summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--config-joey.hs3
-rw-r--r--debian/changelog2
-rw-r--r--src/Propellor/Property/Debootstrap.hs9
-rw-r--r--src/Propellor/Property/OS.hs19
-rw-r--r--src/Propellor/Property/User.hs16
5 files changed, 33 insertions, 16 deletions
diff --git a/config-joey.hs b/config-joey.hs
index b41af4a2..c1eb0a23 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -57,8 +57,7 @@ testvm = host "testvm.kitenet.net"
& os (System (Debian Unstable) "amd64")
& OS.cleanInstallOnce (OS.Confirmed "testvm.kitenet.net")
`onChange` propertyList "fixing up after clean install"
- [ User.shadowConfig True
- , OS.preserveRootSshAuthorized
+ [ OS.preserveRootSshAuthorized
, OS.preserveResolvConf
, Apt.update
, Grub.boots "/dev/sda"
diff --git a/debian/changelog b/debian/changelog
index 7ee1198b..4bb387ce 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -21,6 +21,8 @@ propellor (1.1.0) UNRELEASED; urgency=medium
* hasSomePassword and hasPassword now default to using the name of the
host as the Context for the password. To specify a different context,
use hasSomePassword' and hasPassword' (API change)
+ * hasSomePassword and hasPassword now check to make sure shadow passwords
+ are enabled.
* cron.runPropellor now runs propellor, rather than using its Makefile.
This is more robust.
* propellor.debug can be set in the git config to enable more persistent
diff --git a/src/Propellor/Property/Debootstrap.hs b/src/Propellor/Property/Debootstrap.hs
index 35d9e472..b4fd2654 100644
--- a/src/Propellor/Property/Debootstrap.hs
+++ b/src/Propellor/Property/Debootstrap.hs
@@ -2,7 +2,9 @@ module Propellor.Property.Debootstrap (
Url,
DebootstrapConfig(..),
built,
+ built',
installed,
+ sourceInstall,
programPath,
) where
@@ -54,11 +56,14 @@ toParams (c1 :+ c2) = toParams c1 <> toParams c2
-- Note that reverting this property does not stop any processes
-- currently running in the chroot.
built :: FilePath -> System -> DebootstrapConfig -> RevertableProperty
-built target system@(System _ arch) config =
+built = built' (toProp installed)
+
+built' :: Property -> FilePath -> System -> DebootstrapConfig -> RevertableProperty
+built' installprop target system@(System _ arch) config =
RevertableProperty setup teardown
where
setup = check (unpopulated target <||> ispartial) setupprop
- `requires` toProp installed
+ `requires` installprop
teardown = check (not <$> unpopulated target) teardownprop
diff --git a/src/Propellor/Property/OS.hs b/src/Propellor/Property/OS.hs
index 30f8c4bb..22414bb6 100644
--- a/src/Propellor/Property/OS.hs
+++ b/src/Propellor/Property/OS.hs
@@ -45,8 +45,7 @@ import Control.Exception (throw)
-- > & os (System (Debian Unstable) "amd64")
-- > & cleanInstallOnce (Confirmed "foo.example.com")
-- > `onChange` propertyList "fixing up after clean install"
--- > [ User.shadowConfig True
--- > , preserveNetworkInterfaces
+-- > [ preserveNetworkInterfaces
-- > , preserveResolvConf
-- > , preserverRootSshAuthorized
-- > , Apt.update
@@ -78,9 +77,19 @@ cleanInstallOnce confirmation = check (not <$> doesFileExist flagfile) $
(Just d@(System (Debian _) _)) -> debootstrap d
(Just u@(System (Ubuntu _) _)) -> debootstrap u
_ -> error "os is not declared to be Debian or Ubuntu"
- debootstrap targetos = ensureProperty $ toProp $
- Debootstrap.built newOSDir targetos Debootstrap.DefaultConfig
+ debootstrap targetos = ensureProperty $ toProp $
+ -- Ignore the os setting, and install debootstrap from
+ -- source, since we don't know what OS we're running in yet.
+ Debootstrap.built' Debootstrap.sourceInstall
+ newOSDir targetos Debootstrap.DefaultConfig
+ -- debootstrap, I wish it was faster..
+ -- TODO eatmydata to speed it up
+ -- Problem: Installing eatmydata on some random OS like
+ -- Fedora may be difficult. Maybe configure dpkg to not
+ -- sync instead?
+
+ -- This is the fun bit.
flipped = property (newOSDir ++ " moved into place") $ liftIO $ do
-- First, unmount most mount points, lazily, so
-- they don't interfere with moving things around.
@@ -173,7 +182,7 @@ confirmed desc (Confirmed c) = property desc $ do
-- | /etc/network/interfaces is configured to bring up all interfaces that
-- are currently up, using the same IP addresses.
preserveNetworkInterfaces :: Property
-preserveNetworkInterfaces = undefined
+preserveNetworkInterfaces = undefined -- TODO
-- | /etc/resolv.conf is copied the from the old OS
preserveResolvConf :: Property
diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs
index ccb69b24..5c8e768c 100644
--- a/src/Propellor/Property/User.hs
+++ b/src/Propellor/Property/User.hs
@@ -44,13 +44,15 @@ hasPassword user = property (user ++ "has password") $ do
ensureProperty $ hasPassword' user (Context hostname)
hasPassword' :: UserName -> Context -> Property
-hasPassword' user context = withPrivData (Password user) context $ \getpassword ->
- property (user ++ " has password") $
- getpassword $ \password -> makeChange $
- withHandle StdinHandle createProcessSuccess
- (proc "chpasswd" []) $ \h -> do
- hPutStrLn h $ user ++ ":" ++ password
- hClose h
+hasPassword' user context = go `requires` shadowConfig True
+ where
+ go = withPrivData (Password user) context $ \getpassword ->
+ property (user ++ " has password") $
+ getpassword $ \password -> makeChange $
+ withHandle StdinHandle createProcessSuccess
+ (proc "chpasswd" []) $ \h -> do
+ hPutStrLn h $ user ++ ":" ++ password
+ hClose h
lockedPassword :: UserName -> Property
lockedPassword user = check (not <$> isLockedPassword user) $ cmdProperty "passwd"