summaryrefslogtreecommitdiff
path: root/src/Propellor
AgeCommit message (Collapse)Author
2020-02-14add back old keys for branchableJoey Hess
Otherwise ssh servers that only know of the old keys will complain of MITM
2020-02-14remove deprecated ssh key algos from my personal configsJoey Hess
DSA is entirely deprecated, while RSA is just starting to be deprecated Generated and added new keys as necessary. Still a few stragglers on machines I can't currently access (sow and beaver).
2019-10-08Merge branch 'master' into joeyconfigJoey Hess
2019-10-08propellor spinJoey Hess
2019-09-22changed modbus libraryJoey Hess
2019-09-21Merge branch 'joeyconfig'Joey Hess
2019-09-19replaced failed wifi dongleJoey Hess
was dropping out, appears corroded inside
2019-09-16Merge branch 'joeyconfig'Joey Hess
2019-09-13updateJoey Hess
2019-09-07propellor spinJoey Hess
2019-08-08Localdir.hasOriginUrl: Depend on Git.installed.Joey Hess
* Localdir.hasOriginUrl: Depend on Git.installed. * Localdir.hasOriginUrl: Type changed from UnixLike to DebianLike because Git.installed is not implemented for other unixes. (API change) This commit was sponsored by Denis Dzyubenko on Patreon.
2019-07-19propellor spinJoey Hess
2019-07-16Systemd.machined: Fix a bug that caused the systemd-container package to not ↵Joey Hess
be installed when used with Debian buster. jessie (oldoldstable) is the only still supported release to have a systemd from before the systemd-container package was split out.
2019-07-16update from Stable "stretch" to Stable "buster" in some examplesJoey Hess
2019-07-16Apt.update: Pass --allow-releaseinfo-change when updating Unstable or TestingJoey Hess
So that code name changes that happen in those suites during a stable release don't prevent updating the rolling suites.
2019-07-16use security.debian.org/debian-securityJoey Hess
There's supposed to be a /debian-security path in the url, according to various sources, including https://www.debian.org/security/ I tried it both ways for both stable and testing and oldstable, and it works with and without it for both. Presumably some url rewriting is fixing it up on the back end.
2019-07-16remove /updates from security urlJoey Hess
According to Ansgar Burchardt's mail, it should look like: deb http://security.debian.org/debian-security bullseye-security main Kept as it was for oldstable etc.
2019-07-12use "-security" suffix for bullseye and upJoey Hess
The suite for stable releases from bullseye on will be suffixed with "-security". Only 3 past stable releases continue to use the old unsuffixed name.
2019-07-10Apt: Debian has changed the name of the suite for testing security updates ↵Joey Hess
from testing to testing-security. The testing-security suite appeared 4 days ago. I don't know where this change is documented; wish I had known about it before the stable release, as now stable has a propellor that doesn't work with testing.
2019-07-02use ConstraintKindsJoey Hess
This is just a bit prettier code than manually needing to use constraint ~ True
2019-07-02reword to be more like ghc wordingJoey Hess
2019-07-02better explain Property <unknown>Joey Hess
I had thought it could happen when passing the wrong type to a Property constructor, but happily that is not the case. For example & osDebian Unstable False Still produces a good error: • Couldn't match expected type ‘Architecture’ with actual type ‘Bool’ So Property <unknown> only happens when too many or too few parameters are passed, eg: & osDebian Unstable X86_64 False & osDebian Unstable Before commit 14f6ae30809d8bbdb10b91cc59757e865a365df8, the former of those resulted in: • Couldn't match expected type ‘[Char] -> p0’ with actual type ‘Property (HasInfo + Debian)’ • The function ‘osDebian’ is applied to three arguments, but its type ‘DebianSuite -> Architecture -> Property (HasInfo + Debian)’ has only two Unfortunately, it's now just Property <unknown>. This is the only reversion I've identified from commit 14f6ae30809d8bbdb10b91cc59757e865a365df8. My ghc bug https://gitlab.haskell.org/ghc/ghc/issues/16894 isn't quite explaining this problem yet, and I need to find a minimal case of it. As to the latter with too few parameters, it used to result in a massive ugly useless error. Now it is also Property <unknown>, which is an improvement.
2019-07-02use DelayErrorJoey Hess
Syrak looked at this branch and said: Cool! I'd suggest that if it's working, that's an accident! You probably want IfStuck e (DelayError err1) (DelayErrorFcf err2) rather than IfStuck e (TypeError err1) (TypeError err2)
2019-07-02Revert "Revert "custom type error messages""Joey Hess
This reverts commit 665ea0d3d9e1b0e90278fd659dee0ef8642030da.
2019-07-02Revert "custom type error messages"Joey Hess
This reverts commits 14f6ae30809d8bbdb10b91cc59757e865a365df8 de21ef26861db458b0dfb0212cf501f9f8ed459b e20662e6a8881db55394a6366be17ca4e509bc2a Until this bug is resolved, these custom error types hide more basic errors. https://gitlab.haskell.org/ghc/ghc/issues/16894
2019-07-01fix build with ghc 8.0.1Joey Hess
Something in commit 14f6ae30809d8bbdb10b91cc59757e865a365df8 ghc 8.0.1 in a few cases unable to infer types when ensureProperty or tightenTargets is used. Newer versions of ghc, including 8.4.4 were able to infer these types. Perhaps it tries harder, or an inference bug was fixed. Seemed best to work around the problem to keep supporting ghc 8.0.1 and the current Debian stable. Since only 3 uses out of hundreds in propellor were affected, it's pretty unlikely it will affect user's properties, but I mentioned in in the changelog anyway. Hopefully a new Debian release will soon mean I no longer need to support 8.0.1, but the code changes also generally made it clearer and easier to read. And, I made custom type errors suggesting adding annotations to help any user who does encounter it. (Included in commit de21ef26861db458b0dfb0212cf501f9f8ed459b; may also help with other cases than an old ghc.)
2019-07-01optionally use type-errors to detect stucknessJoey Hess
Use the type-errors library to detect when the type checker gets stuck unable to reduce type-level operations on MetaTypes, and avoid displaying massive error messages in such a case. But, since type-errors is a new library not available in eg Debian yet, added a WithTypeErrors build flag. When the library is not available, cabal will automatically disable that build flag, and it will build without the type-errors library. This is most often used when combining properties of different types. If the MetaTypes don't have an OS in common, the error message used to be "Property " followed by pages of MetaTypes operations. Now it looks like this: • Cannot combine Properties: Property <unknown> Property HasInfo + Debian + Buntish + ArchLinux + FreeBSD (Property <unknown> is often due to a partially applied Property constructor, or due to passing the wrong type to a Property constructor.) Also it's used in ensureProperty to detect a case where the outer MetaTypes need to be inferred in order to check if the inner MetaTypes match, but the type checker is unable to infer it: • ensureProperty outer Property type is not able to be inferred here. Consider adding a type annotation. • When checking the inferred type writeConfig :: forall (outer :: [Propellor.Types.MetaTypes.MetaType]) t. And it's used in tightenTargets to detect when ghc is unable to infer the desired type of Property: • Unable to infer desired Property type in this use of tightenTargets. Consider adding a type annotation. • When checking the inferred type mk :: forall (tightened :: [Propellor.Types.MetaTypes.MetaType]).
2019-07-01custom type error messagesJoey Hess
* Avoid displaying an excessive amount of type error messages when many properties have been combined in a props list. * Added custom type error messages when Properties don't combine due to conflicting metatypes. * Added custom type error messages for ensureProperty and tightenTargets. * ensureProperty: The constraints have been simplified to EnsurePropertyAllowed. (API change) * ensureProperty: The contraints have been simplified to TightenTargetsAllowed. (API change) * CheckCombinable generates a Bool. (API change) This commit was sponsored by Jake Vosloo on Patreon.
2019-07-01Merge branch 'master' into joeyconfigJoey Hess
2019-07-01fixJoey Hess
2019-06-30moar watchdogJoey Hess
2019-06-15Merge branch 'joeyconfig'Joey Hess
2019-06-15Libvirt.installed: install libvirt-daemon-systemDavid Bremner
Several things recommend libvirt-daemon, but not for whatever reason libvirt-daemon-system. This means the libvirt-daemon is not started, which can cause virt-install to fail. Installing libvirt-daemon explicitly is probably overkill, but avoids problems in case the dependencies of libvirt-daemon-system change.
2019-05-13propellor spinJoey Hess
2019-05-04propellor spinJoey Hess
2019-04-22Merge branch 'joeyconfig'Joey Hess
2019-04-22fix Git.pulled always reporting a changeSean Whitton
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
2019-04-18wordingJoey Hess
To me, "standardly" seemed to imply the property might be included by default, but it is not.
2019-04-17propellor spinJoey Hess
2019-04-17propellor spinJoey Hess
2019-04-17propellor spinJoey Hess
2019-04-16Ssh.userKeys, Ssh.userKeyAt: Create .ssh directory when it does not yet exist.Joey Hess
* Ssh.userKeys, Ssh.userKeyAt: Create .ssh directory when it does not yet exist. * Ssh.userKeyAt: When a relative filepath is provided, it's put inside the user's .ssh directory.
2019-04-09Add User.ownsWithPrimaryGroupSean Whitton
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
2019-04-08change from inChroot to granular container capabilities infoJoey Hess
* Removed inChroot, instead use hasContainerCapability FilesystemContained. (API change) * Hostname: Properties that used to not do anything in a systemd or docker container will now change the container's hostname, since it's namespaced. More container capabilities can easily be added later, to fine grain control what properties will run in different kinds of containers. This changed CmdLine's Read instance, which should be ok, because propellor inside the container is always updated at the same time as propellor outside, so when it chains into the chroot, it will know to expect the capability list. Docker was not setting InChroot before, but now sets both container capabilities, so chroot setting will also work in it. Note that, things that used to check inChroot before would not work in docker, but things that check FilesystemContained now will. It may be that some of those properties don't really work properly in docker. And, Grub.installed used to run grub-mkconfig in a docker container before, I doubt that made sense (was it even safe?); it doesn't do it now. This commit was sponsored by Trenton Cronholm on Patreon.
2019-04-08Fix bug in File.containsShellSettingJoey Hess
It replaced whole shell conffile content with the setting if the file did not previously contain a line setting the key to some value. InsertSection is passed the whole content of the file, which does not contain the section yet (here the section is a single line). Probably this was not noticed because it's common for a shell config file to contain default values, so the buggy InsertSection rarely gets used. This commit was sponsored by Ethan Aubin.
2019-04-03remove old cron jobJoey Hess
2019-04-03remove unidiomatic parens before `func`Joey Hess
2019-04-03remove space before tab indentationJoey Hess
2019-04-03make Cron.runPropellor revertableSean Whitton
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
2019-04-03add Cron.jobDroppedSean Whitton
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>