From 5dcebc78fd9a53456b6abd503bdd43cf8ccea53f Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Tue, 10 Jun 2014 09:32:44 -0400
Subject: [PATCH 1/7] propellor spin


From f65cd1500fca2bb7f44e1c76f07821d7ecf5b132 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Tue, 10 Jun 2014 10:08:12 -0400
Subject: [PATCH 2/7] propellor spin

---
 .../Property/SiteSpecific/GitAnnexBuilder.hs      | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs
index 8ef4f6a..85584e4 100644
--- a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs
+++ b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs
@@ -69,22 +69,17 @@ tree buildarch = combineProperties "gitannexbuilder tree"
 buildDepsApt :: Property
 buildDepsApt = combineProperties "gitannexbuilder build deps"
 	[ Apt.buildDep ["git-annex"]
-	, buildDepsFewHaskellLibs
+	, buildDepsNoHaskellLibs
 	, "git-annex source build deps installed" ==> Apt.buildDepIn builddir
 	]
 
-buildDepsFewHaskellLibs :: Property
-buildDepsFewHaskellLibs = combineProperties "gitannexbuilder build deps"
-	[ buildDepsNoHaskellLibs
-	-- these haskell libs depend on C libs and don't use TH
-	, Apt.installed ["libghc-dbus-dev", "libghc-fdo-notify-dev", "libghc-network-protocol-xmpp-dev"]
-	]
-
 buildDepsNoHaskellLibs :: Property
 buildDepsNoHaskellLibs = Apt.installed
 	["git", "rsync", "moreutils", "ca-certificates",
 	"debhelper", "ghc", "curl", "openssh-client", "git-remote-gcrypt",
 	"liblockfile-simple-perl", "cabal-install", "vim", "less",
+	-- needed by haskell libs
+	"libxml2-dev", "libidn11-dev", "libgsasl7-dev", "libgnutls-dev",
 	"alex", "happy", "c2hs"
 	]
 
@@ -154,7 +149,7 @@ armelCompanionContainer dockerImage = Docker.container "armel-git-annex-builder-
 	& User.accountFor builduser
 	-- Install current versions of build deps from cabal.
 	& tree "armel"
-	& buildDepsFewHaskellLibs
+	& buildDepsNoHaskellLibs
 	& cabalDeps
 	-- The armel builder can ssh to this companion.
 	& Docker.expose "22"
@@ -176,7 +171,7 @@ armelAutoBuilderContainer dockerImage crontimes timeout = Docker.container "arme
 	-- (Currently have to run
 	-- git-annex/standalone/linux/install-haskell-packages
 	-- which is not fully automated.)
-	& buildDepsFewHaskellLibs
+	& buildDepsNoHaskellLibs
 	& autobuilder crontimes timeout True
 		`requires` tree "armel"
 	& Ssh.keyImported SshRsa builduser

From dd554e20b999fbd24ae15e7ee96556ff52d9f0cc Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Tue, 10 Jun 2014 15:49:17 -0400
Subject: [PATCH 3/7] When git gpg signature of a fetched git branch cannot be
 verified, propellor will now continue running, but without merging in that
 branch.

This way, propellor doesn't stop enforcing properties just because its new
configuration isn't ready. It just uses the old configuration.
---
 debian/changelog         | 2 ++
 src/Propellor/CmdLine.hs | 7 ++++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index b7303cb..58ab7ba 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,8 @@ propellor (0.7.0) UNRELEASED; urgency=medium
     failure.
   * Attr is renamed to Info.
   * Renamed wrapper to propellor to make cabal installation of propellor work.
+  * When git gpg signature of a fetched git branch cannot be verified,
+    propellor will now continue running, but without merging in that branch.
 
  -- Joey Hess <joeyh@debian.org>  Sat, 07 Jun 2014 00:12:44 -0400
 
diff --git a/src/Propellor/CmdLine.hs b/src/Propellor/CmdLine.hs
index 06a5921..32e9731 100644
--- a/src/Propellor/CmdLine.hs
+++ b/src/Propellor/CmdLine.hs
@@ -132,6 +132,8 @@ updateFirst cmdline next = do
 
 	void $ actionMessage "Git fetch" $ boolSystem "git" [Param "fetch"]
 	
+	oldsha <- getCurrentGitSha1 branchref
+	
 	whenM (doesFileExist keyring) $ do
 		{- To verify origin branch commit's signature, have to
 		 - convince gpg to use our keyring. While running git log.
@@ -153,10 +155,9 @@ updateFirst cmdline next = do
 			then do
 				putStrLn $ "git branch " ++ originbranch ++ " gpg signature verified; merging"
 				hFlush stdout
-			else errorMessage $ "git branch " ++ originbranch ++ " is not signed with a trusted gpg key; refusing to deploy it!"
+				void $ boolSystem "git" [Param "merge", Param originbranch]
+			else warningMessage $ "git branch " ++ originbranch ++ " is not signed with a trusted gpg key; refusing to deploy it! (Running with previous configuration instead.)"
 	
-	oldsha <- getCurrentGitSha1 branchref
-	void $ boolSystem "git" [Param "merge", Param originbranch]
 	newsha <- getCurrentGitSha1 branchref
 
 	if oldsha == newsha

From e6674e07f5975a658600a36fcb0296a006c58e4f Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Tue, 10 Jun 2014 15:49:33 -0400
Subject: [PATCH 4/7] propellor spin


From 28a80c4c487460129e0a2b30d4b4e4c0b49026b9 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Tue, 10 Jun 2014 15:50:42 -0400
Subject: [PATCH 5/7] cacheCleaned is trivial

---
 src/Propellor/Property/Apt.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Propellor/Property/Apt.hs b/src/Propellor/Property/Apt.hs
index 17057af..7e02a33 100644
--- a/src/Propellor/Property/Apt.hs
+++ b/src/Propellor/Property/Apt.hs
@@ -265,5 +265,5 @@ trustsKey k = RevertableProperty trust untrust
 -- | Cleans apt's cache of downloaded packages to avoid using up disk
 -- space.
 cacheCleaned :: Property
-cacheCleaned = cmdProperty "apt-get" ["clean"]
+cacheCleaned = trivial $ cmdProperty "apt-get" ["clean"]
 	`describe` "apt cache cleaned" 

From 91a72b9e4b574b3cc4f07f6284f18ad9d389660e Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Tue, 10 Jun 2014 15:50:53 -0400
Subject: [PATCH 6/7] propellor spin


From b6fc95602d4defced34e557db9257ddf68b2bda7 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Fri, 13 Jun 2014 10:06:42 -0400
Subject: [PATCH 7/7] prep release

---
 debian/changelog | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 58ab7ba..b3f4572 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-propellor (0.7.0) UNRELEASED; urgency=medium
+propellor (0.7.0) unstable; urgency=medium
 
   * combineProperties no longer stops when a property fails; now it continues
     trying to satisfy all properties on the list before propigating the
@@ -8,7 +8,7 @@ propellor (0.7.0) UNRELEASED; urgency=medium
   * When git gpg signature of a fetched git branch cannot be verified,
     propellor will now continue running, but without merging in that branch.
 
- -- Joey Hess <joeyh@debian.org>  Sat, 07 Jun 2014 00:12:44 -0400
+ -- Joey Hess <joeyh@debian.org>  Fri, 13 Jun 2014 10:06:40 -0400
 
 propellor (0.6.0) unstable; urgency=medium