From 6eb1d20b682d1256bb4561517daa616b15fec22b Mon Sep 17 00:00:00 2001 From: Hartmut Goebel Date: Thu, 1 Aug 2019 15:27:28 +0200 Subject: gnu: Add debops. * gnu/packages/admin.scm (debops): New variable. * gnu/packages/patches/debops-constants-for-external-program-names.patch, gnu/packages/patches/debops-debops-defaults-fall-back-to-less.patch: New files. * gnu/local.mk: Add them. --- ...bops-constants-for-external-program-names.patch | 276 +++++++++++++++++++++ 1 file changed, 276 insertions(+) create mode 100644 gnu/packages/patches/debops-constants-for-external-program-names.patch (limited to 'gnu/packages/patches/debops-constants-for-external-program-names.patch') diff --git a/gnu/packages/patches/debops-constants-for-external-program-names.patch b/gnu/packages/patches/debops-constants-for-external-program-names.patch new file mode 100644 index 0000000000..b3b34ed323 --- /dev/null +++ b/gnu/packages/patches/debops-constants-for-external-program-names.patch @@ -0,0 +1,276 @@ +From 78d5cddafebb28e2e54efeb781495b5607ddb356 Mon Sep 17 00:00:00 2001 +From: Hartmut Goebel +Date: Thu, 8 Aug 2019 15:19:48 +0200 +Subject: [PATCH] Scripts: Use constants for external program names. + +This makes it much, much easier to replace the program +with one using an absolute path. This is necessary for +e.g. Guix to keep references to these external programs. +--- + bin/debops | 10 +++++++--- + bin/debops-padlock | 21 +++++++++++++++------ + bin/debops-task | 7 +++++-- + bin/debops-update | 18 +++++++++++------- + debops/__init__.py | 17 ++++++++++++----- + debops/cmds/__init__.py | 6 +++++- + 6 files changed, 55 insertions(+), 24 deletions(-) + +diff --git a/bin/debops b/bin/debops +index 2b7ad3f88..caaeb892f 100755 +--- a/bin/debops ++++ b/bin/debops +@@ -59,6 +59,10 @@ ConfigFileHeader = """\ + # You can manipulate the contents of this file via `.debops.cfg`. + """ + ++# External programms used. List here for easy substitution for ++# hard-coded paths. ++ANSIBLE_PLAYBOOK = 'ansible-playbook' ++ + + def write_config(filename, config): + cfgparser = configparser.ConfigParser() +@@ -131,7 +135,7 @@ def gen_ansible_cfg(filename, config, project_root, playbooks_path, + os.path.join(playbooks_path, "roles"), + "/etc/ansible/roles"))) + +- ansible_version_out = subprocess.check_output(["ansible-playbook", ++ ansible_version_out = subprocess.check_output([ANSIBLE_PLAYBOOK, + "--version"]).decode() + + # Get first line and split by spaces to get second 'word'. +@@ -197,7 +201,7 @@ def main(cmd_args): + playbooks_path = '/nonexistent' + + # Make sure required commands are present +- require_commands('ansible-playbook') ++ require_commands(ANSIBLE_PLAYBOOK) + + # Check if user specified a potential playbook name as the first + # argument. If yes, use it as the playbook name and remove it from +@@ -256,7 +260,7 @@ def main(cmd_args): + print("Running Ansible playbooks:") + for element in play_list: + print(element) +- return subprocess.call(['ansible-playbook'] + play_list + arg_list) ++ return subprocess.call([ANSIBLE_PLAYBOOK] + play_list + arg_list) + finally: + if revert_unlock: + padlock_lock(encfs_encrypted) +diff --git a/bin/debops-padlock b/bin/debops-padlock +index bfdfb8e06..2a97716cd 100755 +--- a/bin/debops-padlock ++++ b/bin/debops-padlock +@@ -67,6 +67,14 @@ devrandom = os.environ.get('DEVRANDOM', "/dev/urandom") + + SCRIPT_FILENAME = 'padlock-script' + ++# External programms used. List here for easy substitution for ++# hard-coded paths. ++ENCFS = 'encfs' ++FIND = 'find' ++FUSERMOUNT = 'fusermount' ++UMOUNT = 'umount' ++GPG = 'gpg' ++ + # ---- DebOps environment setup ---- + + +@@ -80,9 +88,9 @@ def main(subcommand_func, **kwargs): + # Make sure required commands are present + # OS X compatibility + if sys.platform == 'darwin': +- require_commands('encfs', 'find', 'umount', 'gpg') ++ require_commands(ENCFS, FIND, UMOUNT, GPG) + else: +- require_commands('encfs', 'find', 'fusermount', 'gpg') ++ require_commands(ENCFS, FIND, FUSERMOUNT, GPG) + + inventory_path = find_inventorypath(project_root, required=False) + # If inventory hasn't been found automatically, assume it's the default +@@ -121,7 +129,7 @@ def init(encfs_decrypted, encfs_encrypted, recipients): + # Generate a random password and encrypt it with GPG keys of recipients. + print("Generating a random", ENCFS_KEYFILE_LENGTH, "char password") + pwd = gen_pwd() +- gpg = subprocess.Popen(['gpg', '--encrypt', '--armor', ++ gpg = subprocess.Popen([GPG, '--encrypt', '--armor', + '--output', encfs_keyfile] + recipients, + stdin=subprocess.PIPE) + gpg.communicate(pwd.encode('utf-8')) +@@ -133,9 +141,10 @@ def init(encfs_decrypted, encfs_encrypted, recipients): + # NB2: We can not use padlock_unlock here, because the config file + # does not yet exist. + encfs = subprocess.Popen([ +- 'encfs', encfs_encrypted, encfs_decrypted, ++ ENCFS, encfs_encrypted, encfs_decrypted, + '--extpass', +- 'gpg --decrypt --no-mdc-warning --output - '+shquote(encfs_keyfile)], ++ GPG + ' --decrypt --no-mdc-warning --output - ' ++ + shquote(encfs_keyfile)], + stdin=subprocess.PIPE) + encfs.communicate(('p\n'+pwd).encode('utf-8')) + +@@ -154,7 +163,7 @@ def init(encfs_decrypted, encfs_encrypted, recipients): + + # Protect the EncFS configuration file by also encrypting it with + # the GPG keys of recipients. +- subprocess.call(['gpg', '--encrypt', '--armor', ++ subprocess.call([GPG, '--encrypt', '--armor', + '--output', encfs_configfile+'.asc'] + + recipients + [encfs_configfile]) + os.remove(encfs_configfile) +diff --git a/bin/debops-task b/bin/debops-task +index 223e5f834..dc31ad4e6 100755 +--- a/bin/debops-task ++++ b/bin/debops-task +@@ -49,11 +49,14 @@ project_root = find_debops_project(required=True) + # todo: need to decide on semantics! + # config = read_config(project_root) + ++# External programms used. List here for easy substitution for ++# hard-coded paths. ++ANSIBLE = 'ansible' + + # ---- Main script ---- + + # Make sure required commands are present +-require_commands('ansible') ++require_commands(ANSIBLE) + + ansible_inventory = find_inventorypath(project_root) + +@@ -71,5 +74,5 @@ if INSECURE: + os.environ['ANSIBLE_HOST_KEY_CHECKING'] = 'False' + + # Run ansible with custom environment +-cmd = ['ansible'] + module + sys.argv[1:] ++cmd = [ANSIBLE] + module + sys.argv[1:] + subprocess.call(cmd) +diff --git a/bin/debops-update b/bin/debops-update +index 88c5e2c82..cc7e57cb0 100755 +--- a/bin/debops-update ++++ b/bin/debops-update +@@ -90,6 +90,10 @@ GALAXY_REQUIREMENTS = "galaxy/requirements.txt" + # Default Ansible Galaxy user account name + GALAXY_ACCOUNT = "debops" + ++# External programms used. List here for easy substitution for ++# hard-coded paths. ++GIT = 'git' ++ + + # ---- Functions ---- + +@@ -137,7 +141,7 @@ def clone_git_repository(repo_uri, branch, destination, dry_run=False): + if dry_run: + print("Cloning '%s' to %s..." % (repo_uri, destination)) + else: +- subprocess.call(['git', 'clone', '--quiet', '--branch', branch, ++ subprocess.call([GIT, 'clone', '--quiet', '--branch', branch, + repo_uri, destination]) + + +@@ -152,22 +156,22 @@ def update_git_repository(path, dry_run=False, remote_uri=False): + os.chdir(path) + + if dry_run: +- subprocess.call(['git', 'fetch']) +- subprocess.call(['git', 'diff', 'HEAD', 'origin', '--stat']) ++ subprocess.call([GIT, 'fetch']) ++ subprocess.call([GIT, 'diff', 'HEAD', 'origin', '--stat']) + else: + # Get the current sha of the head branch + current_sha = subprocess.check_output( +- ['git', 'rev-parse', 'HEAD']).strip() ++ [GIT, 'rev-parse', 'HEAD']).strip() + + # Fetch it silently and store the new sha +- subprocess.call(['git', 'fetch', '--quiet']) ++ subprocess.call([GIT, 'fetch', '--quiet']) + fetch_sha = subprocess.check_output( +- ['git', 'rev-parse', 'FETCH_HEAD']).strip() ++ [GIT, 'rev-parse', 'FETCH_HEAD']).strip() + + if current_sha != fetch_sha: + print() + print('--') +- subprocess.call(['git', 'merge', fetch_sha]) ++ subprocess.call([GIT, 'merge', fetch_sha]) + + if remote_uri: + compare_uri = (remote_uri + '/compare/' + current_sha[:7] +diff --git a/debops/__init__.py b/debops/__init__.py +index 1c2cedcb0..da8430e41 100644 +--- a/debops/__init__.py ++++ b/debops/__init__.py +@@ -93,6 +93,13 @@ ENCFS_KEYFILE = ".encfs6.keyfile" + # Length of the random EncFS password stored in encrypted keyfile + ENCFS_KEYFILE_LENGTH = 256 + ++# External programms used. List here for easy substitution for ++# hard-coded paths. ++ENCFS = 'encfs' ++FUSERMOUNT = 'fusermount' ++UMOUNT = 'umount' ++GPG = 'gpg' ++ + + # ---- Functions ---- + +@@ -180,9 +187,9 @@ def padlock_lock(encrypted_path): + return False + # OS X compatibility + if sys.platform == 'darwin': +- subprocess.call(['umount', decrypted_path]) ++ subprocess.call([UMOUNT, decrypted_path]) + else: +- subprocess.call(['fusermount', '-u', decrypted_path]) ++ subprocess.call([FUSERMOUNT, '-u', decrypted_path]) + return True + + +@@ -237,14 +244,14 @@ def padlock_unlock(encrypted_path): + # Start encfs. It will wait for input on the `configfile` named + # pipe. + encfs = subprocess.Popen([ +- 'encfs', encrypted_path, decrypted_path, ++ ENCFS, encrypted_path, decrypted_path, + '--extpass', +- 'gpg --decrypt --no-mdc-warning --output - %s' % shquote(keyfile)]) ++ GPG + ' --decrypt --no-mdc-warning --output - %s' % shquote(keyfile)]) + # now decrypt the config and write it into the named pipe + with open(configfile, 'w') as fh: + # NB: gpg must write to stdout to avoid it is asking whether + # the file should be overwritten +- subprocess.Popen(['gpg', ++ subprocess.Popen([GPG, + '--decrypt', '--no-mdc-warning', '--output', '-', + crypted_configfile], stdout=fh).wait() + encfs.wait() +diff --git a/debops/cmds/__init__.py b/debops/cmds/__init__.py +index b221fa191..9fabf43a5 100644 +--- a/debops/cmds/__init__.py ++++ b/debops/cmds/__init__.py +@@ -55,6 +55,10 @@ SCRIPT_NAME = os.path.basename(sys.argv[0]) + # command line) + INSECURE = bool(os.environ.get('INSECURE', False)) + ++# External programms used. List here for easy substitution for ++# hard-coded paths. ++WHICH = 'which' ++ + + def error_msg(message, severity="Error"): + """ +@@ -70,7 +74,7 @@ def require_commands(*cmd_names): + Check if required commands exist. + """ + def command_exists(cmd_name): +- which = "where" if platform.system() == "Windows" else "which" ++ which = "where" if platform.system() == "Windows" else WHICH + return not subprocess.call([which, cmd_name], + stdout=DEVNULL, stderr=subprocess.STDOUT) + +-- +2.21.0 + -- cgit v1.2.3