Merge branch 'joeyconfig'

config-joey.hs

@@ -75,7 +75,6 @@ darkstar = host "darkstar.kitenet.net"
 
 	& Apt.buildDep ["git-annex"] `period` Daily
 	& Docker.configured
-	! Docker.docked gitAnnexAndroidDev
 
 	& JoeySites.postfixClientRelay (Context "darkstar.kitenet.net")
 	& JoeySites.dkimMilter
@@ -130,15 +129,9 @@ orca = standardSystem "orca.kitenet.net" Unstable "amd64"
 	& Apt.unattendedUpgrades
 	& Postfix.satellite
 	& Systemd.persistentJournal
-	& Docker.configured
+	& Systemd.nspawned (GitAnnexBuilder.standardAutoBuilderContainer "amd64" 15 "2h")
-	& Docker.docked (GitAnnexBuilder.standardAutoBuilderContainer dockerImage "amd64" 15 "2h")
+	& Systemd.nspawned (GitAnnexBuilder.standardAutoBuilderContainer "i386" 15 "2h")
-	& Systemd.nspawned (GitAnnexBuilder.standardAutoBuilderContainerNspawn "amd64" 15 "2h")
+	& Systemd.nspawned (GitAnnexBuilder.androidAutoBuilderContainer (Cron.Times "1 1 * * *") "3h")
-	& Docker.docked (GitAnnexBuilder.standardAutoBuilderContainer dockerImage "i386" 45 "2h")
-	& Docker.docked (GitAnnexBuilder.armelCompanionContainer dockerImage)
-	& Docker.docked (GitAnnexBuilder.armelAutoBuilderContainer dockerImage (Cron.Times "1 3 * * *") "5h")
-	& Docker.docked (GitAnnexBuilder.androidAutoBuilderContainer dockerImage (Cron.Times "1 1 * * *") "3h")
-	& Docker.garbageCollected `period` Daily
-	& Apt.buildDep ["git-annex"] `period` Daily
 
 -- This is not a complete description of kite, since it's a
 -- multiuser system with eg, user passwords that are not deployed
@@ -408,13 +401,6 @@ oldusenetShellBox = standardStableContainer "oldusenet-shellbox"
 	& Docker.publish "4200:4200"
 	& JoeySites.oldUseNetShellBox
 
--- for development of git-annex for android, using my git-annex work tree
-gitAnnexAndroidDev :: Docker.Container
-gitAnnexAndroidDev = GitAnnexBuilder.androidContainer dockerImage "android-git-annex" doNothing gitannexdir
-	& Docker.volume ("/home/joey/src/git-annex:" ++ gitannexdir)
-  where
-	gitannexdir = GitAnnexBuilder.homedir </> "git-annex"
-	
 jerryPlay :: Docker.Container
 jerryPlay = standardContainer "jerryplay" Unstable "amd64"
 	& alias "jerryplay.kitenet.net"

debian/changelog

@@ -7,6 +7,8 @@ propellor (2.5.0) UNRELEASED; urgency=medium
   * Export CommandParam, boolSystem, safeSystem and shellEscape from
     Propellor.Property.Cmd, so they are available for use in constricting
     your own Properties when using propellor as a library.
+  * Improve enter-machine scripts for nspawn containers to unset most
+    environment variables.
 
  -- Joey Hess <id@joeyh.name>  Thu, 07 May 2015 12:08:34 -0400
 

src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs

@@ -94,22 +94,9 @@ cabalDeps = flagFile go cabalupdated
 		go = userScriptProperty (User builduser) ["cabal update && cabal install git-annex --only-dependencies || true"]
 		cabalupdated = homedir </> ".cabal" </> "packages" </> "hackage.haskell.org" </> "00-index.cache"
 
-standardAutoBuilderContainer :: (System -> Docker.Image) -> Architecture -> Int -> TimeOut -> Docker.Container
+standardAutoBuilderContainer :: Architecture -> Int -> TimeOut -> Systemd.Container
-standardAutoBuilderContainer dockerImage arch buildminute timeout = Docker.container (arch ++ "-git-annex-builder")
+standardAutoBuilderContainer arch buildminute timeout = Systemd.container name bootstrap
-	(dockerImage $ System (Debian Testing) arch)
+	& os osver
-	& os (System (Debian Testing) arch)
-	& Apt.stdSourcesList
-	& Apt.installed ["systemd"]
-	& Apt.unattendedUpgrades
-	& User.accountFor (User builduser)
-	& tree arch
-	& buildDepsApt
-	& autobuilder arch (Cron.Times $ show buildminute ++ " * * * *") timeout
-	& Docker.tweaked
-
-standardAutoBuilderContainerNspawn :: Architecture -> Int -> TimeOut -> Systemd.Container
-standardAutoBuilderContainerNspawn arch buildminute timeout = Systemd.container name bootstrap
-	& os myos
 	& Apt.stdSourcesList
 	& Apt.unattendedUpgrades
 	& User.accountFor (User builduser)
@@ -118,35 +105,31 @@ standardAutoBuilderContainerNspawn arch buildminute timeout = Systemd.container
 	& autobuilder arch (Cron.Times $ show buildminute ++ " * * * *") timeout
   where
 	name = arch ++ "-git-annex-builder"
-	bootstrap = Chroot.debootstrapped myos mempty
+	bootstrap = Chroot.debootstrapped osver mempty
-	myos = System (Debian Unstable) arch
+	osver = System (Debian Testing) arch
 
-androidAutoBuilderContainer :: (System -> Docker.Image) -> Times -> TimeOut -> Docker.Container
+androidAutoBuilderContainer :: Times -> TimeOut -> Systemd.Container
-androidAutoBuilderContainer dockerImage crontimes timeout =
+androidAutoBuilderContainer crontimes timeout =
-	androidContainer dockerImage "android-git-annex-builder" (tree "android") builddir
+	androidContainer "android-git-annex-builder" (tree "android") builddir
 		& Apt.unattendedUpgrades
 		& autobuilder "android" crontimes timeout
 
 -- Android is cross-built in a Debian i386 container, using the Android NDK.
 androidContainer
 	:: (IsProp (Property (CInfo NoInfo i)), (Combines (Property NoInfo) (Property i)))
-	=> (System -> Docker.Image)
+	=> Systemd.MachineName
-	-> Docker.ContainerName
 	-> Property i
 	-> FilePath
-	-> Docker.Container
+	-> Systemd.Container
-androidContainer dockerImage name setupgitannexdir gitannexdir = Docker.container name
+androidContainer name setupgitannexdir gitannexdir = Systemd.container name bootstrap
-	(dockerImage osver)
 	& os osver
 	& Apt.stdSourcesList
-	& Apt.installed ["systemd"]
-	& Docker.tweaked
 	& User.accountFor (User builduser)
 	& File.dirExists gitbuilderdir
 	& File.ownerGroup homedir (User builduser) (Group builduser)
-	& buildDepsApt
 	& flagFile chrootsetup ("/chrootsetup")
 		`requires` setupgitannexdir
+	& buildDepsApt
 	& flagFile haskellpkgsinstalled ("/haskellpkgsinstalled")
   where
 	-- Use git-annex's android chroot setup script, which will install
@@ -159,6 +142,7 @@ androidContainer dockerImage name setupgitannexdir gitannexdir = Docker.containe
 		[ "cd " ++ gitannexdir ++ " && ./standalone/android/install-haskell-packages"
 		]
 	osver = System (Debian Testing) "i386"
+	bootstrap = Chroot.debootstrapped osver mempty
 
 -- armel builder has a companion container using amd64 that
 -- runs the build first to get TH splices. They need

src/Propellor/Property/Systemd.hs

@@ -215,15 +215,19 @@ enterScript c@(Container name _ _) = setup <!> teardown
   where
 	setup = combineProperties ("generated " ++ enterScriptFile c)
 		[ scriptfile `File.hasContent`
-			[ "#!/bin/sh"
+			[ "#!/usr/bin/perl"
 			, "# Generated by propellor"
-			, "pid=\"$(machinectl show " ++ shellEscape name ++ " -p Leader | cut -d= -f2)\" || true"
+			, "my $pid=`machinectl show " ++ shellEscape name ++ " -p Leader | cut -d= -f2`;"
-			, "if [ -n \"$pid\" ]; then"
+			, "chomp $pid;"
-			, "\tnsenter -p -u -n -i -m -t \"$pid\" \"$@\""
+			, "if (length $pid) {"
-			, "else"
+			, "\tforeach my $var (keys %ENV) {"
-			, "\techo container not running >&2"
+			, "\t\tdelete $ENV{$var} unless $var eq 'PATH' || $var eq 'TERM';"
-			, "\texit 1"
+			, "\t}"
-			, "fi"
+			, "\texec('nsenter', '-p', '-u', '-n', '-i', '-m', '-t', $pid, @ARGV);"
+			, "} else {"
+			, "\tdie 'container not running';"
+			, "}"
+			, "exit(1);"
 			]
 		, scriptfile `File.mode` combineModes (readModes ++ executeModes)
 		]

src/Utility/Data.hs

@@ -5,6 +5,8 @@
  - License: BSD-2-clause
  -}
 
+{-# OPTIONS_GHC -fno-warn-tabs #-}
+
 module Utility.Data where
 
 {- First item in the list that is not Nothing. -}

src/Utility/Directory.hs

@@ -6,6 +6,7 @@
  -}
 
 {-# LANGUAGE CPP #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
 
 module Utility.Directory where
 
@@ -18,6 +19,7 @@ import Control.Applicative
 import Control.Concurrent
 import System.IO.Unsafe (unsafeInterleaveIO)
 import Data.Maybe
+import Prelude
 
 #ifdef mingw32_HOST_OS
 import qualified System.Win32 as Win32

src/Utility/Env.hs

@@ -6,6 +6,7 @@
  -}
 
 {-# LANGUAGE CPP #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
 
 module Utility.Env where
 
@@ -13,6 +14,7 @@ module Utility.Env where
 import Utility.Exception
 import Control.Applicative
 import Data.Maybe
+import Prelude
 import qualified System.Environment as E
 import qualified System.SetEnv
 #else

src/Utility/Exception.hs

@@ -6,6 +6,7 @@
  -}
 
 {-# LANGUAGE ScopedTypeVariables #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
 
 module Utility.Exception (
 	module X,

src/Utility/FileMode.hs

@@ -22,15 +22,12 @@ import Utility.Exception
 
 {- Applies a conversion function to a file's mode. -}
 modifyFileMode :: FilePath -> (FileMode -> FileMode) -> IO ()
-modifyFileMode f convert = void $ modifyFileMode' f convert
+modifyFileMode f convert = do
-modifyFileMode' :: FilePath -> (FileMode -> FileMode) -> IO FileMode
-modifyFileMode' f convert = do
 	s <- getFileStatus f
 	let old = fileMode s
 	let new = convert old
 	when (new /= old) $
 		setFileMode f new
-	return old
 
 {- Adds the specified FileModes to the input mode, leaving the rest
  - unchanged. -}
@@ -41,14 +38,6 @@ addModes ms m = combineModes (m:ms)
 removeModes :: [FileMode] -> FileMode -> FileMode
 removeModes ms m = m `intersectFileModes` complement (combineModes ms)
 
-{- Runs an action after changing a file's mode, then restores the old mode. -}
-withModifiedFileMode :: FilePath -> (FileMode -> FileMode) -> IO a -> IO a
-withModifiedFileMode file convert a = bracket setup cleanup go
-  where
-	setup = modifyFileMode' file convert
-	cleanup oldmode = modifyFileMode file (const oldmode)
-	go _ = a
-
 writeModes :: [FileMode]
 writeModes = [ownerWriteMode, groupWriteMode, otherWriteMode]
 

src/Utility/FileSystemEncoding.hs

@@ -6,6 +6,7 @@
  -}
 
 {-# LANGUAGE CPP #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
 
 module Utility.FileSystemEncoding (
 	fileEncoding,

src/Utility/LinuxMkLibs.hs

@@ -7,7 +7,12 @@
 
 module Utility.LinuxMkLibs where
 
-import Control.Applicative
+import Utility.PartialPrelude
+import Utility.Directory
+import Utility.Process
+import Utility.Monad
+import Utility.Path
+
 import Data.Maybe
 import System.Directory
 import System.FilePath
@@ -15,12 +20,8 @@ import Data.List.Utils
 import System.Posix.Files
 import Data.Char
 import Control.Monad.IfElse
-
+import Control.Applicative
-import Utility.PartialPrelude
+import Prelude
-import Utility.Directory
-import Utility.Process
-import Utility.Monad
-import Utility.Path
 
 {- Installs a library. If the library is a symlink to another file,
  - install the file it links to, and update the symlink to be relative. -}

src/Utility/Misc.hs

@@ -6,23 +6,25 @@
  -}
 
 {-# LANGUAGE CPP #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
 
 module Utility.Misc where
 
+import Utility.FileSystemEncoding
+import Utility.Monad
+
 import System.IO
 import Control.Monad
 import Foreign
 import Data.Char
 import Data.List
-import Control.Applicative
 import System.Exit
 #ifndef mingw32_HOST_OS
 import System.Posix.Process (getAnyProcessStatus)
 import Utility.Exception
 #endif
-
+import Control.Applicative
-import Utility.FileSystemEncoding
+import Prelude
-import Utility.Monad
 
 {- A version of hgetContents that is not lazy. Ensures file is 
  - all read before it gets closed. -}

src/Utility/Monad.hs

@@ -5,6 +5,8 @@
  - License: BSD-2-clause
  -}
 
+{-# OPTIONS_GHC -fno-warn-tabs #-}
+
 module Utility.Monad where
 
 import Data.Maybe

src/Utility/PartialPrelude.hs

@@ -5,6 +5,8 @@
  - them being accidentially used.
  -}
 
+{-# OPTIONS_GHC -fno-warn-tabs #-}
+
 module Utility.PartialPrelude where
 
 import qualified Data.Maybe

src/Utility/Path.hs

@@ -6,6 +6,7 @@
  -}
 
 {-# LANGUAGE PackageImports, CPP #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
 
 module Utility.Path where
 
@@ -16,6 +17,7 @@ import Data.List
 import Data.Maybe
 import Data.Char
 import Control.Applicative
+import Prelude
 
 #ifdef mingw32_HOST_OS
 import qualified System.FilePath.Posix as Posix

src/Utility/PosixFiles.hs

@@ -8,6 +8,7 @@
  -}
 
 {-# LANGUAGE CPP #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
 
 module Utility.PosixFiles (
 	module X,

src/Utility/Process.hs

@@ -7,6 +7,7 @@
  -}
 
 {-# LANGUAGE CPP, Rank2Types #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
 
 module Utility.Process (
 	module X,
@@ -54,6 +55,7 @@ import qualified System.Posix.IO
 import Control.Applicative
 #endif
 import Data.Maybe
+import Prelude
 
 import Utility.Misc
 import Utility.Exception

src/Utility/QuickCheck.hs

@@ -19,6 +19,7 @@ import System.Posix.Types
 import qualified Data.Map as M
 import qualified Data.Set as S
 import Control.Applicative
+import Prelude
 
 instance (Arbitrary k, Arbitrary v, Eq k, Ord k) => Arbitrary (M.Map k v) where
 	arbitrary = M.fromList <$> arbitrary

src/Utility/Scheduled.hs

@@ -32,7 +32,6 @@ import Utility.QuickCheck
 import Utility.PartialPrelude
 import Utility.Misc
 
-import Control.Applicative
 import Data.List
 import Data.Time.Clock
 import Data.Time.LocalTime
@@ -41,6 +40,8 @@ import Data.Time.Calendar.WeekDate
 import Data.Time.Calendar.OrdinalDate
 import Data.Tuple.Utils
 import Data.Char
+import Control.Applicative
+import Prelude
 
 {- Some sort of scheduled event. -}
 data Schedule = Schedule Recurrance ScheduledTime

src/Utility/Tmp.hs

@@ -6,6 +6,7 @@
  -}
 
 {-# LANGUAGE CPP #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
 
 module Utility.Tmp where
 

src/Utility/UserInfo.hs

@@ -6,6 +6,7 @@
  -}
 
 {-# LANGUAGE CPP #-}
+{-# OPTIONS_GHC -fno-warn-tabs #-}
 
 module Utility.UserInfo (
 	myHomeDir,
@@ -13,12 +14,13 @@ module Utility.UserInfo (
 	myUserGecos,
 ) where
 
+import Utility.Env
+
 import System.PosixCompat
 #ifndef mingw32_HOST_OS
 import Control.Applicative
 #endif
-
+import Prelude
-import Utility.Env
 
 {- Current user's home directory.
  -