diff --git a/debian/changelog b/debian/changelog index b7303cb..b3f4572 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,12 +1,14 @@ -propellor (0.7.0) UNRELEASED; urgency=medium +propellor (0.7.0) unstable; urgency=medium * combineProperties no longer stops when a property fails; now it continues trying to satisfy all properties on the list before propigating the failure. * Attr is renamed to Info. * Renamed wrapper to propellor to make cabal installation of propellor work. + * When git gpg signature of a fetched git branch cannot be verified, + propellor will now continue running, but without merging in that branch. - -- Joey Hess Sat, 07 Jun 2014 00:12:44 -0400 + -- Joey Hess Fri, 13 Jun 2014 10:06:40 -0400 propellor (0.6.0) unstable; urgency=medium diff --git a/src/Propellor/CmdLine.hs b/src/Propellor/CmdLine.hs index 06a5921..32e9731 100644 --- a/src/Propellor/CmdLine.hs +++ b/src/Propellor/CmdLine.hs @@ -132,6 +132,8 @@ updateFirst cmdline next = do void $ actionMessage "Git fetch" $ boolSystem "git" [Param "fetch"] + oldsha <- getCurrentGitSha1 branchref + whenM (doesFileExist keyring) $ do {- To verify origin branch commit's signature, have to - convince gpg to use our keyring. While running git log. @@ -153,10 +155,9 @@ updateFirst cmdline next = do then do putStrLn $ "git branch " ++ originbranch ++ " gpg signature verified; merging" hFlush stdout - else errorMessage $ "git branch " ++ originbranch ++ " is not signed with a trusted gpg key; refusing to deploy it!" + void $ boolSystem "git" [Param "merge", Param originbranch] + else warningMessage $ "git branch " ++ originbranch ++ " is not signed with a trusted gpg key; refusing to deploy it! (Running with previous configuration instead.)" - oldsha <- getCurrentGitSha1 branchref - void $ boolSystem "git" [Param "merge", Param originbranch] newsha <- getCurrentGitSha1 branchref if oldsha == newsha diff --git a/src/Propellor/Property/Apt.hs b/src/Propellor/Property/Apt.hs index 17057af..7e02a33 100644 --- a/src/Propellor/Property/Apt.hs +++ b/src/Propellor/Property/Apt.hs @@ -265,5 +265,5 @@ trustsKey k = RevertableProperty trust untrust -- | Cleans apt's cache of downloaded packages to avoid using up disk -- space. cacheCleaned :: Property -cacheCleaned = cmdProperty "apt-get" ["clean"] +cacheCleaned = trivial $ cmdProperty "apt-get" ["clean"] `describe` "apt cache cleaned" diff --git a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs index 8ef4f6a..85584e4 100644 --- a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs +++ b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs @@ -69,22 +69,17 @@ tree buildarch = combineProperties "gitannexbuilder tree" buildDepsApt :: Property buildDepsApt = combineProperties "gitannexbuilder build deps" [ Apt.buildDep ["git-annex"] - , buildDepsFewHaskellLibs + , buildDepsNoHaskellLibs , "git-annex source build deps installed" ==> Apt.buildDepIn builddir ] -buildDepsFewHaskellLibs :: Property -buildDepsFewHaskellLibs = combineProperties "gitannexbuilder build deps" - [ buildDepsNoHaskellLibs - -- these haskell libs depend on C libs and don't use TH - , Apt.installed ["libghc-dbus-dev", "libghc-fdo-notify-dev", "libghc-network-protocol-xmpp-dev"] - ] - buildDepsNoHaskellLibs :: Property buildDepsNoHaskellLibs = Apt.installed ["git", "rsync", "moreutils", "ca-certificates", "debhelper", "ghc", "curl", "openssh-client", "git-remote-gcrypt", "liblockfile-simple-perl", "cabal-install", "vim", "less", + -- needed by haskell libs + "libxml2-dev", "libidn11-dev", "libgsasl7-dev", "libgnutls-dev", "alex", "happy", "c2hs" ] @@ -154,7 +149,7 @@ armelCompanionContainer dockerImage = Docker.container "armel-git-annex-builder- & User.accountFor builduser -- Install current versions of build deps from cabal. & tree "armel" - & buildDepsFewHaskellLibs + & buildDepsNoHaskellLibs & cabalDeps -- The armel builder can ssh to this companion. & Docker.expose "22" @@ -176,7 +171,7 @@ armelAutoBuilderContainer dockerImage crontimes timeout = Docker.container "arme -- (Currently have to run -- git-annex/standalone/linux/install-haskell-packages -- which is not fully automated.) - & buildDepsFewHaskellLibs + & buildDepsNoHaskellLibs & autobuilder crontimes timeout True `requires` tree "armel" & Ssh.keyImported SshRsa builduser