summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--config-joey.hs20
-rw-r--r--debian/changelog2
-rw-r--r--src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs42
-rw-r--r--src/Propellor/Property/Systemd.hs20
-rw-r--r--src/Utility/Data.hs2
-rw-r--r--src/Utility/Directory.hs2
-rw-r--r--src/Utility/Env.hs2
-rw-r--r--src/Utility/Exception.hs1
-rw-r--r--src/Utility/FileMode.hs13
-rw-r--r--src/Utility/FileSystemEncoding.hs1
-rw-r--r--src/Utility/LinuxMkLibs.hs15
-rw-r--r--src/Utility/Misc.hs10
-rw-r--r--src/Utility/Monad.hs2
-rw-r--r--src/Utility/PartialPrelude.hs2
-rw-r--r--src/Utility/Path.hs2
-rw-r--r--src/Utility/PosixFiles.hs1
-rw-r--r--src/Utility/Process.hs2
-rw-r--r--src/Utility/QuickCheck.hs1
-rw-r--r--src/Utility/Scheduled.hs3
-rw-r--r--src/Utility/Tmp.hs1
-rw-r--r--src/Utility/UserInfo.hs6
21 files changed, 70 insertions, 80 deletions
diff --git a/config-joey.hs b/config-joey.hs
index 8c44d104..50e712a0 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -75,7 +75,6 @@ darkstar = host "darkstar.kitenet.net"
& Apt.buildDep ["git-annex"] `period` Daily
& Docker.configured
- ! Docker.docked gitAnnexAndroidDev
& JoeySites.postfixClientRelay (Context "darkstar.kitenet.net")
& JoeySites.dkimMilter
@@ -130,15 +129,9 @@ orca = standardSystem "orca.kitenet.net" Unstable "amd64"
& Apt.unattendedUpgrades
& Postfix.satellite
& Systemd.persistentJournal
- & Docker.configured
- & Docker.docked (GitAnnexBuilder.standardAutoBuilderContainer dockerImage "amd64" 15 "2h")
- & Systemd.nspawned (GitAnnexBuilder.standardAutoBuilderContainerNspawn "amd64" 15 "2h")
- & Docker.docked (GitAnnexBuilder.standardAutoBuilderContainer dockerImage "i386" 45 "2h")
- & Docker.docked (GitAnnexBuilder.armelCompanionContainer dockerImage)
- & Docker.docked (GitAnnexBuilder.armelAutoBuilderContainer dockerImage (Cron.Times "1 3 * * *") "5h")
- & Docker.docked (GitAnnexBuilder.androidAutoBuilderContainer dockerImage (Cron.Times "1 1 * * *") "3h")
- & Docker.garbageCollected `period` Daily
- & Apt.buildDep ["git-annex"] `period` Daily
+ & Systemd.nspawned (GitAnnexBuilder.standardAutoBuilderContainer "amd64" 15 "2h")
+ & Systemd.nspawned (GitAnnexBuilder.standardAutoBuilderContainer "i386" 15 "2h")
+ & Systemd.nspawned (GitAnnexBuilder.androidAutoBuilderContainer (Cron.Times "1 1 * * *") "3h")
-- This is not a complete description of kite, since it's a
-- multiuser system with eg, user passwords that are not deployed
@@ -408,13 +401,6 @@ oldusenetShellBox = standardStableContainer "oldusenet-shellbox"
& Docker.publish "4200:4200"
& JoeySites.oldUseNetShellBox
--- for development of git-annex for android, using my git-annex work tree
-gitAnnexAndroidDev :: Docker.Container
-gitAnnexAndroidDev = GitAnnexBuilder.androidContainer dockerImage "android-git-annex" doNothing gitannexdir
- & Docker.volume ("/home/joey/src/git-annex:" ++ gitannexdir)
- where
- gitannexdir = GitAnnexBuilder.homedir </> "git-annex"
-
jerryPlay :: Docker.Container
jerryPlay = standardContainer "jerryplay" Unstable "amd64"
& alias "jerryplay.kitenet.net"
diff --git a/debian/changelog b/debian/changelog
index 96a9f745..5d70582e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,8 @@ propellor (2.5.0) UNRELEASED; urgency=medium
* Export CommandParam, boolSystem, safeSystem and shellEscape from
Propellor.Property.Cmd, so they are available for use in constricting
your own Properties when using propellor as a library.
+ * Improve enter-machine scripts for nspawn containers to unset most
+ environment variables.
-- Joey Hess <id@joeyh.name> Thu, 07 May 2015 12:08:34 -0400
diff --git a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs
index 6108bf1a..86bf104c 100644
--- a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs
+++ b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs
@@ -94,22 +94,9 @@ cabalDeps = flagFile go cabalupdated
go = userScriptProperty (User builduser) ["cabal update && cabal install git-annex --only-dependencies || true"]
cabalupdated = homedir </> ".cabal" </> "packages" </> "hackage.haskell.org" </> "00-index.cache"
-standardAutoBuilderContainer :: (System -> Docker.Image) -> Architecture -> Int -> TimeOut -> Docker.Container
-standardAutoBuilderContainer dockerImage arch buildminute timeout = Docker.container (arch ++ "-git-annex-builder")
- (dockerImage $ System (Debian Testing) arch)
- & os (System (Debian Testing) arch)
- & Apt.stdSourcesList
- & Apt.installed ["systemd"]
- & Apt.unattendedUpgrades
- & User.accountFor (User builduser)
- & tree arch
- & buildDepsApt
- & autobuilder arch (Cron.Times $ show buildminute ++ " * * * *") timeout
- & Docker.tweaked
-
-standardAutoBuilderContainerNspawn :: Architecture -> Int -> TimeOut -> Systemd.Container
-standardAutoBuilderContainerNspawn arch buildminute timeout = Systemd.container name bootstrap
- & os myos
+standardAutoBuilderContainer :: Architecture -> Int -> TimeOut -> Systemd.Container
+standardAutoBuilderContainer arch buildminute timeout = Systemd.container name bootstrap
+ & os osver
& Apt.stdSourcesList
& Apt.unattendedUpgrades
& User.accountFor (User builduser)
@@ -118,35 +105,31 @@ standardAutoBuilderContainerNspawn arch buildminute timeout = Systemd.container
& autobuilder arch (Cron.Times $ show buildminute ++ " * * * *") timeout
where
name = arch ++ "-git-annex-builder"
- bootstrap = Chroot.debootstrapped myos mempty
- myos = System (Debian Unstable) arch
+ bootstrap = Chroot.debootstrapped osver mempty
+ osver = System (Debian Testing) arch
-androidAutoBuilderContainer :: (System -> Docker.Image) -> Times -> TimeOut -> Docker.Container
-androidAutoBuilderContainer dockerImage crontimes timeout =
- androidContainer dockerImage "android-git-annex-builder" (tree "android") builddir
+androidAutoBuilderContainer :: Times -> TimeOut -> Systemd.Container
+androidAutoBuilderContainer crontimes timeout =
+ androidContainer "android-git-annex-builder" (tree "android") builddir
& Apt.unattendedUpgrades
& autobuilder "android" crontimes timeout
-- Android is cross-built in a Debian i386 container, using the Android NDK.
androidContainer
:: (IsProp (Property (CInfo NoInfo i)), (Combines (Property NoInfo) (Property i)))
- => (System -> Docker.Image)
- -> Docker.ContainerName
+ => Systemd.MachineName
-> Property i
-> FilePath
- -> Docker.Container
-androidContainer dockerImage name setupgitannexdir gitannexdir = Docker.container name
- (dockerImage osver)
+ -> Systemd.Container
+androidContainer name setupgitannexdir gitannexdir = Systemd.container name bootstrap
& os osver
& Apt.stdSourcesList
- & Apt.installed ["systemd"]
- & Docker.tweaked
& User.accountFor (User builduser)
& File.dirExists gitbuilderdir
& File.ownerGroup homedir (User builduser) (Group builduser)
- & buildDepsApt
& flagFile chrootsetup ("/chrootsetup")
`requires` setupgitannexdir
+ & buildDepsApt
& flagFile haskellpkgsinstalled ("/haskellpkgsinstalled")
where
-- Use git-annex's android chroot setup script, which will install
@@ -159,6 +142,7 @@ androidContainer dockerImage name setupgitannexdir gitannexdir = Docker.containe
[ "cd " ++ gitannexdir ++ " && ./standalone/android/install-haskell-packages"
]
osver = System (Debian Testing) "i386"
+ bootstrap = Chroot.debootstrapped osver mempty
-- armel builder has a companion container using amd64 that
-- runs the build first to get TH splices. They need
diff --git a/src/Propellor/Property/Systemd.hs b/src/Propellor/Property/Systemd.hs
index 78a99963..c698f780 100644
--- a/src/Propellor/Property/Systemd.hs
+++ b/src/Propellor/Property/Systemd.hs
@@ -215,15 +215,19 @@ enterScript c@(Container name _ _) = setup <!> teardown
where
setup = combineProperties ("generated " ++ enterScriptFile c)
[ scriptfile `File.hasContent`
- [ "#!/bin/sh"
+ [ "#!/usr/bin/perl"
, "# Generated by propellor"
- , "pid=\"$(machinectl show " ++ shellEscape name ++ " -p Leader | cut -d= -f2)\" || true"
- , "if [ -n \"$pid\" ]; then"
- , "\tnsenter -p -u -n -i -m -t \"$pid\" \"$@\""
- , "else"
- , "\techo container not running >&2"
- , "\texit 1"
- , "fi"
+ , "my $pid=`machinectl show " ++ shellEscape name ++ " -p Leader | cut -d= -f2`;"
+ , "chomp $pid;"
+ , "if (length $pid) {"
+ , "\tforeach my $var (keys %ENV) {"
+ , "\t\tdelete $ENV{$var} unless $var eq 'PATH' || $var eq 'TERM';"
+ , "\t}"
+ , "\texec('nsenter', '-p', '-u', '-n', '-i', '-m', '-t', $pid, @ARGV);"
+ , "} else {"
+ , "\tdie 'container not running';"
+ , "}"
+ , "exit(1);"
]
, scriptfile `File.mode` combineModes (readModes ++ executeModes)
]
diff --git a/src/Utility/Data.hs b/src/Utility/Data.hs
index 5ecd218f..27c0a824 100644
--- a/src/Utility/Data.hs
+++ b/src/Utility/Data.hs
@@ -5,6 +5,8 @@
- License: BSD-2-clause
-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
+
module Utility.Data where
{- First item in the list that is not Nothing. -}
diff --git a/src/Utility/Directory.hs b/src/Utility/Directory.hs
index 2e037fdd..7322cd85 100644
--- a/src/Utility/Directory.hs
+++ b/src/Utility/Directory.hs
@@ -6,6 +6,7 @@
-}
{-# LANGUAGE CPP #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
module Utility.Directory where
@@ -18,6 +19,7 @@ import Control.Applicative
import Control.Concurrent
import System.IO.Unsafe (unsafeInterleaveIO)
import Data.Maybe
+import Prelude
#ifdef mingw32_HOST_OS
import qualified System.Win32 as Win32
diff --git a/src/Utility/Env.hs b/src/Utility/Env.hs
index fdf06d80..c56f4ec2 100644
--- a/src/Utility/Env.hs
+++ b/src/Utility/Env.hs
@@ -6,6 +6,7 @@
-}
{-# LANGUAGE CPP #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
module Utility.Env where
@@ -13,6 +14,7 @@ module Utility.Env where
import Utility.Exception
import Control.Applicative
import Data.Maybe
+import Prelude
import qualified System.Environment as E
import qualified System.SetEnv
#else
diff --git a/src/Utility/Exception.hs b/src/Utility/Exception.hs
index ab47ae95..9d4236c4 100644
--- a/src/Utility/Exception.hs
+++ b/src/Utility/Exception.hs
@@ -6,6 +6,7 @@
-}
{-# LANGUAGE ScopedTypeVariables #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
module Utility.Exception (
module X,
diff --git a/src/Utility/FileMode.hs b/src/Utility/FileMode.hs
index 201b8451..fdf1b56b 100644
--- a/src/Utility/FileMode.hs
+++ b/src/Utility/FileMode.hs
@@ -22,15 +22,12 @@ import Utility.Exception
{- Applies a conversion function to a file's mode. -}
modifyFileMode :: FilePath -> (FileMode -> FileMode) -> IO ()
-modifyFileMode f convert = void $ modifyFileMode' f convert
-modifyFileMode' :: FilePath -> (FileMode -> FileMode) -> IO FileMode
-modifyFileMode' f convert = do
+modifyFileMode f convert = do
s <- getFileStatus f
let old = fileMode s
let new = convert old
when (new /= old) $
setFileMode f new
- return old
{- Adds the specified FileModes to the input mode, leaving the rest
- unchanged. -}
@@ -41,14 +38,6 @@ addModes ms m = combineModes (m:ms)
removeModes :: [FileMode] -> FileMode -> FileMode
removeModes ms m = m `intersectFileModes` complement (combineModes ms)
-{- Runs an action after changing a file's mode, then restores the old mode. -}
-withModifiedFileMode :: FilePath -> (FileMode -> FileMode) -> IO a -> IO a
-withModifiedFileMode file convert a = bracket setup cleanup go
- where
- setup = modifyFileMode' file convert
- cleanup oldmode = modifyFileMode file (const oldmode)
- go _ = a
-
writeModes :: [FileMode]
writeModes = [ownerWriteMode, groupWriteMode, otherWriteMode]
diff --git a/src/Utility/FileSystemEncoding.hs b/src/Utility/FileSystemEncoding.hs
index 139b74fe..41c5972a 100644
--- a/src/Utility/FileSystemEncoding.hs
+++ b/src/Utility/FileSystemEncoding.hs
@@ -6,6 +6,7 @@
-}
{-# LANGUAGE CPP #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
module Utility.FileSystemEncoding (
fileEncoding,
diff --git a/src/Utility/LinuxMkLibs.hs b/src/Utility/LinuxMkLibs.hs
index db64d123..fdeb7795 100644
--- a/src/Utility/LinuxMkLibs.hs
+++ b/src/Utility/LinuxMkLibs.hs
@@ -7,7 +7,12 @@
module Utility.LinuxMkLibs where
-import Control.Applicative
+import Utility.PartialPrelude
+import Utility.Directory
+import Utility.Process
+import Utility.Monad
+import Utility.Path
+
import Data.Maybe
import System.Directory
import System.FilePath
@@ -15,12 +20,8 @@ import Data.List.Utils
import System.Posix.Files
import Data.Char
import Control.Monad.IfElse
-
-import Utility.PartialPrelude
-import Utility.Directory
-import Utility.Process
-import Utility.Monad
-import Utility.Path
+import Control.Applicative
+import Prelude
{- Installs a library. If the library is a symlink to another file,
- install the file it links to, and update the symlink to be relative. -}
diff --git a/src/Utility/Misc.hs b/src/Utility/Misc.hs
index e4eccac4..45d5a063 100644
--- a/src/Utility/Misc.hs
+++ b/src/Utility/Misc.hs
@@ -6,23 +6,25 @@
-}
{-# LANGUAGE CPP #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
module Utility.Misc where
+import Utility.FileSystemEncoding
+import Utility.Monad
+
import System.IO
import Control.Monad
import Foreign
import Data.Char
import Data.List
-import Control.Applicative
import System.Exit
#ifndef mingw32_HOST_OS
import System.Posix.Process (getAnyProcessStatus)
import Utility.Exception
#endif
-
-import Utility.FileSystemEncoding
-import Utility.Monad
+import Control.Applicative
+import Prelude
{- A version of hgetContents that is not lazy. Ensures file is
- all read before it gets closed. -}
diff --git a/src/Utility/Monad.hs b/src/Utility/Monad.hs
index 878e0da6..ac751043 100644
--- a/src/Utility/Monad.hs
+++ b/src/Utility/Monad.hs
@@ -5,6 +5,8 @@
- License: BSD-2-clause
-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
+
module Utility.Monad where
import Data.Maybe
diff --git a/src/Utility/PartialPrelude.hs b/src/Utility/PartialPrelude.hs
index 6efa093f..55795563 100644
--- a/src/Utility/PartialPrelude.hs
+++ b/src/Utility/PartialPrelude.hs
@@ -5,6 +5,8 @@
- them being accidentially used.
-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
+
module Utility.PartialPrelude where
import qualified Data.Maybe
diff --git a/src/Utility/Path.hs b/src/Utility/Path.hs
index 9f0737fe..8e3c2bdd 100644
--- a/src/Utility/Path.hs
+++ b/src/Utility/Path.hs
@@ -6,6 +6,7 @@
-}
{-# LANGUAGE PackageImports, CPP #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
module Utility.Path where
@@ -16,6 +17,7 @@ import Data.List
import Data.Maybe
import Data.Char
import Control.Applicative
+import Prelude
#ifdef mingw32_HOST_OS
import qualified System.FilePath.Posix as Posix
diff --git a/src/Utility/PosixFiles.hs b/src/Utility/PosixFiles.hs
index 5a94ead0..4550bebd 100644
--- a/src/Utility/PosixFiles.hs
+++ b/src/Utility/PosixFiles.hs
@@ -8,6 +8,7 @@
-}
{-# LANGUAGE CPP #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
module Utility.PosixFiles (
module X,
diff --git a/src/Utility/Process.hs b/src/Utility/Process.hs
index cbbe8a81..9f98596b 100644
--- a/src/Utility/Process.hs
+++ b/src/Utility/Process.hs
@@ -7,6 +7,7 @@
-}
{-# LANGUAGE CPP, Rank2Types #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
module Utility.Process (
module X,
@@ -54,6 +55,7 @@ import qualified System.Posix.IO
import Control.Applicative
#endif
import Data.Maybe
+import Prelude
import Utility.Misc
import Utility.Exception
diff --git a/src/Utility/QuickCheck.hs b/src/Utility/QuickCheck.hs
index 54200d3f..cd408ddc 100644
--- a/src/Utility/QuickCheck.hs
+++ b/src/Utility/QuickCheck.hs
@@ -19,6 +19,7 @@ import System.Posix.Types
import qualified Data.Map as M
import qualified Data.Set as S
import Control.Applicative
+import Prelude
instance (Arbitrary k, Arbitrary v, Eq k, Ord k) => Arbitrary (M.Map k v) where
arbitrary = M.fromList <$> arbitrary
diff --git a/src/Utility/Scheduled.hs b/src/Utility/Scheduled.hs
index e077a1fe..b3813323 100644
--- a/src/Utility/Scheduled.hs
+++ b/src/Utility/Scheduled.hs
@@ -32,7 +32,6 @@ import Utility.QuickCheck
import Utility.PartialPrelude
import Utility.Misc
-import Control.Applicative
import Data.List
import Data.Time.Clock
import Data.Time.LocalTime
@@ -41,6 +40,8 @@ import Data.Time.Calendar.WeekDate
import Data.Time.Calendar.OrdinalDate
import Data.Tuple.Utils
import Data.Char
+import Control.Applicative
+import Prelude
{- Some sort of scheduled event. -}
data Schedule = Schedule Recurrance ScheduledTime
diff --git a/src/Utility/Tmp.hs b/src/Utility/Tmp.hs
index dc559813..de970fe5 100644
--- a/src/Utility/Tmp.hs
+++ b/src/Utility/Tmp.hs
@@ -6,6 +6,7 @@
-}
{-# LANGUAGE CPP #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
module Utility.Tmp where
diff --git a/src/Utility/UserInfo.hs b/src/Utility/UserInfo.hs
index 5bf8d5c0..7e94cafa 100644
--- a/src/Utility/UserInfo.hs
+++ b/src/Utility/UserInfo.hs
@@ -6,6 +6,7 @@
-}
{-# LANGUAGE CPP #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
module Utility.UserInfo (
myHomeDir,
@@ -13,12 +14,13 @@ module Utility.UserInfo (
myUserGecos,
) where
+import Utility.Env
+
import System.PosixCompat
#ifndef mingw32_HOST_OS
import Control.Applicative
#endif
-
-import Utility.Env
+import Prelude
{- Current user's home directory.
-