__ssh_authorized_keys: Add --keyfile option

This allows storing keys to add in a file instead of having to hardcode
them in the manifest.

bin/cdist-build-helper

@@ -534,8 +534,7 @@ eof
     ;;
 
     version)
-        target_version="$(git describe | sed 's/-/.dev/; s/-/+/g')"
+        printf "VERSION = \"%s\"\n" "$(git describe)" > cdist/version.py
-        printf "VERSION = \"%s\"\n" "${target_version}" > cdist/version.py
     ;;
 
     target-version)

cdist/argparse.py

@@ -472,6 +472,9 @@ def get_parsers():
     parser['info'].set_defaults(func=cdist.info.Info.commandline)
 
     # Scan = config + further
+    parser['scan'] = parser['sub'].add_parser('scan', add_help=False,
+                                              parents=[parser['config']])
+
     parser['scan'] = parser['sub'].add_parser(
             'scan', parents=[parser['loglevel'],
                              parser['beta'],

cdist/conf/explorer/machine_type

@@ -515,7 +515,7 @@ check_vm_arch_specific() {
 				&& return 0
 			fi
 			if has_cpuinfo \
-				&& grep -q -i -e '^flags.*:.*\(hypervisor\|vmm\)\( \|$\)' /proc/cpuinfo
+				&& grep -q -i -e '^flags.*:.*\(hypervisor\|vmm\)' /proc/cpuinfo
 			then
 				return 0
 			fi

cdist/conf/explorer/os_version

@@ -82,7 +82,6 @@ in
             # ceres versions don't have a number, so we decode by codename:
             case ${devuan_version}
             in
-               (daedalus/ceres) echo 4.99 ;;
                (chimaera/ceres) echo 3.99 ;;
                (beowulf/ceres) echo 2.99 ;;
                (ascii/ceres) echo 1.99 ;;

cdist/conf/type/__apt_mark/explorer/state

@@ -24,4 +24,4 @@ else
     name="$__object_id"
 fi
 
-apt-mark showhold | grep -q "^${name}$" && echo hold || echo unhold
+apt-mark showhold | grep -Fq "$name" && echo hold || echo unhold

cdist/conf/type/__apt_pin/man.rst

@@ -23,7 +23,7 @@ package
    Package name, glob or regular expression to match (multiple) packages. If not specified `__object_id` is used.
 
 priority
-   The priority value to assign to matching packages. Defaults to 500. (To match the default target distro's priority)
+   The priority value to assign to matching packages. Deafults to 500. (To match the default target distro's priority)
 
 state
    Will be passed to underlying `__file` type; see there for valid values and defaults.

cdist/conf/type/__apt_source/manifest

@@ -21,7 +21,6 @@
 name="$__object_id"
 state="$(cat "$__object/parameter/state")"
 uri="$(cat "$__object/parameter/uri")"
-options=""
 
 if [ -f "$__object/parameter/distribution" ]; then
    distribution="$(cat "$__object/parameter/distribution")"

cdist/conf/type/__letsencrypt_cert/manifest

@@ -85,7 +85,7 @@ if [ -z "${certbot_fullpath}" ]; then
 			esac
 		;;
 		freebsd)
-			__package py39-certbot
+			__package py37-certbot
 			certbot_fullpath="/usr/local/bin/certbot"
 		;;
 		ubuntu)

cdist/conf/type/__package_luarocks/manifest

@@ -19,5 +19,5 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
-__package luarocks --state present
+__package luarocks --state installed
-__package make --state present
+__package make --state installed

cdist/conf/type/__ssh_authorized_keys/man.rst

@@ -27,7 +27,16 @@ key
    Must be a string containing the ssh keytype, base 64 encoded key and
    optional trailing comment which shall be added to the given
    authorized_keys file.
-   Can be specified multiple times.
+
+   Can be specified multiple times. Either --key or --keyfile must be
+   specified.
+
+keyfile
+   A file containing one or more SSH keys (one per line, just like the
+   regular authorized_keys file).
+
+   Can be specified multiple times. Either --key or --keyfile must be
+   specified.
 
 
 OPTIONAL PARAMETERS

cdist/conf/type/__ssh_authorized_keys/manifest

@@ -23,6 +23,11 @@ owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
 state="$(cat "$__object/parameter/state" 2>/dev/null)"
 file="$(cat "$__object/explorer/file")"
 
+if [ ! -f "$__object/parameter/key" -a ! -f "$__object/parameter/keyfile" ]; then
+   echo "At least one of --key or --keyfile must be specified" >&2
+   exit 1
+fi
+
 if [ ! -f "$__object/parameter/nofile" ] && [ -z "$file" ]
 then
 	echo "Cannot determine path of authorized_keys file" >&2
@@ -59,7 +64,17 @@ _type_and_key() {
    echo "$1" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }'
 }
 
-while read -r key; do
+(
+   if [ -f "$__object/parameter/key" ]; then
+      cat "$__object/parameter/key"
+   fi
+
+   if [ -f "$__object/parameter/keyfile" ]; then
+      while read filename; do
+         cat "$filename"
+      done < "$__object/parameter/keyfile"
+   fi
+) | while read -r key; do
    type_and_key="$( _type_and_key "$key" )"
    object_id="$(_cksum "$file")-$(_cksum "$type_and_key")"
    set -- "$object_id"
@@ -75,7 +90,7 @@ while read -r key; do
    fi
    # Ensure __ssh_authorized_key does not read stdin
    __ssh_authorized_key "$@" < /dev/null
-done < "$__object/parameter/key"
+done
 
 if [ -f "$__object/parameter/remove-unknown" ] &&
     [ -s "$__object/explorer/keys" ]

cdist/conf/type/__ssh_authorized_keys/parameter/optional_multiple

@@ -1 +1,3 @@
 option
+key
+keyfile

cdist/conf/type/__ssh_authorized_keys/parameter/required_multiple

@@ -1 +0,0 @@
-key

cdist/conf/type/__timezone/gencode-remote

@@ -34,12 +34,3 @@ case "$os" in
       echo "echo \"$timezone_should\" > /etc/timezone"
    ;;
 esac
-
-case "$os" in
-    openwrt)
-        cat <<EOF
-			uci set system.@system[0].timezone="$timezone_should"
-			uci commit
-EOF
-   ;;
-esac

cdist/conf/type/__timezone/manifest

@@ -53,10 +53,7 @@ case "$os" in
                 --file /etc/sysconfig/clock \
                 --delimiter '=' \
                 --value "\"$timezone\""
-        ;;
+    ;;
-    openwrt)
-        : # Uses gencode-remote
-        ;;
     *)
         echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
         echo "Please contribute an implementation for it if you can." >&2

cdist/conf/type/__user_groups/explorer/group

@@ -20,4 +20,4 @@
 
 user="$(cat "$__object/parameter/user" 2>/dev/null || echo "$__object_id")"
 
-(id -G -n "$user" | tr ' ' '\n') 2>/dev/null || true
+(id -G -n "$user" | tr ' ' '\n' | sort) 2>/dev/null || true

cdist/conf/type/__user_groups/gencode-remote

@@ -26,15 +26,13 @@ os=$(cat "$__global/explorer/os")
 mkdir "$__object/files"
 # file has to be sorted for comparison with `comm`
 sort "$__object/parameter/group" > "$__object/files/group.sorted"
-# Use local sort for remote groups
-sort "$__object/explorer/group" > "$__object/files/group-remote.sorted"
 
 case "$state_should" in
    present)
-      changed_groups="$(comm -13 "$__object/files/group-remote.sorted" "$__object/files/group.sorted")"
+      changed_groups="$(comm -13 "$__object/explorer/group" "$__object/files/group.sorted")"
    ;;
    absent)
-      changed_groups="$(comm -12 "$__object/files/group-remote.sorted" "$__object/files/group.sorted")"
+      changed_groups="$(comm -12 "$__object/explorer/group" "$__object/files/group.sorted")"
    ;;
 esac
 

docs/changelog

@@ -1,17 +1,6 @@
 Changelog
 ---------
 
-next:
-	* Type __timezone: Add support for OpenWRT (Nico Schottelius)
-
-7.0.1:
-	* Core: Remove double definition of scan parser (Nico Schottelius)
-	* Type __apt_mark: Narrow down grep for hold packages (marcoduif)
-	* Type __apt_source: Set required options variable (Mark Verboom)
-	* Type __letsencrypt_cert: Update python version (Michelle)
-	* Explorer os_version: Add support for Daedalus (Michelle)
-	* Explorer machine_type: Correct incorrect VMM matching (Mark Verboom)
-
 7.0.0: 2022-07-31
 	* Explorer machine_type: Rewrite (Dennis Camera)
 	* New type: __sed (Ander Punnar)