Merge branch 'joeyconfig'

This commit is contained in:
Joey Hess 2014-12-05 17:44:14 -04:00
commit 9805f132ac
5 changed files with 33 additions and 16 deletions

View File

@ -57,8 +57,7 @@ testvm = host "testvm.kitenet.net"
& os (System (Debian Unstable) "amd64") & os (System (Debian Unstable) "amd64")
& OS.cleanInstallOnce (OS.Confirmed "testvm.kitenet.net") & OS.cleanInstallOnce (OS.Confirmed "testvm.kitenet.net")
`onChange` propertyList "fixing up after clean install" `onChange` propertyList "fixing up after clean install"
[ User.shadowConfig True [ OS.preserveRootSshAuthorized
, OS.preserveRootSshAuthorized
, OS.preserveResolvConf , OS.preserveResolvConf
, Apt.update , Apt.update
, Grub.boots "/dev/sda" , Grub.boots "/dev/sda"

2
debian/changelog vendored
View File

@ -21,6 +21,8 @@ propellor (1.1.0) UNRELEASED; urgency=medium
* hasSomePassword and hasPassword now default to using the name of the * hasSomePassword and hasPassword now default to using the name of the
host as the Context for the password. To specify a different context, host as the Context for the password. To specify a different context,
use hasSomePassword' and hasPassword' (API change) use hasSomePassword' and hasPassword' (API change)
* hasSomePassword and hasPassword now check to make sure shadow passwords
are enabled.
* cron.runPropellor now runs propellor, rather than using its Makefile. * cron.runPropellor now runs propellor, rather than using its Makefile.
This is more robust. This is more robust.
* propellor.debug can be set in the git config to enable more persistent * propellor.debug can be set in the git config to enable more persistent

View File

@ -2,7 +2,9 @@ module Propellor.Property.Debootstrap (
Url, Url,
DebootstrapConfig(..), DebootstrapConfig(..),
built, built,
built',
installed, installed,
sourceInstall,
programPath, programPath,
) where ) where
@ -54,11 +56,14 @@ toParams (c1 :+ c2) = toParams c1 <> toParams c2
-- Note that reverting this property does not stop any processes -- Note that reverting this property does not stop any processes
-- currently running in the chroot. -- currently running in the chroot.
built :: FilePath -> System -> DebootstrapConfig -> RevertableProperty built :: FilePath -> System -> DebootstrapConfig -> RevertableProperty
built target system@(System _ arch) config = built = built' (toProp installed)
built' :: Property -> FilePath -> System -> DebootstrapConfig -> RevertableProperty
built' installprop target system@(System _ arch) config =
RevertableProperty setup teardown RevertableProperty setup teardown
where where
setup = check (unpopulated target <||> ispartial) setupprop setup = check (unpopulated target <||> ispartial) setupprop
`requires` toProp installed `requires` installprop
teardown = check (not <$> unpopulated target) teardownprop teardown = check (not <$> unpopulated target) teardownprop

View File

@ -45,8 +45,7 @@ import Control.Exception (throw)
-- > & os (System (Debian Unstable) "amd64") -- > & os (System (Debian Unstable) "amd64")
-- > & cleanInstallOnce (Confirmed "foo.example.com") -- > & cleanInstallOnce (Confirmed "foo.example.com")
-- > `onChange` propertyList "fixing up after clean install" -- > `onChange` propertyList "fixing up after clean install"
-- > [ User.shadowConfig True -- > [ preserveNetworkInterfaces
-- > , preserveNetworkInterfaces
-- > , preserveResolvConf -- > , preserveResolvConf
-- > , preserverRootSshAuthorized -- > , preserverRootSshAuthorized
-- > , Apt.update -- > , Apt.update
@ -78,9 +77,19 @@ cleanInstallOnce confirmation = check (not <$> doesFileExist flagfile) $
(Just d@(System (Debian _) _)) -> debootstrap d (Just d@(System (Debian _) _)) -> debootstrap d
(Just u@(System (Ubuntu _) _)) -> debootstrap u (Just u@(System (Ubuntu _) _)) -> debootstrap u
_ -> error "os is not declared to be Debian or Ubuntu" _ -> error "os is not declared to be Debian or Ubuntu"
debootstrap targetos = ensureProperty $ toProp $
Debootstrap.built newOSDir targetos Debootstrap.DefaultConfig
debootstrap targetos = ensureProperty $ toProp $
-- Ignore the os setting, and install debootstrap from
-- source, since we don't know what OS we're running in yet.
Debootstrap.built' Debootstrap.sourceInstall
newOSDir targetos Debootstrap.DefaultConfig
-- debootstrap, I wish it was faster..
-- TODO eatmydata to speed it up
-- Problem: Installing eatmydata on some random OS like
-- Fedora may be difficult. Maybe configure dpkg to not
-- sync instead?
-- This is the fun bit.
flipped = property (newOSDir ++ " moved into place") $ liftIO $ do flipped = property (newOSDir ++ " moved into place") $ liftIO $ do
-- First, unmount most mount points, lazily, so -- First, unmount most mount points, lazily, so
-- they don't interfere with moving things around. -- they don't interfere with moving things around.
@ -173,7 +182,7 @@ confirmed desc (Confirmed c) = property desc $ do
-- | /etc/network/interfaces is configured to bring up all interfaces that -- | /etc/network/interfaces is configured to bring up all interfaces that
-- are currently up, using the same IP addresses. -- are currently up, using the same IP addresses.
preserveNetworkInterfaces :: Property preserveNetworkInterfaces :: Property
preserveNetworkInterfaces = undefined preserveNetworkInterfaces = undefined -- TODO
-- | /etc/resolv.conf is copied the from the old OS -- | /etc/resolv.conf is copied the from the old OS
preserveResolvConf :: Property preserveResolvConf :: Property

View File

@ -44,13 +44,15 @@ hasPassword user = property (user ++ "has password") $ do
ensureProperty $ hasPassword' user (Context hostname) ensureProperty $ hasPassword' user (Context hostname)
hasPassword' :: UserName -> Context -> Property hasPassword' :: UserName -> Context -> Property
hasPassword' user context = withPrivData (Password user) context $ \getpassword -> hasPassword' user context = go `requires` shadowConfig True
property (user ++ " has password") $ where
getpassword $ \password -> makeChange $ go = withPrivData (Password user) context $ \getpassword ->
withHandle StdinHandle createProcessSuccess property (user ++ " has password") $
(proc "chpasswd" []) $ \h -> do getpassword $ \password -> makeChange $
hPutStrLn h $ user ++ ":" ++ password withHandle StdinHandle createProcessSuccess
hClose h (proc "chpasswd" []) $ \h -> do
hPutStrLn h $ user ++ ":" ++ password
hClose h
lockedPassword :: UserName -> Property lockedPassword :: UserName -> Property
lockedPassword user = check (not <$> isLockedPassword user) $ cmdProperty "passwd" lockedPassword user = check (not <$> isLockedPassword user) $ cmdProperty "passwd"