From 4f09e57b0577600f766314357899da540e5212a9 Mon Sep 17 00:00:00 2001 From: gueux Date: Fri, 24 Jun 2016 10:08:51 +0000 Subject: Added a comment --- .../comment_6_79355b6df4dc750a4ea2e1e13f50dca8._comment | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 doc/forum/use_withUmask_in_a_property/comment_6_79355b6df4dc750a4ea2e1e13f50dca8._comment diff --git a/doc/forum/use_withUmask_in_a_property/comment_6_79355b6df4dc750a4ea2e1e13f50dca8._comment b/doc/forum/use_withUmask_in_a_property/comment_6_79355b6df4dc750a4ea2e1e13f50dca8._comment new file mode 100644 index 00000000..6efc3fff --- /dev/null +++ b/doc/forum/use_withUmask_in_a_property/comment_6_79355b6df4dc750a4ea2e1e13f50dca8._comment @@ -0,0 +1,7 @@ +[[!comment format=mdwn + username="gueux" + subject="comment 6" + date="2016-06-24T10:08:51Z" + content=""" +Ahhh! I didn't realize this, now it makes sense to me, thanks! maybe you could make withFile' available in propellor? (and maybe even override withFile) +"""]] -- cgit v1.3-2-g0d8e From 031005f166b70ca5b80e9b7fae212f81151ef435 Mon Sep 17 00:00:00 2001 From: gueux Date: Fri, 24 Jun 2016 10:24:16 +0000 Subject: Added a comment --- .../comment_7_6b9488d20a04bc25f2ba44391f4a0a47._comment | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 doc/forum/use_withUmask_in_a_property/comment_7_6b9488d20a04bc25f2ba44391f4a0a47._comment diff --git a/doc/forum/use_withUmask_in_a_property/comment_7_6b9488d20a04bc25f2ba44391f4a0a47._comment b/doc/forum/use_withUmask_in_a_property/comment_7_6b9488d20a04bc25f2ba44391f4a0a47._comment new file mode 100644 index 00000000..a1e3ab6a --- /dev/null +++ b/doc/forum/use_withUmask_in_a_property/comment_7_6b9488d20a04bc25f2ba44391f4a0a47._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="gueux" + subject="comment 7" + date="2016-06-24T10:24:16Z" + content=""" +Hopefully we will have MonadIO is base (and functions generalized) one day :) +https://mail.haskell.org/pipermail/libraries/2015-July/026008.html +"""]] -- cgit v1.3-2-g0d8e From fdf9d962aabfa25f3147dadbc7649a19b40f1f2c Mon Sep 17 00:00:00 2001 From: gueux Date: Fri, 24 Jun 2016 10:29:10 +0000 Subject: Added a comment --- .../comment_8_ce37b55141120b3b6babebe14c1b1ec2._comment | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 doc/forum/use_withUmask_in_a_property/comment_8_ce37b55141120b3b6babebe14c1b1ec2._comment diff --git a/doc/forum/use_withUmask_in_a_property/comment_8_ce37b55141120b3b6babebe14c1b1ec2._comment b/doc/forum/use_withUmask_in_a_property/comment_8_ce37b55141120b3b6babebe14c1b1ec2._comment new file mode 100644 index 00000000..18b94ff0 --- /dev/null +++ b/doc/forum/use_withUmask_in_a_property/comment_8_ce37b55141120b3b6babebe14c1b1ec2._comment @@ -0,0 +1,7 @@ +[[!comment format=mdwn + username="gueux" + subject="comment 8" + date="2016-06-24T10:29:09Z" + content=""" +Oh, MonadIO is actually in base. We \"just\" miss the generelized functions... +"""]] -- cgit v1.3-2-g0d8e From 4ea0932bfed316398fcf918e03843c693d5acced Mon Sep 17 00:00:00 2001 From: tobiasBora Date: Mon, 27 Jun 2016 13:47:45 +0000 Subject: --- doc/forum/Ldap_and_Propellor.mdwn | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 doc/forum/Ldap_and_Propellor.mdwn diff --git a/doc/forum/Ldap_and_Propellor.mdwn b/doc/forum/Ldap_and_Propellor.mdwn new file mode 100644 index 00000000..b03bc071 --- /dev/null +++ b/doc/forum/Ldap_and_Propellor.mdwn @@ -0,0 +1,11 @@ +Hello, + +First, thank you for your program and your work, it's very interesting. I'm trying to use it and I have three questions : + + +1) Is there already some propellor code to deal with Ldap or should I write my own code ? (I didn't see anything in the API doc) +2) Is it possible to use propellor with another folder than ~/.propellor/ ? (for exemple to deal with several "domains") + +Thank you, + +TobiasBora. -- cgit v1.3-2-g0d8e From 246aa0f0d8007ca67a7bc5961f447c77e2248fc1 Mon Sep 17 00:00:00 2001 From: tobiasBora Date: Mon, 27 Jun 2016 13:54:19 +0000 Subject: --- doc/forum/Ldap_and_Propellor.mdwn | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/forum/Ldap_and_Propellor.mdwn b/doc/forum/Ldap_and_Propellor.mdwn index b03bc071..084166c5 100644 --- a/doc/forum/Ldap_and_Propellor.mdwn +++ b/doc/forum/Ldap_and_Propellor.mdwn @@ -4,6 +4,7 @@ First, thank you for your program and your work, it's very interesting. I'm tryi 1) Is there already some propellor code to deal with Ldap or should I write my own code ? (I didn't see anything in the API doc) + 2) Is it possible to use propellor with another folder than ~/.propellor/ ? (for exemple to deal with several "domains") Thank you, -- cgit v1.3-2-g0d8e From 0cb40d8ac4b6f73514fd286266ac3eb5178b21f1 Mon Sep 17 00:00:00 2001 From: tobiasBora Date: Mon, 27 Jun 2016 13:54:29 +0000 Subject: --- doc/forum/Ldap_and_Propellor.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/forum/Ldap_and_Propellor.mdwn b/doc/forum/Ldap_and_Propellor.mdwn index 084166c5..094be12a 100644 --- a/doc/forum/Ldap_and_Propellor.mdwn +++ b/doc/forum/Ldap_and_Propellor.mdwn @@ -1,6 +1,6 @@ Hello, -First, thank you for your program and your work, it's very interesting. I'm trying to use it and I have three questions : +First, thank you for your program and your work, it's very interesting. I'm trying to use it and I have two questions : 1) Is there already some propellor code to deal with Ldap or should I write my own code ? (I didn't see anything in the API doc) -- cgit v1.3-2-g0d8e From 770ae96b1578830e1f3399d6ebee344c33b3ebb3 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 5 Jul 2016 16:43:14 -0400 Subject: comment --- .../comment_1_80f98aaf4927d834dc714faeae7bf167._comment | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 doc/forum/Ldap_and_Propellor/comment_1_80f98aaf4927d834dc714faeae7bf167._comment diff --git a/doc/forum/Ldap_and_Propellor/comment_1_80f98aaf4927d834dc714faeae7bf167._comment b/doc/forum/Ldap_and_Propellor/comment_1_80f98aaf4927d834dc714faeae7bf167._comment new file mode 100644 index 00000000..7c8d9bbf --- /dev/null +++ b/doc/forum/Ldap_and_Propellor/comment_1_80f98aaf4927d834dc714faeae7bf167._comment @@ -0,0 +1,16 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2016-07-05T20:39:45Z" + content=""" +I don't think that anyone has integrated it with LDAP yet. + +It's easy to use propellor from another location; just put the propellor +git repository anywhere you want, use `make` to build it once, +and run `./propellor` thereafter. + +The only thing that hardcodes using ~/.propellor is the /usr/bin/propellor +wrapper, by running the propellor you built yourself you bypass the need +for the wrapper. I keep propellor in ~/src/propellor on my laptop +and run it this way myself. +"""]] -- cgit v1.3-2-g0d8e From 8abf508760ba70c430a9b58cc175bfdedf2a8e97 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 5 Jul 2016 16:43:14 -0400 Subject: clean up after merge --- config.hs | 2 +- privdata/relocate | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) delete mode 100644 privdata/relocate diff --git a/config.hs b/config.hs index 97d90636..ec313725 120000 --- a/config.hs +++ b/config.hs @@ -1 +1 @@ -joeyconfig.hs \ No newline at end of file +config-simple.hs \ No newline at end of file diff --git a/privdata/relocate b/privdata/relocate deleted file mode 100644 index 271692d8..00000000 --- a/privdata/relocate +++ /dev/null @@ -1 +0,0 @@ -.joeyconfig -- cgit v1.3-2-g0d8e From 3b609c08d2dcb1e02938359c10ca46f82a4b472e Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 5 Jul 2016 16:45:26 -0400 Subject: comment --- .../comment_9_a84a0c6773c8b3df03c028b63814b3d8._comment | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 doc/forum/use_withUmask_in_a_property/comment_9_a84a0c6773c8b3df03c028b63814b3d8._comment diff --git a/doc/forum/use_withUmask_in_a_property/comment_9_a84a0c6773c8b3df03c028b63814b3d8._comment b/doc/forum/use_withUmask_in_a_property/comment_9_a84a0c6773c8b3df03c028b63814b3d8._comment new file mode 100644 index 00000000..f819337f --- /dev/null +++ b/doc/forum/use_withUmask_in_a_property/comment_9_a84a0c6773c8b3df03c028b63814b3d8._comment @@ -0,0 +1,9 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 9""" + date="2016-07-05T20:44:14Z" + content=""" +Yeah, it's a general problem with base that it's not sufficiently +generalized. I suppose it's best not to add exported functions to propellor +to work around that general problem. +"""]] -- cgit v1.3-2-g0d8e From 2685903b8202b1a5686c9d62d8dedc988c4b22b7 Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Sun, 24 Jul 2016 09:40:51 -0700 Subject: process management in keypairInsecurelyGenerated This makes Sbuild.keypairInsecurelyGenerated more robust, by handling several conditions that could cause it to fail. --- src/Propellor/Property/Sbuild.hs | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/Propellor/Property/Sbuild.hs b/src/Propellor/Property/Sbuild.hs index 5d58a84a..1f42434d 100644 --- a/src/Propellor/Property/Sbuild.hs +++ b/src/Propellor/Property/Sbuild.hs @@ -365,8 +365,23 @@ keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) go go :: Property DebianLike go = combineProperties "sbuild keyring insecurely generated" $ props & Apt.installed ["rng-tools"] - & cmdProperty "rngd" ["-r", "/dev/urandom"] `assume` MadeChange + -- If this dir does not exist the sbuild key generation command + -- will fail; the user might have deleted it to work around + -- #831462 + & File.dirExists "/var/lib/sbuild/apt-keys" + -- If there is already an rngd process running we have to kill + -- it, as it might not be feeding to /dev/urandom + & userScriptProperty (User "root") + [ "kill $(cat /var/run/rngd.pid) || true" + , "sleep 10" + , "rngd -r /dev/urandom" + ] + `assume` MadeChange & keypairGenerated + -- Kill off the rngd process we spawned + & userScriptProperty (User "root") + ["kill $(cat /var/run/rngd.pid)"] + `assume` MadeChange -- another script from wiki.d.o/sbuild ccachePrepared :: Property DebianLike -- cgit v1.3-2-g0d8e From fc51183e97b0022c109e39e64553535f8ef93152 Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Sun, 24 Jul 2016 09:46:00 -0700 Subject: silence kill when rngd not already running --- src/Propellor/Property/Sbuild.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Propellor/Property/Sbuild.hs b/src/Propellor/Property/Sbuild.hs index 1f42434d..d128e3b9 100644 --- a/src/Propellor/Property/Sbuild.hs +++ b/src/Propellor/Property/Sbuild.hs @@ -372,7 +372,7 @@ keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) go -- If there is already an rngd process running we have to kill -- it, as it might not be feeding to /dev/urandom & userScriptProperty (User "root") - [ "kill $(cat /var/run/rngd.pid) || true" + [ "kill 2>/dev/null $(cat /var/run/rngd.pid) || true" , "sleep 10" , "rngd -r /dev/urandom" ] -- cgit v1.3-2-g0d8e From e6940f49e248ff57f4baf60ba72a03c09c82d5e0 Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Wed, 27 Jul 2016 13:38:50 -0700 Subject: speed up & document killing running rngd --- src/Propellor/Property/Sbuild.hs | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/Propellor/Property/Sbuild.hs b/src/Propellor/Property/Sbuild.hs index d128e3b9..7a27473c 100644 --- a/src/Propellor/Property/Sbuild.hs +++ b/src/Propellor/Property/Sbuild.hs @@ -358,6 +358,12 @@ secKeyFile = "/var/lib/sbuild/apt-keys/sbuild-key.sec" -- | Generate the apt keys needed by sbuild using a low-quality source of -- randomness -- +-- Note that any running rngd will be killed; if you are using rngd, you should +-- arrange for it to be restarted after this property has been ensured. E.g. +-- +-- > & Sbuild.keypairInsecurelyGenerated +-- > `onChange` Systemd.started "my-rngd-service" +-- -- Useful on throwaway build VMs. keypairInsecurelyGenerated :: Property DebianLike keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) go @@ -370,10 +376,11 @@ keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) go -- #831462 & File.dirExists "/var/lib/sbuild/apt-keys" -- If there is already an rngd process running we have to kill - -- it, as it might not be feeding to /dev/urandom + -- it, as it might not be feeding to /dev/urandom. We can't + -- kill by pid file because that is not guaranteed to be the + -- default (/var/run/rngd.pid), so we killall & userScriptProperty (User "root") - [ "kill 2>/dev/null $(cat /var/run/rngd.pid) || true" - , "sleep 10" + [ "start-stop-daemon -q -K -R 10 -o -n rngd" , "rngd -r /dev/urandom" ] `assume` MadeChange -- cgit v1.3-2-g0d8e