From b6c5f547419ce95d20453f30403e1a5860720fe6 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 19 Aug 2014 14:33:43 -0400 Subject: The Debian package now includes a single-revision git repository in /usr/src/propellor/, and ~/.propellor/ is set up to use this repository as its "upstream" remote. This avoids relying on the security of the github repository when using the Debian package. --- Makefile | 1 + debian/README.Debian | 7 ++++++- debian/changelog | 4 ++++ debian/control | 1 + src/wrapper.hs | 34 +++++++++++++++------------------- 5 files changed, 27 insertions(+), 20 deletions(-) diff --git a/Makefile b/Makefile index d6e8fe6f..20087723 100644 --- a/Makefile +++ b/Makefile @@ -25,6 +25,7 @@ install: $(CABAL) sdist cat dist/propellor-*.tar.gz | \ (cd $(DESTDIR)/usr/src/propellor && tar zx --strip-components=1) + cd $(DESTDIR)/usr/src/propellor && git init && git add . && git commit -m "current version of propellor" clean: rm -rf dist Setup tags propellor privdata/local diff --git a/debian/README.Debian b/debian/README.Debian index 78077483..73fea47d 100644 --- a/debian/README.Debian +++ b/debian/README.Debian @@ -8,4 +8,9 @@ Edit ~/.propellor/config.hs to configure it. Note that upgrading the propellor package will not update your ~/.propellor/ repository. You can `git pull upstream` in your repository to -update to the current upstream. +update to the current upstream source, as distributed in the Debian +package. + +Older versions of propellor set the upstream remote to +point to a repository on github, so if you used one of them, you may want +to change it to point to the new location, /usr/src/propellor/ diff --git a/debian/changelog b/debian/changelog index ca413199..286c5a8c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,9 @@ propellor (0.8.3) UNRELEASED; urgency=medium + * The Debian package now includes a single-revision git repository in + /usr/src/propellor/, and ~/.propellor/ is set up to use this repository as + its "upstream" remote. This avoids relying on the security of the github + repository when using the Debian package. * Included the config.hs symlink to config-simple.hs in the cabal and Debian packages. diff --git a/debian/control b/debian/control index a4dc2466..2d113cdf 100644 --- a/debian/control +++ b/debian/control @@ -3,6 +3,7 @@ Section: admin Priority: optional Build-Depends: debhelper (>= 9), + git, ghc (>= 7.4), cabal-install, libghc-async-dev, diff --git a/src/wrapper.hs b/src/wrapper.hs index 4d2c50fc..694067df 100644 --- a/src/wrapper.hs +++ b/src/wrapper.hs @@ -9,8 +9,8 @@ -- uses it to build the real propellor program (if not already built), -- and runs it. -- --- The source is either copied from /usr/src/propellor, or is cloned from --- git over the network. +-- The source is cloned from /usr/src/propellor when available, +-- or is cloned from git over the network. module Main where @@ -28,13 +28,13 @@ import System.Environment (getArgs) import System.Exit import System.Posix.Directory -srcdir :: FilePath -srcdir = "/usr/src/propellor" +localrepo :: FilePath +localrepo = "/usr/src/propellor" -- Using the github mirror of the main propellor repo because -- it is accessible over https for better security. -srcrepo :: String -srcrepo = "https://github.com/joeyh/propellor.git" +netrepo :: String +netrepo = "https://github.com/joeyh/propellor.git" main :: IO () main = do @@ -56,29 +56,25 @@ wrapper args propellordir propellorbin = do makeRepo = do putStrLn $ "Setting up your propellor repo in " ++ propellordir putStrLn "" - ifM (doesDirectoryExist srcdir) + ifM (doesDirectoryExist localrepo) ( do - void $ boolSystem "cp" [Param "-a", File srcdir, File propellordir] - changeWorkingDirectory propellordir - void $ boolSystem "git" [Param "init"] - void $ boolSystem "git" [Param "add", Param "."] - setuprepo True + void $ boolSystem "git" [Param "clone", File localrepo, File propellordir] + setuprepo True localrepo , do - void $ boolSystem "git" [Param "clone", Param srcrepo, File propellordir] - void $ boolSystem "git" [Param "remote", Param "rm", Param "origin"] - setuprepo False + void $ boolSystem "git" [Param "clone", Param netrepo, File propellordir] + setuprepo False netrepo ) - setuprepo fromsrcdir = do + setuprepo fromlocalrepo repolocation = do changeWorkingDirectory propellordir whenM (doesDirectoryExist "privdata") $ mapM_ nukeFile =<< dirContents "privdata" - void $ boolSystem "git" [Param "commit", Param "--allow-empty", Param "--quiet", Param "-m", Param "setting up propellor git repository"] - void $ boolSystem "git" [Param "remote", Param "add", Param "upstream", Param srcrepo] + void $ boolSystem "git" [Param "remote", Param "rm", Param "origin"] + void $ boolSystem "git" [Param "remote", Param "add", Param "upstream", Param repolocation] -- Connect synthetic git repo with upstream history so -- merging with upstream will work going forward. -- Note -s ours is used to avoid getting any divergent -- changes from upstream. - when fromsrcdir $ do + when (not fromlocalrepo) $ do void $ boolSystem "git" [Param "fetch", Param "upstream"] version <- readProcess "dpkg-query" ["--showformat", "${Version}", "--show", "propellor"] void $ boolSystem "git" [Param "merge", Param "-s", Param "ours", Param version] -- cgit v1.2.3