From f65cd1500fca2bb7f44e1c76f07821d7ecf5b132 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 10 Jun 2014 10:08:12 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) (limited to 'src') diff --git a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs index 8ef4f6ae..85584e43 100644 --- a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs +++ b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs @@ -69,22 +69,17 @@ tree buildarch = combineProperties "gitannexbuilder tree" buildDepsApt :: Property buildDepsApt = combineProperties "gitannexbuilder build deps" [ Apt.buildDep ["git-annex"] - , buildDepsFewHaskellLibs + , buildDepsNoHaskellLibs , "git-annex source build deps installed" ==> Apt.buildDepIn builddir ] -buildDepsFewHaskellLibs :: Property -buildDepsFewHaskellLibs = combineProperties "gitannexbuilder build deps" - [ buildDepsNoHaskellLibs - -- these haskell libs depend on C libs and don't use TH - , Apt.installed ["libghc-dbus-dev", "libghc-fdo-notify-dev", "libghc-network-protocol-xmpp-dev"] - ] - buildDepsNoHaskellLibs :: Property buildDepsNoHaskellLibs = Apt.installed ["git", "rsync", "moreutils", "ca-certificates", "debhelper", "ghc", "curl", "openssh-client", "git-remote-gcrypt", "liblockfile-simple-perl", "cabal-install", "vim", "less", + -- needed by haskell libs + "libxml2-dev", "libidn11-dev", "libgsasl7-dev", "libgnutls-dev", "alex", "happy", "c2hs" ] @@ -154,7 +149,7 @@ armelCompanionContainer dockerImage = Docker.container "armel-git-annex-builder- & User.accountFor builduser -- Install current versions of build deps from cabal. & tree "armel" - & buildDepsFewHaskellLibs + & buildDepsNoHaskellLibs & cabalDeps -- The armel builder can ssh to this companion. & Docker.expose "22" @@ -176,7 +171,7 @@ armelAutoBuilderContainer dockerImage crontimes timeout = Docker.container "arme -- (Currently have to run -- git-annex/standalone/linux/install-haskell-packages -- which is not fully automated.) - & buildDepsFewHaskellLibs + & buildDepsNoHaskellLibs & autobuilder crontimes timeout True `requires` tree "armel" & Ssh.keyImported SshRsa builduser -- cgit v1.2.3 From dd554e20b999fbd24ae15e7ee96556ff52d9f0cc Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 10 Jun 2014 15:49:17 -0400 Subject: When git gpg signature of a fetched git branch cannot be verified, propellor will now continue running, but without merging in that branch. This way, propellor doesn't stop enforcing properties just because its new configuration isn't ready. It just uses the old configuration. --- debian/changelog | 2 ++ src/Propellor/CmdLine.hs | 7 ++++--- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/debian/changelog b/debian/changelog index b7303cb3..58ab7ba7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,8 @@ propellor (0.7.0) UNRELEASED; urgency=medium failure. * Attr is renamed to Info. * Renamed wrapper to propellor to make cabal installation of propellor work. + * When git gpg signature of a fetched git branch cannot be verified, + propellor will now continue running, but without merging in that branch. -- Joey Hess Sat, 07 Jun 2014 00:12:44 -0400 diff --git a/src/Propellor/CmdLine.hs b/src/Propellor/CmdLine.hs index 06a5921d..32e97316 100644 --- a/src/Propellor/CmdLine.hs +++ b/src/Propellor/CmdLine.hs @@ -132,6 +132,8 @@ updateFirst cmdline next = do void $ actionMessage "Git fetch" $ boolSystem "git" [Param "fetch"] + oldsha <- getCurrentGitSha1 branchref + whenM (doesFileExist keyring) $ do {- To verify origin branch commit's signature, have to - convince gpg to use our keyring. While running git log. @@ -153,10 +155,9 @@ updateFirst cmdline next = do then do putStrLn $ "git branch " ++ originbranch ++ " gpg signature verified; merging" hFlush stdout - else errorMessage $ "git branch " ++ originbranch ++ " is not signed with a trusted gpg key; refusing to deploy it!" + void $ boolSystem "git" [Param "merge", Param originbranch] + else warningMessage $ "git branch " ++ originbranch ++ " is not signed with a trusted gpg key; refusing to deploy it! (Running with previous configuration instead.)" - oldsha <- getCurrentGitSha1 branchref - void $ boolSystem "git" [Param "merge", Param originbranch] newsha <- getCurrentGitSha1 branchref if oldsha == newsha -- cgit v1.2.3 From 28a80c4c487460129e0a2b30d4b4e4c0b49026b9 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 10 Jun 2014 15:50:42 -0400 Subject: cacheCleaned is trivial --- src/Propellor/Property/Apt.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/Propellor/Property/Apt.hs b/src/Propellor/Property/Apt.hs index 17057af2..7e02a335 100644 --- a/src/Propellor/Property/Apt.hs +++ b/src/Propellor/Property/Apt.hs @@ -265,5 +265,5 @@ trustsKey k = RevertableProperty trust untrust -- | Cleans apt's cache of downloaded packages to avoid using up disk -- space. cacheCleaned :: Property -cacheCleaned = cmdProperty "apt-get" ["clean"] +cacheCleaned = trivial $ cmdProperty "apt-get" ["clean"] `describe` "apt cache cleaned" -- cgit v1.2.3