From 527975dffec07458e25f100257ec70a3c826c20d Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 5 Dec 2014 16:33:23 -0400 Subject: hasSomePassword and hasPassword now check to make sure shadow passwords are enabled. --- src/Propellor/Property/OS.hs | 3 +-- src/Propellor/Property/User.hs | 16 +++++++++------- 2 files changed, 10 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/src/Propellor/Property/OS.hs b/src/Propellor/Property/OS.hs index 30f8c4bb..3f999e23 100644 --- a/src/Propellor/Property/OS.hs +++ b/src/Propellor/Property/OS.hs @@ -45,8 +45,7 @@ import Control.Exception (throw) -- > & os (System (Debian Unstable) "amd64") -- > & cleanInstallOnce (Confirmed "foo.example.com") -- > `onChange` propertyList "fixing up after clean install" --- > [ User.shadowConfig True --- > , preserveNetworkInterfaces +-- > [ preserveNetworkInterfaces -- > , preserveResolvConf -- > , preserverRootSshAuthorized -- > , Apt.update diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs index ccb69b24..5c8e768c 100644 --- a/src/Propellor/Property/User.hs +++ b/src/Propellor/Property/User.hs @@ -44,13 +44,15 @@ hasPassword user = property (user ++ "has password") $ do ensureProperty $ hasPassword' user (Context hostname) hasPassword' :: UserName -> Context -> Property -hasPassword' user context = withPrivData (Password user) context $ \getpassword -> - property (user ++ " has password") $ - getpassword $ \password -> makeChange $ - withHandle StdinHandle createProcessSuccess - (proc "chpasswd" []) $ \h -> do - hPutStrLn h $ user ++ ":" ++ password - hClose h +hasPassword' user context = go `requires` shadowConfig True + where + go = withPrivData (Password user) context $ \getpassword -> + property (user ++ " has password") $ + getpassword $ \password -> makeChange $ + withHandle StdinHandle createProcessSuccess + (proc "chpasswd" []) $ \h -> do + hPutStrLn h $ user ++ ":" ++ password + hClose h lockedPassword :: UserName -> Property lockedPassword user = check (not <$> isLockedPassword user) $ cmdProperty "passwd" -- cgit v1.2.3 From 00ab24016453c1d787b7132654f96f614d177d27 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 5 Dec 2014 16:47:18 -0400 Subject: fix install of debootstrap from source --- src/Propellor/Property/Debootstrap.hs | 9 +++++++-- src/Propellor/Property/OS.hs | 5 ++++- 2 files changed, 11 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/Propellor/Property/Debootstrap.hs b/src/Propellor/Property/Debootstrap.hs index 35d9e472..b4fd2654 100644 --- a/src/Propellor/Property/Debootstrap.hs +++ b/src/Propellor/Property/Debootstrap.hs @@ -2,7 +2,9 @@ module Propellor.Property.Debootstrap ( Url, DebootstrapConfig(..), built, + built', installed, + sourceInstall, programPath, ) where @@ -54,11 +56,14 @@ toParams (c1 :+ c2) = toParams c1 <> toParams c2 -- Note that reverting this property does not stop any processes -- currently running in the chroot. built :: FilePath -> System -> DebootstrapConfig -> RevertableProperty -built target system@(System _ arch) config = +built = built' (toProp installed) + +built' :: Property -> FilePath -> System -> DebootstrapConfig -> RevertableProperty +built' installprop target system@(System _ arch) config = RevertableProperty setup teardown where setup = check (unpopulated target <||> ispartial) setupprop - `requires` toProp installed + `requires` installprop teardown = check (not <$> unpopulated target) teardownprop diff --git a/src/Propellor/Property/OS.hs b/src/Propellor/Property/OS.hs index 3f999e23..020d7435 100644 --- a/src/Propellor/Property/OS.hs +++ b/src/Propellor/Property/OS.hs @@ -78,7 +78,10 @@ cleanInstallOnce confirmation = check (not <$> doesFileExist flagfile) $ (Just u@(System (Ubuntu _) _)) -> debootstrap u _ -> error "os is not declared to be Debian or Ubuntu" debootstrap targetos = ensureProperty $ toProp $ - Debootstrap.built newOSDir targetos Debootstrap.DefaultConfig + -- Ignore the os setting, and install debootstrap from + -- source, since we don't know what OS we're running in yet. + Debootstrap.built' Debootstrap.sourceInstall + newOSDir targetos Debootstrap.DefaultConfig flipped = property (newOSDir ++ " moved into place") $ liftIO $ do -- First, unmount most mount points, lazily, so -- cgit v1.2.3 From 5ae6a302df5c7bd71cd5dadb53e5bb5e710762b3 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 5 Dec 2014 17:44:09 -0400 Subject: some comments --- src/Propellor/Property/OS.hs | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/Propellor/Property/OS.hs b/src/Propellor/Property/OS.hs index 020d7435..22414bb6 100644 --- a/src/Propellor/Property/OS.hs +++ b/src/Propellor/Property/OS.hs @@ -77,12 +77,19 @@ cleanInstallOnce confirmation = check (not <$> doesFileExist flagfile) $ (Just d@(System (Debian _) _)) -> debootstrap d (Just u@(System (Ubuntu _) _)) -> debootstrap u _ -> error "os is not declared to be Debian or Ubuntu" + debootstrap targetos = ensureProperty $ toProp $ -- Ignore the os setting, and install debootstrap from -- source, since we don't know what OS we're running in yet. Debootstrap.built' Debootstrap.sourceInstall newOSDir targetos Debootstrap.DefaultConfig - + -- debootstrap, I wish it was faster.. + -- TODO eatmydata to speed it up + -- Problem: Installing eatmydata on some random OS like + -- Fedora may be difficult. Maybe configure dpkg to not + -- sync instead? + + -- This is the fun bit. flipped = property (newOSDir ++ " moved into place") $ liftIO $ do -- First, unmount most mount points, lazily, so -- they don't interfere with moving things around. @@ -175,7 +182,7 @@ confirmed desc (Confirmed c) = property desc $ do -- | /etc/network/interfaces is configured to bring up all interfaces that -- are currently up, using the same IP addresses. preserveNetworkInterfaces :: Property -preserveNetworkInterfaces = undefined +preserveNetworkInterfaces = undefined -- TODO -- | /etc/resolv.conf is copied the from the old OS preserveResolvConf :: Property -- cgit v1.2.3