/files/devuan-debootstrap/debian/.gitignore

@@ -0,0 +1,6 @@
+debootstrap
+debootstrap-udeb
+files
+*.debhelper.log
+*.substvars
+

cdist/preos/debootstrap/files/devuan-debootstrap/debian/README.DevuanSource

@@ -0,0 +1,15 @@
+To sync up with debians source for inspiration you should run the following:
+
+	`git remote add alioth-git git://anonscm.debian.org/d-i/debootstrap.git`
+	`git fetch alioth-git`
+
+After that you can either cherry-pick or merge releases from debian.  To
+merge a release, it's do:
+	`git tag` to list the release tags
+and
+	`git merge <tag>`
+followed by all the fixups and then commit with an appropriate message like
+	"Merging Release <tag> from debian"
+
+Copyright 2016 Daniel Reurich <daniel@centurion.net.nz>
+

cdist/preos/debootstrap/files/devuan-debootstrap/debian/compat

@@ -0,0 +1 @@
+9

cdist/preos/debootstrap/files/devuan-debootstrap/debian/control

@@ -0,0 +1,26 @@
+Source: debootstrap
+Section: admin
+Priority: extra
+Maintainer: Franco (nextime) Lanza <nextime@devuan.org>
+Uploaders: Franco (nextime) Lanza <nextime@devuan.org>, Daniel Reurich <daniel@centurion.net.nz>
+Build-Depends: debhelper (>= 9), makedev (>= 2.3.1-69) [linux-any], git
+Standards-Version: 3.9.8
+Vcs-Browser: https://git.devuan.org/devuan-packages/debootstrap
+Vcs-Git: https://git.devuan.org/devuan-packages/debootstrap.git
+
+Package: debootstrap
+Architecture: all
+Depends: ${misc:Depends}, wget
+Recommends: gnupg, ${keyring}, devuan-keyring
+Description: Bootstrap a basic Devuan system
+ debootstrap is used to create a Devuan base system from scratch,
+ without requiring the availability of dpkg or apt. It does this by
+ downloading .deb files from a mirror site, and carefully unpacking them
+ into a directory which can eventually be chrooted into.
+
+Package: debootstrap-udeb
+Section: debian-installer
+Package-Type: udeb
+Architecture: all
+Depends: ${misc:Depends}, mounted-partitions
+Description: Bootstrap the Devuan system

cdist/preos/debootstrap/files/devuan-debootstrap/debian/copyright

@@ -0,0 +1,30 @@
+This package was debianized by Anthony Towns <ajt@debian.org> on
+Tue, 30 Jan 2001 10:54:45 +1000.
+
+It was written from scratch for Debian by Anthony Towns <ajt@debian.org>
+based loosely on the code for constructing base tarballs as part of the
+boot-floppies package.
+
+Copyright:
+
+Copyright (c) 2001-2005 Anthony Towns
+
+   Permission is hereby granted, free of charge, to any person obtaining
+   a copy of this software and associated documentation files (the
+   "Software"), to deal in the Software without restriction, including
+   without limitation the rights to use, copy, modify, merge, publish,
+   distribute, sublicense, and/or sell copies of the Software, and to
+   permit persons to whom the Software is furnished to do so, subject to
+   the following conditions:
+     
+   The above copyright notice and this permission notice shall be
+   included in all copies or substantial portions of the Software.
+     
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+   MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+   IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+   CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+   TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+   SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

cdist/preos/debootstrap/files/devuan-debootstrap/debian/debootstrap.docs

@@ -0,0 +1 @@
+README

cdist/preos/debootstrap/files/devuan-debootstrap/debian/debootstrap.manpages

@@ -0,0 +1 @@
+debootstrap.8

cdist/preos/debootstrap/files/devuan-debootstrap/debian/gbp.conf

@@ -0,0 +1,9 @@
+[DEFAULT]
+compression = xz
+pristine-tar = false
+upstream-tag = devuan/1.0.85
+
+[git-buildpackage]
+upstream-tree = tag
+tarball-dir = ../tarballs/
+export-dir = ../build-area/

cdist/preos/debootstrap/files/devuan-debootstrap/debian/rules

@@ -0,0 +1,47 @@
+#! /usr/bin/make -f
+
+ifeq (0,$(shell dpkg-vendor --derives-from Ubuntu; echo $$?))
+  KEYRING := ubuntu-keyring
+else ifeq (0,$(shell dpkg-vendor --derives-from Devuan; echo $$?))
+  KEYRING := devuan-keyring
+else ifeq (0,$(shell dpkg-vendor --derives-from Tanglu; echo $$?))
+  KEYRING := tanglu-archive-keyring
+else
+  KEYRING := debian-archive-keyring
+endif
+
+%:
+	dh $@
+
+# need to be root to make devices, so build is done in install target
+override_dh_auto_build:
+
+override_dh_auto_install:
+	dh_auto_build
+	
+	$(MAKE) install DESTDIR=$(CURDIR)/debian/debootstrap
+	$(MAKE) install DESTDIR=$(CURDIR)/debian/debootstrap-udeb
+	
+	# remove scripts not needed by d-i
+	-rm -f debian/debootstrap-udeb/usr/share/debootstrap/scripts/potato \
+		debian/debootstrap-udeb/usr/share/debootstrap/scripts/woody \
+		debian/debootstrap-udeb/usr/share/debootstrap/scripts/sarge \
+		debian/debootstrap-udeb/usr/share/debootstrap/scripts/warty \
+		debian/debootstrap-udeb/usr/share/debootstrap/scripts/hoary \
+		debian/debootstrap-udeb/usr/share/debootstrap/scripts/breezy \
+		debian/debootstrap-udeb/usr/share/debootstrap/scripts/dapper \
+		debian/debootstrap-udeb/usr/share/debootstrap/scripts/edgy \
+		debian/debootstrap-udeb/usr/share/debootstrap/scripts/feisty \
+		debian/debootstrap-udeb/usr/share/debootstrap/scripts/*.buildd \
+		debian/debootstrap-udeb/usr/share/debootstrap/scripts/*.fakechroot \
+		debian/debootstrap-udeb/usr/share/debootstrap/scripts/stable \
+		debian/debootstrap-udeb/usr/share/debootstrap/scripts/testing \
+		debian/debootstrap-udeb/usr/share/debootstrap/scripts/unstable
+
+override_dh_gencontrol:
+	dh_gencontrol -- -Vkeyring=$(KEYRING)
+
+# Specify gzip to mitigate #770217:
+override_dh_builddeb:
+	dh_builddeb -pdebootstrap      -- -Zgzip
+	dh_builddeb -pdebootstrap-udeb -- -Zxz

cdist/preos/debootstrap/files/devuan-debootstrap/debian/source/format

@@ -0,0 +1 @@
+3.0 (git)

cdist/preos/debootstrap/files/devuan-debootstrap/debootstrap

@@ -0,0 +1,703 @@
+#!/bin/sh
+set -e
+
+VERSION='@VERSION@'
+
+unset TMP TEMP TMPDIR || true
+
+# might not be exported if we're running from init=/bin/sh or similar
+export PATH
+
+###########################################################################
+
+if [ -z "$DEBOOTSTRAP_DIR" ]; then
+	if [ -x /debootstrap/debootstrap ]; then
+		DEBOOTSTRAP_DIR=/debootstrap
+	else
+		DEBOOTSTRAP_DIR=/usr/share/debootstrap
+	fi
+fi
+
+. $DEBOOTSTRAP_DIR/functions
+exec 4>&1
+
+LANG=C
+USE_COMPONENTS=main
+KEYRING=""
+DISABLE_KEYRING=""
+FORCE_KEYRING=""
+VARIANT=""
+MERGED_USR="no"
+ARCH=""
+HOST_ARCH=""
+HOST_OS=""
+KEEP_DEBOOTSTRAP_DIR=""
+USE_DEBIANINSTALLER_INTERACTION=""
+SECOND_STAGE_ONLY=""
+PRINT_DEBS=""
+CHROOTDIR=""
+MAKE_TARBALL=""
+EXTRACTOR_OVERRIDE=""
+UNPACK_TARBALL=""
+ADDITIONAL=""
+EXCLUDE=""
+VERBOSE=""
+CERTIFICATE=""
+CHECKCERTIF=""
+PRIVATEKEY=""
+
+
+DEF_MIRROR="http://packages.devuan.org/merged"
+DEF_HTTPS_MIRROR="https://packages.devuan.org/merged"
+
+export LANG USE_COMPONENTS EXCLUDE
+umask 022
+
+###########################################################################
+
+## phases:
+##   finddebs dldebs printdebs first_stage second_stage
+
+RESOLVE_DEPS=true
+
+WHAT_TO_DO="finddebs dldebs first_stage second_stage"
+am_doing_phase () {
+	# usage:   if am_doing_phase finddebs; then ...; fi
+	local x;
+	for x in "$@"; do
+		if echo " $WHAT_TO_DO " | grep -q " $x "; then return 0; fi
+	done
+	return 1
+}
+
+###########################################################################
+
+usage_err()
+{
+	info USAGE1 "usage: [OPTION]... <suite> <target> [<mirror> [<script>]]"
+	info USAGE2 "Try \`${0##*/} --help' for more information."
+	error "$@"
+}
+
+usage()
+{
+	echo "Usage: ${0##*/} [OPTION]... <suite> <target> [<mirror> [<script>]]"
+	echo "Bootstrap a Debian base system into a target directory."
+	echo
+	cat <<EOF
+      --help                 display this help and exit
+      --version              display version information and exit
+      --verbose              don't turn off the output of wget
+
+      --download-only        download packages, but don't perform installation
+      --print-debs           print the packages to be installed, and exit
+
+      --arch=A               set the architecture to install (use if no dpkg)
+                               [ --arch=powerpc ]
+
+      --include=A,B,C        adds specified names to the list of base packages
+      --exclude=A,B,C        removes specified packages from the list
+      --components=A,B,C     use packages from the listed components of the
+                             archive
+      --variant=X            use variant X of the bootstrap scripts
+                             (currently supported variants: buildd, fakechroot,
+                              minbase)
+      --merged-usr           make /{bin,sbin,lib}/ symlinks to /usr/
+      --keyring=K            check Release files against keyring K
+      --no-check-gpg         avoid checking Release file signatures
+      --force-check-gpg      force checking Release file signatures
+                             (also disables automatic fallback to HTTPS in case
+                             of a missing keyring), aborting otherwise
+      --no-resolve-deps      don't try to resolve dependencies automatically
+
+      --unpack-tarball=T     acquire .debs from a tarball instead of http
+      --make-tarball=T       download .debs and create a tarball (tgz format)
+      --second-stage-target=DIR
+                             Run second stage in a subdirectory instead of root
+                               (can be used to create a foreign chroot)
+                               (requires --second-stage)
+      --extractor=TYPE       override automatic .deb extractor selection
+                               (supported: $EXTRACTORS_SUPPORTED)
+      --debian-installer     used for internal purposes by debian-installer
+      --private-key=file     read the private key from file
+      --certificate=file     use the client certificate stored in file (PEM)
+      --no-check-certificate do not check certificate against certificate authorities
+EOF
+}
+
+###########################################################################
+
+if [ -z "$PKGDETAILS" ]; then
+	error 1 NO_PKGDETAILS "No pkgdetails available; either install perl, or build pkgdetails.c from the base-installer source package"
+fi
+
+###########################################################################
+
+if [ $# != 0 ] ; then
+    while true ; do
+	case "$1" in
+	    --help)
+		usage
+		exit 0
+		;;
+	    --version)
+		echo "debootstrap $VERSION"
+		exit 0
+		;;
+	    --debian-installer)
+		if ! (echo -n "" >&3) 2>/dev/null; then
+			error 1 ARG_DIBYHAND "If running debootstrap by hand, don't use --debian-installer"
+		fi
+		USE_DEBIANINSTALLER_INTERACTION=yes
+		shift
+		;;
+	    --foreign)
+		if [ "$PRINT_DEBS" != "true" ]; then
+			WHAT_TO_DO="finddebs dldebs first_stage"
+		fi
+		shift
+		;;
+	    --second-stage)
+		WHAT_TO_DO="second_stage"
+		SECOND_STAGE_ONLY=true
+		shift
+		;;
+	    --second-stage-target|--second-stage-target=?*)
+		if [ "$SECOND_STAGE_ONLY" != "true" ] ; then
+			error 1 STAGE2ONLY "option %s only applies in the second stage" "$1"
+		fi
+		if [ "$1" = "--second-stage-target" -a -n "$2" ] ; then
+			CHROOTDIR="$2"
+			shift 2
+		elif [ "$1" != "${1#--second-stage-target=}" ]; then
+			CHROOTDIR="${1#--second-stage-target=}"
+			shift
+		else
+			error 1 NEEDARG "option requires an argument: %s" "$1"
+		fi
+		;;
+	    --print-debs)
+		WHAT_TO_DO="finddebs printdebs kill_target"
+		PRINT_DEBS=true
+		shift
+		;;
+	    --download-only)
+		WHAT_TO_DO="finddebs dldebs"
+		shift
+		;;
+	    --make-tarball|--make-tarball=?*)
+		WHAT_TO_DO="finddebs dldebs maketarball kill_target"
+		if [ "$1" = "--make-tarball" -a -n "$2" ] ; then
+			MAKE_TARBALL="$2"
+			shift 2
+		elif [ "$1" != "${1#--make-tarball=}" ]; then
+			MAKE_TARBALL="${1#--make-tarball=}"
+			shift
+		else
+			error 1 NEEDARG "option requires an argument %s" "$1"
+		fi
+		;;
+	    --resolve-deps)
+		# redundant, but avoids breaking compatibility
+		RESOLVE_DEPS=true
+		shift
+		;;
+	    --no-resolve-deps)
+		RESOLVE_DEPS=false
+		shift
+		;;
+	    --keep-debootstrap-dir)
+		KEEP_DEBOOTSTRAP_DIR=true
+		shift
+		;;
+	    --arch|--arch=?*)
+		if [ "$1" = "--arch" -a -n "$2" ] ; then
+			ARCH="$2"
+			shift 2
+                elif [ "$1" != "${1#--arch=}" ]; then
+			ARCH="${1#--arch=}"
+			shift
+		else
+			error 1 NEEDARG "option requires an argument %s" "$1"
+		fi
+		;;
+	    --extractor|--extractor=?*)
+		if [ "$1" = "--extractor" -a -n "$2" ] ; then
+			EXTRACTOR_OVERRIDE="$2"
+			shift 2
+		elif [ "$1" != "${1#--extractor=}" ]; then
+			EXTRACTOR_OVERRIDE="${1#--extractor=}"
+			shift
+		else
+			error 1 NEEDARG "option requires an argument %s" "$1"
+		fi
+		if valid_extractor "$EXTRACTOR_OVERRIDE"; then
+			if ! type "$EXTRACTOR_OVERRIDE" >/dev/null 2>&1; then
+				error 1 MISSINGEXTRACTOR "The selected extractor cannot be found: %s" "$EXTRACTOR_OVERRIDE"
+			fi
+		else
+			error 1 BADEXTRACTOR "%s: unknown extractor" "$EXTRACTOR_OVERRIDE"
+		fi
+		;;
+	    --unpack-tarball|--unpack-tarball=?*)
+		if [ "$1" = "--unpack-tarball" -a -n "$2" ] ; then
+			UNPACK_TARBALL="$2"
+			shift 2
+		elif [ "$1" != "${1#--unpack-tarball=}" ]; then
+			UNPACK_TARBALL="${1#--unpack-tarball=}"
+			shift
+		else
+			error 1 NEEDARG "option requires an argument %s" "$1"
+		fi
+		if [ ! -f "$UNPACK_TARBALL" ] ; then
+			error 1 NOTARBALL "%s: No such file or directory" "$UNPACK_TARBALL"
+		fi
+		;;
+	    --include|--include=?*)
+		if [ "$1" = "--include" -a -n "$2" ]; then
+			ADDITIONAL="$2"
+			shift 2
+                elif [ "$1" != "${1#--include=}" ]; then
+			ADDITIONAL="${1#--include=}"
+			shift 1
+		else
+			error 1 NEEDARG "option requires an argument %s" "$1"
+		fi
+		ADDITIONAL="$(echo "$ADDITIONAL" | tr , " ")"
+		;;
+	    --exclude|--exclude=?*)
+		if [ "$1" = "--exclude" -a -n "$2" ]; then
+			EXCLUDE="$2"
+			shift 2
+                elif [ "$1" != "${1#--exclude=}" ]; then
+			EXCLUDE="${1#--exclude=}"
+			shift 1
+		else
+			error 1 NEEDARG "option requires an argument %s" "$1"
+		fi
+		EXCLUDE="$(echo "$EXCLUDE" | tr , " ")"
+		;;
+	    --verbose)
+		VERBOSE=true
+		export VERBOSE
+		shift 1
+		;;
+	    --components|--components=?*)
+		if [ "$1" = "--components" -a -n "$2" ]; then
+			USE_COMPONENTS="$2"
+			shift 2
+                elif [ "$1" != "${1#--components=}" ]; then
+			USE_COMPONENTS="${1#--components=}"
+			shift 1
+		else
+			error 1 NEEDARG "option requires an argument %s" "$1"
+		fi
+		USE_COMPONENTS="$(echo "$USE_COMPONENTS" | tr , "|")"
+		;;
+	    --variant|--variant=?*)
+		if [ "$1" = "--variant" -a -n "$2" ]; then
+			VARIANT="$2"
+			shift 2
+                elif [ "$1" != "${1#--variant=}" ]; then
+			VARIANT="${1#--variant=}"
+			shift 1
+		else
+			error 1 NEEDARG "option requires an argument %s" "$1"
+		fi
+		;;
+            --merged-usr)
+		MERGED_USR=yes
+		shift
+		;;
+	    --no-merged-usr)
+		MERGED_USR=no
+		shift
+		;;
+	    --keyring|--keyring=?*)
+		if ! gpgv --version >/dev/null 2>&1; then
+			error 1 NEEDGPGV "gpgv not installed, but required for Release verification"
+		fi
+		if [ "$1" = "--keyring" -a -n "$2" ]; then
+			KEYRING="$2"
+			shift 2
+                elif [ "$1" != "${1#--keyring=}" ]; then
+			KEYRING="${1#--keyring=}"
+			shift 1
+		else
+			error 1 NEEDARG "option requires an argument %s" "$1"
+		fi
+		;;
+	    --no-check-gpg)
+			shift 1
+			DISABLE_KEYRING=1
+		;;
+	    --force-check-gpg)
+			shift 1
+			FORCE_KEYRING=1
+		;;
+	    --certificate|--certificate=?*)
+		if [ "$1" = "--certificate" -a -n "$2" ]; then
+			CERTIFICATE="--certificate=$2"
+			shift 2
+		elif [ "$1" != "${1#--certificate=}" ]; then
+			CERTIFICATE="--certificate=${1#--certificate=}" 
+			shift 1
+		else
+		       error 1 NEEDARG "option requires an argument %s" "$1" 
+		fi
+		;;
+	    --private-key|--private-key=?*)
+		if [ "$1" = "--private-key" -a -n "$2" ]; then
+			PRIVATEKEY="--private-key=$2"
+			shift 2
+		elif [ "$1" != "${1#--private-key=}" ]; then
+			PRIVATEKEY="--private-key=${1#--private-key=}" 
+			shift 1
+		else
+		       error 1 NEEDARG "option requires an argument %s" "$1" 
+		fi
+		;;
+	    --no-check-certificate)
+		CHECKCERTIF="--no-check-certificate"
+		shift
+		;;
+	    -*)
+		error 1 BADARG "unrecognized or invalid option %s" "$1"
+		;;
+	    *)
+		break
+		;;
+	esac
+    done
+fi
+
+###########################################################################
+
+if [ -n "$DISABLE_KEYRING" -a -n "$FORCE_KEYRING" ]; then
+	error 1 BADARG "Both --no-check-gpg and --force-check-gpg specified, please pick one (at most)"
+fi
+
+###########################################################################
+
+if [ "$SECOND_STAGE_ONLY" = "true" ]; then
+	SUITE=$(cat $DEBOOTSTRAP_DIR/suite)
+	ARCH=$(cat $DEBOOTSTRAP_DIR/arch)
+	if [ -e $DEBOOTSTRAP_DIR/variant ]; then
+		VARIANT=$(cat $DEBOOTSTRAP_DIR/variant)
+		SUPPORTED_VARIANTS="$VARIANT"
+	fi
+	if [ -z "$CHROOTDIR" ]; then
+		TARGET=/
+	else
+		TARGET=$CHROOTDIR
+	fi
+	SCRIPT=$DEBOOTSTRAP_DIR/suite-script
+else
+	if [ -z "$1" ] || [ -z "$2" ]; then
+		usage_err 1 NEEDSUITETARGET "You must specify a suite and a target."
+	fi
+	SUITE="$1"
+	TARGET="$2"
+	USER_MIRROR="$3"
+	TARGET="${TARGET%/}"
+	if [ "${TARGET#/}" = "${TARGET}" ]; then
+		if [ "${TARGET%/*}" = "$TARGET" ] ; then
+			TARGET="$(echo "`pwd`/$TARGET")"
+		else
+			TARGET="$(cd "${TARGET%/*}"; echo "`pwd`/${TARGET##*/}")"
+		fi
+	fi
+
+	SCRIPT="$DEBOOTSTRAP_DIR/scripts/$1"
+	if [ -n "$VARIANT" ] && [ -e "${SCRIPT}.${VARIANT}" ]; then
+		SCRIPT="${SCRIPT}.${VARIANT}"
+		SUPPORTED_VARIANTS="$VARIANT"
+	fi
+	if [ "$4" != "" ]; then
+		SCRIPT="$4"
+	fi
+fi
+
+###########################################################################
+
+if in_path dpkg && \
+     dpkg --print-architecture >/dev/null 2>&1; then
+	HOST_ARCH=`/usr/bin/dpkg --print-architecture`
+elif in_path udpkg && \
+     udpkg --print-architecture >/dev/null 2>&1; then
+	HOST_ARCH=`/usr/bin/udpkg --print-architecture`
+elif [ -e $DEBOOTSTRAP_DIR/arch ]; then
+	HOST_ARCH=`cat $DEBOOTSTRAP_DIR/arch`
+fi
+HOST_OS="$HOST_ARCH"
+# basic host OS guessing for non-Debian systems
+if [ -z "$HOST_OS" ]; then
+	case `uname` in
+		Linux)
+			HOST_OS=linux
+		;;
+		GNU/kFreeBSD)
+			HOST_OS=kfreebsd
+		;;
+		GNU)
+			HOST_OS=hurd
+		;;
+		FreeBSD*)
+			HOST_OS=freebsd
+		;;
+	esac
+fi
+
+if [ -z "$ARCH" ]; then
+	ARCH=$HOST_ARCH
+fi
+
+if [ -z "$ARCH" ] || [ -z "$HOST_OS" ]; then
+        error 1 WHATARCH "Couldn't work out current architecture"
+
+fi
+
+if [ "$HOST_OS" = "kfreebsd" ] || [ "$HOST_OS" = "freebsd" ]; then
+	for module in linprocfs fdescfs tmpfs linsysfs; do
+		kldstat -m "$module" > /dev/null 2>&1 || warning SANITYCHECK "Probably required module %s is not loaded" "$module"
+	done
+fi
+
+if [ "$TARGET" = "/" ]; then
+	CHROOT_CMD=""
+else
+	CHROOT_CMD="chroot $TARGET"
+fi
+
+if [ -z "$SHA_SIZE" ]; then
+	SHA_SIZE=256
+fi
+if ! in_path "sha${SHA_SIZE}sum" && ! in_path "sha${SHA_SIZE}"; then
+	SHA_SIZE=1
+fi
+DEBOOTSTRAP_CHECKSUM_FIELD="SHA$SHA_SIZE"
+
+export ARCH SUITE TARGET CHROOT_CMD SHA_SIZE DEBOOTSTRAP_CHECKSUM_FIELD
+
+if am_doing_phase first_stage second_stage; then
+	if in_path id && [ `id -u` -ne 0 ]; then
+		error 1 NEEDROOT "debootstrap can only run as root"
+	fi
+	# Ensure that we can create working devices and executables on the target.
+	if ! check_sane_mount "$TARGET"; then
+		error 1 NOEXEC "Cannot install into target '$TARGET' mounted with noexec or nodev"
+	fi
+fi
+
+if [ ! -e "$SCRIPT" ]; then
+	error 1 NOSCRIPT "No such script: %s" "$SCRIPT"
+fi
+
+###########################################################################
+
+if [ "$TARGET" != "" ]; then
+	mkdir -p "$TARGET/debootstrap"
+fi
+
+###########################################################################
+
+# Use of fd's by functions/scripts:
+#
+#    stdin/stdout/stderr: used normally
+#    fd 4: I:/W:/etc information
+#    fd 5,6: spare for functions
+#    fd 7,8: spare for scripts
+
+if [ "$USE_DEBIANINSTALLER_INTERACTION" = yes ]; then
+	#    stdout=stderr: full log of debootstrap run
+	#    fd 3: I:/W:/etc information
+	exec 4>&3
+elif am_doing_phase printdebs; then
+	#    stderr: I:/W:/etc information
+	#    stdout: debs needed
+	exec 4>&2
+else
+	#    stderr: used in exceptional circumstances only
+	#    stdout: I:/W:/etc information
+	#    $TARGET/debootstrap/debootstrap.log: full log of debootstrap run
+	exec 4>&1
+	exec >>"$TARGET/debootstrap/debootstrap.log"
+	exec 2>&1
+fi
+
+###########################################################################
+
+if [ "$UNPACK_TARBALL" ]; then
+	if [ "${UNPACK_TARBALL#/}" = "$UNPACK_TARBALL" ]; then
+		error 1 TARPATH "Tarball must be given a complete path"
+	fi
+	if [ "${UNPACK_TARBALL%.tar}" != "$UNPACK_TARBALL" ]; then
+		(cd "$TARGET" && tar -xf "$UNPACK_TARBALL")
+	elif [ "${UNPACK_TARBALL%.tgz}" != "$UNPACK_TARBALL" ]; then
+		(cd "$TARGET" && zcat "$UNPACK_TARBALL" | tar -xf -)
+	else
+		error 1 NOTTAR "Unknown tarball: must be either .tar or .tgz"
+	fi
+fi
+
+###########################################################################
+
+. "$SCRIPT"
+
+if [ "$SECOND_STAGE_ONLY" = "true" ]; then
+	MIRRORS=null:
+else
+	MIRRORS="$DEF_MIRROR"
+	if [ "$USER_MIRROR" != "" ]; then
+		MIRRORS="$USER_MIRROR"
+		MIRRORS="${MIRRORS%/}"
+	fi
+fi
+
+export MIRRORS
+
+ok=false
+for v in $SUPPORTED_VARIANTS; do
+	if doing_variant $v; then ok=true; fi
+done
+if ! $ok; then
+	error 1 UNSUPPVARIANT "unsupported variant"
+fi
+
+###########################################################################
+
+if am_doing_phase finddebs; then
+	if [ "$FINDDEBS_NEEDS_INDICES" = "true" ] || \
+	   [ "$RESOLVE_DEPS" = "true" ]; then
+		download_indices
+		GOT_INDICES=true
+	fi
+
+	work_out_debs
+
+	base=$(without "$base $ADDITIONAL" "$EXCLUDE")
+
+	if [ "$RESOLVE_DEPS" = true ]; then
+		requiredX=$(echo $(echo $required | tr ' ' '\n' | sort | uniq))
+		baseX=$(echo $(echo $base | tr ' ' '\n' | sort | uniq))
+
+		baseN=$(without "$baseX" "$requiredX")
+		baseU=$(without "$baseX" "$baseN")
+
+		if [ "$baseU" != "" ]; then
+			info REDUNDANTBASE "Found packages in base already in required: %s" "$baseU"
+		fi
+
+		info RESOLVEREQ "Resolving dependencies of required packages..."
+		required=$(resolve_deps $requiredX)
+		info RESOLVEBASE "Resolving dependencies of base packages..."
+		base=$(resolve_deps $baseX)
+		base=$(without "$base" "$required")
+
+		requiredX=$(without "$required" "$requiredX")
+		baseX=$(without "$base" "$baseX")
+		if [ "$requiredX" != "" ]; then
+			info NEWREQUIRED "Found additional required dependencies: %s" "$requiredX"
+		fi
+		if [ "$baseX" != "" ]; then
+			info NEWBASE "Found additional base dependencies: %s" "$baseX"
+		fi
+	fi
+
+	all_debs="$required $base"
+fi
+
+if am_doing_phase printdebs; then
+	echo "$all_debs"
+fi
+
+if am_doing_phase dldebs; then
+	if [ "$GOT_INDICES" != "true" ]; then
+		download_indices
+	fi
+	download $all_debs
+fi
+
+if am_doing_phase maketarball; then
+	(cd $TARGET;
+	 tar czf - var/lib/apt var/cache/apt) >$MAKE_TARBALL
+fi
+
+if am_doing_phase first_stage; then
+	choose_extractor
+
+	# first stage sets up the chroot -- no calls should be made to
+	# "chroot $TARGET" here; but they should be possible by the time it's
+	# finished
+	first_stage_install
+
+	if ! am_doing_phase second_stage; then
+		cp "$0"				 "$TARGET/debootstrap/debootstrap"
+		cp $DEBOOTSTRAP_DIR/functions	 "$TARGET/debootstrap/functions"
+		cp $SCRIPT			 "$TARGET/debootstrap/suite-script"
+		echo "$ARCH"			>"$TARGET/debootstrap/arch"
+		echo "$SUITE"			>"$TARGET/debootstrap/suite"
+		[ "" = "$VARIANT" ] ||
+		echo "$VARIANT"			>"$TARGET/debootstrap/variant"
+		echo "$required"		>"$TARGET/debootstrap/required"
+		echo "$base"			>"$TARGET/debootstrap/base"
+
+		chmod 755 "$TARGET/debootstrap/debootstrap"
+	fi
+fi
+
+if am_doing_phase second_stage; then
+	if [ "$SECOND_STAGE_ONLY" = true ]; then
+		required="$(cat $DEBOOTSTRAP_DIR/required)"
+		base="$(cat $DEBOOTSTRAP_DIR/base)"
+		all_debs="$required $base"
+	fi
+
+	# second stage uses the chroot to clean itself up -- has to be able to
+	# work from entirely within the chroot (in case we've booted into it,
+	# possibly over NFS eg)
+
+	second_stage_install
+
+	# create sources.list
+	# first, kill debootstrap.invalid sources.list
+	if [ -e "$TARGET/etc/apt/sources.list" ]; then
+		rm -f "$TARGET/etc/apt/sources.list"
+	fi
+	if [ "${MIRRORS#http://}" != "$MIRRORS" ]; then
+		setup_apt_sources "${MIRRORS%% *}"
+		mv_invalid_to "${MIRRORS%% *}"
+	else
+		setup_apt_sources "$DEF_MIRROR"
+		mv_invalid_to "$DEF_MIRROR"
+	fi
+
+	if [ -e "$TARGET/debootstrap/debootstrap.log" ]; then
+		if [ "$KEEP_DEBOOTSTRAP_DIR" = true ]; then
+			cp "$TARGET/debootstrap/debootstrap.log" "$TARGET/var/log/bootstrap.log"
+		else
+			# debootstrap.log is still open as stdout/stderr and needs
+			# to remain so, but after unlinking it some NFS servers
+			# implement this by a temporary file in the same directory,
+			# which makes it impossible to rmdir that directory.
+			# Moving it instead works around the problem.
+			mv "$TARGET/debootstrap/debootstrap.log" "$TARGET/var/log/bootstrap.log"
+		fi
+	fi
+	sync
+
+	if [ "$KEEP_DEBOOTSTRAP_DIR" = true ]; then
+		if [ -x "$TARGET/debootstrap/debootstrap" ]; then
+			chmod 644 "$TARGET/debootstrap/debootstrap"
+		fi
+	else
+		rm -rf "$TARGET/debootstrap"
+	fi
+fi
+
+if am_doing_phase kill_target; then
+	if [ "$KEEP_DEBOOTSTRAP_DIR" != true ]; then
+		info KILLTARGET "Deleting target directory"
+		rm -rf "$TARGET"
+	fi
+fi

cdist/preos/debootstrap/files/devuan-debootstrap/debootstrap.8

@@ -0,0 +1,189 @@
+.TH DEBOOTSTRAP 8 2015-05-21 "Devuan Project" "Devuan GNU/Linux manual"
+.SH NAME
+debootstrap \- Bootstrap a basic Devuan system
+.SH SYNOPSIS
+.B debootstrap
+.RB [ OPTION\&.\&.\&. ]
+.I SUITE TARGET
+.RI [ MIRROR
+.RI [ SCRIPT ]]
+
+.B debootstrap
+.RB [ OPTION\&.\&.\&. ]
+\-\-second\-stage
+.SH DESCRIPTION
+.B debootstrap
+bootstraps a basic Devuan system of
+.I SUITE
+into
+.I TARGET
+from
+.I MIRROR
+by running
+.IR SCRIPT .
+.I MIRROR
+can be an http:// or https:// URL, a file:/// URL, or an ssh:/// URL.
+.PP
+The
+.I SUITE
+may be a release code name (eg, ceres, ascii, jessie)
+or a symbolic name (eg, unstable, testing, stable, oldstable)
+.PP
+Notice that file:/ URLs are translated to file:/// (correct scheme as
+described in RFC1738 for local filenames), and file:// will \fBnot\fR work.
+ssh://USER@HOST/PATH URLs are retrieved using
+.BR scp ;
+use of
+.B ssh\-agent
+or similar is strongly recommended.
+.PP
+\fBDebootstrap\fR can be used to install Devuan in a system without using an
+installation disk but can also be used to run a different Devuan flavor in a \fBchroot\fR
+environment.
+This way you can create a full (minimal) Devuan installation which
+can be used for testing purposes (see the \fBEXAMPLES\fR section). 
+If you are looking for a chroot system to build packages please take a look at 
+\fBpbuilder\fR.
+.SH "OPTIONS"
+.PP
+.IP "\fB\-\-arch=ARCH\fP"
+Set the target architecture (use if dpkg isn't installed).
+See also \-\-foreign.
+.IP
+.IP "\fB\-\-include=alpha,beta\fP"
+Comma separated list of packages which will be added to download and extract
+lists.
+.IP
+.IP "\fB\-\-exclude=alpha,beta\fP"
+Comma separated list of packages which will be removed from download and
+extract lists.
+WARNING: you can and probably will exclude essential packages, be
+careful using this option.
+.IP
+.IP "\fB\-\-components=alpha,beta\fP"
+Use packages from the listed components of the archive.
+.IP
+.IP "\fB\-\-no\-resolve\-deps\fP"
+By default, debootstrap will attempt to automatically resolve any missing
+dependencies, warning if any are found.
+Note that this is not a complete dependency resolve in the sense of dpkg
+or apt, and that it is far better to specify the entire base system than
+rely on this option.
+With this option set, this behaviour is disabled.
+.IP
+.IP "\fB\-\-variant=minbase|buildd|fakechroot\fP"
+Name of the bootstrap script variant to use.
+Currently, the variants supported are minbase, which only includes
+essential packages and apt; buildd, which installs the build-essential
+packages into
+.IR TARGET ;
+and fakechroot, which installs the packages without root privileges.
+The default, with no \fB\-\-variant=X\fP argument, is to create a base
+Devuan installation in
+.IR TARGET .
+.IP
+.IP "\fB\-\-merged-usr\fP"
+Create /{bin,sbin,lib}/ symlinks pointing to their counterparts in /usr/.
+.IP
+.IP "\fB\-\-no-merged-usr\fP"
+Do not create /{bin,sbin,lib}/ symlinks pointing to their counterparts in /usr/.
+(Default.)
+.IP
+.IP "\fB\-\-keyring=KEYRING\fP"
+Override the default keyring for the distribution being bootstrapped,
+and use
+.IR KEYRING
+to check signatures of retrieved Release files.
+.IP
+.IP "\fB\-\-no-check-gpg\fP"
+Disables checking gpg signatures of retrieved Release files.
+.IP
+.IP "\fB\-\-force-check-gpg\fP"
+Forces checking Release file signatures, disabling automatic fallback to
+HTTPS in case of a missing keyring. Incompatible with the previous option.
+.IP
+.IP "\fB\-\-verbose\fP"
+Produce more info about downloading.
+.IP
+.IP "\fB\-\-print\-debs\fP"
+Print the packages to be installed, and exit.
+Note that a TARGET directory must be specified so debootstrap can
+download Packages files to determine which packages should be installed,
+and to resolve dependencies.
+The TARGET directory will be deleted unless \-\-keep\-debootstrap\-dir
+is specified.
+.IP
+.IP "\fB\-\-download\-only\fP"
+Download packages, but don't perform installation.
+.IP
+.IP "\fB\-\-foreign\fP"
+Do the initial unpack phase of bootstrapping only, for example if the
+target architecture does not match the host architecture.
+A copy of debootstrap sufficient for completing the bootstrap process
+will be installed as /debootstrap/debootstrap in the target filesystem.
+You can run it with the \fB\-\-second\-stage\fP option to complete the
+bootstrapping process.
+.IP
+.IP "\fB\-\-second\-stage\fP"
+Complete the bootstrapping process.
+Other arguments are generally not needed.
+.IP
+.IP "\fB\-\-second\-stage\-target=DIR\fP"
+Run second stage in a subdirectory instead of root. (can be used to create
+a foreign chroot) (requires \-\-second\-stage)
+.IP
+.IP "\fB\-\-keep\-debootstrap\-dir\fP"
+Don't delete the /debootstrap directory in the target after completing the
+installation.
+.IP
+.IP "\fB\-\-unpack\-tarball=FILE\fP"
+Acquire .debs from tarball FILE instead of downloading via http.
+.IP
+.IP "\fB\-\-make\-tarball=FILE\fP"
+Instead of bootstrapping, make a tarball (written to FILE) of the downloaded
+packages.
+The resulting tarball may be passed to a later
+.BR \-\-unpack\-tarball .
+.IP
+.IP "\fB\-\-debian\-installer\fP"
+Used for internal purposes by the debian-installer
+.IP 
+.IP "\fB\-\-extractor=TYPE\fP"
+Override automatic .deb extractor selection to
+.IR TYPE .
+Supported extractors are: dpkg-deb and ar.
+.IP
+.IP "\fB\-\-no\-check\-certificate\fP"
+Do not check certificate against certificate authorities
+.IP
+.IP "\fB\-\-certificate=FILE\fP"
+Use the client certificate stored in file (PEM)
+.IP
+.IP "\fB\-\-private\-key=FILE\fP"
+Read the private key from file
+
+.SH EXAMPLES
+.
+.PP 
+To setup an \fIascii\fR system:
+.PP 
+     debootstrap ascii ./ascii-chroot http://packages.devuan.org/merged
+.PP
+     debootstrap ascii ./ascii-chroot file:///LOCAL_MIRROR/devuan
+.PP
+Full process to create a complete Devuan installation of \fIceres\fR (unstable)
+in a chroot:
+.PP
+     main # debootstrap ceres ceres-root http://packages.devuan.org/merged
+     [ ... watch it download the whole system ]
+     main # echo "proc ceres-root/proc proc defaults 0 0" >> /etc/fstab
+     main # mount proc ceres-root/proc -t proc
+     main # echo "sysfs ceres-root/sys sysfs defaults 0 0" >> /etc/fstab
+     main # mount sysfs ceres-root/sys -t sysfs
+     main # cp /etc/hosts ceres-root/etc/hosts
+     main # chroot ceres-root /bin/bash
+.SH AUTHOR
+.B debootstrap
+This manpage was originally written by Anthony Towns <ajt@debian.org>.
+and Matt Kraai <kraai@debian.org> for Debian.
+It was re-worked for Devuan by Daniel Reurich <daniel@centurion.net.nz>.

cdist/preos/debootstrap/files/devuan-debootstrap/scripts/aequorea

@@ -0,0 +1,202 @@
+mirror_style release
+download_style apt
+finddebs_style from-indices
+variants - buildd fakechroot minbase
+keyring /usr/share/keyrings/tanglu-archive-keyring.gpg
+default_mirror http://archive.tanglu.org/tanglu
+
+if doing_variant fakechroot; then
+	test "$FAKECHROOT" = "true" || error 1 FAKECHROOTREQ "This variant requires fakechroot environment to be started"
+fi
+
+case $ARCH in
+	alpha|ia64) LIBC="libc6.1" ;;
+	kfreebsd-*) LIBC="libc0.1" ;;
+	hurd-*)     LIBC="libc0.3" ;;
+	*)          LIBC="libc6" ;;
+esac
+
+work_out_debs () {
+	required="$(get_debs Priority: required)"
+
+	if doing_variant - || doing_variant fakechroot; then
+		#required="$required $(get_debs Priority: important)"
+		#  ^^ should be getting debconf here somehow maybe
+		base="$(get_debs Priority: important)"
+
+		# we want the Tanglu minimal dependency set to be installed
+		base="$base tanglu-minimal"
+	elif doing_variant buildd; then
+		base="apt build-essential"
+	elif doing_variant minbase; then
+		base="apt"
+	fi
+
+	if doing_variant fakechroot; then
+		# ldd.fake needs binutils
+		required="$required binutils"
+	fi
+
+	case $MIRRORS in
+	    https://*)
+		base="$base apt-transport-https ca-certificates"
+		;;
+	esac
+}
+
+first_stage_install () {
+	extract $required
+
+	mkdir -p "$TARGET/var/lib/dpkg"
+	: >"$TARGET/var/lib/dpkg/status"
+	: >"$TARGET/var/lib/dpkg/available"
+
+	setup_etc
+	if [ ! -e "$TARGET/etc/fstab" ]; then
+		echo '# UNCONFIGURED FSTAB FOR BASE SYSTEM' > "$TARGET/etc/fstab"
+		chown 0:0 "$TARGET/etc/fstab"; chmod 644 "$TARGET/etc/fstab"
+	fi
+
+	setup_devices
+
+	x_feign_install () {
+		local pkg="$1"
+		local deb="$(debfor $pkg)"
+		local ver="$(extract_deb_field "$TARGET/$deb" Version)"
+
+		mkdir -p "$TARGET/var/lib/dpkg/info"
+
+		echo \
+"Package: $pkg
+Version: $ver
+Maintainer: unknown
+Status: install ok installed" >> "$TARGET/var/lib/dpkg/status"
+
+		touch "$TARGET/var/lib/dpkg/info/${pkg}.list"
+	}
+
+	x_feign_install dpkg
+}
+
+second_stage_install () {
+	setup_dynamic_devices
+
+	x_core_install () {
+		smallyes '' | in_target dpkg --force-depends --install $(debfor "$@")
+	}
+
+	p () {
+		baseprog="$(($baseprog + ${1:-1}))"
+	}
+
+	if doing_variant fakechroot; then
+		setup_proc_fakechroot
+	else
+		setup_proc
+		in_target /sbin/ldconfig
+	fi
+
+	DEBIAN_FRONTEND=noninteractive
+	DEBCONF_NONINTERACTIVE_SEEN=true
+	export DEBIAN_FRONTEND DEBCONF_NONINTERACTIVE_SEEN
+
+	baseprog=0
+	bases=7
+
+	p; progress $baseprog $bases INSTCORE "Installing core packages" #1
+	info INSTCORE "Installing core packages..."
+
+	p; progress $baseprog $bases INSTCORE "Installing core packages" #2
+	ln -sf mawk "$TARGET/usr/bin/awk"
+	x_core_install base-passwd
+	x_core_install base-files
+	p; progress $baseprog $bases INSTCORE "Installing core packages" #3
+	x_core_install dpkg
+
+	if [ ! -e "$TARGET/etc/localtime" ]; then
+		ln -sf /usr/share/zoneinfo/UTC "$TARGET/etc/localtime"
+	fi
+
+	if doing_variant fakechroot; then
+		install_fakechroot_tools
+	fi
+
+	p; progress $baseprog $bases INSTCORE "Installing core packages" #4
+	x_core_install $LIBC
+
+	p; progress $baseprog $bases INSTCORE "Installing core packages" #5
+	x_core_install perl-base
+
+	p; progress $baseprog $bases INSTCORE "Installing core packages" #6
+	rm "$TARGET/usr/bin/awk"
+	x_core_install mawk
+
+	p; progress $baseprog $bases INSTCORE "Installing core packages" #7
+	if doing_variant -; then
+		x_core_install debconf
+	fi
+
+	baseprog=0
+	bases=$(set -- $required; echo $#)
+
+	info UNPACKREQ "Unpacking required packages..."
+
+	exec 7>&1
+
+	smallyes '' |
+		(repeatn 5 in_target_failmsg UNPACK_REQ_FAIL_FIVE "Failure while unpacking required packages.  This will be attempted up to five times." "" \
+		dpkg --status-fd 8 --force-depends --unpack $(debfor $required) 8>&1 1>&7 || echo EXITCODE $?) |
+		dpkg_progress $baseprog $bases UNPACKREQ "Unpacking required packages" UNPACKING
+
+	info CONFREQ "Configuring required packages..."
+
+	mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL"
+	echo \
+"#!/bin/sh
+echo
+echo \"Warning: Fake start-stop-daemon called, doing nothing\"" > "$TARGET/sbin/start-stop-daemon"
+	chmod 755 "$TARGET/sbin/start-stop-daemon"
+
+	setup_dselect_method apt
+
+	smallyes '' |
+		(in_target_failmsg CONF_REQ_FAIL "Failure while configuring required packages." "" \
+		dpkg --status-fd 8 --configure --pending --force-configure-any --force-depends 8>&1 1>&7 || echo EXITCODE $?) |
+		dpkg_progress $baseprog $bases CONFREQ "Configuring required packages" CONFIGURING
+
+	baseprog=0
+	bases="$(set -- $base; echo $#)"
+
+	info UNPACKBASE "Unpacking the base system..."
+
+	setup_available $required $base
+	done_predeps=
+	while predep=$(get_next_predep); do
+		# We have to resolve dependencies of pre-dependencies manually because
+		# dpkg --predep-package doesn't handle this.
+		predep=$(without "$(without "$(resolve_deps $predep)" "$required")" "$done_predeps")
+		# XXX: progress is tricky due to how dpkg_progress works
+		# -- cjwatson 2009-07-29
+		p; smallyes '' |
+		in_target dpkg --force-overwrite --force-confold --skip-same-version --install $(debfor $predep)
+		base=$(without "$base" "$predep")
+		done_predeps="$done_predeps $predep"
+	done
+
+	smallyes '' |
+		(repeatn 5 in_target_failmsg INST_BASE_FAIL_FIVE "Failure while installing base packages.  This will be re-attempted up to five times." "" \
+		dpkg --status-fd 8 --force-overwrite --force-confold --skip-same-version --unpack $(debfor $base) 8>&1 1>&7 || echo EXITCODE $?) |
+		dpkg_progress $baseprog $bases UNPACKBASE "Unpacking base system" UNPACKING
+
+	info CONFBASE "Configuring the base system..."
+
+	smallyes '' |
+		(repeatn 5 in_target_failmsg CONF_BASE_FAIL_FIVE "Failure while configuring base packages.  This will be re-attempted up to five times." "" \
+		dpkg --status-fd 8 --force-confold --skip-same-version --configure -a 8>&1 1>&7 || echo EXITCODE $?) |
+		dpkg_progress $baseprog $bases CONFBASE "Configuring base system" CONFIGURING
+
+	mv "$TARGET/sbin/start-stop-daemon.REAL" "$TARGET/sbin/start-stop-daemon"
+
+	progress $bases $bases CONFBASE "Configuring base system"
+	info BASESUCCESS "Base system installed successfully."
+}

cdist/preos/debootstrap/files/devuan-debootstrap/scripts/ascii

@@ -0,0 +1 @@
+ceres

cdist/preos/debootstrap/files/devuan-debootstrap/scripts/bartholomea

@@ -0,0 +1 @@
+aequorea

cdist/preos/debootstrap/files/devuan-debootstrap/scripts/breezy

@@ -0,0 +1,163 @@
+default_mirror http://old-releases.ubuntu.com/ubuntu
+mirror_style release
+download_style apt
+finddebs_style from-indices
+variants - buildd
+
+case $ARCH in
+  alpha|ia64) LIBC="libc6.1" ;;
+  *)          LIBC="libc6" ;;
+esac
+
+work_out_debs () {
+    required="$(get_debs Priority: required)"
+
+    if doing_variant -; then
+      #required="$required $(get_debs Priority: important)"
+      #  ^^ should be getting debconf here somehow maybe
+      base="$(get_debs Priority: important)"
+    elif doing_variant buildd; then
+      # TODO: add Build-Essential: yes extraoverrides
+      #base="$(get_debs Build-Essential: yes)"
+
+      add () { if [ "$ARCH" = "$1" ]; then eval "$2=\"\$$2 $3\""; fi; }
+
+      base="apt binutils cpio cpp cpp-4.0 dpkg-dev g++ g++-4.0 gcc gcc-4.0 gcc-4.0-base ${LIBC}-dev libdb4.2 libgdbm3 libstdc++6 libstdc++6-4.0-dev linux-kernel-headers make patch perl perl-modules"
+
+      add ia64 base "libunwind7-dev"
+      add sparc base "lib64gcc1"
+      add sparc base "libc6-dev-sparc64"
+      add sparc base "libc6-sparc64"
+    fi
+}
+
+first_stage_install () {
+    extract $required
+
+    mkdir -p "$TARGET/var/lib/dpkg"
+    : >"$TARGET/var/lib/dpkg/status"
+    echo >"$TARGET/var/lib/dpkg/available"
+
+    setup_etc
+    if [ ! -e "$TARGET/etc/fstab" ]; then
+        echo '# UNCONFIGURED FSTAB FOR BASE SYSTEM' > "$TARGET/etc/fstab"
+        chown 0:0 "$TARGET/etc/fstab"; chmod 644 "$TARGET/etc/fstab"
+    fi
+
+    setup_devices
+
+    x_feign_install () {
+        local pkg="$1"
+        local deb="$(debfor $pkg)"
+        local ver="$(extract_deb_field "$TARGET/$deb" Version)"
+
+        mkdir -p "$TARGET/var/lib/dpkg/info"
+
+        echo \
+"Package: $pkg
+Version: $ver
+Status: install ok installed" >> "$TARGET/var/lib/dpkg/status"
+
+        touch "$TARGET/var/lib/dpkg/info/${pkg}.list"
+    }
+
+    x_feign_install dpkg
+}
+
+second_stage_install () {
+    x_core_install () {
+	smallyes '' | in_target dpkg --force-depends --install $(debfor "$@")
+    }
+
+    p () {
+	baseprog="$(($baseprog + ${1:-1}))"
+    }
+
+    setup_proc
+    umount_on_exit /dev/.static/dev
+    umount_on_exit /dev
+    in_target /sbin/ldconfig
+
+    DEBIAN_FRONTEND=noninteractive
+    DEBCONF_NONINTERACTIVE_SEEN=true
+    export DEBIAN_FRONTEND DEBCONF_NONINTERACTIVE_SEEN
+
+    baseprog=0
+    bases=7
+
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #1
+    info INSTCORE "Installing core packages..."
+
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #2
+    ln -sf mawk "$TARGET/usr/bin/awk"
+    x_core_install base-files base-passwd
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #3
+    x_core_install dpkg
+
+    if [ ! -e "$TARGET/etc/localtime" ]; then
+        ln -sf /usr/share/zoneinfo/UTC "$TARGET/etc/localtime"
+    fi
+
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #4
+    x_core_install $LIBC
+
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #5
+    x_core_install perl-base
+
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #6
+    rm "$TARGET/usr/bin/awk"
+    x_core_install mawk
+
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #7
+    if doing_variant -; then
+      x_core_install debconf
+    fi
+
+    baseprog=0
+    bases=$(set -- $required; echo $#)
+
+    info UNPACKREQ "Unpacking required packages..."
+
+    smallyes '' |
+      (repeatn 5 in_target_failmsg UNPACK_REQ_FAIL_FIVE "Failure while unpacking required packages.  This will be attempted up to five times." "" \
+      dpkg --status-fd 8 --force-depends --unpack $(debfor $required) 8>&1 1>&7 |
+      dpkg_progress $baseprog $bases UNPACKREQ "Unpacking required packages" UNPACKING) 7>&1
+
+    info CONFREQ "Configuring required packages..."
+
+    mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL"
+    echo \
+"#!/bin/sh
+echo
+echo \"Warning: Fake start-stop-daemon called, doing nothing\"" > "$TARGET/sbin/start-stop-daemon"
+    chmod 755 "$TARGET/sbin/start-stop-daemon"
+
+    setup_dselect_method apt
+
+    smallyes '' |
+      (in_target_failmsg CONF_REQ_FAIL "Failure while configuring required packages." "" \
+      dpkg --status-fd 8 --configure --pending --force-configure-any --force-depends 8>&1 1>&7 |
+      dpkg_progress $baseprog $bases CONFREQ "Configuring required packages" CONFIGURING) 7>&1
+
+    baseprog=0
+    bases="$(set -- $base; echo $#)"
+
+    info UNPACKBASE "Unpacking the base system..."
+
+    smallyes '' |
+      (repeatn 5 in_target_failmsg INST_BASE_FAIL_FIVE "Failure while installing base packages.  This will be re-attempted up to five times." "" \
+      dpkg --status-fd 8 --force-auto-select --force-overwrite --force-confold --skip-same-version --unpack $(debfor $base) 8>&1 1>&7 |
+      dpkg_progress $baseprog $bases UNPACKBASE "Unpacking base system" UNPACKING) 7>&1
+
+    info CONFBASE "Configuring the base system..."
+
+    smallyes '' |
+      (repeatn 5 in_target_failmsg CONF_BASE_FAIL_FIVE "Failure while configuring base packages.  This will be attempted 5 times." "" \
+      dpkg --status-fd 8 --force-confold --skip-same-version --configure -a 8>&1 1>&7 |
+      dpkg_progress $baseprog $bases CONFBASE "Configuring base system" CONFIGURING) 7>&1
+
+    mv "$TARGET/sbin/start-stop-daemon.REAL" "$TARGET/sbin/start-stop-daemon"
+
+    progress $bases $bases CONFBASE "Configuring base system"
+    info BASESUCCESS "Base system installed successfully."
+}

cdist/preos/debootstrap/files/devuan-debootstrap/scripts/bullseye

@@ -0,0 +1 @@
+sid

cdist/preos/debootstrap/files/devuan-debootstrap/scripts/buster

@@ -0,0 +1 @@
+sid

cdist/preos/debootstrap/files/devuan-debootstrap/scripts/ceres

@@ -0,0 +1,218 @@
+mirror_style release
+download_style apt
+finddebs_style from-indices
+variants - buildd fakechroot minbase scratchbox
+keyring /usr/share/keyrings/devuan-archive-keyring.gpg
+
+if doing_variant fakechroot; then
+	test "$FAKECHROOT" = "true" || error 1 FAKECHROOTREQ "This variant requires fakechroot environment to be started"
+fi
+
+case $ARCH in
+	alpha|ia64) LIBC="libc6.1" ;;
+	kfreebsd-*) LIBC="libc0.1" ;;
+	hurd-*)     LIBC="libc0.3" ;;
+	*)          LIBC="libc6" ;;
+esac
+
+work_out_debs () {
+	required="$(get_debs Priority: required)"
+   devuan_required="devuan-keyring devuan-baseconf sysvinit-core"
+   devuan_remove="systemd systemd-sysv"
+
+	if doing_variant - || doing_variant fakechroot; then
+		#required="$required $(get_debs Priority: important)"
+		#  ^^ should be getting debconf here somehow maybe
+		base="$(get_debs Priority: important) $devuan_required"
+	elif doing_variant buildd || doing_variant scratchbox; then
+		base="apt build-essential $devuan_required"
+	elif doing_variant minbase; then
+		base="apt $devuan_required"
+	fi
+
+	if doing_variant fakechroot; then
+		# ldd.fake needs binutils
+		required="$required binutils"
+	fi
+
+	case $MIRRORS in
+	    https://*)
+		base="$base apt-transport-https ca-certificates"
+		;;
+	esac
+   #base=$(without "$base" "$devuan_remove")
+}
+
+first_stage_install () {
+   case "$CODENAME" in 
+      jessie|jessie-kfreebsd) ;;
+      *)
+         EXTRACT_DEB_TAR_OPTIONS="$EXTRACT_DEB_TAR_OPTIONS -k"
+         setup_merged_usr
+         ;;
+   esac
+	extract $required
+
+	mkdir -p "$TARGET/var/lib/dpkg"
+	: >"$TARGET/var/lib/dpkg/status"
+	: >"$TARGET/var/lib/dpkg/available"
+
+	setup_etc
+	if [ ! -e "$TARGET/etc/fstab" ]; then
+		echo '# UNCONFIGURED FSTAB FOR BASE SYSTEM' > "$TARGET/etc/fstab"
+		chown 0:0 "$TARGET/etc/fstab"; chmod 644 "$TARGET/etc/fstab"
+	fi
+
+   setup_devices
+}
+
+second_stage_install () {
+   setup_dynamic_devices 
+
+	x_feign_install () {
+		local pkg="$1"
+		local deb="$(debfor $pkg)"
+		local ver="$(in_target dpkg-deb -f "$deb" Version)"
+
+		mkdir -p "$TARGET/var/lib/dpkg/info"
+
+		echo \
+"Package: $pkg
+Version: $ver
+Maintainer: unknown
+Status: install ok installed" >> "$TARGET/var/lib/dpkg/status"
+
+		touch "$TARGET/var/lib/dpkg/info/${pkg}.list"
+	}
+
+	x_feign_install dpkg
+
+	x_core_install () {
+		smallyes '' | in_target dpkg --force-depends --install $(debfor "$@")
+	}
+
+	p () {
+		baseprog="$(($baseprog + ${1:-1}))"
+	}
+
+	if doing_variant fakechroot; then
+		setup_proc_fakechroot
+	elif doing_variant scratchbox; then
+		true
+	else
+		setup_proc
+		in_target /sbin/ldconfig
+	fi
+
+	DEBIAN_FRONTEND=noninteractive
+	DEBCONF_NONINTERACTIVE_SEEN=true
+	export DEBIAN_FRONTEND DEBCONF_NONINTERACTIVE_SEEN
+
+	baseprog=0
+	bases=7
+
+	p; progress $baseprog $bases INSTCORE "Installing core packages" #1
+	info INSTCORE "Installing core packages..."
+
+	p; progress $baseprog $bases INSTCORE "Installing core packages" #2
+	ln -sf mawk "$TARGET/usr/bin/awk"
+	x_core_install base-passwd
+	x_core_install base-files
+	p; progress $baseprog $bases INSTCORE "Installing core packages" #3
+	x_core_install dpkg
+
+	if [ ! -e "$TARGET/etc/localtime" ]; then
+		ln -sf /usr/share/zoneinfo/UTC "$TARGET/etc/localtime"
+	fi
+
+	if doing_variant fakechroot; then
+		install_fakechroot_tools
+	fi
+
+	p; progress $baseprog $bases INSTCORE "Installing core packages" #4
+	x_core_install $LIBC
+
+	p; progress $baseprog $bases INSTCORE "Installing core packages" #5
+	x_core_install perl-base
+
+	p; progress $baseprog $bases INSTCORE "Installing core packages" #6
+	rm "$TARGET/usr/bin/awk"
+	x_core_install mawk
+
+	p; progress $baseprog $bases INSTCORE "Installing core packages" #7
+	if doing_variant -; then
+		x_core_install debconf
+	fi
+
+	baseprog=0
+	bases=$(set -- $required; echo $#)
+
+	info UNPACKREQ "Unpacking required packages..."
+
+	exec 7>&1
+
+	smallyes '' |
+		(repeatn 5 in_target_failmsg UNPACK_REQ_FAIL_FIVE "Failure while unpacking required packages.  This will be attempted up to five times." "" \
+		dpkg --status-fd 8 --force-depends --unpack $(debfor $required) 8>&1 1>&7 || echo EXITCODE $?) |
+		dpkg_progress $baseprog $bases UNPACKREQ "Unpacking required packages" UNPACKING
+
+	info CONFREQ "Configuring required packages..."
+
+	echo \
+"#!/bin/sh
+exit 101" > "$TARGET/usr/sbin/policy-rc.d"
+	chmod 755 "$TARGET/usr/sbin/policy-rc.d"
+
+	mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL"
+	echo \
+"#!/bin/sh
+echo
+echo \"Warning: Fake start-stop-daemon called, doing nothing\"" > "$TARGET/sbin/start-stop-daemon"
+	chmod 755 "$TARGET/sbin/start-stop-daemon"
+
+	setup_dselect_method apt
+
+	smallyes '' |
+		(in_target_failmsg CONF_REQ_FAIL "Failure while configuring required packages." "" \
+		dpkg --status-fd 8 --configure --pending --force-configure-any --force-depends 8>&1 1>&7 || echo EXITCODE $?) |
+		dpkg_progress $baseprog $bases CONFREQ "Configuring required packages" CONFIGURING
+
+	baseprog=0
+	bases="$(set -- $base; echo $#)"
+
+	info UNPACKBASE "Unpacking the base system..."
+
+	setup_available $required $base
+	done_predeps=
+	while predep=$(get_next_predep); do
+		# We have to resolve dependencies of pre-dependencies manually because
+		# dpkg --predep-package doesn't handle this.
+		predep=$(without "$(without "$(resolve_deps $predep)" "$required")" "$done_predeps")
+		# XXX: progress is tricky due to how dpkg_progress works
+		# -- cjwatson 2009-07-29
+		p; smallyes '' |
+		in_target dpkg --force-overwrite --force-confold --skip-same-version --install $(debfor $predep)
+		base=$(without "$base" "$predep")
+		done_predeps="$done_predeps $predep"
+	done
+
+   if [ -n "$base" ]; then
+	   smallyes '' |
+		   (repeatn 5 in_target_failmsg INST_BASE_FAIL_FIVE "Failure while installing base packages.  This will be re-attempted up to five times." "" \
+		   dpkg --status-fd 8 --force-overwrite --force-confold --skip-same-version --unpack $(debfor $base) 8>&1 1>&7 || echo EXITCODE $?) |
+		   dpkg_progress $baseprog $bases UNPACKBASE "Unpacking base system" UNPACKING
+
+	   info CONFBASE "Configuring the base system..."
+
+	   smallyes '' |
+		   (repeatn 5 in_target_failmsg CONF_BASE_FAIL_FIVE "Failure while configuring base packages.  This will be re-attempted up to five times." "" \
+		   dpkg --status-fd 8 --force-confold --skip-same-version --configure -a 8>&1 1>&7 || echo EXITCODE $?) |
+		   dpkg_progress $baseprog $bases CONFBASE "Configuring base system" CONFIGURING
+   fi
+
+	mv "$TARGET/sbin/start-stop-daemon.REAL" "$TARGET/sbin/start-stop-daemon"
+	rm -f "$TARGET/usr/sbin/policy-rc.d"
+
+	progress $bases $bases CONFBASE "Configuring base system"
+	info BASESUCCESS "Base system installed successfully."
+}

cdist/preos/debootstrap/files/devuan-debootstrap/scripts/chromodoris

@@ -0,0 +1 @@
+aequorea

cdist/preos/debootstrap/files/devuan-debootstrap/scripts/dapper

@@ -0,0 +1,168 @@
+case $ARCH in
+  amd64|i386|powerpc|sparc)
+    default_mirror http://archive.ubuntu.com/ubuntu
+    ;;
+  *)
+    default_mirror http://ports.ubuntu.com/ubuntu-ports
+    ;;
+esac
+mirror_style release
+download_style apt
+finddebs_style from-indices
+variants - buildd
+
+case $ARCH in
+  alpha|ia64) LIBC="libc6.1" ;;
+  *)          LIBC="libc6" ;;
+esac
+
+work_out_debs () {
+    required="$(get_debs Priority: required)"
+
+    if doing_variant -; then
+      #required="$required $(get_debs Priority: important)"
+      #  ^^ should be getting debconf here somehow maybe
+      base="$(get_debs Priority: important)"
+    elif doing_variant buildd; then
+      # TODO: add Build-Essential: yes extraoverrides
+      #base="$(get_debs Build-Essential: yes)"
+
+      add () { if [ "$ARCH" = "$1" ]; then eval "$2=\"\$$2 $3\""; fi; }
+
+      base="apt binutils cpio cpp cpp-4.0 dpkg-dev g++ g++-4.0 gcc gcc-4.0 ${LIBC}-dev libgdbm3 libstdc++6 libstdc++6-4.0-dev linux-kernel-headers make patch perl perl-modules"
+
+      add ia64 base "libunwind7-dev"
+      add sparc base "lib64gcc1"
+      add sparc base "libc6-dev-sparc64"
+      add sparc base "libc6-sparc64"
+    fi
+}
+
+first_stage_install () {
+    extract $required
+
+    mkdir -p "$TARGET/var/lib/dpkg"
+    : >"$TARGET/var/lib/dpkg/status"
+    : >"$TARGET/var/lib/dpkg/available"
+
+    setup_etc
+    if [ ! -e "$TARGET/etc/fstab" ]; then
+        echo '# UNCONFIGURED FSTAB FOR BASE SYSTEM' > "$TARGET/etc/fstab"
+        chown 0:0 "$TARGET/etc/fstab"; chmod 644 "$TARGET/etc/fstab"
+    fi
+
+    setup_devices
+
+    x_feign_install () {
+        local pkg="$1"
+        local deb="$(debfor $pkg)"
+        local ver="$(extract_deb_field "$TARGET/$deb" Version)"
+
+        mkdir -p "$TARGET/var/lib/dpkg/info"
+
+        echo \
+"Package: $pkg
+Version: $ver
+Status: install ok installed" >> "$TARGET/var/lib/dpkg/status"
+
+        touch "$TARGET/var/lib/dpkg/info/${pkg}.list"
+    }
+
+    x_feign_install dpkg
+}
+
+second_stage_install () {
+    x_core_install () {
+	smallyes '' | in_target dpkg --force-depends --install $(debfor "$@")
+    }
+
+    p () {
+	baseprog="$(($baseprog + ${1:-1}))"
+    }
+
+    setup_proc
+    in_target /sbin/ldconfig
+
+    DEBIAN_FRONTEND=noninteractive
+    DEBCONF_NONINTERACTIVE_SEEN=true
+    export DEBIAN_FRONTEND DEBCONF_NONINTERACTIVE_SEEN
+
+    baseprog=0
+    bases=7
+
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #1
+    info INSTCORE "Installing core packages..."
+
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #2
+    ln -sf mawk "$TARGET/usr/bin/awk"
+    x_core_install base-files base-passwd
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #3
+    x_core_install dpkg
+
+    if [ ! -e "$TARGET/etc/localtime" ]; then
+        ln -sf /usr/share/zoneinfo/UTC "$TARGET/etc/localtime"
+    fi
+
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #4
+    x_core_install $LIBC
+
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #5
+    x_core_install perl-base
+
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #6
+    rm "$TARGET/usr/bin/awk"
+    x_core_install mawk
+
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #7
+    if doing_variant -; then
+      x_core_install debconf
+    fi
+
+    baseprog=0
+    bases=$(set -- $required; echo $#)
+
+    info UNPACKREQ "Unpacking required packages..."
+
+    smallyes '' |
+      (repeatn 5 in_target_failmsg UNPACK_REQ_FAIL_FIVE "Failure while unpacking required packages.  This will be attempted up to five times." "" \
+      dpkg --status-fd 8 --force-depends --unpack $(debfor $required) 8>&1 1>&7 |
+      dpkg_progress $baseprog $bases UNPACKREQ "Unpacking required packages" UNPACKING) 7>&1
+
+    info CONFREQ "Configuring required packages..."
+
+    mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL"
+    echo \
+"#!/bin/sh
+echo
+echo \"Warning: Fake start-stop-daemon called, doing nothing\"" > "$TARGET/sbin/start-stop-daemon"
+    chmod 755 "$TARGET/sbin/start-stop-daemon"
+
+    setup_dselect_method apt
+
+    smallyes '' |
+      (in_target_failmsg CONF_REQ_FAIL "Failure while configuring required packages." "" \
+      dpkg --status-fd 8 --configure --pending --force-configure-any --force-depends 8>&1 1>&7 |
+      dpkg_progress $baseprog $bases CONFREQ "Configuring required packages" CONFIGURING) 7>&1
+
+    baseprog=0
+    bases="$(set -- $base; echo $#)"
+
+    info UNPACKBASE "Unpacking the base system..."
+
+    smallyes '' |
+      (repeatn 5 in_target_failmsg INST_BASE_FAIL_FIVE "Failure while installing base packages.  This will be re-attempted up to five times." "" \
+      dpkg --status-fd 8 --force-auto-select --force-overwrite --force-confold --skip-same-version --unpack $(debfor $base) 8>&1 1>&7 |
+      dpkg_progress $baseprog $bases UNPACKBASE "Unpacking base system" UNPACKING) 7>&1
+
+    info CONFBASE "Configuring the base system..."
+
+    smallyes '' |
+      (repeatn 5 in_target_failmsg CONF_BASE_FAIL_FIVE "Failure while configuring base packages.  This will be attempted 5 times." "" \
+      dpkg --status-fd 8 --force-confold --skip-same-version --configure -a 8>&1 1>&7 |
+      dpkg_progress $baseprog $bases CONFBASE "Configuring base system" CONFIGURING) 7>&1
+
+    mv "$TARGET/sbin/start-stop-daemon.REAL" "$TARGET/sbin/start-stop-daemon"
+
+    progress $bases $bases CONFBASE "Configuring base system"
+    info BASESUCCESS "Base system installed successfully."
+}

cdist/preos/debootstrap/files/devuan-debootstrap/scripts/dasyatis

@@ -0,0 +1 @@
+aequorea

cdist/preos/debootstrap/files/devuan-debootstrap/scripts/edgy

@@ -0,0 +1,187 @@
+case $ARCH in
+  amd64|i386|powerpc|sparc)
+    default_mirror http://archive.ubuntu.com/ubuntu
+    ;;
+  *)
+    default_mirror http://ports.ubuntu.com/ubuntu-ports
+    ;;
+esac
+mirror_style release
+download_style apt
+finddebs_style from-indices
+variants - buildd fakechroot
+
+if doing_variant fakechroot; then
+    test "$FAKECHROOT" = "true" || error 1 FAKECHROOTREQ "This variant requires fakechroot environment to be started"
+fi
+
+case $ARCH in
+  alpha|ia64) LIBC="libc6.1" ;;
+  *)          LIBC="libc6" ;;
+esac
+
+work_out_debs () {
+    required="$(get_debs Priority: required)"
+
+    if doing_variant -; then
+      #required="$required $(get_debs Priority: important)"
+      #  ^^ should be getting debconf here somehow maybe
+      base="$(get_debs Priority: important)"
+    elif doing_variant buildd; then
+      # TODO: add Build-Essential: yes extraoverrides
+      #base="$(get_debs Build-Essential: yes)"
+
+      add () { if [ "$ARCH" = "$1" ]; then eval "$2=\"\$$2 $3\""; fi; }
+
+      base="apt binutils cpio cpp cpp-4.1 dpkg-dev g++ g++-4.1 gcc gcc-4.1 ${LIBC}-dev libdb4.4 libgdbm3 libstdc++6 libstdc++6-4.1-dev linux-libc-dev make patch perl perl-modules"
+
+      add ia64 base "libunwind7-dev"
+      add sparc base "lib64gcc1"
+      add sparc base "libc6-dev-sparc64"
+      add sparc base "libc6-sparc64"
+    elif doing_variant fakechroot; then
+      base="apt"
+    fi
+}
+
+first_stage_install () {
+    extract $required
+
+    mkdir -p "$TARGET/var/lib/dpkg"
+    : >"$TARGET/var/lib/dpkg/status"
+    : >"$TARGET/var/lib/dpkg/available"
+
+    setup_etc
+    if [ ! -e "$TARGET/etc/fstab" ]; then
+        echo '# UNCONFIGURED FSTAB FOR BASE SYSTEM' > "$TARGET/etc/fstab"
+        chown 0:0 "$TARGET/etc/fstab"; chmod 644 "$TARGET/etc/fstab"
+    fi
+
+    setup_devices
+
+    x_feign_install () {
+        local pkg="$1"
+        local deb="$(debfor $pkg)"
+        local ver="$(extract_deb_field "$TARGET/$deb" Version)"
+
+        mkdir -p "$TARGET/var/lib/dpkg/info"
+
+        echo \
+"Package: $pkg
+Version: $ver
+Status: install ok installed" >> "$TARGET/var/lib/dpkg/status"
+
+        touch "$TARGET/var/lib/dpkg/info/${pkg}.list"
+    }
+
+    x_feign_install dpkg
+}
+
+second_stage_install () {
+    x_core_install () {
+	smallyes '' | in_target dpkg --force-depends --install $(debfor "$@")
+    }
+
+    p () {
+	baseprog="$(($baseprog + ${1:-1}))"
+    }
+
+    if doing_variant fakechroot; then
+	setup_proc_fakechroot
+    else
+	setup_proc
+	in_target /sbin/ldconfig
+    fi
+
+    DEBIAN_FRONTEND=noninteractive
+    DEBCONF_NONINTERACTIVE_SEEN=true
+    export DEBIAN_FRONTEND DEBCONF_NONINTERACTIVE_SEEN
+
+    baseprog=0
+    bases=7
+
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #1
+    info INSTCORE "Installing core packages..."
+
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #2
+    ln -sf mawk "$TARGET/usr/bin/awk"
+    x_core_install base-files base-passwd
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #3
+    x_core_install dpkg
+
+    if [ ! -e "$TARGET/etc/localtime" ]; then
+        ln -sf /usr/share/zoneinfo/UTC "$TARGET/etc/localtime"
+    fi
+
+    if doing_variant fakechroot; then
+	install_fakechroot_tools
+    fi
+
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #4
+    x_core_install $LIBC
+
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #5
+    x_core_install perl-base
+
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #6
+    rm "$TARGET/usr/bin/awk"
+    x_core_install mawk
+
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #7
+    if doing_variant -; then
+      x_core_install debconf
+    fi
+
+    baseprog=0
+    bases=$(set -- $required; echo $#)
+
+    info UNPACKREQ "Unpacking required packages..."
+
+    smallyes '' |
+      (repeatn 5 in_target_failmsg UNPACK_REQ_FAIL_FIVE "Failure while unpacking required packages.  This will be attempted up to five times." "" \
+      dpkg --status-fd 8 --force-depends --unpack $(debfor $required) 8>&1 1>&7 |
+      dpkg_progress $baseprog $bases UNPACKREQ "Unpacking required packages" UNPACKING) 7>&1
+
+    info CONFREQ "Configuring required packages..."
+
+    if doing_variant fakechroot; then
+	# fix initscripts postinst (no mounting possible, and wrong if condition)
+	sed -i '/dpkg.*--compare-versions/ s/\<lt\>/lt-nl/' "$TARGET/var/lib/dpkg/info/initscripts.postinst"
+    fi
+
+    mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL"
+    echo \
+"#!/bin/sh
+echo
+echo \"Warning: Fake start-stop-daemon called, doing nothing\"" > "$TARGET/sbin/start-stop-daemon"
+    chmod 755 "$TARGET/sbin/start-stop-daemon"
+
+    setup_dselect_method apt
+
+    smallyes '' |
+      (in_target_failmsg CONF_REQ_FAIL "Failure while configuring required packages." "" \
+      dpkg --status-fd 8 --configure --pending --force-configure-any --force-depends 8>&1 1>&7 |
+      dpkg_progress $baseprog $bases CONFREQ "Configuring required packages" CONFIGURING) 7>&1
+
+    baseprog=0
+    bases="$(set -- $base; echo $#)"
+
+    info UNPACKBASE "Unpacking the base system..."
+
+    smallyes '' |
+      (repeatn 5 in_target_failmsg INST_BASE_FAIL_FIVE "Failure while installing base packages.  This will be re-attempted up to five times." "" \
+      dpkg --status-fd 8 --force-overwrite --force-confold --skip-same-version --unpack $(debfor $base) 8>&1 1>&7 |
+      dpkg_progress $baseprog $bases UNPACKBASE "Unpacking base system" UNPACKING) 7>&1
+
+    info CONFBASE "Configuring the base system..."
+
+    smallyes '' |
+      (repeatn 5 in_target_failmsg CONF_BASE_FAIL_FIVE "Failure while configuring base packages.  This will be attempted 5 times." "" \
+      dpkg --status-fd 8 --force-confold --skip-same-version --configure -a 8>&1 1>&7 |
+      dpkg_progress $baseprog $bases CONFBASE "Configuring base system" CONFIGURING) 7>&1
+
+    mv "$TARGET/sbin/start-stop-daemon.REAL" "$TARGET/sbin/start-stop-daemon"
+
+    progress $bases $bases CONFBASE "Configuring base system"
+    info BASESUCCESS "Base system installed successfully."
+}