#!/usr/bin/python # -*- coding: utf-8 -*- # Copyright (c) 2017-2020, Yann Amar <quidame@poivron.org> # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = r''' --- module: dpkg_divert short_description: Override a debian package's version of a file version_added: '0.2.0' author: - quidame (@quidame) description: - A diversion is for C(dpkg) the knowledge that only a given package (or the local administrator) is allowed to install a file at a given location. Other packages shipping their own version of this file will be forced to O(divert) it, that is to install it at another location. It allows one to keep changes in a file provided by a debian package by preventing its overwrite at package upgrade. - This module manages diversions of debian packages files using the C(dpkg-divert) commandline tool. It can either create or remove a diversion for a given file, but also update an existing diversion to modify its O(holder) and/or its O(divert) location. extends_documentation_fragment: - community.general.attributes attributes: check_mode: support: full diff_mode: support: full options: path: description: - The original and absolute path of the file to be diverted or undiverted. This path is unique, i.e. it is not possible to get two diversions for the same O(path). required: true type: path state: description: - When O(state=absent), remove the diversion of the specified O(path); when O(state=present), create the diversion if it does not exist, or update its package O(holder) or O(divert) location, if it already exists. type: str default: present choices: [absent, present] holder: description: - The name of the package whose copy of file is not diverted, also known as the diversion holder or the package the diversion belongs to. - The actual package does not have to be installed or even to exist for its name to be valid. If not specified, the diversion is hold by 'LOCAL', that is reserved by/for dpkg for local diversions. - This parameter is ignored when O(state=absent). type: str divert: description: - The location where the versions of file will be diverted. - Default is to add suffix C(.distrib) to the file path. - This parameter is ignored when O(state=absent). type: path rename: description: - Actually move the file aside (when O(state=present)) or back (when O(state=absent)), but only when changing the state of the diversion. This parameter has no effect when attempting to add a diversion that already exists or when removing an unexisting one. - Unless O(force=true), renaming fails if the destination file already exists (this lock being a dpkg-divert feature, and bypassing it being a module feature). type: bool default: false force: description: - When O(rename=true) and O(force=true), renaming is performed even if the target of the renaming exists, i.e. the existing contents of the file at this location will be lost. - This parameter is ignored when O(rename=false). type: bool default: false requirements: - dpkg-divert >= 1.15.0 (Debian family) ''' EXAMPLES = r''' - name: Divert /usr/bin/busybox to /usr/bin/busybox.distrib and keep file in place community.general.dpkg_divert: path: /usr/bin/busybox - name: Divert /usr/bin/busybox by package 'branding' community.general.dpkg_divert: path: /usr/bin/busybox holder: branding - name: Divert and rename busybox to busybox.dpkg-divert community.general.dpkg_divert: path: /usr/bin/busybox divert: /usr/bin/busybox.dpkg-divert rename: true - name: Remove the busybox diversion and move the diverted file back community.general.dpkg_divert: path: /usr/bin/busybox state: absent rename: true force: true ''' RETURN = r''' commands: description: The dpkg-divert commands ran internally by the module. type: list returned: on_success elements: str sample: "/usr/bin/dpkg-divert --no-rename --remove /etc/foobarrc" messages: description: The dpkg-divert relevant messages (stdout or stderr). type: list returned: on_success elements: str sample: "Removing 'local diversion of /etc/foobarrc to /etc/foobarrc.distrib'" diversion: description: The status of the diversion after task execution. type: dict returned: always contains: divert: description: The location of the diverted file. type: str holder: description: The package holding the diversion. type: str path: description: The path of the file to divert/undivert. type: str state: description: The state of the diversion. type: str sample: { "divert": "/etc/foobarrc.distrib", "holder": "LOCAL", "path": "/etc/foobarrc", "state": "present" } ''' import re import os from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.common.text.converters import to_bytes, to_native from ansible_collections.community.general.plugins.module_utils.version import LooseVersion def diversion_state(module, command, path): diversion = dict(path=path, state='absent', divert=None, holder=None) rc, out, err = module.run_command([command, '--listpackage', path], check_rc=True) if out: diversion['state'] = 'present' diversion['holder'] = out.rstrip() rc, out, err = module.run_command([command, '--truename', path], check_rc=True) diversion['divert'] = out.rstrip() return diversion def main(): module = AnsibleModule( argument_spec=dict( path=dict(required=True, type='path'), state=dict(required=False, type='str', default='present', choices=['absent', 'present']), holder=dict(required=False, type='str'), divert=dict(required=False, type='path'), rename=dict(required=False, type='bool', default=False), force=dict(required=False, type='bool', default=False), ), supports_check_mode=True, ) path = module.params['path'] state = module.params['state'] holder = module.params['holder'] divert = module.params['divert'] rename = module.params['rename'] force = module.params['force'] diversion_wanted = dict(path=path, state=state) changed = False DPKG_DIVERT = module.get_bin_path('dpkg-divert', required=True) MAINCOMMAND = [DPKG_DIVERT] # Option --listpackage is needed and comes with 1.15.0 rc, stdout, stderr = module.run_command([DPKG_DIVERT, '--version'], check_rc=True) [current_version] = [x for x in stdout.splitlines()[0].split() if re.match('^[0-9]+[.][0-9]', x)] if LooseVersion(current_version) < LooseVersion("1.15.0"): module.fail_json(msg="Unsupported dpkg version (<1.15.0).") no_rename_is_supported = (LooseVersion(current_version) >= LooseVersion("1.19.1")) b_path = to_bytes(path, errors='surrogate_or_strict') path_exists = os.path.exists(b_path) # Used for things not doable with a single dpkg-divert command (as forced # renaming of files, and diversion's 'holder' or 'divert' updates). target_exists = False truename_exists = False diversion_before = diversion_state(module, DPKG_DIVERT, path) if diversion_before['state'] == 'present': b_divert = to_bytes(diversion_before['divert'], errors='surrogate_or_strict') truename_exists = os.path.exists(b_divert) # Append options as requested in the task parameters, but ignore some of # them when removing the diversion. if rename: MAINCOMMAND.append('--rename') elif no_rename_is_supported: MAINCOMMAND.append('--no-rename') if state == 'present': if holder and holder != 'LOCAL': MAINCOMMAND.extend(['--package', holder]) diversion_wanted['holder'] = holder else: MAINCOMMAND.append('--local') diversion_wanted['holder'] = 'LOCAL' if divert: MAINCOMMAND.extend(['--divert', divert]) target = divert else: target = '%s.distrib' % path MAINCOMMAND.extend(['--add', path]) diversion_wanted['divert'] = target b_target = to_bytes(target, errors='surrogate_or_strict') target_exists = os.path.exists(b_target) else: MAINCOMMAND.extend(['--remove', path]) diversion_wanted['divert'] = None diversion_wanted['holder'] = None # Start to populate the returned objects. diversion = diversion_before.copy() maincommand = ' '.join(MAINCOMMAND) commands = [maincommand] if module.check_mode or diversion_wanted == diversion_before: MAINCOMMAND.insert(1, '--test') diversion_after = diversion_wanted # Just try and see rc, stdout, stderr = module.run_command(MAINCOMMAND) if rc == 0: messages = [stdout.rstrip()] # else... cases of failure with dpkg-divert are: # - The diversion does not belong to the same package (or LOCAL) # - The divert filename is not the same (e.g. path.distrib != path.divert) # - The renaming is forbidden by dpkg-divert (i.e. both the file and the # diverted file exist) elif state != diversion_before['state']: # There should be no case with 'divert' and 'holder' when creating the # diversion from none, and they're ignored when removing the diversion. # So this is all about renaming... if rename and path_exists and ( (state == 'absent' and truename_exists) or (state == 'present' and target_exists)): if not force: msg = "Set 'force' param to True to force renaming of files." module.fail_json(changed=changed, cmd=maincommand, rc=rc, msg=msg, stderr=stderr, stdout=stdout, diversion=diversion) else: msg = "Unexpected error while changing state of the diversion." module.fail_json(changed=changed, cmd=maincommand, rc=rc, msg=msg, stderr=stderr, stdout=stdout, diversion=diversion) to_remove = path if state == 'present': to_remove = target if not module.check_mode: try: b_remove = to_bytes(to_remove, errors='surrogate_or_strict') os.unlink(b_remove) except OSError as e: msg = 'Failed to remove %s: %s' % (to_remove, to_native(e)) module.fail_json(changed=changed, cmd=maincommand, rc=rc, msg=msg, stderr=stderr, stdout=stdout, diversion=diversion) rc, stdout, stderr = module.run_command(MAINCOMMAND, check_rc=True) messages = [stdout.rstrip()] # The situation is that we want to modify the settings (holder or divert) # of an existing diversion. dpkg-divert does not handle this, and we have # to remove the existing diversion first, and then set a new one. else: RMDIVERSION = [DPKG_DIVERT, '--remove', path] if no_rename_is_supported: RMDIVERSION.insert(1, '--no-rename') rmdiversion = ' '.join(RMDIVERSION) if module.check_mode: RMDIVERSION.insert(1, '--test') if rename: MAINCOMMAND.remove('--rename') if no_rename_is_supported: MAINCOMMAND.insert(1, '--no-rename') maincommand = ' '.join(MAINCOMMAND) commands = [rmdiversion, maincommand] rc, rmdout, rmderr = module.run_command(RMDIVERSION, check_rc=True) if module.check_mode: messages = [rmdout.rstrip(), 'Running in check mode'] else: rc, stdout, stderr = module.run_command(MAINCOMMAND, check_rc=True) messages = [rmdout.rstrip(), stdout.rstrip()] # Avoid if possible to orphan files (i.e. to dereference them in diversion # database but let them in place), but do not make renaming issues fatal. # BTW, this module is not about state of files involved in the diversion. old = diversion_before['divert'] new = diversion_wanted['divert'] if new != old: b_old = to_bytes(old, errors='surrogate_or_strict') b_new = to_bytes(new, errors='surrogate_or_strict') if os.path.exists(b_old) and not os.path.exists(b_new): try: os.rename(b_old, b_new) except OSError as e: pass if not module.check_mode: diversion_after = diversion_state(module, DPKG_DIVERT, path) diversion = diversion_after.copy() diff = dict() if module._diff: diff['before'] = diversion_before diff['after'] = diversion_after if diversion_after != diversion_before: changed = True if diversion_after == diversion_wanted: module.exit_json(changed=changed, diversion=diversion, commands=commands, messages=messages, diff=diff) else: msg = "Unexpected error: see stdout and stderr for details." module.fail_json(changed=changed, cmd=maincommand, rc=rc, msg=msg, stderr=stderr, stdout=stdout, diversion=diversion) if __name__ == '__main__': main()