diff --git a/config-joey.hs b/config-joey.hs index 8c44d10..50e712a 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -75,7 +75,6 @@ darkstar = host "darkstar.kitenet.net" & Apt.buildDep ["git-annex"] `period` Daily & Docker.configured - ! Docker.docked gitAnnexAndroidDev & JoeySites.postfixClientRelay (Context "darkstar.kitenet.net") & JoeySites.dkimMilter @@ -130,15 +129,9 @@ orca = standardSystem "orca.kitenet.net" Unstable "amd64" & Apt.unattendedUpgrades & Postfix.satellite & Systemd.persistentJournal - & Docker.configured - & Docker.docked (GitAnnexBuilder.standardAutoBuilderContainer dockerImage "amd64" 15 "2h") - & Systemd.nspawned (GitAnnexBuilder.standardAutoBuilderContainerNspawn "amd64" 15 "2h") - & Docker.docked (GitAnnexBuilder.standardAutoBuilderContainer dockerImage "i386" 45 "2h") - & Docker.docked (GitAnnexBuilder.armelCompanionContainer dockerImage) - & Docker.docked (GitAnnexBuilder.armelAutoBuilderContainer dockerImage (Cron.Times "1 3 * * *") "5h") - & Docker.docked (GitAnnexBuilder.androidAutoBuilderContainer dockerImage (Cron.Times "1 1 * * *") "3h") - & Docker.garbageCollected `period` Daily - & Apt.buildDep ["git-annex"] `period` Daily + & Systemd.nspawned (GitAnnexBuilder.standardAutoBuilderContainer "amd64" 15 "2h") + & Systemd.nspawned (GitAnnexBuilder.standardAutoBuilderContainer "i386" 15 "2h") + & Systemd.nspawned (GitAnnexBuilder.androidAutoBuilderContainer (Cron.Times "1 1 * * *") "3h") -- This is not a complete description of kite, since it's a -- multiuser system with eg, user passwords that are not deployed @@ -408,13 +401,6 @@ oldusenetShellBox = standardStableContainer "oldusenet-shellbox" & Docker.publish "4200:4200" & JoeySites.oldUseNetShellBox --- for development of git-annex for android, using my git-annex work tree -gitAnnexAndroidDev :: Docker.Container -gitAnnexAndroidDev = GitAnnexBuilder.androidContainer dockerImage "android-git-annex" doNothing gitannexdir - & Docker.volume ("/home/joey/src/git-annex:" ++ gitannexdir) - where - gitannexdir = GitAnnexBuilder.homedir "git-annex" - jerryPlay :: Docker.Container jerryPlay = standardContainer "jerryplay" Unstable "amd64" & alias "jerryplay.kitenet.net" diff --git a/debian/changelog b/debian/changelog index 96a9f74..5d70582 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,8 @@ propellor (2.5.0) UNRELEASED; urgency=medium * Export CommandParam, boolSystem, safeSystem and shellEscape from Propellor.Property.Cmd, so they are available for use in constricting your own Properties when using propellor as a library. + * Improve enter-machine scripts for nspawn containers to unset most + environment variables. -- Joey Hess Thu, 07 May 2015 12:08:34 -0400 diff --git a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs index 6108bf1..86bf104 100644 --- a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs +++ b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs @@ -94,22 +94,9 @@ cabalDeps = flagFile go cabalupdated go = userScriptProperty (User builduser) ["cabal update && cabal install git-annex --only-dependencies || true"] cabalupdated = homedir ".cabal" "packages" "hackage.haskell.org" "00-index.cache" -standardAutoBuilderContainer :: (System -> Docker.Image) -> Architecture -> Int -> TimeOut -> Docker.Container -standardAutoBuilderContainer dockerImage arch buildminute timeout = Docker.container (arch ++ "-git-annex-builder") - (dockerImage $ System (Debian Testing) arch) - & os (System (Debian Testing) arch) - & Apt.stdSourcesList - & Apt.installed ["systemd"] - & Apt.unattendedUpgrades - & User.accountFor (User builduser) - & tree arch - & buildDepsApt - & autobuilder arch (Cron.Times $ show buildminute ++ " * * * *") timeout - & Docker.tweaked - -standardAutoBuilderContainerNspawn :: Architecture -> Int -> TimeOut -> Systemd.Container -standardAutoBuilderContainerNspawn arch buildminute timeout = Systemd.container name bootstrap - & os myos +standardAutoBuilderContainer :: Architecture -> Int -> TimeOut -> Systemd.Container +standardAutoBuilderContainer arch buildminute timeout = Systemd.container name bootstrap + & os osver & Apt.stdSourcesList & Apt.unattendedUpgrades & User.accountFor (User builduser) @@ -118,35 +105,31 @@ standardAutoBuilderContainerNspawn arch buildminute timeout = Systemd.container & autobuilder arch (Cron.Times $ show buildminute ++ " * * * *") timeout where name = arch ++ "-git-annex-builder" - bootstrap = Chroot.debootstrapped myos mempty - myos = System (Debian Unstable) arch + bootstrap = Chroot.debootstrapped osver mempty + osver = System (Debian Testing) arch -androidAutoBuilderContainer :: (System -> Docker.Image) -> Times -> TimeOut -> Docker.Container -androidAutoBuilderContainer dockerImage crontimes timeout = - androidContainer dockerImage "android-git-annex-builder" (tree "android") builddir +androidAutoBuilderContainer :: Times -> TimeOut -> Systemd.Container +androidAutoBuilderContainer crontimes timeout = + androidContainer "android-git-annex-builder" (tree "android") builddir & Apt.unattendedUpgrades & autobuilder "android" crontimes timeout -- Android is cross-built in a Debian i386 container, using the Android NDK. androidContainer :: (IsProp (Property (CInfo NoInfo i)), (Combines (Property NoInfo) (Property i))) - => (System -> Docker.Image) - -> Docker.ContainerName + => Systemd.MachineName -> Property i -> FilePath - -> Docker.Container -androidContainer dockerImage name setupgitannexdir gitannexdir = Docker.container name - (dockerImage osver) + -> Systemd.Container +androidContainer name setupgitannexdir gitannexdir = Systemd.container name bootstrap & os osver & Apt.stdSourcesList - & Apt.installed ["systemd"] - & Docker.tweaked & User.accountFor (User builduser) & File.dirExists gitbuilderdir & File.ownerGroup homedir (User builduser) (Group builduser) - & buildDepsApt & flagFile chrootsetup ("/chrootsetup") `requires` setupgitannexdir + & buildDepsApt & flagFile haskellpkgsinstalled ("/haskellpkgsinstalled") where -- Use git-annex's android chroot setup script, which will install @@ -159,6 +142,7 @@ androidContainer dockerImage name setupgitannexdir gitannexdir = Docker.containe [ "cd " ++ gitannexdir ++ " && ./standalone/android/install-haskell-packages" ] osver = System (Debian Testing) "i386" + bootstrap = Chroot.debootstrapped osver mempty -- armel builder has a companion container using amd64 that -- runs the build first to get TH splices. They need diff --git a/src/Propellor/Property/Systemd.hs b/src/Propellor/Property/Systemd.hs index 78a9996..c698f78 100644 --- a/src/Propellor/Property/Systemd.hs +++ b/src/Propellor/Property/Systemd.hs @@ -215,15 +215,19 @@ enterScript c@(Container name _ _) = setup teardown where setup = combineProperties ("generated " ++ enterScriptFile c) [ scriptfile `File.hasContent` - [ "#!/bin/sh" + [ "#!/usr/bin/perl" , "# Generated by propellor" - , "pid=\"$(machinectl show " ++ shellEscape name ++ " -p Leader | cut -d= -f2)\" || true" - , "if [ -n \"$pid\" ]; then" - , "\tnsenter -p -u -n -i -m -t \"$pid\" \"$@\"" - , "else" - , "\techo container not running >&2" - , "\texit 1" - , "fi" + , "my $pid=`machinectl show " ++ shellEscape name ++ " -p Leader | cut -d= -f2`;" + , "chomp $pid;" + , "if (length $pid) {" + , "\tforeach my $var (keys %ENV) {" + , "\t\tdelete $ENV{$var} unless $var eq 'PATH' || $var eq 'TERM';" + , "\t}" + , "\texec('nsenter', '-p', '-u', '-n', '-i', '-m', '-t', $pid, @ARGV);" + , "} else {" + , "\tdie 'container not running';" + , "}" + , "exit(1);" ] , scriptfile `File.mode` combineModes (readModes ++ executeModes) ] diff --git a/src/Utility/Data.hs b/src/Utility/Data.hs index 5ecd218..27c0a82 100644 --- a/src/Utility/Data.hs +++ b/src/Utility/Data.hs @@ -5,6 +5,8 @@ - License: BSD-2-clause -} +{-# OPTIONS_GHC -fno-warn-tabs #-} + module Utility.Data where {- First item in the list that is not Nothing. -} diff --git a/src/Utility/Directory.hs b/src/Utility/Directory.hs index 2e037fd..7322cd8 100644 --- a/src/Utility/Directory.hs +++ b/src/Utility/Directory.hs @@ -6,6 +6,7 @@ -} {-# LANGUAGE CPP #-} +{-# OPTIONS_GHC -fno-warn-tabs #-} module Utility.Directory where @@ -18,6 +19,7 @@ import Control.Applicative import Control.Concurrent import System.IO.Unsafe (unsafeInterleaveIO) import Data.Maybe +import Prelude #ifdef mingw32_HOST_OS import qualified System.Win32 as Win32 diff --git a/src/Utility/Env.hs b/src/Utility/Env.hs index fdf06d8..c56f4ec 100644 --- a/src/Utility/Env.hs +++ b/src/Utility/Env.hs @@ -6,6 +6,7 @@ -} {-# LANGUAGE CPP #-} +{-# OPTIONS_GHC -fno-warn-tabs #-} module Utility.Env where @@ -13,6 +14,7 @@ module Utility.Env where import Utility.Exception import Control.Applicative import Data.Maybe +import Prelude import qualified System.Environment as E import qualified System.SetEnv #else diff --git a/src/Utility/Exception.hs b/src/Utility/Exception.hs index ab47ae9..9d4236c 100644 --- a/src/Utility/Exception.hs +++ b/src/Utility/Exception.hs @@ -6,6 +6,7 @@ -} {-# LANGUAGE ScopedTypeVariables #-} +{-# OPTIONS_GHC -fno-warn-tabs #-} module Utility.Exception ( module X, diff --git a/src/Utility/FileMode.hs b/src/Utility/FileMode.hs index 201b845..fdf1b56 100644 --- a/src/Utility/FileMode.hs +++ b/src/Utility/FileMode.hs @@ -22,15 +22,12 @@ import Utility.Exception {- Applies a conversion function to a file's mode. -} modifyFileMode :: FilePath -> (FileMode -> FileMode) -> IO () -modifyFileMode f convert = void $ modifyFileMode' f convert -modifyFileMode' :: FilePath -> (FileMode -> FileMode) -> IO FileMode -modifyFileMode' f convert = do +modifyFileMode f convert = do s <- getFileStatus f let old = fileMode s let new = convert old when (new /= old) $ setFileMode f new - return old {- Adds the specified FileModes to the input mode, leaving the rest - unchanged. -} @@ -41,14 +38,6 @@ addModes ms m = combineModes (m:ms) removeModes :: [FileMode] -> FileMode -> FileMode removeModes ms m = m `intersectFileModes` complement (combineModes ms) -{- Runs an action after changing a file's mode, then restores the old mode. -} -withModifiedFileMode :: FilePath -> (FileMode -> FileMode) -> IO a -> IO a -withModifiedFileMode file convert a = bracket setup cleanup go - where - setup = modifyFileMode' file convert - cleanup oldmode = modifyFileMode file (const oldmode) - go _ = a - writeModes :: [FileMode] writeModes = [ownerWriteMode, groupWriteMode, otherWriteMode] diff --git a/src/Utility/FileSystemEncoding.hs b/src/Utility/FileSystemEncoding.hs index 139b74f..41c5972 100644 --- a/src/Utility/FileSystemEncoding.hs +++ b/src/Utility/FileSystemEncoding.hs @@ -6,6 +6,7 @@ -} {-# LANGUAGE CPP #-} +{-# OPTIONS_GHC -fno-warn-tabs #-} module Utility.FileSystemEncoding ( fileEncoding, diff --git a/src/Utility/LinuxMkLibs.hs b/src/Utility/LinuxMkLibs.hs index db64d12..fdeb779 100644 --- a/src/Utility/LinuxMkLibs.hs +++ b/src/Utility/LinuxMkLibs.hs @@ -7,7 +7,12 @@ module Utility.LinuxMkLibs where -import Control.Applicative +import Utility.PartialPrelude +import Utility.Directory +import Utility.Process +import Utility.Monad +import Utility.Path + import Data.Maybe import System.Directory import System.FilePath @@ -15,12 +20,8 @@ import Data.List.Utils import System.Posix.Files import Data.Char import Control.Monad.IfElse - -import Utility.PartialPrelude -import Utility.Directory -import Utility.Process -import Utility.Monad -import Utility.Path +import Control.Applicative +import Prelude {- Installs a library. If the library is a symlink to another file, - install the file it links to, and update the symlink to be relative. -} diff --git a/src/Utility/Misc.hs b/src/Utility/Misc.hs index e4eccac..45d5a06 100644 --- a/src/Utility/Misc.hs +++ b/src/Utility/Misc.hs @@ -6,23 +6,25 @@ -} {-# LANGUAGE CPP #-} +{-# OPTIONS_GHC -fno-warn-tabs #-} module Utility.Misc where +import Utility.FileSystemEncoding +import Utility.Monad + import System.IO import Control.Monad import Foreign import Data.Char import Data.List -import Control.Applicative import System.Exit #ifndef mingw32_HOST_OS import System.Posix.Process (getAnyProcessStatus) import Utility.Exception #endif - -import Utility.FileSystemEncoding -import Utility.Monad +import Control.Applicative +import Prelude {- A version of hgetContents that is not lazy. Ensures file is - all read before it gets closed. -} diff --git a/src/Utility/Monad.hs b/src/Utility/Monad.hs index 878e0da..ac75104 100644 --- a/src/Utility/Monad.hs +++ b/src/Utility/Monad.hs @@ -5,6 +5,8 @@ - License: BSD-2-clause -} +{-# OPTIONS_GHC -fno-warn-tabs #-} + module Utility.Monad where import Data.Maybe diff --git a/src/Utility/PartialPrelude.hs b/src/Utility/PartialPrelude.hs index 6efa093..5579556 100644 --- a/src/Utility/PartialPrelude.hs +++ b/src/Utility/PartialPrelude.hs @@ -5,6 +5,8 @@ - them being accidentially used. -} +{-# OPTIONS_GHC -fno-warn-tabs #-} + module Utility.PartialPrelude where import qualified Data.Maybe diff --git a/src/Utility/Path.hs b/src/Utility/Path.hs index 9f0737f..8e3c2bd 100644 --- a/src/Utility/Path.hs +++ b/src/Utility/Path.hs @@ -6,6 +6,7 @@ -} {-# LANGUAGE PackageImports, CPP #-} +{-# OPTIONS_GHC -fno-warn-tabs #-} module Utility.Path where @@ -16,6 +17,7 @@ import Data.List import Data.Maybe import Data.Char import Control.Applicative +import Prelude #ifdef mingw32_HOST_OS import qualified System.FilePath.Posix as Posix diff --git a/src/Utility/PosixFiles.hs b/src/Utility/PosixFiles.hs index 5a94ead..4550beb 100644 --- a/src/Utility/PosixFiles.hs +++ b/src/Utility/PosixFiles.hs @@ -8,6 +8,7 @@ -} {-# LANGUAGE CPP #-} +{-# OPTIONS_GHC -fno-warn-tabs #-} module Utility.PosixFiles ( module X, diff --git a/src/Utility/Process.hs b/src/Utility/Process.hs index cbbe8a8..9f98596 100644 --- a/src/Utility/Process.hs +++ b/src/Utility/Process.hs @@ -7,6 +7,7 @@ -} {-# LANGUAGE CPP, Rank2Types #-} +{-# OPTIONS_GHC -fno-warn-tabs #-} module Utility.Process ( module X, @@ -54,6 +55,7 @@ import qualified System.Posix.IO import Control.Applicative #endif import Data.Maybe +import Prelude import Utility.Misc import Utility.Exception diff --git a/src/Utility/QuickCheck.hs b/src/Utility/QuickCheck.hs index 54200d3..cd408dd 100644 --- a/src/Utility/QuickCheck.hs +++ b/src/Utility/QuickCheck.hs @@ -19,6 +19,7 @@ import System.Posix.Types import qualified Data.Map as M import qualified Data.Set as S import Control.Applicative +import Prelude instance (Arbitrary k, Arbitrary v, Eq k, Ord k) => Arbitrary (M.Map k v) where arbitrary = M.fromList <$> arbitrary diff --git a/src/Utility/Scheduled.hs b/src/Utility/Scheduled.hs index e077a1f..b381332 100644 --- a/src/Utility/Scheduled.hs +++ b/src/Utility/Scheduled.hs @@ -32,7 +32,6 @@ import Utility.QuickCheck import Utility.PartialPrelude import Utility.Misc -import Control.Applicative import Data.List import Data.Time.Clock import Data.Time.LocalTime @@ -41,6 +40,8 @@ import Data.Time.Calendar.WeekDate import Data.Time.Calendar.OrdinalDate import Data.Tuple.Utils import Data.Char +import Control.Applicative +import Prelude {- Some sort of scheduled event. -} data Schedule = Schedule Recurrance ScheduledTime diff --git a/src/Utility/Tmp.hs b/src/Utility/Tmp.hs index dc55981..de970fe 100644 --- a/src/Utility/Tmp.hs +++ b/src/Utility/Tmp.hs @@ -6,6 +6,7 @@ -} {-# LANGUAGE CPP #-} +{-# OPTIONS_GHC -fno-warn-tabs #-} module Utility.Tmp where diff --git a/src/Utility/UserInfo.hs b/src/Utility/UserInfo.hs index 5bf8d5c..7e94caf 100644 --- a/src/Utility/UserInfo.hs +++ b/src/Utility/UserInfo.hs @@ -6,6 +6,7 @@ -} {-# LANGUAGE CPP #-} +{-# OPTIONS_GHC -fno-warn-tabs #-} module Utility.UserInfo ( myHomeDir, @@ -13,12 +14,13 @@ module Utility.UserInfo ( myUserGecos, ) where +import Utility.Env + import System.PosixCompat #ifndef mingw32_HOST_OS import Control.Applicative #endif - -import Utility.Env +import Prelude {- Current user's home directory. -