Merge branch 'master' into preos

Makefile

@@ -170,17 +170,6 @@ $(ML_FILE): $(CHANGELOG_FILE)
 ml-release: $(ML_FILE)
 
 
-################################################################################
-# Release: Freecode
-#
-FREECODE_FILE=.lock-freecode
-
-$(FREECODE_FILE): $(CHANGELOG_FILE)
-	$(helper) freecode-release $(CHANGELOG_VERSION)
-	touch $@
-
-freecode-release: $(FREECODE_FILE)
-
 ################################################################################
 # pypi
 #
@@ -197,7 +186,7 @@ ARCHLINUX_FILE=.lock-archlinux
 ARCHLINUXTAR=cdist-$(CHANGELOG_VERSION)-1.src.tar.gz
 
 $(ARCHLINUXTAR): PKGBUILD
-	makepkg -c --source
+	umask 022; makepkg -c --source
 
 PKGBUILD: PKGBUILD.in $(PYTHON_VERSION)
 	./PKGBUILD.in $(CHANGELOG_VERSION)

PKGBUILD.in

@@ -17,7 +17,13 @@ source=("http://pypi.python.org/packages/source/c/cdist/cdist-\${pkgver}.tar.gz"
 package() {
     cd cdist-\${pkgver}
     python3 setup.py build install --root="\${pkgdir}"
+    find "\$pkgdir" -type d -exec chmod 0755 {} \;
+    find "\$pkgdir" -type f -exec chmod a+r {} \;
 }
 eof
 
 makepkg -g >> "${outfile}"
+
+# Fix this issue:
+# error: failed to upload cdist-3.1.6-1.src.tar.gz: Error - all files must have permissions of 644 or 755.
+chmod a+r "${outfile}"

bin/build-helper

@@ -145,21 +145,6 @@ eof
     ;;
 
 
-    freecode-release)
-        version=$1; shift
-        printf "Enter tag list for freecode release %s> " "$version"
-        read taglist
-
-        printf "Enter changelog for freecode release %s> " "$version"
-        read changelog
-
-        echo "Submitting to freecode ..."
-        python2 ~/p/foreign/freecode-submit-2.7/freecode-submit -P cdist \
-            -v "$version" -c "$changelog" \
-            -t "$taglist" \
-            -n
-    ;;
-
     release-git-tag)
         target_version=$($0 changelog-version)
         if git rev-parse --verify refs/tags/$target_version 2>/dev/null; then
@@ -258,9 +243,6 @@ eof
         # Archlinux release is based on pypi
         make archlinux-release
 
-        # Announce change on Freecode
-        make freecode-release
-
         # Announce change on ML
         make ml-release
 

cdist/conf/type/__block/explorer/block

@@ -1,5 +1,24 @@
 #!/bin/sh
-# 2013 Steven Armstrong (steven-cdist at armstrong.cc)
+#
+# 2013 Steven Armstrong (steven-cdist armstrong.cc)
+# 2014 Nico Schottelius (nico-cdist at schottelius.org)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
 
 file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")"
 
@@ -8,12 +27,12 @@ file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")"
 
 prefix=$(cat "$__object/parameter/prefix" 2>/dev/null || echo "#cdist:__block/$__object_id")
 suffix=$(cat "$__object/parameter/suffix" 2>/dev/null || echo "#/cdist:__block/$__object_id")
-awk -v prefix="$prefix" -v suffix="$suffix" '{
-   if (index($0,prefix)) {
+awk -v prefix="^$prefix\$" -v suffix="^$suffix\$" '{
+   if (match($0,prefix)) {
       triggered=1
    }
    if (triggered) {
-      if (index($0,suffix)) {
+      if (match($0,suffix)) {
             triggered=0
       }
       print

cdist/conf/type/__block/gencode-remote

@@ -46,7 +46,7 @@ tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
 if [ -f "$file" ]; then
    cp -p "$file" "\$tmpfile"
 fi
-awk -v prefix="$prefix" -v suffix="$suffix" '
+awk -v prefix="^$prefix\\\$" -v suffix="^$suffix\\\$" '
 {
    if (index(\$0,prefix)) {
       triggered=1

cdist/conf/type/__iptables_apply/files/init-script

@@ -45,4 +45,14 @@ case $1 in
     restart)
         "$0" stop &&  "$0" start
     ;;
+    reset)
+        for table in INPUT FORWARD OUTPUT; do
+            iptables -P "$table" ACCEPT
+            iptables -F "$table"
+        done
+        for table in PREROUTING POSTROUTING OUTPUT; do
+            iptables -t nat -P "$table" ACCEPT
+            iptables -t nat -F "$table"
+        done
+    ;;
 esac

cdist/conf/type/__locale/manifest

@@ -29,7 +29,7 @@ case "$os" in
         # Debian needs a seperate package
         __package locales --state present
     ;;
-    suse)
+    archlinux|suse)
         :
     ;;
     *)

cdist/conf/type/__ssh_authorized_keys/man.text

@@ -12,9 +12,9 @@ DESCRIPTION
 -----------
 Adds or removes ssh keys from a authorized_keys file.
 
-This type also manages the directory containing the authorized_keys
-file and sets strict ownership and permissions. You can disable this feature
-with the --noparent boolean parameter.
+This type uses the __ssh_dot_ssh type to the directory containing 
+the authorized_keys file.
+You can disable this feature with the --noparent boolean parameter.
 
 The existence, ownership and permissions of the authorized_keys file itself are
 also managed. This can be disabled with the --nofile boolean parameter. It is

cdist/conf/type/__ssh_authorized_keys/manifest

@@ -40,12 +40,8 @@ if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ];
    fi
 
    if [ ! -f "$__object/parameter/noparent" ]; then
-      # Ensure that the directory in which the authorized_keys shall be exists and
-      # has the right permissions.
-      ssh_directory="${file%/*}"
-      __directory "$ssh_directory" --state present --parents \
-         --owner "$owner" --group "$group" --mode 0700
-      export require="__directory/$ssh_directory"
+      __ssh_dot_ssh "$owner"
+      export require="__ssh_dot_ssh/$owner"
    fi
    if [ ! -f "$__object/parameter/nofile" ]; then
       # Ensure that authorized_keys file exists and has the right permissions.

cdist/conf/type/__ssh_dot_ssh/explorer/group

@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+gid="$("$__type_explorer/passwd" | cut -d':' -f 4)"
+getent group "$gid" || true

cdist/conf/type/__ssh_dot_ssh/explorer/passwd

@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# 2012 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2014 Nico Schottelius (nico-cdist at schottelius.org)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+owner="$__object_id"
+
+getent passwd "$owner" || true

cdist/conf/type/__ssh_dot_ssh/man.text

@@ -0,0 +1,44 @@
+cdist-type__ssh_dot_ssh(7)
+==========================
+Nico Schottelius <nico-cdist--@--schottelius.org>
+
+
+NAME
+----
+cdist-type__ssh_dot_ssh - Manage .ssh directory
+
+
+DESCRIPTION
+-----------
+Adds or removes .ssh directory to a user home.
+
+This type is being used by __ssh_authorized_keys.
+
+OPTIONAL PARAMETERS
+-------------------
+state::
+   if the directory should be 'present' or 'absent', defaults to 'present'.
+
+
+EXAMPLES
+--------
+
+--------------------------------------------------------------------------------
+# Ensure root has ~/.ssh with the right permissions
+__ssh_dot_ssh root
+
+# Nico does not need ~/.ssh anymore
+__ssh_dot_ssh nico --state absent
+--------------------------------------------------------------------------------
+
+
+SEE ALSO
+--------
+- cdist-type(7)
+- cdist-type__ssh_authorized_keys(7)
+
+
+COPYING
+-------
+Copyright \(C) 2014 Nico Schottelius. Free use of this software is
+granted under the terms of the GNU General Public License version 3 (GPLv3).

cdist/conf/type/__ssh_dot_ssh/manifest

@@ -0,0 +1,44 @@
+#!/bin/sh
+#
+# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2014 Nico Schottelius (nico-cdist at schottelius.org)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+# Hacked in Kalamata, Greece
+#
+
+owner="$__object_id"
+state="$(cat "$__object/parameter/state")"
+
+group="$(cut -d':' -f 1 "$__object/explorer/group")"
+if [ -z "$group" ]; then
+    echo "Failed to get owners group from explorer." >&2
+    exit 1
+fi
+
+home="$(cut -d':' -f 6 "$__object/explorer/passwd")"
+if [ -z "$home" ]; then
+   echo "Failed to get home directory from explorer." >&2
+   exit 1
+fi
+ssh_directory="${home}/.ssh"
+
+# Ensure that the directory in which the authorized_keys shall be exists and
+# has the right permissions.
+__directory "$ssh_directory" \
+    --state "$state" \
+    --owner "$owner" --group "$group" --mode 0700

cdist/conf/type/__ssh_dot_ssh/parameter/default/state

@@ -0,0 +1 @@
+present

cdist/conf/type/__ssh_dot_ssh/parameter/optional

@@ -0,0 +1 @@
+state

cdist/conf/type/__zypper_repo/explorer/repo_id

@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# 2013 Daniel Heule (hda at sfs.biz)
+# 2013-2014 Daniel Heule (hda at sfs.biz)
 #
 # This file is part of cdist.
 #
@@ -26,4 +26,4 @@ if [ -f "$__object/parameter/uri" ]; then
 else
    uri="$__object_id"
 fi
-echo $(zypper lr -u | grep -E "\<$uri\>" | cut -d'|' -f 1 | grep -E '^[0-9]' )
+echo $(zypper lr -u | grep -F "$uri" | cut -d'|' -f 1 | grep -E '^[0-9]' )

docs/changelog

@@ -5,12 +5,17 @@ Changelog
 	* Exception: No braces means author == Nico Schottelius
 
 
-3.1.6:
+3.1.6: 2014-08-18
+	* New Type: __ssh_dot_ssh
 	* Type __package_yum: Support retrieving package via URL
 	* Type __hostname: Support SuSE and have CentOS use sysconfig value
 	* Type __locale: Support SuSE
+	* Type __locale: Support Archlinux
 	* Type __timezone: Support SuSE
 	* Type __file: Support MacOS X (Manuel Hutter)
+	* Type __iptables_apply: Add "reset" to init.d script of iptables
+	* Type __ssh_authorized_key: Use new type __ssh_dot_ssh
+	* Type __zypper_repo: Bugfix for pattern matching (Daniel Heule)
 
 3.1.5: 2014-05-05
 	* Type __zypper_repo: Automatically import gpg keys (Daniel Heule)

docs/dev/todo/TAKEME

@@ -5,10 +5,6 @@ Feel free to pick one!
 
 CORE
 ----
-- support default parameter
-- document and add paremeters for remote-copy and remote-exec!
-    - remove hack, make a feature of it
-
 - remove var=foo calls on remote side. Use -o SendEnv (yeah, see ssh_config(5))
 
 TESTS
@@ -23,9 +19,6 @@ TESTS
 
 USER INTERFACE
 --------------
-- How to cleanly implement "restart service if config file changed"
-    -> document
-
 - Cache
    - add example how to use 
    - export variable $__cache
@@ -45,7 +38,6 @@ TYPES
 - Add testing framework (proposed by Evax Software)
 - __user
    add option to include --create-home
-- Merge __addifnosuchline and __removeline into __line + --state present|absent
 - __cron: Support --file to be used instead of user cron (probably direct support
     of /etc/cron.d)
 

docs/man/man7/cdist-messaging.text

@@ -57,6 +57,48 @@ if grep -q "^__your_type/object/id:something" "$__messages_in"; then
 fi
 --------------------------------------------------------------------------------
 
+Some real life examples:
+--------------------------------------------------------------------------------
+# Reacting on changes from block for keepalive
+if grep -q "^__block/keepalive-vrrp" "$__messages_in"; then
+    echo /etc/init.d/keepalived restart
+fi
+
+# Reacting on changes of configuration files
+if grep -q "^__file/etc/one" $__messages_in; then
+    echo 'for init in /etc/init.d/opennebula*; do $init restart; done'
+fi
+--------------------------------------------------------------------------------
+
+Restart sshd on changes
+--------------------------------------------------------------------------------
+os="$(cat "$__global/explorer/os")"
+
+case "$os" in
+    centos|redhat|suse)
+        restart="/etc/init.d/sshd restart"
+    ;;
+    debian|ubuntu)
+        restart="/etc/init.d/ssh restart"
+    ;;
+    *)
+        cat << eof >&2
+Unsupported os $os.
+If you would like to have this type running on $os,
+you can either develop the changes and send a pull
+request or ask for a quote at www.ungleich.ch
+eof
+        exit 1
+    ;;
+esac
+
+if grep -q "^__key_value/PermitRootLogin" "$__messages_in"; then
+    echo $restart
+fi
+--------------------------------------------------------------------------------
+
+
+
 
 SEE ALSO
 --------