summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog9
-rw-r--r--doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_3_e057fae70854f7323dafa0d79b327dec._comment11
-rw-r--r--doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_4_916b6cae93e772fa0fac88676409b03a._comment8
-rw-r--r--doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust.mdwn5
-rw-r--r--doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_1_8164845c93baeaaccd7b29fef5d33df8._comment9
-rw-r--r--doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_2_bff114c1d3a225b5149e8710118116af._comment9
-rw-r--r--src/Propellor/Property/Ssh.hs4
7 files changed, 53 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog
index 893498a4..74045c76 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+propellor (3.1.2) UNRELEASED; urgency=medium
+
+ * Ssh.knownHost: Bug fix: Only fix up the owner of the known_hosts
+ file after it exists.
+ * Sbuild.keypairInsecurelyGenerated: Improved to be more robust.
+ Thanks, Sean Whitton.
+
+ -- Joey Hess <id@joeyh.name> Sun, 24 Jul 2016 13:34:37 -0400
+
propellor (3.1.1) unstable; urgency=medium
* Haddock build fix.
diff --git a/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_3_e057fae70854f7323dafa0d79b327dec._comment b/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_3_e057fae70854f7323dafa0d79b327dec._comment
new file mode 100644
index 00000000..5da15f09
--- /dev/null
+++ b/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_3_e057fae70854f7323dafa0d79b327dec._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="weinzwang"
+ subject="Same problem with ssh.knownHost"
+ date="2016-07-24T15:47:25Z"
+ content="""
+Making a host key known to a brand new user `requires` the
+owner of a nonexistent file to be set, if I understand the
+code correctly. Removing the \"requires\"-lines from the function
+modKnownHost makes the problem go away, but that's probably not
+the correct solution.
+"""]]
diff --git a/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_4_916b6cae93e772fa0fac88676409b03a._comment b/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_4_916b6cae93e772fa0fac88676409b03a._comment
new file mode 100644
index 00000000..36a31728
--- /dev/null
+++ b/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_4_916b6cae93e772fa0fac88676409b03a._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 4"""
+ date="2016-07-24T17:35:24Z"
+ content="""
+I see it; changed it to use `before` so the file creation/modification
+comes before any chmodding.
+"""]]
diff --git a/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust.mdwn b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust.mdwn
new file mode 100644
index 00000000..e67cf17e
--- /dev/null
+++ b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust.mdwn
@@ -0,0 +1,5 @@
+Please consider merging branch `rngd-robust` of repo `https://git.spwhitton.name/propellor`
+
+Several changes to the `Sbuild.keypairInsecurelyGenerated` property to make it more robust. Please see comments added by the diff.
+
+> <s>done</s> ... however, that sleep 10 after killing rngd seems quite dodgy. --[[Joey]]
diff --git a/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_1_8164845c93baeaaccd7b29fef5d33df8._comment b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_1_8164845c93baeaaccd7b29fef5d33df8._comment
new file mode 100644
index 00000000..67e8b454
--- /dev/null
+++ b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_1_8164845c93baeaaccd7b29fef5d33df8._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ subject="comment 1"
+ date="2016-07-24T23:40:45Z"
+ content="""
+Thanks for looking at this, though looking as master you haven't actually merged my branch.
+
+I'm reluctant to build in a lot of shell scripting logic to do better than `sleep 10`. Do you think it would be worth writing a property that ensures that a process with a given pid file has been killed? Or just an action in the propellor monad?
+"""]]
diff --git a/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_2_bff114c1d3a225b5149e8710118116af._comment b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_2_bff114c1d3a225b5149e8710118116af._comment
new file mode 100644
index 00000000..904a2138
--- /dev/null
+++ b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_2_bff114c1d3a225b5149e8710118116af._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2016-07-25T00:51:44Z"
+ content="""
+(Really merged now.)
+
+A property would be good. Might could just use `start-stop-daemon`.
+"""]]
diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs
index 6e1690d2..0a92e42b 100644
--- a/src/Propellor/Property/Ssh.hs
+++ b/src/Propellor/Property/Ssh.hs
@@ -356,8 +356,8 @@ knownHostLines hosts hn = keylines <$> fromHost hosts hn getHostPubKey
modKnownHost :: User -> FilePath -> Property UnixLike -> Property UnixLike
modKnownHost user f p = p
- `requires` File.ownerGroup f user (userGroup user)
- `requires` File.ownerGroup (takeDirectory f) user (userGroup user)
+ `before` File.ownerGroup f user (userGroup user)
+ `before` File.ownerGroup (takeDirectory f) user (userGroup user)
-- | Ensures that a local user's authorized_keys contains lines allowing
-- logins from a remote user on the specified Host.