summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog9
-rw-r--r--doc/forum/Propellor_from_unprivileged_account.mdwn4
-rw-r--r--doc/forum/Propellor_from_unprivileged_account/comment_1_9a093f5ee1473549cef0578d1b2d1054._comment21
-rw-r--r--doc/forum/cabal:_Unrecognised_flags:_propellor-config.mdwn106
-rw-r--r--doc/forum/cabal:_Unrecognised_flags:_propellor-config/comment_1_5742cd0937a47a14cf3dc41e003e3855._comment26
-rw-r--r--doc/forum/cabal:_Unrecognised_flags:_propellor-config/comment_2_7121b4ceb44419c7a9b3b0c2ff76e52b._comment26
-rw-r--r--doc/forum/cabal:_Unrecognised_flags:_propellor-config/comment_3_886748a3a28e33c90bbc5485eddc8efb._comment10
-rw-r--r--doc/forum/functions_that_yield_properties/comment_5_922e9e20c5326ceb695f7593d8bd72f5._comment38
-rw-r--r--doc/news/version_3.0.4.mdwn8
-rw-r--r--doc/news/version_3.0.5.mdwn8
-rw-r--r--doc/todo/integrate_shell-monad/comment_1_202c24d0a757d5086f65721fc2779131._comment11
-rw-r--r--doc/todo/integrate_shell-monad/comment_2_4e82a5994b4647b4483c92c7785ee905._comment39
-rw-r--r--doc/todo/merge_request:_Sbuild.keypairInsecurelyGenerated.mdwn5
-rw-r--r--doc/todo/merge_request:_changes_to_Reboot.hs.mdwn5
-rw-r--r--src/Propellor/DotDir.hs5
-rw-r--r--src/Propellor/Property/LetsEncrypt.hs4
-rw-r--r--src/Propellor/Property/Sbuild.hs18
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs2
-rw-r--r--stack.yaml1
19 files changed, 333 insertions, 13 deletions
diff --git a/debian/changelog b/debian/changelog
index 763cecc6..6d64552c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+propellor (3.0.6) UNRELEASED; urgency=medium
+
+ * Switch letsencrypt to certbot package name.
+ * Sbuild: Add keyringInsecurelyGenerated which is useful on throwaway
+ build VMs.
+ Thanks, Sean Whitton
+
+ -- Joey Hess <id@joeyh.name> Fri, 10 Jun 2016 14:59:44 -0400
+
propellor (3.0.5) unstable; urgency=medium
* Modules added for Sbuild and Ccache.
diff --git a/doc/forum/Propellor_from_unprivileged_account.mdwn b/doc/forum/Propellor_from_unprivileged_account.mdwn
new file mode 100644
index 00000000..127cee44
--- /dev/null
+++ b/doc/forum/Propellor_from_unprivileged_account.mdwn
@@ -0,0 +1,4 @@
+I have a need to configure the properties of some machines for which I am not the primary administrator (in particular, this is at a university where the central IT group does the administration, but delegates some tasks to department via sudo or by reading specific files). I imagine that I would have write my own properties. Is there a special way to call propellor, or code changes that need to be made to have propellor do the git clone and build in a user's home directory?
+
+Best,
+Jack
diff --git a/doc/forum/Propellor_from_unprivileged_account/comment_1_9a093f5ee1473549cef0578d1b2d1054._comment b/doc/forum/Propellor_from_unprivileged_account/comment_1_9a093f5ee1473549cef0578d1b2d1054._comment
new file mode 100644
index 00000000..01fff2a8
--- /dev/null
+++ b/doc/forum/Propellor_from_unprivileged_account/comment_1_9a093f5ee1473549cef0578d1b2d1054._comment
@@ -0,0 +1,21 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2016-06-09T20:06:05Z"
+ content="""
+Well propellor is normally built in the user's home directory and then
+deploys updates to the hosts and is built and run as root on them.
+
+If you're wanting to only run propellor as a user, to manage some
+user-specific properties, see the Propellor.Location module to change
+the path where propellor depploys itself to on a host.
+
+And in Propellor.Spin it has several `"root@"` that you'd need to change to
+make it ssh into the host as a different user.
+
+And, in Propellor.CmdLine, there's a check of `getRealUserID` to see if it's
+running as root.
+
+I think that's everything that assumes root (aside from a great many
+properties of course!), but can't swear to it.
+"""]]
diff --git a/doc/forum/cabal:_Unrecognised_flags:_propellor-config.mdwn b/doc/forum/cabal:_Unrecognised_flags:_propellor-config.mdwn
new file mode 100644
index 00000000..dd8048a2
--- /dev/null
+++ b/doc/forum/cabal:_Unrecognised_flags:_propellor-config.mdwn
@@ -0,0 +1,106 @@
+G'day Joey. Trying to deploy to a new host and I'm hitting this error:
+
+ cabal: Unrecognised flags: propellor-config
+ sh: 1: ./propellor: not found
+ propellor: user error (ssh ["-o","ControlPath=/home/craige/.ssh/propellor/os01.mcwhirter.io.sock","-o","ControlMa
+ ster=auto","-o","ControlPersist=yes","root@os01.mcwhirter.io","sh -c 'if [ ! -d /usr/local/propellor/.git ] ; the
+ n (if ! git --version >/dev/null; then apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -qq --no-install-
+ recommends --no-upgrade -y install git; fi && echo STATUSNeedGitClone) || echo STATUSNeedPrecompiled ; else cd /u
+ sr/local/propellor && if ! cabal configure >/dev/null 2>&1; then ( apt-get update ; DEBIAN_FRONTEND=noninteractiv
+ e apt-get -qq --no-upgrade --no-install-recommends -y install gnupg ; DEBIAN_FRONTEND=noninteractive apt-get -qq
+ --no-upgrade --no-install-recommends -y install ghc ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --n
+ o-install-recommends -y install cabal-install ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-inst
+ all-recommends -y install libghc-async-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install
+ -recommends -y install libghc-missingh-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install
+ -recommends -y install libghc-hslogger-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install
+ -recommends -y install libghc-unix-compat-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-inst
+ all-recommends -y install libghc-ansi-terminal-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no
+ -install-recommends -y install libghc-ifelse-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-i
+ nstall-recommends -y install libghc-network-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-in
+ stall-recommends -y install libghc-mtl-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install
+ -recommends -y install libghc-transformers-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-ins
+ tall-recommends -y install libghc-exceptions-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-i
+ nstall-recommends -y install libghc-stm-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-instal
+ l-recommends -y install libghc-text-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-re
+ commends -y install make ; cabal update ; cabal install --only-dependencies ) || true; fi&& if ! test -x ./propel
+ lor; then cabal configure && cabal build propellor-config && ln -sf dist/build/propellor-config/propellor-config
+ propellor; fi;if test -x ./propellor && ! ./propellor --check; then cabal clean && cabal configure && cabal build
+ propellor-config && ln -sf dist/build/propellor-config/propellor-config propellor; fi && ./propellor --boot os01
+ .mcwhirter.io ; fi'"] exited 127)
+
+When I build propellor manually on the remote host, same issue:
+
+ /usr/local/propellor# cabal build propellor-config
+ cabal: Unrecognised flags: propellor-config
+
+Building without the propellor-config flag *appears* to work fine:
+
+ /usr/local/propellor# cabal build
+ Building propellor-3.0.4...
+ Preprocessing executable 'propellor-config' for propellor-3.0.4...
+ ...
+ Linking dist/build/propellor-config/propellor-config ...
+ Preprocessing executable 'propellor' for propellor-3.0.4...
+
+So when I change line 39 in Bootstrap.hs to drop "propellor-config" it appears to work OK, locally:
+
+ % ~/.propellor/propellor --spin os01.mcwhirter.io
+ Preprocessing executable 'propellor-config' for propellor-3.0.4...
+ [85 of 90] Compiling Propellor.Bootstrap ( src/Propellor/Bootstrap.hs, dist/build/propellor-config/propellor-config-tmp/Propellor/Bootstrap.o )
+ Linking dist/build/propellor-config/propellor-config ...
+ Propellor build ... done
+
+ You need a passphrase to unlock the secret key for
+ user: ????
+ 4096-bit RSA key, ID ?????, created ????
+
+ [master 0e810ff] propellor spin
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+ Git commit ... done
+ Resolving dependencies...
+ Configuring propellor-3.0.4...
+ Warning: 'license: BSD2' is not a recognised license. The known licenses are:
+ GPL, GPL-2, GPL-3, LGPL, LGPL-2.1, LGPL-3, BSD3, MIT, Apache, Apache-2.0,
+ PublicDomain, AllRightsReserved, OtherLicense
+ Building propellor-3.0.4...
+ Preprocessing executable 'propellor-config' for propellor-3.0.4...
+ Preprocessing executable 'propellor' for propellor-3.0.4...
+ Preprocessing library propellor-3.0.4...
+ ...
+
+However it still fails with the original error on the remote host, despite the new Bootstrap.hs having been copied in place correctly.
+
+ % ~/.propellor/propellor --spin os01.mcwhirter.io
+ Preprocessing executable 'propellor-config' for propellor-3.0.4...
+ [85 of 90] Compiling Propellor.Bootstrap ( src/Propellor/Bootstrap.hs, dist/build/propellor-config/propellor-config-tmp/Propellor/Bootstrap.o )
+ Linking dist/build/propellor-config/propellor-config ...
+ Propellor build ... done
+
+ You need a passphrase to unlock the secret key for
+ user: ?????
+ 4096-bit RSA key, ID ?????, created ?????
+
+ [master bf1b056] propellor spin
+ 1 file changed, 1 deletion(-)
+ Git commit ... done
+ Sending privdata (11 bytes) to os01.mcwhirter.io ... done
+ Sending git update to os01.mcwhirter.io ... done
+ remote: Counting objects: 5, done.
+ remote: Compressing objects: 100% (5/5), done.
+ remote: Total 5 (delta 4), reused 0 (delta 0)
+ From .
+ * branch HEAD -> FETCH_HEAD
+ cabal: Unrecognised flags: propellor-config
+ Resolving dependencies...
+ Configuring propellor-3.0.4...
+ Warning: 'license: BSD2' is not a recognised license. The known licenses are:
+ GPL, GPL-2, GPL-3, LGPL, LGPL-2.1, LGPL-3, BSD3, MIT, Apache, Apache-2.0,
+ PublicDomain, AllRightsReserved, OtherLicense
+ cabal: Unrecognised flags: propellor-config
+ propellor: cabal build failed
+ Shared connection to os01.mcwhirter.io closed.
+ propellor: remote propellor failed
+
+I feel like I'm working around another local issue but so far my "fix" has been in Bootstrap.hs.
+
+Thoughts?
diff --git a/doc/forum/cabal:_Unrecognised_flags:_propellor-config/comment_1_5742cd0937a47a14cf3dc41e003e3855._comment b/doc/forum/cabal:_Unrecognised_flags:_propellor-config/comment_1_5742cd0937a47a14cf3dc41e003e3855._comment
new file mode 100644
index 00000000..93d70dc0
--- /dev/null
+++ b/doc/forum/cabal:_Unrecognised_flags:_propellor-config/comment_1_5742cd0937a47a14cf3dc41e003e3855._comment
@@ -0,0 +1,26 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2016-06-07T17:13:29Z"
+ content="""
+propellor-config is the name of the Executable component
+in the cabal file that we want cabal to build.
+
+ Usage: cabal build [FLAGS]
+ or: cabal build COMPONENTS [FLAGS]
+
+It's the COMPONENT shown in the cabal build help. It seems that your cabal
+doesn't not understand this syntax. What version of cabal is that?
+
+(Based on the license warning, I'm guessing its an older version of cabal
+than the 1.22.6.0 I'm using here. The cabal 1.20.0.3 in Debian stable also
+supports this syntax.)
+
+Only building the propellor-config Executable is only an optimisation;
+otherwise cabal build also builds propellor as a library which is not
+needed here. So your workaround to drop that parameter should be ok.
+
+You probably need to rebuild propellor on the remote host manually
+after updating the code there, since the remote host has a version of
+propellor compiled such that it tries to recompile itself using that parameter..
+"""]]
diff --git a/doc/forum/cabal:_Unrecognised_flags:_propellor-config/comment_2_7121b4ceb44419c7a9b3b0c2ff76e52b._comment b/doc/forum/cabal:_Unrecognised_flags:_propellor-config/comment_2_7121b4ceb44419c7a9b3b0c2ff76e52b._comment
new file mode 100644
index 00000000..928f5d11
--- /dev/null
+++ b/doc/forum/cabal:_Unrecognised_flags:_propellor-config/comment_2_7121b4ceb44419c7a9b3b0c2ff76e52b._comment
@@ -0,0 +1,26 @@
+[[!comment format=mdwn
+ username="craige@a46118dff5bc0fad85259759970d8b4b9fc377d7"
+ nickname="craige"
+ subject="comment 2"
+ date="2016-06-07T22:32:04Z"
+ content="""
+Local (Debian \"Stretch\"):
+
+ % cabal -V
+ cabal-install version 1.22.9.0
+ using version 1.22.8.0 of the Cabal library
+
+Remote (Buntish 14.04):
+
+ # cabal -V
+ cabal-install version 1.16.0.2
+ using version 1.16.0 of the Cabal library
+
+This host needs to remain 14.04 for reasons out of my control.
+
+When I land in a few hours, I'll try upgrading cabal on that host and I expect the problem will disappear.
+
+Thanks!
+
+(kicking myself for not thinking of cabal versions)
+"""]]
diff --git a/doc/forum/cabal:_Unrecognised_flags:_propellor-config/comment_3_886748a3a28e33c90bbc5485eddc8efb._comment b/doc/forum/cabal:_Unrecognised_flags:_propellor-config/comment_3_886748a3a28e33c90bbc5485eddc8efb._comment
new file mode 100644
index 00000000..8c04f052
--- /dev/null
+++ b/doc/forum/cabal:_Unrecognised_flags:_propellor-config/comment_3_886748a3a28e33c90bbc5485eddc8efb._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2016-06-08T17:07:09Z"
+ content="""
+This could be probed at runtime, I'd be willing to consider a patch
+checking cabal --version if you want to develop one.
+
+(Propellor supports Debian stable, but Ubuntu 14.04 is older than that.)
+"""]]
diff --git a/doc/forum/functions_that_yield_properties/comment_5_922e9e20c5326ceb695f7593d8bd72f5._comment b/doc/forum/functions_that_yield_properties/comment_5_922e9e20c5326ceb695f7593d8bd72f5._comment
new file mode 100644
index 00000000..7cbcdd84
--- /dev/null
+++ b/doc/forum/functions_that_yield_properties/comment_5_922e9e20c5326ceb695f7593d8bd72f5._comment
@@ -0,0 +1,38 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ subject="comment 5"
+ date="2016-06-07T07:32:49Z"
+ content="""
+Unfortunately, the more general type doesn't seem to work:
+
+ withMyAcc
+ :: (SingI outer, Cannot_ensureProperty_WithInfo inner ~ 'True,
+ NotSuperset (Targets inner) (Targets outer) ~ 'CanCombine)
+ => Desc
+ -> (User -> Property (MetaTypes inner))
+ -> Property (MetaTypes outer)
+ withMyAcc desc mkp = property' desc $ \w -> do
+ u <- getMyAcc
+ ensureProperty w (mkp u)
+
+ accountForSean :: Property DebianLike
+ accountForSean = withMyAcc \"account for Sean\" User.accountFor
+
+yields
+
+ src/Propellor/Property/SiteSpecific/SPW/Account.hs:85:18:
+ Couldn't match kind ‘*’ with ‘MetaType’
+ Expected type: Property DebianLike
+ Actual type: Property (MetaTypes outer0)
+ In the expression: withMyAcc \"account for Sean\" User.accountFor
+ In an equation for ‘accountForSean’:
+ accountForSean = withMyAcc \"account for Sean\" User.accountFor
+
+ src/Propellor/Property/SiteSpecific/SPW/Account.hs:85:47:
+ Couldn't match kind ‘MetaType’ with ‘*’
+ Expected type: User -> Property (MetaTypes inner0)
+ Actual type: User -> Property DebianLike
+ In the second argument of ‘withMyAcc’, namely ‘User.accountFor’
+ In the expression: withMyAcc \"account for Sean\" User.accountFor
+
+"""]]
diff --git a/doc/news/version_3.0.4.mdwn b/doc/news/version_3.0.4.mdwn
deleted file mode 100644
index f6e1eac2..00000000
--- a/doc/news/version_3.0.4.mdwn
+++ /dev/null
@@ -1,8 +0,0 @@
-propellor 3.0.4 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
- * Run letsencrypt with --noninteractive.
- * Fix build with ghc 8.0.1.
- Thanks, davean.
- * Module added for the Borg backup system.
- Thanks, Félix Sipma.
- * Fix build with directory-1.2.6.2."""]] \ No newline at end of file
diff --git a/doc/news/version_3.0.5.mdwn b/doc/news/version_3.0.5.mdwn
new file mode 100644
index 00000000..b9655cf5
--- /dev/null
+++ b/doc/news/version_3.0.5.mdwn
@@ -0,0 +1,8 @@
+propellor 3.0.5 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * Modules added for Sbuild and Ccache.
+ Thanks, Sean Whitton
+ * Systemd: Added killUserProcesses property, which can be reverted
+ to return systemd to its default behavior before version 230 started
+ killing processes like screen sessions.
+ * Systemd: Added logindConfigured property."""]] \ No newline at end of file
diff --git a/doc/todo/integrate_shell-monad/comment_1_202c24d0a757d5086f65721fc2779131._comment b/doc/todo/integrate_shell-monad/comment_1_202c24d0a757d5086f65721fc2779131._comment
new file mode 100644
index 00000000..bfa5e3b1
--- /dev/null
+++ b/doc/todo/integrate_shell-monad/comment_1_202c24d0a757d5086f65721fc2779131._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="gueux"
+ subject="comment 1"
+ date="2016-06-13T17:31:37Z"
+ content="""
+How would you see the integration of shell-monad or turtle?
+
+Do you have a preference?
+
+I actually use turtle and it is great! It may be more complete than shell-monad which may be an advantage or a disadvantage...
+"""]]
diff --git a/doc/todo/integrate_shell-monad/comment_2_4e82a5994b4647b4483c92c7785ee905._comment b/doc/todo/integrate_shell-monad/comment_2_4e82a5994b4647b4483c92c7785ee905._comment
new file mode 100644
index 00000000..0779c49f
--- /dev/null
+++ b/doc/todo/integrate_shell-monad/comment_2_4e82a5994b4647b4483c92c7785ee905._comment
@@ -0,0 +1,39 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2016-06-13T20:23:37Z"
+ content="""
+One easy way would be something like:
+
+ shellMonadProperty :: Control.Monad.Shell.Script Result -> Property UnixLike
+
+But, I don't know if that would really be useful. The better use case for
+shell-monad seems to be where things like `userScriptProperty` take a
+`Script`, that is currently an alias for `String`. Since shell-monad can
+generate a shell script, it would be easy to write:
+
+ shellMonad :: Control.Monad.Shell.Script () -> Script
+
+Or, perhaps change userScriptProperty to accept either a stringy-Script or
+a shell monad Script, via a type class. Then it could be used like this:
+
+ userScriptProperty (User "joey") $ do
+ cmd "echo" "hello"
+ cmd "rm" "/home/joey/something"
+
+Turtle seems to not have its own monad but simply uses MonadIO. So seems
+you can use Turtle in the implementation of propellor properties the same as
+other IO actions. Which is great, it should be easy to use it if you want
+to. Something like:
+
+ import Turtle.Prelude
+
+ myProperty :: Property UnixLike
+ myProperty = property "my property using turtle" $ liftIO $ do
+ echo "hello"
+ rm "/something"
+ return NoChange
+
+But I don't think turtle can generate shell scripts like used by
+`userScriptProperty`.
+"""]]
diff --git a/doc/todo/merge_request:_Sbuild.keypairInsecurelyGenerated.mdwn b/doc/todo/merge_request:_Sbuild.keypairInsecurelyGenerated.mdwn
new file mode 100644
index 00000000..7a22e976
--- /dev/null
+++ b/doc/todo/merge_request:_Sbuild.keypairInsecurelyGenerated.mdwn
@@ -0,0 +1,5 @@
+Please consider merging branch `insecure-sbuild-keygen` from repo `https://git.spwhitton.name/propellor`.
+
+- Adds `Sbuild.keyringInsecurelyGenerated` which is useful on throwaway build VMs
+
+> [[merged|done]] --[[Joey]]
diff --git a/doc/todo/merge_request:_changes_to_Reboot.hs.mdwn b/doc/todo/merge_request:_changes_to_Reboot.hs.mdwn
new file mode 100644
index 00000000..a18b21e5
--- /dev/null
+++ b/doc/todo/merge_request:_changes_to_Reboot.hs.mdwn
@@ -0,0 +1,5 @@
+Please consider merging branch `reboot` of repo `https://git.spwhitton.name/propellor`
+
+- Factor out reboot code in `Propellor.Property.SiteSpecific.DigitalOcean` into `Propellor.Property.Reboot`
+- Add `Propellor.Property.Reboot.toKernelNewerThan`.
+- Add `Propellor.Property.SiteSpecific.Exoscale`
diff --git a/src/Propellor/DotDir.hs b/src/Propellor/DotDir.hs
index f32b52a4..79b0b43f 100644
--- a/src/Propellor/DotDir.hs
+++ b/src/Propellor/DotDir.hs
@@ -308,13 +308,16 @@ minimalConfig = do
stackcontent =
-- This should be the same resolver version in propellor's
-- own stack.yaml
- [ "resolver: lts-5.10"
+ [ "resolver: " ++ stackResolver
, "packages:"
, "- '.'"
, "extra-deps:"
, "- propellor-" ++ showVersion Package.version
]
+stackResolver :: String
+stackResolver = "lts-5.10"
+
fullClone :: IO Result
fullClone = do
d <- dotPropellor
diff --git a/src/Propellor/Property/LetsEncrypt.hs b/src/Propellor/Property/LetsEncrypt.hs
index 592a1e1d..9e4898dd 100644
--- a/src/Propellor/Property/LetsEncrypt.hs
+++ b/src/Propellor/Property/LetsEncrypt.hs
@@ -8,10 +8,8 @@ import qualified Propellor.Property.Apt as Apt
import System.Posix.Files
--- Not using the certbot name yet, until it reaches jessie-backports and
--- testing.
installed :: Property DebianLike
-installed = Apt.installed ["letsencrypt"]
+installed = Apt.installed ["certbot"]
-- | Tell the letsencrypt client that you agree with the Let's Encrypt
-- Subscriber Agreement. Providing an email address is recommended,
diff --git a/src/Propellor/Property/Sbuild.hs b/src/Propellor/Property/Sbuild.hs
index 2647e69e..bfa264a8 100644
--- a/src/Propellor/Property/Sbuild.hs
+++ b/src/Propellor/Property/Sbuild.hs
@@ -66,6 +66,7 @@ module Propellor.Property.Sbuild (
-- blockNetwork,
installed,
keypairGenerated,
+ keypairInsecurelyGenerated,
shareAptCache,
usableBy,
) where
@@ -320,7 +321,22 @@ keypairGenerated = check (not <$> doesFileExist secKeyFile) $ go
go = tightenTargets $
cmdProperty "sbuild-update" ["--keygen"]
`assume` MadeChange
- secKeyFile = "/var/lib/sbuild/apt-keys/sbuild-key.sec"
+
+secKeyFile :: FilePath
+secKeyFile = "/var/lib/sbuild/apt-keys/sbuild-key.sec"
+
+-- | Generate the apt keys needed by sbuild using a low-quality source of
+-- randomness
+--
+-- Useful on throwaway build VMs.
+keypairInsecurelyGenerated :: Property DebianLike
+keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) go
+ where
+ go :: Property DebianLike
+ go = combineProperties "sbuild keyring insecurely generated" $ props
+ & Apt.installed ["rng-tools"]
+ & cmdProperty "rngd" ["-r", "/dev/urandom"] `assume` MadeChange
+ & keypairGenerated
-- another script from wiki.d.o/sbuild
ccachePrepared :: Property DebianLike
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index a6cb3794..e3bef900 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -683,6 +683,8 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props
& Apt.serviceInstalledRunning "mailman"
& Postfix.service ssmtp
+
+ & Apt.installed ["fetchmail"]
where
ctx = Context "kitenet.net"
pinescript = "/usr/local/bin/pine"
diff --git a/stack.yaml b/stack.yaml
index 7b6bcef8..2689c624 100644
--- a/stack.yaml
+++ b/stack.yaml
@@ -1,3 +1,4 @@
+# When updating the resolver here, also update stackResolver in Propellor.DotDir
resolver: lts-5.10
packages:
- '.'