From 04ef5f7bc1e6753fe4580f370e7f0ea2500773c8 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 24 Jul 2016 13:36:06 -0400 Subject: Ssh.knownHost: Bug fix: Only fix up the owner of the known_hosts file after it exists. --- debian/changelog | 7 +++++++ .../comment_4_916b6cae93e772fa0fac88676409b03a._comment | 8 ++++++++ src/Propellor/Property/Ssh.hs | 4 ++-- 3 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_4_916b6cae93e772fa0fac88676409b03a._comment diff --git a/debian/changelog b/debian/changelog index 893498a4..bc69b672 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +propellor (3.1.2) UNRELEASED; urgency=medium + + * Ssh.knownHost: Bug fix: Only fix up the owner of the known_hosts + file after it exists. + + -- Joey Hess Sun, 24 Jul 2016 13:34:37 -0400 + propellor (3.1.1) unstable; urgency=medium * Haddock build fix. diff --git a/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_4_916b6cae93e772fa0fac88676409b03a._comment b/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_4_916b6cae93e772fa0fac88676409b03a._comment new file mode 100644 index 00000000..36a31728 --- /dev/null +++ b/doc/forum/Ssh.authorizedKey_does_not_work_on_brand_new_user/comment_4_916b6cae93e772fa0fac88676409b03a._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 4""" + date="2016-07-24T17:35:24Z" + content=""" +I see it; changed it to use `before` so the file creation/modification +comes before any chmodding. +"""]] diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs index 6e1690d2..0a92e42b 100644 --- a/src/Propellor/Property/Ssh.hs +++ b/src/Propellor/Property/Ssh.hs @@ -356,8 +356,8 @@ knownHostLines hosts hn = keylines <$> fromHost hosts hn getHostPubKey modKnownHost :: User -> FilePath -> Property UnixLike -> Property UnixLike modKnownHost user f p = p - `requires` File.ownerGroup f user (userGroup user) - `requires` File.ownerGroup (takeDirectory f) user (userGroup user) + `before` File.ownerGroup f user (userGroup user) + `before` File.ownerGroup (takeDirectory f) user (userGroup user) -- | Ensures that a local user's authorized_keys contains lines allowing -- logins from a remote user on the specified Host. -- cgit v1.2.3