summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
l---------config.hs2
-rw-r--r--doc/forum/Ldap_and_Propellor.mdwn12
-rw-r--r--doc/forum/Ldap_and_Propellor/comment_1_80f98aaf4927d834dc714faeae7bf167._comment16
-rw-r--r--doc/forum/use_withUmask_in_a_property/comment_6_79355b6df4dc750a4ea2e1e13f50dca8._comment7
-rw-r--r--doc/forum/use_withUmask_in_a_property/comment_7_6b9488d20a04bc25f2ba44391f4a0a47._comment8
-rw-r--r--doc/forum/use_withUmask_in_a_property/comment_8_ce37b55141120b3b6babebe14c1b1ec2._comment7
-rw-r--r--doc/forum/use_withUmask_in_a_property/comment_9_a84a0c6773c8b3df03c028b63814b3d8._comment9
-rw-r--r--privdata/relocate1
-rw-r--r--src/Propellor/Property/Sbuild.hs24
9 files changed, 83 insertions, 3 deletions
diff --git a/config.hs b/config.hs
index 97d90636..ec313725 120000
--- a/config.hs
+++ b/config.hs
@@ -1 +1 @@
-joeyconfig.hs \ No newline at end of file
+config-simple.hs \ No newline at end of file
diff --git a/doc/forum/Ldap_and_Propellor.mdwn b/doc/forum/Ldap_and_Propellor.mdwn
new file mode 100644
index 00000000..094be12a
--- /dev/null
+++ b/doc/forum/Ldap_and_Propellor.mdwn
@@ -0,0 +1,12 @@
+Hello,
+
+First, thank you for your program and your work, it's very interesting. I'm trying to use it and I have two questions :
+
+
+1) Is there already some propellor code to deal with Ldap or should I write my own code ? (I didn't see anything in the API doc)
+
+2) Is it possible to use propellor with another folder than ~/.propellor/ ? (for exemple to deal with several "domains")
+
+Thank you,
+
+TobiasBora.
diff --git a/doc/forum/Ldap_and_Propellor/comment_1_80f98aaf4927d834dc714faeae7bf167._comment b/doc/forum/Ldap_and_Propellor/comment_1_80f98aaf4927d834dc714faeae7bf167._comment
new file mode 100644
index 00000000..7c8d9bbf
--- /dev/null
+++ b/doc/forum/Ldap_and_Propellor/comment_1_80f98aaf4927d834dc714faeae7bf167._comment
@@ -0,0 +1,16 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2016-07-05T20:39:45Z"
+ content="""
+I don't think that anyone has integrated it with LDAP yet.
+
+It's easy to use propellor from another location; just put the propellor
+git repository anywhere you want, use `make` to build it once,
+and run `./propellor` thereafter.
+
+The only thing that hardcodes using ~/.propellor is the /usr/bin/propellor
+wrapper, by running the propellor you built yourself you bypass the need
+for the wrapper. I keep propellor in ~/src/propellor on my laptop
+and run it this way myself.
+"""]]
diff --git a/doc/forum/use_withUmask_in_a_property/comment_6_79355b6df4dc750a4ea2e1e13f50dca8._comment b/doc/forum/use_withUmask_in_a_property/comment_6_79355b6df4dc750a4ea2e1e13f50dca8._comment
new file mode 100644
index 00000000..6efc3fff
--- /dev/null
+++ b/doc/forum/use_withUmask_in_a_property/comment_6_79355b6df4dc750a4ea2e1e13f50dca8._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="gueux"
+ subject="comment 6"
+ date="2016-06-24T10:08:51Z"
+ content="""
+Ahhh! I didn't realize this, now it makes sense to me, thanks! maybe you could make withFile' available in propellor? (and maybe even override withFile)
+"""]]
diff --git a/doc/forum/use_withUmask_in_a_property/comment_7_6b9488d20a04bc25f2ba44391f4a0a47._comment b/doc/forum/use_withUmask_in_a_property/comment_7_6b9488d20a04bc25f2ba44391f4a0a47._comment
new file mode 100644
index 00000000..a1e3ab6a
--- /dev/null
+++ b/doc/forum/use_withUmask_in_a_property/comment_7_6b9488d20a04bc25f2ba44391f4a0a47._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="gueux"
+ subject="comment 7"
+ date="2016-06-24T10:24:16Z"
+ content="""
+Hopefully we will have MonadIO is base (and functions generalized) one day :)
+https://mail.haskell.org/pipermail/libraries/2015-July/026008.html
+"""]]
diff --git a/doc/forum/use_withUmask_in_a_property/comment_8_ce37b55141120b3b6babebe14c1b1ec2._comment b/doc/forum/use_withUmask_in_a_property/comment_8_ce37b55141120b3b6babebe14c1b1ec2._comment
new file mode 100644
index 00000000..18b94ff0
--- /dev/null
+++ b/doc/forum/use_withUmask_in_a_property/comment_8_ce37b55141120b3b6babebe14c1b1ec2._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="gueux"
+ subject="comment 8"
+ date="2016-06-24T10:29:09Z"
+ content="""
+Oh, MonadIO is actually in base. We \"just\" miss the generelized functions...
+"""]]
diff --git a/doc/forum/use_withUmask_in_a_property/comment_9_a84a0c6773c8b3df03c028b63814b3d8._comment b/doc/forum/use_withUmask_in_a_property/comment_9_a84a0c6773c8b3df03c028b63814b3d8._comment
new file mode 100644
index 00000000..f819337f
--- /dev/null
+++ b/doc/forum/use_withUmask_in_a_property/comment_9_a84a0c6773c8b3df03c028b63814b3d8._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 9"""
+ date="2016-07-05T20:44:14Z"
+ content="""
+Yeah, it's a general problem with base that it's not sufficiently
+generalized. I suppose it's best not to add exported functions to propellor
+to work around that general problem.
+"""]]
diff --git a/privdata/relocate b/privdata/relocate
deleted file mode 100644
index 271692d8..00000000
--- a/privdata/relocate
+++ /dev/null
@@ -1 +0,0 @@
-.joeyconfig
diff --git a/src/Propellor/Property/Sbuild.hs b/src/Propellor/Property/Sbuild.hs
index 5d58a84a..7a27473c 100644
--- a/src/Propellor/Property/Sbuild.hs
+++ b/src/Propellor/Property/Sbuild.hs
@@ -358,6 +358,12 @@ secKeyFile = "/var/lib/sbuild/apt-keys/sbuild-key.sec"
-- | Generate the apt keys needed by sbuild using a low-quality source of
-- randomness
--
+-- Note that any running rngd will be killed; if you are using rngd, you should
+-- arrange for it to be restarted after this property has been ensured. E.g.
+--
+-- > & Sbuild.keypairInsecurelyGenerated
+-- > `onChange` Systemd.started "my-rngd-service"
+--
-- Useful on throwaway build VMs.
keypairInsecurelyGenerated :: Property DebianLike
keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) go
@@ -365,8 +371,24 @@ keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) go
go :: Property DebianLike
go = combineProperties "sbuild keyring insecurely generated" $ props
& Apt.installed ["rng-tools"]
- & cmdProperty "rngd" ["-r", "/dev/urandom"] `assume` MadeChange
+ -- If this dir does not exist the sbuild key generation command
+ -- will fail; the user might have deleted it to work around
+ -- #831462
+ & File.dirExists "/var/lib/sbuild/apt-keys"
+ -- If there is already an rngd process running we have to kill
+ -- it, as it might not be feeding to /dev/urandom. We can't
+ -- kill by pid file because that is not guaranteed to be the
+ -- default (/var/run/rngd.pid), so we killall
+ & userScriptProperty (User "root")
+ [ "start-stop-daemon -q -K -R 10 -o -n rngd"
+ , "rngd -r /dev/urandom"
+ ]
+ `assume` MadeChange
& keypairGenerated
+ -- Kill off the rngd process we spawned
+ & userScriptProperty (User "root")
+ ["kill $(cat /var/run/rngd.pid)"]
+ `assume` MadeChange
-- another script from wiki.d.o/sbuild
ccachePrepared :: Property DebianLike