* Ssh.authorizedKey: Make the authorized_keys file and .ssh directory
be owned by the user, not root.
* Ssh.knownHost: Make the .ssh directory be owned by the user, not root.
* Property has been converted to a GADT, and will be Property NoInfo
or Property HasInfo.
This was done to make sure that ensureProperty is only used on
properties that do not have Info.
Transition guide:
- Change all "Property" to "Property NoInfo" or "Property WithInfo"
(The compiler can tell you if you got it wrong!)
- To construct a RevertableProperty, it is useful to use the new
(<!>) operator
- Constructing a list of properties can be problimatic, since
Property NoInto and Property WithInfo are different types and cannot
appear in the same list. To deal with this, "props" has been added,
and can built up a list of properties of different types,
using the same (&) and (!) operators that are used to build
up a host's properties.
Properties now form a tree, instead of the flat list used before.
This simplifies propigation of Info from the Properties used inside a
container to the outer host; the Property that docks the container on the
host can just have as child properties all the inner Properties, and their
Info can then be gathered recursively. (Although in practice it still needs
to be filtered, since not all Info should propigate out of a container.)
Note that there is no change to how Properties are actually satisfied.
Just because a Property lists some child properties, this does not mean
they always have their propertySatisfy actions run. It's still up to the
parent property to run those actions.
That's necessary so that a container's properties can be satisfied inside
it, not outside. It also allows property combinators to
add the combined Properties to their childProperties list, even if,
like onChange, they don't always run the child properties at all.
Testing: I tested that the exact same Info is calculated before and after
this change, for every Host in my config file.
* Added CryptPassword to PrivDataField, for password hashes as produced
by crypt(3).
* User.hasPassword and User.hasSomePassword will now use either
a CryptPassword or a Password from privdata, depending on which is set.
This is not a complete fix for the problem that Info doen't propigate
from the called property when code does something like:
do
hostname <- asks hostName
ensureProperty $ foo hostname
Instead, I just eliminated the need to implement hasPassword that way,
by making the PrivData Info use a HostContext which automatically
gets the right hostname passed to it.
All other uses of withPrivData don't have the problem. It's still possible
for the user to run into the problem if they write something like the
above, where foo is a property that uses privdata. However, all properties
that take a Context now also accept a HostContext, so it's at least less
likely the user needs to write that.
Particularly, the Makefile would try to build propellor if there were
updates, but if this build failed because a bad commit was pushed, it would
abort w/o pulling any new fixed commits.
Anyway, it's better to move away from using the makefile when possible as
it's just for bootstrapping, and also I would like to make "make" not
default to running propellor as that can be confusing behavior.
(I can't change that yet; needed for upgrades. Should be fine to change
after several more releases, or maybe a year..)
Note that if it fails to spin a host, it will stop. I think this is better
than continuing to the next, because there might be a reason to spin hosts
in some specific order (ie, update dns first and then use it).
Currently TERM is checked for every message. Could be memoized, but it
would add complexity, and typical propellor output is not going to be more
than a few hundred messages, and likely this will be swamped by the actual
work.
It might be better to do this check on boot to limit the time running the
DO kernel (which is not well security supported), but that has the
possibility of entering a bad reboot loop. Limiting this check to when
propellor runs avoids that, while still fixing the problem pretty fast.