summaryrefslogtreecommitdiff
path: root/doc/forum
diff options
context:
space:
mode:
Diffstat (limited to 'doc/forum')
-rw-r--r--doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_3_6f6485b10beb3e371c6f5371a9a9c2c4._comment10
-rw-r--r--doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_4_75a0a229527a7c0c1633b4bd8e461607._comment27
-rw-r--r--doc/forum/Adding_support_for_a_SQL_server/comment_4_22895a34904df9023fcdac0b3937a7c5._comment16
-rw-r--r--doc/forum/Adding_support_for_a_SQL_server/comment_5_10eb776b64b213ca8f8166aacfba9a4d._comment8
-rw-r--r--doc/forum/Adding_support_for_a_SQL_server/comment_6_8ebb3d150b06c086d8ad45b9d994877f._comment41
-rw-r--r--doc/forum/Adding_support_for_a_SQL_server/comment_7_054a8fa511b28ba6a299e3dfd9ed4dd6._comment10
-rw-r--r--doc/forum/__35__propellor_on_irc.oftc.net.mdwn2
-rw-r--r--doc/forum/__35__propellor_on_irc.oftc.net/comment_1_6e9595651c19d98353254f0914b685e1._comment9
-rw-r--r--doc/forum/bind_mounting_in_Sbuild_chroots.mdwn2
-rw-r--r--doc/forum/bind_mounting_in_Sbuild_chroots/comment_1_0f41fc776bb0d595af239f087e5a1d35._comment12
-rw-r--r--doc/forum/can__39__t_get_Apt.trustsKey_to_work/comment_2_d5d1611896fa72bda22e5406285ade2e._comment9
-rw-r--r--doc/forum/can__39__t_get_Apt.trustsKey_to_work/comment_3_1aa2a2c87eab63305143768575c2f0d9._comment15
-rw-r--r--doc/forum/configuring_texlive_papersize.mdwn1
-rw-r--r--doc/forum/configuring_texlive_papersize/comment_1_e4c1bd36c3739d4dd9bf7316c9021a14._comment20
-rw-r--r--doc/forum/installing_small_binary_files.mdwn1
-rw-r--r--doc/forum/installing_small_binary_files/comment_1_7537a56c67658ad47460a3b80690ecfd._comment8
-rw-r--r--doc/forum/integration_with_gitolite.mdwn2
-rw-r--r--doc/forum/integration_with_gitolite/comment_1_b2989bbf9e980ceebf2f4cccd4d379e1._comment11
-rw-r--r--doc/forum/integration_with_gitolite/comment_2_42d3e861e2044479523609ff7b339f6b._comment29
-rw-r--r--doc/forum/integration_with_gitolite/comment_3_394a42544ad97e30a8e28ed10de7cd3c._comment8
-rw-r--r--doc/forum/integration_with_gitolite/comment_4_448d79859b2b35e1731adfaa460aa844._comment33
-rw-r--r--doc/forum/integration_with_gitolite/comment_5_1e71a38b32148228b94c7429e721685f._comment15
-rw-r--r--doc/forum/integration_with_gitolite/comment_6_232d8ab023d060d7d9c000e4c6783ef8._comment8
-rw-r--r--doc/forum/making_sure_a_package_is_at_the_latest_version.mdwn13
-rw-r--r--doc/forum/making_sure_a_package_is_at_the_latest_version/comment_1_6a73c8b0de1999f05af184bf63ad014a._comment8
-rw-r--r--doc/forum/making_sure_a_package_is_at_the_latest_version/comment_2_7a911c68e4c81031c98dbefce730ade8._comment8
-rw-r--r--doc/forum/making_sure_a_package_is_at_the_latest_version/comment_3_48fe0419c259c9555b6349c3221a80a0._comment10
-rw-r--r--doc/forum/support_for_non-bootable_disk_images.mdwn59
-rw-r--r--doc/forum/support_for_non-bootable_disk_images/comment_1_94727e8ddf14f868225b99c83fbf406d._comment65
-rw-r--r--doc/forum/support_for_non-bootable_disk_images/comment_2_cced7ce2491cf440ee1d576b75ab4539._comment10
-rw-r--r--doc/forum/support_for_non-bootable_disk_images/comment_3_8dd7f3dd8c80fda70233e395da2204b2._comment33
31 files changed, 503 insertions, 0 deletions
diff --git a/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_3_6f6485b10beb3e371c6f5371a9a9c2c4._comment b/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_3_6f6485b10beb3e371c6f5371a9a9c2c4._comment
new file mode 100644
index 00000000..6b32f1bb
--- /dev/null
+++ b/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_3_6f6485b10beb3e371c6f5371a9a9c2c4._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="david@1439a1cab13195a56248b6a8fd98a62028bcba8a"
+ nickname="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="Still biting me"
+ date="2018-08-23T20:32:18Z"
+ content="""
+I have a similar problem with inaccessible central repo. This crash is still biting me when spinning from a Debian stable (stretch) host to itself.
+I could potentially make the central repo accessible via adding a key, but I think the pull is too early in the process for that work out. Any other ideas? Can I just turn off this pull for some hosts?
+"""]]
diff --git a/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_4_75a0a229527a7c0c1633b4bd8e461607._comment b/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_4_75a0a229527a7c0c1633b4bd8e461607._comment
new file mode 100644
index 00000000..e60cd5bb
--- /dev/null
+++ b/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_4_75a0a229527a7c0c1633b4bd8e461607._comment
@@ -0,0 +1,27 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="pulling from a central repo via ssh"
+ date="2018-08-25T18:50:39Z"
+ content="""
+I ended up updating to a more recent propellor for other reasons, but here's my hack to have propellor fetch over ssh:
+[[!format haskell \"\"\"
+rootSsh :: Property (HasInfo + UnixLike)
+rootSsh = propertyList \"ssh setup for root\" $ props
+ & Ssh.userKeyAt (Just keypath) (User \"root\") (Context \"propellor\") (SshRsa, Tethera.Keys.propellor_deploy_ssh)
+ & Ssh.knownHost hosts \"gitolite.tethera.net\" (User \"root\")
+ & File.containsBlock configpath [ \"Host propellor-deploy\"
+ , \" Hostname gitolite.tethera.net\"
+ , \" User git\"
+ , \" IdentityFile ~/.ssh/propellor_deploy\"
+ ]
+ where
+ keypath = \"/root/.ssh/propellor_deploy\"
+ configpath = \"/root/.ssh/config\"
+\"\"\"]]
+
+Propellor is used to initially deply a passwordless role key that can be used to pull from the central repo.
+One thing that surprised me a bit is that Ssh.userKeyAt expects an absolute path, or a path relative to /usr/local/propellor.
+
+
+"""]]
diff --git a/doc/forum/Adding_support_for_a_SQL_server/comment_4_22895a34904df9023fcdac0b3937a7c5._comment b/doc/forum/Adding_support_for_a_SQL_server/comment_4_22895a34904df9023fcdac0b3937a7c5._comment
new file mode 100644
index 00000000..786da77a
--- /dev/null
+++ b/doc/forum/Adding_support_for_a_SQL_server/comment_4_22895a34904df9023fcdac0b3937a7c5._comment
@@ -0,0 +1,16 @@
+[[!comment format=mdwn
+ username="Nicolas.Schodet"
+ avatar="http://cdn.libravatar.org/avatar/0d7ec808ec329d04ee9a93c0da3c0089"
+ subject="comment 4"
+ date="2018-08-30T21:14:32Z"
+ content="""
+Hello,
+
+I have made a first version to support MySQL databases and users for classic web applications.
+
+You can pull the mysql branch at http://git.ni.fr.eu.org/nicolas/propellor.git
+
+Can you have a look? I find userGrantedOnDatabase.setup' a little hard to read. Is it OK, or do you see a clearer way to write it?
+
+Thanks!
+"""]]
diff --git a/doc/forum/Adding_support_for_a_SQL_server/comment_5_10eb776b64b213ca8f8166aacfba9a4d._comment b/doc/forum/Adding_support_for_a_SQL_server/comment_5_10eb776b64b213ca8f8166aacfba9a4d._comment
new file mode 100644
index 00000000..df119fe7
--- /dev/null
+++ b/doc/forum/Adding_support_for_a_SQL_server/comment_5_10eb776b64b213ca8f8166aacfba9a4d._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="Nicolas.Schodet"
+ avatar="http://cdn.libravatar.org/avatar/0d7ec808ec329d04ee9a93c0da3c0089"
+ subject="comment 5"
+ date="2018-08-31T20:53:01Z"
+ content="""
+Also added a function to grant global privileges, useful for a backup user.
+"""]]
diff --git a/doc/forum/Adding_support_for_a_SQL_server/comment_6_8ebb3d150b06c086d8ad45b9d994877f._comment b/doc/forum/Adding_support_for_a_SQL_server/comment_6_8ebb3d150b06c086d8ad45b9d994877f._comment
new file mode 100644
index 00000000..bd924fed
--- /dev/null
+++ b/doc/forum/Adding_support_for_a_SQL_server/comment_6_8ebb3d150b06c086d8ad45b9d994877f._comment
@@ -0,0 +1,41 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 6"""
+ date="2018-09-17T17:21:52Z"
+ content="""
+Some review, sorry it took me so long to take a look at it..
+
+It's not clear to me how to construct a `Database`;
+what is the `String` inside it? The path? A database name?
+What makes for a legal or illegal database name?
+(May be more obvious to people who use mysql than to me.)
+
+Looks like `Show Privilege` is being used to generate configuration.
+I dislike using `Show` for that, because it precludes it being used with
+Read, and is generally unclear that the strings in show need to be
+formatted exactly as they are.
+
+You could simplify allPrivileges using `Enum`,
+with `[minBound..maxBound]`.
+
+Reverting `databaseExists` and also reverting `installed`
+leads to the package being installed and then removed repeatedly.
+Perhaps `databaseExists` could avoid doing anything when the
+server has already been removed.
+
+Some of the SQL construction doesn't seem entirely safe with quoting.
+While there's no security problem with it, it may have a correctness
+problem..
+
+... In `userGrantedOnDatabase` when it creates the privLevel
+it looks like it doesn't escape the dbname at all,
+and I guess this means it doesn't need to be escaped, or
+can't contain back quotes.
+
+... In `userGranted'` the quser is delimited by single quotes,
+but it's actually valid to have a `User` with a single quote in their name,
+and many of the Klingons out there probably depend on that.
+
+... In `hashPassword` it looks like the password is also assumed to not
+contain single quotes.
+"""]]
diff --git a/doc/forum/Adding_support_for_a_SQL_server/comment_7_054a8fa511b28ba6a299e3dfd9ed4dd6._comment b/doc/forum/Adding_support_for_a_SQL_server/comment_7_054a8fa511b28ba6a299e3dfd9ed4dd6._comment
new file mode 100644
index 00000000..ca5cf43d
--- /dev/null
+++ b/doc/forum/Adding_support_for_a_SQL_server/comment_7_054a8fa511b28ba6a299e3dfd9ed4dd6._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="Nicolas.Schodet"
+ avatar="http://cdn.libravatar.org/avatar/0d7ec808ec329d04ee9a93c0da3c0089"
+ subject="comment 7"
+ date="2018-09-17T21:57:48Z"
+ content="""
+Database is a database name.
+
+I will make the change as soon as I have some time, thanks for the review!
+"""]]
diff --git a/doc/forum/__35__propellor_on_irc.oftc.net.mdwn b/doc/forum/__35__propellor_on_irc.oftc.net.mdwn
new file mode 100644
index 00000000..9f644611
--- /dev/null
+++ b/doc/forum/__35__propellor_on_irc.oftc.net.mdwn
@@ -0,0 +1,2 @@
+This might be wildly optimistic, but I registered the IRC channel #propellor on irc.oftc.net. I have no strong opinions on irc networks, but #git-annex is already there. Please join so you can answer my questions ;).
+
diff --git a/doc/forum/__35__propellor_on_irc.oftc.net/comment_1_6e9595651c19d98353254f0914b685e1._comment b/doc/forum/__35__propellor_on_irc.oftc.net/comment_1_6e9595651c19d98353254f0914b685e1._comment
new file mode 100644
index 00000000..187004c7
--- /dev/null
+++ b/doc/forum/__35__propellor_on_irc.oftc.net/comment_1_6e9595651c19d98353254f0914b685e1._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-10-13T21:36:16Z"
+ content="""
++1 user for initiative ;)
+
+Although I will not want to help with any big type errors on irc ;)
+"""]]
diff --git a/doc/forum/bind_mounting_in_Sbuild_chroots.mdwn b/doc/forum/bind_mounting_in_Sbuild_chroots.mdwn
new file mode 100644
index 00000000..f2fb8e11
--- /dev/null
+++ b/doc/forum/bind_mounting_in_Sbuild_chroots.mdwn
@@ -0,0 +1,2 @@
+I typically bind mount some user writable directory into an Sbuild chroot, so that I can e.g. access in a git repo or package to install.
+Is there a clean way to do this with propellor's Sbuild module, or is the intent maintain a seperate container / chroot of some kind for interactive debugging?
diff --git a/doc/forum/bind_mounting_in_Sbuild_chroots/comment_1_0f41fc776bb0d595af239f087e5a1d35._comment b/doc/forum/bind_mounting_in_Sbuild_chroots/comment_1_0f41fc776bb0d595af239f087e5a1d35._comment
new file mode 100644
index 00000000..71927311
--- /dev/null
+++ b/doc/forum/bind_mounting_in_Sbuild_chroots/comment_1_0f41fc776bb0d595af239f087e5a1d35._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 1"
+ date="2018-09-08T16:54:24Z"
+ content="""
+You could use
+
+ & File.containsLine \"/etc/schroot/sbuild/fstab\" \"...\"
+
+but yes, I think it's cleaner to use the sbuild chroots only for building, and for interactive use some other chroot.
+"""]]
diff --git a/doc/forum/can__39__t_get_Apt.trustsKey_to_work/comment_2_d5d1611896fa72bda22e5406285ade2e._comment b/doc/forum/can__39__t_get_Apt.trustsKey_to_work/comment_2_d5d1611896fa72bda22e5406285ade2e._comment
new file mode 100644
index 00000000..90151369
--- /dev/null
+++ b/doc/forum/can__39__t_get_Apt.trustsKey_to_work/comment_2_d5d1611896fa72bda22e5406285ade2e._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject=" GPG keybox database version 1"
+ date="2018-08-24T00:29:50Z"
+ content="""
+I have propellor 5.3.6 running on debian testing. If I spin to the testing host, trustsKey works fine. On stretch I get at 'GPG keybox database version 1' installed. I guess on stretch it's still building propellor from the old sources? In any case, gpg doesn't know what do do with that keybox file (i.e. gpg < file craps out). Weird but true. In any case this breaks apt-key on that host, which is unfortunate. I guess I'll try overriding the trustsKey function in my config.hs
+
+"""]]
diff --git a/doc/forum/can__39__t_get_Apt.trustsKey_to_work/comment_3_1aa2a2c87eab63305143768575c2f0d9._comment b/doc/forum/can__39__t_get_Apt.trustsKey_to_work/comment_3_1aa2a2c87eab63305143768575c2f0d9._comment
new file mode 100644
index 00000000..f76ac16c
--- /dev/null
+++ b/doc/forum/can__39__t_get_Apt.trustsKey_to_work/comment_3_1aa2a2c87eab63305143768575c2f0d9._comment
@@ -0,0 +1,15 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2018-08-26T14:34:18Z"
+ content="""
+@david, you might need to edit your config.cabal and specify a newer
+propellor version, although cabal usually picks the most recent version of
+a dependency. Propellor got the patch from this page in version 5.3.4.
+
+Anyway, I don't think the version of propellor matters, the error message
+you quote is related to
+<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844724>.
+I think that the apt key you're using has been generated on a newer system
+and won't work with older gpg.
+"""]]
diff --git a/doc/forum/configuring_texlive_papersize.mdwn b/doc/forum/configuring_texlive_papersize.mdwn
new file mode 100644
index 00000000..1890887d
--- /dev/null
+++ b/doc/forum/configuring_texlive_papersize.mdwn
@@ -0,0 +1 @@
+I just observed that installing texlive via propellor means I have A4 paper chose as a default. Which is all very good from an ideological point of view, but it means I can't submit this grant application ;). Is it worth having a propellor property that runs paperconfig?
diff --git a/doc/forum/configuring_texlive_papersize/comment_1_e4c1bd36c3739d4dd9bf7316c9021a14._comment b/doc/forum/configuring_texlive_papersize/comment_1_e4c1bd36c3739d4dd9bf7316c9021a14._comment
new file mode 100644
index 00000000..ac85d2b3
--- /dev/null
+++ b/doc/forum/configuring_texlive_papersize/comment_1_e4c1bd36c3739d4dd9bf7316c9021a14._comment
@@ -0,0 +1,20 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 1"
+ date="2018-09-18T22:17:07Z"
+ content="""
+I have this (the laptop is otherwise en_GB):
+
+ -- iris is in the US
+ & \"en_US.UTF-8\" `Locale.selectedFor`
+ [ \"LC_PAPER\"
+ , \"LC_ADDRESS\"
+ , \"LC_MONETARY\"
+ , \"LC_TELEPHONE\"
+ , \"LC_TIME\"
+ ]
+ & \"/etc/papersize\" `File.hasContent` [\"letter\"]
+ `onChange` Apt.reConfigure \"libpaper1\" []
+
+"""]]
diff --git a/doc/forum/installing_small_binary_files.mdwn b/doc/forum/installing_small_binary_files.mdwn
new file mode 100644
index 00000000..080f49a1
--- /dev/null
+++ b/doc/forum/installing_small_binary_files.mdwn
@@ -0,0 +1 @@
+I need to install a small firmware file (it's actually free software, but I need it to boot the emulator I could build it with). I could of course make a debian package and put that package in a repo, but that seems like a lot of fuss for a 32k file. OTOH, I'm a bit loathe to use PrivData for this. Anyone care to either suggest a better way, or convince me it's fine to store firmware in PrivData?
diff --git a/doc/forum/installing_small_binary_files/comment_1_7537a56c67658ad47460a3b80690ecfd._comment b/doc/forum/installing_small_binary_files/comment_1_7537a56c67658ad47460a3b80690ecfd._comment
new file mode 100644
index 00000000..95a11dae
--- /dev/null
+++ b/doc/forum/installing_small_binary_files/comment_1_7537a56c67658ad47460a3b80690ecfd._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="In this case I really should make a package"
+ date="2018-10-04T10:19:35Z"
+ content="""
+After some reflection I realized that have propellor drop things in /usr/share/qemu is just going to make me sad in the long run. I still think the general question is potentially useful, but I guess it's a bit hypothetical at this point.
+"""]]
diff --git a/doc/forum/integration_with_gitolite.mdwn b/doc/forum/integration_with_gitolite.mdwn
new file mode 100644
index 00000000..956d35c3
--- /dev/null
+++ b/doc/forum/integration_with_gitolite.mdwn
@@ -0,0 +1,2 @@
+Does anyone have any experience with integrating propellor and gitolite? I'd be happy with just ssh pubkey management.
+There seem to be two main options. The typical way of managing a gitolite site is by pushing a special git repository "gitolite-admin". There are also a script called [ukm](http://gitolite.com/gitolite/ukm.html). I'm not sure what will be the least hassle. Currently I have to manually commit and push various keys (including the keys needed for access to the propellor repos). Part of the problem could be solved by making the propellor repos available anonymously, but I still have my own ssh key(s) to manage.
diff --git a/doc/forum/integration_with_gitolite/comment_1_b2989bbf9e980ceebf2f4cccd4d379e1._comment b/doc/forum/integration_with_gitolite/comment_1_b2989bbf9e980ceebf2f4cccd4d379e1._comment
new file mode 100644
index 00000000..2432b063
--- /dev/null
+++ b/doc/forum/integration_with_gitolite/comment_1_b2989bbf9e980ceebf2f4cccd4d379e1._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="david@1439a1cab13195a56248b6a8fd98a62028bcba8a"
+ nickname="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="&quot;For people who use puppet and similar systems&quot;"
+ date="2018-08-23T01:46:30Z"
+ content="""
+Probably the sane way is to [not use the gitolite-admin repo](http://gitolite.com/gitolite/odds-and-ends/#administering-gitolite-directly-on-the-server). Aside from being unfamiliar, that means I have to deal with a bunch small config files (say 50 - 100) in propellor. So far I'm not loving the idea of converting them all to Haskell, even with a script. But maybe I'll come around to it.
+
+
+"""]]
diff --git a/doc/forum/integration_with_gitolite/comment_2_42d3e861e2044479523609ff7b339f6b._comment b/doc/forum/integration_with_gitolite/comment_2_42d3e861e2044479523609ff7b339f6b._comment
new file mode 100644
index 00000000..ab7cc893
--- /dev/null
+++ b/doc/forum/integration_with_gitolite/comment_2_42d3e861e2044479523609ff7b339f6b._comment
@@ -0,0 +1,29 @@
+[[!comment format=mdwn
+ username="david@1439a1cab13195a56248b6a8fd98a62028bcba8a"
+ nickname="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="first attempt"
+ date="2018-08-23T13:36:52Z"
+ content="""
+Here's my first attempt, so you can snicker at my clumsy Haskell.
+
+<pre>
+gitoliteKeys :: User -> Property UnixLike
+gitoliteKeys user@(User username) = property' (\"set up gitolite keys for \" ++ username) $ \w -> do
+ home <- liftIO (User.homedir user)
+ ensureProperty w $ go home
+ where
+ go :: FilePath -> Property UnixLike
+ go home = File.hasContent (home </> \".gitolite/keydir/zzz/propellor\" </> \"bremner@propellor.pub\")
+ [ Tethera.Keys.bremner_ssh ]
+ `before`
+ (Cmd.userScriptProperty user [ \"gitolite compile\", \"gitolite trigger POST_COMPILE\" ]
+ `changesFile` (home </> \"gitolite/.ssh/authorized_keys\"))
+</pre>
+
+
+I think the next step is something like
+<pre>
+Directory.hasContent :: FilePath -> [ (FilePath, [Line]) ] -> Property UnixLike
+</pre>
+"""]]
diff --git a/doc/forum/integration_with_gitolite/comment_3_394a42544ad97e30a8e28ed10de7cd3c._comment b/doc/forum/integration_with_gitolite/comment_3_394a42544ad97e30a8e28ed10de7cd3c._comment
new file mode 100644
index 00000000..1cab310c
--- /dev/null
+++ b/doc/forum/integration_with_gitolite/comment_3_394a42544ad97e30a8e28ed10de7cd3c._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 3"
+ date="2018-08-23T19:59:13Z"
+ content="""
+It's not a proper module, but my gitolite setup is here: https://git.spwhitton.name/propellor/tree/src/Propellor/Property/SiteSpecific/SPW/Sites.hs#n200
+"""]]
diff --git a/doc/forum/integration_with_gitolite/comment_4_448d79859b2b35e1731adfaa460aa844._comment b/doc/forum/integration_with_gitolite/comment_4_448d79859b2b35e1731adfaa460aa844._comment
new file mode 100644
index 00000000..2aaacf0b
--- /dev/null
+++ b/doc/forum/integration_with_gitolite/comment_4_448d79859b2b35e1731adfaa460aa844._comment
@@ -0,0 +1,33 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="version 2"
+ date="2018-08-25T17:25:03Z"
+ content="""
+I didn't see how you were handling keys, Sean. Did I miss something obvious or are you handling them outside propellor?
+
+Anyway, here's my second version
+[[!format haskell \"\"\"
+gitoliteKeys :: User -> [(FilePath, String)] -> Property UnixLike
+gitoliteKeys user@(User username) keys = property' (\"set up gitolite keys for \" ++ username) $ \w -> do
+ home <- liftIO (User.homedir user)
+ ensureProperty w $ go home
+ where
+ go :: FilePath -> Property UnixLike
+ go home = installKeys keys
+ `onChange` recompile
+ `requires` File.dirExists keydir
+ where
+ keydir = home </> \".gitolite/keydir/zzz/propellor\"
+ recompile = Cmd.userScriptProperty user [ \"gitolite trigger POST_COMPILE\" ]
+ `changesFile` (home </> \"gitolite/.ssh/authorized_keys\")
+ installKeys :: [(FilePath, String)] -> Property UnixLike
+ installKeys [] = doNothing
+ installKeys ((path, content):rest) = File.hasContent (keydir </> path ++ \".pub\") [content]
+ `before` installKeys rest
+\"\"\"]]
+
+I spent a while talking to the gitolite author, and managed to write something more optimal than \"gitolite trigger POST_COMPILE\", but then I realized that
+had my username hardcoded into it. So it takes about 1s longer to run, but is more robust this way.
+
+"""]]
diff --git a/doc/forum/integration_with_gitolite/comment_5_1e71a38b32148228b94c7429e721685f._comment b/doc/forum/integration_with_gitolite/comment_5_1e71a38b32148228b94c7429e721685f._comment
new file mode 100644
index 00000000..8a1e6473
--- /dev/null
+++ b/doc/forum/integration_with_gitolite/comment_5_1e71a38b32148228b94c7429e721685f._comment
@@ -0,0 +1,15 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 5"
+ date="2018-08-26T17:14:20Z"
+ content="""
+It's these lines:
+
+ -- make my SSH key available to gitolite
+ & File.hasContent \"/srv/git/.gitolite/keydir/spwhitton.pub\"
+ [SPW.mySSHKey]
+ `onChange` (userScriptProperty (User \"git\")
+ [\"gitolite compile\", \"gitolite trigger POST_COMPILE\"]
+ `assume` MadeChange)
+"""]]
diff --git a/doc/forum/integration_with_gitolite/comment_6_232d8ab023d060d7d9c000e4c6783ef8._comment b/doc/forum/integration_with_gitolite/comment_6_232d8ab023d060d7d9c000e4c6783ef8._comment
new file mode 100644
index 00000000..80130d5b
--- /dev/null
+++ b/doc/forum/integration_with_gitolite/comment_6_232d8ab023d060d7d9c000e4c6783ef8._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="OIC"
+ date="2018-08-27T14:14:09Z"
+ content="""
+Oh, I see now we are doing essentially the same thing. For those of you following along at home, mine is using that cryptic path because for the key because I am using both gitolite's native key handling and propellor to install keys.
+"""]]
diff --git a/doc/forum/making_sure_a_package_is_at_the_latest_version.mdwn b/doc/forum/making_sure_a_package_is_at_the_latest_version.mdwn
new file mode 100644
index 00000000..5eff9424
--- /dev/null
+++ b/doc/forum/making_sure_a_package_is_at_the_latest_version.mdwn
@@ -0,0 +1,13 @@
+The following property sets up my wacky outbound mail setup.
+<pre>
+smtpLeaf :: Property (HasInfo + DebianLike)
+smtpLeaf = propertyList "smtp leaf node" $ props
+ & Apt.installed["nullmailer", "bsd-mailx"]
+ & File.hasPrivContent "/etc/nullmailer/remotes" anyContext
+ & tetheraApt
+ & Apt.installed ["nullmailer-extras"] & Apt.update & Apt.upgrade
+ & Ssh.userKeys (User "mail") anyContext [ (SshRsa, Tethera.Keys.mail_ssh) ]
+ & Ssh.knownHost hosts "smtp.tethera.net" (User "mail")
+</pre>
+
+The "Apt.update & Apt.upgrade" is there because nullmailer-extras is kindof a work in progress and I need to make sure that when I add a new version to the private apt repo it's drawing from, that get's installed. It works but it seems a bit slow, and more importantly upgrading everything is kindof a heavy side effect (which might even break things), in order to update this one package. Is there a better way to do this? Don't assume I know anything, I started using propellor 2 days ago...
diff --git a/doc/forum/making_sure_a_package_is_at_the_latest_version/comment_1_6a73c8b0de1999f05af184bf63ad014a._comment b/doc/forum/making_sure_a_package_is_at_the_latest_version/comment_1_6a73c8b0de1999f05af184bf63ad014a._comment
new file mode 100644
index 00000000..98fb61eb
--- /dev/null
+++ b/doc/forum/making_sure_a_package_is_at_the_latest_version/comment_1_6a73c8b0de1999f05af184bf63ad014a._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 1"
+ date="2018-08-24T23:12:17Z"
+ content="""
+The existing properties cannot do what you want. You are going to need to write a new one. Simplest implementation would be something that calls `apt-get install foo=1.2.3`.
+"""]]
diff --git a/doc/forum/making_sure_a_package_is_at_the_latest_version/comment_2_7a911c68e4c81031c98dbefce730ade8._comment b/doc/forum/making_sure_a_package_is_at_the_latest_version/comment_2_7a911c68e4c81031c98dbefce730ade8._comment
new file mode 100644
index 00000000..8e74d21f
--- /dev/null
+++ b/doc/forum/making_sure_a_package_is_at_the_latest_version/comment_2_7a911c68e4c81031c98dbefce730ade8._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="just needs Apt.update?"
+ date="2018-08-25T13:04:50Z"
+ content="""
+Thinking about this a bit more, it should be enough to require Apt.update once per host, then rely on Apt.installed to do the right thing. I'll have to test this next time I roll out a new version. In theory I could run apt.update for a single source, but that seems to be tricky on the apt level.
+"""]]
diff --git a/doc/forum/making_sure_a_package_is_at_the_latest_version/comment_3_48fe0419c259c9555b6349c3221a80a0._comment b/doc/forum/making_sure_a_package_is_at_the_latest_version/comment_3_48fe0419c259c9555b6349c3221a80a0._comment
new file mode 100644
index 00000000..ae45baec
--- /dev/null
+++ b/doc/forum/making_sure_a_package_is_at_the_latest_version/comment_3_48fe0419c259c9555b6349c3221a80a0._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2018-08-26T15:14:50Z"
+ content="""
+One approach would be to have a property like spwhitton suggests,
+and use it with the `Apt.robustly` combinator. That way, when you update
+the config to specify a new package version, and apt fails to install it,
+propellor will run apt update and then retry the install.
+"""]]
diff --git a/doc/forum/support_for_non-bootable_disk_images.mdwn b/doc/forum/support_for_non-bootable_disk_images.mdwn
new file mode 100644
index 00000000..1c62c599
--- /dev/null
+++ b/doc/forum/support_for_non-bootable_disk_images.mdwn
@@ -0,0 +1,59 @@
+qemu-system-s390x has the apparent quirk that it can only boot via something like
+
+ `qemu-system-s390x -kernel kernel.debian -initrd initrd.debian -m 512 -nographic --drive file=rootimage.img,format=raw,if=none,id=c1`
+
+This means I think what I want to do is something like the following
+
+[[!format haskell """
+ & imageBuilt (RawDiskImage "/srv/vm/bricklin.img") bricklinChroot
+ MSDOS
+ [ partition EXT4 `mountedAt` "/"
+ `addFreeSpace` MegaBytes 100
+ `mountOpt` errorReadonly
+ , swapPartition (MegaBytes 256)
+ ]
+ where
+ bricklinChroot d = debootstrapped mempty d $ props
+ & osDebian (Stable "stretch") S390X
+ & Apt.installed [ "linux-image-s390x" ]
+"""]]
+
+This seems to build the image OK (see end of post), but propellor fails because the image is not bootable (the image contents might need adjustment as well, but first things first).
+I'm not sure what this style of booting is called, but I see people providing "cloud images" meant to be used this way, with separate initrd and and kernel. Is it sensible to customize imageBuilt for this purpose, or would it be better write my own `nonBootableImageBuilt` or something like that?
+
+
+[[!format text """
+/srv/vm/bricklin.img.chroot apt installed linux-image-s390x ... done
+/srv/vm/bricklin.img.chroot cache cleaned ... ok
+creating /srv/vm/bricklin.img of size 1.02 gigabytes
+Reading package lists...
+Building dependency tree...
+Reading state information...
+The following packages were automatically installed and are no longer required:
+[snip]
+Use 'apt autoremove' to remove them.
+The following NEW packages will be installed:
+ kpartx
+0 upgraded, 1 newly installed, 0 to remove and 5 not upgraded.
+Need to get 33.8 kB of archives.
+After this operation, 76.8 kB of additional disk space will be used.
+Get:1 http://deb.debian.org/debian stretch/main amd64 kpartx amd64 0.6.4-5 [33.8 kB]
+Fetched 33.8 kB in 0s (118 kB/s)
+ Selecting previously unselected package kpartx.
+(Reading database ... 238863 files and directories currently installed.)
+Preparing to unpack .../kpartx_0.6.4-5_amd64.deb ...
+Unpacking kpartx (0.6.4-5) ...
+Setting up kpartx (0.6.4-5) ...
+Processing triggers for man-db (2.7.6.1-2) ...
+Setting up swapspace version 1, size = 248 MiB (260042752 bytes)
+no label, UUID=65c5b131-98bf-4b8c-afad-9c75405c6391
+loop deleted : /dev/loop0
+ 433,093,140 99% 220.62MB/s 0:00:01 (xfr#11289, to-chk=0/14615)
+** warning: image is not bootable: no bootloader is installed
+loop deleted : /dev/loop0
+concave.cs.unb.ca built disk image /srv/vm/bricklin.img ... failed
+concave.cs.unb.ca s390x server image (bricklin) ... failed
+concave.cs.unb.ca overall ... failed
+"""]]
+
+
diff --git a/doc/forum/support_for_non-bootable_disk_images/comment_1_94727e8ddf14f868225b99c83fbf406d._comment b/doc/forum/support_for_non-bootable_disk_images/comment_1_94727e8ddf14f868225b99c83fbf406d._comment
new file mode 100644
index 00000000..b4ade339
--- /dev/null
+++ b/doc/forum/support_for_non-bootable_disk_images/comment_1_94727e8ddf14f868225b99c83fbf406d._comment
@@ -0,0 +1,65 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="Initial attempt at a patch"
+ date="2018-10-08T12:48:38Z"
+ content="""
+Here is a simple approach, that at least allows the image building to complete. I also managed to boot one of the images on AMD64. Probably it needs more testing, and I'm sure there are style and naming issues.
+[[!format text \"\"\"
+diff --git a/src/Propellor/Property/DirectBoot.hs b/src/Propellor/Property/DirectBoot.hs
+new file mode 100644
+index 00000000..4807471e
+--- /dev/null
++++ b/src/Propellor/Property/DirectBoot.hs
+@@ -0,0 +1,7 @@
++module Propellor.Property.DirectBoot(installed) where
++
++import Propellor.Base
++import Propellor.Types.Bootloader
++
++installed :: Property (HasInfo + UnixLike)
++installed = pureInfoProperty \"direct boot\" [DirectBoot]
+diff --git a/src/Propellor/Property/DiskImage.hs b/src/Propellor/Property/DiskImage.hs
+index 289de151..a41af18c 100644
+--- a/src/Propellor/Property/DiskImage.hs
++++ b/src/Propellor/Property/DiskImage.hs
+@@ -228,6 +228,7 @@ imageBuilt' rebuild img mkchroot tabletype partspec =
+ ubootFlashKernelFinalized p
+ [FlashKernelInstalled, UbootInstalled p] ->
+ ubootFlashKernelFinalized p
++ [DirectBoot] -> directBootFinalized
+ _ -> unbootable \"multiple bootloaders are installed; don't know which to use\"
+
+ -- | This property is automatically added to the chroot when building a
+@@ -469,6 +470,9 @@ grubFinalized grubtarget _img mnt loopdevs =
+ ubootFinalized :: (FilePath -> FilePath -> Property Linux) -> Finalization
+ ubootFinalized p (RawDiskImage img) mnt _loopdevs = p img mnt
+
++directBootFinalized :: Finalization
++directBootFinalized _img _mnt _loopDevs = doNothing
++
+ flashKernelFinalized :: Finalization
+ flashKernelFinalized _img mnt _loopdevs = FlashKernel.flashKernelMounted mnt
+
+diff --git a/src/Propellor/Types/Bootloader.hs b/src/Propellor/Types/Bootloader.hs
+index 65117bd2..cdb37a31 100644
+--- a/src/Propellor/Types/Bootloader.hs
++++ b/src/Propellor/Types/Bootloader.hs
+@@ -10,6 +10,7 @@ data BootloaderInstalled
+ = GrubInstalled GrubTarget
+ | FlashKernelInstalled
+ | UbootInstalled (FilePath -> FilePath -> Property Linux)
++ | DirectBoot
+ deriving (Typeable)
+
+ -- | Platforms that grub can boot.
+@@ -19,6 +20,7 @@ instance Show BootloaderInstalled where
+ show (GrubInstalled _) = \"GrubInstalled\"
+ show FlashKernelInstalled = \"FlashKernelInstalled\"
+ show (UbootInstalled _) = \"UbootInstalled\"
++ show DirectBoot = \"DirectBoot\"
+
+ instance IsInfo [BootloaderInstalled] where
+ propagateInfo _ = PropagateInfo False
+\"\"\"]]
+"""]]
diff --git a/doc/forum/support_for_non-bootable_disk_images/comment_2_cced7ce2491cf440ee1d576b75ab4539._comment b/doc/forum/support_for_non-bootable_disk_images/comment_2_cced7ce2491cf440ee1d576b75ab4539._comment
new file mode 100644
index 00000000..51cad6ff
--- /dev/null
+++ b/doc/forum/support_for_non-bootable_disk_images/comment_2_cced7ce2491cf440ee1d576b75ab4539._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="As commits"
+ date="2018-10-08T13:03:06Z"
+ content="""
+I pushed the changes to
+
+https://salsa.debian.org/bremner/propellor/commits/proposed/direct-boot
+"""]]
diff --git a/doc/forum/support_for_non-bootable_disk_images/comment_3_8dd7f3dd8c80fda70233e395da2204b2._comment b/doc/forum/support_for_non-bootable_disk_images/comment_3_8dd7f3dd8c80fda70233e395da2204b2._comment
new file mode 100644
index 00000000..d1761e51
--- /dev/null
+++ b/doc/forum/support_for_non-bootable_disk_images/comment_3_8dd7f3dd8c80fda70233e395da2204b2._comment
@@ -0,0 +1,33 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2018-10-13T21:41:25Z"
+ content="""
+Code^Wwhitespace review:
+
+* I noticed some places were using spaces for indentation;
+ please use tabs in propellor.
+* In "module Propellor.Property.DirectBoot(installed)'
+ there should be a space after the name of the module.
+* Needs comments explaining what properties are for.
+
+Naming ideas: Basically this is using qemu as the bootloader, rather than
+going through an (emulated) BIOS to start a bootloader. So I'm thinking
+names like QemuBootloader or NoBootloader, or NoBIOS. Don't want to
+bikeshed this too hard, it would be ok to keep the DirectBoot name, but
+I think Propellor.Property.DirectBoot at least needs a comment explaining what it's
+for, it would be confusing for a propellor user to stumble across that
+module without context.
+
+Your idea to copy the kernel and initrd out of the image so qemu can use
+them seems to point toward having a Property that gets one of these images
+booted up using qemu. And then the QemuBootloader name would make a lot of
+sense, because it would allow for later expansion to other emulators. Not
+that you have to build such a thing, but it's worth considering that someone
+may later want to.
+
+(In fact I could use such a thing, but I don't know how I'd want it to
+work. Should propellor only use the chroot for initial image build, and
+then ssh into the booted VM and run propellor in there when there are
+config updates? Or restart the VM when the image is changed?)
+"""]]