summaryrefslogtreecommitdiff
path: root/src/Propellor/Property
diff options
context:
space:
mode:
Diffstat (limited to 'src/Propellor/Property')
-rw-r--r--src/Propellor/Property/Sbuild.hs17
-rw-r--r--src/Propellor/Property/Ssh.hs4
2 files changed, 18 insertions, 3 deletions
diff --git a/src/Propellor/Property/Sbuild.hs b/src/Propellor/Property/Sbuild.hs
index 5d58a84a..d128e3b9 100644
--- a/src/Propellor/Property/Sbuild.hs
+++ b/src/Propellor/Property/Sbuild.hs
@@ -365,8 +365,23 @@ keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) go
go :: Property DebianLike
go = combineProperties "sbuild keyring insecurely generated" $ props
& Apt.installed ["rng-tools"]
- & cmdProperty "rngd" ["-r", "/dev/urandom"] `assume` MadeChange
+ -- If this dir does not exist the sbuild key generation command
+ -- will fail; the user might have deleted it to work around
+ -- #831462
+ & File.dirExists "/var/lib/sbuild/apt-keys"
+ -- If there is already an rngd process running we have to kill
+ -- it, as it might not be feeding to /dev/urandom
+ & userScriptProperty (User "root")
+ [ "kill 2>/dev/null $(cat /var/run/rngd.pid) || true"
+ , "sleep 10"
+ , "rngd -r /dev/urandom"
+ ]
+ `assume` MadeChange
& keypairGenerated
+ -- Kill off the rngd process we spawned
+ & userScriptProperty (User "root")
+ ["kill $(cat /var/run/rngd.pid)"]
+ `assume` MadeChange
-- another script from wiki.d.o/sbuild
ccachePrepared :: Property DebianLike
diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs
index 6e1690d2..0a92e42b 100644
--- a/src/Propellor/Property/Ssh.hs
+++ b/src/Propellor/Property/Ssh.hs
@@ -356,8 +356,8 @@ knownHostLines hosts hn = keylines <$> fromHost hosts hn getHostPubKey
modKnownHost :: User -> FilePath -> Property UnixLike -> Property UnixLike
modKnownHost user f p = p
- `requires` File.ownerGroup f user (userGroup user)
- `requires` File.ownerGroup (takeDirectory f) user (userGroup user)
+ `before` File.ownerGroup f user (userGroup user)
+ `before` File.ownerGroup (takeDirectory f) user (userGroup user)
-- | Ensures that a local user's authorized_keys contains lines allowing
-- logins from a remote user on the specified Host.