summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog8
-rw-r--r--propellor.cabal2
-rw-r--r--src/Propellor/Property/Chroot.hs22
-rw-r--r--src/Propellor/Property/DiskImage.hs5
-rw-r--r--src/Propellor/Property/Service.hs33
5 files changed, 40 insertions, 30 deletions
diff --git a/debian/changelog b/debian/changelog
index 78115eb3..f7bc48c3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,13 +1,13 @@
-propellor (4.9.1) UNRELEASED; urgency=medium
+propellor (5.0.0) UNRELEASED; urgency=medium
* Debootstrap.built now supports bootstrapping chroots for foreign
OS's, using qemu-user-static.
* Machine: New module collecting machine-specific properties for
building bootable images for ARM boards.
Tested working boards: Olimex Lime, CubieTruck, Banana Pi, SheevaPlug.
- * Service: Changed to use invoke-rc.d rather than the service command for
- starting services. This notably means that in chroots, services will
- not be started.
+ * Chroot.noServices moved to Service.noServices and its type changed.
+ (API change)
+ * Service: Avoid starting services when noServices is used.
* Add Typeable instance to OriginUrl, fixing build with old versions
of ghc.
* Added Propellor.Property.impossible
diff --git a/propellor.cabal b/propellor.cabal
index 239a00e6..9bafd2fb 100644
--- a/propellor.cabal
+++ b/propellor.cabal
@@ -1,5 +1,5 @@
Name: propellor
-Version: 4.9.0
+Version: 5.0.0
Cabal-Version: >= 1.20
License: BSD2
Maintainer: Joey Hess <id@joeyh.name>
diff --git a/src/Propellor/Property/Chroot.hs b/src/Propellor/Property/Chroot.hs
index ea8b1407..0dd1f05a 100644
--- a/src/Propellor/Property/Chroot.hs
+++ b/src/Propellor/Property/Chroot.hs
@@ -9,7 +9,6 @@ module Propellor.Property.Chroot (
ChrootBootstrapper(..),
Debootstrapped(..),
ChrootTarball(..),
- noServices,
inChroot,
exposeTrueLocaldir,
-- * Internal use
@@ -32,7 +31,6 @@ import qualified Propellor.Property.Systemd.Core as Systemd
import qualified Propellor.Property.File as File
import qualified Propellor.Shim as Shim
import Propellor.Property.Mount
-import Utility.FileMode
import Utility.Split
import qualified Data.Map as M
@@ -257,26 +255,6 @@ mungeloc = replace "/" "_"
chrootDesc :: Chroot -> String -> String
chrootDesc (Chroot loc _ _ _) desc = "chroot " ++ loc ++ " " ++ desc
--- | Adding this property to a chroot prevents daemons and other services
--- from being started, which is often something you want to prevent when
--- building a chroot.
---
--- On Debian, this is accomplished by installing a </usr/sbin/policy-rc.d>
--- script that does not let any daemons be started by packages that use
--- invoke-rc.d. Reverting the property removes the script.
---
--- This property has no effect on non-Debian systems.
-noServices :: RevertableProperty UnixLike UnixLike
-noServices = setup <!> teardown
- where
- f = "/usr/sbin/policy-rc.d"
- script = [ "#!/bin/sh", "exit 101" ]
- setup = combineProperties "no services started" $ toProps
- [ File.hasContent f script
- , File.mode f (combineModes (readModes ++ executeModes))
- ]
- teardown = File.notPresent f
-
-- | Check if propellor is currently running within a chroot.
--
-- This allows properties to check and avoid performing actions that
diff --git a/src/Propellor/Property/DiskImage.hs b/src/Propellor/Property/DiskImage.hs
index 68b34412..f0e1602e 100644
--- a/src/Propellor/Property/DiskImage.hs
+++ b/src/Propellor/Property/DiskImage.hs
@@ -24,6 +24,7 @@ import Propellor.Property.Chroot (Chroot)
import Propellor.Property.Chroot.Util (removeChroot)
import Propellor.Property.Mount
import qualified Propellor.Property.Chroot as Chroot
+import qualified Propellor.Property.Service as Service
import qualified Propellor.Property.Grub as Grub
import qualified Propellor.Property.File as File
import qualified Propellor.Property.Apt as Apt
@@ -103,7 +104,7 @@ instance DiskImage VirtualBoxPointer where
-- to avoid expensive IO to generate a new one. And, it's updated in-place,
-- so its contents are undefined during the build process.
--
--- Note that the `Chroot.noServices` property is automatically added to the
+-- Note that the `Service.noServices` property is automatically added to the
-- chroot while the disk image is being built, which should prevent any
-- daemons that are included from being started on the system that is
-- building the disk image.
@@ -185,7 +186,7 @@ imageBuilt' rebuild img mkchroot tabletype partspec =
in setContainerProps c $ containerProps c
-- Before ensuring any other properties of the chroot,
-- avoid starting services. Reverted by imageFinalized.
- &^ Chroot.noServices
+ &^ Service.noServices
& cachesCleaned
-- Only propagate privdata Info from this chroot, nothing else.
propprivdataonly (Chroot.Chroot d b ip h) =
diff --git a/src/Propellor/Property/Service.hs b/src/Propellor/Property/Service.hs
index e6a69eb5..0bcfdb93 100644
--- a/src/Propellor/Property/Service.hs
+++ b/src/Propellor/Property/Service.hs
@@ -1,6 +1,11 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+
module Propellor.Property.Service where
import Propellor.Base
+import Propellor.Types.Info
+import qualified Propellor.Property.File as File
+import Utility.FileMode
type ServiceName = String
@@ -23,5 +28,31 @@ reloaded = signaled "reload" "reloaded"
signaled :: String -> Desc -> ServiceName -> Property DebianLike
signaled cmd desc svc = tightenTargets $ p `describe` (desc ++ " " ++ svc)
where
- p = scriptProperty ["invoke-rc.d " ++ shellEscape svc ++ " " ++ cmd ++ " >/dev/null 2>&1 || true"]
+ p = scriptProperty ["service " ++ shellEscape svc ++ " " ++ cmd ++ " >/dev/null 2>&1 || true"]
`assume` NoChange
+
+-- | This property prevents daemons and other services from being started,
+-- which is often something you want to prevent when building a chroot.
+--
+-- When this is set, `running` and `restarted` will not start services.
+--
+-- On Debian this installs a </usr/sbin/policy-rc.d> script to further
+-- prevent any packages that get installed from starting daemons.
+-- Reverting the property removes the script.
+noServices :: RevertableProperty (HasInfo + UnixLike) UnixLike
+noServices = (setup `setInfoProperty` toInfo (InfoVal NoServices)) <!> teardown
+ where
+ f = "/usr/sbin/policy-rc.d"
+ script = [ "#!/bin/sh", "exit 101" ]
+ setup = combineProperties "no services started" $ toProps
+ [ File.hasContent f script
+ , File.mode f (combineModes (readModes ++ executeModes))
+ ]
+ teardown = File.notPresent f
+
+-- | Check if the noServices property is in effect.
+checkNoServices :: Propellor Bool
+checkNoServices = isJust . fromInfoVal
+ <$> (askInfo :: Propellor (InfoVal NoServices))
+
+data NoServices = NoServices deriving (Eq, Show, Typeable)