aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* release Consfigurator 0.12.2 (-1 to Debian unstable)v0.12.2debian/0.12.2-1archive/debian/0.12.2-1Sean Whitton2021-11-15
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* fixes to permit dumping and reinvoking and then dumping againSean Whitton2021-11-14
| | | | | | | | | | | | | | | | | | - Update stored checksums when reinvoking, else the SBCL-specific checks in %DUMP-CONSFIGURATOR-IN-GRANDCHILD will always fail in reinvoked images. - Also update *US* when reinvoking; previously, the code in IMAGE-DUMPED to skip the dump when the target filename is the executable we're running from was using the old value of *US* and thus would probably never skip the dump. - Don't abort the dump just because the target filename is the executable we're running from (I believe the restriction was accidentally included when refactoring a previous work-in-progress version of fbe55a361f). - %DUMP-CONSFIGURATOR-IN-GRANDCHILD: ensure we remove the hook which evaluates the parent process's request so it doesn't get run again. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* *US*: use SB-EXT:*RUNTIME-PATHNAME* not SB-EXT:*CORE-PATHNAME*Sean Whitton2021-11-14
| | | | | | SB-EXT:*RUNTIME-PATHNAME* is the path to the executable. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* add HAS-HOSTATTRSSean Whitton2021-11-14
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* FILE:{DATA,SECRET}-UPLOADED: add descriptionsSean Whitton2021-11-11
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* always use CL, ANAPHORA, ALEXANDRIA and CONSFIGURATOR packagesSean Whitton2021-11-11
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* add RANDOM-ALPHANUMERICSean Whitton2021-11-11
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* release Consfigurator 0.12.1 (-1 to Debian unstable)v0.12.1debian/0.12.1-1archive/debian/0.12.1-1Sean Whitton2021-11-09
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* avoid trying to define +NAMESPACE-TYPES+ at all on non-LinuxSean Whitton2021-11-09
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* LXC:USER-CONTAINER-FOR docstring: fix typoSean Whitton2021-11-09
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* avoid unbound variable error on older kernels without CLONE_NEWTIMESean Whitton2021-11-09
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* INSTALLER:CLEANLY-INSTALLED-ONCE: fix type of :REMOTE-HOME connattrSean Whitton2021-11-09
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* COLLAPSE{,-PROPAPP}-TYPES: invert logicSean Whitton2021-11-09
| | | | | | | | | These functions are used to determine whether a composite property is :POSIX or :LISP. If any of the composing properties are :LISP, then we need to return :LISP, such that attempting to apply the composite property using a POSIX-type connection produces an error. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* release Consfigurator 0.12.0 (-1 to Debian unstable)v0.12.0debian/0.12.0-1archive/debian/0.12.0-1Sean Whitton2021-11-08
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* style guide: prefer to switch user than to update ownershipSean Whitton2021-11-08
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* use higher-numbered codes for change status, 1 for unhandled errorsSean Whitton2021-11-08
| | | | | | | | When SBCL fails to start up, such as when previously-loaded shared libraries cannot be found while trying to reinvoke a dumped image, it exits 1. We must avoid erroneously interpreting this as a successful attempt to make changes. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* :SBCL: avoid adding :DATA hostattrs that persist in *HOST*Sean Whitton2021-11-08
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* REHOME-CONNECTION: move call to UPLOAD-ALL-PREREQUISITE-DATASean Whitton2021-11-08
| | | | | | | | It's the fact we're changing to a different home directory that's part of the same root filesystem, and with the same UID/GID ranges, that means we call UPLOAD-ALL-PREREQUISITE-DATA with this connection object. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* add LXC properties, :LXC{,-UNPRIV-ATTACH} connections, WITH-HOMEDIRSean Whitton2021-11-08
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* add Linux namespace-entering connectionsSean Whitton2021-11-08
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* add CAPABILITY-P and grovel for some Linux capability constantsSean Whitton2021-11-04
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* :SETUID: pass target uid to POSIX-LOGIN-ENVIRONMENT for correct PATHSean Whitton2021-11-01
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* rename FIREWALLD:ZONE-DIRECT-RULE -> FIREWALLD:DIRECT-RULESean Whitton2021-11-01
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* ON{-APPLY,}-CHANGE: always return result of primary propappSean Whitton2021-11-01
| | | | | | | In particular, if the secondary propapps are applied but make no change, do not return :NO-CHANGE as the overall result. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* add APT:BACKPORTS-INSTALLED{,-MINIMALLY}Sean Whitton2021-11-01
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* FIREWALLD:ZONE: note idea to use hostattrs to gather zone settingsSean Whitton2021-11-01
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* FIREWALLD:HAS-ZONE: reload after adding zoneSean Whitton2021-11-01
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* add SYSTEMD:{DAEMON-RELOADED,RELOADED,RESTARTED}Sean Whitton2021-11-01
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* firewall-cmd: --reload less often & respect SERVICE:NO-SERVICES-PSean Whitton2021-11-01
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* SYSTEMD:LINGERING-ENABLED :CHECK: handle non-zero exit from loginctlSean Whitton2021-10-29
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* CONSFIGURATOR.PROPERTY.SYSTEMD: respect :NO-SERVICES connattrSean Whitton2021-10-29
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* add & propagate :NO-SERVICES connattr and respect in LIBVIRT:STARTEDSean Whitton2021-10-29
| | | | | | | | | | | | | | | | | This change was prompted by the realisation that RECONNECTS nullifies any enclosing SERVICE:WITHOUT-STARTING-SERVICES because *HOST* during RECONNECTS is a distinct HOST value, computed at hostattrs time, which can't be affected by an enclosing combinator that works by temporarily pushing hostattrs at :APPLY time. So, for example, if we chroot and subsequently establish a :SETUID connection, properties might try to start services as the non-root user and there is no way for them to know they shouldn't. We can avoid this problem by using a connattr instead because we have a mechanism for propagating connattrs to subsequently established connections. And as in most cases the reason for not starting services is solely due to the way in which we're connecting to the host, a connattr is more appropriate. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* basic systemctl(1) properties: add USER argument for --userSean Whitton2021-10-28
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* :SETUID: avoid creating user's ~/.cache/consfigurator/ owned by rootSean Whitton2021-10-28
| | | | | | This reverts and replaces commit b4eb20904aa8f4ea7ec0ef58eac7889b4b864277. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* expand remarks on portability & update in light of recent changesSean Whitton2021-10-28
| | | | | | | | We've long required package-local nicknames but this was not mentioned. We now additionally require multithreading, a C toolchain and development headers for libacl. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* IMAGE-DUMPED: also abort if shlibs not readableSean Whitton2021-10-28
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* discuss limitations which apply to dumping images with IMAGE-DUMPEDSean Whitton2021-10-28
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* IMAGE-DUMPED: support skipping when same build of SBCL unavailableSean Whitton2021-10-28
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* debian/: Run 'wrap-and-sort -abst'Sean Whitton2021-10-23
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* debian/: Add ${sphinxdoc:Built-Using} to Built-UsingSean Whitton2021-10-23
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* LIBVIRT:KVM-BOOTS-CHROOT-FOR: ADDITIONAL-PROPERTIES usage exampleSean Whitton2021-10-23
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* HANDLE-FORK-REQUEST: use return values of BT:JOIN-THREADSean Whitton2021-10-23
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* HANDLE-FORK-REQUEST: immediately begin reading from out & err pipesSean Whitton2021-10-23
| | | | | | | Previously we waited for waitpid(2) to return before reading from the pipes. If either pipe filled up before the child process exited, we would deadlock. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* note about PROGRAMMATIC-APPLY-HOSTATTRS for DEFPROPLIST/DEFPROPSPECSean Whitton2021-10-23
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* rename :XDG-CACHE-HOME connattr to :XDG_CACHE_HOMESean Whitton2021-10-23
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* replace some functions with a new :CONSFIGURATOR-CACHE connattrSean Whitton2021-10-23
| | | | | | This simplifies the API. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* :SETUID: error when OSICAT:USER-INFO failsSean Whitton2021-10-23
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* use PUSHNEW-HOSTATTRS when propagating :DATA hostattrsSean Whitton2021-10-23
| | | | | | This prevents multiple attempts to upload the same item of prerequisite data. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* :CHROOT.FORK: unshare mount namespace before making temporary mountsSean Whitton2021-10-23
| | | | | | | | | This avoids some cases of interference between the deployment of the chroot and other system activity. For example, before this change, the :ALWAYS-DEPLOYS option to LIBVIRT:KVM-BOOTS-CHROOT{,-FOR} could interact with Virtiofs in such a way as to break the running VM. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* RUN/MRUN: support unsetting environment variables tooSean Whitton2021-10-23
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-17 23:42:23 +0000