From a45f87e0155d9082353dc95b45e8dc7b0c1817e3 Mon Sep 17 00:00:00 2001
From: Matthijs Kooijman <matthijs@stdin.nl>
Date: Tue, 30 Aug 2022 17:15:32 +0200
Subject: [PATCH 01/18] __ssh_authorized_keys: Add --keyfile option

This allows storing keys to add in a file instead of having to hardcode
them in the manifest.
---
 cdist/conf/type/__ssh_authorized_keys/man.rst | 11 ++++++++++-
 .../conf/type/__ssh_authorized_keys/manifest  | 19 +++++++++++++++++--
 .../parameter/optional_multiple               |  2 ++
 .../parameter/required_multiple               |  1 -
 4 files changed, 29 insertions(+), 4 deletions(-)
 delete mode 100644 cdist/conf/type/__ssh_authorized_keys/parameter/required_multiple

diff --git a/cdist/conf/type/__ssh_authorized_keys/man.rst b/cdist/conf/type/__ssh_authorized_keys/man.rst
index dac6adeb..e227aede 100644
--- a/cdist/conf/type/__ssh_authorized_keys/man.rst
+++ b/cdist/conf/type/__ssh_authorized_keys/man.rst
@@ -27,7 +27,16 @@ key
    Must be a string containing the ssh keytype, base 64 encoded key and
    optional trailing comment which shall be added to the given
    authorized_keys file.
-   Can be specified multiple times.
+
+   Can be specified multiple times. Either --key or --keyfile must be
+   specified.
+
+keyfile
+   A file containing one or more SSH keys (one per line, just like the
+   regular authorized_keys file).
+
+   Can be specified multiple times. Either --key or --keyfile must be
+   specified.
 
 
 OPTIONAL PARAMETERS
diff --git a/cdist/conf/type/__ssh_authorized_keys/manifest b/cdist/conf/type/__ssh_authorized_keys/manifest
index b319316b..b0a585f1 100755
--- a/cdist/conf/type/__ssh_authorized_keys/manifest
+++ b/cdist/conf/type/__ssh_authorized_keys/manifest
@@ -23,6 +23,11 @@ owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
 state="$(cat "$__object/parameter/state" 2>/dev/null)"
 file="$(cat "$__object/explorer/file")"
 
+if [ ! -f "$__object/parameter/key" -a ! -f "$__object/parameter/keyfile" ]; then
+   echo "At least one of --key or --keyfile must be specified" >&2
+   exit 1
+fi
+
 if [ ! -f "$__object/parameter/nofile" ] && [ -z "$file" ]
 then
 	echo "Cannot determine path of authorized_keys file" >&2
@@ -59,7 +64,17 @@ _type_and_key() {
    echo "$1" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }'
 }
 
-while read -r key; do
+(
+   if [ -f "$__object/parameter/key" ]; then
+      cat "$__object/parameter/key"
+   fi
+
+   if [ -f "$__object/parameter/keyfile" ]; then
+      while read filename; do
+         cat "$filename"
+      done < "$__object/parameter/keyfile"
+   fi
+) | while read -r key; do
    type_and_key="$( _type_and_key "$key" )"
    object_id="$(_cksum "$file")-$(_cksum "$type_and_key")"
    set -- "$object_id"
@@ -75,7 +90,7 @@ while read -r key; do
    fi
    # Ensure __ssh_authorized_key does not read stdin
    __ssh_authorized_key "$@" < /dev/null
-done < "$__object/parameter/key"
+done
 
 if [ -f "$__object/parameter/remove-unknown" ] &&
     [ -s "$__object/explorer/keys" ]
diff --git a/cdist/conf/type/__ssh_authorized_keys/parameter/optional_multiple b/cdist/conf/type/__ssh_authorized_keys/parameter/optional_multiple
index 01925a15..f9a2d06b 100644
--- a/cdist/conf/type/__ssh_authorized_keys/parameter/optional_multiple
+++ b/cdist/conf/type/__ssh_authorized_keys/parameter/optional_multiple
@@ -1 +1,3 @@
 option
+key
+keyfile
diff --git a/cdist/conf/type/__ssh_authorized_keys/parameter/required_multiple b/cdist/conf/type/__ssh_authorized_keys/parameter/required_multiple
deleted file mode 100644
index 06bfde49..00000000
--- a/cdist/conf/type/__ssh_authorized_keys/parameter/required_multiple
+++ /dev/null
@@ -1 +0,0 @@
-key

From c85184dcb48118ea5edbda2799badb5779253f7c Mon Sep 17 00:00:00 2001
From: Mark Verboom <mark@verboom.net>
Date: Sun, 18 Sep 2022 08:49:37 +0200
Subject: [PATCH 02/18] Make sure flag is followed by end of line or space.

---
 cdist/conf/explorer/machine_type | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cdist/conf/explorer/machine_type b/cdist/conf/explorer/machine_type
index 00646c75..0f212e73 100755
--- a/cdist/conf/explorer/machine_type
+++ b/cdist/conf/explorer/machine_type
@@ -515,7 +515,7 @@ check_vm_arch_specific() {
 				&& return 0
 			fi
 			if has_cpuinfo \
-				&& grep -q -i -e '^flags.*:.*\(hypervisor\|vmm\)' /proc/cpuinfo
+				&& grep -q -i -e '^flags.*:.*\(hypervisor\|vmm\)\( \|$\) /proc/cpuinfo
 			then
 				return 0
 			fi

From 62db96bb376354c829cdde290c915cffc24612b0 Mon Sep 17 00:00:00 2001
From: Mark Verboom <mark@verboom.net>
Date: Thu, 29 Sep 2022 16:19:07 +0200
Subject: [PATCH 03/18] Initialise options variable so expansion when running
 files/source.list.template there will not be an error when the variable is
 not set.

---
 cdist/conf/type/__apt_source/manifest | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cdist/conf/type/__apt_source/manifest b/cdist/conf/type/__apt_source/manifest
index cdb526d3..fd1ec47f 100755
--- a/cdist/conf/type/__apt_source/manifest
+++ b/cdist/conf/type/__apt_source/manifest
@@ -21,6 +21,7 @@
 name="$__object_id"
 state="$(cat "$__object/parameter/state")"
 uri="$(cat "$__object/parameter/uri")"
+options=""
 
 if [ -f "$__object/parameter/distribution" ]; then
    distribution="$(cat "$__object/parameter/distribution")"

From ffeaafe9b68a944418ec8496c7db9f347dd4b1ee Mon Sep 17 00:00:00 2001
From: marcoduif <marco@vduijvenbode.nl>
Date: Fri, 7 Oct 2022 07:22:31 +0000
Subject: [PATCH 04/18] Make grep more specific

package name should be an exact match, not a substring
---
 cdist/conf/type/__apt_mark/explorer/state | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cdist/conf/type/__apt_mark/explorer/state b/cdist/conf/type/__apt_mark/explorer/state
index b7fe08fa..b464179a 100755
--- a/cdist/conf/type/__apt_mark/explorer/state
+++ b/cdist/conf/type/__apt_mark/explorer/state
@@ -24,4 +24,4 @@ else
     name="$__object_id"
 fi
 
-apt-mark showhold | grep -Fq "$name" && echo hold || echo unhold
+apt-mark showhold | grep -q "^${name}$" && echo hold || echo unhold

From f36069754c0101d1eccbef59fa4f060a19784d26 Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Tue, 20 Dec 2022 18:03:15 +0100
Subject: [PATCH 05/18] ++changelog

---
 docs/changelog | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/changelog b/docs/changelog
index 00defc2a..af41368d 100644
--- a/docs/changelog
+++ b/docs/changelog
@@ -1,6 +1,9 @@
 Changelog
 ---------
 
+7.0.1:
+	* Type __apt_mark: Narrow down grep for hold packages (marcoduif)
+
 7.0.0: 2022-07-31
 	* Explorer machine_type: Rewrite (Dennis Camera)
 	* New type: __sed (Ander Punnar)

From bdfd92dc3707004503af4a03aea0819ad587a947 Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Wed, 21 Dec 2022 09:41:33 +0100
Subject: [PATCH 06/18] ++changes

---
 docs/changelog | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/changelog b/docs/changelog
index af41368d..e8090131 100644
--- a/docs/changelog
+++ b/docs/changelog
@@ -3,6 +3,7 @@ Changelog
 
 7.0.1:
 	* Type __apt_mark: Narrow down grep for hold packages (marcoduif)
+	* Type __apt_source: Set required options variable (Mark Verboom)
 
 7.0.0: 2022-07-31
 	* Explorer machine_type: Rewrite (Dennis Camera)

From b974969f28f4d007f75904757e80e4f663e3d134 Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Mon, 26 Dec 2022 20:59:16 +0100
Subject: [PATCH 07/18] Remove double definition of scan parser

Fixes #353
---
 cdist/argparse.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/cdist/argparse.py b/cdist/argparse.py
index f17315e7..8f7bbb85 100644
--- a/cdist/argparse.py
+++ b/cdist/argparse.py
@@ -472,9 +472,6 @@ def get_parsers():
     parser['info'].set_defaults(func=cdist.info.Info.commandline)
 
     # Scan = config + further
-    parser['scan'] = parser['sub'].add_parser('scan', add_help=False,
-                                              parents=[parser['config']])
-
     parser['scan'] = parser['sub'].add_parser(
             'scan', parents=[parser['loglevel'],
                              parser['beta'],

From ed3da3c829d47c7c578733482920f111e8bc8869 Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Mon, 26 Dec 2022 21:02:41 +0100
Subject: [PATCH 08/18] ++changes

---
 docs/changelog | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/changelog b/docs/changelog
index e8090131..6ade5d47 100644
--- a/docs/changelog
+++ b/docs/changelog
@@ -4,6 +4,7 @@ Changelog
 7.0.1:
 	* Type __apt_mark: Narrow down grep for hold packages (marcoduif)
 	* Type __apt_source: Set required options variable (Mark Verboom)
+	* Core: Remove double definition of scan parser (Nico Schottelius)
 
 7.0.0: 2022-07-31
 	* Explorer machine_type: Rewrite (Dennis Camera)

From 08a6b467fa7afcd2f2a0a2497441cee773166d6e Mon Sep 17 00:00:00 2001
From: Michelle <michelle.quintero@camilion.eu>
Date: Wed, 25 Jan 2023 16:06:35 -0500
Subject: [PATCH 09/18] Added support for Devuan Daedalus

Added one line that allows cdist to support Devuan Daedelus version
---
 cdist/conf/explorer/os_version | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cdist/conf/explorer/os_version b/cdist/conf/explorer/os_version
index 430200ae..fc59fd14 100755
--- a/cdist/conf/explorer/os_version
+++ b/cdist/conf/explorer/os_version
@@ -82,6 +82,7 @@ in
             # ceres versions don't have a number, so we decode by codename:
             case ${devuan_version}
             in
+               (daedalus/ceres) echo 4.99 ;;
                (chimaera/ceres) echo 3.99 ;;
                (beowulf/ceres) echo 2.99 ;;
                (ascii/ceres) echo 1.99 ;;

From 1450861e26c8c5dd249517fa14fa8ea0f4961d3d Mon Sep 17 00:00:00 2001
From: Michelle <michelle.quintero@camilion.eu>
Date: Thu, 2 Feb 2023 18:21:43 -0500
Subject: [PATCH 10/18] Updated the python version of cerbot freebsd

The package referenced for cerbot to be install in the FreeBSD platform
used python 3.7 package, updated to python 3.9
---
 cdist/conf/type/__letsencrypt_cert/manifest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cdist/conf/type/__letsencrypt_cert/manifest b/cdist/conf/type/__letsencrypt_cert/manifest
index 638a99e0..39067f3b 100644
--- a/cdist/conf/type/__letsencrypt_cert/manifest
+++ b/cdist/conf/type/__letsencrypt_cert/manifest
@@ -85,7 +85,7 @@ if [ -z "${certbot_fullpath}" ]; then
 			esac
 		;;
 		freebsd)
-			__package py37-certbot
+			__package py39-certbot
 			certbot_fullpath="/usr/local/bin/certbot"
 		;;
 		ubuntu)

From 7dd2d1025ae3b005e5d44d11e1ca62536119f36c Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Fri, 3 Feb 2023 22:54:13 +0100
Subject: [PATCH 11/18] ++changelog

---
 docs/changelog | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/docs/changelog b/docs/changelog
index 6ade5d47..4e9a8a6d 100644
--- a/docs/changelog
+++ b/docs/changelog
@@ -2,9 +2,12 @@ Changelog
 ---------
 
 7.0.1:
+	* Core: Remove double definition of scan parser (Nico Schottelius)
 	* Type __apt_mark: Narrow down grep for hold packages (marcoduif)
 	* Type __apt_source: Set required options variable (Mark Verboom)
-	* Core: Remove double definition of scan parser (Nico Schottelius)
+	* Type __letsencrypt_cert: Update python version (Michelle)
+	* Explorer os_version: Add support for Daedalus (Michelle)
+	* Explorer machine_type: Correct incorrect VMM matching (Mark Verboom)
 
 7.0.0: 2022-07-31
 	* Explorer machine_type: Rewrite (Dennis Camera)

From e57cf1e70a3818180b3f54e1e0364ff3b6bbd9cc Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Sat, 25 Mar 2023 12:53:24 +0100
Subject: [PATCH 12/18] Apply machine_type explorer fix from pedro

https://code.ungleich.ch/pedro/cdist/commit/e13939752913eea29b84d6e4659e1ca9e0e9ffeb
---
 cdist/conf/explorer/machine_type | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cdist/conf/explorer/machine_type b/cdist/conf/explorer/machine_type
index 0f212e73..c31f5ca6 100755
--- a/cdist/conf/explorer/machine_type
+++ b/cdist/conf/explorer/machine_type
@@ -515,7 +515,7 @@ check_vm_arch_specific() {
 				&& return 0
 			fi
 			if has_cpuinfo \
-				&& grep -q -i -e '^flags.*:.*\(hypervisor\|vmm\)\( \|$\) /proc/cpuinfo
+				&& grep -q -i -e '^flags.*:.*\(hypervisor\|vmm\)\( \|$\)' /proc/cpuinfo
 			then
 				return 0
 			fi

From 2b102f303a9c2a49e1171cddb1b7fb86309ab5e9 Mon Sep 17 00:00:00 2001
From: marcoduif <marco@vduijvenbode.nl>
Date: Wed, 20 Dec 2023 08:01:02 +0000
Subject: [PATCH 13/18] changed package state from installed to present

---
 cdist/conf/type/__package_luarocks/manifest | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cdist/conf/type/__package_luarocks/manifest b/cdist/conf/type/__package_luarocks/manifest
index 7d8262ca..9e4499b2 100755
--- a/cdist/conf/type/__package_luarocks/manifest
+++ b/cdist/conf/type/__package_luarocks/manifest
@@ -19,5 +19,5 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
-__package luarocks --state installed
-__package make --state installed
+__package luarocks --state present
+__package make --state present

From 61fc5e5de8adeb6d2e49c37b2cbb64c750edcb0b Mon Sep 17 00:00:00 2001
From: Daniel Fancsali <fancsali@gmail.com>
Date: Fri, 8 Jul 2022 16:50:54 +0100
Subject: [PATCH 14/18] Fix typo in __apt_pin docs

---
 cdist/conf/type/__apt_pin/man.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cdist/conf/type/__apt_pin/man.rst b/cdist/conf/type/__apt_pin/man.rst
index 4229c0cd..e6ec8b51 100644
--- a/cdist/conf/type/__apt_pin/man.rst
+++ b/cdist/conf/type/__apt_pin/man.rst
@@ -23,7 +23,7 @@ package
    Package name, glob or regular expression to match (multiple) packages. If not specified `__object_id` is used.
 
 priority
-   The priority value to assign to matching packages. Deafults to 500. (To match the default target distro's priority)
+   The priority value to assign to matching packages. Defaults to 500. (To match the default target distro's priority)
 
 state
    Will be passed to underlying `__file` type; see there for valid values and defaults.

From b7394ff4c25846be5ad8bd4fa793ceda9efae5f3 Mon Sep 17 00:00:00 2001
From: Mark Verboom <mark@verboom.net>
Date: Thu, 2 Nov 2023 11:01:45 +0100
Subject: [PATCH 15/18] Locally sort remote group information, to prevent
 differences in sort output.

---
 cdist/conf/type/__user_groups/explorer/group | 2 +-
 cdist/conf/type/__user_groups/gencode-remote | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/cdist/conf/type/__user_groups/explorer/group b/cdist/conf/type/__user_groups/explorer/group
index 5bad9a0b..8a02f219 100755
--- a/cdist/conf/type/__user_groups/explorer/group
+++ b/cdist/conf/type/__user_groups/explorer/group
@@ -20,4 +20,4 @@
 
 user="$(cat "$__object/parameter/user" 2>/dev/null || echo "$__object_id")"
 
-(id -G -n "$user" | tr ' ' '\n' | sort) 2>/dev/null || true
+(id -G -n "$user" | tr ' ' '\n') 2>/dev/null || true
diff --git a/cdist/conf/type/__user_groups/gencode-remote b/cdist/conf/type/__user_groups/gencode-remote
index 8120761a..0585e90f 100755
--- a/cdist/conf/type/__user_groups/gencode-remote
+++ b/cdist/conf/type/__user_groups/gencode-remote
@@ -26,13 +26,15 @@ os=$(cat "$__global/explorer/os")
 mkdir "$__object/files"
 # file has to be sorted for comparison with `comm`
 sort "$__object/parameter/group" > "$__object/files/group.sorted"
+# Use local sort for remote groups
+sort "$__object/explorer/group" > "$__object/files/group-remote.sorted"
 
 case "$state_should" in
    present)
-      changed_groups="$(comm -13 "$__object/explorer/group" "$__object/files/group.sorted")"
+      changed_groups="$(comm -13 "$__object/files/group-remote.sorted" "$__object/files/group.sorted")"
    ;;
    absent)
-      changed_groups="$(comm -12 "$__object/explorer/group" "$__object/files/group.sorted")"
+      changed_groups="$(comm -12 "$__object/files/group-remote.sorted" "$__object/files/group.sorted")"
    ;;
 esac
 

From 3e82b0085b693e6b23f2b613e2f1dd975d67e6dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=BDubom=C3=ADr=20Ku=C4=8Dera?=
 <lubomir.kucera.jr@gmail.com>
Date: Wed, 1 May 2024 12:11:07 +0000
Subject: [PATCH 16/18] Make development version strings PEP 440 compliant
 (#366)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

With current pip (23.1.2) and setuptools (67.7.2) versions, installation
from Git was failing with "Invalid version: '7.0.0-17-ge57cf1e7'"
message. The issue can be reproduced by running the following command
with the latest pip and setuptools installed:

  $ pip install git+https://code.ungleich.ch/ungleich-public/cdist.git@e57cf1e70a3818180b3f54e1e0364ff3b6bbd9cc#egg=cdist

Reviewed-on: https://code.ungleich.ch/ungleich-public/cdist/pulls/366
Co-authored-by: Ľubomír Kučera <lubomir.kucera.jr@gmail.com>
Co-committed-by: Ľubomír Kučera <lubomir.kucera.jr@gmail.com>
---
 bin/cdist-build-helper | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bin/cdist-build-helper b/bin/cdist-build-helper
index cadddae7..6f514ef5 100755
--- a/bin/cdist-build-helper
+++ b/bin/cdist-build-helper
@@ -534,7 +534,8 @@ eof
     ;;
 
     version)
-        printf "VERSION = \"%s\"\n" "$(git describe)" > cdist/version.py
+        target_version="$(git describe | sed 's/-/.dev/; s/-/+/g')"
+        printf "VERSION = \"%s\"\n" "${target_version}" > cdist/version.py
     ;;
 
     target-version)

From 27471a4a82ac29c1a1f3062178a509660d55e732 Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Fri, 2 Aug 2024 12:05:37 +0200
Subject: [PATCH 17/18] [__timezone] add support for openwrt

---
 cdist/conf/type/__timezone/gencode-remote | 9 +++++++++
 cdist/conf/type/__timezone/manifest       | 5 ++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/cdist/conf/type/__timezone/gencode-remote b/cdist/conf/type/__timezone/gencode-remote
index b685c990..d8612986 100755
--- a/cdist/conf/type/__timezone/gencode-remote
+++ b/cdist/conf/type/__timezone/gencode-remote
@@ -34,3 +34,12 @@ case "$os" in
       echo "echo \"$timezone_should\" > /etc/timezone"
    ;;
 esac
+
+case "$os" in
+    openwrt)
+        cat <<EOF
+			uci set system.@system[0].timezone="$timezone_should"
+			uci commit
+EOF
+   ;;
+esac
diff --git a/cdist/conf/type/__timezone/manifest b/cdist/conf/type/__timezone/manifest
index 0eb7fb9c..307bec04 100755
--- a/cdist/conf/type/__timezone/manifest
+++ b/cdist/conf/type/__timezone/manifest
@@ -53,7 +53,10 @@ case "$os" in
                 --file /etc/sysconfig/clock \
                 --delimiter '=' \
                 --value "\"$timezone\""
-    ;;
+        ;;
+    openwrt)
+        : # Uses gencode-remote
+        ;;
     *)
         echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
         echo "Please contribute an implementation for it if you can." >&2

From 912eef6b5dee8fcd3e8b12f78a08572f0c603487 Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Fri, 2 Aug 2024 12:07:22 +0200
Subject: [PATCH 18/18] ++changelog

---
 docs/changelog | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/changelog b/docs/changelog
index 4e9a8a6d..fa741365 100644
--- a/docs/changelog
+++ b/docs/changelog
@@ -1,6 +1,9 @@
 Changelog
 ---------
 
+next:
+	* Type __timezone: Add support for OpenWRT (Nico Schottelius)
+
 7.0.1:
 	* Core: Remove double definition of scan parser (Nico Schottelius)
 	* Type __apt_mark: Narrow down grep for hold packages (marcoduif)