Changelog of @hackage/propellor 5.18

propellor (5.18) unstable; urgency=medium

  • Git.daemonRunning: Worked around git's unfortunate new requirement that safe.directory be set when running git-daemon from inetd.
  • Git.daemonService: New property which runs git-daemon as a systemd service.
  • Systemd.nspawned: Fix a bug that prevented propellor from running in a systemd machine due to /usr/local/propellor not being visible inside the machine.

-- Joey Hess id@joeyh.name Sun, 10 Aug 2025 11:24:34 -0400

propellor (5.17) unstable; urgency=medium

  • Apt: Enable the non-free-firmware section, when used with Debian bookworm or newer.

-- Joey Hess id@joeyh.name Sat, 10 Jun 2023 09:49:05 -0400

propellor (5.16) unstable; urgency=medium

  • Debootstrap: Added UseOldGpgKeyring constructor to DebootstrapConfig, which allows bootstrapping ancient stable releases of Debian.
  • Qemu: Install binfmt-support along with qemu-user-static.
  • Fix build with unix-2.8.0.0 and with unix-compat-0.7.

-- Joey Hess id@joeyh.name Mon, 29 May 2023 11:24:25 -0400

propellor (5.15) unstable; urgency=medium

  • Improve propellor's MetaTypes implementation to avoid an expontential blowup when several MetaTypes fail to unify. This should result in less memory use by ghc when there's a type error.
  • Avoid OOM when built by ghc 9.2.
  • Thanks to the ghc developers for their assistance, particularly spj and Sam Derbyshire.
  • Remove workaround to ghc using a lot of memory displaying an error message about a property of a host having the wrong number of arguments. This brings back clear error messages in such situations.

-- Joey Hess id@joeyh.name Tue, 15 Nov 2022 15:34:11 -0400

propellor (5.14) unstable; urgency=medium

  • Removed Propellor.Property.OpenID module, since the simpleid package got removed from Debian.
  • Renamed Linode.mlocateEnabled to Linode.locateEnabled, and made it also make sure plocate is enabled, if it's installed rather than mlocate. (API change)
  • Debootstrap.built: Stop using the deprecated qemu-debootstrap for bootstrapping foreign architectures. It is not needed since qemu 2.12, which, at least on Debian, enabled the binfmt-support --fix-binary option.
  • Qemu.removeHostEmulationBinary: Removed this property, which is no longer necessary since qemu-debootstrap is not used. (API change)
  • Flashkernel.installed: Deal with a behavior change in flash-kernel, which will fail to install if is not configured first.
  • Systemd.resolvConfed is no longer enabled by default in systemd containers. It is probably not necessary on current systems the way it was back in 2014, and this avoids a problem where the host's /etc/resolv.conf gets overwritten when systemd is managing the container's /etc/resolv.conf.
  • Borg: To support borg 1.2, run borg compact to free up space after pruning.
  • Add lower bounds on async and split. Thanks, Simon Jakobi
  • propellor.cabal: Deduplicate exposed modules, which fixes a build problem with recent cabal versions. Thanks, Simon Jakobi

-- Joey Hess id@joeyh.name Sat, 15 Oct 2022 14:40:31 -0400

propellor (5.13) unstable; urgency=medium

  • Network: Added support for network interfaces with several address stanzas, eg ipv4 and ipv6. Thanks, Nicolas Schodet
  • Sudo.enabledFor: Deal with new @includedir syntax in sudoers file.
  • Apt.securityUpdates: Stop generating testing-security lines, as testing-security is unused per debian documentation.
  • Utility.HumanNumber: Fix rounding bug that could result in sometimes quite wrong values, eg "1.1 GB" when the input value was a few bytes less than 2 GB. Properties in Ccache and Journald that used it to generate config files were affected by this bug.

-- Joey Hess id@joeyh.name Fri, 30 Jul 2021 10:02:19 -0400

propellor (5.12) unstable; urgency=medium

  • Worked around a situation where ghc uses insane amounts of memory displaying an error message about a property of a host having the wrong number of arguments.
  • Added libghc-type-errors-dev to debian/control recommends, and install it if available when bootstrapping propellor.
  • Borg: add UseUmask to BorgRepoOpt. Thanks, Nicolas Schodet
  • Borg: use "{now}" instead of $(date ...) Thanks, Nicolas Schodet
  • Makefile: Deal with cabal change that made sdist not output tarball to stdout. Thanks, Sean Whitton

-- Joey Hess id@joeyh.name Mon, 14 Sep 2020 12:06:46 -0400

propellor (5.11) unstable; urgency=medium

  • Fix display of concurrent output from processes when using Propellor.Property.Conductor. (Reversion introduced in version 5.5.0.)
  • Support bootstrapping to hosts using cabal 3.x, with new-dist directory.
  • Makefile: Fix build with cabal 3.x.
  • Borg.restored: Fix restoration, which has apparently never worked, at least back to borg 1.0.9. Thanks, Nicolas Schodet.
  • Borg.init: Added the now required encryption type parameter. Thanks, Nicolas Schodet. (API change)

-- Joey Hess id@joeyh.name Fri, 14 Aug 2020 16:02:14 -0400

propellor (5.10.2) unstable; urgency=medium

  • Fix build with ghc 8.6.3. Thanks, Robin Munn
  • Bootstrap: Fix typo in Arch Linux dependencies. Thanks, Robin Munn
  • Bootstrap: Add haskell-type-errors package on Arch Linux. Thanks, Robin Munn
  • Apt.buildDepIn: Run build-dep command in a temporary directory, since it may sometimes not clean up all the files it creates.

-- Joey Hess id@joeyh.name Fri, 01 May 2020 16:47:31 -0400

propellor (5.10.1) unstable; urgency=medium

[ Joey Hess ]

  • Localdir.hasOriginUrl: Depend on Git.installed.
  • Localdir.hasOriginUrl: Type changed from UnixLike to DebianLike because Git.installed is not implemented for other unixes. (API change)
  • Changed the ChrootBootstrapper type class's buildchroot method to take a Info parameter, instead of Maybe System. (The System can be extracted from the Info.) (API change)

[ Sean Whitton ]

  • Chroot.{de,}bootstrapped uses the chroot's configured apt proxy and mirror, if these exist, when debootstrapping the chroot.
  • Rename Sbuild.useHostProxy -> Chroot.useHostProxy. (API change)

-- Joey Hess id@joeyh.name Fri, 15 Nov 2019 13:26:19 -0400

propellor (5.9.1) unstable; urgency=medium

  • Apt: Debian has changed the name of the suite for testing security updates from testing to testing-security.
  • Apt: Also the suite for stable releases from bullseye on will be suffixed with "-security".
  • Apt.update: Pass --allow-releaseinfo-change when updating Unstable or Testing, so that code name changes that happen in those suites during a stable release don't prevent updating the rolling suites.
  • Systemd.machined: Fix a bug that caused the systemd-container package to not be installed when used with Debian buster.

-- Joey Hess id@joeyh.name Wed, 17 Jul 2019 15:59:29 -0400

propellor (5.9.0) unstable; urgency=medium

  • Added custom type error messages when Properties don't combine due to conflicting MetaTypes.
  • Added custom type error messages for ensureProperty and tightenTargets.
  • Note that those changes made ghc 8.0.1 in a few cases unable to infer types when ensureProperty or tightenTargets is used, while later ghc versions had no difficulty. If this affects building your properties, adding a type annotation to the code will work around the problem.
  • Added custom type error messages displayed when type inference fails when using ensureProperty and tightenTargets, that suggest adding a type annotation.
  • Use the type-errors library to detect when the type checker gets stuck unable to reduce type-level operations on MetaTypes, and avoid displaying massive error messages.
  • But, since type-errors is a new library not available in eg Debian yet, added a WithTypeErrors build flag. When the library is not available, cabal will automatically disable that build flag, and it will build without the type-errors library.
  • EnsurePropertyAllowed, TightenTargetsAllowed, and CheckCombinable types have changed to Constraint. (API change)
  • Try harder to avoid displaying an excessive amount of type error messages when many properties have been combined in a props list.
  • Libvirt.installed: install libvirt-daemon-system Thanks, David Bremner

-- Joey Hess id@joeyh.name Tue, 02 Jul 2019 16:27:07 -0400

propellor (5.8.0) unstable; urgency=medium

  • Fix bug in File.containsShellSetting that replaced whole shell conffile content with the setting if the file did not previously contain a line setting the key to some value.
  • Removed inChroot, instead use hasContainerCapability FilesystemContained. (API change)
  • Hostname: Properties that used to not do anything in a systemd or docker container will now change the container's hostname, since it's namespaced.
  • Add User.ownsWithPrimaryGroup Thanks, Sean Whitton
  • Ssh.userKeys, Ssh.userKeyAt: Create .ssh directory when it does not yet exist.
  • Ssh.userKeyAt: When a relative filepath is provided, it's put inside the user's .ssh directory.
  • Fix Git.pulled always reporting a change. Thanks, Sean Whitton

-- Joey Hess id@joeyh.name Fri, 26 Apr 2019 08:23:29 -0400

propellor (5.7.0) unstable; urgency=medium

  • Sbuild.built no longer includes Apt.stdSourcesList by default, in order to support non-Debian OS's. (API change) To upgrade: Simply add Sbuild.osDebianStandard to all Sbuild.built calls which have osDebian. Thanks, Sean Whitton
  • Propellor.Property.PropellorRepo renamed to Propellor.Property.Localdir to widen its scope. (API change)
  • Added Localdir.removed property. Thanks, Sean Whitton
  • Sbuild.built uses Localdir.removed to clean up the propellor localdir after it's done running in a schroot. Thanks, Sean Whitton
  • Cron.runPropellor made revertable. (minor API change) Thanks, Sean Whitton
  • Added Cron.jobDropped. Thanks, Sean Whitton
  • Added Utility.FileMode to the modules exported by Propellor.Utilities to propellor library users.

-- Joey Hess id@joeyh.name Fri, 05 Apr 2019 11:59:52 -0400

propellor (5.6.1) unstable; urgency=medium

  • fix Libvirt.hs haddock build Thanks, Sean Whitton

-- Joey Hess id@joeyh.name Sun, 20 Jan 2019 19:06:39 -0400

propellor (5.6.0) unstable; urgency=medium

  • withOS had a type level bug that allowed ensureProperty to be used inside it with a Property that does not match the type of the withOS itself. (API change) The fix may cause some of your valid uses of withOS to no longer type check; the best way to work around that is to use pickOS to pick between several properties that are further specialized using withOS. For an example of how to do that, see the source code to Propellor.Property.Borg.installed
  • Propellor.Property.Cron.runPropellor is a Property DebianLike; it was incorrectly a Property UnixLike before and that wrong type was hidden by the withOS bug.
  • Some openbsd portability fixes. Thanks, rsiddharth.
  • Added Libvirt module. Thanks, Sean Whitton.
  • When bootstrapping on Debian, libghc-stm-dev may not be available, as it's become part of ghc, so check before trying to install it.
  • Fix build with ghc 8.6.3.
  • Avoid exposing the constructor of OuterMetaTypesWitness, to avoid the kind of mistake that led to the withOS bug.
  • Merged Utility changes from git-annex.
  • Fix --spin crash when ~/.ssh/ directory did not already exist.

-- Joey Hess id@joeyh.name Fri, 18 Jan 2019 12:11:53 -0400

propellor (5.5.0) unstable; urgency=medium

  • letsencrypt': Pass --expand to support expanding the list of domains
  • Split mailname property out of Hostname.sane, since bad mailname guesses can lead to ugly surprises. (API change)
  • Removed HostingProvider.CloudatCost module as it lacks a maintainer. (If anyone would like to maintain it, send a patch adding it back.) (API change)
  • Added Systemd.escapePath helper function useful when creating mount units.
  • Added Sudo.sudoersDFile property.
  • Sudo.enabledFor: Write to /etc/sudoers.d/000users rather than to /etc/sudoers. (Any old lines it wrote to /etc/sudoers will be removed.) This fixes a potential ordering problem; the property used to append the line to /etc/sudoers, but that would override more specific lines in the include directory.
  • Borg: Added UsesEnvVar.
  • Added DiskImage.noBootloader, useful for eg, direct booting with qemu. Thanks, David Bremner.
  • Added Apt.backportInstalledMin.

-- Joey Hess id@joeyh.name Sat, 20 Oct 2018 21:00:27 -0400

propellor (5.4.1) unstable; urgency=medium

  • Modernized and simplified the MetaTypes implementation now that compatability with ghc 7 is no longer needed.
  • Use git verify-commit to verify gpg signatures, rather than the old method of parsing git log output. Needs git 2.0.
  • Added ConfFile.containsShellSetting, ConfFile.lacksShellSetting, and EtcDefault.set properties. Thanks, Sean Whitton
  • Dns: Support TXT values longer than bind's maximum string length of 255 bytes. Thanks, rsiddharth.
  • Docker and HostingProvider.CloudAtCost modules are not being maintained, so marked them as such. Seeking a maintainer for the Docker module; I anticipate removing the CloudAtCost module in the next API bump.

-- Joey Hess id@joeyh.name Wed, 08 Aug 2018 10:29:27 -0400

propellor (5.4.0) unstable; urgency=medium

[ Sean Whitton ]

  • Apt.installedBackport replaced with Apt.backportInstalled. (API change) The old property would install dependencies from backports even when the versions in stable satisfy the requested backport's dependencies. The new property installs only the listed packages from backports; all other dependencies come from stable. So in some cases, you may need to list additional backports to install, that would not have needed to be listed before. Due to this behavior change the property has been renamed so uses of it will be checked.
  • Restic.installed: stop trying to install a backport on jessie, because no such backport exists.

-- Joey Hess id@joeyh.name Thu, 17 May 2018 10:43:20 -0400

propellor (5.3.6) unstable; urgency=medium

  • Fix build with ghc 8.4, which broke due to the Semigroup Monoid change.
  • Dropped support for building propellor with ghc 7 (as in debian oldstable), to avoid needing to depend on the semigroups transitional package, but also because it's just too old to be worth supporting.
  • stack.yaml: Updated to lts-9.21.
  • Make Schroot.overlaysInTmpfs revertable Thanks, Sean Whitton
  • Update shim each time propellor is run in a container, to deal with library version changes.
  • Unbound: Added support for various DNS record types. Thanks, Félix Sipma.

-- Joey Hess id@joeyh.name Wed, 09 May 2018 16:24:37 -0400

propellor (5.3.5) unstable; urgency=medium

  • Apt.stdSourcesList now adds stable-updates suite Thanks, Sean Whitton
  • Significantly increased propellor build speed when your config.hs is in a fork of the propellor repository, by avoiding redundant builds of propellor library.

-- Joey Hess id@joeyh.name Sun, 22 Apr 2018 12:27:45 -0400

propellor (5.3.4) unstable; urgency=medium

  • Apt.trustsKey: Use apt-key to add key rather than manually driving gpg, which seems to not work anymore. Thanks, Russell Sim.
  • Firewall: Reorder iptables parameters that are order dependant to make --to-dest and --to-source work. Thanks, Russell Sim

-- Joey Hess id@joeyh.name Wed, 21 Mar 2018 14:59:15 -0400

propellor (5.3.3) unstable; urgency=medium

  • Warn again about new upstream version when ~/.propellor was cloned from the Debian git bundle using an older version of propellor that set up an upstream remote.
  • Avoid crashing if initial fetch from origin fails when spinning a host.
  • Added Propllor.Property.Openssl module contributed by Félix Sipma.

-- Joey Hess id@joeyh.name Mon, 26 Feb 2018 14:34:37 -0400

propellor (5.3.2) unstable; urgency=medium

  • Added Propellor.Property.Atomic, which can make a non-atomic property that operates on a directory into an atomic property. (Inspired by Vaibhav Sagar's talk on Functional Devops in a Dysfunctional World at LCA 2018.)
  • Added Git.pulled.
  • Systemd.machined: Install systemd-container on Debian stretch. Thanks, Sean Whitton

-- Joey Hess id@joeyh.name Sun, 18 Feb 2018 14:31:39 -0400

propellor (5.3.1) unstable; urgency=medium

  • Last release mistakenly contained my personal branch not master.
  • contrib/post-merge-hook documentation updated to recommend also using it as a post-checkout hook, to avoid such problems.

-- Joey Hess id@joeyh.name Sun, 04 Feb 2018 12:00:03 -0400

propellor (5.3.0) unstable; urgency=medium

  • Avoid bogus warning about new upstream version when /usr/bin/propellor is run on a Debian system, but ~/.propellor was not cloned from the Debian git bundle.
  • Parted: Allow partitions to have no filesystem, for eg, GPT BIOS boot partitions. (API change)
  • Added rawPartition to PartSpec, for specifying partitions with no filesystem.
  • Added BiosGrubFlag to PartFlag.
  • Add HasCallStack constraint to pickOS and unsupportedOS, so the call stack includes the caller.
  • Run su with --login, to avoid inheriting some problematic environment variables, such as TMP, from the caller.
  • Grub: Added properties to configure /etc/default/grub.
  • Laptop: New module, starting with powertopAutoTuneOnBoot.

-- Joey Hess id@joeyh.name Thu, 01 Feb 2018 12:27:01 -0400

propellor (5.2.0) unstable; urgency=medium

[ Joey Hess ]

  • bootstrappedFrom: Set up local privdata file.
  • Parted: Fix names used for FAT and VFAT partitions.
  • Parted: Add an Alignment parameter. (API change) A good default to use is safeAlignment, which is 4MiB, well suited for inexpensive flash drives, and fine for other disks too. Previously, a very non-optimial 1MB (not 1MiB) alignment had been used.
  • DiskImage: Use safeAlignment. It didn't seem worth making the alignment configurable here.
  • Fixed rounding bug in Parted.calcPartTable.
  • DiskImage: Fix rsync crash when a mount point does not exist in the chroot.
  • Fix bug in unmountBelow that caused unmounting of nested mounts to fail.
  • Grub.boots, Grub.bootsMounted: Pass --target to grub-install.
  • Added Propellor.Property.Installer modules, which can be used to create bootable installer disk images, which then run propellor to install a system. This code was extracted from the demo I gave in my talk at DebConf 2017.

[ Sean Whitton ]

  • Sbuild: add notes about Debian jessie hosts and backports of sbuild and autopkgtest.

-- Joey Hess id@joeyh.name Sat, 30 Dec 2017 13:34:29 -0400

propellor (5.1.0) unstable; urgency=medium

[ Sean Whitton ]

  • File.isSymlinkedTo now revertable. (minor API change)
  • Sbuild module changes:
    • Type of Sbuild.built changed to accept additional properties to be ensured inside schroots. (API change) See the suggested usage in module's documentation for new syntax.
    • Drop Sbuild.installed, Sbuild.builtFor, Sbuild.updated, Sbuild.updatedFor. (API change) Use Sbuild.built instead. See suggested usage in module's documentation.
    • Propellor no longer sets up apt proxies in sbuild chroots automatically. Instead, pass the new Sbuild.useHostProxy to Sbuild.built to have Propellor propagate the host's Apt proxy configuration into the chroot. See suggested usage in module's documentation.
    • Internally, Propellor no longer invokes sbuild-createchroot(1) to build schroots.
    • Update documentation.

-- Joey Hess id@joeyh.name Thu, 23 Nov 2017 10:38:16 -0400

propellor (5.0.0) unstable; urgency=medium

  • Debootstrap.built now supports bootstrapping chroots for foreign OS's, using qemu-user-static.
  • Machine: New module collecting machine-specific properties for building bootable images for ARM boards. Tested working boards: Olimex Lime, CubieTruck, Banana Pi, SheevaPlug.
  • Diskimage.imageBuiltFor: New property to build a disk image for a Host, using partition table information configured via the new properties hasPartitionTableType, hasPartition and adjustPartition.
  • Chroot.noServices moved to Service.noServices and its type changed. (API change)
  • Service: Avoid starting services when noServices is used.
  • Add Typeable instance to OriginUrl, fixing build with old versions of ghc.
  • Added Propellor.Property.impossible
  • Fail2Ban: Added several additional properties. Thanks, Félix Sipma.
  • Fail2Ban: Renamed jail.d conf file to use .local. Thanks, Félix Sipma.

-- Joey Hess id@joeyh.name Sun, 19 Nov 2017 15:42:44 -0400

propellor (4.9.0) unstable; urgency=medium

  • When the ipv4 and ipv6 properties are used with a container, avoid propagating the address out to the host.
  • DnsInfo has been replaced with DnsInfoPropagated and DnsInfoUnpropagated. (API change)
  • Code that used fromDnsInfo . fromInfo changes to use getDnsInfo.
  • addDNS takes an additional Bool parameter to control whether the DNS info should propagate out of containers. (API change)
  • Made the PropellorRepo.hasOriginUrl property override the repository url that --spin passes to a host.
  • PropellorRepo.hasOriginUrl type changed to include HasInfo. (API change)
  • Fstab.mounted: Create mount point if necessary, and mount it if it's not already mounted. Thanks, Nicolas Schodet
  • Properties that check for an empty directory now treat a directory containing only "lost+found" as effectively empty, to support situations where the directory is a mount point of an EXT* filesystem. Thanks, Nicolas Schodet
  • Make addInfo accumulate Info in order properties appear, not reverse order. This fixes a bug involving reverting Systemd.resolvConfed or Systemd.linkJournal.

-- Joey Hess id@joeyh.name Wed, 25 Oct 2017 13:02:14 -0400

propellor (4.8.1) unstable; urgency=medium

  • Borg: Fix propigation of exit status of borg backup.
  • Borg: Fix handling of UseSshKey.

-- Joey Hess id@joeyh.name Mon, 25 Sep 2017 17:19:49 -0400

propellor (4.8.0) unstable; urgency=medium

  • DiskImage: Made a DiskImage type class, so that different disk image formats can be implemented. The properties in this module can generate any type that is a member of DiskImage. (API change) (To convert existing configs, convert the filename of the disk image to RawDiskImage filename.)
  • Removed DiskImage.vmdkBuiltFor property. (API change) Instead, use VirtualBoxPointer in the property that creates the disk image.
  • Apt.isInstalled: Fix handling of packages that are not known at all to apt.
  • Borg: Converted BorgRepo from a String alias to a data type. (API change)
  • Borg: Allow specifying ssh private key to use when accessing a borg repo by using the BorgRepoUsing constructor with UseSshKey.
  • Borg: Fix broken shell escaping in borg cron job.
  • Attic: Fix broken shell escaping in attic cron job.
  • Make lock file descriptors close-on-exec.
  • Lvm: New module for setting up LVM volumes. Thanks, Nicolas Schodet

-- Joey Hess id@joeyh.name Mon, 25 Sep 2017 14:37:52 -0400

propellor (4.7.7) unstable; urgency=medium

  • Locale: Display an error message when /etc/locale.gen does not contain the requested locale.
  • Attic module is deprecated and will warn when used. Attic is no longer available in Debian and appears to have been mostly supersceded by Borg.
  • Obnam module is deprecated and will warn when used. Obnam has been retired by its author.
  • Add Typeable instance to Bootstrapper, fixing build with old versions of ghc. (Previous attempt was incomplete.)

-- Joey Hess id@joeyh.name Wed, 23 Aug 2017 12:15:31 -0400

propellor (4.7.6) unstable; urgency=medium

  • Sbuild: Add Sbuild.userConfig property. Thanks, Sean Whitton
  • Locale: Make sure that the locales package is installed when enabling locales.

-- Joey Hess id@joeyh.name Tue, 01 Aug 2017 17:59:07 -0400

propellor (4.7.5) unstable; urgency=medium

  • Avoid crashing when getTerminalName fails due to eg, being in a chroot.

-- Joey Hess id@joeyh.name Tue, 01 Aug 2017 15:28:58 -0400

propellor (4.7.4) unstable; urgency=medium

  • Set GPG_TTY when run at a terminal, so that gpg can do password prompting despite being connected by pipes to propellor (or git).
  • Rsync: Make rsync display less verbose.
  • Improve PROPELLOR_TRACE output so serialized trace values always come on their own line, not mixed with title setting.

-- Joey Hess id@joeyh.name Tue, 01 Aug 2017 13:30:54 -0400

propellor (4.7.3) unstable; urgency=medium

  • Expand the Trace data type.

-- Joey Hess id@joeyh.name Sat, 29 Jul 2017 17:26:32 -0400

propellor (4.7.2) unstable; urgency=medium

  • Added PROPELLOR_TRACE environment variable, which can be set to 1 to make propellor output serialized Propellor.Message.Trace values, for consumption by another program.
  • Rsync: Make rsync display its progress, in a minimal format to avoid scrolling each file down the screen.

-- Joey Hess id@joeyh.name Sat, 29 Jul 2017 15:49:00 -0400

propellor (4.7.1) unstable; urgency=medium

  • Added Mount.isMounted.
  • Grub.bootsMounted: Bugfix.

-- Joey Hess id@joeyh.name Fri, 28 Jul 2017 22:22:40 -0400

propellor (4.7.0) unstable; urgency=medium

  • Add Apt.proxy property to set a host's apt proxy. Thanks, Sean Whitton.
  • Add Apt.useLocalCacher property to set up apt-cacher-ng. Thanks, Sean Whitton.
  • Rework Sbuild properties to use apt proxies/cachers instead of bind-mounting the host's apt cache. This makes it possible to run more than one build at a time, and lets sbuild run even if apt's cache is locked by the host's apt. Thanks, Sean Whitton.
  • Sbuild: When Apt.proxy is set, it is assumed that the proxy does some sort of caching, and sbuild chroots are set up to use the same proxy.
  • Sbuild: When Apt.proxy is not set, install apt-cacher-ng, and point sbuild chroots at the local apt cacher.
  • Sbuild: Droped Sbuild.piupartsConfFor, Sbuild.piupartsConf, Sbuild.shareAptCache (API change) No longer needed now that we are using apt proxies/cachers.
  • Sbuild: Updated sample config in haddock for Propellor.Property.Sbuild. If you use this module, please compare both your config.hs and your ~/.sbuildrc with the haddock documentation.
  • Grub.bootsMounted: Avoid failing when proc sys etc are already mounted within the chroot.

-- Joey Hess id@joeyh.name Fri, 28 Jul 2017 20:42:35 -0400

propellor (4.6.2) unstable; urgency=medium

  • Systemd.nspawned: Recent systemd versions such as 234 ignore non-symlinks in /etc/systemd/system/multi-user.target.wants, which was used to configure systemd-nspawn parameters. Instead, use a service.d/local.conf file to configure that.
  • Grub: Added bootsMounted property, a generalization of DiskImage.grubBooted

-- Joey Hess id@joeyh.name Fri, 28 Jul 2017 15:48:32 -0400

propellor (4.6.1) unstable; urgency=medium

  • Added Network.dhcp' and Network.static', which allow specifying additional options for interfaces files.
  • Fix build failure on ghc-8.2.1 Thanks, Sergei Trofimovich.
  • DiskImage: Fix strictness bug in .parttable read/write sequence.

-- Joey Hess id@joeyh.name Thu, 27 Jul 2017 09:17:32 -0400

propellor (4.6.0) unstable; urgency=medium

  • Add Typeable instance to Bootstrapper, fixing build with old versions of ghc.
  • Network.static changed to take address and gateway parameters. If you used the old Network.static property, it has been renamed to Network.preserveStatic. (Minor API change)

-- Joey Hess id@joeyh.name Wed, 26 Jul 2017 20:02:50 -0400

propellor (4.5.2) unstable; urgency=medium

  • Added Rsync.installed property.
  • Added DiskImage.vmdkBuiltFor property which is useful for booting a disk image in VirtualBox.

-- Joey Hess id@joeyh.name Tue, 25 Jul 2017 17:58:46 -0400

propellor (4.5.1) unstable; urgency=medium

  • Reboot.toKernelNewerThan: If running kernel is new enough, avoid looking at what kernels are installed. Thanks, Sean Whitton.
  • DiskImage: Avoid re-partitioning disk image unncessarily, for a large speedup.

-- Joey Hess id@joeyh.name Tue, 25 Jul 2017 15:51:33 -0400

propellor (4.5.0) unstable; urgency=medium

  • Generalized the PartSpec DSL, so it can be used for both disk image partitioning, and disk device partitioning, with different partition sizing methods as appropriate for the different uses. (minor API change)
  • Propellor.Property.Parted: Added calcPartTable function which uses PartSpec DiskPart, and a useDiskSpace combinator.
  • Generate a better description for versioned properties.

-- Joey Hess id@joeyh.name Fri, 21 Jul 2017 16:40:13 -0400

propellor (4.4.0) unstable; urgency=medium

  • Propellor.Property.Timezone: New module, contributed by Sean Whitton.
  • Propellor.Property.Sudo.enabledFor: Made revertable. (minor API change)
  • Propellor.Property.LightDM.autoLogin: Made revertable. (minor API change)
  • Propellor.Property.Conffile: Added lacksIniSetting.

-- Joey Hess id@joeyh.name Mon, 17 Jul 2017 12:55:02 -0400

propellor (4.3.4) unstable; urgency=medium

  • Propellor.Property.Versioned: New module which allows different versions of a property or host to be written down in a propellor config file. Has many applications, including staged upgrades and rollbacks.
  • LightDM.autoLogin: Use [Seat:*] rather than the old [SeatDefaults]. The new name has been supported since lightdm 1.15.

-- Joey Hess id@joeyh.name Sat, 15 Jul 2017 17:22:53 -0400

propellor (4.3.3) unstable; urgency=medium

  • Hosts can be configured to build propellor using stack, by adding a property: & bootstrapWith (Robustly Stack)
  • Hosts can be configured to build propellor using cabal, but using only packages installed from the operating system. This will work on eg Debian: & bootstrapWith OSOnly
  • Iproved fix for bug that sometimes made --spin fail with "fatal: Couldn't find remote ref HEAD". The previous fix didn't work reliably.
  • User: add systemGroup and use it for systemAccountFor' Thanks, Félix Sipma.
  • Export a Restic.backup' property. Thanks, Félix Sipma.
  • Updated stack config to lts-8.22.

-- Joey Hess id@joeyh.name Thu, 13 Jul 2017 12:34:09 -0400

propellor (4.3.2) unstable; urgency=medium

  • Really include Propellor.Property.FreeDesktop.

-- Joey Hess id@joeyh.name Thu, 06 Jul 2017 17:28:53 -0400

propellor (4.3.1) unstable; urgency=medium

  • Added Propellor.Property.FreeDesktop module.
  • Added reservedSpacePercentage to the PartSpec EDSL.

-- Joey Hess id@joeyh.name Thu, 06 Jul 2017 17:03:15 -0400

propellor (4.3.0) unstable; urgency=medium

  • DiskImage: Removed grubBooted; properties that used to need it as a parameter now look at Info about the bootloader that is installed in the chroot that the disk image is created from. (API change)

-- Joey Hess id@joeyh.name Wed, 05 Jul 2017 21:04:04 -0400

propellor (4.2.0) unstable; urgency=medium

  • DiskImage.grubBooted no longer takes a BIOS parameter, and no longer implicitly adds Grub.installed to the properties of the disk image. If you used DiskImage.grubBooted, you'll need to update your propellor configuration, removing the BIOS parameter from grubBooted and adding a Grub.installed property to the disk image, eg: & Grub.installed PC (API change)
  • Grub.installed: Avoid running update-grub when used in a chroot, since it will get confused.
  • DiskImage.Finalization: Simplified this type since it does not need to be used to install packages anymore. (API change)

-- Joey Hess id@joeyh.name Wed, 05 Jul 2017 18:10:49 -0400

propellor (4.1.0) unstable; urgency=medium

  • User.hasInsecurePassword makes sure shadow passwords are enabled, so if the insecure password is later changed, the new password won't be exposed.
  • Bugfix: Apache.httpsVirtualHost' must create ssl/hn/ dir earlier Thanks, Sean Whitton.
  • Bootstrap.clonedFrom: Fix bug that broke copying .git/config into chroot.
  • Diskimage.imageExists: Align disk image size to multiple of 4096 sector size, since some programs (such as VBoxManage convertdd) refuse to operate on disk images not aligned to a sector size.
  • Bootstrap.bootstrappedFrom: Fix bug that caused propellor to only be built from the bootstrapped config the first time.
  • Bootstrap.bootstrappedFrom: Avoid doing anything when not run in a chroot.
  • When provisioning a container, output was buffered until the whole process was done; now output will be displayed immediately.
  • LightDM.autoLogin: Make it require LightDM.installed. (minor API change as the type changed)
  • Propellor.Property.XFCE added with some useful properties for the desktop environment.
  • Added File.applyPath property.
  • Added File.checkOverwrite.
  • File.isCopyOf: Fix bug that prevented this property from working when the destination file did not yet exist.

-- Joey Hess id@joeyh.name Wed, 05 Jul 2017 17:30:00 -0400

propellor (4.0.6) unstable; urgency=medium

  • Fix bug that sometimes made --spin fail with "fatal: Couldn't find remote ref HEAD"
  • Display error and warning messages to stderr, not stdout.

-- Joey Hess id@joeyh.name Sun, 18 Jun 2017 19:30:50 -0400

propellor (4.0.5) unstable; urgency=medium

  • Switch cabal file from Extensions to Default-Extensions to fix new picky hackage rejection.

-- Joey Hess id@joeyh.name Sat, 03 Jun 2017 15:07:36 -0400

propellor (4.0.4) unstable; urgency=medium

  • Propellor.Property.Restic added for yet another backup program. Thanks, Félix Sipma.
  • Removed dependency on MissingH, instead depends on split and hashable.

-- Joey Hess id@joeyh.name Sat, 03 Jun 2017 14:56:44 -0400

propellor (4.0.3) unstable; urgency=medium

  • Added Fstab.listed, Fstab.swap, and Mount.swapOn properties. Thanks, Daniel Brooks.
  • Added Propellor.Property.Bootstrap, which can be used to make disk images contain their own installation of propellor.

-- Joey Hess id@joeyh.name Thu, 20 Apr 2017 00:54:32 -0400

propellor (4.0.2) unstable; urgency=medium

  • Apt.mirror can be used to set the preferred apt mirror of a host, overriding the default CDN. This info is used by Apt.stdSourcesList and Sbuild.builtFor. Thanks, Sean Whitton.
  • Property.Partition: Update kpartx output parser, as its output format changed around version 0.6. Both output formats are supported now.
  • Fix bug when using setContainerProps with a chroot that prevented properties added to a chroot that way from being seen when propellor was running inside the chroot. This affected disk image creation, and possibly other things that use chroots.

-- Joey Hess id@joeyh.name Fri, 24 Mar 2017 14:04:50 -0400

propellor (4.0.1) unstable; urgency=medium

  • Fix build with pre-AMP ghc.
  • Tor: Restart daemon after installing private key.
  • Tor.named, Tor.torPrivKey: Include the new ed25519 public/private key pair in addition to the old secret_id_key.

-- Joey Hess id@joeyh.name Sun, 19 Mar 2017 16:18:11 -0400

propellor (4.0.0) unstable; urgency=medium

  • Added Monoid instances for Property and RevertableProperty.
  • Removed applyToList. Instead, use mconcat. (API change) If you had: applyToList accountFor [User "joey", User "root"] use instead: mconcat (map accountFor [User "joey", User "root"])
  • Makefile: Removed "run" target which was default target. "make" now only builds propellor, does not run it. Note that propellor 1.0.0 and earlier relied on this target for the Cron.runPropellor property's cronjob to work, so upgrading directly from 1.0.0 to 4.0.0 would break that cron job.
  • Remove make from propellor's dependency list; it's not used by propellor any longer.
  • Implemented hostChroot, as originally seen in my slides at Linux.Conf.Au 2017 in January. Now that it's not vaporware, it allows one Host to build a disk image that has all the properties of another Host.
  • DiskImage building properties used to propagate DNS info out from the chroot used to build the disk image to the Host. That is no longer done, since that chroot only exists as a side effect of the disk image creation and servers will not be running in it.
  • The IsInfo types class's propagateInfo function changed to use a PropagateInfo data type. (API change)
  • The action used to satisfy a property changed to Maybe (Propellor Result). When it is Nothing, propellor knows it can skip displaying the description of that property. This is mostly useful in the implementation of mempty. (API change)
  • The doNothing property is now simply mempty. The name was retained because it can be clearer than mempty in some contexts.
  • Added Apache.confEnabled.

-- Joey Hess id@joeyh.name Wed, 15 Mar 2017 15:46:42 -0400

propellor (3.4.1) unstable; urgency=medium

  • Fixed https url to propellor git repository.

-- Joey Hess id@joeyh.name Wed, 01 Mar 2017 16:50:05 -0400

propellor (3.4.0) unstable; urgency=medium

  • Added ConfigurableValue type class, for values that can be used in a config file, or to otherwise configure a program.
  • The val function converts such values to String.
  • Removed fromPort and fromIPAddr (use val instead). (API change)
  • Removed several Show instances that were only used for generating configuration, replacing with ConfigurableValue instances. (API change)
  • The github mirror of propellor's git repository has been removed, since github's terms of service has started imposing unwanted licensing requirements.
  • propellor --init: The option to clone propellor's git repository used to use the github mirror, and has been changed to use a different mirror.

-- Joey Hess id@joeyh.name Wed, 01 Mar 2017 16:44:20 -0400

propellor (3.3.1) unstable; urgency=medium

  • Apt: Removed the mirrors.kernel.org line from stdSourcesList etc. The mirror CDN has a new implementation that should avoid the problems with httpredir that made an extra mirror sometimes be needed.
  • Switch Debian CDN address to deb.debian.org.
  • Tor.hiddenService: Fix bug in torrc's HiddenServicePort configuration. Thanks, Félix Sipma

-- Joey Hess id@joeyh.name Mon, 20 Feb 2017 13:49:26 -0400

propellor (3.3.0) unstable; urgency=medium

  • Arch Linux is now supported by Propellor! Thanks to Zihao Wang for this port.
  • Added Propellor.Property.Pacman for Arch's package manager. Maintained by Zihao Wang.
  • The types of some properties changed; eg from Property DebianLike to Property (DebianLike + ArchLinux). Also, DebianLike and Linux are no longer type synonyms; propellor now knows that Linux includes ArchLinux. This could require updates to code, so is a minor API change.
  • GHC's fileSystemEncoding is used for all String IO, to avoid encoding-related crashes in eg, Propellor.Property.File.
  • Add --build option to simply build config.hs.
  • More informative usage message. Thanks, Daniel Brooks
  • Tor.hiddenService' added to support multiple ports. Thanks, Félix Sipma.
  • Apt.noPDiffs added. Thanks, Sean Whitton.
  • stack.yaml: Compile with GHC 8.0.1 against lts-7.16. Thanks, Andrew Cowie.
  • Added Propellor.Property.File.configFileName and related functions to generate good filenames for config directories.
  • Added Apt.suiteAvailablePinned, Apt.pinnedTo. Thanks, Sean Whitton.
  • Added File.containsBlock Thanks, Sean Whitton.

-- Joey Hess id@joeyh.name Tue, 07 Feb 2017 12:09:24 -0400

propellor (3.2.3) unstable; urgency=medium

  • Improve extraction of gpg secret key id list, to work with gpg 2.1.
  • The propellor wrapper checks if ./config.hs exists; if so it runs using the configuration in the current directory, rather than ~/.propellor/config.hs
  • Debootstap: Fix too tight permissions lock down of debootstrapped chroots, which prevented non-root users from doing anything in the chroot.

-- Joey Hess id@joeyh.name Tue, 22 Nov 2016 11:36:18 -0400

propellor (3.2.2) unstable; urgency=medium

  • Added Linode.serialGrub property.
  • Clean up build warnings about redundant constraints when built with ghc 8.0.
  • Added Group.hasUser property. Thanks, Daniel Brooks

-- Joey Hess id@joeyh.name Fri, 11 Nov 2016 17:54:44 -0400

propellor (3.2.1) unstable; urgency=medium

  • Simplify Debootstrap.sourceInstall since #770217 was fixed.
  • Debootstap.installed: Fix inverted logic that made this never install debootstrap. Thanks, mithrandi.

-- Joey Hess id@joeyh.name Mon, 03 Oct 2016 18:06:31 -0400

propellor (3.2.0) unstable; urgency=medium

[ Sean Whitton ]

  • Using ccache with Sbuild.built & Sbuild.builtFor is now toggleable: these properties now take a parameter of type Sbuild.UseCcache. (API Change)
  • Sbuild.piupartsConf: no longer takes an Apt.Url. (API Change)
  • Sbuild.piupartsConf & Sbuild.piupartsConfFor: does nothing if corresponding schroot not built. Previously, these properties built the schroot if it was missing.
  • Sbuild.built & Sbuild.piupartsConf: add an additional alias to sid chroots. This is for compatibility with dgit sbuild.
  • Further improvements to Sbuild.hs haddock.

[ Joey Hess ]

  • Tor.hiddenService: Converted port parameter from Int to Port. (API change)
  • Tor.hiddenServiceAvailable: The hidden service hostname file may not be available immedaitely after configuring tor; avoid ugly error in this case.

-- Joey Hess id@joeyh.name Sat, 10 Sep 2016 11:39:40 -0400

propellor (3.1.2) unstable; urgency=medium

[ Joey Hess ]

  • Ssh.knownHost: Bug fix: Only fix up the owner of the known_hosts file after it exists.

[ Sean Whitton ]

  • Sbuild.keypairInsecurelyGenerated: Improved to be more robust.
  • Pass --allow-unrelated-histories to git merge when run with git 2.9 or newer. This fixes the /usr/bin/propellor wrapper with this version of git.
  • Sbuild.built & Sbuild.builtFor no longer require Sbuild.keypairGenerated. Transition guide: If you are using sbuild 0.70.0 or newer, you should rm -r /var/lib/sbuild/apt-keys. Otherwise, you should add either Sbuild.keypairGenerated or Sbuild.keypairInsecurelyGenerated to your host.
  • Sbuild haddock improvements:
    • State that we don't support squeeze and Buntish older than trusty. This is due to our enhancements, such as eatmydata.
    • State that you need sbuild 0.70.0 or newer to build for stretch. This is due to gpg2 hitting Debian stretch.
    • Explain when a keygen is required.
    • Update sample ~/.sbuildrc for sbuild 0.71.0.
    • Add hint for customising chroots with propellor.
    • Update example usage of System type.

-- Joey Hess id@joeyh.name Sun, 28 Aug 2016 14:39:23 -0400

propellor (3.1.1) unstable; urgency=medium

  • Haddock build fix. Thanks, Sean Whitton

-- Joey Hess id@joeyh.name Thu, 23 Jun 2016 08:12:57 -0400

propellor (3.1.0) unstable; urgency=medium

  • Architecture changed from String to an ADT. (API Change) Transition guide: Change "amd64" to X86_64, "i386" to X86_32, "armel" to ARMEL, etc. Thanks, Félix Sipma.
  • The Debian data type now includes a DebianKernel. (API Change) This won't affect most config.hs, as osDebian defaults to Linux. Added osDebian' can be used to specify a different kernel. Thanks, Félix Sipma.
  • Improve exception handling. A property that threw a non-IOException used to stop the whole propellor run. Now, all non-async exceptions only make the property that threw them fail. (Implicit API change)
  • Added StopPropellorException and stopPropellorMessage which can be used in the unusual case where a failure of one property should stop propellor from trying to ensure any other properties.
  • tryPropellor returns Either SomeException instead of Either IOException (API change)
  • Switch letsencrypt to certbot package name.
  • Sbuild: Add keyringInsecurelyGenerated which is useful on throwaway build VMs. Thanks, Sean Whitton
  • Added Propellor.Property.SiteSpecific.Exoscale. Thanks, Sean Whitton
  • Property.Reboot: Added toDistroKernel and toKernelNewerThan. Thanks, Sean Whitton
  • Added ConfFile.hasIniSection. Thanks, Félix Sipma.
  • Apt.install: When asked to install a package that apt does not know about, it used to incorrectly succeed. Now it will fail.
  • Property.Firejail: New module. Thanks, Sean Whitton
  • File: Write privdata files in binary rather than text, which avoids failure when they do not contain valid unicode. Thanks, Andrew Schurman
  • Generalized fileProperty can now operate on a file as either a series of lines, or a ByteString.

[ Sean Whitton ]

  • New info property Schroot.useOverlays to indicate whether you want schroots set up by propellor to use the Linux kernel's OverlayFS.
  • Schroot.overlaysInTmpfs sets Schroot.useOverlays info property.
  • If you have indicated that you want schroots to use OverlayFS and the current kernel does not support it, Sbuild.built will attempt to reboot into a kernel that does, or fail if it can't find one.
  • Sbuild.built will no longer add duplicate aliases=UNRELEASED,sid... lines to more than one schroot config. It will not remove any such lines that the previous version of propellor added, though.
  • Sbuild.keypairGenerated works around Debian bug #792100 by creating the directory /root/.gnupg in advance.
  • Ccache.hasCache now sets the setgid bit on the cache directory, as ccache requires.

-- Joey Hess id@joeyh.name Wed, 22 Jun 2016 15:29:27 -0400

propellor (3.0.5) unstable; urgency=medium

  • Modules added for Sbuild and Ccache. Thanks, Sean Whitton
  • Systemd: Added killUserProcesses property, which can be reverted to return systemd to its default behavior before version 230 started killing processes like screen sessions.
  • Systemd: Added logindConfigured property.

-- Joey Hess id@joeyh.name Mon, 06 Jun 2016 17:13:21 -0400

propellor (3.0.4) unstable; urgency=medium

  • Run letsencrypt with --noninteractive.
  • Fix build with ghc 8.0.1. Thanks, davean.
  • Module added for the Borg backup system. Thanks, Félix Sipma.
  • Fix build with directory-1.2.6.2.

-- Joey Hess id@joeyh.name Sun, 22 May 2016 15:54:49 -0400

propellor (3.0.3) unstable; urgency=medium

  • Remove Propellor.DotDir from the propellor library, as its use of Paths_propellor prevents use of the module out of propellor's tree. This module is only needed for the wrapper program anyway, which handles --init.

-- Joey Hess id@joeyh.name Sun, 01 May 2016 17:51:37 -0400

propellor (3.0.2) unstable; urgency=medium

  • Added Apt.periodicUpdates. Thanks, Félix Sipma.
  • Apt.unattendedUpgrades: Enable mailing problem reports to root. Thanks, Félix Sipma.
  • Added Propellor.Property.Fstab, and moved the fstabbed property to there.
  • Attic module added for the backup system. Thanks, Félix Sipma.
  • Fix build with directory-1.2.6.2.

-- Joey Hess id@joeyh.name Sat, 30 Apr 2016 15:46:50 -0400

propellor (3.0.1) unstable; urgency=medium

  • propellor --init now runs cabal sandbox init if cabal has been configured with require-sandbox: True. Thanks, Sean Whitton
  • Re-bundled concurrent-output so propellor can be deployed to Debian stable systems without installing it (insecurely) from hackage.

-- Joey Hess id@joeyh.name Tue, 05 Apr 2016 13:35:54 -0400

propellor (3.0.0) unstable; urgency=medium

  • Property types have been improved to indicate what systems they target. This prevents using eg, Property FreeBSD on a Debian system. Transition guide for this sweeping API change:
    • First, upgrade to propellor 2.17.2 and deploy that to all your hosts. Otherwise, propellor --spin will fail when you upgrade to propellor 3.0.0.
    • Change "host name & foo & bar" to "host name $ props & foo & bar"
    • Similarly, propertyList and combineProperties need props to be used to combine together properties; they no longer accept lists of properties. (If you have such a list, use toProps.)
    • And similarly, Chroot, Docker, and Systemd container need props to be used to combine together the properies used inside them.
    • The os property is removed. Instead use osDebian, osBuntish, or osFreeBSD. These tell the type checker the target OS of a host.
    • Change "Property NoInfo" to "Property UnixLike"
    • Change "Property HasInfo" to "Property (HasInfo + UnixLike)"
    • Change "RevertableProperty NoInfo" to "RevertableProperty UnixLike UnixLike"
    • Change "RevertableProperty HasInfo" to "RevertableProperty (HasInfo + UnixLike) UnixLike"
    • GHC needs {-# LANGUAGE TypeOperators #-} to use these fancy types. This is enabled by default for all modules in propellor.cabal. But if you are using propellor as a library, you may need to enable it manually.
    • If you know a property only works on a particular OS, like Debian or FreeBSD, use that instead of "UnixLike". For example: "Property Debian"
    • It's also possible make a property support a set of OS's, for example: "Property (Debian + FreeBSD)"
    • Removed infoProperty and simpleProperty constructors, instead use property to construct a Property.
    • Due to the polymorphic type returned by property, additional type signatures tend to be needed when using it. For example, this will fail to type check, because the type checker cannot guess what type you intend the intermediate property "go" to have: foo :: Property UnixLike foo = go requires bar where go = property "foo" (return NoChange) To fix, specify the type of go: go :: Property UnixLike
    • ensureProperty now needs to be passed a witness to the type of the property it's used in. change this: foo = property desc $ ... ensureProperty bar to this: foo = property' desc $ \w -> ... ensureProperty w bar
    • General purpose properties like cmdProperty have type "Property UnixLike". When using that to run a command only available on Debian, you can tighten the type to only the OS that your more specific property works on. For example: upgraded :: Property Debian upgraded = tightenTargets (cmdProperty "apt-get" ["upgrade"])
    • Several utility functions have been renamed: getInfo to fromInfo propertyInfo to getInfo propertyDesc to getDesc propertyChildren to getChildren
  • The new pickOS property combinator can be used to combine different properties, supporting different OS's, into one Property that chooses which to use based on the Host's OS.
  • Re-enabled -O0 in propellor.cabal to reign in ghc's memory use handling these complex new types.
  • Added dependency on concurrent-output; removed embedded copy.
  • Apt.PPA: New module, contributed by Evan Cofsky.
  • Improved propellor's first run experience; propellor --init will walk the user through setting up ~/.propellor, with a choice between a clone of propellor's git repository, or a minimal config, and will configure propellor to use a gpg key.
  • Stack support. "git config propellor.buildsystem stack" will make propellor build its config using stack. (This does not affect how propellor is bootstrapped on a host by "propellor --spin host".)
  • When propellor is installed using stack, propellor --init will automatically set propellor.buildsystem=stack.

-- Joey Hess id@joeyh.name Sat, 02 Apr 2016 15:33:26 -0400

propellor (2.17.2) unstable; urgency=medium

  • When new dependencies are added to propellor or the propellor config, try harder to get them installed. In particular, this makes propellor --spin work when the remote host needs to get dependencies installed in order to build the updated config.
  • Apt.update: Also run dpkg --configure -a here as apt for some reason won't even update if dpkg was interrupted.

-- Joey Hess id@joeyh.name Wed, 30 Mar 2016 15:45:08 -0400

propellor (2.17.1) unstable; urgency=medium

  • Avoid generating excessively long paths to the unix socket file used for ssh connection caching. Mostly. Can still generate a too long one if $HOME is longer than 60 bytes.
  • Uwsgi: add ".ini" extension to app config files. Files without extensions were ignored by uwsgi. Thanks, Félix Sipma.

-- Joey Hess id@joeyh.name Mon, 28 Mar 2016 11:06:34 -0400

propellor (2.17.0) unstable; urgency=medium

  • Added initial support for FreeBSD. Thanks, Evan Cofsky.
  • Added Propellor.Property.ZFS. Thanks, Evan Cofsky.
  • Firewall: Reorganized Chain data type. (API change) Thanks, Félix Sipma.
  • Firewall: Separated Table and Target (API change) Thanks, Félix Sipma.
  • Ssh: change type of listenPort from Int to Port (API change) Thanks, Félix Sipma.
  • Firewall: add TCPFlag, Frequency, TCPSyn, ICMPTypeMatch, NatDestination Thanks, Félix Sipma.
  • Network: Filter out characters not allowed in interfaces.d files. Thanks, Félix Sipma.
  • Apt.upgrade: Run dpkg --configure -a first, to recover from interrupted upgrades.
  • Apt: Add safeupgrade.
  • Force ssh, scp, and git commands to be run in the foreground. Should fix intermittent hangs of propellor --spin.
  • Avoid repeated re-building on systems such as FreeBSD where building re-links the binary even when there are no changes.
  • Locale.available: Run locale-gen, instead of dpkg-reconfigure locales, which modified the locale.gen file and sometimes caused the property to need to make changes every time.
  • Speed up propellor's build of itself, by asking cabal to only build the propellor-config binary and not all the libraries.
  • Tor.named: Fix bug that sometimes caused the property to fail the first time, though retrying succeeded.

-- Joey Hess id@joeyh.name Thu, 24 Mar 2016 14:53:31 -0400

propellor (2.16.0) unstable; urgency=medium

  • Obnam: Only let one backup job run at a time when a host has multiple different backup properties, to avoid concurrent jobs fighting over scarce resources (particularly memory). Other jobs block on a lock file.
  • Removed references to a Debian derivative from code and documentation because of an unfortunate trademark use policy. http://joeyh.name/blog/entry/trademark_nonsense/
  • That included changing a data constructor to "Buntish", an API change.
  • Firewall.rule: Now takes a Table parameter. (API change)
  • Firewall: add InIFace/OutIFace Rules, add Source/Destination Rules, add CustomTarget, and more improvements. Thanks, Félix Sipma.
  • Ssh.authorizedKey: Fix bug preventing it from working when the authorized_keys file does not yet exist.
  • Removed Ssh.unauthorizedKey and made Ssh.authorizedKey revertable. (API change)

-- Joey Hess id@joeyh.name Sat, 27 Feb 2016 13:31:57 -0400

propellor (2.15.4) unstable; urgency=medium

  • Build /usr/src/propellor/propellor.git reproducibly, which makes the whole Debian package build reproducibly. Thanks, Sean Whitton.
  • Obnam: To cause old generations to be forgotten, keepParam can be passed to a backup property; this causes obnam forget to be run.
  • Delete /etc/apt/apt.conf.d/50unattended-upgrades.ucf-dist when unattended-upgrades is installed, to work around #812380 which results in many warnings from apt, including in cron mails.
  • Added Propellor.Property.LetsEncrypt
  • Apache.httpsVirtualHost: New property, setting up a https vhost with the certificate automatically obtained using letsencrypt.
  • Allow using combineProperties and propertyList with lists of RevertableProperty.

-- Joey Hess id@joeyh.name Thu, 11 Feb 2016 12:49:10 -0400

propellor (2.15.3) unstable; urgency=medium

  • Added Git.bareRepoDefaultBranch property Thanks, Sean Whitton.
  • Add missing Control.Applicative imports needed by older versions of ghc.

-- Joey Hess id@joeyh.name Tue, 12 Jan 2016 12:37:22 -0400

propellor (2.15.2) unstable; urgency=medium

  • Added GNUPGBIN environment variable or git.program git config to control the command run for gpg. Allows eg, GNUPGBIN=gpg2 Thanks, Félix Sipma.
  • Bootstrap apt-get installs run with deconf noninteractive frontend.
  • spin --via: Avoid committing on relay host.
  • Postfix: Add service property to enable/disable services in master.cf.
  • Added Munin module, contributed by Jelmer Vernooij.

-- Joey Hess id@joeyh.name Sun, 03 Jan 2016 16:56:26 -0400

propellor (2.15.1) unstable; urgency=medium

  • Added git configs propellor.spin-branch and propellor.forbid-dirty-spin. Thanks, Sean Whitton.
  • Added User.systemAccountFor and User.systemAccountFor' properties. Thanks, Félix Sipma.
  • Gpg.keyImported converted to not use a flag file and instead check if gpg has the provided key already. Thanks, Félix Sipma.
  • Clean build with ghc 7.10.
  • Merged Utility changes from git-annex.

-- Joey Hess id@joeyh.name Sat, 19 Dec 2015 16:43:09 -0400

propellor (2.15.0) unstable; urgency=medium

  • Added UncheckedProperty type, along with unchecked to indicate a Property needs its result checked, and checkResult and changesFile to check for changes.
  • Properties that run an arbitrary command, such as cmdProperty and scriptProperty are converted to use UncheckedProperty, since they cannot tell on their own if the command truely made a change or not. (API Change) Transition guide:
    • When GHC complains about an UncheckedProperty, add: assume MadeChange (Since these properties used to always return MadeChange, that change is always safe to make.)
    • Or, if you know that the command should modifiy a file, use: changesFile filename
  • The trivial combinator has been removed. (API change) Instead, use: assume NoChange Or, better, use changesFile or checkResult to accurately report when a property makes a change.
  • A few properties have had their Result improved, for example Apt.buldDep and Apt.autoRemove now check if a change was made or not.
  • User.hasDesktopGroups changed to avoid trying to add the user to groups that don't exist.
  • Added Postfix.saslPasswdSet.
  • Added Propellor.Property.Locale. Thanks, Sean Whitton.
  • Added Propellor.Property.Fail2Ban.

-- Joey Hess id@joeyh.name Sun, 06 Dec 2015 15:33:51 -0400

propellor (2.14.0) unstable; urgency=medium

  • Add Propellor.Property.PropellorRepo.hasOriginUrl, an explicit way to set the git repository url normally implicitly set when using --spin.
  • Added Chroot.noServices property.
  • DiskImage creation automatically uses Chroot.noServices.
  • Removed the (unused) dependency on quickcheck.
  • DebianMirror: Added a DebianMirror type for configuration (API change) Thanks, Félix Sipma.
  • DebianMirror: Add RsyncExtra to configuration. Thanks, Félix Sipma.
  • Added Git.repoConfigured and Git.repoAcceptsNonFFs properties. Thanks, Sean Whitton
  • Added User.hasDesktopGroups property.

-- Joey Hess id@joeyh.name Tue, 24 Nov 2015 16:03:55 -0400

propellor (2.13.0) unstable; urgency=medium

  • RevertableProperty used to be assumed to contain info, but this is now made explicit, with RevertableProperty HasInfo or RevertableProperty NoInfo. (API change) Transition guide:
    • If you define a RevertableProperty, expect some type check failures like: "Expecting one more argument to ‘RevertableProperty’".
    • Change it to "RevertableProperty NoInfo"
    • The compiler will then tell you if it needs "HasInfo" instead.
    • If you have code that uses the RevertableProperty constructor that fails to type check, use the more powerful <!> operator instead to create the RevertableProperty.
  • Various property combinators that combined a RevertableProperty with a non-revertable property used to yield a RevertableProperty. This was a bug, because the combined property could not be fully reverted in many cases, and the result is now a non-revertable property.
  • combineWith now takes an additional parameter to control how revert actions are combined (API change).
  • Added Propellor.Property.Concurrent for concurrent properties.
  • Made the execProcess exported by propellor, and everything built on it, avoid scrambled output when run concurrently.
  • Propellor now depends on STM and text.
  • The cabal file now builds propellor with -O. While -O0 makes ghc take less memory while building propellor, it can lead to bad memory usage at runtime due to eg, disabled stream fusion.
  • Add File.isCopyOf. Thanks, Per Olofsson.

-- Joey Hess id@joeyh.name Sun, 08 Nov 2015 14:51:15 -0400

propellor (2.12.0) unstable; urgency=medium

  • The DiskImage module can now make bootable images using grub.
  • Add a ChrootTarball chroot type, for using pre-built tarballs as chroots. Thanks, Ben Boeckel.
  • HostName: Improve domain extraction code.
  • Added Mount.fstabbed property to generate /etc/fstab to replicate current mounts.
  • HostName: Improve domain extraction code.
  • Add File.basedOn. Thanks, Per Olofsson.
  • Changed how the operating system is provided to Chroot (API change). Where before debootstrapped and bootstrapped took a System parameter, the os property should now be added to the Chroot.
  • Follow-on change to Systemd.container, which now takes a System parameter.
  • Generalized Property.check so it can be used with Propellor actions as well as IO actions.
  • Hostname.sane and Hostname.setTo can now safely be used as a property of a chroot, and won't affect the hostname of the host system.

-- Joey Hess id@joeyh.name Fri, 23 Oct 2015 17:38:32 -0400

propellor (2.11.0) unstable; urgency=medium

  • Rewrote Propellor.Property.ControlHeir one more time, renaming it to Propellor.Property.Conductor.
  • Added Ssh properties to remove authorized_keys and known_hosts lines.

-- Joey Hess id@joeyh.name Wed, 21 Oct 2015 19:49:00 -0400

propellor (2.10.0) unstable; urgency=medium

  • The Propellor.Property.Spin added in the last release is replaced with a very different Propellor.Property.ControlHeir.

-- Joey Hess id@joeyh.name Tue, 20 Oct 2015 21:29:12 -0400

propellor (2.9.0) unstable; urgency=medium

  • Added basic Uwsgi module, maintained by Félix Sipma.
  • Add Apt.hasForeignArch. Thanks, Per Olofsson.
  • Improved documentation, particularly of the Propellor module.
  • The Propellor module no longer exports many of the things it used to, being now focused on only what's needed to write config.hs. Use Propellor.Base to get all the things exported by Propellor before. (API change)
  • Some renaming of instance methods, and moving of functions to more appropriate modules. (API change)
  • Added File.isSymlinkedTo. Thanks, Per Olofsson.
  • fileProperty, and properties derived from it now write the new file content via origfile.propellor-new~, instead of to a randomly named temp file. This allows them to clean up any temp file that may have been left by an interrupted run of propellor.
  • Added Propellor.Property.Spin, which can be used to make a host be a controller of other hosts, which will automatically spin them each time propellor is run.
  • Ssh.keyImported is replaced with Ssh.userKeys. (API change) The new property only gets the private key from the privdata; the public key is provided as a parameter, and so is available as Info that other properties can use.
  • Ssh.keyImported' is renamed to Ssh.userKeyAt, and also changed to only import the private key from the privdata. (API change)
  • While Ssh.keyImported and Ssh.keyImported' avoided updating existing keys, the new Ssh.userKeys and Ssh.userKeyAt properties will always update out of date key files.
  • Ssh.pubKey renamed to Ssh.hostPubKey. (API change)
  • Added --unset-unused
  • Fix typo: propigate → propagate. Thanks, Felix Gruber. (A minor API change)
  • Chroot: Converted to use a ChrootBootstrapper type class, so other ways to bootstrap chroots can easily be added in separate modules. (API change)

-- Joey Hess id@joeyh.name Tue, 20 Oct 2015 15:43:12 -0400

propellor (2.8.1) unstable; urgency=medium

  • Guard against power loss etc when building propellor, by updating the executable atomically.
  • Added Logcheck module, contributed by Jelmer Vernooij.
  • Added Kerberos module, contributed by Jelmer Vernooij.
  • Privdata that uses HostContext inside a container will now have the name of the container as its context, rather than the name of the host(s) where the container is used. This allows eg, having different passwords for a user in different containers. Note that previously, propellor would prompt using the container name as the context, but not actually use privdata using that context; so this is a bug fix.
  • Fix --add-key to not fail committing when no privdata file exists yet.

-- Joey Hess id@joeyh.name Sun, 04 Oct 2015 13:54:59 -0400

propellor (2.8.0) unstable; urgency=medium

  • Added Propellor.Property.Rsync.
  • Convert Info to use Data.Dynamic, so properties can export and consume info of any type that is Typeable and a Monoid, including data types private to a module. (API change) Thanks to Joachim Breitner for the idea.
  • Improve propellor wrapper to better handle installation cloning the public propellor repo, by setting that repo to be upstream, so propellor doesnt try to push to a read-only repo.
  • Added DebianMirror module, contributed by Félix Sipma.
  • Some hlint cleanups. Thanks, Mario Lang
  • Added Propellor.Property.Unbound for the caching DNS server. Thanks, Félix Sipma.
  • Added PTR to Dns.Record. While this is ignored by Propellor.Property.Dns for now, since reverse DNS setup is not implemented there yet, it can be used in other places, eg Unbound. Thanks, Félix Sipma.
  • PrivData converted to newtype (API change).
  • Stopped stripping trailing newlines when setting PrivData; this was previously done to avoid mistakes when pasting eg passwords with an unwanted newline. Instead, PrivData consumers should use either privDataLines or privDataVal, to extract respectively lines or a value (without internal newlines) from PrivData.
  • Allow storing arbitrary ByteStrings in PrivData, extracted using privDataByteString.
  • Added Aiccu module, contributed by Jelmer Vernooij.
  • Added --rm-key.

-- Joey Hess id@joeyh.name Tue, 22 Sep 2015 19:35:07 -0400

propellor (2.7.3) unstable; urgency=medium

  • Fix bug that caused provisioning new chroots to fail.
  • Update for Debian systemd-container package split.
  • Added Propellor.Property.Parted, for disk partitioning.
  • Added Propellor.Property.Partition, for partition formatting etc.
  • Added Propellor.Property.DiskImage, for bootable disk image creation. (Experimental and not yet complete.)
  • Dropped support for ghc 7.4.

-- Joey Hess id@joeyh.name Thu, 03 Sep 2015 08:52:51 -0700

propellor (2.7.2) unstable; urgency=medium

  • Added Propellor.Property.ConfFile, with support for Windows-style .ini files, and generic support for files containing some sort of sections. Thanks, Sean Whitton for completing the implementation.
  • Added Propellor.Property.LightDM Thanks, Sean Whitton.
  • Multiple Tor.hiddenService properties can now be defined for a host; previously only one such property worked per host. Thanks, Félix Sipma.

-- Joey Hess id@joeyh.name Tue, 25 Aug 2015 12:00:25 -0700

propellor (2.7.1) unstable; urgency=medium

  • Make sure that make is installed when bootstrapping propellor.
  • Fix bug in Firewall's Port datatype to iptable parameter translation code. Thanks, Antoine Eiche.

-- Joey Hess id@joeyh.name Fri, 14 Aug 2015 15:01:37 -0400

propellor (2.7.0) unstable; urgency=medium

  • Ssh.permitRootLogin type changed to allow configuring WithoutPassword and ForcedCommandsOnly (API change)
  • setSshdConfig type changed, and setSshdConfigBool added with old type.
  • Fix a bug in shim generation code for docker and chroots, that sometimes prevented deployment of docker containers.
  • Added onChangeFlagOnFail which is often a safer alternative to onChange. Thanks, Antoine Eiche.
  • Work around broken git pull option parser in git 2.5.0, which broke use of --upload-pack to send a git push when running propellor --spin.

-- Joey Hess id@joeyh.name Thu, 30 Jul 2015 12:05:46 -0400

propellor (2.6.0) unstable; urgency=medium

  • Replace String type synonym Docker.Image by a data type which allows to specify an image name and an optional tag. (API change) Thanks, Antoine Eiche.
  • Added --unset to delete a privdata field.
  • Version dependency on exceptions.
  • Systemd: Add masked property. Thanks, Sean Whitton
  • Fix make install target to work even when git is not configured.

-- Joey Hess id@joeyh.name Fri, 10 Jul 2015 22:36:29 -0400

propellor (2.5.0) unstable; urgency=medium

  • cmdProperty' renamed to cmdPropertyEnv to make way for a new, more generic cmdProperty' (API change)
  • Add docker image related properties. Thanks, Antoine Eiche.
  • Export CommandParam, boolSystem, safeSystem, shellEscape, and createProcess from Propellor.Property.Cmd, so they are available for use in constricting your own Properties when using propellor as a library.
  • Improve enter-machine scripts for systemd-nspawn containers to unset most environment variables.
  • Fix Postfix.satellite bug; the default relayhost was set to the domain, not to smtp.domain as documented.
  • Mount /proc inside a chroot before provisioning it, to work around #787227
  • --spin now works when given a short hostname that only resolves to an ipv6 address.
  • Added publish property for systemd-spawn containers, for port publishing. (Needs systemd version 220.)
  • Added bind and bindRo properties for systemd-spawn containers.
  • Firewall: Port was changed to a newtype, and the Port and PortRange constructors of Rules were changed to DPort and DportRange, respectively. (API change)
  • Docker: volume and publish accept Bound FilePath and Bound Port, respectively. They also continue to accept Strings, for backwards compatibility.
  • Docker: Added environment property. Thanks Antoine Eiche.

-- Joey Hess id@joeyh.name Tue, 09 Jun 2015 17:08:43 -0400

propellor (2.4.0) unstable; urgency=medium

  • Propellor no longer supports Debian wheezy (oldstable).
  • Git.bareRepo: Fix bug in calls to userScriptProperty. Thanks, Jelmer Vernooij.
  • Removed Obnam.latestVersion which was only needed for Debian wheezy backport.
  • Merged Utility changes from git-annex.
  • Switched from MonadCatchIO-transformers to the newer transformers and exceptions libraries.
  • Ensure build deps are installed before building propellor in --spin and cron job, even if propellor was already built before, to deal with upgrades that add new dependencies.

-- Joey Hess id@joeyh.name Wed, 06 May 2015 14:28:59 -0400

propellor (2.3.0) unstable; urgency=medium

  • Make propellor resistent to changes to shared libraries, such as libffi, which might render the propellor binary unable to run. This is dealt with by checking the binary both when running propellor on a remote host, and by Cron.runPropellor. If the binary doesn't work, it will be rebuilt.
  • Note that since a new switch had to be added to allow testing the binary, upgrading to this version will cause a rebuild from scratch of propellor.
  • Added hasLoginShell and shellEnabled.
  • debCdn changed to new httpredir.debian.org official replacement for http.debian.net.
  • API change: Added User and Group newtypes, and Properties that used to use the type UserName = String were changed to use them.

-- Joey Hess id@joeyh.name Wed, 22 Apr 2015 13:46:24 -0400

propellor (2.2.1) unstable; urgency=medium

  • userScriptProperty now passes --shell /bin/sh, so it can be used even for users with nonstandard shells.
  • Fix bug in docker propellor shim setup introduced in last release, which broke provisioning of new docker containers.

-- Joey Hess id@joeyh.name Thu, 12 Mar 2015 20:08:34 -0400

propellor (2.2.0) unstable; urgency=medium

  • When running shimmed (eg in a docker container), improve process name visible in ps.
  • Add shebang to cron.daily etc files.
  • Some changes to tor configuration, minor API change.
  • Propellor now builds itself, and gets its build dependencies installed when deploying to a new host, without needing the Makefile.

-- Joey Hess id@joeyh.name Mon, 09 Mar 2015 12:02:31 -0400

propellor (2.1.0) unstable; urgency=medium

  • Additional tor properties, including support for making relays, and naming bridges, relays, etc.
  • New Cron.Times data type, which allows Cron.job to install daily/monthly/weekly jobs that anacron can run. (API change)
  • Fix Git.daemonRunning to restart inetd after enabling the git server.
  • Ssh.authorizedKey: Make the authorized_keys file and .ssh directory be owned by the user, not root.
  • Ssh.knownHost: Make the .ssh directory be owned by the user, not root.

-- Joey Hess id@joeyh.name Thu, 12 Feb 2015 12:36:26 -0400

propellor (2.0.0) unstable; urgency=medium

  • Property has been converted to a GADT, and will be Property NoInfo or Property HasInfo. This was done to make sure that ensureProperty is only used on properties that do not have Info. Transition guide:
    • Change all "Property" to "Property NoInfo" or "Property HasInfo" (The compiler can tell you if you got it wrong!)
    • To construct a RevertableProperty, it is useful to use the new (<!>) operator
    • Constructing a list of properties can be problimatic, since Property NoInto and Property HasInfo are different types and cannot appear in the same list. To deal with this, "props" has been added, and can built up a list of properties of different types, using the same (&) and (!) operators that are used to build up a host's properties.
  • Add descriptions of how to set missing fields to --list-fields output.
  • Properties now form a tree, instead of the flat list used before. This includes the properties used inside a container.
  • Fix info propagation from fallback combinator's second Property.
  • Added systemd configuration properties.
  • Added journald configuration properties.
  • Added more network interface configuration properties.
  • Implemented OS.preserveNetwork.

-- Joey Hess id@joeyh.name Sun, 25 Jan 2015 15:23:08 -0400

propellor (1.3.2) unstable; urgency=medium

  • SSHFP records are also generated for CNAMES of hosts.
  • Merge Utiity modules from git-annex.
  • Ignore bogus DNS when spinning the local host.

-- Joey Hess id@joeyh.name Thu, 15 Jan 2015 14:02:07 -0400

propellor (1.3.1) unstable; urgency=medium

  • Fix bug that prevented deploying ssh host keys when the file for the key didn't already exist.
  • DNS records for hosts with known ssh public keys now automatically include SSHFP records.

-- Joey Hess id@joeyh.name Sun, 04 Jan 2015 19:51:34 -0400

propellor (1.3.0) unstable; urgency=medium

  • --spin checks if the DNS matches any configured IP address property of the host, and if not, sshes to the host by IP address.
  • Detect #774376 and refuse to use docker if the system is so broken that docker exec doesn't enter a chroot.
  • Update intermediary propellor in --spin --via
  • Added support for DNSSEC.
  • Ssh.hostKey and Ssh.hostKeys no longer install public keys from the privdata. Instead, the public keys are included in the configuration. (API change)
  • Ssh.hostKeys now removes any host keys of types that the host is not configured to have.
  • sshPubKey is renamed to Ssh.pubKey, and has an added SshKeyType parameter. (API change)
  • CloudAtCost.deCruft no longer forces randomHostKeys.
  • Fix build with process 1.2.1.0.

-- Joey Hess id@joeyh.name Sun, 04 Jan 2015 17:17:44 -0400

propellor (1.2.2) unstable; urgency=medium

  • Revert ensureProperty warning message, too many false positives in places where Info is correctly propagated. Better approach needed.

-- Joey Hess id@joeyh.name Sun, 21 Dec 2014 21:41:11 -0400

propellor (1.2.1) unstable; urgency=medium

  • Added CryptPassword to PrivDataField, for password hashes as produced by crypt(3).
  • User.hasPassword and User.hasSomePassword will now use either a CryptPassword or a Password from privdata, depending on which is set.

-- Joey Hess id@joeyh.name Wed, 17 Dec 2014 16:30:44 -0400

propellor (1.2.0) unstable; urgency=medium

  • Display a warning when ensureProperty is used on a property which has Info and is so prevented from propigating it.
  • Removed boolProperty; instead the new toResult can be used. (API change)
  • Include Propellor.Property.OS, which was accidentially left out of the cabal file in the last release.
  • Fix Apache.siteEnabled to update the config file and reload apache when configuration has changed.

-- Joey Hess id@joeyh.name Tue, 09 Dec 2014 00:05:09 -0400

propellor (1.1.0) unstable; urgency=medium

  • --spin target --via relay causes propellor to bounce through an intermediate relay host, which handles any necessary uploads when provisioning the target host.
  • --spin can be passed multiple hosts, and it will provision each host in turn.
  • Add --merge, to combine multiple --spin commits into a single, more useful commit.
  • Hostname parameters not containing dots are looked up in the DNS to find the full hostname.
  • propellor --spin can now deploy propellor to hosts that do not have git, ghc, or apt-get. This is accomplished by uploading a fairly portable precompiled tarball of propellor.
  • Propellor.Property.OS contains properties that can be used to do a clean reinstall of the OS of an existing host. This can be used, for example, to do an in-place conversion from Fedora to Debian. This is experimental; use with caution!
  • Added group-related properties. Thanks, Félix Sipma.
  • Added Git.barerepo. Thanks, Félix Sipma.
  • Added Grub.installed and Grub.boots properties.
  • New HostContext can be specified when a PrivData value varies per host.
  • hasSomePassword and hasPassword now default to using HostContext. To specify a different context, use hasSomePassword' and hasPassword' (API change)
  • hasSomePassword and hasPassword now make sure shadow passwords are enabled.
  • cron.runPropellor now runs propellor, rather than using its Makefile. This is more robust.
  • propellor.debug can be set in the git config to enable more persistent debugging output.
  • Run apt-cache policy with LANG=C so it works on other locales.
  • endAction can be used to register an action to run once propellor has successfully run on a host.

-- Joey Hess id@joeyh.name Sun, 07 Dec 2014 15:23:59 -0400

propellor (1.0.0) unstable; urgency=medium

  • propellor --spin can now be used to update remote hosts, without any central git repository needed. The central git repository is still useful for running propellor from cron, but this simplifies getting started with propellor, and allows for more ad-hoc usage.
  • The git repo url, if any, is updated whenever propellor --spin is used.
  • Added prosody module, contributed by Félix Sipma.
  • Can be used to configure tor hidden services. Thanks, Félix Sipma.
  • When multiple gpg keys are added, ensure that the privdata file can be decrypted by all of them.
  • Convert GpgKeyId to newtype. (API change)
  • DigitalOcean.distroKernel property now reboots into the distribution kernel when necessary.
  • Avoid outputting color setting sequences when not run on a terminal.
  • Docker code simplified by using docker exec; needs docker 1.3.1.
  • Docker containers are now a separate data type, cannot be included in the main host list, and are instead passed to Docker.docked. (API change)
  • Added support for using debootstrap from propellor.
  • Propellor can now be used to provision chroots.
  • systemd-nspawn containers can now be managed by propellor, very similar to its handling of docker containers.
  • Debian package will be maintained by Gergely Nagy.

-- Joey Hess id@joeyh.name Fri, 21 Nov 2014 20:58:02 -0400

propellor (0.9.2) unstable; urgency=medium

  • Added nginx module, contributed by Félix Sipma.
  • Added firewall module, contributed by Arnaud Bailly.
  • Apache: Fix daemon reload when enabling a new module or site.
  • Docker: Stop using docker.io; that was a compat symlink in the Debian package which has been removed in docker.io 1.3.1~dfsg1-2. Closes: #769452
  • Orphaned the Debian package, as I am retiring from Debian.

-- Joey Hess joeyh@debian.org Sat, 08 Nov 2014 15:57:36 -0400

propellor (0.9.1) unstable; urgency=medium

  • Docker: Add ability to control when containers restart.
  • Docker: Default to always restarting containers, so they come back up after reboots and docker daemon upgrades. (API change)
  • Fix loop when a docker host that does not exist was docked.

-- Joey Hess joeyh@debian.org Fri, 24 Oct 2014 09:57:31 -0400

propellor (0.9.0) unstable; urgency=medium

  • Avoid encoding the current stable suite in propellor's code, since that poses a difficult transition around the release, and can easily be wrong if an older version of propellor is used. Instead, the os property for a stable system includes the suite name to use, eg Stable "wheezy".
  • stdSourcesList uses the stable suite name, to avoid unwanted immediate upgrades to the next stable release. (API change)
  • debCdn switched from cdn.debian.net to http.debian.net, which seems to be better managed now.
  • Docker: Avoid committing container every time it's started up.

-- Joey Hess joeyh@debian.org Fri, 10 Oct 2014 11:37:45 -0400

propellor (0.8.3) unstable; urgency=medium

  • The Debian package now includes a single-revision git repository in /usr/src/propellor/, and ~/.propellor/ is set up to use this repository as its origin remote. This avoids relying on the security of the github repository when using the Debian package.
  • The /usr/bin/propellor wrapper will warn when ~/.propellor/ is out of date and a newer version is available, after which git merge upstream/master can be run to merge it.
  • Included the config.hs symlink to config-simple.hs in the cabal and Debian packages.

-- Joey Hess joeyh@debian.org Fri, 22 Aug 2014 13:02:01 -0400

propellor (0.8.2) unstable; urgency=medium

  • Fix bug in File.containsLines that caused lines that were already in the file to sometimes be appended to the end.
  • Hostname.sane also configures /etc/mailname.
  • Fixed Postfix.satellite to really configure relayhost = smtp.domain.
  • Avoid reconfiguring postfix unncessarily when it already has a relayhost.
  • Deal with apache 2.4's change in the name of site-available config files.
  • Hostname aliases can now be used in several places, including --spin and Ssh.knownHost.

-- Joey Hess joeyh@debian.org Mon, 04 Aug 2014 01:12:19 -0400

propellor (0.8.1) unstable; urgency=medium

  • Run apt-get update in initial bootstrap.
  • --list-fields now includes a table of fields that are not currently set, but would be used if they got set.
  • Remove .gitignore from cabal file list, to avoid build failure on Debian. Closes: #754334

-- Joey Hess joeyh@debian.org Wed, 09 Jul 2014 22:11:31 -0400

propellor (0.8.0) unstable; urgency=medium

  • Completely reworked privdata storage. There is now a single file, and each host is sent only the privdata that its Properties actually use.

    To transition existing privdata, run propellor against a host and watch out for the red failure messages, and run the suggested commands to store the privdata using the new storage scheme. You may find it useful to run the old version of propellor to extract data from the old privdata files during this migration.

    Several properties that use privdata now require a context to be specified. If in doubt, you can use anyContext, or Context "hostname.example.com"

  • Add --edit to edit a privdata value in $EDITOR.

  • Add --list-fields to list all currently set privdata fields, along with the hosts that use them.

  • Fix randomHostKeys property to run openssh-server's postinst in a non-failing way.

  • Hostname.sane now cleans up the 127.0.0.1 localhost line in /etc/hosts, to avoid eg, apache complaining "Could not reliably determine the server's fully qualified domain name".

-- Joey Hess joeyh@debian.org Sun, 06 Jul 2014 18:28:08 -0400

propellor (0.7.0) unstable; urgency=medium

  • combineProperties no longer stops when a property fails; now it continues trying to satisfy all properties on the list before propigating the failure.
  • Attr is renamed to Info. (API change)
  • Renamed wrapper to propellor to make cabal installation of propellor work.
  • When git gpg signature of a fetched git branch cannot be verified, propellor will now continue running, but without merging in that branch.

-- Joey Hess joeyh@debian.org Fri, 13 Jun 2014 10:06:40 -0400

propellor (0.6.0) unstable; urgency=medium

  • Docker containers now propagate DNS attributes out to the host they're docked in. So if a docker container sets a DNS alias, every container it's docked in will automatically be added to a DNS round-robin, when propellor is used to manage DNS for the domain.
  • Apt.stdSourcesList no longer needs a suite to be specified. (API change)
  • Added --dump to dump out a field of a host's privdata. Useful for editing it.
  • Propellor's output now includes the hostname being provisioned, or when provisioning a docker container, the container name.

-- Joey Hess joeyh@debian.org Thu, 05 Jun 2014 17:32:14 -0400

propellor (0.5.3) unstable; urgency=medium

  • Fix unattended-upgrades config for !stable.
  • Ensure that kernel hostname is same as /etc/hostname when configuring hostname.
  • Added modules for some hosting providers (DigitalOcean, CloudAtCost).

-- Joey Hess joeyh@debian.org Thu, 29 May 2014 14:29:53 -0400

propellor (0.5.2) unstable; urgency=medium

  • A bug that caused propellor to hang when updating a running docker container appears to have been fixed. Note that since it affects the propellor process that serves as "init" of docker containers, they have to be restarted for the fix to take effect.
  • Licence changed from GPL to BSD.
  • A few changes to allow building Propellor on OSX. One user reports successfully using it there.

-- Joey Hess joeyh@debian.org Sat, 17 May 2014 16:42:55 -0400

propellor (0.5.1) unstable; urgency=medium

  • Primary DNS servers now have allow-transfer automatically populated with the IP addresses of secondary dns servers. So, it's important that all secondary DNS servers have an ipv4 (and/or ipv6) property configured.
  • Deal with old ssh connection caching sockets.
  • Add missing build deps and deps. Closes: #745459

-- Joey Hess joeyh@debian.org Thu, 24 Apr 2014 18:09:58 -0400

propellor (0.5.0) unstable; urgency=medium

  • Removed root domain records from SOA. Instead, use RootDomain when calling Dns.primary. (API change)
  • Dns primary and secondary properties are now revertable.
  • When unattendedUpgrades is enabled on an Unstable or Testing system, configure it to allow the upgrades.
  • New website, https://propellor.branchable.com/

-- Joey Hess joeyh@debian.org Sat, 19 Apr 2014 17:38:02 -0400

propellor (0.4.0) unstable; urgency=medium

  • Propellor can configure primary DNS servers, including generating zone files, which is done by looking at the properties of hosts in a domain.
  • The cname property was renamed to alias as it does not always generate CNAME in the DNS. (API change)
  • Constructor of Property has changed (use property function instead). (API change)
  • All Property combinators now combine together their Attr settings. So Attr settings can be made inside a propertyList, for example.
  • Run all cron jobs under chronic from moreutils to avoid unnecessary mails.

-- Joey Hess joeyh@debian.org Sat, 19 Apr 2014 02:09:56 -0400

propellor (0.3.1) unstable; urgency=medium

  • Merge scheduler bug fix from git-annex.
  • Support for provisioning hosts with ssh and gpg keys.
  • Obnam support.
  • Apache support.
  • Postfix satellite system support.
  • Properties can now be satisfied differently on different operating systems.
  • Standard apt configuration for stable now includes backports.
  • Cron jobs generated by propellor use flock(1) to avoid multiple instances running at a time.
  • Add support for SSH ed25519 keys. (Thanks, Franz Pletz.)

-- Joey Hess joeyh@debian.org Thu, 17 Apr 2014 20:07:33 -0400

propellor (0.3.0) unstable; urgency=medium

  • ipv6to4: Ensure interface is brought up automatically on boot.
  • Enabling unattended upgrades now ensures that cron is installed and running to perform them.
  • Properties can be scheduled to only be checked after a given time period.
  • Fix bootstrapping of dependencies.
  • Fix compilation on Debian stable.
  • Include security updates in sources.list for stable and testing.
  • Use ssh connection caching, especially when bootstrapping.
  • Properties now run in a Propellor monad, which provides access to attributes of the host. (API change)

-- Joey Hess joeyh@debian.org Fri, 11 Apr 2014 01:19:05 -0400

propellor (0.2.3) unstable; urgency=medium

  • docker: Fix laziness bug that caused running containers to be unnecessarily stopped and committed.
  • Add locking so only one propellor can run at a time on a host.
  • docker: When running as effective init inside container, wait on zombies.
  • docker: Added support for configuring shared volumes and linked containers.

-- Joey Hess joeyh@debian.org Tue, 08 Apr 2014 02:07:37 -0400

propellor (0.2.2) unstable; urgency=medium

  • Now supports provisioning docker containers with architecture/libraries that do not match the host.
  • Fixed a bug that caused file modes to be set to 600 when propellor modified the file (did not affect newly created files).

-- Joey Hess joeyh@debian.org Fri, 04 Apr 2014 01:07:32 -0400

propellor (0.2.1) unstable; urgency=medium

  • First release with Debian package.

-- Joey Hess joeyh@debian.org Thu, 03 Apr 2014 01:43:14 -0400

propellor (0.2.0) unstable; urgency=low

  • Added support for provisioning Docker containers.
  • Bootstrap deployment now pushes the git repo to the remote host over ssh, securely.
  • propellor --add-key configures a gpg key, and makes propellor refuse to pull commits from git repositories not signed with that key. This allows propellor to be securely used with public, non-encrypted git repositories without the possibility of MITM.
  • Added support for type-safe reversions. Only some properties can be reverted; the type checker will tell you if you try something that won't work.
  • New syntactic sugar for building a list of properties, including revertable properties.

-- Joey Hess joeyh@debian.org Wed, 02 Apr 2014 13:57:42 -0400