blob: 4ba65871d54d5d664bc342a7f45b7e43b31b44d8 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
|
#!/bin/sh
_boxconf_try_files(){
# Get the highest precedence file for a given path.
# $1 = target file path
for _bcsf_file in \
"${BOXCONF_SITE_FILE_DIR}${1}.${BOXCONF_HOSTNAME}" \
"${BOXCONF_FILE_DIR}${1}.${BOXCONF_HOSTNAME}" \
"${BOXCONF_SITE_FILE_DIR}${1}.${BOXCONF_HOSTCLASS}.${BOXCONF_DISTRO}" \
"${BOXCONF_FILE_DIR}${1}.${BOXCONF_HOSTCLASS}.${BOXCONF_DISTRO}" \
"${BOXCONF_SITE_FILE_DIR}${1}.${BOXCONF_DISTRO}.${BOXCONF_HOSTCLASS}" \
"${BOXCONF_FILE_DIR}${1}.${BOXCONF_DISTRO}.${BOXCONF_HOSTCLASS}" \
"${BOXCONF_SITE_FILE_DIR}${1}.${BOXCONF_HOSTCLASS}.${BOXCONF_OS}" \
"${BOXCONF_FILE_DIR}${1}.${BOXCONF_HOSTCLASS}.${BOXCONF_OS}" \
"${BOXCONF_SITE_FILE_DIR}${1}.${BOXCONF_OS}.${BOXCONF_HOSTCLASS}" \
"${BOXCONF_FILE_DIR}${1}.${BOXCONF_OS}.${BOXCONF_HOSTCLASS}" \
"${BOXCONF_SITE_FILE_DIR}${1}.${BOXCONF_HOSTCLASS}" \
"${BOXCONF_FILE_DIR}${1}.${BOXCONF_HOSTCLASS}" \
"${BOXCONF_SITE_FILE_DIR}${1}.${BOXCONF_DISTRO}" \
"${BOXCONF_FILE_DIR}${1}.${BOXCONF_DISTRO}" \
"${BOXCONF_SITE_FILE_DIR}${1}.${BOXCONF_OS}" \
"${BOXCONF_FILE_DIR}${1}.${BOXCONF_OS}" \
"${BOXCONF_SITE_FILE_DIR}${1}.common" \
"${BOXCONF_FILE_DIR}${1}.common"
do
if [ -f "$_bcsf_file" ]; then
echo "$_bcsf_file"
return
fi
done
bug "no source file found for ${1}"
}
install_file(){
# Install the files at the given paths into the target system.
# The source file is chosen from the matching file in the boxconf directory with
# the highest-precedence suffix.
# Takes options similar to the `install` command.
_bcif_install_args='-Cv'
_bcif_mode=0644
while getopts m:o:g: _bcif_opt; do
case $_bcif_opt in
m) _bcif_mode=$OPTARG ;;
o) _bcif_install_args="${_bcif_install_args} -o ${OPTARG}" ;;
g) _bcif_install_args="${_bcif_install_args} -g ${OPTARG}" ;;
esac
done
shift $((OPTIND - 1))
while [ $# -gt 0 ]; do
_bcif_src=$(_boxconf_try_files "$1")
install -m "$_bcif_mode" $_bcif_install_args "$_bcif_src" "$1"
log "installed file ${1}"
shift
done
}
install_directory(){
# Create the specified directories in the target system.
# Takes options similar to the `install` command.
_bcid_install_args='-Cdv'
_bcid_mode=0755
while getopts m:o:g: _bcid_opt; do
case $_bcid_opt in
m) _bcid_mode=$OPTARG ;;
o) _bcid_install_args="${_bcid_install_args} -o ${OPTARG}" ;;
g) _bcid_install_args="${_bcid_install_args} -g ${OPTARG}" ;;
esac
done
shift $((OPTIND - 1))
while [ $# -gt 0 ]; do
install -m "$_bcid_mode" $_bcid_install_args "$1"
log "installed directory ${1}"
shift
done
}
install_template(){
# Install the templatess at the given paths into the target system.
# The source template is chosen from the matching file in the boxconf directory
# with the highest-precedence suffix. Template is rendered as a shell heredoc.
# Takes options similar to the `install` command.
_bcit_install_args='-Cv'
_bcit_mode=0644
while getopts m:o:g: _bcit_opt; do
case $_bcit_opt in
m) _bcit_mode=$OPTARG ;;
o) _bcit_install_args="${_bcit_install_args} -o ${OPTARG}" ;;
g) _bcit_install_args="${_bcit_install_args} -g ${OPTARG}" ;;
esac
done
shift $((OPTIND - 1 ))
while [ $# -gt 0 ]; do
_bcit_src=$(_boxconf_try_files "$1")
eval "cat <<__BOXCONF_EOF__ >${_bcit_src}.render
$(cat "$_bcit_src")
__BOXCONF_EOF__
"
[ -s "${_bcit_src}.render" ] || bug "failed to render template: ${_bcit_src}"
install -m "$_bcit_mode" $_bcit_install_args "${_bcit_src}.render" "$1"
log "installed template ${1}"
shift
done
}
install_certificate(){
# Install a certificate from the CA dir into the target system.
# Takes options similar to the `install` command.
# $1 = certificate name
# $2 = target path
_bcic_install_args='-Cv'
_bcic_mode=0644
while getopts m:o:g: _bcic_opt; do
case $_bcic_opt in
m) _bcic_mode=$OPTARG ;;
o) _bcic_install_args="${_bcic_install_args} -o ${OPTARG}" ;;
g) _bcic_install_args="${_bcic_install_args} -g ${OPTARG}" ;;
esac
done
shift $((OPTIND - 1))
[ -f "${BOXCONF_CA_DIR}/${BOXCONF_HOSTNAME}/${1}.fullchain.crt" ] \
|| bug "no certificate exists for ${BOXCONF_HOSTNAME}/${1}"
install -m "$_bcic_mode" $_bcic_install_args "${BOXCONF_CA_DIR}/${BOXCONF_HOSTNAME}/${1}.fullchain.crt" "$2"
log "installed certificate ${2}"
}
install_certificate_key(){
# Install a certificate's private key from the CA dir into the target system.
# Takes options similar to the `install` command.
# $1 = certificate name
# $2 = target path
_bcick_install_args='-Cv'
_bcick_mode=0600
while getopts m:o:g: _bcick_opt; do
case $_bcick_opt in
m) _bcick_mode=$OPTARG ;;
o) _bcick_install_args="${_bcick_install_args} -o ${OPTARG}" ;;
g) _bcick_install_args="${_bcick_install_args} -g ${OPTARG}" ;;
esac
done
shift $((OPTIND - 1))
[ -f "${BOXCONF_CA_DIR}/${BOXCONF_HOSTNAME}/${1}.key" ] \
|| bug "no key exists for ${BOXCONF_HOSTNAME}/${1}"
install -m "$_bcick_mode" $_bcick_install_args "${BOXCONF_CA_DIR}/${BOXCONF_HOSTNAME}/${1}.key" "$2"
log "installed certificate key ${2}"
}
install_ca_certificate(){
# Install a the root CA from the CA dir into the target system.
# Takes options similar to the `install` command.
# $1 = target path
_bcicc_install_args='-Cv'
_bcicc_mode=0644
while getopts m:o:g: _bcicc_opt; do
case $_bcicc_opt in
m) _bcicc_mode=$OPTARG ;;
o) _bcicc_install_args="${_bcicc_install_args} -o ${OPTARG}" ;;
g) _bcicc_install_args="${_bcicc_install_args} -g ${OPTARG}" ;;
esac
done
shift $((OPTIND - 1))
[ -f "${BOXCONF_CA_DIR}/ca.crt" ] || bug 'CA certificate not found'
install -m "$_bcicc_mode" $_bcicc_install_args "${BOXCONF_CA_DIR}/ca.crt" "$1"
log "installed root CA to ${1}"
}
set_facl(){
# Replaces the NFSv4 ACL on a file with the specified ACL list.
# $1 = path
# $2-$N = ACL entries
[ "$BOXCONF_OS" = freebsd ] || bug 'set_facl only supported on FreeBSD'
_bcsetfacl_path=$1; shift
setfacl -b -a 0 "$(join ',' "$@")" "$_bcsetfacl_path"
}
|
