[jackhill/guix/guix.git] / gnu / packages / patches / debops-constants-for-external-program-names.patch

From 78d5cddafebb28e2e54efeb781495b5607ddb356 Mon Sep 17 00:00:00 2001
From: Hartmut Goebel <h.goebel@crazy-compilers.com>
Date: Thu, 8 Aug 2019 15:19:48 +0200
Subject: [PATCH] Scripts: Use constants for external program names.

This makes it much, much easier to replace the program
with one using an absolute path. This is necessary for
e.g. Guix to keep references to these external programs.
---
 bin/debops              | 10 +++++++---
 bin/debops-padlock      | 21 +++++++++++++++------
 bin/debops-task         |  7 +++++--
 bin/debops-update       | 18 +++++++++++-------
 debops/__init__.py      | 17 ++++++++++++-----
 debops/cmds/__init__.py |  6 +++++-
 6 files changed, 55 insertions(+), 24 deletions(-)

diff --git a/bin/debops b/bin/debops
index 2b7ad3f88..caaeb892f 100755
--- a/bin/debops
+++ b/bin/debops
@@ -59,6 +59,10 @@ ConfigFileHeader = """\
 # You can manipulate the contents of this file via `.debops.cfg`.
 """
 
+# External programms used. List here for easy substitution for
+# hard-coded paths.
+ANSIBLE_PLAYBOOK = 'ansible-playbook'
+
 
 def write_config(filename, config):
     cfgparser = configparser.ConfigParser()
@@ -131,7 +135,7 @@ def gen_ansible_cfg(filename, config, project_root, playbooks_path,
             os.path.join(playbooks_path, "roles"),
             "/etc/ansible/roles")))
 
-    ansible_version_out = subprocess.check_output(["ansible-playbook",
+    ansible_version_out = subprocess.check_output([ANSIBLE_PLAYBOOK,
                                                    "--version"]).decode()
 
     # Get first line and split by spaces to get second 'word'.
@@ -197,7 +201,7 @@ def main(cmd_args):
         playbooks_path = '/nonexistent'
 
     # Make sure required commands are present
-    require_commands('ansible-playbook')
+    require_commands(ANSIBLE_PLAYBOOK)
 
     # Check if user specified a potential playbook name as the first
     # argument. If yes, use it as the playbook name and remove it from
@@ -256,7 +260,7 @@ def main(cmd_args):
         print("Running Ansible playbooks:")
         for element in play_list:
             print(element)
-        return subprocess.call(['ansible-playbook'] + play_list + arg_list)
+        return subprocess.call([ANSIBLE_PLAYBOOK] + play_list + arg_list)
     finally:
         if revert_unlock:
             padlock_lock(encfs_encrypted)
diff --git a/bin/debops-padlock b/bin/debops-padlock
index bfdfb8e06..2a97716cd 100755
--- a/bin/debops-padlock
+++ b/bin/debops-padlock
@@ -67,6 +67,14 @@ devrandom = os.environ.get('DEVRANDOM', "/dev/urandom")
 
 SCRIPT_FILENAME = 'padlock-script'
 
+# External programms used. List here for easy substitution for
+# hard-coded paths.
+ENCFS = 'encfs'
+FIND = 'find'
+FUSERMOUNT = 'fusermount'
+UMOUNT = 'umount'
+GPG = 'gpg'
+
 # ---- DebOps environment setup ----
 
 
@@ -80,9 +88,9 @@ def main(subcommand_func, **kwargs):
     # Make sure required commands are present
     # OS X compatibility
     if sys.platform == 'darwin':
-        require_commands('encfs', 'find', 'umount', 'gpg')
+        require_commands(ENCFS, FIND, UMOUNT, GPG)
     else:
-        require_commands('encfs', 'find', 'fusermount', 'gpg')
+        require_commands(ENCFS, FIND, FUSERMOUNT, GPG)
 
     inventory_path = find_inventorypath(project_root, required=False)
     # If inventory hasn't been found automatically, assume it's the default
@@ -121,7 +129,7 @@ def init(encfs_decrypted, encfs_encrypted, recipients):
     # Generate a random password and encrypt it with GPG keys of recipients.
     print("Generating a random", ENCFS_KEYFILE_LENGTH, "char password")
     pwd = gen_pwd()
-    gpg = subprocess.Popen(['gpg', '--encrypt', '--armor',
+    gpg = subprocess.Popen([GPG, '--encrypt', '--armor',
                             '--output', encfs_keyfile] + recipients,
                            stdin=subprocess.PIPE)
     gpg.communicate(pwd.encode('utf-8'))
@@ -133,9 +141,10 @@ def init(encfs_decrypted, encfs_encrypted, recipients):
     # NB2: We can not use padlock_unlock here, because the config file
     # does not yet exist.
     encfs = subprocess.Popen([
-        'encfs', encfs_encrypted, encfs_decrypted,
+        ENCFS, encfs_encrypted, encfs_decrypted,
         '--extpass',
-        'gpg --decrypt --no-mdc-warning --output - '+shquote(encfs_keyfile)],
+        GPG + ' --decrypt --no-mdc-warning --output - '
+        + shquote(encfs_keyfile)],
         stdin=subprocess.PIPE)
     encfs.communicate(('p\n'+pwd).encode('utf-8'))
 
@@ -154,7 +163,7 @@ def init(encfs_decrypted, encfs_encrypted, recipients):
 
     # Protect the EncFS configuration file by also encrypting it with
     # the GPG keys of recipients.
-    subprocess.call(['gpg', '--encrypt', '--armor',
+    subprocess.call([GPG, '--encrypt', '--armor',
                      '--output', encfs_configfile+'.asc']
                     + recipients + [encfs_configfile])
     os.remove(encfs_configfile)
diff --git a/bin/debops-task b/bin/debops-task
index 223e5f834..dc31ad4e6 100755
--- a/bin/debops-task
+++ b/bin/debops-task
@@ -49,11 +49,14 @@ project_root = find_debops_project(required=True)
 # todo: need to decide on semantics!
 # config = read_config(project_root)
 
+# External programms used. List here for easy substitution for
+# hard-coded paths.
+ANSIBLE = 'ansible'
 
 # ---- Main script ----
 
 # Make sure required commands are present
-require_commands('ansible')
+require_commands(ANSIBLE)
 
 ansible_inventory = find_inventorypath(project_root)
 
@@ -71,5 +74,5 @@ if INSECURE:
     os.environ['ANSIBLE_HOST_KEY_CHECKING'] = 'False'
 
 # Run ansible with custom environment
-cmd = ['ansible'] + module + sys.argv[1:]
+cmd = [ANSIBLE] + module + sys.argv[1:]
 subprocess.call(cmd)
diff --git a/bin/debops-update b/bin/debops-update
index 88c5e2c82..cc7e57cb0 100755
--- a/bin/debops-update
+++ b/bin/debops-update
@@ -90,6 +90,10 @@ GALAXY_REQUIREMENTS = "galaxy/requirements.txt"
 # Default Ansible Galaxy user account name
 GALAXY_ACCOUNT = "debops"
 
+# External programms used. List here for easy substitution for
+# hard-coded paths.
+GIT = 'git'
+
 
 # ---- Functions ----
 
@@ -137,7 +141,7 @@ def clone_git_repository(repo_uri, branch, destination, dry_run=False):
     if dry_run:
         print("Cloning '%s' to %s..." % (repo_uri, destination))
     else:
-        subprocess.call(['git', 'clone', '--quiet', '--branch', branch,
+        subprocess.call([GIT, 'clone', '--quiet', '--branch', branch,
                          repo_uri, destination])
 
 
@@ -152,22 +156,22 @@ def update_git_repository(path, dry_run=False, remote_uri=False):
     os.chdir(path)
 
     if dry_run:
-        subprocess.call(['git', 'fetch'])
-        subprocess.call(['git', 'diff', 'HEAD', 'origin', '--stat'])
+        subprocess.call([GIT, 'fetch'])
+        subprocess.call([GIT, 'diff', 'HEAD', 'origin', '--stat'])
     else:
         # Get the current sha of the head branch
         current_sha = subprocess.check_output(
-                ['git', 'rev-parse', 'HEAD']).strip()
+                [GIT, 'rev-parse', 'HEAD']).strip()
 
         # Fetch it silently and store the new sha
-        subprocess.call(['git', 'fetch', '--quiet'])
+        subprocess.call([GIT, 'fetch', '--quiet'])
         fetch_sha = subprocess.check_output(
-                ['git', 'rev-parse', 'FETCH_HEAD']).strip()
+                [GIT, 'rev-parse', 'FETCH_HEAD']).strip()
 
         if current_sha != fetch_sha:
             print()
             print('--')
-            subprocess.call(['git', 'merge', fetch_sha])
+            subprocess.call([GIT, 'merge', fetch_sha])
 
             if remote_uri:
                 compare_uri = (remote_uri + '/compare/' + current_sha[:7]
diff --git a/debops/__init__.py b/debops/__init__.py
index 1c2cedcb0..da8430e41 100644
--- a/debops/__init__.py
+++ b/debops/__init__.py
@@ -93,6 +93,13 @@ ENCFS_KEYFILE = ".encfs6.keyfile"
 # Length of the random EncFS password stored in encrypted keyfile
 ENCFS_KEYFILE_LENGTH = 256
 
+# External programms used. List here for easy substitution for
+# hard-coded paths.
+ENCFS = 'encfs'
+FUSERMOUNT = 'fusermount'
+UMOUNT = 'umount'
+GPG = 'gpg'
+
 
 # ---- Functions ----
 
@@ -180,9 +187,9 @@ def padlock_lock(encrypted_path):
         return False
     # OS X compatibility
     if sys.platform == 'darwin':
-        subprocess.call(['umount', decrypted_path])
+        subprocess.call([UMOUNT, decrypted_path])
     else:
-        subprocess.call(['fusermount', '-u', decrypted_path])
+        subprocess.call([FUSERMOUNT, '-u', decrypted_path])
     return True
 
 
@@ -237,14 +244,14 @@ def padlock_unlock(encrypted_path):
     # Start encfs. It will wait for input on the `configfile` named
     # pipe.
     encfs = subprocess.Popen([
-        'encfs', encrypted_path, decrypted_path,
+        ENCFS, encrypted_path, decrypted_path,
         '--extpass',
-        'gpg --decrypt --no-mdc-warning --output - %s' % shquote(keyfile)])
+        GPG + ' --decrypt --no-mdc-warning --output - %s' % shquote(keyfile)])
     # now decrypt the config and write it into the named pipe
     with open(configfile, 'w') as fh:
         # NB: gpg must write to stdout to avoid it is asking whether
         # the file should be overwritten
-        subprocess.Popen(['gpg',
+        subprocess.Popen([GPG,
                           '--decrypt', '--no-mdc-warning', '--output', '-',
                           crypted_configfile], stdout=fh).wait()
     encfs.wait()
diff --git a/debops/cmds/__init__.py b/debops/cmds/__init__.py
index b221fa191..9fabf43a5 100644
--- a/debops/cmds/__init__.py
+++ b/debops/cmds/__init__.py
@@ -55,6 +55,10 @@ SCRIPT_NAME = os.path.basename(sys.argv[0])
 # command line)
 INSECURE = bool(os.environ.get('INSECURE', False))
 
+# External programms used. List here for easy substitution for
+# hard-coded paths.
+WHICH = 'which'
+
 
 def error_msg(message, severity="Error"):
     """
@@ -70,7 +74,7 @@ def require_commands(*cmd_names):
     Check if required commands exist.
     """
     def command_exists(cmd_name):
-        which = "where" if platform.system() == "Windows" else "which"
+        which = "where" if platform.system() == "Windows" else WHICH
         return not subprocess.call([which, cmd_name],
                                    stdout=DEVNULL, stderr=subprocess.STDOUT)
 
-- 
2.21.0
Commit	Line	Data
6eb1d20b HG	1	From 78d5cddafebb28e2e54efeb781495b5607ddb356 Mon Sep 17 00:00:00 2001
	2	From: Hartmut Goebel <h.goebel@crazy-compilers.com>
	3	Date: Thu, 8 Aug 2019 15:19:48 +0200
	4	Subject: [PATCH] Scripts: Use constants for external program names.
	5
	6	This makes it much, much easier to replace the program
	7	with one using an absolute path. This is necessary for
	8	e.g. Guix to keep references to these external programs.
	9	---
	10	bin/debops \| 10 +++++++---
	11	bin/debops-padlock \| 21 +++++++++++++++------
	12	bin/debops-task \| 7 +++++--
	13	bin/debops-update \| 18 +++++++++++-------
	14	debops/__init__.py \| 17 ++++++++++++-----
	15	debops/cmds/__init__.py \| 6 +++++-
	16	6 files changed, 55 insertions(+), 24 deletions(-)
	17
	18	diff --git a/bin/debops b/bin/debops
	19	index 2b7ad3f88..caaeb892f 100755
	20	--- a/bin/debops
	21	+++ b/bin/debops
	22	@@ -59,6 +59,10 @@ ConfigFileHeader = """\
	23	# You can manipulate the contents of this file via `.debops.cfg`.
	24	"""
	25
	26	+# External programms used. List here for easy substitution for
	27	+# hard-coded paths.
	28	+ANSIBLE_PLAYBOOK = 'ansible-playbook'
	29	+
	30
	31	def write_config(filename, config):
	32	cfgparser = configparser.ConfigParser()
	33	@@ -131,7 +135,7 @@ def gen_ansible_cfg(filename, config, project_root, playbooks_path,
	34	os.path.join(playbooks_path, "roles"),
	35	"/etc/ansible/roles")))
	36
	37	- ansible_version_out = subprocess.check_output(["ansible-playbook",
	38	+ ansible_version_out = subprocess.check_output([ANSIBLE_PLAYBOOK,
	39	"--version"]).decode()
	40
	41	# Get first line and split by spaces to get second 'word'.
	42	@@ -197,7 +201,7 @@ def main(cmd_args):
	43	playbooks_path = '/nonexistent'
	44
	45	# Make sure required commands are present
	46	- require_commands('ansible-playbook')
	47	+ require_commands(ANSIBLE_PLAYBOOK)
	48
	49	# Check if user specified a potential playbook name as the first
	50	# argument. If yes, use it as the playbook name and remove it from
	51	@@ -256,7 +260,7 @@ def main(cmd_args):
	52	print("Running Ansible playbooks:")
	53	for element in play_list:
	54	print(element)
	55	- return subprocess.call(['ansible-playbook'] + play_list + arg_list)
	56	+ return subprocess.call([ANSIBLE_PLAYBOOK] + play_list + arg_list)
	57	finally:
	58	if revert_unlock:
	59	padlock_lock(encfs_encrypted)
	60	diff --git a/bin/debops-padlock b/bin/debops-padlock
	61	index bfdfb8e06..2a97716cd 100755
	62	--- a/bin/debops-padlock
	63	+++ b/bin/debops-padlock
	64	@@ -67,6 +67,14 @@ devrandom = os.environ.get('DEVRANDOM', "/dev/urandom")
65
66	SCRIPT_FILENAME = 'padlock-script'
67
68	+# External programms used. List here for easy substitution for
69	+# hard-coded paths.
70	+ENCFS = 'encfs'
71	+FIND = 'find'
72	+FUSERMOUNT = 'fusermount'
73	+UMOUNT = 'umount'
74	+GPG = 'gpg'
75	+
76	# ---- DebOps environment setup ----
77
78
79	@@ -80,9 +88,9 @@ def main(subcommand_func, **kwargs):
80	# Make sure required commands are present
81	# OS X compatibility
82	if sys.platform == 'darwin':
83	- require_commands('encfs', 'find', 'umount', 'gpg')
84	+ require_commands(ENCFS, FIND, UMOUNT, GPG)
85	else:
86	- require_commands('encfs', 'find', 'fusermount', 'gpg')
87	+ require_commands(ENCFS, FIND, FUSERMOUNT, GPG)
88
89	inventory_path = find_inventorypath(project_root, required=False)
90	# If inventory hasn't been found automatically, assume it's the default
91	@@ -121,7 +129,7 @@ def init(encfs_decrypted, encfs_encrypted, recipients):
92	# Generate a random password and encrypt it with GPG keys of recipients.
93	print("Generating a random", ENCFS_KEYFILE_LENGTH, "char password")
94	pwd = gen_pwd()
95	- gpg = subprocess.Popen(['gpg', '--encrypt', '--armor',
96	+ gpg = subprocess.Popen([GPG, '--encrypt', '--armor',
97	'--output', encfs_keyfile] + recipients,
98	stdin=subprocess.PIPE)
99	gpg.communicate(pwd.encode('utf-8'))
100	@@ -133,9 +141,10 @@ def init(encfs_decrypted, encfs_encrypted, recipients):
101	# NB2: We can not use padlock_unlock here, because the config file
102	# does not yet exist.
103	encfs = subprocess.Popen([
104	- 'encfs', encfs_encrypted, encfs_decrypted,
105	+ ENCFS, encfs_encrypted, encfs_decrypted,
106	'--extpass',
107	- 'gpg --decrypt --no-mdc-warning --output - '+shquote(encfs_keyfile)],
108	+ GPG + ' --decrypt --no-mdc-warning --output - '
109	+ + shquote(encfs_keyfile)],
110	stdin=subprocess.PIPE)
111	encfs.communicate(('p\n'+pwd).encode('utf-8'))
112
113	@@ -154,7 +163,7 @@ def init(encfs_decrypted, encfs_encrypted, recipients):
114
115	# Protect the EncFS configuration file by also encrypting it with
116	# the GPG keys of recipients.
117	- subprocess.call(['gpg', '--encrypt', '--armor',
118	+ subprocess.call([GPG, '--encrypt', '--armor',
119	'--output', encfs_configfile+'.asc']
120	+ recipients + [encfs_configfile])
121	os.remove(encfs_configfile)
122	diff --git a/bin/debops-task b/bin/debops-task
123	index 223e5f834..dc31ad4e6 100755
124	--- a/bin/debops-task
125	+++ b/bin/debops-task
126	@@ -49,11 +49,14 @@ project_root = find_debops_project(required=True)
127	# todo: need to decide on semantics!
128	# config = read_config(project_root)
129
130	+# External programms used. List here for easy substitution for
131	+# hard-coded paths.
132	+ANSIBLE = 'ansible'
133
134	# ---- Main script ----
135
136	# Make sure required commands are present
137	-require_commands('ansible')
138	+require_commands(ANSIBLE)
139
140	ansible_inventory = find_inventorypath(project_root)
141
142	@@ -71,5 +74,5 @@ if INSECURE:
143	os.environ['ANSIBLE_HOST_KEY_CHECKING'] = 'False'
144
145	# Run ansible with custom environment
146	-cmd = ['ansible'] + module + sys.argv[1:]
147	+cmd = [ANSIBLE] + module + sys.argv[1:]
148	subprocess.call(cmd)
149	diff --git a/bin/debops-update b/bin/debops-update
150	index 88c5e2c82..cc7e57cb0 100755
151	--- a/bin/debops-update
152	+++ b/bin/debops-update
153	@@ -90,6 +90,10 @@ GALAXY_REQUIREMENTS = "galaxy/requirements.txt"
154	# Default Ansible Galaxy user account name
155	GALAXY_ACCOUNT = "debops"
156
157	+# External programms used. List here for easy substitution for
158	+# hard-coded paths.
159	+GIT = 'git'
160	+
161
162	# ---- Functions ----
163
164	@@ -137,7 +141,7 @@ def clone_git_repository(repo_uri, branch, destination, dry_run=False):
165	if dry_run:
166	print("Cloning '%s' to %s..." % (repo_uri, destination))
167	else:
168	- subprocess.call(['git', 'clone', '--quiet', '--branch', branch,
169	+ subprocess.call([GIT, 'clone', '--quiet', '--branch', branch,
170	repo_uri, destination])
171
172
173	@@ -152,22 +156,22 @@ def update_git_repository(path, dry_run=False, remote_uri=False):
174	os.chdir(path)
175
176	if dry_run:
177	- subprocess.call(['git', 'fetch'])
178	- subprocess.call(['git', 'diff', 'HEAD', 'origin', '--stat'])
179	+ subprocess.call([GIT, 'fetch'])
180	+ subprocess.call([GIT, 'diff', 'HEAD', 'origin', '--stat'])
181	else:
182	# Get the current sha of the head branch
183	current_sha = subprocess.check_output(
184	- ['git', 'rev-parse', 'HEAD']).strip()
185	+ [GIT, 'rev-parse', 'HEAD']).strip()
186
187	# Fetch it silently and store the new sha
188	- subprocess.call(['git', 'fetch', '--quiet'])
189	+ subprocess.call([GIT, 'fetch', '--quiet'])
190	fetch_sha = subprocess.check_output(
191	- ['git', 'rev-parse', 'FETCH_HEAD']).strip()
192	+ [GIT, 'rev-parse', 'FETCH_HEAD']).strip()
193
194	if current_sha != fetch_sha:
195	print()
196	print('--')
197	- subprocess.call(['git', 'merge', fetch_sha])
198	+ subprocess.call([GIT, 'merge', fetch_sha])
199
200	if remote_uri:
201	compare_uri = (remote_uri + '/compare/' + current_sha[:7]
202	diff --git a/debops/__init__.py b/debops/__init__.py
203	index 1c2cedcb0..da8430e41 100644
204	--- a/debops/__init__.py
205	+++ b/debops/__init__.py
206	@@ -93,6 +93,13 @@ ENCFS_KEYFILE = ".encfs6.keyfile"
207	# Length of the random EncFS password stored in encrypted keyfile
208	ENCFS_KEYFILE_LENGTH = 256
209
210	+# External programms used. List here for easy substitution for
211	+# hard-coded paths.
212	+ENCFS = 'encfs'
213	+FUSERMOUNT = 'fusermount'
214	+UMOUNT = 'umount'
215	+GPG = 'gpg'
216	+
217
218	# ---- Functions ----
219
220	@@ -180,9 +187,9 @@ def padlock_lock(encrypted_path):
221	return False
222	# OS X compatibility
223	if sys.platform == 'darwin':
224	- subprocess.call(['umount', decrypted_path])
225	+ subprocess.call([UMOUNT, decrypted_path])
226	else:
227	- subprocess.call(['fusermount', '-u', decrypted_path])
228	+ subprocess.call([FUSERMOUNT, '-u', decrypted_path])
229	return True
230
231
232	@@ -237,14 +244,14 @@ def padlock_unlock(encrypted_path):
233	# Start encfs. It will wait for input on the `configfile` named
234	# pipe.
235	encfs = subprocess.Popen([
236	- 'encfs', encrypted_path, decrypted_path,
237	+ ENCFS, encrypted_path, decrypted_path,
238	'--extpass',
239	- 'gpg --decrypt --no-mdc-warning --output - %s' % shquote(keyfile)])
240	+ GPG + ' --decrypt --no-mdc-warning --output - %s' % shquote(keyfile)])
241	# now decrypt the config and write it into the named pipe
242	with open(configfile, 'w') as fh:
243	# NB: gpg must write to stdout to avoid it is asking whether
244	# the file should be overwritten
245	- subprocess.Popen(['gpg',
246	+ subprocess.Popen([GPG,
247	'--decrypt', '--no-mdc-warning', '--output', '-',
248	crypted_configfile], stdout=fh).wait()
249	encfs.wait()
250	diff --git a/debops/cmds/__init__.py b/debops/cmds/__init__.py
251	index b221fa191..9fabf43a5 100644
252	--- a/debops/cmds/__init__.py
253	+++ b/debops/cmds/__init__.py
254	@@ -55,6 +55,10 @@ SCRIPT_NAME = os.path.basename(sys.argv[0])
255	# command line)
256	INSECURE = bool(os.environ.get('INSECURE', False))
257
258	+# External programms used. List here for easy substitution for
259	+# hard-coded paths.
260	+WHICH = 'which'
261	+
262
263	def error_msg(message, severity="Error"):
264	"""
265	@@ -70,7 +74,7 @@ def require_commands(*cmd_names):
266	Check if required commands exist.
267	"""
268	def command_exists(cmd_name):
269	- which = "where" if platform.system() == "Windows" else "which"
270	+ which = "where" if platform.system() == "Windows" else WHICH
271	return not subprocess.call([which, cmd_name],
272	stdout=DEVNULL, stderr=subprocess.STDOUT)
273
274	--
275	2.21.0
276