From 3f69895046c1096fc677c3c7ac4d0124f0b08e94 Mon Sep 17 00:00:00 2001 From: Romain Dartigues Date: Mon, 27 Dec 2021 14:41:37 +0100 Subject: [PATCH 01/42] WIP: support Linux Mint and LMDE Without this patch, Linux Mint and LMDE are detected as "debian" which, somehow, does work, but do not take in consideration those distributions specifics (such as mirror, upstream version, etc.). This is flagged WIP as long as I do not run the tests on LMDE. --- cdist/conf/explorer/os | 7 +++++++ cdist/conf/explorer/os_version | 4 ++-- cdist/conf/type/__apt_backports/manifest | 4 ++-- cdist/conf/type/__apt_default_release/manifest | 2 +- cdist/conf/type/__apt_norecommends/manifest | 2 +- cdist/conf/type/__apt_pin/manifest | 2 +- cdist/conf/type/__consul/manifest | 2 +- cdist/conf/type/__consul_agent/manifest | 5 ++++- cdist/conf/type/__docker/manifest | 2 +- cdist/conf/type/__firewalld_start/gencode-remote | 3 ++- cdist/conf/type/__go_get/manifest | 2 +- cdist/conf/type/__grafana_dashboard/manifest | 1 + cdist/conf/type/__hostname/gencode-remote | 2 +- cdist/conf/type/__hostname/manifest | 2 +- cdist/conf/type/__hwclock/manifest | 5 +++-- .../conf/type/__install_bootloader_grub/explorer/target_os | 7 +++++++ cdist/conf/type/__install_bootloader_grub/gencode-remote | 2 +- cdist/conf/type/__letsencrypt_cert/manifest | 3 ++- cdist/conf/type/__locale/manifest | 3 ++- cdist/conf/type/__locale_system/manifest | 3 ++- cdist/conf/type/__localedef/gencode-remote | 2 +- cdist/conf/type/__localedef/manifest | 2 +- cdist/conf/type/__openldap_server/manifest | 4 ++-- cdist/conf/type/__package/manifest | 2 +- cdist/conf/type/__package_update_index/explorer/type | 2 +- cdist/conf/type/__package_upgrade_all/gencode-remote | 2 +- cdist/conf/type/__postfix_master/manifest | 2 +- cdist/conf/type/__postfix_postconf/explorer/value | 2 +- cdist/conf/type/__postfix_postconf/gencode-remote | 2 +- cdist/conf/type/__postfix_reload/gencode-remote | 2 +- cdist/conf/type/__postgres_conf/explorer/postgres_user | 2 +- cdist/conf/type/__sensible_editor/explorer/editor_path | 2 +- cdist/conf/type/__sensible_editor/manifest | 2 +- cdist/conf/type/__sshd_config/manifest | 2 +- cdist/conf/type/__start_on_boot/explorer/state | 4 ++-- cdist/conf/type/__start_on_boot/gencode-remote | 3 ++- cdist/conf/type/__sysctl/gencode-remote | 2 +- cdist/conf/type/__sysctl/manifest | 2 +- cdist/conf/type/__timezone/gencode-remote | 2 +- cdist/conf/type/__timezone/manifest | 2 +- cdist/conf/type/__unpack/manifest | 4 ++-- cdist/conf/type/__xymon_apache/gencode-remote | 2 +- cdist/conf/type/__xymon_apache/manifest | 2 +- cdist/conf/type/__xymon_client/manifest | 2 +- cdist/conf/type/__xymon_server/manifest | 2 +- cdist/test/autil/fixtures/explorer/os | 7 +++++++ cdist/test/autil/fixtures/explorer/os_version | 3 ++- 47 files changed, 81 insertions(+), 49 deletions(-) diff --git a/cdist/conf/explorer/os b/cdist/conf/explorer/os index 46d87f3e..32bb282c 100755 --- a/cdist/conf/explorer/os +++ b/cdist/conf/explorer/os @@ -51,6 +51,13 @@ if grep -q ^DISTRIB_ID=Ubuntu /etc/lsb-release 2>/dev/null; then exit 0 fi +if grep -q ^DISTRIB_ID=LinuxMint /etc/lsb-release 2>/dev/null; then + echo linuxmint + exit 0 +fi + +#FIXME: Linux Mint Debian Edition/lmde + # devuan ascii has both devuan_version and debian_version, so we need to check devuan_version first! if [ -f /etc/devuan_version ]; then echo devuan diff --git a/cdist/conf/explorer/os_version b/cdist/conf/explorer/os_version index bbc9e4f0..edc92a77 100755 --- a/cdist/conf/explorer/os_version +++ b/cdist/conf/explorer/os_version @@ -41,7 +41,7 @@ in # empty, but well... cat /etc/arch-release ;; - debian) + debian|lmde) debian_version=$(cat /etc/debian_version) case $debian_version in @@ -134,7 +134,7 @@ in cat /etc/SuSE-release fi ;; - ubuntu) + ubuntu|linuxmint) if command -v lsb_release >/dev/null 2>&1 then lsb_release -sr diff --git a/cdist/conf/type/__apt_backports/manifest b/cdist/conf/type/__apt_backports/manifest index 6fcd9212..46bf8eb2 100755 --- a/cdist/conf/type/__apt_backports/manifest +++ b/cdist/conf/type/__apt_backports/manifest @@ -36,7 +36,7 @@ codename_os_release() { # detect backport distribution os="$(cat "$__global/explorer/os")" case "$os" in - debian) + debian|lmde) dist="$( codename_os_release )" components="main" mirror="http://deb.debian.org/debian/" @@ -46,7 +46,7 @@ case "$os" in components="main" mirror="http://deb.devuan.org/merged" ;; - ubuntu) + ubuntu|linuxmint) dist="$( codename_os_release )" components="main restricted universe multiverse" mirror="http://archive.ubuntu.com/ubuntu" diff --git a/cdist/conf/type/__apt_default_release/manifest b/cdist/conf/type/__apt_default_release/manifest index 1232efb5..bbdf6311 100755 --- a/cdist/conf/type/__apt_default_release/manifest +++ b/cdist/conf/type/__apt_default_release/manifest @@ -24,7 +24,7 @@ os=$(cat "$__global/explorer/os") release="$(cat "$__object/parameter/release")" case "$os" in - ubuntu|debian|devuan) + ubuntu|debian|devuan|linuxmint|lmde) __file /etc/apt/apt.conf.d/99-default-release \ --owner root --group root --mode 644 \ --source - << DONE diff --git a/cdist/conf/type/__apt_norecommends/manifest b/cdist/conf/type/__apt_norecommends/manifest index fc187784..05bc369e 100755 --- a/cdist/conf/type/__apt_norecommends/manifest +++ b/cdist/conf/type/__apt_norecommends/manifest @@ -24,7 +24,7 @@ os=$(cat "${__global:?}/explorer/os") case ${os} in - (ubuntu|debian|devuan) + (ubuntu|debian|devuan|linuxmint|lmde) __file /etc/apt/apt.conf.d/00InstallRecommends --state present \ --owner root --group root --mode 0644 --source - <<-'EOF' APT::Install-Recommends "false"; diff --git a/cdist/conf/type/__apt_pin/manifest b/cdist/conf/type/__apt_pin/manifest index e72a8fdd..22368d7a 100755 --- a/cdist/conf/type/__apt_pin/manifest +++ b/cdist/conf/type/__apt_pin/manifest @@ -35,7 +35,7 @@ priority="$(cat "$__object/parameter/priority")" case "$os" in - debian|ubuntu|devuan) + debian|ubuntu|devuan|linux|lmde) ;; *) printf "This type is specific to Debian and it's derivatives" >&2 diff --git a/cdist/conf/type/__consul/manifest b/cdist/conf/type/__consul/manifest index 156eb667..cc4221c5 100755 --- a/cdist/conf/type/__consul/manifest +++ b/cdist/conf/type/__consul/manifest @@ -24,7 +24,7 @@ os=$(cat "$__global/explorer/os") case "$os" in - alpine|scientific|centos|redhat|ubuntu|debian|devuan|archlinux|gentoo) + alpine|scientific|centos|redhat|ubuntu|debian|devuan|archlinux|gentoo|linuxmint|lmde) # any linux should work : ;; diff --git a/cdist/conf/type/__consul_agent/manifest b/cdist/conf/type/__consul_agent/manifest index 7b54529c..a90b7d9d 100755 --- a/cdist/conf/type/__consul_agent/manifest +++ b/cdist/conf/type/__consul_agent/manifest @@ -58,6 +58,7 @@ esac distribution_setup () { case "$os" in +#FIXME: Linux Mint Debian Edition/lmde debian) # consul is only available starting Debian 10 (buster). # See https://packages.debian.org/buster/consul @@ -136,7 +137,7 @@ init_upstart() manual_setup () { case "$os" in - alpine|scientific|centos|debian|devuan|redhat|ubuntu) + alpine|scientific|centos|debian|devuan|redhat|ubuntu|linuxmint|lmde) # whitelist safeguard : ;; @@ -191,6 +192,7 @@ manual_setup () { esac ;; +#FIXME: Linux Mint Debian Edition/lmde debian) os_version=$(cat "$__global/explorer/os_version") major_version="${os_version%%.*}" @@ -209,6 +211,7 @@ manual_setup () { esac ;; +#FIXME: Linux Mint ubuntu) init_upstart ;; diff --git a/cdist/conf/type/__docker/manifest b/cdist/conf/type/__docker/manifest index 6a57d85a..cb82f7f9 100755 --- a/cdist/conf/type/__docker/manifest +++ b/cdist/conf/type/__docker/manifest @@ -44,7 +44,7 @@ case "$os" in exit 1 fi ;; - ubuntu|debian) + ubuntu|debian|linuxmint|lmde) if [ "${state}" = "present" ]; then __package apt-transport-https __package ca-certificates diff --git a/cdist/conf/type/__firewalld_start/gencode-remote b/cdist/conf/type/__firewalld_start/gencode-remote index 3e767f68..2e9099ee 100755 --- a/cdist/conf/type/__firewalld_start/gencode-remote +++ b/cdist/conf/type/__firewalld_start/gencode-remote @@ -45,6 +45,7 @@ if [ "$init" = 'systemd' ]; then echo "systemctl \"$cmd\" \"$name\"" else case "$os" in +#FIXME: Linux Mint Debian Edition/lmde debian) case "$os_version" in [1-7]*) @@ -72,7 +73,7 @@ else echo "/etc/init.d/\"$name\" \"$cmd\"" ;; - ubuntu) + ubuntu|linuxmint) echo "service \"$name\" \"$cmd\"" ;; diff --git a/cdist/conf/type/__go_get/manifest b/cdist/conf/type/__go_get/manifest index a5cc4c80..3440f310 100755 --- a/cdist/conf/type/__go_get/manifest +++ b/cdist/conf/type/__go_get/manifest @@ -5,7 +5,7 @@ go_executable=$(cat "$__object/explorer/go-executable") os=$(cat "$__global/explorer/os") case $os in - debian|devuan|ubuntu) + debian|devuan|ubuntu|linuxmint|lmde) __package build-essential ;; *) diff --git a/cdist/conf/type/__grafana_dashboard/manifest b/cdist/conf/type/__grafana_dashboard/manifest index 0d944482..e94fc954 100755 --- a/cdist/conf/type/__grafana_dashboard/manifest +++ b/cdist/conf/type/__grafana_dashboard/manifest @@ -5,6 +5,7 @@ os_version=$(cat "$__global/explorer/os_version") require="" case $os in +#FIXME: Linux Mint Debian Edition/lmde debian|devuan) case $os_version in 8*|jessie) diff --git a/cdist/conf/type/__hostname/gencode-remote b/cdist/conf/type/__hostname/gencode-remote index c1a97ac8..b09fef3e 100755 --- a/cdist/conf/type/__hostname/gencode-remote +++ b/cdist/conf/type/__hostname/gencode-remote @@ -59,7 +59,7 @@ echo 'changed' >>"${__messages_out:?}" # Use the good old way to set the hostname. case ${os} in - (alpine|debian|devuan|ubuntu) + (alpine|debian|devuan|ubuntu|linuxmint|lmde) echo 'hostname -F /etc/hostname' ;; (archlinux) diff --git a/cdist/conf/type/__hostname/manifest b/cdist/conf/type/__hostname/manifest index b80aa2ef..7bceb120 100755 --- a/cdist/conf/type/__hostname/manifest +++ b/cdist/conf/type/__hostname/manifest @@ -56,7 +56,7 @@ fi case ${os} in - (alpine|debian|devuan|ubuntu|void) + (alpine|debian|devuan|ubuntu|void|linuxmint|lmde) echo "${name_should}" | __file /etc/hostname --source - ;; (archlinux) diff --git a/cdist/conf/type/__hwclock/manifest b/cdist/conf/type/__hwclock/manifest index 7d9ab88f..c5939a30 100755 --- a/cdist/conf/type/__hwclock/manifest +++ b/cdist/conf/type/__hwclock/manifest @@ -104,11 +104,12 @@ in unset CDIST_ORDER_DEPENDENCY fi ;; - (debian|devuan|ubuntu) + (debian|devuan|ubuntu|linuxmint|lmde) os_major=$(sed 's/[^0-9].*$//' "${__global:?}/explorer/os_version") case ${os} in +#FIXME: Linux Mint Debian Edition/lmde (debian) if test "${os_major}" -ge 7 then @@ -129,7 +130,7 @@ in (devuan) update_rcS=false ;; - (ubuntu) + (ubuntu|linuxmint) update_rcS=$(test "${os_major}" -lt 16 && echo true || echo false) ;; esac diff --git a/cdist/conf/type/__install_bootloader_grub/explorer/target_os b/cdist/conf/type/__install_bootloader_grub/explorer/target_os index f235710a..117a8c53 100755 --- a/cdist/conf/type/__install_bootloader_grub/explorer/target_os +++ b/cdist/conf/type/__install_bootloader_grub/explorer/target_os @@ -48,6 +48,13 @@ if grep -q ^DISTRIB_ID=Ubuntu "$chroot/etc/lsb-release" 2>/dev/null; then exit 0 fi +if grep -q ^DISTRIB_ID=LinuxMint "$chroot/etc/lsb-release" 2>/dev/null; then + echo linuxmint + exit 0 +fi + +#FIXME: Linux Mint Debian Edition/lmde + if [ -f "$chroot/etc/debian_version" ]; then echo debian exit 0 diff --git a/cdist/conf/type/__install_bootloader_grub/gencode-remote b/cdist/conf/type/__install_bootloader_grub/gencode-remote index 1caebbbf..3c5bf3e8 100755 --- a/cdist/conf/type/__install_bootloader_grub/gencode-remote +++ b/cdist/conf/type/__install_bootloader_grub/gencode-remote @@ -34,7 +34,7 @@ exec > "$install_script" printf '#!/bin/sh -l\n' case "$target_os" in - ubuntu|debian) + ubuntu|debian|linuxmint|lmde) if [ -s "$__global/explorer/efi" ]; then # FIXME: untested. maybe also just run update-grub for EFI system? printf 'grub-mkconfig --output=/boot/efi/EFI/%s/grub.cfg\n' "$target_os" diff --git a/cdist/conf/type/__letsencrypt_cert/manifest b/cdist/conf/type/__letsencrypt_cert/manifest index 638a99e0..971cdf17 100644 --- a/cdist/conf/type/__letsencrypt_cert/manifest +++ b/cdist/conf/type/__letsencrypt_cert/manifest @@ -15,6 +15,7 @@ if [ -z "${certbot_fullpath}" ]; then alpine) __package certbot ;; +#FIXME: Linux Mint Debian Edition/lmde debian) case "$os_version" in 8*) @@ -88,7 +89,7 @@ if [ -z "${certbot_fullpath}" ]; then __package py37-certbot certbot_fullpath="/usr/local/bin/certbot" ;; - ubuntu) + ubuntu|linuxmint) __package certbot ;; *) diff --git a/cdist/conf/type/__locale/manifest b/cdist/conf/type/__locale/manifest index 9f1e17ac..a83cabae 100755 --- a/cdist/conf/type/__locale/manifest +++ b/cdist/conf/type/__locale/manifest @@ -26,11 +26,12 @@ os=$(cat "$__global/explorer/os") case "$os" in +#FIXME: Linux Mint Debian Edition/lmde debian|devuan) # Debian needs a seperate package __package locales --state present ;; - archlinux|suse|ubuntu|scientific|centos|alpine) + archlinux|suse|ubuntu|scientific|centos|alpine|linuxmint) : ;; *) diff --git a/cdist/conf/type/__locale_system/manifest b/cdist/conf/type/__locale_system/manifest index 4b996ebc..7172f1f9 100755 --- a/cdist/conf/type/__locale_system/manifest +++ b/cdist/conf/type/__locale_system/manifest @@ -55,6 +55,7 @@ os=$(cat "$__global/explorer/os") case $os in +#FIXME: Linux Mint Debian Edition/lmde debian) if version_ge 4 <"${__global}/explorer/os_version" then @@ -67,7 +68,7 @@ in devuan) locale_conf="/etc/default/locale" ;; - ubuntu) + ubuntu|linuxmint) if version_ge 6.10 <"${__global}/explorer/os_version" then # Ubuntu 6.10 (edgy) and later diff --git a/cdist/conf/type/__localedef/gencode-remote b/cdist/conf/type/__localedef/gencode-remote index 4538151f..af0bc783 100755 --- a/cdist/conf/type/__localedef/gencode-remote +++ b/cdist/conf/type/__localedef/gencode-remote @@ -61,7 +61,7 @@ in printf '%s does not support locales.\n' "${os}" >&2 exit 1 ;; - (archlinux|debian|devuan|ubuntu|suse|centos|fedora|redhat|scientific) + (archlinux|debian|devuan|ubuntu|suse|centos|fedora|redhat|scientific|linuxmint|lmde) # FIXME: The code below only works for glibc-based installations. # NOTE: Hardcoded, create a pull request in case it is at another diff --git a/cdist/conf/type/__localedef/manifest b/cdist/conf/type/__localedef/manifest index 3ab3ad8c..3f2a8022 100755 --- a/cdist/conf/type/__localedef/manifest +++ b/cdist/conf/type/__localedef/manifest @@ -24,7 +24,7 @@ case $(cat "${__global:?}/explorer/os") in - (debian|devuan) + (debian|devuan|lmde) __package_apt locales --state present ;; esac diff --git a/cdist/conf/type/__openldap_server/manifest b/cdist/conf/type/__openldap_server/manifest index 2aeece26..54dd6a1c 100644 --- a/cdist/conf/type/__openldap_server/manifest +++ b/cdist/conf/type/__openldap_server/manifest @@ -37,7 +37,7 @@ case "${os}" in tls_cipher_suite="HIGH:MEDIUM:+SSLv2" fi ;; - debian|ubuntu|devuan) + debian|ubuntu|devuan|linuxmint|lmde) PKGS="slapd ldap-utils" ETC="/etc" SLAPD_DIR="/etc/ldap" @@ -157,7 +157,7 @@ case "${os}" in --comment "# LDAP Listener URLs" \ "${__target_host}__slapd_flags" ;; - debian|ubuntu|devuan) + debian|ubuntu|devuan|linuxmint|lmde) require="__package/${PKG_MAIN}" __line rm_slapd_conf \ --file ${ETC}/default/slapd \ --regex 'SLAPD_CONF=.*' \ diff --git a/cdist/conf/type/__package/manifest b/cdist/conf/type/__package/manifest index a453c32b..e6dfd840 100755 --- a/cdist/conf/type/__package/manifest +++ b/cdist/conf/type/__package/manifest @@ -33,7 +33,7 @@ else case "$os" in amazon|scientific|centos|fedora|redhat) type="yum" ;; archlinux) type="pacman" ;; - debian|ubuntu|devuan) type="apt" ;; + debian|ubuntu|devuan|linuxmint|lmde) type="apt" ;; freebsd) if [ -n "$(cat "$__object/explorer/pkgng_exists")" ]; then type="pkgng_freebsd" diff --git a/cdist/conf/type/__package_update_index/explorer/type b/cdist/conf/type/__package_update_index/explorer/type index c98e1e67..07c06184 100644 --- a/cdist/conf/type/__package_update_index/explorer/type +++ b/cdist/conf/type/__package_update_index/explorer/type @@ -24,7 +24,7 @@ else os="$("$__explorer/os")" case "$os" in amazon|scientific|centos|fedora|redhat) echo "yum" ;; - debian|ubuntu|devuan) echo "apt" ;; + debian|ubuntu|devuan|linuxmint|lmde) echo "apt" ;; archlinux) echo "pacman" ;; alpine) echo "apk" ;; *) diff --git a/cdist/conf/type/__package_upgrade_all/gencode-remote b/cdist/conf/type/__package_upgrade_all/gencode-remote index d332e851..e2250c55 100755 --- a/cdist/conf/type/__package_upgrade_all/gencode-remote +++ b/cdist/conf/type/__package_upgrade_all/gencode-remote @@ -39,7 +39,7 @@ else os="$(cat "$__global/explorer/os")" case "$os" in amazon|scientific|centos|fedora|redhat) type="yum" ;; - debian|ubuntu|devuan) type="apt" ;; + debian|ubuntu|devuan|linuxmint|lmde) type="apt" ;; archlinux) type="pacman" ;; *) echo "Don't know how to manage packages on: $os" >&2 diff --git a/cdist/conf/type/__postfix_master/manifest b/cdist/conf/type/__postfix_master/manifest index 0960ea41..5e2a9ddc 100755 --- a/cdist/conf/type/__postfix_master/manifest +++ b/cdist/conf/type/__postfix_master/manifest @@ -22,7 +22,7 @@ os=$(cat "$__global/explorer/os") case "$os" in - ubuntu|debian|archlinux|scientific|centos|devuan) + ubuntu|debian|archlinux|scientific|centos|devuan|linuxmint|lmde) : ;; *) diff --git a/cdist/conf/type/__postfix_postconf/explorer/value b/cdist/conf/type/__postfix_postconf/explorer/value index 67dacad8..a84ec127 100755 --- a/cdist/conf/type/__postfix_postconf/explorer/value +++ b/cdist/conf/type/__postfix_postconf/explorer/value @@ -22,7 +22,7 @@ os=$("$__explorer/os") case "$os" in - alpine|ubuntu|debian|archlinux|suse|scientific|centos|devuan) + alpine|ubuntu|debian|archlinux|suse|scientific|centos|devuan|linuxmint|lmde) : ;; *) diff --git a/cdist/conf/type/__postfix_postconf/gencode-remote b/cdist/conf/type/__postfix_postconf/gencode-remote index 279dddd4..94f0b82a 100755 --- a/cdist/conf/type/__postfix_postconf/gencode-remote +++ b/cdist/conf/type/__postfix_postconf/gencode-remote @@ -22,7 +22,7 @@ os=$(cat "$__global/explorer/os") case "$os" in - alpine|archlinux|centos|debian|devuan|suse|scientific|ubuntu) + alpine|archlinux|centos|debian|devuan|suse|scientific|ubuntu|linuxmint|lmde) : ;; *) diff --git a/cdist/conf/type/__postfix_reload/gencode-remote b/cdist/conf/type/__postfix_reload/gencode-remote index 7720dc49..3bdc7e4b 100755 --- a/cdist/conf/type/__postfix_reload/gencode-remote +++ b/cdist/conf/type/__postfix_reload/gencode-remote @@ -22,7 +22,7 @@ os=$(cat "$__global/explorer/os") case "$os" in - ubuntu|debian|archlinux|scientific|centos|devuan) + ubuntu|debian|archlinux|scientific|centos|devuan|linuxmint|lmde) echo "postfix reload" ;; *) diff --git a/cdist/conf/type/__postgres_conf/explorer/postgres_user b/cdist/conf/type/__postgres_conf/explorer/postgres_user index c6582dc4..d2a6fa96 100644 --- a/cdist/conf/type/__postgres_conf/explorer/postgres_user +++ b/cdist/conf/type/__postgres_conf/explorer/postgres_user @@ -29,7 +29,7 @@ in (centos|rhel|scientific) echo 'postgres' ;; - (debian|devuan|ubuntu) + (debian|devuan|ubuntu|linuxmint|lmde) echo 'postgres' ;; (freebsd) diff --git a/cdist/conf/type/__sensible_editor/explorer/editor_path b/cdist/conf/type/__sensible_editor/explorer/editor_path index dcf63c9b..b7a43886 100644 --- a/cdist/conf/type/__sensible_editor/explorer/editor_path +++ b/cdist/conf/type/__sensible_editor/explorer/editor_path @@ -39,7 +39,7 @@ test "$(cat "${__object}/parameter/state")" != 'absent' || exit 0 case $("${__explorer}/os") in - debian|devuan|ubuntu) + debian|devuan|ubuntu|linuxmint|lmde) has_alternatives=true # NOTE: Old versions do not support `--list`, in this case ignore the errors. diff --git a/cdist/conf/type/__sensible_editor/manifest b/cdist/conf/type/__sensible_editor/manifest index 1cdb0c2c..6b8e3da7 100644 --- a/cdist/conf/type/__sensible_editor/manifest +++ b/cdist/conf/type/__sensible_editor/manifest @@ -57,7 +57,7 @@ package_name='sensible-utils' case $os in - debian) + debian|linuxmint|lmde) pkg_type='apt' ;; devuan) diff --git a/cdist/conf/type/__sshd_config/manifest b/cdist/conf/type/__sshd_config/manifest index e37afebb..54485155 100755 --- a/cdist/conf/type/__sshd_config/manifest +++ b/cdist/conf/type/__sshd_config/manifest @@ -24,7 +24,7 @@ state_should=$(cat "${__object:?}/parameter/state") case ${os} in - (alpine|centos|fedora|redhat|scientific|debian|devuan|ubuntu) + (alpine|centos|fedora|redhat|scientific|debian|devuan|ubuntu|linuxmint|lmde) if test "${state_should}" != 'absent' then __package openssh-server --state present diff --git a/cdist/conf/type/__start_on_boot/explorer/state b/cdist/conf/type/__start_on_boot/explorer/state index b7a6cf0f..232a78bc 100644 --- a/cdist/conf/type/__start_on_boot/explorer/state +++ b/cdist/conf/type/__start_on_boot/explorer/state @@ -37,7 +37,7 @@ if [ "$init" = 'systemd' ]; then else case "$os" in - debian|openwrt|devuan) + debian|openwrt|devuan|lmde) state="absent" for file in "/etc/rc$runlevel.d/S"??"$name" do @@ -48,7 +48,7 @@ else fi done ;; - ubuntu) + ubuntu|linuxmint) state="absent" for file in "/etc/rc$runlevel.d/S"??"$name" do diff --git a/cdist/conf/type/__start_on_boot/gencode-remote b/cdist/conf/type/__start_on_boot/gencode-remote index c900933f..b03feeef 100755 --- a/cdist/conf/type/__start_on_boot/gencode-remote +++ b/cdist/conf/type/__start_on_boot/gencode-remote @@ -40,6 +40,7 @@ case "$state_should" in echo "systemctl -q enable '$name'" else case "$os" in +#FIXME: Linux Mint Debian Edition/lmde debian) case "$os_version" in [1-7]*) @@ -73,7 +74,7 @@ case "$state_should" in echo "'/etc/init.d/$name' enable || [ -f /etc/rc.d/S??'$name' ]" ;; - ubuntu) + ubuntu|linuxmint) echo "update-rc.d '$name' defaults >/dev/null" ;; diff --git a/cdist/conf/type/__sysctl/gencode-remote b/cdist/conf/type/__sysctl/gencode-remote index f0f6deef..3812eda1 100755 --- a/cdist/conf/type/__sysctl/gencode-remote +++ b/cdist/conf/type/__sysctl/gencode-remote @@ -30,7 +30,7 @@ fi os=$(cat "$__global/explorer/os") case "$os" in # Linux - redhat|centos|ubuntu|debian|devuan|archlinux|gentoo|coreos) + redhat|centos|ubuntu|debian|devuan|archlinux|gentoo|coreos|linuxmint|lmde) flag='-w' ;; # BusyBox diff --git a/cdist/conf/type/__sysctl/manifest b/cdist/conf/type/__sysctl/manifest index 71dea7f7..8c9e7ec2 100755 --- a/cdist/conf/type/__sysctl/manifest +++ b/cdist/conf/type/__sysctl/manifest @@ -25,7 +25,7 @@ os=$(cat "$__global/explorer/os") case "$os" in # Linux - alpine|redhat|centos|ubuntu|debian|devuan|archlinux|coreos) + alpine|redhat|centos|ubuntu|debian|devuan|archlinux|coreos|linuxmint|lmde) : ;; # BSD diff --git a/cdist/conf/type/__timezone/gencode-remote b/cdist/conf/type/__timezone/gencode-remote index b685c990..9ec7aae3 100755 --- a/cdist/conf/type/__timezone/gencode-remote +++ b/cdist/conf/type/__timezone/gencode-remote @@ -30,7 +30,7 @@ if [ "$timezone_is" = "$timezone_should" ]; then fi case "$os" in - ubuntu|debian|devuan|coreos|alpine) + ubuntu|debian|devuan|coreos|alpine|linuxmint|lmde) echo "echo \"$timezone_should\" > /etc/timezone" ;; esac diff --git a/cdist/conf/type/__timezone/manifest b/cdist/conf/type/__timezone/manifest index 0eb7fb9c..1ebbc841 100755 --- a/cdist/conf/type/__timezone/manifest +++ b/cdist/conf/type/__timezone/manifest @@ -26,7 +26,7 @@ timezone=$(cat "$__object/parameter/tz") os=$(cat "$__global/explorer/os") case "$os" in - archlinux|debian|ubuntu|devuan|alpine) + archlinux|debian|ubuntu|devuan|alpine|linuxmint|lmde) __package tzdata export require="__package/tzdata" ;; diff --git a/cdist/conf/type/__unpack/manifest b/cdist/conf/type/__unpack/manifest index 6bdf5a10..ca8e4408 100755 --- a/cdist/conf/type/__unpack/manifest +++ b/cdist/conf/type/__unpack/manifest @@ -20,7 +20,7 @@ case "$src" in ;; *.lzma|*.xz|*.txz) case "$os" in - debian|ubuntu|devuan) + debian|ubuntu|devuan|linuxmint|lmde) __package xz-utils ;; alpine|centos) @@ -30,7 +30,7 @@ case "$src" in ;; *.rar) case "$os" in - debian|ubuntu|devuan|alpine|freebsd) + debian|ubuntu|devuan|alpine|freebsd|linuxmint|lmde) __package unrar ;; esac diff --git a/cdist/conf/type/__xymon_apache/gencode-remote b/cdist/conf/type/__xymon_apache/gencode-remote index e7d8e344..a6f90f1c 100755 --- a/cdist/conf/type/__xymon_apache/gencode-remote +++ b/cdist/conf/type/__xymon_apache/gencode-remote @@ -21,7 +21,7 @@ state=$(cat "$__object/parameter/state") os=$(cat "$__global/explorer/os") case "$os" in - debian|ubuntu) + debian|ubuntu|linuxmint|lmde) : ;; *) diff --git a/cdist/conf/type/__xymon_apache/manifest b/cdist/conf/type/__xymon_apache/manifest index bfd0af79..6e85ee98 100755 --- a/cdist/conf/type/__xymon_apache/manifest +++ b/cdist/conf/type/__xymon_apache/manifest @@ -21,7 +21,7 @@ state=$(cat "$__object/parameter/state") os=$(cat "$__global/explorer/os") case "$os" in - debian|ubuntu) + debian|ubuntu|linuxmint|lmde) : ;; *) diff --git a/cdist/conf/type/__xymon_client/manifest b/cdist/conf/type/__xymon_client/manifest index 88293a12..c75b92d0 100755 --- a/cdist/conf/type/__xymon_client/manifest +++ b/cdist/conf/type/__xymon_client/manifest @@ -22,7 +22,7 @@ servers=$(cat "$__object/parameter/servers") os=$(cat "$__global/explorer/os") case "$os" in - debian|ubuntu) + debian|ubuntu|linuxmint|lmde) : ;; *) diff --git a/cdist/conf/type/__xymon_server/manifest b/cdist/conf/type/__xymon_server/manifest index 7cee0d23..4b31d8ad 100755 --- a/cdist/conf/type/__xymon_server/manifest +++ b/cdist/conf/type/__xymon_server/manifest @@ -26,7 +26,7 @@ fi os=$(cat "$__global/explorer/os") case "$os" in - debian|ubuntu) + debian|ubuntu|linuxmint|lmde) : ;; *) diff --git a/cdist/test/autil/fixtures/explorer/os b/cdist/test/autil/fixtures/explorer/os index 094685ea..c357bfc0 100755 --- a/cdist/test/autil/fixtures/explorer/os +++ b/cdist/test/autil/fixtures/explorer/os @@ -50,6 +50,13 @@ if grep -q ^DISTRIB_ID=Ubuntu /etc/lsb-release 2>/dev/null; then exit 0 fi +if grep -q ^DISTRIB_ID=LinuxMint /etc/lsb-release 2>/dev/null; then + echo linuxmint + exit 0 +fi + +#FIXME: Linux Mint Debian Edition/lmde + if [ -f /etc/debian_version ]; then echo debian exit 0 diff --git a/cdist/test/autil/fixtures/explorer/os_version b/cdist/test/autil/fixtures/explorer/os_version index 380782cc..92335e74 100755 --- a/cdist/test/autil/fixtures/explorer/os_version +++ b/cdist/test/autil/fixtures/explorer/os_version @@ -30,6 +30,7 @@ case "$($__explorer/os)" in # empty, but well... cat /etc/arch-release ;; +#FIXME: Linux Mint Debian Edition/lmde debian) cat /etc/debian_version ;; @@ -67,7 +68,7 @@ case "$($__explorer/os)" in cat /etc/SuSE-release fi ;; - ubuntu) + ubuntu|linuxmint) lsb_release -sr ;; esac From 08ff41efded6e3112fc462ba13d9166e620b4082 Mon Sep 17 00:00:00 2001 From: Mark Verboom Date: Tue, 8 Mar 2022 12:04:58 +0100 Subject: [PATCH 02/42] Added rm of tmpfile. --- cdist/conf/type/__ssh_authorized_key/gencode-remote | 1 + 1 file changed, 1 insertion(+) diff --git a/cdist/conf/type/__ssh_authorized_key/gencode-remote b/cdist/conf/type/__ssh_authorized_key/gencode-remote index 61c77fb9..cbffde94 100755 --- a/cdist/conf/type/__ssh_authorized_key/gencode-remote +++ b/cdist/conf/type/__ssh_authorized_key/gencode-remote @@ -40,6 +40,7 @@ if [ -f "$file" ]; then grep -v -F -x '$line' '$file' >\$tmpfile fi cat "\$tmpfile" >"$file" +rm -f "\$tmpfile" DONE } From e0150e779681e232f95bdbefd957c666f05daa89 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Wed, 9 Mar 2022 16:16:44 +0100 Subject: [PATCH 03/42] ++changes --- docs/changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/changelog b/docs/changelog index 26d89057..81be51f6 100644 --- a/docs/changelog +++ b/docs/changelog @@ -12,6 +12,8 @@ next: * Type __package_apt: Fix complaint about suite change (Matthias Stecher) * Type __debconf_set_selections: Fix bug where --file was unsupported (Evilham) * Types __letsencrypt_cert, __grafana_dashboard: Improve bullseye support (Evilham) + * Type __ssh_authorized_key: Also remove tmpfile if removing line (Mark Verboom) + * Type __apt_pin: Add default priority, add comment in generated files (Daniel Fancsali) 6.9.8: 2021-08-24 * Type __rsync: Rewrite (Ander Punnar) From bd44c023d33eb51a09afad12b18c082f6a3ae36d Mon Sep 17 00:00:00 2001 From: Daniel Fancsali Date: Fri, 11 Jun 2021 11:22:31 +0100 Subject: [PATCH 04/42] Fix typos; add default priority; comments in generated files --- cdist/conf/type/__apt_pin/manifest | 5 +++++ cdist/conf/type/__apt_pin/parameter/default/priority | 1 + cdist/conf/type/__apt_pin/parameter/optional | 1 + cdist/conf/type/__apt_pin/parameter/required | 1 - 4 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 cdist/conf/type/__apt_pin/parameter/default/priority diff --git a/cdist/conf/type/__apt_pin/manifest b/cdist/conf/type/__apt_pin/manifest index e72a8fdd..983b2b42 100755 --- a/cdist/conf/type/__apt_pin/manifest +++ b/cdist/conf/type/__apt_pin/manifest @@ -57,6 +57,11 @@ __file "/etc/apt/preferences.d/$name" \ --owner root --group root --mode 0644 \ --state "$state" \ --source - << EOF +# Created by cdist ${__type##*/} +# Do not change. Changes will be overwritten. +# + +# $name Package: $package Pin: $pin Pin-Priority: $priority diff --git a/cdist/conf/type/__apt_pin/parameter/default/priority b/cdist/conf/type/__apt_pin/parameter/default/priority new file mode 100644 index 00000000..1b79f38e --- /dev/null +++ b/cdist/conf/type/__apt_pin/parameter/default/priority @@ -0,0 +1 @@ +500 diff --git a/cdist/conf/type/__apt_pin/parameter/optional b/cdist/conf/type/__apt_pin/parameter/optional index 52f01fd2..847e703d 100644 --- a/cdist/conf/type/__apt_pin/parameter/optional +++ b/cdist/conf/type/__apt_pin/parameter/optional @@ -1,2 +1,3 @@ state package +priority diff --git a/cdist/conf/type/__apt_pin/parameter/required b/cdist/conf/type/__apt_pin/parameter/required index 4b4e9741..c8572d92 100644 --- a/cdist/conf/type/__apt_pin/parameter/required +++ b/cdist/conf/type/__apt_pin/parameter/required @@ -1,2 +1 @@ distribution -priority From 22039284f57f575defa0bc65c46b8bbcbe016cd8 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Sun, 10 Apr 2022 23:52:53 +0200 Subject: [PATCH 05/42] __file: make file uploading and attribute changes more atomic Fixes https://code.ungleich.ch/ungleich-public/cdist/pulls/331 Signed-off-by: Steven Armstrong --- cdist/conf/type/__file/gencode-local | 28 +++++++++++++++++++-------- cdist/conf/type/__file/gencode-remote | 14 +++++++++++++- 2 files changed, 33 insertions(+), 9 deletions(-) diff --git a/cdist/conf/type/__file/gencode-local b/cdist/conf/type/__file/gencode-local index 231b6927..bea3d79c 100755 --- a/cdist/conf/type/__file/gencode-local +++ b/cdist/conf/type/__file/gencode-local @@ -1,7 +1,7 @@ #!/bin/sh -e # # 2011-2012 Nico Schottelius (nico-cdist at schottelius.org) -# 2013 Steven Armstrong (steven-cdist armstrong.cc) +# 2013-2022 Steven Armstrong (steven-cdist armstrong.cc) # # This file is part of cdist. # @@ -89,10 +89,26 @@ if [ "$state_should" = "present" ] || [ "$state_should" = "exists" ]; then touch "$__object/files/set-attributes" # upload file to temp location - tempfile_template="${destination}.cdist.XXXXXXXXXX" + upload_destination="$(mktemp -u "${destination}.cdist.XXXXXXXXXX")" + # Yes, we are aware that this is a race condition. + # However: + # a) cdist usually writes to directories that are not user writable + # (probably > 99.9%) + # b) if they are user owned, the user / attacker always wins + # (probably < 0.1%) + # c) the only case which we could improve are tmp directories and we + # don't think managing tmp directories with cdist is a typical case + # ("the rest %)" cat << DONE -destination_upload="\$($__remote_exec $__target_host "mktemp $tempfile_template")" +$__remote_exec $__target_host test -e $upload_destination && { + echo "Refusing to upload file to existing destination: $upload_destination" >&2 + exit 1 +} DONE + # Tell gencode-remote to where we uploaded the file so it can move + # it to its final destination. + echo "$upload_destination" > "$__object/files/upload-destination" + if [ "$upload_file" ]; then echo upload >> "$__messages_out" # IPv6 fix @@ -103,12 +119,8 @@ DONE my_target_host="${__target_host}" fi cat << DONE -$__remote_copy "$source" "${my_target_host}:\$destination_upload" +$__remote_copy "$source" "${my_target_host}:${upload_destination}" DONE fi -# move uploaded file into place -cat << DONE -$__remote_exec $__target_host "rm -rf \"$destination\"; mv \"\$destination_upload\" \"$destination\"" -DONE fi fi diff --git a/cdist/conf/type/__file/gencode-remote b/cdist/conf/type/__file/gencode-remote index f7a528fd..136520a7 100755 --- a/cdist/conf/type/__file/gencode-remote +++ b/cdist/conf/type/__file/gencode-remote @@ -1,7 +1,7 @@ #!/bin/sh -e # # 2011-2013 Nico Schottelius (nico-cdist at schottelius.org) -# 2013 Steven Armstrong (steven-cdist armstrong.cc) +# 2013-2022 Steven Armstrong (steven-cdist armstrong.cc) # # This file is part of cdist. # @@ -62,6 +62,13 @@ set_mode() { case "$state_should" in present|exists) + if [ -f "$__object/files/upload-destination" ]; then + final_destination="$destination" + # We change the 'global' $destination variable here so we can + # change attributes of the new/uploaded file before moving it + # to it's final destination. + destination="$(cat "$__object/files/upload-destination")" + fi # Note: Mode - needs to happen last as a chown/chgrp can alter mode by # clearing S_ISUID and S_ISGID bits (see chown(2)) for attribute in group owner mode; do @@ -81,6 +88,11 @@ case "$state_should" in fi fi done + if [ -f "$__object/files/upload-destination" ]; then + # move uploaded file into place + printf 'rm -rf "%s"\n' "$final_destination" + printf 'mv -T "%s" "%s"\n' "$destination" "$final_destination" + fi if [ -f "$__object/files/set-attributes" ]; then # set-attributes is created if file is created or uploaded in gencode-local fire_onchange=1 From af54fe6febc186b0db6da00f2d06d5e87f4012f9 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Mon, 11 Apr 2022 00:04:41 +0200 Subject: [PATCH 06/42] changelog++ Signed-off-by: Steven Armstrong --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 81be51f6..3363be27 100644 --- a/docs/changelog +++ b/docs/changelog @@ -14,6 +14,7 @@ next: * Types __letsencrypt_cert, __grafana_dashboard: Improve bullseye support (Evilham) * Type __ssh_authorized_key: Also remove tmpfile if removing line (Mark Verboom) * Type __apt_pin: Add default priority, add comment in generated files (Daniel Fancsali) + * Type __file: make file uploading and attribute changes more atomic (Steven Armstrong) 6.9.8: 2021-08-24 * Type __rsync: Rewrite (Ander Punnar) From cb0fa0f2e4d99891653b8871309e22f62ff393dd Mon Sep 17 00:00:00 2001 From: Romain Dartigues Date: Fri, 24 Dec 2021 15:39:29 +0100 Subject: [PATCH 07/42] force add-apt-repository to act in non-interactive mode --- cdist/conf/type/__apt_ppa/gencode-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__apt_ppa/gencode-remote b/cdist/conf/type/__apt_ppa/gencode-remote index 84ebebfe..094366b9 100755 --- a/cdist/conf/type/__apt_ppa/gencode-remote +++ b/cdist/conf/type/__apt_ppa/gencode-remote @@ -29,7 +29,7 @@ fi case "$state_should" in present) - echo "add-apt-repository '$name'" + echo "add-apt-repository -y '$name'" ;; absent) echo "remove-apt-repository '$name'" From 54a5cb17b762a7fbb61225b36621c8a45e83536b Mon Sep 17 00:00:00 2001 From: Romain Dartigues Date: Fri, 24 Dec 2021 15:41:03 +0100 Subject: [PATCH 08/42] use add-apt-repository instead of add-apt-repository Remove `remove-apt-repository` which is now no longer needed; use `add-apt-repository` which allow removal through the `-r` flag. --- .../__apt_ppa/files/remove-apt-repository | 55 ------------------- cdist/conf/type/__apt_ppa/gencode-remote | 2 +- cdist/conf/type/__apt_ppa/manifest | 5 -- 3 files changed, 1 insertion(+), 61 deletions(-) delete mode 100755 cdist/conf/type/__apt_ppa/files/remove-apt-repository diff --git a/cdist/conf/type/__apt_ppa/files/remove-apt-repository b/cdist/conf/type/__apt_ppa/files/remove-apt-repository deleted file mode 100755 index 3eb7d491..00000000 --- a/cdist/conf/type/__apt_ppa/files/remove-apt-repository +++ /dev/null @@ -1,55 +0,0 @@ -#!/usr/bin/env python -# -# Remove the given apt repository. -# -# Exit with: -# 0: if it worked -# 1: if not -# 2: on other error - -import os -import sys -from aptsources import distro, sourceslist -from softwareproperties import ppa -from softwareproperties.SoftwareProperties import SoftwareProperties - - -def remove_if_empty(file_name): - with open(file_name, 'r') as f: - if f.read().strip(): - return - os.unlink(file_name) - -def remove_repository(repository): - #print 'repository:', repository - codename = distro.get_distro().codename - #print 'codename:', codename - (line, file) = ppa.expand_ppa_line(repository.strip(), codename) - #print 'line:', line - #print 'file:', file - deb_source_entry = sourceslist.SourceEntry(line, file) - src_source_entry = sourceslist.SourceEntry('deb-src{}'.format(line[3:]), file) - - try: - sp = SoftwareProperties() - sp.remove_source(deb_source_entry) - try: - # If there's a deb-src entry, remove that too - sp.remove_source(src_source_entry) - except: - pass - remove_if_empty(file) - return True - except ValueError: - print >> sys.stderr, "Error: '%s' doesn't exists in a sourcelist file" % line - return False - -if __name__ == '__main__': - if (len(sys.argv) != 2): - print >> sys.stderr, 'Error: need a repository as argument' - sys.exit(2) - repository = sys.argv[1] - if remove_repository(repository): - sys.exit(0) - else: - sys.exit(1) diff --git a/cdist/conf/type/__apt_ppa/gencode-remote b/cdist/conf/type/__apt_ppa/gencode-remote index 094366b9..e41341b8 100755 --- a/cdist/conf/type/__apt_ppa/gencode-remote +++ b/cdist/conf/type/__apt_ppa/gencode-remote @@ -32,6 +32,6 @@ case "$state_should" in echo "add-apt-repository -y '$name'" ;; absent) - echo "remove-apt-repository '$name'" + echo "add-apt-repository -r -y '$name'" ;; esac diff --git a/cdist/conf/type/__apt_ppa/manifest b/cdist/conf/type/__apt_ppa/manifest index c6f4e876..57e85442 100755 --- a/cdist/conf/type/__apt_ppa/manifest +++ b/cdist/conf/type/__apt_ppa/manifest @@ -20,9 +20,4 @@ __package software-properties-common -require="__package/software-properties-common" \ - __file /usr/local/bin/remove-apt-repository \ - --source "$__type/files/remove-apt-repository" \ - --mode 0755 - require="$__object_name" __apt_update_index From 6f8c774cb08e29c8f0282a8a40a43f1d09c7248e Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Thu, 14 Apr 2022 00:16:10 +0200 Subject: [PATCH 09/42] workaround mktemp -u checking for write access Signed-off-by: Steven Armstrong --- cdist/conf/type/__file/gencode-local | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__file/gencode-local b/cdist/conf/type/__file/gencode-local index bea3d79c..42c9d1e7 100755 --- a/cdist/conf/type/__file/gencode-local +++ b/cdist/conf/type/__file/gencode-local @@ -89,7 +89,7 @@ if [ "$state_should" = "present" ] || [ "$state_should" = "exists" ]; then touch "$__object/files/set-attributes" # upload file to temp location - upload_destination="$(mktemp -u "${destination}.cdist.XXXXXXXXXX")" + upload_destination="$(mktemp -u "/__cdist${destination}.cdist.XXXXXXXXXX" | sed 's|^/__cdist||')" # Yes, we are aware that this is a race condition. # However: # a) cdist usually writes to directories that are not user writable From 2df2578e36c688fcbdb32a87609bc263d2e7db9c Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Thu, 14 Apr 2022 00:27:28 +0200 Subject: [PATCH 10/42] __file: remove the questionable check for uploadfile existence Signed-off-by: Steven Armstrong --- cdist/conf/type/__file/gencode-local | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/cdist/conf/type/__file/gencode-local b/cdist/conf/type/__file/gencode-local index 42c9d1e7..aa7149c1 100755 --- a/cdist/conf/type/__file/gencode-local +++ b/cdist/conf/type/__file/gencode-local @@ -99,12 +99,7 @@ if [ "$state_should" = "present" ] || [ "$state_should" = "exists" ]; then # c) the only case which we could improve are tmp directories and we # don't think managing tmp directories with cdist is a typical case # ("the rest %)" - cat << DONE -$__remote_exec $__target_host test -e $upload_destination && { - echo "Refusing to upload file to existing destination: $upload_destination" >&2 - exit 1 -} -DONE + # Tell gencode-remote to where we uploaded the file so it can move # it to its final destination. echo "$upload_destination" > "$__object/files/upload-destination" From 8b915b15b5a969b7de308e2b1b124d28548349dc Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Thu, 14 Apr 2022 00:46:13 +0200 Subject: [PATCH 11/42] __file: make the create-empty-file case work again Signed-off-by: Steven Armstrong --- cdist/conf/type/__file/gencode-local | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/cdist/conf/type/__file/gencode-local b/cdist/conf/type/__file/gencode-local index aa7149c1..f9acdb17 100755 --- a/cdist/conf/type/__file/gencode-local +++ b/cdist/conf/type/__file/gencode-local @@ -72,6 +72,7 @@ if [ "$state_should" = "present" ] || [ "$state_should" = "exists" ]; then if [ "$type" != "file" ]; then # destination is not a regular file, upload source to replace it upload_file=1 + echo upload >> "$__messages_out" else local_cksum="$(cksum < "$source")" remote_cksum="$(cat "$__object/explorer/cksum")" @@ -88,6 +89,14 @@ if [ "$state_should" = "present" ] || [ "$state_should" = "exists" ]; then mkdir "$__object/files" touch "$__object/files/set-attributes" + if [ "$create_file" ]; then + # When creating an empty file we create it locally and then + # upload it so that permissions can be set before moving the file + # into place. + source="$__object/files/empty" + touch "$source" + fi + # upload file to temp location upload_destination="$(mktemp -u "/__cdist${destination}.cdist.XXXXXXXXXX" | sed 's|^/__cdist||')" # Yes, we are aware that this is a race condition. @@ -104,18 +113,15 @@ if [ "$state_should" = "present" ] || [ "$state_should" = "exists" ]; then # it to its final destination. echo "$upload_destination" > "$__object/files/upload-destination" - if [ "$upload_file" ]; then - echo upload >> "$__messages_out" - # IPv6 fix - if echo "${__target_host}" | grep -q -E '^[0-9a-fA-F:]+$' - then - my_target_host="[${__target_host}]" - else - my_target_host="${__target_host}" - fi - cat << DONE + # IPv6 fix + if echo "${__target_host}" | grep -q -E '^[0-9a-fA-F:]+$' + then + my_target_host="[${__target_host}]" + else + my_target_host="${__target_host}" + fi + cat << DONE $__remote_copy "$source" "${my_target_host}:${upload_destination}" DONE - fi fi fi From abbc7dfc376ffb6554bfaad2d5a6ec93955f235f Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Sat, 16 Apr 2022 19:05:31 +0200 Subject: [PATCH 12/42] since we already remove the destination, we have no need to use -T on move, fixes #333 Signed-off-by: Steven Armstrong --- cdist/conf/type/__file/gencode-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__file/gencode-remote b/cdist/conf/type/__file/gencode-remote index 136520a7..1a9ff69c 100755 --- a/cdist/conf/type/__file/gencode-remote +++ b/cdist/conf/type/__file/gencode-remote @@ -91,7 +91,7 @@ case "$state_should" in if [ -f "$__object/files/upload-destination" ]; then # move uploaded file into place printf 'rm -rf "%s"\n' "$final_destination" - printf 'mv -T "%s" "%s"\n' "$destination" "$final_destination" + printf 'mv "%s" "%s"\n' "$destination" "$final_destination" fi if [ -f "$__object/files/set-attributes" ]; then # set-attributes is created if file is created or uploaded in gencode-local From 6c8c692a22c886bf82b18f51a133f88a8ab547b7 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Mon, 2 May 2022 23:25:59 +0200 Subject: [PATCH 13/42] __file: kiss and fix regression on Mac OSX Signed-off-by: Steven Armstrong --- cdist/conf/type/__file/gencode-local | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__file/gencode-local b/cdist/conf/type/__file/gencode-local index f9acdb17..5a303308 100755 --- a/cdist/conf/type/__file/gencode-local +++ b/cdist/conf/type/__file/gencode-local @@ -98,7 +98,7 @@ if [ "$state_should" = "present" ] || [ "$state_should" = "exists" ]; then fi # upload file to temp location - upload_destination="$(mktemp -u "/__cdist${destination}.cdist.XXXXXXXXXX" | sed 's|^/__cdist||')" + upload_destination="${destination}.cdist.${__cdist_object_marker}.$$" # Yes, we are aware that this is a race condition. # However: # a) cdist usually writes to directories that are not user writable From 3d58c9b24fede2d1dafb15fc36424c52c466bb0d Mon Sep 17 00:00:00 2001 From: Stephan Leemburg Date: Fri, 20 May 2022 13:48:07 +0200 Subject: [PATCH 14/42] add optional file parameter to allow for use in a loop without object_id clashes --- cdist/conf/type/__dot_file/man.rst | 15 +++++++++++++++ cdist/conf/type/__dot_file/manifest | 10 ++++++++-- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/cdist/conf/type/__dot_file/man.rst b/cdist/conf/type/__dot_file/man.rst index ba7621a1..c8f36712 100644 --- a/cdist/conf/type/__dot_file/man.rst +++ b/cdist/conf/type/__dot_file/man.rst @@ -37,6 +37,12 @@ state source forwarded to :strong:`__file` type +file + forwarded to :strong:`__file` type + This can be used if multiple users need to have a dotfile updated, + which will result in duplicate object id errors. When using the + file parameter the object id can be some unique value. + MESSAGES -------- @@ -61,6 +67,15 @@ EXAMPLES # Install default xmonad config for user 'eve'. Parent directory is created automatically. __dot_file .xmonad/xmonad.hs --user eve --state exists --source "$__files/xmonad.hs" + # install .vimrc for root and some users + for user in root userx usery userz; do + __dot_file "${user}_dot_vimrc" \ + --user $user \ + --file .vimrc \ + --state exists \ + --source "$__files/$user/.vimrc" + done + SEE ALSO -------- diff --git a/cdist/conf/type/__dot_file/manifest b/cdist/conf/type/__dot_file/manifest index 02dadf05..a38ed943 100755 --- a/cdist/conf/type/__dot_file/manifest +++ b/cdist/conf/type/__dot_file/manifest @@ -20,13 +20,19 @@ user="$(cat "${__object}/parameter/user")" home="$(cat "${__object}/explorer/home")" primary_group="$(cat "${__object}/explorer/primary_group")" dirmode="$(cat "${__object}/parameter/dirmode")" +if [ -f "${__object}/parameter/file" ]; then + file="$(cat "${__object}/parameter/file")" +else + file="${__object_id}" +fi + # Create parent directory. Type __directory has flag 'parents', but it # will leave us with root-owned directory in user home, which is not # acceptable. So we create parent directories one-by-one. XXX: maybe # it should be fixed in '__directory'? set -- -subpath=${__object_id} +subpath=${file} while subpath="$(dirname "${subpath}")" ; do [ "${subpath}" = . ] && break set -- "${subpath}" "$@" @@ -64,4 +70,4 @@ if [ "${source}" = "-" ] ; then fi unset source -__file "${home}/${__object_id}" --owner "$user" --group "$primary_group" "$@" +__file "${home}/${file}" --owner "$user" --group "$primary_group" "$@" From 9839c2d8ec63719c30493870851f1e1ab8079fb1 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 20 May 2022 14:55:12 +0200 Subject: [PATCH 15/42] ++changelog Signed-off-by: Nico Schottelius --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 3363be27..29507443 100644 --- a/docs/changelog +++ b/docs/changelog @@ -15,6 +15,7 @@ next: * Type __ssh_authorized_key: Also remove tmpfile if removing line (Mark Verboom) * Type __apt_pin: Add default priority, add comment in generated files (Daniel Fancsali) * Type __file: make file uploading and attribute changes more atomic (Steven Armstrong) + * Type __dot_file: Add support for using --file parameter (Stephan Leemburg) 6.9.8: 2021-08-24 * Type __rsync: Rewrite (Ander Punnar) From 77d9a757ec0e6986388aa368b77f065ae6be68c8 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 20 May 2022 14:58:45 +0200 Subject: [PATCH 16/42] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 29507443..8c9e1028 100644 --- a/docs/changelog +++ b/docs/changelog @@ -16,6 +16,7 @@ next: * Type __apt_pin: Add default priority, add comment in generated files (Daniel Fancsali) * Type __file: make file uploading and attribute changes more atomic (Steven Armstrong) * Type __dot_file: Add support for using --file parameter (Stephan Leemburg) + * Type __apt_ppa: Replace custom "remove-apt-repository" with add-apt-repository -r (Romain Dartigues) 6.9.8: 2021-08-24 * Type __rsync: Rewrite (Ander Punnar) From 0ae37b3445c6662a968c49972e0102c75d6f14c2 Mon Sep 17 00:00:00 2001 From: Daniel Fancsali Date: Fri, 1 Jul 2022 14:27:33 +0100 Subject: [PATCH 17/42] Handle signed-by option in __apt_source Allow users to specify a GPG key fingerprint or keyring file to be included as the 'signed-by' option. --- .../type/__apt_source/files/source.list.template | 3 ++- cdist/conf/type/__apt_source/man.rst | 8 ++++++++ cdist/conf/type/__apt_source/manifest | 14 ++++++++++---- cdist/conf/type/__apt_source/parameter/optional | 3 ++- 4 files changed, 22 insertions(+), 6 deletions(-) diff --git a/cdist/conf/type/__apt_source/files/source.list.template b/cdist/conf/type/__apt_source/files/source.list.template index d4420e96..a28bb45f 100755 --- a/cdist/conf/type/__apt_source/files/source.list.template +++ b/cdist/conf/type/__apt_source/files/source.list.template @@ -2,13 +2,14 @@ set -u entry="$uri $distribution $component" + cat << DONE # Created by cdist ${__type##*/} # Do not change. Changes will be overwritten. # # $name -deb ${forcedarch} $entry +deb ${options} $entry DONE if [ -f "$__object/parameter/include-src" ]; then echo "deb-src $entry" diff --git a/cdist/conf/type/__apt_source/man.rst b/cdist/conf/type/__apt_source/man.rst index d1acb388..d317a135 100644 --- a/cdist/conf/type/__apt_source/man.rst +++ b/cdist/conf/type/__apt_source/man.rst @@ -23,6 +23,9 @@ OPTIONAL PARAMETERS arch set this if you need to force and specific arch (ubuntu specific) +signed-by + provide a GPG key fingerprint or keyring path for signature checks + state 'present' or 'absent', defaults to 'present' @@ -56,6 +59,11 @@ EXAMPLES --uri http://archive.canonical.com/ \ --component partner --state present + __apt_source goaccess \ + --uri http://deb.goaccess.io/ \ + --component main \ + --signed-by C03B48887D5E56B046715D3297BD1A0133449C3D + AUTHORS ------- diff --git a/cdist/conf/type/__apt_source/manifest b/cdist/conf/type/__apt_source/manifest index 35f15909..cdb526d3 100755 --- a/cdist/conf/type/__apt_source/manifest +++ b/cdist/conf/type/__apt_source/manifest @@ -31,9 +31,15 @@ fi component="$(cat "$__object/parameter/component")" if [ -f "$__object/parameter/arch" ]; then - forcedarch="[arch=$(cat "$__object/parameter/arch")]" -else - forcedarch="" + options="arch=$(cat "$__object/parameter/arch")" +fi + +if [ -f "$__object/parameter/signed-by" ]; then + options="$options signed-by=$(cat "$__object/parameter/signed-by")" +fi + +if [ "$options" ]; then + options="[$options]" fi # export variables for use in template @@ -41,7 +47,7 @@ export name export uri export distribution export component -export forcedarch +export options # generate file from template mkdir "$__object/files" diff --git a/cdist/conf/type/__apt_source/parameter/optional b/cdist/conf/type/__apt_source/parameter/optional index 87537335..0b5470a1 100644 --- a/cdist/conf/type/__apt_source/parameter/optional +++ b/cdist/conf/type/__apt_source/parameter/optional @@ -1,4 +1,5 @@ state distribution component -arch \ No newline at end of file +arch +signed-by From 339ca9347b8dc3d9167393bf754a92c4dedbd704 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Sat, 2 Jul 2022 19:21:27 +0200 Subject: [PATCH 18/42] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 8c9e1028..3d9cb704 100644 --- a/docs/changelog +++ b/docs/changelog @@ -17,6 +17,7 @@ next: * Type __file: make file uploading and attribute changes more atomic (Steven Armstrong) * Type __dot_file: Add support for using --file parameter (Stephan Leemburg) * Type __apt_ppa: Replace custom "remove-apt-repository" with add-apt-repository -r (Romain Dartigues) + * Type __apt_source: Add signed-by parameter (Daniel Fancsali) 6.9.8: 2021-08-24 * Type __rsync: Rewrite (Ander Punnar) From 483f0c161440a018efe48bc96910dcb5834c32a1 Mon Sep 17 00:00:00 2001 From: Stephan Leemburg Date: Wed, 13 Jul 2022 14:50:17 +0200 Subject: [PATCH 19/42] add Check Point Gaia --- cdist/conf/explorer/lsb_codename | 3 +++ cdist/conf/explorer/lsb_description | 3 +++ cdist/conf/explorer/lsb_id | 3 +++ cdist/conf/explorer/lsb_release | 3 +++ cdist/conf/explorer/os | 7 +++++++ cdist/conf/explorer/os_release | 4 ++++ cdist/conf/explorer/os_version | 3 +++ 7 files changed, 26 insertions(+) diff --git a/cdist/conf/explorer/lsb_codename b/cdist/conf/explorer/lsb_codename index 26bb8e3d..c9fb5cdf 100755 --- a/cdist/conf/explorer/lsb_codename +++ b/cdist/conf/explorer/lsb_codename @@ -21,6 +21,9 @@ set +e case "$("$__explorer/os")" in + checkpoint) + awk '{printf("%s\n", $(NF-1))}' /etc/cp-release + ;; openwrt) # shellcheck disable=SC1091 (. /etc/openwrt_release && echo "$DISTRIB_CODENAME") diff --git a/cdist/conf/explorer/lsb_description b/cdist/conf/explorer/lsb_description index b1009627..7279a9c2 100755 --- a/cdist/conf/explorer/lsb_description +++ b/cdist/conf/explorer/lsb_description @@ -21,6 +21,9 @@ set +e case "$("$__explorer/os")" in + checkpoint) + cat /etc/cp-release + ;; openwrt) # shellcheck disable=SC1091 (. /etc/openwrt_release && echo "$DISTRIB_DESCRIPTION") diff --git a/cdist/conf/explorer/lsb_id b/cdist/conf/explorer/lsb_id index 82ff9977..1f91cc40 100755 --- a/cdist/conf/explorer/lsb_id +++ b/cdist/conf/explorer/lsb_id @@ -21,6 +21,9 @@ set +e case "$("$__explorer/os")" in + checkpoint) + echo "CheckPoint" + ;; openwrt) # shellcheck disable=SC1091 (. /etc/openwrt_release && echo "$DISTRIB_ID") diff --git a/cdist/conf/explorer/lsb_release b/cdist/conf/explorer/lsb_release index 5ebfff1a..d9100569 100755 --- a/cdist/conf/explorer/lsb_release +++ b/cdist/conf/explorer/lsb_release @@ -21,6 +21,9 @@ set +e case "$("$__explorer/os")" in + checkpoint) + cat /etc/cp-release|sed -e 's/.* R\([1-9][0-9]*\)\.[0-9]*$/\1/' + ;; openwrt) # shellcheck disable=SC1091 (. /etc/openwrt_release && echo "$DISTRIB_RELEASE") diff --git a/cdist/conf/explorer/os b/cdist/conf/explorer/os index 46d87f3e..b9232ee4 100755 --- a/cdist/conf/explorer/os +++ b/cdist/conf/explorer/os @@ -116,6 +116,13 @@ if [ -f /etc/slackware-version ]; then exit 0 fi +# Appliances + +if grep -q '^Check Point Gaia' /etc/cp-release 2>/dev/null; then + echo checkpoint + exit 0 +fi + uname_s="$(uname -s)" # Assume there is no tr on the client -> do lower case ourselves diff --git a/cdist/conf/explorer/os_release b/cdist/conf/explorer/os_release index 6489446b..ec85046f 100644 --- a/cdist/conf/explorer/os_release +++ b/cdist/conf/explorer/os_release @@ -34,5 +34,9 @@ elif test -f /var/run/os-release then # FreeBSD (created by os-release service) cat /var/run/os-release +elif test -f /etc/cp-release +then + # Checkpoint firewall or management (actually linux based) + cat /etc/cp-release fi diff --git a/cdist/conf/explorer/os_version b/cdist/conf/explorer/os_version index bbc9e4f0..430200ae 100755 --- a/cdist/conf/explorer/os_version +++ b/cdist/conf/explorer/os_version @@ -41,6 +41,9 @@ in # empty, but well... cat /etc/arch-release ;; + checkpoint) + awk '{version=$NF; printf("%s\n", substr(version, 2))}' /etc/cp-release + ;; debian) debian_version=$(cat /etc/debian_version) case $debian_version From 624316564531cc7575d2ee0504e3a5f684c74e3d Mon Sep 17 00:00:00 2001 From: Stephan Leemburg Date: Thu, 28 Jul 2022 16:27:12 +0200 Subject: [PATCH 20/42] add create and ifexists to line type --- cdist/conf/type/__line/gencode-remote | 12 ++++++++++-- cdist/conf/type/__line/man.rst | 6 ++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/cdist/conf/type/__line/gencode-remote b/cdist/conf/type/__line/gencode-remote index a89886da..95c2360d 100755 --- a/cdist/conf/type/__line/gencode-remote +++ b/cdist/conf/type/__line/gencode-remote @@ -34,8 +34,16 @@ state_should="$(cat "$__object/parameter/state")" state_is="$(cat "$__object/explorer/state")" if [ -z "$state_is" ]; then - printf 'The file "%s" is missing. Please create it before using %s on it.\n' "$file" "${__type##*/}" >&2 - exit 1 + if [ -f "$__object/parameter/create" ]; then + echo "touch $file" + else + # only bark if the file should exists + if [ -f "$__object/parameter/ifexists" ]; then + exit 0 + fi + printf 'The file "%s" is missing. Please create it before using %s on it.\n' "$file" "${__type##*/}" >&2 + exit 1 + fi fi if [ "$state_should" = "$state_is" ] || \ diff --git a/cdist/conf/type/__line/man.rst b/cdist/conf/type/__line/man.rst index 70490f68..dd41fc40 100644 --- a/cdist/conf/type/__line/man.rst +++ b/cdist/conf/type/__line/man.rst @@ -21,6 +21,9 @@ OPTIONAL PARAMETERS after Insert the given line after this pattern. +create + It the file does not exist then create an empty file + before Insert the given line before this pattern. @@ -28,6 +31,9 @@ file If supplied, use this as the destination file. Otherwise the object_id is used. +ifexists + Only apply the line if the file exists. + line Specifies the line which should be absent or present. From 7d8fc8a5c38c47a36ea87cd98d798d22f91c3185 Mon Sep 17 00:00:00 2001 From: Stephan Leemburg Date: Thu, 28 Jul 2022 17:18:41 +0200 Subject: [PATCH 21/42] improve checkpoint sed, add __line changes --- cdist/conf/explorer/lsb_release | 2 +- cdist/conf/type/__line/parameter/boolean | 2 ++ cdist/conf/type/__line/parameter/default/create | 1 + cdist/conf/type/__line/parameter/default/ifexists | 1 + 4 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 cdist/conf/type/__line/parameter/boolean create mode 100644 cdist/conf/type/__line/parameter/default/create create mode 100644 cdist/conf/type/__line/parameter/default/ifexists diff --git a/cdist/conf/explorer/lsb_release b/cdist/conf/explorer/lsb_release index d9100569..0bb9f7fe 100755 --- a/cdist/conf/explorer/lsb_release +++ b/cdist/conf/explorer/lsb_release @@ -22,7 +22,7 @@ set +e case "$("$__explorer/os")" in checkpoint) - cat /etc/cp-release|sed -e 's/.* R\([1-9][0-9]*\)\.[0-9]*$/\1/' + sed /etc/cp-release -e 's/.* R\([1-9][0-9]*\)\.[0-9]*$/\1/' ;; openwrt) # shellcheck disable=SC1091 diff --git a/cdist/conf/type/__line/parameter/boolean b/cdist/conf/type/__line/parameter/boolean new file mode 100644 index 00000000..182a5da6 --- /dev/null +++ b/cdist/conf/type/__line/parameter/boolean @@ -0,0 +1,2 @@ +create +ifexists diff --git a/cdist/conf/type/__line/parameter/default/create b/cdist/conf/type/__line/parameter/default/create new file mode 100644 index 00000000..c508d536 --- /dev/null +++ b/cdist/conf/type/__line/parameter/default/create @@ -0,0 +1 @@ +false diff --git a/cdist/conf/type/__line/parameter/default/ifexists b/cdist/conf/type/__line/parameter/default/ifexists new file mode 100644 index 00000000..c508d536 --- /dev/null +++ b/cdist/conf/type/__line/parameter/default/ifexists @@ -0,0 +1 @@ +false From 17466452f0762fc3a259a66742a59943c5af2510 Mon Sep 17 00:00:00 2001 From: Stephan Leemburg Date: Thu, 28 Jul 2022 17:53:41 +0200 Subject: [PATCH 22/42] revert __line for clean PR history --- cdist/conf/type/__line/gencode-remote | 12 ++---------- cdist/conf/type/__line/man.rst | 6 ------ cdist/conf/type/__line/parameter/boolean | 2 -- cdist/conf/type/__line/parameter/default/create | 1 - cdist/conf/type/__line/parameter/default/ifexists | 1 - 5 files changed, 2 insertions(+), 20 deletions(-) delete mode 100644 cdist/conf/type/__line/parameter/boolean delete mode 100644 cdist/conf/type/__line/parameter/default/create delete mode 100644 cdist/conf/type/__line/parameter/default/ifexists diff --git a/cdist/conf/type/__line/gencode-remote b/cdist/conf/type/__line/gencode-remote index 95c2360d..a89886da 100755 --- a/cdist/conf/type/__line/gencode-remote +++ b/cdist/conf/type/__line/gencode-remote @@ -34,16 +34,8 @@ state_should="$(cat "$__object/parameter/state")" state_is="$(cat "$__object/explorer/state")" if [ -z "$state_is" ]; then - if [ -f "$__object/parameter/create" ]; then - echo "touch $file" - else - # only bark if the file should exists - if [ -f "$__object/parameter/ifexists" ]; then - exit 0 - fi - printf 'The file "%s" is missing. Please create it before using %s on it.\n' "$file" "${__type##*/}" >&2 - exit 1 - fi + printf 'The file "%s" is missing. Please create it before using %s on it.\n' "$file" "${__type##*/}" >&2 + exit 1 fi if [ "$state_should" = "$state_is" ] || \ diff --git a/cdist/conf/type/__line/man.rst b/cdist/conf/type/__line/man.rst index dd41fc40..70490f68 100644 --- a/cdist/conf/type/__line/man.rst +++ b/cdist/conf/type/__line/man.rst @@ -21,9 +21,6 @@ OPTIONAL PARAMETERS after Insert the given line after this pattern. -create - It the file does not exist then create an empty file - before Insert the given line before this pattern. @@ -31,9 +28,6 @@ file If supplied, use this as the destination file. Otherwise the object_id is used. -ifexists - Only apply the line if the file exists. - line Specifies the line which should be absent or present. diff --git a/cdist/conf/type/__line/parameter/boolean b/cdist/conf/type/__line/parameter/boolean deleted file mode 100644 index 182a5da6..00000000 --- a/cdist/conf/type/__line/parameter/boolean +++ /dev/null @@ -1,2 +0,0 @@ -create -ifexists diff --git a/cdist/conf/type/__line/parameter/default/create b/cdist/conf/type/__line/parameter/default/create deleted file mode 100644 index c508d536..00000000 --- a/cdist/conf/type/__line/parameter/default/create +++ /dev/null @@ -1 +0,0 @@ -false diff --git a/cdist/conf/type/__line/parameter/default/ifexists b/cdist/conf/type/__line/parameter/default/ifexists deleted file mode 100644 index c508d536..00000000 --- a/cdist/conf/type/__line/parameter/default/ifexists +++ /dev/null @@ -1 +0,0 @@ -false From d4bf41ce3b7d186e7e85c030c5960ddd38855a29 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 29 Jul 2022 10:57:01 +0200 Subject: [PATCH 23/42] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 3d9cb704..db2faef0 100644 --- a/docs/changelog +++ b/docs/changelog @@ -18,6 +18,7 @@ next: * Type __dot_file: Add support for using --file parameter (Stephan Leemburg) * Type __apt_ppa: Replace custom "remove-apt-repository" with add-apt-repository -r (Romain Dartigues) * Type __apt_source: Add signed-by parameter (Daniel Fancsali) + * Explorer: add support for checkpoint (Stephan Leemburg) 6.9.8: 2021-08-24 * Type __rsync: Rewrite (Ander Punnar) From be6e7fcc08d5c4e98f7ce30b157ee087010cd126 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Sun, 31 Jul 2022 21:59:35 +0200 Subject: [PATCH 24/42] Prepare release of cdist 7.0.0 --- bin/cdist-build-helper | 2 +- docs/changelog | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/cdist-build-helper b/bin/cdist-build-helper index 0380b3f8..cadddae7 100755 --- a/bin/cdist-build-helper +++ b/bin/cdist-build-helper @@ -1,6 +1,6 @@ #!/bin/sh # -# 2011-2013 Nico Schottelius (nico-cdist at schottelius.org) +# 2011-2022 Nico Schottelius (nico-cdist at schottelius.org) # 2016-2019 Darko Poljak (darko.poljak at gmail.com) # # This file is part of cdist. diff --git a/docs/changelog b/docs/changelog index db2faef0..00defc2a 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,7 +1,7 @@ Changelog --------- -next: +7.0.0: 2022-07-31 * Explorer machine_type: Rewrite (Dennis Camera) * New type: __sed (Ander Punnar) * New type: __haproxy_dualstack (Evilham and ungleich) From 90488d2e9e21b4e6bf3b7f0d8c44ebfe29c517b7 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 1 Aug 2022 00:03:51 +0200 Subject: [PATCH 25/42] [doc] add release process documentation --- docs/dev/release-process.org | 90 ++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 docs/dev/release-process.org diff --git a/docs/dev/release-process.org b/docs/dev/release-process.org new file mode 100644 index 00000000..42b4f5c5 --- /dev/null +++ b/docs/dev/release-process.org @@ -0,0 +1,90 @@ +* Install requirements (Alpine) + - apk add py3-pycodestyle shellcheck py3-sphinx py3-sphinx_rtd_theme \ + py3-build twine +* Ensure your gpg setup works with the email used in the git commit! + - For me this is nico@nico-notebook.schottelius.org + - Signature / id is on nb2 +* Create ~/.pypirc +[distutils] + index-servers = + pypi + cdist + +[pypi] + username = __token__ + password = ... + +[cdist] + repository = https://upload.pypi.org/legacy/ + username = __token__ + password = ... + +* Add date in docs/changelog +* Run ./bin/cdist-build-helper +* TODO Move to "build" + - python3 -m build +* DONE git tag: when? +CLOSED: [2022-07-31 Sun 23:58] +** Asked during release process: ok +* DONE Pypi error with distutils: do not use distutils anymore +CLOSED: [2022-07-31 Sun 23:58] +python3 setup.py sdist upload +... +Creating tar archive +removing 'cdist-7.0.0' (and everything under it) +running upload +Submitting dist/cdist-7.0.0.tar.gz to https://upload.pypi.org/legacy/ +Upload failed (400): Invalid value for blake2_256_digest. Error: Use a valid, hex-encoded, BLAKE2 message digest. +error: Upload failed (400): Invalid value for blake2_256_digest. Error: Use a valid, hex-encoded, BLAKE2 message digest. +(venv2) [22:50] nb2:cdist% + +* DONE Pypi error with twine: fixed in twine 4.0.1 +CLOSED: [2022-07-31 Sun 23:58] + +Seeing: + +(venv2) [22:47] nb2:cdist% twine upload dist/cdist-7.0.0* +Uploading distributions to https://upload.pypi.org/legacy/ +Traceback (most recent call last): + File "/usr/bin/twine", line 8, in + sys.exit(main()) + File "/usr/lib/python3.10/site-packages/twine/__main__.py", line 28, in main + result = cli.dispatch(sys.argv[1:]) + File "/usr/lib/python3.10/site-packages/twine/cli.py", line 68, in dispatch + return main(args.args) + File "/usr/lib/python3.10/site-packages/twine/commands/upload.py", line 197, in main + return upload(upload_settings, parsed_args.dists) + File "/usr/lib/python3.10/site-packages/twine/commands/upload.py", line 141, in upload + resp = repository.upload(package) + File "/usr/lib/python3.10/site-packages/twine/repository.py", line 189, in upload + resp = self._upload(package) + File "/usr/lib/python3.10/site-packages/twine/repository.py", line 144, in _upload + data = package.metadata_dictionary() + File "/usr/lib/python3.10/site-packages/twine/package.py", line 181, in metadata_dictionary + "dynamic": meta.dynamic, +AttributeError: 'Wheel' object has no attribute 'dynamic' + + +Fix: + + +(venv2) [23:43] nb2:cdist% pipx run twine upload dist/* +⚠️ twine is already on your PATH and installed at /home/nico/venv2/bin/twine. Downloading and running anyway. +Uploading distributions to https://upload.pypi.org/legacy/ +Uploading cdist-7.0.0-py3-none-any.whl +100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 868.6/868.6 kB • 00:04 • 221.3 kB/s +Uploading cdist-7.0.0.tar.gz +100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.5/1.5 MB • 00:08 • 169.3 kB/s + +View at: +https://pypi.org/project/cdist/7.0.0/ +* TODO cdist web + - on staticweb-2022 + - Should be moved to sftp/k8s + + + Manual steps: + + ~/bin/permissions.public html/ + rsync -a html/ staticweb.ungleich.ch:/home/services/www/nico/www.cdi.st/www/manual/7.0.0/ + ssh staticweb.ungleich.ch "cd /home/services/www/nico/www.cdi.st/www/manual; ln -sf 7.0.0 latest" From c85184dcb48118ea5edbda2799badb5779253f7c Mon Sep 17 00:00:00 2001 From: Mark Verboom Date: Sun, 18 Sep 2022 08:49:37 +0200 Subject: [PATCH 26/42] Make sure flag is followed by end of line or space. --- cdist/conf/explorer/machine_type | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/explorer/machine_type b/cdist/conf/explorer/machine_type index 00646c75..0f212e73 100755 --- a/cdist/conf/explorer/machine_type +++ b/cdist/conf/explorer/machine_type @@ -515,7 +515,7 @@ check_vm_arch_specific() { && return 0 fi if has_cpuinfo \ - && grep -q -i -e '^flags.*:.*\(hypervisor\|vmm\)' /proc/cpuinfo + && grep -q -i -e '^flags.*:.*\(hypervisor\|vmm\)\( \|$\) /proc/cpuinfo then return 0 fi From 62db96bb376354c829cdde290c915cffc24612b0 Mon Sep 17 00:00:00 2001 From: Mark Verboom Date: Thu, 29 Sep 2022 16:19:07 +0200 Subject: [PATCH 27/42] Initialise options variable so expansion when running files/source.list.template there will not be an error when the variable is not set. --- cdist/conf/type/__apt_source/manifest | 1 + 1 file changed, 1 insertion(+) diff --git a/cdist/conf/type/__apt_source/manifest b/cdist/conf/type/__apt_source/manifest index cdb526d3..fd1ec47f 100755 --- a/cdist/conf/type/__apt_source/manifest +++ b/cdist/conf/type/__apt_source/manifest @@ -21,6 +21,7 @@ name="$__object_id" state="$(cat "$__object/parameter/state")" uri="$(cat "$__object/parameter/uri")" +options="" if [ -f "$__object/parameter/distribution" ]; then distribution="$(cat "$__object/parameter/distribution")" From ffeaafe9b68a944418ec8496c7db9f347dd4b1ee Mon Sep 17 00:00:00 2001 From: marcoduif Date: Fri, 7 Oct 2022 07:22:31 +0000 Subject: [PATCH 28/42] Make grep more specific package name should be an exact match, not a substring --- cdist/conf/type/__apt_mark/explorer/state | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__apt_mark/explorer/state b/cdist/conf/type/__apt_mark/explorer/state index b7fe08fa..b464179a 100755 --- a/cdist/conf/type/__apt_mark/explorer/state +++ b/cdist/conf/type/__apt_mark/explorer/state @@ -24,4 +24,4 @@ else name="$__object_id" fi -apt-mark showhold | grep -Fq "$name" && echo hold || echo unhold +apt-mark showhold | grep -q "^${name}$" && echo hold || echo unhold From f36069754c0101d1eccbef59fa4f060a19784d26 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Tue, 20 Dec 2022 18:03:15 +0100 Subject: [PATCH 29/42] ++changelog --- docs/changelog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/changelog b/docs/changelog index 00defc2a..af41368d 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,6 +1,9 @@ Changelog --------- +7.0.1: + * Type __apt_mark: Narrow down grep for hold packages (marcoduif) + 7.0.0: 2022-07-31 * Explorer machine_type: Rewrite (Dennis Camera) * New type: __sed (Ander Punnar) From bdfd92dc3707004503af4a03aea0819ad587a947 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Wed, 21 Dec 2022 09:41:33 +0100 Subject: [PATCH 30/42] ++changes --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index af41368d..e8090131 100644 --- a/docs/changelog +++ b/docs/changelog @@ -3,6 +3,7 @@ Changelog 7.0.1: * Type __apt_mark: Narrow down grep for hold packages (marcoduif) + * Type __apt_source: Set required options variable (Mark Verboom) 7.0.0: 2022-07-31 * Explorer machine_type: Rewrite (Dennis Camera) From b974969f28f4d007f75904757e80e4f663e3d134 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 26 Dec 2022 20:59:16 +0100 Subject: [PATCH 31/42] Remove double definition of scan parser Fixes #353 --- cdist/argparse.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/cdist/argparse.py b/cdist/argparse.py index f17315e7..8f7bbb85 100644 --- a/cdist/argparse.py +++ b/cdist/argparse.py @@ -472,9 +472,6 @@ def get_parsers(): parser['info'].set_defaults(func=cdist.info.Info.commandline) # Scan = config + further - parser['scan'] = parser['sub'].add_parser('scan', add_help=False, - parents=[parser['config']]) - parser['scan'] = parser['sub'].add_parser( 'scan', parents=[parser['loglevel'], parser['beta'], From ed3da3c829d47c7c578733482920f111e8bc8869 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 26 Dec 2022 21:02:41 +0100 Subject: [PATCH 32/42] ++changes --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index e8090131..6ade5d47 100644 --- a/docs/changelog +++ b/docs/changelog @@ -4,6 +4,7 @@ Changelog 7.0.1: * Type __apt_mark: Narrow down grep for hold packages (marcoduif) * Type __apt_source: Set required options variable (Mark Verboom) + * Core: Remove double definition of scan parser (Nico Schottelius) 7.0.0: 2022-07-31 * Explorer machine_type: Rewrite (Dennis Camera) From 08a6b467fa7afcd2f2a0a2497441cee773166d6e Mon Sep 17 00:00:00 2001 From: Michelle Date: Wed, 25 Jan 2023 16:06:35 -0500 Subject: [PATCH 33/42] Added support for Devuan Daedalus Added one line that allows cdist to support Devuan Daedelus version --- cdist/conf/explorer/os_version | 1 + 1 file changed, 1 insertion(+) diff --git a/cdist/conf/explorer/os_version b/cdist/conf/explorer/os_version index 430200ae..fc59fd14 100755 --- a/cdist/conf/explorer/os_version +++ b/cdist/conf/explorer/os_version @@ -82,6 +82,7 @@ in # ceres versions don't have a number, so we decode by codename: case ${devuan_version} in + (daedalus/ceres) echo 4.99 ;; (chimaera/ceres) echo 3.99 ;; (beowulf/ceres) echo 2.99 ;; (ascii/ceres) echo 1.99 ;; From 1450861e26c8c5dd249517fa14fa8ea0f4961d3d Mon Sep 17 00:00:00 2001 From: Michelle Date: Thu, 2 Feb 2023 18:21:43 -0500 Subject: [PATCH 34/42] Updated the python version of cerbot freebsd The package referenced for cerbot to be install in the FreeBSD platform used python 3.7 package, updated to python 3.9 --- cdist/conf/type/__letsencrypt_cert/manifest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__letsencrypt_cert/manifest b/cdist/conf/type/__letsencrypt_cert/manifest index 638a99e0..39067f3b 100644 --- a/cdist/conf/type/__letsencrypt_cert/manifest +++ b/cdist/conf/type/__letsencrypt_cert/manifest @@ -85,7 +85,7 @@ if [ -z "${certbot_fullpath}" ]; then esac ;; freebsd) - __package py37-certbot + __package py39-certbot certbot_fullpath="/usr/local/bin/certbot" ;; ubuntu) From 7dd2d1025ae3b005e5d44d11e1ca62536119f36c Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 3 Feb 2023 22:54:13 +0100 Subject: [PATCH 35/42] ++changelog --- docs/changelog | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/changelog b/docs/changelog index 6ade5d47..4e9a8a6d 100644 --- a/docs/changelog +++ b/docs/changelog @@ -2,9 +2,12 @@ Changelog --------- 7.0.1: + * Core: Remove double definition of scan parser (Nico Schottelius) * Type __apt_mark: Narrow down grep for hold packages (marcoduif) * Type __apt_source: Set required options variable (Mark Verboom) - * Core: Remove double definition of scan parser (Nico Schottelius) + * Type __letsencrypt_cert: Update python version (Michelle) + * Explorer os_version: Add support for Daedalus (Michelle) + * Explorer machine_type: Correct incorrect VMM matching (Mark Verboom) 7.0.0: 2022-07-31 * Explorer machine_type: Rewrite (Dennis Camera) From e57cf1e70a3818180b3f54e1e0364ff3b6bbd9cc Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Sat, 25 Mar 2023 12:53:24 +0100 Subject: [PATCH 36/42] Apply machine_type explorer fix from pedro https://code.ungleich.ch/pedro/cdist/commit/e13939752913eea29b84d6e4659e1ca9e0e9ffeb --- cdist/conf/explorer/machine_type | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/explorer/machine_type b/cdist/conf/explorer/machine_type index 0f212e73..c31f5ca6 100755 --- a/cdist/conf/explorer/machine_type +++ b/cdist/conf/explorer/machine_type @@ -515,7 +515,7 @@ check_vm_arch_specific() { && return 0 fi if has_cpuinfo \ - && grep -q -i -e '^flags.*:.*\(hypervisor\|vmm\)\( \|$\) /proc/cpuinfo + && grep -q -i -e '^flags.*:.*\(hypervisor\|vmm\)\( \|$\)' /proc/cpuinfo then return 0 fi From 2b102f303a9c2a49e1171cddb1b7fb86309ab5e9 Mon Sep 17 00:00:00 2001 From: marcoduif Date: Wed, 20 Dec 2023 08:01:02 +0000 Subject: [PATCH 37/42] changed package state from installed to present --- cdist/conf/type/__package_luarocks/manifest | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cdist/conf/type/__package_luarocks/manifest b/cdist/conf/type/__package_luarocks/manifest index 7d8262ca..9e4499b2 100755 --- a/cdist/conf/type/__package_luarocks/manifest +++ b/cdist/conf/type/__package_luarocks/manifest @@ -19,5 +19,5 @@ # along with cdist. If not, see . # -__package luarocks --state installed -__package make --state installed +__package luarocks --state present +__package make --state present From 61fc5e5de8adeb6d2e49c37b2cbb64c750edcb0b Mon Sep 17 00:00:00 2001 From: Daniel Fancsali Date: Fri, 8 Jul 2022 16:50:54 +0100 Subject: [PATCH 38/42] Fix typo in __apt_pin docs --- cdist/conf/type/__apt_pin/man.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__apt_pin/man.rst b/cdist/conf/type/__apt_pin/man.rst index 4229c0cd..e6ec8b51 100644 --- a/cdist/conf/type/__apt_pin/man.rst +++ b/cdist/conf/type/__apt_pin/man.rst @@ -23,7 +23,7 @@ package Package name, glob or regular expression to match (multiple) packages. If not specified `__object_id` is used. priority - The priority value to assign to matching packages. Deafults to 500. (To match the default target distro's priority) + The priority value to assign to matching packages. Defaults to 500. (To match the default target distro's priority) state Will be passed to underlying `__file` type; see there for valid values and defaults. From b7394ff4c25846be5ad8bd4fa793ceda9efae5f3 Mon Sep 17 00:00:00 2001 From: Mark Verboom Date: Thu, 2 Nov 2023 11:01:45 +0100 Subject: [PATCH 39/42] Locally sort remote group information, to prevent differences in sort output. --- cdist/conf/type/__user_groups/explorer/group | 2 +- cdist/conf/type/__user_groups/gencode-remote | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/cdist/conf/type/__user_groups/explorer/group b/cdist/conf/type/__user_groups/explorer/group index 5bad9a0b..8a02f219 100755 --- a/cdist/conf/type/__user_groups/explorer/group +++ b/cdist/conf/type/__user_groups/explorer/group @@ -20,4 +20,4 @@ user="$(cat "$__object/parameter/user" 2>/dev/null || echo "$__object_id")" -(id -G -n "$user" | tr ' ' '\n' | sort) 2>/dev/null || true +(id -G -n "$user" | tr ' ' '\n') 2>/dev/null || true diff --git a/cdist/conf/type/__user_groups/gencode-remote b/cdist/conf/type/__user_groups/gencode-remote index 8120761a..0585e90f 100755 --- a/cdist/conf/type/__user_groups/gencode-remote +++ b/cdist/conf/type/__user_groups/gencode-remote @@ -26,13 +26,15 @@ os=$(cat "$__global/explorer/os") mkdir "$__object/files" # file has to be sorted for comparison with `comm` sort "$__object/parameter/group" > "$__object/files/group.sorted" +# Use local sort for remote groups +sort "$__object/explorer/group" > "$__object/files/group-remote.sorted" case "$state_should" in present) - changed_groups="$(comm -13 "$__object/explorer/group" "$__object/files/group.sorted")" + changed_groups="$(comm -13 "$__object/files/group-remote.sorted" "$__object/files/group.sorted")" ;; absent) - changed_groups="$(comm -12 "$__object/explorer/group" "$__object/files/group.sorted")" + changed_groups="$(comm -12 "$__object/files/group-remote.sorted" "$__object/files/group.sorted")" ;; esac From 3e82b0085b693e6b23f2b613e2f1dd975d67e6dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=BDubom=C3=ADr=20Ku=C4=8Dera?= Date: Wed, 1 May 2024 12:11:07 +0000 Subject: [PATCH 40/42] Make development version strings PEP 440 compliant (#366) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With current pip (23.1.2) and setuptools (67.7.2) versions, installation from Git was failing with "Invalid version: '7.0.0-17-ge57cf1e7'" message. The issue can be reproduced by running the following command with the latest pip and setuptools installed: $ pip install git+https://code.ungleich.ch/ungleich-public/cdist.git@e57cf1e70a3818180b3f54e1e0364ff3b6bbd9cc#egg=cdist Reviewed-on: https://code.ungleich.ch/ungleich-public/cdist/pulls/366 Co-authored-by: Ľubomír Kučera Co-committed-by: Ľubomír Kučera --- bin/cdist-build-helper | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/cdist-build-helper b/bin/cdist-build-helper index cadddae7..6f514ef5 100755 --- a/bin/cdist-build-helper +++ b/bin/cdist-build-helper @@ -534,7 +534,8 @@ eof ;; version) - printf "VERSION = \"%s\"\n" "$(git describe)" > cdist/version.py + target_version="$(git describe | sed 's/-/.dev/; s/-/+/g')" + printf "VERSION = \"%s\"\n" "${target_version}" > cdist/version.py ;; target-version) From 27471a4a82ac29c1a1f3062178a509660d55e732 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 2 Aug 2024 12:05:37 +0200 Subject: [PATCH 41/42] [__timezone] add support for openwrt --- cdist/conf/type/__timezone/gencode-remote | 9 +++++++++ cdist/conf/type/__timezone/manifest | 5 ++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/cdist/conf/type/__timezone/gencode-remote b/cdist/conf/type/__timezone/gencode-remote index b685c990..d8612986 100755 --- a/cdist/conf/type/__timezone/gencode-remote +++ b/cdist/conf/type/__timezone/gencode-remote @@ -34,3 +34,12 @@ case "$os" in echo "echo \"$timezone_should\" > /etc/timezone" ;; esac + +case "$os" in + openwrt) + cat <