Compare commits
1 commit
Author | SHA1 | Date | |
---|---|---|---|
282e051c00 |
394 changed files with 3025 additions and 11534 deletions
2
.gitattributes
vendored
2
.gitattributes
vendored
|
@ -4,5 +4,5 @@
|
|||
docs/speeches export-ignore
|
||||
docs/video export-ignore
|
||||
docs/src/man7 export-ignore
|
||||
bin/cdist-build-helper export-ignore
|
||||
bin/build-helper export-ignore
|
||||
README-maintainers export-ignore
|
||||
|
|
|
@ -1,23 +1,18 @@
|
|||
---
|
||||
image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest
|
||||
|
||||
stages:
|
||||
- test
|
||||
|
||||
before_script:
|
||||
- ./bin/cdist-build-helper version
|
||||
|
||||
shellcheck:
|
||||
stage: test
|
||||
script:
|
||||
- ./bin/cdist-build-helper shellcheck
|
||||
|
||||
pycodestyle:
|
||||
stage: test
|
||||
script:
|
||||
- ./bin/cdist-build-helper pycodestyle
|
||||
|
||||
unit_tests:
|
||||
stage: test
|
||||
script:
|
||||
- ./bin/cdist-build-helper test
|
||||
- ./bin/build-helper version
|
||||
- ./bin/build-helper test
|
||||
|
||||
pycodestyle:
|
||||
stage: test
|
||||
script:
|
||||
- ./bin/build-helper pycodestyle
|
||||
|
||||
shellcheck:
|
||||
stage: test
|
||||
script:
|
||||
- ./bin/build-helper shellcheck
|
||||
|
|
10
Makefile
10
Makefile
|
@ -35,9 +35,9 @@ DOCS_SRC_DIR=./docs/src
|
|||
SPEECHDIR=./docs/speeches
|
||||
TYPEDIR=./cdist/conf/type
|
||||
|
||||
SPHINXM=$(MAKE) -C $(DOCS_SRC_DIR) man
|
||||
SPHINXH=$(MAKE) -C $(DOCS_SRC_DIR) html
|
||||
SPHINXC=$(MAKE) -C $(DOCS_SRC_DIR) clean
|
||||
SPHINXM=make -C $(DOCS_SRC_DIR) man
|
||||
SPHINXH=make -C $(DOCS_SRC_DIR) html
|
||||
SPHINXC=make -C $(DOCS_SRC_DIR) clean
|
||||
|
||||
################################################################################
|
||||
# Manpages
|
||||
|
@ -81,7 +81,7 @@ version:
|
|||
}
|
||||
|
||||
# Manpages #3: generic part
|
||||
man: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF)
|
||||
man: version $(MANTYPES) $(DOCSREF)
|
||||
$(SPHINXM)
|
||||
|
||||
html: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF)
|
||||
|
@ -104,7 +104,7 @@ DOTMANTYPES=$(subst /man.rst,.rst,$(DOTMANTYPEPREFIX))
|
|||
$(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst
|
||||
ln -sf "$^" $@
|
||||
|
||||
dotman: version configskel $(DOTMANTYPES) $(DOCSREF) $(DOCSTYPESREF)
|
||||
dotman: version $(DOTMANTYPES)
|
||||
$(SPHINXM)
|
||||
|
||||
################################################################################
|
||||
|
|
7
README
Normal file
7
README
Normal file
|
@ -0,0 +1,7 @@
|
|||
cdist
|
||||
-----
|
||||
|
||||
cdist is a usable configuration management system.
|
||||
|
||||
For the web documentation have a look at https://www.cdi.st/
|
||||
or at docs/src for reStructuredText manual.
|
|
@ -1,4 +1,4 @@
|
|||
Maintainers should use ./bin/cdist-build-helper script.
|
||||
Maintainers should use ./bin/build-helper script.
|
||||
|
||||
Makefile is intended for end users. It can be used for non-maintaining
|
||||
targets that can be run from pure source (without git repository).
|
||||
|
|
31
README.md
31
README.md
|
@ -1,31 +0,0 @@
|
|||
# cdist
|
||||
|
||||
**cdist** is a usable configuration management system.
|
||||
|
||||
It adheres to the [**KISS principle**](https://en.wikipedia.org/wiki/KISS_principle)
|
||||
and is being used in small up to enterprise grade environments.
|
||||
|
||||
For more information have a look at [**homepage**](https://cdi.st)
|
||||
or at **``docs/src``** for manual in **reStructuredText** format.
|
||||
|
||||
## Contributing
|
||||
|
||||
Merge/Pull requests can be made in both
|
||||
[upstream **GitLab**](https://code.ungleich.ch/ungleich-public/cdist/merge_requests)
|
||||
(managed by [**ungleich**](https://ungleich.ch))
|
||||
and [**GitHub** project](https://github.com/ungleich/cdist/pulls).
|
||||
|
||||
Issues can be made and other project management activites happen
|
||||
[**only in GitLab**](https://code.ungleich.ch/ungleich-public/cdist)
|
||||
(needs [**ungleich** account](https://account.ungleich.ch)).
|
||||
|
||||
For community-maintained types there is
|
||||
[**cdist-contrib** project](https://code.ungleich.ch/ungleich-public/cdist-contrib).
|
||||
|
||||
## Participating
|
||||
|
||||
IRC: ``#cdist`` @ [libera](https://libera.chat)
|
||||
|
||||
Matrix: ``#cdist:ungleich.ch``
|
||||
|
||||
Matrix and IRC are bridged.
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# 2011-2022 Nico Schottelius (nico-cdist at schottelius.org)
|
||||
# 2011-2013 Nico Schottelius (nico-cdist at schottelius.org)
|
||||
# 2016-2019 Darko Poljak (darko.poljak at gmail.com)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
|
@ -45,7 +45,7 @@ usage() {
|
|||
shellcheck-manifests
|
||||
shellcheck-local-gencodes
|
||||
shellcheck-remote-gencodes
|
||||
shellcheck-bin
|
||||
shellcheck-scripts
|
||||
shellcheck-gencodes
|
||||
shellcheck-types
|
||||
shellcheck
|
||||
|
@ -100,7 +100,7 @@ case "$option" in
|
|||
if (\$0 ~ /^$end/) {
|
||||
exit
|
||||
} else {
|
||||
print \$0
|
||||
print \$0
|
||||
}
|
||||
}
|
||||
}" "$basedir/docs/changelog"
|
||||
|
@ -135,7 +135,7 @@ case "$option" in
|
|||
|
||||
version=$1; shift
|
||||
|
||||
(
|
||||
(
|
||||
cat << eof
|
||||
Subject: cdist $version has been released
|
||||
|
||||
|
@ -336,7 +336,7 @@ eof
|
|||
make docs-clean
|
||||
make docs
|
||||
|
||||
#############################################################
|
||||
#############################################################
|
||||
# Everything green, let's do the release
|
||||
|
||||
# Tag the current commit
|
||||
|
@ -371,6 +371,7 @@ eof
|
|||
Manual steps post release:
|
||||
- cdist-web
|
||||
- send generated mailinglist.tmp mail
|
||||
- twitter
|
||||
eof
|
||||
;;
|
||||
|
||||
|
@ -405,7 +406,7 @@ eof
|
|||
;;
|
||||
|
||||
pycodestyle|pep8)
|
||||
pycodestyle "${basedir}" "${basedir}/bin/cdist"
|
||||
pycodestyle "${basedir}" "${basedir}/scripts/cdist"
|
||||
;;
|
||||
|
||||
check-pycodestyle)
|
||||
|
@ -460,34 +461,27 @@ eof
|
|||
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
|
||||
;;
|
||||
|
||||
# NOTE: shellcheck-scripts is kept for compatibility
|
||||
shellcheck-bin|shellcheck-scripts)
|
||||
shellcheck-scripts)
|
||||
# shellcheck disable=SC2086
|
||||
${SHELLCHECKCMD} bin/cdist-dump bin/cdist-new-type > "${SHELLCHECKTMP}"
|
||||
${SHELLCHECKCMD} scripts/cdist-dump scripts/cdist-new-type > "${SHELLCHECKTMP}"
|
||||
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
|
||||
;;
|
||||
|
||||
shellcheck-gencodes)
|
||||
errors=false
|
||||
"$0" shellcheck-local-gencodes || errors=true
|
||||
"$0" shellcheck-remote-gencodes || errors=true
|
||||
! $errors || exit 1
|
||||
"$0" shellcheck-local-gencodes || exit 1
|
||||
"$0" shellcheck-remote-gencodes || exit 1
|
||||
;;
|
||||
|
||||
shellcheck-types)
|
||||
errors=false
|
||||
"$0" shellcheck-type-explorers || errors=true
|
||||
"$0" shellcheck-manifests || errors=true
|
||||
"$0" shellcheck-gencodes || errors=true
|
||||
! $errors || exit 1
|
||||
"$0" shellcheck-type-explorers || exit 1
|
||||
"$0" shellcheck-manifests || exit 1
|
||||
"$0" shellcheck-gencodes || exit 1
|
||||
;;
|
||||
|
||||
shellcheck)
|
||||
errors=false
|
||||
"$0" shellcheck-global-explorers || errors=true
|
||||
"$0" shellcheck-types || errors=true
|
||||
"$0" shellcheck-bin || errors=true
|
||||
! $errors || exit 1
|
||||
"$0" shellcheck-global-explorers || exit 1
|
||||
"$0" shellcheck-types || exit 1
|
||||
"$0" shellcheck-scripts || exit 1
|
||||
;;
|
||||
|
||||
shellcheck-type-files)
|
||||
|
@ -497,14 +491,12 @@ eof
|
|||
;;
|
||||
|
||||
shellcheck-with-files)
|
||||
errors=false
|
||||
"$0" shellcheck || errors=true
|
||||
"$0" shellcheck-type-files || errors=true
|
||||
! $errors || exit 1
|
||||
"$0" shellcheck || exit 1
|
||||
"$0" shellcheck-type-files || exit 1
|
||||
;;
|
||||
|
||||
shellcheck-build-helper)
|
||||
${SHELLCHECKCMD} ./bin/cdist-build-helper
|
||||
${SHELLCHECKCMD} ./bin/build-helper
|
||||
;;
|
||||
|
||||
check-shellcheck)
|
||||
|
@ -534,8 +526,7 @@ eof
|
|||
;;
|
||||
|
||||
version)
|
||||
target_version="$(git describe | sed 's/-/.dev/; s/-/+/g')"
|
||||
printf "VERSION = \"%s\"\n" "${target_version}" > cdist/version.py
|
||||
printf "VERSION = \"%s\"\n" "$(git describe)" > cdist/version.py
|
||||
;;
|
||||
|
||||
target-version)
|
90
bin/cdist
90
bin/cdist
|
@ -1,8 +1,7 @@
|
|||
#!/usr/bin/env python3
|
||||
#!/bin/sh
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# 2010-2016 Nico Schottelius (nico-cdist at schottelius.org)
|
||||
# 2016 Darko Poljak (darko.poljak at gmail.com)
|
||||
# 2012 Nico Schottelius (nico-cdist at schottelius.org)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
|
@ -21,83 +20,14 @@
|
|||
#
|
||||
#
|
||||
|
||||
import logging
|
||||
import os
|
||||
import sys
|
||||
# Wrapper for real script to allow execution from checkout
|
||||
dir=${0%/*}
|
||||
|
||||
# See if this file's parent is cdist module
|
||||
# and if so add it to module search path.
|
||||
cdist_dir = os.path.realpath(
|
||||
os.path.join(
|
||||
os.path.dirname(os.path.realpath(__file__)),
|
||||
os.pardir))
|
||||
cdist_init_dir = os.path.join(cdist_dir, 'cdist', '__init__.py')
|
||||
if os.path.exists(cdist_init_dir):
|
||||
sys.path.insert(0, cdist_dir)
|
||||
# Ensure version is present - the bundled/shipped version contains a static version,
|
||||
# the git version contains a dynamic version
|
||||
"$dir/build-helper" version
|
||||
|
||||
import cdist # noqa 402
|
||||
import cdist.argparse # noqa 402
|
||||
import cdist.banner # noqa 402
|
||||
import cdist.config # noqa 402
|
||||
import cdist.install # noqa 402
|
||||
import cdist.shell # noqa 402
|
||||
import cdist.inventory # noqa 402
|
||||
libdir=$(cd "${dir}/../" && pwd -P)
|
||||
export PYTHONPATH="${libdir}"
|
||||
|
||||
|
||||
def commandline():
|
||||
"""Parse command line"""
|
||||
|
||||
# preos subcommand hack
|
||||
if len(sys.argv) > 1 and sys.argv[1] == 'preos':
|
||||
return cdist.preos.PreOS.commandline(sys.argv[1:])
|
||||
parser, cfg = cdist.argparse.parse_and_configure(sys.argv[1:])
|
||||
args = cfg.get_args()
|
||||
|
||||
# Work around python 3.3 bug:
|
||||
# http://bugs.python.org/issue16308
|
||||
# http://bugs.python.org/issue9253
|
||||
|
||||
# FIXME: catching AttributeError also hides
|
||||
# real problems.. try a different way
|
||||
|
||||
# FIXME: we always print main help, not
|
||||
# the help of the actual parser being used!
|
||||
try:
|
||||
getattr(args, "func")
|
||||
except AttributeError:
|
||||
parser['main'].print_help()
|
||||
sys.exit(0)
|
||||
|
||||
args.func(args)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
if sys.version_info[:3] < cdist.MIN_SUPPORTED_PYTHON_VERSION:
|
||||
print(
|
||||
'Python >= {} is required on the source host.'.format(
|
||||
".".join(map(str, cdist.MIN_SUPPORTED_PYTHON_VERSION))),
|
||||
file=sys.stderr)
|
||||
sys.exit(1)
|
||||
|
||||
exit_code = 0
|
||||
|
||||
try:
|
||||
import re
|
||||
import os
|
||||
|
||||
if re.match("__", os.path.basename(sys.argv[0])):
|
||||
import cdist.emulator
|
||||
emulator = cdist.emulator.Emulator(sys.argv)
|
||||
emulator.run()
|
||||
else:
|
||||
commandline()
|
||||
|
||||
except KeyboardInterrupt:
|
||||
exit_code = 2
|
||||
|
||||
except cdist.Error as e:
|
||||
log = logging.getLogger("cdist")
|
||||
log.error(e)
|
||||
exit_code = 1
|
||||
|
||||
sys.exit(exit_code)
|
||||
"$dir/../scripts/cdist" "$@"
|
||||
|
|
|
@ -22,27 +22,11 @@
|
|||
|
||||
import os
|
||||
import hashlib
|
||||
import subprocess
|
||||
|
||||
import cdist.log
|
||||
import cdist.version
|
||||
|
||||
|
||||
VERSION = 'unknown version'
|
||||
|
||||
try:
|
||||
import cdist.version
|
||||
VERSION = cdist.version.VERSION
|
||||
except ModuleNotFoundError:
|
||||
cdist_dir = os.path.abspath(
|
||||
os.path.join(os.path.dirname(__file__), os.pardir))
|
||||
if os.path.isdir(os.path.join(cdist_dir, '.git')):
|
||||
try:
|
||||
VERSION = subprocess.check_output(
|
||||
['git', 'describe', '--always'],
|
||||
cwd=cdist_dir,
|
||||
universal_newlines=True)
|
||||
except Exception:
|
||||
pass
|
||||
VERSION = cdist.version.VERSION
|
||||
|
||||
BANNER = """
|
||||
.. . .x+=:. s
|
||||
|
@ -64,9 +48,6 @@ REMOTE_EXEC = "ssh -o User=root"
|
|||
REMOTE_CMDS_CLEANUP_PATTERN = "ssh -o User=root -O exit -S {}"
|
||||
|
||||
|
||||
MIN_SUPPORTED_PYTHON_VERSION = (3, 5)
|
||||
|
||||
|
||||
class Error(Exception):
|
||||
"""Base exception class for this project"""
|
||||
pass
|
||||
|
|
|
@ -5,14 +5,12 @@ import logging
|
|||
import collections
|
||||
import functools
|
||||
import cdist.configuration
|
||||
import cdist.log
|
||||
import cdist.preos
|
||||
import cdist.info
|
||||
import cdist.scan.commandline
|
||||
|
||||
|
||||
# set of beta sub-commands
|
||||
BETA_COMMANDS = set(('install', 'inventory', 'scan', ))
|
||||
BETA_COMMANDS = set(('install', 'inventory', ))
|
||||
# set of beta arguments for sub-commands
|
||||
BETA_ARGS = {
|
||||
'config': set(('tag', 'all_tagged_hosts', 'use_archiving', )),
|
||||
|
@ -127,14 +125,6 @@ def get_parsers():
|
|||
'value.'),
|
||||
action='count', default=None)
|
||||
|
||||
parser['colored_output'] = argparse.ArgumentParser(add_help=False)
|
||||
parser['colored_output'].add_argument(
|
||||
'--colors', metavar='WHEN',
|
||||
help="Colorize cdist's output based on log level; "
|
||||
"WHEN is 'always', 'never', or 'auto'.",
|
||||
action='store', dest='colored_output', required=False,
|
||||
choices=cdist.configuration.ColoredOutputOption.CHOICES)
|
||||
|
||||
parser['beta'] = argparse.ArgumentParser(add_help=False)
|
||||
parser['beta'].add_argument(
|
||||
'-b', '--beta',
|
||||
|
@ -207,13 +197,6 @@ def get_parsers():
|
|||
'supported. Without argument CPU count is used by default. '),
|
||||
action='store', dest='jobs',
|
||||
const=multiprocessing.cpu_count())
|
||||
parser['config_main'].add_argument(
|
||||
'--log-server',
|
||||
action='store_true',
|
||||
help=('Start a log server for sub processes to use. '
|
||||
'This is mainly useful when running cdist nested '
|
||||
'from a code-local script. Log server is alwasy '
|
||||
'implicitly started for \'install\' command.'))
|
||||
parser['config_main'].add_argument(
|
||||
'-n', '--dry-run',
|
||||
help='Do not execute code.', action='store_true')
|
||||
|
@ -274,7 +257,8 @@ def get_parsers():
|
|||
'-f', '--file',
|
||||
help=('Read specified file for a list of additional hosts to '
|
||||
'operate on or if \'-\' is given, read stdin (one host per '
|
||||
'line).'),
|
||||
'line). If no host or host file is specified then, by '
|
||||
'default, read hosts from stdin.'),
|
||||
dest='hostfile', required=False)
|
||||
parser['config_args'].add_argument(
|
||||
'-p', '--parallel', nargs='?', metavar='HOST_MAX',
|
||||
|
@ -299,7 +283,6 @@ def get_parsers():
|
|||
'host', nargs='*', help='Host(s) to operate on.')
|
||||
parser['config'] = parser['sub'].add_parser(
|
||||
'config', parents=[parser['loglevel'], parser['beta'],
|
||||
parser['colored_output'],
|
||||
parser['common'],
|
||||
parser['config_main'],
|
||||
parser['inventory_common'],
|
||||
|
@ -318,7 +301,6 @@ def get_parsers():
|
|||
|
||||
parser['add-host'] = parser['invsub'].add_parser(
|
||||
'add-host', parents=[parser['loglevel'], parser['beta'],
|
||||
parser['colored_output'],
|
||||
parser['common'],
|
||||
parser['inventory_common']])
|
||||
parser['add-host'].add_argument(
|
||||
|
@ -326,12 +308,13 @@ def get_parsers():
|
|||
parser['add-host'].add_argument(
|
||||
'-f', '--file',
|
||||
help=('Read additional hosts to add from specified file '
|
||||
'or from stdin if \'-\' (each host on separate line). '),
|
||||
'or from stdin if \'-\' (each host on separate line). '
|
||||
'If no host or host file is specified then, by default, '
|
||||
'read from stdin.'),
|
||||
dest='hostfile', required=False)
|
||||
|
||||
parser['add-tag'] = parser['invsub'].add_parser(
|
||||
'add-tag', parents=[parser['loglevel'], parser['beta'],
|
||||
parser['colored_output'],
|
||||
parser['common'],
|
||||
parser['inventory_common']])
|
||||
parser['add-tag'].add_argument(
|
||||
|
@ -340,12 +323,20 @@ def get_parsers():
|
|||
parser['add-tag'].add_argument(
|
||||
'-f', '--file',
|
||||
help=('Read additional hosts to add tags from specified file '
|
||||
'or from stdin if \'-\' (each host on separate line). '),
|
||||
'or from stdin if \'-\' (each host on separate line). '
|
||||
'If no host or host file is specified then, by default, '
|
||||
'read from stdin. If no tags/tagfile nor hosts/hostfile'
|
||||
' are specified then tags are read from stdin and are'
|
||||
' added to all hosts.'),
|
||||
dest='hostfile', required=False)
|
||||
parser['add-tag'].add_argument(
|
||||
'-T', '--tag-file',
|
||||
help=('Read additional tags to add from specified file '
|
||||
'or from stdin if \'-\' (each tag on separate line). '),
|
||||
'or from stdin if \'-\' (each tag on separate line). '
|
||||
'If no tag or tag file is specified then, by default, '
|
||||
'read from stdin. If no tags/tagfile nor hosts/hostfile'
|
||||
' are specified then tags are read from stdin and are'
|
||||
' added to all hosts.'),
|
||||
dest='tagfile', required=False)
|
||||
parser['add-tag'].add_argument(
|
||||
'-t', '--taglist',
|
||||
|
@ -355,7 +346,6 @@ def get_parsers():
|
|||
|
||||
parser['del-host'] = parser['invsub'].add_parser(
|
||||
'del-host', parents=[parser['loglevel'], parser['beta'],
|
||||
parser['colored_output'],
|
||||
parser['common'],
|
||||
parser['inventory_common']])
|
||||
parser['del-host'].add_argument(
|
||||
|
@ -366,12 +356,13 @@ def get_parsers():
|
|||
parser['del-host'].add_argument(
|
||||
'-f', '--file',
|
||||
help=('Read additional hosts to delete from specified file '
|
||||
'or from stdin if \'-\' (each host on separate line). '),
|
||||
'or from stdin if \'-\' (each host on separate line). '
|
||||
'If no host or host file is specified then, by default, '
|
||||
'read from stdin.'),
|
||||
dest='hostfile', required=False)
|
||||
|
||||
parser['del-tag'] = parser['invsub'].add_parser(
|
||||
'del-tag', parents=[parser['loglevel'], parser['beta'],
|
||||
parser['colored_output'],
|
||||
parser['common'],
|
||||
parser['inventory_common']])
|
||||
parser['del-tag'].add_argument(
|
||||
|
@ -384,13 +375,20 @@ def get_parsers():
|
|||
parser['del-tag'].add_argument(
|
||||
'-f', '--file',
|
||||
help=('Read additional hosts to delete tags for from specified '
|
||||
'file or from stdin if \'-\' (each host on separate '
|
||||
'line). '),
|
||||
'file or from stdin if \'-\' (each host on separate line). '
|
||||
'If no host or host file is specified then, by default, '
|
||||
'read from stdin. If no tags/tagfile nor hosts/hostfile'
|
||||
' are specified then tags are read from stdin and are'
|
||||
' deleted from all hosts.'),
|
||||
dest='hostfile', required=False)
|
||||
parser['del-tag'].add_argument(
|
||||
'-T', '--tag-file',
|
||||
help=('Read additional tags from specified file '
|
||||
'or from stdin if \'-\' (each tag on separate line). '),
|
||||
'or from stdin if \'-\' (each tag on separate line). '
|
||||
'If no tag or tag file is specified then, by default, '
|
||||
'read from stdin. If no tags/tagfile nor'
|
||||
' hosts/hostfile are specified then tags are read from'
|
||||
' stdin and are added to all hosts.'),
|
||||
dest='tagfile', required=False)
|
||||
parser['del-tag'].add_argument(
|
||||
'-t', '--taglist',
|
||||
|
@ -400,7 +398,6 @@ def get_parsers():
|
|||
|
||||
parser['list'] = parser['invsub'].add_parser(
|
||||
'list', parents=[parser['loglevel'], parser['beta'],
|
||||
parser['colored_output'],
|
||||
parser['common'],
|
||||
parser['inventory_common']])
|
||||
parser['list'].add_argument(
|
||||
|
@ -433,7 +430,7 @@ def get_parsers():
|
|||
|
||||
# Shell
|
||||
parser['shell'] = parser['sub'].add_parser(
|
||||
'shell', parents=[parser['loglevel'], parser['colored_output']])
|
||||
'shell', parents=[parser['loglevel']])
|
||||
parser['shell'].add_argument(
|
||||
'-s', '--shell',
|
||||
help=('Select shell to use, defaults to current shell. Used shell'
|
||||
|
@ -471,44 +468,6 @@ def get_parsers():
|
|||
'pattern', nargs='?', help='Glob pattern.')
|
||||
parser['info'].set_defaults(func=cdist.info.Info.commandline)
|
||||
|
||||
# Scan = config + further
|
||||
parser['scan'] = parser['sub'].add_parser(
|
||||
'scan', parents=[parser['loglevel'],
|
||||
parser['beta'],
|
||||
parser['colored_output'],
|
||||
parser['common'],
|
||||
parser['config_main']])
|
||||
|
||||
parser['scan'].add_argument(
|
||||
'-m', '--mode', help='Which modes should run',
|
||||
action='append', default=[],
|
||||
choices=['scan', 'trigger', 'config'])
|
||||
parser['scan'].add_argument(
|
||||
'--list',
|
||||
action='store_true',
|
||||
help='List the known hosts and exit')
|
||||
parser['scan'].add_argument(
|
||||
'--config',
|
||||
action='store_true',
|
||||
help='Try to configure detected hosts')
|
||||
parser['scan'].add_argument(
|
||||
'-I', '--interface',
|
||||
action='append', default=[], required=True,
|
||||
help='On which interfaces to scan/trigger')
|
||||
parser['scan'].add_argument(
|
||||
'--name-mapper',
|
||||
action='store', default=None,
|
||||
help='Map addresses to names, required for config mode')
|
||||
parser['scan'].add_argument(
|
||||
'-d', '--config-delay',
|
||||
action='store', default=3600, type=int,
|
||||
help='How long (seconds) to wait before reconfiguring after last try')
|
||||
parser['scan'].add_argument(
|
||||
'-t', '--trigger-delay',
|
||||
action='store', default=5, type=int,
|
||||
help='How long (seconds) to wait between ICMPv6 echo requests')
|
||||
parser['scan'].set_defaults(func=cdist.scan.commandline.commandline)
|
||||
|
||||
for p in parser:
|
||||
parser[p].epilog = EPILOG
|
||||
|
||||
|
@ -519,12 +478,7 @@ def handle_loglevel(args):
|
|||
if hasattr(args, 'quiet') and args.quiet:
|
||||
args.verbose = _verbosity_level_off
|
||||
|
||||
logging.getLogger().setLevel(_verbosity_level[args.verbose])
|
||||
|
||||
|
||||
def handle_log_colors(args):
|
||||
if cdist.configuration.ColoredOutputOption.translate(args.colored_output):
|
||||
cdist.log.CdistFormatter.USE_COLORS = True
|
||||
logging.root.setLevel(_verbosity_level[args.verbose])
|
||||
|
||||
|
||||
def parse_and_configure(argv, singleton=True):
|
||||
|
@ -538,14 +492,13 @@ def parse_and_configure(argv, singleton=True):
|
|||
raise cdist.Error(str(e))
|
||||
# Loglevels are handled globally in here
|
||||
handle_loglevel(args)
|
||||
handle_log_colors(args)
|
||||
|
||||
log = logging.getLogger("cdist")
|
||||
|
||||
log.verbose("version %s", cdist.VERSION)
|
||||
log.trace('command line args: %s', cfg.command_line_args)
|
||||
log.trace('configuration: %s', cfg.get_config())
|
||||
log.trace('configured args: %s', args)
|
||||
log.verbose("version %s" % cdist.VERSION)
|
||||
log.trace('command line args: {}'.format(cfg.command_line_args))
|
||||
log.trace('configuration: {}'.format(cfg.get_config()))
|
||||
log.trace('configured args: {}'.format(args))
|
||||
|
||||
check_beta(vars(args))
|
||||
|
||||
|
|
|
@ -32,11 +32,6 @@ case "$os" in
|
|||
sysctl -n hw.ncpuonline
|
||||
;;
|
||||
|
||||
"freebsd"|"netbsd")
|
||||
PATH=$(getconf PATH)
|
||||
sysctl -n hw.ncpu
|
||||
;;
|
||||
|
||||
*)
|
||||
if [ -r /proc/cpuinfo ]; then
|
||||
cores="$(grep "core id" /proc/cpuinfo | sort | uniq | wc -l)"
|
||||
|
|
|
@ -30,8 +30,9 @@ case $uname_s in
|
|||
sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+'
|
||||
;;
|
||||
NetBSD)
|
||||
PATH=$(getconf PATH)
|
||||
sysctl -n hw.disknames | awk -v RS=' ' '/^[lsw]d[0-9]+/'
|
||||
PATH="${PATH}:/usr/local/sbin:/usr/sbin:/sbin"
|
||||
sysctl -n hw.disknames \
|
||||
| awk 'BEGIN { RS = " " } /^[lsw]d[0-9]+/'
|
||||
;;
|
||||
Linux)
|
||||
# list of major device numbers toexclude:
|
||||
|
|
|
@ -221,7 +221,6 @@ check_systemstarter() {
|
|||
|
||||
check_sysvinit() (
|
||||
init_path=${1:-/sbin/init}
|
||||
test -x "${init_path}" || return 1
|
||||
grep -q 'INIT_VERSION=sysvinit-[0-9.]*' "${init_path}" || return 1
|
||||
|
||||
# It is quite common to use SysVinit to stack other init systemd
|
||||
|
|
|
@ -21,9 +21,6 @@
|
|||
|
||||
set +e
|
||||
case "$("$__explorer/os")" in
|
||||
checkpoint)
|
||||
awk '{printf("%s\n", $(NF-1))}' /etc/cp-release
|
||||
;;
|
||||
openwrt)
|
||||
# shellcheck disable=SC1091
|
||||
(. /etc/openwrt_release && echo "$DISTRIB_CODENAME")
|
||||
|
|
|
@ -21,9 +21,6 @@
|
|||
|
||||
set +e
|
||||
case "$("$__explorer/os")" in
|
||||
checkpoint)
|
||||
cat /etc/cp-release
|
||||
;;
|
||||
openwrt)
|
||||
# shellcheck disable=SC1091
|
||||
(. /etc/openwrt_release && echo "$DISTRIB_DESCRIPTION")
|
||||
|
|
|
@ -21,9 +21,6 @@
|
|||
|
||||
set +e
|
||||
case "$("$__explorer/os")" in
|
||||
checkpoint)
|
||||
echo "CheckPoint"
|
||||
;;
|
||||
openwrt)
|
||||
# shellcheck disable=SC1091
|
||||
(. /etc/openwrt_release && echo "$DISTRIB_ID")
|
||||
|
|
|
@ -21,9 +21,6 @@
|
|||
|
||||
set +e
|
||||
case "$("$__explorer/os")" in
|
||||
checkpoint)
|
||||
sed /etc/cp-release -e 's/.* R\([1-9][0-9]*\)\.[0-9]*$/\1/'
|
||||
;;
|
||||
openwrt)
|
||||
# shellcheck disable=SC1091
|
||||
(. /etc/openwrt_release && echo "$DISTRIB_RELEASE")
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,9 +1,8 @@
|
|||
#!/bin/sh -e
|
||||
#!/bin/sh
|
||||
#
|
||||
# 2014 Daniel Heule (hda at sfs.biz)
|
||||
# 2014 Thomas Oettli (otho at sfs.biz)
|
||||
# Copyright 2017, Philippe Gregoire <pg@pgregoire.xyz>
|
||||
# 2020 Dennis Camera <dennis.camera at ssrq-sds-fds.ch>
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
|
@ -20,73 +19,23 @@
|
|||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# Returns the amount of memory physically installed in the system, or if that
|
||||
# cannot be determined the amount available to the operating system kernel,
|
||||
# in kibibytes (kiB).
|
||||
#
|
||||
|
||||
str2bytes() {
|
||||
awk -F' ' '
|
||||
$2 == "B" || !$2 { print $1 }
|
||||
$2 == "kB" { printf "%.f\n", ($1 * 1000) }
|
||||
$2 == "MB" { printf "%.f\n", ($1 * 1000 * 1000) }
|
||||
$2 == "GB" { printf "%.f\n", ($1 * 1000 * 1000 * 1000) }
|
||||
$2 == "TB" { printf "%.f\n", ($1 * 1000 * 1000 * 1000 * 1000) }
|
||||
$2 == "kiB" { printf "%.f\n", ($1 * 1024) }
|
||||
$2 == "MiB" { printf "%.f\n", ($1 * 1024 * 1024) }
|
||||
$2 == "GiB" { printf "%.f\n", ($1 * 1024 * 1024 * 1024) }
|
||||
$2 == "TiB" { printf "%.f\n", ($1 * 1024 * 1024 * 1024 * 1024) }'
|
||||
}
|
||||
# FIXME: other system types (not linux ...)
|
||||
|
||||
bytes2kib() {
|
||||
awk '$0 > 0 { printf "%.f\n", ($0 / 1024) }'
|
||||
}
|
||||
os=$("$__explorer/os")
|
||||
case "$os" in
|
||||
"macosx")
|
||||
echo "$(sysctl -n hw.memsize)/1024" | bc
|
||||
;;
|
||||
|
||||
"openbsd")
|
||||
echo "$(sysctl -n hw.physmem) / 1048576" | bc
|
||||
;;
|
||||
|
||||
case $(uname -s)
|
||||
in
|
||||
(Darwin)
|
||||
sysctl -n hw.memsize | bytes2kib
|
||||
;;
|
||||
(FreeBSD)
|
||||
sysctl -n hw.realmem | bytes2kib
|
||||
;;
|
||||
(NetBSD|OpenBSD)
|
||||
# NOTE: This reports "usable" memory, not physically installed memory.
|
||||
command -p sysctl -n hw.physmem | bytes2kib
|
||||
;;
|
||||
(SunOS)
|
||||
# Make sure that awk from xpg4 is used for the scripts to work
|
||||
export PATH="/usr/xpg4/bin:${PATH}"
|
||||
prtconf \
|
||||
| awk -F ': ' '
|
||||
$1 == "Memory size" { sub(/Megabytes/, "MiB", $2); print $2 }
|
||||
/^$/ { exit }' \
|
||||
| str2bytes \
|
||||
| bytes2kib
|
||||
;;
|
||||
(Linux)
|
||||
if test -d /sys/devices/system/memory
|
||||
then
|
||||
# Use memory blocks if the architecture (e.g. x86, PPC64, s390)
|
||||
# supports them (they denote physical memory)
|
||||
num_mem_blocks=$(cat /sys/devices/system/memory/memory[0-9]*/state | grep -cxF online)
|
||||
mem_block_size=$(cat /sys/devices/system/memory/block_size_bytes)
|
||||
|
||||
echo $((num_mem_blocks * 0x$mem_block_size)) | bytes2kib && exit
|
||||
fi
|
||||
if test -r /proc/meminfo
|
||||
then
|
||||
# Fall back to meminfo file on other architectures (e.g. ARM, MIPS,
|
||||
# PowerPC)
|
||||
# NOTE: This is "usable" memory, not physically installed memory.
|
||||
awk -F ': +' '$1 == "MemTotal" { sub(/B$/, "iB", $2); print $2 }' /proc/meminfo \
|
||||
| str2bytes \
|
||||
| bytes2kib
|
||||
fi
|
||||
;;
|
||||
(*)
|
||||
printf "Your kernel (%s) is currently not supported by the memory explorer\n" "$(uname -s)" >&2
|
||||
printf "Please contribute an implementation for it if you can.\n" >&2
|
||||
exit 1
|
||||
;;
|
||||
*)
|
||||
if [ -r /proc/meminfo ]; then
|
||||
grep "MemTotal:" /proc/meminfo | awk '{print $2}'
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
|
|
@ -116,13 +116,6 @@ if [ -f /etc/slackware-version ]; then
|
|||
exit 0
|
||||
fi
|
||||
|
||||
# Appliances
|
||||
|
||||
if grep -q '^Check Point Gaia' /etc/cp-release 2>/dev/null; then
|
||||
echo checkpoint
|
||||
exit 0
|
||||
fi
|
||||
|
||||
uname_s="$(uname -s)"
|
||||
|
||||
# Assume there is no tr on the client -> do lower case ourselves
|
||||
|
@ -150,13 +143,6 @@ case "$uname_s" in
|
|||
esac
|
||||
|
||||
if [ -f /etc/os-release ]; then
|
||||
# after sles15, suse don't provide an /etc/SuSE-release anymore, but there is almost no difference between sles and opensuse leap, so call it suse
|
||||
# shellcheck disable=SC1091
|
||||
if (. /etc/os-release && echo "${ID_LIKE}" | grep -q '\(^\|\ \)suse\($\|\ \)')
|
||||
then
|
||||
echo suse
|
||||
exit 0
|
||||
fi
|
||||
# already lowercase, according to:
|
||||
# https://www.freedesktop.org/software/systemd/man/os-release.html
|
||||
awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release
|
||||
|
|
|
@ -34,9 +34,5 @@ elif test -f /var/run/os-release
|
|||
then
|
||||
# FreeBSD (created by os-release service)
|
||||
cat /var/run/os-release
|
||||
elif test -f /etc/cp-release
|
||||
then
|
||||
# Checkpoint firewall or management (actually linux based)
|
||||
cat /etc/cp-release
|
||||
fi
|
||||
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
#!/bin/sh -e
|
||||
#!/bin/sh
|
||||
#
|
||||
# 2010-2011 Nico Schottelius (nico-cdist at schottelius.org)
|
||||
# 2020-2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
|
@ -18,22 +17,12 @@
|
|||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
# All os variables are lower case
|
||||
#
|
||||
#
|
||||
|
||||
rc_getvar() {
|
||||
awk -F= -v varname="$2" '
|
||||
function unquote(s) {
|
||||
if (s ~ /^".*"$/ || s ~ /^'\''.*'\''$/)
|
||||
return substr(s, 2, length(s) - 2)
|
||||
else
|
||||
return s
|
||||
}
|
||||
$1 == varname { print unquote(substr($0, index($0, "=") + 1)) }' "$1"
|
||||
}
|
||||
|
||||
case $("${__explorer:?}/os")
|
||||
in
|
||||
case "$("$__explorer/os")" in
|
||||
amazon)
|
||||
cat /etc/system-release
|
||||
;;
|
||||
|
@ -41,58 +30,11 @@ in
|
|||
# empty, but well...
|
||||
cat /etc/arch-release
|
||||
;;
|
||||
checkpoint)
|
||||
awk '{version=$NF; printf("%s\n", substr(version, 2))}' /etc/cp-release
|
||||
;;
|
||||
debian)
|
||||
debian_version=$(cat /etc/debian_version)
|
||||
case $debian_version
|
||||
in
|
||||
testing/unstable)
|
||||
# previous to Debian 4.0 testing/unstable was used
|
||||
# cf. https://metadata.ftp-master.debian.org/changelogs/main/b/base-files/base-files_11_changelog
|
||||
echo 3.99
|
||||
;;
|
||||
*/sid)
|
||||
# sid versions don't have a number, so we decode by codename:
|
||||
case $(expr "$debian_version" : '\([a-z]\{1,\}\)/')
|
||||
in
|
||||
trixie) echo 12.99 ;;
|
||||
bookworm) echo 11.99 ;;
|
||||
bullseye) echo 10.99 ;;
|
||||
buster) echo 9.99 ;;
|
||||
stretch) echo 8.99 ;;
|
||||
jessie) echo 7.99 ;;
|
||||
wheezy) echo 6.99 ;;
|
||||
squeeze) echo 5.99 ;;
|
||||
lenny) echo 4.99 ;;
|
||||
*) echo 99.99 ;;
|
||||
esac
|
||||
;;
|
||||
*)
|
||||
echo "$debian_version"
|
||||
;;
|
||||
esac
|
||||
cat /etc/debian_version
|
||||
;;
|
||||
devuan)
|
||||
devuan_version=$(cat /etc/devuan_version)
|
||||
case ${devuan_version}
|
||||
in
|
||||
(*/ceres)
|
||||
# ceres versions don't have a number, so we decode by codename:
|
||||
case ${devuan_version}
|
||||
in
|
||||
(daedalus/ceres) echo 4.99 ;;
|
||||
(chimaera/ceres) echo 3.99 ;;
|
||||
(beowulf/ceres) echo 2.99 ;;
|
||||
(ascii/ceres) echo 1.99 ;;
|
||||
(*) exit 1
|
||||
esac
|
||||
;;
|
||||
(*)
|
||||
echo "${devuan_version}"
|
||||
;;
|
||||
esac
|
||||
cat /etc/devuan_version
|
||||
;;
|
||||
fedora)
|
||||
cat /etc/fedora-release
|
||||
|
@ -101,20 +43,7 @@ in
|
|||
cat /etc/gentoo-release
|
||||
;;
|
||||
macosx)
|
||||
# NOTE: Legacy versions (< 10.3) do not support options
|
||||
sw_vers | awk -F ':[ \t]+' '$1 == "ProductVersion" { print $2 }'
|
||||
;;
|
||||
freebsd)
|
||||
# Apparently uname -r is not a reliable way to get the patch level.
|
||||
# See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743
|
||||
if command -v freebsd-version >/dev/null 2>&1
|
||||
then
|
||||
# get userland version
|
||||
freebsd-version -u
|
||||
else
|
||||
# fallback to kernel release for FreeBSD < 10.0
|
||||
uname -r
|
||||
fi
|
||||
sw_vers -productVersion
|
||||
;;
|
||||
*bsd|solaris)
|
||||
uname -r
|
||||
|
@ -139,22 +68,9 @@ in
|
|||
fi
|
||||
;;
|
||||
ubuntu)
|
||||
if command -v lsb_release >/dev/null 2>&1
|
||||
then
|
||||
lsb_release -sr
|
||||
elif test -r /usr/lib/os-release
|
||||
then
|
||||
# fallback to /usr/lib/os-release if lsb_release is not present (like
|
||||
# on minimized Ubuntu installations)
|
||||
rc_getvar /usr/lib/os-release VERSION_ID
|
||||
elif test -r /etc/lsb-release
|
||||
then
|
||||
# extract DISTRIB_RELEASE= variable from /etc/lsb-release on old
|
||||
# versions without /usr/lib/os-release.
|
||||
rc_getvar /etc/lsb-release DISTRIB_RELEASE
|
||||
fi
|
||||
lsb_release -sr
|
||||
;;
|
||||
alpine)
|
||||
cat /etc/alpine-release
|
||||
;;
|
||||
esac
|
||||
esac
|
36
cdist/conf/type/__postgres_extension/explorer/state → cdist/conf/type/__acl/explorer/checks
Normal file → Executable file
36
cdist/conf/type/__postgres_extension/explorer/state → cdist/conf/type/__acl/explorer/checks
Normal file → Executable file
|
@ -1,7 +1,6 @@
|
|||
#!/bin/sh -e
|
||||
# -*- mode: sh; indent-tabs-mode: t -*-
|
||||
#
|
||||
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||
# 2019 Ander Punnar (ander-at-kvlt-dot-ee)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
|
@ -18,24 +17,23 @@
|
|||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# Prints "present" if the extension is currently installed.
|
||||
# "absent" otherwise.
|
||||
|
||||
quote() { printf '%s\n' "$*" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"; }
|
||||
# TODO check if filesystem has ACL turned on etc
|
||||
|
||||
postgres_user=$("${__type_explorer:?}/postgres_user")
|
||||
|
||||
IFS=: read -r dbname extname <<EOF
|
||||
${__object_id:?}
|
||||
EOF
|
||||
|
||||
psql_exec() {
|
||||
su - "${postgres_user}" -c "psql $(quote "$1") -twAc $(quote "$2")"
|
||||
}
|
||||
|
||||
if psql_exec "${dbname}" 'SELECT extname FROM pg_extension' | grep -qFx "${extname}"
|
||||
if [ -f "$__object/parameter/acl" ]
|
||||
then
|
||||
echo present
|
||||
else
|
||||
echo absent
|
||||
grep -E '^(default:)?(user|group):' "$__object/parameter/acl" \
|
||||
| while read -r acl
|
||||
do
|
||||
param="$( echo "$acl" | awk -F: '{print $(NF-2)}' )"
|
||||
check="$( echo "$acl" | awk -F: '{print $(NF-1)}' )"
|
||||
|
||||
[ "$param" = 'user' ] && db=passwd || db="$param"
|
||||
|
||||
if ! getent "$db" "$check" > /dev/null
|
||||
then
|
||||
echo "missing $param '$check'" >&2
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
fi
|
|
@ -1,4 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
getent passwd | awk -F: '{print "user:"$1}'
|
||||
getent group | awk -F: '{print "group:"$1}'
|
|
@ -22,8 +22,8 @@ file_is="$( cat "$__object/explorer/file_is" )"
|
|||
|
||||
if [ "$file_is" = 'missing' ] \
|
||||
&& [ -z "$__cdist_dry_run" ] \
|
||||
&& [ ! -f "$__object/parameter/file" ] \
|
||||
&& [ ! -f "$__object/parameter/directory" ]
|
||||
&& \( [ ! -f "$__object/parameter/file" ] \
|
||||
|| [ ! -f "$__object/parameter/directory" ] \)
|
||||
then
|
||||
exit 0
|
||||
fi
|
||||
|
@ -47,26 +47,28 @@ then
|
|||
elif [ -f "$__object/parameter/entry" ]
|
||||
then
|
||||
acl_should="$( cat "$__object/parameter/entry" )"
|
||||
elif [ -f "$__object/parameter/acl" ]
|
||||
then
|
||||
acl_should="$( cat "$__object/parameter/acl" )"
|
||||
elif
|
||||
[ -f "$__object/parameter/user" ] \
|
||||
|| [ -f "$__object/parameter/group" ] \
|
||||
|| [ -f "$__object/parameter/mask" ] \
|
||||
|| [ -f "$__object/parameter/other" ]
|
||||
then
|
||||
acl_should="$( for param in user group mask other
|
||||
do
|
||||
[ ! -f "$__object/parameter/$param" ] && continue
|
||||
|
||||
echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=:
|
||||
|
||||
echo "$param$sep$( cat "$__object/parameter/$param" )"
|
||||
done )"
|
||||
else
|
||||
echo 'no parameters set' >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# instead of setfacl's non-helpful message "Option -m: Invalid argument near character X"
|
||||
# let's check if target has necessary users and groups, since mistyped or missing
|
||||
# users/groups in target is most common reason.
|
||||
echo "$acl_should" \
|
||||
| grep -Po '(user|group):[^:]+' \
|
||||
| sort -u \
|
||||
| while read -r l
|
||||
do
|
||||
if ! grep "$l" -Fxq "$__object/explorer/getent"
|
||||
then
|
||||
echo "no $l' in target" | sed "s/:/ '/" >&2
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -f "$__object/parameter/default" ]
|
||||
then
|
||||
acl_should="$( echo "$acl_should" \
|
||||
|
|
|
@ -12,14 +12,11 @@ Fully supported and tested on Linux (ext4 filesystem), partial support for FreeB
|
|||
|
||||
See ``setfacl`` and ``acl`` manpages for more details.
|
||||
|
||||
One of ``--entry`` or ``--source`` must be used.
|
||||
|
||||
|
||||
OPTIONAL MULTIPLE PARAMETERS
|
||||
REQUIRED MULTIPLE PARAMETERS
|
||||
----------------------------
|
||||
entry
|
||||
Set ACL entry following ``getfacl`` output syntax.
|
||||
Must be used if ``--source`` is not used.
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
|
@ -28,7 +25,6 @@ source
|
|||
Read ACL entries from stdin or file.
|
||||
Ordering of entries is not important.
|
||||
When reading from file, comments and empty lines are ignored.
|
||||
Must be used if ``--entry`` is not used.
|
||||
|
||||
file
|
||||
Create/change file with ``__file`` using ``user:group:mode`` pattern.
|
||||
|
@ -52,6 +48,12 @@ remove
|
|||
``mask`` and ``other`` entries can't be removed, but only changed.
|
||||
|
||||
|
||||
DEPRECATED PARAMETERS
|
||||
---------------------
|
||||
Parameters ``acl``, ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
|
||||
will be removed in future versions. Please use ``entry`` parameter instead.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
|
|
1
cdist/conf/type/__acl/parameter/deprecated/acl
Normal file
1
cdist/conf/type/__acl/parameter/deprecated/acl
Normal file
|
@ -0,0 +1 @@
|
|||
see manual for details
|
1
cdist/conf/type/__acl/parameter/deprecated/group
Normal file
1
cdist/conf/type/__acl/parameter/deprecated/group
Normal file
|
@ -0,0 +1 @@
|
|||
see manual for details
|
1
cdist/conf/type/__acl/parameter/deprecated/mask
Normal file
1
cdist/conf/type/__acl/parameter/deprecated/mask
Normal file
|
@ -0,0 +1 @@
|
|||
see manual for details
|
1
cdist/conf/type/__acl/parameter/deprecated/other
Normal file
1
cdist/conf/type/__acl/parameter/deprecated/other
Normal file
|
@ -0,0 +1 @@
|
|||
see manual for details
|
1
cdist/conf/type/__acl/parameter/deprecated/user
Normal file
1
cdist/conf/type/__acl/parameter/deprecated/user
Normal file
|
@ -0,0 +1 @@
|
|||
see manual for details
|
|
@ -1,3 +1,5 @@
|
|||
mask
|
||||
other
|
||||
source
|
||||
file
|
||||
directory
|
||||
|
|
|
@ -1 +1,4 @@
|
|||
entry
|
||||
acl
|
||||
user
|
||||
group
|
||||
|
|
|
@ -1,104 +0,0 @@
|
|||
cdist-type__debian_backports(7)
|
||||
===============================
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__apt_backports - Install backports
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
This singleton type installs backports for the current OS release.
|
||||
It aborts if backports are not supported for the specified OS or
|
||||
no version codename could be fetched (like Debian unstable).
|
||||
|
||||
The package index will be automatically updated if required.
|
||||
|
||||
It supports backports from following OSes:
|
||||
|
||||
- Debian
|
||||
- Devuan
|
||||
- Ubuntu
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
None.
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
state
|
||||
Represents the state of the backports repository. ``present`` or
|
||||
``absent``, defaults to ``present``.
|
||||
|
||||
Will be directly passed to :strong:`cdist-type__apt_source`\ (7).
|
||||
|
||||
mirror
|
||||
The mirror to fetch the backports from. Will defaults to the generic
|
||||
mirror of the current OS.
|
||||
|
||||
Will be directly passed to :strong:`cdist-type__apt_source`\ (7).
|
||||
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
------------------
|
||||
None.
|
||||
|
||||
|
||||
MESSAGES
|
||||
--------
|
||||
None.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
.. code-block:: sh
|
||||
|
||||
# setup the backports
|
||||
__apt_backports
|
||||
__apt_backports --state absent
|
||||
__apt_backports --state present --mirror "http://ftp.de.debian.org/debian/"
|
||||
|
||||
# install a backports package
|
||||
# currently for the buster release backports
|
||||
require="__apt_backports" __package_apt wireguard \
|
||||
--target-release buster-backports
|
||||
|
||||
|
||||
ABORTS
|
||||
------
|
||||
Aborts if the detected os is not Debian.
|
||||
|
||||
Aborts if no distribuition codename could be detected. This is common for the
|
||||
unstable distribution, but there is no backports repository for it already.
|
||||
|
||||
|
||||
CAVEATS
|
||||
-------
|
||||
For Ubuntu, it setup all componenents for the backports repository: ``main``,
|
||||
``restricted``, ``universe`` and ``multiverse``. The user may not want to
|
||||
install proprietary packages, which will only be installed if the user
|
||||
explicitly uses the backports target-release. The user may change this behavior
|
||||
to install backports packages without the need of explicitly select it.
|
||||
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
`Official Debian Backports site <https://backports.debian.org/>`_
|
||||
|
||||
:strong:`cdist-type__apt_source`\ (7)
|
||||
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
Matthias Stecher <matthiasstecher at gmx.de>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2020 Matthias Stecher. You can redistribute it
|
||||
and/or modify it under the terms of the GNU General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
|
@ -1,82 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
# __apt_backports/manifest
|
||||
#
|
||||
# 2020 Matthias Stecher (matthiasstecher at gmx.de)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
# Enables/disables backports repository. Utilises __apt_source for it.
|
||||
#
|
||||
|
||||
|
||||
# Get the distribution codename by /etc/os-release.
|
||||
# is already executed in a subshell by string substitution
|
||||
# lsb_release may not be given in all installations
|
||||
codename_os_release() {
|
||||
# shellcheck disable=SC1090
|
||||
# shellcheck disable=SC1091
|
||||
. "$__global/explorer/os_release"
|
||||
printf "%s" "$VERSION_CODENAME"
|
||||
}
|
||||
|
||||
# detect backport distribution
|
||||
os="$(cat "$__global/explorer/os")"
|
||||
case "$os" in
|
||||
debian)
|
||||
dist="$( codename_os_release )"
|
||||
components="main"
|
||||
mirror="http://deb.debian.org/debian/"
|
||||
;;
|
||||
devuan)
|
||||
dist="$( codename_os_release )"
|
||||
components="main"
|
||||
mirror="http://deb.devuan.org/merged"
|
||||
;;
|
||||
ubuntu)
|
||||
dist="$( codename_os_release )"
|
||||
components="main restricted universe multiverse"
|
||||
mirror="http://archive.ubuntu.com/ubuntu"
|
||||
;;
|
||||
|
||||
*)
|
||||
printf "Backports for %s are not supported!\n" "$os" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
# error if no codename given (e.g. on Debian unstable)
|
||||
if [ -z "$dist" ]; then
|
||||
printf "No backports for unkown version of distribution %s!\n" "$os" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
# parameters
|
||||
state="$(cat "$__object/parameter/state")"
|
||||
|
||||
# mirror already set for the os, only override user-values
|
||||
if [ -f "$__object/parameter/mirror" ]; then
|
||||
mirror="$(cat "$__object/parameter/mirror")"
|
||||
fi
|
||||
|
||||
|
||||
# install the given backports repository
|
||||
__apt_source "${dist}-backports" \
|
||||
--state "$state" \
|
||||
--distribution "${dist}-backports" \
|
||||
--component "$components" \
|
||||
--uri "$mirror"
|
|
@ -1 +0,0 @@
|
|||
present
|
|
@ -1,2 +0,0 @@
|
|||
state
|
||||
mirror
|
|
@ -27,25 +27,18 @@ else
|
|||
keyid="$__object_id"
|
||||
fi
|
||||
|
||||
# From apt-key(8):
|
||||
# Use of apt-key is deprecated, except for the use of apt-key del in
|
||||
# maintainer scripts to remove existing keys from the main keyring.
|
||||
# If such usage of apt-key is desired the additional installation of
|
||||
# the GNU Privacy Guard suite (packaged in gnupg) is required.
|
||||
if [ -f "${__object}/parameter/use-deprecated-apt-key" ]; then
|
||||
if apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK"
|
||||
then echo present
|
||||
else echo absent
|
||||
fi
|
||||
exit
|
||||
fi
|
||||
|
||||
keydir="$(cat "$__object/parameter/keydir")"
|
||||
keyfile="$keydir/$__object_id.gpg"
|
||||
|
||||
if [ -f "$keyfile" ]
|
||||
if [ -d "$keydir" ]
|
||||
then
|
||||
echo present
|
||||
exit
|
||||
if [ -f "$keyfile" ]
|
||||
then echo present
|
||||
else echo absent
|
||||
fi
|
||||
else
|
||||
# fallback to deprecated apt-key
|
||||
apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK" \
|
||||
&& echo present \
|
||||
|| echo absent
|
||||
fi
|
||||
echo absent
|
||||
|
|
|
@ -25,7 +25,11 @@ else
|
|||
fi
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
state_is="$(cat "$__object/explorer/state")"
|
||||
method="$(cat "$__object/key_method")"
|
||||
|
||||
if [ "$state_should" = "$state_is" ]; then
|
||||
# nothing to do
|
||||
exit 0
|
||||
fi
|
||||
|
||||
keydir="$(cat "$__object/parameter/keydir")"
|
||||
keyfile="$keydir/$__object_id.gpg"
|
||||
|
@ -33,18 +37,30 @@ keyfile="$keydir/$__object_id.gpg"
|
|||
case "$state_should" in
|
||||
present)
|
||||
keyserver="$(cat "$__object/parameter/keyserver")"
|
||||
# Using __download or __file as key source
|
||||
# Propagate messages if needed
|
||||
if [ "${method}" = "uri" ] || [ "${method}" = "source" ]; then
|
||||
if grep -Eq "^__(file|download)$keyfile" "$__messages_in"; then
|
||||
echo "added '$keyid'" >> "$__messages_out"
|
||||
|
||||
if [ -f "$__object/parameter/uri" ]; then
|
||||
uri="$(cat "$__object/parameter/uri")"
|
||||
|
||||
if [ -d "$keydir" ]; then
|
||||
cat << EOF
|
||||
|
||||
curl -s -L \\
|
||||
-o "$keyfile" \\
|
||||
"$uri"
|
||||
|
||||
key="\$( cat "$keyfile" )"
|
||||
|
||||
if echo "\$key" | grep -Fq 'BEGIN PGP PUBLIC KEY BLOCK'
|
||||
then
|
||||
echo "\$key" | gpg --dearmor > "$keyfile"
|
||||
fi
|
||||
|
||||
EOF
|
||||
else
|
||||
# fallback to deprecated apt-key
|
||||
echo "curl -s -L '$uri' | apt-key add -"
|
||||
fi
|
||||
exit 0
|
||||
elif [ "${state_is}" = "present" ]; then
|
||||
exit 0
|
||||
fi
|
||||
# Using key servers to fetch the key
|
||||
if [ ! -f "$__object/parameter/use-deprecated-apt-key" ]; then
|
||||
elif [ -d "$keydir" ]; then
|
||||
# we need to kill gpg after 30 seconds, because gpg
|
||||
# can get stuck if keyserver is not responding.
|
||||
# exporting env var and not exit 1,
|
||||
|
@ -84,16 +100,13 @@ EOF
|
|||
echo "added '$keyid'" >> "$__messages_out"
|
||||
;;
|
||||
absent)
|
||||
# Removal for keys added from a keyserver without this flag
|
||||
# is done in the manifest
|
||||
if [ "$state_is" != "absent" ] && \
|
||||
[ -f "$__object/parameter/use-deprecated-apt-key" ]; then
|
||||
if [ -f "$keyfile" ]; then
|
||||
echo "rm '$keyfile'"
|
||||
else
|
||||
# fallback to deprecated apt-key
|
||||
echo "apt-key del \"$keyid\""
|
||||
echo "removed '$keyid'" >> "$__messages_out"
|
||||
# Propagate messages if needed
|
||||
elif grep -Eq "^__file$keyfile" "$__messages_in"; then
|
||||
echo "removed '$keyid'" >> "$__messages_out"
|
||||
fi
|
||||
|
||||
echo "removed '$keyid'" >> "$__messages_out"
|
||||
;;
|
||||
esac
|
||||
|
|
|
@ -10,14 +10,6 @@ DESCRIPTION
|
|||
-----------
|
||||
Manages the list of keys used by apt to authenticate packages.
|
||||
|
||||
This is done by placing the requested key in a file named
|
||||
``$__object_id.gpg`` in the ``keydir`` directory.
|
||||
|
||||
This is supported by modern releases of Debian-based distributions.
|
||||
|
||||
In order of preference, exactly one of: ``source``, ``uri`` or ``keyid``
|
||||
must be specified.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
|
@ -26,49 +18,21 @@ None.
|
|||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
keydir
|
||||
keyring directory, defaults to ``/etc/apt/trusted.pgp.d``, which is
|
||||
enabled system-wide by default.
|
||||
|
||||
source
|
||||
path to a file containing the GPG key of the repository.
|
||||
Using this is recommended as it ensures that the manifest/type manintainer
|
||||
has validated the key.
|
||||
If ``-``, the GPG key is read from the type's stdin.
|
||||
|
||||
state
|
||||
'present' or 'absent'. Defaults to 'present'
|
||||
|
||||
uri
|
||||
the URI from which to download the key.
|
||||
It is highly recommended that you only use protocols with TLS like HTTPS.
|
||||
This uses ``__download`` but does not use checksums, if you want to ensure
|
||||
that the key doesn't change, you are better off downloading it and using
|
||||
``--source``.
|
||||
|
||||
|
||||
DEPRECATED OPTIONAL PARAMETERS
|
||||
------------------------------
|
||||
keyid
|
||||
the id of the key to download from the ``keyserver``.
|
||||
This is to be used in absence of ``--source`` and ``--uri`` or together
|
||||
with ``--use-deprecated-apt-key`` for key removal.
|
||||
Defaults to ``$__object_id``.
|
||||
the id of the key to add. Defaults to __object_id
|
||||
|
||||
keyserver
|
||||
the keyserver from which to fetch the key.
|
||||
Defaults to ``pool.sks-keyservers.net``.
|
||||
the keyserver from which to fetch the key. If omitted the default set
|
||||
in ./parameter/default/keyserver is used.
|
||||
|
||||
keydir
|
||||
key save location, defaults to ``/etc/apt/trusted.pgp.d``
|
||||
|
||||
DEPRECATED BOOLEAN PARAMETERS
|
||||
-----------------------------
|
||||
use-deprecated-apt-key
|
||||
``apt-key(8)`` will last be available in Debian 11 and Ubuntu 22.04.
|
||||
You can use this parameter to force usage of ``apt-key(8)``.
|
||||
Please only use this parameter to *remove* keys from the keyring,
|
||||
in order to prepare for removal of ``apt-key``.
|
||||
Adding keys should be done without this parameter.
|
||||
This parameter will be removed when Debian 11 stops being supported.
|
||||
uri
|
||||
the URI from which to download the key
|
||||
|
||||
|
||||
EXAMPLES
|
||||
|
@ -76,39 +40,33 @@ EXAMPLES
|
|||
|
||||
.. code-block:: sh
|
||||
|
||||
# add a key that has been verified by a type maintainer
|
||||
__apt_key jitsi_meet_2021 \
|
||||
--source cdist-contrib/type/__jitsi_meet/files/apt_2021.gpg
|
||||
# Add Ubuntu Archive Automatic Signing Key
|
||||
__apt_key 437D05B5
|
||||
# Same thing
|
||||
__apt_key 437D05B5 --state present
|
||||
# Get rid of it
|
||||
__apt_key 437D05B5 --state absent
|
||||
|
||||
# remove an old, deprecated or expired key
|
||||
__apt_key jitsi_meet_2016 --state absent
|
||||
# same thing with human readable name and explicit keyid
|
||||
__apt_key UbuntuArchiveKey --keyid 437D05B5
|
||||
|
||||
# Get rid of a key that might have been added to
|
||||
# /etc/apt/trusted.gpg with apt-key
|
||||
__apt_key 0x40976EAF437D05B5 --use-deprecated-apt-key --state absent
|
||||
# same thing with other keyserver
|
||||
__apt_key UbuntuArchiveKey --keyid 437D05B5 --keyserver keyserver.ubuntu.com
|
||||
|
||||
# add a key that we define in-line
|
||||
__apt_key jitsi_meet_2021 --source '-' <<EOF
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
[...]
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
EOF
|
||||
|
||||
# download or update key from the internet
|
||||
__apt_key rabbitmq_2007 \
|
||||
--uri https://www.rabbitmq.com/rabbitmq-signing-key-public.asc
|
||||
# download key from the internet
|
||||
__apt_key rabbitmq \
|
||||
--uri http://www.rabbitmq.com/rabbitmq-signing-key-public.asc
|
||||
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
Steven Armstrong <steven-cdist--@--armstrong.cc>
|
||||
Ander Punnar <ander-at-kvlt-dot-ee>
|
||||
Evilham <contact~~@~~evilham.com>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2011-2021 Steven Armstrong, Ander Punnar and Evilham. You can
|
||||
Copyright \(C) 2011-2019 Steven Armstrong and Ander Punnar. You can
|
||||
redistribute it and/or modify it under the terms of the GNU General Public
|
||||
License as published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
||||
|
|
|
@ -2,105 +2,7 @@
|
|||
|
||||
__package gnupg
|
||||
|
||||
state_should="$(cat "${__object}/parameter/state")"
|
||||
|
||||
incompatible_args()
|
||||
{
|
||||
cat >> /dev/stderr <<-EOF
|
||||
This type does not support --${1} and --${method} simultaneously.
|
||||
EOF
|
||||
exit 1
|
||||
}
|
||||
|
||||
if [ -f "${__object}/parameter/source" ]; then
|
||||
method="source"
|
||||
src="$(cat "${__object}/parameter/source")"
|
||||
if [ "${src}" = "-" ]; then
|
||||
src="${__object}/stdin"
|
||||
fi
|
||||
fi
|
||||
if [ -f "${__object}/parameter/uri" ]; then
|
||||
if [ -n "${method}" ]; then
|
||||
incompatible_args uri
|
||||
fi
|
||||
method="uri"
|
||||
src="$(cat "${__object}/parameter/uri")"
|
||||
fi
|
||||
if [ -f "${__object}/parameter/keyid" ]; then
|
||||
if [ -n "${method}" ]; then
|
||||
incompatible_args keyid
|
||||
fi
|
||||
method="keyid"
|
||||
fi
|
||||
# Keep old default
|
||||
if [ -z "${method}" ]; then
|
||||
method="keyid"
|
||||
fi
|
||||
# Save this for later in gencode-remote
|
||||
echo "${method}" > "${__object}/key_method"
|
||||
|
||||
# Required remotely (most likely already installed)
|
||||
__package dirmngr
|
||||
# We need this in case a key has to be dearmor'd
|
||||
__package gnupg
|
||||
export require="__package/gnupg"
|
||||
|
||||
if [ -f "${__object}/parameter/use-deprecated-apt-key" ]; then
|
||||
# This is required if apt-key(8) is to be used
|
||||
if [ "${method}" = "source" ] || [ "${method}" = "uri" ]; then
|
||||
incompatible_args use-deprecated-apt-key
|
||||
fi
|
||||
else
|
||||
if [ "${state_should}" = "absent" ] && \
|
||||
[ -f "${__object}/parameter/keyid" ]; then
|
||||
cat >> /dev/stderr <<EOF
|
||||
You can't reliably remove by keyid without --use-deprecated-apt-key.
|
||||
This would very likely do something you do not intend.
|
||||
EOF
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
keydir="$(cat "${__object}/parameter/keydir")"
|
||||
keyfile="${keydir}/${__object_id}.gpg"
|
||||
keyfilecdist="${keyfile}.cdist"
|
||||
if [ "${state_should}" != "absent" ]; then
|
||||
# Ensure keydir exists
|
||||
__directory "${keydir}" --state exists --mode 0755
|
||||
fi
|
||||
|
||||
if [ "${state_should}" = "absent" ]; then
|
||||
__file "${keyfile}" --state "absent"
|
||||
__file "${keyfilecdist}" --state "absent"
|
||||
elif [ "${method}" = "source" ] || [ "${method}" = "uri" ]; then
|
||||
dearmor="$(cat <<-EOF
|
||||
if [ '${state_should}' = 'present' ]; then
|
||||
# Dearmor if necessary
|
||||
if grep -Fq 'BEGIN PGP PUBLIC KEY BLOCK' '${keyfilecdist}'; then
|
||||
gpg --dearmor < '${keyfilecdist}' > '${keyfile}'
|
||||
else
|
||||
cp '${keyfilecdist}' '${keyfile}'
|
||||
fi
|
||||
# Ensure permissions
|
||||
chown root '${keyfile}'
|
||||
chmod 0444 '${keyfile}'
|
||||
fi
|
||||
EOF
|
||||
)"
|
||||
|
||||
if [ "${method}" = "uri" ]; then
|
||||
__download "${keyfilecdist}" \
|
||||
--url "${src}" \
|
||||
--onchange "${dearmor}"
|
||||
require="__download${keyfilecdist}" \
|
||||
__file "${keyfile}" \
|
||||
--owner root \
|
||||
--mode 0444 \
|
||||
--state pre-exists
|
||||
else
|
||||
__file "${keyfilecdist}" --state "${state_should}" \
|
||||
--mode 0444 \
|
||||
--source "${src}" \
|
||||
--onchange "${dearmor}"
|
||||
fi
|
||||
if [ -f "$__object/parameter/uri" ]
|
||||
then __package curl
|
||||
else __package dirmngr
|
||||
fi
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
use-deprecated-apt-key
|
|
@ -1,3 +0,0 @@
|
|||
apt-key(8) will last be available in Debian 11 and Ubuntu 22.04.
|
||||
Use this flag *only* to migrate to placing a keyring directly in the
|
||||
/etc/apt/trusted.gpg.d/ directory with a descriptive name.
|
|
@ -1,6 +1,5 @@
|
|||
keydir
|
||||
state
|
||||
keyid
|
||||
keyserver
|
||||
source
|
||||
state
|
||||
keydir
|
||||
uri
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
Please migrate to using __apt_key key_id --uri URI.
|
|
@ -24,4 +24,4 @@ else
|
|||
name="$__object_id"
|
||||
fi
|
||||
|
||||
apt-mark showhold | grep -q "^${name}$" && echo hold || echo unhold
|
||||
apt-mark showhold | grep -Fq "$name" && echo hold || echo unhold
|
||||
|
|
|
@ -32,12 +32,11 @@ EXAMPLES
|
|||
AUTHORS
|
||||
-------
|
||||
Steven Armstrong <steven-cdist--@--armstrong.cc>
|
||||
Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2014 Steven Armstrong, 2020 Dennis Camera.
|
||||
You can redistribute it and/or modify it under the terms of the GNU General
|
||||
Public License as published by the Free Software Foundation, either version 3 of
|
||||
the License, or (at your option) any later version.
|
||||
Copyright \(C) 2014 Steven Armstrong. You can redistribute it
|
||||
and/or modify it under the terms of the GNU General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
|
||||
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
|
@ -20,28 +19,26 @@
|
|||
#
|
||||
|
||||
|
||||
os=$(cat "${__global:?}/explorer/os")
|
||||
os=$(cat "$__global/explorer/os")
|
||||
|
||||
case ${os}
|
||||
in
|
||||
(ubuntu|debian|devuan)
|
||||
__file /etc/apt/apt.conf.d/00InstallRecommends --state present \
|
||||
--owner root --group root --mode 0644 --source - <<-'EOF'
|
||||
APT::Install-Recommends "false";
|
||||
APT::Install-Suggests "false";
|
||||
APT::AutoRemove::RecommendsImportant "false";
|
||||
APT::AutoRemove::SuggestsImportant "false";
|
||||
EOF
|
||||
|
||||
# TODO: Remove the following object after some time
|
||||
require=__file/etc/apt/apt.conf.d/00InstallRecommends \
|
||||
__file /etc/apt/apt.conf.d/99-no-recommends --state absent
|
||||
;;
|
||||
(*)
|
||||
cat >&2 <<EOF
|
||||
case "$os" in
|
||||
ubuntu|debian|devuan)
|
||||
# No stinking recommends thank you very much.
|
||||
# If I want something installed I will do so myself.
|
||||
__file /etc/apt/apt.conf.d/99-no-recommends \
|
||||
--owner root --group root --mode 644 \
|
||||
--source - << DONE
|
||||
APT::Install-Recommends "0";
|
||||
APT::Install-Suggests "0";
|
||||
APT::AutoRemove::RecommendsImportant "0";
|
||||
APT::AutoRemove::SuggestsImportant "0";
|
||||
DONE
|
||||
;;
|
||||
*)
|
||||
cat >&2 << DONE
|
||||
The developer of this type (${__type##*/}) did not think your operating system
|
||||
($os) would have any use for it. If you think otherwise please submit a patch.
|
||||
EOF
|
||||
exit 1
|
||||
;;
|
||||
DONE
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
|
|
@ -1,79 +0,0 @@
|
|||
cdist-type__apt_pin(7)
|
||||
======================
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__apt_pin - Manage apt pinning rules
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
Adds/removes/edits rules to pin some packages to a specific distribution. Useful if using multiple debian repositories at the same time. (Useful, if one wants to use a few specific packages from backports or perhaps Debain testing... or even sid.)
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
distribution
|
||||
Specifies what distribution the package should be pinned to. Accepts both codenames (buster/bullseye/sid) and suite names (stable/testing/...).
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
package
|
||||
Package name, glob or regular expression to match (multiple) packages. If not specified `__object_id` is used.
|
||||
|
||||
priority
|
||||
The priority value to assign to matching packages. Defaults to 500. (To match the default target distro's priority)
|
||||
|
||||
state
|
||||
Will be passed to underlying `__file` type; see there for valid values and defaults.
|
||||
|
||||
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
------------------
|
||||
None.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
.. code-block:: sh
|
||||
|
||||
# Add the bullseye repo to buster, but do not install any packages by default,
|
||||
# only if explicitely asked for (-1 means "never" for apt)
|
||||
__apt_pin bullseye-default \
|
||||
--package "*" \
|
||||
--distribution bullseye \
|
||||
--priority -1
|
||||
|
||||
require="__apt_pin/bullseye-default" __apt_source bullseye \
|
||||
--uri http://deb.debian.org/debian/ \
|
||||
--distribution bullseye \
|
||||
--component main
|
||||
|
||||
__apt_pin foo --package "foo foo-*" --distribution bullseye
|
||||
|
||||
__foo # Assuming, this installs the `foo` package internally
|
||||
|
||||
__package foo-plugin-extras # Assuming we also need some extra stuff
|
||||
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
:strong:`apt_preferences`\ (5)
|
||||
:strong:`cdist-type__apt_source`\ (7)
|
||||
:strong:`cdist-type__apt_backports`\ (7)
|
||||
:strong:`cdist-type__file`\ (7)
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
Daniel Fancsali <fancsali@gmail.com>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2021 Daniel Fancsali. You can redistribute it
|
||||
and/or modify it under the terms of the GNU General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
|
@ -1,68 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2021 Daniel Fancsali (fancsali@gmail.com)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
|
||||
name="$__object_id"
|
||||
|
||||
os=$(cat "$__global/explorer/os")
|
||||
state="$(cat "$__object/parameter/state")"
|
||||
|
||||
if [ -f "$__object/parameter/package" ]; then
|
||||
package="$(cat "$__object/parameter/package")"
|
||||
else
|
||||
package=$name
|
||||
fi
|
||||
|
||||
distribution="$(cat "$__object/parameter/distribution")"
|
||||
priority="$(cat "$__object/parameter/priority")"
|
||||
|
||||
|
||||
case "$os" in
|
||||
debian|ubuntu|devuan)
|
||||
;;
|
||||
*)
|
||||
printf "This type is specific to Debian and it's derivatives" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
case $distribution in
|
||||
stable|testing|unstable|experimental)
|
||||
pin="release a=$distribution"
|
||||
;;
|
||||
*)
|
||||
pin="release n=$distribution"
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
__file "/etc/apt/preferences.d/$name" \
|
||||
--owner root --group root --mode 0644 \
|
||||
--state "$state" \
|
||||
--source - << EOF
|
||||
# Created by cdist ${__type##*/}
|
||||
# Do not change. Changes will be overwritten.
|
||||
#
|
||||
|
||||
# $name
|
||||
Package: $package
|
||||
Pin: $pin
|
||||
Pin-Priority: $priority
|
||||
EOF
|
|
@ -1 +0,0 @@
|
|||
500
|
|
@ -1 +0,0 @@
|
|||
present
|
|
@ -1,3 +0,0 @@
|
|||
state
|
||||
package
|
||||
priority
|
|
@ -1 +0,0 @@
|
|||
distribution
|
55
cdist/conf/type/__apt_ppa/files/remove-apt-repository
Executable file
55
cdist/conf/type/__apt_ppa/files/remove-apt-repository
Executable file
|
@ -0,0 +1,55 @@
|
|||
#!/usr/bin/env python
|
||||
#
|
||||
# Remove the given apt repository.
|
||||
#
|
||||
# Exit with:
|
||||
# 0: if it worked
|
||||
# 1: if not
|
||||
# 2: on other error
|
||||
|
||||
import os
|
||||
import sys
|
||||
from aptsources import distro, sourceslist
|
||||
from softwareproperties import ppa
|
||||
from softwareproperties.SoftwareProperties import SoftwareProperties
|
||||
|
||||
|
||||
def remove_if_empty(file_name):
|
||||
with open(file_name, 'r') as f:
|
||||
if f.read().strip():
|
||||
return
|
||||
os.unlink(file_name)
|
||||
|
||||
def remove_repository(repository):
|
||||
#print 'repository:', repository
|
||||
codename = distro.get_distro().codename
|
||||
#print 'codename:', codename
|
||||
(line, file) = ppa.expand_ppa_line(repository.strip(), codename)
|
||||
#print 'line:', line
|
||||
#print 'file:', file
|
||||
deb_source_entry = sourceslist.SourceEntry(line, file)
|
||||
src_source_entry = sourceslist.SourceEntry('deb-src{}'.format(line[3:]), file)
|
||||
|
||||
try:
|
||||
sp = SoftwareProperties()
|
||||
sp.remove_source(deb_source_entry)
|
||||
try:
|
||||
# If there's a deb-src entry, remove that too
|
||||
sp.remove_source(src_source_entry)
|
||||
except:
|
||||
pass
|
||||
remove_if_empty(file)
|
||||
return True
|
||||
except ValueError:
|
||||
print >> sys.stderr, "Error: '%s' doesn't exists in a sourcelist file" % line
|
||||
return False
|
||||
|
||||
if __name__ == '__main__':
|
||||
if (len(sys.argv) != 2):
|
||||
print >> sys.stderr, 'Error: need a repository as argument'
|
||||
sys.exit(2)
|
||||
repository = sys.argv[1]
|
||||
if remove_repository(repository):
|
||||
sys.exit(0)
|
||||
else:
|
||||
sys.exit(1)
|
|
@ -29,9 +29,9 @@ fi
|
|||
|
||||
case "$state_should" in
|
||||
present)
|
||||
echo "add-apt-repository -y '$name'"
|
||||
echo "add-apt-repository '$name'"
|
||||
;;
|
||||
absent)
|
||||
echo "add-apt-repository -r -y '$name'"
|
||||
echo "remove-apt-repository '$name'"
|
||||
;;
|
||||
esac
|
||||
|
|
|
@ -20,4 +20,9 @@
|
|||
|
||||
__package software-properties-common
|
||||
|
||||
require="__package/software-properties-common" \
|
||||
__file /usr/local/bin/remove-apt-repository \
|
||||
--source "$__type/files/remove-apt-repository" \
|
||||
--mode 0755
|
||||
|
||||
require="$__object_name" __apt_update_index
|
||||
|
|
|
@ -2,14 +2,13 @@
|
|||
set -u
|
||||
|
||||
entry="$uri $distribution $component"
|
||||
|
||||
cat << DONE
|
||||
# Created by cdist ${__type##*/}
|
||||
# Do not change. Changes will be overwritten.
|
||||
#
|
||||
|
||||
# $name
|
||||
deb ${options} $entry
|
||||
deb ${forcedarch} $entry
|
||||
DONE
|
||||
if [ -f "$__object/parameter/include-src" ]; then
|
||||
echo "deb-src $entry"
|
||||
|
|
|
@ -22,21 +22,7 @@
|
|||
name="$__object_id"
|
||||
destination="/etc/apt/sources.list.d/${name}.list"
|
||||
|
||||
# There are special arguments to apt(8) to prevent aborts if apt woudn't been
|
||||
# updated after the 19th April 2021 till the bullseye release. The additional
|
||||
# arguments acknoledge the happend suite change (the apt(8) update does the
|
||||
# same by itself).
|
||||
#
|
||||
# Using '-o $config' instead of the --allow-releaseinfo-change-* parameter
|
||||
# allows backward compatablility to pre-buster Debian versions.
|
||||
#
|
||||
# See more: ticket #861
|
||||
# https://code.ungleich.ch/ungleich-public/cdist/-/issues/861
|
||||
apt_opts="-o Acquire::AllowReleaseInfoChange::Suite=true -o Acquire::AllowReleaseInfoChange::Version=true"
|
||||
|
||||
# run 'apt-get update' only if something changed with our sources.list file
|
||||
# it will be run a second time on error as a redundancy messure to success
|
||||
if grep -q "^__file${destination}" "$__messages_in"; then
|
||||
printf 'apt-get %s update || apt-get %s update\n' "$apt_opts" "$apt_opts"
|
||||
printf 'apt-get update || apt-get update\n'
|
||||
fi
|
||||
|
||||
|
|
|
@ -23,9 +23,6 @@ OPTIONAL PARAMETERS
|
|||
arch
|
||||
set this if you need to force and specific arch (ubuntu specific)
|
||||
|
||||
signed-by
|
||||
provide a GPG key fingerprint or keyring path for signature checks
|
||||
|
||||
state
|
||||
'present' or 'absent', defaults to 'present'
|
||||
|
||||
|
@ -59,11 +56,6 @@ EXAMPLES
|
|||
--uri http://archive.canonical.com/ \
|
||||
--component partner --state present
|
||||
|
||||
__apt_source goaccess \
|
||||
--uri http://deb.goaccess.io/ \
|
||||
--component main \
|
||||
--signed-by C03B48887D5E56B046715D3297BD1A0133449C3D
|
||||
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
|
|
|
@ -21,7 +21,6 @@
|
|||
name="$__object_id"
|
||||
state="$(cat "$__object/parameter/state")"
|
||||
uri="$(cat "$__object/parameter/uri")"
|
||||
options=""
|
||||
|
||||
if [ -f "$__object/parameter/distribution" ]; then
|
||||
distribution="$(cat "$__object/parameter/distribution")"
|
||||
|
@ -32,15 +31,9 @@ fi
|
|||
component="$(cat "$__object/parameter/component")"
|
||||
|
||||
if [ -f "$__object/parameter/arch" ]; then
|
||||
options="arch=$(cat "$__object/parameter/arch")"
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/signed-by" ]; then
|
||||
options="$options signed-by=$(cat "$__object/parameter/signed-by")"
|
||||
fi
|
||||
|
||||
if [ "$options" ]; then
|
||||
options="[$options]"
|
||||
forcedarch="[arch=$(cat "$__object/parameter/arch")]"
|
||||
else
|
||||
forcedarch=""
|
||||
fi
|
||||
|
||||
# export variables for use in template
|
||||
|
@ -48,7 +41,7 @@ export name
|
|||
export uri
|
||||
export distribution
|
||||
export component
|
||||
export options
|
||||
export forcedarch
|
||||
|
||||
# generate file from template
|
||||
mkdir "$__object/files"
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
state
|
||||
distribution
|
||||
component
|
||||
arch
|
||||
signed-by
|
||||
arch
|
|
@ -18,23 +18,9 @@
|
|||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
|
||||
# There are special arguments to apt(8) to prevent aborts if apt woudn't been
|
||||
# updated after the 19th April 2021 till the bullseye release. The additional
|
||||
# arguments acknoledge the happend suite change (the apt(8) update does the
|
||||
# same by itself).
|
||||
#
|
||||
# Using '-o $config' instead of the --allow-releaseinfo-change-* parameter
|
||||
# allows backward compatablility to pre-buster Debian versions.
|
||||
#
|
||||
# See more: ticket #861
|
||||
# https://code.ungleich.ch/ungleich-public/cdist/-/issues/861
|
||||
apt_opts="-o Acquire::AllowReleaseInfoChange::Suite=true -o Acquire::AllowReleaseInfoChange::Version=true"
|
||||
|
||||
# run 'apt-get update' if anything in /etc/apt is newer then /var/lib/apt/lists
|
||||
# it will be run a second time on error as a redundancy messure to success
|
||||
cat << DONE
|
||||
if find /etc/apt -mindepth 1 -cnewer /var/lib/apt/lists | grep . > /dev/null; then
|
||||
apt-get $apt_opts update || apt-get $apt_opts update
|
||||
apt-get update || apt-get update
|
||||
fi
|
||||
DONE
|
||||
|
|
|
@ -46,29 +46,28 @@ fi
|
|||
|
||||
remove_block() {
|
||||
cat << DONE
|
||||
tmpfile=\$(mktemp ${quoted_file}.cdist.XXXXXXXXXX)
|
||||
tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
|
||||
# preserve ownership and permissions of existing file
|
||||
if [ -f $quoted_file ]; then
|
||||
cp -p $quoted_file "\$tmpfile"
|
||||
if [ -f "$file" ]; then
|
||||
cp -p "$file" "\$tmpfile"
|
||||
fi
|
||||
awk -v prefix=$(quote "$prefix") -v suffix=$(quote "$suffix") '
|
||||
awk -v prefix=^$(quote "$prefix")\$ -v suffix=^$(quote "$suffix")\$ '
|
||||
{
|
||||
if (\$0 == prefix) {
|
||||
if (match(\$0,prefix)) {
|
||||
triggered=1
|
||||
}
|
||||
if (triggered) {
|
||||
if (\$0 == suffix) {
|
||||
if (match(\$0,suffix)) {
|
||||
triggered=0
|
||||
}
|
||||
} else {
|
||||
print
|
||||
}
|
||||
}' $quoted_file > "\$tmpfile"
|
||||
mv -f "\$tmpfile" $quoted_file
|
||||
}' "$file" > "\$tmpfile"
|
||||
mv -f "\$tmpfile" "$file"
|
||||
DONE
|
||||
}
|
||||
|
||||
quoted_file="$(quote "$file")"
|
||||
case "$state_should" in
|
||||
present)
|
||||
if [ "$state_is" = "changed" ]; then
|
||||
|
@ -78,7 +77,7 @@ case "$state_should" in
|
|||
echo add >> "$__messages_out"
|
||||
fi
|
||||
cat << DONE
|
||||
cat >> $quoted_file << '${__type##*/}_DONE'
|
||||
cat >> "$file" << ${__type##*/}_DONE
|
||||
$(cat "$block")
|
||||
${__type##*/}_DONE
|
||||
DONE
|
||||
|
|
|
@ -37,7 +37,6 @@ source="$(cat "$__object/parameter/source")"
|
|||
# out of it
|
||||
home=/home/$username
|
||||
|
||||
# shellcheck disable=SC2086
|
||||
__user "$username" --home "$home" $shell
|
||||
|
||||
require="__user/$username" __directory "$home" \
|
||||
|
|
|
@ -18,12 +18,7 @@
|
|||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
if [ -f "$__object/parameter/path" ]
|
||||
then
|
||||
path="$( cat "$__object/parameter/path" )"
|
||||
else
|
||||
path="/$__object_id"
|
||||
fi
|
||||
path="/$__object_id"
|
||||
|
||||
[ ! -d "$path" ] && exit 0
|
||||
|
||||
|
|
|
@ -20,12 +20,7 @@
|
|||
|
||||
[ ! -s "$__object/explorer/list" ] && exit 0
|
||||
|
||||
if [ -f "$__object/parameter/path" ]
|
||||
then
|
||||
path="$( cat "$__object/parameter/path" )"
|
||||
else
|
||||
path="/$__object_id"
|
||||
fi
|
||||
path="/$__object_id"
|
||||
|
||||
pattern="$( cat "$__object/parameter/pattern" )"
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ DESCRIPTION
|
|||
-----------
|
||||
Remove files and directories which match the pattern.
|
||||
|
||||
Provided path must be a directory.
|
||||
Provided path (as __object_id) must be a directory.
|
||||
|
||||
Patterns are passed to ``find``'s ``-regex`` - see ``find(1)`` for more details.
|
||||
|
||||
|
@ -29,9 +29,6 @@ pattern
|
|||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
path
|
||||
Path which will be cleaned. Defaults to ``$__object_id``.
|
||||
|
||||
exclude
|
||||
Pattern of files which are excluded from removal.
|
||||
|
||||
|
@ -49,11 +46,6 @@ EXAMPLES
|
|||
--exclude '.+\(charset\.conf\|security\.conf\)' \
|
||||
--onchange 'service apache2 restart'
|
||||
|
||||
__clean_path apache2-conf-enabled \
|
||||
--path /etc/apache2/conf-enabled \
|
||||
--pattern '.+' \
|
||||
--exclude '.+\(charset\.conf\|security\.conf\)' \
|
||||
--onchange 'service apache2 restart'
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
|
|
|
@ -1,3 +1,2 @@
|
|||
exclude
|
||||
onchange
|
||||
path
|
||||
|
|
744
cdist/conf/type/__coturn/files/turnserver.conf.sh
Executable file
744
cdist/conf/type/__coturn/files/turnserver.conf.sh
Executable file
|
@ -0,0 +1,744 @@
|
|||
#!/bin/sh
|
||||
|
||||
generate_use_auth_secret () {
|
||||
if [ $USE_AUTH_SECRET ]; then
|
||||
echo 'use-auth-secret'
|
||||
else
|
||||
echo '#use-auth-secret'
|
||||
fi
|
||||
}
|
||||
|
||||
generate_static_auth_secret () {
|
||||
if [ "$STATIC_AUTH_SECRET" $! "" ]; then
|
||||
echo "static-auth-secret=$STATIC_AUTH_SECRET"
|
||||
else
|
||||
echo "#static-auth-secret=north"
|
||||
fi
|
||||
}
|
||||
|
||||
generate_realm () {
|
||||
if [ "$REALM" != "" ]; then
|
||||
echo "realm=$REALM"
|
||||
else
|
||||
echo "#realm=mycompany.org"
|
||||
fi
|
||||
}
|
||||
|
||||
generate_no_tcp_relay () {
|
||||
if [ $NO_TCP_RELAY ]; then
|
||||
echo 'no-tcp-releay'
|
||||
else
|
||||
echo '#no-tcp-relay'
|
||||
fi
|
||||
}
|
||||
|
||||
cat << EOF
|
||||
# Coturn TURN SERVER configuration file
|
||||
#
|
||||
# Boolean values note: where boolean value is supposed to be used,
|
||||
# you can use '0', 'off', 'no', 'false', 'f' as 'false,
|
||||
# and you can use '1', 'on', 'yes', 'true', 't' as 'true'
|
||||
# If the value is missed, then it means 'true'.
|
||||
#
|
||||
|
||||
# Listener interface device (optional, Linux only).
|
||||
# NOT RECOMMENDED.
|
||||
#
|
||||
#listening-device=eth0
|
||||
|
||||
# TURN listener port for UDP and TCP (Default: 3478).
|
||||
# Note: actually, TLS & DTLS sessions can connect to the
|
||||
# "plain" TCP & UDP port(s), too - if allowed by configuration.
|
||||
#
|
||||
#listening-port=3478
|
||||
|
||||
# TURN listener port for TLS (Default: 5349).
|
||||
# Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS
|
||||
# port(s), too - if allowed by configuration. The TURN server
|
||||
# "automatically" recognizes the type of traffic. Actually, two listening
|
||||
# endpoints (the "plain" one and the "tls" one) are equivalent in terms of
|
||||
# functionality; but we keep both endpoints to satisfy the RFC 5766 specs.
|
||||
# For secure TCP connections, we currently support SSL version 3 and
|
||||
# TLS version 1.0, 1.1 and 1.2.
|
||||
# For secure UDP connections, we support DTLS version 1.
|
||||
#
|
||||
#tls-listening-port=5349
|
||||
|
||||
# Alternative listening port for UDP and TCP listeners;
|
||||
# default (or zero) value means "listening port plus one".
|
||||
# This is needed for RFC 5780 support
|
||||
# (STUN extension specs, NAT behavior discovery). The TURN Server
|
||||
# supports RFC 5780 only if it is started with more than one
|
||||
# listening IP address of the same family (IPv4 or IPv6).
|
||||
# RFC 5780 is supported only by UDP protocol, other protocols
|
||||
# are listening to that endpoint only for "symmetry".
|
||||
#
|
||||
#alt-listening-port=0
|
||||
|
||||
# Alternative listening port for TLS and DTLS protocols.
|
||||
# Default (or zero) value means "TLS listening port plus one".
|
||||
#
|
||||
#alt-tls-listening-port=0
|
||||
|
||||
# Listener IP address of relay server. Multiple listeners can be specified.
|
||||
# If no IP(s) specified in the config file or in the command line options,
|
||||
# then all IPv4 and IPv6 system IPs will be used for listening.
|
||||
#
|
||||
#listening-ip=172.17.19.101
|
||||
#listening-ip=10.207.21.238
|
||||
#listening-ip=2607:f0d0:1002:51::4
|
||||
|
||||
# Auxiliary STUN/TURN server listening endpoint.
|
||||
# Aux servers have almost full TURN and STUN functionality.
|
||||
# The (minor) limitations are:
|
||||
#
|
||||
# 1) Auxiliary servers do not have alternative ports and
|
||||
# they do not support STUN RFC 5780 functionality (CHANGE REQUEST).
|
||||
#
|
||||
# 2) Auxiliary servers also are never returning ALTERNATIVE-SERVER reply.
|
||||
#
|
||||
# Valid formats are 1.2.3.4:5555 for IPv4 and [1:2::3:4]:5555 for IPv6.
|
||||
#
|
||||
# There may be multiple aux-server options, each will be used for listening
|
||||
# to client requests.
|
||||
#
|
||||
#aux-server=172.17.19.110:33478
|
||||
#aux-server=[2607:f0d0:1002:51::4]:33478
|
||||
|
||||
# (recommended for older Linuxes only)
|
||||
# Automatically balance UDP traffic over auxiliary servers (if configured).
|
||||
# The load balancing is using the ALTERNATE-SERVER mechanism.
|
||||
# The TURN client must support 300 ALTERNATE-SERVER response for this
|
||||
# functionality.
|
||||
#
|
||||
#udp-self-balance
|
||||
|
||||
# Relay interface device for relay sockets (optional, Linux only).
|
||||
# NOT RECOMMENDED.
|
||||
#
|
||||
#relay-device=eth1
|
||||
|
||||
# Relay address (the local IP address that will be used to relay the
|
||||
# packets to the peer).
|
||||
# Multiple relay addresses may be used.
|
||||
# The same IP(s) can be used as both listening IP(s) and relay IP(s).
|
||||
#
|
||||
# If no relay IP(s) specified, then the turnserver will apply the default
|
||||
# policy: it will decide itself which relay addresses to be used, and it
|
||||
# will always be using the client socket IP address as the relay IP address
|
||||
# of the TURN session (if the requested relay address family is the same
|
||||
# as the family of the client socket).
|
||||
#
|
||||
#relay-ip=172.17.19.105
|
||||
#relay-ip=2607:f0d0:1002:51::5
|
||||
|
||||
# For Amazon EC2 users:
|
||||
#
|
||||
# TURN Server public/private address mapping, if the server is behind NAT.
|
||||
# In that situation, if a -X is used in form "-X <ip>" then that ip will be reported
|
||||
# as relay IP address of all allocations. This scenario works only in a simple case
|
||||
# when one single relay address is be used, and no RFC5780 functionality is required.
|
||||
# That single relay address must be mapped by NAT to the 'external' IP.
|
||||
# The "external-ip" value, if not empty, is returned in XOR-RELAYED-ADDRESS field.
|
||||
# For that 'external' IP, NAT must forward ports directly (relayed port 12345
|
||||
# must be always mapped to the same 'external' port 12345).
|
||||
#
|
||||
# In more complex case when more than one IP address is involved,
|
||||
# that option must be used several times, each entry must
|
||||
# have form "-X <public-ip/private-ip>", to map all involved addresses.
|
||||
# RFC5780 NAT discovery STUN functionality will work correctly,
|
||||
# if the addresses are mapped properly, even when the TURN server itself
|
||||
# is behind A NAT.
|
||||
#
|
||||
# By default, this value is empty, and no address mapping is used.
|
||||
#
|
||||
#external-ip=60.70.80.91
|
||||
#
|
||||
#OR:
|
||||
#
|
||||
#external-ip=60.70.80.91/172.17.19.101
|
||||
#external-ip=60.70.80.92/172.17.19.102
|
||||
|
||||
|
||||
# Number of the relay threads to handle the established connections
|
||||
# (in addition to authentication thread and the listener thread).
|
||||
# If explicitly set to 0 then application runs relay process in a
|
||||
# single thread, in the same thread with the listener process
|
||||
# (the authentication thread will still be a separate thread).
|
||||
#
|
||||
# If this parameter is not set, then the default OS-dependent
|
||||
# thread pattern algorithm will be employed. Usually the default
|
||||
# algorithm is the most optimal, so you have to change this option
|
||||
# only if you want to make some fine tweaks.
|
||||
#
|
||||
# In the older systems (Linux kernel before 3.9),
|
||||
# the number of UDP threads is always one thread per network listening
|
||||
# endpoint - including the auxiliary endpoints - unless 0 (zero) or
|
||||
# 1 (one) value is set.
|
||||
#
|
||||
#relay-threads=0
|
||||
|
||||
# Lower and upper bounds of the UDP relay endpoints:
|
||||
# (default values are 49152 and 65535)
|
||||
#
|
||||
#min-port=49152
|
||||
#max-port=65535
|
||||
|
||||
# Uncomment to run TURN server in 'normal' 'moderate' verbose mode.
|
||||
# By default the verbose mode is off.
|
||||
#verbose
|
||||
|
||||
# Uncomment to run TURN server in 'extra' verbose mode.
|
||||
# This mode is very annoying and produces lots of output.
|
||||
# Not recommended under any normal circumstances.
|
||||
#
|
||||
#Verbose
|
||||
|
||||
# Uncomment to use fingerprints in the TURN messages.
|
||||
# By default the fingerprints are off.
|
||||
#
|
||||
#fingerprint
|
||||
|
||||
# Uncomment to use long-term credential mechanism.
|
||||
# By default no credentials mechanism is used (any user allowed).
|
||||
#
|
||||
#lt-cred-mech
|
||||
|
||||
# This option is opposite to lt-cred-mech.
|
||||
# (TURN Server with no-auth option allows anonymous access).
|
||||
# If neither option is defined, and no users are defined,
|
||||
# then no-auth is default. If at least one user is defined,
|
||||
# in this file or in command line or in usersdb file, then
|
||||
# lt-cred-mech is default.
|
||||
#
|
||||
#no-auth
|
||||
|
||||
# TURN REST API flag.
|
||||
# (Time Limited Long Term Credential)
|
||||
# Flag that sets a special authorization option that is based upon authentication secret.
|
||||
#
|
||||
# This feature's purpose is to support "TURN Server REST API", see
|
||||
# "TURN REST API" link in the project's page
|
||||
# https://github.com/coturn/coturn/
|
||||
#
|
||||
# This option is used with timestamp:
|
||||
#
|
||||
# usercombo -> "timestamp:userid"
|
||||
# turn user -> usercombo
|
||||
# turn password -> base64(hmac(secret key, usercombo))
|
||||
#
|
||||
# This allows TURN credentials to be accounted for a specific user id.
|
||||
# If you don't have a suitable id, the timestamp alone can be used.
|
||||
# This option is just turning on secret-based authentication.
|
||||
# The actual value of the secret is defined either by option static-auth-secret,
|
||||
# or can be found in the turn_secret table in the database (see below).
|
||||
#
|
||||
# Read more about it:
|
||||
# - https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00
|
||||
# - https://www.ietf.org/proceedings/87/slides/slides-87-behave-10.pdf
|
||||
#
|
||||
# Be aware that use-auth-secret overrides some part of lt-cred-mech.
|
||||
# Notice that this feature depends internally on lt-cred-mech, so if you set
|
||||
# use-auth-secret then it enables internally automatically lt-cred-mech option
|
||||
# like if you enable both.
|
||||
#
|
||||
# You can use only one of the to auth mechanisms in the same time because,
|
||||
# both mechanism use the username and password validation in different way.
|
||||
#
|
||||
# This way be aware that you can't use both auth mechnaism in the same time!
|
||||
# Use in config either the lt-cred-mech or the use-auth-secret
|
||||
# to avoid any confusion.
|
||||
#
|
||||
$(generate_use_auth_secret)
|
||||
|
||||
# 'Static' authentication secret value (a string) for TURN REST API only.
|
||||
# If not set, then the turn server
|
||||
# will try to use the 'dynamic' value in turn_secret table
|
||||
# in user database (if present). The database-stored value can be changed on-the-fly
|
||||
# by a separate program, so this is why that other mode is 'dynamic'.
|
||||
#
|
||||
$(generate_static_auth_secret)
|
||||
|
||||
# Server name used for
|
||||
# the oAuth authentication purposes.
|
||||
# The default value is the realm name.
|
||||
#
|
||||
#server-name=blackdow.carleon.gov
|
||||
|
||||
# Flag that allows oAuth authentication.
|
||||
#
|
||||
#oauth
|
||||
|
||||
# 'Static' user accounts for long term credentials mechanism, only.
|
||||
# This option cannot be used with TURN REST API.
|
||||
# 'Static' user accounts are NOT dynamically checked by the turnserver process,
|
||||
# so that they can NOT be changed while the turnserver is running.
|
||||
#
|
||||
#user=username1:key1
|
||||
#user=username2:key2
|
||||
# OR:
|
||||
#user=username1:password1
|
||||
#user=username2:password2
|
||||
#
|
||||
# Keys must be generated by turnadmin utility. The key value depends
|
||||
# on user name, realm, and password:
|
||||
#
|
||||
# Example:
|
||||
# $ turnadmin -k -u ninefingers -r north.gov -p youhavetoberealistic
|
||||
# Output: 0xbc807ee29df3c9ffa736523fb2c4e8ee
|
||||
# ('0x' in the beginning of the key is what differentiates the key from
|
||||
# password. If it has 0x then it is a key, otherwise it is a password).
|
||||
#
|
||||
# The corresponding user account entry in the config file will be:
|
||||
#
|
||||
#user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee
|
||||
# Or, equivalently, with open clear password (less secure):
|
||||
#user=ninefingers:youhavetoberealistic
|
||||
#
|
||||
|
||||
# SQLite database file name.
|
||||
#
|
||||
# Default file name is /var/db/turndb or /usr/local/var/db/turndb or
|
||||
# /var/lib/turn/turndb.
|
||||
#
|
||||
#userdb=/var/db/turndb
|
||||
|
||||
# PostgreSQL database connection string in the case that we are using PostgreSQL
|
||||
# as the user database.
|
||||
# This database can be used for long-term credential mechanism
|
||||
# and it can store the secret value for secret-based timed authentication in TURN RESP API.
|
||||
# See http://www.postgresql.org/docs/8.4/static/libpq-connect.html for 8.x PostgreSQL
|
||||
# versions connection string format, see
|
||||
# http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING
|
||||
# for 9.x and newer connection string formats.
|
||||
#
|
||||
#psql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> connect_timeout=30"
|
||||
|
||||
# MySQL database connection string in the case that we are using MySQL
|
||||
# as the user database.
|
||||
# This database can be used for long-term credential mechanism
|
||||
# and it can store the secret value for secret-based timed authentication in TURN RESP API.
|
||||
#
|
||||
# Optional connection string parameters for the secure communications (SSL):
|
||||
# ca, capath, cert, key, cipher
|
||||
# (see http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html for the
|
||||
# command options description).
|
||||
#
|
||||
# Use string format as below (space separated parameters, all optional):
|
||||
#
|
||||
#mysql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> port=<port> connect_timeout=<seconds> read_timeout=<seconds>"
|
||||
|
||||
# If you want to use in the MySQL connection string the password in encrypted format,
|
||||
# then set in this option the MySQL password encryption secret key file.
|
||||
#
|
||||
# Warning: If this option is set, then mysql password must be set in "mysql-userdb" in encrypted format!
|
||||
# If you want to use cleartext password then do not set this option!
|
||||
#
|
||||
# This is the file path which contain secret key of aes encryption while using password encryption.
|
||||
#
|
||||
#secret-key-file=/path/
|
||||
|
||||
# MongoDB database connection string in the case that we are using MongoDB
|
||||
# as the user database.
|
||||
# This database can be used for long-term credential mechanism
|
||||
# and it can store the secret value for secret-based timed authentication in TURN RESP API.
|
||||
# Use string format is described at http://hergert.me/docs/mongo-c-driver/mongoc_uri.html
|
||||
#
|
||||
#mongo-userdb="mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]"
|
||||
|
||||
# Redis database connection string in the case that we are using Redis
|
||||
# as the user database.
|
||||
# This database can be used for long-term credential mechanism
|
||||
# and it can store the secret value for secret-based timed authentication in TURN RESP API.
|
||||
# Use string format as below (space separated parameters, all optional):
|
||||
#
|
||||
#redis-userdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
|
||||
|
||||
# Redis status and statistics database connection string, if used (default - empty, no Redis stats DB used).
|
||||
# This database keeps allocations status information, and it can be also used for publishing
|
||||
# and delivering traffic and allocation event notifications.
|
||||
# The connection string has the same parameters as redis-userdb connection string.
|
||||
# Use string format as below (space separated parameters, all optional):
|
||||
#
|
||||
#redis-statsdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
|
||||
|
||||
# The default realm to be used for the users when no explicit
|
||||
# origin/realm relationship was found in the database, or if the TURN
|
||||
# server is not using any database (just the commands-line settings
|
||||
# and the userdb file). Must be used with long-term credentials
|
||||
# mechanism or with TURN REST API.
|
||||
#
|
||||
# Note: If default realm is not specified at all, then realm falls back to the host domain name.
|
||||
# If domain name is empty string, or '(None)', then it is initialized to am empty string.
|
||||
#
|
||||
$(generate_realm)
|
||||
|
||||
# The flag that sets the origin consistency
|
||||
# check: across the session, all requests must have the same
|
||||
# main ORIGIN attribute value (if the ORIGIN was
|
||||
# initially used by the session).
|
||||
#
|
||||
#check-origin-consistency
|
||||
|
||||
# Per-user allocation quota.
|
||||
# default value is 0 (no quota, unlimited number of sessions per user).
|
||||
# This option can also be set through the database, for a particular realm.
|
||||
#
|
||||
#user-quota=0
|
||||
|
||||
# Total allocation quota.
|
||||
# default value is 0 (no quota).
|
||||
# This option can also be set through the database, for a particular realm.
|
||||
#
|
||||
#total-quota=0
|
||||
|
||||
# Max bytes-per-second bandwidth a TURN session is allowed to handle
|
||||
# (input and output network streams are treated separately). Anything above
|
||||
# that limit will be dropped or temporary suppressed (within
|
||||
# the available buffer limits).
|
||||
# This option can also be set through the database, for a particular realm.
|
||||
#
|
||||
#max-bps=0
|
||||
|
||||
#
|
||||
# Maximum server capacity.
|
||||
# Total bytes-per-second bandwidth the TURN server is allowed to allocate
|
||||
# for the sessions, combined (input and output network streams are treated separately).
|
||||
#
|
||||
# bps-capacity=0
|
||||
|
||||
# Uncomment if no UDP client listener is desired.
|
||||
# By default UDP client listener is always started.
|
||||
#
|
||||
#no-udp
|
||||
|
||||
# Uncomment if no TCP client listener is desired.
|
||||
# By default TCP client listener is always started.
|
||||
#
|
||||
#no-tcp
|
||||
|
||||
# Uncomment if no TLS client listener is desired.
|
||||
# By default TLS client listener is always started.
|
||||
#
|
||||
#no-tls
|
||||
|
||||
# Uncomment if no DTLS client listener is desired.
|
||||
# By default DTLS client listener is always started.
|
||||
#
|
||||
#no-dtls
|
||||
|
||||
# Uncomment if no UDP relay endpoints are allowed.
|
||||
# By default UDP relay endpoints are enabled (like in RFC 5766).
|
||||
#
|
||||
#no-udp-relay
|
||||
|
||||
# Uncomment if no TCP relay endpoints are allowed.
|
||||
# By default TCP relay endpoints are enabled (like in RFC 6062).
|
||||
#
|
||||
$(generate_no_tcp_relay)
|
||||
|
||||
# Uncomment if extra security is desired,
|
||||
# with nonce value having limited lifetime.
|
||||
# By default, the nonce value is unique for a session,
|
||||
# and has unlimited lifetime.
|
||||
# Set this option to limit the nonce lifetime.
|
||||
# It defaults to 600 secs (10 min) if no value is provided. After that delay,
|
||||
# the client will get 438 error and will have to re-authenticate itself.
|
||||
#
|
||||
#stale-nonce=600
|
||||
|
||||
# Uncomment if you want to set the maximum allocation
|
||||
# time before it has to be refreshed.
|
||||
# Default is 3600s.
|
||||
#
|
||||
#max-allocate-lifetime=3600
|
||||
|
||||
|
||||
# Uncomment to set the lifetime for the channel.
|
||||
# Default value is 600 secs (10 minutes).
|
||||
# This value MUST not be changed for production purposes.
|
||||
#
|
||||
#channel-lifetime=600
|
||||
|
||||
# Uncomment to set the permission lifetime.
|
||||
# Default to 300 secs (5 minutes).
|
||||
# In production this value MUST not be changed,
|
||||
# however it can be useful for test purposes.
|
||||
#
|
||||
#permission-lifetime=300
|
||||
|
||||
# Certificate file.
|
||||
# Use an absolute path or path relative to the
|
||||
# configuration file.
|
||||
#
|
||||
#cert=/usr/local/etc/turn_server_cert.pem
|
||||
|
||||
# Private key file.
|
||||
# Use an absolute path or path relative to the
|
||||
# configuration file.
|
||||
# Use PEM file format.
|
||||
#
|
||||
#pkey=/usr/local/etc/turn_server_pkey.pem
|
||||
|
||||
# Private key file password, if it is in encoded format.
|
||||
# This option has no default value.
|
||||
#
|
||||
#pkey-pwd=...
|
||||
|
||||
# Allowed OpenSSL cipher list for TLS/DTLS connections.
|
||||
# Default value is "DEFAULT".
|
||||
#
|
||||
#cipher-list="DEFAULT"
|
||||
|
||||
# CA file in OpenSSL format.
|
||||
# Forces TURN server to verify the client SSL certificates.
|
||||
# By default it is not set: there is no default value and the client
|
||||
# certificate is not checked.
|
||||
#
|
||||
# Example:
|
||||
#CA-file=/etc/ssh/id_rsa.cert
|
||||
|
||||
# Curve name for EC ciphers, if supported by OpenSSL
|
||||
# library (TLS and DTLS). The default value is prime256v1,
|
||||
# if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+,
|
||||
# an optimal curve will be automatically calculated, if not defined
|
||||
# by this option.
|
||||
#
|
||||
#ec-curve-name=prime256v1
|
||||
|
||||
# Use 566 bits predefined DH TLS key. Default size of the key is 1066.
|
||||
#
|
||||
#dh566
|
||||
|
||||
# Use 2066 bits predefined DH TLS key. Default size of the key is 1066.
|
||||
#
|
||||
#dh2066
|
||||
|
||||
# Use custom DH TLS key, stored in PEM format in the file.
|
||||
# Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.
|
||||
#
|
||||
#dh-file=<DH-PEM-file-name>
|
||||
|
||||
# Flag to prevent stdout log messages.
|
||||
# By default, all log messages are going to both stdout and to
|
||||
# the configured log file. With this option everything will be
|
||||
# going to the configured log only (unless the log file itself is stdout).
|
||||
#
|
||||
#no-stdout-log
|
||||
|
||||
# Option to set the log file name.
|
||||
# By default, the turnserver tries to open a log file in
|
||||
# /var/log, /var/tmp, /tmp and current directories directories
|
||||
# (which open operation succeeds first that file will be used).
|
||||
# With this option you can set the definite log file name.
|
||||
# The special names are "stdout" and "-" - they will force everything
|
||||
# to the stdout. Also, the "syslog" name will force everything to
|
||||
# the system log (syslog).
|
||||
# In the runtime, the logfile can be reset with the SIGHUP signal
|
||||
# to the turnserver process.
|
||||
#
|
||||
#log-file=/var/tmp/turn.log
|
||||
|
||||
# Option to redirect all log output into system log (syslog).
|
||||
#
|
||||
syslog
|
||||
|
||||
# This flag means that no log file rollover will be used, and the log file
|
||||
# name will be constructed as-is, without PID and date appendage.
|
||||
# This option can be used, for example, together with the logrotate tool.
|
||||
#
|
||||
#simple-log
|
||||
|
||||
# Option to set the "redirection" mode. The value of this option
|
||||
# will be the address of the alternate server for UDP & TCP service in form of
|
||||
# <ip>[:<port>]. The server will send this value in the attribute
|
||||
# ALTERNATE-SERVER, with error 300, on ALLOCATE request, to the client.
|
||||
# Client will receive only values with the same address family
|
||||
# as the client network endpoint address family.
|
||||
# See RFC 5389 and RFC 5766 for ALTERNATE-SERVER functionality description.
|
||||
# The client must use the obtained value for subsequent TURN communications.
|
||||
# If more than one --alternate-server options are provided, then the functionality
|
||||
# can be more accurately described as "load-balancing" than a mere "redirection".
|
||||
# If the port number is omitted, then the default port
|
||||
# number 3478 for the UDP/TCP protocols will be used.
|
||||
# Colon (:) characters in IPv6 addresses may conflict with the syntax of
|
||||
# the option. To alleviate this conflict, literal IPv6 addresses are enclosed
|
||||
# in square brackets in such resource identifiers, for example:
|
||||
# [2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478 .
|
||||
# Multiple alternate servers can be set. They will be used in the
|
||||
# round-robin manner. All servers in the pool are considered of equal weight and
|
||||
# the load will be distributed equally. For example, if we have 4 alternate servers,
|
||||
# then each server will receive 25% of ALLOCATE requests. A alternate TURN server
|
||||
# address can be used more than one time with the alternate-server option, so this
|
||||
# can emulate "weighting" of the servers.
|
||||
#
|
||||
# Examples:
|
||||
#alternate-server=1.2.3.4:5678
|
||||
#alternate-server=11.22.33.44:56789
|
||||
#alternate-server=5.6.7.8
|
||||
#alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478
|
||||
|
||||
# Option to set alternative server for TLS & DTLS services in form of
|
||||
# <ip>:<port>. If the port number is omitted, then the default port
|
||||
# number 5349 for the TLS/DTLS protocols will be used. See the previous
|
||||
# option for the functionality description.
|
||||
#
|
||||
# Examples:
|
||||
#tls-alternate-server=1.2.3.4:5678
|
||||
#tls-alternate-server=11.22.33.44:56789
|
||||
#tls-alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478
|
||||
|
||||
# Option to suppress TURN functionality, only STUN requests will be processed.
|
||||
# Run as STUN server only, all TURN requests will be ignored.
|
||||
# By default, this option is NOT set.
|
||||
#
|
||||
#stun-only
|
||||
|
||||
# Option to suppress STUN functionality, only TURN requests will be processed.
|
||||
# Run as TURN server only, all STUN requests will be ignored.
|
||||
# By default, this option is NOT set.
|
||||
#
|
||||
#no-stun
|
||||
|
||||
# This is the timestamp/username separator symbol (character) in TURN REST API.
|
||||
# The default value is ':'.
|
||||
# rest-api-separator=:
|
||||
|
||||
# Flag that can be used to allow peers on the loopback addresses (127.x.x.x and ::1).
|
||||
# This is an extra security measure.
|
||||
#
|
||||
# (To avoid any security issue that allowing loopback access may raise,
|
||||
# the no-loopback-peers option is replaced by allow-loopback-peers.)
|
||||
#
|
||||
# Allow it only for testing in a development environment!
|
||||
# In production it adds a possible security vulnerability, so for security reasons
|
||||
# it is not allowed using it together with empty cli-password.
|
||||
#
|
||||
#allow-loopback-peers
|
||||
|
||||
# Flag that can be used to disallow peers on well-known broadcast addresses (224.0.0.0 and above, and FFXX:*).
|
||||
# This is an extra security measure.
|
||||
#
|
||||
#no-multicast-peers
|
||||
|
||||
# Option to set the max time, in seconds, allowed for full allocation establishment.
|
||||
# Default is 60 seconds.
|
||||
#
|
||||
#max-allocate-timeout=60
|
||||
|
||||
# Option to allow or ban specific ip addresses or ranges of ip addresses.
|
||||
# If an ip address is specified as both allowed and denied, then the ip address is
|
||||
# considered to be allowed. This is useful when you wish to ban a range of ip
|
||||
# addresses, except for a few specific ips within that range.
|
||||
#
|
||||
# This can be used when you do not want users of the turn server to be able to access
|
||||
# machines reachable by the turn server, but would otherwise be unreachable from the
|
||||
# internet (e.g. when the turn server is sitting behind a NAT)
|
||||
#
|
||||
# Examples:
|
||||
# denied-peer-ip=83.166.64.0-83.166.95.255
|
||||
# allowed-peer-ip=83.166.68.45
|
||||
|
||||
# File name to store the pid of the process.
|
||||
# Default is /var/run/turnserver.pid (if superuser account is used) or
|
||||
# /var/tmp/turnserver.pid .
|
||||
#
|
||||
#pidfile="/var/run/turnserver.pid"
|
||||
|
||||
# Require authentication of the STUN Binding request.
|
||||
# By default, the clients are allowed anonymous access to the STUN Binding functionality.
|
||||
#
|
||||
#secure-stun
|
||||
|
||||
# Mobility with ICE (MICE) specs support.
|
||||
#
|
||||
#mobility
|
||||
|
||||
# Allocate Address Family according
|
||||
# If enabled then TURN server allocates address family according the TURN
|
||||
# Client <=> Server communication address family.
|
||||
# (By default coTURN works according RFC 6156.)
|
||||
# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
|
||||
#
|
||||
#keep-address-family
|
||||
|
||||
|
||||
# User name to run the process. After the initialization, the turnserver process
|
||||
# will make an attempt to change the current user ID to that user.
|
||||
#
|
||||
#proc-user=<user-name>
|
||||
|
||||
# Group name to run the process. After the initialization, the turnserver process
|
||||
# will make an attempt to change the current group ID to that group.
|
||||
#
|
||||
#proc-group=<group-name>
|
||||
|
||||
# Turn OFF the CLI support.
|
||||
# By default it is always ON.
|
||||
# See also options cli-ip and cli-port.
|
||||
#
|
||||
#no-cli
|
||||
|
||||
#Local system IP address to be used for CLI server endpoint. Default value
|
||||
# is 127.0.0.1.
|
||||
#
|
||||
#cli-ip=127.0.0.1
|
||||
|
||||
# CLI server port. Default is 5766.
|
||||
#
|
||||
#cli-port=5766
|
||||
|
||||
# CLI access password. Default is empty (no password).
|
||||
# For the security reasons, it is recommended to use the encrypted
|
||||
# for of the password (see the -P command in the turnadmin utility).
|
||||
#
|
||||
# Secure form for password 'qwerty':
|
||||
#
|
||||
#cli-password=$5$79a316b350311570$81df9cfb9af7f5e5a76eada31e7097b663a0670f99a3c07ded3f1c8e59c5658a
|
||||
#
|
||||
# Or unsecure form for the same password:
|
||||
#
|
||||
#cli-password=qwerty
|
||||
|
||||
# Enable Web-admin support on https. By default it is Disabled.
|
||||
# If it is enabled it also enables a http a simple static banner page
|
||||
# with a small reminder that the admin page is available only on https.
|
||||
#
|
||||
#web-admin
|
||||
|
||||
# Local system IP address to be used for Web-admin server endpoint. Default value is 127.0.0.1.
|
||||
#
|
||||
#web-admin-ip=127.0.0.1
|
||||
|
||||
# Web-admin server port. Default is 8080.
|
||||
#
|
||||
#web-admin-port=8080
|
||||
|
||||
# Web-admin server listen on STUN/TURN worker threads
|
||||
# By default it is disabled for security resons! (Not recommended in any production environment!)
|
||||
#
|
||||
#web-admin-listen-on-workers
|
||||
|
||||
# Server relay. NON-STANDARD AND DANGEROUS OPTION.
|
||||
# Only for those applications when we want to run
|
||||
# server applications on the relay endpoints.
|
||||
# This option eliminates the IP permissions check on
|
||||
# the packets incoming to the relay endpoints.
|
||||
#
|
||||
#server-relay
|
||||
|
||||
# Maximum number of output sessions in ps CLI command.
|
||||
# This value can be changed on-the-fly in CLI. The default value is 256.
|
||||
#
|
||||
#cli-max-output-sessions
|
||||
|
||||
# Set network engine type for the process (for internal purposes).
|
||||
#
|
||||
#ne=[1|2|3]
|
||||
|
||||
# Do not allow an TLS/DTLS version of protocol
|
||||
#
|
||||
#no-tlsv1
|
||||
#no-tlsv1_1
|
||||
#no-tlsv1_2
|
||||
EOF
|
61
cdist/conf/type/__coturn/man.rst
Normal file
61
cdist/conf/type/__coturn/man.rst
Normal file
|
@ -0,0 +1,61 @@
|
|||
cdist-type__coturn(7)
|
||||
=====================
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__coturn - Install and configure a coturn TURN server
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
This (singleton) type install and configure a coturn TURN
|
||||
server.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
None.
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
static_auth_secret
|
||||
Secret used to access the TURN REST API.
|
||||
|
||||
realm
|
||||
Defailt realm.
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
------------------
|
||||
use_auth_secret
|
||||
Allows TURN credentials to be accounted for a specific user id.
|
||||
|
||||
no_tcp_relay
|
||||
Disable TCP relay endpoints.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
.. code-block:: sh
|
||||
|
||||
__coturn \
|
||||
--realm turn.domain.tld \
|
||||
--no_tcp_relay
|
||||
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
- `coturn Github repository <https://github.com/coturn/coturn>`_
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
Timothée Floure <timothee.floure@ungleich.ch>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2020 Timothée Floure. You can redistribute it
|
||||
and/or modify it under the terms of the GNU General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
52
cdist/conf/type/__coturn/manifest
Executable file
52
cdist/conf/type/__coturn/manifest
Executable file
|
@ -0,0 +1,52 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2020 Timothée Floure (timothee.floure@ungleich.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
__package coturn
|
||||
|
||||
# Optional parameters.
|
||||
if [ -f "$__object/parameter/use_auth_secret" ]; then
|
||||
export USE_AUTH_SECRET=1
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/static_auth_secret" ]; then
|
||||
export STATIC_AUTH_SECRET=$(cat "$__object/parameter/static_auth_secret")
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/realm" ]; then
|
||||
export REALM=$(cat "$__object/parameter/realm")
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/no_tcp_relay" ]; then
|
||||
export NO_TCP_RELAY=$(cat "$__object/parameter/no_tcp_relay")
|
||||
fi
|
||||
|
||||
# Hardcoded.
|
||||
coturn_config='/etc/turnserver.conf'
|
||||
|
||||
# Generate and deploy configuration file.
|
||||
mkdir -p "$__object/files"
|
||||
"$__type/files/turnserver.conf.sh" > "$__object/files/turnserver.conf"
|
||||
|
||||
__file $coturn_config \
|
||||
--source "$__object/files/turnserver.conf" \
|
||||
--state present
|
||||
|
||||
# Restart coturn server.
|
||||
require="__file/$coturn_config" __service coturn --action restart
|
2
cdist/conf/type/__coturn/parameter/boolean
Normal file
2
cdist/conf/type/__coturn/parameter/boolean
Normal file
|
@ -0,0 +1,2 @@
|
|||
use_auth_secret
|
||||
no_tcp_relay
|
2
cdist/conf/type/__coturn/parameter/optional
Normal file
2
cdist/conf/type/__coturn/parameter/optional
Normal file
|
@ -0,0 +1,2 @@
|
|||
static_auth_secret
|
||||
realm
|
|
@ -21,11 +21,6 @@ command
|
|||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
**NOTE**: All time-related parameters (``--minute``, ``--hour``, ``--day_of_month``
|
||||
``--month`` and ``--day_of_week``) defaults to ``*``, which means to execute it
|
||||
**always**. If you set ``--hour 0`` to execute the cronjob only at midnight, it
|
||||
will execute **every** minute in the first hour of the morning all days.
|
||||
|
||||
state
|
||||
Either present or absent. Defaults to present.
|
||||
minute
|
||||
|
|
|
@ -1,142 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# Determine current debconf selections' state.
|
||||
# Prints one of:
|
||||
# present: all selections are already set as they should.
|
||||
# different: one or more of the selections have a different value.
|
||||
# absent: one or more of the selections are not (currently) defined.
|
||||
#
|
||||
|
||||
test -x /usr/bin/perl || {
|
||||
# cannot find perl (no perl ~ no debconf)
|
||||
echo 'absent'
|
||||
exit 0
|
||||
}
|
||||
|
||||
linesfile="${__object:?}/parameter/line"
|
||||
test -s "${linesfile}" || {
|
||||
if test -s "${__object:?}/parameter/file"
|
||||
then
|
||||
echo absent
|
||||
else
|
||||
echo present
|
||||
fi
|
||||
exit 0
|
||||
}
|
||||
|
||||
# assert __type_explorer is set (because it is used by the Perl script)
|
||||
: "${__type_explorer:?}"
|
||||
|
||||
/usr/bin/perl -- - "${linesfile}" <<'EOF'
|
||||
use strict;
|
||||
use warnings "all";
|
||||
|
||||
use Fcntl qw(:DEFAULT :flock);
|
||||
|
||||
use Debconf::Db;
|
||||
use Debconf::Question;
|
||||
|
||||
# Extract @known... arrays from debconf-set-selections
|
||||
# These values are required to distinguish flags and values in the given lines.
|
||||
# DC: I couldn't think of a more ugly solution to the problem…
|
||||
my @knownflags;
|
||||
my @knowntypes;
|
||||
my $debconf_set_selections = '/usr/bin/debconf-set-selections';
|
||||
if (-e $debconf_set_selections) {
|
||||
my $sed_known = 's/^my \(@known\(flags\|types\) = qw([a-z ]*);\).*$/\1/p';
|
||||
eval `sed -n '$sed_known' '$debconf_set_selections'`;
|
||||
}
|
||||
|
||||
sub mungeline ($) {
|
||||
my $line = shift;
|
||||
chomp $line;
|
||||
$line =~ s/\r$//;
|
||||
return $line;
|
||||
}
|
||||
|
||||
sub fatal { printf STDERR @_; exit 1; }
|
||||
|
||||
my $state = 'present';
|
||||
|
||||
sub state {
|
||||
my $new = shift;
|
||||
if ($state eq 'present'
|
||||
or ($state eq 'different' and $new eq 'absent')) {
|
||||
$state = $new;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# Load Debconf DB but manually lock on the state explorer script,
|
||||
# because Debconf aborts immediately if executed concurrently.
|
||||
# This is not really an ideal solution because the Debconf DB could be locked by
|
||||
# another process (e.g. apt-get), but no way to achieve this could be found.
|
||||
# If you know how to, please provide a patch.
|
||||
my $lockfile = "%ENV{'__type_explorer'}/state";
|
||||
if (open my $lock_fh, '+<', $lockfile) {
|
||||
flock $lock_fh, LOCK_EX or die "Cannot lock $lockfile";
|
||||
}
|
||||
{
|
||||
Debconf::Db->load(readonly => 'true');
|
||||
}
|
||||
|
||||
|
||||
while (<>) {
|
||||
# Read and process lines (taken from debconf-set-selections)
|
||||
$_ = mungeline($_);
|
||||
while (/\\$/ && ! eof) {
|
||||
s/\\$//;
|
||||
$_ .= mungeline(<>);
|
||||
}
|
||||
next if /^\s*$/ || /^\s*\#/;
|
||||
|
||||
my ($owner, $label, $type, $content) = /^\s*(\S+)\s+(\S+)\s+(\S+)(?:\s(.*))?/
|
||||
or fatal "invalid line: %s\n", $_;
|
||||
$content = '' unless defined $content;
|
||||
|
||||
|
||||
# Compare is and should state
|
||||
my $q = Debconf::Question->get($label);
|
||||
|
||||
unless (defined $q) {
|
||||
# probably a preseed
|
||||
state 'absent';
|
||||
next;
|
||||
}
|
||||
|
||||
if (grep { $_ eq $q->type } @knownflags) {
|
||||
# This line wants to set a flag, presumably.
|
||||
if ($q->flag($q->type) ne $content) {
|
||||
state 'different';
|
||||
}
|
||||
} else {
|
||||
# Otherwise, it's probably a value…
|
||||
if ($q->value ne $content) {
|
||||
state 'different';
|
||||
}
|
||||
|
||||
unless (grep { $_ eq $owner } (split /, /, $q->owners)) {
|
||||
state 'different';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
printf "%s\n", $state;
|
||||
EOF
|
|
@ -1,7 +1,6 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2011-2014 Nico Schottelius (nico-cdist at schottelius.org)
|
||||
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
|
@ -18,37 +17,16 @@
|
|||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
# Setup selections
|
||||
#
|
||||
|
||||
if test -f "${__object:?}/parameter/line"
|
||||
then
|
||||
filename="${__object:?}/parameter/line"
|
||||
elif test -s "${__object:?}/parameter/file"
|
||||
then
|
||||
filename=$(cat "${__object:?}/parameter/file")
|
||||
if test "${filename}" = '-'
|
||||
then
|
||||
filename="${__object:?}/stdin"
|
||||
fi
|
||||
else
|
||||
printf 'Neither --line nor --file set.\n' >&2
|
||||
exit 1
|
||||
filename="$(cat "$__object/parameter/file")"
|
||||
|
||||
if [ "$filename" = "-" ]; then
|
||||
filename="$__object/stdin"
|
||||
fi
|
||||
|
||||
# setting no lines makes no sense
|
||||
test -s "${filename}" || exit 0
|
||||
|
||||
state_is=$(cat "${__object:?}/explorer/state")
|
||||
|
||||
if test "${state_is}" != 'present'
|
||||
then
|
||||
cat <<-CODE
|
||||
debconf-set-selections <<'EOF'
|
||||
$(cat "${filename}")
|
||||
EOF
|
||||
CODE
|
||||
|
||||
awk '
|
||||
{
|
||||
printf "set %s %s %s %s\n", $1, $2, $3, $4
|
||||
}' "${filename}" >>"${__messages_out:?}"
|
||||
fi
|
||||
echo "debconf-set-selections << __file-eof"
|
||||
cat "$filename"
|
||||
echo "__file-eof"
|
||||
|
|
|
@ -8,33 +8,15 @@ cdist-type__debconf_set_selections - Setup debconf selections
|
|||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
On Debian and alike systems :strong:`debconf-set-selections`\ (1) can be used
|
||||
On Debian and alike systems debconf-set-selections(1) can be used
|
||||
to setup configuration parameters.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
cf. ``--line``.
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
file
|
||||
Use the given filename as input for :strong:`debconf-set-selections`\ (1)
|
||||
If filename is ``-``, read from stdin.
|
||||
|
||||
**This parameter is deprecated, because it doesn't work with state detection.**
|
||||
line
|
||||
A line in :strong:`debconf-set-selections`\ (1) compatible format.
|
||||
This parameter can be used multiple times to set multiple options.
|
||||
|
||||
(This parameter is actually required, but marked optional because the
|
||||
deprecated ``--file`` is still accepted.)
|
||||
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
------------------
|
||||
None.
|
||||
Use the given filename as input for debconf-set-selections(1)
|
||||
If filename is "-", read from stdin.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
|
@ -42,29 +24,30 @@ EXAMPLES
|
|||
|
||||
.. code-block:: sh
|
||||
|
||||
# Setup gitolite's gituser
|
||||
__debconf_set_selections nslcd --line 'gitolite gitolite/gituser string git'
|
||||
# Setup configuration for nslcd
|
||||
__debconf_set_selections nslcd --file /path/to/file
|
||||
|
||||
# Setup configuration for nslcd from a file.
|
||||
# NB: Multiple lines can be passed to --line, although this can be considered a hack.
|
||||
__debconf_set_selections nslcd --line "$(cat "${__files:?}/preseed/nslcd.debconf")"
|
||||
# Setup configuration for nslcd from another type
|
||||
__debconf_set_selections nslcd --file "$__type/files/preseed/nslcd"
|
||||
|
||||
__debconf_set_selections nslcd --file - << eof
|
||||
gitolite gitolite/gituser string git
|
||||
eof
|
||||
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
- :strong:`cdist-type__update_alternatives`\ (7)
|
||||
- :strong:`debconf-set-selections`\ (1)
|
||||
:strong:`debconf-set-selections`\ (1), :strong:`cdist-type__update_alternatives`\ (7)
|
||||
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
| Nico Schottelius <nico-cdist--@--schottelius.org>
|
||||
| Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
|
||||
Nico Schottelius <nico-cdist--@--schottelius.org>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2011-2014 Nico Schottelius, 2021 Dennis Camera.
|
||||
You can redistribute it and/or modify it under the terms of the GNU General
|
||||
Public License as published by the Free Software Foundation, either version 3 of
|
||||
the License, or (at your option) any later version.
|
||||
Copyright \(C) 2011-2014 Nico Schottelius. You can redistribute it
|
||||
and/or modify it under the terms of the GNU General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
||||
|
|
|
@ -1,21 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
__package_apt debconf
|
|
@ -1 +0,0 @@
|
|||
'file' has been deprecated in favour of 'line' in order to provide idempotency.
|
|
@ -1 +0,0 @@
|
|||
line
|
|
@ -30,10 +30,10 @@ fallback() {
|
|||
gid=$(echo "$ls_line" | awk '{ print $4 }')
|
||||
|
||||
owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd)
|
||||
group=$(awk -F: -v gid="$gid" '$3 == gid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group)
|
||||
group=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group)
|
||||
|
||||
mode_text=$(echo "$ls_line" | awk '{ print $1 }')
|
||||
mode=$(echo "$mode_text" | awk '{for(i=8;i>=0;--i){c=substr($1,10-i,1);k+=((c~/[rwxst]/)*2^i);if(!(i%3))k+=(tolower(c)~/[lst]/)*2^(9+i/3)}printf("%04o",k)}')
|
||||
mode=$(echo "$mode_text" | awk '{ k=0; for (i=0; i<=8; i++) k += ((substr($1, i+2, 1) ~ /[rwx]/) * 2^(8-i)); printf("%0o", k) }')
|
||||
|
||||
printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\n' \
|
||||
"$("$__type_explorer/type")" \
|
||||
|
@ -45,27 +45,56 @@ fallback() {
|
|||
# nothing to work with, nothing we could do
|
||||
[ -e "$destination" ] || exit 0
|
||||
|
||||
command -v stat >/dev/null 2>&1 || {
|
||||
if ! command -v stat >/dev/null
|
||||
then
|
||||
fallback
|
||||
exit
|
||||
}
|
||||
fi
|
||||
|
||||
case $("$__explorer/os")
|
||||
in
|
||||
freebsd|netbsd|openbsd|macosx)
|
||||
stat -f 'type: %HT
|
||||
case $("$__explorer/os") in
|
||||
"freebsd"|"netbsd"|"openbsd"|"macosx")
|
||||
stat -f "type: %HT
|
||||
owner: %Du %Su
|
||||
group: %Dg %Sg
|
||||
mode: %Mp%03Lp %Sp
|
||||
' "$destination" | awk '/^type/ { print tolower($0); next } { print }'
|
||||
mode: %Lp %Sp
|
||||
" "$destination" | awk '/^type/ { print tolower($0); next } { print }'
|
||||
;;
|
||||
solaris)
|
||||
ls1="$( ls -ld "$destination" )"
|
||||
ls2="$( ls -ldn "$destination" )"
|
||||
|
||||
if [ -f "$__object/parameter/mode" ]
|
||||
then mode_should="$( cat "$__object/parameter/mode" )"
|
||||
fi
|
||||
|
||||
# yes, it is ugly hack, but if you know better way...
|
||||
if [ -z "$( find "$destination" -perm "$mode_should" )" ]
|
||||
then octets=888
|
||||
else octets="$( echo "$mode_should" | sed 's/^0//' )"
|
||||
fi
|
||||
|
||||
case "$( echo "$ls1" | cut -c1-1 )" in
|
||||
-) echo 'type: regular file' ;;
|
||||
d) echo 'type: directory' ;;
|
||||
esac
|
||||
|
||||
echo "owner: $( echo "$ls2" \
|
||||
| awk '{print $3}' ) $( echo "$ls1" \
|
||||
| awk '{print $3}' )"
|
||||
|
||||
echo "group: $( echo "$ls2" \
|
||||
| awk '{print $4}' ) $( echo "$ls1" \
|
||||
| awk '{print $4}' )"
|
||||
|
||||
echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )"
|
||||
;;
|
||||
*)
|
||||
# NOTE: Do not use --printf here as it is not supported by BusyBox stat.
|
||||
# NOTE: BusyBox's stat might not support the "-c" option, in which case
|
||||
# we fall through to the shell fallback.
|
||||
stat -c 'type: %F
|
||||
stat -c "type: %F
|
||||
owner: %u %U
|
||||
group: %g %G
|
||||
mode: %04a %A' "$destination" 2>/dev/null || fallback
|
||||
;;
|
||||
mode: %a %A" "$destination" 2>/dev/null || fallback
|
||||
;;
|
||||
esac
|
||||
|
|
|
@ -97,11 +97,9 @@ case "$state_should" in
|
|||
value_should="$(cat "$__object/parameter/$attribute")"
|
||||
value_is="$(get_current_value "$attribute" "$value_should")"
|
||||
|
||||
# format mode in four digits => same as stat returns
|
||||
# change 0xxx format to xxx format => same as stat returns
|
||||
if [ "$attribute" = mode ]; then
|
||||
# Convert to four-digit octal number (printf interprets
|
||||
# strings with leading 0s as octal!)
|
||||
value_should=$(printf '%04o' "0${value_should}")
|
||||
value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')"
|
||||
fi
|
||||
|
||||
if [ "$set_attributes" = 1 ] || [ "$value_should" != "$value_is" ]; then
|
||||
|
|
|
@ -25,9 +25,6 @@ user
|
|||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
|
||||
dirmode
|
||||
forwarded to :strong:`__directory` type as mode
|
||||
|
||||
mode
|
||||
forwarded to :strong:`__file` type
|
||||
|
||||
|
@ -37,12 +34,6 @@ state
|
|||
source
|
||||
forwarded to :strong:`__file` type
|
||||
|
||||
file
|
||||
forwarded to :strong:`__file` type
|
||||
This can be used if multiple users need to have a dotfile updated,
|
||||
which will result in duplicate object id errors. When using the
|
||||
file parameter the object id can be some unique value.
|
||||
|
||||
MESSAGES
|
||||
--------
|
||||
|
||||
|
@ -67,15 +58,6 @@ EXAMPLES
|
|||
# Install default xmonad config for user 'eve'. Parent directory is created automatically.
|
||||
__dot_file .xmonad/xmonad.hs --user eve --state exists --source "$__files/xmonad.hs"
|
||||
|
||||
# install .vimrc for root and some users
|
||||
for user in root userx usery userz; do
|
||||
__dot_file "${user}_dot_vimrc" \
|
||||
--user $user \
|
||||
--file .vimrc \
|
||||
--state exists \
|
||||
--source "$__files/$user/.vimrc"
|
||||
done
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
|
||||
|
|
|
@ -19,20 +19,13 @@ set -eu
|
|||
user="$(cat "${__object}/parameter/user")"
|
||||
home="$(cat "${__object}/explorer/home")"
|
||||
primary_group="$(cat "${__object}/explorer/primary_group")"
|
||||
dirmode="$(cat "${__object}/parameter/dirmode")"
|
||||
if [ -f "${__object}/parameter/file" ]; then
|
||||
file="$(cat "${__object}/parameter/file")"
|
||||
else
|
||||
file="${__object_id}"
|
||||
fi
|
||||
|
||||
|
||||
# Create parent directory. Type __directory has flag 'parents', but it
|
||||
# will leave us with root-owned directory in user home, which is not
|
||||
# acceptable. So we create parent directories one-by-one. XXX: maybe
|
||||
# it should be fixed in '__directory'?
|
||||
set --
|
||||
subpath=${file}
|
||||
subpath=${__object_id}
|
||||
while subpath="$(dirname "${subpath}")" ; do
|
||||
[ "${subpath}" = . ] && break
|
||||
set -- "${subpath}" "$@"
|
||||
|
@ -43,7 +36,6 @@ export CDIST_ORDER_DEPENDENCY
|
|||
for dir ; do
|
||||
__directory "${home}/${dir}" \
|
||||
--group "${primary_group}" \
|
||||
--mode "${dirmode}" \
|
||||
--owner "${user}"
|
||||
done
|
||||
|
||||
|
@ -70,4 +62,4 @@ if [ "${source}" = "-" ] ; then
|
|||
fi
|
||||
unset source
|
||||
|
||||
__file "${home}/${file}" --owner "$user" --group "$primary_group" "$@"
|
||||
__file "${home}/${__object_id}" --owner "$user" --group "$primary_group" "$@"
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
0700
|
|
@ -1,4 +1,3 @@
|
|||
state
|
||||
mode
|
||||
source
|
||||
dirmode
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
if [ -f "$__object/parameter/cmd-get" ]
|
||||
then
|
||||
cat "$__object/parameter/cmd-get"
|
||||
elif
|
||||
command -v curl > /dev/null
|
||||
then
|
||||
echo "curl -sSL -o - '%s'"
|
||||
elif
|
||||
command -v fetch > /dev/null
|
||||
then
|
||||
echo "fetch -o - '%s'"
|
||||
else
|
||||
echo "wget -O - '%s'"
|
||||
fi
|
|
@ -1,82 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
if [ ! -f "$__object/parameter/sum" ]
|
||||
then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/cmd-sum" ]
|
||||
then
|
||||
cat "$__object/parameter/cmd-sum"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
sum_should="$( cat "$__object/parameter/sum" )"
|
||||
|
||||
if echo "$sum_should" | grep -Fq ':'
|
||||
then
|
||||
sum_hash="$( echo "$sum_should" | cut -d : -f 1 )"
|
||||
else
|
||||
if echo "$sum_should" | grep -Eq '^[0-9]+\s[0-9]+$'
|
||||
then
|
||||
sum_hash='cksum'
|
||||
elif
|
||||
echo "$sum_should" | grep -Eiq '^[a-f0-9]{32}$'
|
||||
then
|
||||
sum_hash='md5'
|
||||
elif
|
||||
echo "$sum_should" | grep -Eiq '^[a-f0-9]{40}$'
|
||||
then
|
||||
sum_hash='sha1'
|
||||
elif
|
||||
echo "$sum_should" | grep -Eiq '^[a-f0-9]{64}$'
|
||||
then
|
||||
sum_hash='sha256'
|
||||
else
|
||||
echo 'hash format detection failed' >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
os="$( "$__explorer/os" )"
|
||||
|
||||
case "$sum_hash" in
|
||||
cksum)
|
||||
echo "cksum %s | awk '{print \$1\" \"\$2}'"
|
||||
;;
|
||||
md5)
|
||||
case "$os" in
|
||||
freebsd)
|
||||
echo "md5 -q %s"
|
||||
;;
|
||||
*)
|
||||
echo "md5sum %s | awk '{print \$1}'"
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
sha1)
|
||||
case "$os" in
|
||||
freebsd)
|
||||
echo "sha1 -q %s"
|
||||
;;
|
||||
*)
|
||||
echo "sha1sum %s | awk '{print \$1}'"
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
sha256)
|
||||
case "$os" in
|
||||
freebsd)
|
||||
echo "sha256 -q %s"
|
||||
;;
|
||||
*)
|
||||
echo "sha256sum %s | awk '{print \$1}'"
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
*)
|
||||
# we arrive here only if --sum is given with unknown format prefix
|
||||
echo "unknown hash format: $sum_hash" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
|
@ -1,45 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
if [ -f "$__object/parameter/destination" ]
|
||||
then
|
||||
dst="$( cat "$__object/parameter/destination" )"
|
||||
else
|
||||
dst="/$__object_id"
|
||||
fi
|
||||
|
||||
if [ ! -f "$dst" ]
|
||||
then
|
||||
echo 'absent'
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ ! -f "$__object/parameter/sum" ]
|
||||
then
|
||||
echo 'present'
|
||||
exit 0
|
||||
fi
|
||||
|
||||
sum_should="$( cat "$__object/parameter/sum" )"
|
||||
|
||||
if echo "$sum_should" | grep -Fq ':'
|
||||
then
|
||||
sum_should="$( echo "$sum_should" | cut -d : -f 2 )"
|
||||
fi
|
||||
|
||||
sum_cmd="$( "$__type_explorer/remote_cmd_sum" )"
|
||||
|
||||
# shellcheck disable=SC2059
|
||||
sum_is="$( eval "$( printf "$sum_cmd" "'$dst'" )" )"
|
||||
|
||||
if [ -z "$sum_is" ]
|
||||
then
|
||||
echo 'existing destination checksum failed' >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$sum_is" = "$sum_should" ]
|
||||
then
|
||||
echo 'present'
|
||||
else
|
||||
echo 'mismatch'
|
||||
fi
|
|
@ -1,155 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
download="$( cat "$__object/parameter/download" )"
|
||||
|
||||
state_is="$( cat "$__object/explorer/state" )"
|
||||
|
||||
if [ "$download" != 'local' ] || [ "$state_is" = 'present' ]
|
||||
then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
url="$( cat "$__object/parameter/url" )"
|
||||
|
||||
if [ -f "$__object/parameter/destination" ]
|
||||
then
|
||||
dst="$( cat "$__object/parameter/destination" )"
|
||||
else
|
||||
dst="/$__object_id"
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/cmd-get" ]
|
||||
then
|
||||
cmd="$( cat "$__object/parameter/cmd-get" )"
|
||||
|
||||
elif command -v curl > /dev/null
|
||||
then
|
||||
cmd="curl -sSL -o - '%s'"
|
||||
|
||||
elif command -v fetch > /dev/null
|
||||
then
|
||||
cmd="fetch -o - '%s'"
|
||||
|
||||
elif command -v wget > /dev/null
|
||||
then
|
||||
cmd="wget -O - '%s'"
|
||||
|
||||
else
|
||||
echo 'local download failed, no usable utility' >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "download_tmp=\"\$( mktemp )\""
|
||||
|
||||
# shellcheck disable=SC2059
|
||||
printf "$cmd > \"\$download_tmp\"\n" "$url"
|
||||
|
||||
if [ -f "$__object/parameter/sum" ]
|
||||
then
|
||||
sum_should="$( cat "$__object/parameter/sum" )"
|
||||
|
||||
if [ -f "$__object/parameter/cmd-sum" ]
|
||||
then
|
||||
local_cmd_sum="$( cat "$__object/parameter/cmd-sum" )"
|
||||
else
|
||||
if echo "$sum_should" | grep -Fq ':'
|
||||
then
|
||||
sum_hash="$( echo "$sum_should" | cut -d : -f 1 )"
|
||||
|
||||
sum_should="$( echo "$sum_should" | cut -d : -f 2 )"
|
||||
else
|
||||
if echo "$sum_should" | grep -Eq '^[0-9]+\s[0-9]+$'
|
||||
then
|
||||
sum_hash='cksum'
|
||||
elif
|
||||
echo "$sum_should" | grep -Eiq '^[a-f0-9]{32}$'
|
||||
then
|
||||
sum_hash='md5'
|
||||
elif
|
||||
echo "$sum_should" | grep -Eiq '^[a-f0-9]{40}$'
|
||||
then
|
||||
sum_hash='sha1'
|
||||
elif
|
||||
echo "$sum_should" | grep -Eiq '^[a-f0-9]{64}$'
|
||||
then
|
||||
sum_hash='sha256'
|
||||
else
|
||||
echo 'hash format detection failed' >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
case "$sum_hash" in
|
||||
cksum)
|
||||
local_cmd_sum="cksum %s | awk '{print \$1\" \"\$2}'"
|
||||
;;
|
||||
md5)
|
||||
if command -v md5 > /dev/null
|
||||
then
|
||||
local_cmd_sum="md5 -q %s"
|
||||
elif
|
||||
command -v md5sum > /dev/null
|
||||
then
|
||||
local_cmd_sum="md5sum %s | awk '{print \$1}'"
|
||||
fi
|
||||
;;
|
||||
sha1)
|
||||
if command -v sha1 > /dev/null
|
||||
then
|
||||
local_cmd_sum="sha1 -q %s"
|
||||
elif
|
||||
command -v sha1sum > /dev/null
|
||||
then
|
||||
local_cmd_sum="sha1sum %s | awk '{print \$1}'"
|
||||
fi
|
||||
;;
|
||||
sha256)
|
||||
if command -v sha256 > /dev/null
|
||||
then
|
||||
local_cmd_sum="sha256 -q %s"
|
||||
elif
|
||||
command -v sha256sum > /dev/null
|
||||
then
|
||||
local_cmd_sum="sha256sum %s | awk '{print \$1}'"
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
# we arrive here only if --sum is given with unknown format prefix
|
||||
echo "unknown hash format: $sum_hash" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -z "$local_cmd_sum" ]
|
||||
then
|
||||
echo 'local checksum verification failed, no usable utility' >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# shellcheck disable=SC2059
|
||||
echo "sum_is=\"\$( $( printf "$local_cmd_sum" "\"\$download_tmp\"" ) )\""
|
||||
|
||||
echo "if [ \"\$sum_is\" != '$sum_should' ]; then"
|
||||
|
||||
echo "echo 'local download checksum mismatch' >&2"
|
||||
|
||||
echo "rm -f \"\$download_tmp\""
|
||||
|
||||
echo 'exit 1; fi'
|
||||
fi
|
||||
|
||||
if echo "$__target_host" | grep -Eq '^[0-9a-fA-F:]+$'
|
||||
then
|
||||
target_host="[$__target_host]"
|
||||
else
|
||||
target_host="$__target_host"
|
||||
fi
|
||||
|
||||
# shellcheck disable=SC2016
|
||||
printf '%s "$download_tmp" %s:%s\n' \
|
||||
"$__remote_copy" \
|
||||
"$target_host" \
|
||||
"$dst"
|
||||
|
||||
echo "rm -f \"\$download_tmp\""
|
|
@ -1,59 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
download="$( cat "$__object/parameter/download" )"
|
||||
|
||||
state_is="$( cat "$__object/explorer/state" )"
|
||||
|
||||
if [ "$download" = 'remote' ] && [ "$state_is" != 'present' ]
|
||||
then
|
||||
cmd_get="$( cat "$__object/explorer/remote_cmd_get" )"
|
||||
|
||||
url="$( cat "$__object/parameter/url" )"
|
||||
|
||||
if [ -f "$__object/parameter/destination" ]
|
||||
then
|
||||
dst="$( cat "$__object/parameter/destination" )"
|
||||
else
|
||||
dst="/$__object_id"
|
||||
fi
|
||||
|
||||
echo "download_tmp=\"\$( mktemp )\""
|
||||
|
||||
# shellcheck disable=SC2059
|
||||
printf "$cmd_get > \"\$download_tmp\"\n" "$url"
|
||||
|
||||
if [ -f "$__object/parameter/sum" ]
|
||||
then
|
||||
sum_should="$( cat "$__object/parameter/sum" )"
|
||||
|
||||
if [ -f "$__object/parameter/cmd-sum" ]
|
||||
then
|
||||
remote_cmd_sum="$( cat "$__object/parameter/cmd-sum" )"
|
||||
else
|
||||
remote_cmd_sum="$( cat "$__object/explorer/remote_cmd_sum" )"
|
||||
|
||||
if echo "$sum_should" | grep -Fq ':'
|
||||
then
|
||||
sum_should="$( echo "$sum_should" | cut -d : -f 2 )"
|
||||
fi
|
||||
fi
|
||||
|
||||
# shellcheck disable=SC2059
|
||||
echo "sum_is=\"\$( $( printf "$remote_cmd_sum" "\"\$download_tmp\"" ) )\""
|
||||
|
||||
echo "if [ \"\$sum_is\" != '$sum_should' ]; then"
|
||||
|
||||
echo "echo 'remote download checksum mismatch' >&2"
|
||||
|
||||
echo "rm -f \"\$download_tmp\""
|
||||
|
||||
echo 'exit 1; fi'
|
||||
fi
|
||||
|
||||
echo "mv \"\$download_tmp\" '$dst'"
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/onchange" ] && [ "$state_is" != "present" ]
|
||||
then
|
||||
cat "$__object/parameter/onchange"
|
||||
fi
|
|
@ -1,101 +0,0 @@
|
|||
cdist-type__download(7)
|
||||
=======================
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__download - Download a file
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
By default type will try to use ``curl``, ``fetch`` or ``wget``.
|
||||
If download happens in target (see ``--download``) then type will
|
||||
fallback to (and install) ``wget``.
|
||||
|
||||
If download happens in local machine, then environment variables like
|
||||
``{http,https,ftp}_proxy`` etc can be used on cdist execution
|
||||
(``http_proxy=foo cdist config ...``).
|
||||
|
||||
To change downloaded file's owner, group or permissions, use ``require='__download/path/to/file' __file ...``.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
url
|
||||
File's URL.
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
destination
|
||||
Downloaded file's destination in target. If unset, ``$__object_id`` is used.
|
||||
|
||||
sum
|
||||
Supported formats: ``cksum`` output without file name, MD5, SHA1 and SHA256.
|
||||
|
||||
Type tries to detect hash format with regexes, but prefixes
|
||||
``cksum:``, ``md5:``, ``sha1:`` and ``sha256:`` are also supported.
|
||||
|
||||
Checksum have two purposes - state check and post-download verification.
|
||||
In state check, if destination checksum mismatches, then content of URL
|
||||
will be downloaded to temporary file. If downloaded temporary file's
|
||||
checksum matches, then it will be moved to destination (overwritten).
|
||||
|
||||
For local downloads it is expected that usable utilities for checksum
|
||||
calculation exist in the system.
|
||||
|
||||
download
|
||||
If ``local`` (default), then file is downloaded to local storage and copied
|
||||
to target host. If ``remote``, then download happens in target.
|
||||
|
||||
For local downloads it is expected that usable utilities for downloading
|
||||
exist in the system. Type will try to use ``curl``, ``fetch`` or ``wget``.
|
||||
|
||||
cmd-get
|
||||
Command used for downloading.
|
||||
Command must output to ``stdout``.
|
||||
Parameter will be used for ``printf`` and must include only one
|
||||
format specification ``%s`` which will become URL.
|
||||
For example: ``wget -O - '%s'``.
|
||||
|
||||
cmd-sum
|
||||
Command used for checksum calculation.
|
||||
Command output and ``--sum`` parameter must match.
|
||||
Parameter will be used for ``printf`` and must include only one
|
||||
format specification ``%s`` which will become destination.
|
||||
For example: ``md5sum '%s' | awk '{print $1}'``.
|
||||
|
||||
onchange
|
||||
Execute this command after download.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
.. code-block:: sh
|
||||
|
||||
__directory /opt/cpma
|
||||
|
||||
require='__directory/opt/cpma' \
|
||||
__download /opt/cpma/cnq3.zip \
|
||||
--url https://cdn.playmorepromode.com/files/cnq3/cnq3-1.51.zip \
|
||||
--sum 46da3021ca9eace277115ec9106c5b46
|
||||
|
||||
require='__download/opt/cpma/cnq3.zip' \
|
||||
__unpack /opt/cpma/cnq3.zip \
|
||||
--backup-destination \
|
||||
--preserve-archive \
|
||||
--destination /opt/cpma/server
|
||||
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
Ander Punnar <ander-at-kvlt-dot-ee>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2021 Ander Punnar. You can redistribute it
|
||||
and/or modify it under the terms of the GNU General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
|
@ -1,6 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
if grep -Eq '^wget' "$__object/explorer/remote_cmd_get"
|
||||
then
|
||||
__package wget
|
||||
fi
|
|
@ -1 +0,0 @@
|
|||
local
|
|
@ -1,6 +0,0 @@
|
|||
cmd-get
|
||||
cmd-sum
|
||||
destination
|
||||
download
|
||||
onchange
|
||||
sum
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue