diff --git a/cdist/conf/explorer/os_version b/cdist/conf/explorer/os_version
index 3b02dedd..a7b1d3bc 100755
--- a/cdist/conf/explorer/os_version
+++ b/cdist/conf/explorer/os_version
@@ -70,11 +70,6 @@ case "$("$__explorer/os")" in
macosx)
sw_vers -productVersion
;;
- freebsd)
- # Apparently uname -r is not a reliable way to get the patch level.
- # See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743
- freebsd-version
- ;;
*bsd|solaris)
uname -r
;;
diff --git a/cdist/conf/type/__apt_backports/man.rst b/cdist/conf/type/__apt_backports/man.rst
deleted file mode 100644
index 7036fb84..00000000
--- a/cdist/conf/type/__apt_backports/man.rst
+++ /dev/null
@@ -1,104 +0,0 @@
-cdist-type__debian_backports(7)
-===============================
-
-NAME
-----
-cdist-type__apt_backports - Install backports
-
-
-DESCRIPTION
------------
-This singleton type installs backports for the current OS release.
-It aborts if backports are not supported for the specified OS or
-no version codename could be fetched (like Debian unstable).
-
-The package index will be automatically updated if required.
-
-It supports backports from following OSes:
-
-- Debian
-- Devuan
-- Ubuntu
-
-
-REQUIRED PARAMETERS
--------------------
-None.
-
-
-OPTIONAL PARAMETERS
--------------------
-state
- Represents the state of the backports repository. ``present`` or
- ``absent``, defaults to ``present``.
-
- Will be directly passed to :strong:`cdist-type__apt_source`\ (7).
-
-mirror
- The mirror to fetch the backports from. Will defaults to the generic
- mirror of the current OS.
-
- Will be directly passed to :strong:`cdist-type__apt_source`\ (7).
-
-
-BOOLEAN PARAMETERS
-------------------
-None.
-
-
-MESSAGES
---------
-None.
-
-
-EXAMPLES
---------
-
-.. code-block:: sh
-
- # setup the backports
- __apt_backports
- __apt_backports --state absent
- __apt_backports --state present --mirror "http://ftp.de.debian.org/debian/"
-
- # install a backports package
- # currently for the buster release backports
- require="__apt_backports" __package_apt wireguard \
- --target-release buster-backports
-
-
-ABORTS
-------
-Aborts if the detected os is not Debian.
-
-Aborts if no distribuition codename could be detected. This is common for the
-unstable distribution, but there is no backports repository for it already.
-
-
-CAVEATS
--------
-For Ubuntu, it setup all componenents for the backports repository: ``main``,
-``restricted``, ``universe`` and ``multiverse``. The user may not want to
-install proprietary packages, which will only be installed if the user
-explicitly uses the backports target-release. The user may change this behavior
-to install backports packages without the need of explicitly select it.
-
-
-SEE ALSO
---------
-`Official Debian Backports site `_
-
-:strong:`cdist-type__apt_source`\ (7)
-
-
-AUTHORS
--------
-Matthias Stecher
-
-
-COPYING
--------
-Copyright \(C) 2020 Matthias Stecher. You can redistribute it
-and/or modify it under the terms of the GNU General Public License as
-published by the Free Software Foundation, either version 3 of the
-License, or (at your option) any later version.
diff --git a/cdist/conf/type/__apt_backports/manifest b/cdist/conf/type/__apt_backports/manifest
deleted file mode 100755
index bc47d8de..00000000
--- a/cdist/conf/type/__apt_backports/manifest
+++ /dev/null
@@ -1,81 +0,0 @@
-#!/bin/sh -e
-# __apt_backports/manifest
-#
-# 2020 Matthias Stecher (matthiasstecher at gmx.de)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see .
-#
-#
-# Enables/disables backports repository. Utilises __apt_source for it.
-#
-
-
-# Get the distribution codename by /etc/os-release.
-# is already executed in a subshell by string substitution
-# lsb_release may not be given in all installations
-codename_os_release() {
- # shellcheck disable=SC1090
- . "$__global/explorer/os_release"
- printf "%s" "$VERSION_CODENAME"
-}
-
-# detect backport distribution
-os="$(cat "$__global/explorer/os")"
-case "$os" in
- debian)
- dist="$( codename_os_release )"
- components="main"
- mirror="http://deb.debian.org/debian/"
- ;;
- devuan)
- dist="$( codename_os_release )"
- components="main"
- mirror="http://deb.devuan.org/merged"
- ;;
- ubuntu)
- dist="$( codename_os_release )"
- components="main restricted universe multiverse"
- mirror="http://archive.ubuntu.com/ubuntu"
- ;;
-
- *)
- printf "Backports for %s are not supported!\n" "$os" >&2
- exit 1
- ;;
-esac
-
-# error if no codename given (e.g. on Debian unstable)
-if [ -z "$dist" ]; then
- printf "No backports for unkown version of distribution %s!\n" "$os" >&2
- exit 1
-fi
-
-
-# parameters
-state="$(cat "$__object/parameter/state")"
-
-# mirror already set for the os, only override user-values
-if [ -f "$__object/parameter/mirror" ]; then
- mirror="$(cat "$__object/parameter/mirror")"
-fi
-
-
-# install the given backports repository
-__apt_source "${dist}-backports" \
- --state "$state" \
- --distribution "${dist}-backports" \
- --component "$components" \
- --uri "$mirror"
diff --git a/cdist/conf/type/__apt_backports/parameter/default/state b/cdist/conf/type/__apt_backports/parameter/default/state
deleted file mode 100644
index e7f6134f..00000000
--- a/cdist/conf/type/__apt_backports/parameter/default/state
+++ /dev/null
@@ -1 +0,0 @@
-present
diff --git a/cdist/conf/type/__apt_backports/parameter/optional b/cdist/conf/type/__apt_backports/parameter/optional
deleted file mode 100644
index 4b05c235..00000000
--- a/cdist/conf/type/__apt_backports/parameter/optional
+++ /dev/null
@@ -1,2 +0,0 @@
-state
-mirror
diff --git a/cdist/conf/type/__apt_backports/singleton b/cdist/conf/type/__apt_backports/singleton
deleted file mode 100644
index e69de29b..00000000
diff --git a/cdist/conf/type/__block/gencode-remote b/cdist/conf/type/__block/gencode-remote
index 7a1f4064..1f5cc033 100755
--- a/cdist/conf/type/__block/gencode-remote
+++ b/cdist/conf/type/__block/gencode-remote
@@ -46,29 +46,28 @@ fi
remove_block() {
cat << DONE
-tmpfile=\$(mktemp ${quoted_file}.cdist.XXXXXXXXXX)
+tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
# preserve ownership and permissions of existing file
-if [ -f $quoted_file ]; then
- cp -p $quoted_file "\$tmpfile"
+if [ -f "$file" ]; then
+ cp -p "$file" "\$tmpfile"
fi
-awk -v prefix=$(quote "$prefix") -v suffix=$(quote "$suffix") '
+awk -v prefix=^$(quote "$prefix")\$ -v suffix=^$(quote "$suffix")\$ '
{
- if (\$0 == prefix) {
+ if (match(\$0,prefix)) {
triggered=1
}
if (triggered) {
- if (\$0 == suffix) {
+ if (match(\$0,suffix)) {
triggered=0
}
} else {
print
}
-}' $quoted_file > "\$tmpfile"
-mv -f "\$tmpfile" $quoted_file
+}' "$file" > "\$tmpfile"
+mv -f "\$tmpfile" "$file"
DONE
}
-quoted_file="$(quote "$file")"
case "$state_should" in
present)
if [ "$state_is" = "changed" ]; then
@@ -78,7 +77,7 @@ case "$state_should" in
echo add >> "$__messages_out"
fi
cat << DONE
-cat >> $quoted_file << '${__type##*/}_DONE'
+cat >> "$file" << ${__type##*/}_DONE
$(cat "$block")
${__type##*/}_DONE
DONE
diff --git a/cdist/conf/type/__dot_file/man.rst b/cdist/conf/type/__dot_file/man.rst
index ba7621a1..ae65eb95 100644
--- a/cdist/conf/type/__dot_file/man.rst
+++ b/cdist/conf/type/__dot_file/man.rst
@@ -25,9 +25,6 @@ user
OPTIONAL PARAMETERS
-------------------
-dirmode
- forwarded to :strong:`__directory` type as mode
-
mode
forwarded to :strong:`__file` type
diff --git a/cdist/conf/type/__dot_file/manifest b/cdist/conf/type/__dot_file/manifest
index 02dadf05..5e4957e5 100755
--- a/cdist/conf/type/__dot_file/manifest
+++ b/cdist/conf/type/__dot_file/manifest
@@ -19,7 +19,6 @@ set -eu
user="$(cat "${__object}/parameter/user")"
home="$(cat "${__object}/explorer/home")"
primary_group="$(cat "${__object}/explorer/primary_group")"
-dirmode="$(cat "${__object}/parameter/dirmode")"
# Create parent directory. Type __directory has flag 'parents', but it
# will leave us with root-owned directory in user home, which is not
@@ -37,7 +36,6 @@ export CDIST_ORDER_DEPENDENCY
for dir ; do
__directory "${home}/${dir}" \
--group "${primary_group}" \
- --mode "${dirmode}" \
--owner "${user}"
done
diff --git a/cdist/conf/type/__dot_file/parameter/default/dirmode b/cdist/conf/type/__dot_file/parameter/default/dirmode
deleted file mode 100644
index e9745d1f..00000000
--- a/cdist/conf/type/__dot_file/parameter/default/dirmode
+++ /dev/null
@@ -1 +0,0 @@
-0700
diff --git a/cdist/conf/type/__dot_file/parameter/optional b/cdist/conf/type/__dot_file/parameter/optional
index 9f7f83fb..ccab9fa6 100644
--- a/cdist/conf/type/__dot_file/parameter/optional
+++ b/cdist/conf/type/__dot_file/parameter/optional
@@ -1,4 +1,3 @@
state
mode
source
-dirmode
diff --git a/cdist/conf/type/__hostname/gencode-remote b/cdist/conf/type/__hostname/gencode-remote
index c1a97ac8..02afcbfb 100755
--- a/cdist/conf/type/__hostname/gencode-remote
+++ b/cdist/conf/type/__hostname/gencode-remote
@@ -20,27 +20,26 @@
# along with cdist. If not, see .
#
-os=$(cat "${__global:?}/explorer/os")
-name_running=$(cat "${__global:?}/explorer/hostname")
-has_hostnamectl=$(cat "${__object:?}/explorer/has_hostnamectl")
+os=$(cat "$__global/explorer/os")
+name_running=$(cat "$__global/explorer/hostname")
+has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
-if test -s "${__object:?}/parameter/name"
+if test -s "$__object/parameter/name"
then
- name_should=$(cat "${__object:?}/parameter/name")
+ name_should=$(cat "$__object/parameter/name")
else
- case ${os}
+ case $os
in
# RedHat-derivatives and BSDs
- (centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd)
+ centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd)
# Hostname is FQDN
- name_should=${__target_host:?}
- ;;
- (*)
+ name_should="${__target_host}"
+ ;;
+ *)
# Hostname is only first component of FQDN
- name_should=${__target_host:?}
- name_should=${name_should%%.*}
- ;;
+ name_should="${__target_host%%.*}"
+ ;;
esac
fi
@@ -48,46 +47,46 @@ fi
################################################################################
# Check if the (running) hostname is already correct
#
-test "${name_running}" != "${name_should}" || exit 0
+test "$name_running" != "$name_should" || exit 0
################################################################################
# Setup hostname
#
-echo 'changed' >>"${__messages_out:?}"
+echo 'changed' >>"$__messages_out"
# Use the good old way to set the hostname.
-case ${os}
+case $os
in
- (alpine|debian|devuan|ubuntu)
+ alpine|debian|devuan|ubuntu)
echo 'hostname -F /etc/hostname'
- ;;
- (archlinux)
+ ;;
+ archlinux)
echo 'command -v hostnamectl >/dev/null 2>&1' \
- "&& hostnamectl set-hostname '${name_should}'" \
- "|| hostname '${name_should}'"
- ;;
- (centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void)
- echo "hostname '${name_should}'"
- ;;
- (openwrt)
- echo "echo '${name_should}' >/proc/sys/kernel/hostname"
- ;;
- (macosx)
- echo "scutil --set HostName '${name_should}'"
- ;;
- (solaris)
- echo "uname -S '${name_should}'"
- ;;
- (slackware|suse)
+ "&& hostnamectl set-hostname '$name_should'" \
+ "|| hostname '$name_should'"
+ ;;
+ centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void)
+ echo "hostname '$name_should'"
+ ;;
+ openwrt)
+ echo "echo '$name_should' >/proc/sys/kernel/hostname"
+ ;;
+ macosx)
+ echo "scutil --set HostName '$name_should'"
+ ;;
+ solaris)
+ echo "uname -S '$name_should'"
+ ;;
+ slackware|suse|opensuse-leap)
# We do not read from /etc/HOSTNAME, because the running
# hostname is the first component only while the file contains
# the FQDN.
- echo "hostname '${name_should}'"
- ;;
- (*)
+ echo "hostname '$name_should'"
+ ;;
+ *)
# Fall back to set the hostname using hostnamectl, if available.
- if test -n "${has_hostnamectl}"
+ if test -n "$has_hostnamectl"
then
# Don't use hostnamectl as the primary means to set the hostname for
# systemd systems, because it cannot be trusted to work reliably and
@@ -98,8 +97,7 @@ in
echo "test \"\$(hostname)\" = \"\$(cat /etc/hostname)\"" \
" || hostname -F /etc/hostname"
else
- printf "echo 'Unsupported OS: %s' >&2\n" "${os}"
- printf 'exit 1\n'
+ printf "echo 'Unsupported OS: %s' >&2\nexit 1\n" "$os"
fi
- ;;
+ ;;
esac
diff --git a/cdist/conf/type/__hostname/manifest b/cdist/conf/type/__hostname/manifest
index b80aa2ef..bf8a331c 100755
--- a/cdist/conf/type/__hostname/manifest
+++ b/cdist/conf/type/__hostname/manifest
@@ -20,49 +20,69 @@
# along with cdist. If not, see .
#
+not_supported() {
+ echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
+ echo "Please contribute an implementation for it if you can." >&2
+ exit 1
+}
+
set_hostname_systemd() {
echo "$1" | __file /etc/hostname --source -
}
-os=$(cat "${__global:?}/explorer/os")
+os=$(cat "$__global/explorer/os")
+os_version=$(cat "$__global/explorer/os_version")
+os_major=$(echo "$os_version" | grep -o '^[0-9][0-9]*' || true)
-max_len=$(cat "${__object:?}/explorer/max_len")
-has_hostnamectl=$(cat "${__object:?}/explorer/has_hostnamectl")
+max_len=$(cat "$__object/explorer/max_len")
+has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
-if test -s "${__object:?}/parameter/name"
+if test -s "$__object/parameter/name"
then
- name_should=$(cat "${__object:?}/parameter/name")
+ name_should=$(cat "$__object/parameter/name")
else
- case ${os}
+ case $os
in
# RedHat-derivatives and BSDs
- (centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware|suse)
+ centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware)
# Hostname is FQDN
- name_should=${__target_host:?}
- ;;
+ name_should="${__target_host}"
+ ;;
+ suse|opensuse-leap)
+ # Classic SuSE stores the FQDN in /etc/HOSTNAME, while
+ # systemd does not. The running hostname is the first
+ # component in both cases.
+ # In versions before 15.x, the FQDN is stored in /etc/hostname.
+ if test -n "$has_hostnamectl" && test "$os_major" -ge 15 \
+ && test "$os_major" -ne 42
+ then
+ name_should="${__target_host%%.*}"
+ else
+ name_should="${__target_host}"
+ fi
+ ;;
*)
# Hostname is only first component of FQDN on all other systems.
- name_should=${__target_host:?}
- name_should=${name_should%%.*}
- ;;
+ name_should="${__target_host%%.*}"
+ ;;
esac
fi
-if test -n "${max_len}" && test "$(printf '%s' "${name_should}" | wc -c)" -gt "${max_len}"
+if test -n "$max_len" && test "$(printf '%s' "$name_should" | wc -c)" -gt "$max_len"
then
printf "Host name too long. Up to %u characters allowed.\n" "${max_len}" >&2
exit 1
fi
-case ${os}
+case $os
in
- (alpine|debian|devuan|ubuntu|void)
- echo "${name_should}" | __file /etc/hostname --source -
- ;;
- (archlinux)
- if test -n "${has_hostnamectl}"
+ alpine|debian|devuan|ubuntu|void)
+ echo "$name_should" | __file /etc/hostname --source -
+ ;;
+ archlinux)
+ if test -n "$has_hostnamectl"
then
- set_hostname_systemd "${name_should}"
+ set_hostname_systemd "$name_should"
else
echo 'Ancient ArchLinux variants without hostnamectl are not supported.' >&2
exit 1
@@ -77,8 +97,8 @@ in
# --value "\"$name_should\""
fi
;;
- (centos|fedora|redhat|scientific)
- if test -z "${has_hostnamectl}"
+ centos|fedora|redhat|scientific)
+ if test -z "$has_hostnamectl"
then
# Only write to /etc/sysconfig/network on non-systemd versions.
# On systemd-based versions this entry is ignored.
@@ -86,83 +106,63 @@ in
--file /etc/sysconfig/network \
--delimiter '=' --exact_delimiter \
--key HOSTNAME \
- --value "\"${name_should}\""
+ --value "\"$name_should\""
else
- set_hostname_systemd "${name_should}"
+ set_hostname_systemd "$name_should"
fi
- ;;
- (gentoo)
+ ;;
+ gentoo)
# Only write to /etc/conf.d/hostname on OpenRC-based installations.
# On systemd use hostnamectl(1) in gencode-remote.
- if test -z "${has_hostnamectl}"
+ if test -z "$has_hostnamectl"
then
__key_value '/etc/conf.d/hostname:hostname' \
--file /etc/conf.d/hostname \
--delimiter '=' --exact_delimiter \
--key 'hostname' \
- --value "\"${name_should}\""
+ --value "\"$name_should\""
else
set_hostname_systemd "$name_should"
fi
- ;;
- (freebsd)
+ ;;
+ freebsd)
__key_value '/etc/rc.conf:hostname' \
--file /etc/rc.conf \
--delimiter '=' --exact_delimiter \
--key 'hostname' \
- --value "\"${name_should}\""
- ;;
- (macosx)
+ --value "\"$name_should\""
+ ;;
+ macosx)
# handled in gencode-remote
- ;;
- (netbsd)
+ :
+ ;;
+ netbsd)
__key_value '/etc/rc.conf:hostname' \
--file /etc/rc.conf \
--delimiter '=' --exact_delimiter \
--key 'hostname' \
- --value "\"${name_should}\""
+ --value "\"$name_should\""
# To avoid confusion, ensure that the hostname is only stored once.
__file /etc/myname --state absent
- ;;
- (openbsd)
- echo "${name_should}" | __file /etc/myname --source -
- ;;
- (openwrt)
- __uci system.@system[0].hostname --value "${name_should}"
+ ;;
+ openbsd)
+ echo "$name_should" | __file /etc/myname --source -
+ ;;
+ openwrt)
+ __uci system.@system[0].hostname --value "$name_should"
# --transaction hostname
- ;;
- (slackware)
+ ;;
+ slackware)
# We write the FQDN into /etc/HOSTNAME. But /etc/rc.d/rc.M will only
# read the first component from this file and set it as the running
# hostname on boot.
- echo "${name_should}" | __file /etc/HOSTNAME --source -
- ;;
- (solaris)
- echo "${name_should}" | __file /etc/nodename --source -
- ;;
- (suse)
- if test -s "${__global:?}/explorer/os_release"
- then
- # shellcheck source=/dev/null
- os_version=$(. "${__global:?}/explorer/os_release" && echo "${VERSION}")
- else
- os_version=$(sed -n 's/^VERSION\ *=\ *//p' "${__global:?}/explorer/os_version")
- fi
- os_major=$(expr "${os_version}" : '\([0-9]\{1,\}\)')
-
- # Classic SuSE stores the FQDN in /etc/HOSTNAME, while
- # systemd does not. The running hostname is the first
- # component in both cases.
- # In versions before 15.x, the FQDN is stored in /etc/hostname.
- if test -n "${has_hostnamectl}" \
- && test "${os_major}" -ge 15 \
- && test "${os_major}" -ne 42
- then
- # strip away everything but the first part from $name_should
- name_should=${name_should%%.*}
- fi
-
+ echo "$name_should" | __file /etc/HOSTNAME --source -
+ ;;
+ solaris)
+ echo "$name_should" | __file /etc/nodename --source -
+ ;;
+ suse|opensuse-leap)
# Modern SuSE provides /etc/HOSTNAME as a symlink for
# backwards-compatibility. Unfortunately it cannot be used
# here as __file does not follow the symlink.
@@ -171,25 +171,23 @@ in
# not work correctly on openSUSE 12.x which provides
# hostnamectl but not /etc/hostname.
- if test -n "${has_hostnamectl}" -a "${os_major}" -gt 12
+ if test -n "$has_hostnamectl" -a "$os_major" -gt 12
then
- hostname_file=/etc/hostname
+ hostname_file='/etc/hostname'
else
- hostname_file=/etc/HOSTNAME
+ hostname_file='/etc/HOSTNAME'
fi
- echo "${name_should}" | __file "${hostname_file}" --source -
- ;;
- (*)
+ echo "$name_should" | __file "$hostname_file" --source -
+ ;;
+ *)
# On other operating systems we fall back to systemd's
# hostnamectl if available…
- if test -n "${has_hostnamectl}"
+ if test -n "$has_hostnamectl"
then
- set_hostname_systemd "${name_should}"
+ set_hostname_systemd "$name_should"
else
- echo "Your operating system (${os}) is currently not supported by this type (${__type##*/})." >&2
- echo "Please contribute an implementation for it if you can." >&2
- exit 1
+ not_supported
fi
- ;;
+ ;;
esac
diff --git a/cdist/conf/type/__iptables_apply/files/init-script b/cdist/conf/type/__iptables_apply/files/init-script
index e42017ae..d9c79ef7 100644
--- a/cdist/conf/type/__iptables_apply/files/init-script
+++ b/cdist/conf/type/__iptables_apply/files/init-script
@@ -1,4 +1,7 @@
#!/bin/sh
+# Nico Schottelius
+# Zürisee, Mon Sep 2 18:38:27 CEST 2013
+#
### BEGIN INIT INFO
# Provides: iptables
# Required-Start: $local_fs $remote_fs
@@ -11,72 +14,34 @@
# and saves/restores previous status
### END INIT INFO
-# Originally written by:
-# Nico Schottelius
-# Zürisee, Mon Sep 2 18:38:27 CEST 2013
-#
-# 2013 Nico Schottelius (nico-cdist at schottelius.org)
-# 2020 Matthias Stecher (matthiasstecher at gmx.de)
-#
-# This file is distributed with cdist and licenced under the
-# GNU GPLv3+ WITHOUT ANY WARRANTY.
-
-
-# Read files and execute the content with the given commands
-#
-# Arguments:
-# 1: Directory
-# 2..n: Commands which should be used to execute the file content
-gothrough() {
- cd "$1" || return
- shift
-
- # iterate through all rules and continue if it's not a file
- for rule in *; do
- [ -f "$rule" ] || continue
- echo "Appling iptables rule $rule ..."
-
- # execute it with all commands specificed
- ruleparam="$(cat "$rule")"
- for cmd in "$@"; do
- # Command and Rule should be split.
- # shellcheck disable=SC2046
- command $cmd $ruleparam
- done
- done
-}
-
-# Shortcut for iptables command to do IPv4 and v6
-# only applies to the "reset" target
-iptables() {
- command iptables "$@"
- command ip6tables "$@"
-}
basedir=/etc/iptables.d
-status4="${basedir}/.pre-start"
-status6="${basedir}/.pre-start6"
+status="${basedir}/.pre-start"
case $1 in
start)
# Save status
- iptables-save > "$status4"
- ip6tables-save > "$status6"
+ iptables-save > "$status"
# Apply our ruleset
- gothrough "$basedir" iptables
- #gothrough "$basedir/v4" iptables # conflicts with $basedir
- gothrough "$basedir/v6" ip6tables
- gothrough "$basedir/all" iptables ip6tables
+ cd "$basedir" || exit
+ count="$(find . ! -name . -prune | wc -l)"
+
+ # Only do something if there are rules
+ if [ "$count" -ge 1 ]; then
+ for rule in *; do
+ echo "Applying iptables rule $rule ..."
+ # Rule should be split.
+ # shellcheck disable=SC2046
+ iptables $(cat "$rule")
+ done
+ fi
;;
stop)
# Restore from status before, if there is something to restore
- if [ -f "$status4" ]; then
- iptables-restore < "$status4"
- fi
- if [ -f "$status6" ]; then
- ip6tables-restore < "$status6"
+ if [ -f "$status" ]; then
+ iptables-restore < "$status"
fi
;;
restart)
diff --git a/cdist/conf/type/__iptables_apply/man.rst b/cdist/conf/type/__iptables_apply/man.rst
index 3bef92cc..76e1f6bf 100644
--- a/cdist/conf/type/__iptables_apply/man.rst
+++ b/cdist/conf/type/__iptables_apply/man.rst
@@ -10,24 +10,7 @@ DESCRIPTION
-----------
This cdist type deploys an init script that triggers
the configured rules and also re-applies them on
-configuration. Rules are written from __iptables_rule
-into the folder ``/etc/iptables.d/``.
-
-It reads all rules from the base folder as rules for IPv4.
-Rules in the subfolder ``v6/`` are IPv6 rules. Rules in
-the subfolder ``all/`` are applied to both rule tables. All
-files contain the arguments for a single ``iptables`` and/or
-``ip6tables`` command.
-
-Rules are applied in the following order:
-1. All IPv4 rules
-2. All IPv6 rules
-2. All rules that should be applied to both tables
-
-The order of the rules that will be applied are definite
-from the result the shell glob returns, which should be
-alphabetical. If rules must be applied in a special order,
-prefix them with a number like ``02-some-rule``.
+configuration.
REQUIRED PARAMETERS
@@ -41,7 +24,7 @@ None
EXAMPLES
--------
-None (__iptables_apply is used by __iptables_rule automatically)
+None (__iptables_apply is used by __iptables_rule)
SEE ALSO
@@ -52,13 +35,11 @@ SEE ALSO
AUTHORS
-------
Nico Schottelius
-Matthias Stecher
COPYING
-------
-Copyright \(C) 2013 Nico Schottelius.
-Copyright \(C) 2020 Matthias Stecher.
-You can redistribute it and/or modify it under the terms of the GNU
-General Public License as published by the Free Software Foundation,
-either version 3 of the License, or (at your option) any later version.
+Copyright \(C) 2013 Nico Schottelius. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
diff --git a/cdist/conf/type/__iptables_rule/man.rst b/cdist/conf/type/__iptables_rule/man.rst
index afb71e01..92d8859f 100644
--- a/cdist/conf/type/__iptables_rule/man.rst
+++ b/cdist/conf/type/__iptables_rule/man.rst
@@ -11,10 +11,6 @@ DESCRIPTION
This cdist type allows you to manage iptable rules
in a distribution independent manner.
-See :strong:`cdist-type__iptables_apply`\ (7) for the
-execution order of these rules. It will be executed
-automaticly to apply all rules non-volaite.
-
REQUIRED PARAMETERS
-------------------
@@ -29,24 +25,6 @@ state
'present' or 'absent', defaults to 'present'
-BOOLEAN PARAMETERS
-------------------
-All rules without any of these parameters will be treated like ``--v4`` because
-of backward compatibility.
-
-v4
- Explicitly set it as rule for IPv4. If IPv6 is set, too, it will be
- threaten like ``--all``. Will be the default if nothing else is set.
-
-v6
- Explicitly set it as rule for IPv6. If IPv4 is set, too, it will be
- threaten like ``--all``.
-
-all
- Set the rule for both IPv4 and IPv6. It will be saved separately from the
- other rules.
-
-
EXAMPLES
--------
@@ -70,16 +48,6 @@ EXAMPLES
--state absent
- # IPv4-only rule for ICMPv4
- __iptables_rule icmp-v4 --v4 --rule "-A INPUT -p icmp -j ACCEPT"
- # IPv6-only rule for ICMPv6
- __iptables_rule icmp-v6 --v6 --rule "-A INPUT -p icmpv6 -j ACCEPT"
-
- # doing something for the dual stack
- __iptables_rule fwd-eth0-eth1 --v4 --v6 --rule "-A INPUT -i eth0 -o eth1 -j ACCEPT"
- __iptables_rule fwd-eth1-eth0 --all --rule "-A -o eth1 -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT"
-
-
SEE ALSO
--------
:strong:`cdist-type__iptables_apply`\ (7), :strong:`iptables`\ (8)
@@ -88,13 +56,11 @@ SEE ALSO
AUTHORS
-------
Nico Schottelius
-Matthias Stecher
COPYING
-------
-Copyright \(C) 2013 Nico Schottelius.
-Copyright \(C) 2020 Matthias Stecher.
-You can redistribute it and/or modify it under the terms of the GNU
-General Public License as published by the Free Software Foundation,
-either version 3 of the License, or (at your option) any later version.
+Copyright \(C) 2013 Nico Schottelius. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
diff --git a/cdist/conf/type/__iptables_rule/manifest b/cdist/conf/type/__iptables_rule/manifest
index d4394c25..ed78787f 100755
--- a/cdist/conf/type/__iptables_rule/manifest
+++ b/cdist/conf/type/__iptables_rule/manifest
@@ -1,7 +1,6 @@
#!/bin/sh -e
#
# 2013 Nico Schottelius (nico-cdist at schottelius.org)
-# 2020 Matthias Stecher (matthiasstecher at gmx.de)
#
# This file is part of cdist.
#
@@ -25,36 +24,12 @@ base_dir=/etc/iptables.d
name="$__object_id"
state="$(cat "$__object/parameter/state")"
-if [ -f "$__object/parameter/v4" ]; then
- only_v4="yes"
- # $specific_dir is $base_dir
-fi
-if [ -f "$__object/parameter/v6" ]; then
- only_v6="yes"
- specific_dir="$base_dir/v6"
-fi
-# If rules should be set for both protocols
-if { [ "$only_v4" = "yes" ] && [ "$only_v6" = "yes" ]; } ||
- [ -f "$__object/parameter/all" ]; then
-
- # all to a specific directory
- specific_dir="$base_dir/all"
-fi
-
-# set rule directory based on if it's the base or subdirectory
-rule_dir="${specific_dir:-$base_dir}"
-
################################################################################
# Basic setup
#
__directory "$base_dir" --state present
-# sub-directory if required
-if [ "$specific_dir" ]; then
- require="__directory/$base_dir" __directory "$specific_dir" --state present
-fi
-
# Have apply do the real job
require="$__object_name" __iptables_apply
@@ -62,15 +37,6 @@ require="$__object_name" __iptables_apply
# The rule
#
-for dir in "$base_dir" "$base_dir/v6" "$base_dir/all"; do
- # defaults to absent except the directory that should contain the file
- if [ "$rule_dir" = "$dir" ]; then
- curr_state="$state"
- else
- curr_state="absent"
- fi
-
- require="__directory/$rule_dir" __file "$dir/$name" \
- --source "$__object/parameter/rule" \
- --state "$curr_state"
-done
+require="__directory/$base_dir" __file "$base_dir/${name}" \
+ --source "$__object/parameter/rule" \
+ --state "$state"
diff --git a/cdist/conf/type/__iptables_rule/parameter/boolean b/cdist/conf/type/__iptables_rule/parameter/boolean
deleted file mode 100644
index 76882272..00000000
--- a/cdist/conf/type/__iptables_rule/parameter/boolean
+++ /dev/null
@@ -1,3 +0,0 @@
-all
-v4
-v6
diff --git a/cdist/conf/type/__locale/deprecated b/cdist/conf/type/__locale/deprecated
deleted file mode 100644
index 5a06b28e..00000000
--- a/cdist/conf/type/__locale/deprecated
+++ /dev/null
@@ -1 +0,0 @@
-This type is deprecated. Please use __localedef instead.
diff --git a/cdist/conf/type/__localedef/explorer/state b/cdist/conf/type/__localedef/explorer/state
deleted file mode 100755
index 3ba57661..00000000
--- a/cdist/conf/type/__localedef/explorer/state
+++ /dev/null
@@ -1,100 +0,0 @@
-#!/bin/sh -e
-#
-# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see .
-#
-# This explorer determines if the locale is defined on the target system.
-# Will print nothing on error.
-#
-# Possible output:
-# present:
-# the main locale (and possibly aliases) is present
-# absent:
-# neither the main locale nor any aliases are present
-# alias-present:
-# the main locale is absent, but at least one of its aliases is present
-#
-
-# Hardcoded, create a pull request in case it is at another location for
-# some other distro. (cf. gencode-remote)
-aliasfile='/usr/share/locale/locale.alias'
-
-command -v locale >/dev/null 2>&1 || exit 0
-
-locales=$(locale -a)
-
-parse_locale() {
- # This function will split locales into their parts. Locale strings are
- # usually of the form: [language[_territory][.codeset][@modifier]]
- # For simplicity, language and territory are not separated by this function.
- # Old Linux systems were also using "english" or "german" as locale strings.
- # Usage: parse_locale locale_str lang_var codeset_var modifier_var
- eval "${2:?}"="$(expr "$1" : '\([^.@]*\)')"
- eval "${3:?}"="$(expr "$1" : '[^.]*\.\([^@]*\)')"
- eval "${4:?}"="$(expr "$1" : '.*@\(.*\)$')"
-}
-
-format_locale() {
- # Usage: format_locale language codeset modifier
- printf '%s' "$1"
- test -z "$2" || printf '.%s' "$2"
- test -z "$3" || printf '@%s' "$3"
- printf '\n'
-}
-
-gnu_normalize_codeset() {
- # reimplementation of glibc/locale/programs/localedef.c normalize_codeset()
- echo "$*" | tr '[:upper:]' '[:lower:]' | tr -cd '[:alnum:]'
-}
-
-locale_available() (
- echo "${locales}" | grep -qxF "$1" || {
- # glibc uses "normalized" locale names in archives.
- # If a locale is stored in an archive, the normalized name will be
- # printed by locale, so that needs to be checked, too.
- localename=$(
- parse_locale "$1" _lang _codeset _modifier \
- && format_locale "${_lang:?}" "$(gnu_normalize_codeset "${_codeset?}")" \
- "${_modifier?}")
- echo "${locales}" | grep -qxF "${localename}"
- }
-)
-
-if locale_available "${__object_id:?}"
-then
- echo present
-else
- # NOTE: locale.alias can be symlinked.
- if test -e "${aliasfile}"
- then
- # Check if one of the aliases of the locale is defined
- baselocale=$(
- parse_locale "${__object_id:?}" _lang _codeset _modifiers \
- && format_locale "${_lang}" "${_codeset}")
- while read -r _alias _localename
- do
- if test "${_localename}" = "${baselocale}" \
- && echo "${locales}" | grep -qxF "${_alias}"
- then
- echo alias-present
- exit 0
- fi
- done <"${aliasfile}"
- fi
-
- echo absent
-fi
diff --git a/cdist/conf/type/__localedef/files/lib/glibc.sh b/cdist/conf/type/__localedef/files/lib/glibc.sh
deleted file mode 100644
index 6ace80d4..00000000
--- a/cdist/conf/type/__localedef/files/lib/glibc.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-# -*- mode: sh; indent-tabs-mode: t -*-
-
-gnu_normalize_codeset() {
- echo "$*" | tr -cd '[:alnum:]' | tr '[:upper:]' '[:lower:]'
-}
diff --git a/cdist/conf/type/__localedef/files/lib/locale.sh b/cdist/conf/type/__localedef/files/lib/locale.sh
deleted file mode 100644
index b5e61374..00000000
--- a/cdist/conf/type/__localedef/files/lib/locale.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-# -*- mode: sh; indent-tabs-mode:t -*-
-
-parse_locale() {
- # This function will split locales into their parts. Locale strings are
- # usually of the form: [language[_territory][.codeset][@modifier]]
- # For simplicity, language and territory are not separated by this function.
- # Old Linux systems were also using "english" or "german" as locale strings.
- # Usage: parse_locale locale_str lang_var codeset_var modifier_var
- eval "${2:?}"="$(expr "$1" : '\([^.@]*\)')"
- eval "${3:?}"="$(expr "$1" : '[^.]*\.\([^@]*\)')"
- eval "${4:?}"="$(expr "$1" : '.*@\(.*\)$')"
-}
-
-format_locale() {
- # Usage: format_locale language codeset modifier
- printf '%s' "$1"
- test -z "$2" || printf '.%s' "$2"
- test -z "$3" || printf '@%s' "$3"
- printf '\n'
-}
diff --git a/cdist/conf/type/__localedef/gencode-remote b/cdist/conf/type/__localedef/gencode-remote
deleted file mode 100755
index 4538151f..00000000
--- a/cdist/conf/type/__localedef/gencode-remote
+++ /dev/null
@@ -1,136 +0,0 @@
-#!/bin/sh -e
-#
-# 2013-2019 Nico Schottelius (nico-cdist at schottelius.org)
-# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see .
-#
-# Manage system locales using localedef(1).
-#
-
-# shellcheck source=cdist/conf/type/__localedef/files/lib/locale.sh
-. "${__type:?}/files/lib/locale.sh"
-# shellcheck source=cdist/conf/type/__localedef/files/lib/glibc.sh
-. "${__type:?}/files/lib/glibc.sh"
-
-state_is=$(cat "${__object:?}/explorer/state")
-state_should=$(cat "${__object:?}/parameter/state")
-
-test "${state_should}" = 'present' -o "${state_should}" = 'absent' || {
- printf 'Invalid state: %s\n' "${state_should}" >&2
- exit 1
-}
-
-# NOTE: If state explorer fails (e.g. locale(1) missing), the following check
-# will always fail and let definition/removal run.
-if test "${state_is}" = "${state_should}"
-then
- exit 0
-fi
-
-locale=${__object_id:?}
-os=$(cat "${__global:?}/explorer/os")
-
-if expr "${locale}" : '.*/' >/dev/null
-then
- printf 'Paths as locales are not supported.\n' >&2
- printf '__object_id is: %s\n' "${locale}" >&2
- exit 1
-fi
-
-: "${lang=}" "${codeset=}" "${modifier=}" # declare variables for shellcheck
-parse_locale "${locale}" lang codeset modifier
-
-
-case ${os}
-in
- (alpine|openwrt)
- printf '%s does not support locales.\n' "${os}" >&2
- exit 1
- ;;
- (archlinux|debian|devuan|ubuntu|suse|centos|fedora|redhat|scientific)
- # FIXME: The code below only works for glibc-based installations.
-
- # NOTE: Hardcoded, create a pull request in case it is at another
- # location for some opther distro.
- # NOTE: locale.alias can be symlinked (e.g. Debian)
- aliasfile='/usr/share/locale/locale.alias'
-
- case ${state_should}
- in
- (present)
- input=$(format_locale "${lang}" '' "${modifier}")
- cat <<-EOF
- set --
- if test -e '${aliasfile}'
- then
- set -- -A '${aliasfile}'
- fi
-
- localedef -i '${input}' -f '${codeset}' "\$@" '${locale}'
- EOF
- ;;
- (absent)
- main_localename=$(format_locale "${lang}" "$(gnu_normalize_codeset "${codeset}")" "${modifier}")
-
- cat <<-EOF
- while read -r _alias _localename
- do
- if test "\${_localename}" = '$(format_locale "${lang}" "${codeset}")'
- then
- localedef --delete-from-archive "\${_alias}"
- fi
- done <'${aliasfile}'
- EOF
-
- if test "${state_is}" = present
- then
- printf "localedef --delete-from-archive '%s'\n" "${main_localename}"
- fi
- ;;
- esac
- ;;
- (freebsd)
- case ${state_should}
- in
- (present)
- if expr "$(grep -oe '^[0-9]*' "${__global:?}/explorer/os_version")" '>=' 11 >/dev/null
- then
- # localedef(1) is available with FreeBSD >= 11
- printf "localedef -i '%s' -f '%s' '%s'\n" "${input}" "${codeset}" "${locale}"
- else
- printf 'localedef(1) was added to FreeBSD starting with version 11.\n' >&2
- printf 'Please upgrade your FreeBSD installation to use %s.\n' "${__type##*/}" >&2
- exit 1
- fi
- ;;
- (absent)
- printf "rm -R '/usr/share/locale/%s'\n" "${locale}"
- ;;
- esac
- ;;
- (netbsd|openbsd)
- # NetBSD/OpenBSD are missing localedef(1).
- # We also do not delete defined locales because they can't be recreated.
- echo "${os} is lacking localedef(1). Locale management unavailable." >&2
- exit 1
- ;;
- (*)
- echo "Your operating system (${os}) is currently not supported by this type (${__type##*/})." >&2
- echo "Please contribute an implementation for it if you can." >&2
- exit 1
- ;;
-esac
diff --git a/cdist/conf/type/__localedef/man.rst b/cdist/conf/type/__localedef/man.rst
deleted file mode 100644
index 454ce9d1..00000000
--- a/cdist/conf/type/__localedef/man.rst
+++ /dev/null
@@ -1,60 +0,0 @@
-cdist-type__localedef(7)
-========================
-
-NAME
-----
-cdist-type__localedef - Define and remove system locales
-
-
-DESCRIPTION
------------
-This cdist type allows you to define locales on the system using
-:strong:`localedef`\ (1) or remove them.
-On systems that don't support definition of new locales, the type will raise an
-error.
-
-**NB:** This type respects the glibc ``locale.alias`` file,
-i.e. it defines alias locales or deletes aliases of a locale when it is removed.
-It is not possible, however, to use alias names to define locales or only remove
-certain aliases of a locale.
-
-
-OPTIONAL PARAMETERS
--------------------
-state
- ``present`` or ``absent``. Defaults to ``present``.
-
-
-EXAMPLES
---------
-
-.. code-block:: sh
-
- # Add locale de_CH.UTF-8
- __localedef de_CH.UTF-8
-
- # Same as above, but more explicit
- __localedef de_CH.UTF-8 --state present
-
- # Remove colourful British English
- __localedef en_GB.UTF-8 --state absent
-
-
-SEE ALSO
---------
-:strong:`locale`\ (1),
-:strong:`localedef`\ (1),
-:strong:`cdist-type__locale_system`\ (7)
-
-
-AUTHORS
--------
-| Dennis Camera
-| Nico Schottelius
-
-
-COPYING
--------
-Copyright \(C) 2013-2019 Nico Schottelius, 2020 Dennis Camera. Free use of this
-software is granted under the terms of the GNU General Public License version 3
-or later (GPLv3+).
diff --git a/cdist/conf/type/__localedef/manifest b/cdist/conf/type/__localedef/manifest
deleted file mode 100755
index 3ab3ad8c..00000000
--- a/cdist/conf/type/__localedef/manifest
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/sh -e
-#
-# 2013-2019 Nico Schottelius (nico-cdist at schottelius.org)
-# 2015 David Hürlimann (david at ungleich.ch)
-# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see .
-#
-# Install required packages.
-#
-
-case $(cat "${__global:?}/explorer/os")
-in
- (debian|devuan)
- __package_apt locales --state present
- ;;
-esac
diff --git a/cdist/conf/type/__localedef/parameter/default/state b/cdist/conf/type/__localedef/parameter/default/state
deleted file mode 100644
index e7f6134f..00000000
--- a/cdist/conf/type/__localedef/parameter/default/state
+++ /dev/null
@@ -1 +0,0 @@
-present
diff --git a/cdist/conf/type/__localedef/parameter/optional b/cdist/conf/type/__localedef/parameter/optional
deleted file mode 100644
index ff72b5c7..00000000
--- a/cdist/conf/type/__localedef/parameter/optional
+++ /dev/null
@@ -1 +0,0 @@
-state
diff --git a/cdist/conf/type/__package_pkgng_freebsd/gencode-remote b/cdist/conf/type/__package_pkgng_freebsd/gencode-remote
index 05ba4cb2..b5944177 100755
--- a/cdist/conf/type/__package_pkgng_freebsd/gencode-remote
+++ b/cdist/conf/type/__package_pkgng_freebsd/gencode-remote
@@ -75,7 +75,7 @@ execcmd(){
esac
if [ -z "${pkg_bootstrapped}" ]; then
- echo "ASSUME_ALWAYS_YES=yes pkg bootstrap >/dev/null 2>&1"
+ echo "pkg bootstrap -y >/dev/null 2>&1"
fi
echo "$_cmd >/dev/null 2>&1" # Silence the output of the command
diff --git a/cdist/conf/type/__sshd_config/explorer/state b/cdist/conf/type/__sshd_config/explorer/state
deleted file mode 100644
index 75c68b8a..00000000
--- a/cdist/conf/type/__sshd_config/explorer/state
+++ /dev/null
@@ -1,121 +0,0 @@
-#!/bin/sh -e
-#
-# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see .
-#
-# Determines the current state of the config option.
-# Possible output:
-# - present: "should" option present in config file
-# - default: the "should" option is the default -> don’t know if present
-# - absent: no such option present in config file
-#
-
-joinlines() { sed -n -e H -e "\${x;s/^\\n//;s/\\n/${1:?}/g;p;}"; }
-trlower() { tr '[:upper:]' '[:lower:]'; }
-tolower() { printf '%s' "$*" | trlower; }
-
-default_value() {
- sshd -T -f /dev/null -C "$(make_conn_spec)" \
- | sed -n -e 's/^'"$(tolower "${1:?}")"'[[:blank:]]\{1,\}//p'
-}
-
-make_conn_spec() {
- if test -s "${__object:?}/parameter/match"
- then
- _match_file="${__object:?}/parameter/match"
- else
- _match_file='/dev/null'
- fi
-
- for _kw in \
- addr=Address \
- user=User \
- host=Host \
- laddr=LocalAddress \
- lport=LocalPort \
- rdomain=RDomain
- do
- _specname=${_kw%%=*}
- _confname=$(tolower "${_kw#*=}")
- while read -r _k _v
- do
- if test "$(tolower "${_k}")" = "${_confname}"
- then
- printf '%s=%s\n' "${_specname}" "${_v}"
- continue 2
- fi
- done <"${_match_file}"
-
- # NOTE: Print test spec even for empty keys to suppress errors like:
- # 'Match User' in configuration but 'user' not in connection test specification.
- # except lport:
- # Invalid port '' in test mode specification lport=
- test "${_specname}" = 'lport' || printf '%s=\n' "${_specname}"
- done \
- | joinlines ','
- unset _match_file
-}
-
-sshd_config_file=$(cat "${__object:?}/parameter/file")
-state_should=$(cat "${__object:?}/parameter/state")
-
-if test -s "${__object:?}/parameter/option"
-then
- option_name=$(cat "${__object:?}/parameter/option")
-else
- option_name=${__object_id:?}
-fi
-
-value_should=$(cat "${__object:?}/parameter/value" 2>/dev/null) \
-|| test "${state_should}" = absent || exit 0 # param optional if --state absent
-
-command -v sshd >/dev/null 2>&1 || {
- echo 'Cannot find sshd.' >&2
- exit 1
-}
-
-test -e "${sshd_config_file}" || {
- echo 'absent'
- exit 0
-}
-
-value_is=$(
- sshd -T -f "${sshd_config_file}" -C "$(make_conn_spec)" \
- | sed -n -e 's/^'"$(tolower "${option_name}")"'[[:blank:]]\{1,\}//p')
-
-if printf '%s\n' "${value_is}" | {
- if test -n "${value_should}"
- then
- grep -q -x -F "${value_should}"
- else
- # if no value provided, assume "any" value
- grep -q -e .
- fi
- }
-then
- if default_value "${option_name}" | grep -q -x -F "${value_is}"
- then
- # Might produce false positives for default values.
- # TODO: Manual checking should be done, but for simplicity, this case is
- # currently ignored here.
- echo default
- else
- echo present
- fi
-else
- echo absent
-fi
diff --git a/cdist/conf/type/__sshd_config/files/update_sshd_config.awk b/cdist/conf/type/__sshd_config/files/update_sshd_config.awk
deleted file mode 100644
index f7f30e87..00000000
--- a/cdist/conf/type/__sshd_config/files/update_sshd_config.awk
+++ /dev/null
@@ -1,293 +0,0 @@
-# -*- mode: awk; indent-tabs-mode: t -*-
-
-function usage() {
- print_err("Usage: awk -f update_sshd_config.awk -- -o set|unset [-m 'User git'] -l 'X11Forwarding no' /etc/ssh/sshd_config")
-}
-
-function print_err(s) { print s | "cat >&2" }
-
-function alength(a, i) {
- for (i = 0; (i + 1) in a; ++i);
- return i
-}
-
-function join(sep, a, i, s) {
- for (i = i ? i : 1; i in a; i++)
- s = s sep a[i]
- return substr(s, 2)
-}
-
-function getopt(opts, argv, target, files, i, c, lv, idx, nf) {
- # trivial getopt(3) implementation; only basic functionality
- if (argv[1] == "--") i++
- for (i += 1; i in argv; i++) {
- if (lv) { target[c] = argv[i]; lv = 0; continue }
- if (argv[i] ~ /^-/) {
- c = substr(argv[i], 2, 1)
- idx = index(opts, c)
- if (!idx) {
- print_err(sprintf("invalid option -%c\n", c))
- continue
- }
- if (substr(opts, idx + 1, 1) == ":") {
- # option takes argument
- if (length(argv[i]) > 2)
- target[c] = substr(argv[i], 3)
- else
- lv = 1
- } else {
- target[c] = 1
- }
- } else
- files[++nf] = argv[i]
- }
-}
-
-# tokenise configuration line
-# this function mimics the counterpart in OpenSSH (misc.c)
-# but it returns two (next token SUBSEP rest) because I didn’t want to have to
-# simulate any pointer magic.
-function strdelim_internal(s, split_equals, old) {
- if (!s)
- return ""
-
- old = s
-
- if (!match(s, WHITESPACE "|" QUOTE "" (split_equals ? "|" EQUALS : "")))
- return s
-
- s = substr(s, RSTART)
- old = substr(old, 1, RSTART - 1)
-
- if (s ~ "^" QUOTE) {
- old = substr(old, 2)
-
- # Find matching quote
- if (match(s, QUOTE)) {
- old = substr(old, 1, RSTART)
- # s = substr()
- if (match(s, "^" WHITESPACE "*"))
- s = substr(s, RLENGTH)
- return old
- } else {
- # no matching quote
- return ""
- }
- }
-
- if (match(s, "^" WHITESPACE "+")) {
- sub("^" WHITESPACE "+", "", s)
- if (split_equals)
- sub(EQUALS WHITESPACE "*", "", s)
- } else if (s ~ "^" EQUALS) {
- s = substr(s, 2)
- }
-
- return old SUBSEP s
-}
-function strdelim(s) { return strdelim_internal(s, 1) }
-function strdelimw(s) { return strdelim_internal(s, 0) }
-
-function singleton_option(opt) {
- return tolower(opt) !~ /^(acceptenv|allowgroups|allowusers|denygroups|denyusers|hostcertificate|hostkey|listenaddress|logverbose|permitlisten|permitopen|port|setenv|subsystem)$/
-}
-
-function print_update() {
- if (mode) {
- if (match_only) printf "\t"
- printf "%s\n", line_should
- updated = 1
- }
-}
-
-BEGIN {
- FS = "\n" # disable field splitting
-
- WHITESPACE = "[ \t]" # servconf.c, misc.c:strdelim_internal (without line breaks, cf. bugs)
- QUOTE = "[\"]" # misc.c:strdelim_internal
- EQUALS = "[=]"
-
- split("", opts)
- split("", files)
- getopt("ho:l:m:", ARGV, opts, files)
-
- if (opts["h"]) { usage(); exit (e="0") }
-
- line_should = opts["l"]
- match_only = opts["m"]
- num_files = alength(files)
-
- if (num_files != 1 || !opts["o"] || !line_should) {
- usage()
- exit (e=126)
- }
-
- if (opts["o"] == "set") {
- mode = 1
- } else if (opts["o"] == "unset") {
- mode = 0
- } else {
- print_err(sprintf("invalid mode %s\n", mode))
- exit (e=1)
- }
-
- if (mode) {
- # loop over sshd_config twice!
- ARGV[2] = ARGV[1] = files[1]
- ARGC = 3
- } else {
- # only loop once
- ARGV[1] = files[1]
- ARGC = 2
- }
-
- split(strdelim(line_should), should, SUBSEP)
- option_should = tolower(should[1])
- value_should = should[2]
-}
-
-{
- line = $0
-
- # Strip trailing whitespace. Allow \f (form feed) at EOL only
- sub("(" WHITESPACE "|\f)*$", "", line)
-
- # Strip leading whitespace
- sub("^" WHITESPACE "*", "", line)
-
- if (match(line, "^#" WHITESPACE "*")) {
- prefix = substr(line, RSTART, RLENGTH)
- line = substr(line, RSTART + RLENGTH)
- } else {
- prefix = ""
- }
-
- line_type = "invalid"
- option_is = value_is = ""
-
- if (line) {
- split(strdelim(line), toks, SUBSEP)
-
- if (tolower(toks[1]) == "match") {
- MATCH = (prefix ~ /^#/ ? "#" : "") join(" ", toks, 2)
- line_type = "match"
- } else if (toks[1] ~ /^[A-Za-z][A-Za-z0-9]+$/) {
- # This could be an option line
- line_type = "option"
- option_is = tolower(toks[1])
- value_is = toks[2]
- }
- } else {
- line_type = "empty"
- }
-}
-
-# mode: unset
-
-!mode {
- # delete matching config
- if (prefix !~ /^#/)
- if (MATCH == match_only && option_is == option_should)
- if (!value_should || value_should == value_is)
- next
-
- print
- next
-}
-
-
-# mode: set
-
-mode && NR == FNR {
- if (line_type == "option") {
- if (MATCH !~ /^#/) {
- if (prefix ~ /^#/) {
- # comment line
- last_occ[MATCH, "#" option_is] = FNR
- } else {
- # option line
- last_occ[MATCH, option_is] = FNR
- }
- last_occ[MATCH] = FNR
- }
- } else if (line_type == "invalid" && !prefix) {
- # INVALID LINE
- print_err(sprintf("%s: syntax error on line %u\n", ARGV[0], FNR))
- }
-
- next
-}
-
-# before second pass prepare hashes containing location information to be used
-# in the second pass.
-mode && NR > FNR && FNR == 1 {
- # First we drop the locations of commented-out options if a non-commented
- # option is available. If a non-commented option is available, we will
- # append new config options there to have them all at one place.
- for (k in last_occ) {
- if (k ~ /^#/) {
- # delete entries of commented out match blocks
- delete last_occ[k]
- continue
- }
-
- split(k, parts, SUBSEP)
-
- if (parts[2] ~ /^#/ && ((parts[1], substr(parts[2], 2)) in last_occ))
- delete last_occ[k]
- }
-
- # Reverse the option => line mapping. The line_map allows for easier lookups
- # in the second pass.
- # We only keep options, not top-level keywords, because we can only have
- # one entry per line and there are conflicts with last lines of "sections".
- for (k in last_occ) {
- if (!index(k, SUBSEP)) continue
- line_map[last_occ[k]] = k
- }
-}
-
-# Second pass
-mode && line_map[FNR] == match_only SUBSEP option_should && !updated {
- split(line_map[FNR], parts, SUBSEP)
-
- # If option allows multiple values, print current value
- if (!singleton_option(parts[2])) {
- if (value_should != value_is)
- print
- }
-
- print_update()
-
- next
-}
-
-mode { print }
-
-# Is a comment option
-mode && line_map[FNR] == match_only SUBSEP "#" option_should && !updated {
- print_update()
-}
-
-# Last line of the should match section
-mode && last_occ[match_only] == FNR && !updated {
- # NOTE: Inserting empty lines is only cosmetic. It is only done if
- # different options are next to each other and not in a match block
- # (match blocks are usually not in the default config and thus don’t
- # contain commented blocks.)
- if (line && option_is != option_should && !MATCH)
- print ""
- print_update()
-}
-
-END {
- if (e) exit e
-
- if (mode && !updated) {
- if (match_only && MATCH != match_only) {
- printf "\nMatch %s\n", match_only
- }
-
- print_update()
- }
-}
diff --git a/cdist/conf/type/__sshd_config/gencode-remote b/cdist/conf/type/__sshd_config/gencode-remote
deleted file mode 100755
index 275db4aa..00000000
--- a/cdist/conf/type/__sshd_config/gencode-remote
+++ /dev/null
@@ -1,98 +0,0 @@
-#!/bin/sh -e
-#
-# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see .
-#
-
-joinlines() { sed -n -e H -e "\${x;s/^\\n//;s/\\n/${1:?}/g;p;}"; }
-
-state_is=$(cat "${__object:?}/explorer/state")
-state_should=$(cat "${__object:?}/parameter/state")
-
-if test "${state_is}" = "${state_should}" -o "${state_is}" = 'default'
-then
- # nothing to do (if the value is the default, ignore its state)
- exit 0
-fi
-
-case ${state_should}
-in
- (present)
- mode='set'
- ;;
- (absent)
- mode='unset'
- ;;
- (*)
- printf 'Invalid --state: %s\n' "${state_should}" >&2
- exit 1
- ;;
-esac
-
-sshd_config_file=$(cat "${__object:?}/parameter/file")
-
-quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; }
-drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; }
-
-# Ensure the sshd_config file is there
-cat <$(quote "${sshd_config_file}")
- chown 0:0 $(quote "${sshd_config_file}")
- chmod 0644 $(quote "${sshd_config_file}")
-}
-
-EOF
-
-match_only=
-if test -s "${__object:?}/parameter/match"
-then
- match_only=$(joinlines ' ' <"${__object:?}/parameter/match")
-fi
-
-if test -s "${__object:?}/parameter/option"
-then
- option_line=$(cat "${__object:?}/parameter/option")
-else
- option_line=${__object_id:?}
-fi
-
-if test -s "${__object:?}/parameter/value"
-then
- option_line="${option_line} $(cat "${__object:?}/parameter/value")"
-fi
-
-# Send message on config update
-printf '%s%s %s\n' "${mode}" "${match_only:+ [${match_only}]}" \
- "${option_line}" >>"${__messages_out:?}"
-
-# Update sshd_config (remote code)
-cat <$(quote "${sshd_config_file}.tmp") \\
-|| exit
-
-cmp -s $(quote "${sshd_config_file}") $(quote "${sshd_config_file}.tmp") || {
- sshd -t -f $(quote "${sshd_config_file}.tmp") \\
- && cat $(quote "${sshd_config_file}.tmp") >$(quote "${sshd_config_file}") \\
- || exit # stop if sshd_config file check fails
-}
-rm -f $(quote "${sshd_config_file}.tmp")
-EOF
diff --git a/cdist/conf/type/__sshd_config/man.rst b/cdist/conf/type/__sshd_config/man.rst
deleted file mode 100644
index c8e6b8ad..00000000
--- a/cdist/conf/type/__sshd_config/man.rst
+++ /dev/null
@@ -1,98 +0,0 @@
-cdist-type__sshd_config(7)
-==========================
-
-NAME
-----
-cdist-type__sshd_config - Manage options in sshd_config
-
-
-DESCRIPTION
------------
-This space intentionally left blank.
-
-
-REQUIRED PARAMETERS
--------------------
-None.
-
-
-OPTIONAL PARAMETERS
--------------------
-file
- The path to the sshd_config file to edit.
- Defaults to ``/etc/ssh/sshd_config``.
-match
- Restrict this option to apply only for certain connections.
- Allowed values are what would be allowed to be written after a ``Match``
- keyword in ``sshd_config``, e.g. ``--match 'User anoncvs'``.
-
- Can be used multiple times. All of the values are ANDed together.
-option
- The name of the option to manipulate. Defaults to ``__object_id``.
-state
- Can be:
-
- - ``present``: ensure a matching config line is present (or the default
- value).
- - ``absent``: ensure no matching config line is present.
-value
- The option's value to be assigned to the option (if ``--state present``) or
- removed (if ``--state absent``).
-
- This option is required if ``--state present``. If not specified and
- ``--state absent``, all values for the given option are removed.
-
-
-BOOLEAN PARAMETERS
-------------------
-None.
-
-
-EXAMPLES
---------
-
-.. code-block:: sh
-
- # Disallow root logins with password
- __sshd_config PermitRootLogin --value without-password
-
- # Disallow password-based authentication
- __sshd_config PasswordAuthentication --value no
-
- # Accept the EDITOR environment variable
- __sshd_config AcceptEnv:EDITOR --option AcceptEnv --value EDITOR
-
- # Force command for connections as git user
- __sshd_config git@ForceCommand --match 'User git' --option ForceCommand \
- --value 'cd ~git && exec git-shell ${SSH_ORIGINAL_COMMAND:+-c "${SSH_ORIGINAL_COMMAND}"}'
-
-
-SEE ALSO
---------
-:strong:`sshd_config`\ (5)
-
-
-BUGS
-----
-- This type assumes a nicely formatted config file,
- i.e. no config options spanning multiple lines.
-- ``Include`` directives are ignored.
-- Config options are not added/removed to/from the config file if their value is
- the default value.
-- | The explorer will incorrectly report ``absent`` if OpenSSH internally
- transforms one value to another (e.g. ``permitrootlogin prohibit-password``
- is transformed to ``permitrootlogin without-password``).
- | Workaround: Use the value that OpenSSH uses internally.
-
-
-AUTHORS
--------
-Dennis Camera
-
-
-COPYING
--------
-Copyright \(C) 2020 Dennis Camera. You can redistribute it
-and/or modify it under the terms of the GNU General Public License as
-published by the Free Software Foundation, either version 3 of the
-License, or (at your option) any later version.
diff --git a/cdist/conf/type/__sshd_config/manifest b/cdist/conf/type/__sshd_config/manifest
deleted file mode 100755
index 566bde90..00000000
--- a/cdist/conf/type/__sshd_config/manifest
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/bin/sh -e
-#
-# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see .
-#
-
-os=$(cat "${__global:?}/explorer/os")
-
-state_should=$(cat "${__object:?}/parameter/state")
-
-case ${os}
-in
- (alpine|centos|fedora|redhat|scientific|debian|devuan|ubuntu)
- if test "${state_should}" != 'absent'
- then
- __package openssh-server --state present
- fi
- ;;
- (archlinux|gentoo|slackware|suse)
- if test "${state_should}" != 'absent'
- then
- __package openssh --state present
- fi
- ;;
- (freebsd|netbsd|openbsd)
- # whitelist
- ;;
- (*)
- printf 'Your operating system (%s) is currently not supported by this type (%s)\n' \
- "${os}" "${__type##*/}" >&2
- printf 'Please contribute an implementation for it if you can.\n' >&2
- exit 1
- ;;
-esac
diff --git a/cdist/conf/type/__sshd_config/parameter/default/file b/cdist/conf/type/__sshd_config/parameter/default/file
deleted file mode 100644
index d8ea5dfc..00000000
--- a/cdist/conf/type/__sshd_config/parameter/default/file
+++ /dev/null
@@ -1 +0,0 @@
-/etc/ssh/sshd_config
diff --git a/cdist/conf/type/__sshd_config/parameter/default/state b/cdist/conf/type/__sshd_config/parameter/default/state
deleted file mode 100644
index e7f6134f..00000000
--- a/cdist/conf/type/__sshd_config/parameter/default/state
+++ /dev/null
@@ -1 +0,0 @@
-present
diff --git a/cdist/conf/type/__sshd_config/parameter/optional b/cdist/conf/type/__sshd_config/parameter/optional
deleted file mode 100644
index 922ab093..00000000
--- a/cdist/conf/type/__sshd_config/parameter/optional
+++ /dev/null
@@ -1,4 +0,0 @@
-file
-option
-state
-value
diff --git a/cdist/conf/type/__sshd_config/parameter/optional_multiple b/cdist/conf/type/__sshd_config/parameter/optional_multiple
deleted file mode 100644
index 02b1d1a9..00000000
--- a/cdist/conf/type/__sshd_config/parameter/optional_multiple
+++ /dev/null
@@ -1 +0,0 @@
-match
diff --git a/cdist/preos/debootstrap/files/code b/cdist/preos/debootstrap/files/code
index d836848c..9e37003b 100755
--- a/cdist/preos/debootstrap/files/code
+++ b/cdist/preos/debootstrap/files/code
@@ -22,7 +22,7 @@ set -e
if [ "${debug}" ]
then
set -x
- cdist_params="${cdist_params} -l 3"
+ cdist_params="${cdist_params} -d"
fi
bootstrap_dir="${target_dir}"
diff --git a/cdist/scan/scan.py b/cdist/scan/scan.py
index b1d0e9e1..0ce4dff3 100644
--- a/cdist/scan/scan.py
+++ b/cdist/scan/scan.py
@@ -59,8 +59,6 @@ from scapy.all import *
# Datetime overwrites scapy.all.datetime - needs to be imported AFTER
import datetime
-import cdist.config
-
log = logging.getLogger("scan")
@@ -127,18 +125,6 @@ class Scanner(object):
with open(fname, "w") as fd:
fd.write(f"{now}\n")
- def config(self):
- """
- Configure a host
-
- - Assume we are only called if necessary
- - However we need to ensure to not run in parallel
- - Maybe keep dict storing per host processes
- - Save the result
- - Save the output -> probably aligned to config mode
-
- """
-
def start(self):
self.process = Process(target=self.scan)
self.process.start()
diff --git a/cdist/test/__main__.py b/cdist/test/__main__.py
index 8049c752..c8c7df3b 100644
--- a/cdist/test/__main__.py
+++ b/cdist/test/__main__.py
@@ -20,7 +20,7 @@
#
#
-import importlib
+import imp
import os
import sys
import unittest
@@ -37,9 +37,8 @@ for possible_test in os.listdir(base_dir):
suites = []
for test_module in test_modules:
- module_spec = importlib.util.find_spec("cdist.test.{}".format(test_module))
- module = importlib.util.module_from_spec(module_spec)
- module_spec.loader.exec_module(module)
+ module_parameters = imp.find_module(test_module, [base_dir])
+ module = imp.load_module("cdist.test." + test_module, *module_parameters)
suite = unittest.defaultTestLoader.loadTestsFromModule(module)
# print("Got suite: " + suite.__str__())
diff --git a/docs/changelog b/docs/changelog
index b2b35616..ff411a46 100644
--- a/docs/changelog
+++ b/docs/changelog
@@ -2,30 +2,10 @@ Changelog
---------
next:
- * Core: preos: Fix passing cdist debug parameter (Darko Poljak)
- * Type __sshd_config: Produce error if invalid config is generated, fix processing of AuthenticationMethods and AuthorizedKeysFile, document explorer bug (Dennis Camera)
-
-6.9.4: 2020-12-21
- * Type __package_pkgng_freebsd: Fix bootstrapping pkg (Dennis Camera)
- * Core: Deal with deprecated imp in unit tests (Evil Ham)
- * Type __iptables: Add IPv6 support (Matthias Stecher)
- * Type __block: Fix escaping in here-doc (Matthias Stecher)
- * Explorer os_version: Improve FreeBSD support (Evil Ham)
- * New type: __apt_backports (Matthias Stecher)
- * Type __dot_file: Add dirmode parameter (Mark Verboom)
-
-6.9.3: 2020-12-04
- * pip install: Add cdist.scan to packages in setup.py (Dennis Camera)
-
-6.9.2: 2020-11-20
* Documentation: Fix examples in best practice (Dennis Camera)
* Type __locale: Add state explorer (Matthias Stecher)
* Core: Reorganize scripts, version generation (Ander Punnar, Dennis Camera)
* New type: __hwclock (Dennis Camera)
- * Type __hostname: Fix guessing SuSE OS version (Dennis Camera)
- * New type: __sshd_config (Dennis Camera)
- * New type: __localedef (Dennis Camera)
- * Type __locale: Deprecate in favor of __localedef (Dennis Camera)
6.9.1: 2020-11-08
* Type __file: Fix state pre-exists (Dennis Camera)
diff --git a/docs/dev/logs/2020-10-29.org b/docs/dev/logs/2020-10-29.org
index 03d6b3f4..4461be8c 100644
--- a/docs/dev/logs/2020-10-29.org
+++ b/docs/dev/logs/2020-10-29.org
@@ -54,12 +54,4 @@ VERBOSE: scan: Host fe80::f29f:c2ff:fe7c:275e is alive
VERBOSE: scan: Host fe80::ba69:f4ff:fec5:8db7 is alive
VERBOSE: scan: Host fe80::42b0:34ff:fe6f:f863 is alive
VERBOSE: scan: Host fe80::21b:fcff:feee:f4bc is alive
-** Better usage -> saving the env
- sudo -E cdist scan -b -I wlan0 -vv
-** TODO Implement actual configuration step
- - Also serves as a nice PoC
- - Might need to escape literal IPv6 addresses for scp
-** TODO Define how to map link local address to something useful
- - via reverse DNS?
- - via link local in manifest?
-** TODO define ignorehosts?
+...
diff --git a/other/examples/remote/cconn/cconn b/other/examples/remote/cconn/cconn
deleted file mode 100755
index bc712a0d..00000000
--- a/other/examples/remote/cconn/cconn
+++ /dev/null
@@ -1,199 +0,0 @@
-#!/bin/sh -ex
-
-# Copyright (c) 2021 Alexander Sieg
-
-# cconn is a transparent wrapper that allows seamless usage of sudo/rsync and
-# FreeBSD jails, this makes it possible to configure a FreeBSD by just using
-# the host system sshd.
-# Configuration is done by throw the cdist invertory system.
-#
-#
-# Installation:
-#
-# Simply set this script as remote_exec and remote_copy implementation in your
-# cdist.cfg. You MUST always pass either copy or exec as the first parameter
-# to this script
-#
-# remote_exec = path/to/cconn exec
-# remote_copy = path/to/cconn copy
-#
-# As cconn uses the cdist inventory system for host specific configuration, it
-# ether need to be executed from the directory the contains the inventory
-# directory or be setting the INVENTORY environment variable to path were the
-# inventory entries are kept.
-#
-# Usage:
-#
-# To setup a host to use some form of connection "bending" (e.g. sudo) you need
-# to add a single __cconn_options tag to the host inventory file. Options are always a
-# key value pair separated by a '='. All options are passed in a single tag and
-# a separated by a space.
-#
-# __cconn_options options:
-#
-# NOTE: jail_host and iocage_jail can not be used at the same time and will
-# lead to a error
-#
-# jail_host:
-# hostname on which the FreeBSD jail resides on.
-#
-# iocage_host:
-# Same as jail_host, but for jails managed by iocage(8)
-#
-# jail_name:
-# By default cconn will use the __target_host as the FreeBSD jail name, set
-# this option to override this name
-#
-# sudo_user:
-# Username used to connect to the __target_host, all commands are then
-# prefixed with sudo and copy operations are done with rsync
-#
-# For this work you need to be able to execute all command without password entry.
-# sudoers(5)
-# %wheel ALL=(ALL) NOPASSWD: ALL
-#
-#Examples:
-#
-# inventory/jail.example.com:
-# some_other_tag
-# __cconn_options jail_host=example.com sudo_user=ada
-#
-
-
-#TODO: add sudo_pass and sudo_passfile option to support use without NOPASSWD
-#TODO: support SSH connection multiplexing. This requieres a patch to cdist, as
-# we need path to the tmp dir.
-
-log() {
- # Uncomment this for debugging
- echo "$@" | logger -t "cdist-cconn-$COMMAND"
- :
-}
-
-COMMAND="$1"; shift
-
-if [ -z "$INVENTORY" ]; then
- INVENTORY="inventory"
-fi
-
-# shellcheck disable=SC2154
-options="$(sed -n 's/^__cconn_options\(.*\)$/\1/p' "$INVENTORY/$__target_host" | cut -d' ' -f2-)"
-tmpcmd=$*
-for option in $options; do
- # shellcheck disable=SC2046
- set -- $(echo "$option" | tr '=' ' ')
- key="$1"
- value="$2"
- case "$1" in
- "jail_host")
- JAIL_HOST="$value"
- ;;
- "iocage_host")
- IOCAGE_HOST="$value"
- ;;
- "jail_name")
- JAIL_NAME="$value"
- ;;
- "sudo_user")
- SUDO_USER="$value"
- ;;
- *)
- log "unknown option $key=$value found"
- ;;
- esac
-done
-# shellcheck disable=SC2086
-set -- $tmpcmd
-
-if [ -n "$IOCAGE_HOST" ] && [ -n "$JAIL_HOST" ]; then
- echo "WARING: jail_host and iocage_host can't be used at the same time"
- log "WARING: jail_host and iocage_host can't be used at the same time"
- exit 1
-fi
-
-TARGET_HOST="$__target_host"
-SSH_USER="root"
-
-if [ -n "$IOCAGE_HOST" ]; then
- JAIL_HOST="$IOCAGE_HOST"
-
- if [ -z "$JAIL_NAME" ]; then
- JAIL_NAME="ioc-$(echo "$__target_host" | tr '.' '_')"
- else
- JAIL_NAME="ioc-$(echo "$JAIL_NAME" | tr '.' '_')"
- fi
-else
- if [ -z "$JAIL_NAME" ]; then
- JAIL_NAME="$TARGET_HOST"
- fi
-fi
-
-if [ -n "$JAIL_HOST" ]; then
- log "INSIDE_JAIL: TRUE"
- TARGET_HOST="$JAIL_HOST"
- WRAPPER="jexec $JAIL_NAME"
-fi
-
-if [ -n "$SUDO_USER" ]; then
- log "SUDO_USER: $SUDO_USER"
- WRAPPER="sudo -- $WRAPPER"
- SSH_USER="$SUDO_USER"
-fi
-
-log "TARGET_HOST: $TARGET_HOST"
-log "@:" "$@"
-if [ -n "$JAIL_HOST" ]; then
- log "IOCAGE_HOST: $IOCAGE_HOST"
- log "JAIL_HOST: $JAIL_HOST"
- log "JAIL_NAME: $JAIL_NAME"
- log "WRAPPER: $WRAPPER"
-fi
-
-case "$COMMAND" in
- "exec")
- shift; # remove the jail host name from $@
- ssh -o User="$SSH_USER" -q "$TARGET_HOST" "$WRAPPER $*"
- ;;
- "copy")
- if [ -n "$JAIL_HOST" ]; then
- # jls(8) dosen't need root to print this information
- jail_root=$(ssh -q "$TARGET_HOST" -- jls -j "$JAIL_NAME" path)
- log "JAIL_ROOT: $jail_root"
- fi
-
- if [ -n "$JAIL_HOST" ]; then
- set -- "$(echo "$@" | sed "s|$__target_host:|$JAIL_HOST:$jail_root|g")"
- fi
-
- if [ -n "$SUDO_USER" ]; then
- # For rsync to do the right thing, the source has to end with "/" if it is
- # a directory. The below preprocessor loop takes care of that.
-
- # second last argument is the source
- source_index=$(($#-1))
- index=0
- for arg in "$@"; do
- if [ $index -eq 0 ]; then
- # reset $@
- set --
- fi
- index=$((index+=1))
- if [ $index -eq $source_index ] && [ -d "$arg" ]; then
- arg="${arg%/}/"
- fi
- set -- "$@" "$arg"
- done
-
- rsync --copy-links -e "ssh -o User=$SSH_USER" --rsync-path='sudo rsync' "$@"
- else
- #shellcheck disable=SC2068
- scp -o "User=$SSH_USER" -q $@
- fi
- ;;
- *)
- echo "unkown command - $COMMAND"
- exit 1
- ;;
-esac
-
-log "----"
diff --git a/setup.py b/setup.py
index bfc8b495..858c2c17 100644
--- a/setup.py
+++ b/setup.py
@@ -54,7 +54,7 @@ os.chdir(cur)
setup(
name="cdist",
- packages=["cdist", "cdist.core", "cdist.exec", "cdist.scan", "cdist.util"],
+ packages=["cdist", "cdist.core", "cdist.exec", "cdist.util", ],
package_data={'cdist': package_data},
scripts=["bin/cdist", "bin/cdist-dump", "bin/cdist-new-type"],
version=cdist.version.VERSION,