| Commit message (Collapse) | Author | Age |
... | |
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change was prompted by the realisation that RECONNECTS nullifies any
enclosing SERVICE:WITHOUT-STARTING-SERVICES because *HOST* during RECONNECTS
is a distinct HOST value, computed at hostattrs time, which can't be affected
by an enclosing combinator that works by temporarily pushing hostattrs at
:APPLY time. So, for example, if we chroot and subsequently establish a
:SETUID connection, properties might try to start services as the non-root
user and there is no way for them to know they shouldn't.
We can avoid this problem by using a connattr instead because we have a
mechanism for propagating connattrs to subsequently established connections.
And as in most cases the reason for not starting services is solely due to the
way in which we're connecting to the host, a connattr is more appropriate.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
| |
This simplifies the API.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With this change we handle the situation in which we don't know the OS of a
host on which we need to install system packages more cleanly than before.
Also rely on the new PACKAGE:INSTALLED to install the OS bootstrapper in
INSTALLER:CLEANLY-INSTALLED-ONCE. This allows us to simplify usage of the
property by replacing the ORIGINAL-OS argument with ORIGINAL-OS-ARCHITECTURE.
Making this change does mean that we now have two ways to specify the
different names a package has on different OSs: (i) something like
OS:ETYPECASE where each branch applies a property which invokes an OS-specific
package manager; and (ii) the plists supplied to PACKAGE:INSTALLED.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
| |
This is useful when access is provided by other means (e.g. ssh keypairs) or
as part of locking a user out completely.
Signed-off-by: David Bremner <david@tethera.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The anticipated use case is where both uid and gid are to be set; making GID
an optional keyword argument just allows a shorthand for the case of matching
gid and uid. The limitation to a Debian-like OS is because of the assumption
of a primary group per user.
Refactor PASSWD-ENTRY to support a new function GROUP-ENTRY that does the same
thing, but with the group database instead of the passwd database.
Signed-off-by: David Bremner <david@tethera.net>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
| |
This should provide a performance improvement.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, PUSHNEW-HOSTATTRS always used EQL to determine whether a hostattr
was already pushed, which would give the wrong answer for many common cases.
Now default to using EQUAL, and provide a way for the caller to specify the
test function.
PUSHNEW-HOSTATTRS now takes a list of hostattrs as a single parameter, rather
than using &REST, in order to make room for the new :TEST keyword parameter.
To mitigate the inconvenience of no longer using &REST, add PUSHNEW-HOSTATTR.
Also fix some parameter and function names in docstrings.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
| |
Avoids the subsequent attempt to edit /etc/initramfs-tools/modules failing
simply because the directory /etc/initramfs-tools does not exist.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
|
|
|
|
| |
If DIR is itself a mount point then previously we would never delete its
contents because the unmounting is done first. This meant that when
MOUNT:UNMOUNTED-BELOW-AND-REMOVED was used to remove the root filesystem of a
container or virtual machine, for example, then whether the contents of the
root filesystem was actually deleted depended upon whether DIR happened to be
a mount point. This change ensures that the deletion is always done.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
| |
"without-password" is a deprecated alias for "prohibit-password".
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
| |
In case the keyword was read with the reader configured not to upcase the
names of symbols.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
| |
No longer needed thanks to f4e9170e73cb4bcfa7328422b4ff4f72d1339dd0.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|