diff options
| l--------- | config.hs | 2 | ||||
| -rw-r--r-- | debian/changelog | 15 | ||||
| -rw-r--r-- | doc/news/Linux.Conf.Au.presentation.mdwn | 5 | ||||
| -rw-r--r-- | doc/news/version_4.3.1.mdwn | 4 | ||||
| -rw-r--r-- | doc/news/version_4.3.2.mdwn | 3 | ||||
| -rw-r--r-- | doc/news/version_4.3.4.mdwn | 7 | ||||
| -rw-r--r-- | doc/news/version_4.4.0.mdwn | 8 | ||||
| -rw-r--r-- | doc/todo/Propellor.Property.Versioned_support_asymmetric_RevertableProperty_types.mdwn | 7 | ||||
| -rw-r--r-- | doc/todo/merge_request:_Timezone.hs.mdwn | 9 | ||||
| -rw-r--r-- | doc/todo/merge_request:_Timezone.hs/comment_1_9cfb5e48940e58f2064cbb5edf462c06._comment | 15 | ||||
| -rw-r--r-- | doc/todo/sbuild_setup_should_use_apt-cacher-ng.mdwn | 23 | ||||
| -rw-r--r-- | privdata/relocate | 1 | ||||
| -rw-r--r-- | propellor.cabal | 3 | ||||
| -rw-r--r-- | src/Propellor/Property/ConfFile.hs | 14 | ||||
| -rw-r--r-- | src/Propellor/Property/LightDM.hs | 14 | ||||
| -rw-r--r-- | src/Propellor/Property/Sudo.hs | 24 | ||||
| -rw-r--r-- | src/Propellor/Property/Timezone.hs | 21 | ||||
| -rw-r--r-- | src/Propellor/Property/Versioned.hs | 4 | ||||
| -rw-r--r-- | src/Propellor/Types.hs | 4 |
19 files changed, 145 insertions, 38 deletions
@@ -1 +1 @@ -joeyconfig.hs
\ No newline at end of file +config-simple.hs
\ No newline at end of file diff --git a/debian/changelog b/debian/changelog index e7ec04bc..986dfd75 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,15 @@ -propellor (4.3.4) UNRELEASED; urgency=medium +propellor (4.4.0) unstable; urgency=medium + + * Propellor.Property.Timezone: New module, contributed by Sean Whitton. + * Propellor.Property.Sudo.enabledFor: Made revertable. + (minor API change) + * Propellor.Property.LightDM.autoLogin: Made revertable. + (minor API change) + * Propellor.Property.Conffile: Added lacksIniSetting. + + -- Joey Hess <id@joeyh.name> Mon, 17 Jul 2017 12:55:02 -0400 + +propellor (4.3.4) unstable; urgency=medium * Propellor.Property.Versioned: New module which allows different versions of a property or host to be written down in a propellor config @@ -6,7 +17,7 @@ propellor (4.3.4) UNRELEASED; urgency=medium * LightDM.autoLogin: Use [Seat:*] rather than the old [SeatDefaults]. The new name has been supported since lightdm 1.15. - -- Joey Hess <id@joeyh.name> Thu, 13 Jul 2017 15:52:24 -0400 + -- Joey Hess <id@joeyh.name> Sat, 15 Jul 2017 17:22:53 -0400 propellor (4.3.3) unstable; urgency=medium diff --git a/doc/news/Linux.Conf.Au.presentation.mdwn b/doc/news/Linux.Conf.Au.presentation.mdwn deleted file mode 100644 index 54180979..00000000 --- a/doc/news/Linux.Conf.Au.presentation.mdwn +++ /dev/null @@ -1,5 +0,0 @@ -<video controls src="http://mirror.linux.org.au/pub/linux.conf.au/2017/Type_driven_configuration_management_with_Propellor.webm"></video> - -[video](http://mirror.linux.org.au/pub/linux.conf.au/2017/Type_driven_configuration_management_with_Propellor.webm) - -Also see this writeup in [Linux Weekly News](https://lwn.net/Articles/713653/) diff --git a/doc/news/version_4.3.1.mdwn b/doc/news/version_4.3.1.mdwn deleted file mode 100644 index 5c07307d..00000000 --- a/doc/news/version_4.3.1.mdwn +++ /dev/null @@ -1,4 +0,0 @@ -propellor 4.3.1 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * Added Propellor.Property.FreeDesktop module. - * Added reservedSpacePercentage to the PartSpec EDSL."""]]
\ No newline at end of file diff --git a/doc/news/version_4.3.2.mdwn b/doc/news/version_4.3.2.mdwn deleted file mode 100644 index 1a85d2d4..00000000 --- a/doc/news/version_4.3.2.mdwn +++ /dev/null @@ -1,3 +0,0 @@ -propellor 4.3.2 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * Really include Propellor.Property.FreeDesktop."""]]
\ No newline at end of file diff --git a/doc/news/version_4.3.4.mdwn b/doc/news/version_4.3.4.mdwn new file mode 100644 index 00000000..5d308401 --- /dev/null +++ b/doc/news/version_4.3.4.mdwn @@ -0,0 +1,7 @@ +propellor 4.3.4 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Propellor.Property.Versioned: New module which allows different + versions of a property or host to be written down in a propellor config + file. Has many applications, including staged upgrades and rollbacks. + * LightDM.autoLogin: Use [Seat:*] rather than the old [SeatDefaults]. + The new name has been supported since lightdm 1.15."""]]
\ No newline at end of file diff --git a/doc/news/version_4.4.0.mdwn b/doc/news/version_4.4.0.mdwn new file mode 100644 index 00000000..db86c536 --- /dev/null +++ b/doc/news/version_4.4.0.mdwn @@ -0,0 +1,8 @@ +propellor 4.4.0 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Propellor.Property.Timezone: New module, contributed by Sean Whitton. + * Propellor.Property.Sudo.enabledFor: Made revertable. + (minor API change) + * Propellor.Property.LightDM.autoLogin: Made revertable. + (minor API change) + * Propellor.Property.Conffile: Added lacksIniSetting."""]]
\ No newline at end of file diff --git a/doc/todo/Propellor.Property.Versioned_support_asymmetric_RevertableProperty_types.mdwn b/doc/todo/Propellor.Property.Versioned_support_asymmetric_RevertableProperty_types.mdwn new file mode 100644 index 00000000..c60cd4d6 --- /dev/null +++ b/doc/todo/Propellor.Property.Versioned_support_asymmetric_RevertableProperty_types.mdwn @@ -0,0 +1,7 @@ +Currently, this module requires `RevertableProperty t t`. +That can be annoying, it would be good to support at least +`RevertablePropery (HasInfo + t) t` and ideally all +`RevertableProperty t1 t2` + +There should be no reason that can't be done; I was just having +problems getting the type checker happy on the day I wrote it. --[[Joey]] diff --git a/doc/todo/merge_request:_Timezone.hs.mdwn b/doc/todo/merge_request:_Timezone.hs.mdwn new file mode 100644 index 00000000..a8ba3eae --- /dev/null +++ b/doc/todo/merge_request:_Timezone.hs.mdwn @@ -0,0 +1,9 @@ +Please consider merging branch `timezone` of repo `https://git.spwhitton.name/propellor`. + +Adds `Timezone.configured`. + +I think that this works fine on stretch, but on Jessie there is some oddness. For example, if you set the timezone of a host to `US/Arizona`, the apt reconfiguration will put `America/Phoenix` in /etc/timezone, resulting in the property reporting a change every time that it is run. I think this is harmless. + +--spwhitton + +> [[merged|done]] --[[Joey]] diff --git a/doc/todo/merge_request:_Timezone.hs/comment_1_9cfb5e48940e58f2064cbb5edf462c06._comment b/doc/todo/merge_request:_Timezone.hs/comment_1_9cfb5e48940e58f2064cbb5edf462c06._comment new file mode 100644 index 00000000..026b13de --- /dev/null +++ b/doc/todo/merge_request:_Timezone.hs/comment_1_9cfb5e48940e58f2064cbb5edf462c06._comment @@ -0,0 +1,15 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2017-07-16T15:57:20Z" + content=""" +I generally consider properties that do work every time to be a minor bug. + +I wonder if it would be better to preseed tzdata rather than writing the +config file. I observe the same substitution from eg, US/Eastern to +America/New_York in the file when reconfiguring noninteractively, +but reconfiguring interactively I can select US/Eastern and that gets +into the file. + +Anyway, merged as this is certianly a good starting point. +"""]] diff --git a/doc/todo/sbuild_setup_should_use_apt-cacher-ng.mdwn b/doc/todo/sbuild_setup_should_use_apt-cacher-ng.mdwn index 450416f2..62f619db 100644 --- a/doc/todo/sbuild_setup_should_use_apt-cacher-ng.mdwn +++ b/doc/todo/sbuild_setup_should_use_apt-cacher-ng.mdwn @@ -1,11 +1,20 @@ -The properties in `Sbuild.hs` should use apt-cacher-ng instead of a bind mount of `/var/cache/apt/archives`. This has at least three advantages: +Please consider merging branch `apt-cacher-ng` of repo `https://git.spwhitton.name/propellor`. -1. more than one instance of sbuild can run at once +Sample text for changelog/description of changes: -2. sbuild can run even if apt is doing something else with its cache - -3. the `piupartsConf` properties are no longer needed. + * Add Apt.proxy property to set a host's apt proxy. + * Add Apt.useLocalCacher property to set up apt-cacher-ng. + * Rework Sbuild properties to use apt proxies/cachers instead of bind-mounting + the host's apt cache. This makes it possible to run more than one build at + a time, and lets sbuild run even if apt's cache is locked by the host's apt. + - If Apt.proxy is set, it is assumed that the proxy does some sort of + caching, and sbuild chroots are set up to use the same proxy. + - If Apt.proxy is not set, we install apt-cacher-ng, and point sbuild + chroots at the local apt cacher. + - Drop Sbuild.piupartsConfFor, Sbuild.piupartsConf, Sbuild.shareAptCache + (API change) + No longer needed now that we are using apt proxies/cachers. + - Update sample config in haddock for Propellor.Property.Sbuild. + Please compare both your config.hs and your ~/.sbuildrc against the haddock. --spwhitton - -[[!tag user/spwhitton]] diff --git a/privdata/relocate b/privdata/relocate deleted file mode 100644 index 271692d8..00000000 --- a/privdata/relocate +++ /dev/null @@ -1 +0,0 @@ -.joeyconfig diff --git a/propellor.cabal b/propellor.cabal index 1bcc1618..d4417578 100644 --- a/propellor.cabal +++ b/propellor.cabal @@ -1,5 +1,5 @@ Name: propellor -Version: 4.3.3 +Version: 4.4.0 Cabal-Version: >= 1.20 License: BSD2 Maintainer: Joey Hess <id@joeyh.name> @@ -150,6 +150,7 @@ Library Propellor.Property.Sudo Propellor.Property.Systemd Propellor.Property.Systemd.Core + Propellor.Property.Timezone Propellor.Property.Tor Propellor.Property.Unbound Propellor.Property.User diff --git a/src/Propellor/Property/ConfFile.hs b/src/Propellor/Property/ConfFile.hs index ce092ec9..76d52bd9 100644 --- a/src/Propellor/Property/ConfFile.hs +++ b/src/Propellor/Property/ConfFile.hs @@ -9,6 +9,7 @@ module Propellor.Property.ConfFile ( IniSection, IniKey, containsIniSetting, + lacksIniSetting, hasIniSection, lacksIniSection, iniFileContains, @@ -93,6 +94,19 @@ containsIniSetting f (header, key, value) = adjustIniSection go (l:ls) = if isKeyVal l then confline : ls else l : go ls isKeyVal x = (filter (/= ' ') . takeWhile (/= '=')) x `elem` [key, '#':key] +-- | Removes a key=value setting from a section of an .ini file. +-- Note that the section heading is left in the file, so this is not a +-- perfect reversion of containsIniSetting. +lacksIniSetting :: FilePath -> (IniSection, IniKey, String) -> Property UnixLike +lacksIniSetting f (header, key, value) = adjustIniSection + (f ++ " section [" ++ header ++ "] lacks " ++ key ++ "=" ++ value) + header + (filter (/= confline)) + id + f + where + confline = key ++ "=" ++ value + -- | Ensures that a .ini file exists and contains a section -- with a given key=value list of settings. hasIniSection :: FilePath -> IniSection -> [(IniKey, String)] -> Property UnixLike diff --git a/src/Propellor/Property/LightDM.hs b/src/Propellor/Property/LightDM.hs index 44f0e9f0..d471d314 100644 --- a/src/Propellor/Property/LightDM.hs +++ b/src/Propellor/Property/LightDM.hs @@ -10,8 +10,12 @@ installed :: Property DebianLike installed = Apt.installed ["lightdm"] -- | Configures LightDM to skip the login screen and autologin as a user. -autoLogin :: User -> Property DebianLike -autoLogin (User u) = "/etc/lightdm/lightdm.conf" `ConfFile.containsIniSetting` - ("Seat:*", "autologin-user", u) - `describe` "lightdm autologin" - `requires` installed +autoLogin :: User -> RevertableProperty DebianLike DebianLike +autoLogin (User u) = (setup <!> cleanup) + `describe` ("lightdm autologin for " ++ u) + where + cf = "/etc/lightdm/lightdm.conf" + setting = ("Seat:*", "autologin-user", u) + setup = cf `ConfFile.containsIniSetting` setting + `requires` installed + cleanup = tightenTargets $ cf `ConfFile.lacksIniSetting` setting diff --git a/src/Propellor/Property/Sudo.hs b/src/Propellor/Property/Sudo.hs index 45ab8af2..1614801d 100644 --- a/src/Propellor/Property/Sudo.hs +++ b/src/Propellor/Property/Sudo.hs @@ -9,23 +9,33 @@ import Propellor.Property.User -- | Allows a user to sudo. If the user has a password, sudo is configured -- to require it. If not, NOPASSWORD is enabled for the user. -enabledFor :: User -> Property DebianLike -enabledFor user@(User u) = go `requires` Apt.installed ["sudo"] +enabledFor :: User -> RevertableProperty DebianLike DebianLike +enabledFor user@(User u) = setup `requires` Apt.installed ["sudo"] <!> cleanup where - go :: Property UnixLike - go = property' desc $ \w -> do + setup :: Property UnixLike + setup = property' desc $ \w -> do locked <- liftIO $ isLockedPassword user ensureProperty w $ fileProperty desc (modify locked . filter (wanted locked)) - "/etc/sudoers" - desc = u ++ " is sudoer" + sudoers + where + desc = u ++ " is sudoer" + + cleanup :: Property DebianLike + cleanup = tightenTargets $ + fileProperty desc (filter notuserline) sudoers + where + desc = u ++ " is not sudoer" + + sudoers = "/etc/sudoers" sudobaseline = u ++ " ALL=(ALL:ALL)" + notuserline l = not (sudobaseline `isPrefixOf` l) sudoline True = sudobaseline ++ " NOPASSWD:ALL" sudoline False = sudobaseline ++ " ALL" wanted locked l -- TOOD: Full sudoers file format parse.. - | not (sudobaseline `isPrefixOf` l) = True + | notuserline l = True | "NOPASSWD" `isInfixOf` l = locked | otherwise = True modify locked ls diff --git a/src/Propellor/Property/Timezone.hs b/src/Propellor/Property/Timezone.hs new file mode 100644 index 00000000..96a5e59c --- /dev/null +++ b/src/Propellor/Property/Timezone.hs @@ -0,0 +1,21 @@ +-- | Maintainer: Sean Whitton <spwhitton@spwhitton.name> + +module Propellor.Property.Timezone where + +import Propellor.Base +import qualified Propellor.Property.Apt as Apt +import qualified Propellor.Property.File as File + +-- | A timezone from /usr/share/zoneinfo +type Timezone = String + +-- | Sets the system's timezone +configured :: Timezone -> Property DebianLike +configured zone = File.hasContent "/etc/timezone" [zone] + `onChange` update + `describe` (zone ++ " timezone configured") + where + update = Apt.reConfigure "tzdata" mempty + -- work around a bug in recent tzdata. See + -- https://bugs.launchpad.net/ubuntu/+source/tzdata/+bug/1554806/ + `requires` File.notPresent "/etc/localtime" diff --git a/src/Propellor/Property/Versioned.hs b/src/Propellor/Property/Versioned.hs index d6517ab9..58d3e8d5 100644 --- a/src/Propellor/Property/Versioned.hs +++ b/src/Propellor/Property/Versioned.hs @@ -18,11 +18,11 @@ -- -- > demo :: Versioned Int (RevertableProperty DebianLike DebianLike) -- > demo ver = --- > ver ( (== 1) --> Apache.modEnabled "foo" +-- > ver ( (== 1) --> Apache.modEnabled "foo" -- > `requires` Apache.modEnabled "foosupport" -- > <|> (== 2) --> Apache.modEnabled "bar" -- > <|> (> 2) --> Apache.modEnabled "baz" --- > ) +-- > ) -- > -- > foo :: Host -- > foo = host "foo.example.com" $ props diff --git a/src/Propellor/Types.hs b/src/Propellor/Types.hs index 155662c2..b7c7c7f7 100644 --- a/src/Propellor/Types.hs +++ b/src/Propellor/Types.hs @@ -107,6 +107,10 @@ adjustPropertySatisfy (Property t d s i c) f = Property t d (f <$> s) i c -- | A property that can be reverted. The first Property is run -- normally and the second is run when it's reverted. +-- +-- See `Propellor.Property.Versioned.Versioned` +-- for a way to use RevertableProperty to define different +-- versions of a host. data RevertableProperty setupmetatypes undometatypes = RevertableProperty { setupRevertableProperty :: Property setupmetatypes , undoRevertableProperty :: Property undometatypes |