summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/automated_spins.mdwn2
-rw-r--r--doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_3_e057fae70854f7323dafa0d79b327dec._comment11
-rw-r--r--doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_4_916b6cae93e772fa0fac88676409b03a._comment8
-rw-r--r--doc/news/version_3.1.2.mdwn22
-rw-r--r--doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust.mdwn7
-rw-r--r--doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_1_8164845c93baeaaccd7b29fef5d33df8._comment9
-rw-r--r--doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_2_bff114c1d3a225b5149e8710118116af._comment9
-rw-r--r--doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_3_7ad0001a277c4d1646be9993d09a0507._comment9
-rw-r--r--doc/todo/more_sbuild_improvements.mdwn13
-rw-r--r--doc/todo/updates_for_sbuild_0.70.0-1.mdwn21
-rw-r--r--doc/todo/updates_for_sbuild_0.70.0-1/comment_1_c690617e7728887f6a32aacbff5aeeed._comment13
-rw-r--r--doc/todo/updates_for_sbuild_0.70.0-1/comment_2_a4faafb097bc35b62b47a8ea875b22cc._comment7
-rw-r--r--doc/todo/updates_for_sbuild_0.70.0-1/comment_3_058ba5f259f24814e8fd3823d3aa2b5e._comment11
13 files changed, 141 insertions, 1 deletions
diff --git a/doc/automated_spins.mdwn b/doc/automated_spins.mdwn
index 34f04683..a0535133 100644
--- a/doc/automated_spins.mdwn
+++ b/doc/automated_spins.mdwn
@@ -41,7 +41,7 @@ You can add a central git repository to your existing propellor setup easily:
it differs from the url above, by setting up a remote named "deploy":
`cd ~/.propellor/; git remote add deploy git://git.example.com/propellor.git`
-3. Add a crom job property to your hosts, which will make them periodically
+3. Add a cron job property to your hosts, which will make them periodically
check for changes that were committed to the central repository:
`Cron.runPropellor (Cron.Times "*/30 * * * *")`
diff --git a/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_3_e057fae70854f7323dafa0d79b327dec._comment b/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_3_e057fae70854f7323dafa0d79b327dec._comment
new file mode 100644
index 00000000..5da15f09
--- /dev/null
+++ b/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_3_e057fae70854f7323dafa0d79b327dec._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="weinzwang"
+ subject="Same problem with ssh.knownHost"
+ date="2016-07-24T15:47:25Z"
+ content="""
+Making a host key known to a brand new user `requires` the
+owner of a nonexistent file to be set, if I understand the
+code correctly. Removing the \"requires\"-lines from the function
+modKnownHost makes the problem go away, but that's probably not
+the correct solution.
+"""]]
diff --git a/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_4_916b6cae93e772fa0fac88676409b03a._comment b/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_4_916b6cae93e772fa0fac88676409b03a._comment
new file mode 100644
index 00000000..36a31728
--- /dev/null
+++ b/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_4_916b6cae93e772fa0fac88676409b03a._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 4"""
+ date="2016-07-24T17:35:24Z"
+ content="""
+I see it; changed it to use `before` so the file creation/modification
+comes before any chmodding.
+"""]]
diff --git a/doc/news/version_3.1.2.mdwn b/doc/news/version_3.1.2.mdwn
new file mode 100644
index 00000000..b54b396a
--- /dev/null
+++ b/doc/news/version_3.1.2.mdwn
@@ -0,0 +1,22 @@
+propellor 3.1.2 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * [ Joey Hess ]
+ * Ssh.knownHost: Bug fix: Only fix up the owner of the known\_hosts
+ file after it exists.
+ * [ Sean Whitton ]
+ * Sbuild.keypairInsecurelyGenerated: Improved to be more robust.
+ * Pass --allow-unrelated-histories to git merge when run with git 2.9 or
+ newer. This fixes the /usr/bin/propellor wrapper with this version of git.
+ * Sbuild.built & Sbuild.builtFor no longer require Sbuild.keypairGenerated.
+ Transition guide: If you are using sbuild 0.70.0 or newer, you should
+ `rm -r /var/lib/sbuild/apt-keys`. Otherwise, you should add either
+ Sbuild.keypairGenerated or Sbuild.keypairInsecurelyGenerated to your host.
+ * Sbuild haddock improvements:
+ - State that we don't support squeeze and Buntish older than trusty.
+ This is due to our enhancements, such as eatmydata.
+ - State that you need sbuild 0.70.0 or newer to build for stretch.
+ This is due to gpg2 hitting Debian stretch.
+ - Explain when a keygen is required.
+ - Update sample ~/.sbuildrc for sbuild 0.71.0.
+ - Add hint for customising chroots with propellor.
+ - Update example usage of System type."""]] \ No newline at end of file
diff --git a/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust.mdwn b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust.mdwn
new file mode 100644
index 00000000..ed8761c6
--- /dev/null
+++ b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust.mdwn
@@ -0,0 +1,7 @@
+Please consider merging branch `rngd-robust` of repo `https://git.spwhitton.name/propellor`
+
+Several changes to the `Sbuild.keypairInsecurelyGenerated` property to make it more robust. Please see comments added by the diff.
+
+> <s>done</s> ... however, that sleep 10 after killing rngd seems quite dodgy. --[[Joey]]
+
+>> final merge [[done]] --[[Joey]]
diff --git a/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_1_8164845c93baeaaccd7b29fef5d33df8._comment b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_1_8164845c93baeaaccd7b29fef5d33df8._comment
new file mode 100644
index 00000000..67e8b454
--- /dev/null
+++ b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_1_8164845c93baeaaccd7b29fef5d33df8._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ subject="comment 1"
+ date="2016-07-24T23:40:45Z"
+ content="""
+Thanks for looking at this, though looking as master you haven't actually merged my branch.
+
+I'm reluctant to build in a lot of shell scripting logic to do better than `sleep 10`. Do you think it would be worth writing a property that ensures that a process with a given pid file has been killed? Or just an action in the propellor monad?
+"""]]
diff --git a/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_2_bff114c1d3a225b5149e8710118116af._comment b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_2_bff114c1d3a225b5149e8710118116af._comment
new file mode 100644
index 00000000..904a2138
--- /dev/null
+++ b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_2_bff114c1d3a225b5149e8710118116af._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2016-07-25T00:51:44Z"
+ content="""
+(Really merged now.)
+
+A property would be good. Might could just use `start-stop-daemon`.
+"""]]
diff --git a/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_3_7ad0001a277c4d1646be9993d09a0507._comment b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_3_7ad0001a277c4d1646be9993d09a0507._comment
new file mode 100644
index 00000000..5ca3a142
--- /dev/null
+++ b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust/comment_3_7ad0001a277c4d1646be9993d09a0507._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ subject="comment 3"
+ date="2016-07-27T20:42:29Z"
+ content="""
+I just pushed a commit using `start-stop-daemon` to my `robust-rngd` branch. I decided against factoring out as a property until another use case comes up. Please consider merging my branch, and then this todo will really be done.
+
+Thanks for introducing me to a nice tool.
+"""]]
diff --git a/doc/todo/more_sbuild_improvements.mdwn b/doc/todo/more_sbuild_improvements.mdwn
new file mode 100644
index 00000000..7ae7375b
--- /dev/null
+++ b/doc/todo/more_sbuild_improvements.mdwn
@@ -0,0 +1,13 @@
+Please consider merging branch `sbuild-fixes` of repo `https://git.spwhitton.name/propellor`.
+
+User-visible changes, excerpted from changelog:
+
+ * Using ccache with Sbuild.built & Sbuild.builtFor is now toggleable: these
+ properties now take a parameter of type Sbuild.UseCcache. (API Change)
+ * Sbuild.piupartsConf: no longer takes an Apt.Url. (API Change)
+ * Sbuild.piupartsConf & Sbuild.piupartsConfFor: does nothing if corresponding
+ schroot not built.
+ Previously, these properties built the schroot if it was missing.
+ * Sbuild.built & Sbuild.piupartsConf: add an additional alias to sid chroots.
+ This is for compatibility with `dgit sbuild`.
+ * Further improvements to Sbuild.hs haddock.
diff --git a/doc/todo/updates_for_sbuild_0.70.0-1.mdwn b/doc/todo/updates_for_sbuild_0.70.0-1.mdwn
new file mode 100644
index 00000000..58659643
--- /dev/null
+++ b/doc/todo/updates_for_sbuild_0.70.0-1.mdwn
@@ -0,0 +1,21 @@
+sbuild 0.70.0-1 no longer installs gnupg into chroots on each build. That means that if you have an sbuild apt keypair generated, the build will fail unless you enter the source chroot and install gnupg.
+
+It turns out that the apt keypair is only needed if you're trying to build for squeeze or older. Otherwise, you can just use sbuild without such a keypair. So we have two options to fix Sbuild.hs:
+
+1. Install gnupg into chroots.
+
+ - This is easy for newly created chroots.
+
+ - The code to update existing chroots will be unpleasant, because we don't want to run propellor inside the sbuild chroot so that it remains standardised (that's why we create it with sbuild-createchroot).
+
+2. Drop support for building for squeeze and newer, replacing the `keypairGenerated` and `keypairInsecurelyGenerated` properties with a property that ensures that the keypair directory does not exist.
+
+ - Squeeze is very old.
+
+ - This will simplify and speed up chroot creation and builds.
+
+I'd like feedback on these two options before preparing a patch for one of them.
+
+--spwhitton
+
+> [[merged|done]] --[[Joey]]
diff --git a/doc/todo/updates_for_sbuild_0.70.0-1/comment_1_c690617e7728887f6a32aacbff5aeeed._comment b/doc/todo/updates_for_sbuild_0.70.0-1/comment_1_c690617e7728887f6a32aacbff5aeeed._comment
new file mode 100644
index 00000000..b96ba779
--- /dev/null
+++ b/doc/todo/updates_for_sbuild_0.70.0-1/comment_1_c690617e7728887f6a32aacbff5aeeed._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2016-08-20T19:03:47Z"
+ content="""
+I think it would be fine to drop wheezy support.
+
+After all, propellor doesn't support installing on wheezy systems generally
+since over a year ago. (Though these kinds of chroots used for building
+stuff might have good reasons to want such an old version.)
+
+But it's really up to you.
+"""]]
diff --git a/doc/todo/updates_for_sbuild_0.70.0-1/comment_2_a4faafb097bc35b62b47a8ea875b22cc._comment b/doc/todo/updates_for_sbuild_0.70.0-1/comment_2_a4faafb097bc35b62b47a8ea875b22cc._comment
new file mode 100644
index 00000000..f6bb1cb3
--- /dev/null
+++ b/doc/todo/updates_for_sbuild_0.70.0-1/comment_2_a4faafb097bc35b62b47a8ea875b22cc._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ subject="comment 2"
+ date="2016-08-25T04:35:50Z"
+ content="""
+Turns out that the code in Sbuild.hs fails to set up a squeeze chroot anyway. Working on a branch -- need to do some testing to make sure the documentation correctly states minimum requirements.
+"""]]
diff --git a/doc/todo/updates_for_sbuild_0.70.0-1/comment_3_058ba5f259f24814e8fd3823d3aa2b5e._comment b/doc/todo/updates_for_sbuild_0.70.0-1/comment_3_058ba5f259f24814e8fd3823d3aa2b5e._comment
new file mode 100644
index 00000000..f5a644e3
--- /dev/null
+++ b/doc/todo/updates_for_sbuild_0.70.0-1/comment_3_058ba5f259f24814e8fd3823d3aa2b5e._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ subject="comment 3"
+ date="2016-08-26T02:27:15Z"
+ content="""
+Please consider merging my `sbuild-0.71.0` branch.
+
+The only functional change is that `Sbuild.keygen{Insecurely,}Generated` are now optional.
+
+The rest of the changes are documentation. They explain precisely when you need `Sbuild.keygenGenerated`, how to deal with the gpg->gpg2 issues that have arisen recently (not this module's fault) and make clearer some situations the module was never able to deal with (e.g. building for squeeze).
+"""]]