Recent changes to this wiki:

add news item for propellor 5.4.0
diff --git a/doc/news/version_5.3.2.mdwn b/doc/news/version_5.3.2.mdwn
deleted file mode 100644
index cd16116e..00000000
--- a/doc/news/version_5.3.2.mdwn
+++ /dev/null
@@ -1,10 +0,0 @@
-propellor 5.3.2 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Added Propellor.Property.Atomic, which can make a non-atomic property
-     that operates on a directory into an atomic property.
-     (Inspired by Vaibhav Sagar's talk on Functional Devops in a
-     Dysfunctional World at LCA 2018.)
-   * Added Git.pulled.
-   * Systemd.machined: Install systemd-container on Debian
-     stretch.
-     Thanks, Sean Whitton"""]]
\ No newline at end of file
diff --git a/doc/news/version_5.4.0.mdwn b/doc/news/version_5.4.0.mdwn
new file mode 100644
index 00000000..e63f8c6c
--- /dev/null
+++ b/doc/news/version_5.4.0.mdwn
@@ -0,0 +1,13 @@
+propellor 5.4.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * [ Sean Whitton ]
+   * Apt.installedBackport replaced with Apt.backportInstalled.  (API change)
+     The old property would install dependencies from backports even when
+     the versions in stable satisfy the requested backport's dependencies.
+     The new property installs only the listed packages from backports;
+     all other dependencies come from stable.
+     So in some cases, you may need to list additional backports to install,
+     that would not have needed to be listed before. Due to this behavior
+     change the property has been renamed so uses of it will be checked.
+   * Restic.installed: stop trying to install a backport on jessie, because no
+     such backport exists."""]]
\ No newline at end of file

add missing close paren
diff --git a/doc/README.mdwn b/doc/README.mdwn
index 69b34e2d..88726a6d 100644
--- a/doc/README.mdwn
+++ b/doc/README.mdwn
@@ -56,4 +56,4 @@ see [configuration for the Haskell newbie](https://propellor.branchable.com/hask
 7. Write some neat new properties and send patches!
 
 (Want to get your feet wet with propellor before plunging in?
-[try this](http://propellor.branchable.com/forum/Simple_quickstart_without_git__44___SSH__44___GPG)
+[try this](http://propellor.branchable.com/forum/Simple_quickstart_without_git__44___SSH__44___GPG))

fix link
diff --git a/doc/README.mdwn b/doc/README.mdwn
index c1550d23..69b34e2d 100644
--- a/doc/README.mdwn
+++ b/doc/README.mdwn
@@ -56,4 +56,4 @@ see [configuration for the Haskell newbie](https://propellor.branchable.com/hask
 7. Write some neat new properties and send patches!
 
 (Want to get your feet wet with propellor before plunging in?
-[try this](http://propellor.branchable.com/forum/Simple_quickstart_without_git__44___SSH__44___GPG])
+[try this](http://propellor.branchable.com/forum/Simple_quickstart_without_git__44___SSH__44___GPG)

add news item for propellor 5.3.6
diff --git a/doc/news/version_5.3.1.mdwn b/doc/news/version_5.3.1.mdwn
deleted file mode 100644
index 4f660270..00000000
--- a/doc/news/version_5.3.1.mdwn
+++ /dev/null
@@ -1,5 +0,0 @@
-propellor 5.3.1 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Last release mistakenly contained my personal branch not master.
-   * contrib/post-merge-hook documentation updated to recommend also using
-     it as a post-checkout hook, to avoid such problems."""]]
\ No newline at end of file
diff --git a/doc/news/version_5.3.6.mdwn b/doc/news/version_5.3.6.mdwn
new file mode 100644
index 00000000..7a7a417e
--- /dev/null
+++ b/doc/news/version_5.3.6.mdwn
@@ -0,0 +1,13 @@
+propellor 5.3.6 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Fix build with ghc 8.4, which broke due to the Semigroup Monoid change.
+   * Dropped support for building propellor with ghc 7 (as in debian
+     oldstable), to avoid needing to depend on the semigroups transitional
+     package, but also because it's just too old to be worth supporting.
+   * stack.yaml: Updated to lts-9.21.
+   * Make Schroot.overlaysInTmpfs revertable
+     Thanks, Sean Whitton
+   * Update shim each time propellor is run in a container, to deal with
+     library version changes.
+   * Unbound: Added support for various DNS record types.
+     Thanks, Félix Sipma."""]]
\ No newline at end of file

fix link
diff --git a/doc/README.mdwn b/doc/README.mdwn
index df1b8ada..c1550d23 100644
--- a/doc/README.mdwn
+++ b/doc/README.mdwn
@@ -56,4 +56,4 @@ see [configuration for the Haskell newbie](https://propellor.branchable.com/hask
 7. Write some neat new properties and send patches!
 
 (Want to get your feet wet with propellor before plunging in?
-[try this|http://propellor.branchable.com/forum/Simple_quickstart_without_git__44___SSH__44___GPG])
+[try this](http://propellor.branchable.com/forum/Simple_quickstart_without_git__44___SSH__44___GPG])

markdown
diff --git a/doc/forum/5.3.5_import_errors/comment_4_916f29264dbb8060ce4c1cd559aa028f._comment b/doc/forum/5.3.5_import_errors/comment_4_916f29264dbb8060ce4c1cd559aa028f._comment
index 76c11464..ef3f4dad 100644
--- a/doc/forum/5.3.5_import_errors/comment_4_916f29264dbb8060ce4c1cd559aa028f._comment
+++ b/doc/forum/5.3.5_import_errors/comment_4_916f29264dbb8060ce4c1cd559aa028f._comment
@@ -6,8 +6,8 @@
 I don't think you need to use a different name for your config file, unless
 it somehow makes things easier for you.
 
-It's fine to use Utility.* like that, but do note that there's no guaranteed 
+It's fine to use `Utility.*` like that, but do note that there's no guaranteed 
 API stability for those. OTOH, if you might later contribute some
-properties built using Utility.* back to propellor, it certianly makes
+properties built using `Utility.*` back to propellor, it certianly makes
 sense to use those.
 """]]

comment
diff --git a/doc/todo/factor_out_Grub.configured_for_any___47__etc__47__default_config/comment_1_5039acea906faba7a0b33094028a475f._comment b/doc/todo/factor_out_Grub.configured_for_any___47__etc__47__default_config/comment_1_5039acea906faba7a0b33094028a475f._comment
new file mode 100644
index 00000000..b4b924ac
--- /dev/null
+++ b/doc/todo/factor_out_Grub.configured_for_any___47__etc__47__default_config/comment_1_5039acea906faba7a0b33094028a475f._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-05-03T16:46:45Z"
+ content="""
+Agreed on all points, also there are some 
+`File.containsLine` properties for /etc/default files elsewhere that
+don't necessarily work correctly if a later line changes the value,
+that could be converted to use this new property.
+
+Your name ideas sound fine to me.
+"""]]

remove badly placed and redundant comment
diff --git a/doc/forum/5.3.5_import_errors/comment_4_916f29264dbb8060ce4c1cd559aa028f._comment b/doc/forum/5.3.5_import_errors/comment_4_916f29264dbb8060ce4c1cd559aa028f._comment
new file mode 100644
index 00000000..76c11464
--- /dev/null
+++ b/doc/forum/5.3.5_import_errors/comment_4_916f29264dbb8060ce4c1cd559aa028f._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 4"""
+ date="2018-05-03T16:30:15Z"
+ content="""
+I don't think you need to use a different name for your config file, unless
+it somehow makes things easier for you.
+
+It's fine to use Utility.* like that, but do note that there's no guaranteed 
+API stability for those. OTOH, if you might later contribute some
+properties built using Utility.* back to propellor, it certianly makes
+sense to use those.
+"""]]

Added a comment
diff --git a/doc/forum/5.3.5_import_errors/comment_3_a4774959fd93039d49196e7cff232089._comment b/doc/forum/5.3.5_import_errors/comment_3_a4774959fd93039d49196e7cff232089._comment
new file mode 100644
index 00000000..c861f1cc
--- /dev/null
+++ b/doc/forum/5.3.5_import_errors/comment_3_a4774959fd93039d49196e7cff232089._comment
@@ -0,0 +1,21 @@
+[[!comment format=mdwn
+ username="picca"
+ avatar="http://cdn.libravatar.org/avatar/7e61c80d28018b10d31f6db7dddb864c"
+ subject="comment 3"
+ date="2018-05-01T07:07:54Z"
+ content="""
+* Do you think that I should use a dedicated config-soleil.hs file instead of the config.hs file ?
+
+* I use the combinesModes in order to set the right mode.
+
+    +rra :: Property UnixLike
+    +rra = fetch `onChange` execmode
+    +    where
+    +      fetch :: Property UnixLike
+    +      fetch = property \"install rra scripts\"
+    +              (liftIO $ toResult <$> download \"https://archives.eyrie.org/software/devel/backport\" \"/usr/local/bin/backport\")
+    +
+    +      execmode :: Property UnixLike
+    +      execmode = File.mode \"/usr/local/bin/backport\" (combineModes (ownerWriteMode:readModes ++ executeModes))
+
+"""]]

notes on failed attempt to migrate
diff --git a/doc/todo/depend_on_concurrent-output.mdwn b/doc/todo/depend_on_concurrent-output.mdwn
index 347ea9e5..c3641385 100644
--- a/doc/todo/depend_on_concurrent-output.mdwn
+++ b/doc/todo/depend_on_concurrent-output.mdwn
@@ -7,3 +7,23 @@ Waiting on concurrent-output reaching Debian stable.
 > supporting the current oldstable, I believe.. --[[Joey]]
 
 [[!tag user/joey]]
+
+> This was attempted again in 2018 and had to be reverted
+> in [[!commit b6ac64737b59e74d4aa2d889690e8fab3772d2c6]].
+> 
+> The strange output I was seeing is the first line 
+> of "apt-cache policy apache2" (but not subsequent lines)
+> and the ssh-keygen command run by `genSSHFP'`
+
+> Propellor also misbehaved in some other ways likely due to not seeing
+> the command output it expected. In particular Git.cloned must have
+> failed to see an origin url in git config output, because it nuked and
+> re-cloned a git repo (losing data).
+> 
+> So, it seems that readProcess was somehow leaking output to the console
+> and also likely not providing it to the caller. 
+> 
+> The affected system had libghc-concurrent-output-dev 1.10.5-1 installed
+> from debian. That is a somewhat old version and perhaps it was buggy?
+> However, I have not had any luck reproducing the problem there running
+> readProcess in ghci. --[[Joey]]

Added a comment
diff --git a/doc/forum/5.3.5_errors_building_with_Stack/comment_2_be534b87de24660fb8565c2916ddefb5._comment b/doc/forum/5.3.5_errors_building_with_Stack/comment_2_be534b87de24660fb8565c2916ddefb5._comment
new file mode 100644
index 00000000..43e83fb7
--- /dev/null
+++ b/doc/forum/5.3.5_errors_building_with_Stack/comment_2_be534b87de24660fb8565c2916ddefb5._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="jsza"
+ avatar="http://cdn.libravatar.org/avatar/72c6bc8c0cdfb0fff175e90c3b036415"
+ subject="comment 2"
+ date="2018-04-30T14:27:19Z"
+ content="""
+Nice, thank you! Can confirm that it's now working for me.
+
+I'd also just like to say that using Propellor to manage our eleven or so TF2 game servers has been an absolute pleasure and a time saver.
+
+Thanks for all the work you've put into making Propellor so awesome.
+"""]]

responses
diff --git a/doc/forum/5.3.5_errors_building_with_Stack/comment_1_bf0296c4293a52b4533a9465795366e4._comment b/doc/forum/5.3.5_errors_building_with_Stack/comment_1_bf0296c4293a52b4533a9465795366e4._comment
new file mode 100644
index 00000000..03121a74
--- /dev/null
+++ b/doc/forum/5.3.5_errors_building_with_Stack/comment_1_bf0296c4293a52b4533a9465795366e4._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-04-30T13:23:47Z"
+ content="""
+Think I've fixed this now.
+"""]]
diff --git a/doc/forum/5.3.5_import_errors/comment_2_32d521dad51ada52e98c9540ab97add6._comment b/doc/forum/5.3.5_import_errors/comment_2_32d521dad51ada52e98c9540ab97add6._comment
new file mode 100644
index 00000000..6edd05d7
--- /dev/null
+++ b/doc/forum/5.3.5_import_errors/comment_2_32d521dad51ada52e98c9540ab97add6._comment
@@ -0,0 +1,21 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2018-04-30T13:24:30Z"
+ content="""
+Seems this must be caused by [[!commit d8d2faece72eabd18c2ff303e5fb63c3a69961f6]]
+
+And I guess you've modified the config.hs in propellor
+for your own systems?
+
+You will indeed need to add dependencies to the cabal stanza for
+propellor-config.
+
+I think that you may be able to add Other-Modules: Utility.FileMode
+to the cabal stanza for propellor-config and get access to the unexported
+module that way. Not 100% sure.
+
+I'm curious: Is there part of propellor's published modules that made you
+need something from Utility.FileMode to use it, or were you writing your
+own property and happened to use something from Utility.FileMode?
+"""]]

Revert "Added dependency on concurrent-output; removed embedded copy."
This reverts commit 02eca2ae4cf51d8e83d94d8359e15ac053451109.
This seems to have broken propellor badly, in testing I'm seeing it
crash at the end of a run with "thread blocked indefinitely in an STM
transaction" and also during the run it printed out some odd output
like:
apache2:
apache2:
dummy IN SSHFP 4 1 35df80973f5877e4041f1b70947385eb2f6a0822
dummy IN SSHFP 4 2 3a0bb426e76eebc5c56e3b0f1428aa9d18539e9621bf8f9e3b7f56a4e7d81c85
Which seems like it might be output of commands that
propellor is supposed to be reading?
Seems likely that there's a bug or two that have crept
into then concurrent-output library since the version embedded in
propellor.
diff --git a/debian/changelog b/debian/changelog
index 42871285..9308a7bb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,7 +4,6 @@ propellor (5.3.6) UNRELEASED; urgency=medium
   * Dropped support for building propellor with ghc 7 (as in debian
     oldstable), to avoid needing to depend on the semigroups transitional
     package, but also because it's just too old to be worth supporting.
-  * Added dependency on concurrent-output; removed embedded copy.
   * stack.yaml: Updated to lts-9.21.
 
  -- Joey Hess <id@joeyh.name>  Mon, 23 Apr 2018 13:12:25 -0400
diff --git a/debian/control b/debian/control
index 77bd7eae..5a041c90 100644
--- a/debian/control
+++ b/debian/control
@@ -6,17 +6,19 @@ Build-Depends:
 	git,
 	ghc (>= 7.6),
 	cabal-install,
-	libghc-ansi-terminal-dev,
 	libghc-async-dev,
-	libghc-concurrent-output-dev,
-	libghc-exceptions-dev (>= 0.6),
-	libghc-hashable-dev,
+	libghc-split-dev,
 	libghc-hslogger-dev,
+	libghc-unix-compat-dev,
+	libghc-ansi-terminal-dev,
 	libghc-ifelse-dev,
-	libghc-mtl-dev,
 	libghc-network-dev,
-	libghc-split-dev,
-	libghc-unix-compat-dev,
+	libghc-mtl-dev,
+	libghc-transformers-dev,
+	libghc-exceptions-dev (>= 0.6),
+	libghc-stm-dev,
+	libghc-text-dev,
+	libghc-hashable-dev,
 Maintainer: Joey Hess <id@joeyh.name>
 Standards-Version: 3.9.8
 Vcs-Git: git://git.joeyh.name/propellor
@@ -28,17 +30,19 @@ Section: admin
 Depends: ${misc:Depends}, ${shlibs:Depends},
 	ghc (>= 7.4),
 	cabal-install,
-	libghc-ansi-terminal-dev,
 	libghc-async-dev,
-	libghc-concurrent-output-dev,
-	libghc-exceptions-dev (>= 0.6),
-	libghc-hashable-dev,
+	libghc-split-dev,
 	libghc-hslogger-dev,
+	libghc-unix-compat-dev,
+	libghc-ansi-terminal-dev,
 	libghc-ifelse-dev,
-	libghc-mtl-dev,
 	libghc-network-dev,
-	libghc-split-dev,
-	libghc-unix-compat-dev,
+	libghc-mtl-dev,
+	libghc-transformers-dev,
+	libghc-exceptions-dev (>= 0.6),
+	libghc-stm-dev,
+	libghc-text-dev,
+	libghc-hashable-dev,
 	git,
 Description: property-based host configuration management in haskell
  Propellor ensures that the system it's run in satisfies a list of
diff --git a/doc/todo/depend_on_concurrent-output.mdwn b/doc/todo/depend_on_concurrent-output.mdwn
index ddf074f9..347ea9e5 100644
--- a/doc/todo/depend_on_concurrent-output.mdwn
+++ b/doc/todo/depend_on_concurrent-output.mdwn
@@ -5,9 +5,5 @@ Waiting on concurrent-output reaching Debian stable.
 
 > Well, it's in stable now. Not in oldstable yet, and propellor is still
 > supporting the current oldstable, I believe.. --[[Joey]]
-> >
-> > not anymore; dropping it now.
-
-[[done]]
 
 [[!tag user/joey]]
diff --git a/propellor.cabal b/propellor.cabal
index cf9fe7ce..a5b8c8a3 100644
--- a/propellor.cabal
+++ b/propellor.cabal
@@ -42,31 +42,14 @@ Library
     GHC-Options: -fno-warn-redundant-constraints
   Default-Extensions: TypeOperators
   Hs-Source-Dirs: src
-  -- propellor needs to support the ghc shipped in Debian stable,
-  -- and also only depends on packages in Debian stable.
-  -- 
-  -- When updating dependencies here, also update the lists in
-  -- Propellor.Bootstrap
   Build-Depends:
-    ansi-terminal,
-    async,
+    -- propellor needs to support the ghc shipped in Debian stable,
+    -- and also only depends on packages in Debian stable.
     base >= 4.9, base < 5,
-    bytestring,
-    concurrent-output,
-    containers (>= 0.5),
-    directory,
-    exceptions (>= 0.6),
-    filepath,
-    hashable,
-    hslogger,
-    IfElse,
-    mtl,
-    network,
-    process,
-    split,
-    time,
-    unix,
-    unix-compat
+    directory, filepath, IfElse, process, bytestring, hslogger, split,
+    unix, unix-compat, ansi-terminal, containers (>= 0.5), network, async,
+    time, mtl, transformers, exceptions (>= 0.6), stm, text, hashable
+
   Exposed-Modules:
     Propellor
     Propellor.Base
@@ -240,6 +223,9 @@ Library
     Utility.Tmp
     Utility.Tuple
     Utility.UserInfo
+    System.Console.Concurrent
+    System.Console.Concurrent.Internal
+    System.Process.Concurrent
     Paths_propellor
 
 Executable propellor-config
diff --git a/src/Propellor/Bootstrap.hs b/src/Propellor/Bootstrap.hs
index a8713535..04f23f85 100644
--- a/src/Propellor/Bootstrap.hs
+++ b/src/Propellor/Bootstrap.hs
@@ -138,17 +138,19 @@ depsCommand bs msys = "( " ++ intercalate " ; " (go bs) ++ ") || true"
 		-- Below are the same deps listed in debian/control.
 		, "ghc"
 		, "cabal-install"
-		, "libghc-ansi-terminal-dev"
 		, "libghc-async-dev"
-		, "libghc-concurrent-output-dev"
-		, "libghc-exceptions-dev"
-		, "libghc-hashable-dev"
+		, "libghc-split-dev"
 		, "libghc-hslogger-dev"
+		, "libghc-unix-compat-dev"
+		, "libghc-ansi-terminal-dev"
 		, "libghc-ifelse-dev"
-		, "libghc-mtl-dev"
 		, "libghc-network-dev"
-		, "libghc-split-dev"
-		, "libghc-unix-compat-dev"
+		, "libghc-mtl-dev"
+		, "libghc-transformers-dev"
+		, "libghc-exceptions-dev"
+		, "libghc-stm-dev"
+		, "libghc-text-dev"
+		, "libghc-hashable-dev"
 		]
 	debdeps Stack =
 		[ "gnupg"
@@ -159,16 +161,19 @@ depsCommand bs msys = "( " ++ intercalate " ; " (go bs) ++ ") || true"
 		[ "gnupg"
 		, "ghc"
 		, "hs-cabal-install"
-		, "hs-ansi-terminal"
 		, "hs-async"
-		, "hs-exceptions"
-		, "hs-hashable"
+		, "hs-split"
 		, "hs-hslogger"
+		, "hs-unix-compat"
+		, "hs-ansi-terminal"
 		, "hs-IfElse"
-		, "hs-mtl"
 		, "hs-network"
-		, "hs-split"
-		, "hs-unix-compat"
+		, "hs-mtl"
+		, "hs-transformers-base"
+		, "hs-exceptions"
+		, "hs-stm"
+		, "hs-text"
+		, "hs-hashable"
 		]
 	fbsddeps Stack =
 		[ "gnupg"
@@ -179,17 +184,20 @@ depsCommand bs msys = "( " ++ intercalate " ; " (go bs) ++ ") || true"
 		[ "gnupg"
 		, "ghc"
 		, "cabal-install"
-		, "haskell-hackage-security"
-		, "haskell-ansi-terminal"
 		, "haskell-async"

(Diff truncated)
signature
diff --git a/doc/todo/factor_out_Grub.configured_for_any___47__etc__47__default_config.mdwn b/doc/todo/factor_out_Grub.configured_for_any___47__etc__47__default_config.mdwn
index 6a97f8fb..16c791cd 100644
--- a/doc/todo/factor_out_Grub.configured_for_any___47__etc__47__default_config.mdwn
+++ b/doc/todo/factor_out_Grub.configured_for_any___47__etc__47__default_config.mdwn
@@ -13,3 +13,5 @@ Notes:
 * The use of a tuple for the last two parameters ensures that the property can be used infix.
 
 * I think this property should deduplicate the config key after setting it.  I.e. after uncommenting and modifying ANACRON_RUN_ON_BATTERY_POWER it should remove any further ANACRON_RUN_ON_BATTERY_POWER settings further down the config.  This allows a seamless transition from just using File.containsLine to add to the end of the file.
+
+--spwhitton

we should factor out code in Grub.configured
diff --git a/doc/todo/factor_out_Grub.configured_for_any___47__etc__47__default_config.mdwn b/doc/todo/factor_out_Grub.configured_for_any___47__etc__47__default_config.mdwn
new file mode 100644
index 00000000..6a97f8fb
--- /dev/null
+++ b/doc/todo/factor_out_Grub.configured_for_any___47__etc__47__default_config.mdwn
@@ -0,0 +1,15 @@
+It would be useful to have a property to set key value pairs in /etc/default configs.  The code is in Grub.configured.  I have not written a patch yet because I am not sure what the module should be called.  Possibilities are:
+
+    & EtcDefault.set "anacron" "ANACRON_RUN_ON_BATTERY_POWER" "no"
+
+or maybe
+
+    & ConfFile.hasShellSetting "/etc/default/anacron" ("ANACRON_RUN_ON_BATTERY_POWER", "no")
+
+Or possibly both of these, with the former implemented in terms of the latter.
+
+Notes:
+
+* The use of a tuple for the last two parameters ensures that the property can be used infix.
+
+* I think this property should deduplicate the config key after setting it.  I.e. after uncommenting and modifying ANACRON_RUN_ON_BATTERY_POWER it should remove any further ANACRON_RUN_ON_BATTERY_POWER settings further down the config.  This allows a seamless transition from just using File.containsLine to add to the end of the file.

Added a comment
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_15_35822590f6eeab15f6d1b25ac2bcbba7._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_15_35822590f6eeab15f6d1b25ac2bcbba7._comment
new file mode 100644
index 00000000..70e31058
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_15_35822590f6eeab15f6d1b25ac2bcbba7._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="picca"
+ avatar="http://cdn.libravatar.org/avatar/7e61c80d28018b10d31f6db7dddb864c"
+ subject="comment 15"
+ date="2018-04-29T16:06:12Z"
+ content="""
+Hello,
+
+--allow-unrelated-history is your friend :)
+"""]]

Added a comment
diff --git a/doc/forum/5.3.5_import_errors/comment_1_13d5f4cc224ad25ab3f1c78061ff4423._comment b/doc/forum/5.3.5_import_errors/comment_1_13d5f4cc224ad25ab3f1c78061ff4423._comment
new file mode 100644
index 00000000..e06e4683
--- /dev/null
+++ b/doc/forum/5.3.5_import_errors/comment_1_13d5f4cc224ad25ab3f1c78061ff4423._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="picca"
+ avatar="http://cdn.libravatar.org/avatar/7e61c80d28018b10d31f6db7dddb864c"
+ subject="comment 1"
+ date="2018-04-29T16:05:18Z"
+ content="""
+I solved my problem by creating a SiteSpecific module directly in the library part of Propellor
+"""]]

diff --git a/doc/forum/5.3.5_import_errors.mdwn b/doc/forum/5.3.5_import_errors.mdwn
new file mode 100644
index 00000000..f69934f2
--- /dev/null
+++ b/doc/forum/5.3.5_import_errors.mdwn
@@ -0,0 +1,35 @@
+Hello, with the new 5.3.5 version,I have these errors now.
+
+At least for the two first I know that I need to add the dependencies to the executable.
+but for the last one, I do not know how to proceed properly.
+
+Cheers
+
+
+    Building executable 'propellor-config' for propellor-5.3.5..
+    [1 of 1] Compiling Main             ( executables/propellor-config.hs, dist/build/propellor-config/propellor-config-tmp/Main.o )
+
+    executables/propellor-config.hs:14:1-25: error:
+        Could not find module ‘System.Posix.Files’
+        Perhaps you meant System.Posix.Types (from base-4.10.1.0)
+        Use -v to see a list of the files searched for.
+       |
+    14 | import System.Posix.Files
+       | ^^^^^^^^^^^^^^^^^^^^^^^^^
+
+    executables/propellor-config.hs:15:1-66: error:
+        Could not find module ‘System.FilePath.Posix’
+        Use -v to see a list of the files searched for.
+       |
+    15 | import System.FilePath.Posix ((</>), dropExtension, takeDirectory)
+       | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+    executables/propellor-config.hs:28:1-23: error:
+        Could not find module ‘Utility.FileMode’
+        it is a hidden module in the package ‘propellor-5.3.5’
+        Use -v to see a list of the files searched for.
+       |
+    28 | import Utility.FileMode
+       | ^^^^^^^^^^^^^^^^^^^^^^^
+
+    HsCompilation exited abnormally with code 1 at Sun Apr 29 09:35:08

diff --git a/doc/forum/5.3.5_errors_building_with_Stack.mdwn b/doc/forum/5.3.5_errors_building_with_Stack.mdwn
index e612579d..bdda6bca 100644
--- a/doc/forum/5.3.5_errors_building_with_Stack.mdwn
+++ b/doc/forum/5.3.5_errors_building_with_Stack.mdwn
@@ -1,6 +1,6 @@
 I'm able to reproduce the following with a freshly cloned Propellor:
 
->    stack build
+    > stack build
     propellor-5.3.5: build (lib + exe)
     Preprocessing library propellor-5.3.5...
     [ 43 of 171] Compiling Propellor.Types  ( src/Propellor/Types.hs, .stack-work/dist/x86_64-linux-nopie/Cabal-1.24.2.0/build/Propellor/Types.o )

diff --git a/doc/forum/5.3.5_errors_building_with_Stack.mdwn b/doc/forum/5.3.5_errors_building_with_Stack.mdwn
new file mode 100644
index 00000000..e612579d
--- /dev/null
+++ b/doc/forum/5.3.5_errors_building_with_Stack.mdwn
@@ -0,0 +1,38 @@
+I'm able to reproduce the following with a freshly cloned Propellor:
+
+>    stack build
+    propellor-5.3.5: build (lib + exe)
+    Preprocessing library propellor-5.3.5...
+    [ 43 of 171] Compiling Propellor.Types  ( src/Propellor/Types.hs, .stack-work/dist/x86_64-linux-nopie/Cabal-1.24.2.0/build/Propellor/Types.o )
+
+    /home/jayess/code/propellor/src/Propellor/Types.hs:251:37: error:
+        • Could not deduce (Monoid (Property setupmetatypes))
+            arising from a use of ‘<>’
+          from the context: (Sem.Semigroup (Property setupmetatypes),
+                             Sem.Semigroup (Property undometatypes))
+            bound by the instance declaration
+            at src/Propellor/Types.hs:(245,9)-(248,74)
+        • In the first argument of ‘RevertableProperty’, namely
+            ‘(s1 <> s2)’
+          In the expression: RevertableProperty (s1 <> s2) (u2 <> u1)
+          In an equation for ‘<>’:
+              (RevertableProperty s1 u1) <> (RevertableProperty s2 u2)
+                = RevertableProperty (s1 <> s2) (u2 <> u1)
+
+    /home/jayess/code/propellor/src/Propellor/Types.hs:251:48: error:
+        • Could not deduce (Monoid (Property undometatypes))
+            arising from a use of ‘<>’
+          from the context: (Sem.Semigroup (Property setupmetatypes),
+                             Sem.Semigroup (Property undometatypes))
+            bound by the instance declaration
+            at src/Propellor/Types.hs:(245,9)-(248,74)
+        • In the second argument of ‘RevertableProperty’, namely
+            ‘(u2 <> u1)’
+          In the expression: RevertableProperty (s1 <> s2) (u2 <> u1)
+          In an equation for ‘<>’:
+              (RevertableProperty s1 u1) <> (RevertableProperty s2 u2)
+                = RevertableProperty (s1 <> s2) (u2 <> u1)
+
+    --  While building package propellor-5.3.5 using:
+          /home/jayess/.stack/setup-exe-cache/x86_64-linux-nopie/Cabal-simple_mPHDZzAJ_1.24.2.0_ghc-8.0.2 --builddir=.stack-work/dist/x86_64-linux-nopie/Cabal-1.24.2.0 build lib:propellor exe:propellor exe:propellor-config --ghc-options " -ddump-hi -ddump-to-file"
+        Process exited with code: ExitFailure 1

Added dependency on concurrent-output; removed embedded copy.
Removed deps on transformers, text, stm. Updated debian/control and
Propellor.Bootstrap accordingly. Sorted the lists of deps to make it easier
to keep them in sync.
This commit was sponsored by Nick Daly on Patreon.
diff --git a/debian/changelog b/debian/changelog
index cb8ed552..729eed4f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ propellor (5.3.6) UNRELEASED; urgency=medium
   * Dropped support for building propellor with ghc 7 (as in debian
     oldstable), to avoid needing to depend on the semigroups transitional
     package, but also because it's just too old to be worth supporting.
+  * Added dependency on concurrent-output; removed embedded copy.
 
  -- Joey Hess <id@joeyh.name>  Mon, 23 Apr 2018 13:12:25 -0400
 
diff --git a/debian/control b/debian/control
index 5a041c90..77bd7eae 100644
--- a/debian/control
+++ b/debian/control
@@ -6,19 +6,17 @@ Build-Depends:
 	git,
 	ghc (>= 7.6),
 	cabal-install,
+	libghc-ansi-terminal-dev,
 	libghc-async-dev,
-	libghc-split-dev,
+	libghc-concurrent-output-dev,
+	libghc-exceptions-dev (>= 0.6),
+	libghc-hashable-dev,
 	libghc-hslogger-dev,
-	libghc-unix-compat-dev,
-	libghc-ansi-terminal-dev,
 	libghc-ifelse-dev,
-	libghc-network-dev,
 	libghc-mtl-dev,
-	libghc-transformers-dev,
-	libghc-exceptions-dev (>= 0.6),
-	libghc-stm-dev,
-	libghc-text-dev,
-	libghc-hashable-dev,
+	libghc-network-dev,
+	libghc-split-dev,
+	libghc-unix-compat-dev,
 Maintainer: Joey Hess <id@joeyh.name>
 Standards-Version: 3.9.8
 Vcs-Git: git://git.joeyh.name/propellor
@@ -30,19 +28,17 @@ Section: admin
 Depends: ${misc:Depends}, ${shlibs:Depends},
 	ghc (>= 7.4),
 	cabal-install,
+	libghc-ansi-terminal-dev,
 	libghc-async-dev,
-	libghc-split-dev,
+	libghc-concurrent-output-dev,
+	libghc-exceptions-dev (>= 0.6),
+	libghc-hashable-dev,
 	libghc-hslogger-dev,
-	libghc-unix-compat-dev,
-	libghc-ansi-terminal-dev,
 	libghc-ifelse-dev,
-	libghc-network-dev,
 	libghc-mtl-dev,
-	libghc-transformers-dev,
-	libghc-exceptions-dev (>= 0.6),
-	libghc-stm-dev,
-	libghc-text-dev,
-	libghc-hashable-dev,
+	libghc-network-dev,
+	libghc-split-dev,
+	libghc-unix-compat-dev,
 	git,
 Description: property-based host configuration management in haskell
  Propellor ensures that the system it's run in satisfies a list of
diff --git a/doc/todo/depend_on_concurrent-output.mdwn b/doc/todo/depend_on_concurrent-output.mdwn
index 347ea9e5..ddf074f9 100644
--- a/doc/todo/depend_on_concurrent-output.mdwn
+++ b/doc/todo/depend_on_concurrent-output.mdwn
@@ -5,5 +5,9 @@ Waiting on concurrent-output reaching Debian stable.
 
 > Well, it's in stable now. Not in oldstable yet, and propellor is still
 > supporting the current oldstable, I believe.. --[[Joey]]
+> >
+> > not anymore; dropping it now.
+
+[[done]]
 
 [[!tag user/joey]]
diff --git a/propellor.cabal b/propellor.cabal
index a5b8c8a3..cf9fe7ce 100644
--- a/propellor.cabal
+++ b/propellor.cabal
@@ -42,14 +42,31 @@ Library
     GHC-Options: -fno-warn-redundant-constraints
   Default-Extensions: TypeOperators
   Hs-Source-Dirs: src
+  -- propellor needs to support the ghc shipped in Debian stable,
+  -- and also only depends on packages in Debian stable.
+  -- 
+  -- When updating dependencies here, also update the lists in
+  -- Propellor.Bootstrap
   Build-Depends:
-    -- propellor needs to support the ghc shipped in Debian stable,
-    -- and also only depends on packages in Debian stable.
+    ansi-terminal,
+    async,
     base >= 4.9, base < 5,
-    directory, filepath, IfElse, process, bytestring, hslogger, split,
-    unix, unix-compat, ansi-terminal, containers (>= 0.5), network, async,
-    time, mtl, transformers, exceptions (>= 0.6), stm, text, hashable
-
+    bytestring,
+    concurrent-output,
+    containers (>= 0.5),
+    directory,
+    exceptions (>= 0.6),
+    filepath,
+    hashable,
+    hslogger,
+    IfElse,
+    mtl,
+    network,
+    process,
+    split,
+    time,
+    unix,
+    unix-compat
   Exposed-Modules:
     Propellor
     Propellor.Base
@@ -223,9 +240,6 @@ Library
     Utility.Tmp
     Utility.Tuple
     Utility.UserInfo
-    System.Console.Concurrent
-    System.Console.Concurrent.Internal
-    System.Process.Concurrent
     Paths_propellor
 
 Executable propellor-config
diff --git a/src/Propellor/Bootstrap.hs b/src/Propellor/Bootstrap.hs
index 04f23f85..a8713535 100644
--- a/src/Propellor/Bootstrap.hs
+++ b/src/Propellor/Bootstrap.hs
@@ -138,19 +138,17 @@ depsCommand bs msys = "( " ++ intercalate " ; " (go bs) ++ ") || true"
 		-- Below are the same deps listed in debian/control.
 		, "ghc"
 		, "cabal-install"
+		, "libghc-ansi-terminal-dev"
 		, "libghc-async-dev"
-		, "libghc-split-dev"
+		, "libghc-concurrent-output-dev"
+		, "libghc-exceptions-dev"
+		, "libghc-hashable-dev"
 		, "libghc-hslogger-dev"
-		, "libghc-unix-compat-dev"
-		, "libghc-ansi-terminal-dev"
 		, "libghc-ifelse-dev"
-		, "libghc-network-dev"
 		, "libghc-mtl-dev"
-		, "libghc-transformers-dev"
-		, "libghc-exceptions-dev"
-		, "libghc-stm-dev"
-		, "libghc-text-dev"
-		, "libghc-hashable-dev"
+		, "libghc-network-dev"
+		, "libghc-split-dev"
+		, "libghc-unix-compat-dev"
 		]
 	debdeps Stack =
 		[ "gnupg"
@@ -161,19 +159,16 @@ depsCommand bs msys = "( " ++ intercalate " ; " (go bs) ++ ") || true"
 		[ "gnupg"
 		, "ghc"
 		, "hs-cabal-install"
+		, "hs-ansi-terminal"
 		, "hs-async"
-		, "hs-split"
+		, "hs-exceptions"
+		, "hs-hashable"
 		, "hs-hslogger"
-		, "hs-unix-compat"
-		, "hs-ansi-terminal"
 		, "hs-IfElse"
-		, "hs-network"
 		, "hs-mtl"
-		, "hs-transformers-base"
-		, "hs-exceptions"
-		, "hs-stm"
-		, "hs-text"
-		, "hs-hashable"
+		, "hs-network"
+		, "hs-split"
+		, "hs-unix-compat"
 		]
 	fbsddeps Stack =
 		[ "gnupg"
@@ -184,20 +179,17 @@ depsCommand bs msys = "( " ++ intercalate " ; " (go bs) ++ ") || true"
 		[ "gnupg"
 		, "ghc"
 		, "cabal-install"
-		, "haskell-async"
-		, "haskell-split"
-		, "haskell-hslogger"

(Diff truncated)
update
diff --git a/doc/todo/depend_on_concurrent-output.mdwn b/doc/todo/depend_on_concurrent-output.mdwn
index cf985166..347ea9e5 100644
--- a/doc/todo/depend_on_concurrent-output.mdwn
+++ b/doc/todo/depend_on_concurrent-output.mdwn
@@ -3,4 +3,7 @@ should be converted to a dependency.
 
 Waiting on concurrent-output reaching Debian stable.
 
+> Well, it's in stable now. Not in oldstable yet, and propellor is still
+> supporting the current oldstable, I believe.. --[[Joey]]
+
 [[!tag user/joey]]

add news item for propellor 5.3.5
diff --git a/doc/news/version_5.3.5.mdwn b/doc/news/version_5.3.5.mdwn
new file mode 100644
index 00000000..a7da0f0c
--- /dev/null
+++ b/doc/news/version_5.3.5.mdwn
@@ -0,0 +1,7 @@
+propellor 5.3.5 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Apt.stdSourcesList now adds stable-updates suite
+     Thanks, Sean Whitton
+   * Significantly increased propellor build speed when your config.hs
+     is in a fork of the propellor repository, by avoiding redundant builds
+     of propellor library."""]]
\ No newline at end of file

diff --git a/doc/forum/Problem_with_getting_started.mdwn b/doc/forum/Problem_with_getting_started.mdwn
index 4d750553..f929c3b3 100644
--- a/doc/forum/Problem_with_getting_started.mdwn
+++ b/doc/forum/Problem_with_getting_started.mdwn
@@ -3,25 +3,29 @@ Hello, I hope this is the right place to ask for help.
 I am new to Haskell and Propellor; just want to give it a try. I have been using ansible but now looking for an alternative.
 
 I did the following steps:
-- install propellor on control machine with: `stack install propellor`
-- `propellor --init`
-- create a minimal config.hs file, which does nothing:
-```
-abc :: Host
-abc = host "abc" $ props
-	& osDebian (Stable "stretch") X86_64
-```
-
-when I run `propellor --spin abc`, it ended with the last following:
-.
-.
-Installed propellor-5.3.4
-Resolving dependencies...
-Configuring config-0...
-Preprocessing executable 'propellor-config' for config-0...
-cabal: can't find source for config in .
-sh: 1: ./propellor: not found
-propellor: user error (ssh <long text>
+
+* install propellor on control machine with: `stack install propellor`
+
+* `propellor --init`
+
+* create a minimal config.hs file, which does nothing:
+
+        abc :: Host
+        abc = host "abc" $ props
+            & osDebian (Stable "stretch") X86_64
+
+
+when I run `propellor --spin abc`, it ended with the following message:
+
+    .
+    .
+    Installed propellor-5.3.4
+    Resolving dependencies...
+    Configuring config-0...
+    Preprocessing executable 'propellor-config' for config-0...
+    cabal: can't find source for config in .
+    sh: 1: ./propellor: not found
+    propellor: user error (ssh <long text>
 
 Can someone give me a hint how to process further?
 

diff --git a/doc/forum/Problem_with_getting_started.mdwn b/doc/forum/Problem_with_getting_started.mdwn
index 6c438b6e..4d750553 100644
--- a/doc/forum/Problem_with_getting_started.mdwn
+++ b/doc/forum/Problem_with_getting_started.mdwn
@@ -5,12 +5,12 @@ I am new to Haskell and Propellor; just want to give it a try. I have been using
 I did the following steps:
 - install propellor on control machine with: `stack install propellor`
 - `propellor --init`
-- create a minimal config.hs file, which does nothing
-
+- create a minimal config.hs file, which does nothing:
+```
 abc :: Host
 abc = host "abc" $ props
 	& osDebian (Stable "stretch") X86_64
-
+```
 
 when I run `propellor --spin abc`, it ended with the last following:
 .

diff --git a/doc/forum/Problem_with_getting_started.mdwn b/doc/forum/Problem_with_getting_started.mdwn
new file mode 100644
index 00000000..6c438b6e
--- /dev/null
+++ b/doc/forum/Problem_with_getting_started.mdwn
@@ -0,0 +1,30 @@
+Hello, I hope this is the right place to ask for help.
+
+I am new to Haskell and Propellor; just want to give it a try. I have been using ansible but now looking for an alternative.
+
+I did the following steps:
+- install propellor on control machine with: `stack install propellor`
+- `propellor --init`
+- create a minimal config.hs file, which does nothing
+
+abc :: Host
+abc = host "abc" $ props
+	& osDebian (Stable "stretch") X86_64
+
+
+when I run `propellor --spin abc`, it ended with the last following:
+.
+.
+Installed propellor-5.3.4
+Resolving dependencies...
+Configuring config-0...
+Preprocessing executable 'propellor-config' for config-0...
+cabal: can't find source for config in .
+sh: 1: ./propellor: not found
+propellor: user error (ssh <long text>
+
+Can someone give me a hint how to process further?
+
+Regards,
+Tony
+

Added a comment
diff --git a/doc/forum/Apt:_use_deb.debian.org__47__debian-security/comment_2_db1e5b7fcb324d5beb4429945f026096._comment b/doc/forum/Apt:_use_deb.debian.org__47__debian-security/comment_2_db1e5b7fcb324d5beb4429945f026096._comment
new file mode 100644
index 00000000..ab80fbc6
--- /dev/null
+++ b/doc/forum/Apt:_use_deb.debian.org__47__debian-security/comment_2_db1e5b7fcb324d5beb4429945f026096._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="gueux"
+ avatar="http://cdn.libravatar.org/avatar/2982bac2c2cd94ab3860efb189deafc8"
+ subject="comment 2"
+ date="2018-04-05T10:41:02Z"
+ content="""
+The same we get from using http://deb.debian.org/debian instead of http://ftp.debian.org/debian : redundancy, avoiding overloading security.debian.org, ...
+"""]]

response
diff --git a/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__/comment_1_cc518b5ae9f82d13be9eda19822db85c._comment b/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__/comment_1_cc518b5ae9f82d13be9eda19822db85c._comment
new file mode 100644
index 00000000..b2124dd7
--- /dev/null
+++ b/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__/comment_1_cc518b5ae9f82d13be9eda19822db85c._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-04-03T22:39:14Z"
+ content="""
+Mostly I point people at my [personal propellor config file](https://git.joeyh.name/index.cgi/propellor.git/tree/joeyconfig.hs)
+which is quite big, but demos a lot of propellor's features. And unlike
+an artificial example, it's always tested and working.
+"""]]

fix urls for change from gitweb to cgit
diff --git a/doc/FreeBSD.mdwn b/doc/FreeBSD.mdwn
index 47b9c65b..ca340163 100644
--- a/doc/FreeBSD.mdwn
+++ b/doc/FreeBSD.mdwn
@@ -6,5 +6,5 @@ additional porting to support FreeBSD. Such properties have types like
 `Property DebianLike`. The type checker will detect and reject attempts
 to combine such properties with `Property FreeBSD`.
 
-[Sample config file](http://git.joeyh.name/?p=propellor.git;a=blob;f=config-freebsd.hs)
+[Sample config file](https://git.joeyh.name/index.cgi/propellor.git/tree/config-freebsd.hs)
 which configures a FreeBSD system, as well as a Linux one.
diff --git a/doc/index.mdwn b/doc/index.mdwn
index 1e3af9dd..264a6f48 100644
--- a/doc/index.mdwn
+++ b/doc/index.mdwn
@@ -4,7 +4,7 @@
 [[Download]]  
 [API documentation](http://hackage.haskell.org/package/propellor)  
 [[Other Documentation|documentation]]
-[Sample config file](http://git.joeyh.name/?p=propellor.git;a=blob;f=joeyconfig.hs)  
+[Sample config file](https://git.joeyh.name/index.cgi/propellor.git/tree/joeyconfig.hs)  
 [[Security]]  
 [[Todo]]  
 [[Forum]]  

Added a comment
diff --git a/doc/forum/Apt:_use_deb.debian.org__47__debian-security/comment_1_8f06ef23b94f1df693f0da4689f39edf._comment b/doc/forum/Apt:_use_deb.debian.org__47__debian-security/comment_1_8f06ef23b94f1df693f0da4689f39edf._comment
new file mode 100644
index 00000000..8565ee93
--- /dev/null
+++ b/doc/forum/Apt:_use_deb.debian.org__47__debian-security/comment_1_8f06ef23b94f1df693f0da4689f39edf._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 1"
+ date="2018-04-03T00:20:41Z"
+ content="""
+What would that achieve?
+"""]]

diff --git a/doc/forum/Apt:_use_deb.debian.org__47__debian-security.mdwn b/doc/forum/Apt:_use_deb.debian.org__47__debian-security.mdwn
new file mode 100644
index 00000000..a918a402
--- /dev/null
+++ b/doc/forum/Apt:_use_deb.debian.org__47__debian-security.mdwn
@@ -0,0 +1 @@
+Maybe we could use deb.debian.org/debian-security instead of security.debian.org in Apt properties. What do you think about this?

diff --git a/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__.mdwn b/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__.mdwn
index b34fbcce..c3260c1c 100644
--- a/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__.mdwn
+++ b/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__.mdwn
@@ -1,6 +1,3 @@
 Hello,
 
 where can I find practical, working examples on how to use Propellor? For example, how to use Propellor to setup a LAMP debian or ubuntu server.
-
-Regards,
-Thanh

diff --git a/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__.mdwn b/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__.mdwn
new file mode 100644
index 00000000..b34fbcce
--- /dev/null
+++ b/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__.mdwn
@@ -0,0 +1,6 @@
+Hello,
+
+where can I find practical, working examples on how to use Propellor? For example, how to use Propellor to setup a LAMP debian or ubuntu server.
+
+Regards,
+Thanh

add news item for propellor 5.3.4
diff --git a/doc/news/version_5.3.4.mdwn b/doc/news/version_5.3.4.mdwn
new file mode 100644
index 00000000..09358138
--- /dev/null
+++ b/doc/news/version_5.3.4.mdwn
@@ -0,0 +1,8 @@
+propellor 5.3.4 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Apt.trustsKey: Use apt-key to add key rather than manually driving gpg,
+     which seems to not work anymore.
+     Thanks, Russell Sim.
+   * Firewall: Reorder iptables parameters that are order
+     dependant to make --to-dest and --to-source work.
+     Thanks, Russell Sim"""]]
\ No newline at end of file

don't use ikiwiki link in readme
diff --git a/doc/README.mdwn b/doc/README.mdwn
index 8bdb6c83..df1b8ada 100644
--- a/doc/README.mdwn
+++ b/doc/README.mdwn
@@ -56,4 +56,4 @@ see [configuration for the Haskell newbie](https://propellor.branchable.com/hask
 7. Write some neat new properties and send patches!
 
 (Want to get your feet wet with propellor before plunging in?
-[[try this|forum/Simple_quickstart_without_git__44___SSH__44___GPG]])
+[try this|http://propellor.branchable.com/forum/Simple_quickstart_without_git__44___SSH__44___GPG])

Added a comment
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_14_a65bf71d16401e2621f1dff93701247d._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_14_a65bf71d16401e2621f1dff93701247d._comment
new file mode 100644
index 00000000..c5427cd7
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_14_a65bf71d16401e2621f1dff93701247d._comment
@@ -0,0 +1,35 @@
+[[!comment format=mdwn
+ username="picca"
+ avatar="http://cdn.libravatar.org/avatar/7e61c80d28018b10d31f6db7dddb864c"
+ subject="comment 14"
+ date="2018-03-04T10:41:01Z"
+ content="""
+Hello, sorry to bother you with this BUT :))
+
+Now I have the right message which explain how to upgrade my .propellor
+(sorry for the french)
+
+    picca@mordor:~$ propellor
+    Fusion automatique de src/Propellor/Property/Systemd.hs
+    Fusion automatique de src/Propellor/Property/SiteSpecific/JoeySites.hs
+    Fusion automatique de src/Propellor/Property/Git.hs
+    Fusion automatique de src/Propellor/Git/VerifiedBranch.hs
+    Fusion automatique de src/Propellor/Git.hs
+    Fusion automatique de src/Propellor/EnsureProperty.hs
+    Fusion automatique de src/Propellor/DotDir.hs
+    Fusion automatique de propellor.cabal
+    Fusion automatique de joeyconfig.hs
+    Fusion automatique de doc/README.mdwn
+    Fusion automatique de debian/changelog
+    ** warning: ** Your ~/.propellor/ is out of date..
+       A newer upstream version is available in /usr/src/propellor/propellor.git
+       To merge it, run: git merge upstream/master
+
+but when I try to do the merge, I get this error message
+
+    picca@mordor:~/.propellor$ LANG=C git merge upstream/master
+    fatal: refusing to merge unrelated histories
+
+How can I help to solve this issue ?
+
+"""]]

Apt.trustsKey: Use apt-key to add key rather than manually driving gpg, which seems to not work anymore.
Thanks, Russell Sim.
diff --git a/debian/changelog b/debian/changelog
index b081d04f..92581607 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+propellor (5.3.4) UNRELEASED; urgency=medium
+
+  * Apt.trustsKey: Use apt-key to add key rather than manually driving gpg,
+    which seems to not work anymore.
+    Thanks, Russell Sim.
+
+ -- Joey Hess <id@joeyh.name>  Thu, 01 Mar 2018 18:25:04 -0400
+
 propellor (5.3.3) unstable; urgency=medium
 
   * Warn again about new upstream version when ~/.propellor was cloned from the
diff --git a/doc/forum/can__39__t_get_Apt.trustsKey_to_work/comment_1_8ee5b69f068c369e88c31c639d692f60._comment b/doc/forum/can__39__t_get_Apt.trustsKey_to_work/comment_1_8ee5b69f068c369e88c31c639d692f60._comment
new file mode 100644
index 00000000..b1f82b19
--- /dev/null
+++ b/doc/forum/can__39__t_get_Apt.trustsKey_to_work/comment_1_8ee5b69f068c369e88c31c639d692f60._comment
@@ -0,0 +1,14 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-03-01T22:20:54Z"
+ content="""
+I added trustsKey in 2014, but my current config is not using
+it for anything, so it seems likely it's bitrotted in some way.
+And there's no rationalle documented for why it manually drives gpg.
+
+I've applied your change to use apt-key.
+
+I wonder if the nukeFile of the "gpg dropping" is actually needed
+anymore?
+"""]]
diff --git a/src/Propellor/Property/Apt.hs b/src/Propellor/Property/Apt.hs
index d44b5c38..7275205a 100644
--- a/src/Propellor/Property/Apt.hs
+++ b/src/Propellor/Property/Apt.hs
@@ -447,7 +447,7 @@ trustsKey k = trustsKey' k <!> untrustKey k
 trustsKey' :: AptKey -> Property DebianLike
 trustsKey' k = check (not <$> doesFileExist f) $ property desc $ makeChange $ do
 	withHandle StdinHandle createProcessSuccess
-		(proc "gpg" ["--no-default-keyring", "--keyring", f, "--import", "-"]) $ \h -> do
+		(proc "apt-key" ["--keyring", f, "add", "-"]) $ \h -> do
 			hPutStr h (pubkey k)
 			hClose h
 	nukeFile $ f ++ "~" -- gpg dropping

Added a comment: LUKS desired ;-)
diff --git a/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_2_ffca1d5942d4fd152657dd3afe21b935._comment b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_2_ffca1d5942d4fd152657dd3afe21b935._comment
new file mode 100644
index 00000000..93248324
--- /dev/null
+++ b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_2_ffca1d5942d4fd152657dd3afe21b935._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="dominik"
+ avatar="http://cdn.libravatar.org/avatar/41b0caab63708c0b81d8aeda611afad5"
+ subject="LUKS desired ;-)"
+ date="2018-03-01T11:40:27Z"
+ content="""
+I'd love to use LUKS partitions in Propeller.
+
+Thanks Joey.
+
+"""]]

diff --git a/doc/forum/can__39__t_get_Apt.trustsKey_to_work.mdwn b/doc/forum/can__39__t_get_Apt.trustsKey_to_work.mdwn
new file mode 100644
index 00000000..3c0853db
--- /dev/null
+++ b/doc/forum/can__39__t_get_Apt.trustsKey_to_work.mdwn
@@ -0,0 +1,90 @@
+I've been hitting a problem when importing APT keys on a debian stretch VM. I'm using a property like
+
+    mybox :: Host
+    mybox = host "henry1.home" $ props
+      & osDebian (Stable "stretch") X86_64
+      & Apt.stdSourcesList
+      & Apt.unattendedUpgrades
+      & installKubernetes
+
+
+    installKubernetes :: Property DebianLike
+    installKubernetes = Apt.installed ["kubelet", "kubeadm", "kubectl"]
+      `requires` Apt.setSourcesListD ["deb http://apt.kubernetes.io/ kubernetes-xenial main"] "google-cloud"
+      `requires` Apt.trustsKey googleKey
+
+    googleKey :: Apt.AptKey
+    googleKey =
+      Apt.AptKey "google-key" $ unlines
+      [ "-----BEGIN PGP PUBLIC KEY BLOCK-----"
+      , ""
+      , "mQENBFUd6rIBCAD6mhKRHDn3UrCeLDp7U5IE7AhhrOCPpqGF7mfTemZYHf/5Jdjx"
+      , "cOxoSFlK7zwmFr3lVqJ+tJ9L1wd1K6P7RrtaNwCiZyeNPf/Y86AJ5NJwBe0VD0xH"
+      , "TXzPNTqRSByVYtdN94NoltXUYFAAPZYQls0x0nUD1hLMlOlC2HdTPrD1PMCnYq/N"
+      , "uL/Vk8sWrcUt4DIS+0RDQ8tKKe5PSV0+PnmaJvdF5CKawhh0qGTklS2MXTyKFoqj"
+      , "XgYDfY2EodI9ogT/LGr9Lm/+u4OFPvmN9VN6UG+s0DgJjWvpbmuHL/ZIRwMEn/tp"
+      , "uneaLTO7h1dCrXC849PiJ8wSkGzBnuJQUbXnABEBAAG0QEdvb2dsZSBDbG91ZCBQ"
+      , "YWNrYWdlcyBBdXRvbWF0aWMgU2lnbmluZyBLZXkgPGdjLXRlYW1AZ29vZ2xlLmNv"
+      , "bT6JAT4EEwECACgFAlUd6rICGy8FCQWjmoAGCwkIBwMCBhUIAgkKCwQWAgMBAh4B"
+      , "AheAAAoJEDdGwginMXsPcLcIAKi2yNhJMbu4zWQ2tM/rJFovazcY28MF2rDWGOnc"
+      , "9giHXOH0/BoMBcd8rw0lgjmOosBdM2JT0HWZIxC/Gdt7NSRA0WOlJe04u82/o3OH"
+      , "WDgTdm9MS42noSP0mvNzNALBbQnlZHU0kvt3sV1YsnrxljoIuvxKWLLwren/GVsh"
+      , "FLPwONjw3f9Fan6GWxJyn/dkX3OSUGaduzcygw51vksBQiUZLCD2Tlxyr9NvkZYT"
+      , "qiaWW78L6regvATsLc9L/dQUiSMQZIK6NglmHE+cuSaoK0H4ruNKeTiQUw/EGFaL"
+      , "ecay6Qy/s3Hk7K0QLd+gl0hZ1w1VzIeXLo2BRlqnjOYFX4A="
+      , "=HVTm"
+      , "-----END PGP PUBLIC KEY BLOCK-----"
+      ]
+
+
+the import works fine, but the packages fail to install because the key isn't valid, i can list the key
+
+    root@henry1:~# apt-key list | grep -A 6 google-key
+    Warning: apt-key output should not be parsed (stdout is not a terminal)
+    /etc/apt/trusted.gpg.d/google-key.gpg
+    -------------------------------------
+    pub   rsa2048 2015-04-03 [SCEA] [expires: 2018-04-02]
+          D0BC 747F D8CA F711 7500  D6FA 3746 C208 A731 7B0F
+    uid           [ unknown] Google Cloud Packages Automatic Signing Key <gc-team@google.com>
+
+
+but i can't export it. I've tried the gpg command listed in the Apt.trustsKey function and running it locally (on the vm) with a local file doesn't work either.
+
+    root@henry1:~# apt-key export D6FA3746A7317B0F
+    gpg: [don't know]: invalid packet (ctb=00)
+    gpg: WARNING: nothing exported
+    gpg: key export failed: Invalid packet
+
+
+Gpg version info
+
+    root@henry1:~# gpg --version
+    gpg (GnuPG) 2.1.18
+    libgcrypt 1.7.6-beta
+    Copyright (C) 2017 Free Software Foundation, Inc.
+    License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
+    This is free software: you are free to change and redistribute it.
+    There is NO WARRANTY, to the extent permitted by law.
+    
+    Home: /root/.gnupg
+    Supported algorithms:
+    Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
+    Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
+            CAMELLIA128, CAMELLIA192, CAMELLIA256
+    Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
+    Compression: Uncompressed, ZIP, ZLIB, BZIP2
+
+I ended up changing the Apt.trustsKey command to a version which uses apt-key and everything works now
+
+    trustsKey' :: AptKey -> Property DebianLike
+    trustsKey' k = check (not <$> doesFileExist f) $ property desc $ makeChange $ do
+    	withHandle StdinHandle createProcessSuccess
+    		(proc "apt-key" ["--keyring", f, "add", "-"]) $ \h -> do
+    			hPutStr h (pubkey k)
+    			hClose h
+    	nukeFile $ f ++ "~" -- gpg dropping
+      where
+    	desc = "apt trusts key " ++ keyname k
+    	f = aptKeyFile k
+
+Any thoughts as to why this wouldn't be working?  Would it be reasonable to change this command upstream?

add news item for propellor 5.3.3
diff --git a/doc/news/version_5.3.3.mdwn b/doc/news/version_5.3.3.mdwn
new file mode 100644
index 00000000..18f80d5f
--- /dev/null
+++ b/doc/news/version_5.3.3.mdwn
@@ -0,0 +1,8 @@
+propellor 5.3.3 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Warn again about new upstream version when ~/.propellor was cloned from the
+     Debian git bundle using an older version of propellor that set up an
+     upstream remote.
+   * Avoid crashing if initial fetch from origin fails when spinning a host.
+   * Added Propllor.Property.Openssl module contributed by contributed by
+     Félix Sipma."""]]
\ No newline at end of file

Added a comment
diff --git a/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_2_7b1f28e3eeb7f181f5715863bc836bb7._comment b/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_2_7b1f28e3eeb7f181f5715863bc836bb7._comment
new file mode 100644
index 00000000..5cb2fc0b
--- /dev/null
+++ b/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_2_7b1f28e3eeb7f181f5715863bc836bb7._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="gueux"
+ avatar="http://cdn.libravatar.org/avatar/2982bac2c2cd94ab3860efb189deafc8"
+ subject="comment 2"
+ date="2018-02-23T13:16:09Z"
+ content="""
+I don't want my central repo to be accessible to anyone, but I still want to push there and use it for some of my hosts. Anyway, your fix works great, thanks!
+"""]]

Avoid crashing if initial fetch from origin fails when spinning a host.
diff --git a/debian/changelog b/debian/changelog
index 55ca5a93..bc7a4a69 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ propellor (5.3.3) UNRELEASED; urgency=medium
   * Warn again about new upstream version when ~/.propellor was cloned from the
     Debian git bundle using an older version of propellor that set up an
     upstream remote.
+  * Avoid crashing if initial fetch from origin fails when spinning a host.
 
  -- Joey Hess <id@joeyh.name>  Mon, 19 Feb 2018 12:44:24 -0400
 
diff --git a/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_1_be4533d304096f431ac8d35bbf990dab._comment b/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_1_be4533d304096f431ac8d35bbf990dab._comment
new file mode 100644
index 00000000..e79fabfb
--- /dev/null
+++ b/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_1_be4533d304096f431ac8d35bbf990dab._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-02-22T15:34:07Z"
+ content="""
+--spin has always pushed/pulled from origin, if there is
+a central git repository.
+
+It's an optional thing though, since the update is pushed directly to the
+host it spins too.
+
+I've improved the code to avoid this particular crash..
+"""]]
diff --git a/src/Propellor/Git/VerifiedBranch.hs b/src/Propellor/Git/VerifiedBranch.hs
index 51fcb573..df607bd2 100644
--- a/src/Propellor/Git/VerifiedBranch.hs
+++ b/src/Propellor/Git/VerifiedBranch.hs
@@ -30,12 +30,17 @@ verifyOriginBranch originbranch = do
 -- Returns True if HEAD is changed by fetching and merging from origin.
 fetchOrigin :: IO Bool
 fetchOrigin = do
+	fetched <- actionMessage "Pull from central git repository" $
+		boolSystem "git" [Param "fetch"]
+	if fetched
+		then mergeOrigin
+		else return False
+
+mergeOrigin :: IO Bool
+mergeOrigin = do
 	branchref <- getCurrentBranch
 	let originbranch = "origin" </> branchref
 
-	void $ actionMessage "Pull from central git repository" $
-		boolSystem "git" [Param "fetch"]
-
 	oldsha <- getCurrentGitSha1 branchref
 
 	keyring <- privDataKeyring

diff --git a/doc/forum/--spin_tries_to_pull_from_central_repository__63__.mdwn b/doc/forum/--spin_tries_to_pull_from_central_repository__63__.mdwn
new file mode 100644
index 00000000..5bd97367
--- /dev/null
+++ b/doc/forum/--spin_tries_to_pull_from_central_repository__63__.mdwn
@@ -0,0 +1,28 @@
+Did something changed recently concerning `--spin`? It seems like I can't use it without a central repo anymore...
+
+
+    $ ./propellor --spin server
+    Preprocessing executable 'propellor-config' for propellor-5.3.2...
+    Propellor build ... done
+    [master cabbc1b4e] propellor spin
+    Git commit ... done
+    Counting objects: 1, done.
+    Writing objects: 100% (1/1), 860 bytes | 860.00 KiB/s, done.
+    Total 1 (delta 0), reused 0 (delta 0)
+    To example.org:/var/lib/git/private/propellor.git
+       8c8c1b2f6..cabbc1b4e  master -> master
+    Push to central git repository ... done
+    gpg: encrypted with 4096-bit RSA key, ID EC0B9FA927E29C5C, created 2013-01-29
+          "Félix Sipma <felix.sipma@riseup.net>"
+    Host key verification failed.
+    fatal: Could not read from remote repository.
+    
+    Please make sure you have the correct access rights
+    and the repository exists.
+    Pull from central git repository ... failed
+    fatal: ambiguous argument 'origin/master': unknown revision or path not in the working tree.
+    Use '--' to separate paths from revisions, like this:
+    'git <command> [<revision>...] -- [<file>...]'
+    propellor: user error (git ["log","-n","1","--format=%G?","origin/master"] exited 128)
+    propellor: user error (ssh ["-o","ControlPath=/home/example/.ssh/propellor/server.example.org.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@server.example.org","sh -c 'rm -rf /usr/local/propellor-precompiled ; if [ ! -d /usr/local/propellor/.git ] ; then (if ! git --version >/dev/null 2>&1; then apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -qq --no-install-recommends --no-upgrade -y install git; fi && echo STATUSNeedGitClone) || echo STATUSNeedPrecompiled ; else cd /usr/local/propellor && if ! cabal configure >/dev/null 2>&1; then ( apt-get update ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install gnupg ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install ghc ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install cabal-install ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-async-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-split-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-hslogger-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-unix-compat-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-ansi-terminal-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-ifelse-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-network-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-mtl-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-transformers-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-exceptions-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-stm-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-text-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-hashable-dev) || true; fi&& if ! test -x ./propellor; then cabal configure && cabal build -j1 propellor-config && ln -sf dist/build/propellor-config/propellor-config propellor; fi;if test -x ./propellor && ! ./propellor --check; then cabal clean && cabal configure && cabal build -j1 propellor-config && ln -sf dist/build/propellor-config/propellor-config propellor; fi && ./propellor --boot server.example.org ; fi'"] exited 1)
+    

Added a comment
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_13_a3039c7e86f85af4ff44bdbcd7b46313._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_13_a3039c7e86f85af4ff44bdbcd7b46313._comment
new file mode 100644
index 00000000..39feff2e
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_13_a3039c7e86f85af4ff44bdbcd7b46313._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="picca"
+ avatar="http://cdn.libravatar.org/avatar/7e61c80d28018b10d31f6db7dddb864c"
+ subject="comment 13"
+ date="2018-02-20T05:58:48Z"
+ content="""
+Thanks a lot joey,
+
+and you are right, I am fund of your works :).
+
+Cheers.
+"""]]

Warn again about new upstream version when ~/.propellor was cloned from the Debian git bundle using an older version of propellor that set up an upstream remote.
This commit was sponsored by Jake Vosloo on Patreon.
diff --git a/debian/changelog b/debian/changelog
index 3515497b..55ca5a93 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+propellor (5.3.3) UNRELEASED; urgency=medium
+
+  * Warn again about new upstream version when ~/.propellor was cloned from the
+    Debian git bundle using an older version of propellor that set up an
+    upstream remote.
+
+ -- Joey Hess <id@joeyh.name>  Mon, 19 Feb 2018 12:44:24 -0400
+
 propellor (5.3.2) unstable; urgency=medium
 
   * Added Propellor.Property.Atomic, which can make a non-atomic property
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_12_aea497eeecb077659db3f1dfb1e5f289._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_12_aea497eeecb077659db3f1dfb1e5f289._comment
new file mode 100644
index 00000000..90d0ba2c
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_12_aea497eeecb077659db3f1dfb1e5f289._comment
@@ -0,0 +1,20 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 12"""
+ date="2018-02-19T15:48:21Z"
+ content="""
+What propellor --init sets up, when you select the clone option
+and the Debian package is installed, is no remote
+defined, but a remotes/upsteam/master tracking branch.
+
+So not normally this:
+
+    upstream        /usr/src/propellor/propellor.git (fetch)
+
+Aha! The very first revision of propellor --init
+*did* set up an upstream remote pointing at the distrepo. At some point
+that changed to the above described behavior. You're bitten by being an
+early adopter.
+
+I've adjusted the logic to handle that case.
+"""]]
diff --git a/src/Propellor/DotDir.hs b/src/Propellor/DotDir.hs
index 17eb095a..39c111f6 100644
--- a/src/Propellor/DotDir.hs
+++ b/src/Propellor/DotDir.hs
@@ -387,16 +387,17 @@ checkRepoUpToDate = whenM (gitbundleavail <&&> dotpropellorpopulated) $ do
 -- into the user's repository, as if fetching from a upstream remote,
 -- yielding a new upstream/master branch.
 --
--- If there's no upstream/master, the user is not using the distrepo,
--- so do nothing. And, if there's a remote named "upstream", the user
--- must have set that up and is not using the distrepo, so do nothing.
+-- If there's no upstream/master, or the repo is not using the distrepo,
+-- do nothing.
 updateUpstreamMaster :: String -> IO ()
-updateUpstreamMaster newref = unlessM (hasRemote "upstream") $ do
+updateUpstreamMaster newref = do
 	changeWorkingDirectory =<< dotPropellor
-	go =<< catchMaybeIO getoldrev
+	v <- getoldrev
+	case v of
+		Nothing -> return ()
+		Just oldref -> go oldref
   where
-	go Nothing = return ()
-	go (Just oldref) = do
+	go oldref = do
 		let tmprepo = ".git/propellordisttmp"
 		let cleantmprepo = void $ catchMaybeIO $ removeDirectoryRecursive tmprepo
 		cleantmprepo
@@ -421,13 +422,37 @@ updateUpstreamMaster newref = unlessM (hasRemote "upstream") $ do
 		cleantmprepo
 		warnoutofdate True
 
-	getoldrev = takeWhile (/= '\n')
-		<$> readProcess "git" ["show-ref", upstreambranch, "--hash"]
-
 	git = run "git"
 	run cmd ps = unlessM (boolSystem cmd (map Param ps)) $
 		error $ "Failed to run " ++ cmd ++ " " ++ show ps
 
+	-- Get ref that the upstreambranch points to, only when
+	-- the distrepo is being used.
+	getoldrev = do
+		mrev <- catchMaybeIO $ takeWhile (/= '\n')
+			<$> readProcess "git" ["show-ref", upstreambranch, "--hash"]
+		print mrev
+		case mrev of
+			Just _ -> do
+				-- Normally there will be no upstream
+				-- remote when the distrepo is used.
+				-- Older versions of propellor set up
+				-- an upstream remote pointing at the 
+				-- distrepo.
+				ifM (hasRemote "upstream")
+					( do
+						v <- remoteUrl "upstream"
+						print ("remote url", v)
+						return $ case v of
+							Just rurl | rurl == distrepo -> mrev
+							_ -> Nothing
+					, return mrev
+					)
+			Nothing -> return mrev
+
+-- And, if there's a remote named "upstream"
+-- that does not point at the distrepo, the user must have set that up
+-- and is not using the distrepo, so do nothing.
 warnoutofdate :: Bool -> IO ()
 warnoutofdate havebranch = do
 	warningMessage ("** Your ~/.propellor/ is out of date..")
diff --git a/src/Propellor/Git.hs b/src/Propellor/Git.hs
index 10b88ddd..c446f67a 100644
--- a/src/Propellor/Git.hs
+++ b/src/Propellor/Git.hs
@@ -30,6 +30,10 @@ hasRemote remotename = catchDefaultIO False $ do
 	rs <- lines <$> readProcess "git" ["remote"]
 	return $ remotename `elem` rs
 
+remoteUrl :: String -> IO (Maybe String)
+remoteUrl remotename = catchDefaultIO Nothing $ headMaybe . lines
+	<$> readProcess "git" ["config", "remote." ++ remotename ++ ".url"]
+
 hasGitRepo :: IO Bool
 hasGitRepo = doesFileExist ".git/HEAD"
 

Added a comment
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_11_67fe9f07dd726f890cf1c7956cbb1d86._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_11_67fe9f07dd726f890cf1c7956cbb1d86._comment
new file mode 100644
index 00000000..106d993f
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_11_67fe9f07dd726f890cf1c7956cbb1d86._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="picca"
+ avatar="http://cdn.libravatar.org/avatar/7e61c80d28018b10d31f6db7dddb864c"
+ subject="comment 11"
+ date="2018-02-19T06:31:32Z"
+ content="""
+Yes sir :)
+
+    picca@mordor:~/.propellor$ git remote -v
+    deploy  https://salsa.debian.org/picca/propellor.git (fetch)
+    deploy  https://salsa.debian.org/picca/propellor.git (push)
+    origin  git@salsa.debian.org:picca/propellor.git (fetch)
+    origin  git@salsa.debian.org:picca/propellor.git (push)
+    upstream        /usr/src/propellor/propellor.git (fetch)
+    upstream        /usr/src/propellor/propellor.git (push)
+
+"""]]

Added a comment
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_10_8d27d1de5e891160c3e881bd1230829f._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_10_8d27d1de5e891160c3e881bd1230829f._comment
new file mode 100644
index 00000000..25d6ff1e
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_10_8d27d1de5e891160c3e881bd1230829f._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 10"
+ date="2018-02-18T21:35:23Z"
+ content="""
+Do you have a git remote named 'upstream'?
+"""]]

Added a comment
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_9_f6d40ae7c03a9d94cfe8e16f11264622._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_9_f6d40ae7c03a9d94cfe8e16f11264622._comment
new file mode 100644
index 00000000..492f40e1
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_9_f6d40ae7c03a9d94cfe8e16f11264622._comment
@@ -0,0 +1,21 @@
+[[!comment format=mdwn
+ username="picca"
+ avatar="http://cdn.libravatar.org/avatar/7e61c80d28018b10d31f6db7dddb864c"
+ subject="comment 9"
+ date="2018-02-18T19:10:32Z"
+ content="""
+Hello, I think that my problem is related to this one.
+
+I have a repository created from the Debian package and which is from the 5.1.0 version.
+I just upgrade the package to 5.3.1 and now I do not have the message explaining that a new upstream version is available.
+So I do not know how to upgrade my current repository.
+
+Before, I just had to do
+
+    git merge upstream/master
+
+And now ?
+
+
+thanks for your help
+"""]]

add news item for propellor 5.3.2
diff --git a/doc/news/version_5.3.2.mdwn b/doc/news/version_5.3.2.mdwn
new file mode 100644
index 00000000..cd16116e
--- /dev/null
+++ b/doc/news/version_5.3.2.mdwn
@@ -0,0 +1,10 @@
+propellor 5.3.2 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Added Propellor.Property.Atomic, which can make a non-atomic property
+     that operates on a directory into an atomic property.
+     (Inspired by Vaibhav Sagar's talk on Functional Devops in a
+     Dysfunctional World at LCA 2018.)
+   * Added Git.pulled.
+   * Systemd.machined: Install systemd-container on Debian
+     stretch.
+     Thanks, Sean Whitton"""]]
\ No newline at end of file

comment
diff --git a/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_1_62fc297972ab5be50b9cb8cd3aa269c0._comment b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_1_62fc297972ab5be50b9cb8cd3aa269c0._comment
new file mode 100644
index 00000000..0962459f
--- /dev/null
+++ b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_1_62fc297972ab5be50b9cb8cd3aa269c0._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-02-06T15:37:45Z"
+ content="""
+Not aware of anyone using propellor for that yet.
+
+Propellor's LVM module would probably be a decent starting point for
+implementing dm-crypt support.
+
+Key/passwords could certianly be managed with propellor's privdata
+interface. Whether it makes sense to do so for security is probably up to
+the individual user, since privdata can be decrypted with your gpg private
+key, which you might not want to equate to access to your encrypted volume.
+Also, privdata is stored on the host that uses it in unencrypted form
+protected only by file permissions.
+"""]]

Ask about dm-crypt/LUKS
diff --git a/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management.mdwn b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management.mdwn
new file mode 100644
index 00000000..12a2bea5
--- /dev/null
+++ b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management.mdwn
@@ -0,0 +1 @@
+Hi. Searching for *luks* in the git repository and the forum doesn’t bring up any hits. Am I right to assume, that encrypting the disk with dm-crypt/LUKS and managing keys/passwords is currently not easily doable?

remove old version announces
diff --git a/doc/news/version_4.7.6.mdwn b/doc/news/version_4.7.6.mdwn
deleted file mode 100644
index 4c8abd97..00000000
--- a/doc/news/version_4.7.6.mdwn
+++ /dev/null
@@ -1,6 +0,0 @@
-propellor 4.7.6 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Sbuild: Add Sbuild.userConfig property.
-     Thanks, Sean Whitton
-   * Locale: Make sure that the locales package is installed when enabling
-     locales."""]]
\ No newline at end of file
diff --git a/doc/news/version_4.7.7.mdwn b/doc/news/version_4.7.7.mdwn
deleted file mode 100644
index 258f0f23..00000000
--- a/doc/news/version_4.7.7.mdwn
+++ /dev/null
@@ -1,11 +0,0 @@
-propellor 4.7.7 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Locale: Display an error message when /etc/locale.gen does not contain
-     the requested locale.
-   * Attic module is deprecated and will warn when used.
-     Attic is no longer available in Debian and appears to have been
-     mostly supersceded by Borg.
-   * Obnam module is deprecated and will warn when used.
-     Obnam has been retired by its author.
-   * Add Typeable instance to Bootstrapper, fixing build with old versions
-     of ghc. (Previous attempt was incomplete.)"""]]
\ No newline at end of file
diff --git a/doc/news/version_4.8.0.mdwn b/doc/news/version_4.8.0.mdwn
deleted file mode 100644
index 217c3154..00000000
--- a/doc/news/version_4.8.0.mdwn
+++ /dev/null
@@ -1,21 +0,0 @@
-propellor 4.8.0 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * DiskImage: Made a DiskImage type class, so that different disk image
-     formats can be implemented. The properties in this module can generate
-     any type that is a member of DiskImage. (API change)
-     (To convert existing configs, convert the filename of the disk image
-     to RawDiskImage filename.)
-   * Removed DiskImage.vmdkBuiltFor property. (API change)
-     Instead, use VirtualBoxPointer in the property that creates the disk
-     image.
-   * Apt.isInstalled: Fix handling of packages that are not known at all
-     to apt.
-   * Borg: Converted BorgRepo from a String alias to a data type.
-     (API change)
-   * Borg: Allow specifying ssh private key to use when accessing a borg
-     repo by using the BorgRepoUsing constructor with UseSshKey.
-   * Borg: Fix broken shell escaping in borg cron job.
-   * Attic: Fix broken shell escaping in attic cron job.
-   * Make lock file descriptors close-on-exec.
-   * Lvm: New module for setting up LVM volumes.
-     Thanks, Nicolas Schodet"""]]
\ No newline at end of file
diff --git a/doc/news/version_4.8.1.mdwn b/doc/news/version_4.8.1.mdwn
deleted file mode 100644
index fbd293cd..00000000
--- a/doc/news/version_4.8.1.mdwn
+++ /dev/null
@@ -1,4 +0,0 @@
-propellor 4.8.1 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Borg: Fix propigation of exit status of borg backup.
-   * Borg: Fix handling of UseSshKey."""]]
\ No newline at end of file
diff --git a/doc/news/version_4.9.0.mdwn b/doc/news/version_4.9.0.mdwn
deleted file mode 100644
index c625e0c7..00000000
--- a/doc/news/version_4.9.0.mdwn
+++ /dev/null
@@ -1,23 +0,0 @@
-propellor 4.9.0 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * When the ipv4 and ipv6 properties are used with a container, avoid
-     propagating the address out to the host.
-   * DnsInfo has been replaced with DnsInfoPropagated and
-     DnsInfoUnpropagated. (API change)
-   * Code that used fromDnsInfo . fromInfo changes to use getDnsInfo.
-   * addDNS takes an additional Bool parameter to control whether
-     the DNS info should propagate out of containers. (API change)
-   * Made the PropellorRepo.hasOriginUrl property override the repository
-     url that --spin passes to a host.
-   * PropellorRepo.hasOriginUrl type changed to include HasInfo. (API change)
-   * Fstab.mounted: Create mount point if necessary, and mount it
-     if it's not already mounted.
-     Thanks, Nicolas Schodet
-   * Properties that check for an empty directory now treat a directory
-     containing only "lost+found" as effectively empty, to support
-     situations where the directory is a mount point of an EXT* filesystem.
-     Thanks, Nicolas Schodet
-   * Make addInfo accumulate Info in order properties appear, not
-     reverse order.
-     This fixes a bug involving reverting Systemd.resolvConfed or
-     Systemd.linkJournal."""]]
\ No newline at end of file

Merge branch 'joeyconfig'
fix typography
diff --git a/doc/README.mdwn b/doc/README.mdwn
index a4a38c5f..356c9304 100644
--- a/doc/README.mdwn
+++ b/doc/README.mdwn
@@ -18,12 +18,10 @@ There is fairly complete
 which includes many built-in Properties for dealing with
 [Apt](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Apt.html)
 and
-[Apache](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Apache.html)
-,
+[Apache](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Apache.html),
 [Cron](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Cron.html)
 and
-[Commands](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Cmd.html)
-,
+[Commands](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Cmd.html),
 [Dns](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Dns.html)
 and
 [Docker](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Docker.html), etc.

link to simple quickstart
diff --git a/doc/README.mdwn b/doc/README.mdwn
index a4a38c5f..6d7e6508 100644
--- a/doc/README.mdwn
+++ b/doc/README.mdwn
@@ -56,3 +56,6 @@ see [configuration for the Haskell newbie](https://propellor.branchable.com/hask
    each host becomes tiresome, you can
    [automate that](http://propellor.branchable.com/automated_spins/).
 7. Write some neat new properties and send patches!
+
+(Want to get your feet wet with propellor before plunging in?
+[[try this|forum/Simple_quickstart_without_git__44___SSH__44___GPG]])
diff --git a/doc/forum/Simple_quickstart_without_git__44___SSH__44___GPG/comment_1_031851f4a01a8a4d9fb4bd1f9ac077c8._comment b/doc/forum/Simple_quickstart_without_git__44___SSH__44___GPG/comment_1_031851f4a01a8a4d9fb4bd1f9ac077c8._comment
new file mode 100644
index 00000000..a99e83e2
--- /dev/null
+++ b/doc/forum/Simple_quickstart_without_git__44___SSH__44___GPG/comment_1_031851f4a01a8a4d9fb4bd1f9ac077c8._comment
@@ -0,0 +1,22 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-02-04T16:09:17Z"
+ content="""
+Thank you for this excellent idea and post! I've added a link to it under
+the quick start on the front page.
+
+Propellor's deployment system
+is just what happened to meet my needs, but certianly not ideal for anyone,
+and what I really like about this is it shows how the core of propellor is
+not locked into that one system.
+
+I see that `entr` automatically re-transfers the file when it has changed,
+so am I right that you could use this in combination with eg 
+`stack build --file-watch` to immediately test each change to config.hs?
+
+Do note that your method doesn't transfer over any private data that
+propellor might use on the host. And, some container properties need
+the propellor binary in /usr/local/propellor/ in order to work. 
+But until you need such properties, it's a nice way to get your feet wet.
+"""]]

add news item for propellor 5.3.1
diff --git a/doc/news/version_5.3.0.mdwn b/doc/news/version_5.3.0.mdwn
deleted file mode 100644
index 07900e0b..00000000
--- a/doc/news/version_5.3.0.mdwn
+++ /dev/null
@@ -1,16 +0,0 @@
-propellor 5.3.0 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Avoid bogus warning about new upstream version when /usr/bin/propellor
-     is run on a Debian system, but ~/.propellor was not cloned from the
-     Debian git bundle.
-   * Parted: Allow partitions to have no filesystem, for eg, GPT BIOS boot
-     partitions. (API change)
-   * Added rawPartition to PartSpec, for specifying partitions with no
-     filesystem.
-   * Added BiosGrubFlag to PartFlag.
-   * Add HasCallStack constraint to pickOS and unsupportedOS, so the
-     call stack includes the caller.
-   * Run su with --login, to avoid inheriting some problematic environment
-     variables, such as TMP, from the caller.
-   * Grub: Added properties to configure /etc/default/grub.
-   * Laptop: New module, starting with powertopAutoTuneOnBoot."""]]
\ No newline at end of file
diff --git a/doc/news/version_5.3.1.mdwn b/doc/news/version_5.3.1.mdwn
new file mode 100644
index 00000000..4f660270
--- /dev/null
+++ b/doc/news/version_5.3.1.mdwn
@@ -0,0 +1,5 @@
+propellor 5.3.1 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Last release mistakenly contained my personal branch not master.
+   * contrib/post-merge-hook documentation updated to recommend also using
+     it as a post-checkout hook, to avoid such problems."""]]
\ No newline at end of file

diff --git a/doc/forum/Simple_quickstart_without_git__44___SSH__44___GPG.mdwn b/doc/forum/Simple_quickstart_without_git__44___SSH__44___GPG.mdwn
new file mode 100644
index 00000000..d0920424
--- /dev/null
+++ b/doc/forum/Simple_quickstart_without_git__44___SSH__44___GPG.mdwn
@@ -0,0 +1,35 @@
+I wanted to start using propellor in the most simple way and the requirement to have a GPG key, signed commits, propellor updating itself, and so on was way too much to start with.
+
+So I wrote this Haskell file:
+
+
+    module Main where
+    
+    import           Propellor
+    import           Propellor.Engine
+    import qualified Propellor.Property.Apt as Apt
+    
+    main :: IO ()
+    main = mainProperties myHost
+    
+    myHost :: Host
+    myHost = host "local" $ props
+      & Apt.installed [
+          "etckeeper"
+        , "git"
+        , "rsync"
+        , "tmux"
+        , "tree"
+        , "unattended-upgrades"
+        , "zsh"
+      ]
+
+And then used the Debian package *entr* to scp the executable to a test server and have it executed there:
+
+    echo mytest-exe | entr scp /_ mytesthost:
+
+and on the test host:
+
+    echo mytest-exe | entr sudo ./mytest-exe
+
+Maybe somebody finds this useful as a starting point to learn propellor.

add news item for propellor 5.3.0
diff --git a/doc/news/version_5.2.0.mdwn b/doc/news/version_5.2.0.mdwn
deleted file mode 100644
index 8cd1edaf..00000000
--- a/doc/news/version_5.2.0.mdwn
+++ /dev/null
@@ -1,24 +0,0 @@
-propellor 5.2.0 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
- * [ Joey Hess ]
-   * bootstrappedFrom: Set up local privdata file.
-   * Parted: Fix names used for FAT and VFAT partitions.
-   * Parted: Add an Alignment parameter. (API change)
-     A good default to use is safeAlignment, which is 4MiB,
-     well suited for inexpensive flash drives, and fine for other disks too.
-     Previously, a very non-optimial 1MB (not 1MiB) alignment had been used.
-   * DiskImage: Use safeAlignment. It didn't seem worth making the
-     alignment configurable here.
-   * Fixed rounding bug in Parted.calcPartTable.
-   * DiskImage: Fix rsync crash when a mount point does not exist in the
-     chroot.
-   * Fix bug in unmountBelow that caused unmounting of nested mounts to
-     fail.
-   * Grub.boots, Grub.bootsMounted: Pass --target to grub-install.
-   * Added Propellor.Property.Installer modules, which can be used to create
-     bootable installer disk images, which then run propellor to install
-     a system. This code was extracted from the demo I gave in my
-     talk at DebConf 2017.
- * [ Sean Whitton ]
-   * Sbuild: add notes about Debian jessie hosts and backports of sbuild and
-     autopkgtest."""]]
\ No newline at end of file
diff --git a/doc/news/version_5.3.0.mdwn b/doc/news/version_5.3.0.mdwn
new file mode 100644
index 00000000..07900e0b
--- /dev/null
+++ b/doc/news/version_5.3.0.mdwn
@@ -0,0 +1,16 @@
+propellor 5.3.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Avoid bogus warning about new upstream version when /usr/bin/propellor
+     is run on a Debian system, but ~/.propellor was not cloned from the
+     Debian git bundle.
+   * Parted: Allow partitions to have no filesystem, for eg, GPT BIOS boot
+     partitions. (API change)
+   * Added rawPartition to PartSpec, for specifying partitions with no
+     filesystem.
+   * Added BiosGrubFlag to PartFlag.
+   * Add HasCallStack constraint to pickOS and unsupportedOS, so the
+     call stack includes the caller.
+   * Run su with --login, to avoid inheriting some problematic environment
+     variables, such as TMP, from the caller.
+   * Grub: Added properties to configure /etc/default/grub.
+   * Laptop: New module, starting with powertopAutoTuneOnBoot."""]]
\ No newline at end of file

Added a comment: response
diff --git a/doc/forum/__34__Unknown_host_OS__34___after_merging_recent_propellor/comment_2_8592411690ea524b65e4fba580d51ba8._comment b/doc/forum/__34__Unknown_host_OS__34___after_merging_recent_propellor/comment_2_8592411690ea524b65e4fba580d51ba8._comment
new file mode 100644
index 00000000..430c4e90
--- /dev/null
+++ b/doc/forum/__34__Unknown_host_OS__34___after_merging_recent_propellor/comment_2_8592411690ea524b65e4fba580d51ba8._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="Nicolas.Schodet"
+ avatar="http://cdn.libravatar.org/avatar/0d7ec808ec329d04ee9a93c0da3c0089"
+ subject="response"
+ date="2018-01-29T20:49:46Z"
+ content="""
+Thanks, it works :)
+
+riva4 is not configured by propellor yet, but osDebian does not touch anything so it's OK.
+"""]]

Added a comment
diff --git a/doc/forum/imageBuiltFor_mount_points_not_automatically_created/comment_19_22178bd21d8a44bdd67cad162f71c400._comment b/doc/forum/imageBuiltFor_mount_points_not_automatically_created/comment_19_22178bd21d8a44bdd67cad162f71c400._comment
new file mode 100644
index 00000000..bd34df0a
--- /dev/null
+++ b/doc/forum/imageBuiltFor_mount_points_not_automatically_created/comment_19_22178bd21d8a44bdd67cad162f71c400._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="gueux"
+ avatar="http://cdn.libravatar.org/avatar/2982bac2c2cd94ab3860efb189deafc8"
+ subject="comment 19"
+ date="2018-01-29T17:55:43Z"
+ content="""
+I tried several configurations, without success. Without a serial console, that was not fun to debug... I finally tried to boot the image with qemu, and that worked! So I thought that maybe I should try to use a MSDOS partition table instead of a GPT one, just to be sure. And that finally produced a bootable image on that damn card! :) I'll report a bug to PCEngines. It's unfortunate I can't test the GPT code more, but it would probably work, as it booted in qemu.
+
+Thanks a lot Joey!
+
+"""]]

Add HasCallStack constraint to pickOS and unsupportedOS, so the call stack includes the caller.
This commit was sponsored by Jochen Bartl on Patreon.
diff --git a/debian/changelog b/debian/changelog
index 4545bcd1..2ffe4f8c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,8 @@ propellor (5.3.0) UNRELEASED; urgency=medium
   * Added rawPartition to PartSpec, for specifying partitions with no
     filesystem.
   * Added BiosGrubFlag to PartFlag.
+  * Add HasCallStack constraint to pickOS and unsupportedOS, so the
+    call stack includes the caller.
 
  -- Joey Hess <id@joeyh.name>  Tue, 02 Jan 2018 13:06:45 -0400
 
diff --git a/doc/forum/__34__Unknown_host_OS__34___after_merging_recent_propellor/comment_1_6ed53a6752f3f88acce023a4fe1b9bf6._comment b/doc/forum/__34__Unknown_host_OS__34___after_merging_recent_propellor/comment_1_6ed53a6752f3f88acce023a4fe1b9bf6._comment
new file mode 100644
index 00000000..608bc3e2
--- /dev/null
+++ b/doc/forum/__34__Unknown_host_OS__34___after_merging_recent_propellor/comment_1_6ed53a6752f3f88acce023a4fe1b9bf6._comment
@@ -0,0 +1,27 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-01-24T16:55:19Z"
+ content="""
+This comes from something using `unsupportedOS'`, perhaps via `pickOS`.
+
+Probably it's coming from the use of `Systemd.nspawned`,
+which is going to use debootstrap to build the container,
+since the container uses debian. To use debootstrap,
+it needs to install it, and `Debootstrap.installed`
+uses `pickOS` to work out how to install it, but only supports
+installing debootstrap on linux hosts. Your riva4 host does not have its OS
+declared, leading to the failure.
+
+It seems there ought to be a way to get a deeper call
+stack, to make it easier to work this out. It's possible to build
+propellor with profiling and get a complete call stack, as shown at
+<https://wiki.haskell.org/Debugging#Stack_trace>. It might make sense for
+propellor to always be built that way. 
+
+A simpler approach is to 
+add `HasCallStack =>` constraints to `pickOS` and `unsupportedOS'`,
+so that those will have a call stack that reaches back to their
+caller, which in your case would reach back to `Debootstrap.installed`,
+which is probably enough. For now, I've made this change.
+"""]]
diff --git a/src/Propellor/Property.hs b/src/Propellor/Property.hs
index 884ee683..8c0a5859 100644
--- a/src/Propellor/Property.hs
+++ b/src/Propellor/Property.hs
@@ -55,6 +55,7 @@ import Data.Maybe
 import Data.List
 import Data.Hashable
 import Control.Applicative
+import GHC.Stack
 import Prelude
 
 import Propellor.Types
@@ -283,6 +284,7 @@ isNewerThan x y = do
 -- fail that way.
 pickOS
 	::
+		HasCallStack =>
 		( SingKind ('KProxy :: KProxy ka)
 		, SingKind ('KProxy :: KProxy kb)
 		, DemoteRep ('KProxy :: KProxy ka) ~ [MetaType]
@@ -344,7 +346,7 @@ unsupportedOS = property "unsupportedOS" unsupportedOS'
 
 -- | Throws an error, for use in `withOS` when a property is lacking
 -- support for an OS.
-unsupportedOS' :: Propellor Result
+unsupportedOS' :: HasCallStack => Propellor Result
 unsupportedOS' = go =<< getOS
 	  where
 		go Nothing = error "Unknown host OS is not supported by this property."

creating "Unknown host OS" after merging recent propellor
diff --git a/doc/forum/__34__Unknown_host_OS__34___after_merging_recent_propellor.mdwn b/doc/forum/__34__Unknown_host_OS__34___after_merging_recent_propellor.mdwn
new file mode 100644
index 00000000..8625ee00
--- /dev/null
+++ b/doc/forum/__34__Unknown_host_OS__34___after_merging_recent_propellor.mdwn
@@ -0,0 +1,43 @@
+Hello,
+
+I merged 5.2.0 into my .propellor, last merge was merging f6797bed.
+
+Since the merge, when I try to spin, I get:
+
+    riva4.ni.fr.eu.org has ipv4 91.121.114.4 ... ok
+    ** warning: Unknown host OS is not supported by this property.
+    CallStack (from HasCallStack):
+      error, called at src/Propellor/Property.hs:350:30 in main:Propellor.Property
+    riva4.ni.fr.eu.org container vz-web2 ... failed
+    riva4.ni.fr.eu.org overall ... failed
+
+I have in my config.hs:
+
+    riva4 :: Host   
+    riva4 = host "riva4.ni.fr.eu.org" $ props
+	    & ipv4 "91.121.114.4"
+	    & stdContainerSpawn "vz-web2" "2g" vzWeb2
+
+    stdContainerSpawn :: Systemd.MachineName
+		      -> String
+		      -> Systemd.Container
+		      -> Property (HasInfo + DebianLike)
+    stdContainerSpawn name size container =
+	    Lvm.lvFormatted Lvm.YesReallyFormatLogicalVolume
+		    (Lvm.LogicalVolume name (Lvm.VolumeGroup "vg0")) size
+		    Partition.EXT4
+		    `before` Fstab.mounted "auto" dev dir mempty
+		    `before` Systemd.nspawned container
+		    `describe` ("container " ++ name)
+      where 
+	    dev = "/dev/vg0" </> name
+	    dir = "/var/lib/container" </> name
+
+    vzWeb2 :: Systemd.Container
+    vzWeb2 = Systemd.debContainer "vz-web2" $ props
+	    & osDebian (Stable "stretch") X86_64
+	    & ipv4 "10.42.2.13"
+
+I reviewed all changes in propellor, but I cannot find what can cause this.
+
+How can I debug this?

Added a comment
diff --git a/doc/todo/partition_properties_should_install_e2fsprogs/comment_2_54a6e8a53221d0db2fe37703cd0a011d._comment b/doc/todo/partition_properties_should_install_e2fsprogs/comment_2_54a6e8a53221d0db2fe37703cd0a011d._comment
new file mode 100644
index 00000000..e7527bdc
--- /dev/null
+++ b/doc/todo/partition_properties_should_install_e2fsprogs/comment_2_54a6e8a53221d0db2fe37703cd0a011d._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 2"
+ date="2018-01-19T22:59:44Z"
+ content="""
+Thanks for checking this!
+"""]]

followup and close
diff --git a/doc/todo/partition_properties_should_install_e2fsprogs.mdwn b/doc/todo/partition_properties_should_install_e2fsprogs.mdwn
index 02b9491f..7232bdeb 100644
--- a/doc/todo/partition_properties_should_install_e2fsprogs.mdwn
+++ b/doc/todo/partition_properties_should_install_e2fsprogs.mdwn
@@ -1 +1,3 @@
 The e2fsprogs package is becoming non-essential in Debian.  Properties that invoke `mkfs.ext*` should start explicitly requiring that the package is installed (probably using `Apt.installed`).  --spwhitton
+
+> [[done]] seems no change needed --[[Joey]]
diff --git a/doc/todo/partition_properties_should_install_e2fsprogs/comment_1_0a6335e03587b18d5ae085f9a7bc0656._comment b/doc/todo/partition_properties_should_install_e2fsprogs/comment_1_0a6335e03587b18d5ae085f9a7bc0656._comment
new file mode 100644
index 00000000..555ae84f
--- /dev/null
+++ b/doc/todo/partition_properties_should_install_e2fsprogs/comment_1_0a6335e03587b18d5ae085f9a7bc0656._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-01-17T17:02:36Z"
+ content="""
+AFAICS, only Partition.formatted runs that, and it's always made sure to
+install e2fsprogs.
+
+Closing this, unless you know of something else that my grep didn't turn
+up.
+"""]]

fix syntax
diff --git a/doc/todo/Sbuild_and_jessie.mdwn b/doc/todo/Sbuild_and_jessie.mdwn
index 4960c5d8..d90a23a3 100644
--- a/doc/todo/Sbuild_and_jessie.mdwn
+++ b/doc/todo/Sbuild_and_jessie.mdwn
@@ -22,4 +22,4 @@ Cheers and thanks for this new Sbuild which is really nice :))
 
 Frederic
 
-:[[done]] --spwhitton
+> [[done]] --spwhitton

patch merged
diff --git a/doc/todo/Sbuild_and_jessie.mdwn b/doc/todo/Sbuild_and_jessie.mdwn
index 3786a26f..4960c5d8 100644
--- a/doc/todo/Sbuild_and_jessie.mdwn
+++ b/doc/todo/Sbuild_and_jessie.mdwn
@@ -21,3 +21,5 @@ So to my opinion the autopkgtest dependency is missing.
 Cheers and thanks for this new Sbuild which is really nice :))
 
 Frederic
+
+:[[done]] --spwhitton

rename forum/Sbuild_and_jessie.mdwn to todo/Sbuild_and_jessie.mdwn
diff --git a/doc/forum/Sbuild_and_jessie.mdwn b/doc/todo/Sbuild_and_jessie.mdwn
similarity index 100%
rename from doc/forum/Sbuild_and_jessie.mdwn
rename to doc/todo/Sbuild_and_jessie.mdwn
diff --git a/doc/forum/Sbuild_and_jessie/comment_1_31dc85774c182a583aeb1935e9fef2d6._comment b/doc/todo/Sbuild_and_jessie/comment_1_31dc85774c182a583aeb1935e9fef2d6._comment
similarity index 100%
rename from doc/forum/Sbuild_and_jessie/comment_1_31dc85774c182a583aeb1935e9fef2d6._comment
rename to doc/todo/Sbuild_and_jessie/comment_1_31dc85774c182a583aeb1935e9fef2d6._comment
diff --git a/doc/forum/Sbuild_and_jessie/comment_2_41ed6253709b18ec799624a66b9b8078._comment b/doc/todo/Sbuild_and_jessie/comment_2_41ed6253709b18ec799624a66b9b8078._comment
similarity index 100%
rename from doc/forum/Sbuild_and_jessie/comment_2_41ed6253709b18ec799624a66b9b8078._comment
rename to doc/todo/Sbuild_and_jessie/comment_2_41ed6253709b18ec799624a66b9b8078._comment
diff --git a/doc/forum/Sbuild_and_jessie/comment_3_a4d6fdbed71270d7a4ffbfe98d1aa479._comment b/doc/todo/Sbuild_and_jessie/comment_3_a4d6fdbed71270d7a4ffbfe98d1aa479._comment
similarity index 100%
rename from doc/forum/Sbuild_and_jessie/comment_3_a4d6fdbed71270d7a4ffbfe98d1aa479._comment
rename to doc/todo/Sbuild_and_jessie/comment_3_a4d6fdbed71270d7a4ffbfe98d1aa479._comment
diff --git a/doc/forum/Sbuild_and_jessie/comment_4_9e409a59abc81786481207ffbbd7c3ac._comment b/doc/todo/Sbuild_and_jessie/comment_4_9e409a59abc81786481207ffbbd7c3ac._comment
similarity index 100%
rename from doc/forum/Sbuild_and_jessie/comment_4_9e409a59abc81786481207ffbbd7c3ac._comment
rename to doc/todo/Sbuild_and_jessie/comment_4_9e409a59abc81786481207ffbbd7c3ac._comment
diff --git a/doc/forum/Sbuild_and_jessie/comment_5_6303943e3425b29b1e4727d809574cda._comment b/doc/todo/Sbuild_and_jessie/comment_5_6303943e3425b29b1e4727d809574cda._comment
similarity index 100%
rename from doc/forum/Sbuild_and_jessie/comment_5_6303943e3425b29b1e4727d809574cda._comment
rename to doc/todo/Sbuild_and_jessie/comment_5_6303943e3425b29b1e4727d809574cda._comment
diff --git a/doc/forum/Sbuild_and_jessie/comment_6_a88b331c80f57acdf55ac0c0ce3dce6f._comment b/doc/todo/Sbuild_and_jessie/comment_6_a88b331c80f57acdf55ac0c0ce3dce6f._comment
similarity index 100%
rename from doc/forum/Sbuild_and_jessie/comment_6_a88b331c80f57acdf55ac0c0ce3dce6f._comment
rename to doc/todo/Sbuild_and_jessie/comment_6_a88b331c80f57acdf55ac0c0ce3dce6f._comment
diff --git a/doc/forum/Sbuild_and_jessie/comment_7_38650a2151201eaf6f40d8becbbe8861._comment b/doc/todo/Sbuild_and_jessie/comment_7_38650a2151201eaf6f40d8becbbe8861._comment
similarity index 100%
rename from doc/forum/Sbuild_and_jessie/comment_7_38650a2151201eaf6f40d8becbbe8861._comment
rename to doc/todo/Sbuild_and_jessie/comment_7_38650a2151201eaf6f40d8becbbe8861._comment

submit bug report
diff --git a/doc/todo/partition_properties_should_install_e2fsprogs.mdwn b/doc/todo/partition_properties_should_install_e2fsprogs.mdwn
new file mode 100644
index 00000000..02b9491f
--- /dev/null
+++ b/doc/todo/partition_properties_should_install_e2fsprogs.mdwn
@@ -0,0 +1 @@
+The e2fsprogs package is becoming non-essential in Debian.  Properties that invoke `mkfs.ext*` should start explicitly requiring that the package is installed (probably using `Apt.installed`).  --spwhitton

response
diff --git a/doc/forum/Executing_a_property_within_a_explicit_CWD/comment_3_60154b98f64306e627a417905e2bef73._comment b/doc/forum/Executing_a_property_within_a_explicit_CWD/comment_3_60154b98f64306e627a417905e2bef73._comment
new file mode 100644
index 00000000..e24bc461
--- /dev/null
+++ b/doc/forum/Executing_a_property_within_a_explicit_CWD/comment_3_60154b98f64306e627a417905e2bef73._comment
@@ -0,0 +1,16 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2018-01-08T22:52:51Z"
+ content="""
+That is what I was suggesting yes.
+
+Another way to do it is using `cmdProperty'`, for example:
+
+	import Utility.Process
+	import Propellor.Property.Cmd
+
+	foo = cmdProperty' "apt-get" ["-y", "install", "gitlab"]
+		(\p -> p { cwd = Just "/tmp" })
+		`assume` MadeChange
+"""]]

Added a comment: To be sure to understand…
diff --git a/doc/forum/Executing_a_property_within_a_explicit_CWD/comment_2_b9ba322a7770ca537174795792ec0a40._comment b/doc/forum/Executing_a_property_within_a_explicit_CWD/comment_2_b9ba322a7770ca537174795792ec0a40._comment
new file mode 100644
index 00000000..aba3618f
--- /dev/null
+++ b/doc/forum/Executing_a_property_within_a_explicit_CWD/comment_2_b9ba322a7770ca537174795792ec0a40._comment
@@ -0,0 +1,18 @@
+[[!comment format=mdwn
+ username="serge1cohen@4282f0c177ae4ac2f90ceddf63d2281e1f739cb1"
+ nickname="serge1cohen"
+ avatar="http://cdn.libravatar.org/avatar/c86bcca74216ed367c91a99ff27259f0"
+ subject="To be sure to understand…"
+ date="2018-01-08T20:49:28Z"
+ content="""
+Hi again,
+
+Thanks for the swift answer. As I am not (yet ?-) an expert of either Haskell or Propellor I'd prefer to be sure before going further.
+Your proposal is to somehow «copy» the machinery of Apt.installed and Apt.reConfigure but using this time «createProcess with {cwd = whatever}». And I should find useful examples/snippets to implement this in the Property.DnsSec.forceZoneSigned sources.
+
+If I manage that I'll definitely propose a contribution on it :-)
+
+By the way, thanks for the complete system. As often elegance comes with a great quality of use !
+
+Serge.
+"""]]

response
diff --git a/doc/forum/Executing_a_property_within_a_explicit_CWD/comment_1_00e636c4ec122361213f0e1062569704._comment b/doc/forum/Executing_a_property_within_a_explicit_CWD/comment_1_00e636c4ec122361213f0e1062569704._comment
new file mode 100644
index 00000000..b898b822
--- /dev/null
+++ b/doc/forum/Executing_a_property_within_a_explicit_CWD/comment_1_00e636c4ec122361213f0e1062569704._comment
@@ -0,0 +1,15 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-01-08T18:33:06Z"
+ content="""
+Since propellor can run multiple properties at the same time
+(Propellor.Property.Concurrent), setting the CWD while running a property
+is probably not a good idea, as it would affect any other property that's
+currently running. Might be possible to fork and set CWD, 
+but haskell is not great at supporting fork w/o exec.
+
+Instead, the best way to do it is to use `createProcess` with
+`{cwd = whatever}` when your property runs apt and dpkg-reconfigure.
+See Property.DnsSec.forceZoneSigned for an example.
+"""]]

diff --git a/doc/forum/Executing_a_property_within_a_explicit_CWD.mdwn b/doc/forum/Executing_a_property_within_a_explicit_CWD.mdwn
new file mode 100644
index 00000000..e1b6ae7b
--- /dev/null
+++ b/doc/forum/Executing_a_property_within_a_explicit_CWD.mdwn
@@ -0,0 +1,11 @@
+I am trying to create a Property to install (and configure) gitlab through Propellor.
+To perform the installation and configuration I am using Apt.installed and Apt.reConfigure. When ever Propellor has to go though configuration of the package it «fails» (cf. bug report on gitlab package : 
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886657
+
+Awaiting a resolution of the bug itself, a workaround would be to perform the apt-get install or dpkg-reconfigure from a «world-readable» directory (such as /tmp or /etc or ...). Currently these properties are executed with CWD eing the propellor repository.
+
+I have looked for, but not found yet, a way to perform the work of this property within a specific directory.
+
+Thanks in advance for any help or pointers,
+
+Serge.

Added a comment: central git repository git.joeyh.name
diff --git a/doc/forum/secret-project_deliverable/comment_14_4b6959a061c468f3498005fce19019d0._comment b/doc/forum/secret-project_deliverable/comment_14_4b6959a061c468f3498005fce19019d0._comment
new file mode 100644
index 00000000..70e222fc
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_14_4b6959a061c468f3498005fce19019d0._comment
@@ -0,0 +1,82 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="central git repository git.joeyh.name"
+ date="2018-01-07T22:10:40Z"
+ content="""
+I got my copy of `secret-project` by
+
+	git clone https://git.joeyh.name/git/secret-project.git
+
+During build it tries to contact git.joeyh.name
+
+	$ propellor
+	Pull from central git repository ... done
+	Copying from /home/stappers/src/secret-project/.stack-work/install/x86_64-linux-nopie/lts-8.12/8.0.2/bin/propellor-config to /home/stappers/src/secret-project/.built/propellor-config
+	
+	Copied executables to /home/stappers/src/secret-project/.built:
+	- propellor-config
+	
+	Warning: Installation path /home/stappers/src/secret-project/.built
+	         not found on the PATH environment variable.
+	Propellor build ... done
+	[master 7d7bc07] propellor spin
+	Git commit ... done
+	error: Cannot access URL https://git.joeyh.name/git/secret-project.git/, return code 22
+	fatal: git-http-push failed
+	error: failed to push some refs to 'https://git.joeyh.name/git/secret-Push to central git repository ... failed
+	project.git'
+	Stop listening request sent.
+	Pull from central git repository ... done
+	Sending privdata (11 bytes) to paddy.gpm.stappers.nl ... done
+	remote: Counting objects: 1, done.        
+	remote: Total 1 (delta 0), reused 0 (delta 0)        
+	Sending git update to paddy.gpm.stappers.nl ... done
+	From .
+	 * branch            HEAD       -> FETCH_HEAD
+	Pull from central git repository ... done
+	Copying from /usr/local/propellor/.stack-work/install/x86_64-linux-nopie/lts-8.12/8.0.2/bin/propellor-config to /usr/local/propellor/.built/propellor-config
+	
+	Copied executables to /usr/local/propellor/.built:
+	- propellor-config
+	
+	Warning: Installation path /usr/local/propellor/.built not found on the PATH environment variable.
+	Propellor build ... done
+	Pull from central git repository ... done
+	paddy.gpm.stappers.nl has propellor bootstrapped with stack ... ok
+	paddy.gpm.stappers.nl has Operating System (Debian Linux Unstable) X86_64 ... ok
+	debian.local no services started ... ok
+	debian.local has Operating System (Debian Linux Unstable) X86_64 ... ok
+	debian.local sane hostname ... ok
+	debian.local standard sources.list ... ok
+	debian.local apt installed linux-image-amd64 ... ok
+	debian.local grub package installed ... ok
+	debian.local XFCE desktop installed ... ok
+	debian.local apt installed firefox ... ok
+	debian.local en_US.UTF-8 locale selected ... ok
+	fatal: unable to access 'https://git.joeyh.name/git/secret-project.git/': Could not resolve host: git.joeyh.name
+	debian.local has propellor bootstrapped with stack ... ok
+	debian.local Propellor bootstrapped ... failed
+	debian.local user installer in group audio ... ok
+	debian.local user installer in group cdrom ... ok
+	debian.local user installer in group dip ... ok
+	debian.local user installer in group floppy ... ok
+	debian.local user installer in group video ... ok
+	debian.local user installer in group plugdev ... ok
+	debian.local user installer in group netdev ... ok
+	debian.local user installer in group scanner ... ok
+	debian.local user installer in group lpadmin ... ok
+	debian.local has desktop user installer and not has desktop user user ... done
+	debian.local autostart installer UI ... ok
+	debian.local apt installed rsync ... ok
+	debian.local cache cleaned ... ok
+	paddy.gpm.stappers.nl built disk image /srv/installer.vmdk ... failed
+	paddy.gpm.stappers.nl overall ... failed
+	Shared connection to paddy.gpm.stappers.nl closed.
+	propellor: remote propellor failed
+	$ 
+
+How to avoid connecting to git.joeyh.name during build?
+
+"""]]

removed
diff --git a/doc/forum/secret-project_deliverable/comment_14_7296343b6f1d2906127ed138c64f82c6._comment b/doc/forum/secret-project_deliverable/comment_14_7296343b6f1d2906127ed138c64f82c6._comment
deleted file mode 100644
index 75cb4292..00000000
--- a/doc/forum/secret-project_deliverable/comment_14_7296343b6f1d2906127ed138c64f82c6._comment
+++ /dev/null
@@ -1,77 +0,0 @@
-[[!comment format=mdwn
- username="stappers@eb96885816da287c29f6f699999434d532149234"
- nickname="stappers"
- avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
- subject="central git repository git.joeyh.name"
- date="2018-01-07T22:05:10Z"
- content="""
-I got my copy of `secret-project` by
-
-
-	$ propellor
-	Pull from central git repository ... done
-	Copying from /home/stappers/src/secret-project/.stack-work/install/x86_64-linux-nopie/lts-8.12/8.0.2/bin/propellor-config to /home/stappers/src/secret-project/.built/propellor-config
-	
-	Copied executables to /home/stappers/src/secret-project/.built:
-	- propellor-config
-	
-	Warning: Installation path /home/stappers/src/secret-project/.built
-	         not found on the PATH environment variable.
-	Propellor build ... done
-	[master 7d7bc07] propellor spin
-	Git commit ... done
-	error: Cannot access URL https://git.joeyh.name/git/secret-project.git/, return code 22
-	fatal: git-http-push failed
-	error: failed to push some refs to 'https://git.joeyh.name/git/secret-Push to central git repository ... failed
-	project.git'
-	Stop listening request sent.
-	Pull from central git repository ... done
-	Sending privdata (11 bytes) to paddy.gpm.stappers.nl ... done
-	remote: Counting objects: 1, done.        
-	remote: Total 1 (delta 0), reused 0 (delta 0)        
-	Sending git update to paddy.gpm.stappers.nl ... done
-	From .
-	 * branch            HEAD       -> FETCH_HEAD
-	Pull from central git repository ... done
-	Copying from /usr/local/propellor/.stack-work/install/x86_64-linux-nopie/lts-8.12/8.0.2/bin/propellor-config to /usr/local/propellor/.built/propellor-config
-	
-	Copied executables to /usr/local/propellor/.built:
-	- propellor-config
-	
-	Warning: Installation path /usr/local/propellor/.built not found on the PATH environment variable.
-	Propellor build ... done
-	Pull from central git repository ... done
-	paddy.gpm.stappers.nl has propellor bootstrapped with stack ... ok
-	paddy.gpm.stappers.nl has Operating System (Debian Linux Unstable) X86_64 ... ok
-	debian.local no services started ... ok
-	debian.local has Operating System (Debian Linux Unstable) X86_64 ... ok
-	debian.local sane hostname ... ok
-	debian.local standard sources.list ... ok
-	debian.local apt installed linux-image-amd64 ... ok
-	debian.local grub package installed ... ok
-	debian.local XFCE desktop installed ... ok
-	debian.local apt installed firefox ... ok
-	debian.local en_US.UTF-8 locale selected ... ok
-	fatal: unable to access 'https://git.joeyh.name/git/secret-project.git/': Could not resolve host: git.joeyh.name
-	debian.local has propellor bootstrapped with stack ... ok
-	debian.local Propellor bootstrapped ... failed
-	debian.local user installer in group audio ... ok
-	debian.local user installer in group cdrom ... ok
-	debian.local user installer in group dip ... ok
-	debian.local user installer in group floppy ... ok
-	debian.local user installer in group video ... ok
-	debian.local user installer in group plugdev ... ok
-	debian.local user installer in group netdev ... ok
-	debian.local user installer in group scanner ... ok
-	debian.local user installer in group lpadmin ... ok
-	debian.local has desktop user installer and not has desktop user user ... done
-	debian.local autostart installer UI ... ok
-	debian.local apt installed rsync ... ok
-	debian.local cache cleaned ... ok
-	paddy.gpm.stappers.nl built disk image /srv/installer.vmdk ... failed
-	paddy.gpm.stappers.nl overall ... failed
-	Shared connection to paddy.gpm.stappers.nl closed.
-	propellor: remote propellor failed
-	$ 
-
-"""]]

Added a comment: central git repository git.joeyh.name
diff --git a/doc/forum/secret-project_deliverable/comment_14_7296343b6f1d2906127ed138c64f82c6._comment b/doc/forum/secret-project_deliverable/comment_14_7296343b6f1d2906127ed138c64f82c6._comment
new file mode 100644
index 00000000..75cb4292
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_14_7296343b6f1d2906127ed138c64f82c6._comment
@@ -0,0 +1,77 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="central git repository git.joeyh.name"
+ date="2018-01-07T22:05:10Z"
+ content="""
+I got my copy of `secret-project` by
+
+
+	$ propellor
+	Pull from central git repository ... done
+	Copying from /home/stappers/src/secret-project/.stack-work/install/x86_64-linux-nopie/lts-8.12/8.0.2/bin/propellor-config to /home/stappers/src/secret-project/.built/propellor-config
+	
+	Copied executables to /home/stappers/src/secret-project/.built:
+	- propellor-config
+	
+	Warning: Installation path /home/stappers/src/secret-project/.built
+	         not found on the PATH environment variable.
+	Propellor build ... done
+	[master 7d7bc07] propellor spin
+	Git commit ... done
+	error: Cannot access URL https://git.joeyh.name/git/secret-project.git/, return code 22
+	fatal: git-http-push failed
+	error: failed to push some refs to 'https://git.joeyh.name/git/secret-Push to central git repository ... failed
+	project.git'
+	Stop listening request sent.
+	Pull from central git repository ... done
+	Sending privdata (11 bytes) to paddy.gpm.stappers.nl ... done
+	remote: Counting objects: 1, done.        
+	remote: Total 1 (delta 0), reused 0 (delta 0)        
+	Sending git update to paddy.gpm.stappers.nl ... done
+	From .
+	 * branch            HEAD       -> FETCH_HEAD
+	Pull from central git repository ... done
+	Copying from /usr/local/propellor/.stack-work/install/x86_64-linux-nopie/lts-8.12/8.0.2/bin/propellor-config to /usr/local/propellor/.built/propellor-config
+	
+	Copied executables to /usr/local/propellor/.built:
+	- propellor-config
+	
+	Warning: Installation path /usr/local/propellor/.built not found on the PATH environment variable.
+	Propellor build ... done
+	Pull from central git repository ... done
+	paddy.gpm.stappers.nl has propellor bootstrapped with stack ... ok
+	paddy.gpm.stappers.nl has Operating System (Debian Linux Unstable) X86_64 ... ok
+	debian.local no services started ... ok
+	debian.local has Operating System (Debian Linux Unstable) X86_64 ... ok
+	debian.local sane hostname ... ok
+	debian.local standard sources.list ... ok
+	debian.local apt installed linux-image-amd64 ... ok
+	debian.local grub package installed ... ok
+	debian.local XFCE desktop installed ... ok
+	debian.local apt installed firefox ... ok
+	debian.local en_US.UTF-8 locale selected ... ok
+	fatal: unable to access 'https://git.joeyh.name/git/secret-project.git/': Could not resolve host: git.joeyh.name
+	debian.local has propellor bootstrapped with stack ... ok
+	debian.local Propellor bootstrapped ... failed
+	debian.local user installer in group audio ... ok
+	debian.local user installer in group cdrom ... ok
+	debian.local user installer in group dip ... ok
+	debian.local user installer in group floppy ... ok
+	debian.local user installer in group video ... ok
+	debian.local user installer in group plugdev ... ok
+	debian.local user installer in group netdev ... ok
+	debian.local user installer in group scanner ... ok
+	debian.local user installer in group lpadmin ... ok
+	debian.local has desktop user installer and not has desktop user user ... done
+	debian.local autostart installer UI ... ok
+	debian.local apt installed rsync ... ok
+	debian.local cache cleaned ... ok
+	paddy.gpm.stappers.nl built disk image /srv/installer.vmdk ... failed
+	paddy.gpm.stappers.nl overall ... failed
+	Shared connection to paddy.gpm.stappers.nl closed.
+	propellor: remote propellor failed
+	$ 
+
+"""]]

PTUUID
diff --git a/doc/todo/removable_drive_partitioning_and_install.mdwn b/doc/todo/removable_drive_partitioning_and_install.mdwn
index ac270109..e88673c3 100644
--- a/doc/todo/removable_drive_partitioning_and_install.mdwn
+++ b/doc/todo/removable_drive_partitioning_and_install.mdwn
@@ -25,12 +25,29 @@ Open design questions:
 
   Question: When using microsd card adapter, does the serial number pass
   through so different microsds can be distinguished?
+
   > Checked this, and two microsd card adapters from different
   > manufacturers with different microsd cards have the same by-id.
   > Those must have no serial number..
   > 
   > Also, a USB SD/microSD reader had the same by-id for multiple cards.
 
+  > > For disks with a MBR, there's a disk identifier / volume id, 
+  > > which should uniquely identify that disk,
+  > > as long as propellor does not overwrite the MBR when imaging it.
+  > > And, GPT has a similar disk GUID.
+  > >
+  > > /dev/disk/by-partuuid exposes this. Some documentation suggests
+  > > it's GPT-only, but my laptop is not GPT and its MBR disk identifier
+  > > shows up there. Oddly, that points to /dev/sda1 and not /dev/sda.
+  > >
+  > > blkid can also display it, as the PTUUID, which works for
+  > > both GPT and MBT.
+  > > --[[Joey]]
+
+	root@darkstar:/home/joey>blkid /dev/sda
+	/dev/sda: PTUUID="d0497bc6" PTTYPE="dos"
+
 * Should an already imaged drive be updated incrementally or re-imaged?
   Seems both cases would be useful, the former especially for incrementally
   configuring it, the latter to bring it up from a clean state.

update
diff --git a/doc/todo/removable_drive_partitioning_and_install.mdwn b/doc/todo/removable_drive_partitioning_and_install.mdwn
index 891c3b92..ac270109 100644
--- a/doc/todo/removable_drive_partitioning_and_install.mdwn
+++ b/doc/todo/removable_drive_partitioning_and_install.mdwn
@@ -28,6 +28,8 @@ Open design questions:
   > Checked this, and two microsd card adapters from different
   > manufacturers with different microsd cards have the same by-id.
   > Those must have no serial number..
+  > 
+  > Also, a USB SD/microSD reader had the same by-id for multiple cards.
 
 * Should an already imaged drive be updated incrementally or re-imaged?
   Seems both cases would be useful, the former especially for incrementally

changes to allow GPT BIOS boot partitions
* Parted: Allow partitions to have no filesystem, for eg, GPT BIOS boot
partitions. (API change)
* Added rawPartition to PartSpec, for specifying partitions with no
filesystem.
* Added BiosGrubFlag to PartFlag.
Note that man parted does not list the "bios_boot" flag, but I found it in
its html documentation. Other flags may also be missing.
This commit was sponsored by Boyd Stephen Smith Jr. on Patreon.
diff --git a/debian/changelog b/debian/changelog
index 8923b94a..4545bcd1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,13 @@
-propellor (5.2.1) UNRELEASED; urgency=medium
+propellor (5.3.0) UNRELEASED; urgency=medium
 
   * Avoid bogus warning about new upstream version when /usr/bin/propellor
     is run on a Debian system, but ~/.propellor was not cloned from the
     Debian git bundle.
+  * Parted: Allow partitions to have no filesystem, for eg, GPT BIOS boot
+    partitions. (API change)
+  * Added rawPartition to PartSpec, for specifying partitions with no
+    filesystem.
+  * Added BiosGrubFlag to PartFlag.
 
  -- Joey Hess <id@joeyh.name>  Tue, 02 Jan 2018 13:06:45 -0400
 
diff --git a/doc/forum/imageBuiltFor_mount_points_not_automatically_created/comment_18_adea3a8a65cf954a5244bbb47a1636e4._comment b/doc/forum/imageBuiltFor_mount_points_not_automatically_created/comment_18_adea3a8a65cf954a5244bbb47a1636e4._comment
new file mode 100644
index 00000000..8a9a380e
--- /dev/null
+++ b/doc/forum/imageBuiltFor_mount_points_not_automatically_created/comment_18_adea3a8a65cf954a5244bbb47a1636e4._comment
@@ -0,0 +1,26 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 18"""
+ date="2018-01-06T17:51:05Z"
+ content="""
+I don't know much about GPT boot stuff. I found mention of a BIOS boot
+partition for GPT here:
+
+<https://help.ubuntu.com/community/DiskSpace>
+
+So, 1 mb partition with no filesystem and a "bios_grub" flag.
+
+Propellor's partitioning DSL will need to be extended in order to
+support that. Currently, `Partition` has a `Fs` that is one of the common
+filesystems or swap. Now we need no filesystem, so either add a NoFs to Fs,
+or change it to use `Maybe Fs`. I chose the latter, because with NoFs,
+Partition.formatted would be a no-op, which would be kinda surprising.
+
+I've made a commit adding all the stuff you should need, but I have not
+tested making a BIOS boot partition with it. Should look
+something like this:
+
+	& hasPartition (rawPartition (MegaBytes 1) `setFlag` BiosGrubFlag)
+
+If you get it working, it would be good to add an example to propellor's docs.
+"""]]
diff --git a/src/Propellor/Property/DiskImage.hs b/src/Propellor/Property/DiskImage.hs
index 24459476..289de151 100644
--- a/src/Propellor/Property/DiskImage.hs
+++ b/src/Propellor/Property/DiskImage.hs
@@ -420,7 +420,7 @@ imageFinalized final img mnts mntopts devs (PartTable _ _ parts) =
 	orderedmntsdevs = sortBy (compare `on` fst) $ zip mnts (zip mntopts devs)
 
 	swaps = map (SwapPartition . partitionLoopDev . snd) $
-		filter ((== LinuxSwap) . partFs . fst) $
+		filter ((== Just LinuxSwap) . partFs . fst) $
 			zip parts devs
 
 	mountall top = forM_ orderedmntsdevs $ \(mp, (mopts, loopdev)) -> case mp of
diff --git a/src/Propellor/Property/DiskImage/PartSpec.hs b/src/Propellor/Property/DiskImage/PartSpec.hs
index 942cfa3e..b78e4280 100644
--- a/src/Propellor/Property/DiskImage/PartSpec.hs
+++ b/src/Propellor/Property/DiskImage/PartSpec.hs
@@ -9,6 +9,7 @@ module Propellor.Property.DiskImage.PartSpec (
 	partition,
 	-- * PartSpec combinators
 	swapPartition,
+	rawPartition,
 	mountedAt,
 	addFreeSpace,
 	setSize,
@@ -48,11 +49,15 @@ import Data.Ord
 -- The partition is not mounted anywhere by default; use the combinators
 -- below to configure it.
 partition :: Monoid t => Fs -> PartSpec t
-partition fs = (Nothing, mempty, mkPartition fs, mempty)
+partition fs = (Nothing, mempty, mkPartition (Just fs), mempty)
 
 -- | Specifies a swap partition of a given size.
 swapPartition :: Monoid t => PartSize -> PartSpec t
-swapPartition sz = (Nothing, mempty, const (mkPartition LinuxSwap sz), mempty)
+swapPartition sz = (Nothing, mempty, const (mkPartition (Just LinuxSwap) sz), mempty)
+
+-- | Specifies a partition without any filesystem, of a given size.
+rawPartition :: Monoid t => PartSize -> PartSpec t
+rawPartition sz = (Nothing, mempty, const (mkPartition Nothing sz), mempty)
 
 -- | Specifies where to mount a partition.
 mountedAt :: PartSpec t -> MountPoint -> PartSpec t
diff --git a/src/Propellor/Property/Installer/Target.hs b/src/Propellor/Property/Installer/Target.hs
index 62ec4082..80e660ad 100644
--- a/src/Propellor/Property/Installer/Target.hs
+++ b/src/Propellor/Property/Installer/Target.hs
@@ -246,10 +246,10 @@ fstabLists userinput (TargetPartTable _ partspecs) = setup <!> doNothing
 	
 	partitions = map (\(mp, _, mkpart, _) -> (mp, mkpart mempty)) partspecs
 	mnts = mapMaybe fst $
-		filter (\(_, p) -> partFs p /= LinuxSwap) partitions
+		filter (\(_, p) -> partFs p /= Just LinuxSwap && partFs p /= Nothing) partitions
 	swaps targetdev = 
 		map (Fstab.SwapPartition . diskPartition targetdev . snd) $
-			filter (\((_, p), _) -> partFs p == LinuxSwap)
+			filter (\((_, p), _) -> partFs p == Just LinuxSwap)
 				(zip partitions partNums)
 
 -- | Make the target bootable using whatever bootloader is installed on it.
diff --git a/src/Propellor/Property/Parted.hs b/src/Propellor/Property/Parted.hs
index 97cf815e..81b84972 100644
--- a/src/Propellor/Property/Parted.hs
+++ b/src/Propellor/Property/Parted.hs
@@ -62,8 +62,10 @@ partitioned eep disk parttable@(PartTable _ _ parts) = property' desc $ \w -> do
   where
 	desc = disk ++ " partitioned"
 	formatl devs = combineProperties desc (toProps $ map format (zip parts devs))
-	format (p, dev) = Partition.formatted' (partMkFsOpts p)
-		Partition.YesReallyFormatPartition (partFs p) dev
+	format (p, dev) = case partFs p of
+		Just fs -> Partition.formatted' (partMkFsOpts p)
+			Partition.YesReallyFormatPartition fs dev
+		Nothing -> doNothing
 
 -- | Gets the total size of the disk specified by the partition table.
 partTableSize :: PartTable -> ByteSize
@@ -81,12 +83,12 @@ calcPartedParamsSize (PartTable tabletype alignment parts) =
 		, pval f
 		, pval b
 		]
-	mkpart partnum startpos endpos p =
-		[ "mkpart"
-		, pval (partType p)
-		, pval (partFs p)
-		, partposexact startpos
-		, partposfuzzy endpos
+	mkpart partnum startpos endpos p = catMaybes
+		[ Just "mkpart"
+		, Just $ pval (partType p)
+		, fmap pval (partFs p)
+		, Just $ partposexact startpos
+		, Just $ partposfuzzy endpos
 		] ++ case partName p of
 			Just n -> ["name", show partnum, n]
 			Nothing -> []
diff --git a/src/Propellor/Property/Parted/Types.hs b/src/Propellor/Property/Parted/Types.hs
index e5c62739..cfd8760d 100644
--- a/src/Propellor/Property/Parted/Types.hs
+++ b/src/Propellor/Property/Parted/Types.hs
@@ -31,7 +31,7 @@ instance Monoid PartTable where
 data Partition = Partition
 	{ partType :: PartType
 	, partSize :: PartSize
-	, partFs :: Partition.Fs
+	, partFs :: Maybe Partition.Fs
 	, partMkFsOpts :: Partition.MkfsOpts
 	, partFlags :: [(PartFlag, Bool)] -- ^ flags can be set or unset (parted may set some flags by default)
 	, partName :: Maybe String -- ^ optional name for partition (only works for GPT, PC98, MAC)
@@ -39,7 +39,7 @@ data Partition = Partition
 	deriving (Show)
 
 -- | Makes a Partition with defaults for non-important values.
-mkPartition :: Partition.Fs -> PartSize -> Partition
+mkPartition :: Maybe Partition.Fs -> PartSize -> Partition
 mkPartition fs sz = Partition
 	{ partType = Primary
 	, partSize = sz
@@ -105,7 +105,7 @@ fromAlignment :: Alignment -> ByteSize
 fromAlignment (Alignment n) = n
 
 -- | Flags that can be set on a partition.
-data PartFlag = BootFlag | RootFlag | SwapFlag | HiddenFlag | RaidFlag | LvmFlag | LbaFlag | LegacyBootFlag | IrstFlag | EspFlag | PaloFlag
+data PartFlag = BootFlag | RootFlag | SwapFlag | HiddenFlag | RaidFlag | LvmFlag | LbaFlag | LegacyBootFlag | IrstFlag | EspFlag | PaloFlag | BiosGrubFlag
 	deriving (Show)
 
 instance PartedVal PartFlag where
@@ -120,6 +120,7 @@ instance PartedVal PartFlag where
 	pval IrstFlag = "irst"
 	pval EspFlag = "esp"
 	pval PaloFlag = "palo"
+	pval BiosGrubFlag = "bios_grub"
 
 instance PartedVal Bool where
 	pval True = "on"

response
diff --git a/doc/todo/etckeeper/comment_5_af3b29e3e066c05e4b5a0004f0e57926._comment b/doc/todo/etckeeper/comment_5_af3b29e3e066c05e4b5a0004f0e57926._comment
new file mode 100644
index 00000000..11e59e2c
--- /dev/null
+++ b/doc/todo/etckeeper/comment_5_af3b29e3e066c05e4b5a0004f0e57926._comment
@@ -0,0 +1,18 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 5"""
+ date="2018-01-06T17:38:34Z"
+ content="""
+I avoid those warnings with properties that clone dotfiles repos containing
+.gitconfig for root and users who can sudo.
+
+It would be fine to have a property to configure them in
+/etckeeper/.git/config, if you wanted to write it.
+I think this would do it:
+
+	Git.repoConfigured "/etc/" ("user.name", "whatever")
+	Git.repoConfigured "/etc/" ("user.email", "whatever@whatever")
+
+Those would only be used when the user running etckeeper has not configured
+it in their own ~/.gitconfig
+"""]]

Added a comment
diff --git a/doc/todo/etckeeper/comment_4_f4f9f3e3d7c81e631aaec45fdd17dfe8._comment b/doc/todo/etckeeper/comment_4_f4f9f3e3d7c81e631aaec45fdd17dfe8._comment
new file mode 100644
index 00000000..e6755e2c
--- /dev/null
+++ b/doc/todo/etckeeper/comment_4_f4f9f3e3d7c81e631aaec45fdd17dfe8._comment
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="gueux"
+ avatar="http://cdn.libravatar.org/avatar/2982bac2c2cd94ab3860efb189deafc8"
+ subject="comment 4"
+ date="2018-01-06T09:24:04Z"
+ content="""
+I think I was thinking at least about configuring git to prevent
+
+    Your name and email address were configured automatically based
+    on your username and hostname. Please check that they are accurate.
+    You can suppress this message by setting them explicitly. Run the
+    following command and follow the instructions in your editor to edit
+    your configuration file:
+        git config --global --edit
+    After doing this, you may fix the identity used for this commit with:
+        git commit --amend --reset-author
+
+messages. I can live with these, though. So I guess you're right, `Apt.installed [\"etckeeper\"]` is enough.
+"""]]

Added a comment
diff --git a/doc/forum/imageBuiltFor_mount_points_not_automatically_created/comment_17_0c1349784ba28b6fbbd833e76d5075b3._comment b/doc/forum/imageBuiltFor_mount_points_not_automatically_created/comment_17_0c1349784ba28b6fbbd833e76d5075b3._comment
new file mode 100644
index 00000000..994d432c
--- /dev/null
+++ b/doc/forum/imageBuiltFor_mount_points_not_automatically_created/comment_17_0c1349784ba28b6fbbd833e76d5075b3._comment
@@ -0,0 +1,24 @@
+[[!comment format=mdwn
+ username="gueux"
+ avatar="http://cdn.libravatar.org/avatar/2982bac2c2cd94ab3860efb189deafc8"
+ subject="comment 17"
+ date="2018-01-05T17:57:40Z"
+ content="""
+As the config with Grub.EFI64 didn't boot, I'd like to be sure that Grub.MSDOS does not boot either. But GPT tables seem to need a BIOS Boot partition:
+
+    creating /srv/router.img of size 1.67 gigabytes
+    mkfs.fat 4.1 (2017-01-24)
+    loop deleted : /dev/loop0
+         26,473,509 100%  206.69MB/s    0:00:00 (xfr#5, to-chk=0/7)
+        772,611,350  99%   60.26MB/s    0:00:12 (xfr#26272, to-chk=0/33603)   
+    update-initramfs: Generating /boot/initrd.img-4.9.0-5-amd64
+    Generating grub configuration file ...
+    Found linux image: /boot/vmlinuz-4.9.0-5-amd64
+    Found initrd image: /boot/initrd.img-4.9.0-5-amd64
+    done
+    Installing for i386-pc platform.
+    grub-install: warning: this GPT partition label contains no BIOS Boot Partition; embedding won't be possible.
+    grub-install: warning: Embedding is not possible.  GRUB can only be installed in this setup by using blocklists.  However, blocklists are UNRELIABLE and their use is discouraged..
+    grub-install: error: will not proceed with blocklists.
+
+"""]]

Added a comment
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_8_28c9fe9c8acef04998c885161748ad49._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_8_28c9fe9c8acef04998c885161748ad49._comment
new file mode 100644
index 00000000..0317b488
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_8_28c9fe9c8acef04998c885161748ad49._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 8"
+ date="2018-01-05T08:49:56Z"
+ content="""
+Sweet!  Thanks again!
+"""]]

update
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_7_f54ff51d2e413f0bbd534470b4b3b5a6._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_7_f54ff51d2e413f0bbd534470b4b3b5a6._comment
new file mode 100644
index 00000000..5423db28
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_7_f54ff51d2e413f0bbd534470b4b3b5a6._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 7"""
+ date="2018-01-04T18:49:14Z"
+ content="""
+@spwhitton, ah but in that case you have a remote named "upstream", so
+it can assume you don't want it messing with upstream/master. Done!
+"""]]

Added a comment
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_6_ee440c1ceab7875ad6375b38f4580f08._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_6_ee440c1ceab7875ad6375b38f4580f08._comment
new file mode 100644
index 00000000..d867906e
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_6_ee440c1ceab7875ad6375b38f4580f08._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 6"
+ date="2018-01-03T14:46:48Z"
+ content="""
+Thanks for this fix!  However, in my case I am going to have to do `git remote rename upstream joey` ;)
+"""]]

comment
diff --git a/doc/forum/secret-project_deliverable/comment_13_bdb28cfa4990d60f6767fd857a7398d5._comment b/doc/forum/secret-project_deliverable/comment_13_bdb28cfa4990d60f6767fd857a7398d5._comment
new file mode 100644
index 00000000..e7a110bc
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_13_bdb28cfa4990d60f6767fd857a7398d5._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 13"""
+ date="2018-01-02T21:21:49Z"
+ content="""
+Yes, I also found it kind of annoying to need to move /usr/local/propellor
+out of the way when I was working on secret-project. This is why I'd like
+it to be usable without propellor --spin so that directory would not be
+used, but until the bug with that can be fixed, you can't work on
+secret-project with an unrelated other propellor config at the same time.
+"""]]

Added a comment: buid should be build
diff --git a/doc/forum/secret-project_deliverable/comment_12_edebbe9056d9dad486c24f3ce226366c._comment b/doc/forum/secret-project_deliverable/comment_12_edebbe9056d9dad486c24f3ce226366c._comment
new file mode 100644
index 00000000..43f2dff5
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_12_edebbe9056d9dad486c24f3ce226366c._comment
@@ -0,0 +1,15 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="buid should be  build"
+ date="2018-01-02T20:46:53Z"
+ content="""
+The
+
+    special buid with stack
+
+in previous comment should have been
+
+    special build with stack
+"""]]

Added a comment: two git repos and one /usr/local/propellor
diff --git a/doc/forum/secret-project_deliverable/comment_11_9cbcee2364a499206d5329c5a88a1211._comment b/doc/forum/secret-project_deliverable/comment_11_9cbcee2364a499206d5329c5a88a1211._comment
new file mode 100644
index 00000000..be3346e3
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_11_9cbcee2364a499206d5329c5a88a1211._comment
@@ -0,0 +1,73 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="two git repos and one /usr/local/propellor"
+ date="2018-01-02T20:43:54Z"
+ content="""
+Perhaps I don't understand the secret-project and its special buid with stack.
+
+
+I have a git repo in `~/.propellor` and I have a git repo in `~/src/secret-project`.
+
+
+In the ~/secret-project directory
+
+	$ propellor
+	Pull from central git repository ... done
+	Copying from /home/stappers/src/secret-project/.stack-work/install/x86_64-linux-nopie/lts-8.12/8.0.2/bin/propellor-config to /home/stappers/src/secret-project/.built/propellor-config
+	
+	Copied executables to /home/stappers/src/secret-project/.built:
+	- propellor-config
+	
+	Warning: Installation path /home/stappers/src/secret-project/.built
+	         not found on the PATH environment variable.
+	Propellor build ... done
+	[master fb46460] propellor spin
+	Git commit ... done
+	error: Cannot access URL https://git.joeyh.name/git/secret-project.git/, return code 22
+	fatal: git-http-push failed
+	error: failed to push some refs to 'https://git.joeyh.name/git/secret-project.git'
+	Push to central git repository ... failed
+	Pull from central git repository ... done
+	** warning: git branch origin/master is not signed with a trusted gpg key; refusing to deploy it! (Running with previous configuration instead.)
+	Sending privdata (11 bytes) to paddy.gpm.stappers.nl ... done
+	remote: Counting objects: 6, done.        
+	remote: Compressing objects: 100% (6/6), done.        
+	remote: Total 6 (delta 4), reused 0 (delta 0)        
+	Sending git update to paddy.gpm.stappers.nl ... done
+	From .
+	 * branch            HEAD       -> FETCH_HEAD
+	fatal: refusing to merge unrelated histories
+	** error: git merge from client failed
+	propellor: Cannot continue!
+	CallStack (from HasCallStack):
+	  error, called at src/Propellor/Message.hs:143:9 in main:Propellor.Message
+	propellor: user error (ssh [\"-o\",\"ControlPath=/home/stappers/.ssh/propellor/paddy.gpm.stappers.nl.sock\",
+		\"-o\",\"ControlMaster=auto\",
+		\"-o\",\"ControlPersist=yes\",
+		\"root@paddy.gpm.stappers.nl\",
+		\"sh -c 'if [ ! -d /usr/local/propellor/.git ] ;
+			 then (if ! git --version >/dev/null 2>&1;
+			 then apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -qq --no-install-recommends --no-upgrade -y install git;
+			 fi && echo STATUSNeedGitClone) || echo STATUSNeedPrecompiled ;
+			 else cd /usr/local/propellor && if ! stack build --dry-run >/dev/null 2>&1;
+			 then ( apt-get update ;
+			 DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install gnupg ;
+			 DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install haskell-stack ;
+			 stack setup ;
+			 stack build --only-dependencies :propellor-config) || true;
+			 fi&& if ! test -x ./propellor;
+			 then stack build :propellor-config && ln -sf $(stack path --dist-dir)/build/propellor-config/propellor-config propellor;
+			 fi;
+			if test -x ./propellor && ! ./propellor --check;
+			 then stack clean && stack build :propellor-config && ln -sf $(stack path --dist-dir)/build/propellor-config/propellor-config propellor;
+			 fi && ./propellor --boot paddy.gpm.stappers.nl ;
+			 fi'\"] exited 1)
+	stappers@paddy:~/src/secret-project
+	$
+
+
+The `/usr/local/propellor/` has already a  .git directory from  ~/.propellor ...
+
+"""]]

Added a comment: unstuck
diff --git a/doc/forum/secret-project_deliverable/comment_10_df12578135263d7e0a42415532cb04e3._comment b/doc/forum/secret-project_deliverable/comment_10_df12578135263d7e0a42415532cb04e3._comment
new file mode 100644
index 00000000..a3d93892
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_10_df12578135263d7e0a42415532cb04e3._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="unstuck"
+ date="2018-01-02T20:20:24Z"
+ content="""
+After removing the `.stack-work` directory I got beyond the Installer.Types error.
+
+
+"""]]

comment
diff --git a/doc/forum/secret-project_deliverable/comment_9_4a6e1a53f5bf5b72aaafba3a7dd45346._comment b/doc/forum/secret-project_deliverable/comment_9_4a6e1a53f5bf5b72aaafba3a7dd45346._comment
new file mode 100644
index 00000000..c9f45ac3
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_9_4a6e1a53f5bf5b72aaafba3a7dd45346._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 9"""
+ date="2018-01-02T17:14:23Z"
+ content="""
+Since propellor 5.2.0 certianly *does* include the Propellor.Property.Installer.Types
+module, I guess you either have a somehow lost file on your local system
+there, or perhaps you installed a unreleased version of propellor 5.2.0
+from git before that file was added to it.
+"""]]

avoid bogus warning
Avoid bogus warning about new upstream version when /usr/bin/propellor is
run on a Debian system, but ~/.propellor was not cloned from the Debian git
bundle.
diff --git a/debian/changelog b/debian/changelog
index f4204e06..8923b94a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+propellor (5.2.1) UNRELEASED; urgency=medium
+
+  * Avoid bogus warning about new upstream version when /usr/bin/propellor
+    is run on a Debian system, but ~/.propellor was not cloned from the
+    Debian git bundle.
+
+ -- Joey Hess <id@joeyh.name>  Tue, 02 Jan 2018 13:06:45 -0400
+
 propellor (5.2.0) unstable; urgency=medium
 
   [ Joey Hess ]
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_5_af7919be09eb454b2dca235ede03008f._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_5_af7919be09eb454b2dca235ede03008f._comment
new file mode 100644
index 00000000..157e7803
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_5_af7919be09eb454b2dca235ede03008f._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 5"""
+ date="2018-01-02T17:08:07Z"
+ content="""
+@spwhitton ah, I had not noticed that case. I found a way to avoid the
+unncessary warning in that case; since there's no upstream/master ref when
+~/.propellor has not been cloned from the debian git bundle, it can detect
+that and avoid warning. Done so.
+"""]]
diff --git a/src/Propellor/DotDir.hs b/src/Propellor/DotDir.hs
index e9253b87..200625e8 100644
--- a/src/Propellor/DotDir.hs
+++ b/src/Propellor/DotDir.hs
@@ -358,7 +358,7 @@ checkRepoUpToDate = whenM (gitbundleavail <&&> dotpropellorpopulated) $ do
 		withQuietOutput createProcessSuccess $
 			proc "git" ["log", headrev]
 	if (headknown == Nothing)
-		then setupUpstreamMaster headrev
+		then updateUpstreamMaster headrev
 		else do
 			theirhead <- getCurrentGitSha1 =<< getCurrentBranchRef
 			when (theirhead /= headrev) $ do
@@ -372,26 +372,29 @@ checkRepoUpToDate = whenM (gitbundleavail <&&> dotpropellorpopulated) $ do
 		d <- dotPropellor
 		doesFileExist (d </> "propellor.cabal")
 
--- Makes upstream/master in dotPropellor be a usefully mergeable branch.
+-- Updates upstream/master in dotPropellor so merging from it will update
+-- to the latest distrepo.
 --
--- We cannot just use origin/master, because in the case of a distrepo,
--- it only contains 1 commit. So, trying to merge with it will result
--- in lots of merge conflicts, since git cannot find a common parent
--- commit.
+-- We cannot just fetch the distrepo because the distrepo contains only 
+-- 1 commit. So, trying to merge with it will result in lots of merge
+-- conflicts, since git cannot find a common parent commit.
 --
--- Instead, the upstream/master branch is created by taking the
+-- Instead, the upstream/master branch is updated by taking the
 -- upstream/master branch (which must be an old version of propellor,
 -- as distributed), and diffing from it to the current origin/master,
 -- and committing the result. This is done in a temporary clone of the
 -- repository, giving it a new master branch. That new branch is fetched
 -- into the user's repository, as if fetching from a upstream remote,
 -- yielding a new upstream/master branch.
-setupUpstreamMaster :: String -> IO ()
-setupUpstreamMaster newref = do
+--
+-- If there's no upstream/master, the user is not using the distrepo,
+-- so does nothing.
+updateUpstreamMaster :: String -> IO ()
+updateUpstreamMaster newref = do
 	changeWorkingDirectory =<< dotPropellor
 	go =<< catchMaybeIO getoldrev
   where
-	go Nothing = warnoutofdate False
+	go Nothing = return ()
 	go (Just oldref) = do
 		let tmprepo = ".git/propellordisttmp"
 		let cleantmprepo = void $ catchMaybeIO $ removeDirectoryRecursive tmprepo

fixed
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_4_93c97f8767a7ae3b9795aea051b0e77e._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_4_93c97f8767a7ae3b9795aea051b0e77e._comment
new file mode 100644
index 00000000..73dd3fec
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_4_93c97f8767a7ae3b9795aea051b0e77e._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 4"""
+ date="2018-01-02T16:36:32Z"
+ content="""
+Ah I see, it was mixing concurrent output with unbuffered output, which in
+this case caused the related messages to appear separated. Fixed that.
+"""]]

Added a comment: Progress
diff --git a/doc/forum/to_teach_propellor_about_other_ARM_boards/comment_1_70f9d9442616144d6f862c81516e721b._comment b/doc/forum/to_teach_propellor_about_other_ARM_boards/comment_1_70f9d9442616144d6f862c81516e721b._comment
new file mode 100644
index 00000000..e1a7ee2c
--- /dev/null
+++ b/doc/forum/to_teach_propellor_about_other_ARM_boards/comment_1_70f9d9442616144d6f862c81516e721b._comment
@@ -0,0 +1,18 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="Progress"
+ date="2018-01-02T14:19:53Z"
+ content="""
+Hi,
+
+FYI  I'm making progress in teaching propellor about other ARM boards.
+
+What I have done is deleting `~/.propellor/` and creating a new one.
+
+The new one is a full .propellor repository.
+
+
+See also <http://propellor.branchable.com/components/>
+"""]]

diff --git a/doc/forum/to_teach_propellor_about_other_ARM_boards.mdwn b/doc/forum/to_teach_propellor_about_other_ARM_boards.mdwn
new file mode 100644
index 00000000..aef3c59f
--- /dev/null
+++ b/doc/forum/to_teach_propellor_about_other_ARM_boards.mdwn
@@ -0,0 +1,33 @@
+Inspirated by <http://joeyh.name/blog/entry/custom_ARM_disk_image_generation_with_propellor/>
+I started to teach propellor about other ARM boards.
+(After having a clean build for a supported ARM board)
+
+
+Using two directories, a `~/.propellor` with my hosts and `src/propellor` with propellor source code.
+
+In the code directory I modified `src/Propellor/Property/Machine.hs`,
+compiled with `debuild -uc -us` and installed with `dpkg -i ../propellor*.deb`.
+
+Then using my hosts directory to get a WTF moment
+
+	$ propellor --spin paddy.gpm.stappers.nl
+	Auto-merging src/Propellor/Property/Machine.hs
+	Auto-merging propellor.cabal
+	Auto-merging debian/changelog
+	Auto-merging config.hs
+	CONFLICT (add/add): Merge conflict in config.hs
+	Automatic merge failed; fix conflicts and then commit the result.
+	propellor: Failed to run git ["merge","279b9267952b598914037983f74606d4f9c4ff6e","-s",
+		"recursive","-Xtheirs","--quiet","-m","merging upstream version"
+		,"--allow-unrelated-histories"]
+	CallStack (from HasCallStack):
+	  error, called at src/Propellor/DotDir.hs:425:17 in main:Propellor.DotDir
+
+
+What did connect both directories and why?
+
+
+More important:
+
+What directory setup and workflow to use
+to teach propellor about other ARM boards?

Added a comment: twice the warning
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_3_ecd5b0d960f1eb92795c559736f92e25._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_3_ecd5b0d960f1eb92795c559736f92e25._comment
new file mode 100644
index 00000000..a6a24f53
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_3_ecd5b0d960f1eb92795c559736f92e25._comment
@@ -0,0 +1,34 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="twice the warning"
+ date="2018-01-01T15:57:05Z"
+ content="""
+The warning is printed twice.
+
+One at the very beginning:
+
+	stappers@paddy:~
+	$ propellor paddy.gpm.stappers.nl
+	   A newer upstream version is available in /usr/src/propellor/propellor.git
+	   To merge it, run: git merge upstream/master
+	   
+	[2018-01-01 16:42:54 CET] command line:  Run \"paddy.gpm.stappers.nl\"
+
+
+The other at the end of executing:
+
+	loop deleted : /dev/loop0
+	paddy.gpm.stappers.nl built disk image /srv/image/lime.img ... done
+	paddy.gpm.stappers.nl overall ... done
+	Shared connection to paddy.gpm.stappers.nl closed.
+	** warning: ** Your ~/.propellor/ is out of date..
+	stappers@paddy:~
+	$ 
+
+It was the last one that made me report this.
+The one that is color highlighted,
+the one that doesn't have the `git merge` advice.
+
+"""]]