Merge branch 'joeyconfig'

This commit is contained in:
Joey Hess 2014-06-13 10:06:52 -04:00
commit 9e35d6b564
4 changed files with 14 additions and 16 deletions

6
debian/changelog vendored
View File

@ -1,12 +1,14 @@
propellor (0.7.0) UNRELEASED; urgency=medium propellor (0.7.0) unstable; urgency=medium
* combineProperties no longer stops when a property fails; now it continues * combineProperties no longer stops when a property fails; now it continues
trying to satisfy all properties on the list before propigating the trying to satisfy all properties on the list before propigating the
failure. failure.
* Attr is renamed to Info. * Attr is renamed to Info.
* Renamed wrapper to propellor to make cabal installation of propellor work. * Renamed wrapper to propellor to make cabal installation of propellor work.
* When git gpg signature of a fetched git branch cannot be verified,
propellor will now continue running, but without merging in that branch.
-- Joey Hess <joeyh@debian.org> Sat, 07 Jun 2014 00:12:44 -0400 -- Joey Hess <joeyh@debian.org> Fri, 13 Jun 2014 10:06:40 -0400
propellor (0.6.0) unstable; urgency=medium propellor (0.6.0) unstable; urgency=medium

View File

@ -132,6 +132,8 @@ updateFirst cmdline next = do
void $ actionMessage "Git fetch" $ boolSystem "git" [Param "fetch"] void $ actionMessage "Git fetch" $ boolSystem "git" [Param "fetch"]
oldsha <- getCurrentGitSha1 branchref
whenM (doesFileExist keyring) $ do whenM (doesFileExist keyring) $ do
{- To verify origin branch commit's signature, have to {- To verify origin branch commit's signature, have to
- convince gpg to use our keyring. While running git log. - convince gpg to use our keyring. While running git log.
@ -153,10 +155,9 @@ updateFirst cmdline next = do
then do then do
putStrLn $ "git branch " ++ originbranch ++ " gpg signature verified; merging" putStrLn $ "git branch " ++ originbranch ++ " gpg signature verified; merging"
hFlush stdout hFlush stdout
else errorMessage $ "git branch " ++ originbranch ++ " is not signed with a trusted gpg key; refusing to deploy it!"
oldsha <- getCurrentGitSha1 branchref
void $ boolSystem "git" [Param "merge", Param originbranch] void $ boolSystem "git" [Param "merge", Param originbranch]
else warningMessage $ "git branch " ++ originbranch ++ " is not signed with a trusted gpg key; refusing to deploy it! (Running with previous configuration instead.)"
newsha <- getCurrentGitSha1 branchref newsha <- getCurrentGitSha1 branchref
if oldsha == newsha if oldsha == newsha

View File

@ -265,5 +265,5 @@ trustsKey k = RevertableProperty trust untrust
-- | Cleans apt's cache of downloaded packages to avoid using up disk -- | Cleans apt's cache of downloaded packages to avoid using up disk
-- space. -- space.
cacheCleaned :: Property cacheCleaned :: Property
cacheCleaned = cmdProperty "apt-get" ["clean"] cacheCleaned = trivial $ cmdProperty "apt-get" ["clean"]
`describe` "apt cache cleaned" `describe` "apt cache cleaned"

View File

@ -69,22 +69,17 @@ tree buildarch = combineProperties "gitannexbuilder tree"
buildDepsApt :: Property buildDepsApt :: Property
buildDepsApt = combineProperties "gitannexbuilder build deps" buildDepsApt = combineProperties "gitannexbuilder build deps"
[ Apt.buildDep ["git-annex"] [ Apt.buildDep ["git-annex"]
, buildDepsFewHaskellLibs , buildDepsNoHaskellLibs
, "git-annex source build deps installed" ==> Apt.buildDepIn builddir , "git-annex source build deps installed" ==> Apt.buildDepIn builddir
] ]
buildDepsFewHaskellLibs :: Property
buildDepsFewHaskellLibs = combineProperties "gitannexbuilder build deps"
[ buildDepsNoHaskellLibs
-- these haskell libs depend on C libs and don't use TH
, Apt.installed ["libghc-dbus-dev", "libghc-fdo-notify-dev", "libghc-network-protocol-xmpp-dev"]
]
buildDepsNoHaskellLibs :: Property buildDepsNoHaskellLibs :: Property
buildDepsNoHaskellLibs = Apt.installed buildDepsNoHaskellLibs = Apt.installed
["git", "rsync", "moreutils", "ca-certificates", ["git", "rsync", "moreutils", "ca-certificates",
"debhelper", "ghc", "curl", "openssh-client", "git-remote-gcrypt", "debhelper", "ghc", "curl", "openssh-client", "git-remote-gcrypt",
"liblockfile-simple-perl", "cabal-install", "vim", "less", "liblockfile-simple-perl", "cabal-install", "vim", "less",
-- needed by haskell libs
"libxml2-dev", "libidn11-dev", "libgsasl7-dev", "libgnutls-dev",
"alex", "happy", "c2hs" "alex", "happy", "c2hs"
] ]
@ -154,7 +149,7 @@ armelCompanionContainer dockerImage = Docker.container "armel-git-annex-builder-
& User.accountFor builduser & User.accountFor builduser
-- Install current versions of build deps from cabal. -- Install current versions of build deps from cabal.
& tree "armel" & tree "armel"
& buildDepsFewHaskellLibs & buildDepsNoHaskellLibs
& cabalDeps & cabalDeps
-- The armel builder can ssh to this companion. -- The armel builder can ssh to this companion.
& Docker.expose "22" & Docker.expose "22"
@ -176,7 +171,7 @@ armelAutoBuilderContainer dockerImage crontimes timeout = Docker.container "arme
-- (Currently have to run -- (Currently have to run
-- git-annex/standalone/linux/install-haskell-packages -- git-annex/standalone/linux/install-haskell-packages
-- which is not fully automated.) -- which is not fully automated.)
& buildDepsFewHaskellLibs & buildDepsNoHaskellLibs
& autobuilder crontimes timeout True & autobuilder crontimes timeout True
`requires` tree "armel" `requires` tree "armel"
& Ssh.keyImported SshRsa builduser & Ssh.keyImported SshRsa builduser