summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile4
l---------config.hs2
-rw-r--r--debian/changelog5
-rw-r--r--doc/forum/Adding_support_for_a_SQL_server/comment_8_2c604eb5c627c36ec68a1a7198e00710._comment18
-rw-r--r--doc/forum/Apt.backportInstalledMin___63__.mdwn1
-rw-r--r--doc/forum/Apt.backportInstalledMin___63__/comment_1_4e5e6b479e478897eea3337b9468db15._comment11
-rw-r--r--doc/forum/Make_clean_fails_in_openbsd.mdwn25
-rw-r--r--doc/forum/Make_clean_fails_in_openbsd/comment_1_27faa3850b462e8930752209f41e2c2f._comment8
-rw-r--r--doc/forum/__34__predictable__34___network_interface_names.mdwn3
-rw-r--r--doc/forum/__34__predictable__34___network_interface_names/comment_1_6bf05129a9aa5b427c0838753b5b0673._comment12
-rw-r--r--doc/forum/__34__predictable__34___network_interface_names/comment_2_25a2911fa57ea3da20f25b25d7c4406b._comment13
-rw-r--r--doc/forum/__96__Propellor.Bootstrap.cabalBuild__96___fails_in_openbsd.mdwn6
-rw-r--r--doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_3_a749abb97ebafd26bb695663b68673c5._comment8
-rw-r--r--doc/news/version_5.3.4.mdwn8
-rw-r--r--doc/news/version_5.5.0.mdwn20
-rw-r--r--doc/todo/support_for_libvirt_KVM_VMs/comment_4_dbd2c399c8ef8ac56ae06f1a701fdc45._comment19
-rw-r--r--doc/todo/support_for_libvirt_KVM_VMs/comment_5_364df45dda89ed83cf8db6fa4cbdc186._comment8
-rw-r--r--privdata/relocate1
-rw-r--r--src/Propellor/Property/Apt.hs19
-rw-r--r--src/Propellor/Property/Sudo.hs3
20 files changed, 174 insertions, 20 deletions
diff --git a/Makefile b/Makefile
index 84a92f0e..0e4b2ca3 100644
--- a/Makefile
+++ b/Makefile
@@ -30,8 +30,8 @@ install:
clean:
rm -rf dist Setup tags propellor propellor.1 privdata/local
- find -name \*.o -exec rm {} \;
- find -name \*.hi -exec rm {} \;
+ find . -name \*.o -exec rm {} \;
+ find . -name \*.hi -exec rm {} \;
# hothasktags chokes on some template haskell etc, so ignore errors
# duplicate tags with Propellor.Property. removed from the start, as we
diff --git a/config.hs b/config.hs
index 97d90636..ec313725 120000
--- a/config.hs
+++ b/config.hs
@@ -1 +1 @@
-joeyconfig.hs \ No newline at end of file
+config-simple.hs \ No newline at end of file
diff --git a/debian/changelog b/debian/changelog
index b0f7121b..b2051120 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-propellor (5.5.0) UNRELEASED; urgency=medium
+propellor (5.5.0) unstable; urgency=medium
* letsencrypt': Pass --expand to support expanding the list of domains
* Split mailname property out of Hostname.sane, since bad mailname
@@ -17,8 +17,9 @@ propellor (5.5.0) UNRELEASED; urgency=medium
* Borg: Added UsesEnvVar.
* Added DiskImage.noBootloader, useful for eg, direct booting with
qemu. Thanks, David Bremner.
+ * Added Apt.backportInstalledMin.
- -- Joey Hess <id@joeyh.name> Thu, 09 Aug 2018 10:54:41 -0400
+ -- Joey Hess <id@joeyh.name> Sat, 20 Oct 2018 21:00:27 -0400
propellor (5.4.1) unstable; urgency=medium
diff --git a/doc/forum/Adding_support_for_a_SQL_server/comment_8_2c604eb5c627c36ec68a1a7198e00710._comment b/doc/forum/Adding_support_for_a_SQL_server/comment_8_2c604eb5c627c36ec68a1a7198e00710._comment
new file mode 100644
index 00000000..0724001b
--- /dev/null
+++ b/doc/forum/Adding_support_for_a_SQL_server/comment_8_2c604eb5c627c36ec68a1a7198e00710._comment
@@ -0,0 +1,18 @@
+[[!comment format=mdwn
+ username="Nicolas.Schodet"
+ avatar="http://cdn.libravatar.org/avatar/0d7ec808ec329d04ee9a93c0da3c0089"
+ subject="comment 8"
+ date="2018-10-19T20:34:10Z"
+ content="""
+Hello,
+
+I have made a second version.
+
+About reverting `installed`, I noticed that it only removes the meta package, which is quite useless. May be I should just drop revertability on this one.
+
+The problem of installing a software just to revert a property can also be seen in `Apache.modEnabled` for exemple.
+
+Any comments are welcome.
+
+Thanks.
+"""]]
diff --git a/doc/forum/Apt.backportInstalledMin___63__.mdwn b/doc/forum/Apt.backportInstalledMin___63__.mdwn
new file mode 100644
index 00000000..64d95c72
--- /dev/null
+++ b/doc/forum/Apt.backportInstalledMin___63__.mdwn
@@ -0,0 +1 @@
+I just installed git-annex using Apt.backportInstalled on a server and was kindof of horrified by the dependendencies dragged in. I suspect much of this is probably just youtube-dl, which should be fixed soon, but anyway, shouldn't there be a way to install from backports without recommends?
diff --git a/doc/forum/Apt.backportInstalledMin___63__/comment_1_4e5e6b479e478897eea3337b9468db15._comment b/doc/forum/Apt.backportInstalledMin___63__/comment_1_4e5e6b479e478897eea3337b9468db15._comment
new file mode 100644
index 00000000..83b976d2
--- /dev/null
+++ b/doc/forum/Apt.backportInstalledMin___63__/comment_1_4e5e6b479e478897eea3337b9468db15._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-10-14T16:28:46Z"
+ content="""
+Indeed, that's the kind of improvement I will gladly
+accept any time, and should be very easy to add. So don't hesitate to add
+properties like that and send patches.
+
+(In this case I had 5 minutes so I implemented it already.)
+"""]]
diff --git a/doc/forum/Make_clean_fails_in_openbsd.mdwn b/doc/forum/Make_clean_fails_in_openbsd.mdwn
new file mode 100644
index 00000000..0f73586a
--- /dev/null
+++ b/doc/forum/Make_clean_fails_in_openbsd.mdwn
@@ -0,0 +1,25 @@
+openbsd requires specifying the path for the [`find`][0] command. So this:
+
+ find -name \*.o
+ find: unknown option -- n
+ usage: find [-dHhLXx] [-f path] path ... [expression]
+
+
+fails.
+
+This works:
+
+
+ find . -name \*.o
+ ./dist/build/Utility/Applicative.o
+ ./dist/build/Utility/PosixFiles.o
+ ./dist/build/Utility/Split.o
+ ...
+
+
+as expected.
+
+Here's a patch for it: [0001-Makefile-Update-clean.patch][1].
+
+[0]: https://man.openbsd.org/find
+[1]: https://ricketyspace.net/patch/0001-Makefile-Update-clean.patch
diff --git a/doc/forum/Make_clean_fails_in_openbsd/comment_1_27faa3850b462e8930752209f41e2c2f._comment b/doc/forum/Make_clean_fails_in_openbsd/comment_1_27faa3850b462e8930752209f41e2c2f._comment
new file mode 100644
index 00000000..c7939851
--- /dev/null
+++ b/doc/forum/Make_clean_fails_in_openbsd/comment_1_27faa3850b462e8930752209f41e2c2f._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-10-23T15:31:13Z"
+ content="""
+Thanks for the patch. The only thing you could have done better is post
+this in [[todo]].
+"""]]
diff --git a/doc/forum/__34__predictable__34___network_interface_names.mdwn b/doc/forum/__34__predictable__34___network_interface_names.mdwn
new file mode 100644
index 00000000..88b4b414
--- /dev/null
+++ b/doc/forum/__34__predictable__34___network_interface_names.mdwn
@@ -0,0 +1,3 @@
+When using propellor to install/create VM images, one naturally wants to set some kind of sane network configuration. Unfortunately the name of the network interface in the guest (or newly installed system) varies according to the hardware setup. As a concrete example, in a newly created stretch amd64 image it is ens0, while in a stretch s390x image it is enc0. I guess the Debian installer must have some way of figuring this out and creating a sane /etc/network/interfaces. Is this something that Property.DiskImage can help with, or do I need to carry per-VM configuration information? I don't mind so much the extra config info, but it's a bit annoying that I need to boot the vm to see what the network device is called.
+
+I guess the Luddite solution is to turn off interface renaming via boot options; I'm not sure that option will always be available to me, e.g. when deploying images on someone else's host.
diff --git a/doc/forum/__34__predictable__34___network_interface_names/comment_1_6bf05129a9aa5b427c0838753b5b0673._comment b/doc/forum/__34__predictable__34___network_interface_names/comment_1_6bf05129a9aa5b427c0838753b5b0673._comment
new file mode 100644
index 00000000..c3e4e663
--- /dev/null
+++ b/doc/forum/__34__predictable__34___network_interface_names/comment_1_6bf05129a9aa5b427c0838753b5b0673._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-10-14T16:18:37Z"
+ content="""
+I don't think this is specific to disk image creation, you just need a
+property that arranges whatever configuration will lead to the names you
+want.
+
+You may be looking for /lib/systemd/network/99-default.link which can be
+masked to get the kernel's traditional names.
+"""]]
diff --git a/doc/forum/__34__predictable__34___network_interface_names/comment_2_25a2911fa57ea3da20f25b25d7c4406b._comment b/doc/forum/__34__predictable__34___network_interface_names/comment_2_25a2911fa57ea3da20f25b25d7c4406b._comment
new file mode 100644
index 00000000..e284c8f1
--- /dev/null
+++ b/doc/forum/__34__predictable__34___network_interface_names/comment_2_25a2911fa57ea3da20f25b25d7c4406b._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="needs update-initramfs"
+ date="2018-10-14T21:03:28Z"
+ content="""
+I guess that's a more productive line of thinking, I wouldn't expect these vm's to have more than one network interface. One gotcha that took a bit to figure out is that the masking needs update-initramfs to be seen at boot. The following seems to be working for me:
+
+[[!format haskell \"\"\"
+& File.hasContent \"/etc/systemd/network/99-default.link\" []
+ `onChange` ( Cmd.cmdProperty \"update-initramfs\" [\"-u\"] `changesFile` \"/initrd.img\" )
+\"\"\"]]
+"""]]
diff --git a/doc/forum/__96__Propellor.Bootstrap.cabalBuild__96___fails_in_openbsd.mdwn b/doc/forum/__96__Propellor.Bootstrap.cabalBuild__96___fails_in_openbsd.mdwn
new file mode 100644
index 00000000..c66bbc23
--- /dev/null
+++ b/doc/forum/__96__Propellor.Bootstrap.cabalBuild__96___fails_in_openbsd.mdwn
@@ -0,0 +1,6 @@
+The `-a` option is unfortunately [not available in openbsd's version][1] of the `cp` command.
+
+Here's a patch for it [0001-src-Update-Propellor.Bootstrap.cabalBuild.patch][2].
+
+[1]: https://man.openbsd.org/cp
+[2]: https://ricketyspace.net/patch/0001-src-Update-Propellor.Bootstrap.cabalBuild.patch
diff --git a/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_3_a749abb97ebafd26bb695663b68673c5._comment b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_3_a749abb97ebafd26bb695663b68673c5._comment
new file mode 100644
index 00000000..f4448ddf
--- /dev/null
+++ b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_3_a749abb97ebafd26bb695663b68673c5._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="maybe some equivalent of CryptPassword"
+ date="2018-10-16T11:51:23Z"
+ content="""
+Storing plaintext luks passwords on disk doesn't sound great for most applications, but I wonder if the encrypted form could be stored in privdata. Something using e.g. \"cryptsetup luksDump\" or \"cryptsetup luksHeaderBackup\". I have no idea how practical it is to generate such data without being logged into the machine in question.
+"""]]
diff --git a/doc/news/version_5.3.4.mdwn b/doc/news/version_5.3.4.mdwn
deleted file mode 100644
index 09358138..00000000
--- a/doc/news/version_5.3.4.mdwn
+++ /dev/null
@@ -1,8 +0,0 @@
-propellor 5.3.4 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
- * Apt.trustsKey: Use apt-key to add key rather than manually driving gpg,
- which seems to not work anymore.
- Thanks, Russell Sim.
- * Firewall: Reorder iptables parameters that are order
- dependant to make --to-dest and --to-source work.
- Thanks, Russell Sim"""]] \ No newline at end of file
diff --git a/doc/news/version_5.5.0.mdwn b/doc/news/version_5.5.0.mdwn
new file mode 100644
index 00000000..360a5314
--- /dev/null
+++ b/doc/news/version_5.5.0.mdwn
@@ -0,0 +1,20 @@
+propellor 5.5.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * letsencrypt': Pass --expand to support expanding the list of domains
+ * Split mailname property out of Hostname.sane, since bad mailname
+ guesses can lead to ugly surprises. (API change)
+ * Removed HostingProvider.CloudatCost module as it lacks a maintainer.
+ (If anyone would like to maintain it, send a patch adding it back.)
+ (API change)
+ * Added Systemd.escapePath helper function useful when creating mount
+ units.
+ * Added Sudo.sudoersDFile property.
+ * Sudo.enabledFor: Write to /etc/sudoers.d/000users rather than to
+ /etc/sudoers. (Any old lines it wrote to /etc/sudoers will be removed.)
+ This fixes a potential ordering problem; the property used to append
+ the line to /etc/sudoers, but that would override more specific lines
+ in the include directory.
+ * Borg: Added UsesEnvVar.
+ * Added DiskImage.noBootloader, useful for eg, direct booting with
+ qemu. Thanks, David Bremner.
+ * Added Apt.backportInstalledMin."""]] \ No newline at end of file
diff --git a/doc/todo/support_for_libvirt_KVM_VMs/comment_4_dbd2c399c8ef8ac56ae06f1a701fdc45._comment b/doc/todo/support_for_libvirt_KVM_VMs/comment_4_dbd2c399c8ef8ac56ae06f1a701fdc45._comment
new file mode 100644
index 00000000..8ce06a1c
--- /dev/null
+++ b/doc/todo/support_for_libvirt_KVM_VMs/comment_4_dbd2c399c8ef8ac56ae06f1a701fdc45._comment
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 4"""
+ date="2018-10-14T01:10:16Z"
+ content="""
+I do think that the conditional property would be a good way for this to
+work.
+
+I think there could also be VMs where you don't want the overhead of
+running propellor inside the VM (especially if the emulation is slow, or
+you don't want to allocate that much memory to the VM, or just have a lot
+of VMs), and the content is disposable. Then propellor could restart the VM
+when it changes the disk image.
+
+There's room for multiple ways to do it..
+
+The disk image building side of this looks easy to me, so if you do the libvirt
+stuff, Sean, I might contribute something. :)
+"""]]
diff --git a/doc/todo/support_for_libvirt_KVM_VMs/comment_5_364df45dda89ed83cf8db6fa4cbdc186._comment b/doc/todo/support_for_libvirt_KVM_VMs/comment_5_364df45dda89ed83cf8db6fa4cbdc186._comment
new file mode 100644
index 00000000..5062ed5d
--- /dev/null
+++ b/doc/todo/support_for_libvirt_KVM_VMs/comment_5_364df45dda89ed83cf8db6fa4cbdc186._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="insufficient magic"
+ date="2018-10-14T11:12:36Z"
+ content="""
+right, changing the backing image would probably break everything.
+"""]]
diff --git a/privdata/relocate b/privdata/relocate
deleted file mode 100644
index 271692d8..00000000
--- a/privdata/relocate
+++ /dev/null
@@ -1 +0,0 @@
-.joeyconfig
diff --git a/src/Propellor/Property/Apt.hs b/src/Propellor/Property/Apt.hs
index 064221f9..6d7fc4d6 100644
--- a/src/Propellor/Property/Apt.hs
+++ b/src/Propellor/Property/Apt.hs
@@ -241,6 +241,10 @@ type Package = String
installed :: [Package] -> Property DebianLike
installed = installed' ["-y"]
+-- | Minimal install of package, without recommends.
+installedMin :: [Package] -> Property DebianLike
+installedMin = installed' ["--no-install-recommends", "-y"]
+
installed' :: [String] -> [Package] -> Property DebianLike
installed' params ps = robustly $ check (not <$> isInstalled' ps) go
`describe` unwords ("apt installed":ps)
@@ -253,20 +257,23 @@ installed' params ps = robustly $ check (not <$> isInstalled' ps) go
-- dependencies from stable-backports too, you will need to include those
-- dependencies in the list of packages passed to this function.
backportInstalled :: [Package] -> Property Debian
-backportInstalled ps = withOS desc $ \w o -> case o of
+backportInstalled = backportInstalled' ["-y"]
+
+-- | Minimal install from the stable-backports suite, without recommends.
+backportInstalledMin :: [Package] -> Property Debian
+backportInstalledMin = backportInstalled' ["--no-install-recommends", "-y"]
+
+backportInstalled' :: [String] -> [Package] -> Property Debian
+backportInstalled' params ps = withOS desc $ \w o -> case o of
(Just (System (Debian _ suite) _)) -> case backportSuite suite of
Nothing -> unsupportedOS'
Just bs -> ensureProperty w $
- runApt (["install", "-y"] ++ ((++ '/':bs) <$> ps))
+ runApt (("install":params) ++ ((++ '/':bs) <$> ps))
`changesFile` dpkgStatus
_ -> unsupportedOS'
where
desc = unwords ("apt installed backport":ps)
--- | Minimal install of package, without recommends.
-installedMin :: [Package] -> Property DebianLike
-installedMin = installed' ["--no-install-recommends", "-y"]
-
removed :: [Package] -> Property DebianLike
removed ps = check (any (== IsInstalled) <$> getInstallStatus ps)
(runApt (["-y", "remove"] ++ ps))
diff --git a/src/Propellor/Property/Sudo.hs b/src/Propellor/Property/Sudo.hs
index 12660aa9..ad577439 100644
--- a/src/Propellor/Property/Sudo.hs
+++ b/src/Propellor/Property/Sudo.hs
@@ -18,6 +18,8 @@ import Propellor.Property.User
--
-- If the main sudoers file contains a conflicting line for
-- the user for ALL commands, the line will be removed.
+--
+-- Also ensures that the main sudoers file includes /etc/sudoers.d/
enabledFor :: User -> RevertableProperty DebianLike DebianLike
enabledFor user@(User u) = setup `requires` Apt.installed ["sudo"] <!> cleanup
where
@@ -25,6 +27,7 @@ enabledFor user@(User u) = setup `requires` Apt.installed ["sudo"] <!> cleanup
setup = property' desc $ \w -> do
locked <- liftIO $ isLockedPassword user
ensureProperty w $ combineProperties desc $ props
+ & containsLine sudoers "#includedir /etc/sudoers.d"
& fileProperty desc
(modify locked . filter (wanted locked))
dfile