From 94e32dcd78d73ea5f09845cfdd4f488095f17145 Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Sat, 4 Jan 2020 16:36:44 +0200 Subject: [PATCH 01/30] __apt_unattended_upgrades: initial commit --- .../type/__apt_unattended_upgrades/manifest | 74 +++++++++++++++++++ .../parameter/boolean | 1 + .../parameter/optional | 1 + .../parameter/optional_multiple | 1 + .../type/__apt_unattended_upgrades/singleton | 0 5 files changed, 77 insertions(+) create mode 100755 cdist/conf/type/__apt_unattended_upgrades/manifest create mode 100644 cdist/conf/type/__apt_unattended_upgrades/parameter/boolean create mode 100644 cdist/conf/type/__apt_unattended_upgrades/parameter/optional create mode 100644 cdist/conf/type/__apt_unattended_upgrades/parameter/optional_multiple create mode 100644 cdist/conf/type/__apt_unattended_upgrades/singleton diff --git a/cdist/conf/type/__apt_unattended_upgrades/manifest b/cdist/conf/type/__apt_unattended_upgrades/manifest new file mode 100755 index 00000000..bf4d825a --- /dev/null +++ b/cdist/conf/type/__apt_unattended_upgrades/manifest @@ -0,0 +1,74 @@ +#!/bin/sh -e + +__package unattended-upgrades + +# in normal circumstances 20auto-upgrades is managed +# by debconf and it can only contain these lines +# https://wiki.debian.org/UnattendedUpgrades + +require='__package/unattended-upgrades' \ + __file /etc/apt/apt.conf.d/20auto-upgrades \ + --owner root \ + --group root \ + --mode 644 \ + --source - << EOF +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Unattended-Upgrade "1"; +EOF + +# lets not write into upstream 50unattended-upgrades file, +# but use our own config files to avoid clashes + +ml_conf='/etc/apt/apt.conf.d/51unattended-upgrades-mail' +bl_conf='/etc/apt/apt.conf.d/51unattended-upgrades-blacklist' + +if [ -f "$__object/parameter/mail" ] +then + mail="$( cat "$__object/parameter/mail" )" +else + mail='' +fi + +if [ -n "$mail" ] +then + if [ -f "$__object/parameter/mail-on-error" ] + then + mail_on_error='true' + else + mail_on_error='false' + fi + + __file "$ml_conf" \ + --owner root \ + --group root \ + --mode 644 \ + --source - << EOF +Unattended-Upgrade::Mail "$mail"; +Unattended-Upgrade::MailOnlyOnError "$mail_on_error"; +EOF + +else + __file "$ml_conf" --state absent +fi + +if [ -f "$__object/parameter/blacklist" ] +then + bl='Unattended-Upgrade::Package-Blacklist {'; + + while read -r l + do + bl="$( printf '%s\n"%s";\n' "$bl" "$l" )" + done \ + < "$__object/parameter/blacklist" + + bl="$( printf '%s\n}' "$bl" )" + + echo "$bl" \ + | __file "$bl_conf" \ + --owner root \ + --group root \ + --mode 644 \ + --source - +else + __file "$bl_conf" --state absent +fi diff --git a/cdist/conf/type/__apt_unattended_upgrades/parameter/boolean b/cdist/conf/type/__apt_unattended_upgrades/parameter/boolean new file mode 100644 index 00000000..edcaa12a --- /dev/null +++ b/cdist/conf/type/__apt_unattended_upgrades/parameter/boolean @@ -0,0 +1 @@ +mail-on-error diff --git a/cdist/conf/type/__apt_unattended_upgrades/parameter/optional b/cdist/conf/type/__apt_unattended_upgrades/parameter/optional new file mode 100644 index 00000000..fa7963cc --- /dev/null +++ b/cdist/conf/type/__apt_unattended_upgrades/parameter/optional @@ -0,0 +1 @@ +mail diff --git a/cdist/conf/type/__apt_unattended_upgrades/parameter/optional_multiple b/cdist/conf/type/__apt_unattended_upgrades/parameter/optional_multiple new file mode 100644 index 00000000..27b9ffc9 --- /dev/null +++ b/cdist/conf/type/__apt_unattended_upgrades/parameter/optional_multiple @@ -0,0 +1 @@ +blacklist diff --git a/cdist/conf/type/__apt_unattended_upgrades/singleton b/cdist/conf/type/__apt_unattended_upgrades/singleton new file mode 100644 index 00000000..e69de29b From a9d491f998c2b41ad97bfeace7f1d24a73ff7482 Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Sat, 4 Jan 2020 16:59:42 +0200 Subject: [PATCH 02/30] __apt_unattended_upgrades: add license header --- .../type/__apt_unattended_upgrades/manifest | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/cdist/conf/type/__apt_unattended_upgrades/manifest b/cdist/conf/type/__apt_unattended_upgrades/manifest index bf4d825a..88a5ccd8 100755 --- a/cdist/conf/type/__apt_unattended_upgrades/manifest +++ b/cdist/conf/type/__apt_unattended_upgrades/manifest @@ -1,4 +1,22 @@ #!/bin/sh -e +# +# 2020 Ander Punnar (ander-at-kvlt-dot-ee) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# __package unattended-upgrades From ec8d9571f971c0a0616acdccc9a32589f1b6f042 Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Sat, 4 Jan 2020 17:07:46 +0200 Subject: [PATCH 03/30] __apt_unattended_upgrades: add manual --- .../type/__apt_unattended_upgrades/man.rst | 54 +++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 cdist/conf/type/__apt_unattended_upgrades/man.rst diff --git a/cdist/conf/type/__apt_unattended_upgrades/man.rst b/cdist/conf/type/__apt_unattended_upgrades/man.rst new file mode 100644 index 00000000..d64b2e9e --- /dev/null +++ b/cdist/conf/type/__apt_unattended_upgrades/man.rst @@ -0,0 +1,54 @@ +cdist-type__apt_unattended_upgrades(7) +====================================== + +NAME +---- +cdist-type__apt_unattended_upgrades - automatic installation of updates + + +DESCRIPTION +----------- + +Install and configure unattended-upgrades package. + + +OPTIONAL PARAMETERS +------------------- +mail + Send email to this address for problems or packages upgrades. + + +OPTIONAL MULTIPLE PARAMETERS +---------------------------- +blacklist + Python regular expressions, matching packages to exclude from upgrading. + + +BOOLEAN PARAMETERS +------------------ +mail-on-error + Get emails only on errors. + + +EXAMPLES +-------- + +.. code-block:: sh + + __apt_unattended_upgrades \ + --mail root \ + --mail-on-error \ + --blacklist multipath-tools \ + --blacklist open-iscsi + +AUTHORS +------- +Ander Punnar + + +COPYING +------- +Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it +under the terms of the GNU General Public License as published by the Free +Software Foundation, either version 3 of the License, or (at your option) any +later version. From d4bd49bbb598dfd4e4a510a2bf9035dcb4686e4a Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Sat, 4 Jan 2020 17:43:57 +0200 Subject: [PATCH 04/30] __acl: rename --acl to --entry for the sake of consistency, add compatibility --- cdist/conf/type/__acl/gencode-remote | 5 +++- cdist/conf/type/__acl/man.rst | 28 +++++++++---------- .../conf/type/__acl/parameter/deprecated/acl | 1 + .../type/__acl/parameter/optional_multiple | 1 + 4 files changed, 20 insertions(+), 15 deletions(-) create mode 100644 cdist/conf/type/__acl/parameter/deprecated/acl diff --git a/cdist/conf/type/__acl/gencode-remote b/cdist/conf/type/__acl/gencode-remote index 6dab4d09..f4f0d1e2 100755 --- a/cdist/conf/type/__acl/gencode-remote +++ b/cdist/conf/type/__acl/gencode-remote @@ -28,7 +28,10 @@ acl_path="/$__object_id" acl_is="$( cat "$__object/explorer/acl_is" )" -if [ -f "$__object/parameter/acl" ] +if [ -f "$__object/parameter/entry" ] +then + acl_should="$( cat "$__object/parameter/entry" )" +elif [ -f "$__object/parameter/acl" ] then acl_should="$( cat "$__object/parameter/acl" )" elif diff --git a/cdist/conf/type/__acl/man.rst b/cdist/conf/type/__acl/man.rst index 85e946ce..c3493e49 100644 --- a/cdist/conf/type/__acl/man.rst +++ b/cdist/conf/type/__acl/man.rst @@ -15,7 +15,7 @@ See ``setfacl`` and ``acl`` manpages for more details. REQUIRED MULTIPLE PARAMETERS ---------------------------- -acl +entry Set ACL entry following ``getfacl`` output syntax. @@ -36,8 +36,8 @@ remove DEPRECATED PARAMETERS --------------------- -Parameters ``user``, ``group``, ``mask`` and ``other`` are deprecated and they -will be removed in future versions. Please use ``acl`` parameter instead. +Parameters ``acl``, ``user``, ``group``, ``mask`` and ``other`` are deprecated and they +will be removed in future versions. Please use ``entry`` parameter instead. EXAMPLES @@ -49,27 +49,27 @@ EXAMPLES --default \ --recursive \ --remove \ - --acl user:alice:rwx \ - --acl user:bob:r-x \ - --acl group:project-group:rwx \ - --acl group:some-other-group:r-x \ - --acl mask::r-x \ - --acl other::r-x + --entry user:alice:rwx \ + --entry user:bob:r-x \ + --entry group:project-group:rwx \ + --entry group:some-other-group:r-x \ + --entry mask::r-x \ + --entry other::r-x # give Alice read-only access to subdir, # but don't allow her to see parent content. __acl /srv/project2 \ --remove \ - --acl default:group:secret-project:rwx \ - --acl group:secret-project:rwx \ - --acl user:alice:--x + --entry default:group:secret-project:rwx \ + --entry group:secret-project:rwx \ + --entry user:alice:--x __acl /srv/project2/subdir \ --default \ --remove \ - --acl group:secret-project:rwx \ - --acl user:alice:r-x + --entry group:secret-project:rwx \ + --entry user:alice:r-x AUTHORS diff --git a/cdist/conf/type/__acl/parameter/deprecated/acl b/cdist/conf/type/__acl/parameter/deprecated/acl new file mode 100644 index 00000000..94e14159 --- /dev/null +++ b/cdist/conf/type/__acl/parameter/deprecated/acl @@ -0,0 +1 @@ +see manual for details diff --git a/cdist/conf/type/__acl/parameter/optional_multiple b/cdist/conf/type/__acl/parameter/optional_multiple index 95c25d55..c615d507 100644 --- a/cdist/conf/type/__acl/parameter/optional_multiple +++ b/cdist/conf/type/__acl/parameter/optional_multiple @@ -1,3 +1,4 @@ +entry acl user group From 51ba4a49d8ec79968f79563f994489c619f10bac Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sat, 4 Jan 2020 18:21:23 +0100 Subject: [PATCH 05/30] ++changelog --- docs/changelog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/changelog b/docs/changelog index 706d76af..a7bcf9b1 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,6 +1,9 @@ Changelog --------- +next: + * Type __acl: Add --entry parameter to replace --acl, deprecate --acl (Ander Punnar) + 6.4.0: 2020-01-04 * Type __consul_agent: Don't deploy init script on Alpine anymore, it ships with one itself (Nico Schottelius) * Type __install_chroot_umount: Bugfix: type was not using __chroot_umount/manifest (Steven Armstrong) From 11f569959d6e331d4d5052ca73fb5d83bf9df8e7 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sat, 11 Jan 2020 14:16:33 +0100 Subject: [PATCH 06/30] Fix missing configuration file usage, support -g PreOS code did not use configuration support. This fix adds support for using cdist configuration, which takes into account cdist configuration file, environment variables and command line options, especially conf_dir. It also adds support for -g, --config-file option, for specifying custom configuration file. --- cdist/preos.py | 24 +++++++++++------------- docs/changelog | 1 + docs/src/man1/cdist.rst | 7 ++++++- 3 files changed, 18 insertions(+), 14 deletions(-) diff --git a/cdist/preos.py b/cdist/preos.py index 378071db..491338d2 100644 --- a/cdist/preos.py +++ b/cdist/preos.py @@ -5,8 +5,9 @@ import inspect import argparse import cdist import logging -import re import cdist.argparse +import cdist.configuration +import cdist.exec.util as util _PREOS_CALL = "commandline" @@ -24,16 +25,6 @@ def extend_plugins_path(dirs): _PLUGINS_PATH.append(preos_dir) -cdist_home = cdist.home_dir() -if cdist_home: - extend_plugins_path((cdist_home, )) -x = 'CDIST_PATH' -if x in os.environ: - vals = re.split(r'(? Date: Sat, 11 Jan 2020 15:26:46 +0100 Subject: [PATCH 07/30] Info command: support tilde expansion --- cdist/exec/util.py | 7 +++++++ cdist/info.py | 8 +++----- cdist/preos.py | 7 ++----- docs/changelog | 1 + 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/cdist/exec/util.py b/cdist/exec/util.py index 5513f01d..9787f431 100644 --- a/cdist/exec/util.py +++ b/cdist/exec/util.py @@ -24,6 +24,7 @@ import os from tempfile import TemporaryFile import cdist +import cdist.configuration # IMPORTANT: @@ -200,3 +201,9 @@ def resolve_conf_dirs(configuration, add_conf_dirs): conf_dirs.extend(add_conf_dirs) conf_dirs = set(conf_dirs) return conf_dirs + + +def resolve_conf_dirs_from_config_and_args(args): + cfg = cdist.configuration.Configuration(args) + configuration = cfg.get_config(section='GLOBAL') + return resolve_conf_dirs(configuration, args.conf_dir) diff --git a/cdist/info.py b/cdist/info.py index 4c1d3560..b896a3d1 100644 --- a/cdist/info.py +++ b/cdist/info.py @@ -53,10 +53,7 @@ class Info(object): @classmethod def commandline(cls, args): - cfg = cdist.configuration.Configuration(args) - configuration = cfg.get_config(section='GLOBAL') - conf_dirs = util.resolve_conf_dirs(configuration, - args.conf_dir) + conf_dirs = util.resolve_conf_dirs_from_config_and_args(args) c = cls(conf_dirs, args) c.run() @@ -170,7 +167,8 @@ class Info(object): def run(self): rv = [] - for conf_path in self.conf_dirs: + for cp in self.conf_dirs: + conf_path = os.path.expanduser(cp) if self.all or self.display_global_explorers: rv.extend((x, 'E', ) for x in self._get_global_explorers( conf_path)) diff --git a/cdist/preos.py b/cdist/preos.py index 491338d2..e353fe3b 100644 --- a/cdist/preos.py +++ b/cdist/preos.py @@ -101,13 +101,10 @@ class PreOS(object): action='store_true', default=False) parser.add_argument('remainder_args', nargs=argparse.REMAINDER) args = parser.parse_args(argv[1:]) - cdist.argparse.handle_loglevel(args) + st.argparse.handle_loglevel(args) log.debug("preos args : {}".format(args)) - cfg = cdist.configuration.Configuration(args) - configuration = cfg.get_config(section='GLOBAL') - conf_dirs = util.resolve_conf_dirs(configuration, - args.conf_dir) + conf_dirs = util.resolve_conf_dirs_from_config_and_args(args) extend_plugins_path(conf_dirs) sys.path.extend(_PLUGINS_PATH) diff --git a/docs/changelog b/docs/changelog index 1b1a909e..526fc320 100644 --- a/docs/changelog +++ b/docs/changelog @@ -4,6 +4,7 @@ Changelog next: * Type __acl: Add --entry parameter to replace --acl, deprecate --acl (Ander Punnar) * Core: preos: Fix missing configuration file usage, support -g, --config-file option (Darko Poljak) + * Core info command: Support tilde expansion of conf directories (Darko Poljak) 6.4.0: 2020-01-04 * Type __consul_agent: Don't deploy init script on Alpine anymore, it ships with one itself (Nico Schottelius) From 3258fc98e15fedbd98e17f7d0b568a38b8da139c Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sun, 12 Jan 2020 12:19:49 +0100 Subject: [PATCH 08/30] Fix typo --- cdist/preos.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/preos.py b/cdist/preos.py index e353fe3b..bf2a8e60 100644 --- a/cdist/preos.py +++ b/cdist/preos.py @@ -101,7 +101,7 @@ class PreOS(object): action='store_true', default=False) parser.add_argument('remainder_args', nargs=argparse.REMAINDER) args = parser.parse_args(argv[1:]) - st.argparse.handle_loglevel(args) + cdist.argparse.handle_loglevel(args) log.debug("preos args : {}".format(args)) conf_dirs = util.resolve_conf_dirs_from_config_and_args(args) From 93ec4b46aab9cd61d66cb375fcf7a2599c5ef9bb Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Wed, 15 Jan 2020 17:23:13 +0100 Subject: [PATCH 09/30] [__line] Ensure the line is only added once --- cdist/conf/type/__line/explorer/state | 22 +++++++++++----------- cdist/conf/type/__line/gencode-remote | 3 +++ 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/cdist/conf/type/__line/explorer/state b/cdist/conf/type/__line/explorer/state index 2ef252c8..9c0dd1b2 100755 --- a/cdist/conf/type/__line/explorer/state +++ b/cdist/conf/type/__line/explorer/state @@ -18,6 +18,17 @@ # along with cdist. If not, see . # +if [ -f "$__object/parameter/file" ]; then + file="$(cat "$__object/parameter/file")" +else + file="/$__object_id" +fi + +if [ ! -f "$file" ]; then + echo "file_missing" + exit 0 +fi + if [ -f "$__object/parameter/before" ]; then position="before" elif [ -f "$__object/parameter/after" ]; then @@ -33,17 +44,6 @@ else needle="line" fi -if [ -f "$__object/parameter/file" ]; then - file="$(cat "$__object/parameter/file")" -else - file="/$__object_id" -fi - -if [ ! -f "$file" ]; then - echo "file_missing" - exit 0 -fi - awk -v position="$position" -v needle="$needle" ' function _find(_text, _pattern) { if (needle == "regex") { diff --git a/cdist/conf/type/__line/gencode-remote b/cdist/conf/type/__line/gencode-remote index 03e90c1b..0dd8609a 100755 --- a/cdist/conf/type/__line/gencode-remote +++ b/cdist/conf/type/__line/gencode-remote @@ -1,6 +1,7 @@ #!/bin/sh -e # # 2018 Steven Armstrong (steven-cdist at armstrong.cc) +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -104,10 +105,12 @@ BEGIN { if (anchor && match(\$0, anchor)) { if (position == "before") { print line + add = 0 print } else if (position == "after") { print print line + add = 0 } next } From 629d0795c80bdf8af83a71712c643275be0799f1 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Wed, 15 Jan 2020 17:23:26 +0100 Subject: [PATCH 10/30] [__line] Always add line to end if anchor is not found --- cdist/conf/type/__line/gencode-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__line/gencode-remote b/cdist/conf/type/__line/gencode-remote index 0dd8609a..c8c90c38 100755 --- a/cdist/conf/type/__line/gencode-remote +++ b/cdist/conf/type/__line/gencode-remote @@ -118,7 +118,7 @@ BEGIN { print } END { - if (add && position == "end") { + if (add) { print line } } From 4cdb8aaa03d07aa72de8dd5961844699ad5888bd Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Wed, 15 Jan 2020 17:39:21 +0100 Subject: [PATCH 11/30] [__line/state] Make sure the index match is at the beginning Without the == 1 all lines which contain --line as a substring match. e.g. if --line is "line" and the file contains the line "wrong line" this was considered a match. --- cdist/conf/type/__line/explorer/state | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__line/explorer/state b/cdist/conf/type/__line/explorer/state index 9c0dd1b2..28ec35e2 100755 --- a/cdist/conf/type/__line/explorer/state +++ b/cdist/conf/type/__line/explorer/state @@ -49,7 +49,7 @@ function _find(_text, _pattern) { if (needle == "regex") { return match(_text, _pattern) } else { - return index(_text, _pattern) + return index(_text, _pattern) == 1 } } BEGIN { From 51b1b11cc21e257acbce420ecfcd48ec37e66705 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Wed, 15 Jan 2020 17:54:40 +0100 Subject: [PATCH 12/30] [__line/state] Logic fixes in explorer This commit fixes the incorrectly reported state "wrongposition" if position is "after" and anchor is present in the file but the line missing. --- cdist/conf/type/__line/explorer/state | 41 +++++++++++++++------------ 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/cdist/conf/type/__line/explorer/state b/cdist/conf/type/__line/explorer/state index 28ec35e2..6ff0a798 100755 --- a/cdist/conf/type/__line/explorer/state +++ b/cdist/conf/type/__line/explorer/state @@ -1,6 +1,7 @@ #!/bin/sh -e # # 2018 Steven Armstrong (steven-cdist at armstrong.cc) +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -19,7 +20,7 @@ # if [ -f "$__object/parameter/file" ]; then - file="$(cat "$__object/parameter/file")" + file=$(cat "$__object/parameter/file") else file="/$__object_id" fi @@ -55,41 +56,45 @@ function _find(_text, _pattern) { BEGIN { getline anchor < (ENVIRON["__object"] "/parameter/" position) getline pattern < (ENVIRON["__object"] "/parameter/" needle) - state = "absent" + + found_line = 0 + correct_pos = (position != "after" && position != "before") } { if (position == "after") { if (match($0, anchor)) { getline if (_find($0, pattern)) { - state = "present" + found_line++ + correct_pos = 1 + exit 0 } - else { - state = "wrongposition" - } - exit 0 + } else if (_find($0, pattern)) { + found_line++ } - } - else if (position == "before") { + } else if (position == "before") { if (_find($0, pattern)) { + found_line++ getline if (match($0, anchor)) { - state = "present" + correct_pos = 1 + exit 0 } - else { - state = "wrongposition" - } - exit 0 } - } - else { + } else { if (_find($0, pattern)) { - state = "present" + found_line++ exit 0 } } } END { - print state + if (found_line && correct_pos) { + print "present" + } else if (found_line) { + print "wrongposition" + } else { + print "absent" + } } ' "$file" From cd2d5b3f79d1e3ea8545b67096d67d6ceda763e6 Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Wed, 15 Jan 2020 19:24:21 +0200 Subject: [PATCH 13/30] __apt_unattended_upgrades: all objects depend on package --- cdist/conf/type/__apt_unattended_upgrades/manifest | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/cdist/conf/type/__apt_unattended_upgrades/manifest b/cdist/conf/type/__apt_unattended_upgrades/manifest index 88a5ccd8..811e79a6 100755 --- a/cdist/conf/type/__apt_unattended_upgrades/manifest +++ b/cdist/conf/type/__apt_unattended_upgrades/manifest @@ -20,16 +20,17 @@ __package unattended-upgrades +export require='__package/unattended-upgrades' + # in normal circumstances 20auto-upgrades is managed # by debconf and it can only contain these lines # https://wiki.debian.org/UnattendedUpgrades -require='__package/unattended-upgrades' \ - __file /etc/apt/apt.conf.d/20auto-upgrades \ - --owner root \ - --group root \ - --mode 644 \ - --source - << EOF +__file /etc/apt/apt.conf.d/20auto-upgrades \ + --owner root \ + --group root \ + --mode 644 \ + --source - << EOF APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1"; EOF From 68e5502fce3d3ae043ae0792a14abd1970834d36 Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Wed, 15 Jan 2020 19:27:02 +0200 Subject: [PATCH 14/30] __apt_unattended_upgrades: move debian wiki link to manual --- cdist/conf/type/__apt_unattended_upgrades/man.rst | 2 ++ cdist/conf/type/__apt_unattended_upgrades/manifest | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/cdist/conf/type/__apt_unattended_upgrades/man.rst b/cdist/conf/type/__apt_unattended_upgrades/man.rst index d64b2e9e..f75c6513 100644 --- a/cdist/conf/type/__apt_unattended_upgrades/man.rst +++ b/cdist/conf/type/__apt_unattended_upgrades/man.rst @@ -11,6 +11,8 @@ DESCRIPTION Install and configure unattended-upgrades package. +For more information see https://wiki.debian.org/UnattendedUpgrades. + OPTIONAL PARAMETERS ------------------- diff --git a/cdist/conf/type/__apt_unattended_upgrades/manifest b/cdist/conf/type/__apt_unattended_upgrades/manifest index 811e79a6..03cc2c50 100755 --- a/cdist/conf/type/__apt_unattended_upgrades/manifest +++ b/cdist/conf/type/__apt_unattended_upgrades/manifest @@ -24,7 +24,6 @@ export require='__package/unattended-upgrades' # in normal circumstances 20auto-upgrades is managed # by debconf and it can only contain these lines -# https://wiki.debian.org/UnattendedUpgrades __file /etc/apt/apt.conf.d/20auto-upgrades \ --owner root \ From cd24a806e7be7b3300543943e8c7a5582a55d15e Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Wed, 15 Jan 2020 20:48:32 +0200 Subject: [PATCH 15/30] __apt_unattended_upgrades: rewrite manifest, add more parameters --- .../type/__apt_unattended_upgrades/manifest | 88 +++++++++++++------ .../parameter/boolean | 4 + 2 files changed, 63 insertions(+), 29 deletions(-) diff --git a/cdist/conf/type/__apt_unattended_upgrades/manifest b/cdist/conf/type/__apt_unattended_upgrades/manifest index 03cc2c50..cb99b611 100755 --- a/cdist/conf/type/__apt_unattended_upgrades/manifest +++ b/cdist/conf/type/__apt_unattended_upgrades/manifest @@ -34,39 +34,61 @@ APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1"; EOF -# lets not write into upstream 50unattended-upgrades file, -# but use our own config files to avoid clashes - -ml_conf='/etc/apt/apt.conf.d/51unattended-upgrades-mail' -bl_conf='/etc/apt/apt.conf.d/51unattended-upgrades-blacklist' +conf='# this file is managed by cdist' if [ -f "$__object/parameter/mail" ] then - mail="$( cat "$__object/parameter/mail" )" -else - mail='' + conf="$( + printf \ + '%s\nUnattended-Upgrade::Mail "%s";\n' \ + "$conf" \ + "$( cat "$__object/parameter/mail" )" + )" fi -if [ -n "$mail" ] +if [ -f "$__object/parameter/mail-on-error" ] then - if [ -f "$__object/parameter/mail-on-error" ] - then - mail_on_error='true' - else - mail_on_error='false' - fi + conf="$( + printf \ + '%s\nUnattended-Upgrade::MailOnlyOnError "true";\n' \ + "$conf" + )" +fi - __file "$ml_conf" \ - --owner root \ - --group root \ - --mode 644 \ - --source - << EOF -Unattended-Upgrade::Mail "$mail"; -Unattended-Upgrade::MailOnlyOnError "$mail_on_error"; -EOF +if [ -f "$__object/parameter/no-auto-fix" ] +then + conf="$( + printf \ + '%s\nUnattended-Upgrade::AutoFixInterruptedDpkg "false";\n' \ + "$conf" + )" +fi -else - __file "$ml_conf" --state absent +if [ -f "$__object/parameter/no-minimal-steps" ] +then + conf="$( + printf \ + '%s\nUnattended-Upgrade::MinimalSteps "false";\n' \ + "$conf" + )" +fi + +if [ -f "$__object/parameter/on-shutdown" ] +then + conf="$( + printf \ + '%s\nUnattended-Upgrade::InstallOnShutdown "true";\n' \ + "$conf" + )" +fi + +if [ -f "$__object/parameter/reboot" ] +then + conf="$( + printf \ + '%s\nUnattended-Upgrade::Automatic-Reboot "true";\n' \ + "$conf" + )" fi if [ -f "$__object/parameter/blacklist" ] @@ -79,14 +101,22 @@ then done \ < "$__object/parameter/blacklist" - bl="$( printf '%s\n}' "$bl" )" + conf="$( printf '%s\n%s\n}\n' "$conf" "$bl" )" +fi - echo "$bl" \ - | __file "$bl_conf" \ +# lets not write into upstream 50unattended-upgrades file, +# but use our own config files to avoid clashes + +conf_file='/etc/apt/apt.conf.d/51unattended-upgrades-cdist' + +if [ "$( echo "$conf" | wc -l )" -gt 1 ] +then + echo "$conf" \ + | __file "$conf_file" \ --owner root \ --group root \ --mode 644 \ --source - else - __file "$bl_conf" --state absent + __file "$conf_file" --state absent fi diff --git a/cdist/conf/type/__apt_unattended_upgrades/parameter/boolean b/cdist/conf/type/__apt_unattended_upgrades/parameter/boolean index edcaa12a..6ad9790f 100644 --- a/cdist/conf/type/__apt_unattended_upgrades/parameter/boolean +++ b/cdist/conf/type/__apt_unattended_upgrades/parameter/boolean @@ -1 +1,5 @@ mail-on-error +no-auto-fix +no-minimal-steps +on-shutdown +reboot From b3f36dbe5bc7d1e21892f765ee08dfc5d8c6a6e3 Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Wed, 15 Jan 2020 20:51:47 +0200 Subject: [PATCH 16/30] __apt_unattended_upgrades: fix typo --- cdist/conf/type/__apt_unattended_upgrades/manifest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__apt_unattended_upgrades/manifest b/cdist/conf/type/__apt_unattended_upgrades/manifest index cb99b611..04225a9b 100755 --- a/cdist/conf/type/__apt_unattended_upgrades/manifest +++ b/cdist/conf/type/__apt_unattended_upgrades/manifest @@ -105,7 +105,7 @@ then fi # lets not write into upstream 50unattended-upgrades file, -# but use our own config files to avoid clashes +# but use our own config file to avoid clashes conf_file='/etc/apt/apt.conf.d/51unattended-upgrades-cdist' From 5a9a1ba57fc45df63cff123a42905360c3a7bddb Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Wed, 15 Jan 2020 22:00:56 +0100 Subject: [PATCH 17/30] [__line] Produce error when file does not exist --- cdist/conf/type/__line/explorer/state | 5 +---- cdist/conf/type/__line/gencode-remote | 17 +++++++++++------ 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/cdist/conf/type/__line/explorer/state b/cdist/conf/type/__line/explorer/state index 6ff0a798..e8fc3630 100755 --- a/cdist/conf/type/__line/explorer/state +++ b/cdist/conf/type/__line/explorer/state @@ -25,10 +25,7 @@ else file="/$__object_id" fi -if [ ! -f "$file" ]; then - echo "file_missing" - exit 0 -fi +[ -f "$file" ] || exit 0 if [ -f "$__object/parameter/before" ]; then position="before" diff --git a/cdist/conf/type/__line/gencode-remote b/cdist/conf/type/__line/gencode-remote index c8c90c38..88cae68b 100755 --- a/cdist/conf/type/__line/gencode-remote +++ b/cdist/conf/type/__line/gencode-remote @@ -24,9 +24,20 @@ if [ -f "$__object/parameter/before" ] && [ -f "$__object/parameter/after" ]; th exit 1 fi +if [ -f "$__object/parameter/file" ]; then + file="$(cat "$__object/parameter/file")" +else + file="/$__object_id" +fi + state_should="$(cat "$__object/parameter/state")" state_is="$(cat "$__object/explorer/state")" +if [ -z "$state_is" ]; then + printf 'The file "%s" is missing. Please create it before using %s on it.\n' "$file" "${__type##*/}" >&2 + exit 1 +fi + if [ "$state_should" = "$state_is" ]; then # nothing to do exit 0 @@ -47,12 +58,6 @@ else needle="line" fi -if [ -f "$__object/parameter/file" ]; then - file="$(cat "$__object/parameter/file")" -else - file="/$__object_id" -fi - add=0 remove=0 case "$state_should" in From f5f70671cb3e4ca8b2d5e2a0e66a1847f05ef4bf Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Thu, 16 Jan 2020 00:59:03 +0200 Subject: [PATCH 18/30] __apt_unattended_upgrades: make parameters more speaking --- cdist/conf/type/__apt_unattended_upgrades/manifest | 8 ++++---- .../conf/type/__apt_unattended_upgrades/parameter/boolean | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cdist/conf/type/__apt_unattended_upgrades/manifest b/cdist/conf/type/__apt_unattended_upgrades/manifest index 04225a9b..094dfa1c 100755 --- a/cdist/conf/type/__apt_unattended_upgrades/manifest +++ b/cdist/conf/type/__apt_unattended_upgrades/manifest @@ -46,7 +46,7 @@ then )" fi -if [ -f "$__object/parameter/mail-on-error" ] +if [ -f "$__object/parameter/mail-only-on-error" ] then conf="$( printf \ @@ -55,7 +55,7 @@ then )" fi -if [ -f "$__object/parameter/no-auto-fix" ] +if [ -f "$__object/parameter/no-auto-fix-interrupted-dpkg" ] then conf="$( printf \ @@ -73,7 +73,7 @@ then )" fi -if [ -f "$__object/parameter/on-shutdown" ] +if [ -f "$__object/parameter/install-on-shutdown" ] then conf="$( printf \ @@ -82,7 +82,7 @@ then )" fi -if [ -f "$__object/parameter/reboot" ] +if [ -f "$__object/parameter/automatic-reboot" ] then conf="$( printf \ diff --git a/cdist/conf/type/__apt_unattended_upgrades/parameter/boolean b/cdist/conf/type/__apt_unattended_upgrades/parameter/boolean index 6ad9790f..831dc95c 100644 --- a/cdist/conf/type/__apt_unattended_upgrades/parameter/boolean +++ b/cdist/conf/type/__apt_unattended_upgrades/parameter/boolean @@ -1,5 +1,5 @@ -mail-on-error -no-auto-fix +mail-only-on-error +no-auto-fix-interrupted-dpkg no-minimal-steps -on-shutdown -reboot +install-on-shutdown +automatic-reboot From 6fa0d687f7bdf3ba1e6a032118553d90ceba0b22 Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Thu, 16 Jan 2020 01:13:27 +0200 Subject: [PATCH 19/30] __apt_unattended_upgrades: alternative approach --- .../type/__apt_unattended_upgrades/manifest | 100 ++++++------------ .../parameter/boolean | 5 - .../parameter/optional | 1 - .../parameter/optional_multiple | 1 + 4 files changed, 31 insertions(+), 76 deletions(-) delete mode 100644 cdist/conf/type/__apt_unattended_upgrades/parameter/boolean delete mode 100644 cdist/conf/type/__apt_unattended_upgrades/parameter/optional diff --git a/cdist/conf/type/__apt_unattended_upgrades/manifest b/cdist/conf/type/__apt_unattended_upgrades/manifest index 094dfa1c..2f8f6e76 100755 --- a/cdist/conf/type/__apt_unattended_upgrades/manifest +++ b/cdist/conf/type/__apt_unattended_upgrades/manifest @@ -34,81 +34,41 @@ APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1"; EOF -conf='# this file is managed by cdist' - -if [ -f "$__object/parameter/mail" ] -then - conf="$( - printf \ - '%s\nUnattended-Upgrade::Mail "%s";\n' \ - "$conf" \ - "$( cat "$__object/parameter/mail" )" - )" -fi - -if [ -f "$__object/parameter/mail-only-on-error" ] -then - conf="$( - printf \ - '%s\nUnattended-Upgrade::MailOnlyOnError "true";\n' \ - "$conf" - )" -fi - -if [ -f "$__object/parameter/no-auto-fix-interrupted-dpkg" ] -then - conf="$( - printf \ - '%s\nUnattended-Upgrade::AutoFixInterruptedDpkg "false";\n' \ - "$conf" - )" -fi - -if [ -f "$__object/parameter/no-minimal-steps" ] -then - conf="$( - printf \ - '%s\nUnattended-Upgrade::MinimalSteps "false";\n' \ - "$conf" - )" -fi - -if [ -f "$__object/parameter/install-on-shutdown" ] -then - conf="$( - printf \ - '%s\nUnattended-Upgrade::InstallOnShutdown "true";\n' \ - "$conf" - )" -fi - -if [ -f "$__object/parameter/automatic-reboot" ] -then - conf="$( - printf \ - '%s\nUnattended-Upgrade::Automatic-Reboot "true";\n' \ - "$conf" - )" -fi - -if [ -f "$__object/parameter/blacklist" ] -then - bl='Unattended-Upgrade::Package-Blacklist {'; - - while read -r l - do - bl="$( printf '%s\n"%s";\n' "$bl" "$l" )" - done \ - < "$__object/parameter/blacklist" - - conf="$( printf '%s\n%s\n}\n' "$conf" "$bl" )" -fi - # lets not write into upstream 50unattended-upgrades file, # but use our own config file to avoid clashes conf_file='/etc/apt/apt.conf.d/51unattended-upgrades-cdist' +conf='# this file is managed by cdist' + +if [ -f "$__object/parameter/option" ] +then + o='' + + while read -r l + do + k="$( echo "$l" | awk -F= '{print $1}' )" + v="$( echo "$l" | awk -F= '{print $2}' )" + o="$( printf '%s\nUnattended-Upgrade::%s "%s";\n' "$o" "$k" "$v" )" + done \ + < "$__object/parameter/option" + + conf="$( printf '%s\n%s\n' "$conf" "$o" )" +fi + +if [ -f "$__object/parameter/blacklist" ] +then + b='Unattended-Upgrade::Package-Blacklist {' + + while read -r l + do + b="$( printf '%s\n"%s";\n' "$b" "$l" )" + done \ + < "$__object/parameter/blacklist" + + conf="$( printf '%s\n%s\n}\n' "$conf" "$b" )" +fi + if [ "$( echo "$conf" | wc -l )" -gt 1 ] then echo "$conf" \ diff --git a/cdist/conf/type/__apt_unattended_upgrades/parameter/boolean b/cdist/conf/type/__apt_unattended_upgrades/parameter/boolean deleted file mode 100644 index 831dc95c..00000000 --- a/cdist/conf/type/__apt_unattended_upgrades/parameter/boolean +++ /dev/null @@ -1,5 +0,0 @@ -mail-only-on-error -no-auto-fix-interrupted-dpkg -no-minimal-steps -install-on-shutdown -automatic-reboot diff --git a/cdist/conf/type/__apt_unattended_upgrades/parameter/optional b/cdist/conf/type/__apt_unattended_upgrades/parameter/optional deleted file mode 100644 index fa7963cc..00000000 --- a/cdist/conf/type/__apt_unattended_upgrades/parameter/optional +++ /dev/null @@ -1 +0,0 @@ -mail diff --git a/cdist/conf/type/__apt_unattended_upgrades/parameter/optional_multiple b/cdist/conf/type/__apt_unattended_upgrades/parameter/optional_multiple index 27b9ffc9..ea4fba2b 100644 --- a/cdist/conf/type/__apt_unattended_upgrades/parameter/optional_multiple +++ b/cdist/conf/type/__apt_unattended_upgrades/parameter/optional_multiple @@ -1 +1,2 @@ +option blacklist From ef2f4b9a004369cc390f1271721bc22d6a44f402 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Fri, 17 Jan 2020 11:21:28 +0100 Subject: [PATCH 20/30] __postgres_*: fix forgotten edge cases in delimited identifier escape --- cdist/conf/type/__postgres_database/gencode-remote | 8 ++++++-- cdist/conf/type/__postgres_role/gencode-remote | 10 ++++++---- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/cdist/conf/type/__postgres_database/gencode-remote b/cdist/conf/type/__postgres_database/gencode-remote index 9f12d215..47e6b97c 100755 --- a/cdist/conf/type/__postgres_database/gencode-remote +++ b/cdist/conf/type/__postgres_database/gencode-remote @@ -43,10 +43,14 @@ if [ "$state_should" != "$state_is" ]; then if [ -f "$__object/parameter/owner" ]; then owner="-O \"$(cat "$__object/parameter/owner")\"" fi - echo "su - '$postgres_user' -c \"createdb $owner \"$name\"\"" + cat << EOF +su - '$postgres_user' -c "createdb $owner \"$name\"" +EOF ;; absent) - echo "su - '$postgres_user' -c \"dropdb \"$name\"\"" + cat << EOF +su - '$postgres_user' -c "dropdb \"$name\"" +EOF ;; esac fi diff --git a/cdist/conf/type/__postgres_role/gencode-remote b/cdist/conf/type/__postgres_role/gencode-remote index 0b8852f4..977832c9 100755 --- a/cdist/conf/type/__postgres_role/gencode-remote +++ b/cdist/conf/type/__postgres_role/gencode-remote @@ -53,11 +53,13 @@ case "$state_should" in done [ -n "$password" ] && password="PASSWORD '$password'" - - cmd="CREATE ROLE \"$name\" WITH $password $booleans" - echo "su - '$postgres_user' -c \"psql postgres -wc \\\"$cmd\\\"\"" + cat << EOF +su - '$postgres_user' -c "psql postgres -wc 'CREATE ROLE \"$name\" WITH $password $booleans;'" +EOF ;; absent) - echo "su - '$postgres_user' -c \"dropuser \\\"$name\\\"\"" + cat << EOF +su - '$postgres_user' -c "dropuser \"$name\"" +EOF ;; esac From 6097cd9e90341146948886a9480cd0b70ee9e60f Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Fri, 17 Jan 2020 14:41:00 +0200 Subject: [PATCH 21/30] __apt_unattended_upgrades: use word expansions --- cdist/conf/type/__apt_unattended_upgrades/manifest | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/cdist/conf/type/__apt_unattended_upgrades/manifest b/cdist/conf/type/__apt_unattended_upgrades/manifest index 2f8f6e76..3c00e2f4 100755 --- a/cdist/conf/type/__apt_unattended_upgrades/manifest +++ b/cdist/conf/type/__apt_unattended_upgrades/manifest @@ -47,9 +47,7 @@ then while read -r l do - k="$( echo "$l" | awk -F= '{print $1}' )" - v="$( echo "$l" | awk -F= '{print $2}' )" - o="$( printf '%s\nUnattended-Upgrade::%s "%s";\n' "$o" "$k" "$v" )" + o="$( printf '%s\nUnattended-Upgrade::%s "%s";\n' "$o" "${l%%=*}" "${l#*=}" )" done \ < "$__object/parameter/option" From 65c5b592a590f3f4f8b31a1b7c32b2a98354d054 Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Fri, 17 Jan 2020 14:48:54 +0200 Subject: [PATCH 22/30] __apt_unattended_upgrades: update manual --- .../type/__apt_unattended_upgrades/man.rst | 40 ++++++++++++------- 1 file changed, 26 insertions(+), 14 deletions(-) diff --git a/cdist/conf/type/__apt_unattended_upgrades/man.rst b/cdist/conf/type/__apt_unattended_upgrades/man.rst index f75c6513..2231b5f9 100644 --- a/cdist/conf/type/__apt_unattended_upgrades/man.rst +++ b/cdist/conf/type/__apt_unattended_upgrades/man.rst @@ -14,35 +14,47 @@ Install and configure unattended-upgrades package. For more information see https://wiki.debian.org/UnattendedUpgrades. -OPTIONAL PARAMETERS -------------------- -mail - Send email to this address for problems or packages upgrades. - - OPTIONAL MULTIPLE PARAMETERS ---------------------------- +option + Set options for unattended-upgrades. See examples. + + Supported options with default values (as of 2020-01-17) are: + + - AutoFixInterruptedDpkg, default is "true" + - MinimalSteps, default is "true" + - InstallOnShutdown, default is "false" + - Mail, default is "" (empty) + - MailOnlyOnError, default is "false" + - Remove-Unused-Kernel-Packages, default is "true" + - Remove-New-Unused-Dependencies, default is "true" + - Remove-Unused-Dependencies, default is "false" + - Automatic-Reboot, default is "false" + - Automatic-Reboot-WithUsers, default is "true" + - Automatic-Reboot-Time, default is "02:00" + - SyslogEnable, default is "false" + - SyslogFacility, default is "daemon" + - OnlyOnACPower, default is "true" + - Skip-Updates-On-Metered-Connections, default is "true" + - Verbose, default is "false" + - Debug, default is "false" + blacklist Python regular expressions, matching packages to exclude from upgrading. -BOOLEAN PARAMETERS ------------------- -mail-on-error - Get emails only on errors. - - EXAMPLES -------- .. code-block:: sh __apt_unattended_upgrades \ - --mail root \ - --mail-on-error \ + --option Mail=root \ + --option MailOnlyOnError=true \ --blacklist multipath-tools \ --blacklist open-iscsi + AUTHORS ------- Ander Punnar From e292c9f1245a59cda5c721d4ce4e201ce9799349 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Fri, 17 Jan 2020 15:48:59 +0100 Subject: [PATCH 23/30] ++changelog --- docs/changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/changelog b/docs/changelog index 526fc320..bc251d64 100644 --- a/docs/changelog +++ b/docs/changelog @@ -5,6 +5,8 @@ next: * Type __acl: Add --entry parameter to replace --acl, deprecate --acl (Ander Punnar) * Core: preos: Fix missing configuration file usage, support -g, --config-file option (Darko Poljak) * Core info command: Support tilde expansion of conf directories (Darko Poljak) + * Types __postgres_*: Fix edge cases in quoted identifiers (Timothée Floure) + * New type: __apt_unattended_upgrades (Ander Punnar) 6.4.0: 2020-01-04 * Type __consul_agent: Don't deploy init script on Alpine anymore, it ships with one itself (Nico Schottelius) From 45890cc7e43577252e8560ca70611a88e9936ffa Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Fri, 17 Jan 2020 18:14:49 +0100 Subject: [PATCH 24/30] ++changelog --- docs/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/changelog b/docs/changelog index bc251d64..ccaf848f 100644 --- a/docs/changelog +++ b/docs/changelog @@ -7,6 +7,12 @@ next: * Core info command: Support tilde expansion of conf directories (Darko Poljak) * Types __postgres_*: Fix edge cases in quoted identifiers (Timothée Floure) * New type: __apt_unattended_upgrades (Ander Punnar) + * Type __line: Bugfixes: (Dennis Camera) + - ensure the line is only added once + - always add line to end if anchor is not found + - match line at the beginning when not regex + - fix incorrect 'wrongposition' in state explorer + - produce error when file does not exist 6.4.0: 2020-01-04 * Type __consul_agent: Don't deploy init script on Alpine anymore, it ships with one itself (Nico Schottelius) From e1ac97b6a5b10d29b7b9bd70c5adea7e9c33b2e9 Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Sun, 19 Jan 2020 14:02:00 +0200 Subject: [PATCH 25/30] __acl: add --source --- cdist/conf/type/__acl/gencode-remote | 12 +++++++++++- cdist/conf/type/__acl/man.rst | 12 ++++++++++++ cdist/conf/type/__acl/parameter/optional | 1 + 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/cdist/conf/type/__acl/gencode-remote b/cdist/conf/type/__acl/gencode-remote index f4f0d1e2..70a46af5 100755 --- a/cdist/conf/type/__acl/gencode-remote +++ b/cdist/conf/type/__acl/gencode-remote @@ -28,7 +28,17 @@ acl_path="/$__object_id" acl_is="$( cat "$__object/explorer/acl_is" )" -if [ -f "$__object/parameter/entry" ] +if [ -f "$__object/parameter/source" ] +then + acl_source="$( cat "$__object/parameter/source" )" + + if [ "$acl_source" = '-' ] + then + acl_should="$( cat "$__object/stdin" )" + else + acl_should="$( grep -Ev '^#|^$' "$acl_source" )" + fi +elif [ -f "$__object/parameter/entry" ] then acl_should="$( cat "$__object/parameter/entry" )" elif [ -f "$__object/parameter/acl" ] diff --git a/cdist/conf/type/__acl/man.rst b/cdist/conf/type/__acl/man.rst index c3493e49..e7ef9579 100644 --- a/cdist/conf/type/__acl/man.rst +++ b/cdist/conf/type/__acl/man.rst @@ -19,6 +19,14 @@ entry Set ACL entry following ``getfacl`` output syntax. +OPTIONAL PARAMETERS +------------------- +source + Read ACL entries from stdin or file. + Ordering of entries is not important. + When reading from file, comments and empty lines are ignored. + + BOOLEAN PARAMETERS ------------------ default @@ -71,6 +79,10 @@ EXAMPLES --entry group:secret-project:rwx \ --entry user:alice:r-x + # read acl from stdin + echo 'user:alice:rwx' \ + | __acl /path/to/directory --source - + AUTHORS ------- diff --git a/cdist/conf/type/__acl/parameter/optional b/cdist/conf/type/__acl/parameter/optional index 4b32086b..12edcccb 100644 --- a/cdist/conf/type/__acl/parameter/optional +++ b/cdist/conf/type/__acl/parameter/optional @@ -1,2 +1,3 @@ mask other +source From 5089f9055ecb0b826942c8f947eb26f9ef397aaa Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sun, 19 Jan 2020 19:41:26 +0100 Subject: [PATCH 26/30] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index ccaf848f..3f240e5a 100644 --- a/docs/changelog +++ b/docs/changelog @@ -13,6 +13,7 @@ next: - match line at the beginning when not regex - fix incorrect 'wrongposition' in state explorer - produce error when file does not exist + * Type __acl: Add --source parameter (Ander Punnar) 6.4.0: 2020-01-04 * Type __consul_agent: Don't deploy init script on Alpine anymore, it ships with one itself (Nico Schottelius) From 1fbd2fc2bdf76697dd50808cd3927d15f6b8bc5c Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Sun, 19 Jan 2020 22:51:40 +0200 Subject: [PATCH 27/30] __acl: add --file and --directory for convenience --- cdist/conf/type/__acl/gencode-remote | 8 +++++++- cdist/conf/type/__acl/man.rst | 13 +++++++++++++ cdist/conf/type/__acl/manifest | 11 +++++++++++ cdist/conf/type/__acl/parameter/optional | 2 ++ 4 files changed, 33 insertions(+), 1 deletion(-) create mode 100755 cdist/conf/type/__acl/manifest diff --git a/cdist/conf/type/__acl/gencode-remote b/cdist/conf/type/__acl/gencode-remote index 70a46af5..e5404a9d 100755 --- a/cdist/conf/type/__acl/gencode-remote +++ b/cdist/conf/type/__acl/gencode-remote @@ -20,7 +20,13 @@ file_is="$( cat "$__object/explorer/file_is" )" -[ "$file_is" = 'missing' ] && [ -z "$__cdist_dry_run" ] && exit 0 +if [ "$file_is" = 'missing' ] \ + && [ -z "$__cdist_dry_run" ] \ + && \( [ ! -f "$__object/parameter/file" ] \ + || [ ! -f "$__object/parameter/directory" ] \) +then + exit 0 +fi os="$( cat "$__global/explorer/os" )" diff --git a/cdist/conf/type/__acl/man.rst b/cdist/conf/type/__acl/man.rst index e7ef9579..28412871 100644 --- a/cdist/conf/type/__acl/man.rst +++ b/cdist/conf/type/__acl/man.rst @@ -26,6 +26,12 @@ source Ordering of entries is not important. When reading from file, comments and empty lines are ignored. +file + Create/change file with ``__file`` using ``user:group:mode`` pattern. + +directory + Create/change directory with ``__directory`` using ``user:group:mode`` pattern. + BOOLEAN PARAMETERS ------------------ @@ -83,6 +89,13 @@ EXAMPLES echo 'user:alice:rwx' \ | __acl /path/to/directory --source - + # create/change directory too + __acl /path/to/directory \ + --default \ + --remove \ + --directory root:root:770 \ + --entry user:nobody:rwx + AUTHORS ------- diff --git a/cdist/conf/type/__acl/manifest b/cdist/conf/type/__acl/manifest new file mode 100755 index 00000000..5fd23110 --- /dev/null +++ b/cdist/conf/type/__acl/manifest @@ -0,0 +1,11 @@ +#!/bin/sh -e + +for p in file directory +do + [ ! -f "$__object/parameter/$p" ] && continue + + "__$p" "/$__object_id" \ + --owner "$( awk -F: '{print $1}' "$__object/parameter/$p" )" \ + --group "$( awk -F: '{print $2}' "$__object/parameter/$p" )" \ + --mode "$( awk -F: '{print $3}' "$__object/parameter/$p" )" +done diff --git a/cdist/conf/type/__acl/parameter/optional b/cdist/conf/type/__acl/parameter/optional index 12edcccb..cdcbc0b8 100644 --- a/cdist/conf/type/__acl/parameter/optional +++ b/cdist/conf/type/__acl/parameter/optional @@ -1,3 +1,5 @@ mask other source +file +directory From 4e8ccd9b788c11403f586bf0c413d57546013c1b Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Mon, 20 Jan 2020 09:08:55 +0100 Subject: [PATCH 28/30] ++changelog --- docs/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/changelog b/docs/changelog index 3f240e5a..083cf5fb 100644 --- a/docs/changelog +++ b/docs/changelog @@ -13,7 +13,7 @@ next: - match line at the beginning when not regex - fix incorrect 'wrongposition' in state explorer - produce error when file does not exist - * Type __acl: Add --source parameter (Ander Punnar) + * Type __acl: Add --source, --file and --directory parameters (Ander Punnar) 6.4.0: 2020-01-04 * Type __consul_agent: Don't deploy init script on Alpine anymore, it ships with one itself (Nico Schottelius) From 8f12a4c505812d640cd926567ee8c6300a6341fb Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Thu, 23 Jan 2020 07:10:48 +0100 Subject: [PATCH 29/30] Release 6.5.0 --- docs/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/changelog b/docs/changelog index 083cf5fb..467c0f22 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,7 +1,7 @@ Changelog --------- -next: +6.5.0: 2020-01-23 * Type __acl: Add --entry parameter to replace --acl, deprecate --acl (Ander Punnar) * Core: preos: Fix missing configuration file usage, support -g, --config-file option (Darko Poljak) * Core info command: Support tilde expansion of conf directories (Darko Poljak) From 87f30b6053315f11013bbf92ce1281bca2d54f43 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Thu, 23 Jan 2020 14:40:07 +0100 Subject: [PATCH 30/30] Update sphinx docs copyright year --- docs/src/conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/src/conf.py b/docs/src/conf.py index 78f9842c..47765413 100644 --- a/docs/src/conf.py +++ b/docs/src/conf.py @@ -56,7 +56,7 @@ master_doc = 'index' # General information about the project. project = 'cdist' -copyright = 'ungleich GmbH 2019' +copyright = 'ungleich GmbH 2020' # author = 'Darko Poljak' # The version info for the project you're documenting, acts as replacement for