From 69f35659e205e69a017ff2f3f39393ed4c403937 Mon Sep 17 00:00:00 2001 From: Félix Sipma Date: Thu, 4 Feb 2016 12:40:01 +0100 Subject: Firewall: add InIFace/OutIFace Rules (cherry picked from commit 717e693b2ad0bf39865ef28952f37670e70d8582) --- src/Propellor/Property/Firewall.hs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs index 20b44845..a851f885 100644 --- a/src/Propellor/Property/Firewall.hs +++ b/src/Propellor/Property/Firewall.hs @@ -1,5 +1,5 @@ -- | Maintainer: Arnaud Bailly --- +-- -- Properties for configuring firewall (iptables) rules module Propellor.Property.Firewall ( @@ -47,7 +47,8 @@ toIpTableArg (Proto proto) = ["-p", map toLower $ show proto] toIpTableArg (DPort (Port port)) = ["--dport", show port] toIpTableArg (DPortRange (Port f, Port t)) = ["--dport", show f ++ ":" ++ show t] -toIpTableArg (IFace iface) = ["-i", iface] +toIpTableArg (InIFace iface) = ["-i", iface] +toIpTableArg (OutIFace iface) = ["-o", iface] toIpTableArg (Ctstate states) = [ "-m" , "conntrack" @@ -80,7 +81,8 @@ data Rules -- data type with proto + ports | DPort Port | DPortRange (Port,Port) - | IFace Network.Interface + | InIFace Network.Interface + | OutIFace Network.Interface | Ctstate [ ConnectionState ] | Rules :- Rules -- ^Combine two rules deriving (Eq, Show) -- cgit v1.2.3 From 39825733d28dc9ea59386073879ba0e754c42028 Mon Sep 17 00:00:00 2001 From: Félix Sipma Date: Thu, 4 Feb 2016 12:42:11 +0100 Subject: Firewall: add Source/Destination Rules (cherry picked from commit 34ee25d51b502af8da81c7b0701ac02cf1f43c1e) --- src/Propellor/Property/Firewall.hs | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs index a851f885..13db38df 100644 --- a/src/Propellor/Property/Firewall.hs +++ b/src/Propellor/Property/Firewall.hs @@ -54,8 +54,24 @@ toIpTableArg (Ctstate states) = , "conntrack" , "--ctstate", concat $ intersperse "," (map show states) ] +toIpTableArg (Source ipwm) = + [ "-s" + , concat $ intersperse "," (map fromIPWithMask ipwm) + ] +toIpTableArg (Destination ipwm) = + [ "-d" + , concat $ intersperse "," (map fromIPWithMask ipwm) + ] toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r' +data IPWithMask = IPWithNoMask IPAddr | IPWithIPMask IPAddr IPAddr | IPWithNumMask IPAddr Int + deriving (Eq, Show) + +fromIPWithMask :: IPWithMask -> String +fromIPWithMask (IPWithNoMask ip) = fromIPAddr ip +fromIPWithMask (IPWithIPMask ip ipm) = fromIPAddr ip ++ "/" ++ fromIPAddr ipm +fromIPWithMask (IPWithNumMask ip m) = fromIPAddr ip ++ "/" ++ show m + data Rule = Rule { ruleChain :: Chain , ruleTarget :: Target @@ -84,6 +100,8 @@ data Rules | InIFace Network.Interface | OutIFace Network.Interface | Ctstate [ ConnectionState ] + | Source [ IPWithMask ] + | Destination [ IPWithMask ] | Rules :- Rules -- ^Combine two rules deriving (Eq, Show) -- cgit v1.2.3 From c6fcacb6e41f678757599b00eb653b3df489f19a Mon Sep 17 00:00:00 2001 From: Félix Sipma Date: Thu, 4 Feb 2016 14:09:32 +0100 Subject: Firewall: minor hlint fixes (cherry picked from commit d4653a2c4683ff3eeb4decbb3c61bb9e9cef2c64) --- src/Propellor/Property/Firewall.hs | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs index 13db38df..2dff2953 100644 --- a/src/Propellor/Property/Firewall.hs +++ b/src/Propellor/Property/Firewall.hs @@ -33,13 +33,13 @@ rule c t rs = property ("firewall rule: " <> show r) addIpTable if exist then return NoChange else toResult <$> boolSystem "iptables" (add args) - add params = (Param "-A") : params - chk params = (Param "-C") : params + add params = Param "-A" : params + chk params = Param "-C" : params toIpTable :: Rule -> [CommandParam] toIpTable r = map Param $ - (show $ ruleChain r) : - (toIpTableArg (ruleRules r)) ++ [ "-j" , show $ ruleTarget r ] + show (ruleChain r) : + toIpTableArg (ruleRules r) ++ [ "-j" , show $ ruleTarget r ] toIpTableArg :: Rules -> [String] toIpTableArg Everything = [] @@ -52,15 +52,15 @@ toIpTableArg (OutIFace iface) = ["-o", iface] toIpTableArg (Ctstate states) = [ "-m" , "conntrack" - , "--ctstate", concat $ intersperse "," (map show states) + , "--ctstate", intercalate "," (map show states) ] toIpTableArg (Source ipwm) = [ "-s" - , concat $ intersperse "," (map fromIPWithMask ipwm) + , intercalate "," (map fromIPWithMask ipwm) ] toIpTableArg (Destination ipwm) = [ "-d" - , concat $ intersperse "," (map fromIPWithMask ipwm) + , intercalate "," (map fromIPWithMask ipwm) ] toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r' -- cgit v1.2.3 From bd84117979a8e934d0c0922aca4eef27815155f8 Mon Sep 17 00:00:00 2001 From: Félix Sipma Date: Thu, 4 Feb 2016 16:00:50 +0100 Subject: Firewall: add CustomTarget (cherry picked from commit ecff879cfeacfbff00649f4a3b9dd19eaefe134f) --- src/Propellor/Property/Firewall.hs | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs index 2dff2953..b90f588a 100644 --- a/src/Propellor/Property/Firewall.hs +++ b/src/Propellor/Property/Firewall.hs @@ -39,7 +39,7 @@ rule c t rs = property ("firewall rule: " <> show r) addIpTable toIpTable :: Rule -> [CommandParam] toIpTable r = map Param $ show (ruleChain r) : - toIpTableArg (ruleRules r) ++ [ "-j" , show $ ruleTarget r ] + toIpTableArg (ruleRules r) ++ [ "-j" , fromTarget $ ruleTarget r ] toIpTableArg :: Rules -> [String] toIpTableArg Everything = [] @@ -81,9 +81,13 @@ data Rule = Rule data Chain = INPUT | OUTPUT | FORWARD deriving (Eq, Show) -data Target = ACCEPT | REJECT | DROP | LOG +data Target = ACCEPT | REJECT | DROP | LOG | CustomTarget String deriving (Eq, Show) +fromTarget :: Target -> String +fromTarget (CustomTarget ct) = ct +fromTarget t = show t + data Proto = TCP | UDP | ICMP deriving (Eq, Show) -- cgit v1.2.3 From a0e901dfc39bd465fe1d64a3a895b79341263264 Mon Sep 17 00:00:00 2001 From: Félix Sipma Date: Thu, 4 Feb 2016 17:40:09 +0100 Subject: Firewall: add Table (api change) (cherry picked from commit 202f9c282ee34897461dc56a79e607244c94cd99) --- src/Propellor/Property/Firewall.hs | 79 +++++++++++++++++++++++++++++++++----- 1 file changed, 70 insertions(+), 9 deletions(-) diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs index b90f588a..4498b82d 100644 --- a/src/Propellor/Property/Firewall.hs +++ b/src/Propellor/Property/Firewall.hs @@ -6,10 +6,16 @@ module Propellor.Property.Firewall ( rule, installed, Chain(..), - Target(..), + Table(..), + TargetFilter(..), + TargetNat(..), + TargetMangle(..), + TargetRaw(..), + TargetSecurity(..), Proto(..), Rules(..), - ConnectionState(..) + ConnectionState(..), + IPWithMask(..) ) where import Data.Monoid @@ -23,7 +29,7 @@ import qualified Propellor.Property.Network as Network installed :: Property NoInfo installed = Apt.installed ["iptables"] -rule :: Chain -> Target -> Rules -> Property NoInfo +rule :: Chain -> Table -> Rules -> Property NoInfo rule c t rs = property ("firewall rule: " <> show r) addIpTable where r = Rule c t rs @@ -39,7 +45,7 @@ rule c t rs = property ("firewall rule: " <> show r) addIpTable toIpTable :: Rule -> [CommandParam] toIpTable r = map Param $ show (ruleChain r) : - toIpTableArg (ruleRules r) ++ [ "-j" , fromTarget $ ruleTarget r ] + toIpTableArg (ruleRules r) ++ toIpTableTable (ruleTable r) toIpTableArg :: Rules -> [String] toIpTableArg Everything = [] @@ -74,19 +80,74 @@ fromIPWithMask (IPWithNumMask ip m) = fromIPAddr ip ++ "/" ++ show m data Rule = Rule { ruleChain :: Chain - , ruleTarget :: Target + , ruleTable :: Table , ruleRules :: Rules } deriving (Eq, Show) +data Table = Filter TargetFilter | Nat TargetNat | Mangle TargetMangle | Raw TargetRaw | Security TargetSecurity + deriving (Eq, Show) + +toIpTableTable :: Table -> [String] +toIpTableTable f = ["-t", table, "-j", target] + where + (table, target) = toIpTableTable' f + +toIpTableTable' :: Table -> (String, String) +toIpTableTable' (Filter target) = ("filter", fromTargetFilter target) +toIpTableTable' (Nat target) = ("nat", fromTargetNat target) +toIpTableTable' (Mangle target) = ("mangle", fromTargetMangle target) +toIpTableTable' (Raw target) = ("raw", fromTargetRaw target) +toIpTableTable' (Security target) = ("security", fromTargetSecurity target) + data Chain = INPUT | OUTPUT | FORWARD deriving (Eq, Show) -data Target = ACCEPT | REJECT | DROP | LOG | CustomTarget String +data TargetFilter = ACCEPT | REJECT | DROP | LOG | FilterCustom String + deriving (Eq, Show) + +fromTargetFilter :: TargetFilter -> String +fromTargetFilter ACCEPT = "ACCEPT" +fromTargetFilter REJECT = "REJECT" +fromTargetFilter DROP = "DROP" +fromTargetFilter LOG = "LOG" +fromTargetFilter (FilterCustom f) = f + +data TargetNat = NatPREROUTING | NatOUTPUT | NatPOSTROUTING | NatCustom String + deriving (Eq, Show) + +fromTargetNat :: TargetNat -> String +fromTargetNat NatPREROUTING = "PREROUTING" +fromTargetNat NatOUTPUT = "OUTPUT" +fromTargetNat NatPOSTROUTING = "POSTROUTING" +fromTargetNat (NatCustom f) = f + +data TargetMangle = ManglePREROUTING | MangleOUTPUT | MangleINPUT | MangleFORWARD | ManglePOSTROUTING | MangleCustom String + deriving (Eq, Show) + +fromTargetMangle :: TargetMangle -> String +fromTargetMangle ManglePREROUTING = "PREROUTING" +fromTargetMangle MangleOUTPUT = "OUTPUT" +fromTargetMangle MangleINPUT = "INPUT" +fromTargetMangle MangleFORWARD = "FORWARD" +fromTargetMangle ManglePOSTROUTING = "POSTROUTING" +fromTargetMangle (MangleCustom f) = f + +data TargetRaw = RawPREROUTING | RawOUTPUT | RawCustom String + deriving (Eq, Show) + +fromTargetRaw :: TargetRaw -> String +fromTargetRaw RawPREROUTING = "PREROUTING" +fromTargetRaw RawOUTPUT = "OUTPUT" +fromTargetRaw (RawCustom f) = f + +data TargetSecurity = SecurityINPUT | SecurityOUTPUT | SecurityFORWARD | SecurityCustom String deriving (Eq, Show) -fromTarget :: Target -> String -fromTarget (CustomTarget ct) = ct -fromTarget t = show t +fromTargetSecurity :: TargetSecurity -> String +fromTargetSecurity SecurityINPUT = "INPUT" +fromTargetSecurity SecurityOUTPUT = "OUTPUT" +fromTargetSecurity SecurityFORWARD = "FORWARD" +fromTargetSecurity (SecurityCustom f) = f data Proto = TCP | UDP | ICMP deriving (Eq, Show) -- cgit v1.2.3 From a447ac06b17beb444c922136c0124c1781f3f63a Mon Sep 17 00:00:00 2001 From: Félix Sipma Date: Mon, 8 Feb 2016 11:33:48 +0100 Subject: Firewall: export fromIPWithMask (cherry picked from commit 57f7d81f1124fa5c56a593b9d5de6448155a938e) --- src/Propellor/Property/Firewall.hs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs index 4498b82d..d7a2d9bc 100644 --- a/src/Propellor/Property/Firewall.hs +++ b/src/Propellor/Property/Firewall.hs @@ -15,7 +15,8 @@ module Propellor.Property.Firewall ( Proto(..), Rules(..), ConnectionState(..), - IPWithMask(..) + IPWithMask(..), + fromIPWithMask ) where import Data.Monoid -- cgit v1.2.3 From 3fd1c61d1c526bf68b5e52b638bf68a1af95bc2b Mon Sep 17 00:00:00 2001 From: Félix Sipma Date: Thu, 25 Feb 2016 17:55:26 +0100 Subject: add FromTarget class (cherry picked from commit 226bf3e8230037ad2de38760c962033ab6c64d9f) --- src/Propellor/Property/Firewall.hs | 67 ++++++++++++++++++++------------------ 1 file changed, 35 insertions(+), 32 deletions(-) diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs index d7a2d9bc..eefc8342 100644 --- a/src/Propellor/Property/Firewall.hs +++ b/src/Propellor/Property/Firewall.hs @@ -94,11 +94,11 @@ toIpTableTable f = ["-t", table, "-j", target] (table, target) = toIpTableTable' f toIpTableTable' :: Table -> (String, String) -toIpTableTable' (Filter target) = ("filter", fromTargetFilter target) -toIpTableTable' (Nat target) = ("nat", fromTargetNat target) -toIpTableTable' (Mangle target) = ("mangle", fromTargetMangle target) -toIpTableTable' (Raw target) = ("raw", fromTargetRaw target) -toIpTableTable' (Security target) = ("security", fromTargetSecurity target) +toIpTableTable' (Filter target) = ("filter", fromTarget target) +toIpTableTable' (Nat target) = ("nat", fromTarget target) +toIpTableTable' (Mangle target) = ("mangle", fromTarget target) +toIpTableTable' (Raw target) = ("raw", fromTarget target) +toIpTableTable' (Security target) = ("security", fromTarget target) data Chain = INPUT | OUTPUT | FORWARD deriving (Eq, Show) @@ -106,49 +106,52 @@ data Chain = INPUT | OUTPUT | FORWARD data TargetFilter = ACCEPT | REJECT | DROP | LOG | FilterCustom String deriving (Eq, Show) -fromTargetFilter :: TargetFilter -> String -fromTargetFilter ACCEPT = "ACCEPT" -fromTargetFilter REJECT = "REJECT" -fromTargetFilter DROP = "DROP" -fromTargetFilter LOG = "LOG" -fromTargetFilter (FilterCustom f) = f +class FromTarget a where + fromTarget :: a -> String + +instance FromTarget TargetFilter where + fromTarget ACCEPT = "ACCEPT" + fromTarget REJECT = "REJECT" + fromTarget DROP = "DROP" + fromTarget LOG = "LOG" + fromTarget (FilterCustom f) = f data TargetNat = NatPREROUTING | NatOUTPUT | NatPOSTROUTING | NatCustom String deriving (Eq, Show) -fromTargetNat :: TargetNat -> String -fromTargetNat NatPREROUTING = "PREROUTING" -fromTargetNat NatOUTPUT = "OUTPUT" -fromTargetNat NatPOSTROUTING = "POSTROUTING" -fromTargetNat (NatCustom f) = f +instance FromTarget TargetNat where + fromTarget NatPREROUTING = "PREROUTING" + fromTarget NatOUTPUT = "OUTPUT" + fromTarget NatPOSTROUTING = "POSTROUTING" + fromTarget (NatCustom f) = f data TargetMangle = ManglePREROUTING | MangleOUTPUT | MangleINPUT | MangleFORWARD | ManglePOSTROUTING | MangleCustom String deriving (Eq, Show) -fromTargetMangle :: TargetMangle -> String -fromTargetMangle ManglePREROUTING = "PREROUTING" -fromTargetMangle MangleOUTPUT = "OUTPUT" -fromTargetMangle MangleINPUT = "INPUT" -fromTargetMangle MangleFORWARD = "FORWARD" -fromTargetMangle ManglePOSTROUTING = "POSTROUTING" -fromTargetMangle (MangleCustom f) = f +instance FromTarget TargetMangle where + fromTarget ManglePREROUTING = "PREROUTING" + fromTarget MangleOUTPUT = "OUTPUT" + fromTarget MangleINPUT = "INPUT" + fromTarget MangleFORWARD = "FORWARD" + fromTarget ManglePOSTROUTING = "POSTROUTING" + fromTarget (MangleCustom f) = f data TargetRaw = RawPREROUTING | RawOUTPUT | RawCustom String deriving (Eq, Show) -fromTargetRaw :: TargetRaw -> String -fromTargetRaw RawPREROUTING = "PREROUTING" -fromTargetRaw RawOUTPUT = "OUTPUT" -fromTargetRaw (RawCustom f) = f +instance FromTarget TargetRaw where + fromTarget RawPREROUTING = "PREROUTING" + fromTarget RawOUTPUT = "OUTPUT" + fromTarget (RawCustom f) = f data TargetSecurity = SecurityINPUT | SecurityOUTPUT | SecurityFORWARD | SecurityCustom String deriving (Eq, Show) -fromTargetSecurity :: TargetSecurity -> String -fromTargetSecurity SecurityINPUT = "INPUT" -fromTargetSecurity SecurityOUTPUT = "OUTPUT" -fromTargetSecurity SecurityFORWARD = "FORWARD" -fromTargetSecurity (SecurityCustom f) = f +instance FromTarget TargetSecurity where + fromTarget SecurityINPUT = "INPUT" + fromTarget SecurityOUTPUT = "OUTPUT" + fromTarget SecurityFORWARD = "FORWARD" + fromTarget (SecurityCustom f) = f data Proto = TCP | UDP | ICMP deriving (Eq, Show) -- cgit v1.2.3 From 88a6e57c010dbb1a2ebb9b33d827f52fe6a0d25a Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 25 Feb 2016 17:23:14 -0400 Subject: changelog --- debian/changelog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/debian/changelog b/debian/changelog index cf74edaf..a7f38a96 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,10 @@ propellor (2.16.0) UNRELEASED; urgency=medium an unfortunate trademark use policy. http://joeyh.name/blog/entry/trademark_nonsense/ * That included changing a data constructor to "FooBuntu", an API change. + * Firewall: add InIFace/OutIFace Rules, add Source/Destination Rules, + add CustomTarget, and more improvements. + Thanks, Félix Sipma. + * Firewall.rule: Now takes a Table parameter. (API change) -- Joey Hess Fri, 19 Feb 2016 11:29:53 -0400 -- cgit v1.2.3 From e885431da416d26e01454edf47fefbc0777dcbdd Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 25 Feb 2016 17:26:41 -0400 Subject: FooBuntu -> Buntish Seems that Canonical have trademarked numerous words ending in "buntu", and would like to trademark anything ending in that to the extent their lawyers can make that happen. --- debian/changelog | 6 +++--- .../comment_1_f324bed708305e2667bd00f80544dd90._comment | 2 +- src/Propellor/Property.hs | 2 +- src/Propellor/Property/Chroot.hs | 2 +- src/Propellor/Property/Debootstrap.hs | 6 +++--- src/Propellor/Property/OS.hs | 2 +- src/Propellor/Types/OS.hs | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/debian/changelog b/debian/changelog index a7f38a96..bd4e2908 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,10 +4,10 @@ propellor (2.16.0) UNRELEASED; urgency=medium different backup properties, to avoid concurrent jobs fighting over scarce resources (particularly memory). Other jobs block on a lock file. - * Removed references to *buntu from code and documentation because of - an unfortunate trademark use policy. + * Removed references to a Debian derivative from code and documentation + because of an unfortunate trademark use policy. http://joeyh.name/blog/entry/trademark_nonsense/ - * That included changing a data constructor to "FooBuntu", an API change. + * That included changing a data constructor to "Buntish", an API change. * Firewall: add InIFace/OutIFace Rules, add Source/Destination Rules, add CustomTarget, and more improvements. Thanks, Félix Sipma. diff --git a/doc/forum/Supported_OS/comment_1_f324bed708305e2667bd00f80544dd90._comment b/doc/forum/Supported_OS/comment_1_f324bed708305e2667bd00f80544dd90._comment index ed972c01..7649e95e 100644 --- a/doc/forum/Supported_OS/comment_1_f324bed708305e2667bd00f80544dd90._comment +++ b/doc/forum/Supported_OS/comment_1_f324bed708305e2667bd00f80544dd90._comment @@ -13,7 +13,7 @@ like this: foo :: Property foo = property "foo" withOS desc $ \o -> case o of (Just (System (Debian _) _)) -> ensureProperty fooDebian - (Just (System (FooBuntu _) _)) -> ensureProperty fooBuntu + (Just (System (Buntish _) _)) -> ensureProperty fooBuntu The first step for adding a new OS will be to modify . Compilation will then warn about all OS parameterized properties that diff --git a/src/Propellor/Property.hs b/src/Propellor/Property.hs index eee1409c..fe99a3fd 100644 --- a/src/Propellor/Property.hs +++ b/src/Propellor/Property.hs @@ -255,7 +255,7 @@ isNewerThan x y = do -- -- > myproperty = withOS "foo installed" $ \o -> case o of -- > (Just (System (Debian suite) arch)) -> ... --- > (Just (System (FooBuntu release) arch)) -> ... +-- > (Just (System (Buntish release) arch)) -> ... -- > Nothing -> ... withOS :: Desc -> (Maybe System -> Propellor Result) -> Property NoInfo withOS desc a = property desc $ a =<< getOS diff --git a/src/Propellor/Property/Chroot.hs b/src/Propellor/Property/Chroot.hs index 44d7036d..e0ff477d 100644 --- a/src/Propellor/Property/Chroot.hs +++ b/src/Propellor/Property/Chroot.hs @@ -90,7 +90,7 @@ data Debootstrapped = Debootstrapped Debootstrap.DebootstrapConfig instance ChrootBootstrapper Debootstrapped where buildchroot (Debootstrapped cf) system loc = case system of (Just s@(System (Debian _) _)) -> Right $ debootstrap s - (Just s@(System (FooBuntu _) _)) -> Right $ debootstrap s + (Just s@(System (Buntish _) _)) -> Right $ debootstrap s Nothing -> Left "Cannot debootstrap; `os` property not specified" where debootstrap s = Debootstrap.built loc s cf diff --git a/src/Propellor/Property/Debootstrap.hs b/src/Propellor/Property/Debootstrap.hs index 445c0629..6a566853 100644 --- a/src/Propellor/Property/Debootstrap.hs +++ b/src/Propellor/Property/Debootstrap.hs @@ -91,7 +91,7 @@ built' installprop target system@(System _ arch) config = extractSuite :: System -> Maybe String extractSuite (System (Debian s) _) = Just $ Apt.showSuite s -extractSuite (System (FooBuntu r) _) = Just r +extractSuite (System (Buntish r) _) = Just r -- | Ensures debootstrap is installed. -- @@ -108,12 +108,12 @@ installed = install remove ) installon (Just (System (Debian _) _)) = aptinstall - installon (Just (System (FooBuntu _) _)) = aptinstall + installon (Just (System (Buntish _) _)) = aptinstall installon _ = sourceInstall remove = withOS "debootstrap removed" $ ensureProperty . removefrom removefrom (Just (System (Debian _) _)) = aptremove - removefrom (Just (System (FooBuntu _) _)) = aptremove + removefrom (Just (System (Buntish _) _)) = aptremove removefrom _ = sourceRemove aptinstall = Apt.installed ["debootstrap"] diff --git a/src/Propellor/Property/OS.hs b/src/Propellor/Property/OS.hs index 403b1df3..5678b818 100644 --- a/src/Propellor/Property/OS.hs +++ b/src/Propellor/Property/OS.hs @@ -85,7 +85,7 @@ cleanInstallOnce confirmation = check (not <$> doesFileExist flagfile) $ osbootstrapped = withOS (newOSDir ++ " bootstrapped") $ \o -> case o of (Just d@(System (Debian _) _)) -> debootstrap d - (Just u@(System (FooBuntu _) _)) -> debootstrap u + (Just u@(System (Buntish _) _)) -> debootstrap u _ -> error "os is not declared to be Debian or *buntu" debootstrap targetos = ensureProperty $ diff --git a/src/Propellor/Types/OS.hs b/src/Propellor/Types/OS.hs index 6c2dd28e..c302d11d 100644 --- a/src/Propellor/Types/OS.hs +++ b/src/Propellor/Types/OS.hs @@ -24,7 +24,7 @@ data System = System Distribution Architecture data Distribution = Debian DebianSuite - | FooBuntu Release -- ^ "*buntu" (The actual name of this distribution is not used in Propellor per ) + | Buntish Release -- ^ A well-known Debian derivative founded by a space tourist. The actual name of this distribution is not used in Propellor per ) deriving (Show, Eq) -- | Debian has several rolling suites, and a number of stable releases, -- cgit v1.2.3 From 0cba8dec39447f030c0f765d1d84a1c2466b9bfc Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 26 Feb 2016 10:55:14 -0400 Subject: Ssh.authorizedKey: Fix bug preventing it from working when the authorized_keys file does not yet exist. --- debian/changelog | 2 ++ src/Propellor/Property/Ssh.hs | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index bd4e2908..76367e6d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,6 +12,8 @@ propellor (2.16.0) UNRELEASED; urgency=medium add CustomTarget, and more improvements. Thanks, Félix Sipma. * Firewall.rule: Now takes a Table parameter. (API change) + * Ssh.authorizedKey: Fix bug preventing it from working when the + authorized_keys file does not yet exist. -- Joey Hess Fri, 19 Feb 2016 11:29:53 -0400 diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs index 9e1fb7af..c21f009f 100644 --- a/src/Propellor/Property/Ssh.hs +++ b/src/Propellor/Property/Ssh.hs @@ -417,6 +417,6 @@ unauthorizedKey user@(User u) l = property desc $ do modAuthorizedKey :: FilePath -> User -> Property NoInfo -> Propellor Result modAuthorizedKey f user p = ensureProperty $ p - `requires` File.mode f (combineModes [ownerWriteMode, ownerReadMode]) - `requires` File.ownerGroup f user (userGroup user) - `requires` File.ownerGroup (takeDirectory f) user (userGroup user) + `before` File.mode f (combineModes [ownerWriteMode, ownerReadMode]) + `before` File.ownerGroup f user (userGroup user) + `before` File.ownerGroup (takeDirectory f) user (userGroup user) -- cgit v1.2.3