| 1 | From 78d5cddafebb28e2e54efeb781495b5607ddb356 Mon Sep 17 00:00:00 2001 |
| 2 | From: Hartmut Goebel <h.goebel@crazy-compilers.com> |
| 3 | Date: Thu, 8 Aug 2019 15:19:48 +0200 |
| 4 | Subject: [PATCH] Scripts: Use constants for external program names. |
| 5 | |
| 6 | This makes it much, much easier to replace the program |
| 7 | with one using an absolute path. This is necessary for |
| 8 | e.g. Guix to keep references to these external programs. |
| 9 | --- |
| 10 | bin/debops | 10 +++++++--- |
| 11 | bin/debops-padlock | 21 +++++++++++++++------ |
| 12 | bin/debops-task | 7 +++++-- |
| 13 | bin/debops-update | 18 +++++++++++------- |
| 14 | debops/__init__.py | 17 ++++++++++++----- |
| 15 | debops/cmds/__init__.py | 6 +++++- |
| 16 | 6 files changed, 55 insertions(+), 24 deletions(-) |
| 17 | |
| 18 | diff --git a/bin/debops b/bin/debops |
| 19 | index 2b7ad3f88..caaeb892f 100755 |
| 20 | --- a/bin/debops |
| 21 | +++ b/bin/debops |
| 22 | @@ -59,6 +59,10 @@ ConfigFileHeader = """\ |
| 23 | # You can manipulate the contents of this file via `.debops.cfg`. |
| 24 | """ |
| 25 | |
| 26 | +# External programms used. List here for easy substitution for |
| 27 | +# hard-coded paths. |
| 28 | +ANSIBLE_PLAYBOOK = 'ansible-playbook' |
| 29 | + |
| 30 | |
| 31 | def write_config(filename, config): |
| 32 | cfgparser = configparser.ConfigParser() |
| 33 | @@ -131,7 +135,7 @@ def gen_ansible_cfg(filename, config, project_root, playbooks_path, |
| 34 | os.path.join(playbooks_path, "roles"), |
| 35 | "/etc/ansible/roles"))) |
| 36 | |
| 37 | - ansible_version_out = subprocess.check_output(["ansible-playbook", |
| 38 | + ansible_version_out = subprocess.check_output([ANSIBLE_PLAYBOOK, |
| 39 | "--version"]).decode() |
| 40 | |
| 41 | # Get first line and split by spaces to get second 'word'. |
| 42 | @@ -197,7 +201,7 @@ def main(cmd_args): |
| 43 | playbooks_path = '/nonexistent' |
| 44 | |
| 45 | # Make sure required commands are present |
| 46 | - require_commands('ansible-playbook') |
| 47 | + require_commands(ANSIBLE_PLAYBOOK) |
| 48 | |
| 49 | # Check if user specified a potential playbook name as the first |
| 50 | # argument. If yes, use it as the playbook name and remove it from |
| 51 | @@ -256,7 +260,7 @@ def main(cmd_args): |
| 52 | print("Running Ansible playbooks:") |
| 53 | for element in play_list: |
| 54 | print(element) |
| 55 | - return subprocess.call(['ansible-playbook'] + play_list + arg_list) |
| 56 | + return subprocess.call([ANSIBLE_PLAYBOOK] + play_list + arg_list) |
| 57 | finally: |
| 58 | if revert_unlock: |
| 59 | padlock_lock(encfs_encrypted) |
| 60 | diff --git a/bin/debops-padlock b/bin/debops-padlock |
| 61 | index bfdfb8e06..2a97716cd 100755 |
| 62 | --- a/bin/debops-padlock |
| 63 | +++ b/bin/debops-padlock |
| 64 | @@ -67,6 +67,14 @@ devrandom = os.environ.get('DEVRANDOM', "/dev/urandom") |
| 65 | |
| 66 | SCRIPT_FILENAME = 'padlock-script' |
| 67 | |
| 68 | +# External programms used. List here for easy substitution for |
| 69 | +# hard-coded paths. |
| 70 | +ENCFS = 'encfs' |
| 71 | +FIND = 'find' |
| 72 | +FUSERMOUNT = 'fusermount' |
| 73 | +UMOUNT = 'umount' |
| 74 | +GPG = 'gpg' |
| 75 | + |
| 76 | # ---- DebOps environment setup ---- |
| 77 | |
| 78 | |
| 79 | @@ -80,9 +88,9 @@ def main(subcommand_func, **kwargs): |
| 80 | # Make sure required commands are present |
| 81 | # OS X compatibility |
| 82 | if sys.platform == 'darwin': |
| 83 | - require_commands('encfs', 'find', 'umount', 'gpg') |
| 84 | + require_commands(ENCFS, FIND, UMOUNT, GPG) |
| 85 | else: |
| 86 | - require_commands('encfs', 'find', 'fusermount', 'gpg') |
| 87 | + require_commands(ENCFS, FIND, FUSERMOUNT, GPG) |
| 88 | |
| 89 | inventory_path = find_inventorypath(project_root, required=False) |
| 90 | # If inventory hasn't been found automatically, assume it's the default |
| 91 | @@ -121,7 +129,7 @@ def init(encfs_decrypted, encfs_encrypted, recipients): |
| 92 | # Generate a random password and encrypt it with GPG keys of recipients. |
| 93 | print("Generating a random", ENCFS_KEYFILE_LENGTH, "char password") |
| 94 | pwd = gen_pwd() |
| 95 | - gpg = subprocess.Popen(['gpg', '--encrypt', '--armor', |
| 96 | + gpg = subprocess.Popen([GPG, '--encrypt', '--armor', |
| 97 | '--output', encfs_keyfile] + recipients, |
| 98 | stdin=subprocess.PIPE) |
| 99 | gpg.communicate(pwd.encode('utf-8')) |
| 100 | @@ -133,9 +141,10 @@ def init(encfs_decrypted, encfs_encrypted, recipients): |
| 101 | # NB2: We can not use padlock_unlock here, because the config file |
| 102 | # does not yet exist. |
| 103 | encfs = subprocess.Popen([ |
| 104 | - 'encfs', encfs_encrypted, encfs_decrypted, |
| 105 | + ENCFS, encfs_encrypted, encfs_decrypted, |
| 106 | '--extpass', |
| 107 | - 'gpg --decrypt --no-mdc-warning --output - '+shquote(encfs_keyfile)], |
| 108 | + GPG + ' --decrypt --no-mdc-warning --output - ' |
| 109 | + + shquote(encfs_keyfile)], |
| 110 | stdin=subprocess.PIPE) |
| 111 | encfs.communicate(('p\n'+pwd).encode('utf-8')) |
| 112 | |
| 113 | @@ -154,7 +163,7 @@ def init(encfs_decrypted, encfs_encrypted, recipients): |
| 114 | |
| 115 | # Protect the EncFS configuration file by also encrypting it with |
| 116 | # the GPG keys of recipients. |
| 117 | - subprocess.call(['gpg', '--encrypt', '--armor', |
| 118 | + subprocess.call([GPG, '--encrypt', '--armor', |
| 119 | '--output', encfs_configfile+'.asc'] |
| 120 | + recipients + [encfs_configfile]) |
| 121 | os.remove(encfs_configfile) |
| 122 | diff --git a/bin/debops-task b/bin/debops-task |
| 123 | index 223e5f834..dc31ad4e6 100755 |
| 124 | --- a/bin/debops-task |
| 125 | +++ b/bin/debops-task |
| 126 | @@ -49,11 +49,14 @@ project_root = find_debops_project(required=True) |
| 127 | # todo: need to decide on semantics! |
| 128 | # config = read_config(project_root) |
| 129 | |
| 130 | +# External programms used. List here for easy substitution for |
| 131 | +# hard-coded paths. |
| 132 | +ANSIBLE = 'ansible' |
| 133 | |
| 134 | # ---- Main script ---- |
| 135 | |
| 136 | # Make sure required commands are present |
| 137 | -require_commands('ansible') |
| 138 | +require_commands(ANSIBLE) |
| 139 | |
| 140 | ansible_inventory = find_inventorypath(project_root) |
| 141 | |
| 142 | @@ -71,5 +74,5 @@ if INSECURE: |
| 143 | os.environ['ANSIBLE_HOST_KEY_CHECKING'] = 'False' |
| 144 | |
| 145 | # Run ansible with custom environment |
| 146 | -cmd = ['ansible'] + module + sys.argv[1:] |
| 147 | +cmd = [ANSIBLE] + module + sys.argv[1:] |
| 148 | subprocess.call(cmd) |
| 149 | diff --git a/bin/debops-update b/bin/debops-update |
| 150 | index 88c5e2c82..cc7e57cb0 100755 |
| 151 | --- a/bin/debops-update |
| 152 | +++ b/bin/debops-update |
| 153 | @@ -90,6 +90,10 @@ GALAXY_REQUIREMENTS = "galaxy/requirements.txt" |
| 154 | # Default Ansible Galaxy user account name |
| 155 | GALAXY_ACCOUNT = "debops" |
| 156 | |
| 157 | +# External programms used. List here for easy substitution for |
| 158 | +# hard-coded paths. |
| 159 | +GIT = 'git' |
| 160 | + |
| 161 | |
| 162 | # ---- Functions ---- |
| 163 | |
| 164 | @@ -137,7 +141,7 @@ def clone_git_repository(repo_uri, branch, destination, dry_run=False): |
| 165 | if dry_run: |
| 166 | print("Cloning '%s' to %s..." % (repo_uri, destination)) |
| 167 | else: |
| 168 | - subprocess.call(['git', 'clone', '--quiet', '--branch', branch, |
| 169 | + subprocess.call([GIT, 'clone', '--quiet', '--branch', branch, |
| 170 | repo_uri, destination]) |
| 171 | |
| 172 | |
| 173 | @@ -152,22 +156,22 @@ def update_git_repository(path, dry_run=False, remote_uri=False): |
| 174 | os.chdir(path) |
| 175 | |
| 176 | if dry_run: |
| 177 | - subprocess.call(['git', 'fetch']) |
| 178 | - subprocess.call(['git', 'diff', 'HEAD', 'origin', '--stat']) |
| 179 | + subprocess.call([GIT, 'fetch']) |
| 180 | + subprocess.call([GIT, 'diff', 'HEAD', 'origin', '--stat']) |
| 181 | else: |
| 182 | # Get the current sha of the head branch |
| 183 | current_sha = subprocess.check_output( |
| 184 | - ['git', 'rev-parse', 'HEAD']).strip() |
| 185 | + [GIT, 'rev-parse', 'HEAD']).strip() |
| 186 | |
| 187 | # Fetch it silently and store the new sha |
| 188 | - subprocess.call(['git', 'fetch', '--quiet']) |
| 189 | + subprocess.call([GIT, 'fetch', '--quiet']) |
| 190 | fetch_sha = subprocess.check_output( |
| 191 | - ['git', 'rev-parse', 'FETCH_HEAD']).strip() |
| 192 | + [GIT, 'rev-parse', 'FETCH_HEAD']).strip() |
| 193 | |
| 194 | if current_sha != fetch_sha: |
| 195 | print() |
| 196 | print('--') |
| 197 | - subprocess.call(['git', 'merge', fetch_sha]) |
| 198 | + subprocess.call([GIT, 'merge', fetch_sha]) |
| 199 | |
| 200 | if remote_uri: |
| 201 | compare_uri = (remote_uri + '/compare/' + current_sha[:7] |
| 202 | diff --git a/debops/__init__.py b/debops/__init__.py |
| 203 | index 1c2cedcb0..da8430e41 100644 |
| 204 | --- a/debops/__init__.py |
| 205 | +++ b/debops/__init__.py |
| 206 | @@ -93,6 +93,13 @@ ENCFS_KEYFILE = ".encfs6.keyfile" |
| 207 | # Length of the random EncFS password stored in encrypted keyfile |
| 208 | ENCFS_KEYFILE_LENGTH = 256 |
| 209 | |
| 210 | +# External programms used. List here for easy substitution for |
| 211 | +# hard-coded paths. |
| 212 | +ENCFS = 'encfs' |
| 213 | +FUSERMOUNT = 'fusermount' |
| 214 | +UMOUNT = 'umount' |
| 215 | +GPG = 'gpg' |
| 216 | + |
| 217 | |
| 218 | # ---- Functions ---- |
| 219 | |
| 220 | @@ -180,9 +187,9 @@ def padlock_lock(encrypted_path): |
| 221 | return False |
| 222 | # OS X compatibility |
| 223 | if sys.platform == 'darwin': |
| 224 | - subprocess.call(['umount', decrypted_path]) |
| 225 | + subprocess.call([UMOUNT, decrypted_path]) |
| 226 | else: |
| 227 | - subprocess.call(['fusermount', '-u', decrypted_path]) |
| 228 | + subprocess.call([FUSERMOUNT, '-u', decrypted_path]) |
| 229 | return True |
| 230 | |
| 231 | |
| 232 | @@ -237,14 +244,14 @@ def padlock_unlock(encrypted_path): |
| 233 | # Start encfs. It will wait for input on the `configfile` named |
| 234 | # pipe. |
| 235 | encfs = subprocess.Popen([ |
| 236 | - 'encfs', encrypted_path, decrypted_path, |
| 237 | + ENCFS, encrypted_path, decrypted_path, |
| 238 | '--extpass', |
| 239 | - 'gpg --decrypt --no-mdc-warning --output - %s' % shquote(keyfile)]) |
| 240 | + GPG + ' --decrypt --no-mdc-warning --output - %s' % shquote(keyfile)]) |
| 241 | # now decrypt the config and write it into the named pipe |
| 242 | with open(configfile, 'w') as fh: |
| 243 | # NB: gpg must write to stdout to avoid it is asking whether |
| 244 | # the file should be overwritten |
| 245 | - subprocess.Popen(['gpg', |
| 246 | + subprocess.Popen([GPG, |
| 247 | '--decrypt', '--no-mdc-warning', '--output', '-', |
| 248 | crypted_configfile], stdout=fh).wait() |
| 249 | encfs.wait() |
| 250 | diff --git a/debops/cmds/__init__.py b/debops/cmds/__init__.py |
| 251 | index b221fa191..9fabf43a5 100644 |
| 252 | --- a/debops/cmds/__init__.py |
| 253 | +++ b/debops/cmds/__init__.py |
| 254 | @@ -55,6 +55,10 @@ SCRIPT_NAME = os.path.basename(sys.argv[0]) |
| 255 | # command line) |
| 256 | INSECURE = bool(os.environ.get('INSECURE', False)) |
| 257 | |
| 258 | +# External programms used. List here for easy substitution for |
| 259 | +# hard-coded paths. |
| 260 | +WHICH = 'which' |
| 261 | + |
| 262 | |
| 263 | def error_msg(message, severity="Error"): |
| 264 | """ |
| 265 | @@ -70,7 +74,7 @@ def require_commands(*cmd_names): |
| 266 | Check if required commands exist. |
| 267 | """ |
| 268 | def command_exists(cmd_name): |
| 269 | - which = "where" if platform.system() == "Windows" else "which" |
| 270 | + which = "where" if platform.system() == "Windows" else WHICH |
| 271 | return not subprocess.call([which, cmd_name], |
| 272 | stdout=DEVNULL, stderr=subprocess.STDOUT) |
| 273 | |
| 274 | -- |
| 275 | 2.21.0 |
| 276 | |