summaryrefslogtreecommitdiff
path: root/src/Propellor/Property
diff options
context:
space:
mode:
authorJoey Hess2018-02-27 12:09:46 -0400
committerJoey Hess2018-02-27 12:09:46 -0400
commit3919fa183bce29d4fbdbdcc4bd780e462dd6700f (patch)
tree1e549d69ec771d7f5505b94c93c5843bd44850fb /src/Propellor/Property
parent3e1d8b6b6cbbb4d9560fb0d2ea1aec22e5f19239 (diff)
parent094a6419f7e5ddb0566e10ef4122306187dc00d7 (diff)
Merge branch 'master' into joeyconfig
Diffstat (limited to 'src/Propellor/Property')
-rw-r--r--src/Propellor/Property/Atomic.hs2
-rw-r--r--src/Propellor/Property/Openssl.hs29
-rw-r--r--src/Propellor/Property/Systemd.hs4
3 files changed, 32 insertions, 3 deletions
diff --git a/src/Propellor/Property/Atomic.hs b/src/Propellor/Property/Atomic.hs
index 5db17474..8519048b 100644
--- a/src/Propellor/Property/Atomic.hs
+++ b/src/Propellor/Property/Atomic.hs
@@ -144,7 +144,7 @@ checkDirLink d rp = liftIO $ do
-- Using atomicDirSync in the above example lets git only download
-- the changes once, rather than the same changes being downloaded a second
-- time to update the other copy of the directory the next time propellor
--- runs
+-- runs.
--
-- Suppose that a web server program is run from the git repository,
-- and needs to be restarted after the pull. That restart should be done
diff --git a/src/Propellor/Property/Openssl.hs b/src/Propellor/Property/Openssl.hs
new file mode 100644
index 00000000..a91b8195
--- /dev/null
+++ b/src/Propellor/Property/Openssl.hs
@@ -0,0 +1,29 @@
+-- | Maintainer: FĂ©lix Sipma <felix+propellor@gueux.org>
+
+module Propellor.Property.Openssl where
+
+import Propellor.Base
+import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.File as File
+import Utility.FileMode
+import Utility.SafeCommand
+
+
+installed :: Property DebianLike
+installed = Apt.installed ["openssl"]
+
+dhparamsLength :: Int
+dhparamsLength = 2048
+
+dhparams :: FilePath
+dhparams = "/etc/ssl/private/dhparams.pem"
+
+safeDhparams :: Property DebianLike
+safeDhparams = propertyList "safe dhparams" $ props
+ & File.dirExists (takeDirectory dhparams)
+ & installed
+ & check (not <$> doesFileExist dhparams) (createDhparams dhparams dhparamsLength)
+
+createDhparams :: FilePath -> Int -> Property UnixLike
+createDhparams f l = property ("generate new dhparams: " ++ f) $ liftIO $ withUmask 0o0177 $ withFile f WriteMode $ \h ->
+ cmdResult <$> boolSystem' "openssl" [Param "dhparam", Param (show l)] (\p -> p { std_out = UseHandle h })
diff --git a/src/Propellor/Property/Systemd.hs b/src/Propellor/Property/Systemd.hs
index 51d1313c..8fa236d2 100644
--- a/src/Propellor/Property/Systemd.hs
+++ b/src/Propellor/Property/Systemd.hs
@@ -205,8 +205,8 @@ machined = withOS "machined installed" $ \w o ->
case o of
-- Split into separate debian package since systemd 225.
(Just (System (Debian _ suite) _))
- | not (isStable suite) -> ensureProperty w $
- Apt.installed ["systemd-container"]
+ | not (isStable suite) || suite == (Stable "stretch") ->
+ ensureProperty w $ Apt.installed ["systemd-container"]
_ -> noChange
-- | Defines a container with a given machine name,