summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/documentation.mdwn5
-rw-r--r--doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file.mdwn34
-rw-r--r--doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_1_932ba6f4e444c99d8d561149d17c8fe7._comment30
-rw-r--r--doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_2_5323336b92d9aef5a9021b924029f3af._comment38
-rw-r--r--doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_3_531c2c5e78fb5c62e54d84231b129dc8._comment11
-rw-r--r--doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_4_54281604c588a7229f9d987e8cdee802._comment16
-rw-r--r--doc/forum/Experimental_propellor_augeas_intergration_+_workflow_concenrs.mdwn3
-rw-r--r--doc/forum/Experimental_propellor_augeas_intergration_+_workflow_concenrs/comment_1_ae5bb6438981259673e07b7185367b43._comment12
-rw-r--r--doc/forum/Multiple_propellor_repos.mdwn1
-rw-r--r--doc/forum/Multiple_propellor_repos/comment_1_7e67945e0243553b664805825a839490._comment8
-rw-r--r--doc/forum/Propellor_2.5.0_does_not_build_out_of_the_box_on_newly_installed_ubuntu.mdwn37
-rw-r--r--doc/forum/Propellor_2.5.0_does_not_build_out_of_the_box_on_newly_installed_ubuntu/comment_1_67f017b92670759083b73a4536183dbc._comment10
-rw-r--r--doc/forum/Propellor_2.5.0_does_not_build_out_of_the_box_on_newly_installed_ubuntu/comment_2_08aa3d15e6fa9b3fb4c07fc992da4ab0._comment8
-rw-r--r--doc/forum/Propellor_without_superuser_privileges.mdwn3
-rw-r--r--doc/forum/Propellor_without_superuser_privileges/comment_1_021ecbb1b8bd7e26776b49ec75e90d0c._comment26
-rw-r--r--doc/forum/Supported_OS.mdwn5
-rw-r--r--doc/forum/Supported_OS/comment_1_f324bed708305e2667bd00f80544dd90._comment23
-rw-r--r--doc/forum/can_not_build_debian_package.mdwn25
-rw-r--r--doc/forum/can_not_build_debian_package/comment_1_8e4c2850f0494b761803c87cafe5b249._comment9
-rw-r--r--doc/forum/delete_a_field__63__.mdwn1
-rw-r--r--doc/forum/delete_a_field__63__/comment_1_157b488bf3e360570bd847d750ab0063._comment7
-rw-r--r--doc/forum/gitpush_problem.mdwn68
-rw-r--r--doc/forum/gitpush_problem/comment_1_ba6fb30ea2e2759776351408a3a69b44._comment13
-rw-r--r--doc/forum/gitpush_problem/comment_2_342b7657b964e836840a78b85a09749b._comment8
-rw-r--r--doc/forum/gitpush_problem/comment_3_419baa6f1738200b1368566a2e136d36._comment22
-rw-r--r--doc/forum/gitpush_problem/comment_4_3843d9b82431f175f9194159a73a1fc9._comment13
-rw-r--r--doc/forum/gitpush_problem/comment_5_4075a141f6345267ade09f6c793dc2c8._comment33
-rw-r--r--doc/forum/gitpush_problem/comment_6_464257a98e09dfe17e515242ae819fab._comment11
-rw-r--r--doc/forum/gitpush_problem/comment_7_1cfed50e43cc4ec816999f4f1de79762._comment10
-rw-r--r--doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac.mdwn12
-rw-r--r--doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_1_69d7c8fb1d62300456575bb10e935d69._comment10
-rw-r--r--doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_2_da30b2621493e48ceabcfa5732dbcdf8._comment19
-rw-r--r--doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_3_bd76d169af2ef2f154ad1f0f64506661._comment11
-rw-r--r--doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_4_a6a49d35ee8a05abc982049b55d0397c._comment11
-rw-r--r--doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_5_7783b8a96c8032a39ff3b5b446a976ed._comment7
-rw-r--r--doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn1
-rw-r--r--doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment10
-rw-r--r--doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__.mdwn177
-rw-r--r--doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_1_8959a79735aa3fa13ee37e57eb5a92e1._comment14
-rw-r--r--doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_2_f07c33b4a14cdc0b78695de49875c9b5._comment52
-rw-r--r--doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_3_06c63446531f56e4c93f64f6bcfba2b1._comment25
-rw-r--r--doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_4_f52f30380b4fe58292fcf0ef368efbb1._comment44
-rw-r--r--doc/forum/parsing_a_config_file.mdwn11
-rw-r--r--doc/forum/parsing_a_config_file/comment_1_8e97fb2e39c1a91bcab75e57ddc8b519._comment12
-rw-r--r--doc/forum/parsing_a_config_file/comment_2_9b364647b1da4c8db0116115e5c67b18._comment13
-rw-r--r--doc/forum/passing_host_address_dynamically_to_propellor.mdwn2
-rw-r--r--doc/forum/passing_host_address_dynamically_to_propellor/comment_1_1c5d5b59f2325a2f4e06d09a9900007f._comment25
-rw-r--r--doc/forum/passing_host_address_dynamically_to_propellor/comment_2_b9041877dfc6e6bfb63a014492a2d1d1._comment18
-rw-r--r--doc/forum/passing_host_address_dynamically_to_propellor/comment_3_49d6408ee7618ccb88a537e519f95b27._comment11
-rw-r--r--doc/forum/passing_host_address_dynamically_to_propellor/comment_4_1f208acbe17e25a2b25e1615146d7a0a._comment9
-rw-r--r--doc/forum/passing_host_address_dynamically_to_propellor/comment_5_cd61e6fb0d5694575edb95728f0c8370._comment23
-rw-r--r--doc/forum/propellor_with_no_central_repository__63__.mdwn1
-rw-r--r--doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment7
-rw-r--r--doc/forum/propellor_with_no_central_repository__63__/comment_2_0f035bb4bb5cc13574394505f28abe5e._comment9
-rw-r--r--doc/forum/property_combinator_ordering.mdwn8
-rw-r--r--doc/forum/property_combinator_ordering/comment_1_0ea2186b5cfa7eadaf38ac2e97fc4a2c._comment31
-rw-r--r--doc/forum/running_propellor_as_a_library.mdwn4
-rw-r--r--doc/forum/running_propellor_as_a_library/comment_1_a7b8279508cd68e8cfbba238178a7643._comment49
-rw-r--r--doc/forum/running_propellor_as_a_library/comment_2_1174504655ffaf7ebc507e915cc26c84._comment7
-rw-r--r--doc/forum/running_propellor_as_a_library/comment_3_3e3961587228eb030ff8f704c71b00a5._comment8
-rw-r--r--doc/forum/running_propellor_as_a_library/comment_4_c5ec270ca7cb1b6ae66cd7b9dc4e4aac._comment11
-rw-r--r--doc/forum/trying_to_--spin_to_a_sid+experimental_machine.mdwn290
-rw-r--r--doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_1_df7ac45d7e576e8d73a8665521dbd6e0._comment29
-rw-r--r--doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_2_8600d257d92f786f2fcf0d4934f727d5._comment17
-rw-r--r--doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_3_f1ca62944fe0303db6f1dc0916e8c967._comment13
-rw-r--r--doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_4_d0d946df7455d079af9bc331da6fac55._comment16
-rw-r--r--doc/haskell_newbie.mdwn3
-rw-r--r--doc/news/propellor_demo.mdwn8
-rw-r--r--doc/news/version_2.4.0.mdwn13
-rw-r--r--doc/news/version_2.5.0.mdwn28
-rw-r--r--doc/news/version_2.6.0.mdwn10
-rw-r--r--doc/news/version_2.7.0.mdwn13
-rw-r--r--doc/news/version_2.7.1.mdwn5
-rw-r--r--doc/security.mdwn2
-rw-r--r--doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment10
-rw-r--r--doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment8
-rw-r--r--doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment17
-rw-r--r--doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment22
-rw-r--r--doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment13
-rw-r--r--doc/security/comment_6_e5f2fdced08fb823efed35684110a840._comment11
-rw-r--r--doc/security/comment_7_ebbb6f3617c879715a35900a07ea1909._comment8
-rw-r--r--doc/todo/Bug_in_Property.Ssh.authorizedKey.mdwn8
-rw-r--r--doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties.mdwn25
-rw-r--r--doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_1_c8240ba3abf5cf458eba8ed7e31eaccf._comment25
-rw-r--r--doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_2_9303138a3be2fb639498737afe60b87d._comment11
-rw-r--r--doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_3_92c583f883fae2b447c1598356efade2._comment41
-rw-r--r--doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_4_2049a1ce601ba77f4139f844d0fd91b2._comment13
-rw-r--r--doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_5_4caff287eb767d481bb7ef87e62c508b._comment10
-rw-r--r--doc/todo/HostingProvider_for_AWS.mdwn1
-rw-r--r--doc/todo/HostingProvider_for_AWS/comment_1_9db50a3f4fef8e10261e3e29dbd90e73._comment22
-rw-r--r--doc/todo/Manage_DNS_with_Route53.mdwn1
-rw-r--r--doc/todo/Manage_DNS_with_Route53/comment_1_dfa93678644b72781afda4fdc9d0da31._comment21
-rw-r--r--doc/todo/Manage_DNS_with_Route53/comment_2_a6c1ace47d5387d0b1559266ca124525._comment8
-rw-r--r--doc/todo/Manage_DNS_with_Route53/comment_3_a521a1b875526d8b65e76f11ed367a36._comment8
-rw-r--r--doc/todo/Propellor.Property.Ssh:_it_should_be_possible_to_call_permitRootLogin_with___34__forced-commands-only__34___and___34__without-password__34__.mdwn5
-rw-r--r--doc/todo/Push_2.4.0_to_Hackage.mdwn4
-rw-r--r--doc/todo/Wishlist:_User.hasLoginShell.mdwn9
-rw-r--r--doc/todo/Wishlist:_User.hasLoginShell/comment_1_c02e8783b91c3c0326bf1b317be4694f._comment59
-rw-r--r--doc/todo/bytes_in_privData__63__.mdwn17
-rw-r--r--doc/todo/bytes_in_privData__63__/comment_1_42c107179b091f74ef55aff1fc240c5e._comment19
-rw-r--r--doc/todo/bytes_in_privData__63__/comment_2_60f577b476adc6ee1e4f18e11843df90._comment7
-rw-r--r--doc/todo/bytes_in_privData__63__/comment_3_55f34128de77b7947d32fac71071e033._comment7
-rw-r--r--doc/todo/bytes_in_privData__63__/comment_4_f34a8f82c7bce7224e4edc59410c741f._comment19
-rw-r--r--doc/todo/bytes_in_privData__63__/comment_5_f4db6ffad054feb7eb299708fcd7d05c._comment15
-rw-r--r--doc/todo/bytes_in_privData__63__/comment_6_545e1c26a042b9f8347496a1bfb61548._comment48
-rw-r--r--doc/todo/detect_and_use___96__GHC__95__PACKAGE__95__PATH__96__.mdwn9
-rw-r--r--doc/todo/detect_and_use___96__GHC__95__PACKAGE__95__PATH__96__/comment_1_892385793c38976d0c446906dd004772._comment10
-rw-r--r--doc/todo/docker_todo_list.mdwn2
-rw-r--r--doc/todo/editor_for_privdata__63__.mdwn4
-rw-r--r--doc/todo/editor_for_privdata__63__/comment_2_4fcbdf36f32ca7cf82593a8992167aff._comment9
-rw-r--r--doc/todo/etckeeper.mdwn1
-rw-r--r--doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment9
-rw-r--r--doc/todo/fail_if_modification_not_commited_when_using_--spin.mdwn3
-rw-r--r--doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_1_7267d62ccc8db44bccb935836536e8a1._comment30
-rw-r--r--doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_2_e4d170a14d689bef5d9174b251a4fe6f._comment7
-rw-r--r--doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_3_c69eaa9c6ae5b07b5c2dd2591de965a3._comment19
-rw-r--r--doc/todo/git_push_over_propellor_ssh_channel.mdwn13
-rw-r--r--doc/todo/info_propigation_out_of_nested_properties.mdwn109
-rw-r--r--doc/todo/issue_after_upgrading_shared_library.mdwn25
-rw-r--r--doc/todo/issue_after_upgrading_shared_library/comment_1_8d9144d57871cb5d234710d1ab1b7183._comment20
-rw-r--r--doc/todo/issue_after_upgrading_shared_library/comment_2_01a3d5e006158302e12862cacee3327e._comment7
-rw-r--r--doc/todo/issue_after_upgrading_shared_library/comment_2_6025ec35330fbac220f2888e60be1e78._comment17
-rw-r--r--doc/todo/lxc_containers_support.mdwn1
-rw-r--r--doc/todo/missing_dependencies.mdwn39
-rw-r--r--doc/todo/missing_dependencies/comment_1_826a75052e87c04489aa07c3d322a54f._comment15
-rw-r--r--doc/todo/onChange_failure_handling.mdwn41
-rw-r--r--doc/todo/port_info_for_properties_for_firewall.mdwn24
-rw-r--r--doc/todo/publish_propellor_as_library_to_hackage.mdwn4
-rw-r--r--doc/todo/publish_propellor_as_library_to_hackage/comment_1_00a865bf7977c0e49f54a365f4b60ce8._comment27
-rw-r--r--doc/todo/publish_propellor_as_library_to_hackage/comment_2_29cc276929020e68eae8ae04110a3f5f._comment17
-rw-r--r--doc/todo/publish_propellor_as_library_to_hackage/comment_3_efbe0ef77be957c37e745ec64452ae99._comment10
-rw-r--r--doc/todo/publish_propellor_as_library_to_hackage/comment_4_6ebf2e30596ddf6eba91717576837019._comment8
-rw-r--r--doc/todo/publish_propellor_as_library_to_hackage/comment_5_4a4e94c637e0380adc1a43ec3d0633e1._comment8
-rw-r--r--doc/todo/publish_propellor_as_library_to_hackage/comment_6_19470170c3ef461f446b0af1d8501640._comment8
-rw-r--r--doc/todo/spin_and_ipv6_addresses.mdwn1
-rw-r--r--doc/todo/ssh__95__user_+_sudo/comment_4_7fc635a8d6e4c903eaefa7383d2c37ac._comment8
-rw-r--r--doc/todo/type_level_port_conflict_detection.mdwn5
-rw-r--r--doc/writing_properties.mdwn82
138 files changed, 2643 insertions, 30 deletions
diff --git a/doc/documentation.mdwn b/doc/documentation.mdwn
index 340eb09f..99f61c04 100644
--- a/doc/documentation.mdwn
+++ b/doc/documentation.mdwn
@@ -1,14 +1,15 @@
The [API documentation](http://hackage.haskell.org/package/propellor) of
-Propellor's modules is the most important docuemntation of propellor.
+Propellor's modules is the most important documentation of propellor.
Other documentation:
* [[man page|usage]]
* [[Haskell Newbie]]
+* [[Writing Properties]]
* [[Centralized Git Repository]]
* [[Components]]
* [[Contributing]]
* [[Interface Stability]]
-* [[Coding Stye]]
+* [[Coding Style]]
* [[Security]]
* [[Debugging]]
diff --git a/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file.mdwn b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file.mdwn
new file mode 100644
index 00000000..b678d8d0
--- /dev/null
+++ b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file.mdwn
@@ -0,0 +1,34 @@
+Hello,
+
+Still working on the reprepro property :)
+
+Here A property that I am using to publish a repository via apache (this is a prototype)
+
+ website :: String -> Property
+ website hn = toProp $ Apache.siteEnabled hn apachecfg
+ where
+ apachecfg = [ "<VirtualHost *>"
+ , "DocumentRoot " ++ basePath
+ , "<Directory " ++ basePath ++ ">"
+ , " Options Indexes FollowSymLinks Multiviews"
+ , " Order allow,deny"
+ , Apache.allowAll
+ , "</Directory>"
+ ] ++ concatMap deny ["db", "conf", "incoming"]
+ ++ ["</VirtualHost>"]
+
+ deny dir = [ "<Directory \"" ++ basePath ++ "apt/*/" ++ dir ++ "\">"
+ , " Order deny,allow"
+ , " Deny from all"
+ , "</Directory>"
+ ]
+
+during my test I am runing the config.hs with
+runhaskell config.hs (it work the first time, the apache config files are ok)
+
+but when I do a modification on the apachecfg and rerun the runhaskell,
+the config files are not updated. I need to remove them to have an updated version.
+
+cheers
+
+Fred
diff --git a/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_1_932ba6f4e444c99d8d561149d17c8fe7._comment b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_1_932ba6f4e444c99d8d561149d17c8fe7._comment
new file mode 100644
index 00000000..0101ccb2
--- /dev/null
+++ b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_1_932ba6f4e444c99d8d561149d17c8fe7._comment
@@ -0,0 +1,30 @@
+[[!comment format=mdwn
+ username="picca"
+ subject="first run"
+ date="2014-12-08T09:31:46Z"
+ content="""
+root@mordor:~/propellor/src# PROPELLOR_DEBUG=1 runhaskell config.hs
+[2014-12-08 10:27:10 CET] read: hostname [\"-f\"]
+[2014-12-08 10:27:10 CET] command line: Run \"mordor\"
+[2014-12-08 10:27:10 CET] read: git [\"remote\"]
+[2014-12-08 10:27:10 CET] read: git [\"symbolic-ref\",\"--short\",\"HEAD\"]
+[2014-12-08 10:27:10 CET] call: git [\"fetch\"]
+Pull from central git repository ... done
+[2014-12-08 10:27:12 CET] read: git [\"show-ref\",\"--hash\",\"master\"]
+[2014-12-08 10:27:12 CET] read: git [\"show-ref\",\"--hash\",\"master\"]
+mordor has Operating System (Debian Unstable) \"i386\" ... ok
+[2014-12-08 10:27:12 CET] read: apt-cache [\"policy\",\"etckeeper\"]
+mordor apt installed etckeeper ... ok
+[2014-12-08 10:27:13 CET] read: apt-cache [\"policy\",\"ssh\"]
+mordor apt installed ssh ... ok
+[2014-12-08 10:27:13 CET] read: passwd [\"-S\",\"root\"]
+mordor root has password ... ok
+[2014-12-08 10:27:13 CET] call: a2query [\"-q\",\"-s\",\"reprepro\"]
+[2014-12-08 10:27:14 CET] read: apt-cache [\"policy\",\"apache2\"]
+[2014-12-08 10:27:14 CET] call: a2ensite [\"--quiet\",\"reprepro\"]
+Enabling site reprepro.
+[2014-12-08 10:27:15 CET] call: sh [\"-c\",\"set -e ; service 'apache2' reload >/dev/null 2>&1 || true\"]
+mordor create reprepro ... done
+mordor overall ... done
+
+"""]]
diff --git a/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_2_5323336b92d9aef5a9021b924029f3af._comment b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_2_5323336b92d9aef5a9021b924029f3af._comment
new file mode 100644
index 00000000..85a57383
--- /dev/null
+++ b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_2_5323336b92d9aef5a9021b924029f3af._comment
@@ -0,0 +1,38 @@
+[[!comment format=mdwn
+ username="picca"
+ subject="second run with content modified"
+ date="2014-12-08T09:37:43Z"
+ content="""
+Second run after adding a space here
+
+ - , \" Options Indexes FollowSymLinks Multiviews\"
+ + , \" Options Indexes FollowSymLinks Multiviews\"
+
+
+ root@mordor:~/propellor/src# PROPELLOR_DEBUG=1 runhaskell config.hs
+ [2014-12-08 10:34:19 CET] read: hostname [\"-f\"]
+ [2014-12-08 10:34:19 CET] command line: Run \"mordor\"
+ [2014-12-08 10:34:19 CET] read: git [\"remote\"]
+ [2014-12-08 10:34:19 CET] read: git [\"symbolic-ref\",\"--short\",\"HEAD\"]
+ [2014-12-08 10:34:19 CET] call: git [\"fetch\"]
+ remote: Counting objects: 32, done.
+ remote: Compressing objects: 100% (6/6), done.
+ remote: Total 6 (delta 3), reused 0 (delta 0)
+ Dépaquetage des objets: 100% (6/6), fait.
+ Depuis git://git.kitenet.net/propellor
+ c5a8cae..9ac0dfb master -> origin/master
+ Pull from central git repository ... done
+ [2014-12-08 10:34:20 CET] read: git [\"show-ref\",\"--hash\",\"master\"]
+ [2014-12-08 10:34:20 CET] read: git [\"show-ref\",\"--hash\",\"master\"]
+ mordor has Operating System (Debian Unstable) \"i386\" ... ok
+ [2014-12-08 10:34:20 CET] read: apt-cache [\"policy\",\"etckeeper\"]
+ mordor apt installed etckeeper ... ok
+ [2014-12-08 10:34:21 CET] read: apt-cache [\"policy\",\"ssh\"]
+ mordor apt installed ssh ... ok
+ [2014-12-08 10:34:21 CET] read: passwd [\"-S\",\"root\"]
+ mordor root has password ... ok
+ [2014-12-08 10:34:21 CET] call: a2query [\"-q\",\"-s\",\"reprepro\"]
+ mordor create reprepro ... ok
+ mordor overall ... ok
+
+"""]]
diff --git a/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_3_531c2c5e78fb5c62e54d84231b129dc8._comment b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_3_531c2c5e78fb5c62e54d84231b129dc8._comment
new file mode 100644
index 00000000..5dc67fb0
--- /dev/null
+++ b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_3_531c2c5e78fb5c62e54d84231b129dc8._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="picca"
+ subject="comment 3"
+ date="2014-12-08T10:47:59Z"
+ content="""
+I forgot to say that the content of
+
+/etc/apache2/site-xxx/reprepro[.conf]
+
+is unmodifed after this second run
+"""]]
diff --git a/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_4_54281604c588a7229f9d987e8cdee802._comment b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_4_54281604c588a7229f9d987e8cdee802._comment
new file mode 100644
index 00000000..a9201541
--- /dev/null
+++ b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_4_54281604c588a7229f9d987e8cdee802._comment
@@ -0,0 +1,16 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 4"""
+ date="2014-12-09T04:35:12Z"
+ content="""
+Pretty obvious why if you look at the code:
+
+ enable = check (not <$> isenabled) $
+ cmdProperty "a2ensite" ["--quiet", hn]
+ `describe` ("apache site enabled " ++ hn)
+ `requires` siteAvailable hn cf
+
+So that property was skipped entirely if the site was already enabled and never looked at the config file.
+
+I've put in a fix.
+"""]]
diff --git a/doc/forum/Experimental_propellor_augeas_intergration_+_workflow_concenrs.mdwn b/doc/forum/Experimental_propellor_augeas_intergration_+_workflow_concenrs.mdwn
new file mode 100644
index 00000000..e11f5010
--- /dev/null
+++ b/doc/forum/Experimental_propellor_augeas_intergration_+_workflow_concenrs.mdwn
@@ -0,0 +1,3 @@
+I'm not experienced haskeller, but I've started to work on augeas property for propellor. I've created a separate repo for it: https://github.com/paluh/propellor-augeas. I will try to rewrite some existing properties on top of this and add some new. It is in a really early stage, but it works.
+
+I think that it will be a lot easier to work on propellor core properties and features, if it will be separated lib without any "spinning" abilities. Currently when I'm trying to read your or my commits history, there is a lot of "propellor spin" commits, without any sensible comment. In addition, it is hard to merge any changes to your repo - I can't just send you pull request. In case of such a broad project as propellor, I think that it will be beneficial to facilitate cooperation and to separate deployment mechanics from core configuration management parts. What do you think about extracting pure library from existing project?
diff --git a/doc/forum/Experimental_propellor_augeas_intergration_+_workflow_concenrs/comment_1_ae5bb6438981259673e07b7185367b43._comment b/doc/forum/Experimental_propellor_augeas_intergration_+_workflow_concenrs/comment_1_ae5bb6438981259673e07b7185367b43._comment
new file mode 100644
index 00000000..2b88da6b
--- /dev/null
+++ b/doc/forum/Experimental_propellor_augeas_intergration_+_workflow_concenrs/comment_1_ae5bb6438981259673e07b7185367b43._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-06-29T20:43:24Z"
+ content="""
+This seems like it would be a useful addition to propellor.
+
+As to commits made by propellor --spin during development, those typically
+involve changes to my own configuration, or minor changes, but sometimes
+other changes slip into one of those commits during the press of sysadmin
+events. I doh't see how those would prevent you from sending patches though.
+"""]]
diff --git a/doc/forum/Multiple_propellor_repos.mdwn b/doc/forum/Multiple_propellor_repos.mdwn
new file mode 100644
index 00000000..7c6f4012
--- /dev/null
+++ b/doc/forum/Multiple_propellor_repos.mdwn
@@ -0,0 +1 @@
+I would like to use Propellor for work hosts as well as configuring my personal hosts, but having these in the same repository is somewhat impractical. How do I use a Propellor repository that isn't at ~/.propellor?
diff --git a/doc/forum/Multiple_propellor_repos/comment_1_7e67945e0243553b664805825a839490._comment b/doc/forum/Multiple_propellor_repos/comment_1_7e67945e0243553b664805825a839490._comment
new file mode 100644
index 00000000..ff4c6ab6
--- /dev/null
+++ b/doc/forum/Multiple_propellor_repos/comment_1_7e67945e0243553b664805825a839490._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="mithrandi@311efa1b2b5c4999c2edae7da06fb825899e8a82"
+ nickname="mithrandi"
+ subject="comment 1"
+ date="2015-06-08T01:50:54Z"
+ content="""
+Actually, I think I figured this out; just run `make build` in the located-elsewhere repo to get `./propellor` and then run that directly.
+"""]]
diff --git a/doc/forum/Propellor_2.5.0_does_not_build_out_of_the_box_on_newly_installed_ubuntu.mdwn b/doc/forum/Propellor_2.5.0_does_not_build_out_of_the_box_on_newly_installed_ubuntu.mdwn
new file mode 100644
index 00000000..eadc9543
--- /dev/null
+++ b/doc/forum/Propellor_2.5.0_does_not_build_out_of_the_box_on_newly_installed_ubuntu.mdwn
@@ -0,0 +1,37 @@
+I am trying to upgrade my propellor config to latest Propellor, using it as a library. I run into the following compilation error when doing `propellor X.Y.Z.T` on my machine:
+
+```
+[17 of 65] Compiling Propellor.Property.Chroot.Util ( src/Propellor/Property/Chroot/Util.hs, dist/build/propellor-config/propellor-config-tmp/Propellor/Property/Chroot/Util.o )
+[18 of 65] Compiling Utility.UserInfo ( src/Utility/UserInfo.hs, dist/build/propellor-config/propellor-config-tmp/Utility/UserInfo.o )
+[19 of 65] Compiling Utility.Monad ( src/Utility/Monad.hs, dist/build/propellor-config/propellor-config-tmp/Utility/Monad.o )
+[20 of 65] Compiling Utility.Exception ( src/Utility/Exception.hs, dist/build/propellor-config/propellor-config-tmp/Utility/Exception.o )
+
+src/Utility/Exception.hs:65:15:
+ Not in scope: type constructor or class `MonadMask'
+Failed to install propellor-2.5.0
+Downloading MonadCatchIO-transformers-0.3.1.3...
+Configuring MonadCatchIO-transformers-0.3.1.3...
+Building MonadCatchIO-transformers-0.3.1.3...
+Preprocessing library MonadCatchIO-transformers-0.3.1.3...
+[1 of 2] Compiling Control.Monad.CatchIO ( src/Control/Monad/CatchIO.hs, dist/build/Control/Monad/CatchIO.o )
+
+src/Control/Monad/CatchIO.hs:29:1: Warning:
+ Module `Prelude' does not export `catch'
+[2 of 2] Compiling Control.Monad.CatchIO.Try ( src/Control/Monad/CatchIO/Try.hs, dist/build/Control/Monad/CatchIO/Try.o )
+caIn-place regisbaterinl:g Mon adCatchIO-transformers-0.3.1.3...
+Installing libErrorary in
+r/ro:ot/.cabal/lib/MonadCatchIO-transformers-0.3.1.3/ghc-7.6.3
+Registering MonadCatchIO-transformers-0.3.1.3...
+Installed MonadCatchIO-transformers-0.3.1.3
+ some packages failed to install:
+propellor-2.5.0 failed during the building phase. The exception was:
+ExitFailure 1
+caResolving depenbaldencies...
+Configuring prod-0.0.1..: .
+At least the following dependencies are missing:
+propellor ==2.5.0
+sh: 1: ./propellor: not found
+propellor: user error (ssh ["-o","ControlPath=/Users/arnaud/.ssh/propellor/X.Y.Z.T.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@X.Y.Z.T","sh -c 'if [ ! -d /usr/local/propellor/.git ] ; then (if ! git --version >/dev/null; then apt-get update && apt-get --no-install-recommends --no-upgrade -y install git; fi && echo STATUSNeedGitClone) || echo STATUSNeedPrecompiled ; else cd /usr/local/propellor && if ! cabal configure >/dev/null 2>&1; then ( apt-get update ; apt-get --no-upgrade --no-install-recommends -y install gnupg ; apt-get --no-upgrade --no-install-recommends -y install ghc ; apt-get --no-upgrade --no-install-recommends -y install cabal-install ; apt-get --no-upgrade --no-install-recommends -y install libghc-async-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-missingh-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-hslogger-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-unix-compat-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-ansi-terminal-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-ifelse-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-network-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-quickcheck2-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-mtl-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-transformers-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-exceptions-dev ; cabal update ; cabal install --only-dependencies ) || true; fi&& if ! test -x ./propellor; then cabal configure && cabal build && ln -sf dist/build/propellor-config/propellor-config propellor; fi;if test -x ./propellor && ! ./propellor --check 2>/dev/null; then cabal clean && cabal configure && cabal build && ln -sf dist/build/propellor-config/propellor-config propellor; fi && ./propellor --boot X.Y.Z.T ; fi'"] exited 127)
+```
+
+Am I missing something?
diff --git a/doc/forum/Propellor_2.5.0_does_not_build_out_of_the_box_on_newly_installed_ubuntu/comment_1_67f017b92670759083b73a4536183dbc._comment b/doc/forum/Propellor_2.5.0_does_not_build_out_of_the_box_on_newly_installed_ubuntu/comment_1_67f017b92670759083b73a4536183dbc._comment
new file mode 100644
index 00000000..0e0c7b9d
--- /dev/null
+++ b/doc/forum/Propellor_2.5.0_does_not_build_out_of_the_box_on_newly_installed_ubuntu/comment_1_67f017b92670759083b73a4536183dbc._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-06-30T20:51:14Z"
+ content="""
+Since MonadMask is provided by exceptions since 0.6, I guess you must have
+an olver version installed.
+
+I've versioned the dependency now.
+"""]]
diff --git a/doc/forum/Propellor_2.5.0_does_not_build_out_of_the_box_on_newly_installed_ubuntu/comment_2_08aa3d15e6fa9b3fb4c07fc992da4ab0._comment b/doc/forum/Propellor_2.5.0_does_not_build_out_of_the_box_on_newly_installed_ubuntu/comment_2_08aa3d15e6fa9b3fb4c07fc992da4ab0._comment
new file mode 100644
index 00000000..f518c502
--- /dev/null
+++ b/doc/forum/Propellor_2.5.0_does_not_build_out_of_the_box_on_newly_installed_ubuntu/comment_2_08aa3d15e6fa9b3fb4c07fc992da4ab0._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="arnaud@30aba4d9f1742050874551d3ddc55ca8694809f8"
+ nickname="arnaud"
+ subject="comment 2"
+ date="2015-07-01T07:31:03Z"
+ content="""
+I guess a workaround would be to force the version in my cabal file. I will try that.
+"""]]
diff --git a/doc/forum/Propellor_without_superuser_privileges.mdwn b/doc/forum/Propellor_without_superuser_privileges.mdwn
new file mode 100644
index 00000000..d7288a72
--- /dev/null
+++ b/doc/forum/Propellor_without_superuser_privileges.mdwn
@@ -0,0 +1,3 @@
+Joey uses propellor to popular his /home/joey on hosts he controls. I'd like to use it to populate my home directory on hosts where I don't have root. If someone gives me a shell account on a Debian box, it would be great to just run `propellor --spin` to have apply properties such as having certain stuff downloaded and compiled in `~/local/bin`, putting cronjobs in place, and checking stuff out with `myrepos`.
+
+Does propellor assume root access at a deep enough level that writing properties to do this stuff would be impractical?
diff --git a/doc/forum/Propellor_without_superuser_privileges/comment_1_021ecbb1b8bd7e26776b49ec75e90d0c._comment b/doc/forum/Propellor_without_superuser_privileges/comment_1_021ecbb1b8bd7e26776b49ec75e90d0c._comment
new file mode 100644
index 00000000..1a38ef94
--- /dev/null
+++ b/doc/forum/Propellor_without_superuser_privileges/comment_1_021ecbb1b8bd7e26776b49ec75e90d0c._comment
@@ -0,0 +1,26 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-12-26T19:26:00Z"
+ content="""
+I think that the root assumptions are in basically 3 places:
+
+* Many Properties assume they're run as root, and will fail if they're not.
+ Probably not a problem in practice for most of them. It might be nice
+ to make a few, such as `User.hasSomePassword` work when run as a normal
+ user.
+
+* Propellor's self-deployment involves running apt-get to instal ghc,
+ etc. This could be modified to check if it's not root and do a local
+ user of ghc if necessary.
+
+* `localdir = "/usr/local" and this is used in various places by eg,
+ `--spin`. It is, however, entirely possible to run "./propellor" in
+ some other directory, which causes it to run in that directory
+ and ensure the properties of localhost. `--spin` could certianly be
+ taught to run in a user mode where it uses "~/.propellor/" instead of
+ `localdir`.
+
+I think that's all! I don't plan to try to add this feature myself, but
+will be happy to support anyone who wants to work on it.
+"""]]
diff --git a/doc/forum/Supported_OS.mdwn b/doc/forum/Supported_OS.mdwn
new file mode 100644
index 00000000..f17b9054
--- /dev/null
+++ b/doc/forum/Supported_OS.mdwn
@@ -0,0 +1,5 @@
+What are the requirements for the configured OS ? Does it need to be Debian ?
+
+Would Propellor work for Arch linux, RHEL, Windows, AIX or linux on pSeries) ?
+
+Cheers
diff --git a/doc/forum/Supported_OS/comment_1_f324bed708305e2667bd00f80544dd90._comment b/doc/forum/Supported_OS/comment_1_f324bed708305e2667bd00f80544dd90._comment
new file mode 100644
index 00000000..3a2055ea
--- /dev/null
+++ b/doc/forum/Supported_OS/comment_1_f324bed708305e2667bd00f80544dd90._comment
@@ -0,0 +1,23 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-12-07T15:58:03Z"
+ content="""
+I have heard of propellor being used on OSX. Probably that user wrote their
+own code for OSX specific stuff.
+
+Propellor properites can be parameterized by OS. Currently it has support
+for Debian and some untested support for Ubuntu. A property can be parameterized
+like this:
+
+ foo :: Property
+ foo = property "foo" withOS desc $ \o -> case o of
+ (Just (System (Debian _) _)) -> ensureProperty fooDebian
+ (Just (System (Ubuntu _) _)) -> ensureProperty fooUbuntu
+
+The first step for adding a new OS will be to modify <http://hackage.haskell.org/package/propellor-1.0.0/docs/Propellor-Types-OS.html>.
+Compilation will then warn about all OS parameterized properties that
+need to be updated to support your added OS, and it can be taken from there.
+
+I'll accept reasonable patches to support other OS's.
+"""]]
diff --git a/doc/forum/can_not_build_debian_package.mdwn b/doc/forum/can_not_build_debian_package.mdwn
new file mode 100644
index 00000000..d721f922
--- /dev/null
+++ b/doc/forum/can_not_build_debian_package.mdwn
@@ -0,0 +1,25 @@
+Hello, I am trying to build the propellor package using sbuild
+
+but I got this error message during the build.
+
+Source tarball created: dist/propellor-2.5.0.tar.gz
+cat dist/propellor-*.tar.gz | (cd dist/gittmp && tar zx --strip-components=1)
+# cabal sdist does not preserve symlinks, so copy over file
+cd dist/gittmp && for f in $(find -type f); do rm -f $f; cp -a ../../$f $f; done
+cd dist/gittmp && git init && \
+ git add . \
+ && git commit -q -m "distributed version of propellor" \
+ && git bundle create /«PKGBUILDDIR»/debian/propellor/usr/src/propellor/propellor.git master HEAD \
+ && git show-ref master --hash > /«PKGBUILDDIR»/debian/propellor/usr/src/propellor/head
+Initialized empty Git repository in /«PKGBUILDDIR»/dist/gittmp/.git/
+*** Please tell me who you are.
+Run
+ git config --global user.email "you@example.com"
+ git config --global user.name "Your Name"
+
+to set your account's default identity.
+Omit --global to set the identity only in this repository.
+
+fatal: unable to auto-detect email address (got 'root@mordor.(none)')
+make[1]: *** [install] Error 128
+Makefile:13: recipe for target 'install' failed
diff --git a/doc/forum/can_not_build_debian_package/comment_1_8e4c2850f0494b761803c87cafe5b249._comment b/doc/forum/can_not_build_debian_package/comment_1_8e4c2850f0494b761803c87cafe5b249._comment
new file mode 100644
index 00000000..5e311820
--- /dev/null
+++ b/doc/forum/can_not_build_debian_package/comment_1_8e4c2850f0494b761803c87cafe5b249._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-07-11T02:35:53Z"
+ content="""
+Fixed this to set all the environment variables to make git work.
+
+(Such a pity git is so non-robust about making commits..)
+"""]]
diff --git a/doc/forum/delete_a_field__63__.mdwn b/doc/forum/delete_a_field__63__.mdwn
new file mode 100644
index 00000000..8e9e13e5
--- /dev/null
+++ b/doc/forum/delete_a_field__63__.mdwn
@@ -0,0 +1 @@
+"propellor --list-fields", "propellor --edit field context" and "propellor --set field context" are great, but is there a way to delete a field?
diff --git a/doc/forum/delete_a_field__63__/comment_1_157b488bf3e360570bd847d750ab0063._comment b/doc/forum/delete_a_field__63__/comment_1_157b488bf3e360570bd847d750ab0063._comment
new file mode 100644
index 00000000..5f3dd1a1
--- /dev/null
+++ b/doc/forum/delete_a_field__63__/comment_1_157b488bf3e360570bd847d750ab0063._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-06-29T20:40:33Z"
+ content="""
+I've added a --unset option now.
+"""]]
diff --git a/doc/forum/gitpush_problem.mdwn b/doc/forum/gitpush_problem.mdwn
new file mode 100644
index 00000000..ced4305b
--- /dev/null
+++ b/doc/forum/gitpush_problem.mdwn
@@ -0,0 +1,68 @@
+Hello, since a few days I got this error message when I am doing
+
+This is on a Debian unstable computer. I do no tknow if this is related to the
+git 2.4.x -> 2.5.x upgrade
+
+
+:~/.propellor$ propellor
+Building propellor-2.6.0...
+Preprocessing library propellor-2.6.0...
+In-place registering propellor-2.6.0...
+Preprocessing executable 'propellor' for propellor-2.6.0...
+Preprocessing executable 'propellor-config' for propellor-2.6.0...
+Propellor build ... done
+Enter passphrase for key '/home/picca/.ssh/id_rsa':
+Pull from central git repository ... done
+Building propellor-2.6.0...
+Preprocessing library propellor-2.6.0...
+In-place registering propellor-2.6.0...
+Preprocessing executable 'propellor' for propellor-2.6.0...
+Preprocessing executable 'propellor-config' for propellor-2.6.0...
+Propellor build ... done
+[master 08f2f53] propellor spin
+Git commit ... done
+Enter passphrase for key '/home/picca/.ssh/id_rsa':
+Décompte des objets: 1, fait.
+Écriture des objets: 100% (1/1), 202 bytes | 0 bytes/s, fait.
+Total 1 (delta 0), reused 0 (delta 0)
+To ssh://xxxxxxxxxxxxxxxxxxxxxxxxxxxx/propellor.git
+ 3a4d960..08f2f53 master -> master
+Push to central git repository ... done
+root@xxxxxx's password:
+Depuis git://xxxxxxxxxxxxxxxxxxxx/propellor
+ 3a4d960..08f2f53 master -> origin/master
+Pull from central git repository ... done
+Sending privdata (11 bytes) to mordor ... done
+error: unknown option `gitpush'
+usage : git fetch [<options>] [<dépôt> [<spécification-de-référence>...]]
+ ou : git fetch [<options>] <groupe>
+ ou : git fetch --multiple [<options>] [(<dépôt> | <groupe>)...]
+ ou : git fetch --all [<options>]
+
+ -v, --verbose être plus verbeux
+ -q, --quiet être plus silencieux
+ --all récupérer depuis tous le dépôts distants
+ -a, --append ajouter à .git/FETCH_HEAD au lieu de l'écraser
+ --upload-pack <chemin>
+ chemin vers lequel télécharger le paquet sur le poste distant
+ -f, --force forcer l'écrasement de la branche locale
+ -m, --multiple récupérer depuis plusieurs dépôts distants
+ -t, --tags récupérer toutes les étiquettes et leurs objets associés
+ -n ne pas récupérer toutes les étiquettes (--no-tags)
+ -p, --prune éliminer les branches de suivi distant si la branche n'existe plus dans le dépôt distant
+ --recurse-submodules[=<à la demande>]
+ contrôler la récupération récursive dans les sous-modules
+ --dry-run simuler l'action
+ -k, --keep conserver le paquet téléchargé
+ -u, --update-head-ok permettre la mise à jour de la référence HEAD
+ --progress forcer l'affichage de l'état d'avancement
+ --depth <profondeur> approfondir l'historique d'un clone superficiel
+ --unshallow convertir en un dépôt complet
+ --update-shallow accepter les références qui mettent à jour .git/shallow
+ --refmap <correspondance de référence>
+ spécifier une correspondance de référence pour la récupération
+
+propellor: <stdout>: hIsTerminalDevice: illegal operation (handle is closed)
+error: git-upload-pack died of signal 13
+Sending git update to mordor ... failed
+propellor: user error (ssh ["-o","ControlPath=/xxxxxxxxxxxxxxxxxxxx.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@xxxxxx","sh -c 'if [ ! -d /usr/local/propellor/.git ] ; then (if ! git --version >/dev/null; then apt-get update && apt-get --no-install-recommends --no-upgrade -y install git; fi && echo STATUSNeedGitClone) || echo STATUSNeedPrecompiled ; else cd /usr/local/propellor && if ! cabal configure >/dev/null 2>&1; then ( apt-get update ; apt-get --no-upgrade --no-install-recommends -y install gnupg ; apt-get --no-upgrade --no-install-recommends -y install ghc ; apt-get --no-upgrade --no-install-recommends -y install cabal-install ; apt-get --no-upgrade --no-install-recommends -y install libghc-async-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-missingh-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-hslogger-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-unix-compat-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-ansi-terminal-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-ifelse-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-network-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-quickcheck2-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-mtl-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-transformers-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-exceptions-dev ; cabal update ; cabal install --only-dependencies ) || true; fi&& if ! test -x ./propellor; then cabal configure && cabal build && ln -sf dist/build/propellor-config/propellor-config propellor; fi;if test -x ./propellor && ! ./propellor --check 2>/dev/null; then cabal clean && cabal configure && cabal build && ln -sf dist/build/propellor-config/propellor-config propellor; fi && ./propellor --boot mordor ; fi'"] exited 1)
diff --git a/doc/forum/gitpush_problem/comment_1_ba6fb30ea2e2759776351408a3a69b44._comment b/doc/forum/gitpush_problem/comment_1_ba6fb30ea2e2759776351408a3a69b44._comment
new file mode 100644
index 00000000..11d24d50
--- /dev/null
+++ b/doc/forum/gitpush_problem/comment_1_ba6fb30ea2e2759776351408a3a69b44._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-07-30T15:00:57Z"
+ content="""
+About all I can tell from this is that "git fetch" is failing, and
+apparently complaining about being passed a "gitpush" option.
+
+Since the only occurrance of "gitpush" is a internal flag that propellor
+passes to itself, and not to git fetch, I don't know why your propellor
+would be doing this. Perhaps if you turn on `PROPELLOR_DEBUG` you'll find
+out more.
+"""]]
diff --git a/doc/forum/gitpush_problem/comment_2_342b7657b964e836840a78b85a09749b._comment b/doc/forum/gitpush_problem/comment_2_342b7657b964e836840a78b85a09749b._comment
new file mode 100644
index 00000000..55bc85f6
--- /dev/null
+++ b/doc/forum/gitpush_problem/comment_2_342b7657b964e836840a78b85a09749b._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2015-07-30T15:29:46Z"
+ content="""
+Hmm, I do reproduce same problem spinning a remote host that's been
+upgraded to this git version.
+"""]]
diff --git a/doc/forum/gitpush_problem/comment_3_419baa6f1738200b1368566a2e136d36._comment b/doc/forum/gitpush_problem/comment_3_419baa6f1738200b1368566a2e136d36._comment
new file mode 100644
index 00000000..830ee7b0
--- /dev/null
+++ b/doc/forum/gitpush_problem/comment_3_419baa6f1738200b1368566a2e136d36._comment
@@ -0,0 +1,22 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2015-07-30T15:32:50Z"
+ content="""
+What's happening here is propellor is running: git pull --progress
+--upload-pack command, where command is "./propellor --gitpush".
+
+Apparently git's --upload-pack option parsing has changed in a way that
+breaks this.
+
+I think this is a straight-up git bug. I have reported the bug to the
+git mailing list.
+
+May have to work around the bug by just passing "./propellor" to
+--upload-pack, and using environment variables to tell it what to do.
+
+Erm.. AFAIKS, git pull is no longer running --upload-pack specified
+command at all. So it seems git has completely defeated how propellor --spin
+sends a git push over its ssh channel. I don't have any prospect of a fix
+right now.
+"""]]
diff --git a/doc/forum/gitpush_problem/comment_4_3843d9b82431f175f9194159a73a1fc9._comment b/doc/forum/gitpush_problem/comment_4_3843d9b82431f175f9194159a73a1fc9._comment
new file mode 100644
index 00000000..7e8bcdb2
--- /dev/null
+++ b/doc/forum/gitpush_problem/comment_4_3843d9b82431f175f9194159a73a1fc9._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 4"""
+ date="2015-07-30T16:07:14Z"
+ content="""
+I have found a workaround -- Since git pull is broken, it can instead do a
+git fetch followed by a git merge. I've put that fix in place.
+
+Unfortunately, --spin can't be used to deploy a fix that breaks the --spin
+transport! So, hosts that are suffering from this problem will need to have
+their propellor git repos updated in some other way, like pulling from a
+central git repo.
+"""]]
diff --git a/doc/forum/gitpush_problem/comment_5_4075a141f6345267ade09f6c793dc2c8._comment b/doc/forum/gitpush_problem/comment_5_4075a141f6345267ade09f6c793dc2c8._comment
new file mode 100644
index 00000000..b38bb004
--- /dev/null
+++ b/doc/forum/gitpush_problem/comment_5_4075a141f6345267ade09f6c793dc2c8._comment
@@ -0,0 +1,33 @@
+[[!comment format=mdwn
+ username="picca"
+ subject="try to use the fix"
+ date="2015-07-30T17:52:53Z"
+ content="""
+Hello I built the debian package of your git repository with debuild and installed it.
+
+then I run propellor in order to upgrade my local repo
+
+:~/.propellor$ propellor
+** warning: ** Your /home/picca/.propellor is out of date..
+ A newer upstream version is available in /usr/src/propellor/propellor.git
+ To merge it, find the most recent commit in your repository's history that corresponds to an upstream release of propellor, and set refs/remotes/upstream/master to it. Then run propellor again.
+
+So I followed the advices, found the most recent commit which was the one created when I run for the first time propellor cb7f1acc108609b345dbec26d8113513bf7b4ece
+
+But now when I run propellor,I get thir message
+
+:~/.propellor$ propellor
+** warning: ** Your /home/picca/.propellor is out of date..
+ A newer upstream version is available in /usr/src/propellor/propellor.git
+ To merge it, run: git merge upstream/master
+
+
+But when I try the merge,
+
+~/.propellor$ git merge upstream/master
+Already up-to-date.
+
+
+so nothing happend
+
+"""]]
diff --git a/doc/forum/gitpush_problem/comment_6_464257a98e09dfe17e515242ae819fab._comment b/doc/forum/gitpush_problem/comment_6_464257a98e09dfe17e515242ae819fab._comment
new file mode 100644
index 00000000..2f3b4bc6
--- /dev/null
+++ b/doc/forum/gitpush_problem/comment_6_464257a98e09dfe17e515242ae819fab._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 6"""
+ date="2015-08-06T16:14:04Z"
+ content="""
+Hmm, not sure that's going on there, perhaps you've found a way to break
+the propellor debian package, which has not been much used AFAIK.
+
+Seems to me it would be easier to pull the fix into your propellor
+repository from eg, propellor's public git repository.
+"""]]
diff --git a/doc/forum/gitpush_problem/comment_7_1cfed50e43cc4ec816999f4f1de79762._comment b/doc/forum/gitpush_problem/comment_7_1cfed50e43cc4ec816999f4f1de79762._comment
new file mode 100644
index 00000000..0fb091e5
--- /dev/null
+++ b/doc/forum/gitpush_problem/comment_7_1cfed50e43cc4ec816999f4f1de79762._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="picca"
+ subject="comment 7"
+ date="2015-08-19T07:40:38Z"
+ content="""
+Yes you are right I generated the Debian package but not from a tagged version.
+Now that I created the 2.7.1 version from the tag, it works.
+
+thanks
+"""]]
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac.mdwn b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac.mdwn
new file mode 100644
index 00000000..c88defcf
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac.mdwn
@@ -0,0 +1,12 @@
+Hello,
+
+I am trying propellor on Debian Jessie (haskell is fantastic for this sort or things) to setup one of my computer.
+
+On my network, the system administrator set proxies for http and https.
+These information are available via a http://proxy/proxy.pac URL.
+
+So I would like to know what should be done to extract this information and set it for all users on the system ?
+
+Cheers
+
+Frederic
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_1_69d7c8fb1d62300456575bb10e935d69._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_1_69d7c8fb1d62300456575bb10e935d69._comment
new file mode 100644
index 00000000..6bf8844d
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_1_69d7c8fb1d62300456575bb10e935d69._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-11-25T15:44:13Z"
+ content="""
+You could, for example, use Propellor.Propety.Cmd.cmdProperty
+to run a command that sets up the proxying. If there's not a single command
+that does it, you could cause propellor to fetch the url and deploy the
+info itself.
+"""]]
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_2_da30b2621493e48ceabcfa5732dbcdf8._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_2_da30b2621493e48ceabcfa5732dbcdf8._comment
new file mode 100644
index 00000000..8458ee49
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_2_da30b2621493e48ceabcfa5732dbcdf8._comment
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="picca"
+ subject="comment 2"
+ date="2014-11-25T17:55:25Z"
+ content="""
+In my case I need to wget the proxy.pac file and parse it to find the right proxy.
+
+what worried me is that these proxy.pac things are dynamical depending on the ip of the sender AND the receive.
+It work nicely with web browser, but not with the unix http_proxy and HTTPS_PROXY env.
+
+nevertheless, I can create something to parse my local setup and extract the right http_proxy.
+
+Is there something available in Propellor to set a global environment variable in /etc/environment (the right place for this ?)
+
+cheers
+
+Frederic
+
+"""]]
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_3_bd76d169af2ef2f154ad1f0f64506661._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_3_bd76d169af2ef2f154ad1f0f64506661._comment
new file mode 100644
index 00000000..9bdcb4df
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_3_bd76d169af2ef2f154ad1f0f64506661._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-11-25T19:37:46Z"
+ content="""
+There's no Property that handles setting global environment currently, but
+it's a reasonable one to add.
+
+I think that /etc/environment is read by `pam_env` logins, but maybe not
+other things, so dunno.
+"""]]
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_4_a6a49d35ee8a05abc982049b55d0397c._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_4_a6a49d35ee8a05abc982049b55d0397c._comment
new file mode 100644
index 00000000..d2a0b45e
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_4_a6a49d35ee8a05abc982049b55d0397c._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="picca"
+ subject="comment 4"
+ date="2014-11-25T20:01:12Z"
+ content="""
+I saw that there is an haskell binding for augeas.
+
+Maybe this could be a nice uniform interface to deal with all the system configuration files.
+then no need to deal with the config file formats.
+
+"""]]
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_5_7783b8a96c8032a39ff3b5b446a976ed._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_5_7783b8a96c8032a39ff3b5b446a976ed._comment
new file mode 100644
index 00000000..d670fa3b
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_5_7783b8a96c8032a39ff3b5b446a976ed._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="gueux"
+ subject="comment 5"
+ date="2014-11-27T08:17:36Z"
+ content="""
+Just looked at augeas, and add it to propellor would be great. Much more robust than Propellor.Property.File.{containsLine,containsLines,lacksLine}, at least.
+"""]]
diff --git a/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn
new file mode 100644
index 00000000..0815b4b3
--- /dev/null
+++ b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn
@@ -0,0 +1 @@
+How can I modify the configuration of a managed host (which seems to be stored in /usr/local/propellor/.git/config) from the host on which I run propellor?
diff --git a/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment
new file mode 100644
index 00000000..f034a377
--- /dev/null
+++ b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-10-31T14:40:33Z"
+ content="""
+I'm curious what you need to configure there..
+
+But, there seems to be a simple solution: Add a Property that configures
+the .git/config however you need to! :)
+"""]]
diff --git a/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__.mdwn b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__.mdwn
new file mode 100644
index 00000000..0a50fc91
--- /dev/null
+++ b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__.mdwn
@@ -0,0 +1,177 @@
+Having taken the inital hurdle of getting propellor running
+(cf. my last post in this forum), I am beginning to like propellor
+quite a lot. - This comes not too much as a surprise, as I am
+a Haskeller really. - I would love to use it for all my configuration
+needs, and to that end ditch ansible.
+
+Propellor's biggest show stopper for me is this (maybe I am misunderstanding
+propellor?):
+
+I can run
+
+```
+ propellor --spin myhost
+```
+
+from the command line, and all the tasks/properties that I have
+defined myhost to have beforehand will be executed/realized/configured.
+
+Say eg. I haved defined (sorry for the bad formatting,
+seems I have to do it line by line to get the markdown look nice)
+
+```
+myhost :: Host
+```
+
+```
+myhost = host "myhost"
+ & os (System (Debian Testing) "amd64")
+ & emacs
+ & apt
+```
+
+```
+emacs :: Property HasInfo
+```
+
+```
+emacs = propertyList "install & configure emacs" $ props
+ & Apt.installed ["emacs"
+ , "auto-complete-el"]
+```
+
+```
+ apt :: Property HasInfo
+```
+
+```
+apt = propertyList "apt update + upgrade" $ props
+ & Apt.update
+ & Apt.upgrade
+```
+
+
+Then running
+
+```
+ propellor --spin myhost
+```
+
+will make sure, that emacs is installed, and all my
+packages on myhost are up to date.
+
+It does so every time I run propellor, but normally I install
+emacs only once (and I know it's installed), whereas
+the apt update+upgrade combo I would want to run every other day.
+
+So what I would like is this: have just a minimal config for
+myhost, like this:
+
+```
+myhost :: Host
+```
+
+```
+myhost = host "myhost"
+ & os (System (Debian Testing) "amd64")
+```
+
+and then run a task (require a property ?) on myhost, somehow
+from the command line, like this
+
+```
+ propellor --spin myhost --task apt
+```
+
+Many other properties / installation steps I could run in this
+manner, like installing emacs initially
+
+```
+ propellor --spin myhost --task emacs
+```
+
+In ansible I can do this with playbooks:
+
+```
+ ansible-playbook -l myhost apt.yml
+```
+
+with some preconfigured playbook apt.yml that does just
+the apt update + upgrade task and nothing else. But I would
+have other tasks in other playbooks of course: I can install & configure
+emacs on myhost
+
+```
+ ansible-playbook -l myhost emacs.yml
+```
+
+etc.
+
+Related to that (but maybe not strictly the same question):
+
+I wouldn't mind writing my own haskell script that does
+the command line parsing (with optparse applicative eg):
+I could have options for
+
+```
+ --host (myhost/...)
+```
+
+and
+
+```
+ --task (emacs/apt/...)
+```
+
+and then just call into propellor. Unfortunately propellor's
+defaultMain does more than I want: gets the command line
+from processCmdLine.
+
+So I tried to create my own otherMain (similar to defaultMain,
+but would let me do my own command line parsing):
+
+```
+ otherMain :: [Host] -> CmdLine -> IO ()
+```
+
+but then at some point just gave up: for one thing: things
+were getting complicated, because of all the indirection:
+the propellor command line tool recompiles itself (?),
+does all this git stuff etc.
+
+And then: maybe I am approaching things in the wrong direction:
+maybe it's just not meant to be used that way
+(but ansible works fine for me in this regard)?
+
+And I thought: I don't really want to start a major programming
+task just to get this thing working, the way that seems
+reasonable to me. Or maybe it's possible already, and I just
+don't know how to use it? (So I am stuck with ansible for the time
+being).
+
+Still more or less related:
+
+Say this otherMain function existed, that allowed me to
+to do my own command line parsing and just
+call propellor on some host with the one or the other task,
+I am not 100% what's the right
+way to ensure/require/execute such a task on a host:
+
+above I am just using
+
+```
+ host & property
+```
+
+(from PropAccum), but maybe ensureProperty is better suited
+for that?
+
+Also for the wish list: some CONFIG_FILE env variable that
+would allow me to keep my config.hs somewhere other than
+in ~/.propellor/config.hs
+
+
+Anyway, thanks so far
+I would certainly want to switch to propellor completely.
+
+ Andreas
diff --git a/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_1_8959a79735aa3fa13ee37e57eb5a92e1._comment b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_1_8959a79735aa3fa13ee37e57eb5a92e1._comment
new file mode 100644
index 00000000..273dc758
--- /dev/null
+++ b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_1_8959a79735aa3fa13ee37e57eb5a92e1._comment
@@ -0,0 +1,14 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-04-14T18:48:23Z"
+ content="""
+By composing these things at the command-line, you're using the
+command-line, rather than haskell, for describing your system. I don't
+think that's a win.
+
+As far as properties that you don't want to have run every time, see
+`Propellor.Property.Scheduled.period`. For example:
+
+ & Apt.update `period` Daily
+"""]]
diff --git a/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_2_f07c33b4a14cdc0b78695de49875c9b5._comment b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_2_f07c33b4a14cdc0b78695de49875c9b5._comment
new file mode 100644
index 00000000..3eca3457
--- /dev/null
+++ b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_2_f07c33b4a14cdc0b78695de49875c9b5._comment
@@ -0,0 +1,52 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawm-czsfuWENKQ0GI8l0gnGTeF1JEli1mA0"
+ nickname="Andreas"
+ subject="comment 2"
+ date="2015-04-14T19:24:46Z"
+ content="""
+using the command line: well yes, that's right.
+Still: I can configure a lot of details in haskell (ansible playbooks):
+
+my emacs task eg. is not only ensuring that emacs is installed
+(as in the example above), but I also set some links to my
+elisp config files, ensure that cask installed etc.
+
+another task for me is installing X windows:
+again lots of details: not only the xorg packages,
+but some links to .xsession files, window manager config
+files etc.
+
+and yes: I am happy, that I can spell out the details
+of these tasks in propellor/haskell.
+
+I just don't see the point of ensuring them again and again
+with every spin of propellor, and I would want
+to be able to run just this one task on the command line.
+
+
+concerning
+```
+ Apt.update `period` Daily
+```
+thanks, will have a look.
+but I guess this is cron job (will see),
+in general I think I will want to stick to my habit, that I want
+to see what's going on (what is upgraded), thus prefer
+to not run any cron jobs for apt upgrades
+
+My overall message / concern is: I don't want to completly change my
+habits, just because I am using propellor
+
+I had the habit of installing my computers task by task
+
+I had the habit of logging in to one of my systems, and
+doing apt-get update && apt-get upgrade
+
+I want my config tool to help me achieve things in my
+way that I am used to.
+
+
+
+
+
+"""]]
diff --git a/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_3_06c63446531f56e4c93f64f6bcfba2b1._comment b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_3_06c63446531f56e4c93f64f6bcfba2b1._comment
new file mode 100644
index 00000000..144915df
--- /dev/null
+++ b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_3_06c63446531f56e4c93f64f6bcfba2b1._comment
@@ -0,0 +1,25 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2015-04-14T19:42:22Z"
+ content="""
+[period](http://hackage.haskell.org/package/propellor-2.2.1/docs/Propellor-Property-Scheduled.html)
+is not a cron job, it just modifies the Property to only do anything
+every so often.
+
+It's also possible to modify a Property so it only runs once.
+[flagFile](http://hackage.haskell.org/package/propellor-2.2.1/docs/Propellor-Property.html#v:flagFile)
+can be used to do that.
+
+But there are good reasons for propellor to default to checking all
+Properties of a system each time:
+
+* It means that most Properties are idempotent, which has many good
+ features, like being able to recover from a crash.
+* If a system no longer has a configured Property, to fix it back to having
+ the property it's supposed to have.
+* Or, if it can't be fixed, to tell you with an error message in red.
+* It keeps propellor mostly stateless; rather than having to record state
+ about how it thinks a system is, which could diverge from reality,
+ it just looks at how it actually is.
+"""]]
diff --git a/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_4_f52f30380b4fe58292fcf0ef368efbb1._comment b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_4_f52f30380b4fe58292fcf0ef368efbb1._comment
new file mode 100644
index 00000000..ecd20630
--- /dev/null
+++ b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_4_f52f30380b4fe58292fcf0ef368efbb1._comment
@@ -0,0 +1,44 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawm-czsfuWENKQ0GI8l0gnGTeF1JEli1mA0"
+ nickname="Andreas"
+ subject="comment 4"
+ date="2015-04-15T10:15:17Z"
+ content="""
+Well thanks a lot, and yes I am learning: propellor has a lot
+of powerful features under the hood already.
+
+I still remain sceptical for the time being:
+
+Propellor's overall approach seems: one spin of propellor does ensure
+that a complete systems is properly installed (and then one can
+declare exceptions: don't check this every time...). I can even see
+how this is useful: if I where a sys admin with a huge farm of
+systems, I wouldn't want to deal with half installed systems, but just
+have propellor do a complete job.
+
+As far as I am only concerned with a few personal computers of mine, I
+prefer to stick to my task by task approach, though, and for tasks
+that come up reapeatedly (like keeping my apt cache + installed
+packages up to date) that seems reasonable to me as well. - having
+only a minimal required configuration for a host, and then building
+upon that (I think/hope, you got the idea by now). The fact, that
+this model is nicely supported by ansible, seems to suggest at least,
+that this kind of reasoning/approach is not completely flawed.
+
+What is not 100% clear to me: if propellor could be bent to support my
+kind of workflow: I would think that it's possible? (even though I
+might not have the time to bend it that way myself). Or are there any
+fundamental issues with it?
+
+What I am suggesting is: that propellor be at my disposal,
+more as a library, and would not also impose a certain
+command line interface / workflow on me.
+
+Anyway, you would certainly win me as a user (don't know
+how much that counts, and cannot speak for other people's
+needs).
+
+Thanks anyway.
+ Andreas
+
+"""]]
diff --git a/doc/forum/parsing_a_config_file.mdwn b/doc/forum/parsing_a_config_file.mdwn
new file mode 100644
index 00000000..cbf0952a
--- /dev/null
+++ b/doc/forum/parsing_a_config_file.mdwn
@@ -0,0 +1,11 @@
+I have an issue with how parsing a tor config file. Hidden services are defined like this: first you specify a dir with "HiddenServiceDir" and then, (on the following lines) you define the port mappings with one or more "HiddenServicePort". You can have multiple hidden services defined in the same tor config file.
+
+ HiddenServiceDir /var/lib/tor/myhttponion
+ HiddenServicePort 80 127.0.0.1:80
+ HiddenServicePort 8080 127.0.0.1:8080
+ HiddenServiceDir /var/lib/tor/myirconion
+ HiddenServicePort 6667 127.0.0.1:6667
+
+I used "configured" to define "hiddenService" in "Propellor.Property.Tor", but I didn't realized that there can be multiple hidden services, each with multiple ports. So, defining multiple hiddenService properties does not work as expected ("Propellor.Property.Tor.configured" assumes there is only one line for one config variable)...
+
+A kind of general file parsing functions on multilines (based on AST?) may be a nice addition to Propellor.Property.File, but it sounds too hard for my skills :-). Maybe someone would have an idea to solve this problem?
diff --git a/doc/forum/parsing_a_config_file/comment_1_8e97fb2e39c1a91bcab75e57ddc8b519._comment b/doc/forum/parsing_a_config_file/comment_1_8e97fb2e39c1a91bcab75e57ddc8b519._comment
new file mode 100644
index 00000000..fa9d74ff
--- /dev/null
+++ b/doc/forum/parsing_a_config_file/comment_1_8e97fb2e39c1a91bcab75e57ddc8b519._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-08-03T19:14:00Z"
+ content="""
+This probably needs a smarter parser for torrc files that understands
+the method that tor uses to decide which config lines go together.
+
+Or, perhaps, a way to add additional torrc files that are included into the
+main one or that tor is otherwise configured to use, which would avoid the
+parsing complexity.
+"""]]
diff --git a/doc/forum/parsing_a_config_file/comment_2_9b364647b1da4c8db0116115e5c67b18._comment b/doc/forum/parsing_a_config_file/comment_2_9b364647b1da4c8db0116115e5c67b18._comment
new file mode 100644
index 00000000..4ceec2f4
--- /dev/null
+++ b/doc/forum/parsing_a_config_file/comment_2_9b364647b1da4c8db0116115e5c67b18._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2015-08-20T14:43:02Z"
+ content="""
+Sean and I have implemented a somewhat generic support for files with some
+kinds of sections, in Propellor.Property.ConfFile.
+
+I think it could be used for this tor case, by making the SectionStart
+match the HiddenServiceDir line, and the SectionPast match any line that's
+not HiddenServicePort (or perhaps match the next HiddenServiceDir
+line?)
+"""]]
diff --git a/doc/forum/passing_host_address_dynamically_to_propellor.mdwn b/doc/forum/passing_host_address_dynamically_to_propellor.mdwn
new file mode 100644
index 00000000..1d6bc0be
--- /dev/null
+++ b/doc/forum/passing_host_address_dynamically_to_propellor.mdwn
@@ -0,0 +1,2 @@
+I would like to be able to pass the address of a host dynamically to propellor, e.g. to do something like `./propellor 1.2.3.4` so that I can apply some predefined set of properties.
+I tried to implement, it compiles just fine, but does fail to run properly on the remote (or even local) host because `defaultMain` does some transformation of command-line and of course the host name/address does not exist statically in the git repo that's built and run on the remote host. Would there be another way to do what I want?
diff --git a/doc/forum/passing_host_address_dynamically_to_propellor/comment_1_1c5d5b59f2325a2f4e06d09a9900007f._comment b/doc/forum/passing_host_address_dynamically_to_propellor/comment_1_1c5d5b59f2325a2f4e06d09a9900007f._comment
new file mode 100644
index 00000000..57b2a63b
--- /dev/null
+++ b/doc/forum/passing_host_address_dynamically_to_propellor/comment_1_1c5d5b59f2325a2f4e06d09a9900007f._comment
@@ -0,0 +1,25 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-05-29T14:05:10Z"
+ content="""
+What's the use case here?
+
+I think maybe you're trying to deploy basically the same set of properties
+to multiple hosts. And perhaps don't want to have the list of hosts in the
+config.hs file. If that's the goal, it seems you could accomplish it by
+writing a function like:
+
+ stdHost :: IPAddr -> Host
+
+Or more generally,
+
+ stdHost :: Property HasInfo -> Host
+
+And then you can map over the set of IP addresses to generate the the
+[Host] list for propellor. Or could even read a data file (that would need
+to be checked into the git repo) and use it to constuct the [Host] list at
+runtime.
+
+But maybe I misunderstood the use case..
+"""]]
diff --git a/doc/forum/passing_host_address_dynamically_to_propellor/comment_2_b9041877dfc6e6bfb63a014492a2d1d1._comment b/doc/forum/passing_host_address_dynamically_to_propellor/comment_2_b9041877dfc6e6bfb63a014492a2d1d1._comment
new file mode 100644
index 00000000..0f59b424
--- /dev/null
+++ b/doc/forum/passing_host_address_dynamically_to_propellor/comment_2_b9041877dfc6e6bfb63a014492a2d1d1._comment
@@ -0,0 +1,18 @@
+[[!comment format=mdwn
+ username="arnaud.oqube@c9b8c7ea33f1dea0b7a5485b86825c5bfa9efbf7"
+ nickname="arnaud.oqube"
+ subject="comment 2"
+ date="2015-05-29T15:09:24Z"
+ content="""
+We create/destroy dynamically hosts which have different purpose: CI, Dev boxes, Testing... IP of these hosts is unknown and assign by our provider (Digital Ocean) so what I would like to do is something like:
+
+```
+$ create-host
+...
+IP: 1.2.3.4
+$ ./propellor 1.2.3.4
+```
+
+But indeed the idea of having a local `hosts` file makes sense, or even a `hosts/` directory to which I output files containing IPs.
+
+"""]]
diff --git a/doc/forum/passing_host_address_dynamically_to_propellor/comment_3_49d6408ee7618ccb88a537e519f95b27._comment b/doc/forum/passing_host_address_dynamically_to_propellor/comment_3_49d6408ee7618ccb88a537e519f95b27._comment
new file mode 100644
index 00000000..37962eff
--- /dev/null
+++ b/doc/forum/passing_host_address_dynamically_to_propellor/comment_3_49d6408ee7618ccb88a537e519f95b27._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2015-05-30T14:50:14Z"
+ content="""
+Or teach propellor --spin how to create Digital Ocean, AWS, etc VMs, as
+described in [[todo/HostingProvider_for_AWS]].
+
+I guess that even if it created the hosts, it would make sense to have a
+static host list with their IPs.
+"""]]
diff --git a/doc/forum/passing_host_address_dynamically_to_propellor/comment_4_1f208acbe17e25a2b25e1615146d7a0a._comment b/doc/forum/passing_host_address_dynamically_to_propellor/comment_4_1f208acbe17e25a2b25e1615146d7a0a._comment
new file mode 100644
index 00000000..45d24f0e
--- /dev/null
+++ b/doc/forum/passing_host_address_dynamically_to_propellor/comment_4_1f208acbe17e25a2b25e1615146d7a0a._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="arnaud.oqube@c9b8c7ea33f1dea0b7a5485b86825c5bfa9efbf7"
+ nickname="arnaud.oqube"
+ subject="comment 4"
+ date="2015-05-31T20:18:30Z"
+ content="""
+That makes sense. Indeed, that's the direction I was heading to, because currently our VM deployment scripts are in shell and I wanted to port them to Haskell and integrate in the provisioning process.
+Thanks for the idea, I will see where it goes.
+"""]]
diff --git a/doc/forum/passing_host_address_dynamically_to_propellor/comment_5_cd61e6fb0d5694575edb95728f0c8370._comment b/doc/forum/passing_host_address_dynamically_to_propellor/comment_5_cd61e6fb0d5694575edb95728f0c8370._comment
new file mode 100644
index 00000000..79f721f1
--- /dev/null
+++ b/doc/forum/passing_host_address_dynamically_to_propellor/comment_5_cd61e6fb0d5694575edb95728f0c8370._comment
@@ -0,0 +1,23 @@
+[[!comment format=mdwn
+ username="arnaud@30aba4d9f1742050874551d3ddc55ca8694809f8"
+ nickname="arnaud"
+ subject="Works like a charm..."
+ date="2015-06-11T19:19:07Z"
+ content="""
+I implemented this feature using a file, aptly named `hosts` that is versioned in the repo and populated (at the moment manually but will be automatic...) when boxes are created in DO.
+Then the following main will extract the information and create hosts config to be passed to main from propellor, reading the needed file:
+
+```
+main :: IO ()
+main = do
+ h <- map words <$> lines <$> readFile \"hosts\" `catch` (\ (_ :: IOException) -> return \"\")
+ let hosts = map selectHost h
+ defaultMain hosts
+
+selectHost :: [String] -> Host
+selectHost [\"prod\",ip,sha1] = host ip & Lending.lendingHost sha1
+selectHost [\"prod\",ip] = host ip & Lending.lendingHost currentSha1
+selectHost [\"monitor\",name,ip] = host name & Monitoring.monitoringHost ip
+selectHost h = error $ \"doesn't know how to handle host definition \" ++ show h
+```
+"""]]
diff --git a/doc/forum/propellor_with_no_central_repository__63__.mdwn b/doc/forum/propellor_with_no_central_repository__63__.mdwn
new file mode 100644
index 00000000..5f322878
--- /dev/null
+++ b/doc/forum/propellor_with_no_central_repository__63__.mdwn
@@ -0,0 +1 @@
+Is there a way to use propellor with no central repository?
diff --git a/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment b/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment
new file mode 100644
index 00000000..1f1456c5
--- /dev/null
+++ b/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-10-31T14:39:48Z"
+ content="""
+Not yet, but see [[todo/git_push_over_propellor_ssh_channel]]
+"""]]
diff --git a/doc/forum/propellor_with_no_central_repository__63__/comment_2_0f035bb4bb5cc13574394505f28abe5e._comment b/doc/forum/propellor_with_no_central_repository__63__/comment_2_0f035bb4bb5cc13574394505f28abe5e._comment
new file mode 100644
index 00000000..6a6aa946
--- /dev/null
+++ b/doc/forum/propellor_with_no_central_repository__63__/comment_2_0f035bb4bb5cc13574394505f28abe5e._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""yay!"""
+ date="2014-11-19T01:31:14Z"
+ content="""
+propellor now supports this mode by default, just use `propellor --spin
+hostname` and the changes in the local repo will be pushed and deployed to
+the host, w/o needing a centralized git repo.
+"""]]
diff --git a/doc/forum/property_combinator_ordering.mdwn b/doc/forum/property_combinator_ordering.mdwn
new file mode 100644
index 00000000..25549bb4
--- /dev/null
+++ b/doc/forum/property_combinator_ordering.mdwn
@@ -0,0 +1,8 @@
+when I write
+
+ setDistribution cfg = f `File.hasContent` cfg
+ `onChange` update
+ `requires` File.dirExists confDir
+
+is update called before ensuring the confiDir Exist ?
+It seems to me but who knows ?
diff --git a/doc/forum/property_combinator_ordering/comment_1_0ea2186b5cfa7eadaf38ac2e97fc4a2c._comment b/doc/forum/property_combinator_ordering/comment_1_0ea2186b5cfa7eadaf38ac2e97fc4a2c._comment
new file mode 100644
index 00000000..c41abd90
--- /dev/null
+++ b/doc/forum/property_combinator_ordering/comment_1_0ea2186b5cfa7eadaf38ac2e97fc4a2c._comment
@@ -0,0 +1,31 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-12-01T15:53:11Z"
+ content="""
+I think that should behave intuitively, but of course if you're unsure
+of this kind of thing, adding parens is a good way to disambiguate the
+code.
+
+ (f `File.hasContent` cfg `onChange` update)
+ `requires` File.dirExists confDir
+
+Written that way, it's explicit that the parenthesized part runs
+together as one action.
+
+Or, we can do a quick test in ghci:
+
+ joey@darkstar:~/src/propellor/src#joeyconfig>ghci Propellor.hs Propellor/Property.hs
+ *Propellor> let f1 = property "hasContent" (liftIO (print "f1") >> return MadeChange)
+ *Propellor> let f2 = property "update" (liftIO (print "f2") >> return MadeChange)
+ *Propellor> let f3 = property "dirExists" (liftIO (print "f3") >> return MadeChange)
+ *Propellor> runPropellor (Host "foo" [] mempty) $ ensureProperty $ f1 `onChange` f2 `requires` f3
+ "dirExists"
+ "hasContent"
+ "update"
+ MadeChange
+
+So, yes, it's behaving as it should, first ensuring that the `requires`
+property is met, and then running the main property, and since it made a
+change, following up by running the `onChange` property.
+"""]]
diff --git a/doc/forum/running_propellor_as_a_library.mdwn b/doc/forum/running_propellor_as_a_library.mdwn
new file mode 100644
index 00000000..a6945308
--- /dev/null
+++ b/doc/forum/running_propellor_as_a_library.mdwn
@@ -0,0 +1,4 @@
+I would like to define my propellor configuration using propellor as a library dependency, which removes the need to fork source repo, merge...
+I encounter an issue when trying to use propellor in that way: Everything under `Utility/` is not exported by the propellor, so cannot be used from my own properties. This is annoying because there are interesting things to build properties, like running processes...
+
+Would you consider exposing those modules, maybe through some other module like `Propellor.Utility` ?
diff --git a/doc/forum/running_propellor_as_a_library/comment_1_a7b8279508cd68e8cfbba238178a7643._comment b/doc/forum/running_propellor_as_a_library/comment_1_a7b8279508cd68e8cfbba238178a7643._comment
new file mode 100644
index 00000000..10188525
--- /dev/null
+++ b/doc/forum/running_propellor_as_a_library/comment_1_a7b8279508cd68e8cfbba238178a7643._comment
@@ -0,0 +1,49 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-05-27T15:24:07Z"
+ content="""
+The Utility.* modules are shared amoung several of my projects (git-annex,
+propeller, github-backup, ..), but I'm not really happy enough with them to
+make them a proper haskell library.
+
+For one thing, there's no unifying principle; it's just whatever bits of
+code I happened to write that were refactorable out of the main program. I
+don't want to end up with another MissingH like tarball library here.
+
+And for another thing, I don't think I want to commit to api stability, or
+even api versioning for all of that stuff.
+
+Some parts of it, I'm somewhat happier with, and hope to eventually break
+out into proper haskell libraries. For example, Utility.Scheduled is pretty
+good (and mostly re-exported from Propellor.Property.Scheduled anyway).
+
+OTOH, Utility.Process .. not happy with that at all from a design POV.
+I'd recommend you just use System.Process, or
+[Data.Streaming.Process](http://hackage.haskell.org/package/streaming-commons-0.1.12/docs/Data-Streaming-Process.html).
+Although there is the problem that `PROPELLOR_DEBUG` relies on
+Utility.Process adding calls to debugging functions, so you'd need to do that
+by hand.
+
+Maybe what makes sense is for some part of propellor to re-export qualified
+subsets of `Utility.*`, on a case-by-case basis as users find need for them.
+I counted the Utility imports inside Propellor.Property, they are:
+
+ 17 import Utility.SafeCommand
+ 8 import Utility.FileMode
+ 2 import Utility.Path
+ 2 import Utility.Env
+ 2 import Utility.DataUnits
+ 1 import Utility.ThreadScheduler
+ 1 import Utility.Scheduled
+ 1 import Utility.FileSystemEncoding
+ 1 import Utility.Applicative
+
+So, I'm inclined to have Propellor.Property.Cmd re-export Utility.SafeCommand,
+and leave it at that for now. It makes sense that propellor export a primitive
+that runs a command to a Bool, does any requested debug output, for use by the
+many Properties that involve running commands.
+
+(If you want to break out some part of Utility into a separate library
+and maintain it, I'd be ok with that too.)
+"""]]
diff --git a/doc/forum/running_propellor_as_a_library/comment_2_1174504655ffaf7ebc507e915cc26c84._comment b/doc/forum/running_propellor_as_a_library/comment_2_1174504655ffaf7ebc507e915cc26c84._comment
new file mode 100644
index 00000000..dd019d9d
--- /dev/null
+++ b/doc/forum/running_propellor_as_a_library/comment_2_1174504655ffaf7ebc507e915cc26c84._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2015-05-27T16:40:29Z"
+ content="""
+Ok, I've made Propellor.Property.Cmd export most of Utility.SafeCommand.
+"""]]
diff --git a/doc/forum/running_propellor_as_a_library/comment_3_3e3961587228eb030ff8f704c71b00a5._comment b/doc/forum/running_propellor_as_a_library/comment_3_3e3961587228eb030ff8f704c71b00a5._comment
new file mode 100644
index 00000000..17f04c3b
--- /dev/null
+++ b/doc/forum/running_propellor_as_a_library/comment_3_3e3961587228eb030ff8f704c71b00a5._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="arnaud.oqube@c9b8c7ea33f1dea0b7a5485b86825c5bfa9efbf7"
+ nickname="arnaud.oqube"
+ subject="Thanks"
+ date="2015-05-27T19:05:19Z"
+ content="""
+... a lot for your reactivity! Actually that's fine because we use mostly `boolSystem` from `Utility.SafeCommand`. We also use `transcript` to retrieve output of a process. So you say it is better to use directly `System.Process` ?
+"""]]
diff --git a/doc/forum/running_propellor_as_a_library/comment_4_c5ec270ca7cb1b6ae66cd7b9dc4e4aac._comment b/doc/forum/running_propellor_as_a_library/comment_4_c5ec270ca7cb1b6ae66cd7b9dc4e4aac._comment
new file mode 100644
index 00000000..18b44482
--- /dev/null
+++ b/doc/forum/running_propellor_as_a_library/comment_4_c5ec270ca7cb1b6ae66cd7b9dc4e4aac._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 4"""
+ date="2015-05-30T15:06:06Z"
+ content="""
+I have made Propellor.Property.Cmd re-export the wrapped createProcess
+that does debug logging.
+
+I can see how processTranscript would be useful. I'm on the fence about
+re-exporting that one.
+"""]]
diff --git a/doc/forum/trying_to_--spin_to_a_sid+experimental_machine.mdwn b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine.mdwn
new file mode 100644
index 00000000..1fde595c
--- /dev/null
+++ b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine.mdwn
@@ -0,0 +1,290 @@
+I'm trying to get propellor running, and for now, I'd prefer
+to not use a central git repo, according to what I have read
+
+```
+ propellor --spin host
+```
+
+should do just that: not use git.
+
+So I have cabal installed propellor locally, and
+in addition cloned
+
+```
+ git clone git://propellor.branchable.com/ .propellor
+```
+
+in my $HOME
+
+My local machine (from where I run propellor) runs debian testing, the
+machine I want to spin to: softland, debian unstable+experimental,
+ie. unstable in general + all things ghc from experimental, to get ghc
+7.8.4 (but not any more than that from experimental).
+
+was not sure, what the right propellor config would be in that case:
+
+```
+& os (System (Debian Experimental) "amd64")
+```
+which I have used, or
+
+```
+ & os (System (Debian Unstable) "amd64")
+```
+because in general I want Unstable
+
+
+First thing I notice, when running
+
+
+```
+$ propellor --spin softland
+```
+
+propellor nevertheless tries to git push (but fails, obviously,
+somewhere down in propellors output):
+
+```
+...
+Building propellor-2.2.1...
+Preprocessing library propellor-2.2.1...
+In-place registering propellor-2.2.1...
+Preprocessing executable 'propellor' for propellor-2.2.1...
+Preprocessing executable 'propellor-config' for propellor-2.2.1...
+Propellor build ... done
+[master 8ca2715] propellor spin
+Git commit ... done
+Counting objects: 10, done.
+Delta compression using up to 2 threads.
+Compressing objects: 100% (8/8), done.
+Writing objects: 100% (10/10), 913 bytes | 0 bytes/s, done.
+Total 10 (delta 6), reused 0 (delta 0)
+remote: you are not allowed to change config.hs
+To git://propellor.branchable.com/
+ ! [remote rejected] master -> master (pre-receive hook declined)
+error: failed to push some refs to 'git://propellor.branchable.com/'
+Push to central git repository ... failed
+Stop listening request sent.
+Hit http://ftp.uk.debian.org sid InRelease
+Hit http://ftp.uk.debian.org experimental InRelease
+Get:1 http://ftp.uk.debian.org sid/main amd64 Packages/DiffIndex [7,876 B]
+...
+```
+
+Note in particular the lines:
+
+```
+ To git://propellor.branchable.com/
+ ! [remote rejected] master -> master (pre-receive hook declined)
+ error: failed to push some refs to 'git://propellor.branchable.com/'
+ Push to central git repository ... failed
+```
+
+Shouldn't propellor be completely quiet about git /
+not try to push at all?
+
+OK, never mind, let's see what's next: some long
+output, propellor finally fails, I assume it's because
+of my sid+experimental configuration?
+
+
+```
+Stop listening request sent.
+Hit http://ftp.uk.debian.org sid InRelease
+Hit http://ftp.uk.debian.org experimental InRelease
+Get:1 http://ftp.uk.debian.org sid/main amd64 Packages/DiffIndex [7,876 B]
+Get:2 http://ftp.uk.debian.org sid/contrib amd64 Packages/DiffIndex [7,819 B]
+Get:3 http://ftp.uk.debian.org sid/non-free amd64 Packages/DiffIndex [7,819 B]
+Get:4 http://ftp.uk.debian.org sid/contrib Translation-en/DiffIndex [7,819 B]
+Get:5 http://ftp.uk.debian.org sid/main Translation-en/DiffIndex [7,876 B]
+Get:6 http://ftp.uk.debian.org sid/non-free Translation-en/DiffIndex [7,819 B]
+Get:7 http://ftp.uk.debian.org sid/main Sources [7,633 kB]
+Get:8 http://ftp.uk.debian.org sid/contrib Sources [57.1 kB]
+Get:9 http://ftp.uk.debian.org sid/non-free Sources [105 kB]
+Get:10 http://ftp.uk.debian.org experimental/main Sources/DiffIndex [7,819 B]
+Get:11 http://ftp.uk.debian.org experimental/contrib Sources/DiffIndex [7,819 B]
+Get:12 http://ftp.uk.debian.org experimental/non-free Sources/DiffIndex [7,819 B]
+Get:13 http://ftp.uk.debian.org experimental/main amd64 Packages/DiffIndex [7,819 B]
+Get:14 http://ftp.uk.debian.org experimental/contrib amd64 Packages/DiffIndex [7,819 B]
+Get:15 http://ftp.uk.debian.org experimental/contrib Translation-en/DiffIndex [7,819 B]
+Get:16 http://ftp.uk.debian.org experimental/main Translation-en/DiffIndex [7,819 B]
+Fetched 7,897 kB in 6s (1,169 kB/s)
+Reading package lists...
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Skipping gnupg, it is already installed and upgrade is not set.
+0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Skipping ghc, it is already installed and upgrade is not set.
+0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Skipping cabal-install, it is already installed and upgrade is not set.
+0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Skipping libghc-async-dev, it is already installed and upgrade is not set.
+0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Some packages could not be installed. This may mean that you have
+requested an impossible situation or if you are using the unstable
+distribution that some required packages have not yet been created
+or been moved out of Incoming.
+The following information may help to resolve the situation:
+The following packages have unmet dependencies:
+ libghc-missingh-dev : Depends: libghc-hunit-dev-1.2.5.2-6e02e
+ Depends: libghc-array-dev-0.4.0.1-3b784
+ Depends: libghc-base-dev-4.6.0.1-8aa5d
+ Depends: libghc-containers-dev-0.5.0.0-ab1da
+ Depends: libghc-directory-dev-1.2.0.1-91a78
+ Depends: libghc-filepath-dev-1.3.0.1-b12cb
+ Depends: libghc-hslogger-dev-1.2.1-028cc
+ Depends: libghc-mtl-dev-2.1.2-94c72
+ Depends: libghc-network-dev-2.4.1.2-040ce
+ Depends: libghc-old-locale-dev-1.0.0.5-6729c
+ Depends: libghc-old-time-dev-1.1.0.1-2f8ea
+ Depends: libghc-parsec-dev-3.1.3-6c6e2
+ Depends: libghc-process-dev-1.1.0.2-76e05
+ Depends: libghc-random-dev-1.0.1.1-43fdc
+ Depends: libghc-regex-compat-dev-0.95.1-121c7
+ Depends: libghc-time-dev-1.4.0.1-10dc4
+ Depends: libghc-unix-dev-2.6.0.1-4f219
+E: Unable to correct problems, you have held broken packages.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Some packages could not be installed. This may mean that you have
+requested an impossible situation or if you are using the unstable
+distribution that some required packages have not yet been created
+or been moved out of Incoming.
+The following information may help to resolve the situation:
+The following packages have unmet dependencies:
+ libghc-hslogger-dev : Depends: libghc-base-dev-4.6.0.1-8aa5d
+ Depends: libghc-containers-dev-0.5.0.0-ab1da
+ Depends: libghc-directory-dev-1.2.0.1-91a78
+ Depends: libghc-mtl-dev-2.1.2-94c72
+ Depends: libghc-network-dev-2.4.1.2-040ce
+ Depends: libghc-old-locale-dev-1.0.0.5-6729c
+ Depends: libghc-process-dev-1.1.0.2-76e05
+ Depends: libghc-time-dev-1.4.0.1-10dc4
+ Depends: libghc-unix-dev-2.6.0.1-4f219
+E: Unable to correct problems, you have held broken packages.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Some packages could not be installed. This may mean that you have
+requested an impossible situation or if you are using the unstable
+distribution that some required packages have not yet been created
+or been moved out of Incoming.
+The following information may help to resolve the situation:
+The following packages have unmet dependencies:
+ libghc-unix-compat-dev : Depends: libghc-base-dev-4.6.0.1-8aa5d
+ Depends: libghc-unix-dev-2.6.0.1-4f219
+E: Unable to correct problems, you have held broken packages.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Skipping libghc-ansi-terminal-dev, it is already installed and upgrade is not set.
+0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Some packages could not be installed. This may mean that you have
+requested an impossible situation or if you are using the unstable
+distribution that some required packages have not yet been created
+or been moved out of Incoming.
+The following information may help to resolve the situation:
+The following packages have unmet dependencies:
+ libghc-ifelse-dev : Depends: libghc-base-dev-4.6.0.1-8aa5d
+E: Unable to correct problems, you have held broken packages.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Skipping libghc-network-dev, it is already installed and upgrade is not set.
+0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Skipping libghc-quickcheck2-dev, it is already installed and upgrade is not set.
+0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Skipping libghc-mtl-dev, it is already installed and upgrade is not set.
+0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Some packages could not be installed. This may mean that you have
+requested an impossible situation or if you are using the unstable
+distribution that some required packages have not yet been created
+or been moved out of Incoming.
+The following information may help to resolve the situation:
+The following packages have unmet dependencies:
+ libghc-monadcatchio-transformers-dev : Depends: libghc-base-dev-4.6.0.1-8aa5d
+ Depends: libghc-extensible-exceptions-dev-0.1.1.4-255a3
+ Depends: libghc-monads-tf-dev-0.1.0.2-731f0
+ Depends: libghc-transformers-dev-0.3.0.0-ff2bb
+E: Unable to correct problems, you have held broken packages.
+Downloading the latest package list from hackage.haskell.org
+Skipping download: Local and remote files match.
+Resolving dependencies...
+All the requested packages are already installed:
+Use --reinstall if you want to reinstall anyway.
+Resolving dependencies...
+Configuring propellor-2.2.1...
+Building propellor-2.2.1...
+Preprocessing library propellor-2.2.1...
+In-place registering propellor-2.2.1...
+Preprocessing executable 'propellor' for propellor-2.2.1...
+Preprocessing excaecutable 'propellor-bal: can't find source for configconf in src
+ig' for propellor-2.2.1...
+propellor: user error (ssh ["-o","ControlPath=/home/rx/.ssh/propellor/softland.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@softland","sh -c 'if [ ! -d /usr/local/propellor/.git ] ; then (if ! git --version >/dev/null; then apt-get update && apt-get --no-install-recommends --no-upgrade -y install git; fi && echo STATUSNeedGitClone) || echo STATUSNeedPrecompiled ; else cd /usr/local/propellor && if ! test -x ./propellor; then ( apt-get update ; apt-get --no-upgrade --no-install-recommends -y install gnupg ; apt-get --no-upgrade --no-install-recommends -y install ghc ; apt-get --no-upgrade --no-install-recommends -y install cabal-install ; apt-get --no-upgrade --no-install-recommends -y install libghc-async-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-missingh-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-hslogger-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-unix-compat-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-ansi-terminal-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-ifelse-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-network-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-quickcheck2-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-mtl-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-monadcatchio-transformers-dev ; cabal update ; cabal install --only-dependencies ) || true && cabal configure && cabal build && ln -sf dist/build/propellor-config/propellor-config propellor; fi && ./propellor --boot softland ; fi'"] exited 1)
+rx@varenne ~/work/propellor $
+```
+
+I should add, that I have tried to --spin to another
+machine, and ... finally got that working:
+
+
+```
+ , host "laptop"
+ & os (System (Debian Testing) "amd64")
+```
+
+Not sure, if I need more than that, want to keep it to the
+minimum first, anyway:
+
+
+```
+ propellor --spin laptop
+```
+
+this works, yeah - sorry for the noise, above - but still I get
+
+
+```
+Git commit ... done
+To git://propellor.branchable.com/
+ ! [rejected] master -> master (fetch first)
+error: failed to push some refs to 'git://propellor.branchable.com/'
+hint: Updates were rejected because the remote contains work that you do
+hint: not have locally. This is usually caused by another repository pushing
+hint: to the same ref. You may want to first integrate the remote changes
+hint: (e.g., 'git pull ...') before pushing again.
+hint: See the 'Note about fast-forwards' in 'git push --help' for details.
+Push to central git repository ... failed
+```
+
+Possible to turn off these git push attempts?
+
+
+Thanks,
+ Andreas
diff --git a/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_1_df7ac45d7e576e8d73a8665521dbd6e0._comment b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_1_df7ac45d7e576e8d73a8665521dbd6e0._comment
new file mode 100644
index 00000000..cfe1750a
--- /dev/null
+++ b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_1_df7ac45d7e576e8d73a8665521dbd6e0._comment
@@ -0,0 +1,29 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawm-czsfuWENKQ0GI8l0gnGTeF1JEli1mA0"
+ nickname="Andreas"
+ subject="finally got it working"
+ date="2015-03-27T05:15:26Z"
+ content="""
+can spin to softland, my sid+experimental host now.
+
+with recent git://propellor.branchable.com/ updates
+and have used:
+
+```
+ & os (System (Debian Experimental) \"amd64\")
+```
+
+so sorry for the noise, still not sure about:
+
+* how to express my installation properly:
+ mostly unstable, ghc stuff from experimental
+
+* how to turn off the git push to branchable attempts
+ when just spinning to one of my mashines:
+ have set now:
+ ```
+ git branch --unset-upstream
+ ```
+ which shortcuts these attempts at least.
+
+"""]]
diff --git a/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_2_8600d257d92f786f2fcf0d4934f727d5._comment b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_2_8600d257d92f786f2fcf0d4934f727d5._comment
new file mode 100644
index 00000000..51c3fc53
--- /dev/null
+++ b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_2_8600d257d92f786f2fcf0d4934f727d5._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2015-03-30T23:22:17Z"
+ content="""
+Pushing to origin is needed when using propellor in the central git
+repository deployment mode. So it makes sense for --spin to try to push.
+If that push fails for some reason, it's not a fatal error, since propellor
+--spin also does peer-to-peer pushes.
+
+I don't think I want to get into trying to determine if a particular origin
+repo url is read-only or read-write. It can be hard to tell with eg
+a https url.
+
+Why don't you just `git remote rename origin upstream`? If the remote
+is not called origin, propellor will ignore it.
+"""]]
diff --git a/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_3_f1ca62944fe0303db6f1dc0916e8c967._comment b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_3_f1ca62944fe0303db6f1dc0916e8c967._comment
new file mode 100644
index 00000000..ed34d6a7
--- /dev/null
+++ b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_3_f1ca62944fe0303db6f1dc0916e8c967._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2015-03-30T23:26:38Z"
+ content="""
+As to a mixed unstable/experimental machine, such a machine has a Property
+of having somepackage installed from experimental. One way to represent
+that is by defining a property:
+
+installedFromExperimental :: [Package] -> Property NoInfo
+installedFromExperimental = Apt.installed' ["-y", "-texperimental"]
+
+"""]]
diff --git a/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_4_d0d946df7455d079af9bc331da6fac55._comment b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_4_d0d946df7455d079af9bc331da6fac55._comment
new file mode 100644
index 00000000..72b21450
--- /dev/null
+++ b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_4_d0d946df7455d079af9bc331da6fac55._comment
@@ -0,0 +1,16 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawm-czsfuWENKQ0GI8l0gnGTeF1JEli1mA0"
+ nickname="Andreas"
+ subject="thanks a lot"
+ date="2015-04-06T21:11:46Z"
+ content="""
+thanks for your your commments (both of them),
+and fair enough: have just renamed my origin remote to upstream,
+will try your installedFromExperimental suggestion next.
+
+
+I will have more questions about propellor,
+but aske them in a different thread
+(as they are not really about installation)
+
+"""]]
diff --git a/doc/haskell_newbie.mdwn b/doc/haskell_newbie.mdwn
index 24839b12..ec42629c 100644
--- a/doc/haskell_newbie.mdwn
+++ b/doc/haskell_newbie.mdwn
@@ -114,7 +114,8 @@ That's really all there is to configuring Propellor. Once you
have a `config.hs` ready to try out, you can run `propellor --spin $host`
on one of the hosts configured in it.
-See the [[README]] for a further quick start.
+See the [[README]] for a further quick start and [[Writing Properties]]
+for guidance on extending propellor with your own custom properties.
(If you'd like to learn a little Haskell after all, check out
[Learn You a Haskell for Great Good](http://learnyouahaskell.com/).)
diff --git a/doc/news/propellor_demo.mdwn b/doc/news/propellor_demo.mdwn
new file mode 100644
index 00000000..362f56e6
--- /dev/null
+++ b/doc/news/propellor_demo.mdwn
@@ -0,0 +1,8 @@
+A quick demo of propellor.
+
+<video controls src="http://downloads.kitenet.net/talks/propellor_demo/propellor_demo.webm"></video>
+
+[video](http://downloads.kitenet.net/talks/propellor_demo/propellor_demo.webm)
+
+(Audio quality is clipped/fast in places, unfortunately this was a problem
+with the source recording.)
diff --git a/doc/news/version_2.4.0.mdwn b/doc/news/version_2.4.0.mdwn
new file mode 100644
index 00000000..ba66b462
--- /dev/null
+++ b/doc/news/version_2.4.0.mdwn
@@ -0,0 +1,13 @@
+propellor 2.4.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * Propellor no longer supports Debian wheezy (oldstable).
+ * Git.bareRepo: Fix bug in calls to userScriptProperty.
+ Thanks, Jelmer Vernooij.
+ * Removed Obnam.latestVersion which was only needed for Debian wheezy
+ backport.
+ * Merged Utility changes from git-annex.
+ * Switched from MonadCatchIO-transformers to the newer transformers and
+ exceptions libraries.
+ * Ensure build deps are installed before building propellor in --spin
+ and cron job, even if propellor was already built before, to deal with
+ upgrades that add new dependencies."""]] \ No newline at end of file
diff --git a/doc/news/version_2.5.0.mdwn b/doc/news/version_2.5.0.mdwn
new file mode 100644
index 00000000..5c481d0e
--- /dev/null
+++ b/doc/news/version_2.5.0.mdwn
@@ -0,0 +1,28 @@
+propellor 2.5.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * cmdProperty' renamed to cmdPropertyEnv to make way for a new,
+ more generic cmdProperty' (API change)
+ * Add docker image related properties.
+ Thanks, Antoine Eiche.
+ * Export CommandParam, boolSystem, safeSystem, shellEscape, and
+ * createProcess from Propellor.Property.Cmd, so they are available
+ for use in constricting your own Properties when using propellor
+ as a library.
+ * Improve enter-machine scripts for systemd-nspawn containers to unset most
+ environment variables.
+ * Fix Postfix.satellite bug; the default relayhost was set to the
+ domain, not to smtp.domain as documented.
+ * Mount /proc inside a chroot before provisioning it, to work around #787227
+ * --spin now works when given a short hostname that only resolves to an
+ ipv6 address.
+ * Added publish property for systemd-spawn containers, for port publishing.
+ (Needs systemd version 220.)
+ * Added bind and bindRo properties for systemd-spawn containers.
+ * Firewall: Port was changed to a newtype, and the Port and PortRange
+ constructors of Rules were changed to DPort and DportRange, respectively.
+ (API change)
+ * Docker: volume and publish accept Bound FilePath and Bound Port,
+ respectively. They also continue to accept Strings, for backwards
+ compatibility.
+ * Docker: Added environment property.
+ Thanks Antoine Eiche."""]] \ No newline at end of file
diff --git a/doc/news/version_2.6.0.mdwn b/doc/news/version_2.6.0.mdwn
new file mode 100644
index 00000000..4cd360f4
--- /dev/null
+++ b/doc/news/version_2.6.0.mdwn
@@ -0,0 +1,10 @@
+propellor 2.6.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * Replace String type synonym Docker.Image by a data type
+ which allows to specify an image name and an optional tag. (API change)
+ Thanks, Antoine Eiche.
+ * Added --unset to delete a privdata field.
+ * Version dependency on exceptions.
+ * Systemd: Add masked property.
+ Thanks, Sean Whitton
+ * Fix make install target to work even when git is not configured."""]] \ No newline at end of file
diff --git a/doc/news/version_2.7.0.mdwn b/doc/news/version_2.7.0.mdwn
new file mode 100644
index 00000000..a7e840d8
--- /dev/null
+++ b/doc/news/version_2.7.0.mdwn
@@ -0,0 +1,13 @@
+propellor 2.7.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * Ssh.permitRootLogin type changed to allow configuring WithoutPassword
+ and ForcedCommandsOnly (API change)
+ * setSshdConfig type changed, and setSshdConfigBool added with old type.
+ * Fix a bug in shim generation code for docker and chroots, that
+ sometimes prevented deployment of docker containers.
+ * Added onChangeFlagOnFail which is often a safer alternative to
+ onChange.
+ Thanks, Antoine Eiche.
+ * Work around broken git pull option parser in git 2.5.0,
+ which broke use of --upload-pack to send a git push when running
+ propellor --spin."""]] \ No newline at end of file
diff --git a/doc/news/version_2.7.1.mdwn b/doc/news/version_2.7.1.mdwn
new file mode 100644
index 00000000..43209b59
--- /dev/null
+++ b/doc/news/version_2.7.1.mdwn
@@ -0,0 +1,5 @@
+propellor 2.7.1 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * Make sure that make is installed when bootstrapping propellor.
+ * Fix bug in Firewall's Port datatype to iptable parameter translation code.
+ Thanks, Antoine Eiche."""]] \ No newline at end of file
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 12ae18de..831b2b41 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -29,7 +29,7 @@ in cleartext private data such as passwords, ssh private keys, etc.
Instead, `propellor --spin $host` looks for a
`~/.propellor/privdata/privdata.gpg` file and if found decrypts it,
-extracts the private that that the $host needs, and sends it to to the
+extracts the private data that the $host needs, and sends it to to the
$host using ssh. This lets a host know its own private data, without
seeing all the rest.
diff --git a/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment
new file mode 100644
index 00000000..4ed9ecdb
--- /dev/null
+++ b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Is it ok to publish to a public repository?"
+ date="2014-08-29T21:13:19Z"
+ content="""
+It is not clear to me whether or not it is safe to publish my own propellor repository to a publicly hosted service. It seems to me that when I do ./propellor --add-key MYKEYID, the private key data is stored in the repository as a commit, so pushing it exposes this data to the public. Am I wrong?
+
+Thanks
+"""]]
diff --git a/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment
new file mode 100644
index 00000000..4d209b03
--- /dev/null
+++ b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ ip="131.252.200.111"
+ subject="comment 2"
+ date="2014-08-29T21:52:02Z"
+ content="""
+--add-key puts your **public** key in the repository, not the private key.
+"""]]
diff --git a/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment
new file mode 100644
index 00000000..4d75842d
--- /dev/null
+++ b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Remote host fails to connect"
+ date="2014-08-30T06:40:33Z"
+ content="""
+Makes sense of course, but the message one gets when doing that is a bit misleading.
+
+I ran into another issue: propellor deploys itself to remote host, but then the propellor instance run on remote host cannot read the remote git repo, because:
+
+1. the host key is not initially present in root's known_hosts, then
+2. the user's (root) public key is unknown to the remote git repo, in my case bitbucket.org, and the URL used is git@bitbucket.org:abailly/capital-match-infra.git which implies connection goes through SSH
+
+I am puzzled: Does this mean I should add some for use by the remote host deployed to? This does not make sense so there should be another way... If I change the origin url to use https, then I cannot push locally anymore.
+
+Thanks for your help
+"""]]
diff --git a/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment
new file mode 100644
index 00000000..b2ac4d57
--- /dev/null
+++ b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment
@@ -0,0 +1,22 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Output from propellor --spin $host"
+ date="2014-08-30T07:17:52Z"
+ content="""
+Here is the output (truncated):
+
+
+ Permission denied (publickey).
+ fatal: Could not read from remote repository.
+
+ Please make sure you have the correct access rights
+ and the repository exists.
+ Git fetch ... failed
+ fatal: ambiguous argument 'origin/master': unknown revision or path not in the working tree.
+ Use '--' to separate paths from revisions, like this:
+ 'git <command> [<revision>...] -- [<file>...]'
+ propellor: user error (git [\"log\",\"-n\",\"1\",\"--format=%G?\",\"origin/master\"] exited 128)
+
+
+"""]]
diff --git a/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment
new file mode 100644
index 00000000..cc26f42d
--- /dev/null
+++ b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Got it working..."
+ date="2014-08-31T12:50:17Z"
+ content="""
+OK, I manage to get my first propellor config run fine by setting different branch.master.url and branch.master.pushUrl configurations:
+
+* Use a https:// based url for the first
+* Use a git:// based url for the second
+
+I had to nuke the remote /usr/local/propellor directory because it still had wrong configuration with a single remote url.
+"""]]
diff --git a/doc/security/comment_6_e5f2fdced08fb823efed35684110a840._comment b/doc/security/comment_6_e5f2fdced08fb823efed35684110a840._comment
new file mode 100644
index 00000000..be8ac7f9
--- /dev/null
+++ b/doc/security/comment_6_e5f2fdced08fb823efed35684110a840._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 6"""
+ date="2014-11-19T01:35:59Z"
+ content="""
+@Arnaud, see [[centralized_repository]], including its documentation of a
+"deploy" remote, which can be used to configure the url that remote hosts
+should pull from.
+
+Also, propellor can be used now without any centralized repository.
+"""]]
diff --git a/doc/security/comment_7_ebbb6f3617c879715a35900a07ea1909._comment b/doc/security/comment_7_ebbb6f3617c879715a35900a07ea1909._comment
new file mode 100644
index 00000000..e9d20642
--- /dev/null
+++ b/doc/security/comment_7_ebbb6f3617c879715a35900a07ea1909._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawkgUir7k_amh9RFp4D3QutX1fGh_nd7ko4"
+ nickname="Philipp"
+ subject="Passwords in PrivData"
+ date="2014-12-13T18:25:23Z"
+ content="""
+I wonder if there could be a shortcut in PrivData handling that hashes the input with crypt() instead of passing it raw to a machine. For instance passwords are stored in plain on the target machines, while this is not required to set the password in shadow: the hash would suffice. I think this page should at least spell out that fact.
+"""]]
diff --git a/doc/todo/Bug_in_Property.Ssh.authorizedKey.mdwn b/doc/todo/Bug_in_Property.Ssh.authorizedKey.mdwn
new file mode 100644
index 00000000..7a59fc20
--- /dev/null
+++ b/doc/todo/Bug_in_Property.Ssh.authorizedKey.mdwn
@@ -0,0 +1,8 @@
+If Ssh.authorizedKey in propellor 2.0.0 is used to create .ssh/authorized_keys for
+a user other than root, it will be owned by root:root and won't
+work for the user. Adding a key to an existing authorized_keys
+file doesn't change its ownership and therefore works fine.
+
+-- weinzwang
+
+> Thanks, [[fixed|done]] this and will make a release.
diff --git a/doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties.mdwn b/doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties.mdwn
new file mode 100644
index 00000000..57cbc343
--- /dev/null
+++ b/doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties.mdwn
@@ -0,0 +1,25 @@
+# `File.containsConfPair` property
+
+A property to set `key = value` pairs under particular `[sections]` in config files. For example, in stock Debian Jessie `/etc/lightdm/lightdm.conf` contains the lines
+
+ [SeatDefaults]
+ #autologin-user=
+
+With the property
+
+ "/etc/lightdm/lightdm.conf" `File.containsConfPair` ("SeatDefaults", "autologin-user", "swhitton")
+
+this will get set to
+
+ [SeatDefaults]
+ autologin-user=swhitton
+
+# `LightDM.autoLogin` property
+
+An application of `File.containsConfPair` to edit `/etc/lightdm/lightdm.conf` to enable autologin for a specified user: a property encapsulating the above example.
+
+# Patches
+
+Please see the two commits in branch `confpairs` in the repo at `git@github.com:spwhitton/propellor.git`.
+
+> [[merged|done]] --[[Joey]]
diff --git a/doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_1_c8240ba3abf5cf458eba8ed7e31eaccf._comment b/doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_1_c8240ba3abf5cf458eba8ed7e31eaccf._comment
new file mode 100644
index 00000000..a5a2b80c
--- /dev/null
+++ b/doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_1_c8240ba3abf5cf458eba8ed7e31eaccf._comment
@@ -0,0 +1,25 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-08-04T14:23:33Z"
+ content="""
+Thanks for submitting these patches!
+
+Looking at `containsConfPair`, it assumes an ini-style file,
+so is a little misplaced in Property.File. which is otherwise about generic
+text files.
+
+So, it would probably make sense to move it to a new Property.IniFile
+module.
+
+However, [[forum/parsing_a_config_file]] recently pointed out that
+the tor config file has a similar need. It's not ini format, but
+shares the same basic idea of a "section" line which is followed by
+lines setting things specific to that section.
+
+So, it would be great if `containsConfPair` could be generalized to also
+cover that tor config file use case. I think this would be pretty easy;
+just make it take one string containing the whole section line (including
+square brackets for ini file, or whatever for tor config file), and a
+second string containing the whole setting line.
+"""]]
diff --git a/doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_2_9303138a3be2fb639498737afe60b87d._comment b/doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_2_9303138a3be2fb639498737afe60b87d._comment
new file mode 100644
index 00000000..7b01dd71
--- /dev/null
+++ b/doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_2_9303138a3be2fb639498737afe60b87d._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ subject="comment 2"
+ date="2015-08-05T21:29:04Z"
+ content="""
+Thanks for the input!
+
+I agree that generalising to lines under sections is a good idea, but I don't think it can be as simple as a property taking the full section header and the full settings line. That's because there is a need to update the values of keys under sections: in the example LightDM case, the line `autologin-user=someone` must *replace* any `autologin-user=someone_else`. So the function needs to know the key, not just the whole line.
+
+So to generalise containsConfPair, it might take a section header, key, value and a specification of what kind of config file it is. That specification would be a type containing the comment character, the formatting of section headers and the use of spaces, colons or equals signs between keys and values. What do you think to this?
+"""]]
diff --git a/doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_3_92c583f883fae2b447c1598356efade2._comment b/doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_3_92c583f883fae2b447c1598356efade2._comment
new file mode 100644
index 00000000..a45bc921
--- /dev/null
+++ b/doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_3_92c583f883fae2b447c1598356efade2._comment
@@ -0,0 +1,41 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2015-08-06T14:54:14Z"
+ content="""
+I'd suggest making it take some helper functions.
+
+Something like these:
+
+ type SectionStart = String -> Bool -- ^ find the line that is the start of the wanted section (eg, == "<Foo>")
+ type SectionEnd = String -> Bool -- ^ find a line that is within the section, but that indicates the end of the section (eg == "</Foo>")
+ type SectionPast = String -> Bool -- ^ find a line that indicates we are past the section (eg, a new section header)
+ type AdjustSection = [String] -> [String] -- ^ run on all lines in the section, including the SectionStart line and any SectionEnd line; can add/delete/modify lines, or even delete entire section
+ type InsertSection = [String] -> [String] -- ^ if SectionStart does not find the section in the file, this is used to insert the section somewhere within it
+
+ adjustSection :: SectionStart -> SectionEnd -> AdjustSection -> InsertSection -> FilePath -> Property
+
+Which seems sufficiently generic; it can even be used to delete entire sections!
+
+Let's see..
+
+ iniHeader header = '[':header++"]"
+
+ adjustIniSection :: String -> AdjustSection -> InsertSection -> Property
+ adjustIniSection header = adjustSection
+ (== iniHeader header)
+ (const False)
+ ("[" `isPrefixOf`)
+
+ containsConfPair header key value = adjustIniSection header
+ go
+ (++ [confheader, confline]) -- add missing section at end
+ where
+ confheader = iniHeader header
+ confline = key ++ "=" ++ value
+ go ls = undefined -- TODO find key= line and change it, or add confline
+
+ removeSection header = adjustIniSection header
+ (const []) -- remove all lines of section
+ id -- add no lines if section is missing
+"""]]
diff --git a/doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_4_2049a1ce601ba77f4139f844d0fd91b2._comment b/doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_4_2049a1ce601ba77f4139f844d0fd91b2._comment
new file mode 100644
index 00000000..f4e0921f
--- /dev/null
+++ b/doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_4_2049a1ce601ba77f4139f844d0fd91b2._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ subject="comment 4"
+ date="2015-08-17T00:57:54Z"
+ content="""
+Thanks for the ideas. I've implemented them as a new commit to my confpairs branch. Please take a look.
+
+Two points:
+
+1. I dropped the SectionEnd helper function. My implementation of adjustSection didn't need it and I couldn't think up a case where it would be needed.
+
+2. I'm using a tuple `(section, key, value)` as the second argument to `ConfFile.containsIniPair`, rather than just using four arguments as you suggested. If `ConfFile.containsIniPair` takes four arguments, then it cannot be used infix when attached to other properties with the `&` operator, without using extra brackets.
+"""]]
diff --git a/doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_5_4caff287eb767d481bb7ef87e62c508b._comment b/doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_5_4caff287eb767d481bb7ef87e62c508b._comment
new file mode 100644
index 00000000..40f14ec2
--- /dev/null
+++ b/doc/todo/File.containsConfPair___38___LightDM.autoLogin_properties/comment_5_4caff287eb767d481bb7ef87e62c508b._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 5"""
+ date="2015-08-20T14:37:43Z"
+ content="""
+And merged, thanks.
+
+The SectionEnd would be useful for eg, bind-style or apache-style config
+files. However, those probably need a better parser than this one anyway.
+"""]]
diff --git a/doc/todo/HostingProvider_for_AWS.mdwn b/doc/todo/HostingProvider_for_AWS.mdwn
new file mode 100644
index 00000000..fc381afe
--- /dev/null
+++ b/doc/todo/HostingProvider_for_AWS.mdwn
@@ -0,0 +1 @@
+I'd really love to be able to use propellor to manage my AWS services.
diff --git a/doc/todo/HostingProvider_for_AWS/comment_1_9db50a3f4fef8e10261e3e29dbd90e73._comment b/doc/todo/HostingProvider_for_AWS/comment_1_9db50a3f4fef8e10261e3e29dbd90e73._comment
new file mode 100644
index 00000000..71ded884
--- /dev/null
+++ b/doc/todo/HostingProvider_for_AWS/comment_1_9db50a3f4fef8e10261e3e29dbd90e73._comment
@@ -0,0 +1,22 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-05-14T16:19:00Z"
+ content="""
+So there's something here that propellor doesn't yet have a concept of,
+and that's spinning up a VM. Propellor can deploy itself to an existing VM
+pretty well, but getting the VM running isn't something it tries to do.
+
+I imagine that --spin could be extended to support this though.
+Make a Property like `vm AWS`, which tells propellor that the host
+is a VM, and that the VM is hosted on AWS. Then when you run propellor
+--spin, it could set up the VM if it doesn't exist yet.
+
+I don't use AWS currently, so don't have plans to work on this myself,
+although I think it would be a great direction to move in. Happy to help
+with advice, code review, etc.
+
+<http://hackage.haskell.org/package/aws>
+or <http://hackage.haskell.org/package/amazonka>
+are good haskell libraries for working with AWS.
+"""]]
diff --git a/doc/todo/Manage_DNS_with_Route53.mdwn b/doc/todo/Manage_DNS_with_Route53.mdwn
new file mode 100644
index 00000000..b35a37cb
--- /dev/null
+++ b/doc/todo/Manage_DNS_with_Route53.mdwn
@@ -0,0 +1 @@
+I currently use Route53 to manage the DNS for my service. I'd really like to use Propellor to take care of that for me.
diff --git a/doc/todo/Manage_DNS_with_Route53/comment_1_dfa93678644b72781afda4fdc9d0da31._comment b/doc/todo/Manage_DNS_with_Route53/comment_1_dfa93678644b72781afda4fdc9d0da31._comment
new file mode 100644
index 00000000..8836beaa
--- /dev/null
+++ b/doc/todo/Manage_DNS_with_Route53/comment_1_dfa93678644b72781afda4fdc9d0da31._comment
@@ -0,0 +1,21 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-05-14T16:18:37Z"
+ content="""
+I think this would be great. Patches accepted.
+
+If I were going to implement this, I'd use
+<http://hackage.haskell.org/package/amazonka-route53>
+to write the propellor Property.
+
+A question is, what host would the Property be attached to?
+One way to do it would be to make the property be called something like
+`route53Controller`. So then you pick a host, or hosts, and give them this
+property for a domain, and those hosts then take care of making the
+necessary API calls to route53. Presumably some API keys will be needed
+on those hosts, which can be provided via the privdata.
+
+I'm happy to offer advice on implementation, but don't plan to code this up
+myself, as I'm happily self-hosting my DNS servers.
+"""]]
diff --git a/doc/todo/Manage_DNS_with_Route53/comment_2_a6c1ace47d5387d0b1559266ca124525._comment b/doc/todo/Manage_DNS_with_Route53/comment_2_a6c1ace47d5387d0b1559266ca124525._comment
new file mode 100644
index 00000000..9b5150bf
--- /dev/null
+++ b/doc/todo/Manage_DNS_with_Route53/comment_2_a6c1ace47d5387d0b1559266ca124525._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="https://launchpad.net/~jml"
+ nickname="jml"
+ subject="comment 2"
+ date="2015-05-15T08:53:34Z"
+ content="""
+Glad you think so. I had a very quick poke around and also discovered [aws-ec2](https://hackage.haskell.org/package/aws-ec2) as well as the amazonka package. Any particular reason for preferring amazonka to aws-ec2?
+"""]]
diff --git a/doc/todo/Manage_DNS_with_Route53/comment_3_a521a1b875526d8b65e76f11ed367a36._comment b/doc/todo/Manage_DNS_with_Route53/comment_3_a521a1b875526d8b65e76f11ed367a36._comment
new file mode 100644
index 00000000..00bb6b04
--- /dev/null
+++ b/doc/todo/Manage_DNS_with_Route53/comment_3_a521a1b875526d8b65e76f11ed367a36._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="mithrandi@311efa1b2b5c4999c2edae7da06fb825899e8a82"
+ nickname="mithrandi"
+ subject="comment 3"
+ date="2015-06-08T01:22:14Z"
+ content="""
+aws-ec2 doesn't seem to support Route53, unless I'm missing something.
+"""]]
diff --git a/doc/todo/Propellor.Property.Ssh:_it_should_be_possible_to_call_permitRootLogin_with___34__forced-commands-only__34___and___34__without-password__34__.mdwn b/doc/todo/Propellor.Property.Ssh:_it_should_be_possible_to_call_permitRootLogin_with___34__forced-commands-only__34___and___34__without-password__34__.mdwn
new file mode 100644
index 00000000..f02ff328
--- /dev/null
+++ b/doc/todo/Propellor.Property.Ssh:_it_should_be_possible_to_call_permitRootLogin_with___34__forced-commands-only__34___and___34__without-password__34__.mdwn
@@ -0,0 +1,5 @@
+It should be possible to call Propellor.Property.Ssh.permitRootLogin with "forced-commands-only" and "without-password", in addition to "True" or "False". It requires to change the type of the function (and maybe to create a new datatype?)...
+
+ permitRootLogin :: Bool -> Property NoInfo
+
+> [[done]] --[[Joey]]
diff --git a/doc/todo/Push_2.4.0_to_Hackage.mdwn b/doc/todo/Push_2.4.0_to_Hackage.mdwn
new file mode 100644
index 00000000..a176f416
--- /dev/null
+++ b/doc/todo/Push_2.4.0_to_Hackage.mdwn
@@ -0,0 +1,4 @@
+https://propellor.branchable.com/news/version_2.4.0/ says that version 2.4.0, but as of today, 2.3.0 is the latest version on Hackage: http://hackage.haskell.org/package/propellor
+
+> Seems the upload must have failed and I didn't notice. re-uploaded;
+> [[done]] --[[Joey]]
diff --git a/doc/todo/Wishlist:_User.hasLoginShell.mdwn b/doc/todo/Wishlist:_User.hasLoginShell.mdwn
new file mode 100644
index 00000000..cf8aa73c
--- /dev/null
+++ b/doc/todo/Wishlist:_User.hasLoginShell.mdwn
@@ -0,0 +1,9 @@
+As far as I can tell there is no easy way to set a user's
+login shell. A Property User.hasLoginShell, which ensures
+that a user has a specified login shell and that said shell
+is in /etc/shells would be really helpful. Sadly, I lack the
+skills to put this together myself :(
+
+-- weinzwang
+
+> patched in and so [[done]] --[[Joey]]
diff --git a/doc/todo/Wishlist:_User.hasLoginShell/comment_1_c02e8783b91c3c0326bf1b317be4694f._comment b/doc/todo/Wishlist:_User.hasLoginShell/comment_1_c02e8783b91c3c0326bf1b317be4694f._comment
new file mode 100644
index 00000000..52043406
--- /dev/null
+++ b/doc/todo/Wishlist:_User.hasLoginShell/comment_1_c02e8783b91c3c0326bf1b317be4694f._comment
@@ -0,0 +1,59 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-04-19T16:07:24Z"
+ content="""
+Propellor makes it very easy to put together a property like this.
+
+Let's start with a property that combines the two properties you mentioned:
+
+ hasLoginShell :: UserName -> FilePath -> Property
+ hasLoginShell user shell = shellSetTo user shell `requires` shellEnabled shell
+
+The shellEnabled property can be easily written using propellor's file
+manipulation properties.
+
+ -- Need to add an import to the top of the source file.
+ import qualified Propellor.Property.File as File
+
+ shellEnabled :: FilePath -> Property
+ shellEnabled shell = "/etc/shells" `File.containsLine` shell
+
+And then, we want to actually change the user's shell. The `chsh(1)`
+program can do that, so we can simply tell propellor the command line to
+run:
+
+ shellSetTo :: UserName -> FilePath -> Property
+ shellSetTo user shell = cmdProperty "chsh" ["--shell", shell, user]
+
+The only remaining problem with this is that shellSetTo runs chsh every
+time, and propellor will always display that it's made a change each time
+it runs, even when it didn't really do much. Now, there's an easy way to
+avoid that problem, we could just tell propellor that it's a trivial
+property, and then it will run chsh every time and not think it made any
+change:
+
+ shellSetTo :: UserName -> FilePath -> Property
+ shellSetTo user shell = trivial $
+ cmdProperty "chsh" ["--shell", shell, user]
+
+But, it's not much harder to do this right. Let's make the property
+check if the user's shell is already set to the desired value and avoid
+doing anything in that case.
+
+ shellSetTo :: UserName -> FilePath -> Property
+ shellSetTo user shell = check needchangeshell $
+ cmdProperty "chsh" ["--shell", shell, user]
+ where
+ needchangeshell = do
+ currshell <- userShell <$> getUserEntryForName user
+ return (currshell /= shell)
+
+And that will probably all work, although I've not tested it. You might
+want to throw in some uses of `describe` to give the new properties
+more useful descriptions.
+
+I hope this has been helpful as an explanation of how to add properties to
+Propellor, and if you get these properties to work, a patch adding them
+to Propellor.User would be happily merged.
+"""]]
diff --git a/doc/todo/bytes_in_privData__63__.mdwn b/doc/todo/bytes_in_privData__63__.mdwn
new file mode 100644
index 00000000..27297fd5
--- /dev/null
+++ b/doc/todo/bytes_in_privData__63__.mdwn
@@ -0,0 +1,17 @@
+It seems like I can't set the content of a PrivFile to arbitrary bytes.
+
+ $ propellor --set 'PrivFile "mysecret.key"' 'mycontext' < ~/mysecret.key
+ find . | grep -v /.git/ | grep -v /tmp/ | grep -v /dist/ | grep -v /doc/ | egrep '\.hs$' | xargs hothasktags | perl -ne 'print; s/Propellor\.Property\.//; print' | sort > tags 2>/dev/null || true
+ cabal build
+ Building propellor-2.2.1...
+ Preprocessing library propellor-2.2.1...
+ In-place registering propellor-2.2.1...
+ Preprocessing executable 'propellor' for propellor-2.2.1...
+ Preprocessing executable 'propellor-config' for propellor-2.2.1...
+ [70 of 70] Compiling Main ( src/config.hs, dist/build/propellor-config/propellor-config-tmp/Main.o )
+ Linking dist/build/propellor-config/propellor-config ...
+ ln -sf dist/build/propellor-config/propellor-config propellor
+
+
+ Enter private data on stdin; ctrl-D when done:
+ propellor: <stdin>: hGetContents: invalid argument (invalid byte sequence)
diff --git a/doc/todo/bytes_in_privData__63__/comment_1_42c107179b091f74ef55aff1fc240c5e._comment b/doc/todo/bytes_in_privData__63__/comment_1_42c107179b091f74ef55aff1fc240c5e._comment
new file mode 100644
index 00000000..5c1508fd
--- /dev/null
+++ b/doc/todo/bytes_in_privData__63__/comment_1_42c107179b091f74ef55aff1fc240c5e._comment
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-04-20T01:04:26Z"
+ content="""
+I imagine that adding `fileEncoding stdin` to setPrivData will fix
+this crash, but I'd expect there are also other problems with encodings
+for privdata that haskell doesn't like. Similar fixes would probably
+be needed in several other places.
+
+Probably cleaner and better to convert
+`PrivData` from a String to a ByteString, and so avoid encodings
+being applied to it. I think this could be done without changing the
+file format; the privdata file uses Read/Show for serialization,
+and happily ByteString uses the same Read/Show format as String does.
+
+So, changing the type and following the compile errors should get you
+there, I think!
+"""]]
diff --git a/doc/todo/bytes_in_privData__63__/comment_2_60f577b476adc6ee1e4f18e11843df90._comment b/doc/todo/bytes_in_privData__63__/comment_2_60f577b476adc6ee1e4f18e11843df90._comment
new file mode 100644
index 00000000..10ff956a
--- /dev/null
+++ b/doc/todo/bytes_in_privData__63__/comment_2_60f577b476adc6ee1e4f18e11843df90._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="gueux"
+ subject="comment 2"
+ date="2015-04-21T12:59:42Z"
+ content="""
+Would you accept a patch converting PrivData from String to ByteString?
+"""]]
diff --git a/doc/todo/bytes_in_privData__63__/comment_3_55f34128de77b7947d32fac71071e033._comment b/doc/todo/bytes_in_privData__63__/comment_3_55f34128de77b7947d32fac71071e033._comment
new file mode 100644
index 00000000..a1c7f62f
--- /dev/null
+++ b/doc/todo/bytes_in_privData__63__/comment_3_55f34128de77b7947d32fac71071e033._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2015-04-21T16:52:06Z"
+ content="""
+Absolutely. Thought that went w/o saying. ;)
+"""]]
diff --git a/doc/todo/bytes_in_privData__63__/comment_4_f34a8f82c7bce7224e4edc59410c741f._comment b/doc/todo/bytes_in_privData__63__/comment_4_f34a8f82c7bce7224e4edc59410c741f._comment
new file mode 100644
index 00000000..bd7a0618
--- /dev/null
+++ b/doc/todo/bytes_in_privData__63__/comment_4_f34a8f82c7bce7224e4edc59410c741f._comment
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="gueux"
+ subject="comment 4"
+ date="2015-04-23T09:21:07Z"
+ content="""
+I tried to do the conversion, but then it started a kind of chain reaction... (PrivData=ByteString to writeFileProtected to Line=ByteString to ... to readProcess to ...) Should I use FilePath=String? ... To be honest, the patch became a lot bigger that what I am comfortable with. :-)
+
+I guess you should have a look at it...
+
+At least, I think there is a type bug in Propellor.Property.File:
+
+ hasPrivContent' :: (IsContext c, IsPrivDataSource s) => (String -> FilePath -> IO ()) -> s -> FilePath -> c -> Property HasInfo
+
+but it should be
+
+ hasPrivContent' :: (IsContext c, IsPrivDataSource s) => (FilePath -> String -> IO ()) -> s -> FilePath -> c -> Property HasInfo
+
+(it is hidden by FilePath = String)
+"""]]
diff --git a/doc/todo/bytes_in_privData__63__/comment_5_f4db6ffad054feb7eb299708fcd7d05c._comment b/doc/todo/bytes_in_privData__63__/comment_5_f4db6ffad054feb7eb299708fcd7d05c._comment
new file mode 100644
index 00000000..45c97b97
--- /dev/null
+++ b/doc/todo/bytes_in_privData__63__/comment_5_f4db6ffad054feb7eb299708fcd7d05c._comment
@@ -0,0 +1,15 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 5"""
+ date="2015-04-23T13:25:50Z"
+ content="""
+Can you put the patch up somewhere? I'll take a look. Might see a way to
+short-curcuit the bytestring before everything becomes one..
+
+One way might be:
+
+ writeFileProtected :: FileContent content => FilePath -> content -> IO ()
+
+Which would also at least partly avoid foot-shooting over which parameter is which.
+(Fixed that type signature.)
+"""]]
diff --git a/doc/todo/bytes_in_privData__63__/comment_6_545e1c26a042b9f8347496a1bfb61548._comment b/doc/todo/bytes_in_privData__63__/comment_6_545e1c26a042b9f8347496a1bfb61548._comment
new file mode 100644
index 00000000..29b07e5c
--- /dev/null
+++ b/doc/todo/bytes_in_privData__63__/comment_6_545e1c26a042b9f8347496a1bfb61548._comment
@@ -0,0 +1,48 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 6"""
+ date="2015-04-28T19:24:12Z"
+ content="""
+I've followed the same path in the wip-bytestring-privdata branch.
+
+It needs to round trip through String anyway to handle Read/Show
+serialization the same as before. I think this is doable without falling
+over on invalid encodings, but it's certianly ugly.
+
+And yeah, changing Line to ByteString and all the other follow-on changes
+just don't seem right. Everything that uses withPrivData would need to deal
+with it being a ByteString, and would need to worry about encoding problems
+when it needed to convert to a String, or Text, or whatever.
+
+So this feels like kicking the can down the road in the wrong direction...
+
+----
+
+Maybe it would be better to handle this by adding a type to wrap up an
+encoded ByteString in the PrivData. Could use base64 or something like
+that for the encoding. Then only consumers of these ByteStrings would be a
+little complicated by needing to unwrap it.
+
+Then it would be handly to give --set, --dump and --edit some
+special handling of fields encoded like that. They could operate on raw
+ByteStrings when handling such fields, and take care of the encoding
+details.
+
+Add a new constructor to PrivDataField for binary files:
+
+ | PrivBinaryFile FilePath
+
+And a function to get the encoder and decoder:
+
+ type Encoder = ByteString -> PrivData
+ type Decoder = PrivData -> ByteString
+
+ privDataEncoding :: PrivDataField -> Maybe (Encoder, Decoder)
+
+Then --set, --dump, and --edit could use that to encode and decode the
+data.
+
+And finally, a `withBinaryPrivData` that uses ByteString.
+
+(Maybe this could be made more type safe though..)
+"""]]
diff --git a/doc/todo/detect_and_use___96__GHC__95__PACKAGE__95__PATH__96__.mdwn b/doc/todo/detect_and_use___96__GHC__95__PACKAGE__95__PATH__96__.mdwn
new file mode 100644
index 00000000..2973e662
--- /dev/null
+++ b/doc/todo/detect_and_use___96__GHC__95__PACKAGE__95__PATH__96__.mdwn
@@ -0,0 +1,9 @@
+Detecting and using `GHC_PACKAGE_PATH` would allow "stack exec" support. This way propellor would be able to be built with
+
+ stack build
+
+and run with
+
+ stack exec -- propellor ...
+
+see [[https://github.com/yesodweb/yesod/issues/1018]] and [[https://github.com/yesodweb/yesod/commit/a7cccf2a7c5df8b26da9ea4fdcb6bac5ab3a3b75]]
diff --git a/doc/todo/detect_and_use___96__GHC__95__PACKAGE__95__PATH__96__/comment_1_892385793c38976d0c446906dd004772._comment b/doc/todo/detect_and_use___96__GHC__95__PACKAGE__95__PATH__96__/comment_1_892385793c38976d0c446906dd004772._comment
new file mode 100644
index 00000000..3154a895
--- /dev/null
+++ b/doc/todo/detect_and_use___96__GHC__95__PACKAGE__95__PATH__96__/comment_1_892385793c38976d0c446906dd004772._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-06-29T20:25:10Z"
+ content="""
+I don't entirely understand this, though
+<https://github.com/haskell/cabal/pull/2270> seems to give some background.
+Patches welcome I suppose, although would't it be better to fix the tooling
+and not things like propellor that just use the tools?
+"""]]
diff --git a/doc/todo/docker_todo_list.mdwn b/doc/todo/docker_todo_list.mdwn
index 72ded426..1321445d 100644
--- a/doc/todo/docker_todo_list.mdwn
+++ b/doc/todo/docker_todo_list.mdwn
@@ -1,5 +1,3 @@
* There is no way for a property of a docker container to require
some property be met outside the container. For example, some servers
need ntp installed for a good date source.
-* The SimpleSh was added before `docker exec` existed, and could probably
- be eliminated by using that.
diff --git a/doc/todo/editor_for_privdata__63__.mdwn b/doc/todo/editor_for_privdata__63__.mdwn
new file mode 100644
index 00000000..8b91338c
--- /dev/null
+++ b/doc/todo/editor_for_privdata__63__.mdwn
@@ -0,0 +1,4 @@
+Would adding a way to call $EDITOR to edit privdata be possible?
+It would make sense for editing data like logcheck files.
+
+> [[done]]
diff --git a/doc/todo/editor_for_privdata__63__/comment_2_4fcbdf36f32ca7cf82593a8992167aff._comment b/doc/todo/editor_for_privdata__63__/comment_2_4fcbdf36f32ca7cf82593a8992167aff._comment
new file mode 100644
index 00000000..bbe93fe3
--- /dev/null
+++ b/doc/todo/editor_for_privdata__63__/comment_2_4fcbdf36f32ca7cf82593a8992167aff._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ subject="comment 2"
+ date="2014-11-11T21:16:09Z"
+ content="""
+Already exists in `propellor --edit`
+
+Documentation patches accepted! :)
+"""]]
diff --git a/doc/todo/etckeeper.mdwn b/doc/todo/etckeeper.mdwn
new file mode 100644
index 00000000..7dc80cef
--- /dev/null
+++ b/doc/todo/etckeeper.mdwn
@@ -0,0 +1 @@
+It would be cool to have an etckeeper module :-).
diff --git a/doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment b/doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment
new file mode 100644
index 00000000..f080f70e
--- /dev/null
+++ b/doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-11-06T15:46:56Z"
+ content="""
+All I've needed for this is `& Apt.installed ["etckeeper"]`
+
+Patches welcome, I suppose.
+"""]]
diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin.mdwn b/doc/todo/fail_if_modification_not_commited_when_using_--spin.mdwn
new file mode 100644
index 00000000..046f4a6f
--- /dev/null
+++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin.mdwn
@@ -0,0 +1,3 @@
+Sometimes I forget to commit a modification, and running "propellor --spin" automatically commits this stuff. It would be better if "propellor --spin" failed (or, even better, warned the user) that there are uncommited changes, and "propellor --spin" would just always add an empty commit.
+
+> --merge added; [[done]] --[[Joey]]
diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_1_7267d62ccc8db44bccb935836536e8a1._comment b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_1_7267d62ccc8db44bccb935836536e8a1._comment
new file mode 100644
index 00000000..19b2fab6
--- /dev/null
+++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_1_7267d62ccc8db44bccb935836536e8a1._comment
@@ -0,0 +1,30 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-11-23T18:41:40Z"
+ content="""
+Letting --spin commit is part of my workflow. It's great when you're just
+changing config.hs to quickly blast out the changes.
+
+Granted, it is not so nice when doing Property development, as changes get
+fragmented across the spins used to test them. I'd be happy to find some
+way to improve that. Perhaps a way could be found to get this structure of
+git commits:
+
+ manual commit------------------------->manual commit--merge
+ \--spin--spin--spin--spin--spin------------/
+
+Where the second manual commit has an identical tree committed as does the
+spin just underneath it, and so the following merge doesn't change any files,
+just grafts the two branches back together.
+
+I guess that could be handled by haing a checkpoint command, that squashes
+all the previous spins since the last checkpoint together into one commit,
+lets the user edit the commit message of that, and the juggles the branches
+into place and creates the merge commit -- which then becomes the new last
+checkpoint.
+
+I'll take patches for such a thing, or more simply a way to configure --spin's
+auto-committing behavior. However, I don't want to change the default
+behavior to not commit.
+"""]]
diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_2_e4d170a14d689bef5d9174b251a4fe6f._comment b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_2_e4d170a14d689bef5d9174b251a4fe6f._comment
new file mode 100644
index 00000000..3e8e5f62
--- /dev/null
+++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_2_e4d170a14d689bef5d9174b251a4fe6f._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="gueux"
+ subject="comment 2"
+ date="2014-11-23T20:23:24Z"
+ content="""
+Your solution seems a lot better :-).
+"""]]
diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_3_c69eaa9c6ae5b07b5c2dd2591de965a3._comment b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_3_c69eaa9c6ae5b07b5c2dd2591de965a3._comment
new file mode 100644
index 00000000..8ad6ab49
--- /dev/null
+++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_3_c69eaa9c6ae5b07b5c2dd2591de965a3._comment
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2014-11-23T21:12:19Z"
+ content="""
+Here's a almost-script to do it, which worked when it did it by hand:
+
+<pre>
+get old-head (git show-ref HEAD -s)
+get curr-branch (refs/heads/master eg)
+find old-commit (look back through git log for the first commit that was not "propellor spin")
+git reset old-commit
+git commit -a # user gets to edit commit message for all the spins and any staged changes here
+git merge -S -s ours old-head
+get current-commit (result of merge)
+git update-ref curr-branch current-commit
+git checkout curr-branch
+</pre>
+"""]]
diff --git a/doc/todo/git_push_over_propellor_ssh_channel.mdwn b/doc/todo/git_push_over_propellor_ssh_channel.mdwn
new file mode 100644
index 00000000..c6d42fcf
--- /dev/null
+++ b/doc/todo/git_push_over_propellor_ssh_channel.mdwn
@@ -0,0 +1,13 @@
+Propellor currently needs a central git server. And it has a special-cased
+protocol during bootstrap that transfers the git repo over to a new host,
+using the ssh connection that will be used to run propellor.
+
+This could be improved by making a git push be done whenever
+`propellor spin $host` runs. The remote propellor runs `git receive-pack`;
+the local one runs `git send-pack`.
+
+Then there would be no need for a central git repo. Although still very
+useful if you have multiple propellor driven hosts and you want to just git
+commit and let cron sort them out.
+
+> [[done]]! --[[Joey]]
diff --git a/doc/todo/info_propigation_out_of_nested_properties.mdwn b/doc/todo/info_propigation_out_of_nested_properties.mdwn
index e6427069..536d6719 100644
--- a/doc/todo/info_propigation_out_of_nested_properties.mdwn
+++ b/doc/todo/info_propigation_out_of_nested_properties.mdwn
@@ -1,36 +1,97 @@
> Now [[fixed|done]]!! --[[Joey]]
-Currently, Info about a Host's Properties is manually gathered and
-propigated. propertyList combines the Info of the Properties in the list.
-Docker.docked extracts relevant Info from the Properties of the container
-(but not al of it, intentionally!).
+Currently, Info about a Host's Properties is propigated to the host by
+examining the tree of Properties.
-This works, but it's error-prone. Consider this example:
+This works, but there's one problem. Consider this example:
withOS desc $ \o -> case o of
(Just (System (Debian Unstable) _)) -> ensureProperty foo
_ -> ensureProperty bar
Here, the Info of `foo` is not propigated out. Nor is `bar`'s Info.
-Of course, only one of them will be run, and only its info should be propigated
-out..
+It's not really clear if just one Info, or both should be propigated out.
-This commonly afflicts eg, privData. For example, `User.hasPassword'`
-has this problem, and this prevents --list-fields from listing privdata
-that's not set from that property.
+----
One approach might be to make the Propellor monad be able to be run in two
-modes. In one mode, it actually perform IO, etc. In the other mode, all
-liftIO is a no-op, but all Info encountered is accumulated using a Reader
-monad. This might need two separate monad definitions.
-
-That is surely doable, but the withOS example above shows a problem with it --
-the OS is itself part of a Host's info, so won't be known until all its
-properties have been examined for info!
-
-Perhaps that can be finessed. We don't really need to propigate out OS info.
-Just DNS and PrivDataField Info. So info could be collected in 2 passes,
-first as it's done now by static propertyInfo values. Then take that
-and use it as the Info when running the Properties in the Reader monad.
-Combine what the Reader accumulates with the static info to get the full
-info.
+modes. In run mode, it actually performs IO, etc. In introspection mode, all
+liftIO is a no-op, but all Info encountered is accumulated using a Reader.
+This might need two separate monad definitions.
+
+That is surely doable, but consider this example:
+
+ property "demo" = do
+ needfoo <- liftIO checkFoo
+ if needfoo
+ then ensureProperty foo
+ else ensureProperty . bar =<< liftIO (getBarParam)
+
+In introspection mode, the liftIO is a no-op, but needs to return a Bool.
+That seems unlikely (how to pick which?), but even if some defaulting is
+used, only one of foo or bar's info will be seen.
+
+Worse, the bar property is not fully known until IO can be performed to get
+its parameter.
+
+----
+
+Another approach could be something like this:
+
+ withInfoFrom foo $ \callfoo ->
+ withInfoFrom bar $ \callbar ->
+ property "demo" = do
+ needfoo <- liftIO checkFoo
+ if needfoo
+ then callfoo
+ else callbar
+
+Here withInfoFrom adds foo and bar as child properties of the demo property
+that (may) call them.
+
+This approach is not fully type safe; it would be possible to call
+withInfoFrom in a way that didn't let it propigate the info.
+
+And again this doesn't solve the problem that IO can be needed to get
+a parameter of a child property.
+
+----
+
+Another approach would be to add a new SimpleProperty, which is a property
+that has no Info. Only allow calling ensureProperty on this new type.
+
+(Or, remove propertyInfo from Property, and add a new InfoProperty that
+has the info.)
+
+But, propertyList can only contain one type at a time,
+not a mixed list of Property and SimpleProperty.
+
+Could a GADT be used instead?
+
+ {-# LANGUAGE GADTs #-}
+ {-# LANGUAGE EmptyDataDecls #-}
+
+ data HasInfo
+ data NoInfo
+
+ data Property = IProperty (GProperty HasInfo) | SProperty (GProperty NoInfo)
+
+ data GProperty i where
+ GIProperty :: Desc -> Propellor Result -> Info -> GProperty HasInfo
+ GSProperty :: Desc -> Propellor Result -> GProperty NoInfo
+
+ ensureProperty :: GProperty NoInfo -> Propellor Result
+ ensureProperty (GSProperty d r) = r
+
+That works. I made a `gadtwip` git branch that elaborated on that,
+to the point that Property.File compiles, but is otherwise
+unfinished. Most definitions of `Property` need to be changed to
+`GProperty NoInfo`, so that ensureProperty can call them. It's a big,
+intrusive change, and it may complicate propellor too much.
+
+I've tried to make this change a couple times now, and not been completely
+successful so far.
+
+(I may need to make instances of Prop for `GProperty NoInfo` and `GProperty
+HasInfo`, if that's possible, and make more Property combinators work on
+Prop.)
diff --git a/doc/todo/issue_after_upgrading_shared_library.mdwn b/doc/todo/issue_after_upgrading_shared_library.mdwn
new file mode 100644
index 00000000..52e72d4a
--- /dev/null
+++ b/doc/todo/issue_after_upgrading_shared_library.mdwn
@@ -0,0 +1,25 @@
+After upgrading my server to jessie, I noticed that propellor does not work anymore. The issue seems to be that, libffi was upgraded from libffi5:amd64 to libffi6:amd64
+
+ $ ./propellor --spin myserver
+ Building propellor-2.2.1...
+ Preprocessing library propellor-2.2.1...
+ In-place registering propellor-2.2.1...
+ Preprocessing executable 'propellor' for propellor-2.2.1...
+ Preprocessing executable 'propellor-config' for propellor-2.2.1...
+ Propellor build ... done
+
+ You need a passphrase to unlock the secret key for
+ user: bla
+
+ [master 2aabb40] propellor spin
+ Git commit ... done
+ Counting objects: 1, done.
+ Writing objects: 100% (1/1), 852 bytes | 0 bytes/s, done.
+ Total 1 (delta 0), reused 0 (delta 0)
+ To root@myserver:/var/lib/git/private/propellor.git
+ b16f1a6..2aabb40 master -> master
+ Push to central git repository ... done
+ ./propellor: error while loading shared libraries: libffi.so.5: cannot open shared object file: No such file or directory
+ propellor: user error (ssh ["-o","ControlPath=/home/myuser/.ssh/propellor/myserver.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@myserver","sh -c 'if [ ! -d /usr/local/propellor/.git ] ; then (if ! git --version >/dev/null; then apt-get update && apt-get --no-install-recommends --no-upgrade -y install git; fi && echo STATUSNeedGitClone) || echo STATUSNeedPrecompiled ; else cd /usr/local/propellor && if ! test -x ./propellor; then ( apt-get update ; apt-get --no-upgrade --no-install-recommends -y install gnupg ; apt-get --no-upgrade --no-install-recommends -y install ghc ; apt-get --no-upgrade --no-install-recommends -y install cabal-install ; apt-get --no-upgrade --no-install-recommends -y install libghc-async-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-missingh-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-hslogger-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-unix-compat-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-ansi-terminal-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-ifelse-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-network-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-quickcheck2-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-mtl-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-monadcatchio-transformers-dev ; cabal update ; cabal install --only-dependencies ) || true && cabal configure && cabal build && ln -sf dist/build/propellor-config/propellor-config propellor; fi && ./propellor --boot myserver ; fi'"] exited 127)
+
+> [[fixed|done]] --[[Joey]]
diff --git a/doc/todo/issue_after_upgrading_shared_library/comment_1_8d9144d57871cb5d234710d1ab1b7183._comment b/doc/todo/issue_after_upgrading_shared_library/comment_1_8d9144d57871cb5d234710d1ab1b7183._comment
new file mode 100644
index 00000000..77c7df83
--- /dev/null
+++ b/doc/todo/issue_after_upgrading_shared_library/comment_1_8d9144d57871cb5d234710d1ab1b7183._comment
@@ -0,0 +1,20 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-04-02T01:14:06Z"
+ content="""
+I think I saw this once myself (have no servers older than jessie left
+now).
+
+I believe the problem can be worked around by running make clean
+in /usr/local/propellor on the server.
+
+I'm not clear yet on a good way for --spin to detect that propellor
+has failed due to this, rather than some other problem, and try
+a clean and rebuild.
+
+Hmm, xmonad should have a similar problem, since it builds a haskell
+program locally. I wonder how the debian package deals with it there.
+
+Note there's a libffi6, so this will presumably happen again..
+"""]]
diff --git a/doc/todo/issue_after_upgrading_shared_library/comment_2_01a3d5e006158302e12862cacee3327e._comment b/doc/todo/issue_after_upgrading_shared_library/comment_2_01a3d5e006158302e12862cacee3327e._comment
new file mode 100644
index 00000000..3f7a7bbc
--- /dev/null
+++ b/doc/todo/issue_after_upgrading_shared_library/comment_2_01a3d5e006158302e12862cacee3327e._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="gueux"
+ subject="comment 2"
+ date="2015-04-02T09:24:07Z"
+ content="""
+Indeed, \"make clean\" on the server worked. I don't know it could be made more robust to this kind of upgrade...
+"""]]
diff --git a/doc/todo/issue_after_upgrading_shared_library/comment_2_6025ec35330fbac220f2888e60be1e78._comment b/doc/todo/issue_after_upgrading_shared_library/comment_2_6025ec35330fbac220f2888e60be1e78._comment
new file mode 100644
index 00000000..bc89ad7f
--- /dev/null
+++ b/doc/todo/issue_after_upgrading_shared_library/comment_2_6025ec35330fbac220f2888e60be1e78._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2015-04-02T14:27:26Z"
+ content="""
+So I thought of two approaches.
+
+1. Propellor could copy in all the shared libraries. It already contains
+ code to do this. But, this would add overhead to every build. And it
+ might not guard against all snafus.
+
+2. Make propellor --check that should exit 0. Make --spin check that
+ propellor works and rebuild if not. Also make the runPropellor cron job
+ do that.
+
+I've gone with option #2.
+"""]]
diff --git a/doc/todo/lxc_containers_support.mdwn b/doc/todo/lxc_containers_support.mdwn
new file mode 100644
index 00000000..5e9da306
--- /dev/null
+++ b/doc/todo/lxc_containers_support.mdwn
@@ -0,0 +1 @@
+Adding lxc containers support would be great, as an alternative to docker, chroot, or systemd containers.
diff --git a/doc/todo/missing_dependencies.mdwn b/doc/todo/missing_dependencies.mdwn
new file mode 100644
index 00000000..55490a86
--- /dev/null
+++ b/doc/todo/missing_dependencies.mdwn
@@ -0,0 +1,39 @@
+After upgrading to 2.4.0, I get this error:
+
+ ./propellor --spin myserver
+ Building propellor-2.4.0...
+ Preprocessing library propellor-2.4.0...
+ In-place registering propellor-2.4.0...
+ Preprocessing executable 'propellor' for propellor-2.4.0...
+ Preprocessing executable 'propellor-config' for propellor-2.4.0...
+ Propellor build ... done
+ Git commit ... done
+ Enter passphrase for /home/user/.ssh/id_rsa:
+ Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)
+ Counting objects: 253, done.
+ Delta compression using up to 4 threads.
+ Compressing objects: 100% (253/253), done.
+ Writing objects: 100% (253/253), 173.59 KiB | 0 bytes/s, done.
+ Total 253 (delta 172), reused 0 (delta 0)
+ To root@myserver:/var/lib/git/private/propellor.git
+ d81fb7d..6f7f041 master -> master
+ Push to central git repository ... done
+ From myserver:/var/lib/git/private/propellor
+ d81fb7d..6f7f041 master -> origin/master
+ Pull from central git repository ... done
+ ** warning: git branch origin/master is not signed with a trusted gpg key; refusing to deploy it! (Running with previous configuration instead.)
+ Sending privdata (87652 bytes) to myserver ... done
+ From .
+ * branch HEAD -> FETCH_HEAD
+ Sending git update to myserver ... done
+ Warning: The package list for 'hackage.haskell.org' is 47 days old.
+ Run 'cabal update' to get the latest list of available packages.
+ Resolving dependencies...
+ Configuring propellor-2.4.0...
+ cabal: At least the following dependencies are missing:
+ exceptions -any
+ propellor: failed to make dist/setup-config
+ Shared connection to myserver closed.
+ propellor: remote propellor failed
+
+As in https://propellor.branchable.com/todo/issue_after_upgrading_shared_library/, manually running "make clean" on the server fixed the issue
diff --git a/doc/todo/missing_dependencies/comment_1_826a75052e87c04489aa07c3d322a54f._comment b/doc/todo/missing_dependencies/comment_1_826a75052e87c04489aa07c3d322a54f._comment
new file mode 100644
index 00000000..2ccb179d
--- /dev/null
+++ b/doc/todo/missing_dependencies/comment_1_826a75052e87c04489aa07c3d322a54f._comment
@@ -0,0 +1,15 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-05-22T18:13:15Z"
+ content="""
+`exceptions` is indeed a new dependency.
+
+This is supposed to be handled by Propellor.Bootstrap.checkDepsCommand
+which is run by --spin.
+
+Maybe check if your propellor.cabal includes the `exceptions` dependency,
+and check if `cabal configure` fails. If it does, it seems like that code
+would fire, and should install the missing dependency. It worked when I
+upgraded my systems with it, is all I know.
+"""]]
diff --git a/doc/todo/onChange_failure_handling.mdwn b/doc/todo/onChange_failure_handling.mdwn
new file mode 100644
index 00000000..46a81caf
--- /dev/null
+++ b/doc/todo/onChange_failure_handling.mdwn
@@ -0,0 +1,41 @@
+> Please consider the following three properties
+> - p1,
+> - p2 and
+> - p3 = onChange p1 p2.
+>
+> If p1 returns MadeChange and p2 FailedChange, then p3 is FailedChange.
+> If we apply this property again without any changes, then p3 is
+> NoChange.
+>
+> This behavior could create problematic situations since p3 can be
+> required by another property which thinks that p3 has been applied
+> whereas it's not the case...
+>
+> -- Antoine
+
+Very well stated.
+
+I looked over existing uses of onChange in propellor, and many of them
+seem safe.
+
+The safe ones are where there's eg, a daemon, with a Property that it's
+running, and another Property that configures it in some way with
+onChange restart. If the restart fails, then the daemon is presumably
+left not running (unless it failed to stop the daemon somehow); a state
+that the former Property will attempt to take care of (or at least
+continue to indicate failure on) the next time propellor runs.
+
+Hmm, there are also lots of uses of onChange reloaded. If the new
+configuration of a daemon is broken, this can fail to reload it, and
+leave the daemon running with the old configuration. So that's more
+problimatic, and then there are some more problimatic yet uses of
+onChange, like the one that runs apt-get update after a change to
+sources.list.
+
+--[[Joey]]
+
+----
+
+The `onChangeFlagOnFail` combinator is a safer alternative to `onChange`
+that avoids this problem. But, it can be difficult to come up with unique
+names for the flag files it uses.
diff --git a/doc/todo/port_info_for_properties_for_firewall.mdwn b/doc/todo/port_info_for_properties_for_firewall.mdwn
new file mode 100644
index 00000000..efaaba05
--- /dev/null
+++ b/doc/todo/port_info_for_properties_for_firewall.mdwn
@@ -0,0 +1,24 @@
+The firewall module could be improved if properties that set up a service
+on a port included info (see Propellor.Info and Propellor.Types.Info)
+about the port(s) used.
+
+While currently the ports have to be explicitly listed:
+
+ & Apache.installed
+ & Firewall.installed
+ & Firewall.addRule (Rule INPUT ACCEPT (Proto TCP :- Port 80))
+ & Firewall.addRule (Rule INPUT ACCEPT (Proto TCP :- Port 443))
+
+Instead the ports would be derived from the installed services.
+
+ & Apache.installed
+ & Firewall.installed
+
+There could also be some combinators to adjust the exposed
+ports of a property.
+
+ & localOnly Apache.installed
+ & exposedPorts [443,80] (Apt.serviceInstalledRunning "apache2")
+
+Such port enformation is also going to be needed as a basis of
+[[type_level_port_conflict_detection]]. --[[Joey]]
diff --git a/doc/todo/publish_propellor_as_library_to_hackage.mdwn b/doc/todo/publish_propellor_as_library_to_hackage.mdwn
new file mode 100644
index 00000000..709ee35b
--- /dev/null
+++ b/doc/todo/publish_propellor_as_library_to_hackage.mdwn
@@ -0,0 +1,4 @@
+Currently, AFAIK, one needs to fork propellor repo, add its own configuration and compile propellor binary from all the source tree.
+It would be handy and more modular to allow one to have a propellor configuration linked to propellor as a library, hosted on hackage.
+
+> [[done]] --[[Joey]]
diff --git a/doc/todo/publish_propellor_as_library_to_hackage/comment_1_00a865bf7977c0e49f54a365f4b60ce8._comment b/doc/todo/publish_propellor_as_library_to_hackage/comment_1_00a865bf7977c0e49f54a365f4b60ce8._comment
new file mode 100644
index 00000000..8d56f0f1
--- /dev/null
+++ b/doc/todo/publish_propellor_as_library_to_hackage/comment_1_00a865bf7977c0e49f54a365f4b60ce8._comment
@@ -0,0 +1,27 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-02-28T15:01:24Z"
+ content="""
+Unusual as it is for propellor's configuration git repo to include the full
+source code to propellor, I like this approach. It lets users change any
+existing property that is not generic enough, or makes assumptions they
+don't like, or needs porting to their OS of choice.
+
+But still, propellor is
+[on hackage](http://hackage.haskell.org/package/propellor), as
+a library. It can be used that way if you want to.
+
+I don't think that any of propellor's code cares how it's distributed,
+except for src/wrapper.hs (which cabal will install as
+~/.cabal/bin/propellor), which sets up the ~/.propellor/ repository. You
+can bypass using that wrapper if you like, and cabal install propellor and
+create your own ~/.propellor/ repository containing only your own
+config.hs, and build and use propellor that way.
+
+Where that approach becomes a problem is that propellor --spin currently
+relies on propellor's Makefile being in the repository, when bootstrapping
+propellor on a remote host. So you'll need to include a copy of that in
+your repo for --spin to work. I'd like to get rid of the need for the
+Makefile. (Only the build and deps targets are used by --spin.)
+"""]]
diff --git a/doc/todo/publish_propellor_as_library_to_hackage/comment_2_29cc276929020e68eae8ae04110a3f5f._comment b/doc/todo/publish_propellor_as_library_to_hackage/comment_2_29cc276929020e68eae8ae04110a3f5f._comment
new file mode 100644
index 00000000..af61b1db
--- /dev/null
+++ b/doc/todo/publish_propellor_as_library_to_hackage/comment_2_29cc276929020e68eae8ae04110a3f5f._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2015-02-28T17:08:28Z"
+ content="""
+Ok, I got --spin to not use the Makefile any more. So with the 2.2.0
+release, if you want to make ~/.propellor contain only a config.hs
+file and a foo.cabal file, that will work. The cabal file would contain
+something like:
+
+<pre>
+Executable propellor-config
+ Main-Is: config.hs
+ GHC-Options: -Wall -threaded -O0
+ Build-Depends: propellor, base >= 4.5, base < 5
+</pre>
+"""]]
diff --git a/doc/todo/publish_propellor_as_library_to_hackage/comment_3_efbe0ef77be957c37e745ec64452ae99._comment b/doc/todo/publish_propellor_as_library_to_hackage/comment_3_efbe0ef77be957c37e745ec64452ae99._comment
new file mode 100644
index 00000000..09628e53
--- /dev/null
+++ b/doc/todo/publish_propellor_as_library_to_hackage/comment_3_efbe0ef77be957c37e745ec64452ae99._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="You rocks!"
+ date="2015-03-05T15:24:49Z"
+ content="""
+Apologies for wrong information, I did not check if propellor was on hackage. Anyway, thanks a lot for caring to \"fix\" that, will give it a try this week and keep you posted.
+
+Thanks a lot
+"""]]
diff --git a/doc/todo/publish_propellor_as_library_to_hackage/comment_4_6ebf2e30596ddf6eba91717576837019._comment b/doc/todo/publish_propellor_as_library_to_hackage/comment_4_6ebf2e30596ddf6eba91717576837019._comment
new file mode 100644
index 00000000..737e7066
--- /dev/null
+++ b/doc/todo/publish_propellor_as_library_to_hackage/comment_4_6ebf2e30596ddf6eba91717576837019._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Propellor 2.2.0 not on hackage"
+ date="2015-03-08T20:21:42Z"
+ content="""
+So I cannot depend on it right now. Do you know when it will be available there?
+"""]]
diff --git a/doc/todo/publish_propellor_as_library_to_hackage/comment_5_4a4e94c637e0380adc1a43ec3d0633e1._comment b/doc/todo/publish_propellor_as_library_to_hackage/comment_5_4a4e94c637e0380adc1a43ec3d0633e1._comment
new file mode 100644
index 00000000..85f95c17
--- /dev/null
+++ b/doc/todo/publish_propellor_as_library_to_hackage/comment_5_4a4e94c637e0380adc1a43ec3d0633e1._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 5"""
+ date="2015-03-09T17:00:35Z"
+ content="""
+SImply because 2.2.0 had not been released yet. (UNRELEASED in
+changelog..)
+"""]]
diff --git a/doc/todo/publish_propellor_as_library_to_hackage/comment_6_19470170c3ef461f446b0af1d8501640._comment b/doc/todo/publish_propellor_as_library_to_hackage/comment_6_19470170c3ef461f446b0af1d8501640._comment
new file mode 100644
index 00000000..143f1dea
--- /dev/null
+++ b/doc/todo/publish_propellor_as_library_to_hackage/comment_6_19470170c3ef461f446b0af1d8501640._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="comment 6"
+ date="2015-03-10T06:28:52Z"
+ content="""
+Sorry, I did not read the changelog. Thanks for all the hard work on propellor.
+"""]]
diff --git a/doc/todo/spin_and_ipv6_addresses.mdwn b/doc/todo/spin_and_ipv6_addresses.mdwn
index 8693f16e..602d311b 100644
--- a/doc/todo/spin_and_ipv6_addresses.mdwn
+++ b/doc/todo/spin_and_ipv6_addresses.mdwn
@@ -6,3 +6,4 @@ using short names for such hosts with --spin. And, propellor only looks at
configured ipv4 properties of a host when deciding if the DNS hostname is
out of date, and falling back to contacting the host by IPv6 address.
+> [[fixed|done]] --[[Joey]]
diff --git a/doc/todo/ssh__95__user_+_sudo/comment_4_7fc635a8d6e4c903eaefa7383d2c37ac._comment b/doc/todo/ssh__95__user_+_sudo/comment_4_7fc635a8d6e4c903eaefa7383d2c37ac._comment
new file mode 100644
index 00000000..af5e120a
--- /dev/null
+++ b/doc/todo/ssh__95__user_+_sudo/comment_4_7fc635a8d6e4c903eaefa7383d2c37ac._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="https://launchpad.net/~jml"
+ nickname="jml"
+ subject="comment 4"
+ date="2015-05-15T08:57:04Z"
+ content="""
+Just want to add that it's not only a security issue: it's also a convenience issue. Many machines are configured by default to not allow remote root logins, but to allow user logins followed by sudo. If propellor can't do that, then there's an extra step in the whole process that can't be easily automated within propellor.
+"""]]
diff --git a/doc/todo/type_level_port_conflict_detection.mdwn b/doc/todo/type_level_port_conflict_detection.mdwn
new file mode 100644
index 00000000..5aec5775
--- /dev/null
+++ b/doc/todo/type_level_port_conflict_detection.mdwn
@@ -0,0 +1,5 @@
+See <http://stackoverflow.com/questions/26027765/using-types-to-prevent-conflicting-port-numbers-in-a-list> --[[Joey]]
+
+Needs ghc newer than 7.6.3. It may be possible to port Data.Type.Equality
+and Data.Type.Bool to older versions; I got them to compile but they didn't
+work right. --[[Joey]]
diff --git a/doc/writing_properties.mdwn b/doc/writing_properties.mdwn
new file mode 100644
index 00000000..c7183e09
--- /dev/null
+++ b/doc/writing_properties.mdwn
@@ -0,0 +1,82 @@
+Propellor comes with a lot of properties you can use. But eventually,
+you'll want to write a property of your own.
+
+This isn't hard. Often propellor has some properties you can use to build
+the property you want. Need to modify the content of a file? Use any of
+the properties in
+[Propellor.Property.File](http://hackage.haskell.org/package/propellor-2.2.1/docs/Propellor-Property-File.htm)
+Need to run some commands? Use [Propellor.Property.Cmd](http://hackage.haskell.org/package/propellor-2.2.1/docs/Propellor-Property-Cmd.html).
+
+To combine properties, the easiest way is to use `requires`.
+
+ someproperty `requires` otherproperty
+
+[Propellor.Property.List](http://hackage.haskell.org/package/propellor-2.2.1/docs/Propellor-Property-List.html)
+has a `propertyList` combinator that's also useful.
+
+[Propellor.Property](http://hackage.haskell.org/package/propellor-2.2.1/docs/Propellor-Property.html)
+has some other functions to modify Properties in useful ways.
+For example, `check` makes a Property call an `IO Bool` to check if the
+Property needs be run.
+
+## example: User.hasLoginShell
+
+> As far as I can tell there is no easy way to set a user's
+> login shell. A Property User.hasLoginShell, which ensures
+> that a user has a specified login shell and that said shell
+> is in /etc/shells would be really helpful. Sadly, I lack the
+> skills to put this together myself :( -- weinzwang
+
+Propellor makes it very easy to put together a property like this.
+
+Let's start with a property that combines the two properties you mentioned:
+
+ hasLoginShell :: UserName -> FilePath -> Property
+ hasLoginShell user shell = shellSetTo user shell `requires` shellEnabled shell
+
+The shellEnabled property can be easily written using propellor's file
+manipulation properties.
+
+ -- Need to add an import to the top of the source file.
+ import qualified Propellor.Property.File as File
+
+ shellEnabled :: FilePath -> Property
+ shellEnabled shell = "/etc/shells" `File.containsLine` shell
+
+And then, we want to actually change the user's shell. The `chsh(1)`
+program can do that, so we can simply tell propellor the command line to
+run:
+
+ shellSetTo :: UserName -> FilePath -> Property
+ shellSetTo user shell = cmdProperty "chsh" ["--shell", shell, user]
+
+The only remaining problem with this is that shellSetTo runs chsh every
+time, and propellor will always display that it's made a change each time
+it runs, even when it didn't really do much. Now, there's an easy way to
+avoid that problem, we could just tell propellor that it's a trivial
+property, and then it will run chsh every time and not think it made any
+change:
+
+ shellSetTo :: UserName -> FilePath -> Property
+ shellSetTo user shell = trivial $
+ cmdProperty "chsh" ["--shell", shell, user]
+
+But, it's not much harder to do this right. Let's make the property
+check if the user's shell is already set to the desired value and avoid
+doing anything in that case.
+
+ shellSetTo :: UserName -> FilePath -> Property
+ shellSetTo user shell = check needchangeshell $
+ cmdProperty "chsh" ["--shell", shell, user]
+ where
+ needchangeshell = do
+ currshell <- userShell <$> getUserEntryForName user
+ return (currshell /= shell)
+
+And that will probably all work, although I've not tested it. You might
+want to throw in some uses of `describe` to give the new properties
+more useful descriptions.
+
+I hope this has been helpful as an explanation of how to add properties to
+Propellor, and if you get these properties to work, a patch adding them
+to Propellor.User would be happily merged.