propellor (0.8.1) unstable; urgency=medium

* Run apt-get update in initial bootstrap. * --list-fields now includes a table of fields that are not currently set, but would be used if they got set. * Remove .gitignore from cabal file list, to avoid build failure on Debian. Closes: #754334 # imported from the archive
author: Joey Hess <joeyh@debian.org> 2014-07-09 22:11:31 -0400
committer: Joey Hess <joeyh@debian.org> 2014-07-09 22:11:31 -0400
commit: 82da31b3e0e9acdfbca4c48eb12ab1f28515ba10 (patch)
tree: 0a3e0c6e134680e35665364b2cd6895863bcc990 /doc/todo/ssh__95__user_+_sudo
3 files changed, 28 insertions, 0 deletions
diff --git a/doc/todo/ssh__95__user_+_sudo/comment_1_3bc008e42587a3313f81ee740d7d80f0._comment b/doc/todo/ssh__95__user_+_sudo/comment_1_3bc008e42587a3313f81ee740d7d80f0._comment
new file mode 100644
index 00000000..e0dc1d7f
--- /dev/null
+++ b/doc/todo/ssh__95__user_+_sudo/comment_1_3bc008e42587a3313f81ee740d7d80f0._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ ip="209.250.56.214"
+ subject="comment 1"
+ date="2014-04-21T13:31:13Z"
+ content="""
+Running propellor that way would probably need ssh to allocate a tty in order for sudo's password prompt to work. And it adds complexity. Does it add security? I don't think so, PermitRootLogin=without-password or PasswordAuthentication=no is not going to let anyone brute force the root account.
+
+PermitRootLogin=forced-commands-only might be worth making easy to set up, so the only command that can be run with some special propellor-specific ssh key is propellor.
+"""]]
diff --git a/doc/todo/ssh__95__user_+_sudo/comment_2_35722c7d6f6c3e2315fbf72878066c01._comment b/doc/todo/ssh__95__user_+_sudo/comment_2_35722c7d6f6c3e2315fbf72878066c01._comment
new file mode 100644
index 00000000..8dc6299b
--- /dev/null
+++ b/doc/todo/ssh__95__user_+_sudo/comment_2_35722c7d6f6c3e2315fbf72878066c01._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="gueux"
+ ip="109.190.19.251"
+ subject="comment 2"
+ date="2014-04-21T13:54:39Z"
+ content="""
+I didn't knew \"PermitRootLogin=forced-commands-only\", it seems great!
+"""]]
diff --git a/doc/todo/ssh__95__user_+_sudo/comment_3_d1e4040677b39342be00359210c02156._comment b/doc/todo/ssh__95__user_+_sudo/comment_3_d1e4040677b39342be00359210c02156._comment
new file mode 100644
index 00000000..506b543a
--- /dev/null
+++ b/doc/todo/ssh__95__user_+_sudo/comment_3_d1e4040677b39342be00359210c02156._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ ip="209.250.56.114"
+ subject="comment 3"
+ date="2014-04-24T22:17:31Z"
+ content="""
+Except that it led you to run into the failure mode described at [[forum/remote.origin_not_copied_to_managed_host?]]
+
+So now we have a concrete change to make: Make /usr/bin/propellor work if it's forced as the only command that can be run. Including making propellor's host bootstrapping work via it.
+"""]]
author	Joey Hess <joeyh@debian.org>	2014-07-09 22:11:31 -0400
committer	Joey Hess <joeyh@debian.org>	2014-07-09 22:11:31 -0400
commit	82da31b3e0e9acdfbca4c48eb12ab1f28515ba10 (patch)
tree	0a3e0c6e134680e35665364b2cd6895863bcc990 /doc/todo/ssh__95__user_+_sudo