kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/sysutils/cfengine3/files/pkgsrc
fhajny 4814aecab9 Update sysutils/cfengine3 to 3.7.2. 
Patch based largely on a pull request by bahamat@:

  https://github.com/joyent/pkgsrc/pull/307

3.7.2:

Bug fixes:
- readfile() and read*list() should print an error if they fail to read file.
  (Redmine #7702)
- Fix 'AIX_PREINSTALL_ALREADY_DONE.txt: cannot create' error
  message on AIX.
- If there is an error saving a mustache template file
  it is now logged with log-level error (was inform).
- Change: Clarify bootstrap/failsafe reports
- Fixed several bugs which prevented CFEngine from loading
  libraries from the correct location. This affected several platforms.
  (Redmine #6708)
- If file_select.file_types is set to symlink and there
  are regular files in the scanned directory, CFEngine no longer
  produces an unneccessary error message. (Redmine #6996)
- Fix: Solaris packages no longer contain duplicate library
  files, but instead symlinks to them. (Redmine #7591)
- cf-agent, cf-execd, cf-promises, cf-runagent and cf-serverd honor
  multiple -D, -N and -s arguments (Redmine #7191)
- Fix "@endif" keyword sometimes being improperly processed
  by policy parser. (Redmine #7413)
- It is possible to edit the same value in multiple regions
  of one file. (Redmine #7460)
- Fix select_class not setting class when used in common bundle with slist.
  (Redmine #7482)
- Fix broken HA policy for 3rd disaster-recovery node.
- Directories should no more be changed randomly
  into files. (Redmine #6027)
- Include latest security updates for 3.7.
- Reduce malloc() thread contention on heavily loaded
  cf-serverd, by not exiting early in the logging function, if no message
  is to be printed. (Redmine #7624)
- Improve cf-serverd's lock contention because of getpwnam()
  call. (Redmine #7643)
- action_policy "warn" now correctly produces warnings instead
  of various other verbosity levels. (Redmine #7274)
- Change: Improve efficiency and debug reports (Redmine #7527)
- Change package modules permissions on hub package so that
  hub can execute package promises. (Redmine #7602)
- No longer hang when changing permissions/ownership on fifos
  (Redmine #7030)
- Fix exporting CSV reports through HTTPS. (Redmine #7267)
- failsafe.cf will be created when needed. (Redmine #7634)
- Mustache templates: Fix  key when value is not a
  primitive. The old behavior, when iterating across a map or array of
  maps, was to abort if the key was requested with . The new
  behavior is to always replace  with either the key name or the
  iteration position in the array. An error is printed if  is used
  outside of a Mustache iteration section.
- Legacy package promise: Result classes are now defined if
  the package being promised is already up to date. (Redmine #7399)
- TTY detection should be more reliable. (Redmine #7606)

Masterfiles:
- Add: Path to svcprop in stdlib
- Add: New `results` classes body [] (Redmine #7418, #7481)
- Remove: Support for email settings from augments_file (Redmine #7682)

3.7.1:

Bug fixes:
- Fix daemons not restarting correctly on upgrade on AIX. (Redmine #7550)
- Fix upgrade causing error message under systemd because of open ports.
- Fix build with musl libc. (Redmine #7455)
- Long promiser strings with multiple lines are now
  abbreviated in logs. (Redmine #3964)
- Fixed a bug which could cause daemons to not to be killed
  correctly when upgrading or manually running "service cfengine3 stop".
  (Redmine #7193)
- Package promise: Fix inability to install certain packages
  with numbers.
- Fix package promise not removing dependant packages. (Redmine #7424)
- Fix warning "Failed to parse csv file entry" with certain very long
  commands promises. (Redmine #7400)
- Fix misaligned help output in cf-hub. (Redmine #7273)
- Augmenting inputs from the augments_file (Redmine #7420)
- Add support for failover to 3rd HA node located outside cluster.
- Upgrade all dependencies for patch release.
- Fix a bug which caused daemons not to be restarted on
  upgrade. (Redmine #7528)

3.7.0:

New features:
- New package promise implementation.
- Full systemd support for all relevant platforms
- New classes to determine whether certain features are enabled:
    * feature_yaml
    * feature_xml
  For the official CFEngine packages, these are always enabled, but
  packages from other sources may be built without the support.
- New readdata() support for generic data input (CSV, YAML, JSON, or auto)
- YAML support: new readyaml() function and in readdata()
- CSV support: new readcsv() function and in readdata()
- New string_mustache() function
- New data_regextract() function
- eval() can now be called with "class" as the "mode" argument, which
  will cause it to return true ("any") if the calculated result is
  non-zero, and false ("!any") if it is zero.
- New list_ifelse() function
- New mapjson() function as well as JSON support in maparray().
- filestat() function now supports "xattr" argument for extended
  attributes.
- "ifvarclass" now has "if" as an alias, and "unless" as an inverse
  alias.
- Ability to expand JSON variables directory in Mustache templates:
  Prefix the name with '%' for multiline expansion, '$' for compact
  expansion.
- Ability to expand the iteration *key* in Mustache templates with @
- Canonical JSON output: JSON output has reliably sorted keys so the
  same data structure will produce the same JSON every time.
- New "@if minimum_version(x.x)" syntax in order to hide future language
  improvements from versions that don't understand them.
- compile time option (--with-statedir) to
  override the default state/ directory path.
- Fix error messages/ handling in process signalling which no longer
  allowed any signals to fail silently
- Also enable shortcut keyword for cf-serverd classic protocol, eg to
  simplify the bootstrap process for clients that have different
  sys.masterdir settings (Redmine #3697)
- methods promises now accepts the bundle name in the promiser string,
  as long as it doesn't have any parameters.
- In a services promise, if the service_method bundle is not specified,
  it defaults to the promiser string (canonified) with "service_" as a
  prefix. The bundle must be in the same namespace as the promise.
- inline JSON in policy files: surrounding with parsejson() is now
  optional *when creating a new data container*.
- New data_expand() function to interpolate variables in a data container.
- Add configurable network bandwidth limit for all outgoing
  connections ("bwlimit" attribute in "body common control") . To
  enforce it in both directions, make sure the attribute is set on both
  sides of the connection.
- Secure bootstrap has been facilitated by use of
  "cf-agent --boostrap HUB_ADDRESS --trust-server=no"
- Implement new TLS-relevant options (Redmine #6883):
  - body common control: tls_min_version
  - body server control: allowtlsversion
  - body common control: tls_ciphers
  - body server control: allowciphers (preexisting)

Changes:
- Improved output format, less verbose, and messages are grouped.
- cf-execd: agent_expireafter default was changed to 120 minutes
  (Redmine #7113)
- All embedded databases are now rooted in the state/ directory.
- TLS used as default for all outgoing connections.
- process promise now reports kept status instead of repaired if a
  signal is not sent, even if the restart_class is set. The old
  behavior was to set the repaired status whenever the process was not
  running. (Redmine#7216).
- Bootstrapping requires keys to be generated in advance using cf-key.
- Disable class set on reverse lookup of interfaces IP addresses.
  (Redmine #3993, Redmine #6870)
- Define a hard class with just the OS major version on FreeBSD.
- Abort cf-agent if OpenSSL's random number generator can't
  be seeded securely.
- Masterfiles source tarball now installs using the usual commands
  "./configure; make install".
- Updated Emacs syntax highlighting template to support the latest
  syntax enhancements in 3.7.

Deprecations:
- Arbitrary arguments to cfruncommand (using "cf-runagent -o") are
  not acceptable any more. (Redmine #6978)
- 3.4 is no longer supported in masterfiles.

Bug fixes:
- Fix server common bundles evaluation order (Redmine#7211).
- Limit LMDB disk usage by preserving sparse areas in LMDB files
  (Redmine#7242).
- Fixed LMDB corruption on HP-UX 11.23. (Redmine #6994)
- Fixed insert_lines failing to converge if preserve_block was used.
  (Redmine #7094)
- Fixed init script failing to stop/restart daemons on openvz/lxc
  hosts. (Redmine #3394)
- rm_rf_depth now deletes base directory as advertised. (Redmine #7009)
- Refactored cf-agent's connection cache to properly differentiate
  hosts using all needed attributes like host and port.
  (Redmine #4646)
- Refactored lastseen database handling to avoid inconsistencies.
  (Redmine #6660)
- cf-key --trust-key now supports new syntax to also update the
  lastseen database, so that clients using old protocol will trust
  the server correctly.
- Fixed a bug which sometimes caused an agent or daemon to kill or stop
  itself. (Redmine #7075, #7244)
- Fixed a bug which made it difficult to kill CFEngine daemons,
  particularly cf-execd. (Redmine #6659, #7193)
- Fixed a bug causing systemd not to be detected correctly on Debian.
  (Redmine #7297)
- "cf-promises -T" will now correctly report the checked out commit,
  even if you haven't checked out a Git branch. (Redmine #7332)
- Reduce verbosity of harmless errors related to socket timeouts and
  missing thermal zone files. (Redmine #6486 and #7238)
- Fix process_result logic to match the purpose of body process_select
  days_older_than (Redmine #3009)

Masterfiles:

Added:
- Support for user specified overring of framework defaults without
  modifying policy supplied by the framework itself (see
  example_def.json)
- Support for def.json class augmentation in update policy
- Run vacuum operation on postgresql every night as a part of
  maintenance.
- Add measure_promise_time action body to lib (3.5, 3.6, 3.7, 3.8)
- New negative class guard `cfengine_internal_disable_agent_email` so
  that agent email can be easily disabled by augmenting def.json

Changed:
- Relocate def.cf to controls/VER/
- Relocate update_def to controls/VER
- Relocate all controls to controls/VER
- Only load cf_hub and reports.cf on CFEngine Enterprise installs
- Relocate acls related to report collection from bundle server
  access_rules to controls/VER/reports.cf into bundle server
  report_access_rules
- Re-organize cfe_internal splitting core from enterprise specific
  policies and loading the appropriate inputs only when necessary
- Moved update directory into cfe_internal as it is not generally
  intended to be modified
- services/autorun.cf moved to lib/VER/ as it is not generally intended
  to be modified
- To improve predictibility autorun bundles are activated in
  lexicographical order
- Relocate services/file_change.cf to cfe_internal/enterprise. This
  policy is most useful for a good OOTB experience with CFEngine
  Enterprise Mission Portal.
- Relocate service_catalogue from promsies.cf to services/main.cf. It is
  intended to be a user entry. This name change correlates with the main
  bundle being activated by default if there is no bundlesequence
  specified.
- Reduce benchmarks sample history to 1 day.
- Update policy no longer generates a keypair if one is not found.
  (Redmine: #7167)
- Relocate cfe_internal_postgresql_maintenance bundle to lib/VER/
- Set postgresql_monitoring_maintenance only for versions 3.6.0 and
  3.6.1
- Move hub specific bundles from lib/VER/cfe_internal.cf into
  lib/VER/cfe_internal_hub.cf and load them only if policy_server policy
  if set.
- Re-organize lib/VER/stdlib.cf from lists into classic array for use
  with getvalues

Removed:
- Diff reporting on /etc/shadow (Enterprise)
- Update policy from promise.cf inputs. There is no reason to include
  the update policy into promsies.cf, update.cf is the entry for the
  update policy
- _not_repaired outcome from classes_generic and scoped_classes generic
  (Redmine: # 7022)

Fixes:
- standard_services now restarts the service if it was not already
  running when using service_policy => restart with chkconfig (Redmine
  #7258)
2015-12-08 17:15:21 +00:00

159 lines
5 KiB
Bash
Raw Blame History

#!/bin/sh
## Licensed under:
## MIT Public License
## http://www.opensource.org/licenses/MIT
## Copyright (c) 2015, Brian Bennett <bahamat@digitalelf.net>
## pkgsrc package module for cfengine
# Set up mock environment if necessary
if [ -n $CFENGINE_TEST_PKGSRC_MOCK ]; then
alias pkgin='./mock_pkgin'
alias pkg_info='./mock_pkg_info'
fi
# Add pkgsrc paths
export PATH=@PREFIX@/bin:@PREFIX@/sbin:$PATH
export MACHINE_ARCH=@MACHINE_ARCH@
export PKG_ROOT=@PREFIX@
export PKG_INSTALL_CONF=@PKG_SYSCONFBASE@/pkg_install.conf
LEVEL=0
fatal () {
echo "ErrorMessage=$@"
exit 2
}
warn () {
[ $LEVEL -gt 0 ] && echo "[TRACE]: $*" >&2
}
supports_api_version () {
echo 1
}
repo_install () {
# If a version number is specified, insert a dash between the name and
# version
[ -n "$Version" ] && ver="-$Version"
pkgin -y in "${Name}${ver}" > /dev/null
if [ $? -gt 0 ]; then
fatal "Error installing ${Name}${ver}"
fi
}
file_install () {
# The specified config file might, for example override signature reqs:
# VERIFIED_INSTALLATION=never
pkg_add -U -C "$PKG_INSTALL_CONF" "$File" > /dev/null
if [ $? -gt 0 ]; then
echo "Error installing ${File}"
fi
}
remove () {
# If a version number is specified, insert a dash between the name and
# version
[ -n "$Version" ] && ver="-$Version"
pkgin -y rm "${Name}${ver}" > /dev/null
}
list_installed () {
parse_pkg_data "$(pkgin -p list)"
}
list_updates () {
# The difference between list-updates and list-updates-local, it seems
# is that list-updates expects to refresh from the upstream repo.
pkgin -f update >&2
list_updates_local
}
list_updates_local () {
parse_pkg_data "$(pkgin -pl '<' ls)"
}
get_package_data () {
if echo "$File" | grep '/' >/dev/null; then
# If there's a / in $File then we'll expec this to be a 'file' install.
# This is reliable because 1) pkgsrc packages don't have / in the name
# and because cfengine can't install a PackageType=file from a relative
# path.
#
# The package will be installed with pkg_add later, which also supports
# arbitrary HTTP locations.
echo "PackageType=file"
# To appease cfengine, we'll take the basename of the package passed.
echo "Name=$(echo "$File" | sed 's/.*\///g')"
else
# If $File does not contain /, it must be in an existing remote repo,
# because cfengine can't install files from relative paths.
echo "PackageType=repo"
# Cfengine expects a *single* matching package. So sort and return the
# most recent. If a version is specified it can partial match, in which
# case we'll again take the latest. If there's no match on the name
# or version, return nothing.
# There's possibly a bug here because we're already emitting that the
# PackageType is repo.
parse_pkg_data "$(pkgin -pP avail | grep "^$File" | grep "$Version;" | sort -n | tail -1)"
fi
}
parse_pkg_data () {
# This is a bit tricky.
# pkgin is called with parsable format and separates fields with ';'.
# Packages are further sub-split between name and version with '-', but
# package names may also contain '-'. To complicate matters, package
# versions can have '-' as well.
# Take the example package mozilla-rootcerts-1.0.20141117nb1
# $1 is the package-version compound. Discard the description in $2..
# Split $1 on 'separator' and store in array 'package'. Return length 'l'
# 'version' is the last element of array 'package'
# Now the tricky bit. We've split the package name, so now must reassemble
# it with dashes in tact, without the version number.
# For each element less 1 in 'package', if this is the first iteration
# print the element. On subsequent passes print "-element"
# Finally print the version and the machine architecture as well.
echo "$*" | awk -F';' '
{
separator="-"
l=split($1,package,separator)
version=package[l]
printf("Name=")
for (i=1ength;i<l;i++) {
if (i>1) {
printf("-")
}
printf("%s",package[i])
}
printf("\nVersion=%s\n",version)
printf("Architecture=%s\n",ENVIRON["MACHINE_ARCH"])
}'
}
# Cfengine passes data on STDIN. Absorb that and convert to shell variables.
while IFS= read -r -u 0 line; do
eval "$line"
# options can be passed multiple times so we need to avoid clobbering
# previous instances. Plus, what we really want to eval is the value of
# each option.
if [ -n "$options" ]; then
eval "$options"
fi
done
case "$1" in
supports-api-version) supports_api_version;;
repo-install) repo_install;;
file-install) file_install;;
remove) remove;;
list-installed) list_installed;;
list-updates) list_updates;;
list-updates-local) list_updates_local;;
get-package-data) get_package_data;;
*) fatal "Invalid operation";;
esac
Reference in a new issue View git blame Copy permalink