diff options
Diffstat (limited to 'src/Propellor/Property')
| -rw-r--r-- | src/Propellor/Property/Atomic.hs | 2 | ||||
| -rw-r--r-- | src/Propellor/Property/Openssl.hs | 29 | ||||
| -rw-r--r-- | src/Propellor/Property/Systemd.hs | 4 |
3 files changed, 32 insertions, 3 deletions
diff --git a/src/Propellor/Property/Atomic.hs b/src/Propellor/Property/Atomic.hs index 5db17474..8519048b 100644 --- a/src/Propellor/Property/Atomic.hs +++ b/src/Propellor/Property/Atomic.hs @@ -144,7 +144,7 @@ checkDirLink d rp = liftIO $ do -- Using atomicDirSync in the above example lets git only download -- the changes once, rather than the same changes being downloaded a second -- time to update the other copy of the directory the next time propellor --- runs +-- runs. -- -- Suppose that a web server program is run from the git repository, -- and needs to be restarted after the pull. That restart should be done diff --git a/src/Propellor/Property/Openssl.hs b/src/Propellor/Property/Openssl.hs new file mode 100644 index 00000000..a91b8195 --- /dev/null +++ b/src/Propellor/Property/Openssl.hs @@ -0,0 +1,29 @@ +-- | Maintainer: FĂ©lix Sipma <felix+propellor@gueux.org> + +module Propellor.Property.Openssl where + +import Propellor.Base +import qualified Propellor.Property.Apt as Apt +import qualified Propellor.Property.File as File +import Utility.FileMode +import Utility.SafeCommand + + +installed :: Property DebianLike +installed = Apt.installed ["openssl"] + +dhparamsLength :: Int +dhparamsLength = 2048 + +dhparams :: FilePath +dhparams = "/etc/ssl/private/dhparams.pem" + +safeDhparams :: Property DebianLike +safeDhparams = propertyList "safe dhparams" $ props + & File.dirExists (takeDirectory dhparams) + & installed + & check (not <$> doesFileExist dhparams) (createDhparams dhparams dhparamsLength) + +createDhparams :: FilePath -> Int -> Property UnixLike +createDhparams f l = property ("generate new dhparams: " ++ f) $ liftIO $ withUmask 0o0177 $ withFile f WriteMode $ \h -> + cmdResult <$> boolSystem' "openssl" [Param "dhparam", Param (show l)] (\p -> p { std_out = UseHandle h }) diff --git a/src/Propellor/Property/Systemd.hs b/src/Propellor/Property/Systemd.hs index 51d1313c..8fa236d2 100644 --- a/src/Propellor/Property/Systemd.hs +++ b/src/Propellor/Property/Systemd.hs @@ -205,8 +205,8 @@ machined = withOS "machined installed" $ \w o -> case o of -- Split into separate debian package since systemd 225. (Just (System (Debian _ suite) _)) - | not (isStable suite) -> ensureProperty w $ - Apt.installed ["systemd-container"] + | not (isStable suite) || suite == (Stable "stretch") -> + ensureProperty w $ Apt.installed ["systemd-container"] _ -> noChange -- | Defines a container with a given machine name, |