[Nix-commits] [NixOS/nixops] 68e766: Delay chown of keys until user/group both exist

[Domen Kožar]

  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixops
  Commit: 68e76642aaf7145edc7072402646cc91271147fb
      
https://github.com/NixOS/nixops/commit/68e76642aaf7145edc7072402646cc91271147fb
  Author: Ryan Artecona <ryanartec...@gmail.com>
  Date:   2016-10-01 (Sat, 01 Oct 2016)

  Changed paths:
    M nix/keys.nix
    M nixops/backends/__init__.py

  Log Message:
  -----------
  Delay chown of keys until user/group both exist

Instead of chowning keys to their user/group every time they are sent,
only attempt the chown during send-keys if the user and group both
exist, and again do a chown during activation after the users and groups
have been created.

One result is that if a key and its user and/or group are to be created
in the same `nixops deploy`, the key will first be uploaded and owned
by root:root, then chmod'd, then late in activation the key will be
chowned to the newly created user/group. This includes a node's first
deploy, when it has neither keys nor users/groups.

Another result is that between send-keys and the next deploy (often,
but not necessarily, in the same `nixops deploy`), a key may
have its permissions set as configured, but _not_ be owned by the
configured user/group (instead root:root), which is presumed safe.

fixes #362, fixes #232


  Commit: 5308d265438249df6ef51e49a8d8d9fb8833471c
      
https://github.com/NixOS/nixops/commit/5308d265438249df6ef51e49a8d8d9fb8833471c
  Author: Ryan Artecona <ryanartec...@gmail.com>
  Date:   2016-10-01 (Sat, 01 Oct 2016)

  Changed paths:
    M nix/keys.nix

  Log Message:
  -----------
  Add service per key to track key dependencies

If a user service wants to block until `deployment.keys.mysecret` exists
to start up, it can now do so by adding `"mysecret-key.service"` to
its `requires` and `after` lists.


  Commit: d7081e5a6e8e1565ac082a2e391c70496a50f7e6
      
https://github.com/NixOS/nixops/commit/d7081e5a6e8e1565ac082a2e391c70496a50f7e6
  Author: Ryan Artecona <ryanartec...@gmail.com>
  Date:   2016-10-02 (Sun, 02 Oct 2016)

  Changed paths:
    M doc/manual/nixops.xml
    M doc/manual/overview.xml
    M nix/keys.nix

  Log Message:
  -----------
  Document `deployment.keys` and friends everywhere


  Commit: ae4fcb56e5aafe331feca9a0ed70c15a6435834b
      
https://github.com/NixOS/nixops/commit/ae4fcb56e5aafe331feca9a0ed70c15a6435834b
  Author: Domen Kožar <do...@enlambda.com>
  Date:   2016-12-13 (Tue, 13 Dec 2016)

  Changed paths:
    M doc/manual/nixops.xml
    M doc/manual/overview.xml
    M nix/keys.nix
    M nixops/backends/__init__.py

  Log Message:
  -----------
  Merge pull request #400 from ryanartecona/user-friendly-keys

Allow new keys & users/groups to be created in the same deploy


Compare: https://github.com/NixOS/nixops/compare/322e85fe268e...ae4fcb56e5aa
_______________________________________________
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits