diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2018-02-26 14:45:59 -0700 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2018-02-26 14:45:59 -0700 |
commit | ef106cc718663f853af4cf093f78b69f979943e3 (patch) | |
tree | 95c41e78bcba6c52523d619983eb5f8de227dd2a | |
parent | b72ef2ad3fd570d77498fc8389c6387bcd474ef4 (diff) | |
parent | e9c69dab91165cda0311d05e5b6a49697fae6e05 (diff) |
Merge tag '5.3.3' into debian
tagging package propellor version 5.3.3
# gpg: Signature made Mon 26 Feb 2018 11:34:46 AM MST
# gpg: using RSA key 28A500C35207EAB72F6C0F25DB12DB0FF05F8F38
# gpg: Good signature from "Joey Hess <joeyh@joeyh.name>" [full]
# Primary key fingerprint: E85A 5F63 B31D 24C1 EBF0 D81C C910 D922 2512 E3C7
# Subkey fingerprint: 28A5 00C3 5207 EAB7 2F6C 0F25 DB12 DB0F F05F 8F38
15 files changed, 229 insertions, 20 deletions
diff --git a/debian/changelog b/debian/changelog index ba71a49e..f8d23fbc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +propellor (5.3.3) unstable; urgency=medium + + * Warn again about new upstream version when ~/.propellor was cloned from the + Debian git bundle using an older version of propellor that set up an + upstream remote. + * Avoid crashing if initial fetch from origin fails when spinning a host. + * Added Propllor.Property.Openssl module contributed by contributed by + Félix Sipma. + + -- Joey Hess <id@joeyh.name> Mon, 26 Feb 2018 14:34:37 -0400 + propellor (5.3.2-1) unstable; urgency=medium * New upstream release. diff --git a/doc/forum/--spin_tries_to_pull_from_central_repository__63__.mdwn b/doc/forum/--spin_tries_to_pull_from_central_repository__63__.mdwn new file mode 100644 index 00000000..5bd97367 --- /dev/null +++ b/doc/forum/--spin_tries_to_pull_from_central_repository__63__.mdwn @@ -0,0 +1,28 @@ +Did something changed recently concerning `--spin`? It seems like I can't use it without a central repo anymore... + + + $ ./propellor --spin server + Preprocessing executable 'propellor-config' for propellor-5.3.2... + Propellor build ... done + [master cabbc1b4e] propellor spin + Git commit ... done + Counting objects: 1, done. + Writing objects: 100% (1/1), 860 bytes | 860.00 KiB/s, done. + Total 1 (delta 0), reused 0 (delta 0) + To example.org:/var/lib/git/private/propellor.git + 8c8c1b2f6..cabbc1b4e master -> master + Push to central git repository ... done + gpg: encrypted with 4096-bit RSA key, ID EC0B9FA927E29C5C, created 2013-01-29 + "Félix Sipma <felix.sipma@riseup.net>" + Host key verification failed. + fatal: Could not read from remote repository. + + Please make sure you have the correct access rights + and the repository exists. + Pull from central git repository ... failed + fatal: ambiguous argument 'origin/master': unknown revision or path not in the working tree. + Use '--' to separate paths from revisions, like this: + 'git <command> [<revision>...] -- [<file>...]' + propellor: user error (git ["log","-n","1","--format=%G?","origin/master"] exited 128) + propellor: user error (ssh ["-o","ControlPath=/home/example/.ssh/propellor/server.example.org.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@server.example.org","sh -c 'rm -rf /usr/local/propellor-precompiled ; if [ ! -d /usr/local/propellor/.git ] ; then (if ! git --version >/dev/null 2>&1; then apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -qq --no-install-recommends --no-upgrade -y install git; fi && echo STATUSNeedGitClone) || echo STATUSNeedPrecompiled ; else cd /usr/local/propellor && if ! cabal configure >/dev/null 2>&1; then ( apt-get update ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install gnupg ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install ghc ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install cabal-install ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-async-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-split-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-hslogger-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-unix-compat-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-ansi-terminal-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-ifelse-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-network-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-mtl-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-transformers-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-exceptions-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-stm-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-text-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-hashable-dev) || true; fi&& if ! test -x ./propellor; then cabal configure && cabal build -j1 propellor-config && ln -sf dist/build/propellor-config/propellor-config propellor; fi;if test -x ./propellor && ! ./propellor --check; then cabal clean && cabal configure && cabal build -j1 propellor-config && ln -sf dist/build/propellor-config/propellor-config propellor; fi && ./propellor --boot server.example.org ; fi'"] exited 1) + diff --git a/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_1_be4533d304096f431ac8d35bbf990dab._comment b/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_1_be4533d304096f431ac8d35bbf990dab._comment new file mode 100644 index 00000000..e79fabfb --- /dev/null +++ b/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_1_be4533d304096f431ac8d35bbf990dab._comment @@ -0,0 +1,13 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2018-02-22T15:34:07Z" + content=""" +--spin has always pushed/pulled from origin, if there is +a central git repository. + +It's an optional thing though, since the update is pushed directly to the +host it spins too. + +I've improved the code to avoid this particular crash.. +"""]] diff --git a/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_2_7b1f28e3eeb7f181f5715863bc836bb7._comment b/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_2_7b1f28e3eeb7f181f5715863bc836bb7._comment new file mode 100644 index 00000000..5cb2fc0b --- /dev/null +++ b/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_2_7b1f28e3eeb7f181f5715863bc836bb7._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="gueux" + avatar="http://cdn.libravatar.org/avatar/2982bac2c2cd94ab3860efb189deafc8" + subject="comment 2" + date="2018-02-23T13:16:09Z" + content=""" +I don't want my central repo to be accessible to anyone, but I still want to push there and use it for some of my hosts. Anyway, your fix works great, thanks! +"""]] diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_10_8d27d1de5e891160c3e881bd1230829f._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_10_8d27d1de5e891160c3e881bd1230829f._comment new file mode 100644 index 00000000..25d6ff1e --- /dev/null +++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_10_8d27d1de5e891160c3e881bd1230829f._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="spwhitton" + avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb" + subject="comment 10" + date="2018-02-18T21:35:23Z" + content=""" +Do you have a git remote named 'upstream'? +"""]] diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_11_67fe9f07dd726f890cf1c7956cbb1d86._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_11_67fe9f07dd726f890cf1c7956cbb1d86._comment new file mode 100644 index 00000000..106d993f --- /dev/null +++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_11_67fe9f07dd726f890cf1c7956cbb1d86._comment @@ -0,0 +1,17 @@ +[[!comment format=mdwn + username="picca" + avatar="http://cdn.libravatar.org/avatar/7e61c80d28018b10d31f6db7dddb864c" + subject="comment 11" + date="2018-02-19T06:31:32Z" + content=""" +Yes sir :) + + picca@mordor:~/.propellor$ git remote -v + deploy https://salsa.debian.org/picca/propellor.git (fetch) + deploy https://salsa.debian.org/picca/propellor.git (push) + origin git@salsa.debian.org:picca/propellor.git (fetch) + origin git@salsa.debian.org:picca/propellor.git (push) + upstream /usr/src/propellor/propellor.git (fetch) + upstream /usr/src/propellor/propellor.git (push) + +"""]] diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_12_aea497eeecb077659db3f1dfb1e5f289._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_12_aea497eeecb077659db3f1dfb1e5f289._comment new file mode 100644 index 00000000..90d0ba2c --- /dev/null +++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_12_aea497eeecb077659db3f1dfb1e5f289._comment @@ -0,0 +1,20 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 12""" + date="2018-02-19T15:48:21Z" + content=""" +What propellor --init sets up, when you select the clone option +and the Debian package is installed, is no remote +defined, but a remotes/upsteam/master tracking branch. + +So not normally this: + + upstream /usr/src/propellor/propellor.git (fetch) + +Aha! The very first revision of propellor --init +*did* set up an upstream remote pointing at the distrepo. At some point +that changed to the above described behavior. You're bitten by being an +early adopter. + +I've adjusted the logic to handle that case. +"""]] diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_13_a3039c7e86f85af4ff44bdbcd7b46313._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_13_a3039c7e86f85af4ff44bdbcd7b46313._comment new file mode 100644 index 00000000..39feff2e --- /dev/null +++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_13_a3039c7e86f85af4ff44bdbcd7b46313._comment @@ -0,0 +1,12 @@ +[[!comment format=mdwn + username="picca" + avatar="http://cdn.libravatar.org/avatar/7e61c80d28018b10d31f6db7dddb864c" + subject="comment 13" + date="2018-02-20T05:58:48Z" + content=""" +Thanks a lot joey, + +and you are right, I am fund of your works :). + +Cheers. +"""]] diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_9_f6d40ae7c03a9d94cfe8e16f11264622._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_9_f6d40ae7c03a9d94cfe8e16f11264622._comment new file mode 100644 index 00000000..492f40e1 --- /dev/null +++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_9_f6d40ae7c03a9d94cfe8e16f11264622._comment @@ -0,0 +1,21 @@ +[[!comment format=mdwn + username="picca" + avatar="http://cdn.libravatar.org/avatar/7e61c80d28018b10d31f6db7dddb864c" + subject="comment 9" + date="2018-02-18T19:10:32Z" + content=""" +Hello, I think that my problem is related to this one. + +I have a repository created from the Debian package and which is from the 5.1.0 version. +I just upgrade the package to 5.3.1 and now I do not have the message explaining that a new upstream version is available. +So I do not know how to upgrade my current repository. + +Before, I just had to do + + git merge upstream/master + +And now ? + + +thanks for your help +"""]] diff --git a/doc/news/version_5.3.2.mdwn b/doc/news/version_5.3.2.mdwn new file mode 100644 index 00000000..cd16116e --- /dev/null +++ b/doc/news/version_5.3.2.mdwn @@ -0,0 +1,10 @@ +propellor 5.3.2 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Added Propellor.Property.Atomic, which can make a non-atomic property + that operates on a directory into an atomic property. + (Inspired by Vaibhav Sagar's talk on Functional Devops in a + Dysfunctional World at LCA 2018.) + * Added Git.pulled. + * Systemd.machined: Install systemd-container on Debian + stretch. + Thanks, Sean Whitton"""]]
\ No newline at end of file diff --git a/propellor.cabal b/propellor.cabal index d9157eb1..5f6abc8b 100644 --- a/propellor.cabal +++ b/propellor.cabal @@ -1,5 +1,5 @@ Name: propellor -Version: 5.3.2 +Version: 5.3.3 Cabal-Version: >= 1.20 License: BSD2 Maintainer: Joey Hess <id@joeyh.name> @@ -140,6 +140,7 @@ Library Propellor.Property.Nginx Propellor.Property.Obnam Propellor.Property.OpenId + Propellor.Property.Openssl Propellor.Property.OS Propellor.Property.Pacman Propellor.Property.Parted diff --git a/src/Propellor/DotDir.hs b/src/Propellor/DotDir.hs index f62b38f8..125cec3f 100644 --- a/src/Propellor/DotDir.hs +++ b/src/Propellor/DotDir.hs @@ -387,13 +387,12 @@ checkRepoUpToDate = whenM (gitbundleavail <&&> dotpropellorpopulated) $ do -- into the user's repository, as if fetching from a upstream remote, -- yielding a new upstream/master branch. -- --- If there's no upstream/master, the user is not using the distrepo, --- so do nothing. And, if there's a remote named "upstream", the user --- must have set that up is not using the distrepo, so do nothing. +-- If there's no upstream/master, or the repo is not using the distrepo, +-- do nothing. updateUpstreamMaster :: String -> IO () -updateUpstreamMaster newref = unlessM (hasRemote "upstream") $ do +updateUpstreamMaster newref = do changeWorkingDirectory =<< dotPropellor - go =<< catchMaybeIO getoldrev + go =<< getoldref where go Nothing = return () go (Just oldref) = do @@ -421,19 +420,42 @@ updateUpstreamMaster newref = unlessM (hasRemote "upstream") $ do cleantmprepo warnoutofdate True - getoldrev = takeWhile (/= '\n') - <$> readProcess "git" ["show-ref", upstreambranch, "--hash"] - git = run "git" run cmd ps = unlessM (boolSystem cmd (map Param ps)) $ error $ "Failed to run " ++ cmd ++ " " ++ show ps + -- Get ref that the upstreambranch points to, only when + -- the distrepo is being used. + getoldref = do + mref <- catchMaybeIO $ takeWhile (/= '\n') + <$> readProcess "git" ["show-ref", upstreambranch, "--hash"] + case mref of + Just _ -> do + -- Normally there will be no upstream + -- remote when the distrepo is used. + -- Older versions of propellor set up + -- an upstream remote pointing at the + -- distrepo. + ifM (hasRemote "upstream") + ( do + v <- remoteUrl "upstream" + return $ case v of + Just rurl | rurl == distrepo -> mref + _ -> Nothing + , return mref + ) + Nothing -> return mref + +-- And, if there's a remote named "upstream" +-- that does not point at the distrepo, the user must have set that up +-- and is not using the distrepo, so do nothing. warnoutofdate :: Bool -> IO () -warnoutofdate havebranch = do - warningMessage ("** Your ~/.propellor/ is out of date..") - let also s = infoMessage [" " ++ s] - also ("A newer upstream version is available in " ++ distrepo) - if havebranch - then also ("To merge it, run: git merge " ++ upstreambranch) - else also ("To merge it, find the most recent commit in your repository's history that corresponds to an upstream release of propellor, and set refs/remotes/" ++ upstreambranch ++ " to it. Then run propellor again.") - also "" +warnoutofdate havebranch = warningMessage $ unlines + [ "** Your ~/.propellor/ is out of date.." + , indent "A newer upstream version is available in " ++ distrepo + , indent $ if havebranch + then "To merge it, run: git merge " ++ upstreambranch + else "To merge it, find the most recent commit in your repository's history that corresponds to an upstream release of propellor, and set refs/remotes/" ++ upstreambranch ++ " to it. Then run propellor again." + ] + where + indent s = " " ++ s diff --git a/src/Propellor/Git.hs b/src/Propellor/Git.hs index 10b88ddd..c446f67a 100644 --- a/src/Propellor/Git.hs +++ b/src/Propellor/Git.hs @@ -30,6 +30,10 @@ hasRemote remotename = catchDefaultIO False $ do rs <- lines <$> readProcess "git" ["remote"] return $ remotename `elem` rs +remoteUrl :: String -> IO (Maybe String) +remoteUrl remotename = catchDefaultIO Nothing $ headMaybe . lines + <$> readProcess "git" ["config", "remote." ++ remotename ++ ".url"] + hasGitRepo :: IO Bool hasGitRepo = doesFileExist ".git/HEAD" diff --git a/src/Propellor/Git/VerifiedBranch.hs b/src/Propellor/Git/VerifiedBranch.hs index 51fcb573..df607bd2 100644 --- a/src/Propellor/Git/VerifiedBranch.hs +++ b/src/Propellor/Git/VerifiedBranch.hs @@ -30,12 +30,17 @@ verifyOriginBranch originbranch = do -- Returns True if HEAD is changed by fetching and merging from origin. fetchOrigin :: IO Bool fetchOrigin = do + fetched <- actionMessage "Pull from central git repository" $ + boolSystem "git" [Param "fetch"] + if fetched + then mergeOrigin + else return False + +mergeOrigin :: IO Bool +mergeOrigin = do branchref <- getCurrentBranch let originbranch = "origin" </> branchref - void $ actionMessage "Pull from central git repository" $ - boolSystem "git" [Param "fetch"] - oldsha <- getCurrentGitSha1 branchref keyring <- privDataKeyring diff --git a/src/Propellor/Property/Openssl.hs b/src/Propellor/Property/Openssl.hs new file mode 100644 index 00000000..a91b8195 --- /dev/null +++ b/src/Propellor/Property/Openssl.hs @@ -0,0 +1,29 @@ +-- | Maintainer: Félix Sipma <felix+propellor@gueux.org> + +module Propellor.Property.Openssl where + +import Propellor.Base +import qualified Propellor.Property.Apt as Apt +import qualified Propellor.Property.File as File +import Utility.FileMode +import Utility.SafeCommand + + +installed :: Property DebianLike +installed = Apt.installed ["openssl"] + +dhparamsLength :: Int +dhparamsLength = 2048 + +dhparams :: FilePath +dhparams = "/etc/ssl/private/dhparams.pem" + +safeDhparams :: Property DebianLike +safeDhparams = propertyList "safe dhparams" $ props + & File.dirExists (takeDirectory dhparams) + & installed + & check (not <$> doesFileExist dhparams) (createDhparams dhparams dhparamsLength) + +createDhparams :: FilePath -> Int -> Property UnixLike +createDhparams f l = property ("generate new dhparams: " ++ f) $ liftIO $ withUmask 0o0177 $ withFile f WriteMode $ \h -> + cmdResult <$> boolSystem' "openssl" [Param "dhparam", Param (show l)] (\p -> p { std_out = UseHandle h }) |