Record propellor (0.8.1) in archive suite sid

7 files changed, 76 insertions, 22 deletions

diff --git a/doc/news/version_0.5.0.mdwn b/doc/news/version_0.5.0.mdwn
deleted file mode 100644
index 2d3e1470..00000000
--- a/doc/news/version_0.5.0.mdwn
+++ /dev/null
@@ -1,8 +0,0 @@
-propellor 0.5.0 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Removed root domain records from SOA. Instead, use RootDomain
-     when calling Dns.primary.
-   * Dns primary and secondary properties are now revertable.
-   * When unattendedUpgrades is enabled on an Unstable or Testing system,
-     configure it to allow the upgrades.
-   * New website, https://propellor.branchable.com/"""]]
\ No newline at end of file
diff --git a/doc/news/version_0.5.1.mdwn b/doc/news/version_0.5.1.mdwn
deleted file mode 100644
index c523ae60..00000000
--- a/doc/news/version_0.5.1.mdwn
+++ /dev/null
@@ -1,8 +0,0 @@
-propellor 0.5.1 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Primary DNS servers now have allow-transfer automatically populated
-     with the IP addresses of secondary dns servers. So, it's important
-     that all secondary DNS servers have an ipv4 (and/or ipv6) property
-     configured.
-   * Deal with old ssh connection caching sockets.
-   * Add missing build deps and deps. Closes: #[745459](http://bugs.debian.org/745459)"""]]
\ No newline at end of file
diff --git a/doc/news/version_0.7.0.mdwn b/doc/news/version_0.7.0.mdwn
new file mode 100644
index 00000000..6ce0b517
--- /dev/null
+++ b/doc/news/version_0.7.0.mdwn
@@ -0,0 +1,9 @@
+propellor 0.7.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * combineProperties no longer stops when a property fails; now it continues
+     trying to satisfy all properties on the list before propigating the
+     failure.
+   * Attr is renamed to Info.
+   * Renamed wrapper to propellor to make cabal installation of propellor work.
+   * When git gpg signature of a fetched git branch cannot be verified,
+     propellor will now continue running, but without merging in that branch."""]]
\ No newline at end of file
diff --git a/doc/news/version_0.8.0.mdwn b/doc/news/version_0.8.0.mdwn
new file mode 100644
index 00000000..69dbb927
--- /dev/null
+++ b/doc/news/version_0.8.0.mdwn
@@ -0,0 +1,20 @@
+propellor 0.8.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Completely reworked privdata storage. There is now a single file,
+     and each host is sent only the privdata that its Properties actually use.
+     To transition existing privdata, run propellor against a host and
+     watch out for the red failure messages, and run the suggested commands
+     to store the privdata using the new storage scheme. You may find
+     it useful to run the old version of propellor to extract data from the old
+     privdata files during this migration.
+     Several properties that use privdata now require a context to be
+     specified. If in doubt, you can use anyContext, or
+     Context "hostname.example.com"
+   * Add --edit to edit a privdata value in $EDITOR.
+   * Add --list-fields to list all currently set privdata fields, along with
+     the hosts that use them.
+   * Fix randomHostKeys property to run openssh-server's postinst in a
+     non-failing way.
+   * Hostname.sane now cleans up the 127.0.0.1 localhost line in /etc/hosts,
+     to avoid eg, apache complaining "Could not reliably determine the
+     server's fully qualified domain name"."""]]
\ No newline at end of file
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 5576bf06..075d68ec 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -27,10 +27,11 @@ Since the propoellor git repository is public, you can't store
 in cleartext private data such as passwords, ssh private keys, etc.
 
 Instead, `propellor --spin $host` looks for a
-`~/.propellor/privdata/$host.gpg` file and if found decrypts it and sends
-it to the remote host using ssh. This lets a remote host know its own
-private data, without seeing all the rest.
+`~/.propellor/privdata/privdata.gpg` file and if found decrypts it,
+extracts the private that that the $host needs, and sends it to to the
+$host using ssh. This lets a host know its own private data, without
+seeing all the rest.
 
-To securely store private data, use: `propellor --set $host $field`
-The field name will be something like 'Password "root"'; see PrivData.hs
-for available fields.
+To securely store private data, use: `propellor --set $field $context`
+Propellor will tell you the details when you use a Property that needs
+PrivData.
diff --git a/doc/todo/better_privdata.mdwn b/doc/todo/better_privdata.mdwn
new file mode 100644
index 00000000..1ee9e14f
--- /dev/null
+++ b/doc/todo/better_privdata.mdwn
@@ -0,0 +1,12 @@
+It can be annoying to need to move privdata values around when moving
+services between hosts, which is otherwise often just a cut-n-paste
+of a line in config.hs.
+
+It would be better if privdata were all stored in one Map, and the set of
+privdata that a host's current properties need were sent to it
+automatically, rather than the current 1-file-per-host separation.
+
+For this to work though, each property that uses privdata would need to add
+to the host's Info the privdata field it uses.
+
+> [[done]]! --[[Joey]]
diff --git a/doc/todo/info_propigation_out_of_nested_properties.mdwn b/doc/todo/info_propigation_out_of_nested_properties.mdwn
new file mode 100644
index 00000000..9e69b0b4
--- /dev/null
+++ b/doc/todo/info_propigation_out_of_nested_properties.mdwn
@@ -0,0 +1,28 @@
+Currently, Info about a Host's Properties is manually gathered and
+propigated. propertyList combines the Info of the Properties in the list.
+Docker.docked extracts relevant Info from the Properties of the container
+(but not al of it, intentionally!).
+
+This works, but it's error-prone. Consider this example:
+
+	withOS desc $ \o -> case o of
+                (Just (System (Debian Unstable) _)) -> ensureProperty foo
+		_ -> ensureProperty bar
+
+Here, the Info of `foo` is not propigated out. Nor is `bar`'s Info.
+Of course, only one of them will be run, and only its info should be propigated
+out..
+
+One approach might be to make the Propellor monad be able to be run in two
+modes. In one mode, it actually perform IO, etc. In the other mode, all
+liftIO is a no-op, but all Info encountered is accumulated using a Reader
+monad. This might need two separate monad definitions.
+
+That is surely doable, but the withOS example above shows a problem with it --
+the OS is itself part of a Host's info, so won't be known until all its
+properties have been examined for info!
+
+Perhaps that can be finessed. We don't really need to propigate out OS info.
+Just DNS and PrivDataField Info. So info could be collected in 2 passes,
+first as it's done now by static propertyInfo values. Then by running
+the Properties in the Reader monad.