From 8d91b5de6b43333ba77974053cdcdfa87409fb62 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 15 Nov 2014 17:02:25 -0400 Subject: Convert GpgKeyId to newtype --- src/Propellor/Property/Gpg.hs | 8 +++----- src/Propellor/Property/Obnam.hs | 4 +++- src/Propellor/Property/SiteSpecific/JoeySites.hs | 5 ++--- 3 files changed, 8 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/src/Propellor/Property/Gpg.hs b/src/Propellor/Property/Gpg.hs index b4698663..5819ea7b 100644 --- a/src/Propellor/Property/Gpg.hs +++ b/src/Propellor/Property/Gpg.hs @@ -9,7 +9,8 @@ import System.PosixCompat installed :: Property installed = Apt.installed ["gnupg"] -type GpgKeyId = String +-- A numeric id, or a description of the key, in a form understood by gpg. +newtype GpgKeyId = GpgKeyId { getGpgKeyId :: String } -- | Sets up a user with a gpg key from the privdata. -- @@ -19,11 +20,8 @@ type GpgKeyId = String -- -- Recommend only using this for low-value dedicated role keys. -- No attempt has been made to scrub the key out of memory once it's used. --- --- The GpgKeyId does not have to be a numeric id; it can just as easily --- be a description of the key. keyImported :: GpgKeyId -> UserName -> Property -keyImported keyid user = flagFile' prop genflag +keyImported (GpgKeyId keyid) user = flagFile' prop genflag `requires` installed where desc = user ++ " has gpg key " ++ show keyid diff --git a/src/Propellor/Property/Obnam.hs b/src/Propellor/Property/Obnam.hs index e18ca3f9..4dc895ef 100644 --- a/src/Propellor/Property/Obnam.hs +++ b/src/Propellor/Property/Obnam.hs @@ -48,8 +48,10 @@ backup dir crontimes params numclients = -- into root's keyring using Propellor.Property.Gpg.keyImported backupEncrypted :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Gpg.GpgKeyId -> Property backupEncrypted dir crontimes params numclients keyid = - backup dir crontimes (("--encrypt-with=" ++ keyid):params) numclients + backup dir crontimes params' numclients `requires` Gpg.keyImported keyid "root" + where + params' = ("--encrypt-with=" ++ Gpg.getGpgKeyId keyid) : params -- | Does a backup, but does not automatically restore. backup' :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 7b8216fb..4a95067f 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -144,9 +144,8 @@ gitServer hosts = propertyList "git.kitenet.net setup" [ Obnam.latestVersion , Obnam.backupEncrypted "/srv/git" "33 3 * * *" [ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net" - , "--encrypt-with=1B169BE1" , "--client-name=wren" -- historical - ] Obnam.OnlyClient "1B169BE1" + ] Obnam.OnlyClient (Gpg.GpgKeyId "1B169BE1") `requires` Ssh.keyImported SshRsa "root" (Context "git.kitenet.net") `requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root" `requires` Ssh.authorizedKeys "family" (Context "git.kitenet.net") @@ -283,7 +282,7 @@ gitAnnexDistributor = combineProperties "git-annex distributor, including rsync , endpoint "/srv/web/downloads.kitenet.net/git-annex/autobuild" , endpoint "/srv/web/downloads.kitenet.net/git-annex/autobuild/x86_64-apple-mavericks" -- git-annex distribution signing key - , Gpg.keyImported "89C809CB" "joey" + , Gpg.keyImported (Gpg.GpgKeyId "89C809CB") "joey" ] where endpoint d = combineProperties ("endpoint " ++ d) -- cgit v1.2.3 From 46cd2ad0e067ba85d82ad75bb4d358e71d971ed3 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 17 Nov 2014 16:42:15 -0400 Subject: DigitalOcean.distroKernel property now reboots into the distribution kernel when necessary. It might be better to do this check on boot to limit the time running the DO kernel (which is not well security supported), but that has the possibility of entering a bad reboot loop. Limiting this check to when propellor runs avoids that, while still fixing the problem pretty fast. --- debian/changelog | 2 ++ .../Property/HostingProvider/DigitalOcean.hs | 39 +++++++++++++++++++--- 2 files changed, 36 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/debian/changelog b/debian/changelog index b3a8a20c..3858ac2f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,8 @@ propellor (0.9.3) UNRELEASED; urgency=medium * When multiple gpg keys are added, ensure that the privdata file can be decrypted by all of them. * Convert GpgKeyId to newtype. + * DigitalOcean.distroKernel property now reboots into the distribution + kernel when necessary. -- Joey Hess Mon, 10 Nov 2014 11:15:27 -0400 diff --git a/src/Propellor/Property/HostingProvider/DigitalOcean.hs b/src/Propellor/Property/HostingProvider/DigitalOcean.hs index 4565935f..32165d48 100644 --- a/src/Propellor/Property/HostingProvider/DigitalOcean.hs +++ b/src/Propellor/Property/HostingProvider/DigitalOcean.hs @@ -1,21 +1,50 @@ -module Propellor.Property.HostingProvider.DigitalOcean where +module Propellor.Property.HostingProvider.DigitalOcean ( + distroKernel +) where import Propellor import qualified Propellor.Property.Apt as Apt import qualified Propellor.Property.File as File +import Data.List + -- Digital Ocean does not provide any way to boot -- the kernel provided by the distribution, except using kexec. -- Without this, some old, and perhaps insecure kernel will be used. -- --- Note that this only causes the new kernel to be loaded on reboot. --- If the power is cycled, the old kernel still boots up. --- TODO: detect this and reboot immediately? +-- This property causes the distro kernel to be loaded on reboot, using kexec. +-- +-- If the power is cycled, the non-distro kernel still boots up. +-- So, this property also checks if the running kernel is present in /boot, +-- and if not, reboots immediately into a distro kernel. distroKernel :: Property distroKernel = propertyList "digital ocean distro kernel hack" - [ Apt.installed ["grub-pc", "kexec-tools"] + [ Apt.installed ["grub-pc", "kexec-tools", "file"] , "/etc/default/kexec" `File.containsLines` [ "LOAD_KEXEC=true" , "USE_GRUB_CONFIG=true" ] `describe` "kexec configured" + , check (not <$> runningInstalledKernel) + (cmdProperty "reboot" []) + `describe` "running installed kernel" ] + +runningInstalledKernel :: IO Bool +runningInstalledKernel = do + kernelver <- takeWhile (/= '\n') <$> readProcess "uname" ["-r"] + when (null kernelver) $ + error "failed to read uname -r" + kernelimages <- concat <$> mapM kernelsIn ["/", "/boot/"] + when (null kernelimages) $ + error "failed to find any installed kernel images" + findVersion kernelver <$> + readProcess "file" ("-L" : kernelimages) + +-- File output looks something like this, we want to unambiguously +-- match the running kernel version: +-- Linux kernel x86 boot executable bzImage, version 3.16-3-amd64 (debian-kernel@lists.debian.org) #1 SMP Debian 3.1, RO-rootFS, swap_dev 0x2, Normal VGA +findVersion :: String -> String -> Bool +findVersion ver s = (" version " ++ ver ++ " ") `isInfixOf` s + +kernelsIn :: FilePath -> IO [FilePath] +kernelsIn d = filter ("vmlinu" `isInfixOf`) <$> dirContents d -- cgit v1.2.3 From f3beea212c67bea2576e26d1147d412bdd141e9f Mon Sep 17 00:00:00 2001 From: Félix Sipma Date: Mon, 17 Nov 2014 20:23:30 +0100 Subject: Git: isRepo Signed-off-by: Félix Sipma --- src/Propellor/Property/Git.hs | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src') diff --git a/src/Propellor/Property/Git.hs b/src/Propellor/Property/Git.hs index e5df7e48..eb821597 100644 --- a/src/Propellor/Property/Git.hs +++ b/src/Propellor/Property/Git.hs @@ -91,3 +91,6 @@ cloned owner url dir mbranch = check originurl (property desc checkout) -- installed here. , Just "git update-server-info" ] + +isRepo :: FilePath -> IO Bool +isRepo dir = isNothing <$> catchMaybeIO (readProcess "git" ["rev-parse", "--resolve-git-dir", dir]) -- cgit v1.2.3 From fbd8ea3b3d46b8cb56f3b9c82847cc849a37f89d Mon Sep 17 00:00:00 2001 From: Félix Sipma Date: Mon, 17 Nov 2014 21:00:10 +0100 Subject: Git: rename isRepo to isGitDir Signed-off-by: Félix Sipma --- src/Propellor/Property/Git.hs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/Propellor/Property/Git.hs b/src/Propellor/Property/Git.hs index eb821597..8d49cbd0 100644 --- a/src/Propellor/Property/Git.hs +++ b/src/Propellor/Property/Git.hs @@ -92,5 +92,5 @@ cloned owner url dir mbranch = check originurl (property desc checkout) , Just "git update-server-info" ] -isRepo :: FilePath -> IO Bool -isRepo dir = isNothing <$> catchMaybeIO (readProcess "git" ["rev-parse", "--resolve-git-dir", dir]) +isGitDir :: FilePath -> IO Bool +isGitDir dir = isNothing <$> catchMaybeIO (readProcess "git" ["rev-parse", "--resolve-git-dir", dir]) -- cgit v1.2.3