1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
|
From 78d5cddafebb28e2e54efeb781495b5607ddb356 Mon Sep 17 00:00:00 2001
From: Hartmut Goebel <h.goebel@crazy-compilers.com>
Date: Thu, 8 Aug 2019 15:19:48 +0200
Subject: [PATCH] Scripts: Use constants for external program names.
This makes it much, much easier to replace the program
with one using an absolute path. This is necessary for
e.g. Guix to keep references to these external programs.
---
bin/debops | 10 +++++++---
bin/debops-padlock | 21 +++++++++++++++------
bin/debops-task | 7 +++++--
bin/debops-update | 18 +++++++++++-------
debops/__init__.py | 17 ++++++++++++-----
debops/cmds/__init__.py | 6 +++++-
6 files changed, 55 insertions(+), 24 deletions(-)
diff --git a/bin/debops b/bin/debops
index 2b7ad3f88..caaeb892f 100755
--- a/bin/debops
+++ b/bin/debops
@@ -59,6 +59,10 @@ ConfigFileHeader = """\
# You can manipulate the contents of this file via `.debops.cfg`.
"""
+# External programms used. List here for easy substitution for
+# hard-coded paths.
+ANSIBLE_PLAYBOOK = 'ansible-playbook'
+
def write_config(filename, config):
cfgparser = configparser.ConfigParser()
@@ -131,7 +135,7 @@ def gen_ansible_cfg(filename, config, project_root, playbooks_path,
os.path.join(playbooks_path, "roles"),
"/etc/ansible/roles")))
- ansible_version_out = subprocess.check_output(["ansible-playbook",
+ ansible_version_out = subprocess.check_output([ANSIBLE_PLAYBOOK,
"--version"]).decode()
# Get first line and split by spaces to get second 'word'.
@@ -197,7 +201,7 @@ def main(cmd_args):
playbooks_path = '/nonexistent'
# Make sure required commands are present
- require_commands('ansible-playbook')
+ require_commands(ANSIBLE_PLAYBOOK)
# Check if user specified a potential playbook name as the first
# argument. If yes, use it as the playbook name and remove it from
@@ -256,7 +260,7 @@ def main(cmd_args):
print("Running Ansible playbooks:")
for element in play_list:
print(element)
- return subprocess.call(['ansible-playbook'] + play_list + arg_list)
+ return subprocess.call([ANSIBLE_PLAYBOOK] + play_list + arg_list)
finally:
if revert_unlock:
padlock_lock(encfs_encrypted)
diff --git a/bin/debops-padlock b/bin/debops-padlock
index bfdfb8e06..2a97716cd 100755
--- a/bin/debops-padlock
+++ b/bin/debops-padlock
@@ -67,6 +67,14 @@ devrandom = os.environ.get('DEVRANDOM', "/dev/urandom")
SCRIPT_FILENAME = 'padlock-script'
+# External programms used. List here for easy substitution for
+# hard-coded paths.
+ENCFS = 'encfs'
+FIND = 'find'
+FUSERMOUNT = 'fusermount'
+UMOUNT = 'umount'
+GPG = 'gpg'
+
# ---- DebOps environment setup ----
@@ -80,9 +88,9 @@ def main(subcommand_func, **kwargs):
# Make sure required commands are present
# OS X compatibility
if sys.platform == 'darwin':
- require_commands('encfs', 'find', 'umount', 'gpg')
+ require_commands(ENCFS, FIND, UMOUNT, GPG)
else:
- require_commands('encfs', 'find', 'fusermount', 'gpg')
+ require_commands(ENCFS, FIND, FUSERMOUNT, GPG)
inventory_path = find_inventorypath(project_root, required=False)
# If inventory hasn't been found automatically, assume it's the default
@@ -121,7 +129,7 @@ def init(encfs_decrypted, encfs_encrypted, recipients):
# Generate a random password and encrypt it with GPG keys of recipients.
print("Generating a random", ENCFS_KEYFILE_LENGTH, "char password")
pwd = gen_pwd()
- gpg = subprocess.Popen(['gpg', '--encrypt', '--armor',
+ gpg = subprocess.Popen([GPG, '--encrypt', '--armor',
'--output', encfs_keyfile] + recipients,
stdin=subprocess.PIPE)
gpg.communicate(pwd.encode('utf-8'))
@@ -133,9 +141,10 @@ def init(encfs_decrypted, encfs_encrypted, recipients):
# NB2: We can not use padlock_unlock here, because the config file
# does not yet exist.
encfs = subprocess.Popen([
- 'encfs', encfs_encrypted, encfs_decrypted,
+ ENCFS, encfs_encrypted, encfs_decrypted,
'--extpass',
- 'gpg --decrypt --no-mdc-warning --output - '+shquote(encfs_keyfile)],
+ GPG + ' --decrypt --no-mdc-warning --output - '
+ + shquote(encfs_keyfile)],
stdin=subprocess.PIPE)
encfs.communicate(('p\n'+pwd).encode('utf-8'))
@@ -154,7 +163,7 @@ def init(encfs_decrypted, encfs_encrypted, recipients):
# Protect the EncFS configuration file by also encrypting it with
# the GPG keys of recipients.
- subprocess.call(['gpg', '--encrypt', '--armor',
+ subprocess.call([GPG, '--encrypt', '--armor',
'--output', encfs_configfile+'.asc']
+ recipients + [encfs_configfile])
os.remove(encfs_configfile)
diff --git a/bin/debops-task b/bin/debops-task
index 223e5f834..dc31ad4e6 100755
--- a/bin/debops-task
+++ b/bin/debops-task
@@ -49,11 +49,14 @@ project_root = find_debops_project(required=True)
# todo: need to decide on semantics!
# config = read_config(project_root)
+# External programms used. List here for easy substitution for
+# hard-coded paths.
+ANSIBLE = 'ansible'
# ---- Main script ----
# Make sure required commands are present
-require_commands('ansible')
+require_commands(ANSIBLE)
ansible_inventory = find_inventorypath(project_root)
@@ -71,5 +74,5 @@ if INSECURE:
os.environ['ANSIBLE_HOST_KEY_CHECKING'] = 'False'
# Run ansible with custom environment
-cmd = ['ansible'] + module + sys.argv[1:]
+cmd = [ANSIBLE] + module + sys.argv[1:]
subprocess.call(cmd)
diff --git a/bin/debops-update b/bin/debops-update
index 88c5e2c82..cc7e57cb0 100755
--- a/bin/debops-update
+++ b/bin/debops-update
@@ -90,6 +90,10 @@ GALAXY_REQUIREMENTS = "galaxy/requirements.txt"
# Default Ansible Galaxy user account name
GALAXY_ACCOUNT = "debops"
+# External programms used. List here for easy substitution for
+# hard-coded paths.
+GIT = 'git'
+
# ---- Functions ----
@@ -137,7 +141,7 @@ def clone_git_repository(repo_uri, branch, destination, dry_run=False):
if dry_run:
print("Cloning '%s' to %s..." % (repo_uri, destination))
else:
- subprocess.call(['git', 'clone', '--quiet', '--branch', branch,
+ subprocess.call([GIT, 'clone', '--quiet', '--branch', branch,
repo_uri, destination])
@@ -152,22 +156,22 @@ def update_git_repository(path, dry_run=False, remote_uri=False):
os.chdir(path)
if dry_run:
- subprocess.call(['git', 'fetch'])
- subprocess.call(['git', 'diff', 'HEAD', 'origin', '--stat'])
+ subprocess.call([GIT, 'fetch'])
+ subprocess.call([GIT, 'diff', 'HEAD', 'origin', '--stat'])
else:
# Get the current sha of the head branch
current_sha = subprocess.check_output(
- ['git', 'rev-parse', 'HEAD']).strip()
+ [GIT, 'rev-parse', 'HEAD']).strip()
# Fetch it silently and store the new sha
- subprocess.call(['git', 'fetch', '--quiet'])
+ subprocess.call([GIT, 'fetch', '--quiet'])
fetch_sha = subprocess.check_output(
- ['git', 'rev-parse', 'FETCH_HEAD']).strip()
+ [GIT, 'rev-parse', 'FETCH_HEAD']).strip()
if current_sha != fetch_sha:
print()
print('--')
- subprocess.call(['git', 'merge', fetch_sha])
+ subprocess.call([GIT, 'merge', fetch_sha])
if remote_uri:
compare_uri = (remote_uri + '/compare/' + current_sha[:7]
diff --git a/debops/__init__.py b/debops/__init__.py
index 1c2cedcb0..da8430e41 100644
--- a/debops/__init__.py
+++ b/debops/__init__.py
@@ -93,6 +93,13 @@ ENCFS_KEYFILE = ".encfs6.keyfile"
# Length of the random EncFS password stored in encrypted keyfile
ENCFS_KEYFILE_LENGTH = 256
+# External programms used. List here for easy substitution for
+# hard-coded paths.
+ENCFS = 'encfs'
+FUSERMOUNT = 'fusermount'
+UMOUNT = 'umount'
+GPG = 'gpg'
+
# ---- Functions ----
@@ -180,9 +187,9 @@ def padlock_lock(encrypted_path):
return False
# OS X compatibility
if sys.platform == 'darwin':
- subprocess.call(['umount', decrypted_path])
+ subprocess.call([UMOUNT, decrypted_path])
else:
- subprocess.call(['fusermount', '-u', decrypted_path])
+ subprocess.call([FUSERMOUNT, '-u', decrypted_path])
return True
@@ -237,14 +244,14 @@ def padlock_unlock(encrypted_path):
# Start encfs. It will wait for input on the `configfile` named
# pipe.
encfs = subprocess.Popen([
- 'encfs', encrypted_path, decrypted_path,
+ ENCFS, encrypted_path, decrypted_path,
'--extpass',
- 'gpg --decrypt --no-mdc-warning --output - %s' % shquote(keyfile)])
+ GPG + ' --decrypt --no-mdc-warning --output - %s' % shquote(keyfile)])
# now decrypt the config and write it into the named pipe
with open(configfile, 'w') as fh:
# NB: gpg must write to stdout to avoid it is asking whether
# the file should be overwritten
- subprocess.Popen(['gpg',
+ subprocess.Popen([GPG,
'--decrypt', '--no-mdc-warning', '--output', '-',
crypted_configfile], stdout=fh).wait()
encfs.wait()
diff --git a/debops/cmds/__init__.py b/debops/cmds/__init__.py
index b221fa191..9fabf43a5 100644
--- a/debops/cmds/__init__.py
+++ b/debops/cmds/__init__.py
@@ -55,6 +55,10 @@ SCRIPT_NAME = os.path.basename(sys.argv[0])
# command line)
INSECURE = bool(os.environ.get('INSECURE', False))
+# External programms used. List here for easy substitution for
+# hard-coded paths.
+WHICH = 'which'
+
def error_msg(message, severity="Error"):
"""
@@ -70,7 +74,7 @@ def require_commands(*cmd_names):
Check if required commands exist.
"""
def command_exists(cmd_name):
- which = "where" if platform.system() == "Windows" else "which"
+ which = "where" if platform.system() == "Windows" else WHICH
return not subprocess.call([which, cmd_name],
stdout=DEVNULL, stderr=subprocess.STDOUT)
--
2.21.0
|
