summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
l---------config.hs2
-rw-r--r--debian/changelog26
-rw-r--r--debian/propellor.README.Debian (renamed from debian/README.Debian)0
-rw-r--r--doc/automated_spins.mdwn2
-rw-r--r--doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_3_e057fae70854f7323dafa0d79b327dec._comment11
-rw-r--r--doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_4_916b6cae93e772fa0fac88676409b03a._comment8
-rw-r--r--doc/news/version_3.1.2.mdwn22
-rw-r--r--doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust.mdwn7
-rw-r--r--doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_1_8164845c93baeaaccd7b29fef5d33df8._comment9
-rw-r--r--doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_2_bff114c1d3a225b5149e8710118116af._comment9
-rw-r--r--doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_3_7ad0001a277c4d1646be9993d09a0507._comment9
-rw-r--r--doc/todo/updates_for_sbuild_0.70.0-1.mdwn21
-rw-r--r--doc/todo/updates_for_sbuild_0.70.0-1/comment_1_c690617e7728887f6a32aacbff5aeeed._comment13
-rw-r--r--doc/todo/updates_for_sbuild_0.70.0-1/comment_2_a4faafb097bc35b62b47a8ea875b22cc._comment7
-rw-r--r--doc/todo/updates_for_sbuild_0.70.0-1/comment_3_058ba5f259f24814e8fd3823d3aa2b5e._comment11
-rw-r--r--privdata/relocate1
-rw-r--r--propellor.cabal4
-rw-r--r--src/Propellor/DotDir.hs12
-rw-r--r--src/Propellor/Git.hs13
-rw-r--r--src/Propellor/Property/Sbuild.hs81
-rw-r--r--src/Propellor/Property/Ssh.hs4
21 files changed, 233 insertions, 39 deletions
diff --git a/config.hs b/config.hs
index 97d90636..ec313725 120000
--- a/config.hs
+++ b/config.hs
@@ -1 +1 @@
-joeyconfig.hs \ No newline at end of file
+config-simple.hs \ No newline at end of file
diff --git a/debian/changelog b/debian/changelog
index 893498a4..1f46b487 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,29 @@
+propellor (3.1.2) unstable; urgency=medium
+
+ [ Joey Hess ]
+ * Ssh.knownHost: Bug fix: Only fix up the owner of the known_hosts
+ file after it exists.
+
+ [ Sean Whitton ]
+ * Sbuild.keypairInsecurelyGenerated: Improved to be more robust.
+ * Pass --allow-unrelated-histories to git merge when run with git 2.9 or
+ newer. This fixes the /usr/bin/propellor wrapper with this version of git.
+ * Sbuild.built & Sbuild.builtFor no longer require Sbuild.keypairGenerated.
+ Transition guide: If you are using sbuild 0.70.0 or newer, you should
+ `rm -r /var/lib/sbuild/apt-keys`. Otherwise, you should add either
+ Sbuild.keypairGenerated or Sbuild.keypairInsecurelyGenerated to your host.
+ * Sbuild haddock improvements:
+ - State that we don't support squeeze and Buntish older than trusty.
+ This is due to our enhancements, such as eatmydata.
+ - State that you need sbuild 0.70.0 or newer to build for stretch.
+ This is due to gpg2 hitting Debian stretch.
+ - Explain when a keygen is required.
+ - Update sample ~/.sbuildrc for sbuild 0.71.0.
+ - Add hint for customising chroots with propellor.
+ - Update example usage of System type.
+
+ -- Joey Hess <id@joeyh.name> Sun, 28 Aug 2016 14:39:23 -0400
+
propellor (3.1.1) unstable; urgency=medium
* Haddock build fix.
diff --git a/debian/README.Debian b/debian/propellor.README.Debian
index 851add5d..851add5d 100644
--- a/debian/README.Debian
+++ b/debian/propellor.README.Debian
diff --git a/doc/automated_spins.mdwn b/doc/automated_spins.mdwn
index 34f04683..a0535133 100644
--- a/doc/automated_spins.mdwn
+++ b/doc/automated_spins.mdwn
@@ -41,7 +41,7 @@ You can add a central git repository to your existing propellor setup easily:
it differs from the url above, by setting up a remote named "deploy":
`cd ~/.propellor/; git remote add deploy git://git.example.com/propellor.git`
-3. Add a crom job property to your hosts, which will make them periodically
+3. Add a cron job property to your hosts, which will make them periodically
check for changes that were committed to the central repository:
`Cron.runPropellor (Cron.Times "*/30 * * * *")`
diff --git a/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_3_e057fae70854f7323dafa0d79b327dec._comment b/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_3_e057fae70854f7323dafa0d79b327dec._comment
new file mode 100644
index 00000000..5da15f09
--- /dev/null
+++ b/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_3_e057fae70854f7323dafa0d79b327dec._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="weinzwang"
+ subject="Same problem with ssh.knownHost"
+ date="2016-07-24T15:47:25Z"
+ content="""
+Making a host key known to a brand new user `requires` the
+owner of a nonexistent file to be set, if I understand the
+code correctly. Removing the \"requires\"-lines from the function
+modKnownHost makes the problem go away, but that's probably not
+the correct solution.
+"""]]
diff --git a/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_4_916b6cae93e772fa0fac88676409b03a._comment b/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_4_916b6cae93e772fa0fac88676409b03a._comment
new file mode 100644
index 00000000..36a31728
--- /dev/null
+++ b/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_4_916b6cae93e772fa0fac88676409b03a._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 4"""
+ date="2016-07-24T17:35:24Z"
+ content="""
+I see it; changed it to use `before` so the file creation/modification
+comes before any chmodding.
+"""]]
diff --git a/doc/news/version_3.1.2.mdwn b/doc/news/version_3.1.2.mdwn
new file mode 100644
index 00000000..b54b396a
--- /dev/null
+++ b/doc/news/version_3.1.2.mdwn
@@ -0,0 +1,22 @@
+propellor 3.1.2 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * [ Joey Hess ]
+ * Ssh.knownHost: Bug fix: Only fix up the owner of the known\_hosts
+ file after it exists.
+ * [ Sean Whitton ]
+ * Sbuild.keypairInsecurelyGenerated: Improved to be more robust.
+ * Pass --allow-unrelated-histories to git merge when run with git 2.9 or
+ newer. This fixes the /usr/bin/propellor wrapper with this version of git.
+ * Sbuild.built &amp; Sbuild.builtFor no longer require Sbuild.keypairGenerated.
+ Transition guide: If you are using sbuild 0.70.0 or newer, you should
+ `rm -r /var/lib/sbuild/apt-keys`. Otherwise, you should add either
+ Sbuild.keypairGenerated or Sbuild.keypairInsecurelyGenerated to your host.
+ * Sbuild haddock improvements:
+ - State that we don't support squeeze and Buntish older than trusty.
+ This is due to our enhancements, such as eatmydata.
+ - State that you need sbuild 0.70.0 or newer to build for stretch.
+ This is due to gpg2 hitting Debian stretch.
+ - Explain when a keygen is required.
+ - Update sample ~/.sbuildrc for sbuild 0.71.0.
+ - Add hint for customising chroots with propellor.
+ - Update example usage of System type."""]] \ No newline at end of file
diff --git a/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust.mdwn b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust.mdwn
new file mode 100644
index 00000000..ed8761c6
--- /dev/null
+++ b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust.mdwn
@@ -0,0 +1,7 @@
+Please consider merging branch `rngd-robust` of repo `https://git.spwhitton.name/propellor`
+
+Several changes to the `Sbuild.keypairInsecurelyGenerated` property to make it more robust. Please see comments added by the diff.
+
+> <s>done</s> ... however, that sleep 10 after killing rngd seems quite dodgy. --[[Joey]]
+
+>> final merge [[done]] --[[Joey]]
diff --git a/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_1_8164845c93baeaaccd7b29fef5d33df8._comment b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_1_8164845c93baeaaccd7b29fef5d33df8._comment
new file mode 100644
index 00000000..67e8b454
--- /dev/null
+++ b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_1_8164845c93baeaaccd7b29fef5d33df8._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ subject="comment 1"
+ date="2016-07-24T23:40:45Z"
+ content="""
+Thanks for looking at this, though looking as master you haven't actually merged my branch.
+
+I'm reluctant to build in a lot of shell scripting logic to do better than `sleep 10`. Do you think it would be worth writing a property that ensures that a process with a given pid file has been killed? Or just an action in the propellor monad?
+"""]]
diff --git a/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_2_bff114c1d3a225b5149e8710118116af._comment b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_2_bff114c1d3a225b5149e8710118116af._comment
new file mode 100644
index 00000000..904a2138
--- /dev/null
+++ b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_2_bff114c1d3a225b5149e8710118116af._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2016-07-25T00:51:44Z"
+ content="""
+(Really merged now.)
+
+A property would be good. Might could just use `start-stop-daemon`.
+"""]]
diff --git a/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_3_7ad0001a277c4d1646be9993d09a0507._comment b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_3_7ad0001a277c4d1646be9993d09a0507._comment
new file mode 100644
index 00000000..5ca3a142
--- /dev/null
+++ b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_3_7ad0001a277c4d1646be9993d09a0507._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ subject="comment 3"
+ date="2016-07-27T20:42:29Z"
+ content="""
+I just pushed a commit using `start-stop-daemon` to my `robust-rngd` branch. I decided against factoring out as a property until another use case comes up. Please consider merging my branch, and then this todo will really be done.
+
+Thanks for introducing me to a nice tool.
+"""]]
diff --git a/doc/todo/updates_for_sbuild_0.70.0-1.mdwn b/doc/todo/updates_for_sbuild_0.70.0-1.mdwn
new file mode 100644
index 00000000..58659643
--- /dev/null
+++ b/doc/todo/updates_for_sbuild_0.70.0-1.mdwn
@@ -0,0 +1,21 @@
+sbuild 0.70.0-1 no longer installs gnupg into chroots on each build. That means that if you have an sbuild apt keypair generated, the build will fail unless you enter the source chroot and install gnupg.
+
+It turns out that the apt keypair is only needed if you're trying to build for squeeze or older. Otherwise, you can just use sbuild without such a keypair. So we have two options to fix Sbuild.hs:
+
+1. Install gnupg into chroots.
+
+ - This is easy for newly created chroots.
+
+ - The code to update existing chroots will be unpleasant, because we don't want to run propellor inside the sbuild chroot so that it remains standardised (that's why we create it with sbuild-createchroot).
+
+2. Drop support for building for squeeze and newer, replacing the `keypairGenerated` and `keypairInsecurelyGenerated` properties with a property that ensures that the keypair directory does not exist.
+
+ - Squeeze is very old.
+
+ - This will simplify and speed up chroot creation and builds.
+
+I'd like feedback on these two options before preparing a patch for one of them.
+
+--spwhitton
+
+> [[merged|done]] --[[Joey]]
diff --git a/doc/todo/updates_for_sbuild_0.70.0-1/comment_1_c690617e7728887f6a32aacbff5aeeed._comment b/doc/todo/updates_for_sbuild_0.70.0-1/comment_1_c690617e7728887f6a32aacbff5aeeed._comment
new file mode 100644
index 00000000..b96ba779
--- /dev/null
+++ b/doc/todo/updates_for_sbuild_0.70.0-1/comment_1_c690617e7728887f6a32aacbff5aeeed._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2016-08-20T19:03:47Z"
+ content="""
+I think it would be fine to drop wheezy support.
+
+After all, propellor doesn't support installing on wheezy systems generally
+since over a year ago. (Though these kinds of chroots used for building
+stuff might have good reasons to want such an old version.)
+
+But it's really up to you.
+"""]]
diff --git a/doc/todo/updates_for_sbuild_0.70.0-1/comment_2_a4faafb097bc35b62b47a8ea875b22cc._comment b/doc/todo/updates_for_sbuild_0.70.0-1/comment_2_a4faafb097bc35b62b47a8ea875b22cc._comment
new file mode 100644
index 00000000..f6bb1cb3
--- /dev/null
+++ b/doc/todo/updates_for_sbuild_0.70.0-1/comment_2_a4faafb097bc35b62b47a8ea875b22cc._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ subject="comment 2"
+ date="2016-08-25T04:35:50Z"
+ content="""
+Turns out that the code in Sbuild.hs fails to set up a squeeze chroot anyway. Working on a branch -- need to do some testing to make sure the documentation correctly states minimum requirements.
+"""]]
diff --git a/doc/todo/updates_for_sbuild_0.70.0-1/comment_3_058ba5f259f24814e8fd3823d3aa2b5e._comment b/doc/todo/updates_for_sbuild_0.70.0-1/comment_3_058ba5f259f24814e8fd3823d3aa2b5e._comment
new file mode 100644
index 00000000..f5a644e3
--- /dev/null
+++ b/doc/todo/updates_for_sbuild_0.70.0-1/comment_3_058ba5f259f24814e8fd3823d3aa2b5e._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ subject="comment 3"
+ date="2016-08-26T02:27:15Z"
+ content="""
+Please consider merging my `sbuild-0.71.0` branch.
+
+The only functional change is that `Sbuild.keygen{Insecurely,}Generated` are now optional.
+
+The rest of the changes are documentation. They explain precisely when you need `Sbuild.keygenGenerated`, how to deal with the gpg->gpg2 issues that have arisen recently (not this module's fault) and make clearer some situations the module was never able to deal with (e.g. building for squeeze).
+"""]]
diff --git a/privdata/relocate b/privdata/relocate
deleted file mode 100644
index 271692d8..00000000
--- a/privdata/relocate
+++ /dev/null
@@ -1 +0,0 @@
-.joeyconfig
diff --git a/propellor.cabal b/propellor.cabal
index dc5390bb..d4e6c2fd 100644
--- a/propellor.cabal
+++ b/propellor.cabal
@@ -1,5 +1,5 @@
Name: propellor
-Version: 3.1.1
+Version: 3.1.2
Cabal-Version: >= 1.8
License: BSD2
Maintainer: Joey Hess <id@joeyh.name>
@@ -22,7 +22,7 @@ Extra-Source-Files:
contrib/post-merge-hook
stack.yaml
debian/changelog
- debian/README.Debian
+ debian/propellor.README.Debian
debian/compat
debian/control
debian/copyright
diff --git a/src/Propellor/DotDir.hs b/src/Propellor/DotDir.hs
index c73420b0..21a9cdb7 100644
--- a/src/Propellor/DotDir.hs
+++ b/src/Propellor/DotDir.hs
@@ -401,7 +401,17 @@ setupUpstreamMaster newref = do
changeWorkingDirectory tmprepo
git ["fetch", distrepo, "--quiet"]
git ["reset", "--hard", oldref, "--quiet"]
- git ["merge", newref, "-s", "recursive", "-Xtheirs", "--quiet", "-m", "merging upstream version"]
+ v <- gitVersion
+ let mergeparams =
+ [ "merge", newref
+ , "-s", "recursive"
+ , "-Xtheirs"
+ , "--quiet"
+ , "-m", "merging upstream version"
+ ] ++ if v >= [2,9]
+ then [ "--allow-unrelated-histories" ]
+ else []
+ git mergeparams
void $ fetchUpstreamBranch tmprepo
cleantmprepo
diff --git a/src/Propellor/Git.hs b/src/Propellor/Git.hs
index c3257b31..1d81c157 100644
--- a/src/Propellor/Git.hs
+++ b/src/Propellor/Git.hs
@@ -3,7 +3,10 @@ module Propellor.Git where
import Utility.Process
import Utility.Exception
import Utility.Directory
+import Utility.Misc
+import Utility.PartialPrelude
+import Data.Maybe
import Control.Applicative
import Prelude
@@ -26,3 +29,13 @@ hasOrigin = catchDefaultIO False $ do
hasGitRepo :: IO Bool
hasGitRepo = doesFileExist ".git/HEAD"
+
+type Version = [Int]
+
+gitVersion :: IO Version
+gitVersion = extract <$> readProcess "git" ["--version"]
+ where
+ extract s = case lines s of
+ [] -> []
+ (l:_) -> mapMaybe readish $ segment (== '.') $
+ unwords $ drop 2 $ words l
diff --git a/src/Propellor/Property/Sbuild.hs b/src/Propellor/Property/Sbuild.hs
index 7a27473c..b55b6e8c 100644
--- a/src/Propellor/Property/Sbuild.hs
+++ b/src/Propellor/Property/Sbuild.hs
@@ -6,52 +6,67 @@ Maintainer: Sean Whitton <spwhitton@spwhitton.name>
Build and maintain schroots for use with sbuild.
+For convenience we set up several enhancements, such as ccache and
+eatmydata. This means we have to make several assumptions:
+
+1. you want to build for a Debian release strictly newer than squeeze,
+or for a Buntish release newer than or equal to trusty
+
+2. if you want to build for Debian stretch or newer, you have sbuild
+0.70.0 or newer (there is a backport to jessie)
+
+The latter is due to the migration from GnuPG v1 to GnuPG v2.1 in
+Debian stretch, which older sbuild can't handle.
+
Suggested usage in @config.hs@:
> & Apt.installed ["piuparts", "autopkgtest"]
-> & Sbuild.builtFor (System (Debian Unstable) X86_32)
-> & Sbuild.piupartsConfFor (System (Debian Unstable) X86_32)
-> & Sbuild.updatedFor (System (Debian Unstable) X86_32) `period` Weekly 1
+> & Sbuild.builtFor (System (Debian Linux Unstable) X86_32)
+> & Sbuild.piupartsConfFor (System (Debian Linux Unstable) X86_32)
+> & Sbuild.updatedFor (System (Debian Linux Unstable) X86_32) `period` Weekly 1
> & Sbuild.usableBy (User "spwhitton")
> & Sbuild.shareAptCache
> & Schroot.overlaysInTmpfs
-In @~/.sbuildrc@:
+If you are using sbuild older than 0.70.0, you also need:
+
+> & Sbuild.keypairGenerated
+
+In @~/.sbuildrc@ (sbuild 0.71.0 or newer):
> $run_piuparts = 1;
> $piuparts_opts = [
> '--schroot',
-> 'unstable-i386-piuparts',
+> '%r-%a-piuparts',
> '--fail-if-inadequate',
> '--fail-on-broken-symlinks',
> ];
>
-> $external_commands = {
-> 'post-build-commands' => [
-> [
-> 'adt-run',
-> '--changes', '%c',
-> '---',
-> 'schroot', 'unstable-i386-sbuild;',
->
-> # if adt-run's exit code is 8 then the package had no tests but
-> # this isn't a failure, so catch it
-> 'adtexit=$?;',
-> 'if', 'test', '$adtexit', '=', '8;', 'then',
-> 'exit', '0;', 'else', 'exit', '$adtexit;', 'fi'
-> ],
-> ],
-> };
-
-We use @sbuild-createchroot(1)@ to create a chroot to the specification of
-@sbuild-setup(7)@. This differs from the approach taken by picca's Sbuild.hs,
-which uses 'Propellor.Property.Debootstrap' to construct the chroot. This is
-because we don't want to run propellor inside the chroot in order to keep the
-sbuild environment as standard as possible.
+> $run_autopkgtest = 1;
+> $autopkgtest_root_args = "";
+> $autopkgtest_opts = ["--", "schroot", "%r-%a-sbuild"];
+
+We use @sbuild-createchroot(1)@ to create a chroot to the
+specification of @sbuild-setup(7)@. This avoids running propellor
+inside the chroot to set it up. While that approach is flexible, a
+propellor spin pulls in a lot of dependencies. This could defeat
+using sbuild to determine if you've included all necessary build
+dependencies in your source package control file.
+
+Nevertheless, the chroot that @sbuild-createchroot(1)@ creates might
+not meet your needs. For example, you might need to enable an apt
+cacher. In that case you can do something like this in @config.hs@:
+
+> & Sbuild.built (System (Debian Linux Unstable) X86_32) `before` mySetup
+> where
+> mySetup = Chroot.provisioned myChroot
+> myChroot = Chroot.debootstrapped
+> Debootstrap.BuilddD "/srv/chroot/unstable-i386"
+> -- the extra configuration you need:
+> & Apt.installed ["apt-transport-https"]
-}
--- If you wanted to do it with Propellor.Property.Debootstrap, note that
--- sbuild-createchroot has a --setup-only option
+-- Also see the --setup-only option of sbuild-createchroot
module Propellor.Property.Sbuild (
-- * Creating and updating sbuild schroots
@@ -122,7 +137,6 @@ builtFor sys = go <!> deleted
built :: SbuildSchroot -> Apt.Url -> RevertableProperty DebianLike UnixLike
built s@(SbuildSchroot suite arch) mirror =
(go
- `requires` keypairGenerated
`requires` ccachePrepared
`requires` installed
`requires` overlaysKernel)
@@ -149,6 +163,8 @@ built s@(SbuildSchroot suite arch) mirror =
`before` commandPrefix
, return FailedChange
)
+ -- TODO we should kill any sessions still using the chroot
+ -- before destroying it (as suggested by sbuild-destroychroot)
deleted = check (not <$> unpopulated (schrootRoot s)) $
property ("no sbuild schroot for " ++ show s) $ do
liftIO $ removeChroot $ schrootRoot s
@@ -216,7 +232,6 @@ updated :: SbuildSchroot -> Property DebianLike
updated s@(SbuildSchroot suite arch) =
check (doesDirectoryExist (schrootRoot s)) $ go
`describe` ("updated schroot for " ++ show s)
- `requires` keypairGenerated
`requires` installed
where
go :: Property DebianLike
@@ -340,6 +355,8 @@ usableBy :: User -> Property DebianLike
usableBy u = User.hasGroup u (Group "sbuild") `requires` installed
-- | Generate the apt keys needed by sbuild
+--
+-- You only need this if you are using sbuild older than 0.70.0.
keypairGenerated :: Property DebianLike
keypairGenerated = check (not <$> doesFileExist secKeyFile) $ go
`requires` installed
@@ -365,6 +382,8 @@ secKeyFile = "/var/lib/sbuild/apt-keys/sbuild-key.sec"
-- > `onChange` Systemd.started "my-rngd-service"
--
-- Useful on throwaway build VMs.
+--
+-- You only need this if you are using sbuild older than 0.70.0.
keypairInsecurelyGenerated :: Property DebianLike
keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) go
where
diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs
index 527ad444..bce522f6 100644
--- a/src/Propellor/Property/Ssh.hs
+++ b/src/Propellor/Property/Ssh.hs
@@ -356,8 +356,8 @@ knownHostLines hosts hn = keylines <$> fromHost hosts hn getHostPubKey
modKnownHost :: User -> FilePath -> Property UnixLike -> Property UnixLike
modKnownHost user f p = p
- `requires` File.ownerGroup f user (userGroup user)
- `requires` File.ownerGroup (takeDirectory f) user (userGroup user)
+ `before` File.ownerGroup f user (userGroup user)
+ `before` File.ownerGroup (takeDirectory f) user (userGroup user)
-- | Ensures that a local user's authorized_keys contains lines allowing
-- logins from a remote user on the specified Host.