diff options
9 files changed, 83 insertions, 3 deletions
@@ -1 +1 @@ -joeyconfig.hs
\ No newline at end of file +config-simple.hs
\ No newline at end of file diff --git a/doc/forum/Ldap_and_Propellor.mdwn b/doc/forum/Ldap_and_Propellor.mdwn new file mode 100644 index 00000000..094be12a --- /dev/null +++ b/doc/forum/Ldap_and_Propellor.mdwn @@ -0,0 +1,12 @@ +Hello, + +First, thank you for your program and your work, it's very interesting. I'm trying to use it and I have two questions : + + +1) Is there already some propellor code to deal with Ldap or should I write my own code ? (I didn't see anything in the API doc) + +2) Is it possible to use propellor with another folder than ~/.propellor/ ? (for exemple to deal with several "domains") + +Thank you, + +TobiasBora. diff --git a/doc/forum/Ldap_and_Propellor/comment_1_80f98aaf4927d834dc714faeae7bf167._comment b/doc/forum/Ldap_and_Propellor/comment_1_80f98aaf4927d834dc714faeae7bf167._comment new file mode 100644 index 00000000..7c8d9bbf --- /dev/null +++ b/doc/forum/Ldap_and_Propellor/comment_1_80f98aaf4927d834dc714faeae7bf167._comment @@ -0,0 +1,16 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2016-07-05T20:39:45Z" + content=""" +I don't think that anyone has integrated it with LDAP yet. + +It's easy to use propellor from another location; just put the propellor +git repository anywhere you want, use `make` to build it once, +and run `./propellor` thereafter. + +The only thing that hardcodes using ~/.propellor is the /usr/bin/propellor +wrapper, by running the propellor you built yourself you bypass the need +for the wrapper. I keep propellor in ~/src/propellor on my laptop +and run it this way myself. +"""]] diff --git a/doc/forum/use_withUmask_in_a_property/comment_6_79355b6df4dc750a4ea2e1e13f50dca8._comment b/doc/forum/use_withUmask_in_a_property/comment_6_79355b6df4dc750a4ea2e1e13f50dca8._comment new file mode 100644 index 00000000..6efc3fff --- /dev/null +++ b/doc/forum/use_withUmask_in_a_property/comment_6_79355b6df4dc750a4ea2e1e13f50dca8._comment @@ -0,0 +1,7 @@ +[[!comment format=mdwn + username="gueux" + subject="comment 6" + date="2016-06-24T10:08:51Z" + content=""" +Ahhh! I didn't realize this, now it makes sense to me, thanks! maybe you could make withFile' available in propellor? (and maybe even override withFile) +"""]] diff --git a/doc/forum/use_withUmask_in_a_property/comment_7_6b9488d20a04bc25f2ba44391f4a0a47._comment b/doc/forum/use_withUmask_in_a_property/comment_7_6b9488d20a04bc25f2ba44391f4a0a47._comment new file mode 100644 index 00000000..a1e3ab6a --- /dev/null +++ b/doc/forum/use_withUmask_in_a_property/comment_7_6b9488d20a04bc25f2ba44391f4a0a47._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="gueux" + subject="comment 7" + date="2016-06-24T10:24:16Z" + content=""" +Hopefully we will have MonadIO is base (and functions generalized) one day :) +https://mail.haskell.org/pipermail/libraries/2015-July/026008.html +"""]] diff --git a/doc/forum/use_withUmask_in_a_property/comment_8_ce37b55141120b3b6babebe14c1b1ec2._comment b/doc/forum/use_withUmask_in_a_property/comment_8_ce37b55141120b3b6babebe14c1b1ec2._comment new file mode 100644 index 00000000..18b94ff0 --- /dev/null +++ b/doc/forum/use_withUmask_in_a_property/comment_8_ce37b55141120b3b6babebe14c1b1ec2._comment @@ -0,0 +1,7 @@ +[[!comment format=mdwn + username="gueux" + subject="comment 8" + date="2016-06-24T10:29:09Z" + content=""" +Oh, MonadIO is actually in base. We \"just\" miss the generelized functions... +"""]] diff --git a/doc/forum/use_withUmask_in_a_property/comment_9_a84a0c6773c8b3df03c028b63814b3d8._comment b/doc/forum/use_withUmask_in_a_property/comment_9_a84a0c6773c8b3df03c028b63814b3d8._comment new file mode 100644 index 00000000..f819337f --- /dev/null +++ b/doc/forum/use_withUmask_in_a_property/comment_9_a84a0c6773c8b3df03c028b63814b3d8._comment @@ -0,0 +1,9 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 9""" + date="2016-07-05T20:44:14Z" + content=""" +Yeah, it's a general problem with base that it's not sufficiently +generalized. I suppose it's best not to add exported functions to propellor +to work around that general problem. +"""]] diff --git a/privdata/relocate b/privdata/relocate deleted file mode 100644 index 271692d8..00000000 --- a/privdata/relocate +++ /dev/null @@ -1 +0,0 @@ -.joeyconfig diff --git a/src/Propellor/Property/Sbuild.hs b/src/Propellor/Property/Sbuild.hs index 5d58a84a..7a27473c 100644 --- a/src/Propellor/Property/Sbuild.hs +++ b/src/Propellor/Property/Sbuild.hs @@ -358,6 +358,12 @@ secKeyFile = "/var/lib/sbuild/apt-keys/sbuild-key.sec" -- | Generate the apt keys needed by sbuild using a low-quality source of -- randomness -- +-- Note that any running rngd will be killed; if you are using rngd, you should +-- arrange for it to be restarted after this property has been ensured. E.g. +-- +-- > & Sbuild.keypairInsecurelyGenerated +-- > `onChange` Systemd.started "my-rngd-service" +-- -- Useful on throwaway build VMs. keypairInsecurelyGenerated :: Property DebianLike keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) go @@ -365,8 +371,24 @@ keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) go go :: Property DebianLike go = combineProperties "sbuild keyring insecurely generated" $ props & Apt.installed ["rng-tools"] - & cmdProperty "rngd" ["-r", "/dev/urandom"] `assume` MadeChange + -- If this dir does not exist the sbuild key generation command + -- will fail; the user might have deleted it to work around + -- #831462 + & File.dirExists "/var/lib/sbuild/apt-keys" + -- If there is already an rngd process running we have to kill + -- it, as it might not be feeding to /dev/urandom. We can't + -- kill by pid file because that is not guaranteed to be the + -- default (/var/run/rngd.pid), so we killall + & userScriptProperty (User "root") + [ "start-stop-daemon -q -K -R 10 -o -n rngd" + , "rngd -r /dev/urandom" + ] + `assume` MadeChange & keypairGenerated + -- Kill off the rngd process we spawned + & userScriptProperty (User "root") + ["kill $(cat /var/run/rngd.pid)"] + `assume` MadeChange -- another script from wiki.d.o/sbuild ccachePrepared :: Property DebianLike |