psi-jack/yadm
1
0
Fork 0
mirror of synced 2025-05-15 16:29:41 -04:00
Code Issues Releases Wiki Activity

Release 3.5.0

Browse source 
* Silence warnings when collecting alt files (#521)
  * Adjust handling of encrypt patterns to match 3.3.0 and older
  * Make encrypt exclude patterns only match encrypted files
  * Automatically exclude alt and template files (#234)
  * Support negative alt conditions (#365)
  * Handle filenames with space in bash completion (#341)
  * Add new yadm.filename template variable (#520)
This commit is contained in:
Erik Flodin 2025-03-04 00:05:35 +01:00
commit 7eabaee84c
No known key found for this signature in database
GPG key ID: 420A7C865EE3F85F
16 changed files with 440 additions and 210 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
CHANGES
View file

@ -1,3 +1,12 @@
3.5.0
* Silence warnings when collecting alt files (#521)
* Adjust handling of encrypt patterns to match 3.3.0 and older
* Make encrypt exclude patterns only match encrypted files
* Automatically exclude alt and template files (#234)
* Support negative alt conditions (#365)
* Handle filenames with space in bash completion (#341)
* Add new yadm.filename template variable (#520)
3.4.0
* Improve and harden alt file regeneration (#466)
* Fix "yadm config" in fish completion (#491)

1
CONTRIBUTORS
View file

@ -9,6 +9,7 @@ Jonathan Daigle
Luis López
Tin Lai
Espen Henriksen
AaronYoung5
Cameron Eagans
Klas Mellbourn
James Clark

1
Makefile
View file

@ -123,6 +123,7 @@ testhost: require-docker .testyadm
--hostname testhost \
--rm -it \
-v "$(CURDIR)/.testyadm:/bin/yadm:ro" \
-v "$(CURDIR)/completion/bash/yadm:/usr/share/bash-completion/completions/yadm:ro" \
$(IMAGE) \
bash -l

2
README.md
View file

@ -78,7 +78,7 @@ The star count helps others discover yadm.
[master-badge]: https://img.shields.io/github/actions/workflow/status/yadm-dev/yadm/test.yml?branch=master
[master-commits]: https://github.com/yadm-dev/yadm/commits/master
[master-date]: https://img.shields.io/github/last-commit/yadm-dev/yadm/master.svg?label=master
[obs-badge]: https://img.shields.io/badge/OBS-v3.4.0-blue
[obs-badge]: https://img.shields.io/badge/OBS-v3.5.0-blue
[obs-link]: https://software.opensuse.org/download.html?project=home%3ATheLocehiliosan%3Ayadm&package=yadm
[releases-badge]: https://img.shields.io/github/tag/yadm-dev/yadm.svg?label=latest+release
[releases-link]: https://github.com/yadm-dev/yadm/releases

67
completion/bash/yadm
View file

@ -1,88 +1,85 @@
# test if git completion is missing, but loader exists, attempt to load
if ! declare -F _git > /dev/null && ! declare -F __git_wrap__git_main > /dev/null; then
if declare -F _completion_loader > /dev/null; then
if ! declare -F _git >/dev/null && ! declare -F __git_wrap__git_main >/dev/null; then
if declare -F _completion_loader >/dev/null; then
_completion_loader git
fi
fi
# only operate if git completion is present
if declare -F _git > /dev/null || declare -F __git_wrap__git_main > /dev/null; then
if declare -F _git >/dev/null || declare -F __git_wrap__git_main >/dev/null; then
_yadm() {
local current=${COMP_WORDS[COMP_CWORD]}
local penultimate
if [ "$((COMP_CWORD-1))" -ge "0" ]; then
penultimate=${COMP_WORDS[COMP_CWORD-1]}
if ((COMP_CWORD >= 1)); then
penultimate=${COMP_WORDS[COMP_CWORD - 1]}
fi
local antepenultimate
if [ "$((COMP_CWORD-2))" -ge "0" ]; then
antepenultimate=${COMP_WORDS[COMP_CWORD-2]}
if ((COMP_CWORD >= 2)); then
antepenultimate=${COMP_WORDS[COMP_CWORD - 2]}
fi
local -x GIT_DIR
# shellcheck disable=SC2034
GIT_DIR="$(yadm introspect repo 2>/dev/null)"
case "$penultimate" in
bootstrap)
COMPREPLY=()
return 0
;;
;;
config)
COMPREPLY=( $(compgen -W "$(yadm introspect configs 2>/dev/null)") )
COMPREPLY=($(compgen -W "$(yadm introspect configs 2>/dev/null)"))
return 0
;;
;;
decrypt)
COMPREPLY=( $(compgen -W "-l" -- "$current") )
COMPREPLY=($(compgen -W "-l" -- "$current"))
return 0
;;
;;
init)
COMPREPLY=( $(compgen -W "-f -w" -- "$current") )
COMPREPLY=($(compgen -W "-f -w" -- "$current"))
return 0
;;
;;
introspect)
COMPREPLY=( $(compgen -W "commands configs repo switches" -- "$current") )
COMPREPLY=($(compgen -W "commands configs repo switches" -- "$current"))
return 0
;;
;;
help)
COMPREPLY=() # no specific help yet
return 0
;;
;;
list)
COMPREPLY=( $(compgen -W "-a" -- "$current") )
COMPREPLY=($(compgen -W "-a" -- "$current"))
return 0
;;
;;
esac
case "$antepenultimate" in
clone)
COMPREPLY=( $(compgen -W "-f -w -b --bootstrap --no-bootstrap" -- "$current") )
COMPREPLY=($(compgen -W "-f -w -b --bootstrap --no-bootstrap" -- "$current"))
return 0
;;
;;
esac
local yadm_switches=( $(yadm introspect switches 2>/dev/null) )
local yadm_switches=($(yadm introspect switches 2>/dev/null))
# this condition is so files are completed properly for --yadm-xxx options
if [[ " ${yadm_switches[*]} " != *" $penultimate "* ]]; then
# TODO: somehow solve the problem with [--yadm-xxx option] being
# incompatible with what git expects, namely [--arg=option]
if declare -F _git > /dev/null; then
if declare -F _git >/dev/null; then
_git
else
__git_wrap__git_main
fi
fi
if [[ "$current" =~ ^- ]]; then
local matching
matching=$(compgen -W "${yadm_switches[*]}" -- "$current")
__gitcompappend "$matching"
__gitcompappend "${yadm_switches[*]}" "" "$current" " "
fi
# Find the index of where the sub-command argument should go.
local command_idx
for (( command_idx=1 ; command_idx < ${#COMP_WORDS[@]} ; command_idx++ )); do
for ((command_idx = 1; command_idx < ${#COMP_WORDS[@]}; command_idx++)); do
local command_idx_arg="${COMP_WORDS[$command_idx]}"
if [[ " ${yadm_switches[*]} " = *" $command_idx_arg "* ]]; then
let command_idx++
@ -93,19 +90,11 @@ if declare -F _git > /dev/null || declare -F __git_wrap__git_main > /dev/null; t
fi
done
if [[ "$COMP_CWORD" = "$command_idx" ]]; then
local matching
matching=$(compgen -W "$(yadm introspect commands 2>/dev/null)" -- "$current")
__gitcompappend "$matching"
__gitcompappend "$(yadm introspect commands 2>/dev/null)" "" "$current" " "
fi
# remove duplicates found in COMPREPLY (a native bash way could be better)
if [ -n "${COMPREPLY[*]}" ]; then
COMPREPLY=($(echo "${COMPREPLY[@]}" | sort -u))
fi
}
complete -o bashdefault -o default -F _yadm yadm 2>/dev/null \
|| complete -o default -F _yadm yadm
complete -o bashdefault -o default -o nospace -F _yadm yadm 2>/dev/null ||
complete -o default -o nospace -F _yadm yadm
fi

8
test/conftest.py
View file

@ -609,14 +609,14 @@ disable-scdaemon
env["GNUPGHOME"] = home
# this pre-populates std files in the GNUPGHOME
runner(["gpg", "-k"], env=env)
runner(["gpg", "-k"], env=env, report=False)
def register_gpg_password(password):
"""Publish a new GPG mock password and flush cached passwords"""
home.join("mock-password").write(password)
runner(["gpgconf", "--reload", "gpg-agent"], env=env)
runner(["gpgconf", "--reload", "gpg-agent"], env=env, report=False)
yield data(home, register_gpg_password)
runner(["gpgconf", "--kill", "gpg-agent"], env=env)
runner(["gpgconf", "--remove-socketdir", "gpg-agent"], env=env)
runner(["gpgconf", "--kill", "gpg-agent"], env=env, report=False)
runner(["gpgconf", "--remove-socketdir", "gpg-agent"], env=env, report=False)

23
test/test_alt.py
View file

@ -217,6 +217,29 @@ def test_auto_alt(runner, yadm_cmd, paths, autoalt):
assert str(paths.work.join(source_file)) not in linked
@pytest.mark.usefixtures("ds1_copy")
@pytest.mark.parametrize("autoexclude", [None, "true", "false"])
def test_alt_exclude(runner, yadm_cmd, paths, autoexclude):
"""Test alt exclude"""
# set the value of auto-exclude
if autoexclude:
os.system(" ".join(yadm_cmd("config", "yadm.auto-exclude", autoexclude)))
utils.create_alt_files(paths, "##default")
run = runner(yadm_cmd("alt", "-d"))
assert run.success
run = runner(yadm_cmd("status", "-z", "-uall", "--ignored"))
assert run.success
assert run.err == ""
status = run.out.split("\0")
for link_path in TEST_PATHS:
flags = "??" if autoexclude == "false" else "!!"
assert f"{flags} {link_path}" in status
@pytest.mark.usefixtures("ds1_copy")
def test_stale_link_removal(runner, yadm_cmd, paths):
"""Stale links to alternative files are removed

5
test/test_encryption.py
View file

@ -92,6 +92,7 @@ def encrypt_targets(yadm_cmd, paths):
paths.work.join("globs dir/globs file2").write("globs file2")
expected.append("globs dir/globs file2")
paths.encrypt.write("globs*\n", mode="a")
paths.encrypt.write("globs d*/globs*\n", mode="a")
# blank lines
paths.encrypt.write("\n \n\t\n", mode="a")
@ -404,8 +405,8 @@ def test_encrypt_added_to_exclude(runner, yadm_cmd, paths, gnupg):
run = runner(yadm_cmd("encrypt"), env=env)
assert "test-encrypt-data" in paths.repo.join("info/exclude").read()
assert "original-data" in paths.repo.join("info/exclude").read()
assert "test-encrypt-data" in exclude_file.read()
assert "original-data" in exclude_file.read()
assert run.success
assert run.err == ""

13
test/test_unit_exclude_encrypted.py
View file

@ -9,7 +9,12 @@ import pytest
def test_exclude_encrypted(runner, tmpdir, yadm, encrypt_exists, auto_exclude, exclude):
"""Test exclude_encrypted()"""
header = "# yadm-auto-excludes\n# This section is managed by yadm.\n# Any edits below will be lost.\n"
header = """\
# yadm-auto-excludes
# This section is managed by yadm.
# Any edits below will be lost.
# yadm encrypt
"""
config_function = 'function config() { echo "false";}'
if auto_exclude:
@ -24,7 +29,7 @@ def test_exclude_encrypted(runner, tmpdir, yadm, encrypt_exists, auto_exclude, e
if exclude == "outdated":
exclude_file.write(f"original-exclude\n{header}outdated\n", ensure=True)
elif exclude == "up-to-date":
exclude_file.write(f"original-exclude\n{header}test-encrypt-data\n", ensure=True)
exclude_file.write(f"original-exclude\n{header}/test-encrypt-data\n", ensure=True)
script = f"""
YADM_TEST=1 source {yadm}
@ -42,9 +47,9 @@ def test_exclude_encrypted(runner, tmpdir, yadm, encrypt_exists, auto_exclude, e
if encrypt_exists:
assert exclude_file.exists()
if exclude == "missing":
assert exclude_file.read() == f"{header}test-encrypt-data\n"
assert exclude_file.read() == f"{header}/test-encrypt-data\n"
else:
assert exclude_file.read() == ("original-exclude\n" f"{header}test-encrypt-data\n")
assert exclude_file.read() == ("original-exclude\n" f"{header}/test-encrypt-data\n")
if exclude != "up-to-date":
assert f"Updating {exclude_file}" in run.out
else:

6
test/test_unit_parse_encrypt.py
View file

@ -100,10 +100,11 @@ def create_test_encrypt_data(paths):
edata += "*card1\n" # matches same file as the one above
paths.work.join("wildcard1").write("", ensure=True)
paths.work.join("wildcard2").write("", ensure=True)
paths.work.join("subdir/wildcard1").write("", ensure=True)
expected.add("wildcard1")
expected.add("wildcard2")
edata += "dirwild*\n"
edata += "dirwild*/file*\n"
paths.work.join("dirwildcard/file1").write("", ensure=True)
paths.work.join("dirwildcard/file2").write("", ensure=True)
expected.add("dirwildcard/file1")
@ -125,6 +126,9 @@ def create_test_encrypt_data(paths):
expected.add("ex ex/file4")
expected.add("ex ex/file6.text")
paths.work.join("dirwildcard/file7.ex").write("", ensure=True)
expected.add("dirwildcard/file7.ex")
# double star
edata += "doublestar/**/file*\n"
edata += "!**/file3\n"

73
test/test_unit_score_file.py
View file

@ -321,3 +321,76 @@ def test_underscores_and_upper_case_in_distro_and_family(runner, yadm):
assert run.success
assert run.err == ""
assert run.out == expected
def test_negative_class_condition(runner, yadm):
"""Test negative class condition: returns 0 when matching and proper score when not matching."""
script = f"""
YADM_TEST=1 source {yadm}
local_class="testclass"
local_classes=("testclass")
# 0
score=0
score_file "filename##~class.testclass" "dest"
echo "score: $score"
# 16
score=0
score_file "filename##~class.badclass" "dest"
echo "score2: $score"
# 16
score=0
score_file "filename##~c.badclass" "dest"
echo "score3: $score"
"""
run = runner(command=["bash"], inp=script)
assert run.success
output = run.out.strip().splitlines()
assert output[0] == "score: 0"
assert output[1] == "score2: 16"
assert output[2] == "score3: 16"
def test_negative_combined_conditions(runner, yadm):
"""Test negative conditions for multiple alt types: returns 0 when matching and proper score when not matching."""
script = f"""
YADM_TEST=1 source {yadm}
local_class="testclass"
local_classes=("testclass")
local_distro="testdistro"
# (0) + (0) = 0
score=0
score_file "filename##~class.testclass,~distro.testdistro" "dest"
echo "score: $score"
# (1000 + 16) + (1000 + 4) = 2020
score=0
score_file "filename##class.testclass,distro.testdistro" "dest"
echo "score2: $score"
# 0 (negated class condition)
score=0
score_file "filename##~class.badclass,~distro.testdistro" "dest"
echo "score3: $score"
# (1000 + 16) + (4) = 1020
score=0
score_file "filename##class.testclass,~distro.baddistro" "dest"
echo "score4: $score"
# (1000 + 16) + (16) = 1032
score=0
score_file "filename##class.testclass,~class.badclass" "dest"
echo "score5: $score"
"""
run = runner(command=["bash"], inp=script)
assert run.success
output = run.out.strip().splitlines()
assert output[0] == "score: 0"
assert output[1] == "score2: 2020"
assert output[2] == "score3: 0"
assert output[3] == "score4: 1020"
assert output[4] == "score5: 1032"

12
test/test_unit_template_default.py
View file

@ -141,7 +141,7 @@ end of template
INCLUDE_BASIC = "basic\n"
INCLUDE_VARIABLES = """\
included <{{ yadm.class }}> file
included <{{ yadm.class }}> file ({{yadm.filename}})
empty line above
"""
@ -151,8 +151,8 @@ TEMPLATE_INCLUDE = """\
The first line
{% include empty %}
An empty file removes the line above
{%include basic%}
{% include "./variables.{{ yadm.os }}" %}
{%include ./basic%}
{% include "variables.{{ yadm.os }}" %}
{% include dir/nested %}
Include basic again:
{% include basic %}
@ -161,7 +161,7 @@ EXPECTED_INCLUDE = f"""\
The first line
An empty file removes the line above
basic
included <{LOCAL_CLASS}> file
included <{LOCAL_CLASS}> file (VARIABLES_FILENAME)
empty line above
no newline at the end
@ -280,6 +280,8 @@ def test_include(runner, yadm, tmpdir):
input_file.chmod(FILE_MODE)
output_file = tmpdir.join("output")
expected = EXPECTED_INCLUDE.replace("VARIABLES_FILENAME", str(variables_file))
script = f"""
YADM_TEST=1 source {yadm}
set_awk
@ -290,7 +292,7 @@ def test_include(runner, yadm, tmpdir):
run = runner(command=["bash"], inp=script)
assert run.success
assert run.err == ""
assert output_file.read() == EXPECTED_INCLUDE
assert output_file.read() == expected
assert os.stat(output_file).st_mode == os.stat(input_file).st_mode

197
yadm
View file

@ -22,7 +22,7 @@ if [ -z "$BASH_VERSION" ]; then
[ "$YADM_TEST" != 1 ] && exec bash "$0" "$@"
fi
VERSION=3.4.0
VERSION=3.5.0
YADM_WORK="$HOME"
YADM_DIR=
@ -61,6 +61,7 @@ PROC_VERSION="/proc/version"
OPERATING_SYSTEM="Unknown"
ENCRYPT_INCLUDE_FILES="unparsed"
NO_ENCRYPT_TRACKED_FILES=()
LEGACY_WARNING_ISSUED=0
INVALID_ALT=()
@ -179,39 +180,50 @@ function score_file() {
local value=${field#*.}
[ "$field" = "$label" ] && value="" # when .value is omitted
# Check for negative condition prefix (e.g., "~<label>")
local negate=0
if [ "${label:0:1}" = "~" ]; then
negate=1
label="${label:1}"
fi
shopt -s nocasematch
local -i delta=-1
local -i delta=$((negate ? 1 : -1))
case "$label" in
default)
delta=0
if ((negate)); then
INVALID_ALT+=("$source")
else
delta=0
fi
;;
a | arch)
[[ "$value" = "$local_arch" ]] && delta=1
[[ "$value" = "$local_arch" ]] && delta=1 || delta=-1
;;
o | os)
[[ "$value" = "$local_system" ]] && delta=2
[[ "$value" = "$local_system" ]] && delta=2 || delta=-2
;;
d | distro)
[[ "${value// /_}" = "${local_distro// /_}" ]] && delta=4
[[ "${value// /_}" = "${local_distro// /_}" ]] && delta=4 || delta=-4
;;
f | distro_family)
[[ "${value// /_}" = "${local_distro_family// /_}" ]] && delta=8
[[ "${value// /_}" = "${local_distro_family// /_}" ]] && delta=8 || delta=-8
;;
c | class)
in_list "$value" "${local_classes[@]}" && delta=16
in_list "$value" "${local_classes[@]}" && delta=16 || delta=-16
;;
h | hostname)
[[ "$value" = "$local_host" ]] && delta=32
[[ "$value" = "$local_host" ]] && delta=32 || delta=-32
;;
u | user)
[[ "$value" = "$local_user" ]] && delta=64
[[ "$value" = "$local_user" ]] && delta=64 || delta=-64
;;
e | extension)
# extension isn't a condition and doesn't affect the score
continue
;;
t | template | yadm)
if [ -d "$source" ]; then
if [ -d "$source" ] || ((negate)); then
INVALID_ALT+=("$source")
else
template_processor=$(choose_template_processor "$value")
@ -230,11 +242,12 @@ function score_file() {
esac
shopt -u nocasematch
((negate)) && delta=$((-delta))
if ((delta < 0)); then
score=0
return
fi
score=$((score + 1000 + delta))
score=$((score + delta + (negate ? 0 : 1000)))
done
record_score "$score" "$target" "$source" "$template_processor"
@ -366,7 +379,7 @@ BEGIN {
yadm["user"] = user
yadm["distro"] = distro
yadm["distro_family"] = distro_family
yadm["source"] = source
yadm["source"] = ARGV[1]
VARIABLE = "(env|yadm)\\.[a-zA-Z0-9_]+"
@ -456,6 +469,9 @@ function replace_vars(input) {
if (fields[1] == "env") {
output = output ENVIRON[fields[2]]
}
else if (fields[2] == "filename") {
output = output filename[current]
}
else {
output = output yadm[fields[2]]
}
@ -472,7 +488,6 @@ EOF
-v user="$local_user" \
-v distro="$local_distro" \
-v distro_family="$local_distro_family" \
-v source="$input" \
-v source_dir="$(builtin_dirname "$input")" \
"$awk_pgm" \
"$input" "${local_classes[@]}"
@ -690,6 +705,11 @@ function set_local_alt_values() {
}
function alt_linking() {
local -a exclude=()
local log="debug"
[ -n "$loud" ] && log="echo"
local -i index
for ((index = 0; index < ${#alt_targets[@]}; ++index)); do
local target="${alt_targets[$index]}"
@ -708,17 +728,17 @@ function alt_linking() {
if [[ -n "$template_processor" ]]; then
template "$template_processor" "$source" "$target"
elif [[ "$do_copy" -eq 1 ]]; then
debug "Copying $source to $target"
[[ -n "$loud" ]] && echo "Copying $source to $target"
$log "Copying $source to $target"
cp -f "$source" "$target"
else
debug "Linking $source to $target"
[[ -n "$loud" ]] && echo "Linking $source to $target"
$log "Linking $source to $target"
ln_relative "$source" "$target"
fi
exclude+=("${target#"$YADM_WORK"}")
done
update_exclude alt "${exclude[@]}"
}
function ln_relative() {
@ -1042,6 +1062,12 @@ function encrypt() {
printf '%s\n' "${ENCRYPT_INCLUDE_FILES[@]}"
echo
if [ ${#NO_ENCRYPT_TRACKED_FILES[@]} -gt 0 ]; then
echo "Warning: The following files are tracked and will NOT be encrypted:"
printf '%s\n' "${NO_ENCRYPT_TRACKED_FILES[@]}"
echo
fi
# encrypt all files which match the globs
if tar -f - -c "${ENCRYPT_INCLUDE_FILES[@]}" | _encrypt_to "$YADM_ARCHIVE"; then
echo "Wrote new file: $YADM_ARCHIVE"
@ -1466,52 +1492,91 @@ function version() {
# ****** Utility Functions ******
function exclude_encrypted() {
function update_exclude() {
local auto_exclude
auto_exclude=$(config --bool yadm.auto-exclude)
[ "$auto_exclude" == "false" ] && return 0
exclude_path="${YADM_REPO}/info/exclude"
newline=$'\n'
exclude_flag="# yadm-auto-excludes"
exclude_header="${exclude_flag}${newline}"
local exclude_path="${YADM_REPO}/info/exclude"
local newline=$'\n'
local part_path="$exclude_path.yadm-$1"
local part_str
part_str=$(join_string "$newline" "${@:2}")
if [ -e "$part_path" ]; then
if [ "$part_str" = "$(<"$part_path")" ]; then
return
fi
rm -f "$part_path"
elif [ -z "$part_str" ]; then
return
fi
if [ -n "$part_str" ]; then
assert_parent "$part_path"
cat >"$part_path" <<<"$part_str"
fi
local exclude_flag="# yadm-auto-excludes"
local exclude_header="${exclude_flag}${newline}"
exclude_header="${exclude_header}# This section is managed by yadm."
exclude_header="${exclude_header}${newline}"
exclude_header="${exclude_header}# Any edits below will be lost."
exclude_header="${exclude_header}${newline}"
# do nothing if there is no YADM_ENCRYPT
[ -e "$YADM_ENCRYPT" ] || return 0
# read encrypt
encrypt_data=""
while IFS='' read -r line || [ -n "$line" ]; do
encrypt_data="${encrypt_data}${line}${newline}"
done <"$YADM_ENCRYPT"
# read info/exclude
unmanaged=""
managed=""
local unmanaged=""
local managed=""
if [ -e "$exclude_path" ]; then
flag_seen=0
local -i flag_seen=0
local line
while IFS='' read -r line || [ -n "$line" ]; do
[ "$line" = "$exclude_flag" ] && flag_seen=1
if [ "$flag_seen" -eq 0 ]; then
unmanaged="${unmanaged}${line}${newline}"
else
if ((flag_seen)); then
managed="${managed}${line}${newline}"
else
unmanaged="${unmanaged}${line}${newline}"
fi
done <"$exclude_path"
fi
if [ "${exclude_header}${encrypt_data}" != "$managed" ]; then
local exclude_str=""
for suffix in alt encrypt; do
if [ -e "${exclude_path}.yadm-$suffix" ]; then
local header="# yadm $suffix$newline"
exclude_str="$exclude_str$header$(<"$exclude_path".yadm-"$suffix")"
fi
done
if [ "${exclude_header}${exclude_str}${newline}" != "$managed" ]; then
debug "Updating ${exclude_path}"
assert_parent "$exclude_path"
printf "%s" "${unmanaged}${exclude_header}${encrypt_data}" >"$exclude_path"
cat >"$exclude_path" <<<"${unmanaged}${exclude_header}${exclude_str}"
fi
return 0
}
function exclude_encrypted() {
local -a exclude=()
if [ -r "$YADM_ENCRYPT" ]; then
local pattern
while IFS='' read -r pattern || [ -n "$pattern" ]; do
# Prepend / to the pattern so that it matches the same files as in
# parse_encrypt (i.e. only from the root)
if [ "${pattern:0:1}" = "!" ]; then
exclude+=("!/${pattern:1}")
elif ! [[ $pattern =~ ^[[:blank:]]*(#|$) ]]; then
exclude+=("/$pattern")
fi
done <"$YADM_ENCRYPT"
fi
update_exclude encrypt "${exclude[@]}"
}
function query_distro() {
@ -1926,26 +1991,36 @@ function parse_encrypt() {
local -a exclude
local -a include
while IFS= read -r pattern; do
case $pattern in
\#*)
# Ignore comments
;;
!*)
exclude+=("--exclude=${pattern:1}")
;;
*)
if ! [[ $pattern =~ ^[[:blank:]]*$ ]]; then
include+=("$pattern")
fi
;;
esac
local pattern
while IFS='' read -r pattern || [ -n "$pattern" ]; do
if [ "${pattern:0:1}" = "!" ]; then
exclude+=("--exclude=/${pattern:1}")
elif ! [[ $pattern =~ ^[[:blank:]]*(#|$) ]]; then
include+=("$pattern")
fi
done <"$YADM_ENCRYPT"
if [[ ${#include} -gt 0 ]]; then
while IFS= read -r filename; do
ENCRYPT_INCLUDE_FILES+=("${filename%/}")
done <<<"$("$GIT_PROGRAM" ls-files --others "${exclude[@]}" -- "${include[@]}")"
if [ ${#include[@]} -gt 0 ]; then
while IFS='' read -r filename; do
if [ -n "$filename" ]; then
ENCRYPT_INCLUDE_FILES+=("${filename%/}")
fi
done <<<"$(
"$GIT_PROGRAM" --glob-pathspecs ls-files --others \
"${exclude[@]}" -- "${include[@]}" 2>/dev/null
)"
[ "$YADM_COMMAND" = "encrypt" ] || return
# List files that matches encryption pattern but is tracked
while IFS='' read -r filename; do
if [ -n "$filename" ]; then
NO_ENCRYPT_TRACKED_FILES+=("${filename%/}")
fi
done <<<"$(
"$GIT_PROGRAM" --glob-pathspecs ls-files \
"${exclude[@]}" -- "${include[@]}"
)"
fi
}

53
yadm.1
View file

@ -1,5 +1,5 @@
.\" vim: set spell so=8:
.TH YADM 1 "February 9, 2025" "3.4.0"
.TH YADM 1 "March 3, 2025" "3.5.0"
.SH NAME
@ -363,7 +363,8 @@ you may still run "yadm alt" manually to create the alternate links. This
feature is enabled by default.
.TP
.B yadm.auto-exclude
Disable the automatic exclusion of patterns defined in
Disable the automatic exclusion of created alternate links, template files and
patterns defined in
.IR $HOME/.config/yadm/encrypt .
This feature is enabled by default.
.TP
@ -475,9 +476,11 @@ commas.
Each condition is an attribute/value pair, separated by a period. Some
conditions do not require a "value", and in that case, the period and value can
be omitted. Most attributes can be abbreviated as a single letter.
be omitted. Most attributes can be abbreviated as a single letter. Prefixing an
attribute with "~" negates the condition, meaning the condition is considered
only if the attribute/value pair evaluates to false.
<attribute>[.<value>]
[~]<attribute>[.<value>]
.BR NOTE :
Value is compared case-insensitive.
@ -509,6 +512,12 @@ Class must be manually set using
See the CONFIGURATION section for more details about setting
.BR local.class .
.TP
.BR distro_family ,\ f
Valid if the value matches the distro family.
Distro family is calculated by inspecting the ID_LIKE line from
.B "/etc/os-release"
(or ID if no ID_LIKE line is found).
.TP
.BR distro ,\ d
Valid if the value matches the distro.
Distro is calculated by running
@ -516,12 +525,6 @@ Distro is calculated by running
or by inspecting the ID from
.BR "/etc/os-release" .
.TP
.BR distro_family ,\ f
Valid if the value matches the distro family.
Distro family is calculated by inspecting the ID_LIKE line from
.B "/etc/os-release"
(or ID if no ID_LIKE line is found).
.TP
.BR os ,\ o
Valid if the value matches the OS.
OS is calculated by running
@ -554,9 +557,10 @@ symbolic links will be created for the most appropriate version.
The "most appropriate" version is determined by calculating a score for each
version of a file. A template is always scored higher than any symlink
condition. The number of conditions is the next largest factor in scoring.
Files with more conditions will always be favored. Any invalid condition will
disqualify that file completely.
condition. The number of conditions is the next largest factor in scoring;
files with more conditions will always be favored. Negative conditions (prefixed
with "~") are scored only relative to the number of non-negated conditions.
Any invalid condition will disqualify that file completely.
If you don't care to have all versions of alternates stored in the same
directory as the generated symlink, you can place them in the
@ -569,6 +573,7 @@ files are managed by yadm's repository:
- $HOME/path/example.txt##default
- $HOME/path/example.txt##class.Work
- $HOME/path/example.txt##class.Work,~os.Darwin
- $HOME/path/example.txt##os.Darwin
- $HOME/path/example.txt##os.Darwin,hostname.host1
- $HOME/path/example.txt##os.Darwin,hostname.host2
@ -597,10 +602,17 @@ If running on a Solaris server, the link will use the default version:
.IR $HOME/path/example.txt " -> " $HOME/path/example.txt##default
If running on a system, with class set to "Work", the link will be:
If running on a Macbook with class set to "Work", the link will be:
.IR $HOME/path/example.txt " -> " $HOME/path/example.txt##class.Work
Since class has higher precedence than os, this version is chosen.
If running on a system with class set to "Work", but instead within Windows
Subsystem for Linux, where the os is reported as WSL, the link will be:
.IR $HOME/path/example.txt " -> " $HOME/path/example.txt##class.Work,~os.Darwin
If no "##default" version exists and no files have valid conditions, then no
link will be created.
@ -614,6 +626,12 @@ configuration.
Even if disabled, links can be manually created by running
.BR "yadm alt" .
Created links are automatically added to the repository's
.I info/exclude
file. This can be disabled using the
.I yadm.auto-exclude
configuration.
Class is a special value which is stored locally on each host (inside the local
repository). To use alternate symlinks using class, you must set the value of
class using the configuration
@ -687,6 +705,7 @@ During processing, the following variables are available in the template:
yadm.classes YADM_CLASSES All classes
yadm.distro YADM_DISTRO lsb_release \-si
yadm.distro_family YADM_DISTRO_FAMILY ID_LIKE from /etc/os-release
yadm.filename Filename for the current file
yadm.hostname YADM_HOSTNAME uname \-n (without domain)
yadm.os YADM_OS uname \-s
yadm.source YADM_SOURCE Template filename
@ -748,6 +767,12 @@ would look like:
<%+ whatever.extra %>
<% fi -%>
Created files are automatically added to the repository's
.I info/exclude
file. This can be disabled using the
.I yadm.auto-exclude
configuration.
.SH ENCRYPTION
It can be useful to manage confidential files, like SSH or GPG keys, across

178
yadm.md
View file

@ -269,8 +269,9 @@
create the alternate links. This feature is enabled by default.
yadm.auto-exclude
Disable the automatic exclusion of patterns defined in
$HOME/.config/yadm/encrypt. This feature is enabled by default.
Disable the automatic exclusion of created alternate links, tem
plate files and patterns defined in $HOME/.config/yadm/encrypt.
This feature is enabled by default.
yadm.auto-perms
Disable the automatic permission changes described in the sec
@ -382,9 +383,11 @@
Each condition is an attribute/value pair, separated by a period. Some
conditions do not require a "value", and in that case, the period and
value can be omitted. Most attributes can be abbreviated as a single
letter.
letter. Prefixing an attribute with "~" negates the condition, meaning
the condition is considered only if the attribute/value pair evaluates
to false.
<attribute>[.<value>]
[~]<attribute>[.<value>]
NOTE: Value is compared case-insensitive.
@ -410,16 +413,16 @@
the CONFIGURATION section for more details about setting lo
cal.class.
distro_family, f
Valid if the value matches the distro family. Distro family is
calculated by inspecting the ID_LIKE line from /etc/os-release
(or ID if no ID_LIKE line is found).
distro, d
Valid if the value matches the distro. Distro is calculated by
running lsb_release -si or by inspecting the ID from /etc/os-re
lease.
distro_family, f
Valid if the value matches the distro family. Distro family is
calculated by inspecting the ID_LIKE line from /etc/os-release
(or ID if no ID_LIKE line is found).
os, o Valid if the value matches the OS. OS is calculated by running
uname -s.
@ -449,8 +452,10 @@
The "most appropriate" version is determined by calculating a score for
each version of a file. A template is always scored higher than any
symlink condition. The number of conditions is the next largest factor
in scoring. Files with more conditions will always be favored. Any in
valid condition will disqualify that file completely.
in scoring; files with more conditions will always be favored. Negative
conditions (prefixed with "~") are scored only relative to the number
of non-negated conditions. Any invalid condition will disqualify that
file completely.
If you don't care to have all versions of alternates stored in the same
directory as the generated symlink, you can place them in the
@ -462,6 +467,7 @@
- $HOME/path/example.txt##default
- $HOME/path/example.txt##class.Work
- $HOME/path/example.txt##class.Work,~os.Darwin
- $HOME/path/example.txt##os.Darwin
- $HOME/path/example.txt##os.Darwin,hostname.host1
- $HOME/path/example.txt##os.Darwin,hostname.host2
@ -491,10 +497,18 @@
$HOME/path/example.txt -> $HOME/path/example.txt##default
If running on a system, with class set to "Work", the link will be:
If running on a Macbook with class set to "Work", the link will be:
$HOME/path/example.txt -> $HOME/path/example.txt##class.Work
Since class has higher precedence than os, this version is chosen.
If running on a system with class set to "Work", but instead within
Windows Subsystem for Linux, where the os is reported as WSL, the link
will be:
$HOME/path/example.txt -> $HOME/path/example.txt##class.Work,~os.Darwin
If no "##default" version exists and no files have valid conditions,
then no link will be created.
@ -505,47 +519,50 @@
abled using the yadm.auto-alt configuration. Even if disabled, links
can be manually created by running yadm alt.
Class is a special value which is stored locally on each host (inside
the local repository). To use alternate symlinks using class, you must
set the value of class using the configuration local.class. This is
Created links are automatically added to the repository's info/exclude
file. This can be disabled using the yadm.auto-exclude configuration.
Class is a special value which is stored locally on each host (inside
the local repository). To use alternate symlinks using class, you must
set the value of class using the configuration local.class. This is
set like any other yadm configuration with the yadm config command. The
following sets the class to be "Work".
yadm config local.class Work
Similarly, the values of architecture, os, hostname, user, distro, and
distro_family can be manually overridden using the configuration op
tions local.arch, local.os, local.hostname, local.user, local.distro,
Similarly, the values of architecture, os, hostname, user, distro, and
distro_family can be manually overridden using the configuration op
tions local.arch, local.os, local.hostname, local.user, local.distro,
and local.distro-family.
## TEMPLATES
If a template condition is defined in an alternate file's "##" suffix,
If a template condition is defined in an alternate file's "##" suffix,
and the necessary dependencies for the template are available, then the
file will be processed to create or overwrite files.
Supported template processors:
default
This is yadm's built-in template processor. This processor is
very basic, with a Jinja-like syntax. The advantage of this
processor is that it only depends upon awk, which is available
on most *nix systems. To use this processor, specify the value
This is yadm's built-in template processor. This processor is
very basic, with a Jinja-like syntax. The advantage of this
processor is that it only depends upon awk, which is available
on most *nix systems. To use this processor, specify the value
of "default" or just leave the value off (e.g. "##template").
NOTE: This template processor performs case-insensitive compari
sions in if statements.
ESH ESH is a template processor written in POSIX compliant shell. It
allows executing shell commands within templates. This can be
used to reference your own configurations within templates, for
allows executing shell commands within templates. This can be
used to reference your own configurations within templates, for
example:
<% yadm config mysection.myconfig %>
To use the ESH template processor, specify the value of "esh"
j2cli To use the j2cli Jinja template processor, specify the value of
j2cli To use the j2cli Jinja template processor, specify the value of
"j2" or "j2cli".
envtpl To use the envtpl Jinja template processor, specify the value of
@ -555,10 +572,10 @@
NOTE: Specifying "j2" as the processor will attempt to use j2cli or en
vtpl, whichever is available.
If the template processor specified is available, templates will be
If the template processor specified is available, templates will be
processed to create or overwrite files.
During processing, the following variables are available in the tem
During processing, the following variables are available in the tem
plate:
Default Jinja or ESH Description
@ -568,6 +585,8 @@
yadm.classes YADM_CLASSES All classes
yadm.distro YADM_DISTRO lsb_release -si
yadm.distro_family YADM_DISTRO_FAMILY ID_LIKE from /etc/os-release
yadm.filename Filename for the current
file
yadm.hostname YADM_HOSTNAME uname -n (without domain)
yadm.os YADM_OS uname -s
yadm.source YADM_SOURCE Template filename
@ -621,58 +640,61 @@
<%+ whatever.extra %>
<% fi -%>
Created files are automatically added to the repository's info/exclude
file. This can be disabled using the yadm.auto-exclude configuration.
## ENCRYPTION
It can be useful to manage confidential files, like SSH or GPG keys,
across multiple systems. However, doing so would put plain text data
It can be useful to manage confidential files, like SSH or GPG keys,
across multiple systems. However, doing so would put plain text data
into a Git repository, which often resides on a public system. yadm can
make it easy to encrypt and decrypt a set of files so the encrypted
version can be maintained in the Git repository. This feature will
make it easy to encrypt and decrypt a set of files so the encrypted
version can be maintained in the Git repository. This feature will
only work if a supported tool is available. Both gpg(1) and openssl(1)
are supported. gpg is used by default, but openssl can be configured
are supported. gpg is used by default, but openssl can be configured
with the yadm.cipher configuration.
To use this feature, a list of patterns (one per line) must be created
and saved as $HOME/.config/yadm/encrypt. This list of patterns should
To use this feature, a list of patterns (one per line) must be created
and saved as $HOME/.config/yadm/encrypt. This list of patterns should
be relative to the configured work-tree (usually $HOME). For example:
.ssh/*.key
.gnupg/*.gpg
Standard filename expansions (*, ?, [) are supported. Two consecutive
asterisks "**" can be used to match all subdirectories. Other shell
Standard filename expansions (*, ?, [) are supported. Two consecutive
asterisks "**" can be used to match all subdirectories. Other shell
expansions like brace and tilde are not supported. Spaces in paths are
supported, and should not be quoted. If a directory is specified, its
contents will be included. Paths beginning with a "!" will be ex
supported, and should not be quoted. If a directory is specified, its
contents will be included. Paths beginning with a "!" will be ex
cluded.
The yadm encrypt command will find all files matching the patterns, and
prompt for a password. Once a password has confirmed, the matching
files will be encrypted and saved as $HOME/.local/share/yadm/archive.
The "encrypt" and "archive" files should be added to the yadm reposi
prompt for a password. Once a password has confirmed, the matching
files will be encrypted and saved as $HOME/.local/share/yadm/archive.
The "encrypt" and "archive" files should be added to the yadm reposi
tory so they are available across multiple systems.
To decrypt these files later, or on another system run yadm decrypt and
provide the correct password. After files are decrypted, permissions
provide the correct password. After files are decrypted, permissions
are automatically updated as described in the PERMISSIONS section.
Symmetric encryption is used by default, but asymmetric encryption may
Symmetric encryption is used by default, but asymmetric encryption may
be enabled using the yadm.gpg-recipient configuration.
NOTE: It is recommended that you use a private repository when keeping
NOTE: It is recommended that you use a private repository when keeping
confidential files, even though they are encrypted.
Patterns found in $HOME/.config/yadm/encrypt are automatically added to
the repository's info/exclude file every time yadm encrypt is run.
the repository's info/exclude file every time yadm encrypt is run.
This is to prevent accidentally committing sensitive data to the repos
itory. This can be disabled using the yadm.auto-exclude configuration.
Using transcrypt or git-crypt
A completely separate option for encrypting data is to install and use
transcrypt or git-crypt. Once installed, you can use these tools by
running yadm transcrypt or yadm git-crypt. These tools enables trans
parent encryption and decryption of files in a git repository. See the
A completely separate option for encrypting data is to install and use
transcrypt or git-crypt. Once installed, you can use these tools by
running yadm transcrypt or yadm git-crypt. These tools enables trans
parent encryption and decryption of files in a git repository. See the
following web sites for more information:
- https://github.com/elasticdog/transcrypt
@ -681,9 +703,9 @@
## PERMISSIONS
When files are checked out of a Git repository, their initial permis
sions are dependent upon the user's umask. Because of this, yadm will
automatically update the permissions of some file paths. The "group"
When files are checked out of a Git repository, their initial permis
sions are dependent upon the user's umask. Because of this, yadm will
automatically update the permissions of some file paths. The "group"
and "others" permissions will be removed from the following files:
- $HOME/.local/share/yadm/archive
@ -695,39 +717,39 @@
- The GPG directory and files, .gnupg/*
yadm will automatically update permissions by default. This can be dis
abled using the yadm.auto-perms configuration. Even if disabled, per
missions can be manually updated by running yadm perms. The .ssh di
rectory processing can be disabled using the yadm.ssh-perms configura
tion. The .gnupg directory processing can be disabled using the
abled using the yadm.auto-perms configuration. Even if disabled, per
missions can be manually updated by running yadm perms. The .ssh di
rectory processing can be disabled using the yadm.ssh-perms configura
tion. The .gnupg directory processing can be disabled using the
yadm.gpg-perms configuration.
When cloning a repo which includes data in a .ssh or .gnupg directory,
if those directories do not exist at the time of cloning, yadm will
When cloning a repo which includes data in a .ssh or .gnupg directory,
if those directories do not exist at the time of cloning, yadm will
create the directories with mask 0700 prior to merging the fetched data
into the work-tree.
When running a Git command and .ssh or .gnupg directories do not exist,
yadm will create those directories with mask 0700 prior to running the
yadm will create those directories with mask 0700 prior to running the
Git command. This can be disabled using the yadm.auto-private-dirs con
figuration.
## HOOKS
For every command yadm supports, a program can be provided to run be
fore or after that command. These are referred to as "hooks". yadm
looks for hooks in the directory $HOME/.config/yadm/hooks. Each hook
For every command yadm supports, a program can be provided to run be
fore or after that command. These are referred to as "hooks". yadm
looks for hooks in the directory $HOME/.config/yadm/hooks. Each hook
is named using a prefix of pre_ or post_, followed by the command which
should trigger the hook. For example, to create a hook which is run af
ter every yadm pull command, create a hook named post_pull. Hooks must
have the executable file permission set.
If a pre_ hook is defined, and the hook terminates with a non-zero exit
status, yadm will refuse to run the yadm command. For example, if a
pre_commit hook is defined, but that command ends with a non-zero exit
status, the yadm commit will never be run. This allows one to "short-
status, yadm will refuse to run the yadm command. For example, if a
pre_commit hook is defined, but that command ends with a non-zero exit
status, the yadm commit will never be run. This allows one to "short-
circuit" any operation using a pre_ hook.
Hooks have the following environment variables available to them at
Hooks have the following environment variables available to them at
runtime:
YADM_HOOK_COMMAND
@ -755,19 +777,19 @@
## FILES
All of yadm's configurations are relative to the "yadm directory".
yadm uses the "XDG Base Directory Specification" to determine this di
rectory. If the environment variable $XDG_CONFIG_HOME is defined as a
fully qualified path, this directory will be $XDG_CONFIG_HOME/yadm.
All of yadm's configurations are relative to the "yadm directory".
yadm uses the "XDG Base Directory Specification" to determine this di
rectory. If the environment variable $XDG_CONFIG_HOME is defined as a
fully qualified path, this directory will be $XDG_CONFIG_HOME/yadm.
Otherwise it will be $HOME/.config/yadm.
Similarly, yadm's data files are relative to the "yadm data directory".
yadm uses the "XDG Base Directory Specification" to determine this di
rectory. If the environment variable $XDG_DATA_HOME is defined as a
yadm uses the "XDG Base Directory Specification" to determine this di
rectory. If the environment variable $XDG_DATA_HOME is defined as a
fully qualified path, this directory will be $XDG_DATA_HOME/yadm. Oth
erwise it will be $HOME/.local/share/yadm.
The following are the default paths yadm uses for its own data. Most
The following are the default paths yadm uses for its own data. Most
of these paths can be altered using universal options. See the OPTIONS
section for details.
@ -776,16 +798,16 @@
tive to this directory.
$HOME/.local/share/yadm
The yadm data directory. By default, all data yadm stores is
The yadm data directory. By default, all data yadm stores is
relative to this directory.
$YADM_DIR/config
Configuration file for yadm.
$YADM_DIR/alt
This is a directory to keep "alternate files" without having
them side-by-side with the resulting symlink or processed tem
plate. Alternate files placed in this directory will be created
This is a directory to keep "alternate files" without having
them side-by-side with the resulting symlink or processed tem
plate. Alternate files placed in this directory will be created
relative to $HOME instead.
$YADM_DATA/repo.git

2
yadm.spec
View file

@ -1,7 +1,7 @@
%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
Name: yadm
Summary: Yet Another Dotfiles Manager
Version: 3.4.0
Version: 3.5.0
Group: Development/Tools
Release: 1%{?dist}
URL: https://yadm.io