Commit | Line | Data |
---|---|---|
6eb1d20b HG |
1 | From 78d5cddafebb28e2e54efeb781495b5607ddb356 Mon Sep 17 00:00:00 2001 |
2 | From: Hartmut Goebel <h.goebel@crazy-compilers.com> | |
3 | Date: Thu, 8 Aug 2019 15:19:48 +0200 | |
4 | Subject: [PATCH] Scripts: Use constants for external program names. | |
5 | ||
6 | This makes it much, much easier to replace the program | |
7 | with one using an absolute path. This is necessary for | |
8 | e.g. Guix to keep references to these external programs. | |
9 | --- | |
10 | bin/debops | 10 +++++++--- | |
11 | bin/debops-padlock | 21 +++++++++++++++------ | |
12 | bin/debops-task | 7 +++++-- | |
13 | bin/debops-update | 18 +++++++++++------- | |
14 | debops/__init__.py | 17 ++++++++++++----- | |
15 | debops/cmds/__init__.py | 6 +++++- | |
16 | 6 files changed, 55 insertions(+), 24 deletions(-) | |
17 | ||
18 | diff --git a/bin/debops b/bin/debops | |
19 | index 2b7ad3f88..caaeb892f 100755 | |
20 | --- a/bin/debops | |
21 | +++ b/bin/debops | |
22 | @@ -59,6 +59,10 @@ ConfigFileHeader = """\ | |
23 | # You can manipulate the contents of this file via `.debops.cfg`. | |
24 | """ | |
25 | ||
26 | +# External programms used. List here for easy substitution for | |
27 | +# hard-coded paths. | |
28 | +ANSIBLE_PLAYBOOK = 'ansible-playbook' | |
29 | + | |
30 | ||
31 | def write_config(filename, config): | |
32 | cfgparser = configparser.ConfigParser() | |
33 | @@ -131,7 +135,7 @@ def gen_ansible_cfg(filename, config, project_root, playbooks_path, | |
34 | os.path.join(playbooks_path, "roles"), | |
35 | "/etc/ansible/roles"))) | |
36 | ||
37 | - ansible_version_out = subprocess.check_output(["ansible-playbook", | |
38 | + ansible_version_out = subprocess.check_output([ANSIBLE_PLAYBOOK, | |
39 | "--version"]).decode() | |
40 | ||
41 | # Get first line and split by spaces to get second 'word'. | |
42 | @@ -197,7 +201,7 @@ def main(cmd_args): | |
43 | playbooks_path = '/nonexistent' | |
44 | ||
45 | # Make sure required commands are present | |
46 | - require_commands('ansible-playbook') | |
47 | + require_commands(ANSIBLE_PLAYBOOK) | |
48 | ||
49 | # Check if user specified a potential playbook name as the first | |
50 | # argument. If yes, use it as the playbook name and remove it from | |
51 | @@ -256,7 +260,7 @@ def main(cmd_args): | |
52 | print("Running Ansible playbooks:") | |
53 | for element in play_list: | |
54 | print(element) | |
55 | - return subprocess.call(['ansible-playbook'] + play_list + arg_list) | |
56 | + return subprocess.call([ANSIBLE_PLAYBOOK] + play_list + arg_list) | |
57 | finally: | |
58 | if revert_unlock: | |
59 | padlock_lock(encfs_encrypted) | |
60 | diff --git a/bin/debops-padlock b/bin/debops-padlock | |
61 | index bfdfb8e06..2a97716cd 100755 | |
62 | --- a/bin/debops-padlock | |
63 | +++ b/bin/debops-padlock | |
64 | @@ -67,6 +67,14 @@ devrandom = os.environ.get('DEVRANDOM', "/dev/urandom") | |
65 | ||
66 | SCRIPT_FILENAME = 'padlock-script' | |
67 | ||
68 | +# External programms used. List here for easy substitution for | |
69 | +# hard-coded paths. | |
70 | +ENCFS = 'encfs' | |
71 | +FIND = 'find' | |
72 | +FUSERMOUNT = 'fusermount' | |
73 | +UMOUNT = 'umount' | |
74 | +GPG = 'gpg' | |
75 | + | |
76 | # ---- DebOps environment setup ---- | |
77 | ||
78 | ||
79 | @@ -80,9 +88,9 @@ def main(subcommand_func, **kwargs): | |
80 | # Make sure required commands are present | |
81 | # OS X compatibility | |
82 | if sys.platform == 'darwin': | |
83 | - require_commands('encfs', 'find', 'umount', 'gpg') | |
84 | + require_commands(ENCFS, FIND, UMOUNT, GPG) | |
85 | else: | |
86 | - require_commands('encfs', 'find', 'fusermount', 'gpg') | |
87 | + require_commands(ENCFS, FIND, FUSERMOUNT, GPG) | |
88 | ||
89 | inventory_path = find_inventorypath(project_root, required=False) | |
90 | # If inventory hasn't been found automatically, assume it's the default | |
91 | @@ -121,7 +129,7 @@ def init(encfs_decrypted, encfs_encrypted, recipients): | |
92 | # Generate a random password and encrypt it with GPG keys of recipients. | |
93 | print("Generating a random", ENCFS_KEYFILE_LENGTH, "char password") | |
94 | pwd = gen_pwd() | |
95 | - gpg = subprocess.Popen(['gpg', '--encrypt', '--armor', | |
96 | + gpg = subprocess.Popen([GPG, '--encrypt', '--armor', | |
97 | '--output', encfs_keyfile] + recipients, | |
98 | stdin=subprocess.PIPE) | |
99 | gpg.communicate(pwd.encode('utf-8')) | |
100 | @@ -133,9 +141,10 @@ def init(encfs_decrypted, encfs_encrypted, recipients): | |
101 | # NB2: We can not use padlock_unlock here, because the config file | |
102 | # does not yet exist. | |
103 | encfs = subprocess.Popen([ | |
104 | - 'encfs', encfs_encrypted, encfs_decrypted, | |
105 | + ENCFS, encfs_encrypted, encfs_decrypted, | |
106 | '--extpass', | |
107 | - 'gpg --decrypt --no-mdc-warning --output - '+shquote(encfs_keyfile)], | |
108 | + GPG + ' --decrypt --no-mdc-warning --output - ' | |
109 | + + shquote(encfs_keyfile)], | |
110 | stdin=subprocess.PIPE) | |
111 | encfs.communicate(('p\n'+pwd).encode('utf-8')) | |
112 | ||
113 | @@ -154,7 +163,7 @@ def init(encfs_decrypted, encfs_encrypted, recipients): | |
114 | ||
115 | # Protect the EncFS configuration file by also encrypting it with | |
116 | # the GPG keys of recipients. | |
117 | - subprocess.call(['gpg', '--encrypt', '--armor', | |
118 | + subprocess.call([GPG, '--encrypt', '--armor', | |
119 | '--output', encfs_configfile+'.asc'] | |
120 | + recipients + [encfs_configfile]) | |
121 | os.remove(encfs_configfile) | |
122 | diff --git a/bin/debops-task b/bin/debops-task | |
123 | index 223e5f834..dc31ad4e6 100755 | |
124 | --- a/bin/debops-task | |
125 | +++ b/bin/debops-task | |
126 | @@ -49,11 +49,14 @@ project_root = find_debops_project(required=True) | |
127 | # todo: need to decide on semantics! | |
128 | # config = read_config(project_root) | |
129 | ||
130 | +# External programms used. List here for easy substitution for | |
131 | +# hard-coded paths. | |
132 | +ANSIBLE = 'ansible' | |
133 | ||
134 | # ---- Main script ---- | |
135 | ||
136 | # Make sure required commands are present | |
137 | -require_commands('ansible') | |
138 | +require_commands(ANSIBLE) | |
139 | ||
140 | ansible_inventory = find_inventorypath(project_root) | |
141 | ||
142 | @@ -71,5 +74,5 @@ if INSECURE: | |
143 | os.environ['ANSIBLE_HOST_KEY_CHECKING'] = 'False' | |
144 | ||
145 | # Run ansible with custom environment | |
146 | -cmd = ['ansible'] + module + sys.argv[1:] | |
147 | +cmd = [ANSIBLE] + module + sys.argv[1:] | |
148 | subprocess.call(cmd) | |
149 | diff --git a/bin/debops-update b/bin/debops-update | |
150 | index 88c5e2c82..cc7e57cb0 100755 | |
151 | --- a/bin/debops-update | |
152 | +++ b/bin/debops-update | |
153 | @@ -90,6 +90,10 @@ GALAXY_REQUIREMENTS = "galaxy/requirements.txt" | |
154 | # Default Ansible Galaxy user account name | |
155 | GALAXY_ACCOUNT = "debops" | |
156 | ||
157 | +# External programms used. List here for easy substitution for | |
158 | +# hard-coded paths. | |
159 | +GIT = 'git' | |
160 | + | |
161 | ||
162 | # ---- Functions ---- | |
163 | ||
164 | @@ -137,7 +141,7 @@ def clone_git_repository(repo_uri, branch, destination, dry_run=False): | |
165 | if dry_run: | |
166 | print("Cloning '%s' to %s..." % (repo_uri, destination)) | |
167 | else: | |
168 | - subprocess.call(['git', 'clone', '--quiet', '--branch', branch, | |
169 | + subprocess.call([GIT, 'clone', '--quiet', '--branch', branch, | |
170 | repo_uri, destination]) | |
171 | ||
172 | ||
173 | @@ -152,22 +156,22 @@ def update_git_repository(path, dry_run=False, remote_uri=False): | |
174 | os.chdir(path) | |
175 | ||
176 | if dry_run: | |
177 | - subprocess.call(['git', 'fetch']) | |
178 | - subprocess.call(['git', 'diff', 'HEAD', 'origin', '--stat']) | |
179 | + subprocess.call([GIT, 'fetch']) | |
180 | + subprocess.call([GIT, 'diff', 'HEAD', 'origin', '--stat']) | |
181 | else: | |
182 | # Get the current sha of the head branch | |
183 | current_sha = subprocess.check_output( | |
184 | - ['git', 'rev-parse', 'HEAD']).strip() | |
185 | + [GIT, 'rev-parse', 'HEAD']).strip() | |
186 | ||
187 | # Fetch it silently and store the new sha | |
188 | - subprocess.call(['git', 'fetch', '--quiet']) | |
189 | + subprocess.call([GIT, 'fetch', '--quiet']) | |
190 | fetch_sha = subprocess.check_output( | |
191 | - ['git', 'rev-parse', 'FETCH_HEAD']).strip() | |
192 | + [GIT, 'rev-parse', 'FETCH_HEAD']).strip() | |
193 | ||
194 | if current_sha != fetch_sha: | |
195 | print() | |
196 | print('--') | |
197 | - subprocess.call(['git', 'merge', fetch_sha]) | |
198 | + subprocess.call([GIT, 'merge', fetch_sha]) | |
199 | ||
200 | if remote_uri: | |
201 | compare_uri = (remote_uri + '/compare/' + current_sha[:7] | |
202 | diff --git a/debops/__init__.py b/debops/__init__.py | |
203 | index 1c2cedcb0..da8430e41 100644 | |
204 | --- a/debops/__init__.py | |
205 | +++ b/debops/__init__.py | |
206 | @@ -93,6 +93,13 @@ ENCFS_KEYFILE = ".encfs6.keyfile" | |
207 | # Length of the random EncFS password stored in encrypted keyfile | |
208 | ENCFS_KEYFILE_LENGTH = 256 | |
209 | ||
210 | +# External programms used. List here for easy substitution for | |
211 | +# hard-coded paths. | |
212 | +ENCFS = 'encfs' | |
213 | +FUSERMOUNT = 'fusermount' | |
214 | +UMOUNT = 'umount' | |
215 | +GPG = 'gpg' | |
216 | + | |
217 | ||
218 | # ---- Functions ---- | |
219 | ||
220 | @@ -180,9 +187,9 @@ def padlock_lock(encrypted_path): | |
221 | return False | |
222 | # OS X compatibility | |
223 | if sys.platform == 'darwin': | |
224 | - subprocess.call(['umount', decrypted_path]) | |
225 | + subprocess.call([UMOUNT, decrypted_path]) | |
226 | else: | |
227 | - subprocess.call(['fusermount', '-u', decrypted_path]) | |
228 | + subprocess.call([FUSERMOUNT, '-u', decrypted_path]) | |
229 | return True | |
230 | ||
231 | ||
232 | @@ -237,14 +244,14 @@ def padlock_unlock(encrypted_path): | |
233 | # Start encfs. It will wait for input on the `configfile` named | |
234 | # pipe. | |
235 | encfs = subprocess.Popen([ | |
236 | - 'encfs', encrypted_path, decrypted_path, | |
237 | + ENCFS, encrypted_path, decrypted_path, | |
238 | '--extpass', | |
239 | - 'gpg --decrypt --no-mdc-warning --output - %s' % shquote(keyfile)]) | |
240 | + GPG + ' --decrypt --no-mdc-warning --output - %s' % shquote(keyfile)]) | |
241 | # now decrypt the config and write it into the named pipe | |
242 | with open(configfile, 'w') as fh: | |
243 | # NB: gpg must write to stdout to avoid it is asking whether | |
244 | # the file should be overwritten | |
245 | - subprocess.Popen(['gpg', | |
246 | + subprocess.Popen([GPG, | |
247 | '--decrypt', '--no-mdc-warning', '--output', '-', | |
248 | crypted_configfile], stdout=fh).wait() | |
249 | encfs.wait() | |
250 | diff --git a/debops/cmds/__init__.py b/debops/cmds/__init__.py | |
251 | index b221fa191..9fabf43a5 100644 | |
252 | --- a/debops/cmds/__init__.py | |
253 | +++ b/debops/cmds/__init__.py | |
254 | @@ -55,6 +55,10 @@ SCRIPT_NAME = os.path.basename(sys.argv[0]) | |
255 | # command line) | |
256 | INSECURE = bool(os.environ.get('INSECURE', False)) | |
257 | ||
258 | +# External programms used. List here for easy substitution for | |
259 | +# hard-coded paths. | |
260 | +WHICH = 'which' | |
261 | + | |
262 | ||
263 | def error_msg(message, severity="Error"): | |
264 | """ | |
265 | @@ -70,7 +74,7 @@ def require_commands(*cmd_names): | |
266 | Check if required commands exist. | |
267 | """ | |
268 | def command_exists(cmd_name): | |
269 | - which = "where" if platform.system() == "Windows" else "which" | |
270 | + which = "where" if platform.system() == "Windows" else WHICH | |
271 | return not subprocess.call([which, cmd_name], | |
272 | stdout=DEVNULL, stderr=subprocess.STDOUT) | |
273 | ||
274 | -- | |
275 | 2.21.0 | |
276 |