diff options
| author | Linus Nordberg <linus@nordu.net> | 2017-07-28 15:14:03 +0200 |
|---|---|---|
| committer | Linus Nordberg <linus@nordu.net> | 2017-07-28 15:14:03 +0200 |
| commit | 4223da5ae4d440774e350a8489b7d4bd0fe38c11 (patch) | |
| tree | abf75b36f7b066f8dcf674fc8decb473c1585d15 /global/post-tasks.d | |
| parent | 883c92a407ad1db7925eec9bab483b06d12aa5a7 (diff) | |
Update from sunet/multiverse.ct-ops-2017-07-28-v01
Diffstat (limited to 'global/post-tasks.d')
| -rwxr-xr-x | global/post-tasks.d/015cosmos-trust | 12 | ||||
| -rwxr-xr-x | global/post-tasks.d/018packages | 6 | ||||
| -rwxr-xr-x | global/post-tasks.d/030puppet | 4 | ||||
| -rwxr-xr-x | global/post-tasks.d/099autoremove | 6 |
4 files changed, 19 insertions, 9 deletions
diff --git a/global/post-tasks.d/015cosmos-trust b/global/post-tasks.d/015cosmos-trust index 447d875..74835e0 100755 --- a/global/post-tasks.d/015cosmos-trust +++ b/global/post-tasks.d/015cosmos-trust @@ -4,11 +4,19 @@ if [ -z "$COSMOS_KEYS" ]; then COSMOS_KEYS=/etc/cosmos/keys fi +# Install new keys discovered in the $COSMOS_KEYS directory for k in $COSMOS_KEYS/*.pub; do - fp=`cosmos gpg --with-colons --with-fingerprint < $k| awk -F: '$1 == "pub" {print $5}'` - cosmos gpg --with-colons --fingerprint | grep -q ":$fp:" || cosmos gpg --import < $k + fp=`cosmos gpg --with-colons --with-fingerprint < $k | awk -F: '$1 == "pub" {print $5}'` + fp_in_db=`cosmos gpg --with-colons --fingerprint | grep ":$fp:"` + if [ "x`echo $fp_in_db | grep '^pub:e:'`" != "x" ]; then + echo "$0: Key expired, will re-import it from $k" + cosmos gpg --fingerprint $fp + fi + # The removal of any ^pub:e: entrys means to ignore expired keys - thereby importing them again. + echo $fp_in_db | grep -v "^pub:e:" | grep -q ":$fp:" || cosmos gpg --import < $k done +# Delete keys no longer present in $COSMOS_KEYS directory for fp in `cosmos gpg --with-colons --fingerprint | awk -F: '$1 == "pub" {print $5}'`; do seen="no" for k in $COSMOS_KEYS/*.pub; do diff --git a/global/post-tasks.d/018packages b/global/post-tasks.d/018packages index 3e2e26e..9370e10 100755 --- a/global/post-tasks.d/018packages +++ b/global/post-tasks.d/018packages @@ -24,8 +24,8 @@ if [ -f $CONFIG ]; then # First pass to clone any new modules, and update those marked for updating. grep -E -v "^#" $CONFIG | ( while read module src update pattern; do - # We only support git:// urls atm - if [ "${src:0:6}" = "git://" ]; then + # We only support git:// urls and https:// urls atm + if [ "${src:0:6}" = "git://" -o "${src:0:8}" = "https://" ]; then if [ ! -d $CACHE_DIR/scm/$module ]; then git clone -q $src $CACHE_DIR/scm/$module elif [ -d $CACHE_DIR/scm/$module/.git ]; then @@ -63,7 +63,7 @@ if [ -f $CONFIG ]; then grep -E -v "^#" $CONFIG | ( while read module src update pattern; do # We only support git:// urls atm - if [ "${src:0:6}" = "git://" ]; then + if [ "${src:0:6}" = "git://" -o "${src:0:8}" = "https://" ]; then # Verify git tag cd $CACHE_DIR/scm/$module TAG=$(git tag -l "${pattern:-*}" | sort | tail -1) diff --git a/global/post-tasks.d/030puppet b/global/post-tasks.d/030puppet index 6742949..b94b9ff 100755 --- a/global/post-tasks.d/030puppet +++ b/global/post-tasks.d/030puppet @@ -1,13 +1,13 @@ #!/bin/sh if [ "x$COSMOS_VERBOSE" = "xy" ]; then - args="--verbose" + args="--verbose --show_diff" else args="--logdest=syslog" fi if [ -f /usr/bin/puppet -a -d /etc/puppet/manifests ]; then for m in `find /etc/puppet/manifests -name \*.pp`; do - puppet apply $args < $m + puppet apply $args $m done fi diff --git a/global/post-tasks.d/099autoremove b/global/post-tasks.d/099autoremove index 2cc6996..74b0aa4 100755 --- a/global/post-tasks.d/099autoremove +++ b/global/post-tasks.d/099autoremove @@ -1,4 +1,6 @@ #!/bin/sh -apt-get -qq update -apt-get -qq -y autoremove +if (( $RANDOM % 20 == 0)); then + apt-get -qq update + apt-get -qq -y autoremove +fi |