Merge branch 'joeyconfig'
This commit is contained in:
commit
9805f132ac
|
@ -57,8 +57,7 @@ testvm = host "testvm.kitenet.net"
|
||||||
& os (System (Debian Unstable) "amd64")
|
& os (System (Debian Unstable) "amd64")
|
||||||
& OS.cleanInstallOnce (OS.Confirmed "testvm.kitenet.net")
|
& OS.cleanInstallOnce (OS.Confirmed "testvm.kitenet.net")
|
||||||
`onChange` propertyList "fixing up after clean install"
|
`onChange` propertyList "fixing up after clean install"
|
||||||
[ User.shadowConfig True
|
[ OS.preserveRootSshAuthorized
|
||||||
, OS.preserveRootSshAuthorized
|
|
||||||
, OS.preserveResolvConf
|
, OS.preserveResolvConf
|
||||||
, Apt.update
|
, Apt.update
|
||||||
, Grub.boots "/dev/sda"
|
, Grub.boots "/dev/sda"
|
||||||
|
|
|
@ -21,6 +21,8 @@ propellor (1.1.0) UNRELEASED; urgency=medium
|
||||||
* hasSomePassword and hasPassword now default to using the name of the
|
* hasSomePassword and hasPassword now default to using the name of the
|
||||||
host as the Context for the password. To specify a different context,
|
host as the Context for the password. To specify a different context,
|
||||||
use hasSomePassword' and hasPassword' (API change)
|
use hasSomePassword' and hasPassword' (API change)
|
||||||
|
* hasSomePassword and hasPassword now check to make sure shadow passwords
|
||||||
|
are enabled.
|
||||||
* cron.runPropellor now runs propellor, rather than using its Makefile.
|
* cron.runPropellor now runs propellor, rather than using its Makefile.
|
||||||
This is more robust.
|
This is more robust.
|
||||||
* propellor.debug can be set in the git config to enable more persistent
|
* propellor.debug can be set in the git config to enable more persistent
|
||||||
|
|
|
@ -2,7 +2,9 @@ module Propellor.Property.Debootstrap (
|
||||||
Url,
|
Url,
|
||||||
DebootstrapConfig(..),
|
DebootstrapConfig(..),
|
||||||
built,
|
built,
|
||||||
|
built',
|
||||||
installed,
|
installed,
|
||||||
|
sourceInstall,
|
||||||
programPath,
|
programPath,
|
||||||
) where
|
) where
|
||||||
|
|
||||||
|
@ -54,11 +56,14 @@ toParams (c1 :+ c2) = toParams c1 <> toParams c2
|
||||||
-- Note that reverting this property does not stop any processes
|
-- Note that reverting this property does not stop any processes
|
||||||
-- currently running in the chroot.
|
-- currently running in the chroot.
|
||||||
built :: FilePath -> System -> DebootstrapConfig -> RevertableProperty
|
built :: FilePath -> System -> DebootstrapConfig -> RevertableProperty
|
||||||
built target system@(System _ arch) config =
|
built = built' (toProp installed)
|
||||||
|
|
||||||
|
built' :: Property -> FilePath -> System -> DebootstrapConfig -> RevertableProperty
|
||||||
|
built' installprop target system@(System _ arch) config =
|
||||||
RevertableProperty setup teardown
|
RevertableProperty setup teardown
|
||||||
where
|
where
|
||||||
setup = check (unpopulated target <||> ispartial) setupprop
|
setup = check (unpopulated target <||> ispartial) setupprop
|
||||||
`requires` toProp installed
|
`requires` installprop
|
||||||
|
|
||||||
teardown = check (not <$> unpopulated target) teardownprop
|
teardown = check (not <$> unpopulated target) teardownprop
|
||||||
|
|
||||||
|
|
|
@ -45,8 +45,7 @@ import Control.Exception (throw)
|
||||||
-- > & os (System (Debian Unstable) "amd64")
|
-- > & os (System (Debian Unstable) "amd64")
|
||||||
-- > & cleanInstallOnce (Confirmed "foo.example.com")
|
-- > & cleanInstallOnce (Confirmed "foo.example.com")
|
||||||
-- > `onChange` propertyList "fixing up after clean install"
|
-- > `onChange` propertyList "fixing up after clean install"
|
||||||
-- > [ User.shadowConfig True
|
-- > [ preserveNetworkInterfaces
|
||||||
-- > , preserveNetworkInterfaces
|
|
||||||
-- > , preserveResolvConf
|
-- > , preserveResolvConf
|
||||||
-- > , preserverRootSshAuthorized
|
-- > , preserverRootSshAuthorized
|
||||||
-- > , Apt.update
|
-- > , Apt.update
|
||||||
|
@ -78,9 +77,19 @@ cleanInstallOnce confirmation = check (not <$> doesFileExist flagfile) $
|
||||||
(Just d@(System (Debian _) _)) -> debootstrap d
|
(Just d@(System (Debian _) _)) -> debootstrap d
|
||||||
(Just u@(System (Ubuntu _) _)) -> debootstrap u
|
(Just u@(System (Ubuntu _) _)) -> debootstrap u
|
||||||
_ -> error "os is not declared to be Debian or Ubuntu"
|
_ -> error "os is not declared to be Debian or Ubuntu"
|
||||||
debootstrap targetos = ensureProperty $ toProp $
|
|
||||||
Debootstrap.built newOSDir targetos Debootstrap.DefaultConfig
|
|
||||||
|
|
||||||
|
debootstrap targetos = ensureProperty $ toProp $
|
||||||
|
-- Ignore the os setting, and install debootstrap from
|
||||||
|
-- source, since we don't know what OS we're running in yet.
|
||||||
|
Debootstrap.built' Debootstrap.sourceInstall
|
||||||
|
newOSDir targetos Debootstrap.DefaultConfig
|
||||||
|
-- debootstrap, I wish it was faster..
|
||||||
|
-- TODO eatmydata to speed it up
|
||||||
|
-- Problem: Installing eatmydata on some random OS like
|
||||||
|
-- Fedora may be difficult. Maybe configure dpkg to not
|
||||||
|
-- sync instead?
|
||||||
|
|
||||||
|
-- This is the fun bit.
|
||||||
flipped = property (newOSDir ++ " moved into place") $ liftIO $ do
|
flipped = property (newOSDir ++ " moved into place") $ liftIO $ do
|
||||||
-- First, unmount most mount points, lazily, so
|
-- First, unmount most mount points, lazily, so
|
||||||
-- they don't interfere with moving things around.
|
-- they don't interfere with moving things around.
|
||||||
|
@ -173,7 +182,7 @@ confirmed desc (Confirmed c) = property desc $ do
|
||||||
-- | /etc/network/interfaces is configured to bring up all interfaces that
|
-- | /etc/network/interfaces is configured to bring up all interfaces that
|
||||||
-- are currently up, using the same IP addresses.
|
-- are currently up, using the same IP addresses.
|
||||||
preserveNetworkInterfaces :: Property
|
preserveNetworkInterfaces :: Property
|
||||||
preserveNetworkInterfaces = undefined
|
preserveNetworkInterfaces = undefined -- TODO
|
||||||
|
|
||||||
-- | /etc/resolv.conf is copied the from the old OS
|
-- | /etc/resolv.conf is copied the from the old OS
|
||||||
preserveResolvConf :: Property
|
preserveResolvConf :: Property
|
||||||
|
|
|
@ -44,13 +44,15 @@ hasPassword user = property (user ++ "has password") $ do
|
||||||
ensureProperty $ hasPassword' user (Context hostname)
|
ensureProperty $ hasPassword' user (Context hostname)
|
||||||
|
|
||||||
hasPassword' :: UserName -> Context -> Property
|
hasPassword' :: UserName -> Context -> Property
|
||||||
hasPassword' user context = withPrivData (Password user) context $ \getpassword ->
|
hasPassword' user context = go `requires` shadowConfig True
|
||||||
property (user ++ " has password") $
|
where
|
||||||
getpassword $ \password -> makeChange $
|
go = withPrivData (Password user) context $ \getpassword ->
|
||||||
withHandle StdinHandle createProcessSuccess
|
property (user ++ " has password") $
|
||||||
(proc "chpasswd" []) $ \h -> do
|
getpassword $ \password -> makeChange $
|
||||||
hPutStrLn h $ user ++ ":" ++ password
|
withHandle StdinHandle createProcessSuccess
|
||||||
hClose h
|
(proc "chpasswd" []) $ \h -> do
|
||||||
|
hPutStrLn h $ user ++ ":" ++ password
|
||||||
|
hClose h
|
||||||
|
|
||||||
lockedPassword :: UserName -> Property
|
lockedPassword :: UserName -> Property
|
||||||
lockedPassword user = check (not <$> isLockedPassword user) $ cmdProperty "passwd"
|
lockedPassword user = check (not <$> isLockedPassword user) $ cmdProperty "passwd"
|
||||||
|
|
Loading…
Reference in New Issue