summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/forum/Support_writing_as_owner__63__.mdwn1
-rw-r--r--doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__.mdwn23
-rw-r--r--doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_1_609a113d809294c792d406ba72b0a1f2._comment36
-rw-r--r--doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_2_c4453a2fe31d52ce0c5e6e615f1b18b2._comment18
-rw-r--r--doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_3_e83459b7775832e3885999eb28dca045._comment21
-rw-r--r--doc/forum/noisy_imageBuilt.mdwn7
-rw-r--r--doc/forum/noisy_imageBuilt/comment_1_a6384f47cc8abffa9cf26bf4bf7215a7._comment24
-rw-r--r--doc/todo/Sbuild_support_for_Buntish.mdwn2
8 files changed, 132 insertions, 0 deletions
diff --git a/doc/forum/Support_writing_as_owner__63__.mdwn b/doc/forum/Support_writing_as_owner__63__.mdwn
new file mode 100644
index 00000000..289536ce
--- /dev/null
+++ b/doc/forum/Support_writing_as_owner__63__.mdwn
@@ -0,0 +1 @@
+I have one propellor managed system where the home directory is NFS mounted, with `root_squash` enabled. This means that Ssh.authorizedKey fails with permission problems. On the other hand, root can su to the user in question. It seems like it might be possible for propellor (maybe even desirable?) to write files as the owner, rather than using chown.
diff --git a/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__.mdwn b/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__.mdwn
new file mode 100644
index 00000000..9b684ca3
--- /dev/null
+++ b/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__.mdwn
@@ -0,0 +1,23 @@
+Hello Joey
+
+I try to use
+
+ Ssh.authorizedKey (User "com-sixs") sshKeyPubComSixs
+
+on a system where the account are available in a ldap.
+On this system the group is different from the user name
+name -> grp-name
+
+So I end up with this error message
+
+ chown: invalid group: ‘com-sixs:com-sixs’
+ sixs3.exp.synchrotron-soleil.fr com-sixs has authorized_keys ... failed
+
+so my questions are.
+
+- Is it mandatory to have a user and the identical group on a unix system ?
+- Can we add a Group parameter to the authorizedKey property ?
+
+thanks for your help
+
+Fred
diff --git a/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_1_609a113d809294c792d406ba72b0a1f2._comment b/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_1_609a113d809294c792d406ba72b0a1f2._comment
new file mode 100644
index 00000000..2014af74
--- /dev/null
+++ b/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_1_609a113d809294c792d406ba72b0a1f2._comment
@@ -0,0 +1,36 @@
+[[!comment format=mdwn
+ username="picca"
+ avatar="http://cdn.libravatar.org/avatar/7e61c80d28018b10d31f6db7dddb864c"
+ subject="comment 1"
+ date="2019-02-13T11:33:20Z"
+ content="""
+something like this
+
+ -- | Ensures that a user's authorized_keys contains a line.
+ -- Any other lines in the file are preserved as-is.
+ authorizedKey' :: User -> Group -> String -> RevertableProperty UnixLike UnixLike
+ authorizedKey' user@(User u) grp l = add <!> remove
+ where
+ add = property' (u ++ \" has authorized_keys\") $ \w -> do
+ f <- liftIO $ dotFile \"authorized_keys\" user
+ ensureProperty w $ modAuthorizedKey' f user grp $
+ f `File.containsLine` l
+ `requires` File.dirExists (takeDirectory f)
+ remove = property' (u ++ \" lacks authorized_keys\") $ \w -> do
+ f <- liftIO $ dotFile \"authorized_keys\" user
+ ifM (liftIO $ doesFileExist f)
+ ( ensureProperty w $ modAuthorizedKey' f user grp $
+ f `File.lacksLine` l
+ , return NoChange
+ )
+
+ modAuthorizedKey' :: FilePath -> User -> Group -> Property UnixLike -> Property UnixLike
+ modAuthorizedKey' f user grp p = p
+ `before` File.mode f (combineModes [ownerWriteMode, ownerReadMode])
+ `before` File.ownerGroup f user grp
+ `before` File.ownerGroup (takeDirectory f) user grp
+
+then it is trivial to rewrite the previous properties :)
+
+but I do no know if this is the right path to follow.
+"""]]
diff --git a/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_2_c4453a2fe31d52ce0c5e6e615f1b18b2._comment b/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_2_c4453a2fe31d52ce0c5e6e615f1b18b2._comment
new file mode 100644
index 00000000..1442b72a
--- /dev/null
+++ b/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_2_c4453a2fe31d52ce0c5e6e615f1b18b2._comment
@@ -0,0 +1,18 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2019-02-13T21:48:30Z"
+ content="""
+Make that into a git patch and I will merge it.
+
+However.. If you `git grep userGroup` you will find all the other places
+that propellor assumes a user-group system. Seems it would be worth fixing
+those too, especially the other ones in Ssh.
+
+Seems like another approach to it could be to make
+`userGroup`'s behavior configurable based on another Property
+of the Host that sets Info containing say, a function from `User -> Group`.
+Looks to me that would be doable, if a little bit annoying since userGroup
+would need to change from a pure function to a Propellor action in order to
+use `askInfo`.
+"""]]
diff --git a/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_3_e83459b7775832e3885999eb28dca045._comment b/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_3_e83459b7775832e3885999eb28dca045._comment
new file mode 100644
index 00000000..3a6837aa
--- /dev/null
+++ b/doc/forum/chown:_invalid_group:___8216__com-sixs:com-sixs__8217__/comment_3_e83459b7775832e3885999eb28dca045._comment
@@ -0,0 +1,21 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2019-02-17T18:07:39Z"
+ content="""
+Thinking more about a hypothetical property like
+`userGroupFunction (\User u -> Group (u ++ "-group"))`
+the idea seems problimatic because all the properties that install a
+package with a dedicated user and group would seem to need to be changed
+to support putting the user in the group configured by the property.
+
+I suppose it could be documented to be limited to non-system users and
+groups, so only User.accountFor would need to support when making users and
+groups, and Ssh.userKeyAt etc would use it to tell what group to use for a
+non-system user.
+
+Although, is Ssh.userKeyAt etc really limited to being
+used with non-system users? Perhaps User should have an additional
+SystemUser constructor to encode the distinction. Or perhaps this idea of
+mine is going in the wrong direction.
+"""]]
diff --git a/doc/forum/noisy_imageBuilt.mdwn b/doc/forum/noisy_imageBuilt.mdwn
new file mode 100644
index 00000000..99a275b7
--- /dev/null
+++ b/doc/forum/noisy_imageBuilt.mdwn
@@ -0,0 +1,7 @@
+There is a bunch of output at the last stage of imageBuilt, which ends with
+
+> 5,548,912 0% 22.61MB/s 0:00:00 (xfr#3, to-chk=0/24715)
+> loop deleted : /dev/loop0
+
+This is fine interactively, but when a propellor job fails and I get email, it includes roughly 2500 similar lines, which is not so great.
+It would be nice if it could detect being interactive, or maybe just be quiet all the time.
diff --git a/doc/forum/noisy_imageBuilt/comment_1_a6384f47cc8abffa9cf26bf4bf7215a7._comment b/doc/forum/noisy_imageBuilt/comment_1_a6384f47cc8abffa9cf26bf4bf7215a7._comment
new file mode 100644
index 00000000..5dc1f762
--- /dev/null
+++ b/doc/forum/noisy_imageBuilt/comment_1_a6384f47cc8abffa9cf26bf4bf7215a7._comment
@@ -0,0 +1,24 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2019-03-06T19:01:17Z"
+ content="""
+This output comes from Propellor.Property.Rsync.rsync because it runs
+`rsync --info=progress2`.
+
+I suppose it could check if stdout is going to a tty and only enable
+it then.
+
+However, I do have some code I wrote once that uses propellor to build a live
+disk image that runs propellor to partition and then used the rsync property to
+copy the live image to disk (followed by applying more properties to it to
+configure the system it installed). And that code caught the rsync progress
+output and used it to display some kind of graphical progress bar.
+That kind of thing would be broken by such a change.
+(That's in my secret-project repository.)
+
+I don't know of anyone using such a thing in production, so I think it would be
+ok to just have a `PROPELLOR_VERBOSEPROGRESS=1` that such code could use to
+enable verbose progress from rsync etc, and otherwise disable it when stdout is
+not a tty.
+"""]]
diff --git a/doc/todo/Sbuild_support_for_Buntish.mdwn b/doc/todo/Sbuild_support_for_Buntish.mdwn
new file mode 100644
index 00000000..03a4835e
--- /dev/null
+++ b/doc/todo/Sbuild_support_for_Buntish.mdwn
@@ -0,0 +1,2 @@
+Property.Sbuild claims to support Buntish Oses, but for me it fails in Apt.stdSourcesList, because that function currently (5.6.1) only supports
+Debian. I suppose the right solution is to extend Apt.stdSourcesList, but maybe Property.Sbuild should do it's own thing?