Merge branch 'master' into 2.1

Conflicts: conf/type/__package/man.text conf/type/__package_apt/man.text conf/type/__package_luarocks/gencode-remote conf/type/__package_luarocks/man.text conf/type/__package_pacman/gencode-remote conf/type/__package_pacman/man.text conf/type/__package_pkg_openbsd/gencode-remote conf/type/__package_pkg_openbsd/man.text conf/type/__package_rubygem/gencode-remote conf/type/__package_rubygem/man.text conf/type/__package_yum/gencode-remote conf/type/__package_yum/man.text Signed-off-by: Nico Schottelius <nico@brief.schottelius.org>
11 years ago · 410e0ba8fa
62 changed files with 520 additions and 50 deletions
--- a/2
+++ b/2
@ -350,4 +350,4 @@ with cdist on more than **60** production machines of the

 The CBRG is managing most of their compute clusters with cdist.

-
+[[!tag cdist unix]]
--- a/conf/type/__package/man.text
+++ b/conf/type/__package/man.text
@ -16,8 +16,7 @@ It dispatches the actual work to the package system dependant types.

 REQUIRED PARAMETERS
 -------------------
-state::
-    The state the package should be in, either "present" or "absent"
+None


 OPTIONAL PARAMETERS
@ -34,6 +33,9 @@ type::
    e.g. __package_apt for Debian
         __package_emerge for Gentoo

+state::
+    The state the package should be in, either "present" or "absent"
+

 EXAMPLES
 --------
--- a/conf/type/__package/parameter/optional
+++ b/conf/type/__package/parameter/optional
@ -2,3 +2,4 @@ name
 version
 type
 pkgsite
+state
--- a/conf/type/__package_apt/gencode-remote
+++ b/conf/type/__package_apt/gencode-remote
@ -27,7 +27,11 @@ else
   name="$__object_id"
 fi

-state_should="$(cat "$__object/parameter/state")"
+if [ -f "$__object/parameter/state" ]; then
+   state_should="$(cat "$__object/parameter/state")"
+else
+   state_should="present"
+fi

 # FIXME: use grep directly, state is a list, not a line!
 state_is="$(cat "$__object/explorer/state")"
--- a/conf/type/__package_apt/man.text
+++ b/conf/type/__package_apt/man.text
@ -16,8 +16,7 @@ manage packages.

 REQUIRED PARAMETERS
 -------------------
-state::
-    The state the package should be in, either "present" or "absent"
+None


 OPTIONAL PARAMETERS
@ -25,6 +24,9 @@ OPTIONAL PARAMETERS
 name::
   If supplied, use the name and not the object id as the package name.

+state::
+    The state the package should be in, either "present" or "absent"
+

 EXAMPLES
 --------
--- a/conf/type/__package_apt/parameter/optional
+++ b/conf/type/__package_apt/parameter/optional
@ -1,2 +1,3 @@
 name
 version
+state
--- a/conf/type/__package_apt/parameter/required
+++ b/conf/type/__package_apt/parameter/required
@ -1 +0,0 @@
-state
--- a/conf/type/__package_luarocks/gencode-remote
+++ b/conf/type/__package_luarocks/gencode-remote
@ -29,7 +29,11 @@ else
    name="$__object_id"
 fi

-state_should="$(cat "$__object/parameter/state")"
+if [ -f "$__object/parameter/state" ]; then
+   state_should="$(cat "$__object/parameter/state")"
+else
+   state_should="present"
+fi

 if grep -q "(installed)" "$__object/explorer/pkg_status"; then
    state_is="present"
--- a/conf/type/__package_luarocks/man.text
+++ b/conf/type/__package_luarocks/man.text
@ -15,8 +15,7 @@ LuaRocks is a deployment and management system for Lua modules.

 REQUIRED PARAMETERS
 -------------------
-state::
-    The state the package should be in, either "present" or "absent"
+None


 OPTIONAL PARAMETERS
@ -24,6 +23,9 @@ OPTIONAL PARAMETERS
 name::
    If supplied, use the name and not the object id as the package name.

+state::
+    The state the package should be in, either "present" or "absent"
+

 EXAMPLES
 --------
--- a/conf/type/__package_luarocks/parameter/optional
+++ b/conf/type/__package_luarocks/parameter/optional
@ -1 +1,2 @@
 name
+state
--- a/conf/type/__package_luarocks/parameter/required
+++ b/conf/type/__package_luarocks/parameter/required
@ -1 +0,0 @@
-state
--- a/conf/type/__package_opkg/gencode-remote
+++ b/conf/type/__package_opkg/gencode-remote
@ -28,7 +28,12 @@ else
   name="$__object_id"
 fi

-state_should="$(cat "$__object/parameter/state")"
+if [ -f "$__object/parameter/state" ]; then
+   state_should="$(cat "$__object/parameter/state")"
+else
+   state_should="present"
+fi
+
 state_is="$(cat "$__object/explorer/pkg_status")"
 case "$state_is" in
    absent*)
--- a/conf/type/__package_opkg/man.text
+++ b/conf/type/__package_opkg/man.text
@ -15,8 +15,7 @@ opkg is usually used on OpenWRT to manage packages.

 REQUIRED PARAMETERS
 -------------------
-state::
-   The state the package should be in, either "present" or "absent"
+None


 OPTIONAL PARAMETERS
@ -24,6 +23,9 @@ OPTIONAL PARAMETERS
 name::
   If supplied, use the name and not the object id as the package name.

+state::
+   The state the package should be in, either "present" or "absent"
+

 EXAMPLES
 --------
--- a/conf/type/__package_opkg/parameter/optional
+++ b/conf/type/__package_opkg/parameter/optional
@ -1 +1,2 @@
 name
+state
--- a/conf/type/__package_opkg/parameter/required
+++ b/conf/type/__package_opkg/parameter/required
@ -1 +0,0 @@
-state
--- a/conf/type/__package_pacman/gencode-remote
+++ b/conf/type/__package_pacman/gencode-remote
@ -31,7 +31,11 @@ else
   name="$__object_id"
 fi

-state_should="$(cat "$__object/parameter/state")"
+if [ -f "$__object/parameter/state" ]; then
+   state_should="$(cat "$__object/parameter/state")"
+else
+   state_should="present"
+fi

 pkg_version="$(cat "$__object/explorer/pkg_version")"
 if [ -z "$pkg_version" ]; then
--- a/conf/type/__package_pacman/man.text
+++ b/conf/type/__package_pacman/man.text
@ -16,8 +16,7 @@ packages.

 REQUIRED PARAMETERS
 -------------------
-state::
-    The state the package should be in, either "present" or "absent"
+None


 OPTIONAL PARAMETERS
@ -25,6 +24,9 @@ OPTIONAL PARAMETERS
 name::
    If supplied, use the name and not the object id as the package name.

+state::
+    The state the package should be in, either "present" or "absent"
+

 EXAMPLES
 --------
--- a/conf/type/__package_pacman/parameter/optional
+++ b/conf/type/__package_pacman/parameter/optional
@ -1 +1,2 @@
 name
+state
--- a/conf/type/__package_pacman/parameter/required
+++ b/conf/type/__package_pacman/parameter/required
@ -1 +0,0 @@
-state
--- a/conf/type/__package_pip/gencode-remote
+++ b/conf/type/__package_pip/gencode-remote
@ -22,7 +22,11 @@
 #

 state_is=$(cat "$__object/explorer/state")
-state_should=$(cat "$__object/parameter/state")
+if [ -f "$__object/parameter/state" ]; then
+   state_should="$(cat "$__object/parameter/state")"
+else
+   state_should="present"
+fi

 [ "$state_is" = "$state_should" ] && exit 0

--- a/conf/type/__package_pip/man.text
+++ b/conf/type/__package_pip/man.text
@ -16,8 +16,7 @@ It is also included in the python virtualenv environment.

 REQUIRED PARAMETERS
 -------------------
-state::
-   Either "present" or "absent".
+None


 OPTIONAL PARAMETERS
@ -28,6 +27,9 @@ name::
 pip::
    Instead of using pip from PATH, use the specific pip path.

+state::
+   Either "present" or "absent".
+

 EXAMPLES
 --------
--- a/conf/type/__package_pip/parameter/optional
+++ b/conf/type/__package_pip/parameter/optional
@ -1 +1,2 @@
 pip
+state
--- a/conf/type/__package_pip/parameter/required
+++ b/conf/type/__package_pip/parameter/required
@ -1 +0,0 @@
-state
--- a/conf/type/__package_pkg_freebsd/gencode-remote
+++ b/conf/type/__package_pkg_freebsd/gencode-remote
@ -63,7 +63,11 @@ if [ -f "$__object/parameter/pkgsite" ]; then
 	pkgsite="$(cat "$__object/parameter/pkgsite")"
 fi

-state="$(cat "$__object/parameter/state")"
+if [ -f "$__object/parameter/state" ]; then
+   state="$(cat "$__object/parameter/state")"
+else
+   state="present"
+fi
 curr_version="$(cat "$__object/explorer/pkg_version")"
 add_cmd="pkg_add"
 rm_cmd="pkg_delete"
--- a/conf/type/__package_pkg_freebsd/man.text
+++ b/conf/type/__package_pkg_freebsd/man.text
@ -15,8 +15,7 @@ This type is usually used on FreeBSD to manage packages.

 REQUIRED PARAMETERS
 -------------------
-state::
-   Either "present" or "absent".
+None


 OPTIONAL PARAMETERS
@ -33,6 +32,9 @@ version::
 pkgsite::
   If supplied, use to install from a specific package repository.

+state::
+   Either "present" or "absent".
+

 EXAMPLES
 --------
--- a/conf/type/__package_pkg_freebsd/parameter/optional
+++ b/conf/type/__package_pkg_freebsd/parameter/optional
@ -2,3 +2,4 @@ name
 flavor
 version
 pkgsite
+state
--- a/conf/type/__package_pkg_freebsd/parameter/required
+++ b/conf/type/__package_pkg_freebsd/parameter/required
@ -1 +0,0 @@
-state
--- a/conf/type/__package_pkg_openbsd/gencode-remote
+++ b/conf/type/__package_pkg_openbsd/gencode-remote
@ -42,7 +42,11 @@ else
   name="$__object_id"
 fi

-state_should="$(cat "$__object/parameter/state")"
+if [ -f "$__object/parameter/state" ]; then
+   state_should="$(cat "$__object/parameter/state")"
+else
+   state_should="present"
+fi

 pkg_version="$(cat "$__object/explorer/pkg_version")"

--- a/conf/type/__package_pkg_openbsd/man.text
+++ b/conf/type/__package_pkg_openbsd/man.text
@ -15,8 +15,7 @@ This type is usually used on OpenBSD to manage packages.

 REQUIRED PARAMETERS
 -------------------
-state::
-    The state the package should be in, either "present" or "absent"
+None


 OPTIONAL PARAMETERS
@ -27,6 +26,9 @@ name::
 flavor::
    If supplied, use to avoid ambiguity.

+state::
+    The state the package should be in, either "present" or "absent"
+

 EXAMPLES
 --------
--- a/conf/type/__package_pkg_openbsd/parameter/optional
+++ b/conf/type/__package_pkg_openbsd/parameter/optional
@ -1,2 +1,3 @@
 name
 flavor
+state
--- a/conf/type/__package_pkg_openbsd/parameter/required
+++ b/conf/type/__package_pkg_openbsd/parameter/required
@ -1 +0,0 @@
-state
--- a/conf/type/__package_rubygem/gencode-remote
+++ b/conf/type/__package_rubygem/gencode-remote
@ -27,7 +27,11 @@ else
    name="$__object_id"
 fi

-state_should="$(cat "$__object/parameter/state")"
+if [ -f "$__object/parameter/state" ]; then
+   state_should="$(cat "$__object/parameter/state")"
+else
+   state_should="present"
+fi

 if grep -q true "$__object/explorer/pkg_status"; then
    state_is="present"
--- a/conf/type/__package_rubygem/man.text
+++ b/conf/type/__package_rubygem/man.text
@ -15,8 +15,7 @@ Rubygems is the default package management system for the Ruby programming langu

 REQUIRED PARAMETERS
 -------------------
-state::
-    The state the package should be in, either "present" or "absent"
+None


 OPTIONAL PARAMETERS
@ -24,6 +23,9 @@ OPTIONAL PARAMETERS
 name::
    If supplied, use the name and not the object id as the package name.

+state::
+    The state the package should be in, either "present" or "absent"
+

 EXAMPLES
 --------
--- a/conf/type/__package_rubygem/parameter/optional
+++ b/conf/type/__package_rubygem/parameter/optional
@ -1 +1,2 @@
 name
+state
--- a/conf/type/__package_rubygem/parameter/required
+++ b/conf/type/__package_rubygem/parameter/required
@ -1 +0,0 @@
-state
--- a/conf/type/__package_yum/gencode-remote
+++ b/conf/type/__package_yum/gencode-remote
@ -27,7 +27,11 @@ else
   name="$__object_id"
 fi

-state_should="$(cat "$__object/parameter/state")"
+if [ -f "$__object/parameter/state" ]; then
+   state_should="$(cat "$__object/parameter/state")"
+else
+   state_should="present"
+fi

 if grep -q -E "(centos|redhat|amazon)" "$__global/explorer/os"; then
    opts="-y --quiet"
--- a/conf/type/__package_yum/man.text
+++ b/conf/type/__package_yum/man.text
@ -17,8 +17,7 @@ slightly confusing error message "Error: Nothing to do".

 REQUIRED PARAMETERS
 -------------------
-state::
-    The state the package should be in, either "present" or "absent"
+None


 OPTIONAL PARAMETERS
@ -26,6 +25,10 @@ OPTIONAL PARAMETERS
 name::
    If supplied, use the name and not the object id as the package name.

+state::
+    The state the package should be in, either "present" or "absent"
+    (the old values "installed" or "removed" will be removed in cdist 2.1).
+

 EXAMPLES
 --------
--- a/conf/type/__package_yum/parameter/optional
+++ b/conf/type/__package_yum/parameter/optional
@ -1 +1,2 @@
 name
+state
--- a/conf/type/__package_yum/parameter/required
+++ b/conf/type/__package_yum/parameter/required
@ -1 +0,0 @@
-state
--- a/conf/type/__package_zypper/gencode-remote
+++ b/conf/type/__package_zypper/gencode-remote
@ -33,7 +33,11 @@ else
   name="$__object_id"
 fi

-state_should="$(cat "$__object/parameter/state")"
+if [ -f "$__object/parameter/state" ]; then
+   state_should="$(cat "$__object/parameter/state")"
+else
+   state_should="present"
+fi

 # Exit if nothing is needed to be done
 [ "$state_is" = "$state_should" ] && exit 0
--- a/conf/type/__package_zypper/man.text
+++ b/conf/type/__package_zypper/man.text
@ -15,8 +15,7 @@ Zypper is usually used on the SuSE distribution to manage packages.

 REQUIRED PARAMETERS
 -------------------
-state::
-    The state the package should be in, either "present" or "absent"
+None


 OPTIONAL PARAMETERS
@ -24,6 +23,9 @@ OPTIONAL PARAMETERS
 name::
    If supplied, use the name and not the object id as the package name.

+state::
+    The state the package should be in, either "present" or "absent"
+

 EXAMPLES
 --------
--- a/conf/type/__package_zypper/parameter/optional
+++ b/conf/type/__package_zypper/parameter/optional
@ -1 +1,2 @@
 name
+state
--- a/conf/type/__package_zypper/parameter/required
+++ b/conf/type/__package_zypper/parameter/required
@ -1 +0,0 @@
-state
--- a/conf/type/__pf_apply/explorer/rcvar
+++ b/conf/type/__pf_apply/explorer/rcvar
@ -0,0 +1,36 @@
+#!/bin/sh
+#
+# 2012 Jake Guffey (jake.guffey at eprotex.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Get the location of the pf ruleset on the target host.
+#
+
+# Debug
+#exec >&2
+#set -x
+
+# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf
+
+RC="/etc/rc.conf"
+PFCONF="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')"
+echo ${PFCONF:-"/etc/pf.conf"}
+
+# Debug
+#set +x
+
--- a/conf/type/__pf_apply/gencode-remote
+++ b/conf/type/__pf_apply/gencode-remote
@ -0,0 +1,51 @@
+#!/bin/sh
+#
+# 2012 Jake Guffey (jake.guffey at eprotex.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Apply pf(4) ruleset on *BSD
+#
+
+# Debug
+#exec >&2
+#set -x
+
+rcvar=$(cat "$__object/explorer/rcvar")
+
+cat <<EOF
+if [ -f "${rcvar}.old" ]; then # rcvar.old exists, we must need to disable pf
+   # Disable pf
+   # If it already is disabled, pfctl -d returns 1, go on with life
+   pfctl -d || true
+   # Cleanup
+   rm -f "${rcvar}.old"
+elif [ -f "${rcvar}.new" ]; then # rcvar.new exists, we must need to apply it
+   # Ensure that pf is enabled in the first place
+   # If it already is enabled, pfctl -e returns 1, go on with life
+   mv "${rcvar}.new" "${rcvar}"
+   pfctl -e || true
+   pfctl -f "${rcvar}"
+   if [ "\$?" -ne "0" ]; then # failed to configure new ruleset
+      echo "Failed to configure the new ruleset on ${__target_host}!" >&2
+   fi
+fi
+EOF
+
+# Debug
+#set +x
+
--- a/conf/type/__pf_apply/man.text
+++ b/conf/type/__pf_apply/man.text
@ -0,0 +1,52 @@
+cdist-type__pf_apply(7)
+==================================
+Jake Guffey <jake.guffey--@--eprotex.com>
+
+
+NAME
+----
+cdist-type__pf_apply - Apply pf(4) ruleset on *BSD
+
+
+DESCRIPTION
+-----------
+This type is used on *BSD systems to manage the pf firewall's active ruleset.
+
+
+REQUIRED PARAMETERS
+-------------------
+NONE
+
+
+OPTIONAL PARAMETERS
+-------------------
+NONE
+
+
+EXAMPLES
+--------
+
+--------------------------------------------------------------------------------
+# Modify the ruleset on $__target_host:
+__pf_ruleset --state present --source /my/pf/ruleset.conf
+require="__pf_ruleset" \
+   __pf_apply
+
+# Remove the ruleset on $__target_host (implies disabling pf(4):
+__pf_ruleset --state absent
+require="__pf_ruleset" \
+   __pf_apply
+--------------------------------------------------------------------------------
+
+
+SEE ALSO
+--------
+- cdist-type(7)
+- cdist-type__pf_ruleset(7)
+- pf(4)
+
+
+COPYING
+-------
+Copyright \(C) 2012 Jake Guffey. Free use of this software is
+granted under the terms of the GNU General Public License version 3 (GPLv3).
--- a/conf/type/__pf_apply/singleton
+++ b/conf/type/__pf_apply/singleton
--- a/conf/type/__pf_ruleset/explorer/cksum
+++ b/conf/type/__pf_ruleset/explorer/cksum
@ -0,0 +1,41 @@
+#!/bin/sh
+#
+# 2012 Jake Guffey (jake.guffey at eprotex.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Get the 256 bit SHA2 checksum of the pf ruleset on the target host.
+#
+
+# Debug
+#exec >&2
+#set -x
+
+# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf
+# See if file exists and if so, get checksum
+
+RC="/etc/rc.conf"
+TMP="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')"
+PFCONF="${TMP:-"/etc/pf.conf"}"
+
+if [ -f "${PFCONF}" ]; then	# The pf config file exists, find its cksum.
+	cksum -o 1 ${PFCONF} | cut -d= -f2 | awk '{print $1}'
+fi
+
+# Debug
+#set +x
+
--- a/conf/type/__pf_ruleset/explorer/rcvar
+++ b/conf/type/__pf_ruleset/explorer/rcvar
@ -0,0 +1,36 @@
+#!/bin/sh
+#
+# 2012 Jake Guffey (jake.guffey at eprotex.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Get the location of the pf ruleset on the target host.
+#
+
+# Debug
+#exec >&2
+#set -x
+
+# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf
+
+RC="/etc/rc.conf"
+PFCONF="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')"
+echo ${PFCONF:-"/etc/pf.conf"}
+
+# Debug
+#set +x
+
--- a/conf/type/__pf_ruleset/gencode-local
+++ b/conf/type/__pf_ruleset/gencode-local
@ -0,0 +1,73 @@
+#!/bin/sh
+#
+# 2012 Jake Guffey (jake.guffey at eprotex.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Manage pf(4) on *BSD
+#
+
+# Debug
+#exec >&2
+#set -x
+
+# Send files to $__target_host via $__remote_copy
+
+uname=$(uname)   # Need to know what the cdist host is running so we know how to compute the ruleset's checksum
+state=$(cat "$__object/parameter/state")
+
+if [ "$state" = "absent" ]; then   # There is nothing more for a *local* script to do
+   exit 0
+fi
+
+if [ -f "$__object/parameter/source" ]; then
+   source=$(cat "$__object/parameter/source")
+fi
+
+rcvar=$(cat "$__object/explorer/rcvar")
+cksum=$(cat "$__object/explorer/cksum")
+
+
+cat <<EOF
+case $uname in
+   Darwin)
+      currentSum=\$(cksum -o 1 ${source} | cut '-d ' -f1)
+      ;;
+   Linux)
+      currentSum=\$(cksum ${source} | cut '-d ' -f1)
+      ;;
+   FreeBSD)
+      currentSum=\$(cksum -o 1 ${source} | cut -d= -f2 | sed 's/ //g')
+      ;;
+   *)
+      echo "Sorry, I do not know how to find a cksum on ${UNAME}." >&2
+      exit 1
+      ;;
+esac
+
+if [ -n "${cksum}" ]; then
+   if [ ! "\${currentSum}" = "${cksum}" ]; then
+      $__remote_copy "${source}" "$__target_host:${rcvar}.new"
+   fi
+else # File just doesn't exist yet
+   $__remote_copy "${source}" "$__target_host:${rcvar}.new"
+fi
+EOF
+
+# Debug
+#exec +x
+
--- a/conf/type/__pf_ruleset/gencode-remote
+++ b/conf/type/__pf_ruleset/gencode-remote
@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# 2012 Jake Guffey (jake.guffey at eprotex.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Manage pf(4) on *BSD
+#
+
+# Debug
+#exec >&2
+#set -x
+
+# Remove ${rcvar} in the case of --state absent
+
+state=$(cat "$__object/parameter/state")
+rcvar=$(cat "$__object/explorer/rcvar")
+
+if [ "$state" = "present" ]; then   # There is nothing more for a *remote* script to do
+   exit 0
+elif [ "$state" = "absent" ]; then
+   # --state absent, so ensure that .new doesn't exist and that conf is renamed to .old
+   cat <<EOF
+   if [ -f "${rcvar}.new" ]; then
+      rm "${rcvar}.new"
+   fi
+   if [ -f "${rcvar}" ]; then
+      mv "${rcvar}" "${rcvar}.old"
+   fi
+EOF
+else
+   echo "Unknown state ${state}!" >&2
+   exit 1
+fi
+
--- a/conf/type/__pf_ruleset/man.text
+++ b/conf/type/__pf_ruleset/man.text
@ -0,0 +1,51 @@
+cdist-type__pf_ruleset(7)
+==================================
+Jake Guffey <jake.guffey--@--eprotex.com>
+
+
+NAME
+----
+cdist-type__pf_ruleset - Copy a pf(4) ruleset to $__target_host
+
+
+DESCRIPTION
+-----------
+This type is used on *BSD systems to manage the pf firewall's ruleset.
+
+
+REQUIRED PARAMETERS
+-------------------
+state::
+   Either "absent" (no ruleset at all) or "present"
+
+
+OPTIONAL PARAMETERS
+-------------------
+source::
+   If supplied, use to define the ruleset to load onto the $__target_host for pf(4).
+   Note that this type is almost useless without a ruleset defined, but it's technically not
+   needed, e.g. for the case of disabling the firewall temporarily.
+
+EXAMPLES
+--------
+
+--------------------------------------------------------------------------------
+# Remove the current ruleset in place
+__pf_ruleset --state absent
+
+# Enable the firewall with the ruleset defined in $__manifest/files/pf.conf
+__pf_ruleset --state present --source $__manifest/files/pf.conf
+
+--------------------------------------------------------------------------------
+
+
+SEE ALSO
+--------
+- cdist-type(7)
+- pf(4)
+
+
+COPYING
+-------
+Copyright \(C) 2012 Jake Guffey. Free use of this software is
+granted under the terms of the GNU General Public License version 3 (GPLv3).
--- a/conf/type/__pf_ruleset/parameter/optional
+++ b/conf/type/__pf_ruleset/parameter/optional
@ -0,0 +1 @@
+source
--- a/conf/type/pf_ruleset/parameter/required
+++ b/conf/type/pf_ruleset/parameter/required
--- a/conf/type/__pf_ruleset/singleton
+++ b/conf/type/__pf_ruleset/singleton
--- a/conf/type/__qemu_img/man.text
+++ b/conf/type/__qemu_img/man.text
@ -32,7 +32,7 @@ EXAMPLES
 --------

 --------------------------------------------------------------------------------
-# Ensure zsh in installed
+# Create a 50G size image
 __qemu_img /home/services/kvm/vm/myvmname/system-disk --size 50G

 # Remove image
--- a/conf/type/__rvm/explorer/state
+++ b/conf/type/__rvm/explorer/state
@ -19,8 +19,18 @@
 #

 user="$__object_id"
-if su - $user -c "[ -d \"\$HOME/.rvm\" ]" ; then
-   echo "present"
+
+# RVM behaves differently if root is the username / uid == 0
+if [ "$user" = "root" ]; then
+    if [ -d /usr/local/rvm ]; then
+        echo present
+    else
+        echo absent
+    fi
 else
-   echo "absent"
+    if su - $user -c "[ -d \"\$HOME/.rvm\" ]" ; then
+       echo "present"
+    else
+       echo "absent"
+    fi
 fi
--- a/conf/type/__rvm/gencode-remote
+++ b/conf/type/__rvm/gencode-remote
@ -25,7 +25,7 @@ if [ "$state_is" != "$state_should" ]; then
   case "$state_should" in
      present)
         cat << DONE
-su - $user -c "curl -L get.rvm.io | bash -s stable"
+su - $user -c "unset rvm_path; unset rvm_bin_path; unset rvm_prefix; unset rvm_version; curl -L get.rvm.io | bash -s stable"
 DONE
      ;;
      absent)
--- a/conf/type/__rvm_gemset/gencode-remote
+++ b/conf/type/__rvm_gemset/gencode-remote
@ -23,7 +23,7 @@ ruby="$(echo "$gemset" | cut -d '@' -f 1)"
 gemsetname="$(echo "$gemset" | cut -d '@' -f 2)"
 state_is="$(cat "$__object/explorer/state")"
 user="$(cat "$__object/parameter/user")"
-default="$(cat "$__object/parameter/default")"
+default="$(cat "$__object/parameter/default" 2>/dev/null || true)"
 state_should="$(cat "$__object/parameter/state")"
 if [ "$state_is" != "$state_should" ]; then
   case "$state_should" in
--- a/conf/type/__rvm_ruby/gencode-remote
+++ b/conf/type/__rvm_ruby/gencode-remote
@ -21,8 +21,9 @@
 ruby="$__object_id"
 state_is="$(cat "$__object/explorer/state")"
 user="$(cat "$__object/parameter/user")"
-default="$(cat "$__object/parameter/default")"
+default="$(cat "$__object/parameter/default" 2>/dev/null || true)"
 state_should="$(cat "$__object/parameter/state")"
+
 if [ "$state_is" != "$state_should" ]; then
   case "$state_should" in
      present)
--- a/doc/changelog
+++ b/doc/changelog
@ -8,6 +8,9 @@ Changelog
 	* Core: Make variable __object_name available in type explorers (Steven Armtrong)
 	* New Type: __qemu_img
 	* New Type: __line
+	* New Type: __pf_apply (Jake Guffey)
+	* New Type: __pf_ruleset (Jake Guffey)
+	* Bugfix Type: __rvm: Make type work if rvm is already installed

 2.0.14: 2012-09-07
 	* Bugfix Type: __jail: Use correct variable (Jake Guffey)
--- a/doc/gfx/font-used
+++ b/doc/gfx/font-used
@ -0,0 +1 @@
+fraktur