Recent changes to this wiki:

gogogo
diff --git a/doc/todo/Info_property_to_select_host__39__s_preferred_Apt_mirror/comment_1_ac66a33d71092261a745378c82959e69._comment b/doc/todo/Info_property_to_select_host__39__s_preferred_Apt_mirror/comment_1_ac66a33d71092261a745378c82959e69._comment
new file mode 100644
index 0000000..3734d98
--- /dev/null
+++ b/doc/todo/Info_property_to_select_host__39__s_preferred_Apt_mirror/comment_1_ac66a33d71092261a745378c82959e69._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2017-02-21T03:07:28Z"
+ content="""
+Very good idea. Happy to merge such a patch.
+"""]]

clarify todo
diff --git a/doc/todo/Info_property_to_select_host__39__s_preferred_Apt_mirror.mdwn b/doc/todo/Info_property_to_select_host__39__s_preferred_Apt_mirror.mdwn
index 42aa850..355d53b 100644
--- a/doc/todo/Info_property_to_select_host__39__s_preferred_Apt_mirror.mdwn
+++ b/doc/todo/Info_property_to_select_host__39__s_preferred_Apt_mirror.mdwn
@@ -1 +1 @@
-It would be good to have an info property, say `Apt.mirror`, which sets a host's preferred apt mirror.  Then all properties in `Propellor.Property.Apt` would use this mirror when generating sources lists.  The value of `Apt.mirror` could be an apt cache on the LAN, or a mirror that is known to be better than the Debian CDN, due to where the host is located. --[[spwhitton|user/spwhitton]]
+It would be good to have an info property, say `Apt.mirror`, which sets a host's preferred apt mirror.  Then all properties in `Propellor.Property.Apt` would use this mirror when generating sources lists, falling back to the `deb.debian.org` default.  The value of `Apt.mirror` could be an apt cache on the LAN, or a mirror that is known to be better than the Debian CDN from where the host is located. --[[spwhitton|user/spwhitton]]

create user page in correct place
diff --git a/doc/user/spwhitton.mdwn b/doc/user/spwhitton.mdwn
new file mode 100644
index 0000000..f5f92fa
--- /dev/null
+++ b/doc/user/spwhitton.mdwn
@@ -0,0 +1 @@
+Maintainer of propellor's Debian package, and several modules.

removed
diff --git a/doc/todo/user/spwhitton.mdwn b/doc/todo/user/spwhitton.mdwn
deleted file mode 100644
index 74810d5..0000000
--- a/doc/todo/user/spwhitton.mdwn
+++ /dev/null
@@ -1 +0,0 @@
-Maintainer of the Debian package of propellor.  Also maintainer of some of propellor's modules.

post todo: apt mirror info property
diff --git a/doc/todo/Info_property_to_select_host__39__s_preferred_Apt_mirror.mdwn b/doc/todo/Info_property_to_select_host__39__s_preferred_Apt_mirror.mdwn
new file mode 100644
index 0000000..42aa850
--- /dev/null
+++ b/doc/todo/Info_property_to_select_host__39__s_preferred_Apt_mirror.mdwn
@@ -0,0 +1 @@
+It would be good to have an info property, say `Apt.mirror`, which sets a host's preferred apt mirror.  Then all properties in `Propellor.Property.Apt` would use this mirror when generating sources lists.  The value of `Apt.mirror` could be an apt cache on the LAN, or a mirror that is known to be better than the Debian CDN, due to where the host is located. --[[spwhitton|user/spwhitton]]

create user page
diff --git a/doc/todo/user/spwhitton.mdwn b/doc/todo/user/spwhitton.mdwn
new file mode 100644
index 0000000..74810d5
--- /dev/null
+++ b/doc/todo/user/spwhitton.mdwn
@@ -0,0 +1 @@
+Maintainer of the Debian package of propellor.  Also maintainer of some of propellor's modules.

add news item for propellor 3.3.1
diff --git a/doc/news/version_3.2.0.mdwn b/doc/news/version_3.2.0.mdwn
deleted file mode 100644
index bef06b1..0000000
--- a/doc/news/version_3.2.0.mdwn
+++ /dev/null
@@ -1,17 +0,0 @@
-propellor 3.2.0 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
- * [ Sean Whitton ]
-   * Using ccache with Sbuild.built & Sbuild.builtFor is now toggleable: these
-     properties now take a parameter of type Sbuild.UseCcache.  (API Change)
-   * Sbuild.piupartsConf: no longer takes an Apt.Url. (API Change)
-   * Sbuild.piupartsConf & Sbuild.piupartsConfFor: does nothing if corresponding
-     schroot not built.
-     Previously, these properties built the schroot if it was missing.
-   * Sbuild.built & Sbuild.piupartsConf: add an additional alias to sid chroots.
-     This is for compatibility with `dgit sbuild`.
-   * Further improvements to Sbuild.hs haddock.
- * [ Joey Hess ]
-   * Tor.hiddenService: Converted port parameter from Int to Port. (API change)
-   * Tor.hiddenServiceAvailable: The hidden service hostname file may not
-     be available immedaitely after configuring tor; avoid ugly error in
-     this case."""]]
\ No newline at end of file
diff --git a/doc/news/version_3.3.1.mdwn b/doc/news/version_3.3.1.mdwn
new file mode 100644
index 0000000..84ab72f
--- /dev/null
+++ b/doc/news/version_3.3.1.mdwn
@@ -0,0 +1,8 @@
+propellor 3.3.1 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Apt: Removed the mirrors.kernel.org line from stdSourcesList etc.
+     The mirror CDN has a new implementation that should avoid the problems
+     with httpredir that made an extra mirror sometimes be needed.
+   * Switch Debian CDN address to deb.debian.org.
+   * Tor.hiddenService: Fix bug in torrc's HiddenServicePort configuration.
+     Thanks, Félix Sipma"""]]
\ No newline at end of file

Revert "removed"
This reverts commit da400e7af20bf418c13de4456822303d91af83a3.
No idea why this comment was removed. Going to assume it was an accident
unless it happens again..
diff --git a/doc/todo/Arch_Linux_Port/comment_3_d917de766dfe7fded7317d7614d1467f._comment b/doc/todo/Arch_Linux_Port/comment_3_d917de766dfe7fded7317d7614d1467f._comment
new file mode 100644
index 0000000..27ef807
--- /dev/null
+++ b/doc/todo/Arch_Linux_Port/comment_3_d917de766dfe7fded7317d7614d1467f._comment
@@ -0,0 +1,25 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2017-02-04T20:55:02Z"
+ content="""
+> Instead,  I changed some properties in DiskImage from Linux to
+> DebianLike.  Is it the correct way to do it?
+
+Looking at it, kpartx is DebianLike-specific, so imageBuiltFrom which uses it
+should be too. The only reason it wasn't marked as DebianLike already and
+was type Linux is because Linux used to be the same as DebianLike and so
+the type checker didn't see a difference. No longer, thanks to your patch.
+
+So, it makes complete sense that you have to change this. You're paying
+the price of blazing the trail of the first non-DebianLike Linux distro in
+Propellor..
+
+---
+
+Looks like your [[!commit 25f6871e1dda3de252fbc6c8ac6962eb0cd9311a]]
+dealt with all my review suggestions. And so, I've merged it.
+
+Unless you have anything else that needs to be done, I'll release
+propellor soon with the added Arch Linux support. Thank you very much!
+"""]]

removed
diff --git a/doc/todo/Arch_Linux_Port/comment_3_d917de766dfe7fded7317d7614d1467f._comment b/doc/todo/Arch_Linux_Port/comment_3_d917de766dfe7fded7317d7614d1467f._comment
deleted file mode 100644
index 27ef807..0000000
--- a/doc/todo/Arch_Linux_Port/comment_3_d917de766dfe7fded7317d7614d1467f._comment
+++ /dev/null
@@ -1,25 +0,0 @@
-[[!comment format=mdwn
- username="joey"
- subject="""comment 3"""
- date="2017-02-04T20:55:02Z"
- content="""
-> Instead,  I changed some properties in DiskImage from Linux to
-> DebianLike.  Is it the correct way to do it?
-
-Looking at it, kpartx is DebianLike-specific, so imageBuiltFrom which uses it
-should be too. The only reason it wasn't marked as DebianLike already and
-was type Linux is because Linux used to be the same as DebianLike and so
-the type checker didn't see a difference. No longer, thanks to your patch.
-
-So, it makes complete sense that you have to change this. You're paying
-the price of blazing the trail of the first non-DebianLike Linux distro in
-Propellor..
-
----
-
-Looks like your [[!commit 25f6871e1dda3de252fbc6c8ac6962eb0cd9311a]]
-dealt with all my review suggestions. And so, I've merged it.
-
-Unless you have anything else that needs to be done, I'll release
-propellor soon with the added Arch Linux support. Thank you very much!
-"""]]

Remove additional space in url. Was not cloneable by copy&paste.
diff --git a/doc/install.mdwn b/doc/install.mdwn
index ad87ced..f64519a 100644
--- a/doc/install.mdwn
+++ b/doc/install.mdwn
@@ -1,4 +1,4 @@
-`git clone git://propellor.branchable.com/ propellor`  
+`git clone git://propellor.branchable.com/propellor`  
 Or get it [from github](https://github.com/joeyh/propellor).
 
 Propellor is recently available in Debian.

add news item for propellor 3.3.0
diff --git a/doc/news/version_3.1.2.mdwn b/doc/news/version_3.1.2.mdwn
deleted file mode 100644
index b54b396..0000000
--- a/doc/news/version_3.1.2.mdwn
+++ /dev/null
@@ -1,22 +0,0 @@
-propellor 3.1.2 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
- * [ Joey Hess ]
-   * Ssh.knownHost: Bug fix: Only fix up the owner of the known\_hosts
-     file after it exists.
- * [ Sean Whitton ]
-   * Sbuild.keypairInsecurelyGenerated: Improved to be more robust.
-   * Pass --allow-unrelated-histories to git merge when run with git 2.9 or
-     newer. This fixes the /usr/bin/propellor wrapper with this version of git.
-   * Sbuild.built & Sbuild.builtFor no longer require Sbuild.keypairGenerated.
-     Transition guide: If you are using sbuild 0.70.0 or newer, you should
-     `rm -r /var/lib/sbuild/apt-keys`.  Otherwise, you should add either
-     Sbuild.keypairGenerated or Sbuild.keypairInsecurelyGenerated to your host.
-   * Sbuild haddock improvements:
-     - State that we don't support squeeze and Buntish older than trusty.
-       This is due to our enhancements, such as eatmydata.
-     - State that you need sbuild 0.70.0 or newer to build for stretch.
-       This is due to gpg2 hitting Debian stretch.
-     - Explain when a keygen is required.
-     - Update sample ~/.sbuildrc for sbuild 0.71.0.
-     - Add hint for customising chroots with propellor.
-     - Update example usage of System type."""]]
\ No newline at end of file
diff --git a/doc/news/version_3.3.0.mdwn b/doc/news/version_3.3.0.mdwn
new file mode 100644
index 0000000..19bd566
--- /dev/null
+++ b/doc/news/version_3.3.0.mdwn
@@ -0,0 +1,26 @@
+propellor 3.3.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Arch Linux is now supported by Propellor!
+     Thanks to Zihao Wang for this port.
+   * Added Propellor.Property.Pacman for Arch's package manager.
+     Maintained by Zihao Wang.
+   * The types of some properties changed; eg from Property DebianLike
+     to Property (DebianLike + ArchLinux). Also, DebianLike and Linux
+     are no longer type synonyms; propellor now knows that Linux includes
+     ArchLinux. This could require updates to code, so is a minor API change.
+   * GHC's fileSystemEncoding is used for all String IO, to avoid
+     encoding-related crashes in eg, Propellor.Property.File.
+   * Add --build option to simply build config.hs.
+   * More informative usage message. Thanks, Daniel Brooks
+   * Tor.hiddenService' added to support multiple ports.
+     Thanks, Félix Sipma.
+   * Apt.noPDiffs added.
+     Thanks, Sean Whitton.
+   * stack.yaml: Compile with GHC 8.0.1 against lts-7.16.
+     Thanks, Andrew Cowie.
+   * Added Propellor.Property.File.configFileName and related functions
+     to generate good filenames for config directories.
+   * Added Apt.suiteAvailablePinned, Apt.pinnedTo.
+     Thanks, Sean Whitton.
+   * Added File.containsBlock
+     Thanks, Sean Whitton."""]]
\ No newline at end of file

link to lwn article
diff --git a/doc/news/Linux.Conf.Au.presentation.mdwn b/doc/news/Linux.Conf.Au.presentation.mdwn
index 0041955..5418097 100644
--- a/doc/news/Linux.Conf.Au.presentation.mdwn
+++ b/doc/news/Linux.Conf.Au.presentation.mdwn
@@ -2,3 +2,4 @@
 
 [video](http://mirror.linux.org.au/pub/linux.conf.au/2017/Type_driven_configuration_management_with_Propellor.webm)
 
+Also see this writeup in [Linux Weekly News](https://lwn.net/Articles/713653/)

Added a comment
diff --git a/doc/todo/Arch_Linux_Port/comment_4_924c73c0ab6fb39c9b25ae51facf6bb6._comment b/doc/todo/Arch_Linux_Port/comment_4_924c73c0ab6fb39c9b25ae51facf6bb6._comment
new file mode 100644
index 0000000..f69e2c8
--- /dev/null
+++ b/doc/todo/Arch_Linux_Port/comment_4_924c73c0ab6fb39c9b25ae51facf6bb6._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="wzhd"
+ avatar="http://cdn.libravatar.org/avatar/d5a499b7c476ca9960cc8dccdf455bae"
+ subject="comment 4"
+ date="2017-02-05T00:59:18Z"
+ content="""
+That's great! Thank you so much!
+"""]]

close
diff --git a/doc/todo/modify_Apt.pinnedTo_to_pin_a_package_to_multiple_suites_with_different_priorities.mdwn b/doc/todo/modify_Apt.pinnedTo_to_pin_a_package_to_multiple_suites_with_different_priorities.mdwn
index 047324c..02be4ad 100644
--- a/doc/todo/modify_Apt.pinnedTo_to_pin_a_package_to_multiple_suites_with_different_priorities.mdwn
+++ b/doc/todo/modify_Apt.pinnedTo_to_pin_a_package_to_multiple_suites_with_different_priorities.mdwn
@@ -3,3 +3,5 @@ Please consider merging the `pin` branch of `https://git.spwhitton.name/propello
 I've modified `Apt.pinnedTo` so that it can pin an `AptPrefPackage` to multiple suites with different pin priorities.  I've included a sample use-case in the function's haddock.
 
 --spwhitton
+
+> merged, [[done]] --[[Joey]]

mention Arch
diff --git a/doc/Linux.mdwn b/doc/Linux.mdwn
index 00276f6..ca0cfd6 100644
--- a/doc/Linux.mdwn
+++ b/doc/Linux.mdwn
@@ -1,5 +1,6 @@
 Propellor was written to manage Linux systems.
-It supports Debian and Debian-derived distributions.
+It supports Debian and Debian-derived distributions,
+as well as Arch Linux.
 
 Support for other distributions should not be too hard to add.
 Indeed, Propellor has been ported to [[FreeBSD]] now!

arch
diff --git a/doc/forum/Supported_OS/comment_3_f2924708a819b962ba7ed690019601ed._comment b/doc/forum/Supported_OS/comment_3_f2924708a819b962ba7ed690019601ed._comment
new file mode 100644
index 0000000..c03f6cd
--- /dev/null
+++ b/doc/forum/Supported_OS/comment_3_f2924708a819b962ba7ed690019601ed._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""Arch too!"""
+ date="2017-02-04T21:30:26Z"
+ content="""
+Propellor just got support for Arch Linux!
+"""]]

Arch Linux is now supported by Propellor! Thanks to Zihao Wang for this port.
* Arch Linux is now supported by Propellor!
Thanks to Zihao Wang for this port.
* Added Propellor.Property.Pacman for Arch's package manager.
Maintained by Zihao Wang.
* The types of some properties changed; eg from Property DebianLike
to Property (DebianLike + ArchLinux). This could require updates
to code using those properties, so is a minor API change.
diff --git a/debian/changelog b/debian/changelog
index 8136040..3a12ca7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,12 @@
-propellor (3.2.4) UNRELEASED; urgency=medium
-
+propellor (3.3.0) UNRELEASED; urgency=medium
+
+  * Arch Linux is now supported by Propellor!
+    Thanks to Zihao Wang for this port.
+  * Added Propellor.Property.Pacman for Arch's package manager.
+    Maintained by Zihao Wang.
+  * The types of some properties changed; eg from Property DebianLike
+    to Property (DebianLike + ArchLinux). This could require updates
+    to code using those properties, so is a minor API change.
   * GHC's fileSystemEncoding is used for all String IO, to avoid
     encoding-related crashes in eg, Propellor.Property.File.
   * Add --build option to simply build config.hs.
diff --git a/doc/todo/Arch_Linux_Port.mdwn b/doc/todo/Arch_Linux_Port.mdwn
index a899dbb..ac3ee4d 100644
--- a/doc/todo/Arch_Linux_Port.mdwn
+++ b/doc/todo/Arch_Linux_Port.mdwn
@@ -12,3 +12,5 @@ I've made some addtional minor changes to make propellor compile without errors:
 - Rsync.installed and Docker.installed now supports Pacman as well
 
 Hope you enjoy it!
+
+> [[merged|done]]; it was indeed enjoyable. thank you! --[[Joey]]
diff --git a/doc/todo/Arch_Linux_Port/comment_3_d917de766dfe7fded7317d7614d1467f._comment b/doc/todo/Arch_Linux_Port/comment_3_d917de766dfe7fded7317d7614d1467f._comment
new file mode 100644
index 0000000..27ef807
--- /dev/null
+++ b/doc/todo/Arch_Linux_Port/comment_3_d917de766dfe7fded7317d7614d1467f._comment
@@ -0,0 +1,25 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2017-02-04T20:55:02Z"
+ content="""
+> Instead,  I changed some properties in DiskImage from Linux to
+> DebianLike.  Is it the correct way to do it?
+
+Looking at it, kpartx is DebianLike-specific, so imageBuiltFrom which uses it
+should be too. The only reason it wasn't marked as DebianLike already and
+was type Linux is because Linux used to be the same as DebianLike and so
+the type checker didn't see a difference. No longer, thanks to your patch.
+
+So, it makes complete sense that you have to change this. You're paying
+the price of blazing the trail of the first non-DebianLike Linux distro in
+Propellor..
+
+---
+
+Looks like your [[!commit 25f6871e1dda3de252fbc6c8ac6962eb0cd9311a]]
+dealt with all my review suggestions. And so, I've merged it.
+
+Unless you have anything else that needs to be done, I'll release
+propellor soon with the added Arch Linux support. Thank you very much!
+"""]]
diff --git a/propellor.cabal b/propellor.cabal
index 1b5c46d..a33b982 100644
--- a/propellor.cabal
+++ b/propellor.cabal
@@ -1,5 +1,5 @@
 Name: propellor
-Version: 3.2.3
+Version: 3.3.0
 Cabal-Version: >= 1.8
 License: BSD2
 Maintainer: Joey Hess <id@joeyh.name>
@@ -128,6 +128,7 @@ Library
     Propellor.Property.Obnam
     Propellor.Property.OpenId
     Propellor.Property.OS
+    Propellor.Property.Pacman
     Propellor.Property.Parted
     Propellor.Property.Partition
     Propellor.Property.Postfix

submit merge request
diff --git a/doc/todo/modify_Apt.pinnedTo_to_pin_a_package_to_multiple_suites_with_different_priorities.mdwn b/doc/todo/modify_Apt.pinnedTo_to_pin_a_package_to_multiple_suites_with_different_priorities.mdwn
new file mode 100644
index 0000000..047324c
--- /dev/null
+++ b/doc/todo/modify_Apt.pinnedTo_to_pin_a_package_to_multiple_suites_with_different_priorities.mdwn
@@ -0,0 +1,5 @@
+Please consider merging the `pin` branch of `https://git.spwhitton.name/propellor` (again).
+
+I've modified `Apt.pinnedTo` so that it can pin an `AptPrefPackage` to multiple suites with different pin priorities.  I've included a sample use-case in the function's haddock.
+
+--spwhitton

Added a comment
diff --git a/doc/todo/Arch_Linux_Port/comment_2_cc4623c156a0d12c88461bc5deec07cd._comment b/doc/todo/Arch_Linux_Port/comment_2_cc4623c156a0d12c88461bc5deec07cd._comment
new file mode 100644
index 0000000..dc6e3eb
--- /dev/null
+++ b/doc/todo/Arch_Linux_Port/comment_2_cc4623c156a0d12c88461bc5deec07cd._comment
@@ -0,0 +1,18 @@
+[[!comment format=mdwn
+ username="wzhd"
+ avatar="http://cdn.libravatar.org/avatar/d5a499b7c476ca9960cc8dccdf455bae"
+ subject="comment 2"
+ date="2017-02-04T01:53:49Z"
+ content="""
+Thanks!
+
+
+I didn't find the right way to do it;  `pickOS` is so much easier than `withOS` !
+
+
+`Propellor.Property.Partition` was modified to get rid of some compiling errors in DiskImage and didn't support anything new. So I removed the changes.
+
+
+Instead,  I changed some properties in DiskImage from Linux to DebianLike.  Is it the correct way to do it?
+
+"""]]

response
diff --git a/doc/forum/Inherited_Variables.../comment_5_6fbd29f568ec8b97be47874e2aac57a3._comment b/doc/forum/Inherited_Variables.../comment_5_6fbd29f568ec8b97be47874e2aac57a3._comment
new file mode 100644
index 0000000..16819bd
--- /dev/null
+++ b/doc/forum/Inherited_Variables.../comment_5_6fbd29f568ec8b97be47874e2aac57a3._comment
@@ -0,0 +1,20 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 5"""
+ date="2017-02-03T19:32:58Z"
+ content="""
+What you're looking for is not a regexp, but Haskell's [pattern
+matching](https://www.haskell.org/tutorial/patterns.html).
+
+For example:
+
+	myproperty :: Property Debian
+	myproperty = withOS "some desc here" $ \w o -> case o of
+		-- Pattern match on the OS, to get the Debian stable release
+		(Just (System (Debian _kernel (Stable release)) _arch)) ->
+			ensureProperty w $ Apt.setSourcesListD (sourcesLines release) "mysources"
+		_ -> unsupportedOS
+
+	sourcesLines :: Release -> [Line]
+	sourcesLines release = undefined
+"""]]
diff --git a/src/Propellor/Property.hs b/src/Propellor/Property.hs
index 0614533..7860a3d 100644
--- a/src/Propellor/Property.hs
+++ b/src/Propellor/Property.hs
@@ -308,8 +308,8 @@ pickOS a b = c `addChildren` [toChildProperty a, toChildProperty b]
 --
 -- > myproperty :: Property Debian
 -- > myproperty = withOS "foo installed" $ \w o -> case o of
--- > 	(Just (System (Debian (Stable release)) arch)) -> ensureProperty w ...
--- > 	(Just (System (Debian suite) arch)) -> ensureProperty w ...
+-- > 	(Just (System (Debian kernel (Stable release)) arch)) -> ensureProperty w ...
+-- > 	(Just (System (Debian kernel suite) arch)) -> ensureProperty w ...
 -- >	_ -> unsupportedOS'
 --
 -- Note that the operating system specifics may not be declared for all hosts,

Added Apt.suiteAvailablePinned, Apt.pinnedTo. Thanks, Sean Whitton.
* Added Apt.suiteAvailablePinned, Apt.pinnedTo.
Thanks, Sean Whitton.
* Added File.containsBlock
Thanks, Sean Whitton.
diff --git a/debian/changelog b/debian/changelog
index 30af1b8..8136040 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -12,6 +12,10 @@ propellor (3.2.4) UNRELEASED; urgency=medium
     Thanks, Andrew Cowie.
   * Added Propellor.Property.File.configFileName and related functions
     to generate good filenames for config directories.
+  * Added Apt.suiteAvailablePinned, Apt.pinnedTo.
+    Thanks, Sean Whitton.
+  * Added File.containsBlock
+    Thanks, Sean Whitton.
 
  -- Joey Hess <id@joeyh.name>  Sat, 24 Dec 2016 15:06:36 -0400
 
diff --git a/doc/todo/new_apt_pinning_properties.mdwn b/doc/todo/new_apt_pinning_properties.mdwn
index d32bcbb..8687b58 100644
--- a/doc/todo/new_apt_pinning_properties.mdwn
+++ b/doc/todo/new_apt_pinning_properties.mdwn
@@ -6,3 +6,5 @@ My branch `pin` of repo `https://git.spwhitton.name/propellor` adds
 - a haddock for `File.containsLines`
 
 There is one TODO in a comment that relates to propellor's algebraic data types.  I'd be grateful for help with that.  --spwhitton
+
+> merged, thanks. [[done]] --[[Joey]]

review
diff --git a/doc/todo/Arch_Linux_Port/comment_1_8e39dc177e21e9e20c1b74b59b9926d2._comment b/doc/todo/Arch_Linux_Port/comment_1_8e39dc177e21e9e20c1b74b59b9926d2._comment
new file mode 100644
index 0000000..11869a2
--- /dev/null
+++ b/doc/todo/Arch_Linux_Port/comment_1_8e39dc177e21e9e20c1b74b59b9926d2._comment
@@ -0,0 +1,28 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2017-02-03T19:14:41Z"
+ content="""
+Wow, nice work!
+
+Seems that Propellor.Property.Partition.formatted' is still a DebianLike
+property really, since it only supports using apt to install the mkfs
+programs. It will fail at runtime on Arch. So, I think best to keep it
+DebianLike until that's dealt with -- and then the type will be 
+`DebianLike + ArchLinux` rather than `LinuxLike`
+
+Same for Propellor.Property.Partition.kpartx.
+
+Several properties that were changed from DebianLike to Linux really
+only support DebianLike and ArchLinux, not all linux distros, so their
+types ought to be `DebianLike + ArchLinux`. This includes Docker.installed,
+Parted.installed, Rsync.installed.
+
+A nicer way to inplement those multi-distro `installed` properties is like
+this:
+
+	installed :: Property (Debian + ArchLinux)
+	installed = Apt.installed ["foo"] `pickOS` Pacman.installed ["foo"]
+
+Make those changes and I will merge it.
+"""]]

Arch Linux Port
diff --git a/doc/todo/Arch_Linux_Port.mdwn b/doc/todo/Arch_Linux_Port.mdwn
new file mode 100644
index 0000000..a899dbb
--- /dev/null
+++ b/doc/todo/Arch_Linux_Port.mdwn
@@ -0,0 +1,14 @@
+Hi all, I'm an Arch Linux user and I've been learning Haskell and working on an Arch Liux Port in the last several months. Here's my [GitHub fork](https://github.com/wzhd/propellor/tree/archlinux), and the branch is called archlinux.
+
+Currently, I've added types, modified Bootstrap.hs, and added a Property for the package manager Pacman. I've been using it for a while and it seems to be working.
+
+I've made some addtional minor changes to make propellor compile without errors:
+
+- User.nuked now has type Property Linux
+- OS.cleanInstallOnce now has type Property DebianLike, because one of its dependencies, User.shadowConfig only supports DebianLike
+- tightenTargets is added to Reboot.toDistroKernel to get the expeted type
+- pattern for Arch Linux is added to Debootstrap.extractSuite to silence warning "non-exhaustive pattern match"
+- several properties in Parted and Partition are converted to Property Linux
+- Rsync.installed and Docker.installed now supports Pacman as well
+
+Hope you enjoy it!

Added a comment
diff --git a/doc/todo/new_apt_pinning_properties/comment_4_add83ed58963e944ccd705a50e8b5a47._comment b/doc/todo/new_apt_pinning_properties/comment_4_add83ed58963e944ccd705a50e8b5a47._comment
new file mode 100644
index 0000000..9688672
--- /dev/null
+++ b/doc/todo/new_apt_pinning_properties/comment_4_add83ed58963e944ccd705a50e8b5a47._comment
@@ -0,0 +1,20 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 4"
+ date="2017-02-03T04:07:58Z"
+ content="""
+> Yes please add a new type alias for String (or an ADT) if Package is not appropriate.
+
+Propellor won't be parsing any of the regexp or globs, so I've added a new type alias rather than an ADT.
+
+> Nice surprise that tightenTargets works on RevertableProperty at all. Since it does, you should be able to tighten one side, revert, tighten the other side, and re-revert. Or, deconstruct the RevertableProperty, tighten both sides individually, and reconstruct it.
+
+I don't understand what you're getting at with the first of these suggestions.
+
+In any case, now that I'm not using `File.containsBlock`, it's easy to just apply `tightenTargets` to each side.
+
+> I've added a Propellor.Property.File.configFileName that should be suitable for your purposes, and others..
+
+Very nice :)  I've updated my branch to use this.  I haven't removed `File.containsBlock`, since it might be useful in the future, but you could of course revert the relevant commit.
+"""]]

Added a comment
diff --git a/doc/forum/Inherited_Variables.../comment_4_5bf7b1f69b48b4d9c516d424e4438208._comment b/doc/forum/Inherited_Variables.../comment_4_5bf7b1f69b48b4d9c516d424e4438208._comment
new file mode 100644
index 0000000..3b691b2
--- /dev/null
+++ b/doc/forum/Inherited_Variables.../comment_4_5bf7b1f69b48b4d9c516d424e4438208._comment
@@ -0,0 +1,21 @@
+[[!comment format=mdwn
+ username="craige@a46118dff5bc0fad85259759970d8b4b9fc377d7"
+ nickname="craige"
+ avatar="http://cdn.libravatar.org/avatar/6d2207226de755da46aa2fdff9af70b2"
+ subject="comment 4"
+ date="2017-02-03T00:04:05Z"
+ content="""
+Ugh, sorry to ask again but I'm specifically stuck trying to extract the Debian suite only from this. Is this stored as a specific value I can draw on? I've been wading through the source and added in a swag of trial and error with no luck.
+
+I can see the suite listed in the output 
+
+    Just (System (Debian Linux (Stable \"jessie\"))
+
+but I was wondering if there was a method to pull out just the suite code name (ie: \"jessie\") that did not involve a regex looking for it amongst that output. 
+
+The goal is to query Info so that a suite name can be added to a sources list.
+
+If I have to regex, that's OK, I just didn't want to go down that path if there was a smarted way.
+
+Thanks Joey :-)
+"""]]

response
diff --git a/doc/todo/new_apt_pinning_properties/comment_3_58d323602f293471ce3d2d9b4d271130._comment b/doc/todo/new_apt_pinning_properties/comment_3_58d323602f293471ce3d2d9b4d271130._comment
new file mode 100644
index 0000000..b0ff271
--- /dev/null
+++ b/doc/todo/new_apt_pinning_properties/comment_3_58d323602f293471ce3d2d9b4d271130._comment
@@ -0,0 +1,23 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2017-02-02T18:45:01Z"
+ content="""
+That example with reverting one property overriding another property
+is a general problem propellor has with conflicting properties. 
+Normally I don't much worry about it, but I agree an accidental mass
+upgrade is a good reason to avoid that problem here.
+
+Yes please add a new type alias for String (or an ADT) 
+if Package is not appropriate.
+
+I had misunderstood which function the TODO was for..
+
+Nice surprise that tightenTargets works on RevertableProperty at all.
+Since it does, you should be able to tighten one side, revert, tighten the
+other side, and re-revert. Or, deconstruct the RevertableProperty, 
+tighten both sides individually, and reconstruct it.
+
+I've added a Propellor.Property.File.configFileName that 
+should be suitable for your purposes, and others..
+"""]]

Added a comment: reply to review
diff --git a/doc/todo/new_apt_pinning_properties/comment_2_c82f7e83f3fcc7648222d9dbf90e5ddd._comment b/doc/todo/new_apt_pinning_properties/comment_2_c82f7e83f3fcc7648222d9dbf90e5ddd._comment
new file mode 100644
index 0000000..4fd7c82
--- /dev/null
+++ b/doc/todo/new_apt_pinning_properties/comment_2_c82f7e83f3fcc7648222d9dbf90e5ddd._comment
@@ -0,0 +1,66 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="reply to review"
+ date="2017-02-02T17:40:11Z"
+ content="""
+Thank you for your feedback, Joey.
+
+> I wonder if it would be better to separate `suiteAvailablePinned`
+> into `suiteAvailable` and `suitePinned`? The latter could require
+> the former.
+
+I see how this could be useful, in particular if you want to make a
+suite like Debian experimental available, which won't cause any packages
+to be automatically upgraded.
+
+However, it makes it less convenient, and perhaps dangerous, to revert a
+pinned suite.  For example, suppose on my Debian testing system I have
+`Apt.suitePinned Unstable 100`.  If I revert this property, it will
+remove the pin but not remove the source.  Then my system might get
+mass-upgraded to sid if I'm not careful.
+
+We couldn't have the revert of `Apt.suitePinned` remove the source
+because then if I have both `& Apt.suiteAvailable Unstable` and `!
+Apt.suitePinned Unstable 100`, the second property would cancel out the
+first, which doesn't make sense.
+
+On balance, I think it's best to keep the current property.  A property
+adding sources to apt.sources.d should probably force the user to pick a
+pin value, to avoid any unexpected upgrades.
+
+> `pinnedTo` should probably be DebianLike not UnixLike.
+
+This was my 'TODO'.  (Since the property takes a `DebianSuite`, I think
+it should be `Debian` not `DebianLike`.)
+
+I tried applying `tightenTargets` to `pinnedTo`, but that only seems to
+affect one half of the revertable property.  Do I need to implement a
+new tightening function?
+
+> And its `[String]` parameter ought to be `[Package]`.
+
+I don't think so.  The parameter to `pinnedTo` can be a wildcard
+expression or a regex (per `apt_preferences(5)`).  Neither of these are
+accepted by other existing properties that take `[Package]`, such as
+`Apt.installed`.  I could add a new type alias, if you prefer.
+
+> Is `File.containsBlock` necessary? Seems that if you care about
+> ordering of blocks in the file, you generally should use
+> `File.hasContent` to specify the full content. Rather than using
+> /etc/apt/preferences.d/10propellor.pref for multiple properties,
+> you could use a separate file for each `pinnedTo'` with the parameters
+> encoded in the filename.
+
+This was what I tried on my first attempt, but it gets very complicated
+if the user passes a wildcard expression or a regex instead of a package
+name.  I would need to convert that wildcard expression or regex to a
+cross-platform filename, and the conversion would need to be isomorphic
+to avoid any clashes.  The `File.containsBlock` seems more sane than
+that.
+
+> As to the TODO, I tried adding this: [...]
+
+I don't understand how `robustly` is relevant to my TODO -- please see
+above.
+"""]]

comment
diff --git a/doc/forum/Docker.hs_will_Break_in_Stretch/comment_1_8a4f16ae6d04b9d4bedb437ef333562b._comment b/doc/forum/Docker.hs_will_Break_in_Stretch/comment_1_8a4f16ae6d04b9d4bedb437ef333562b._comment
new file mode 100644
index 0000000..949f8d0
--- /dev/null
+++ b/doc/forum/Docker.hs_will_Break_in_Stretch/comment_1_8a4f16ae6d04b9d4bedb437ef333562b._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2017-02-02T17:28:49Z"
+ content="""
+Apparently the Debian way to install docker will be from backports.
+<https://bugs.debian.org/cgi-bin/bugreport.cgi?att=3;bug=781554;msg=9>
+
+Note that I'm no longer using any docker Properties myself, so
+propellor users who are will need to send patches..
+"""]]

diff --git a/doc/forum/Docker.hs_will_Break_in_Stretch.mdwn b/doc/forum/Docker.hs_will_Break_in_Stretch.mdwn
new file mode 100644
index 0000000..c89c995
--- /dev/null
+++ b/doc/forum/Docker.hs_will_Break_in_Stretch.mdwn
@@ -0,0 +1,16 @@
+G'day Joey!
+
+I'm in the process of deploying Docker infrastructure via Propellor on both Jessie and Stretch and I've come to discover that Docker.io did not make it into Stretch:
+
+* [docker.io REMOVED from testing](https://packages.qa.debian.org/d/docker.io/news/20161012T163916Z.html)
+* [docker.io - Linux container runtime](https://tracker.debian.org/pkg/docker.io)
+* [Excuse for docker.io](https://qa.debian.org/excuses.php?package=docker.io)
+
+So the below from Docker.hs will fail beyond Jessie:
+
+    installed :: Property DebianLike
+    installed = Apt.installed ["docker.io"]
+
+Before I embarked on my own path to re-implement the above (probably based on [How to install Docker engine on Debian 9 Stretch Linux](https://linuxconfig.org/how-to-install-docker-engine-on-debian-9-stretch-linux)), I thought I'd see what you thought might be the way to resolve this, so that my work could be contributed upstream (if suitable).
+
+Thanks!

comment
diff --git a/doc/todo/new_apt_pinning_properties/comment_1_fd9e6775868eaa8d6aee49d06944ef0c._comment b/doc/todo/new_apt_pinning_properties/comment_1_fd9e6775868eaa8d6aee49d06944ef0c._comment
new file mode 100644
index 0000000..4800608
--- /dev/null
+++ b/doc/todo/new_apt_pinning_properties/comment_1_fd9e6775868eaa8d6aee49d06944ef0c._comment
@@ -0,0 +1,38 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2017-02-01T20:00:47Z"
+ content="""
+I wonder if it would be better to separate `suiteAvailablePinned`
+into `suiteAvailable` and `suitePinned`? The latter could require
+the former.
+
+`pinnedTo` should probably be DebianLike not UnixLike.
+And its `[String]` parameter ought to be `[Package]`.
+
+Is `File.containsBlock` necessary? Seems that if you care about
+ordering of blocks in the file, you generally should use
+`File.hasContent` to specify the full content. Rather than using
+/etc/apt/preferences.d/10propellor.pref for multiple properties,
+you could use a separate file for each `pinnedTo'` with the parameters
+encoded in the filename.
+
+As to the TODO, I tried adding this:
+
+	robustly' :: RevertableProperty DebianLike DebianLike -> RevertableProperty DebianLike DebianLike
+	robustly' p = p `fallback` (update `before` p)
+
+And the compiler tells me it's wrong because `update` is not revertable.
+But of course, there's no need to revert apt-get update, so this compiles:
+
+	robustly' :: RevertableProperty DebianLike DebianLike -> RevertableProperty DebianLike DebianLike
+	robustly' p = p `fallback` ((update <!> (doNothing :: Property DebianLike)) `before` p)
+
+Cleaning it up left an an exersise for the reader. Might be possible
+to combine `robustly` and `robustly'` into a single function, but I'm
+not able to see how immediately.
+
+However.. Seems to me that whatever you wanted to use `robustly` with to
+spur that TODO, you could just apply it to the first Property of the
+RevertableProperty, and not to the second one?
+"""]]

submit branch
diff --git a/doc/todo/new_apt_pinning_properties.mdwn b/doc/todo/new_apt_pinning_properties.mdwn
new file mode 100644
index 0000000..d32bcbb
--- /dev/null
+++ b/doc/todo/new_apt_pinning_properties.mdwn
@@ -0,0 +1,8 @@
+My branch `pin` of repo `https://git.spwhitton.name/propellor` adds
+
+- `Apt.suiteAvailablePinned`
+- `Apt.pinnedTo`
+- `File.containsBlock`
+- a haddock for `File.containsLines`
+
+There is one TODO in a comment that relates to propellor's algebraic data types.  I'd be grateful for help with that.  --spwhitton

Added a comment: Thanks!
diff --git a/doc/forum/Inherited_Variables.../comment_3_acf78fa9f732f070bf73c2ab601464ee._comment b/doc/forum/Inherited_Variables.../comment_3_acf78fa9f732f070bf73c2ab601464ee._comment
new file mode 100644
index 0000000..fcdf923
--- /dev/null
+++ b/doc/forum/Inherited_Variables.../comment_3_acf78fa9f732f070bf73c2ab601464ee._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="craige"
+ avatar="http://cdn.libravatar.org/avatar/64ac5816ea3a51347d1f699022d1fdc1"
+ subject="Thanks!"
+ date="2017-01-27T21:54:45Z"
+ content="""
+Thanks Joey. I think that's exactly what I need. Very helpful :-)
+"""]]

example
diff --git a/doc/forum/Inherited_Variables.../comment_2_988319ed6de46eff2eac0d5ef36382f9._comment b/doc/forum/Inherited_Variables.../comment_2_988319ed6de46eff2eac0d5ef36382f9._comment
new file mode 100644
index 0000000..676f41a
--- /dev/null
+++ b/doc/forum/Inherited_Variables.../comment_2_988319ed6de46eff2eac0d5ef36382f9._comment
@@ -0,0 +1,15 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2017-01-26T06:50:39Z"
+ content="""
+A worked example:
+
+	server :: Property Debian
+	server = property' "some description" $ \w -> do
+		os <- getOS
+		hostname <- asks hostName
+		ensureProperty w $
+			File.hasContent "/etc/apt/sources.list.d/matrix.list"
+				(genSourcesList os hostname)
+"""]]
diff --git a/src/Propellor/Property/.Sbuild.hs.swp b/src/Propellor/Property/.Sbuild.hs.swp
new file mode 100644
index 0000000..a361c43
Binary files /dev/null and b/src/Propellor/Property/.Sbuild.hs.swp differ

response
diff --git a/doc/forum/Inherited_Variables.../comment_1_082e5d5b8e25335bc90577abcfef1d21._comment b/doc/forum/Inherited_Variables.../comment_1_082e5d5b8e25335bc90577abcfef1d21._comment
new file mode 100644
index 0000000..e4b3239
--- /dev/null
+++ b/doc/forum/Inherited_Variables.../comment_1_082e5d5b8e25335bc90577abcfef1d21._comment
@@ -0,0 +1,15 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2017-01-26T06:39:35Z"
+ content="""
+This is where propellor's `Info` system comes in. `Propellor.Info.getOS`
+can be run to get the OS info.
+
+It's also possible to add new properties that add new values with custom
+types to `Info`.
+
+The hostname is not currently stored in `Info`, but it probably should be;
+that would be a good simplification. Currently there's a 
+separate way to get the hostname: `asks hostName` (run in the Propellor monad)
+"""]]

diff --git a/doc/forum/Inherited_Variables....mdwn b/doc/forum/Inherited_Variables....mdwn
new file mode 100644
index 0000000..1535ec7
--- /dev/null
+++ b/doc/forum/Inherited_Variables....mdwn
@@ -0,0 +1,26 @@
+I've got a server defined in config.hs as follows:
+
+    myserver :: Host
+    myserver = host "myserver.mydomain" $ props
+        & standardSystem (Stable "jessie") X86_64 [ "Welcome to myserver!" ]
+
+I'm writing a module (to deploy Matrix, FWIW) which has a section like this:
+
+    sources :: Property Debian
+    sources = File.hasContent "/etc/apt/sources.list.d/matrix.list"
+                [ "# Deployed by Propellor"
+                , ""
+                , "deb http://matrix.org/packages/debian/ jessie main"
+                ] `onChange` Apt.update
+
+What I would like to be able to do, for example, is pull "jessie" from the standardSystem line into the sources function.
+
+The host name is another I'd like to be able to pull in, so that I can abstract as much as possible and wind up with a line that looks not unlike this:
+
+    & Matrix.server 
+
+Instead of
+
+    & Matrix.server hostname jessie
+
+Am I barking up the wrong tree and should I just embrace the latter?

diff --git a/doc/user/craige.mdwn b/doc/user/craige.mdwn
new file mode 100644
index 0000000..775e2fb
--- /dev/null
+++ b/doc/user/craige.mdwn
@@ -0,0 +1 @@
+It's been said I was the fourth user :-)

Added a comment: Fixed!
diff --git a/doc/forum/Modules_with_Multiple_cmdProperty_causing_build_failures/comment_2_5afe0f200d7139499ef4b01ea6445206._comment b/doc/forum/Modules_with_Multiple_cmdProperty_causing_build_failures/comment_2_5afe0f200d7139499ef4b01ea6445206._comment
new file mode 100644
index 0000000..00f7711
--- /dev/null
+++ b/doc/forum/Modules_with_Multiple_cmdProperty_causing_build_failures/comment_2_5afe0f200d7139499ef4b01ea6445206._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="craige@a46118dff5bc0fad85259759970d8b4b9fc377d7"
+ nickname="craige"
+ avatar="http://cdn.libravatar.org/avatar/6d2207226de755da46aa2fdff9af70b2"
+ subject="Fixed!"
+ date="2017-01-26T05:54:22Z"
+ content="""
+The original suggestions did fix my problems. 
+
+Apologies for the late response.
+"""]]

add
diff --git a/doc/news/Linux.Conf.Au.presentation.mdwn b/doc/news/Linux.Conf.Au.presentation.mdwn
new file mode 100644
index 0000000..0041955
--- /dev/null
+++ b/doc/news/Linux.Conf.Au.presentation.mdwn
@@ -0,0 +1,4 @@
+<video controls src="http://mirror.linux.org.au/pub/linux.conf.au/2017/Type_driven_configuration_management_with_Propellor.webm"></video>
+
+[video](http://mirror.linux.org.au/pub/linux.conf.au/2017/Type_driven_configuration_management_with_Propellor.webm)
+

update
diff --git a/doc/todo/hostChroot.mdwn b/doc/todo/hostChroot.mdwn
index 55fa689..eccfd64 100644
--- a/doc/todo/hostChroot.mdwn
+++ b/doc/todo/hostChroot.mdwn
@@ -2,3 +2,6 @@ Would be useful to have a `hostChroot :: Host -> Chroot`.
 
 For a Debian host, this would use debootstrapped and pass all the Host's
 properties to it. --[[Joey]] 
+
+Would need to make privdata use the context of the input Host. And would
+need to propigate privdata info, but not other info. --[[Joey]]

too
diff --git a/doc/todo/hostChroot.mdwn b/doc/todo/hostChroot.mdwn
new file mode 100644
index 0000000..55fa689
--- /dev/null
+++ b/doc/todo/hostChroot.mdwn
@@ -0,0 +1,4 @@
+Would be useful to have a `hostChroot :: Host -> Chroot`.
+
+For a Debian host, this would use debootstrapped and pass all the Host's
+properties to it. --[[Joey]] 

add missing props to Host definitions
diff --git a/doc/haskell_newbie.mdwn b/doc/haskell_newbie.mdwn
index d6e339e..dc3c54a 100644
--- a/doc/haskell_newbie.mdwn
+++ b/doc/haskell_newbie.mdwn
@@ -47,12 +47,12 @@ Finally, you need to define the configuration for each host in the list:
 
 [[!format haskell """
 mylaptop :: Host
-mylaptop = host "mylaptop.example.com"
+mylaptop = host "mylaptop.example.com" $ props
 	& osDebian Unstable X86_64
 	& Apt.stdSourcesList
 
 myserver :: Host
-myserver = host "server.example.com"
+myserver = host "server.example.com" $ props
 	& osDebian (Stable "jessie") X86_64
 	& Apt.stdSourcesList
 	& Apt.installed ["ssh"]

Added a comment
diff --git a/doc/todo/Merging_from___47__usr__47__src__47__propellor_broken_now_CHANGELOG_not_a_symlink/comment_2_61463030200038542d293149754d36ed._comment b/doc/todo/Merging_from___47__usr__47__src__47__propellor_broken_now_CHANGELOG_not_a_symlink/comment_2_61463030200038542d293149754d36ed._comment
new file mode 100644
index 0000000..b1b4a03
--- /dev/null
+++ b/doc/todo/Merging_from___47__usr__47__src__47__propellor_broken_now_CHANGELOG_not_a_symlink/comment_2_61463030200038542d293149754d36ed._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 2"
+ date="2017-01-03T09:07:18Z"
+ content="""
+Thanks for looking at this.  Yes, it's probably the type-change.  There is surely some way to instruct git to DTRT.
+"""]]

comment
diff --git a/doc/todo/Merging_from___47__usr__47__src__47__propellor_broken_now_CHANGELOG_not_a_symlink/comment_1_62b47d7c0530c2988b7e6e998878b920._comment b/doc/todo/Merging_from___47__usr__47__src__47__propellor_broken_now_CHANGELOG_not_a_symlink/comment_1_62b47d7c0530c2988b7e6e998878b920._comment
new file mode 100644
index 0000000..886c253
--- /dev/null
+++ b/doc/todo/Merging_from___47__usr__47__src__47__propellor_broken_now_CHANGELOG_not_a_symlink/comment_1_62b47d7c0530c2988b7e6e998878b920._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2017-01-01T21:29:52Z"
+ content="""
+I have reverted that change for now.
+
+I don't think the /usr/src/propellor/ merge has anything specific to do
+with the changelog, so there is probably a general case where that merge
+fails to work. I guess it involves a file's type changing.
+"""]]

report bug
diff --git a/doc/todo/Merging_from___47__usr__47__src__47__propellor_broken_now_CHANGELOG_not_a_symlink.mdwn b/doc/todo/Merging_from___47__usr__47__src__47__propellor_broken_now_CHANGELOG_not_a_symlink.mdwn
new file mode 100644
index 0000000..bfba854
--- /dev/null
+++ b/doc/todo/Merging_from___47__usr__47__src__47__propellor_broken_now_CHANGELOG_not_a_symlink.mdwn
@@ -0,0 +1,36 @@
+In Joey's master branch, `CHANGELOG` is a real file, whereas previously it was a symlink.  This breaks the `/usr/src/propellor` newer version check.
+
+Steps to reproduce:
+
+1. Install propellor 3.2.3 or older with apt on Debian or Ubuntu
+2. `propellor --init` and select option `A`
+3. Prepare a pseudorelease: merge Joey's master branch into [my Debian packaging branch](https://git.spwhitton.name/?p=propellor.git;a=shortlog;h=refs/heads/debian), `dch -v3.2.3+gitYYYYMMDD.fffffff`, `dpkg-buildpackage -uc -b`, `debi -u`
+4. `propellor --spin`
+
+I haven't yet tried reproducing this by building a `.deb` from Joey's master branch, rather than my packaging branch.  If the problem does not appear using a `.deb` from Joey's master branch, this is an internal Debian problem, rather than an upstream bug.  However, perhaps Joey can immediately see a solution.
+
+Sample output:
+
+    Auto-merging src/wrapper.hs
+    Auto-merging src/Utility/UserInfo.hs
+    Auto-merging src/Utility/SystemDirectory.hs
+    Auto-merging src/Utility/Misc.hs
+    Auto-merging src/Utility/FileSystemEncoding.hs
+    Auto-merging src/Utility/Exception.hs
+    Auto-merging src/Propellor/Types/CmdLine.hs
+    Auto-merging src/Propellor/Shim.hs
+    Auto-merging src/Propellor/Property/Gpg.hs
+    Auto-merging src/Propellor/Property/Debootstrap.hs
+    Auto-merging src/Propellor/Property.hs
+    Auto-merging src/Propellor/PrivData.hs
+    Auto-merging src/Propellor/Gpg.hs
+    Auto-merging src/Propellor/CmdLine.hs
+    Auto-merging debian/changelog
+    Auto-merging CHANGELOG
+    CONFLICT (add/add): Merge conflict in CHANGELOG
+    Automatic merge failed; fix conflicts and then commit the result.
+    propellor: Failed to run git ["merge","c590ddd8e2fa87baa409b6c29501d4473555ecfb","-s","recursive","-Xtheirs","--quiet","-m","merging upstream version","--allow-unrelated-histories"]
+    CallStack (from HasCallStack):
+      error, called at src/Propellor/DotDir.hs:425:17 in main:Propellor.DotDir
+
+--spwhitton

More informative usage message. Thanks, Daniel Brooks
diff --git a/CHANGELOG b/CHANGELOG
index f41c556..eef6c1d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -3,6 +3,7 @@ propellor (3.2.4) UNRELEASED; urgency=medium
   * GHC's fileSystemEncoding is used for all String IO, to avoid
     encoding-related crashes in eg, Propellor.Property.File.
   * Add --build option to simply build config.hs.
+  * More informative usage message. Thanks, Daniel Brooks
 
  -- Joey Hess <id@joeyh.name>  Sat, 24 Dec 2016 15:06:36 -0400
 
diff --git a/doc/todo/usage__47__help_text_improvements.mdwn b/doc/todo/usage__47__help_text_improvements.mdwn
index 8ffca2c..80fffb3 100644
--- a/doc/todo/usage__47__help_text_improvements.mdwn
+++ b/doc/todo/usage__47__help_text_improvements.mdwn
@@ -1 +1,3 @@
 I started out looking at how to make usage.mdwn into a man page, but that's a little more work than I wanted to do tonight. Instead, I added more information to the usage message. Commit is fa0e8d83 on iabak:~db48x/propellor if you want it.
+
+> merged [[done]] tnx --[[Joey]] 

Added a comment
diff --git a/doc/todo/usage__47__help_text_improvements/comment_2_d531a45851cdef87a8f7b8182b3d04ce._comment b/doc/todo/usage__47__help_text_improvements/comment_2_d531a45851cdef87a8f7b8182b3d04ce._comment
new file mode 100644
index 0000000..62cf1fe
--- /dev/null
+++ b/doc/todo/usage__47__help_text_improvements/comment_2_d531a45851cdef87a8f7b8182b3d04ce._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="db48x"
+ avatar="http://cdn.libravatar.org/avatar/ad2688127feb555a92154b16d8eeb5d3"
+ subject="comment 2"
+ date="2016-12-27T06:12:52Z"
+ content="""
+/me facepalms; of course it can. I guess I saw the 'git commit' in the install target and disregarded the rest.
+
+I removed the tabs from the usage. It's a lot longer, but I suppose it gets the job done.
+
+
+"""]]

comment
diff --git a/doc/todo/usage__47__help_text_improvements/comment_1_66878945cdb57d06849337262d939701._comment b/doc/todo/usage__47__help_text_improvements/comment_1_66878945cdb57d06849337262d939701._comment
new file mode 100644
index 0000000..f30eae4
--- /dev/null
+++ b/doc/todo/usage__47__help_text_improvements/comment_1_66878945cdb57d06849337262d939701._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2016-12-27T02:46:19Z"
+ content="""
+I don't like the use of tabs in that; it may be that with some terminal
+with an unusual tab stop, the things don't align.
+
+It would probably be simplest to put the description in the line under the
+option.
+
+BTW, the Makefile can build propellor.1 out of usage.mdwn
+"""]]

diff --git a/doc/todo/usage__47__help_text_improvements.mdwn b/doc/todo/usage__47__help_text_improvements.mdwn
new file mode 100644
index 0000000..8ffca2c
--- /dev/null
+++ b/doc/todo/usage__47__help_text_improvements.mdwn
@@ -0,0 +1 @@
+I started out looking at how to make usage.mdwn into a man page, but that's a little more work than I wanted to do tonight. Instead, I added more information to the usage message. Commit is fa0e8d83 on iabak:~db48x/propellor if you want it.

Added a comment: aha
diff --git a/doc/todo/Are_--check_and_--build_on_the_way_in_or_on_the_way_out__63__/comment_2_b4910f50225a8b763566126861faea11._comment b/doc/todo/Are_--check_and_--build_on_the_way_in_or_on_the_way_out__63__/comment_2_b4910f50225a8b763566126861faea11._comment
new file mode 100644
index 0000000..0c59448
--- /dev/null
+++ b/doc/todo/Are_--check_and_--build_on_the_way_in_or_on_the_way_out__63__/comment_2_b4910f50225a8b763566126861faea11._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="db48x"
+ avatar="http://cdn.libravatar.org/avatar/ad2688127feb555a92154b16d8eeb5d3"
+ subject="aha"
+ date="2016-12-26T21:23:03Z"
+ content="""
+Thanks!
+"""]]

comment and close
diff --git a/doc/todo/Are_--check_and_--build_on_the_way_in_or_on_the_way_out__63__.mdwn b/doc/todo/Are_--check_and_--build_on_the_way_in_or_on_the_way_out__63__.mdwn
index fdba057..52b3b99 100644
--- a/doc/todo/Are_--check_and_--build_on_the_way_in_or_on_the_way_out__63__.mdwn
+++ b/doc/todo/Are_--check_and_--build_on_the_way_in_or_on_the_way_out__63__.mdwn
@@ -1 +1,3 @@
 I've managed to do a few useful things with propellor, but it feels a bit rough around the edges to me. It looked at first like the --check and --build options would be useful for checking that my configs would at least compile, but it turns out that --build doesn't even exist and --check just returns without doing anything. Should they just be removed, or do they need more work to finish them?
+
+[[done]]
diff --git a/doc/todo/Are_--check_and_--build_on_the_way_in_or_on_the_way_out__63__/comment_1_7c2b2447254ad44ee1316b47eac130df._comment b/doc/todo/Are_--check_and_--build_on_the_way_in_or_on_the_way_out__63__/comment_1_7c2b2447254ad44ee1316b47eac130df._comment
new file mode 100644
index 0000000..392f0f1
--- /dev/null
+++ b/doc/todo/Are_--check_and_--build_on_the_way_in_or_on_the_way_out__63__/comment_1_7c2b2447254ad44ee1316b47eac130df._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2016-12-26T15:55:36Z"
+ content="""
+--check does just what it's supposed to do. This is used during bootstrap
+to notice if the propellor binary has gotten broken by changes to eg system
+libraries.
+
+--build seems to have been added without being implemented.  But it does
+seem  useful to have a way to simply build propellor so implemented it now.
+"""]]

Added --build option, which makes propellor simply build itself.
diff --git a/debian/changelog b/debian/changelog
index cb313e2..765f44c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+propellor (3.2.4) UNRELEASED; urgency=medium
+
+  * Added --build option, which makes propellor simply build itself.
+
+ -- Joey Hess <id@joeyh.name>  Mon, 26 Dec 2016 12:03:19 -0400
+
 propellor (3.2.3) unstable; urgency=medium
 
   * Improve extraction of gpg secret key id list, to work with gpg 2.1.
diff --git a/doc/usage.mdwn b/doc/usage.mdwn
index fc1f839..3d32538 100644
--- a/doc/usage.mdwn
+++ b/doc/usage.mdwn
@@ -55,6 +55,14 @@ and configured in haskell.
   The hostname given to --spin can be a short name, which is
   then looked up in the DNS to find the FQDN.
 
+* propellor --build
+
+  Causes propellor to build itself, checking that your config.hs, etc are
+  valid.
+
+  You do not need to run this as a separate step; propellor automatically
+  builds itself when using things like --spin.
+
 * propellor --add-key keyid
 
   Adds a gpg key, which is used to encrypt the privdata.
diff --git a/src/Propellor/CmdLine.hs b/src/Propellor/CmdLine.hs
index 448abf6..7840cc3 100644
--- a/src/Propellor/CmdLine.hs
+++ b/src/Propellor/CmdLine.hs
@@ -26,6 +26,7 @@ usage h = hPutStrLn h $ unlines
 	, "  propellor --init"
 	, "  propellor"
 	, "  propellor --spin targethost [--via relayhost]"
+	, "  propellor --build"
 	, "  propellor --add-key keyid"
 	, "  propellor --rm-key keyid"
 	, "  propellor --list-fields"
@@ -53,6 +54,7 @@ processCmdLine = go =<< getArgs
 			<$> mapM hostname (reverse hs)
 			<*> pure (Just r)
 		_ -> Spin <$> mapM hostname ps <*> pure Nothing
+	go ("--build":[]) = return Build
 	go ("--add-key":k:[]) = return $ AddKey k
 	go ("--rm-key":k:[]) = return $ RmKey k
 	go ("--set":f:c:[]) = withprivfield f c Set
@@ -101,6 +103,7 @@ defaultMain hostlist = withConcurrentOutput $ do
   where
 	go cr (Serialized cmdline) = go cr cmdline
 	go _ Check = return ()
+	go cr Build = buildFirst Nothing cr Build $ return ()
 	go _ (Set field context) = setPrivData field context
 	go _ (Unset field context) = unsetPrivData field context
 	go _ (UnsetUnused) = unsetPrivDataUnused hostlist
diff --git a/src/Propellor/Types/CmdLine.hs b/src/Propellor/Types/CmdLine.hs
index 558c6e8..d712a45 100644
--- a/src/Propellor/Types/CmdLine.hs
+++ b/src/Propellor/Types/CmdLine.hs
@@ -28,4 +28,5 @@ data CmdLine
 	| ChrootChain HostName FilePath Bool Bool
 	| GitPush Fd Fd
 	| Check
+	| Build
 	deriving (Read, Show, Eq)

get usage and man page back in sync
Remove --build which is no longer present.
Order the list of options the same.
Document --rm-key in man page.
diff --git a/doc/usage.mdwn b/doc/usage.mdwn
index fec346a..fc1f839 100644
--- a/doc/usage.mdwn
+++ b/doc/usage.mdwn
@@ -66,6 +66,10 @@ and configured in haskell.
   using this key. Propellor requires signed commits when pulling from
   a central git repository.
 
+* propellor --rm-key keyid
+
+  Stops encrypting the privdata to a gpg key.
+
 * propellor --list-fields
 
   Lists all privdata fields that are used by your propellor configuration.
diff --git a/src/Propellor/CmdLine.hs b/src/Propellor/CmdLine.hs
index fc25610..448abf6 100644
--- a/src/Propellor/CmdLine.hs
+++ b/src/Propellor/CmdLine.hs
@@ -25,19 +25,18 @@ usage h = hPutStrLn h $ unlines
 	[ "Usage:"
 	, "  propellor --init"
 	, "  propellor"
-	, "  propellor hostname"
 	, "  propellor --spin targethost [--via relayhost]"
 	, "  propellor --add-key keyid"
 	, "  propellor --rm-key keyid"
 	, "  propellor --list-fields"
-	, "  propellor --dump field context"
-	, "  propellor --edit field context"
 	, "  propellor --set field context"
 	, "  propellor --unset field context"
 	, "  propellor --unset-unused"
+	, "  propellor --dump field context"
+	, "  propellor --edit field context"
 	, "  propellor --merge"
-	, "  propellor --build"
 	, "  propellor --check"
+	, "  propellor hostname"
 	]
 
 usageError :: [String] -> IO a

moderately confused
diff --git a/doc/todo/Are_--check_and_--build_on_the_way_in_or_on_the_way_out__63__.mdwn b/doc/todo/Are_--check_and_--build_on_the_way_in_or_on_the_way_out__63__.mdwn
new file mode 100644
index 0000000..fdba057
--- /dev/null
+++ b/doc/todo/Are_--check_and_--build_on_the_way_in_or_on_the_way_out__63__.mdwn
@@ -0,0 +1 @@
+I've managed to do a few useful things with propellor, but it feels a bit rough around the edges to me. It looked at first like the --check and --build options would be useful for checking that my configs would at least compile, but it turns out that --build doesn't even exist and --check just returns without doing anything. Should they just be removed, or do they need more work to finish them?

Added a comment: Cache gpg passphrase.
diff --git a/doc/forum/propellor_and_gpg2/comment_1_4b732110f59f78f73fdfb745bdd9c0dd._comment b/doc/forum/propellor_and_gpg2/comment_1_4b732110f59f78f73fdfb745bdd9c0dd._comment
new file mode 100644
index 0000000..66c4cff
--- /dev/null
+++ b/doc/forum/propellor_and_gpg2/comment_1_4b732110f59f78f73fdfb745bdd9c0dd._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="anselmi@0a9758305bef5e058dd0263fa20a27b334b482c7"
+ nickname="anselmi"
+ avatar="http://cdn.libravatar.org/avatar/65b723eb35eb4e3b05fffafd3e13e0fd"
+ subject="Cache gpg passphrase."
+ date="2016-12-22T17:23:58Z"
+ content="""
+The bottom line on this is that gpg2 (via the agent and pinentry) doesn't prompt correctly when run from git. It does when run directly.
+
+One fix is to set GPG_TTY before running propellor: `export GPG_TTY=$(tty)` or some such.
+
+Anything else that caches the pass phrase in the agent works too since that removes the need to prompt.
+"""]]

typo
diff --git a/doc/todo/Add_MonadBaseControl_instance_to_Propellor/comment_3_45413e6e811c34edc38a6ff70ca7c208._comment b/doc/todo/Add_MonadBaseControl_instance_to_Propellor/comment_3_45413e6e811c34edc38a6ff70ca7c208._comment
index 58106f6..74a5c8b 100644
--- a/doc/todo/Add_MonadBaseControl_instance_to_Propellor/comment_3_45413e6e811c34edc38a6ff70ca7c208._comment
+++ b/doc/todo/Add_MonadBaseControl_instance_to_Propellor/comment_3_45413e6e811c34edc38a6ff70ca7c208._comment
@@ -25,16 +25,17 @@ Writers and/or two States, that need to be merged somehow. I don't see
 anything in the library that lets it do an intelligent merge. (For example,
 it could notice that [EndAction] is a monoid and mappend the two values.)
 
-So, I think when it says it's arestoring the monadic effects, it means it's
+So, I think when it says it's a restoring the monadic effects, it means it's
 *discarding* any changes that might have been made to the Writer or State.
 
-Is this a large problem for propellor? Maybe not. EndActions rarely need to
+Is this a large problem for Propellor? Maybe not. EndActions rarely need to
 be added, and in fact only one property in all of Propellor currently adds
-an EndAction.
+an EndAction. But this could change; Propellor could get state in its
+monad. What then?
 
 Now, I actually dealt with this problem in the
 Propellor.Property.Concurrent module. The code there threads the Writer
-values through the concurrent actions and merges them at the end. If
+v alues through the concurrent actions and merges them at the end. If
 MonadBaseControl provides a more principled way to do that, which lets
 lifted-async also be used safely, then that part of propellor could perhaps
 be changed to use it. 

forward comment and add comment
diff --git a/doc/todo/Add_MonadBaseControl_instance_to_Propellor/comment_2_60d6e06ebada37648df77442733e325f._comment b/doc/todo/Add_MonadBaseControl_instance_to_Propellor/comment_2_60d6e06ebada37648df77442733e325f._comment
new file mode 100644
index 0000000..3233340
--- /dev/null
+++ b/doc/todo/Add_MonadBaseControl_instance_to_Propellor/comment_2_60d6e06ebada37648df77442733e325f._comment
@@ -0,0 +1,24 @@
+[[!comment format=mdwn
+ username="chris"
+ subject="""comment 2"""
+ date="2016-12-01T18:14:10Z"
+ content="""
+Agree on all points. I would rather not add the dependencies to propellor
+proper either, but such was the requirement for this change. I'd be happy
+enough with the MonadBase IO derivation and implementing this externally,
+no argument here.
+
+As for what it does :) I cribbed the implementation from the Snap server (
+https://github.com/snapframework/snap/blob/
+bda15d0a0f29b0107fd69fbb8b7e8cc5ce5fa7e4/src/Snap/Snaplet/Internal/Types.hs#
+L277),
+and it seems to work, essentially it is a way to take the outer
+transformer, and wrap it inside the inner Monad, but in such a way that the
+inner Monad now has access to the outer transformer !? Yeah, I'm still not
+fully grokking it myself, but it type checks and functions.
+
+Anyway feel free to implement at your leisure, it does seem that I could
+even derive the MonadBase IO instance manually and not have to change
+Propellor in the least, though the auto-derived instance would seem like a
+simple and harmless addition.
+"""]]
diff --git a/doc/todo/Add_MonadBaseControl_instance_to_Propellor/comment_3_45413e6e811c34edc38a6ff70ca7c208._comment b/doc/todo/Add_MonadBaseControl_instance_to_Propellor/comment_3_45413e6e811c34edc38a6ff70ca7c208._comment
new file mode 100644
index 0000000..58106f6
--- /dev/null
+++ b/doc/todo/Add_MonadBaseControl_instance_to_Propellor/comment_3_45413e6e811c34edc38a6ff70ca7c208._comment
@@ -0,0 +1,49 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2016-12-01T18:14:28Z"
+ content="""
+Looking at the lifted-async that is what uses the MonadBaseControl instance
+in your use case, I have some concerns.
+
+Its docs say "All the functions restore the monadic effects in the forked
+computation unless specified otherwise." I think that has bearing on the
+following situation:
+
+Suppose that two Propellor monad actions are run concurrently by this:
+
+	foo `concurrently` bar
+
+Propellor's monad includes a Writer component, that accumulates [EndAction].
+Since they are running concurrently, it seems likely that `foo` and `bar`
+are using separate Writers. Propellor doesn't currently use a State monad,
+but suppose that was added to its stack. Then `foo` and `bar` would
+necessarily, I think, be manipulating independent copies of state.
+
+Now, what happens when `concurrently` finishes running them? We have two
+Writers and/or two States, that need to be merged somehow. I don't see
+anything in the library that lets it do an intelligent merge. (For example,
+it could notice that [EndAction] is a monoid and mappend the two values.)
+
+So, I think when it says it's arestoring the monadic effects, it means it's
+*discarding* any changes that might have been made to the Writer or State.
+
+Is this a large problem for propellor? Maybe not. EndActions rarely need to
+be added, and in fact only one property in all of Propellor currently adds
+an EndAction.
+
+Now, I actually dealt with this problem in the
+Propellor.Property.Concurrent module. The code there threads the Writer
+values through the concurrent actions and merges them at the end. If
+MonadBaseControl provides a more principled way to do that, which lets
+lifted-async also be used safely, then that part of propellor could perhaps
+be changed to use it. 
+
+But, I don't know if this is a problem that MonadBaseControl deals with at
+all. It might be that its design is intended to be used for things like
+`bracket`, where there's no concurrency, and so not as much problem with
+getting different monadic states that need to be merged together. (Although
+in `bracket foo bar baz`, if baz throws an exception part way through,
+there's an interesting question about what to do with any monadic state it
+may have accumulated.) 
+"""]]

comment
diff --git a/doc/todo/Add_MonadBaseControl_instance_to_Propellor/comment_1_4b0cd7acc6442210a80c547981b5ae45._comment b/doc/todo/Add_MonadBaseControl_instance_to_Propellor/comment_1_4b0cd7acc6442210a80c547981b5ae45._comment
new file mode 100644
index 0000000..b38a015
--- /dev/null
+++ b/doc/todo/Add_MonadBaseControl_instance_to_Propellor/comment_1_4b0cd7acc6442210a80c547981b5ae45._comment
@@ -0,0 +1,18 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2016-11-30T21:07:26Z"
+ content="""
+I'm not entirely opposed to it, but this does add another two
+dependencies that have to be installed on every host managed by propellor.
+
+Also, I don't really understand the instance MonadBaseControl
+implementation. (And have always had that difficulty with
+monad-control, which is one of the reasons I've stopped using it.)
+This and not having anything to test it with makes me fear maintaining it.
+
+It looks like it would be sufficient make Propellor derive MonadBase IO,
+and then the MonadBaseControl instance could be shipped in another
+package (or even implemented in your config.hs). Does that sound like a
+reasonable compromise?
+"""]]

diff --git a/doc/todo/Add_MonadBaseControl_instance_to_Propellor.mdwn b/doc/todo/Add_MonadBaseControl_instance_to_Propellor.mdwn
index 1689ef3..e044e4d 100644
--- a/doc/todo/Add_MonadBaseControl_instance_to_Propellor.mdwn
+++ b/doc/todo/Add_MonadBaseControl_instance_to_Propellor.mdwn
@@ -1,3 +1,3 @@
-I had a specific use-case that ensures a property while using a Consul session via the consul-haskell package (https://hackage.haskell.org/package/consul-haskell-0.4/docs/Network-Consul.html#v:withSession); in order to make it type check a MonadBaseControl IO instance is needed, so I added one. Hopefully this is generally useful, so I don't need to maintain a forked version of propellor!
+I had a specific use-case that ensures a property while using a Consul session via the [consul-haskell package](https://hackage.haskell.org/package/consul-haskell-0.4/docs/Network-Consul.html#v:withSession); in order to make it type check a MonadBaseControl IO instance is needed, so I added one. Hopefully this is generally useful, so I don't need to maintain a forked version of propellor!
 
 Patch is located in the `MonadBaseControl` branch of my cloned git repo `git clone git@github.com:hellertime/propellor.git`

diff --git a/doc/todo/Add_MonadBaseControl_instance_to_Propellor.mdwn b/doc/todo/Add_MonadBaseControl_instance_to_Propellor.mdwn
index f52b647..1689ef3 100644
--- a/doc/todo/Add_MonadBaseControl_instance_to_Propellor.mdwn
+++ b/doc/todo/Add_MonadBaseControl_instance_to_Propellor.mdwn
@@ -1,3 +1,3 @@
 I had a specific use-case that ensures a property while using a Consul session via the consul-haskell package (https://hackage.haskell.org/package/consul-haskell-0.4/docs/Network-Consul.html#v:withSession); in order to make it type check a MonadBaseControl IO instance is needed, so I added one. Hopefully this is generally useful, so I don't need to maintain a forked version of propellor!
 
-Patch is located in the `MonadBaseControl` branch of [this](git@github.com:hellertime/propellor.git) git repo.
+Patch is located in the `MonadBaseControl` branch of my cloned git repo `git clone git@github.com:hellertime/propellor.git`

Initial Page
diff --git a/doc/todo/Add_MonadBaseControl_instance_to_Propellor.mdwn b/doc/todo/Add_MonadBaseControl_instance_to_Propellor.mdwn
new file mode 100644
index 0000000..f52b647
--- /dev/null
+++ b/doc/todo/Add_MonadBaseControl_instance_to_Propellor.mdwn
@@ -0,0 +1,3 @@
+I had a specific use-case that ensures a property while using a Consul session via the consul-haskell package (https://hackage.haskell.org/package/consul-haskell-0.4/docs/Network-Consul.html#v:withSession); in order to make it type check a MonadBaseControl IO instance is needed, so I added one. Hopefully this is generally useful, so I don't need to maintain a forked version of propellor!
+
+Patch is located in the `MonadBaseControl` branch of [this](git@github.com:hellertime/propellor.git) git repo.

diff --git a/doc/forum/propellor_and_gpg2.mdwn b/doc/forum/propellor_and_gpg2.mdwn
index 6337e3e..d78de74 100644
--- a/doc/forum/propellor_and_gpg2.mdwn
+++ b/doc/forum/propellor_and_gpg2.mdwn
@@ -6,11 +6,9 @@ In my case this was a fresh install into a new Debian/sid system (so gpg2 is the
 
 So it was frustrating that propellor didn't work out of the box and there were no hints what was wrong with signing commits in git (the error above is from git and doing git commit -S was enough to reproduce it).
 
-But I persevered and happened across a sort of solution. I'm sharing it here because searching for git commit failures with gpgp2 wasn't very helpful.
+The issue has to do with prompting for a passphrase in gpg2. If the agent is running and $GPG_TTY is set correctly you get a prompt and things will work. I was able to convince myself that if the agent wasn't running it would cause this error but it seems that gpg2 requires the agent and automatically starts it so I'm not sure how I managed that.
 
-The issue has to do with prompting for a passphrase in gpg2. If the agent is running and $GPG_TTY is set correctly you get a prompt and things will work. If the agent is not running then gpg doesn't prompt for the passphrase and the commit fails as above. Luckily I was able to try this on a Mac, which gave an agent ioctl error, which got me to this answer.
-
-Initially I was trying propellor before I installed a desktop so I didn't have the gpg agent. I'm not sure how to work around this issue without the agent but I'll keep looking for git + gpg2 help.
+Initially I was trying propellor before I installed a desktop so I don't know what I had for the gpg agent or how it should have been prompting. There doesn't seem to be much help out there on gpg2 + git failures but I'll keep looking.
 
 Dave
 

diff --git a/doc/forum/propellor_and_gpg2.mdwn b/doc/forum/propellor_and_gpg2.mdwn
index 85ae170..6337e3e 100644
--- a/doc/forum/propellor_and_gpg2.mdwn
+++ b/doc/forum/propellor_and_gpg2.mdwn
@@ -1,6 +1,6 @@
 I had a problem similar to [[Key sign problem]]. Maybe in that case the fix was easy, just supplying the secret key.
 
-In my case this was a fresh install into a new Debian/sid system (so gpg2 is the default) and the failure happened during the propellor --init following the directions in the quick start at <https://propellor.branchable.com/>. During the --init I selected to create a gpg key. The message, after finally getting enough entropy and creating the gpg key was:
+In my case this was a fresh install into a new Debian/sid system (so gpg2 is the default) and the failure happened during the propellor --init following the directions in the quick start at <https://propellor.branchable.com/>. During the --init I selected to create a gpg key. The message, after finally getting enough entropy and creating the gpg key, was:
     error:gpg failed to sign the data
     fatal: failed to write commit object
 

diff --git a/doc/forum/propellor_and_gpg2.mdwn b/doc/forum/propellor_and_gpg2.mdwn
new file mode 100644
index 0000000..85ae170
--- /dev/null
+++ b/doc/forum/propellor_and_gpg2.mdwn
@@ -0,0 +1,16 @@
+I had a problem similar to [[Key sign problem]]. Maybe in that case the fix was easy, just supplying the secret key.
+
+In my case this was a fresh install into a new Debian/sid system (so gpg2 is the default) and the failure happened during the propellor --init following the directions in the quick start at <https://propellor.branchable.com/>. During the --init I selected to create a gpg key. The message, after finally getting enough entropy and creating the gpg key was:
+    error:gpg failed to sign the data
+    fatal: failed to write commit object
+
+So it was frustrating that propellor didn't work out of the box and there were no hints what was wrong with signing commits in git (the error above is from git and doing git commit -S was enough to reproduce it).
+
+But I persevered and happened across a sort of solution. I'm sharing it here because searching for git commit failures with gpgp2 wasn't very helpful.
+
+The issue has to do with prompting for a passphrase in gpg2. If the agent is running and $GPG_TTY is set correctly you get a prompt and things will work. If the agent is not running then gpg doesn't prompt for the passphrase and the commit fails as above. Luckily I was able to try this on a Mac, which gave an agent ioctl error, which got me to this answer.
+
+Initially I was trying propellor before I installed a desktop so I didn't have the gpg agent. I'm not sure how to work around this issue without the agent but I'll keep looking for git + gpg2 help.
+
+Dave
+

add news item for propellor 3.2.3
diff --git a/doc/news/version_3.1.1.mdwn b/doc/news/version_3.1.1.mdwn
deleted file mode 100644
index b6ef29c..0000000
--- a/doc/news/version_3.1.1.mdwn
+++ /dev/null
@@ -1,4 +0,0 @@
-propellor 3.1.1 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Haddock build fix.
-     Thanks, Sean Whitton"""]]
\ No newline at end of file
diff --git a/doc/news/version_3.2.3.mdwn b/doc/news/version_3.2.3.mdwn
new file mode 100644
index 0000000..3689a90
--- /dev/null
+++ b/doc/news/version_3.2.3.mdwn
@@ -0,0 +1,9 @@
+propellor 3.2.3 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Improve extraction of gpg secret key id list, to work with gpg 2.1.
+   * The propellor wrapper checks if ./config.hs exists; if so it runs
+     using the configuration in the current directory, rather than
+     ~/.propellor/config.hs
+   * Debootstap: Fix too tight permissions lock down of debootstrapped
+     chroots, which prevented non-root users from doing anything in the
+     chroot."""]]
\ No newline at end of file

Added a comment
diff --git a/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot/comment_2_f0da198fdfa9705ab2114afb2ca0d11f._comment b/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot/comment_2_f0da198fdfa9705ab2114afb2ca0d11f._comment
new file mode 100644
index 0000000..6647e1f
--- /dev/null
+++ b/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot/comment_2_f0da198fdfa9705ab2114afb2ca0d11f._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 2"
+ date="2016-11-21T19:37:19Z"
+ content="""
+Ah, interesting, I guess that I forgot how primitive chrooting is.  Thanks for the fix, which works on my end.
+"""]]

Debootstap: Fix too tight permissions lock down of debootstrapped chroots, which prevented non-root users from doing anything in the chroot.
diff --git a/debian/changelog b/debian/changelog
index f344211..efbde34 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,9 @@ propellor (3.2.3) UNRELEASED; urgency=medium
   * The propellor wrapper checks if ./config.hs exists; if so it runs
     using the configuration in the current directory, rather than
     ~/.propellor/config.hs
+  * Debootstap: Fix too tight permissions lock down of debootstrapped
+    chroots, which prevented non-root users from doing anything in the
+    chroot.
 
  -- Joey Hess <id@joeyh.name>  Fri, 11 Nov 2016 19:32:54 -0400
 
diff --git a/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot.mdwn b/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot.mdwn
index d42d4f7..c4464d0 100644
--- a/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot.mdwn
+++ b/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot.mdwn
@@ -21,3 +21,5 @@ I can obtain the error manually as follows.  My `/tmp` is not mounted `noexec`.
     Cannot execute /bin/sh: Permission denied
 
 --spwhitton
+
+> [[fixed|done]] --[[Joey]]
diff --git a/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot/comment_1_75ae52da0638ff6ea1c04820091b89f3._comment b/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot/comment_1_75ae52da0638ff6ea1c04820091b89f3._comment
new file mode 100644
index 0000000..89bb17f
--- /dev/null
+++ b/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot/comment_1_75ae52da0638ff6ea1c04820091b89f3._comment
@@ -0,0 +1,23 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2016-11-20T16:55:25Z"
+ content="""
+This is due to `Debootstrap.built'` removing world read access from the
+chroot it creates.
+
+So, /tmp/sid/ is not accessible by spwhitton, and when su
+has switched id to spwhitton, it can't access anything inside the chroot.
+
+See commit f6afeb889f4b11418daac7825c1adb1df4ff145c for when this was
+added. I think that the risk of farming old security vulnerabilities from
+chroots is real, but this is not a good approach for a fix.
+
+(It would work to put the chroot in a parent
+directory that is itself not world readable, then the root directory inside the
+chroot would be world readable. But this would require relocating existing
+chroots. At least when chroots are used for systemd containers,
+/var/lib/container has appropriately locked down permissions anyway.)
+
+I'm reverting that commit, and adding some permissions fixup code.
+"""]]
diff --git a/src/Propellor/Property/Debootstrap.hs b/src/Propellor/Property/Debootstrap.hs
index f9737ca..f8cb6e0 100644
--- a/src/Propellor/Property/Debootstrap.hs
+++ b/src/Propellor/Property/Debootstrap.hs
@@ -51,18 +51,15 @@ built :: FilePath -> System -> DebootstrapConfig -> Property Linux
 built target system config = built' (setupRevertableProperty installed) target system config
 
 built' :: Property Linux -> FilePath -> System -> DebootstrapConfig -> Property Linux
-built' installprop target system@(System _ arch) config =
-	check (unpopulated target <||> ispartial) setupprop
-		`requires` installprop
+built' installprop target system@(System _ arch) config = 
+	go `before` oldpermfix
   where
+	go = check (unpopulated target <||> ispartial) setupprop
+		`requires` installprop
+
 	setupprop :: Property Linux
 	setupprop = property ("debootstrapped " ++ target) $ liftIO $ do
 		createDirectoryIfMissing True target
-		-- Don't allow non-root users to see inside the chroot,
-		-- since doing so can allow them to do various attacks
-		-- including hard link farming suid programs for later
-		-- exploitation.
-		modifyFileMode target (removeModes [otherReadMode, otherExecuteMode, otherWriteMode])
 		suite <- case extractSuite system of
 			Nothing -> errorMessage $ "don't know how to debootstrap " ++ show system
 			Just s -> pure s
@@ -86,6 +83,15 @@ built' installprop target system@(System _ arch) config =
 			return True
 		, return False
 		)
+	
+	-- May want to remove this after some appropriate length of time,
+	-- as it's a workaround for chroots set up with too tight
+	-- permissions.
+	oldpermfix :: Property Linux
+	oldpermfix = property ("fixed old chroot file mode") $ do
+		liftIO $ modifyFileMode target $
+			addModes [otherReadMode, otherExecuteMode]
+		return NoChange
 
 extractSuite :: System -> Maybe String
 extractSuite (System (Debian _ s) _) = Just $ Apt.showSuite s

report userScriptProperty bug
diff --git a/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot.mdwn b/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot.mdwn
new file mode 100644
index 0000000..d42d4f7
--- /dev/null
+++ b/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot.mdwn
@@ -0,0 +1,23 @@
+Config snippet to reproduce:
+
+    	& Chroot.provisioned sidChroot
+      where
+    	sidChroot = Chroot.debootstrapped mempty "/tmp/sid" $ props
+    		& osDebian Unstable X86_64
+    		& User.accountFor (User "spwhitton")
+    		& userScriptProperty (User "spwhitton")
+    			[ "echo hello > /home/spwhitton/greeting" ]
+    		`assume` MadeChange
+
+During a spin, I see the error `Cannot execute /bin/sh`.
+
+I can obtain the error manually as follows.  My `/tmp` is not mounted `noexec`.
+
+    iris ~ % sudo chroot /tmp/sid /bin/bash       
+    [sudo] password for spwhitton:         
+    root@iris:/# su --shell /bin/sh -c "echo hello > /home/spwhitton/greeting" spwhitton
+    Cannot execute /bin/sh
+    root@iris:/# su --shell /bin/sh spwhitton
+    Cannot execute /bin/sh: Permission denied
+
+--spwhitton

improve man page
diff --git a/doc/usage.mdwn b/doc/usage.mdwn
index ac23799..fec346a 100644
--- a/doc/usage.mdwn
+++ b/doc/usage.mdwn
@@ -59,6 +59,9 @@ and configured in haskell.
 
   Adds a gpg key, which is used to encrypt the privdata.
 
+  Multiple gpg keys can be added; the privdata will be encrypted so that
+  all of them can decrypt it.
+
   If the gpg secret key is present, git is configured to sign commits
   using this key. Propellor requires signed commits when pulling from
   a central git repository.
@@ -152,7 +155,7 @@ Additionally, the url of a remote named "deploy", if it exists
 in your ~/.propellor/ repository, is used as the origin url for
 the other repositories.
 
-# SH AUTHOR 
+# AUTHOR 
 
 Joey Hess <id@joeyh.name>
 

The propellor wrapper checks if ./config.hs exists; if so it runs using the configuration in the current directory, rather than ~/.propellor/config.hs
The config,hs name now seems a bit badly chosen, propellor.hs would be less
ambiguous. To avoid accidentially running with a config.hs for something
else, the file content has to contain "Propellor".
Note that checkRepoUpToDate is only run for ~/.propellor/. I guess
propellor configs in other directories won't have been set up that way,
and it would take some changes to make that not hardcode use of
dotPropellor.
There's a new security boundary here, since running propellor looks at the
cwd, whose contents might not be user the user's control. The security
checks I added for this seem pretty good, but even if they can be bypassed,
this is not much different than `make` using the Makefile in cwd.
This commit was sponsored by Ole-Morten Duesund on Patreon.
diff --git a/debian/changelog b/debian/changelog
index 509734d..f344211 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,9 @@
 propellor (3.2.3) UNRELEASED; urgency=medium
 
   * Improve extraction of gpg secret key id list, to work with gpg 2.1.
+  * The propellor wrapper checks if ./config.hs exists; if so it runs
+    using the configuration in the current directory, rather than
+    ~/.propellor/config.hs
 
  -- Joey Hess <id@joeyh.name>  Fri, 11 Nov 2016 19:32:54 -0400
 
diff --git a/doc/usage.mdwn b/doc/usage.mdwn
index 02686d5..ac23799 100644
--- a/doc/usage.mdwn
+++ b/doc/usage.mdwn
@@ -24,8 +24,8 @@ and configured in haskell.
   Once propellor is configured, running it without any options will take
   action as needed to satisfy the configured properties of the local host.
 
-  If there's a central git repository, it will first fetch from the
-  repository, check the gpg signature and merge, and rebuild propellor,
+  If there's a central git repository, it will first fetch from it,
+  check the gpg signature and merge, and rebuild propellor,
   so that any configuration changes will immediately take effect.
 
   If propellor is run by a non-root user without any options, this is
@@ -116,6 +116,19 @@ and configured in haskell.
   This is useful when the local host doesn't yet have its hostname set
   correctly.
 
+# FILES
+
+* ~/.propellor/config.hs
+
+  This is the default config file used by propellor.
+
+* ./config.hs
+
+  If propellor is run in a directory containing a config.hs, it
+  assumes that the current directory is a propellor repository, and 
+  uses the configuration from the current directory, rather tnan
+  ~/.propellor/ 
+
 # ENVIRONMENT
 
 Set `PROPELLOR_DEBUG=1` to make propellor output each command it runs and
diff --git a/src/wrapper.hs b/src/wrapper.hs
index dab7735..6b24a36 100644
--- a/src/wrapper.hs
+++ b/src/wrapper.hs
@@ -6,6 +6,9 @@
 -- This is not the propellor main program (that's config.hs).
 -- This bootstraps ~/.propellor/config.hs, builds it if
 -- it's not already built, and runs it.
+--
+-- If ./config.hs exists, it instead builds and runs in the
+-- current working directory.
 
 module Main where
 
@@ -14,31 +17,57 @@ import Propellor.Message
 import Propellor.Bootstrap
 import Utility.Monad
 import Utility.Directory
+import Utility.FileMode
 import Utility.Process
 import Utility.Process.NonConcurrent
 
 import System.Environment (getArgs)
 import System.Exit
-import System.Posix.Directory
+import System.Posix
 import Control.Monad.IfElse
 
 main :: IO ()
 main = withConcurrentOutput $ go =<< getArgs
   where
 	go ["--init"] = interactiveInit
-	go args = ifM (doesDirectoryExist =<< dotPropellor)
-		( do
-			checkRepoUpToDate
-			buildRunConfig args
-		, error "Seems that ~/.propellor/ does not exist. To set it up, run: propellor --init"
+	go args = ifM configInCurrentWorkingDirectory
+		( buildRunConfig args
+		, ifM (doesDirectoryExist =<< dotPropellor)
+			( do
+				checkRepoUpToDate
+				changeWorkingDirectory =<< dotPropellor
+				buildRunConfig args
+			, error "Seems that ~/.propellor/ does not exist. To set it up, run: propellor --init"
+			)
 		)
 
 buildRunConfig :: [String] -> IO ()
 buildRunConfig args = do
-	changeWorkingDirectory =<< dotPropellor
 	unlessM (doesFileExist "propellor") $ do
 		buildPropellor Nothing
 		putStrLn ""
 		putStrLn ""
 	(_, _, _, pid) <- createProcessNonConcurrent (proc "./propellor" args) 
 	exitWith =<< waitForProcessNonConcurrent pid
+
+configInCurrentWorkingDirectory :: IO Bool
+configInCurrentWorkingDirectory = ifM (doesFileExist "config.hs")
+	( do
+		-- This is a security check to avoid using the current
+		-- working directory as the propellor configuration
+		-- if it's not owned by the user, or is world-writable,
+		-- or group writable. (Some umasks may make directories
+		-- group writable, but typical ones do not.)
+		s <- getFileStatus "."
+		uid <- getRealUserID
+		if fileOwner s /= uid
+			then unsafe "you don't own the current directory"
+			else if checkMode groupWriteMode (fileMode s)
+				then unsafe "the current directory is group writable"
+				else if checkMode otherWriteMode (fileMode s)
+					then unsafe "the current directory is world-writable"
+					else return True
+	, return False
+	)
+  where
+	unsafe s = error $ "Not using ./config.hs because " ++ s ++ ". This seems unsafe."

document --init
diff --git a/doc/usage.mdwn b/doc/usage.mdwn
index 16e559f..02686d5 100644
--- a/doc/usage.mdwn
+++ b/doc/usage.mdwn
@@ -13,11 +13,13 @@ and configured in haskell.
 
 # MODES OF OPERATION
 
-* propellor
+* propellor --init
+
+  Get started by initializing a `~/.propellor/` repository.
 
-  The first time you run `propellor`, without any options,
-  it will set up a `~/.propellor/` repository. Edit `~/.propellor/config.hs`
-  to configure it.
+  After this, you'll edit `~/.propellor/config.hs` to configure propellor.
+
+* propellor
 
   Once propellor is configured, running it without any options will take
   action as needed to satisfy the configured properties of the local host.

add news item for propellor 3.2.2
diff --git a/doc/news/version_3.1.0.mdwn b/doc/news/version_3.1.0.mdwn
deleted file mode 100644
index 425e04c..0000000
--- a/doc/news/version_3.1.0.mdwn
+++ /dev/null
@@ -1,51 +0,0 @@
-propellor 3.1.0 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Architecture changed from String to an ADT. (API Change)
-     Transition guide: Change "amd64" to X86\_64, "i386" to X86\_32,
-     "armel" to ARMEL, etc.
-     Thanks, Félix Sipma.
-   * The Debian data type now includes a DebianKernel. (API Change)
-     This won't affect most config.hs, as osDebian defaults to
-     Linux. Added osDebian' can be used to specify a different kernel.
-     Thanks, Félix Sipma.
-   * Improve exception handling. A property that threw a non-IOException
-     used to stop the whole propellor run. Now, all non-async exceptions
-     only make the property that threw them fail. (Implicit API change)
-   * Added StopPropellorException and stopPropellorMessage which can be
-     used in the unusual case where a failure of one property should stop
-     propellor from trying to ensure any other properties.
-   * tryPropellor returns Either SomeException instead of Either IOException
-     (API change)
-   * Switch letsencrypt to certbot package name.
-   * Sbuild: Add keyringInsecurelyGenerated which is useful on throwaway
-     build VMs.
-     Thanks, Sean Whitton
-   * Added Propellor.Property.SiteSpecific.Exoscale.
-     Thanks, Sean Whitton
-   * Property.Reboot: Added toDistroKernel and toKernelNewerThan.
-     Thanks, Sean Whitton
-   * Added ConfFile.hasIniSection.
-     Thanks, Félix Sipma.
-   * Apt.install: When asked to install a package that apt does not know
-     about, it used to incorrectly succeed. Now it will fail.
-   * Property.Firejail: New module.
-     Thanks, Sean Whitton
-   * File: Write privdata files in binary rather than text, which avoids
-     failure when they do not contain valid unicode.
-     Thanks, Andrew Schurman
-   * Generalized fileProperty can now operate on a file as either a series
-     of lines, or a ByteString.
- * [ Sean Whitton ]
-   * New info property Schroot.useOverlays to indicate whether you want schroots
-     set up by propellor to use the Linux kernel's OverlayFS.
-   * Schroot.overlaysInTmpfs sets Schroot.useOverlays info property.
-   * If you have indicated that you want schroots to use OverlayFS and the
-     current kernel does not support it, Sbuild.built will attempt to reboot
-     into a kernel that does, or fail if it can't find one.
-   * Sbuild.built will no longer add duplicate `aliases=UNRELEASED,sid...` lines
-     to more than one schroot config. It will not remove any such lines that the
-     previous version of propellor added, though.
-   * Sbuild.keypairGenerated works around Debian bug #792100 by creating the
-     directory /root/.gnupg in advance.
-   * Ccache.hasCache now sets the setgid bit on the cache directory, as
-     ccache requires."""]]
\ No newline at end of file
diff --git a/doc/news/version_3.2.2.mdwn b/doc/news/version_3.2.2.mdwn
new file mode 100644
index 0000000..19acc9f
--- /dev/null
+++ b/doc/news/version_3.2.2.mdwn
@@ -0,0 +1,5 @@
+propellor 3.2.2 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Added Linode.serialGrub property.
+   * Clean up build warnings about redundant constraints when built with ghc 8.0.
+   * Added Group.hasUser property. Thanks, Daniel Brooks"""]]
\ No newline at end of file

close
diff --git a/doc/todo/updates_to_the_config_of_the_iabak_server.mdwn b/doc/todo/updates_to_the_config_of_the_iabak_server.mdwn
index 50ae1cb..6dea12f 100644
--- a/doc/todo/updates_to_the_config_of_the_iabak_server.mdwn
+++ b/doc/todo/updates_to_the_config_of_the_iabak_server.mdwn
@@ -1,3 +1,5 @@
 New user accounts for our two shardmasters, mucking about with group membership, and some tools installed via apt.
 
 Git repo is located at iabak:~db48x/propellor; the branch is called iabak.
+
+> [[merged|done]] --[[Joey]]

diff --git a/doc/todo/updates_to_the_config_of_the_iabak_server.mdwn b/doc/todo/updates_to_the_config_of_the_iabak_server.mdwn
index aab394b..50ae1cb 100644
--- a/doc/todo/updates_to_the_config_of_the_iabak_server.mdwn
+++ b/doc/todo/updates_to_the_config_of_the_iabak_server.mdwn
@@ -1,3 +1,3 @@
 New user accounts for our two shardmasters, mucking about with group membership, and some tools installed via apt.
 
-Git repo is located at iabak:~db48x/propellor
+Git repo is located at iabak:~db48x/propellor; the branch is called iabak.

diff --git a/doc/todo/updates_to_the_config_of_the_iabak_server.mdwn b/doc/todo/updates_to_the_config_of_the_iabak_server.mdwn
new file mode 100644
index 0000000..aab394b
--- /dev/null
+++ b/doc/todo/updates_to_the_config_of_the_iabak_server.mdwn
@@ -0,0 +1,3 @@
+New user accounts for our two shardmasters, mucking about with group membership, and some tools installed via apt.
+
+Git repo is located at iabak:~db48x/propellor

update
diff --git a/doc/todo/spin_without_remote_compilation/comment_5_bc7ab75bf3063bb09b0beb57b6cb4545._comment b/doc/todo/spin_without_remote_compilation/comment_5_bc7ab75bf3063bb09b0beb57b6cb4545._comment
new file mode 100644
index 0000000..9d9fc2e
--- /dev/null
+++ b/doc/todo/spin_without_remote_compilation/comment_5_bc7ab75bf3063bb09b0beb57b6cb4545._comment
@@ -0,0 +1,68 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 5"""
+ date="2016-11-04T16:25:13Z"
+ content="""
+Felix did a lot of work on his precompiled branch. But it's been stalled
+on getting merged since June.
+
+The blocker has to do with switching a host between precompiled and not,
+and vice-versa. The two ways to deploy propellor need different contents in
+the `localdir`. Pasting in a couple of my last emails about it:
+
+----
+
+I fear a rm -rf localdir because propellor writes/reads some files
+inside it to store states between runs etc. In retrospect, it would have
+been smart to limit all such stuff to a subdirectory of localdir. Moving
+things now would be the best approach, but probably tricky to implement.
+
+Maybe you could get away with only deleting localdir/.git though.
+
+----
+
+> In sendGitClone, we still need to "rm -rf localdir", to prevent "git
+> clone" from failing, right?
+
+It seems wrong to do that for the same reason.
+
+I kind of have the feeling that making the local-build/no-local-build
+decision check for .git was the wrong choice to make, because it's led
+to all this complexity around deleting parts of /usr/local/propellor.
+
+If we had a better way to make that decision, then sendPrecompiled could
+just overwrite any existing propellor binary, so conversion from
+local-compilation to precompilation would be easy.
+
+(Conversion the other way would still be a little problimatic since git
+clone would fail; it would need to clone to a temporary directory and
+move everything into place, I suppose.)
+
+So, what would be a better way for propellor to decide if it needs to
+rebuild itself when run? Could it get away with checking if the local
+host is configured with precompiled?
+
+These are the cases:
+
+1. Propellor is run via a cron job or manually, on a precompiled host.
+   It looks at the info for the host, sees it is precompiled, and doesn't
+   rebuild, which is right.
+2. Propellor is switching from not precompiled to precompiled;
+   the user is running propellor --spin $host
+   So, a propellor binary gets sent over, and it can see that the host
+   it's running on has the precompiled Info and not rebuild.
+3. Propellor is switching from precompiled to not precompiled;
+   the user is running propellor --spin $host
+   Propellor sees that $host is not precompiled and does not send the
+   precompiled binary, but tries to do a git push to $host.
+   Which will probably fail (unless $host has the .git directory left
+   over from a previous configuration).
+   If it gets past the git push, it will run the old precompiled
+   propellor binary, which thinks it's still configured that way, and so
+   won't build.
+
+So, seems that case 3 needs to somehow detect that the remote host
+has a precompiled binary on it, and delete that, as well as arranging
+for the git push to succeed even when localdir already exists and
+localdir/.git does not.
+"""]]

add news item for propellor 3.2.1
diff --git a/doc/news/version_3.0.5.mdwn b/doc/news/version_3.0.5.mdwn
deleted file mode 100644
index b9655cf..0000000
--- a/doc/news/version_3.0.5.mdwn
+++ /dev/null
@@ -1,8 +0,0 @@
-propellor 3.0.5 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Modules added for Sbuild and Ccache.
-     Thanks, Sean Whitton
-   * Systemd: Added killUserProcesses property, which can be reverted
-     to return systemd to its default behavior before version 230 started
-     killing processes like screen sessions.
-   * Systemd: Added logindConfigured property."""]]
\ No newline at end of file
diff --git a/doc/news/version_3.2.1.mdwn b/doc/news/version_3.2.1.mdwn
new file mode 100644
index 0000000..214ef42
--- /dev/null
+++ b/doc/news/version_3.2.1.mdwn
@@ -0,0 +1,5 @@
+propellor 3.2.1 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Simplify Debootstrap.sourceInstall since #770217 was fixed.
+   * Debootstap.installed: Fix inverted logic that made this never install
+     debootstrap. Thanks, mithrandi."""]]
\ No newline at end of file

prep release
diff --git a/debian/changelog b/debian/changelog
index 3405f3b..7baa9d7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,10 @@
-propellor (3.2.1) UNRELEASED; urgency=medium
+propellor (3.2.1) unstable; urgency=medium
 
   * Simplify Debootstrap.sourceInstall since #770217 was fixed.
   * Debootstap.installed: Fix inverted logic that made this never install
     debootstrap. Thanks, mithrandi.
 
- -- Joey Hess <id@joeyh.name>  Sat, 24 Sep 2016 14:34:39 -0400
+ -- Joey Hess <id@joeyh.name>  Mon, 03 Oct 2016 18:06:31 -0400
 
 propellor (3.2.0) unstable; urgency=medium
 
diff --git a/doc/forum/Systemd_nspawn_container_failure/comment_3_519a31c43fd1cca00bc2565b9ee2b84f._comment b/doc/forum/Systemd_nspawn_container_failure/comment_3_519a31c43fd1cca00bc2565b9ee2b84f._comment
new file mode 100644
index 0000000..a475a45
--- /dev/null
+++ b/doc/forum/Systemd_nspawn_container_failure/comment_3_519a31c43fd1cca00bc2565b9ee2b84f._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2016-10-03T22:05:49Z"
+ content="""
+Aha! Fixed this bug and pushing a minor release for it.
+"""]]
diff --git a/propellor.cabal b/propellor.cabal
index 52bd95b..7d14502 100644
--- a/propellor.cabal
+++ b/propellor.cabal
@@ -1,5 +1,5 @@
 Name: propellor
-Version: 3.2.0
+Version: 3.2.1
 Cabal-Version: >= 1.8
 License: BSD2
 Maintainer: Joey Hess <id@joeyh.name>

Added a comment
diff --git a/doc/forum/Systemd_nspawn_container_failure/comment_2_ce079d5ad9d84d13160748e3adf10c4d._comment b/doc/forum/Systemd_nspawn_container_failure/comment_2_ce079d5ad9d84d13160748e3adf10c4d._comment
new file mode 100644
index 0000000..849af57
--- /dev/null
+++ b/doc/forum/Systemd_nspawn_container_failure/comment_2_ce079d5ad9d84d13160748e3adf10c4d._comment
@@ -0,0 +1,23 @@
+[[!comment format=mdwn
+ username="mithrandi@311efa1b2b5c4999c2edae7da06fb825899e8a82"
+ nickname="mithrandi"
+ subject="comment 2"
+ date="2016-10-03T21:50:04Z"
+ content="""
+Indeed, your guess was correct: `Debootstrap.installed` prints `debootstrap installed ... ok` even on the first run, but in fact it is not installed. I believe this patch fixes the problem:
+
+```
+diff --git a/src/Propellor/Property/Debootstrap.hs b/src/Propellor/Property/Debootstrap.hs
+index 59850c4..f9737ca 100644
+--- a/src/Propellor/Property/Debootstrap.hs
++++ b/src/Propellor/Property/Debootstrap.hs
+@@ -100,7 +100,7 @@ extractSuite (System (FreeBSD _) _) = Nothing
+ installed :: RevertableProperty Linux Linux
+ installed = install <!> remove
+   where
+-       install = check (isJust <$> programPath) $
++       install = check (isNothing <$> programPath) $
+                (aptinstall `pickOS` sourceInstall)
+                        `describe` \"debootstrap installed\"
+```
+"""]]

update
diff --git a/doc/forum/Systemd_nspawn_container_failure/comment_1_9fb24b9147b877c588997d84188aa3b2._comment b/doc/forum/Systemd_nspawn_container_failure/comment_1_9fb24b9147b877c588997d84188aa3b2._comment
new file mode 100644
index 0000000..e0f641c
--- /dev/null
+++ b/doc/forum/Systemd_nspawn_container_failure/comment_1_9fb24b9147b877c588997d84188aa3b2._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2016-10-01T23:35:54Z"
+ content="""
+AFAICS, `Debootstrap.built` will always depend on `Debootstrap.installed`.
+
+Maybe remove debootstrap and check if adding the `Debootstrap.installed`
+property gets debootstrap installed; perhaps that property was somehow
+not working for you.
+"""]]

diff --git a/doc/forum/Systemd_nspawn_container_failure.mdwn b/doc/forum/Systemd_nspawn_container_failure.mdwn
new file mode 100644
index 0000000..546f59a
--- /dev/null
+++ b/doc/forum/Systemd_nspawn_container_failure.mdwn
@@ -0,0 +1,12 @@
+I'm trying to spin up a new host to replace an old one, and I'm getting these weird failures on some `Systemd.nspawned` properties:
+
+```
+mount: mount point /var/lib/container/nginx-primary/proc does not exist
+** warning: user error (chroot ["/var/lib/container/nginx-primary","/usr/local/propellor/chroot/_var_lib_container_nginx-primary.shim/propellor","--continue","ChrootChain \"onyx.fusionapp.com\" \"/var/lib/container/nginx-primary\" True True"] exited 127)
+onyx.fusionapp.com nspawned nginx-primary ... failed
+chroot: failed to run command â/usr/local/propellor/chroot/_var_lib_container_nginx-primary.shim/propellorâ: No such file or directory
+onyx.fusionapp.com nspawned apache-svn ... failed
+onyx.fusionapp.com nspawned mail-relay ... failed
+```
+
+There's some weird race condition since sometimes the message about `.../proc does not exist` shows up, and sometimes I get "failed" with no other error output. On further investigation, it turns out that `debootstrap` is not installed on the remote system. Inserting an `Apt.installed ["debootstrap"]` before the `nspawned` properties seems to have fixed it; but looking at the code, I don't fully understand why it isn't being installed by `Debootstrap.built`.

response
diff --git a/doc/forum/Modules_with_Multiple_cmdProperty_causing_build_failures/comment_1_38050ca3503a6286b60f4bfc640f008e._comment b/doc/forum/Modules_with_Multiple_cmdProperty_causing_build_failures/comment_1_38050ca3503a6286b60f4bfc640f008e._comment
new file mode 100644
index 0000000..fd6005a
--- /dev/null
+++ b/doc/forum/Modules_with_Multiple_cmdProperty_causing_build_failures/comment_1_38050ca3503a6286b60f4bfc640f008e._comment
@@ -0,0 +1,36 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2016-09-20T15:14:19Z"
+ content="""
+The compiler error message here is not nice; if
+[[todo/use_ghc_8.0_custom_compile_errors]] is able to be implemented some
+time, I'd hope for a error message more like:
+
+	Couldn't match Property DebianLike with UncheckedProperty UnixLike
+	Perhaps you forgot to use `changesFile` or `assume MadeChange`?
+
+Instead of the current mess which has a lot of bloat from type families. 
+The meat of the error is here:
+
+	src/Propellor/Property/SiteSpecific/Pebble.hs:29:5:
+	    Couldn't match type ‘Propellor.PropAccum.GetMetaTypes
+	                           (CombinedType (UncheckedProperty UnixLike) (Property UnixLike))’
+	                   with ‘Propellor.Types.Singletons.Sing y0’
+	    The type variable ‘y0’ is ambiguous
+	    Expected type: Propellor.PropAccum.GetMetaTypes
+	                     (CombinedType (UncheckedProperty UnixLike) (Property UnixLike))
+	      Actual type: Propellor.Types.MetaTypes.MetaTypes y0
+
+cmdProperty has type UncheckedProperty UnixLike; in order to get
+a Property that runs a command, you have to provide some way of checking
+if the command made a change to the system.
+
+Since running tar certianly changes the system, adding `assume MadeChange`
+after it should do.
+
+Running pip install may not alwways change the system; it's up to you if
+you want to do a real check for change there or again `assume MadeChange`.
+
+I think those two changes are all you'll need to get it to compile.
+"""]]

Added a comment
diff --git a/doc/forum/Systemd_container_pre-setup_properties/comment_2_92d1deb8cb4a913d30cbc94de4177575._comment b/doc/forum/Systemd_container_pre-setup_properties/comment_2_92d1deb8cb4a913d30cbc94de4177575._comment
new file mode 100644
index 0000000..f5ceb07
--- /dev/null
+++ b/doc/forum/Systemd_container_pre-setup_properties/comment_2_92d1deb8cb4a913d30cbc94de4177575._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="andrew"
+ subject="comment 2"
+ date="2016-09-19T04:29:14Z"
+ content="""
+I’ve made the changes you’ve suggested, but I think I’ve run into that tricky bit that you were mentioning. I think I’ve figured out how chroots work in propellor, but I’m not seeing how you were thinking of referencing these extra properties. I know that chroots fork off a new propellor instance inside the chroot which get properties via a folder/hostname lookup in the configuration, but these include the systemd container properties as well. Were you thinking of isolating the container properties and move chroot properties to `hostProperties` or just the opposite?
+
+[Here](https://github.com/arcticwaters/propellor/commit/605af4cdcf76e728290d242675f3fa3fea9309b5) is what I’ve done so far minus much of the mess I made in `Chroot.hs`.
+
+I should mention that one unintended consequence of my code is that systemd containers now only accept `DebianLike` properties. This is fine for me and an implicit condition in the code, but isn’t strictly correct. I don’t know haskell or the codebase well enough to fix this. I suppose anyone who tried to use container images which weren't debian like already encountered this issue and made changes to the code base manually.
+"""]]

Initial post.
diff --git a/doc/forum/Modules_with_Multiple_cmdProperty_causing_build_failures.mdwn b/doc/forum/Modules_with_Multiple_cmdProperty_causing_build_failures.mdwn
new file mode 100644
index 0000000..57737b6
--- /dev/null
+++ b/doc/forum/Modules_with_Multiple_cmdProperty_causing_build_failures.mdwn
@@ -0,0 +1,24 @@
+I have module that I'm trying to write, which is always failing to build when ever I add a second (or more) cmdProperty to it.
+
+I've tried a variety of ways to write the module but clearly my limited Haskell skills are causing me to reach the barrier of ignorance which I'm failing to penetrate.
+
+The module is Pebble.hs and can be found here:
+
+<https://git.mcwhirter.io/craige/propellor-mio/blob/master/src/Propellor/Property/SiteSpecific/Pebble.hs>
+
+I'm hoping to shape that up into an upstream contribution, at some point :-)
+
+I've tried quite a few variations of:
+
+    sdk :: Property UnixLike|DebianLike -- (with and without HasInfo)
+    sdk = propertyList|combineProperties ("Pebble SDK") $ props
+
+I've compared it over and over again to examples in JoeySites and my own working modules ie:
+
+<https://git.mcwhirter.io/craige/propellor-mio/blob/master/src/Propellor/Property/SiteSpecific/OwnCloud.hs>
+
+As I uncomment an additional cmdProperty, the build of Pebble.hs fails.
+
+At a loss, cluebat blows greatly appreciated.
+
+Most recent build output is here <https://git.mcwhirter.io/snippets/5> with [Line 95](https://git.mcwhirter.io/snippets/5#L95) being the point of interest, I think.

add news item for propellor 3.2.0
diff --git a/doc/news/version_3.2.0.mdwn b/doc/news/version_3.2.0.mdwn
new file mode 100644
index 0000000..bef06b1
--- /dev/null
+++ b/doc/news/version_3.2.0.mdwn
@@ -0,0 +1,17 @@
+propellor 3.2.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * [ Sean Whitton ]
+   * Using ccache with Sbuild.built &amp; Sbuild.builtFor is now toggleable: these
+     properties now take a parameter of type Sbuild.UseCcache.  (API Change)
+   * Sbuild.piupartsConf: no longer takes an Apt.Url. (API Change)
+   * Sbuild.piupartsConf &amp; Sbuild.piupartsConfFor: does nothing if corresponding
+     schroot not built.
+     Previously, these properties built the schroot if it was missing.
+   * Sbuild.built &amp; Sbuild.piupartsConf: add an additional alias to sid chroots.
+     This is for compatibility with `dgit sbuild`.
+   * Further improvements to Sbuild.hs haddock.
+ * [ Joey Hess ]
+   * Tor.hiddenService: Converted port parameter from Int to Port. (API change)
+   * Tor.hiddenServiceAvailable: The hidden service hostname file may not
+     be available immedaitely after configuring tor; avoid ugly error in
+     this case."""]]
\ No newline at end of file

done
diff --git a/doc/todo/more_sbuild_improvements.mdwn b/doc/todo/more_sbuild_improvements.mdwn
index 7ae7375..add18a5 100644
--- a/doc/todo/more_sbuild_improvements.mdwn
+++ b/doc/todo/more_sbuild_improvements.mdwn
@@ -11,3 +11,5 @@ User-visible changes, excerpted from changelog:
     * Sbuild.built & Sbuild.piupartsConf: add an additional alias to sid chroots.
       This is for compatibility with `dgit sbuild`.
     * Further improvements to Sbuild.hs haddock.
+
+> [[done]] --[[Joey]]

submit merge request
diff --git a/doc/todo/more_sbuild_improvements.mdwn b/doc/todo/more_sbuild_improvements.mdwn
new file mode 100644
index 0000000..7ae7375
--- /dev/null
+++ b/doc/todo/more_sbuild_improvements.mdwn
@@ -0,0 +1,13 @@
+Please consider merging branch `sbuild-fixes` of repo `https://git.spwhitton.name/propellor`.
+
+User-visible changes, excerpted from changelog:
+
+    * Using ccache with Sbuild.built & Sbuild.builtFor is now toggleable: these
+      properties now take a parameter of type Sbuild.UseCcache.  (API Change)
+    * Sbuild.piupartsConf: no longer takes an Apt.Url. (API Change)
+    * Sbuild.piupartsConf & Sbuild.piupartsConfFor: does nothing if corresponding
+      schroot not built.
+      Previously, these properties built the schroot if it was missing.
+    * Sbuild.built & Sbuild.piupartsConf: add an additional alias to sid chroots.
+      This is for compatibility with `dgit sbuild`.
+    * Further improvements to Sbuild.hs haddock.

updates
diff --git a/doc/security.mdwn b/doc/security.mdwn
index b106b53..d0a5bb6 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -20,7 +20,7 @@ That is only done when privdata/keyring.gpg exists. To set it up:
 	propellor --add-key $MYKEYID
 
 In order to be secure from the beginning, when `propellor --spin` is used
-to bootstrap propellor on a new host, it transfers the local git repositry
+to bootstrap propellor on a new host, it transfers the local git repository
 to the remote host over ssh. After that, the host knows the gpg key, and
 will use it to verify git fetches.
 
diff --git a/joeyconfig.hs b/joeyconfig.hs
index f6a6926..fa37e97 100644
--- a/joeyconfig.hs
+++ b/joeyconfig.hs
@@ -469,7 +469,7 @@ keysafe = host "keysafe.joeyh.name" $ props
 	& Apt.serviceInstalledRunning "swapspace"
 	& Cron.runPropellor (Cron.Times "30 * * * *")
 	& Apt.installed ["etckeeper", "sudo"]
-	& Apt.removed ["nfs-common", "exim4", "exim4-base", "exim4-daemon-light", "rsyslog", "acpid", "rpcbind"]
+	& Apt.removed ["nfs-common", "exim4", "exim4-base", "exim4-daemon-light", "rsyslog", "acpid", "rpcbind", "at"]
 
 	& User.hasSomePassword (User "root")
 	& User.accountFor (User "joey")
@@ -483,6 +483,7 @@ keysafe = host "keysafe.joeyh.name" $ props
 	& Ssh.noPasswords
 
 	& Tor.installed
+	-- keysafe installed manually until package is available
 
 iabak :: Host
 iabak = host "iabak.archiveteam.org" $ props

add news item for propellor 3.1.2
diff --git a/doc/news/version_3.1.2.mdwn b/doc/news/version_3.1.2.mdwn
new file mode 100644
index 0000000..b54b396
--- /dev/null
+++ b/doc/news/version_3.1.2.mdwn
@@ -0,0 +1,22 @@
+propellor 3.1.2 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * [ Joey Hess ]
+   * Ssh.knownHost: Bug fix: Only fix up the owner of the known\_hosts
+     file after it exists.
+ * [ Sean Whitton ]
+   * Sbuild.keypairInsecurelyGenerated: Improved to be more robust.
+   * Pass --allow-unrelated-histories to git merge when run with git 2.9 or
+     newer. This fixes the /usr/bin/propellor wrapper with this version of git.
+   * Sbuild.built &amp; Sbuild.builtFor no longer require Sbuild.keypairGenerated.
+     Transition guide: If you are using sbuild 0.70.0 or newer, you should
+     `rm -r /var/lib/sbuild/apt-keys`.  Otherwise, you should add either
+     Sbuild.keypairGenerated or Sbuild.keypairInsecurelyGenerated to your host.
+   * Sbuild haddock improvements:
+     - State that we don't support squeeze and Buntish older than trusty.
+       This is due to our enhancements, such as eatmydata.
+     - State that you need sbuild 0.70.0 or newer to build for stretch.
+       This is due to gpg2 hitting Debian stretch.
+     - Explain when a keygen is required.
+     - Update sample ~/.sbuildrc for sbuild 0.71.0.
+     - Add hint for customising chroots with propellor.
+     - Update example usage of System type."""]]
\ No newline at end of file

merged spwhitton/sbuild-0.71.0
diff --git a/debian/changelog b/debian/changelog
index ce8d6e4..20a6a33 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,10 +3,9 @@ propellor (3.1.2) UNRELEASED; urgency=medium
   [ Joey Hess ]
   * Ssh.knownHost: Bug fix: Only fix up the owner of the known_hosts
     file after it exists.
-  * Sbuild.keypairInsecurelyGenerated: Improved to be more robust.
-    Thanks, Sean Whitton.
 
   [ Sean Whitton ]
+  * Sbuild.keypairInsecurelyGenerated: Improved to be more robust.
   * Pass --allow-unrelated-histories to git merge when run with git 2.9 or
     newer. This fixes the /usr/bin/propellor wrapper with this version of git.
   * Sbuild.built & Sbuild.builtFor no longer require Sbuild.keypairGenerated.
diff --git a/doc/todo/updates_for_sbuild_0.70.0-1.mdwn b/doc/todo/updates_for_sbuild_0.70.0-1.mdwn
index 30c2694..5865964 100644
--- a/doc/todo/updates_for_sbuild_0.70.0-1.mdwn
+++ b/doc/todo/updates_for_sbuild_0.70.0-1.mdwn
@@ -17,3 +17,5 @@ It turns out that the apt keypair is only needed if you're trying to build for s
 I'd like feedback on these two options before preparing a patch for one of them.
 
 --spwhitton
+
+> [[merged|done]] --[[Joey]]

Added a comment
diff --git a/doc/todo/updates_for_sbuild_0.70.0-1/comment_3_058ba5f259f24814e8fd3823d3aa2b5e._comment b/doc/todo/updates_for_sbuild_0.70.0-1/comment_3_058ba5f259f24814e8fd3823d3aa2b5e._comment
new file mode 100644
index 0000000..f5a644e
--- /dev/null
+++ b/doc/todo/updates_for_sbuild_0.70.0-1/comment_3_058ba5f259f24814e8fd3823d3aa2b5e._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ subject="comment 3"
+ date="2016-08-26T02:27:15Z"
+ content="""
+Please consider merging my `sbuild-0.71.0` branch.
+
+The only functional change is that `Sbuild.keygen{Insecurely,}Generated` are now optional.
+
+The rest of the changes are documentation.  They explain precisely when you need `Sbuild.keygenGenerated`, how to deal with the gpg->gpg2 issues that have arisen recently (not this module's fault) and make clearer some situations the module was never able to deal with (e.g. building for squeeze).
+"""]]

Added a comment
diff --git a/doc/todo/updates_for_sbuild_0.70.0-1/comment_2_a4faafb097bc35b62b47a8ea875b22cc._comment b/doc/todo/updates_for_sbuild_0.70.0-1/comment_2_a4faafb097bc35b62b47a8ea875b22cc._comment
new file mode 100644
index 0000000..f6bb1cb
--- /dev/null
+++ b/doc/todo/updates_for_sbuild_0.70.0-1/comment_2_a4faafb097bc35b62b47a8ea875b22cc._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ subject="comment 2"
+ date="2016-08-25T04:35:50Z"
+ content="""
+Turns out that the code in Sbuild.hs fails to set up a squeeze chroot anyway.  Working on a branch -- need to do some testing to make sure the documentation correctly states minimum requirements.
+"""]]

Corrected crom to cron
diff --git a/doc/automated_spins.mdwn b/doc/automated_spins.mdwn
index 34f0468..a053513 100644
--- a/doc/automated_spins.mdwn
+++ b/doc/automated_spins.mdwn
@@ -41,7 +41,7 @@ You can add a central git repository to your existing propellor setup easily:
    it differs from the url above, by setting up a remote named "deploy":
    `cd ~/.propellor/; git remote add deploy git://git.example.com/propellor.git`
 
-3. Add a crom job property to your hosts, which will make them periodically
+3. Add a cron job property to your hosts, which will make them periodically
    check for changes that were committed to the central repository:
    `Cron.runPropellor (Cron.Times "*/30 * * * *")`
 

comment
diff --git a/doc/todo/updates_for_sbuild_0.70.0-1/comment_1_c690617e7728887f6a32aacbff5aeeed._comment b/doc/todo/updates_for_sbuild_0.70.0-1/comment_1_c690617e7728887f6a32aacbff5aeeed._comment
new file mode 100644
index 0000000..b96ba77
--- /dev/null
+++ b/doc/todo/updates_for_sbuild_0.70.0-1/comment_1_c690617e7728887f6a32aacbff5aeeed._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2016-08-20T19:03:47Z"
+ content="""
+I think it would be fine to drop wheezy support. 
+
+After all, propellor doesn't support installing on wheezy systems generally
+since over a year ago. (Though these kinds of chroots used for building
+stuff might have good reasons to want such an old version.)
+
+But it's really up to you.
+"""]]

wheezy -> squeeze redux
diff --git a/doc/todo/updates_for_sbuild_0.70.0-1.mdwn b/doc/todo/updates_for_sbuild_0.70.0-1.mdwn
index 35df951..30c2694 100644
--- a/doc/todo/updates_for_sbuild_0.70.0-1.mdwn
+++ b/doc/todo/updates_for_sbuild_0.70.0-1.mdwn
@@ -8,9 +8,9 @@ It turns out that the apt keypair is only needed if you're trying to build for s
 
     - The code to update existing chroots will be unpleasant, because we don't want to run propellor inside the sbuild chroot so that it remains standardised (that's why we create it with sbuild-createchroot).
 
-2. Drop support for building for wheezy and newer, replacing the `keypairGenerated` and `keypairInsecurelyGenerated` properties with a property that ensures that the keypair directory does not exist.
+2. Drop support for building for squeeze and newer, replacing the `keypairGenerated` and `keypairInsecurelyGenerated` properties with a property that ensures that the keypair directory does not exist.
 
-    - Wheezy is very old.
+    - Squeeze is very old.
 
     - This will simplify and speed up chroot creation and builds.
 

wheezy -> squeeze
diff --git a/doc/todo/updates_for_sbuild_0.70.0-1.mdwn b/doc/todo/updates_for_sbuild_0.70.0-1.mdwn
index 0c66834..35df951 100644
--- a/doc/todo/updates_for_sbuild_0.70.0-1.mdwn
+++ b/doc/todo/updates_for_sbuild_0.70.0-1.mdwn
@@ -1,6 +1,6 @@
 sbuild 0.70.0-1 no longer installs gnupg into chroots on each build. That means that if you have an sbuild apt keypair generated, the build will fail unless you enter the source chroot and install gnupg.
 
-It turns out that the apt keypair is only needed if you're trying to build for wheezy or older.  Otherwise, you can just use sbuild without such a keypair.  So we have two options to fix Sbuild.hs:
+It turns out that the apt keypair is only needed if you're trying to build for squeeze or older.  Otherwise, you can just use sbuild without such a keypair.  So we have two options to fix Sbuild.hs:
 
 1. Install gnupg into chroots.