diff --git a/.version b/.version deleted file mode 100644 index 71f08595..00000000 --- a/.version +++ /dev/null @@ -1 +0,0 @@ -2.1.0-pre1 diff --git a/Makefile b/Makefile index 112b1411..5c366783 100644 --- a/Makefile +++ b/Makefile @@ -170,17 +170,6 @@ $(ML_FILE): $(CHANGELOG_FILE) ml-release: $(ML_FILE) -################################################################################ -# Release: Freecode -# -FREECODE_FILE=.lock-freecode - -$(FREECODE_FILE): $(CHANGELOG_FILE) - $(helper) freecode-release $(CHANGELOG_VERSION) - touch $@ - -freecode-release: $(FREECODE_FILE) - ################################################################################ # pypi # @@ -197,7 +186,7 @@ ARCHLINUX_FILE=.lock-archlinux ARCHLINUXTAR=cdist-$(CHANGELOG_VERSION)-1.src.tar.gz $(ARCHLINUXTAR): PKGBUILD - makepkg -c --source + umask 022; mkaurball PKGBUILD: PKGBUILD.in $(PYTHON_VERSION) ./PKGBUILD.in $(CHANGELOG_VERSION) diff --git a/PKGBUILD.in b/PKGBUILD.in index e3ae4619..c967249d 100755 --- a/PKGBUILD.in +++ b/PKGBUILD.in @@ -17,7 +17,13 @@ source=("http://pypi.python.org/packages/source/c/cdist/cdist-\${pkgver}.tar.gz" package() { cd cdist-\${pkgver} python3 setup.py build install --root="\${pkgdir}" + find "\$pkgdir" -type d -exec chmod 0755 {} \; + find "\$pkgdir" -type f -exec chmod a+r {} \; } eof makepkg -g >> "${outfile}" + +# Fix this issue: +# error: failed to upload cdist-3.1.6-1.src.tar.gz: Error - all files must have permissions of 644 or 755. +chmod a+r "${outfile}" diff --git a/bin/build-helper b/bin/build-helper index d28c0616..31789a2e 100755 --- a/bin/build-helper +++ b/bin/build-helper @@ -145,21 +145,6 @@ eof ;; - freecode-release) - version=$1; shift - printf "Enter tag list for freecode release %s> " "$version" - read taglist - - printf "Enter changelog for freecode release %s> " "$version" - read changelog - - echo "Submitting to freecode ..." - python2 ~/p/foreign/freecode-submit-2.7/freecode-submit -P cdist \ - -v "$version" -c "$changelog" \ - -t "$taglist" \ - -n - ;; - release-git-tag) target_version=$($0 changelog-version) if git rev-parse --verify refs/tags/$target_version 2>/dev/null; then @@ -258,9 +243,6 @@ eof # Archlinux release is based on pypi make archlinux-release - # Announce change on Freecode - make freecode-release - # Announce change on ML make ml-release diff --git a/cdist/conf/explorer/cpu_cores b/cdist/conf/explorer/cpu_cores index efabc848..7f7a955e 100755 --- a/cdist/conf/explorer/cpu_cores +++ b/cdist/conf/explorer/cpu_cores @@ -22,10 +22,19 @@ # FIXME: other system types (not linux ...) -if [ -r /proc/cpuinfo ]; then - cores="$(cat /proc/cpuinfo | grep "core id" | sort | uniq | wc -l)" - if [ ${cores} -eq 0 ]; then - cores="1" - fi - echo "${cores}" -fi +os=$("$__explorer/os") +case "$os" in + "macosx") + echo "$(sysctl -n hw.physicalcpu)" + ;; + + *) + if [ -r /proc/cpuinfo ]; then + cores="$(grep "core id" /proc/cpuinfo | sort | uniq | wc -l)" + if [ ${cores} -eq 0 ]; then + cores="1" + fi + echo "$cores" + fi + ;; +esac diff --git a/cdist/conf/explorer/cpu_sockets b/cdist/conf/explorer/cpu_sockets index 98836cec..8a8194df 100755 --- a/cdist/conf/explorer/cpu_sockets +++ b/cdist/conf/explorer/cpu_sockets @@ -22,10 +22,19 @@ # FIXME: other system types (not linux ...) -if [ -r /proc/cpuinfo ]; then - sockets="$(cat /proc/cpuinfo | grep "physical id" | sort | uniq | wc -l)" - if [ ${sockets} -eq 0 ]; then - sockets="$(cat /proc/cpuinfo | grep "processor" | wc -l)" +os=$("$__explorer/os") +case "$os" in + "macosx") + echo "$(system_profiler SPHardwareDataType | grep "Number of Processors" | awk -F': ' '{print $2}')" + ;; + + *) + if [ -r /proc/cpuinfo ]; then + sockets="$(grep "physical id" /proc/cpuinfo | sort | uniq | wc -l)" + if [ ${sockets} -eq 0 ]; then + sockets="$(cat /proc/cpuinfo | grep "processor" | wc -l)" + fi + echo "${sockets}" fi - echo "${sockets}" -fi + ;; +esac diff --git a/cdist/conf/explorer/memory b/cdist/conf/explorer/memory index 982b5dfa..05db865f 100755 --- a/cdist/conf/explorer/memory +++ b/cdist/conf/explorer/memory @@ -22,6 +22,15 @@ # FIXME: other system types (not linux ...) -if [ -r /proc/meminfo ]; then - echo "$(cat /proc/meminfo | grep "MemTotal:" | awk '{print $2}')" -fi +os=$("$__explorer/os") +case "$os" in + "macosx") + echo "$(sysctl -n hw.memsize)/1024" | bc + ;; + + *) + if [ -r /proc/meminfo ]; then + grep "MemTotal:" /proc/meminfo | awk '{print $2}' + fi + ;; +esac diff --git a/cdist/conf/type/__apt_update_index/man.text b/cdist/conf/type/__apt_update_index/man.text index 778af508..628292dc 100644 --- a/cdist/conf/type/__apt_update_index/man.text +++ b/cdist/conf/type/__apt_update_index/man.text @@ -5,7 +5,7 @@ Steven Armstrong NAME ---- -cdist-type__apt_update_index - update apt's package index +cdist-type__apt_update_index - Update apt's package index DESCRIPTION diff --git a/cdist/conf/type/__block/explorer/block b/cdist/conf/type/__block/explorer/block index 6c35bc46..e1ca3441 100755 --- a/cdist/conf/type/__block/explorer/block +++ b/cdist/conf/type/__block/explorer/block @@ -1,5 +1,24 @@ #!/bin/sh -# 2013 Steven Armstrong (steven-cdist at armstrong.cc) +# +# 2013 Steven Armstrong (steven-cdist armstrong.cc) +# 2014 Nico Schottelius (nico-cdist at schottelius.org) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")" @@ -8,12 +27,12 @@ file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")" prefix=$(cat "$__object/parameter/prefix" 2>/dev/null || echo "#cdist:__block/$__object_id") suffix=$(cat "$__object/parameter/suffix" 2>/dev/null || echo "#/cdist:__block/$__object_id") -awk -v prefix="$prefix" -v suffix="$suffix" '{ - if (index($0,prefix)) { +awk -v prefix="^$prefix\$" -v suffix="^$suffix\$" '{ + if (match($0,prefix)) { triggered=1 } if (triggered) { - if (index($0,suffix)) { + if (match($0,suffix)) { triggered=0 } print diff --git a/cdist/conf/type/__block/gencode-remote b/cdist/conf/type/__block/gencode-remote index 0a5eea18..2e2147e5 100755 --- a/cdist/conf/type/__block/gencode-remote +++ b/cdist/conf/type/__block/gencode-remote @@ -46,13 +46,13 @@ tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX) if [ -f "$file" ]; then cp -p "$file" "\$tmpfile" fi -awk -v prefix="$prefix" -v suffix="$suffix" ' +awk -v prefix="^$prefix\$" -v suffix="^$suffix\$" ' { - if (index(\$0,prefix)) { + if (match(\$0,prefix)) { triggered=1 } if (triggered) { - if (index(\$0,suffix)) { + if (match(\$0,suffix)) { triggered=0 } } else { diff --git a/cdist/conf/type/__cdistmarker/man.text b/cdist/conf/type/__cdistmarker/man.text index ca5611a7..3a59659b 100644 --- a/cdist/conf/type/__cdistmarker/man.text +++ b/cdist/conf/type/__cdistmarker/man.text @@ -40,7 +40,7 @@ EXAMPLES __cdistmarker # Creates the marker differently. -__cdistmarker --file /tmp/cdist_marker --format '+%s' +__cdistmarker --destination /tmp/cdist_marker --format '+%s' -------------------------------------------------------------------------------- diff --git a/cdist/conf/type/__file/gencode-local b/cdist/conf/type/__file/gencode-local index 601705c8..ed7482cb 100755 --- a/cdist/conf/type/__file/gencode-local +++ b/cdist/conf/type/__file/gencode-local @@ -67,7 +67,7 @@ DONE if [ "$upload_file" ]; then echo upload >> "$__messages_out" cat << DONE -$__remote_copy $source ${__target_host}:\$destination_upload +$__remote_copy "$source" "${__target_host}:\$destination_upload" DONE fi # move uploaded file into place diff --git a/cdist/conf/type/__iptables_apply/files/init-script b/cdist/conf/type/__iptables_apply/files/init-script index 2dc952e9..2247dcf5 100644 --- a/cdist/conf/type/__iptables_apply/files/init-script +++ b/cdist/conf/type/__iptables_apply/files/init-script @@ -45,4 +45,14 @@ case $1 in restart) "$0" stop && "$0" start ;; + reset) + for table in INPUT FORWARD OUTPUT; do + iptables -P "$table" ACCEPT + iptables -F "$table" + done + for table in PREROUTING POSTROUTING OUTPUT; do + iptables -t nat -P "$table" ACCEPT + iptables -t nat -F "$table" + done + ;; esac diff --git a/cdist/conf/type/__locale/manifest b/cdist/conf/type/__locale/manifest index ac953662..8384e0c6 100644 --- a/cdist/conf/type/__locale/manifest +++ b/cdist/conf/type/__locale/manifest @@ -29,7 +29,7 @@ case "$os" in # Debian needs a seperate package __package locales --state present ;; - suse) + archlinux|suse) : ;; *) diff --git a/cdist/conf/type/__package/explorer/pkgng_exists b/cdist/conf/type/__package/explorer/pkgng_exists new file mode 100755 index 00000000..355c5d65 --- /dev/null +++ b/cdist/conf/type/__package/explorer/pkgng_exists @@ -0,0 +1,27 @@ +#!/bin/sh +# +# 2014 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Retrieve the status of a package - parsed dpkg output +# + +if [ "$($__explorer/os)" = "freebsd" ]; then + command -v pkg +fi + diff --git a/cdist/conf/type/__package/manifest b/cdist/conf/type/__package/manifest index 0ebf0099..25e43b30 100755 --- a/cdist/conf/type/__package/manifest +++ b/cdist/conf/type/__package/manifest @@ -19,7 +19,7 @@ # # # __package is an abstract type which dispatches to the lower level -# __package_$name types which do the actual interaction with the packaging +# __package_$type types which do the actual interaction with the packaging # system. # @@ -33,7 +33,13 @@ else amazon|centos|fedora|redhat) type="yum" ;; archlinux) type="pacman" ;; debian|ubuntu) type="apt" ;; - freebsd) type="pkg_freebsd" ;; + freebsd) + if [ -n "$(cat "$__object/explorer/pkgng_exists")" ]; then + type="pkgng_freebsd" + else + type="pkg_freebsd" + fi + ;; gentoo) type="emerge" ;; suse) type="zypper" ;; openwrt) type="opkg" ;; diff --git a/cdist/conf/type/__package_apt/gencode-remote b/cdist/conf/type/__package_apt/gencode-remote index 57339db3..1feec012 100755 --- a/cdist/conf/type/__package_apt/gencode-remote +++ b/cdist/conf/type/__package_apt/gencode-remote @@ -33,6 +33,14 @@ else state_should="present" fi +if [ -f "$__object/parameter/target-release" ]; then + target_release="--target-release $(cat "$__object/parameter/target-release")" +else + target_release="" +fi + + + # FIXME: use grep directly, state is a list, not a line! state_is="$(cat "$__object/explorer/state")" case "$state_is" in @@ -44,13 +52,13 @@ esac # Hint if we need to avoid questions at some point: # DEBIAN_PRIORITY=critical can reduce the number of questions -aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes --no-install-recommends -o DPkg::Options::=\"--force-confold\"" +aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes --no-install-recommends -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\"" [ "$state_is" = "$state_should" ] && exit 0 case "$state_should" in present) - echo $aptget install \"$name\" + echo $aptget install $target_release \"$name\" ;; absent) echo $aptget remove \"$name\" diff --git a/cdist/conf/type/__package_apt/man.text b/cdist/conf/type/__package_apt/man.text index 5d4656c1..c1f8ee1f 100644 --- a/cdist/conf/type/__package_apt/man.text +++ b/cdist/conf/type/__package_apt/man.text @@ -27,6 +27,9 @@ name:: state:: Either "present" or "absent", defaults to "present" +target-release:: + Passed on to apt-get install, see apt-get(8). + Essentially allows you to retrieve packages from a different release EXAMPLES -------- diff --git a/cdist/conf/type/__package_apt/parameter/optional b/cdist/conf/type/__package_apt/parameter/optional index 41b8e6cf..d6674f95 100644 --- a/cdist/conf/type/__package_apt/parameter/optional +++ b/cdist/conf/type/__package_apt/parameter/optional @@ -1,3 +1,4 @@ name version state +target-release diff --git a/cdist/conf/type/__package_emerge/gencode-remote b/cdist/conf/type/__package_emerge/gencode-remote index d4cee37e..1199fc72 100644 --- a/cdist/conf/type/__package_emerge/gencode-remote +++ b/cdist/conf/type/__package_emerge/gencode-remote @@ -27,37 +27,40 @@ else name="$__object_id" fi -if [ -f "$__object/parameter/state" ]; then - state_should="$(cat "$__object/parameter/state")" -else - state_should="present" +state_should="$(cat "$__object/parameter/state")" + +version="$(cat "$__object/parameter/version")" + +if [ -n "$version" ]; then + name="=$name-$version" fi pkg_version="$(cat "$__object/explorer/pkg_version")" if [ -z "$pkg_version" ]; then state_is="absent" -elif [ $(echo "$pkg_version" | wc -l) -gt 1 ]; then +elif [ -z "$version" -a $(echo "$pkg_version" | wc -l) -gt 1 ]; then + echo "Package name is not unique! The following packages are installed:" + echo "$pkg_version" + exit 1 +elif [ -n "$version" -a $(echo "$pkg_version" | cut -d " " -f 1 | sort | uniq | wc -l) -gt 1 ]; then echo "Package name is not unique! The following packages are installed:" echo "$pkg_version" exit 1 else state_is="present" - installed_version="$(echo "$pkg_version" | cut -d " " -f 2)" + if [ -n "$version" ] && echo "$pkg_version" | cut -d " " -f 2 | grep -q -x "$version"; then + installed_version="$(echo "$pkg_version" | cut -d " " -f 2 | grep -x "$version")" + else + installed_version="$(echo "$pkg_version" | cut -d " " -f 2 | tail -n 1)" + fi fi -if [ -f "$__object/parameter/version" ]; then - version="$(cat "$__object/parameter/version")" - if [ ! -z "$version" ]; then - name="=$name-$version" - fi -else - version="" -fi # Exit if nothing is needed to be done [ "$state_is" = "$state_should" ] && ( [ -z "$version" ] || [ "$installed_version" = "$version" ] ) && exit 0 [ "$state_should" = "absent" ] && [ ! -z "$version" ] && [ "$installed_version" != "$version" ] && exit 0 + case "$state_should" in present) echo "emerge \"$name\" &>/dev/null || exit 1" diff --git a/cdist/conf/type/__package_emerge/parameter/default/state b/cdist/conf/type/__package_emerge/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__package_emerge/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__package_emerge/parameter/default/version b/cdist/conf/type/__package_emerge/parameter/default/version new file mode 100644 index 00000000..e69de29b diff --git a/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version b/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version new file mode 100755 index 00000000..947857b9 --- /dev/null +++ b/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version @@ -0,0 +1,37 @@ +#!/bin/sh +# +# 2014 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Retrieve the status of a package - parsed dpkg output +# + +if [ -f "$__object/parameter/name" ]; then + name="$(cat "$__object/parameter/name")" +else + name="$__object_id" +fi + +# Don't produce "no pkgs installed" output -- breaks things +PKG_OUTPUT=$(pkg info 2>&1) +echo -n "$(echo "$PKG_OUTPUT" \ + | awk '{print $1}' \ + | sed 's/^\(.*\)-\([^-]*\)$/name:\1 ver:\2/g' \ + | grep "name:$name ver:" \ + | sed 's/^.*ver:\(.*\)/\1/g')" + diff --git a/cdist/conf/type/__package_pkgng_freebsd/gencode-remote b/cdist/conf/type/__package_pkgng_freebsd/gencode-remote new file mode 100755 index 00000000..39965aca --- /dev/null +++ b/cdist/conf/type/__package_pkgng_freebsd/gencode-remote @@ -0,0 +1,139 @@ +#!/bin/sh +# +# 2014 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Manage packages with pkg on FreeBSD +# + +# Debug +#exec >&2 +#set -x + +if [ -f "$__object/parameter/name" ]; then + name="$(cat "$__object/parameter/name")" +else + name="$__object_id" +fi + +if [ -f "$__object/parameter/flavor" ]; then + flavor="$(cat "$__object/parameter/flavor")" +fi + +if [ -f "$__object/parameter/version" ]; then + version="$(cat "$__object/parameter/version")" +fi + +if [ -f "$__object/parameter/upgrade" ]; then + upgrade="true" +else + upgrade="false" +fi + +if [ -f "$__object/parameter/repo" ]; then + repo="$(cat "$__object/parameter/repo")" +fi + +if [ -f "$__object/parameter/state" ]; then + state="$(cat "$__object/parameter/state")" +else + state="present" +fi +curr_version="$(cat "$__object/explorer/pkg_version")" +add_cmd="pkg install -y" +rm_cmd="pkg delete -y" +upg_cmd="pkg upgrade -y" +cmd="" + +# Print the command to be executed +# Parms: $1 -- mode, "rm", "add", or "upg" +# $2 -- the command to be echoed +execcmd(){ + local _cmd="" + + case "$1" in + add) + _cmd="${add_cmd} $2" + ;; + rm) + _cmd="${rm_cmd} $2" + ;; + upg) + _cmd="${upg_cmd} $2" + ;; + *) + printf "Error. Don't understand command: %s" "$1" >&2 + exit 1 + ;; + esac + + echo "$_cmd 2>&- >&-" # Silence the output of the command + echo "status=\$?" + echo "if [ \"\$status\" -ne \"0\" ]; then" + echo " echo \"Error: ${_cmd} exited nonzero with \$status\"'!' >&2" + echo " exit 1" + echo "fi" +} + +if [ -n "$curr_version" ]; then # PKG *is* installed + if [ -n "$repo" ]; then + cmd="-r ${repo} ${name}" + else + cmd="${name}" + fi + if [ -n "$flavor" ]; then + cmd="${cmd}-${flavor}" + fi + # PKG is supposed to be removed + if [ "$state" = "absent" ]; then + execcmd "rm" "${cmd}" + # PKG is supposed to be installed to a particular version + elif [ -n "$version" ] && [ "$version" != "$curr_version" ]; then + if [ "$upgrade" = "true" ]; then + execcmd "upg" "${cmd}" + else + printf "Version %s is already installed and pkg-ng can't upgrade directly to version %s.\nTo upgrade to the latest version, use the --upgrade flag.\n" "$curr_version" "$version" >&2 + exit 1 + fi + # PKG is supposed to be installed to the latest version + else + : # Do nothing. + fi +else # PKG *isn't* installed + if [ "$state" = "absent" ]; then # Shouldn't be installed + exit 0 + else # Should be installed + if [ -n "$repo" ]; then + cmd="-r ${repo} ${name}" + else + cmd="${name}" + fi + if [ -n "$flavor" ]; then + cmd="${cmd}-${flavor}" + fi + if [ -n "$version" ]; then + cmd="${cmd}-${version}" + fi + + execcmd "add" "$cmd" + exit 0 + fi +fi + +# Debug +#set +x diff --git a/cdist/conf/type/__package_pkgng_freebsd/man.text b/cdist/conf/type/__package_pkgng_freebsd/man.text new file mode 100644 index 00000000..da44da83 --- /dev/null +++ b/cdist/conf/type/__package_pkgng_freebsd/man.text @@ -0,0 +1,97 @@ +cdist-type__package_pkgng_freebsd(7) +================================== +Jake Guffey + + +NAME +---- +cdist-type__package_pkgng_freebsd - Manage FreeBSD packages with pkg-ng + + +DESCRIPTION +----------- +This type is usually used on FreeBSD to manage packages. + + +REQUIRED PARAMETERS +------------------- +None + + +OPTIONAL PARAMETERS +------------------- +name:: + If supplied, use the name and not the object id as the package name. + +flavor:: + If supplied, use to avoid ambiguity. + +version:: + If supplied, use to install a specific version of the package named. + +repo:: + If supplied, use to install the package named from a particular repo. + +state:: + Either "present" or "absent", defaults to "present" + + +BOOLEAN PARAMETERS +------------------ +upgrade:: + If supplied, allow upgrading to the latest version of a package. + + +CAVEATS +------- +This type requires that repository definitions already exist in /etc/pkg/*.conf. +Ensure that they exist prior to use of this type with __file. + +pkg-ng can't upgrade a package to a specific version. If this type needs to +upgrade a package, it can only ugprade to the latest available version. If the +"upgrade" parameter is not given and an upgrade needs to occur, an error will result. + + +MESSAGES +-------- +install:: + The package was installed +remove:: + The package was removed +upgrade:: + The package was upgraded +exist:: + The package was already present and thus not installed + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# Ensure zsh is installed +__package_pkgng_freebsd zsh --state present + +# Ensure vim is installed, use flavor no_x11 +__package_pkgng_freebsd vim --state present --flavor no_x11 + +# If you don't want to follow pythonX packages, but always use python +__package_pkgng_freebsd python --state present --name python2 + +# Install a package from a particular repository when multiples exist +__package_pkgng_freebsd bash --state present --repo myrepo + +# Remove obsolete package +__package_pkgng_freebsd puppet --state absent +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__package(7) + + +COPYING +------- +Copyright \(C) 2014 Jake Guffey. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__package_pkgng_freebsd/parameter/boolean b/cdist/conf/type/__package_pkgng_freebsd/parameter/boolean new file mode 100644 index 00000000..007ead00 --- /dev/null +++ b/cdist/conf/type/__package_pkgng_freebsd/parameter/boolean @@ -0,0 +1 @@ +upgrade \ No newline at end of file diff --git a/cdist/conf/type/__package_pkgng_freebsd/parameter/optional b/cdist/conf/type/__package_pkgng_freebsd/parameter/optional new file mode 100644 index 00000000..6e67f838 --- /dev/null +++ b/cdist/conf/type/__package_pkgng_freebsd/parameter/optional @@ -0,0 +1,5 @@ +name +flavor +version +repo +state diff --git a/cdist/conf/type/__package_update_index/gencode-remote b/cdist/conf/type/__package_update_index/gencode-remote new file mode 100755 index 00000000..8ee837eb --- /dev/null +++ b/cdist/conf/type/__package_update_index/gencode-remote @@ -0,0 +1,50 @@ +#!/bin/sh +# +# 2014 Ricardo Catalinas Jiménez (jimenezrick at gmail.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Update the package index with the appropriate package manager +# + +type="$__object/parameter/type" + +if [ -f "$type" ]; then + type="$(cat "$type")" +else + # By default determine package manager based on operating system + os="$(cat "$__global/explorer/os")" + case "$os" in + amazon|centos|fedora|redhat) type="yum" ;; + debian|ubuntu) type="apt" ;; + archlinux) type="pacman" ;; + *) + echo "Don't know how to manage packages on: $os" >&2 + exit 1 + ;; + esac +fi + +case "$type" in + yum) ;; + apt) echo "apt-get --quiet update" ;; + pacman) echo "pacman --noprogressbar --sync --refresh" ;; + *) + echo "Don't know how to manage packages on: $os" >&2 + exit 1 + ;; +esac diff --git a/cdist/conf/type/__package_update_index/man.text b/cdist/conf/type/__package_update_index/man.text new file mode 100644 index 00000000..6435e51d --- /dev/null +++ b/cdist/conf/type/__package_update_index/man.text @@ -0,0 +1,52 @@ +cdist-type__package_update_index(7) +=================================== +Ricardo Catalinas Jiménez + + +NAME +---- +cdist-type__package_update_index - Update the package index + + +DESCRIPTION +----------- +This cdist type allows you to update the package index on the target. +It will automatically use the appropriate package manager. + + +REQUIRED PARAMETERS +------------------- +None + + +OPTIONAL PARAMETERS +------------------- +type:: + The package manager to use. Default is determined based on the $os + explorer variable. + e.g. apt for Debian + yum for Red Hat + pacman for Arch Linux + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# Update the package index on the target +__package_update_index + +# Force use of a specific package manager +__package_update_index --type apt +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) + + +COPYING +------- +Copyright \(C) 2014 Ricardo Catalinas Jiménez. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__package_update_index/parameter/optional b/cdist/conf/type/__package_update_index/parameter/optional new file mode 100644 index 00000000..aa80e646 --- /dev/null +++ b/cdist/conf/type/__package_update_index/parameter/optional @@ -0,0 +1 @@ +type diff --git a/cdist/conf/type/__package_update_index/singleton b/cdist/conf/type/__package_update_index/singleton new file mode 100644 index 00000000..e69de29b diff --git a/cdist/conf/type/__package_upgrade_all/gencode-remote b/cdist/conf/type/__package_upgrade_all/gencode-remote new file mode 100755 index 00000000..57676a57 --- /dev/null +++ b/cdist/conf/type/__package_upgrade_all/gencode-remote @@ -0,0 +1,62 @@ +#!/bin/sh +# +# 2014 Ricardo Catalinas Jiménez (jimenezrick at gmail.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Upgrade all the already installed packages with the appropriate package +# manager +# + +type="$__object/parameter/type" + +if [ -f "$type" ]; then + type="$(cat "$type")" +else + # By default determine package manager based on operating system + os="$(cat "$__global/explorer/os")" + case "$os" in + amazon|centos|fedora|redhat) type="yum" ;; + debian|ubuntu) type="apt" ;; + archlinux) type="pacman" ;; + *) + echo "Don't know how to manage packages on: $os" >&2 + exit 1 + ;; + esac +fi + +aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes --no-install-recommends -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\"" + +case "$type" in + yum) + echo "yum --quiet --assumeyes update" + echo "yum --quiet clean all" + ;; + apt) + echo $aptget dist-upgrade + echo "apt-get --quiet autoclean" + ;; + pacman) + echo "pacman --noprogressbar --noconfirm --sync --sysupgrade" + echo "pacman --noprogressbar --noconfirm --sync --clean" + ;; + *) + echo "Don't know how to manage packages on: $os" >&2 + exit 1 + ;; +esac diff --git a/cdist/conf/type/__package_upgrade_all/man.text b/cdist/conf/type/__package_upgrade_all/man.text new file mode 100644 index 00000000..6d3e1338 --- /dev/null +++ b/cdist/conf/type/__package_upgrade_all/man.text @@ -0,0 +1,52 @@ +cdist-type__package_upgrade_all(7) +================================== +Ricardo Catalinas Jiménez + + +NAME +---- +cdist-type__package_upgrade_all - Upgrade all the installed packages + + +DESCRIPTION +----------- +This cdist type allows you to upgrade all the installed packages on the +target. It will automatically use the appropriate package manager. + + +REQUIRED PARAMETERS +------------------- +None + + +OPTIONAL PARAMETERS +------------------- +type:: + The package manager to use. Default is determined based on the $os + explorer variable. + e.g. apt for Debian + yum for Red Hat + pacman for Arch Linux + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# Upgrade all the installed packages on the target +__package_upgrade_all + +# Force use of a specific package manager +__package_upgrade_all --type apt +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) + + +COPYING +------- +Copyright \(C) 2014 Ricardo Catalinas Jiménez. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__package_upgrade_all/parameter/optional b/cdist/conf/type/__package_upgrade_all/parameter/optional new file mode 100644 index 00000000..aa80e646 --- /dev/null +++ b/cdist/conf/type/__package_upgrade_all/parameter/optional @@ -0,0 +1 @@ +type diff --git a/cdist/conf/type/__package_upgrade_all/singleton b/cdist/conf/type/__package_upgrade_all/singleton new file mode 100644 index 00000000..e69de29b diff --git a/cdist/conf/type/__qemu_img/man.text b/cdist/conf/type/__qemu_img/man.text index 0fe2bbec..dda54e0d 100644 --- a/cdist/conf/type/__qemu_img/man.text +++ b/cdist/conf/type/__qemu_img/man.text @@ -1,5 +1,5 @@ cdist-type__qemu_img(7) -======================== +======================= Nico Schottelius diff --git a/cdist/conf/type/__ssh_authorized_key/explorer/entry b/cdist/conf/type/__ssh_authorized_key/explorer/entry new file mode 100755 index 00000000..78031ab5 --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/explorer/entry @@ -0,0 +1,26 @@ +#!/bin/sh +# +# 2014 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +# extract the keytype and base64 encoded key ignoring any options and comment +type_and_key="$(cat "$__object/parameter/key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')" +file="$(cat $__object/parameter/file)" + +# get any entries that match the type and key +grep ".*$type_and_key[ \n]" "$file" || true diff --git a/cdist/conf/type/__ssh_authorized_key/gencode-remote b/cdist/conf/type/__ssh_authorized_key/gencode-remote new file mode 100755 index 00000000..6bbfa269 --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/gencode-remote @@ -0,0 +1,109 @@ +#!/bin/sh +# +# 2014 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +set -u + +remove_line() { + file="$1" + line="$2" + cat << DONE +tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX) +# preserve ownership and permissions of existing file +if [ -f "$file" ]; then + cp -p "$file" "\$tmpfile" +fi +grep -v -F -x '$line' '$file' > \$tmpfile || true +mv -f "\$tmpfile" "$file" +DONE +} + +add_line() { + file="$1" + line="$2" + # escape single quotes + line_sanitised=$(echo "$line" | sed -e "s/'/'\"'\"'/g") + printf '%s' "printf '%s\n' '$line_sanitised' >> $file" +} + + +file="$(cat "$__object/parameter/file")" +mkdir "$__object/files" + +# Generate the entry as it should be +( + if [ -f "$__object/parameter/option" ]; then + # comma seperated list of options + options="$(cat "$__object/parameter/option" | tr '\n' ',')" + printf '%s ' "${options%*,}" + fi + if [ -f "$__object/parameter/comment" ]; then + # extract the keytype and base64 encoded key ignoring any options and comment + printf '%s ' "$(cat "$__object/parameter/key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')" + # override the comment with the one explicitly given + printf '%s' "$(cat "$__object/parameter/comment")" + else + printf '%s' "$(cat "$__object/parameter/key")" + fi + printf '\n' +) > "$__object/files/should" + +# Remove conflicting entries if any +if [ -s "$__object/explorer/entry" ]; then + # Note that the files have to be sorted for comparison with `comm`. + sort "$__object/explorer/entry" > "$__object/files/is" + comm -13 "$__object/files/should" "$__object/files/is" | { + while read entry; do + remove_line "$file" "$entry" + done + } +fi + +# Determine the current state +entry="$(cat "$__object/files/should")" +state_should="$(cat "$__object/parameter/state")" +num_existing_entries=$(grep -c -F -x "$entry" "$__object/explorer/entry" || true) +if [ $num_existing_entries -eq 1 ]; then + state_is="present" +else + # Posix grep does not define the -m option, so we can not remove a single + # occurence of a string from a file in the `remove_line` function. Instead + # _all_ occurences are removed. + # By using `comm` to detect conflicting entries this could lead to the + # situation that the key we want to add is actually removed. + # To workaround this we must treat 0 or more then 1 existing entries to + # mean current state is 'absent'. By doing this, the key is readded + # again after cleaning up conflicting entries. + state_is="absent" +fi + +# Manage the actual entry as it should be +if [ "$state_should" = "$state_is" ]; then + # Nothing to do + exit 0 +fi + +case "$state_should" in + present) + add_line "$file" "$entry" + ;; + absent) + remove_line "$file" "$entry" + ;; +esac diff --git a/cdist/conf/type/__ssh_authorized_key/man.text b/cdist/conf/type/__ssh_authorized_key/man.text new file mode 100644 index 00000000..b519222c --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/man.text @@ -0,0 +1,67 @@ +cdist-type__ssh_authorized_key(7) +================================= +Steven Armstrong + + +NAME +---- +cdist-type__ssh_authorized_key - manage a single ssh authorized key entry + + +DESCRIPTION +----------- +Manage a single authorized key entry in an authorized_key file. +This type was created to be used by the __ssh_authorized_keys type. + + +REQUIRED PARAMETERS +------------------- +file:: + the authorized_keys file to which the given key should be added + +key:: + a string containing the ssh keytype, base 64 encoded key and optional + trailing comment which shall be added to the given authorized_keys file. + + +OPTIONAL PARAMETERS +------------------- +comment:: + explicit comment instead of the one which may be trailing the given key + +option:: + an option to set for this authorized_key entry. + Can be specified multiple times. + See sshd(8) for available options. + +state:: + if the given keys should be 'present' or 'absent', defaults to 'present'. + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +__ssh_authorized_key some-id \ + --file "/home/user/.ssh/autorized_keys" \ + --key "$(cat ~/.ssh/id_rsa.pub)" + +__ssh_authorized_key some-id \ + --file "/home/user/.ssh/autorized_keys" \ + --key "$(cat ~/.ssh/id_rsa.pub)" \ + --option 'command="/path/to/script"' \ + --option 'environment="FOO=bar"' \ + --comment 'one to rule them all' +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist__ssh_authorized_keys(7) +- sshd(8) + +COPYING +------- +Copyright \(C) 2014 Steven Armstrong. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__ssh_authorized_key/parameter/default/state b/cdist/conf/type/__ssh_authorized_key/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__ssh_authorized_key/parameter/optional b/cdist/conf/type/__ssh_authorized_key/parameter/optional new file mode 100644 index 00000000..89e8d966 --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/parameter/optional @@ -0,0 +1,2 @@ +comment +state diff --git a/cdist/conf/type/__ssh_authorized_key/parameter/optional_multiple b/cdist/conf/type/__ssh_authorized_key/parameter/optional_multiple new file mode 100644 index 00000000..01925a15 --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/parameter/optional_multiple @@ -0,0 +1 @@ +option diff --git a/cdist/conf/type/__ssh_authorized_key/parameter/required b/cdist/conf/type/__ssh_authorized_key/parameter/required new file mode 100644 index 00000000..d51426c3 --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/parameter/required @@ -0,0 +1,2 @@ +file +key diff --git a/cdist/conf/type/__ssh_authorized_keys/explorer/file b/cdist/conf/type/__ssh_authorized_keys/explorer/file new file mode 100755 index 00000000..5a02721a --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_keys/explorer/file @@ -0,0 +1,27 @@ +#!/bin/sh +# +# 2014 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +if [ -f "$__object/parameter/file" ]; then + cat "$__object/parameter/file" +else + owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" + home=$(getent passwd "$owner" | cut -d':' -f 6) + echo "$home/.ssh/authorized_keys" +fi diff --git a/cdist/conf/type/__ssh_authorized_keys/explorer/group b/cdist/conf/type/__ssh_authorized_keys/explorer/group index cdea6fe7..72a4e314 100755 --- a/cdist/conf/type/__ssh_authorized_keys/explorer/group +++ b/cdist/conf/type/__ssh_authorized_keys/explorer/group @@ -18,5 +18,6 @@ # along with cdist. If not, see . # -gid="$("$__type_explorer/passwd" | cut -d':' -f 4)" +owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" +gid="$(getent passwd "$owner" | cut -d':' -f 4)" getent group "$gid" || true diff --git a/cdist/conf/type/__ssh_authorized_keys/man.text b/cdist/conf/type/__ssh_authorized_keys/man.text index 9fd683fd..d5523a6e 100644 --- a/cdist/conf/type/__ssh_authorized_keys/man.text +++ b/cdist/conf/type/__ssh_authorized_keys/man.text @@ -12,13 +12,13 @@ DESCRIPTION ----------- Adds or removes ssh keys from a authorized_keys file. -This type also manages the directory containing the authorized_keys -file and sets strict ownership and permissions. You can disable this feature -with the --noparent boolean parameter. +This type uses the __ssh_dot_ssh type to manage the directory containing +the authorized_keys file. You can disable this feature with the --noparent +boolean parameter. The existence, ownership and permissions of the authorized_keys file itself are also managed. This can be disabled with the --nofile boolean parameter. It is -then left to the user to ensure that the file exists and that ownership and +then left to the user to ensure that the file exists and that ownership and permissions work with ssh. @@ -31,15 +31,23 @@ key:: OPTIONAL PARAMETERS ------------------- +comment:: + explicit comment instead of the one which may be trailing the given key + +file:: + an alternative destination file, defaults to ~$owner/.ssh/authorized_keys + +option:: + an option to set for all created authorized_key entries. + Can be specified multiple times. + See sshd(8) for available options. + owner:: the user owning the authorized_keys file, defaults to object_id. state:: if the given keys should be 'present' or 'absent', defaults to 'present'. -file:: - an alternative destination file, defaults to ~$owner/.ssh/authorized_keys - BOOLEAN PARAMETERS ------------------ @@ -64,13 +72,24 @@ __ssh_authorized_keys root \ __ssh_authorized_keys user-name \ --key "ssh-rsa AXYZAAB3NzaC1yc2..." +# allow key to login as user-name with options and expicit comment +__ssh_authorized_keys user-name \ + --key "ssh-rsa AXYZAAB3NzaC1yc2..." \ + --option no-agent-forwarding \ + --option 'from="*.example.com"' \ + --comment 'backup server' + # same as above, but with explicit owner and two keys +# note that the options are set for all given keys __ssh_authorized_keys some-fancy-id \ --owner user-name \ --key "ssh-rsa AXYZAAB3NzaC1yc2..." \ - --key "ssh-rsa AZXYAAB3NzaC1yc2..." + --key "ssh-rsa AZXYAAB3NzaC1yc2..." \ + --option no-agent-forwarding \ + --option 'from="*.example.com"' \ + --comment 'backup server' -# same as above, but authorized_keys file in non standard location +# authorized_keys file in non standard location __ssh_authorized_keys some-fancy-id \ --file /etc/ssh/keys/user-name/authorized_keys \ --owner user-name \ @@ -89,6 +108,7 @@ __ssh_authorized_keys some-fancy-id \ SEE ALSO -------- - cdist-type(7) +- sshd(8) COPYING diff --git a/cdist/conf/type/__ssh_authorized_keys/manifest b/cdist/conf/type/__ssh_authorized_keys/manifest index 1c9df208..6a536e1b 100755 --- a/cdist/conf/type/__ssh_authorized_keys/manifest +++ b/cdist/conf/type/__ssh_authorized_keys/manifest @@ -21,16 +21,7 @@ owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" state="$(cat "$__object/parameter/state" 2>/dev/null)" -if [ -f "$__object/parameter/file" ]; then - file="$(cat "$__object/parameter/file")" -else - home="$(cut -d':' -f 6 "$__object/explorer/passwd")" - if [ -z "$home" ]; then - echo "Failed to get home directory from explorer." >&2 - exit 1 - fi - file="$home/.ssh/authorized_keys" -fi +file="$(cat "$__object/explorer/file")" if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ]; then group="$(cut -d':' -f 1 "$__object/explorer/group")" @@ -40,12 +31,8 @@ if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ]; fi if [ ! -f "$__object/parameter/noparent" ]; then - # Ensure that the directory in which the authorized_keys shall be exists and - # has the right permissions. - ssh_directory="${file%/*}" - __directory "$ssh_directory" --state present --parents \ - --owner "$owner" --group "$group" --mode 0700 - export require="__directory/$ssh_directory" + __ssh_dot_ssh "$owner" + export require="__ssh_dot_ssh/$owner" fi if [ ! -f "$__object/parameter/nofile" ]; then # Ensure that authorized_keys file exists and has the right permissions. @@ -54,6 +41,7 @@ if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ]; --group "$group" \ --mode 0600 \ --state exists + export require="__file/$file" fi fi @@ -67,22 +55,25 @@ __block "$__object_name" \ --text - << DONE remove legacy block DONE +export require="__block/$__object_name" _cksum() { echo "$1" | cksum | cut -d' ' -f 1 } while read key; do - cksum_key="$(_cksum "$key")" - line_id="${owner}-${cksum_key}" - - set -- "$line_id" + type_and_key="$(echo "$key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')" + object_id="$(_cksum "$file")-$(_cksum "$type_and_key")" + set -- "$object_id" set -- "$@" --file "$file" - set -- "$@" --regex ".*$key.*" - if [ "$state" = 'present' ]; then - set -- "$@" --line "$key" - fi + set -- "$@" --key "$key" set -- "$@" --state "$state" - # Ensure __line does not read stdin - require="__block/$__object_name" __line "$@" < /dev/null + if [ -f "$__object/parameter/option" ]; then + set -- "$@" --option "$(cat "$__object/parameter/option")" + fi + if [ -f "$__object/parameter/comment" ]; then + set -- "$@" --comment "$(cat "$__object/parameter/comment")" + fi + # Ensure __ssh_authorized_key does not read stdin + __ssh_authorized_key "$@" < /dev/null done < "$__object/parameter/key" diff --git a/cdist/conf/type/__ssh_authorized_keys/parameter/optional b/cdist/conf/type/__ssh_authorized_keys/parameter/optional index 989750b3..21f9bc29 100644 --- a/cdist/conf/type/__ssh_authorized_keys/parameter/optional +++ b/cdist/conf/type/__ssh_authorized_keys/parameter/optional @@ -1,3 +1,5 @@ +comment +file +option owner state -file diff --git a/cdist/conf/type/__ssh_dot_ssh/explorer/group b/cdist/conf/type/__ssh_dot_ssh/explorer/group new file mode 100755 index 00000000..cdea6fe7 --- /dev/null +++ b/cdist/conf/type/__ssh_dot_ssh/explorer/group @@ -0,0 +1,22 @@ +#!/bin/sh +# +# 2014 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +gid="$("$__type_explorer/passwd" | cut -d':' -f 4)" +getent group "$gid" || true diff --git a/cdist/conf/type/__ssh_authorized_keys/explorer/passwd b/cdist/conf/type/__ssh_dot_ssh/explorer/passwd similarity index 90% rename from cdist/conf/type/__ssh_authorized_keys/explorer/passwd rename to cdist/conf/type/__ssh_dot_ssh/explorer/passwd index e6352ee0..3fbad06f 100755 --- a/cdist/conf/type/__ssh_authorized_keys/explorer/passwd +++ b/cdist/conf/type/__ssh_dot_ssh/explorer/passwd @@ -1,6 +1,7 @@ #!/bin/sh # # 2012 Steven Armstrong (steven-cdist at armstrong.cc) +# 2014 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # @@ -18,6 +19,6 @@ # along with cdist. If not, see . # -owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" +owner="$__object_id" getent passwd "$owner" || true diff --git a/cdist/conf/type/__ssh_dot_ssh/man.text b/cdist/conf/type/__ssh_dot_ssh/man.text new file mode 100644 index 00000000..2cd2001c --- /dev/null +++ b/cdist/conf/type/__ssh_dot_ssh/man.text @@ -0,0 +1,44 @@ +cdist-type__ssh_dot_ssh(7) +========================== +Nico Schottelius + + +NAME +---- +cdist-type__ssh_dot_ssh - Manage .ssh directory + + +DESCRIPTION +----------- +Adds or removes .ssh directory to a user home. + +This type is being used by __ssh_authorized_keys. + +OPTIONAL PARAMETERS +------------------- +state:: + if the directory should be 'present' or 'absent', defaults to 'present'. + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# Ensure root has ~/.ssh with the right permissions +__ssh_dot_ssh root + +# Nico does not need ~/.ssh anymore +__ssh_dot_ssh nico --state absent +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__ssh_authorized_keys(7) + + +COPYING +------- +Copyright \(C) 2014 Nico Schottelius. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__ssh_dot_ssh/manifest b/cdist/conf/type/__ssh_dot_ssh/manifest new file mode 100755 index 00000000..4b797afb --- /dev/null +++ b/cdist/conf/type/__ssh_dot_ssh/manifest @@ -0,0 +1,44 @@ +#!/bin/sh +# +# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) +# 2014 Nico Schottelius (nico-cdist at schottelius.org) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# Hacked in Kalamata, Greece +# + +owner="$__object_id" +state="$(cat "$__object/parameter/state")" + +group="$(cut -d':' -f 1 "$__object/explorer/group")" +if [ -z "$group" ]; then + echo "Failed to get owners group from explorer." >&2 + exit 1 +fi + +home="$(cut -d':' -f 6 "$__object/explorer/passwd")" +if [ -z "$home" ]; then + echo "Failed to get home directory from explorer." >&2 + exit 1 +fi +ssh_directory="${home}/.ssh" + +# Ensure that the directory in which the authorized_keys shall be exists and +# has the right permissions. +__directory "$ssh_directory" \ + --state "$state" \ + --owner "$owner" --group "$group" --mode 0700 diff --git a/cdist/conf/type/__ssh_dot_ssh/parameter/default/state b/cdist/conf/type/__ssh_dot_ssh/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__ssh_dot_ssh/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__ssh_dot_ssh/parameter/optional b/cdist/conf/type/__ssh_dot_ssh/parameter/optional new file mode 100644 index 00000000..ff72b5c7 --- /dev/null +++ b/cdist/conf/type/__ssh_dot_ssh/parameter/optional @@ -0,0 +1 @@ +state diff --git a/cdist/conf/type/__zypper_repo/explorer/repo_id b/cdist/conf/type/__zypper_repo/explorer/repo_id index be0b9771..6a4791e6 100644 --- a/cdist/conf/type/__zypper_repo/explorer/repo_id +++ b/cdist/conf/type/__zypper_repo/explorer/repo_id @@ -1,6 +1,6 @@ #!/bin/sh # -# 2013 Daniel Heule (hda at sfs.biz) +# 2013-2014 Daniel Heule (hda at sfs.biz) # # This file is part of cdist. # @@ -26,4 +26,4 @@ if [ -f "$__object/parameter/uri" ]; then else uri="$__object_id" fi -echo $(zypper lr -u | grep -E "\<$uri\>" | cut -d'|' -f 1 | grep -E '^[0-9]' ) +echo $(zypper lr -u | grep -F "$uri" | cut -d'|' -f 1 | grep -E '^[0-9]' ) diff --git a/cdist/core/manifest.py b/cdist/core/manifest.py index 95bf4c25..240e57a1 100644 --- a/cdist/core/manifest.py +++ b/cdist/core/manifest.py @@ -144,4 +144,4 @@ class Manifest(object): type_manifest = os.path.join(self.local.type_path, cdist_object.cdist_type.manifest_path) message_prefix = cdist_object.name if os.path.isfile(type_manifest): - self.local.run_script(type_manifest, env=self.env_type_manifest(cdist_object)) + self.local.run_script(type_manifest, env=self.env_type_manifest(cdist_object), message_prefix=message_prefix) diff --git a/cdist/message.py b/cdist/message.py index b840a84d..f9b0c313 100644 --- a/cdist/message.py +++ b/cdist/message.py @@ -37,12 +37,14 @@ class Message(object): self.prefix = prefix self.global_messages = messages - self.messages_in = tempfile.mkstemp(suffix='.cdist_message_in')[1] - self.messages_out = tempfile.mkstemp(suffix='.cdist_message_out')[1] + in_fd, self.messages_in = tempfile.mkstemp(suffix='.cdist_message_in') + out_fd, self.messages_out = tempfile.mkstemp(suffix='.cdist_message_out') + + os.close(in_fd) + os.close(out_fd) self._copy_messages() - @property def env(self): env = {} diff --git a/docs/changelog b/docs/changelog index a6e11e08..4976cdd2 100644 --- a/docs/changelog +++ b/docs/changelog @@ -15,12 +15,41 @@ Changelog * Core: Integrate initial preos support -3.1.6: +3.1.10: + * Core: Fix too many open files bug (#343) + * Type __ssh_authorized_keys: Remove unneeded explorer (Steven Armstrong) + * Type __ssh_authorized_keys: Fix empty output bug of entry explorer (Steven Armstrong) + * Type __package_apt: Add support for --target-release + +3.1.9: 2014-10-17 + * Type __package_emerge: Fix handling of slotted packages (Daniel Heule) + * Type __package_apt: Use --force-confdef (Ricardo Catalinas Jiménez) + * Type __package_update_index: Decrease verbosity (Ricardo Catalinas Jiménez) + * Type __package_upgrade_all: Decrease verbosity (Ricardo Catalinas Jiménez) + +3.1.8: 2014-10-01 + * New Type: __package_update_index (Ricardo Catalinas Jiménez) + * New Type: __package_upgrade_all (Ricardo Catalinas Jiménez) + +3.1.7: 2014-09-29 + * Type __cdistmarker: Fix typo (Ricardo Catalinas Jiménez) + * Core: Bugfix: Export messaging to manifests (Ricardo Catalinas Jiménez) + * Explorer cpu_cores, cpu_sockets, memory: Add Mac OS X support (Manuel Hutter) + * Type __ssh_authorized_keys: Ensure keys are correctly added (Steven Armstrong) + * New Type: __ssh_authorized_key (Steven Armstrong) + * New Type: __package_pkgng_freebsd (Jake Guffey) + +3.1.6: 2014-08-18 + * New Type: __ssh_dot_ssh * Type __package_yum: Support retrieving package via URL * Type __hostname: Support SuSE and have CentOS use sysconfig value * Type __locale: Support SuSE + * Type __locale: Support Archlinux * Type __timezone: Support SuSE * Type __file: Support MacOS X (Manuel Hutter) + * Type __iptables_apply: Add "reset" to init.d script of iptables + * Type __ssh_authorized_key: Use new type __ssh_dot_ssh + * Type __zypper_repo: Bugfix for pattern matching (Daniel Heule) 3.1.5: 2014-05-05 * Type __zypper_repo: Automatically import gpg keys (Daniel Heule) diff --git a/docs/dev/logs/2014-09-10.preos-keys b/docs/dev/logs/2014-09-10.preos-keys new file mode 100644 index 00000000..53d3721a --- /dev/null +++ b/docs/dev/logs/2014-09-10.preos-keys @@ -0,0 +1,18 @@ + +cdist preos keyramfs --keyfile --keyfile + +[17:51] freiheit:vcs% mkdir preos-keys +[17:51] freiheit:vcs% mkdir -p preos-keys/root/.ssh +[17:56] freiheit:vcs% + +chown root:root -R preos-keys/ +chmod 0600 preos-keys/root/.ssh/authorized_keys + +chmod 0700 preos-keys/root/ +chmod 0700 preos-keys/root/.ssh/ + +[18:20:17] freiheit:/home/users/nico/.ungleich/ungleich/vcs/preos-keys# find . | cpio -H newc -o | gzip -9 > ../initramfs.cpio.gz +4 blocks +[18:21:08] freiheit:/home/users/nico/.ungleich/ungleich/vcs/preos-keys# + + diff --git a/docs/dev/logs/2014-11-11.discussion b/docs/dev/logs/2014-11-11.discussion new file mode 100644 index 00000000..a04d2823 --- /dev/null +++ b/docs/dev/logs/2014-11-11.discussion @@ -0,0 +1,104 @@ +- logging/cache destination + local: + ~/.cdist/log/by-host/$__target/host/config/YYYY/MM/DD/hhmmss/ + ~/.cdist/log/by-session/YYYY/MM/DD/hhmmss/$__target_host/ + config/ + install/ + export/ + remote: + /var/lib/cdist/YYYY-MM-DD-hhmmss-$sourcehost.$pid + + rm old directories on remote side + +- support for tags + - for partial configuration + - supports also install + - on object definition, define + - a) don't care (i.e. no tags) + - b) require tag (only if this tag is setup) + - c) require not tag (only if this tag is *not* setup) + - d) what if both given (conflicting) + - names for parameters: + - cdist config / cdist type + --if-tag / --not-if-tag / --require-tag + --not-if-tag + +- logging + - command line + - stdin of cdist + - stdout/stderr/stdin of types + - new: stdout/stderr + - initial manifest + - if coming from stdin + +- logging configurable + - to be discussed + +- sudo remote + - cp to tmp & mv + - umask issue? + +- install + - via tagged types + - + +- export + - one /export script per type + - exports of type running after object's code is done + - global export should also exist after everything + - PR & merge + - change DONE status to CODE_DONE + - introduce EXPORT_DONE + + +- preos + - merge with debian support only + - we are open to support --os-type later + +- stackable remotes + - change API for remote_exec and remote_copy + - new minor version + - PR & merge + +- locking + - optional + - remote lock + - based on $(ls /var/lib/cdist/) > 0 + +- ideas for parallelisation + - run explorer in parallel + - type + - object + - objects without dependencies can be run in parallel + +- connection test + - just implement + +- multi user environment + - not really needed [at the moment] + - can be implemented by + - git branches + - setting the output dir + +- python2 support with __future__ + - steven votes against it + - nico does not care too much to object + + +- pull based + - sshd / stdin + stdout + - use Use ProxyCommand with stdin/stdout + - http://www.nico.schottelius.org/blog/openssh-6.2-add-callback-functionality-using-dynamic-remote-port-forwarding/ + + - cdist grant-pull-access + - generate user + - ssh pubkeypair + - call wraper script on targethost + - it is shell! + - ssh cdistuser@controlhost + +- config replay/redo/undo + - not now + + +- have a new discussion about handling uris diff --git a/docs/dev/todo/TAKEME b/docs/dev/todo/TAKEME index 87fc91c5..4d097091 100644 --- a/docs/dev/todo/TAKEME +++ b/docs/dev/todo/TAKEME @@ -5,10 +5,6 @@ Feel free to pick one! CORE ---- -- support default parameter -- document and add paremeters for remote-copy and remote-exec! - - remove hack, make a feature of it - - remove var=foo calls on remote side. Use -o SendEnv (yeah, see ssh_config(5)) TESTS @@ -23,9 +19,6 @@ TESTS USER INTERFACE -------------- -- How to cleanly implement "restart service if config file changed" - -> document - - Cache - add example how to use - export variable $__cache @@ -45,7 +38,6 @@ TYPES - Add testing framework (proposed by Evax Software) - __user add option to include --create-home -- Merge __addifnosuchline and __removeline into __line + --state present|absent - __cron: Support --file to be used instead of user cron (probably direct support of /etc/cron.d) diff --git a/docs/man/cdist-reference.text.sh b/docs/man/cdist-reference.text.sh index 7081e762..fda7aa9c 100755 --- a/docs/man/cdist-reference.text.sh +++ b/docs/man/cdist-reference.text.sh @@ -203,10 +203,10 @@ __global:: Directory that contains generic output like explorer. Available for: initial manifest, type manifest, type gencode, shell __messages_in:: - File to read messages from + File to read messages from. Available for: initial manifest, type manifest, type gencode __messages_out:: - File to write messages + File to write messages. Available for: initial manifest, type manifest, type gencode __object:: Directory that contains the current object. diff --git a/docs/man/man7/cdist-explorer.text b/docs/man/man7/cdist-explorer.text index 2c25d845..a99be050 100644 --- a/docs/man/man7/cdist-explorer.text +++ b/docs/man/man7/cdist-explorer.text @@ -50,7 +50,7 @@ else name="$__object_id" fi -# Except dpkg failing, if package is not known / installed +# Expect dpkg failing, if package is not known / installed dpkg -s "$name" 2>/dev/null || exit 0 -------------------------------------------------------------------------------- @@ -64,5 +64,5 @@ SEE ALSO COPYING ------- -Copyright \(C) 2010-2012 Nico Schottelius. Free use of this software is +Copyright \(C) 2010-2014 Nico Schottelius. Free use of this software is granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/docs/man/man7/cdist-manifest.text b/docs/man/man7/cdist-manifest.text index 96346c08..80df5410 100644 --- a/docs/man/man7/cdist-manifest.text +++ b/docs/man/man7/cdist-manifest.text @@ -110,6 +110,7 @@ setup the variable "require" to contain the requirements. Multiple requirements can be added white space separated. -------------------------------------------------------------------------------- + 1 # No dependency 2 __file /etc/cdist-configured 3 @@ -121,21 +122,43 @@ requirements can be added white space separated. 9 require="__file/etc/cdist-configured __link/tmp/cdist-testfile" \ 10 __file /tmp/cdist-another-testfile - -------------------------------------------------------------------------------- Above the "require" variable is only set for the command that is -immediately following it. Dependencies should allways be declared that way. +immediately following it. Dependencies should always be declared that way. -On line 4 you can see that the instantion of a type "__link" object needs +On line 4 you can see that the instantion of a type "\__link" object needs the object "__file/etc/cdist-configured" to be present, before it can proceed. -This also means that the "__link" command must make sure, that either -"__file/etc/cdist-configured" allready is present, or, if it's not, it needs +This also means that the "\__link" command must make sure, that either +"\__file/etc/cdist-configured" allready is present, or, if it's not, it needs to be created. The task of cdist is to make sure, that the dependency will be -resolved appropriately and thus "__file/etc/cdist-configured" be created +resolved appropriately and thus "\__file/etc/cdist-configured" be created if necessary before "__link" proceeds (or to abort execution with an error). +If you really need to make all types depend on a common dependency, you can +export the "require" variable as well. But then, if you need to add extra +dependencies to a specific type, you have to make sure that you append these +to the globally already defined one. + +-------------------------------------------------------------------------------- + +# First of all, update the package index +__package_update_index +# Upgrade all the installed packages afterwards +require="__package_update_index" __package_upgrade_all +# Create a common dependency for all the next types so that they get to +# be executed only after the package upgrade has finished +export require="__package_upgrade_all" + +# Ensure that lighttpd is installed after we have upgraded all the packages +__package lighttpd --state present +# Ensure that munin is installed after lighttpd is present and after all +# the packages are upgraded +require="$require __package/lighttpd" __package munin --state present + +-------------------------------------------------------------------------------- + All objects that are created in a type manifest are automatically required from the type that is calling them. This is called "autorequirement" in cdist jargon. diff --git a/docs/man/man7/cdist-messaging.text b/docs/man/man7/cdist-messaging.text index 0e53871e..a6258564 100644 --- a/docs/man/man7/cdist-messaging.text +++ b/docs/man/man7/cdist-messaging.text @@ -57,6 +57,48 @@ if grep -q "^__your_type/object/id:something" "$__messages_in"; then fi -------------------------------------------------------------------------------- +Some real life examples: +-------------------------------------------------------------------------------- +# Reacting on changes from block for keepalive +if grep -q "^__block/keepalive-vrrp" "$__messages_in"; then + echo /etc/init.d/keepalived restart +fi + +# Reacting on changes of configuration files +if grep -q "^__file/etc/one" $__messages_in; then + echo 'for init in /etc/init.d/opennebula*; do $init restart; done' +fi +-------------------------------------------------------------------------------- + +Restart sshd on changes +-------------------------------------------------------------------------------- +os="$(cat "$__global/explorer/os")" + +case "$os" in + centos|redhat|suse) + restart="/etc/init.d/sshd restart" + ;; + debian|ubuntu) + restart="/etc/init.d/ssh restart" + ;; + *) + cat << eof >&2 +Unsupported os $os. +If you would like to have this type running on $os, +you can either develop the changes and send a pull +request or ask for a quote at www.ungleich.ch +eof + exit 1 + ;; +esac + +if grep -q "^__key_value/PermitRootLogin" "$__messages_in"; then + echo $restart +fi +-------------------------------------------------------------------------------- + + + SEE ALSO -------- diff --git a/docs/man/man7/cdist-type.text b/docs/man/man7/cdist-type.text index 323fc130..71d04ab3 100644 --- a/docs/man/man7/cdist-type.text +++ b/docs/man/man7/cdist-type.text @@ -100,7 +100,7 @@ echo use_ssl >> cdist/conf/type/__nginx_vhost/parameter/boolean USING PARAMETERS ---------------- The parameters given to a type can be accessed and used in all type scripts -(e.g manifest, gencode-*, explorer/*). Note that boolean parameters are +(e.g manifest, gencode, explorer). Note that boolean parameters are represented by file existence. File exists -> True, file does not exist -> False @@ -281,7 +281,7 @@ on the target, there must be another type that provides this tool and the first type should create an object of the specific type. If your type wants to save temporary data, that may be used by other types -later on (for instance __file), you can save them in the subdirectory +later on (for instance \__file), you can save them in the subdirectory "files" below $__object (but you must create it yourself). cdist will not touch this directory. diff --git a/docs/speeches/2014-05-08_linuxtag_berlin.odp b/docs/speeches/2014-05-08_linuxtag_berlin.odp index 0cf6374c..38063332 100644 Binary files a/docs/speeches/2014-05-08_linuxtag_berlin.odp and b/docs/speeches/2014-05-08_linuxtag_berlin.odp differ diff --git a/docs/speeches/2014-05-19_cdi.st-zkb_linux_erfa.odp b/docs/speeches/2014-05-19_cdi.st-zkb_linux_erfa.odp index f722a9cc..a09db845 100644 Binary files a/docs/speeches/2014-05-19_cdi.st-zkb_linux_erfa.odp and b/docs/speeches/2014-05-19_cdi.st-zkb_linux_erfa.odp differ diff --git a/docs/speeches/2014-06-10_openclouddays.odp b/docs/speeches/2014-06-10_openclouddays.odp new file mode 100644 index 00000000..e85451c8 Binary files /dev/null and b/docs/speeches/2014-06-10_openclouddays.odp differ diff --git a/docs/speeches/2014-06-10_openclouddays_teaser.odp b/docs/speeches/2014-06-10_openclouddays_teaser.odp new file mode 100644 index 00000000..16ec8e95 Binary files /dev/null and b/docs/speeches/2014-06-10_openclouddays_teaser.odp differ diff --git a/docs/speeches/2014-06-10_openclouddays_teaser.pdf b/docs/speeches/2014-06-10_openclouddays_teaser.pdf new file mode 100644 index 00000000..c5a052b8 Binary files /dev/null and b/docs/speeches/2014-06-10_openclouddays_teaser.pdf differ diff --git a/docs/speeches/2014-06-19_ucms14_cdi.st.odp b/docs/speeches/2014-06-19_ucms14_cdi.st.odp new file mode 100644 index 00000000..9338abe4 Binary files /dev/null and b/docs/speeches/2014-06-19_ucms14_cdi.st.odp differ diff --git a/docs/speeches/2014-06-19_ucms14_cdist_cinv_bof.odp b/docs/speeches/2014-06-19_ucms14_cdist_cinv_bof.odp new file mode 100644 index 00000000..21f59ee8 Binary files /dev/null and b/docs/speeches/2014-06-19_ucms14_cdist_cinv_bof.odp differ diff --git a/docs/speeches/2014-11-07_sfs_linux_erfa_cdist4.odp b/docs/speeches/2014-11-07_sfs_linux_erfa_cdist4.odp new file mode 100644 index 00000000..29ada1b0 Binary files /dev/null and b/docs/speeches/2014-11-07_sfs_linux_erfa_cdist4.odp differ diff --git a/docs/speeches/2014-11-07_sfs_linux_erfa_cdist4.pdf b/docs/speeches/2014-11-07_sfs_linux_erfa_cdist4.pdf new file mode 100644 index 00000000..718d3997 Binary files /dev/null and b/docs/speeches/2014-11-07_sfs_linux_erfa_cdist4.pdf differ diff --git a/docs/speeches/2014-11-07_sfs_linux_erfa_cdist_web_prototype.odp b/docs/speeches/2014-11-07_sfs_linux_erfa_cdist_web_prototype.odp new file mode 100644 index 00000000..47c858d4 Binary files /dev/null and b/docs/speeches/2014-11-07_sfs_linux_erfa_cdist_web_prototype.odp differ diff --git a/docs/speeches/2014-11-07_sfs_linux_erfa_cdist_web_prototype.pdf b/docs/speeches/2014-11-07_sfs_linux_erfa_cdist_web_prototype.pdf new file mode 100644 index 00000000..ae0a3bef Binary files /dev/null and b/docs/speeches/2014-11-07_sfs_linux_erfa_cdist_web_prototype.pdf differ