Recent changes to this wiki:

Added dependency on concurrent-output; removed embedded copy.
Removed deps on transformers, text, stm. Updated debian/control and
Propellor.Bootstrap accordingly. Sorted the lists of deps to make it easier
to keep them in sync.
This commit was sponsored by Nick Daly on Patreon.
diff --git a/debian/changelog b/debian/changelog
index cb8ed552..729eed4f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ propellor (5.3.6) UNRELEASED; urgency=medium
   * Dropped support for building propellor with ghc 7 (as in debian
     oldstable), to avoid needing to depend on the semigroups transitional
     package, but also because it's just too old to be worth supporting.
+  * Added dependency on concurrent-output; removed embedded copy.
 
  -- Joey Hess <id@joeyh.name>  Mon, 23 Apr 2018 13:12:25 -0400
 
diff --git a/debian/control b/debian/control
index 5a041c90..77bd7eae 100644
--- a/debian/control
+++ b/debian/control
@@ -6,19 +6,17 @@ Build-Depends:
 	git,
 	ghc (>= 7.6),
 	cabal-install,
+	libghc-ansi-terminal-dev,
 	libghc-async-dev,
-	libghc-split-dev,
+	libghc-concurrent-output-dev,
+	libghc-exceptions-dev (>= 0.6),
+	libghc-hashable-dev,
 	libghc-hslogger-dev,
-	libghc-unix-compat-dev,
-	libghc-ansi-terminal-dev,
 	libghc-ifelse-dev,
-	libghc-network-dev,
 	libghc-mtl-dev,
-	libghc-transformers-dev,
-	libghc-exceptions-dev (>= 0.6),
-	libghc-stm-dev,
-	libghc-text-dev,
-	libghc-hashable-dev,
+	libghc-network-dev,
+	libghc-split-dev,
+	libghc-unix-compat-dev,
 Maintainer: Joey Hess <id@joeyh.name>
 Standards-Version: 3.9.8
 Vcs-Git: git://git.joeyh.name/propellor
@@ -30,19 +28,17 @@ Section: admin
 Depends: ${misc:Depends}, ${shlibs:Depends},
 	ghc (>= 7.4),
 	cabal-install,
+	libghc-ansi-terminal-dev,
 	libghc-async-dev,
-	libghc-split-dev,
+	libghc-concurrent-output-dev,
+	libghc-exceptions-dev (>= 0.6),
+	libghc-hashable-dev,
 	libghc-hslogger-dev,
-	libghc-unix-compat-dev,
-	libghc-ansi-terminal-dev,
 	libghc-ifelse-dev,
-	libghc-network-dev,
 	libghc-mtl-dev,
-	libghc-transformers-dev,
-	libghc-exceptions-dev (>= 0.6),
-	libghc-stm-dev,
-	libghc-text-dev,
-	libghc-hashable-dev,
+	libghc-network-dev,
+	libghc-split-dev,
+	libghc-unix-compat-dev,
 	git,
 Description: property-based host configuration management in haskell
  Propellor ensures that the system it's run in satisfies a list of
diff --git a/doc/todo/depend_on_concurrent-output.mdwn b/doc/todo/depend_on_concurrent-output.mdwn
index 347ea9e5..ddf074f9 100644
--- a/doc/todo/depend_on_concurrent-output.mdwn
+++ b/doc/todo/depend_on_concurrent-output.mdwn
@@ -5,5 +5,9 @@ Waiting on concurrent-output reaching Debian stable.
 
 > Well, it's in stable now. Not in oldstable yet, and propellor is still
 > supporting the current oldstable, I believe.. --[[Joey]]
+> >
+> > not anymore; dropping it now.
+
+[[done]]
 
 [[!tag user/joey]]
diff --git a/propellor.cabal b/propellor.cabal
index a5b8c8a3..cf9fe7ce 100644
--- a/propellor.cabal
+++ b/propellor.cabal
@@ -42,14 +42,31 @@ Library
     GHC-Options: -fno-warn-redundant-constraints
   Default-Extensions: TypeOperators
   Hs-Source-Dirs: src
+  -- propellor needs to support the ghc shipped in Debian stable,
+  -- and also only depends on packages in Debian stable.
+  -- 
+  -- When updating dependencies here, also update the lists in
+  -- Propellor.Bootstrap
   Build-Depends:
-    -- propellor needs to support the ghc shipped in Debian stable,
-    -- and also only depends on packages in Debian stable.
+    ansi-terminal,
+    async,
     base >= 4.9, base < 5,
-    directory, filepath, IfElse, process, bytestring, hslogger, split,
-    unix, unix-compat, ansi-terminal, containers (>= 0.5), network, async,
-    time, mtl, transformers, exceptions (>= 0.6), stm, text, hashable
-
+    bytestring,
+    concurrent-output,
+    containers (>= 0.5),
+    directory,
+    exceptions (>= 0.6),
+    filepath,
+    hashable,
+    hslogger,
+    IfElse,
+    mtl,
+    network,
+    process,
+    split,
+    time,
+    unix,
+    unix-compat
   Exposed-Modules:
     Propellor
     Propellor.Base
@@ -223,9 +240,6 @@ Library
     Utility.Tmp
     Utility.Tuple
     Utility.UserInfo
-    System.Console.Concurrent
-    System.Console.Concurrent.Internal
-    System.Process.Concurrent
     Paths_propellor
 
 Executable propellor-config
diff --git a/src/Propellor/Bootstrap.hs b/src/Propellor/Bootstrap.hs
index 04f23f85..a8713535 100644
--- a/src/Propellor/Bootstrap.hs
+++ b/src/Propellor/Bootstrap.hs
@@ -138,19 +138,17 @@ depsCommand bs msys = "( " ++ intercalate " ; " (go bs) ++ ") || true"
 		-- Below are the same deps listed in debian/control.
 		, "ghc"
 		, "cabal-install"
+		, "libghc-ansi-terminal-dev"
 		, "libghc-async-dev"
-		, "libghc-split-dev"
+		, "libghc-concurrent-output-dev"
+		, "libghc-exceptions-dev"
+		, "libghc-hashable-dev"
 		, "libghc-hslogger-dev"
-		, "libghc-unix-compat-dev"
-		, "libghc-ansi-terminal-dev"
 		, "libghc-ifelse-dev"
-		, "libghc-network-dev"
 		, "libghc-mtl-dev"
-		, "libghc-transformers-dev"
-		, "libghc-exceptions-dev"
-		, "libghc-stm-dev"
-		, "libghc-text-dev"
-		, "libghc-hashable-dev"
+		, "libghc-network-dev"
+		, "libghc-split-dev"
+		, "libghc-unix-compat-dev"
 		]
 	debdeps Stack =
 		[ "gnupg"
@@ -161,19 +159,16 @@ depsCommand bs msys = "( " ++ intercalate " ; " (go bs) ++ ") || true"
 		[ "gnupg"
 		, "ghc"
 		, "hs-cabal-install"
+		, "hs-ansi-terminal"
 		, "hs-async"
-		, "hs-split"
+		, "hs-exceptions"
+		, "hs-hashable"
 		, "hs-hslogger"
-		, "hs-unix-compat"
-		, "hs-ansi-terminal"
 		, "hs-IfElse"
-		, "hs-network"
 		, "hs-mtl"
-		, "hs-transformers-base"
-		, "hs-exceptions"
-		, "hs-stm"
-		, "hs-text"
-		, "hs-hashable"
+		, "hs-network"
+		, "hs-split"
+		, "hs-unix-compat"
 		]
 	fbsddeps Stack =
 		[ "gnupg"
@@ -184,20 +179,17 @@ depsCommand bs msys = "( " ++ intercalate " ; " (go bs) ++ ") || true"
 		[ "gnupg"
 		, "ghc"
 		, "cabal-install"
-		, "haskell-async"
-		, "haskell-split"
-		, "haskell-hslogger"

(Diff truncated)
update
diff --git a/doc/todo/depend_on_concurrent-output.mdwn b/doc/todo/depend_on_concurrent-output.mdwn
index cf985166..347ea9e5 100644
--- a/doc/todo/depend_on_concurrent-output.mdwn
+++ b/doc/todo/depend_on_concurrent-output.mdwn
@@ -3,4 +3,7 @@ should be converted to a dependency.
 
 Waiting on concurrent-output reaching Debian stable.
 
+> Well, it's in stable now. Not in oldstable yet, and propellor is still
+> supporting the current oldstable, I believe.. --[[Joey]]
+
 [[!tag user/joey]]

add news item for propellor 5.3.5
diff --git a/doc/news/version_5.3.5.mdwn b/doc/news/version_5.3.5.mdwn
new file mode 100644
index 00000000..a7da0f0c
--- /dev/null
+++ b/doc/news/version_5.3.5.mdwn
@@ -0,0 +1,7 @@
+propellor 5.3.5 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Apt.stdSourcesList now adds stable-updates suite
+     Thanks, Sean Whitton
+   * Significantly increased propellor build speed when your config.hs
+     is in a fork of the propellor repository, by avoiding redundant builds
+     of propellor library."""]]
\ No newline at end of file

diff --git a/doc/forum/Problem_with_getting_started.mdwn b/doc/forum/Problem_with_getting_started.mdwn
index 4d750553..f929c3b3 100644
--- a/doc/forum/Problem_with_getting_started.mdwn
+++ b/doc/forum/Problem_with_getting_started.mdwn
@@ -3,25 +3,29 @@ Hello, I hope this is the right place to ask for help.
 I am new to Haskell and Propellor; just want to give it a try. I have been using ansible but now looking for an alternative.
 
 I did the following steps:
-- install propellor on control machine with: `stack install propellor`
-- `propellor --init`
-- create a minimal config.hs file, which does nothing:
-```
-abc :: Host
-abc = host "abc" $ props
-	& osDebian (Stable "stretch") X86_64
-```
-
-when I run `propellor --spin abc`, it ended with the last following:
-.
-.
-Installed propellor-5.3.4
-Resolving dependencies...
-Configuring config-0...
-Preprocessing executable 'propellor-config' for config-0...
-cabal: can't find source for config in .
-sh: 1: ./propellor: not found
-propellor: user error (ssh <long text>
+
+* install propellor on control machine with: `stack install propellor`
+
+* `propellor --init`
+
+* create a minimal config.hs file, which does nothing:
+
+        abc :: Host
+        abc = host "abc" $ props
+            & osDebian (Stable "stretch") X86_64
+
+
+when I run `propellor --spin abc`, it ended with the following message:
+
+    .
+    .
+    Installed propellor-5.3.4
+    Resolving dependencies...
+    Configuring config-0...
+    Preprocessing executable 'propellor-config' for config-0...
+    cabal: can't find source for config in .
+    sh: 1: ./propellor: not found
+    propellor: user error (ssh <long text>
 
 Can someone give me a hint how to process further?
 

diff --git a/doc/forum/Problem_with_getting_started.mdwn b/doc/forum/Problem_with_getting_started.mdwn
index 6c438b6e..4d750553 100644
--- a/doc/forum/Problem_with_getting_started.mdwn
+++ b/doc/forum/Problem_with_getting_started.mdwn
@@ -5,12 +5,12 @@ I am new to Haskell and Propellor; just want to give it a try. I have been using
 I did the following steps:
 - install propellor on control machine with: `stack install propellor`
 - `propellor --init`
-- create a minimal config.hs file, which does nothing
-
+- create a minimal config.hs file, which does nothing:
+```
 abc :: Host
 abc = host "abc" $ props
 	& osDebian (Stable "stretch") X86_64
-
+```
 
 when I run `propellor --spin abc`, it ended with the last following:
 .

diff --git a/doc/forum/Problem_with_getting_started.mdwn b/doc/forum/Problem_with_getting_started.mdwn
new file mode 100644
index 00000000..6c438b6e
--- /dev/null
+++ b/doc/forum/Problem_with_getting_started.mdwn
@@ -0,0 +1,30 @@
+Hello, I hope this is the right place to ask for help.
+
+I am new to Haskell and Propellor; just want to give it a try. I have been using ansible but now looking for an alternative.
+
+I did the following steps:
+- install propellor on control machine with: `stack install propellor`
+- `propellor --init`
+- create a minimal config.hs file, which does nothing
+
+abc :: Host
+abc = host "abc" $ props
+	& osDebian (Stable "stretch") X86_64
+
+
+when I run `propellor --spin abc`, it ended with the last following:
+.
+.
+Installed propellor-5.3.4
+Resolving dependencies...
+Configuring config-0...
+Preprocessing executable 'propellor-config' for config-0...
+cabal: can't find source for config in .
+sh: 1: ./propellor: not found
+propellor: user error (ssh <long text>
+
+Can someone give me a hint how to process further?
+
+Regards,
+Tony
+

Added a comment
diff --git a/doc/forum/Apt:_use_deb.debian.org__47__debian-security/comment_2_db1e5b7fcb324d5beb4429945f026096._comment b/doc/forum/Apt:_use_deb.debian.org__47__debian-security/comment_2_db1e5b7fcb324d5beb4429945f026096._comment
new file mode 100644
index 00000000..ab80fbc6
--- /dev/null
+++ b/doc/forum/Apt:_use_deb.debian.org__47__debian-security/comment_2_db1e5b7fcb324d5beb4429945f026096._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="gueux"
+ avatar="http://cdn.libravatar.org/avatar/2982bac2c2cd94ab3860efb189deafc8"
+ subject="comment 2"
+ date="2018-04-05T10:41:02Z"
+ content="""
+The same we get from using http://deb.debian.org/debian instead of http://ftp.debian.org/debian : redundancy, avoiding overloading security.debian.org, ...
+"""]]

response
diff --git a/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__/comment_1_cc518b5ae9f82d13be9eda19822db85c._comment b/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__/comment_1_cc518b5ae9f82d13be9eda19822db85c._comment
new file mode 100644
index 00000000..b2124dd7
--- /dev/null
+++ b/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__/comment_1_cc518b5ae9f82d13be9eda19822db85c._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-04-03T22:39:14Z"
+ content="""
+Mostly I point people at my [personal propellor config file](https://git.joeyh.name/index.cgi/propellor.git/tree/joeyconfig.hs)
+which is quite big, but demos a lot of propellor's features. And unlike
+an artificial example, it's always tested and working.
+"""]]

fix urls for change from gitweb to cgit
diff --git a/doc/FreeBSD.mdwn b/doc/FreeBSD.mdwn
index 47b9c65b..ca340163 100644
--- a/doc/FreeBSD.mdwn
+++ b/doc/FreeBSD.mdwn
@@ -6,5 +6,5 @@ additional porting to support FreeBSD. Such properties have types like
 `Property DebianLike`. The type checker will detect and reject attempts
 to combine such properties with `Property FreeBSD`.
 
-[Sample config file](http://git.joeyh.name/?p=propellor.git;a=blob;f=config-freebsd.hs)
+[Sample config file](https://git.joeyh.name/index.cgi/propellor.git/tree/config-freebsd.hs)
 which configures a FreeBSD system, as well as a Linux one.
diff --git a/doc/index.mdwn b/doc/index.mdwn
index 1e3af9dd..264a6f48 100644
--- a/doc/index.mdwn
+++ b/doc/index.mdwn
@@ -4,7 +4,7 @@
 [[Download]]  
 [API documentation](http://hackage.haskell.org/package/propellor)  
 [[Other Documentation|documentation]]
-[Sample config file](http://git.joeyh.name/?p=propellor.git;a=blob;f=joeyconfig.hs)  
+[Sample config file](https://git.joeyh.name/index.cgi/propellor.git/tree/joeyconfig.hs)  
 [[Security]]  
 [[Todo]]  
 [[Forum]]  

Added a comment
diff --git a/doc/forum/Apt:_use_deb.debian.org__47__debian-security/comment_1_8f06ef23b94f1df693f0da4689f39edf._comment b/doc/forum/Apt:_use_deb.debian.org__47__debian-security/comment_1_8f06ef23b94f1df693f0da4689f39edf._comment
new file mode 100644
index 00000000..8565ee93
--- /dev/null
+++ b/doc/forum/Apt:_use_deb.debian.org__47__debian-security/comment_1_8f06ef23b94f1df693f0da4689f39edf._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 1"
+ date="2018-04-03T00:20:41Z"
+ content="""
+What would that achieve?
+"""]]

diff --git a/doc/forum/Apt:_use_deb.debian.org__47__debian-security.mdwn b/doc/forum/Apt:_use_deb.debian.org__47__debian-security.mdwn
new file mode 100644
index 00000000..a918a402
--- /dev/null
+++ b/doc/forum/Apt:_use_deb.debian.org__47__debian-security.mdwn
@@ -0,0 +1 @@
+Maybe we could use deb.debian.org/debian-security instead of security.debian.org in Apt properties. What do you think about this?

diff --git a/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__.mdwn b/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__.mdwn
index b34fbcce..c3260c1c 100644
--- a/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__.mdwn
+++ b/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__.mdwn
@@ -1,6 +1,3 @@
 Hello,
 
 where can I find practical, working examples on how to use Propellor? For example, how to use Propellor to setup a LAMP debian or ubuntu server.
-
-Regards,
-Thanh

diff --git a/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__.mdwn b/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__.mdwn
new file mode 100644
index 00000000..b34fbcce
--- /dev/null
+++ b/doc/forum/Where_can_I_find_practical_examples_on_how_to_use_Propellor__63__.mdwn
@@ -0,0 +1,6 @@
+Hello,
+
+where can I find practical, working examples on how to use Propellor? For example, how to use Propellor to setup a LAMP debian or ubuntu server.
+
+Regards,
+Thanh

add news item for propellor 5.3.4
diff --git a/doc/news/version_5.3.4.mdwn b/doc/news/version_5.3.4.mdwn
new file mode 100644
index 00000000..09358138
--- /dev/null
+++ b/doc/news/version_5.3.4.mdwn
@@ -0,0 +1,8 @@
+propellor 5.3.4 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Apt.trustsKey: Use apt-key to add key rather than manually driving gpg,
+     which seems to not work anymore.
+     Thanks, Russell Sim.
+   * Firewall: Reorder iptables parameters that are order
+     dependant to make --to-dest and --to-source work.
+     Thanks, Russell Sim"""]]
\ No newline at end of file

don't use ikiwiki link in readme
diff --git a/doc/README.mdwn b/doc/README.mdwn
index 8bdb6c83..df1b8ada 100644
--- a/doc/README.mdwn
+++ b/doc/README.mdwn
@@ -56,4 +56,4 @@ see [configuration for the Haskell newbie](https://propellor.branchable.com/hask
 7. Write some neat new properties and send patches!
 
 (Want to get your feet wet with propellor before plunging in?
-[[try this|forum/Simple_quickstart_without_git__44___SSH__44___GPG]])
+[try this|http://propellor.branchable.com/forum/Simple_quickstart_without_git__44___SSH__44___GPG])

Added a comment
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_14_a65bf71d16401e2621f1dff93701247d._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_14_a65bf71d16401e2621f1dff93701247d._comment
new file mode 100644
index 00000000..c5427cd7
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_14_a65bf71d16401e2621f1dff93701247d._comment
@@ -0,0 +1,35 @@
+[[!comment format=mdwn
+ username="picca"
+ avatar="http://cdn.libravatar.org/avatar/7e61c80d28018b10d31f6db7dddb864c"
+ subject="comment 14"
+ date="2018-03-04T10:41:01Z"
+ content="""
+Hello, sorry to bother you with this BUT :))
+
+Now I have the right message which explain how to upgrade my .propellor
+(sorry for the french)
+
+    picca@mordor:~$ propellor
+    Fusion automatique de src/Propellor/Property/Systemd.hs
+    Fusion automatique de src/Propellor/Property/SiteSpecific/JoeySites.hs
+    Fusion automatique de src/Propellor/Property/Git.hs
+    Fusion automatique de src/Propellor/Git/VerifiedBranch.hs
+    Fusion automatique de src/Propellor/Git.hs
+    Fusion automatique de src/Propellor/EnsureProperty.hs
+    Fusion automatique de src/Propellor/DotDir.hs
+    Fusion automatique de propellor.cabal
+    Fusion automatique de joeyconfig.hs
+    Fusion automatique de doc/README.mdwn
+    Fusion automatique de debian/changelog
+    ** warning: ** Your ~/.propellor/ is out of date..
+       A newer upstream version is available in /usr/src/propellor/propellor.git
+       To merge it, run: git merge upstream/master
+
+but when I try to do the merge, I get this error message
+
+    picca@mordor:~/.propellor$ LANG=C git merge upstream/master
+    fatal: refusing to merge unrelated histories
+
+How can I help to solve this issue ?
+
+"""]]

Apt.trustsKey: Use apt-key to add key rather than manually driving gpg, which seems to not work anymore.
Thanks, Russell Sim.
diff --git a/debian/changelog b/debian/changelog
index b081d04f..92581607 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+propellor (5.3.4) UNRELEASED; urgency=medium
+
+  * Apt.trustsKey: Use apt-key to add key rather than manually driving gpg,
+    which seems to not work anymore.
+    Thanks, Russell Sim.
+
+ -- Joey Hess <id@joeyh.name>  Thu, 01 Mar 2018 18:25:04 -0400
+
 propellor (5.3.3) unstable; urgency=medium
 
   * Warn again about new upstream version when ~/.propellor was cloned from the
diff --git a/doc/forum/can__39__t_get_Apt.trustsKey_to_work/comment_1_8ee5b69f068c369e88c31c639d692f60._comment b/doc/forum/can__39__t_get_Apt.trustsKey_to_work/comment_1_8ee5b69f068c369e88c31c639d692f60._comment
new file mode 100644
index 00000000..b1f82b19
--- /dev/null
+++ b/doc/forum/can__39__t_get_Apt.trustsKey_to_work/comment_1_8ee5b69f068c369e88c31c639d692f60._comment
@@ -0,0 +1,14 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-03-01T22:20:54Z"
+ content="""
+I added trustsKey in 2014, but my current config is not using
+it for anything, so it seems likely it's bitrotted in some way.
+And there's no rationalle documented for why it manually drives gpg.
+
+I've applied your change to use apt-key.
+
+I wonder if the nukeFile of the "gpg dropping" is actually needed
+anymore?
+"""]]
diff --git a/src/Propellor/Property/Apt.hs b/src/Propellor/Property/Apt.hs
index d44b5c38..7275205a 100644
--- a/src/Propellor/Property/Apt.hs
+++ b/src/Propellor/Property/Apt.hs
@@ -447,7 +447,7 @@ trustsKey k = trustsKey' k <!> untrustKey k
 trustsKey' :: AptKey -> Property DebianLike
 trustsKey' k = check (not <$> doesFileExist f) $ property desc $ makeChange $ do
 	withHandle StdinHandle createProcessSuccess
-		(proc "gpg" ["--no-default-keyring", "--keyring", f, "--import", "-"]) $ \h -> do
+		(proc "apt-key" ["--keyring", f, "add", "-"]) $ \h -> do
 			hPutStr h (pubkey k)
 			hClose h
 	nukeFile $ f ++ "~" -- gpg dropping

Added a comment: LUKS desired ;-)
diff --git a/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_2_ffca1d5942d4fd152657dd3afe21b935._comment b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_2_ffca1d5942d4fd152657dd3afe21b935._comment
new file mode 100644
index 00000000..93248324
--- /dev/null
+++ b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_2_ffca1d5942d4fd152657dd3afe21b935._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="dominik"
+ avatar="http://cdn.libravatar.org/avatar/41b0caab63708c0b81d8aeda611afad5"
+ subject="LUKS desired ;-)"
+ date="2018-03-01T11:40:27Z"
+ content="""
+I'd love to use LUKS partitions in Propeller.
+
+Thanks Joey.
+
+"""]]

diff --git a/doc/forum/can__39__t_get_Apt.trustsKey_to_work.mdwn b/doc/forum/can__39__t_get_Apt.trustsKey_to_work.mdwn
new file mode 100644
index 00000000..3c0853db
--- /dev/null
+++ b/doc/forum/can__39__t_get_Apt.trustsKey_to_work.mdwn
@@ -0,0 +1,90 @@
+I've been hitting a problem when importing APT keys on a debian stretch VM. I'm using a property like
+
+    mybox :: Host
+    mybox = host "henry1.home" $ props
+      & osDebian (Stable "stretch") X86_64
+      & Apt.stdSourcesList
+      & Apt.unattendedUpgrades
+      & installKubernetes
+
+
+    installKubernetes :: Property DebianLike
+    installKubernetes = Apt.installed ["kubelet", "kubeadm", "kubectl"]
+      `requires` Apt.setSourcesListD ["deb http://apt.kubernetes.io/ kubernetes-xenial main"] "google-cloud"
+      `requires` Apt.trustsKey googleKey
+
+    googleKey :: Apt.AptKey
+    googleKey =
+      Apt.AptKey "google-key" $ unlines
+      [ "-----BEGIN PGP PUBLIC KEY BLOCK-----"
+      , ""
+      , "mQENBFUd6rIBCAD6mhKRHDn3UrCeLDp7U5IE7AhhrOCPpqGF7mfTemZYHf/5Jdjx"
+      , "cOxoSFlK7zwmFr3lVqJ+tJ9L1wd1K6P7RrtaNwCiZyeNPf/Y86AJ5NJwBe0VD0xH"
+      , "TXzPNTqRSByVYtdN94NoltXUYFAAPZYQls0x0nUD1hLMlOlC2HdTPrD1PMCnYq/N"
+      , "uL/Vk8sWrcUt4DIS+0RDQ8tKKe5PSV0+PnmaJvdF5CKawhh0qGTklS2MXTyKFoqj"
+      , "XgYDfY2EodI9ogT/LGr9Lm/+u4OFPvmN9VN6UG+s0DgJjWvpbmuHL/ZIRwMEn/tp"
+      , "uneaLTO7h1dCrXC849PiJ8wSkGzBnuJQUbXnABEBAAG0QEdvb2dsZSBDbG91ZCBQ"
+      , "YWNrYWdlcyBBdXRvbWF0aWMgU2lnbmluZyBLZXkgPGdjLXRlYW1AZ29vZ2xlLmNv"
+      , "bT6JAT4EEwECACgFAlUd6rICGy8FCQWjmoAGCwkIBwMCBhUIAgkKCwQWAgMBAh4B"
+      , "AheAAAoJEDdGwginMXsPcLcIAKi2yNhJMbu4zWQ2tM/rJFovazcY28MF2rDWGOnc"
+      , "9giHXOH0/BoMBcd8rw0lgjmOosBdM2JT0HWZIxC/Gdt7NSRA0WOlJe04u82/o3OH"
+      , "WDgTdm9MS42noSP0mvNzNALBbQnlZHU0kvt3sV1YsnrxljoIuvxKWLLwren/GVsh"
+      , "FLPwONjw3f9Fan6GWxJyn/dkX3OSUGaduzcygw51vksBQiUZLCD2Tlxyr9NvkZYT"
+      , "qiaWW78L6regvATsLc9L/dQUiSMQZIK6NglmHE+cuSaoK0H4ruNKeTiQUw/EGFaL"
+      , "ecay6Qy/s3Hk7K0QLd+gl0hZ1w1VzIeXLo2BRlqnjOYFX4A="
+      , "=HVTm"
+      , "-----END PGP PUBLIC KEY BLOCK-----"
+      ]
+
+
+the import works fine, but the packages fail to install because the key isn't valid, i can list the key
+
+    root@henry1:~# apt-key list | grep -A 6 google-key
+    Warning: apt-key output should not be parsed (stdout is not a terminal)
+    /etc/apt/trusted.gpg.d/google-key.gpg
+    -------------------------------------
+    pub   rsa2048 2015-04-03 [SCEA] [expires: 2018-04-02]
+          D0BC 747F D8CA F711 7500  D6FA 3746 C208 A731 7B0F
+    uid           [ unknown] Google Cloud Packages Automatic Signing Key <gc-team@google.com>
+
+
+but i can't export it. I've tried the gpg command listed in the Apt.trustsKey function and running it locally (on the vm) with a local file doesn't work either.
+
+    root@henry1:~# apt-key export D6FA3746A7317B0F
+    gpg: [don't know]: invalid packet (ctb=00)
+    gpg: WARNING: nothing exported
+    gpg: key export failed: Invalid packet
+
+
+Gpg version info
+
+    root@henry1:~# gpg --version
+    gpg (GnuPG) 2.1.18
+    libgcrypt 1.7.6-beta
+    Copyright (C) 2017 Free Software Foundation, Inc.
+    License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
+    This is free software: you are free to change and redistribute it.
+    There is NO WARRANTY, to the extent permitted by law.
+    
+    Home: /root/.gnupg
+    Supported algorithms:
+    Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
+    Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
+            CAMELLIA128, CAMELLIA192, CAMELLIA256
+    Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
+    Compression: Uncompressed, ZIP, ZLIB, BZIP2
+
+I ended up changing the Apt.trustsKey command to a version which uses apt-key and everything works now
+
+    trustsKey' :: AptKey -> Property DebianLike
+    trustsKey' k = check (not <$> doesFileExist f) $ property desc $ makeChange $ do
+    	withHandle StdinHandle createProcessSuccess
+    		(proc "apt-key" ["--keyring", f, "add", "-"]) $ \h -> do
+    			hPutStr h (pubkey k)
+    			hClose h
+    	nukeFile $ f ++ "~" -- gpg dropping
+      where
+    	desc = "apt trusts key " ++ keyname k
+    	f = aptKeyFile k
+
+Any thoughts as to why this wouldn't be working?  Would it be reasonable to change this command upstream?

add news item for propellor 5.3.3
diff --git a/doc/news/version_5.3.3.mdwn b/doc/news/version_5.3.3.mdwn
new file mode 100644
index 00000000..18f80d5f
--- /dev/null
+++ b/doc/news/version_5.3.3.mdwn
@@ -0,0 +1,8 @@
+propellor 5.3.3 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Warn again about new upstream version when ~/.propellor was cloned from the
+     Debian git bundle using an older version of propellor that set up an
+     upstream remote.
+   * Avoid crashing if initial fetch from origin fails when spinning a host.
+   * Added Propllor.Property.Openssl module contributed by contributed by
+     Félix Sipma."""]]
\ No newline at end of file

Added a comment
diff --git a/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_2_7b1f28e3eeb7f181f5715863bc836bb7._comment b/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_2_7b1f28e3eeb7f181f5715863bc836bb7._comment
new file mode 100644
index 00000000..5cb2fc0b
--- /dev/null
+++ b/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_2_7b1f28e3eeb7f181f5715863bc836bb7._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="gueux"
+ avatar="http://cdn.libravatar.org/avatar/2982bac2c2cd94ab3860efb189deafc8"
+ subject="comment 2"
+ date="2018-02-23T13:16:09Z"
+ content="""
+I don't want my central repo to be accessible to anyone, but I still want to push there and use it for some of my hosts. Anyway, your fix works great, thanks!
+"""]]

Avoid crashing if initial fetch from origin fails when spinning a host.
diff --git a/debian/changelog b/debian/changelog
index 55ca5a93..bc7a4a69 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ propellor (5.3.3) UNRELEASED; urgency=medium
   * Warn again about new upstream version when ~/.propellor was cloned from the
     Debian git bundle using an older version of propellor that set up an
     upstream remote.
+  * Avoid crashing if initial fetch from origin fails when spinning a host.
 
  -- Joey Hess <id@joeyh.name>  Mon, 19 Feb 2018 12:44:24 -0400
 
diff --git a/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_1_be4533d304096f431ac8d35bbf990dab._comment b/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_1_be4533d304096f431ac8d35bbf990dab._comment
new file mode 100644
index 00000000..e79fabfb
--- /dev/null
+++ b/doc/forum/--spin_tries_to_pull_from_central_repository__63__/comment_1_be4533d304096f431ac8d35bbf990dab._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-02-22T15:34:07Z"
+ content="""
+--spin has always pushed/pulled from origin, if there is
+a central git repository.
+
+It's an optional thing though, since the update is pushed directly to the
+host it spins too.
+
+I've improved the code to avoid this particular crash..
+"""]]
diff --git a/src/Propellor/Git/VerifiedBranch.hs b/src/Propellor/Git/VerifiedBranch.hs
index 51fcb573..df607bd2 100644
--- a/src/Propellor/Git/VerifiedBranch.hs
+++ b/src/Propellor/Git/VerifiedBranch.hs
@@ -30,12 +30,17 @@ verifyOriginBranch originbranch = do
 -- Returns True if HEAD is changed by fetching and merging from origin.
 fetchOrigin :: IO Bool
 fetchOrigin = do
+	fetched <- actionMessage "Pull from central git repository" $
+		boolSystem "git" [Param "fetch"]
+	if fetched
+		then mergeOrigin
+		else return False
+
+mergeOrigin :: IO Bool
+mergeOrigin = do
 	branchref <- getCurrentBranch
 	let originbranch = "origin" </> branchref
 
-	void $ actionMessage "Pull from central git repository" $
-		boolSystem "git" [Param "fetch"]
-
 	oldsha <- getCurrentGitSha1 branchref
 
 	keyring <- privDataKeyring

diff --git a/doc/forum/--spin_tries_to_pull_from_central_repository__63__.mdwn b/doc/forum/--spin_tries_to_pull_from_central_repository__63__.mdwn
new file mode 100644
index 00000000..5bd97367
--- /dev/null
+++ b/doc/forum/--spin_tries_to_pull_from_central_repository__63__.mdwn
@@ -0,0 +1,28 @@
+Did something changed recently concerning `--spin`? It seems like I can't use it without a central repo anymore...
+
+
+    $ ./propellor --spin server
+    Preprocessing executable 'propellor-config' for propellor-5.3.2...
+    Propellor build ... done
+    [master cabbc1b4e] propellor spin
+    Git commit ... done
+    Counting objects: 1, done.
+    Writing objects: 100% (1/1), 860 bytes | 860.00 KiB/s, done.
+    Total 1 (delta 0), reused 0 (delta 0)
+    To example.org:/var/lib/git/private/propellor.git
+       8c8c1b2f6..cabbc1b4e  master -> master
+    Push to central git repository ... done
+    gpg: encrypted with 4096-bit RSA key, ID EC0B9FA927E29C5C, created 2013-01-29
+          "Félix Sipma <felix.sipma@riseup.net>"
+    Host key verification failed.
+    fatal: Could not read from remote repository.
+    
+    Please make sure you have the correct access rights
+    and the repository exists.
+    Pull from central git repository ... failed
+    fatal: ambiguous argument 'origin/master': unknown revision or path not in the working tree.
+    Use '--' to separate paths from revisions, like this:
+    'git <command> [<revision>...] -- [<file>...]'
+    propellor: user error (git ["log","-n","1","--format=%G?","origin/master"] exited 128)
+    propellor: user error (ssh ["-o","ControlPath=/home/example/.ssh/propellor/server.example.org.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@server.example.org","sh -c 'rm -rf /usr/local/propellor-precompiled ; if [ ! -d /usr/local/propellor/.git ] ; then (if ! git --version >/dev/null 2>&1; then apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -qq --no-install-recommends --no-upgrade -y install git; fi && echo STATUSNeedGitClone) || echo STATUSNeedPrecompiled ; else cd /usr/local/propellor && if ! cabal configure >/dev/null 2>&1; then ( apt-get update ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install gnupg ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install ghc ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install cabal-install ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-async-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-split-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-hslogger-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-unix-compat-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-ansi-terminal-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-ifelse-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-network-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-mtl-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-transformers-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-exceptions-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-stm-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-text-dev ; DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install libghc-hashable-dev) || true; fi&& if ! test -x ./propellor; then cabal configure && cabal build -j1 propellor-config && ln -sf dist/build/propellor-config/propellor-config propellor; fi;if test -x ./propellor && ! ./propellor --check; then cabal clean && cabal configure && cabal build -j1 propellor-config && ln -sf dist/build/propellor-config/propellor-config propellor; fi && ./propellor --boot server.example.org ; fi'"] exited 1)
+    

Added a comment
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_13_a3039c7e86f85af4ff44bdbcd7b46313._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_13_a3039c7e86f85af4ff44bdbcd7b46313._comment
new file mode 100644
index 00000000..39feff2e
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_13_a3039c7e86f85af4ff44bdbcd7b46313._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="picca"
+ avatar="http://cdn.libravatar.org/avatar/7e61c80d28018b10d31f6db7dddb864c"
+ subject="comment 13"
+ date="2018-02-20T05:58:48Z"
+ content="""
+Thanks a lot joey,
+
+and you are right, I am fund of your works :).
+
+Cheers.
+"""]]

Warn again about new upstream version when ~/.propellor was cloned from the Debian git bundle using an older version of propellor that set up an upstream remote.
This commit was sponsored by Jake Vosloo on Patreon.
diff --git a/debian/changelog b/debian/changelog
index 3515497b..55ca5a93 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+propellor (5.3.3) UNRELEASED; urgency=medium
+
+  * Warn again about new upstream version when ~/.propellor was cloned from the
+    Debian git bundle using an older version of propellor that set up an
+    upstream remote.
+
+ -- Joey Hess <id@joeyh.name>  Mon, 19 Feb 2018 12:44:24 -0400
+
 propellor (5.3.2) unstable; urgency=medium
 
   * Added Propellor.Property.Atomic, which can make a non-atomic property
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_12_aea497eeecb077659db3f1dfb1e5f289._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_12_aea497eeecb077659db3f1dfb1e5f289._comment
new file mode 100644
index 00000000..90d0ba2c
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_12_aea497eeecb077659db3f1dfb1e5f289._comment
@@ -0,0 +1,20 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 12"""
+ date="2018-02-19T15:48:21Z"
+ content="""
+What propellor --init sets up, when you select the clone option
+and the Debian package is installed, is no remote
+defined, but a remotes/upsteam/master tracking branch.
+
+So not normally this:
+
+    upstream        /usr/src/propellor/propellor.git (fetch)
+
+Aha! The very first revision of propellor --init
+*did* set up an upstream remote pointing at the distrepo. At some point
+that changed to the above described behavior. You're bitten by being an
+early adopter.
+
+I've adjusted the logic to handle that case.
+"""]]
diff --git a/src/Propellor/DotDir.hs b/src/Propellor/DotDir.hs
index 17eb095a..39c111f6 100644
--- a/src/Propellor/DotDir.hs
+++ b/src/Propellor/DotDir.hs
@@ -387,16 +387,17 @@ checkRepoUpToDate = whenM (gitbundleavail <&&> dotpropellorpopulated) $ do
 -- into the user's repository, as if fetching from a upstream remote,
 -- yielding a new upstream/master branch.
 --
--- If there's no upstream/master, the user is not using the distrepo,
--- so do nothing. And, if there's a remote named "upstream", the user
--- must have set that up and is not using the distrepo, so do nothing.
+-- If there's no upstream/master, or the repo is not using the distrepo,
+-- do nothing.
 updateUpstreamMaster :: String -> IO ()
-updateUpstreamMaster newref = unlessM (hasRemote "upstream") $ do
+updateUpstreamMaster newref = do
 	changeWorkingDirectory =<< dotPropellor
-	go =<< catchMaybeIO getoldrev
+	v <- getoldrev
+	case v of
+		Nothing -> return ()
+		Just oldref -> go oldref
   where
-	go Nothing = return ()
-	go (Just oldref) = do
+	go oldref = do
 		let tmprepo = ".git/propellordisttmp"
 		let cleantmprepo = void $ catchMaybeIO $ removeDirectoryRecursive tmprepo
 		cleantmprepo
@@ -421,13 +422,37 @@ updateUpstreamMaster newref = unlessM (hasRemote "upstream") $ do
 		cleantmprepo
 		warnoutofdate True
 
-	getoldrev = takeWhile (/= '\n')
-		<$> readProcess "git" ["show-ref", upstreambranch, "--hash"]
-
 	git = run "git"
 	run cmd ps = unlessM (boolSystem cmd (map Param ps)) $
 		error $ "Failed to run " ++ cmd ++ " " ++ show ps
 
+	-- Get ref that the upstreambranch points to, only when
+	-- the distrepo is being used.
+	getoldrev = do
+		mrev <- catchMaybeIO $ takeWhile (/= '\n')
+			<$> readProcess "git" ["show-ref", upstreambranch, "--hash"]
+		print mrev
+		case mrev of
+			Just _ -> do
+				-- Normally there will be no upstream
+				-- remote when the distrepo is used.
+				-- Older versions of propellor set up
+				-- an upstream remote pointing at the 
+				-- distrepo.
+				ifM (hasRemote "upstream")
+					( do
+						v <- remoteUrl "upstream"
+						print ("remote url", v)
+						return $ case v of
+							Just rurl | rurl == distrepo -> mrev
+							_ -> Nothing
+					, return mrev
+					)
+			Nothing -> return mrev
+
+-- And, if there's a remote named "upstream"
+-- that does not point at the distrepo, the user must have set that up
+-- and is not using the distrepo, so do nothing.
 warnoutofdate :: Bool -> IO ()
 warnoutofdate havebranch = do
 	warningMessage ("** Your ~/.propellor/ is out of date..")
diff --git a/src/Propellor/Git.hs b/src/Propellor/Git.hs
index 10b88ddd..c446f67a 100644
--- a/src/Propellor/Git.hs
+++ b/src/Propellor/Git.hs
@@ -30,6 +30,10 @@ hasRemote remotename = catchDefaultIO False $ do
 	rs <- lines <$> readProcess "git" ["remote"]
 	return $ remotename `elem` rs
 
+remoteUrl :: String -> IO (Maybe String)
+remoteUrl remotename = catchDefaultIO Nothing $ headMaybe . lines
+	<$> readProcess "git" ["config", "remote." ++ remotename ++ ".url"]
+
 hasGitRepo :: IO Bool
 hasGitRepo = doesFileExist ".git/HEAD"
 

Added a comment
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_11_67fe9f07dd726f890cf1c7956cbb1d86._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_11_67fe9f07dd726f890cf1c7956cbb1d86._comment
new file mode 100644
index 00000000..106d993f
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_11_67fe9f07dd726f890cf1c7956cbb1d86._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="picca"
+ avatar="http://cdn.libravatar.org/avatar/7e61c80d28018b10d31f6db7dddb864c"
+ subject="comment 11"
+ date="2018-02-19T06:31:32Z"
+ content="""
+Yes sir :)
+
+    picca@mordor:~/.propellor$ git remote -v
+    deploy  https://salsa.debian.org/picca/propellor.git (fetch)
+    deploy  https://salsa.debian.org/picca/propellor.git (push)
+    origin  git@salsa.debian.org:picca/propellor.git (fetch)
+    origin  git@salsa.debian.org:picca/propellor.git (push)
+    upstream        /usr/src/propellor/propellor.git (fetch)
+    upstream        /usr/src/propellor/propellor.git (push)
+
+"""]]

Added a comment
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_10_8d27d1de5e891160c3e881bd1230829f._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_10_8d27d1de5e891160c3e881bd1230829f._comment
new file mode 100644
index 00000000..25d6ff1e
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_10_8d27d1de5e891160c3e881bd1230829f._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 10"
+ date="2018-02-18T21:35:23Z"
+ content="""
+Do you have a git remote named 'upstream'?
+"""]]

Added a comment
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_9_f6d40ae7c03a9d94cfe8e16f11264622._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_9_f6d40ae7c03a9d94cfe8e16f11264622._comment
new file mode 100644
index 00000000..492f40e1
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_9_f6d40ae7c03a9d94cfe8e16f11264622._comment
@@ -0,0 +1,21 @@
+[[!comment format=mdwn
+ username="picca"
+ avatar="http://cdn.libravatar.org/avatar/7e61c80d28018b10d31f6db7dddb864c"
+ subject="comment 9"
+ date="2018-02-18T19:10:32Z"
+ content="""
+Hello, I think that my problem is related to this one.
+
+I have a repository created from the Debian package and which is from the 5.1.0 version.
+I just upgrade the package to 5.3.1 and now I do not have the message explaining that a new upstream version is available.
+So I do not know how to upgrade my current repository.
+
+Before, I just had to do
+
+    git merge upstream/master
+
+And now ?
+
+
+thanks for your help
+"""]]

add news item for propellor 5.3.2
diff --git a/doc/news/version_5.3.2.mdwn b/doc/news/version_5.3.2.mdwn
new file mode 100644
index 00000000..cd16116e
--- /dev/null
+++ b/doc/news/version_5.3.2.mdwn
@@ -0,0 +1,10 @@
+propellor 5.3.2 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Added Propellor.Property.Atomic, which can make a non-atomic property
+     that operates on a directory into an atomic property.
+     (Inspired by Vaibhav Sagar's talk on Functional Devops in a
+     Dysfunctional World at LCA 2018.)
+   * Added Git.pulled.
+   * Systemd.machined: Install systemd-container on Debian
+     stretch.
+     Thanks, Sean Whitton"""]]
\ No newline at end of file

comment
diff --git a/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_1_62fc297972ab5be50b9cb8cd3aa269c0._comment b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_1_62fc297972ab5be50b9cb8cd3aa269c0._comment
new file mode 100644
index 00000000..0962459f
--- /dev/null
+++ b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_1_62fc297972ab5be50b9cb8cd3aa269c0._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-02-06T15:37:45Z"
+ content="""
+Not aware of anyone using propellor for that yet.
+
+Propellor's LVM module would probably be a decent starting point for
+implementing dm-crypt support.
+
+Key/passwords could certianly be managed with propellor's privdata
+interface. Whether it makes sense to do so for security is probably up to
+the individual user, since privdata can be decrypted with your gpg private
+key, which you might not want to equate to access to your encrypted volume.
+Also, privdata is stored on the host that uses it in unencrypted form
+protected only by file permissions.
+"""]]

Ask about dm-crypt/LUKS
diff --git a/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management.mdwn b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management.mdwn
new file mode 100644
index 00000000..12a2bea5
--- /dev/null
+++ b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management.mdwn
@@ -0,0 +1 @@
+Hi. Searching for *luks* in the git repository and the forum doesn’t bring up any hits. Am I right to assume, that encrypting the disk with dm-crypt/LUKS and managing keys/passwords is currently not easily doable?

remove old version announces
diff --git a/doc/news/version_4.7.6.mdwn b/doc/news/version_4.7.6.mdwn
deleted file mode 100644
index 4c8abd97..00000000
--- a/doc/news/version_4.7.6.mdwn
+++ /dev/null
@@ -1,6 +0,0 @@
-propellor 4.7.6 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Sbuild: Add Sbuild.userConfig property.
-     Thanks, Sean Whitton
-   * Locale: Make sure that the locales package is installed when enabling
-     locales."""]]
\ No newline at end of file
diff --git a/doc/news/version_4.7.7.mdwn b/doc/news/version_4.7.7.mdwn
deleted file mode 100644
index 258f0f23..00000000
--- a/doc/news/version_4.7.7.mdwn
+++ /dev/null
@@ -1,11 +0,0 @@
-propellor 4.7.7 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Locale: Display an error message when /etc/locale.gen does not contain
-     the requested locale.
-   * Attic module is deprecated and will warn when used.
-     Attic is no longer available in Debian and appears to have been
-     mostly supersceded by Borg.
-   * Obnam module is deprecated and will warn when used.
-     Obnam has been retired by its author.
-   * Add Typeable instance to Bootstrapper, fixing build with old versions
-     of ghc. (Previous attempt was incomplete.)"""]]
\ No newline at end of file
diff --git a/doc/news/version_4.8.0.mdwn b/doc/news/version_4.8.0.mdwn
deleted file mode 100644
index 217c3154..00000000
--- a/doc/news/version_4.8.0.mdwn
+++ /dev/null
@@ -1,21 +0,0 @@
-propellor 4.8.0 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * DiskImage: Made a DiskImage type class, so that different disk image
-     formats can be implemented. The properties in this module can generate
-     any type that is a member of DiskImage. (API change)
-     (To convert existing configs, convert the filename of the disk image
-     to RawDiskImage filename.)
-   * Removed DiskImage.vmdkBuiltFor property. (API change)
-     Instead, use VirtualBoxPointer in the property that creates the disk
-     image.
-   * Apt.isInstalled: Fix handling of packages that are not known at all
-     to apt.
-   * Borg: Converted BorgRepo from a String alias to a data type.
-     (API change)
-   * Borg: Allow specifying ssh private key to use when accessing a borg
-     repo by using the BorgRepoUsing constructor with UseSshKey.
-   * Borg: Fix broken shell escaping in borg cron job.
-   * Attic: Fix broken shell escaping in attic cron job.
-   * Make lock file descriptors close-on-exec.
-   * Lvm: New module for setting up LVM volumes.
-     Thanks, Nicolas Schodet"""]]
\ No newline at end of file
diff --git a/doc/news/version_4.8.1.mdwn b/doc/news/version_4.8.1.mdwn
deleted file mode 100644
index fbd293cd..00000000
--- a/doc/news/version_4.8.1.mdwn
+++ /dev/null
@@ -1,4 +0,0 @@
-propellor 4.8.1 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Borg: Fix propigation of exit status of borg backup.
-   * Borg: Fix handling of UseSshKey."""]]
\ No newline at end of file
diff --git a/doc/news/version_4.9.0.mdwn b/doc/news/version_4.9.0.mdwn
deleted file mode 100644
index c625e0c7..00000000
--- a/doc/news/version_4.9.0.mdwn
+++ /dev/null
@@ -1,23 +0,0 @@
-propellor 4.9.0 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * When the ipv4 and ipv6 properties are used with a container, avoid
-     propagating the address out to the host.
-   * DnsInfo has been replaced with DnsInfoPropagated and
-     DnsInfoUnpropagated. (API change)
-   * Code that used fromDnsInfo . fromInfo changes to use getDnsInfo.
-   * addDNS takes an additional Bool parameter to control whether
-     the DNS info should propagate out of containers. (API change)
-   * Made the PropellorRepo.hasOriginUrl property override the repository
-     url that --spin passes to a host.
-   * PropellorRepo.hasOriginUrl type changed to include HasInfo. (API change)
-   * Fstab.mounted: Create mount point if necessary, and mount it
-     if it's not already mounted.
-     Thanks, Nicolas Schodet
-   * Properties that check for an empty directory now treat a directory
-     containing only "lost+found" as effectively empty, to support
-     situations where the directory is a mount point of an EXT* filesystem.
-     Thanks, Nicolas Schodet
-   * Make addInfo accumulate Info in order properties appear, not
-     reverse order.
-     This fixes a bug involving reverting Systemd.resolvConfed or
-     Systemd.linkJournal."""]]
\ No newline at end of file

Merge branch 'joeyconfig'
fix typography
diff --git a/doc/README.mdwn b/doc/README.mdwn
index a4a38c5f..356c9304 100644
--- a/doc/README.mdwn
+++ b/doc/README.mdwn
@@ -18,12 +18,10 @@ There is fairly complete
 which includes many built-in Properties for dealing with
 [Apt](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Apt.html)
 and
-[Apache](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Apache.html)
-,
+[Apache](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Apache.html),
 [Cron](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Cron.html)
 and
-[Commands](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Cmd.html)
-,
+[Commands](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Cmd.html),
 [Dns](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Dns.html)
 and
 [Docker](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Docker.html), etc.

link to simple quickstart
diff --git a/doc/README.mdwn b/doc/README.mdwn
index a4a38c5f..6d7e6508 100644
--- a/doc/README.mdwn
+++ b/doc/README.mdwn
@@ -56,3 +56,6 @@ see [configuration for the Haskell newbie](https://propellor.branchable.com/hask
    each host becomes tiresome, you can
    [automate that](http://propellor.branchable.com/automated_spins/).
 7. Write some neat new properties and send patches!
+
+(Want to get your feet wet with propellor before plunging in?
+[[try this|forum/Simple_quickstart_without_git__44___SSH__44___GPG]])
diff --git a/doc/forum/Simple_quickstart_without_git__44___SSH__44___GPG/comment_1_031851f4a01a8a4d9fb4bd1f9ac077c8._comment b/doc/forum/Simple_quickstart_without_git__44___SSH__44___GPG/comment_1_031851f4a01a8a4d9fb4bd1f9ac077c8._comment
new file mode 100644
index 00000000..a99e83e2
--- /dev/null
+++ b/doc/forum/Simple_quickstart_without_git__44___SSH__44___GPG/comment_1_031851f4a01a8a4d9fb4bd1f9ac077c8._comment
@@ -0,0 +1,22 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-02-04T16:09:17Z"
+ content="""
+Thank you for this excellent idea and post! I've added a link to it under
+the quick start on the front page.
+
+Propellor's deployment system
+is just what happened to meet my needs, but certianly not ideal for anyone,
+and what I really like about this is it shows how the core of propellor is
+not locked into that one system.
+
+I see that `entr` automatically re-transfers the file when it has changed,
+so am I right that you could use this in combination with eg 
+`stack build --file-watch` to immediately test each change to config.hs?
+
+Do note that your method doesn't transfer over any private data that
+propellor might use on the host. And, some container properties need
+the propellor binary in /usr/local/propellor/ in order to work. 
+But until you need such properties, it's a nice way to get your feet wet.
+"""]]

add news item for propellor 5.3.1
diff --git a/doc/news/version_5.3.0.mdwn b/doc/news/version_5.3.0.mdwn
deleted file mode 100644
index 07900e0b..00000000
--- a/doc/news/version_5.3.0.mdwn
+++ /dev/null
@@ -1,16 +0,0 @@
-propellor 5.3.0 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Avoid bogus warning about new upstream version when /usr/bin/propellor
-     is run on a Debian system, but ~/.propellor was not cloned from the
-     Debian git bundle.
-   * Parted: Allow partitions to have no filesystem, for eg, GPT BIOS boot
-     partitions. (API change)
-   * Added rawPartition to PartSpec, for specifying partitions with no
-     filesystem.
-   * Added BiosGrubFlag to PartFlag.
-   * Add HasCallStack constraint to pickOS and unsupportedOS, so the
-     call stack includes the caller.
-   * Run su with --login, to avoid inheriting some problematic environment
-     variables, such as TMP, from the caller.
-   * Grub: Added properties to configure /etc/default/grub.
-   * Laptop: New module, starting with powertopAutoTuneOnBoot."""]]
\ No newline at end of file
diff --git a/doc/news/version_5.3.1.mdwn b/doc/news/version_5.3.1.mdwn
new file mode 100644
index 00000000..4f660270
--- /dev/null
+++ b/doc/news/version_5.3.1.mdwn
@@ -0,0 +1,5 @@
+propellor 5.3.1 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Last release mistakenly contained my personal branch not master.
+   * contrib/post-merge-hook documentation updated to recommend also using
+     it as a post-checkout hook, to avoid such problems."""]]
\ No newline at end of file

diff --git a/doc/forum/Simple_quickstart_without_git__44___SSH__44___GPG.mdwn b/doc/forum/Simple_quickstart_without_git__44___SSH__44___GPG.mdwn
new file mode 100644
index 00000000..d0920424
--- /dev/null
+++ b/doc/forum/Simple_quickstart_without_git__44___SSH__44___GPG.mdwn
@@ -0,0 +1,35 @@
+I wanted to start using propellor in the most simple way and the requirement to have a GPG key, signed commits, propellor updating itself, and so on was way too much to start with.
+
+So I wrote this Haskell file:
+
+
+    module Main where
+    
+    import           Propellor
+    import           Propellor.Engine
+    import qualified Propellor.Property.Apt as Apt
+    
+    main :: IO ()
+    main = mainProperties myHost
+    
+    myHost :: Host
+    myHost = host "local" $ props
+      & Apt.installed [
+          "etckeeper"
+        , "git"
+        , "rsync"
+        , "tmux"
+        , "tree"
+        , "unattended-upgrades"
+        , "zsh"
+      ]
+
+And then used the Debian package *entr* to scp the executable to a test server and have it executed there:
+
+    echo mytest-exe | entr scp /_ mytesthost:
+
+and on the test host:
+
+    echo mytest-exe | entr sudo ./mytest-exe
+
+Maybe somebody finds this useful as a starting point to learn propellor.

add news item for propellor 5.3.0
diff --git a/doc/news/version_5.2.0.mdwn b/doc/news/version_5.2.0.mdwn
deleted file mode 100644
index 8cd1edaf..00000000
--- a/doc/news/version_5.2.0.mdwn
+++ /dev/null
@@ -1,24 +0,0 @@
-propellor 5.2.0 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
- * [ Joey Hess ]
-   * bootstrappedFrom: Set up local privdata file.
-   * Parted: Fix names used for FAT and VFAT partitions.
-   * Parted: Add an Alignment parameter. (API change)
-     A good default to use is safeAlignment, which is 4MiB,
-     well suited for inexpensive flash drives, and fine for other disks too.
-     Previously, a very non-optimial 1MB (not 1MiB) alignment had been used.
-   * DiskImage: Use safeAlignment. It didn't seem worth making the
-     alignment configurable here.
-   * Fixed rounding bug in Parted.calcPartTable.
-   * DiskImage: Fix rsync crash when a mount point does not exist in the
-     chroot.
-   * Fix bug in unmountBelow that caused unmounting of nested mounts to
-     fail.
-   * Grub.boots, Grub.bootsMounted: Pass --target to grub-install.
-   * Added Propellor.Property.Installer modules, which can be used to create
-     bootable installer disk images, which then run propellor to install
-     a system. This code was extracted from the demo I gave in my
-     talk at DebConf 2017.
- * [ Sean Whitton ]
-   * Sbuild: add notes about Debian jessie hosts and backports of sbuild and
-     autopkgtest."""]]
\ No newline at end of file
diff --git a/doc/news/version_5.3.0.mdwn b/doc/news/version_5.3.0.mdwn
new file mode 100644
index 00000000..07900e0b
--- /dev/null
+++ b/doc/news/version_5.3.0.mdwn
@@ -0,0 +1,16 @@
+propellor 5.3.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Avoid bogus warning about new upstream version when /usr/bin/propellor
+     is run on a Debian system, but ~/.propellor was not cloned from the
+     Debian git bundle.
+   * Parted: Allow partitions to have no filesystem, for eg, GPT BIOS boot
+     partitions. (API change)
+   * Added rawPartition to PartSpec, for specifying partitions with no
+     filesystem.
+   * Added BiosGrubFlag to PartFlag.
+   * Add HasCallStack constraint to pickOS and unsupportedOS, so the
+     call stack includes the caller.
+   * Run su with --login, to avoid inheriting some problematic environment
+     variables, such as TMP, from the caller.
+   * Grub: Added properties to configure /etc/default/grub.
+   * Laptop: New module, starting with powertopAutoTuneOnBoot."""]]
\ No newline at end of file

Added a comment: response
diff --git a/doc/forum/__34__Unknown_host_OS__34___after_merging_recent_propellor/comment_2_8592411690ea524b65e4fba580d51ba8._comment b/doc/forum/__34__Unknown_host_OS__34___after_merging_recent_propellor/comment_2_8592411690ea524b65e4fba580d51ba8._comment
new file mode 100644
index 00000000..430c4e90
--- /dev/null
+++ b/doc/forum/__34__Unknown_host_OS__34___after_merging_recent_propellor/comment_2_8592411690ea524b65e4fba580d51ba8._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="Nicolas.Schodet"
+ avatar="http://cdn.libravatar.org/avatar/0d7ec808ec329d04ee9a93c0da3c0089"
+ subject="response"
+ date="2018-01-29T20:49:46Z"
+ content="""
+Thanks, it works :)
+
+riva4 is not configured by propellor yet, but osDebian does not touch anything so it's OK.
+"""]]

Added a comment
diff --git a/doc/forum/imageBuiltFor_mount_points_not_automatically_created/comment_19_22178bd21d8a44bdd67cad162f71c400._comment b/doc/forum/imageBuiltFor_mount_points_not_automatically_created/comment_19_22178bd21d8a44bdd67cad162f71c400._comment
new file mode 100644
index 00000000..bd34df0a
--- /dev/null
+++ b/doc/forum/imageBuiltFor_mount_points_not_automatically_created/comment_19_22178bd21d8a44bdd67cad162f71c400._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="gueux"
+ avatar="http://cdn.libravatar.org/avatar/2982bac2c2cd94ab3860efb189deafc8"
+ subject="comment 19"
+ date="2018-01-29T17:55:43Z"
+ content="""
+I tried several configurations, without success. Without a serial console, that was not fun to debug... I finally tried to boot the image with qemu, and that worked! So I thought that maybe I should try to use a MSDOS partition table instead of a GPT one, just to be sure. And that finally produced a bootable image on that damn card! :) I'll report a bug to PCEngines. It's unfortunate I can't test the GPT code more, but it would probably work, as it booted in qemu.
+
+Thanks a lot Joey!
+
+"""]]

Add HasCallStack constraint to pickOS and unsupportedOS, so the call stack includes the caller.
This commit was sponsored by Jochen Bartl on Patreon.
diff --git a/debian/changelog b/debian/changelog
index 4545bcd1..2ffe4f8c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,8 @@ propellor (5.3.0) UNRELEASED; urgency=medium
   * Added rawPartition to PartSpec, for specifying partitions with no
     filesystem.
   * Added BiosGrubFlag to PartFlag.
+  * Add HasCallStack constraint to pickOS and unsupportedOS, so the
+    call stack includes the caller.
 
  -- Joey Hess <id@joeyh.name>  Tue, 02 Jan 2018 13:06:45 -0400
 
diff --git a/doc/forum/__34__Unknown_host_OS__34___after_merging_recent_propellor/comment_1_6ed53a6752f3f88acce023a4fe1b9bf6._comment b/doc/forum/__34__Unknown_host_OS__34___after_merging_recent_propellor/comment_1_6ed53a6752f3f88acce023a4fe1b9bf6._comment
new file mode 100644
index 00000000..608bc3e2
--- /dev/null
+++ b/doc/forum/__34__Unknown_host_OS__34___after_merging_recent_propellor/comment_1_6ed53a6752f3f88acce023a4fe1b9bf6._comment
@@ -0,0 +1,27 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-01-24T16:55:19Z"
+ content="""
+This comes from something using `unsupportedOS'`, perhaps via `pickOS`.
+
+Probably it's coming from the use of `Systemd.nspawned`,
+which is going to use debootstrap to build the container,
+since the container uses debian. To use debootstrap,
+it needs to install it, and `Debootstrap.installed`
+uses `pickOS` to work out how to install it, but only supports
+installing debootstrap on linux hosts. Your riva4 host does not have its OS
+declared, leading to the failure.
+
+It seems there ought to be a way to get a deeper call
+stack, to make it easier to work this out. It's possible to build
+propellor with profiling and get a complete call stack, as shown at
+<https://wiki.haskell.org/Debugging#Stack_trace>. It might make sense for
+propellor to always be built that way. 
+
+A simpler approach is to 
+add `HasCallStack =>` constraints to `pickOS` and `unsupportedOS'`,
+so that those will have a call stack that reaches back to their
+caller, which in your case would reach back to `Debootstrap.installed`,
+which is probably enough. For now, I've made this change.
+"""]]
diff --git a/src/Propellor/Property.hs b/src/Propellor/Property.hs
index 884ee683..8c0a5859 100644
--- a/src/Propellor/Property.hs
+++ b/src/Propellor/Property.hs
@@ -55,6 +55,7 @@ import Data.Maybe
 import Data.List
 import Data.Hashable
 import Control.Applicative
+import GHC.Stack
 import Prelude
 
 import Propellor.Types
@@ -283,6 +284,7 @@ isNewerThan x y = do
 -- fail that way.
 pickOS
 	::
+		HasCallStack =>
 		( SingKind ('KProxy :: KProxy ka)
 		, SingKind ('KProxy :: KProxy kb)
 		, DemoteRep ('KProxy :: KProxy ka) ~ [MetaType]
@@ -344,7 +346,7 @@ unsupportedOS = property "unsupportedOS" unsupportedOS'
 
 -- | Throws an error, for use in `withOS` when a property is lacking
 -- support for an OS.
-unsupportedOS' :: Propellor Result
+unsupportedOS' :: HasCallStack => Propellor Result
 unsupportedOS' = go =<< getOS
 	  where
 		go Nothing = error "Unknown host OS is not supported by this property."

creating "Unknown host OS" after merging recent propellor
diff --git a/doc/forum/__34__Unknown_host_OS__34___after_merging_recent_propellor.mdwn b/doc/forum/__34__Unknown_host_OS__34___after_merging_recent_propellor.mdwn
new file mode 100644
index 00000000..8625ee00
--- /dev/null
+++ b/doc/forum/__34__Unknown_host_OS__34___after_merging_recent_propellor.mdwn
@@ -0,0 +1,43 @@
+Hello,
+
+I merged 5.2.0 into my .propellor, last merge was merging f6797bed.
+
+Since the merge, when I try to spin, I get:
+
+    riva4.ni.fr.eu.org has ipv4 91.121.114.4 ... ok
+    ** warning: Unknown host OS is not supported by this property.
+    CallStack (from HasCallStack):
+      error, called at src/Propellor/Property.hs:350:30 in main:Propellor.Property
+    riva4.ni.fr.eu.org container vz-web2 ... failed
+    riva4.ni.fr.eu.org overall ... failed
+
+I have in my config.hs:
+
+    riva4 :: Host   
+    riva4 = host "riva4.ni.fr.eu.org" $ props
+	    & ipv4 "91.121.114.4"
+	    & stdContainerSpawn "vz-web2" "2g" vzWeb2
+
+    stdContainerSpawn :: Systemd.MachineName
+		      -> String
+		      -> Systemd.Container
+		      -> Property (HasInfo + DebianLike)
+    stdContainerSpawn name size container =
+	    Lvm.lvFormatted Lvm.YesReallyFormatLogicalVolume
+		    (Lvm.LogicalVolume name (Lvm.VolumeGroup "vg0")) size
+		    Partition.EXT4
+		    `before` Fstab.mounted "auto" dev dir mempty
+		    `before` Systemd.nspawned container
+		    `describe` ("container " ++ name)
+      where 
+	    dev = "/dev/vg0" </> name
+	    dir = "/var/lib/container" </> name
+
+    vzWeb2 :: Systemd.Container
+    vzWeb2 = Systemd.debContainer "vz-web2" $ props
+	    & osDebian (Stable "stretch") X86_64
+	    & ipv4 "10.42.2.13"
+
+I reviewed all changes in propellor, but I cannot find what can cause this.
+
+How can I debug this?

Added a comment
diff --git a/doc/todo/partition_properties_should_install_e2fsprogs/comment_2_54a6e8a53221d0db2fe37703cd0a011d._comment b/doc/todo/partition_properties_should_install_e2fsprogs/comment_2_54a6e8a53221d0db2fe37703cd0a011d._comment
new file mode 100644
index 00000000..e7527bdc
--- /dev/null
+++ b/doc/todo/partition_properties_should_install_e2fsprogs/comment_2_54a6e8a53221d0db2fe37703cd0a011d._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 2"
+ date="2018-01-19T22:59:44Z"
+ content="""
+Thanks for checking this!
+"""]]

followup and close
diff --git a/doc/todo/partition_properties_should_install_e2fsprogs.mdwn b/doc/todo/partition_properties_should_install_e2fsprogs.mdwn
index 02b9491f..7232bdeb 100644
--- a/doc/todo/partition_properties_should_install_e2fsprogs.mdwn
+++ b/doc/todo/partition_properties_should_install_e2fsprogs.mdwn
@@ -1 +1,3 @@
 The e2fsprogs package is becoming non-essential in Debian.  Properties that invoke `mkfs.ext*` should start explicitly requiring that the package is installed (probably using `Apt.installed`).  --spwhitton
+
+> [[done]] seems no change needed --[[Joey]]
diff --git a/doc/todo/partition_properties_should_install_e2fsprogs/comment_1_0a6335e03587b18d5ae085f9a7bc0656._comment b/doc/todo/partition_properties_should_install_e2fsprogs/comment_1_0a6335e03587b18d5ae085f9a7bc0656._comment
new file mode 100644
index 00000000..555ae84f
--- /dev/null
+++ b/doc/todo/partition_properties_should_install_e2fsprogs/comment_1_0a6335e03587b18d5ae085f9a7bc0656._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-01-17T17:02:36Z"
+ content="""
+AFAICS, only Partition.formatted runs that, and it's always made sure to
+install e2fsprogs.
+
+Closing this, unless you know of something else that my grep didn't turn
+up.
+"""]]

fix syntax
diff --git a/doc/todo/Sbuild_and_jessie.mdwn b/doc/todo/Sbuild_and_jessie.mdwn
index 4960c5d8..d90a23a3 100644
--- a/doc/todo/Sbuild_and_jessie.mdwn
+++ b/doc/todo/Sbuild_and_jessie.mdwn
@@ -22,4 +22,4 @@ Cheers and thanks for this new Sbuild which is really nice :))
 
 Frederic
 
-:[[done]] --spwhitton
+> [[done]] --spwhitton

patch merged
diff --git a/doc/todo/Sbuild_and_jessie.mdwn b/doc/todo/Sbuild_and_jessie.mdwn
index 3786a26f..4960c5d8 100644
--- a/doc/todo/Sbuild_and_jessie.mdwn
+++ b/doc/todo/Sbuild_and_jessie.mdwn
@@ -21,3 +21,5 @@ So to my opinion the autopkgtest dependency is missing.
 Cheers and thanks for this new Sbuild which is really nice :))
 
 Frederic
+
+:[[done]] --spwhitton

rename forum/Sbuild_and_jessie.mdwn to todo/Sbuild_and_jessie.mdwn
diff --git a/doc/forum/Sbuild_and_jessie.mdwn b/doc/todo/Sbuild_and_jessie.mdwn
similarity index 100%
rename from doc/forum/Sbuild_and_jessie.mdwn
rename to doc/todo/Sbuild_and_jessie.mdwn
diff --git a/doc/forum/Sbuild_and_jessie/comment_1_31dc85774c182a583aeb1935e9fef2d6._comment b/doc/todo/Sbuild_and_jessie/comment_1_31dc85774c182a583aeb1935e9fef2d6._comment
similarity index 100%
rename from doc/forum/Sbuild_and_jessie/comment_1_31dc85774c182a583aeb1935e9fef2d6._comment
rename to doc/todo/Sbuild_and_jessie/comment_1_31dc85774c182a583aeb1935e9fef2d6._comment
diff --git a/doc/forum/Sbuild_and_jessie/comment_2_41ed6253709b18ec799624a66b9b8078._comment b/doc/todo/Sbuild_and_jessie/comment_2_41ed6253709b18ec799624a66b9b8078._comment
similarity index 100%
rename from doc/forum/Sbuild_and_jessie/comment_2_41ed6253709b18ec799624a66b9b8078._comment
rename to doc/todo/Sbuild_and_jessie/comment_2_41ed6253709b18ec799624a66b9b8078._comment
diff --git a/doc/forum/Sbuild_and_jessie/comment_3_a4d6fdbed71270d7a4ffbfe98d1aa479._comment b/doc/todo/Sbuild_and_jessie/comment_3_a4d6fdbed71270d7a4ffbfe98d1aa479._comment
similarity index 100%
rename from doc/forum/Sbuild_and_jessie/comment_3_a4d6fdbed71270d7a4ffbfe98d1aa479._comment
rename to doc/todo/Sbuild_and_jessie/comment_3_a4d6fdbed71270d7a4ffbfe98d1aa479._comment
diff --git a/doc/forum/Sbuild_and_jessie/comment_4_9e409a59abc81786481207ffbbd7c3ac._comment b/doc/todo/Sbuild_and_jessie/comment_4_9e409a59abc81786481207ffbbd7c3ac._comment
similarity index 100%
rename from doc/forum/Sbuild_and_jessie/comment_4_9e409a59abc81786481207ffbbd7c3ac._comment
rename to doc/todo/Sbuild_and_jessie/comment_4_9e409a59abc81786481207ffbbd7c3ac._comment
diff --git a/doc/forum/Sbuild_and_jessie/comment_5_6303943e3425b29b1e4727d809574cda._comment b/doc/todo/Sbuild_and_jessie/comment_5_6303943e3425b29b1e4727d809574cda._comment
similarity index 100%
rename from doc/forum/Sbuild_and_jessie/comment_5_6303943e3425b29b1e4727d809574cda._comment
rename to doc/todo/Sbuild_and_jessie/comment_5_6303943e3425b29b1e4727d809574cda._comment
diff --git a/doc/forum/Sbuild_and_jessie/comment_6_a88b331c80f57acdf55ac0c0ce3dce6f._comment b/doc/todo/Sbuild_and_jessie/comment_6_a88b331c80f57acdf55ac0c0ce3dce6f._comment
similarity index 100%
rename from doc/forum/Sbuild_and_jessie/comment_6_a88b331c80f57acdf55ac0c0ce3dce6f._comment
rename to doc/todo/Sbuild_and_jessie/comment_6_a88b331c80f57acdf55ac0c0ce3dce6f._comment
diff --git a/doc/forum/Sbuild_and_jessie/comment_7_38650a2151201eaf6f40d8becbbe8861._comment b/doc/todo/Sbuild_and_jessie/comment_7_38650a2151201eaf6f40d8becbbe8861._comment
similarity index 100%
rename from doc/forum/Sbuild_and_jessie/comment_7_38650a2151201eaf6f40d8becbbe8861._comment
rename to doc/todo/Sbuild_and_jessie/comment_7_38650a2151201eaf6f40d8becbbe8861._comment

submit bug report
diff --git a/doc/todo/partition_properties_should_install_e2fsprogs.mdwn b/doc/todo/partition_properties_should_install_e2fsprogs.mdwn
new file mode 100644
index 00000000..02b9491f
--- /dev/null
+++ b/doc/todo/partition_properties_should_install_e2fsprogs.mdwn
@@ -0,0 +1 @@
+The e2fsprogs package is becoming non-essential in Debian.  Properties that invoke `mkfs.ext*` should start explicitly requiring that the package is installed (probably using `Apt.installed`).  --spwhitton

response
diff --git a/doc/forum/Executing_a_property_within_a_explicit_CWD/comment_3_60154b98f64306e627a417905e2bef73._comment b/doc/forum/Executing_a_property_within_a_explicit_CWD/comment_3_60154b98f64306e627a417905e2bef73._comment
new file mode 100644
index 00000000..e24bc461
--- /dev/null
+++ b/doc/forum/Executing_a_property_within_a_explicit_CWD/comment_3_60154b98f64306e627a417905e2bef73._comment
@@ -0,0 +1,16 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2018-01-08T22:52:51Z"
+ content="""
+That is what I was suggesting yes.
+
+Another way to do it is using `cmdProperty'`, for example:
+
+	import Utility.Process
+	import Propellor.Property.Cmd
+
+	foo = cmdProperty' "apt-get" ["-y", "install", "gitlab"]
+		(\p -> p { cwd = Just "/tmp" })
+		`assume` MadeChange
+"""]]

Added a comment: To be sure to understand…
diff --git a/doc/forum/Executing_a_property_within_a_explicit_CWD/comment_2_b9ba322a7770ca537174795792ec0a40._comment b/doc/forum/Executing_a_property_within_a_explicit_CWD/comment_2_b9ba322a7770ca537174795792ec0a40._comment
new file mode 100644
index 00000000..aba3618f
--- /dev/null
+++ b/doc/forum/Executing_a_property_within_a_explicit_CWD/comment_2_b9ba322a7770ca537174795792ec0a40._comment
@@ -0,0 +1,18 @@
+[[!comment format=mdwn
+ username="serge1cohen@4282f0c177ae4ac2f90ceddf63d2281e1f739cb1"
+ nickname="serge1cohen"
+ avatar="http://cdn.libravatar.org/avatar/c86bcca74216ed367c91a99ff27259f0"
+ subject="To be sure to understand…"
+ date="2018-01-08T20:49:28Z"
+ content="""
+Hi again,
+
+Thanks for the swift answer. As I am not (yet ?-) an expert of either Haskell or Propellor I'd prefer to be sure before going further.
+Your proposal is to somehow «copy» the machinery of Apt.installed and Apt.reConfigure but using this time «createProcess with {cwd = whatever}». And I should find useful examples/snippets to implement this in the Property.DnsSec.forceZoneSigned sources.
+
+If I manage that I'll definitely propose a contribution on it :-)
+
+By the way, thanks for the complete system. As often elegance comes with a great quality of use !
+
+Serge.
+"""]]

response
diff --git a/doc/forum/Executing_a_property_within_a_explicit_CWD/comment_1_00e636c4ec122361213f0e1062569704._comment b/doc/forum/Executing_a_property_within_a_explicit_CWD/comment_1_00e636c4ec122361213f0e1062569704._comment
new file mode 100644
index 00000000..b898b822
--- /dev/null
+++ b/doc/forum/Executing_a_property_within_a_explicit_CWD/comment_1_00e636c4ec122361213f0e1062569704._comment
@@ -0,0 +1,15 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-01-08T18:33:06Z"
+ content="""
+Since propellor can run multiple properties at the same time
+(Propellor.Property.Concurrent), setting the CWD while running a property
+is probably not a good idea, as it would affect any other property that's
+currently running. Might be possible to fork and set CWD, 
+but haskell is not great at supporting fork w/o exec.
+
+Instead, the best way to do it is to use `createProcess` with
+`{cwd = whatever}` when your property runs apt and dpkg-reconfigure.
+See Property.DnsSec.forceZoneSigned for an example.
+"""]]

diff --git a/doc/forum/Executing_a_property_within_a_explicit_CWD.mdwn b/doc/forum/Executing_a_property_within_a_explicit_CWD.mdwn
new file mode 100644
index 00000000..e1b6ae7b
--- /dev/null
+++ b/doc/forum/Executing_a_property_within_a_explicit_CWD.mdwn
@@ -0,0 +1,11 @@
+I am trying to create a Property to install (and configure) gitlab through Propellor.
+To perform the installation and configuration I am using Apt.installed and Apt.reConfigure. When ever Propellor has to go though configuration of the package it «fails» (cf. bug report on gitlab package : 
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886657
+
+Awaiting a resolution of the bug itself, a workaround would be to perform the apt-get install or dpkg-reconfigure from a «world-readable» directory (such as /tmp or /etc or ...). Currently these properties are executed with CWD eing the propellor repository.
+
+I have looked for, but not found yet, a way to perform the work of this property within a specific directory.
+
+Thanks in advance for any help or pointers,
+
+Serge.

Added a comment: central git repository git.joeyh.name
diff --git a/doc/forum/secret-project_deliverable/comment_14_4b6959a061c468f3498005fce19019d0._comment b/doc/forum/secret-project_deliverable/comment_14_4b6959a061c468f3498005fce19019d0._comment
new file mode 100644
index 00000000..70e222fc
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_14_4b6959a061c468f3498005fce19019d0._comment
@@ -0,0 +1,82 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="central git repository git.joeyh.name"
+ date="2018-01-07T22:10:40Z"
+ content="""
+I got my copy of `secret-project` by
+
+	git clone https://git.joeyh.name/git/secret-project.git
+
+During build it tries to contact git.joeyh.name
+
+	$ propellor
+	Pull from central git repository ... done
+	Copying from /home/stappers/src/secret-project/.stack-work/install/x86_64-linux-nopie/lts-8.12/8.0.2/bin/propellor-config to /home/stappers/src/secret-project/.built/propellor-config
+	
+	Copied executables to /home/stappers/src/secret-project/.built:
+	- propellor-config
+	
+	Warning: Installation path /home/stappers/src/secret-project/.built
+	         not found on the PATH environment variable.
+	Propellor build ... done
+	[master 7d7bc07] propellor spin
+	Git commit ... done
+	error: Cannot access URL https://git.joeyh.name/git/secret-project.git/, return code 22
+	fatal: git-http-push failed
+	error: failed to push some refs to 'https://git.joeyh.name/git/secret-Push to central git repository ... failed
+	project.git'
+	Stop listening request sent.
+	Pull from central git repository ... done
+	Sending privdata (11 bytes) to paddy.gpm.stappers.nl ... done
+	remote: Counting objects: 1, done.        
+	remote: Total 1 (delta 0), reused 0 (delta 0)        
+	Sending git update to paddy.gpm.stappers.nl ... done
+	From .
+	 * branch            HEAD       -> FETCH_HEAD
+	Pull from central git repository ... done
+	Copying from /usr/local/propellor/.stack-work/install/x86_64-linux-nopie/lts-8.12/8.0.2/bin/propellor-config to /usr/local/propellor/.built/propellor-config
+	
+	Copied executables to /usr/local/propellor/.built:
+	- propellor-config
+	
+	Warning: Installation path /usr/local/propellor/.built not found on the PATH environment variable.
+	Propellor build ... done
+	Pull from central git repository ... done
+	paddy.gpm.stappers.nl has propellor bootstrapped with stack ... ok
+	paddy.gpm.stappers.nl has Operating System (Debian Linux Unstable) X86_64 ... ok
+	debian.local no services started ... ok
+	debian.local has Operating System (Debian Linux Unstable) X86_64 ... ok
+	debian.local sane hostname ... ok
+	debian.local standard sources.list ... ok
+	debian.local apt installed linux-image-amd64 ... ok
+	debian.local grub package installed ... ok
+	debian.local XFCE desktop installed ... ok
+	debian.local apt installed firefox ... ok
+	debian.local en_US.UTF-8 locale selected ... ok
+	fatal: unable to access 'https://git.joeyh.name/git/secret-project.git/': Could not resolve host: git.joeyh.name
+	debian.local has propellor bootstrapped with stack ... ok
+	debian.local Propellor bootstrapped ... failed
+	debian.local user installer in group audio ... ok
+	debian.local user installer in group cdrom ... ok
+	debian.local user installer in group dip ... ok
+	debian.local user installer in group floppy ... ok
+	debian.local user installer in group video ... ok
+	debian.local user installer in group plugdev ... ok
+	debian.local user installer in group netdev ... ok
+	debian.local user installer in group scanner ... ok
+	debian.local user installer in group lpadmin ... ok
+	debian.local has desktop user installer and not has desktop user user ... done
+	debian.local autostart installer UI ... ok
+	debian.local apt installed rsync ... ok
+	debian.local cache cleaned ... ok
+	paddy.gpm.stappers.nl built disk image /srv/installer.vmdk ... failed
+	paddy.gpm.stappers.nl overall ... failed
+	Shared connection to paddy.gpm.stappers.nl closed.
+	propellor: remote propellor failed
+	$ 
+
+How to avoid connecting to git.joeyh.name during build?
+
+"""]]

removed
diff --git a/doc/forum/secret-project_deliverable/comment_14_7296343b6f1d2906127ed138c64f82c6._comment b/doc/forum/secret-project_deliverable/comment_14_7296343b6f1d2906127ed138c64f82c6._comment
deleted file mode 100644
index 75cb4292..00000000
--- a/doc/forum/secret-project_deliverable/comment_14_7296343b6f1d2906127ed138c64f82c6._comment
+++ /dev/null
@@ -1,77 +0,0 @@
-[[!comment format=mdwn
- username="stappers@eb96885816da287c29f6f699999434d532149234"
- nickname="stappers"
- avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
- subject="central git repository git.joeyh.name"
- date="2018-01-07T22:05:10Z"
- content="""
-I got my copy of `secret-project` by
-
-
-	$ propellor
-	Pull from central git repository ... done
-	Copying from /home/stappers/src/secret-project/.stack-work/install/x86_64-linux-nopie/lts-8.12/8.0.2/bin/propellor-config to /home/stappers/src/secret-project/.built/propellor-config
-	
-	Copied executables to /home/stappers/src/secret-project/.built:
-	- propellor-config
-	
-	Warning: Installation path /home/stappers/src/secret-project/.built
-	         not found on the PATH environment variable.
-	Propellor build ... done
-	[master 7d7bc07] propellor spin
-	Git commit ... done
-	error: Cannot access URL https://git.joeyh.name/git/secret-project.git/, return code 22
-	fatal: git-http-push failed
-	error: failed to push some refs to 'https://git.joeyh.name/git/secret-Push to central git repository ... failed
-	project.git'
-	Stop listening request sent.
-	Pull from central git repository ... done
-	Sending privdata (11 bytes) to paddy.gpm.stappers.nl ... done
-	remote: Counting objects: 1, done.        
-	remote: Total 1 (delta 0), reused 0 (delta 0)        
-	Sending git update to paddy.gpm.stappers.nl ... done
-	From .
-	 * branch            HEAD       -> FETCH_HEAD
-	Pull from central git repository ... done
-	Copying from /usr/local/propellor/.stack-work/install/x86_64-linux-nopie/lts-8.12/8.0.2/bin/propellor-config to /usr/local/propellor/.built/propellor-config
-	
-	Copied executables to /usr/local/propellor/.built:
-	- propellor-config
-	
-	Warning: Installation path /usr/local/propellor/.built not found on the PATH environment variable.
-	Propellor build ... done
-	Pull from central git repository ... done
-	paddy.gpm.stappers.nl has propellor bootstrapped with stack ... ok
-	paddy.gpm.stappers.nl has Operating System (Debian Linux Unstable) X86_64 ... ok
-	debian.local no services started ... ok
-	debian.local has Operating System (Debian Linux Unstable) X86_64 ... ok
-	debian.local sane hostname ... ok
-	debian.local standard sources.list ... ok
-	debian.local apt installed linux-image-amd64 ... ok
-	debian.local grub package installed ... ok
-	debian.local XFCE desktop installed ... ok
-	debian.local apt installed firefox ... ok
-	debian.local en_US.UTF-8 locale selected ... ok
-	fatal: unable to access 'https://git.joeyh.name/git/secret-project.git/': Could not resolve host: git.joeyh.name
-	debian.local has propellor bootstrapped with stack ... ok
-	debian.local Propellor bootstrapped ... failed
-	debian.local user installer in group audio ... ok
-	debian.local user installer in group cdrom ... ok
-	debian.local user installer in group dip ... ok
-	debian.local user installer in group floppy ... ok
-	debian.local user installer in group video ... ok
-	debian.local user installer in group plugdev ... ok
-	debian.local user installer in group netdev ... ok
-	debian.local user installer in group scanner ... ok
-	debian.local user installer in group lpadmin ... ok
-	debian.local has desktop user installer and not has desktop user user ... done
-	debian.local autostart installer UI ... ok
-	debian.local apt installed rsync ... ok
-	debian.local cache cleaned ... ok
-	paddy.gpm.stappers.nl built disk image /srv/installer.vmdk ... failed
-	paddy.gpm.stappers.nl overall ... failed
-	Shared connection to paddy.gpm.stappers.nl closed.
-	propellor: remote propellor failed
-	$ 
-
-"""]]

Added a comment: central git repository git.joeyh.name
diff --git a/doc/forum/secret-project_deliverable/comment_14_7296343b6f1d2906127ed138c64f82c6._comment b/doc/forum/secret-project_deliverable/comment_14_7296343b6f1d2906127ed138c64f82c6._comment
new file mode 100644
index 00000000..75cb4292
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_14_7296343b6f1d2906127ed138c64f82c6._comment
@@ -0,0 +1,77 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="central git repository git.joeyh.name"
+ date="2018-01-07T22:05:10Z"
+ content="""
+I got my copy of `secret-project` by
+
+
+	$ propellor
+	Pull from central git repository ... done
+	Copying from /home/stappers/src/secret-project/.stack-work/install/x86_64-linux-nopie/lts-8.12/8.0.2/bin/propellor-config to /home/stappers/src/secret-project/.built/propellor-config
+	
+	Copied executables to /home/stappers/src/secret-project/.built:
+	- propellor-config
+	
+	Warning: Installation path /home/stappers/src/secret-project/.built
+	         not found on the PATH environment variable.
+	Propellor build ... done
+	[master 7d7bc07] propellor spin
+	Git commit ... done
+	error: Cannot access URL https://git.joeyh.name/git/secret-project.git/, return code 22
+	fatal: git-http-push failed
+	error: failed to push some refs to 'https://git.joeyh.name/git/secret-Push to central git repository ... failed
+	project.git'
+	Stop listening request sent.
+	Pull from central git repository ... done
+	Sending privdata (11 bytes) to paddy.gpm.stappers.nl ... done
+	remote: Counting objects: 1, done.        
+	remote: Total 1 (delta 0), reused 0 (delta 0)        
+	Sending git update to paddy.gpm.stappers.nl ... done
+	From .
+	 * branch            HEAD       -> FETCH_HEAD
+	Pull from central git repository ... done
+	Copying from /usr/local/propellor/.stack-work/install/x86_64-linux-nopie/lts-8.12/8.0.2/bin/propellor-config to /usr/local/propellor/.built/propellor-config
+	
+	Copied executables to /usr/local/propellor/.built:
+	- propellor-config
+	
+	Warning: Installation path /usr/local/propellor/.built not found on the PATH environment variable.
+	Propellor build ... done
+	Pull from central git repository ... done
+	paddy.gpm.stappers.nl has propellor bootstrapped with stack ... ok
+	paddy.gpm.stappers.nl has Operating System (Debian Linux Unstable) X86_64 ... ok
+	debian.local no services started ... ok
+	debian.local has Operating System (Debian Linux Unstable) X86_64 ... ok
+	debian.local sane hostname ... ok
+	debian.local standard sources.list ... ok
+	debian.local apt installed linux-image-amd64 ... ok
+	debian.local grub package installed ... ok
+	debian.local XFCE desktop installed ... ok
+	debian.local apt installed firefox ... ok
+	debian.local en_US.UTF-8 locale selected ... ok
+	fatal: unable to access 'https://git.joeyh.name/git/secret-project.git/': Could not resolve host: git.joeyh.name
+	debian.local has propellor bootstrapped with stack ... ok
+	debian.local Propellor bootstrapped ... failed
+	debian.local user installer in group audio ... ok
+	debian.local user installer in group cdrom ... ok
+	debian.local user installer in group dip ... ok
+	debian.local user installer in group floppy ... ok
+	debian.local user installer in group video ... ok
+	debian.local user installer in group plugdev ... ok
+	debian.local user installer in group netdev ... ok
+	debian.local user installer in group scanner ... ok
+	debian.local user installer in group lpadmin ... ok
+	debian.local has desktop user installer and not has desktop user user ... done
+	debian.local autostart installer UI ... ok
+	debian.local apt installed rsync ... ok
+	debian.local cache cleaned ... ok
+	paddy.gpm.stappers.nl built disk image /srv/installer.vmdk ... failed
+	paddy.gpm.stappers.nl overall ... failed
+	Shared connection to paddy.gpm.stappers.nl closed.
+	propellor: remote propellor failed
+	$ 
+
+"""]]

PTUUID
diff --git a/doc/todo/removable_drive_partitioning_and_install.mdwn b/doc/todo/removable_drive_partitioning_and_install.mdwn
index ac270109..e88673c3 100644
--- a/doc/todo/removable_drive_partitioning_and_install.mdwn
+++ b/doc/todo/removable_drive_partitioning_and_install.mdwn
@@ -25,12 +25,29 @@ Open design questions:
 
   Question: When using microsd card adapter, does the serial number pass
   through so different microsds can be distinguished?
+
   > Checked this, and two microsd card adapters from different
   > manufacturers with different microsd cards have the same by-id.
   > Those must have no serial number..
   > 
   > Also, a USB SD/microSD reader had the same by-id for multiple cards.
 
+  > > For disks with a MBR, there's a disk identifier / volume id, 
+  > > which should uniquely identify that disk,
+  > > as long as propellor does not overwrite the MBR when imaging it.
+  > > And, GPT has a similar disk GUID.
+  > >
+  > > /dev/disk/by-partuuid exposes this. Some documentation suggests
+  > > it's GPT-only, but my laptop is not GPT and its MBR disk identifier
+  > > shows up there. Oddly, that points to /dev/sda1 and not /dev/sda.
+  > >
+  > > blkid can also display it, as the PTUUID, which works for
+  > > both GPT and MBT.
+  > > --[[Joey]]
+
+	root@darkstar:/home/joey>blkid /dev/sda
+	/dev/sda: PTUUID="d0497bc6" PTTYPE="dos"
+
 * Should an already imaged drive be updated incrementally or re-imaged?
   Seems both cases would be useful, the former especially for incrementally
   configuring it, the latter to bring it up from a clean state.

update
diff --git a/doc/todo/removable_drive_partitioning_and_install.mdwn b/doc/todo/removable_drive_partitioning_and_install.mdwn
index 891c3b92..ac270109 100644
--- a/doc/todo/removable_drive_partitioning_and_install.mdwn
+++ b/doc/todo/removable_drive_partitioning_and_install.mdwn
@@ -28,6 +28,8 @@ Open design questions:
   > Checked this, and two microsd card adapters from different
   > manufacturers with different microsd cards have the same by-id.
   > Those must have no serial number..
+  > 
+  > Also, a USB SD/microSD reader had the same by-id for multiple cards.
 
 * Should an already imaged drive be updated incrementally or re-imaged?
   Seems both cases would be useful, the former especially for incrementally

changes to allow GPT BIOS boot partitions
* Parted: Allow partitions to have no filesystem, for eg, GPT BIOS boot
partitions. (API change)
* Added rawPartition to PartSpec, for specifying partitions with no
filesystem.
* Added BiosGrubFlag to PartFlag.
Note that man parted does not list the "bios_boot" flag, but I found it in
its html documentation. Other flags may also be missing.
This commit was sponsored by Boyd Stephen Smith Jr. on Patreon.
diff --git a/debian/changelog b/debian/changelog
index 8923b94a..4545bcd1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,13 @@
-propellor (5.2.1) UNRELEASED; urgency=medium
+propellor (5.3.0) UNRELEASED; urgency=medium
 
   * Avoid bogus warning about new upstream version when /usr/bin/propellor
     is run on a Debian system, but ~/.propellor was not cloned from the
     Debian git bundle.
+  * Parted: Allow partitions to have no filesystem, for eg, GPT BIOS boot
+    partitions. (API change)
+  * Added rawPartition to PartSpec, for specifying partitions with no
+    filesystem.
+  * Added BiosGrubFlag to PartFlag.
 
  -- Joey Hess <id@joeyh.name>  Tue, 02 Jan 2018 13:06:45 -0400
 
diff --git a/doc/forum/imageBuiltFor_mount_points_not_automatically_created/comment_18_adea3a8a65cf954a5244bbb47a1636e4._comment b/doc/forum/imageBuiltFor_mount_points_not_automatically_created/comment_18_adea3a8a65cf954a5244bbb47a1636e4._comment
new file mode 100644
index 00000000..8a9a380e
--- /dev/null
+++ b/doc/forum/imageBuiltFor_mount_points_not_automatically_created/comment_18_adea3a8a65cf954a5244bbb47a1636e4._comment
@@ -0,0 +1,26 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 18"""
+ date="2018-01-06T17:51:05Z"
+ content="""
+I don't know much about GPT boot stuff. I found mention of a BIOS boot
+partition for GPT here:
+
+<https://help.ubuntu.com/community/DiskSpace>
+
+So, 1 mb partition with no filesystem and a "bios_grub" flag.
+
+Propellor's partitioning DSL will need to be extended in order to
+support that. Currently, `Partition` has a `Fs` that is one of the common
+filesystems or swap. Now we need no filesystem, so either add a NoFs to Fs,
+or change it to use `Maybe Fs`. I chose the latter, because with NoFs,
+Partition.formatted would be a no-op, which would be kinda surprising.
+
+I've made a commit adding all the stuff you should need, but I have not
+tested making a BIOS boot partition with it. Should look
+something like this:
+
+	& hasPartition (rawPartition (MegaBytes 1) `setFlag` BiosGrubFlag)
+
+If you get it working, it would be good to add an example to propellor's docs.
+"""]]
diff --git a/src/Propellor/Property/DiskImage.hs b/src/Propellor/Property/DiskImage.hs
index 24459476..289de151 100644
--- a/src/Propellor/Property/DiskImage.hs
+++ b/src/Propellor/Property/DiskImage.hs
@@ -420,7 +420,7 @@ imageFinalized final img mnts mntopts devs (PartTable _ _ parts) =
 	orderedmntsdevs = sortBy (compare `on` fst) $ zip mnts (zip mntopts devs)
 
 	swaps = map (SwapPartition . partitionLoopDev . snd) $
-		filter ((== LinuxSwap) . partFs . fst) $
+		filter ((== Just LinuxSwap) . partFs . fst) $
 			zip parts devs
 
 	mountall top = forM_ orderedmntsdevs $ \(mp, (mopts, loopdev)) -> case mp of
diff --git a/src/Propellor/Property/DiskImage/PartSpec.hs b/src/Propellor/Property/DiskImage/PartSpec.hs
index 942cfa3e..b78e4280 100644
--- a/src/Propellor/Property/DiskImage/PartSpec.hs
+++ b/src/Propellor/Property/DiskImage/PartSpec.hs
@@ -9,6 +9,7 @@ module Propellor.Property.DiskImage.PartSpec (
 	partition,
 	-- * PartSpec combinators
 	swapPartition,
+	rawPartition,
 	mountedAt,
 	addFreeSpace,
 	setSize,
@@ -48,11 +49,15 @@ import Data.Ord
 -- The partition is not mounted anywhere by default; use the combinators
 -- below to configure it.
 partition :: Monoid t => Fs -> PartSpec t
-partition fs = (Nothing, mempty, mkPartition fs, mempty)
+partition fs = (Nothing, mempty, mkPartition (Just fs), mempty)
 
 -- | Specifies a swap partition of a given size.
 swapPartition :: Monoid t => PartSize -> PartSpec t
-swapPartition sz = (Nothing, mempty, const (mkPartition LinuxSwap sz), mempty)
+swapPartition sz = (Nothing, mempty, const (mkPartition (Just LinuxSwap) sz), mempty)
+
+-- | Specifies a partition without any filesystem, of a given size.
+rawPartition :: Monoid t => PartSize -> PartSpec t
+rawPartition sz = (Nothing, mempty, const (mkPartition Nothing sz), mempty)
 
 -- | Specifies where to mount a partition.
 mountedAt :: PartSpec t -> MountPoint -> PartSpec t
diff --git a/src/Propellor/Property/Installer/Target.hs b/src/Propellor/Property/Installer/Target.hs
index 62ec4082..80e660ad 100644
--- a/src/Propellor/Property/Installer/Target.hs
+++ b/src/Propellor/Property/Installer/Target.hs
@@ -246,10 +246,10 @@ fstabLists userinput (TargetPartTable _ partspecs) = setup <!> doNothing
 	
 	partitions = map (\(mp, _, mkpart, _) -> (mp, mkpart mempty)) partspecs
 	mnts = mapMaybe fst $
-		filter (\(_, p) -> partFs p /= LinuxSwap) partitions
+		filter (\(_, p) -> partFs p /= Just LinuxSwap && partFs p /= Nothing) partitions
 	swaps targetdev = 
 		map (Fstab.SwapPartition . diskPartition targetdev . snd) $
-			filter (\((_, p), _) -> partFs p == LinuxSwap)
+			filter (\((_, p), _) -> partFs p == Just LinuxSwap)
 				(zip partitions partNums)
 
 -- | Make the target bootable using whatever bootloader is installed on it.
diff --git a/src/Propellor/Property/Parted.hs b/src/Propellor/Property/Parted.hs
index 97cf815e..81b84972 100644
--- a/src/Propellor/Property/Parted.hs
+++ b/src/Propellor/Property/Parted.hs
@@ -62,8 +62,10 @@ partitioned eep disk parttable@(PartTable _ _ parts) = property' desc $ \w -> do
   where
 	desc = disk ++ " partitioned"
 	formatl devs = combineProperties desc (toProps $ map format (zip parts devs))
-	format (p, dev) = Partition.formatted' (partMkFsOpts p)
-		Partition.YesReallyFormatPartition (partFs p) dev
+	format (p, dev) = case partFs p of
+		Just fs -> Partition.formatted' (partMkFsOpts p)
+			Partition.YesReallyFormatPartition fs dev
+		Nothing -> doNothing
 
 -- | Gets the total size of the disk specified by the partition table.
 partTableSize :: PartTable -> ByteSize
@@ -81,12 +83,12 @@ calcPartedParamsSize (PartTable tabletype alignment parts) =
 		, pval f
 		, pval b
 		]
-	mkpart partnum startpos endpos p =
-		[ "mkpart"
-		, pval (partType p)
-		, pval (partFs p)
-		, partposexact startpos
-		, partposfuzzy endpos
+	mkpart partnum startpos endpos p = catMaybes
+		[ Just "mkpart"
+		, Just $ pval (partType p)
+		, fmap pval (partFs p)
+		, Just $ partposexact startpos
+		, Just $ partposfuzzy endpos
 		] ++ case partName p of
 			Just n -> ["name", show partnum, n]
 			Nothing -> []
diff --git a/src/Propellor/Property/Parted/Types.hs b/src/Propellor/Property/Parted/Types.hs
index e5c62739..cfd8760d 100644
--- a/src/Propellor/Property/Parted/Types.hs
+++ b/src/Propellor/Property/Parted/Types.hs
@@ -31,7 +31,7 @@ instance Monoid PartTable where
 data Partition = Partition
 	{ partType :: PartType
 	, partSize :: PartSize
-	, partFs :: Partition.Fs
+	, partFs :: Maybe Partition.Fs
 	, partMkFsOpts :: Partition.MkfsOpts
 	, partFlags :: [(PartFlag, Bool)] -- ^ flags can be set or unset (parted may set some flags by default)
 	, partName :: Maybe String -- ^ optional name for partition (only works for GPT, PC98, MAC)
@@ -39,7 +39,7 @@ data Partition = Partition
 	deriving (Show)
 
 -- | Makes a Partition with defaults for non-important values.
-mkPartition :: Partition.Fs -> PartSize -> Partition
+mkPartition :: Maybe Partition.Fs -> PartSize -> Partition
 mkPartition fs sz = Partition
 	{ partType = Primary
 	, partSize = sz
@@ -105,7 +105,7 @@ fromAlignment :: Alignment -> ByteSize
 fromAlignment (Alignment n) = n
 
 -- | Flags that can be set on a partition.
-data PartFlag = BootFlag | RootFlag | SwapFlag | HiddenFlag | RaidFlag | LvmFlag | LbaFlag | LegacyBootFlag | IrstFlag | EspFlag | PaloFlag
+data PartFlag = BootFlag | RootFlag | SwapFlag | HiddenFlag | RaidFlag | LvmFlag | LbaFlag | LegacyBootFlag | IrstFlag | EspFlag | PaloFlag | BiosGrubFlag
 	deriving (Show)
 
 instance PartedVal PartFlag where
@@ -120,6 +120,7 @@ instance PartedVal PartFlag where
 	pval IrstFlag = "irst"
 	pval EspFlag = "esp"
 	pval PaloFlag = "palo"
+	pval BiosGrubFlag = "bios_grub"
 
 instance PartedVal Bool where
 	pval True = "on"

response
diff --git a/doc/todo/etckeeper/comment_5_af3b29e3e066c05e4b5a0004f0e57926._comment b/doc/todo/etckeeper/comment_5_af3b29e3e066c05e4b5a0004f0e57926._comment
new file mode 100644
index 00000000..11e59e2c
--- /dev/null
+++ b/doc/todo/etckeeper/comment_5_af3b29e3e066c05e4b5a0004f0e57926._comment
@@ -0,0 +1,18 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 5"""
+ date="2018-01-06T17:38:34Z"
+ content="""
+I avoid those warnings with properties that clone dotfiles repos containing
+.gitconfig for root and users who can sudo.
+
+It would be fine to have a property to configure them in
+/etckeeper/.git/config, if you wanted to write it.
+I think this would do it:
+
+	Git.repoConfigured "/etc/" ("user.name", "whatever")
+	Git.repoConfigured "/etc/" ("user.email", "whatever@whatever")
+
+Those would only be used when the user running etckeeper has not configured
+it in their own ~/.gitconfig
+"""]]

Added a comment
diff --git a/doc/todo/etckeeper/comment_4_f4f9f3e3d7c81e631aaec45fdd17dfe8._comment b/doc/todo/etckeeper/comment_4_f4f9f3e3d7c81e631aaec45fdd17dfe8._comment
new file mode 100644
index 00000000..e6755e2c
--- /dev/null
+++ b/doc/todo/etckeeper/comment_4_f4f9f3e3d7c81e631aaec45fdd17dfe8._comment
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="gueux"
+ avatar="http://cdn.libravatar.org/avatar/2982bac2c2cd94ab3860efb189deafc8"
+ subject="comment 4"
+ date="2018-01-06T09:24:04Z"
+ content="""
+I think I was thinking at least about configuring git to prevent
+
+    Your name and email address were configured automatically based
+    on your username and hostname. Please check that they are accurate.
+    You can suppress this message by setting them explicitly. Run the
+    following command and follow the instructions in your editor to edit
+    your configuration file:
+        git config --global --edit
+    After doing this, you may fix the identity used for this commit with:
+        git commit --amend --reset-author
+
+messages. I can live with these, though. So I guess you're right, `Apt.installed [\"etckeeper\"]` is enough.
+"""]]

Added a comment
diff --git a/doc/forum/imageBuiltFor_mount_points_not_automatically_created/comment_17_0c1349784ba28b6fbbd833e76d5075b3._comment b/doc/forum/imageBuiltFor_mount_points_not_automatically_created/comment_17_0c1349784ba28b6fbbd833e76d5075b3._comment
new file mode 100644
index 00000000..994d432c
--- /dev/null
+++ b/doc/forum/imageBuiltFor_mount_points_not_automatically_created/comment_17_0c1349784ba28b6fbbd833e76d5075b3._comment
@@ -0,0 +1,24 @@
+[[!comment format=mdwn
+ username="gueux"
+ avatar="http://cdn.libravatar.org/avatar/2982bac2c2cd94ab3860efb189deafc8"
+ subject="comment 17"
+ date="2018-01-05T17:57:40Z"
+ content="""
+As the config with Grub.EFI64 didn't boot, I'd like to be sure that Grub.MSDOS does not boot either. But GPT tables seem to need a BIOS Boot partition:
+
+    creating /srv/router.img of size 1.67 gigabytes
+    mkfs.fat 4.1 (2017-01-24)
+    loop deleted : /dev/loop0
+         26,473,509 100%  206.69MB/s    0:00:00 (xfr#5, to-chk=0/7)
+        772,611,350  99%   60.26MB/s    0:00:12 (xfr#26272, to-chk=0/33603)   
+    update-initramfs: Generating /boot/initrd.img-4.9.0-5-amd64
+    Generating grub configuration file ...
+    Found linux image: /boot/vmlinuz-4.9.0-5-amd64
+    Found initrd image: /boot/initrd.img-4.9.0-5-amd64
+    done
+    Installing for i386-pc platform.
+    grub-install: warning: this GPT partition label contains no BIOS Boot Partition; embedding won't be possible.
+    grub-install: warning: Embedding is not possible.  GRUB can only be installed in this setup by using blocklists.  However, blocklists are UNRELIABLE and their use is discouraged..
+    grub-install: error: will not proceed with blocklists.
+
+"""]]

Added a comment
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_8_28c9fe9c8acef04998c885161748ad49._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_8_28c9fe9c8acef04998c885161748ad49._comment
new file mode 100644
index 00000000..0317b488
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_8_28c9fe9c8acef04998c885161748ad49._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 8"
+ date="2018-01-05T08:49:56Z"
+ content="""
+Sweet!  Thanks again!
+"""]]

update
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_7_f54ff51d2e413f0bbd534470b4b3b5a6._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_7_f54ff51d2e413f0bbd534470b4b3b5a6._comment
new file mode 100644
index 00000000..5423db28
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_7_f54ff51d2e413f0bbd534470b4b3b5a6._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 7"""
+ date="2018-01-04T18:49:14Z"
+ content="""
+@spwhitton, ah but in that case you have a remote named "upstream", so
+it can assume you don't want it messing with upstream/master. Done!
+"""]]

Added a comment
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_6_ee440c1ceab7875ad6375b38f4580f08._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_6_ee440c1ceab7875ad6375b38f4580f08._comment
new file mode 100644
index 00000000..d867906e
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_6_ee440c1ceab7875ad6375b38f4580f08._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 6"
+ date="2018-01-03T14:46:48Z"
+ content="""
+Thanks for this fix!  However, in my case I am going to have to do `git remote rename upstream joey` ;)
+"""]]

comment
diff --git a/doc/forum/secret-project_deliverable/comment_13_bdb28cfa4990d60f6767fd857a7398d5._comment b/doc/forum/secret-project_deliverable/comment_13_bdb28cfa4990d60f6767fd857a7398d5._comment
new file mode 100644
index 00000000..e7a110bc
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_13_bdb28cfa4990d60f6767fd857a7398d5._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 13"""
+ date="2018-01-02T21:21:49Z"
+ content="""
+Yes, I also found it kind of annoying to need to move /usr/local/propellor
+out of the way when I was working on secret-project. This is why I'd like
+it to be usable without propellor --spin so that directory would not be
+used, but until the bug with that can be fixed, you can't work on
+secret-project with an unrelated other propellor config at the same time.
+"""]]

Added a comment: buid should be build
diff --git a/doc/forum/secret-project_deliverable/comment_12_edebbe9056d9dad486c24f3ce226366c._comment b/doc/forum/secret-project_deliverable/comment_12_edebbe9056d9dad486c24f3ce226366c._comment
new file mode 100644
index 00000000..43f2dff5
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_12_edebbe9056d9dad486c24f3ce226366c._comment
@@ -0,0 +1,15 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="buid should be  build"
+ date="2018-01-02T20:46:53Z"
+ content="""
+The
+
+    special buid with stack
+
+in previous comment should have been
+
+    special build with stack
+"""]]

Added a comment: two git repos and one /usr/local/propellor
diff --git a/doc/forum/secret-project_deliverable/comment_11_9cbcee2364a499206d5329c5a88a1211._comment b/doc/forum/secret-project_deliverable/comment_11_9cbcee2364a499206d5329c5a88a1211._comment
new file mode 100644
index 00000000..be3346e3
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_11_9cbcee2364a499206d5329c5a88a1211._comment
@@ -0,0 +1,73 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="two git repos and one /usr/local/propellor"
+ date="2018-01-02T20:43:54Z"
+ content="""
+Perhaps I don't understand the secret-project and its special buid with stack.
+
+
+I have a git repo in `~/.propellor` and I have a git repo in `~/src/secret-project`.
+
+
+In the ~/secret-project directory
+
+	$ propellor
+	Pull from central git repository ... done
+	Copying from /home/stappers/src/secret-project/.stack-work/install/x86_64-linux-nopie/lts-8.12/8.0.2/bin/propellor-config to /home/stappers/src/secret-project/.built/propellor-config
+	
+	Copied executables to /home/stappers/src/secret-project/.built:
+	- propellor-config
+	
+	Warning: Installation path /home/stappers/src/secret-project/.built
+	         not found on the PATH environment variable.
+	Propellor build ... done
+	[master fb46460] propellor spin
+	Git commit ... done
+	error: Cannot access URL https://git.joeyh.name/git/secret-project.git/, return code 22
+	fatal: git-http-push failed
+	error: failed to push some refs to 'https://git.joeyh.name/git/secret-project.git'
+	Push to central git repository ... failed
+	Pull from central git repository ... done
+	** warning: git branch origin/master is not signed with a trusted gpg key; refusing to deploy it! (Running with previous configuration instead.)
+	Sending privdata (11 bytes) to paddy.gpm.stappers.nl ... done
+	remote: Counting objects: 6, done.        
+	remote: Compressing objects: 100% (6/6), done.        
+	remote: Total 6 (delta 4), reused 0 (delta 0)        
+	Sending git update to paddy.gpm.stappers.nl ... done
+	From .
+	 * branch            HEAD       -> FETCH_HEAD
+	fatal: refusing to merge unrelated histories
+	** error: git merge from client failed
+	propellor: Cannot continue!
+	CallStack (from HasCallStack):
+	  error, called at src/Propellor/Message.hs:143:9 in main:Propellor.Message
+	propellor: user error (ssh [\"-o\",\"ControlPath=/home/stappers/.ssh/propellor/paddy.gpm.stappers.nl.sock\",
+		\"-o\",\"ControlMaster=auto\",
+		\"-o\",\"ControlPersist=yes\",
+		\"root@paddy.gpm.stappers.nl\",
+		\"sh -c 'if [ ! -d /usr/local/propellor/.git ] ;
+			 then (if ! git --version >/dev/null 2>&1;
+			 then apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -qq --no-install-recommends --no-upgrade -y install git;
+			 fi && echo STATUSNeedGitClone) || echo STATUSNeedPrecompiled ;
+			 else cd /usr/local/propellor && if ! stack build --dry-run >/dev/null 2>&1;
+			 then ( apt-get update ;
+			 DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install gnupg ;
+			 DEBIAN_FRONTEND=noninteractive apt-get -qq --no-upgrade --no-install-recommends -y install haskell-stack ;
+			 stack setup ;
+			 stack build --only-dependencies :propellor-config) || true;
+			 fi&& if ! test -x ./propellor;
+			 then stack build :propellor-config && ln -sf $(stack path --dist-dir)/build/propellor-config/propellor-config propellor;
+			 fi;
+			if test -x ./propellor && ! ./propellor --check;
+			 then stack clean && stack build :propellor-config && ln -sf $(stack path --dist-dir)/build/propellor-config/propellor-config propellor;
+			 fi && ./propellor --boot paddy.gpm.stappers.nl ;
+			 fi'\"] exited 1)
+	stappers@paddy:~/src/secret-project
+	$
+
+
+The `/usr/local/propellor/` has already a  .git directory from  ~/.propellor ...
+
+"""]]

Added a comment: unstuck
diff --git a/doc/forum/secret-project_deliverable/comment_10_df12578135263d7e0a42415532cb04e3._comment b/doc/forum/secret-project_deliverable/comment_10_df12578135263d7e0a42415532cb04e3._comment
new file mode 100644
index 00000000..a3d93892
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_10_df12578135263d7e0a42415532cb04e3._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="unstuck"
+ date="2018-01-02T20:20:24Z"
+ content="""
+After removing the `.stack-work` directory I got beyond the Installer.Types error.
+
+
+"""]]

comment
diff --git a/doc/forum/secret-project_deliverable/comment_9_4a6e1a53f5bf5b72aaafba3a7dd45346._comment b/doc/forum/secret-project_deliverable/comment_9_4a6e1a53f5bf5b72aaafba3a7dd45346._comment
new file mode 100644
index 00000000..c9f45ac3
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_9_4a6e1a53f5bf5b72aaafba3a7dd45346._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 9"""
+ date="2018-01-02T17:14:23Z"
+ content="""
+Since propellor 5.2.0 certianly *does* include the Propellor.Property.Installer.Types
+module, I guess you either have a somehow lost file on your local system
+there, or perhaps you installed a unreleased version of propellor 5.2.0
+from git before that file was added to it.
+"""]]

avoid bogus warning
Avoid bogus warning about new upstream version when /usr/bin/propellor is
run on a Debian system, but ~/.propellor was not cloned from the Debian git
bundle.
diff --git a/debian/changelog b/debian/changelog
index f4204e06..8923b94a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+propellor (5.2.1) UNRELEASED; urgency=medium
+
+  * Avoid bogus warning about new upstream version when /usr/bin/propellor
+    is run on a Debian system, but ~/.propellor was not cloned from the
+    Debian git bundle.
+
+ -- Joey Hess <id@joeyh.name>  Tue, 02 Jan 2018 13:06:45 -0400
+
 propellor (5.2.0) unstable; urgency=medium
 
   [ Joey Hess ]
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_5_af7919be09eb454b2dca235ede03008f._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_5_af7919be09eb454b2dca235ede03008f._comment
new file mode 100644
index 00000000..157e7803
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_5_af7919be09eb454b2dca235ede03008f._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 5"""
+ date="2018-01-02T17:08:07Z"
+ content="""
+@spwhitton ah, I had not noticed that case. I found a way to avoid the
+unncessary warning in that case; since there's no upstream/master ref when
+~/.propellor has not been cloned from the debian git bundle, it can detect
+that and avoid warning. Done so.
+"""]]
diff --git a/src/Propellor/DotDir.hs b/src/Propellor/DotDir.hs
index e9253b87..200625e8 100644
--- a/src/Propellor/DotDir.hs
+++ b/src/Propellor/DotDir.hs
@@ -358,7 +358,7 @@ checkRepoUpToDate = whenM (gitbundleavail <&&> dotpropellorpopulated) $ do
 		withQuietOutput createProcessSuccess $
 			proc "git" ["log", headrev]
 	if (headknown == Nothing)
-		then setupUpstreamMaster headrev
+		then updateUpstreamMaster headrev
 		else do
 			theirhead <- getCurrentGitSha1 =<< getCurrentBranchRef
 			when (theirhead /= headrev) $ do
@@ -372,26 +372,29 @@ checkRepoUpToDate = whenM (gitbundleavail <&&> dotpropellorpopulated) $ do
 		d <- dotPropellor
 		doesFileExist (d </> "propellor.cabal")
 
--- Makes upstream/master in dotPropellor be a usefully mergeable branch.
+-- Updates upstream/master in dotPropellor so merging from it will update
+-- to the latest distrepo.
 --
--- We cannot just use origin/master, because in the case of a distrepo,
--- it only contains 1 commit. So, trying to merge with it will result
--- in lots of merge conflicts, since git cannot find a common parent
--- commit.
+-- We cannot just fetch the distrepo because the distrepo contains only 
+-- 1 commit. So, trying to merge with it will result in lots of merge
+-- conflicts, since git cannot find a common parent commit.
 --
--- Instead, the upstream/master branch is created by taking the
+-- Instead, the upstream/master branch is updated by taking the
 -- upstream/master branch (which must be an old version of propellor,
 -- as distributed), and diffing from it to the current origin/master,
 -- and committing the result. This is done in a temporary clone of the
 -- repository, giving it a new master branch. That new branch is fetched
 -- into the user's repository, as if fetching from a upstream remote,
 -- yielding a new upstream/master branch.
-setupUpstreamMaster :: String -> IO ()
-setupUpstreamMaster newref = do
+--
+-- If there's no upstream/master, the user is not using the distrepo,
+-- so does nothing.
+updateUpstreamMaster :: String -> IO ()
+updateUpstreamMaster newref = do
 	changeWorkingDirectory =<< dotPropellor
 	go =<< catchMaybeIO getoldrev
   where
-	go Nothing = warnoutofdate False
+	go Nothing = return ()
 	go (Just oldref) = do
 		let tmprepo = ".git/propellordisttmp"
 		let cleantmprepo = void $ catchMaybeIO $ removeDirectoryRecursive tmprepo

fixed
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_4_93c97f8767a7ae3b9795aea051b0e77e._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_4_93c97f8767a7ae3b9795aea051b0e77e._comment
new file mode 100644
index 00000000..73dd3fec
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_4_93c97f8767a7ae3b9795aea051b0e77e._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 4"""
+ date="2018-01-02T16:36:32Z"
+ content="""
+Ah I see, it was mixing concurrent output with unbuffered output, which in
+this case caused the related messages to appear separated. Fixed that.
+"""]]

Added a comment: Progress
diff --git a/doc/forum/to_teach_propellor_about_other_ARM_boards/comment_1_70f9d9442616144d6f862c81516e721b._comment b/doc/forum/to_teach_propellor_about_other_ARM_boards/comment_1_70f9d9442616144d6f862c81516e721b._comment
new file mode 100644
index 00000000..e1a7ee2c
--- /dev/null
+++ b/doc/forum/to_teach_propellor_about_other_ARM_boards/comment_1_70f9d9442616144d6f862c81516e721b._comment
@@ -0,0 +1,18 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="Progress"
+ date="2018-01-02T14:19:53Z"
+ content="""
+Hi,
+
+FYI  I'm making progress in teaching propellor about other ARM boards.
+
+What I have done is deleting `~/.propellor/` and creating a new one.
+
+The new one is a full .propellor repository.
+
+
+See also <http://propellor.branchable.com/components/>
+"""]]

diff --git a/doc/forum/to_teach_propellor_about_other_ARM_boards.mdwn b/doc/forum/to_teach_propellor_about_other_ARM_boards.mdwn
new file mode 100644
index 00000000..aef3c59f
--- /dev/null
+++ b/doc/forum/to_teach_propellor_about_other_ARM_boards.mdwn
@@ -0,0 +1,33 @@
+Inspirated by <http://joeyh.name/blog/entry/custom_ARM_disk_image_generation_with_propellor/>
+I started to teach propellor about other ARM boards.
+(After having a clean build for a supported ARM board)
+
+
+Using two directories, a `~/.propellor` with my hosts and `src/propellor` with propellor source code.
+
+In the code directory I modified `src/Propellor/Property/Machine.hs`,
+compiled with `debuild -uc -us` and installed with `dpkg -i ../propellor*.deb`.
+
+Then using my hosts directory to get a WTF moment
+
+	$ propellor --spin paddy.gpm.stappers.nl
+	Auto-merging src/Propellor/Property/Machine.hs
+	Auto-merging propellor.cabal
+	Auto-merging debian/changelog
+	Auto-merging config.hs
+	CONFLICT (add/add): Merge conflict in config.hs
+	Automatic merge failed; fix conflicts and then commit the result.
+	propellor: Failed to run git ["merge","279b9267952b598914037983f74606d4f9c4ff6e","-s",
+		"recursive","-Xtheirs","--quiet","-m","merging upstream version"
+		,"--allow-unrelated-histories"]
+	CallStack (from HasCallStack):
+	  error, called at src/Propellor/DotDir.hs:425:17 in main:Propellor.DotDir
+
+
+What did connect both directories and why?
+
+
+More important:
+
+What directory setup and workflow to use
+to teach propellor about other ARM boards?

Added a comment: twice the warning
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_3_ecd5b0d960f1eb92795c559736f92e25._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_3_ecd5b0d960f1eb92795c559736f92e25._comment
new file mode 100644
index 00000000..a6a24f53
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_3_ecd5b0d960f1eb92795c559736f92e25._comment
@@ -0,0 +1,34 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="twice the warning"
+ date="2018-01-01T15:57:05Z"
+ content="""
+The warning is printed twice.
+
+One at the very beginning:
+
+	stappers@paddy:~
+	$ propellor paddy.gpm.stappers.nl
+	   A newer upstream version is available in /usr/src/propellor/propellor.git
+	   To merge it, run: git merge upstream/master
+	   
+	[2018-01-01 16:42:54 CET] command line:  Run \"paddy.gpm.stappers.nl\"
+
+
+The other at the end of executing:
+
+	loop deleted : /dev/loop0
+	paddy.gpm.stappers.nl built disk image /srv/image/lime.img ... done
+	paddy.gpm.stappers.nl overall ... done
+	Shared connection to paddy.gpm.stappers.nl closed.
+	** warning: ** Your ~/.propellor/ is out of date..
+	stappers@paddy:~
+	$ 
+
+It was the last one that made me report this.
+The one that is color highlighted,
+the one that doesn't have the `git merge` advice.
+
+"""]]

Added a comment: Happy New Year
diff --git a/doc/forum/secret-project_deliverable/comment_8_30bc5e081916688468e750de6c95aebf._comment b/doc/forum/secret-project_deliverable/comment_8_30bc5e081916688468e750de6c95aebf._comment
new file mode 100644
index 00000000..401cd6a9
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_8_30bc5e081916688468e750de6c95aebf._comment
@@ -0,0 +1,36 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="Happy New Year"
+ date="2018-01-01T14:51:59Z"
+ content="""
+	stappers@paddy:~/src/secret-project
+	$ git config propellor.buildsystem stack
+	stappers@paddy:~/src/secret-project
+	$ propellor --spin paddy.gpm.stappers.nl
+	Building all executables for `secret-project' once. After a successful build of all of them, only specified executables will be rebuilt.
+	secret-project-0.0: build (exe)
+	Preprocessing executable 'propellor-config' for secret-project-0.0...
+	[1 of 9] Compiling Installer.Types  ( Installer/Types.hs, .stack-work/dist/x86_64-linux-nopie/Cabal-1.24.2.0/build/propellor-config/propellor-config-tmp/Installer/Types.o )
+	
+	/home/stappers/src/secret-project/Installer/Types.hs:3:1: error:
+	    Failed to load interface for ‘Propellor.Property.Installer.Types’
+	    There are files missing in the ‘propellor-5.2.0’ package,
+	    try running 'ghc-pkg check'.
+	    Use -v to see a list of the files searched for.
+	
+	--  While building custom Setup.hs for package secret-project-0.0 using:
+	      /home/stappers/.stack/setup-exe-cache/x86_64-linux-nopie/Cabal-simple_mPHDZzAJ_1.24.2.0_ghc-8.0.2 \
+		--builddir=.stack-work/dist/x86_64-linux-nopie/Cabal-1.24.2.0 build exe:propellor-config \
+		--ghc-options \" -ddump-hi -ddump-to-file\"
+	    Process exited with code: ExitFailure 1
+	Propellor build ... failed
+	** error: Propellor build failed!
+	propellor: Cannot continue!
+	CallStack (from HasCallStack):
+	  error, called at src/Propellor/Message.hs:143:9 in main:Propellor.Message
+	stappers@paddy:~/src/secret-project
+	$ 
+
+"""]]

Added a comment
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_2_c8bfbc1eaa3565ed3e92a402c75b63dc._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_2_c8bfbc1eaa3565ed3e92a402c75b63dc._comment
new file mode 100644
index 00000000..46028b1e
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_2_c8bfbc1eaa3565ed3e92a402c75b63dc._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 2"
+ date="2018-01-01T11:10:01Z"
+ content="""
+If you update by merging from Joey's repo but have the Debian propellor package installed you'll always get this because the bundle in `/usr/src/propellor` has a commit ID that is distinct from any of those in Joey's branch.
+
+I think it would be nice to have a git config option to disable the check for those of us in the situation I just described.
+"""]]

response
diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_1_79e18b696ed18c998cd2605cccbf3750._comment b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_1_79e18b696ed18c998cd2605cccbf3750._comment
new file mode 100644
index 00000000..6c8d187a
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date../comment_1_79e18b696ed18c998cd2605cccbf3750._comment
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2017-12-31T16:03:40Z"
+ content="""
+You'd update it by git merge with propellor upstream, since your ~/.propellor
+in this case is forked from propellor's git repository, rather than the other
+option of being a separate git repository that uses propellor as a library.
+
+I think there should be more to the message than what you showed,
+explaining what you'd to do merge.
+
+        warningMessage ("** Your ~/.propellor/ is out of date..")
+        let also s = hPutStrLn stderr ("   " ++ s)
+        also ("A newer upstream version is available in " ++ distrepo)
+        if havebranch
+                then also ("To merge it, run: git merge " ++ upstreambranch)
+                else also ("To merge it, find the most recent commit in your repository's history that corresponds to an upstream release of propellor, and set refs/remotes/" ++ upstreambranch ++ " to it. Then run propellor again.")
+"""]]

diff --git a/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date...mdwn b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date...mdwn
new file mode 100644
index 00000000..7f912eb8
--- /dev/null
+++ b/doc/forum/__42____42___warning:___42____42___Your___126____47__.propellor__47___is_out_of_date...mdwn
@@ -0,0 +1,20 @@
+Hi,
+
+After upgrading from propellor 5.1.0 to 5.2.0  I do get
+
+    ** warning: ** Your ~/.propellor/ is out of date..
+
+
+
+The `~/.propellor` directory was created with
+
+    propellor --init
+
+
+
+Is there a
+
+     propellor --update-my-home-propellor
+
+
+??

comment
diff --git a/doc/forum/secret-project_deliverable/comment_7_a707f939469b74dc92a77ffb382a6359._comment b/doc/forum/secret-project_deliverable/comment_7_a707f939469b74dc92a77ffb382a6359._comment
new file mode 100644
index 00000000..404dd405
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_7_a707f939469b74dc92a77ffb382a6359._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 7"""
+ date="2017-12-31T15:07:40Z"
+ content="""
+Oh yeah, I forgot that needs first:
+
+	git config propellor.buildsystem stack
+"""]]

document propellor.buildsystem
diff --git a/doc/usage.mdwn b/doc/usage.mdwn
index 3d32538f..fb19250e 100644
--- a/doc/usage.mdwn
+++ b/doc/usage.mdwn
@@ -160,6 +160,11 @@ spin when the foo branch is not checked out.
 `git config propellor.forbid-dirty-spin true` will configure propellor to refuse
 to spin when there are uncommitted changes in the `~/.propellor` repository.
 
+`git config propellor.buildsystem stack` makes propellor use stack for
+building itself, rather than the default cabal. This only controls the
+local build of propellor; Hosts can have properties set to control how
+propellor is built on them.
+
 The usual git configuration controls which centralized repository (if any)
 propellor pushes and pulls from. 
 

Added a comment: Enough for this year ;-)
diff --git a/doc/forum/secret-project_deliverable/comment_6_a03868f03316f940e3f4edc6ee970292._comment b/doc/forum/secret-project_deliverable/comment_6_a03868f03316f940e3f4edc6ee970292._comment
new file mode 100644
index 00000000..e048132c
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_6_a03868f03316f940e3f4edc6ee970292._comment
@@ -0,0 +1,37 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="Enough for this year   ;-)"
+ date="2017-12-31T08:51:02Z"
+ content="""
+	stappers@paddy:~/src/secret-project
+	$ propellor --spin paddy.gpm.stappers.nl
+	Resolving dependencies...
+	Warning: solver failed to find a solution:
+	Could not resolve dependencies:
+	trying: secret-project-0.0 (user goal)
+	next goal: random-shuffle (dependency of secret-project-0.0)
+	Dependency tree exhaustively searched.
+	Trying configure anyway.
+	Configuring secret-project-0.0...
+	cabal: Encountered missing dependencies:
+	propellor ==5.2.0,
+	random >=1.1,
+	random-shuffle >=0.0.4,
+	threepenny-gui ==0.8.0.0
+	propellor: failed to make dist/setup-config
+	CallStack (from HasCallStack):
+	  error, called at src/Propellor/Bootstrap.hs:322:25 in main:Propellor.Bootstrap
+	stappers@paddy:~/src/secret-project
+	$ LANG=C dpkg -l propellor
+	Desired=Unknown/Install/Remove/Purge/Hold
+	| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
+	|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
+	||/ Name             Version       Architecture  Description
+	+++-================-=============-=============-=====================================
+	ii  propellor        5.2.0         amd64         property-based host configuration man
+	stappers@paddy:~/src/secret-project
+	$ 
+
+"""]]

response
diff --git a/doc/forum/secret-project_deliverable/comment_5_70eb3b130cb1b7449083669f16452682._comment b/doc/forum/secret-project_deliverable/comment_5_70eb3b130cb1b7449083669f16452682._comment
new file mode 100644
index 00000000..5158dbe6
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_5_70eb3b130cb1b7449083669f16452682._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 5"""
+ date="2017-12-31T00:46:49Z"
+ content="""
+I think this is more bad documentation on my part;
+probably running propellor like that does not fully work
+and only the propellor --spin method will really work currently.
+
+(Kind of a bug in propellor to; [[todo/chroot_localdir_issue]])
+"""]]
diff --git a/doc/todo/chroot_localdir_issue.mdwn b/doc/todo/chroot_localdir_issue.mdwn
new file mode 100644
index 00000000..497c7a93
--- /dev/null
+++ b/doc/todo/chroot_localdir_issue.mdwn
@@ -0,0 +1,15 @@
+Running "sudo ./propellor" is documented as a way to provision the local
+host. However, properties involving chroots and docker hard code localdir,
+so run /usr/local/propellor/propellor inside the chroot. When running
+propellor this way, that may not exist, or may be from some other propellor
+configuration and not know how to privision the chroot correctly.
+
+Should this stuff look at the path to the propellor executable that's
+really being run and use it? There's also the shimdir, which is under
+/usr/local/propellor and gets bind mounted into the chroot, so using
+something close to the executable run by "sudo ./propellor" may be
+surprising. And, exposeTrueLocaldir also uses the localdir.
+
+It may make more sense to detect when propellor is run this way and refuse
+to provision chroots. Or to eliminate this little-used way of running
+propellor entirely.. --[[Joey]]

Added a comment: patch
diff --git a/doc/forum/secret-project_deliverable/comment_4_96d1c080c94474edef500d7564c30d77._comment b/doc/forum/secret-project_deliverable/comment_4_96d1c080c94474edef500d7564c30d77._comment
new file mode 100644
index 00000000..67080b02
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_4_96d1c080c94474edef500d7564c30d77._comment
@@ -0,0 +1,43 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="patch"
+ date="2017-12-30T23:37:58Z"
+ content="""
+After applying this
+
+	--- a/secret-project.cabal
+	+++ b/secret-project.cabal
+	@@ -35,6 +35,7 @@ Executable propellor-config
+	     Installer.Progress
+	     Installer.Server
+	     Installer.StoreUserInput
+	+    Installer.Types
+	     Installer.UI
+	     Installer.User
+	     Installer.UserInput
+
+is `stack build` happy.
+
+But help needed for:
+
+	$ sudo stack --allow-different-user exec propellor-config paddy.gpm.stappers.nl
+	Pull from central git repository ... done
+	paddy.gpm.stappers.nl has propellor bootstrapped with stack ... ok
+	paddy.gpm.stappers.nl has Operating System (Debian Linux Unstable) X86_64 ... ok
+	** error: cannot find chroot /srv/installer.img.chroot on host paddy.gpm.stappers.nl
+	propellor: Cannot continue!
+	CallStack (from HasCallStack):
+	  error, called at src/Propellor/Message.hs:143:9 in main:Propellor.Message
+	** warning: user error (chroot [\"/srv/installer.img.chroot\"
+		,\"/usr/local/propellor/chroot/_srv_installer.img.chroot.shim/propellor\"
+		,\"--continue\"
+		,\"ChrootChain \\"paddy.gpm.stappers.nl\\" \\"/srv/installer.img.chroot\\" False True\"] exited 1)
+	paddy.gpm.stappers.nl built disk image /srv/installer.vmdk ... failed
+	paddy.gpm.stappers.nl overall ... failed
+	$ 
+
+
+
+"""]]

Added a comment: stuck
diff --git a/doc/forum/secret-project_deliverable/comment_3_12d569df836f8c1ec926f00c9c344885._comment b/doc/forum/secret-project_deliverable/comment_3_12d569df836f8c1ec926f00c9c344885._comment
new file mode 100644
index 00000000..8c5290e3
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_3_12d569df836f8c1ec926f00c9c344885._comment
@@ -0,0 +1,81 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="stuck"
+ date="2017-12-30T23:27:11Z"
+ content="""
+Hi,
+
+I feel stupid because I'm still stuck.
+
+What I have is ''secret-project'' from git, commit 14433a9494ed2946c8683a19a13dde54eae64723,
+Author: Joey Hess <joeyh@joeyh.name>,
+Date:   Sat Dec 30 13:38:06 2017 -0400
+
+I, stappers, work on host with FQDN  paddy.gpm.stappers.nl  so I have these changes:
+
+	--- a/config.hs
+	+++ b/config.hs
+	@@ -31,7 +31,7 @@ hosts =
+	 -- to build the installer disk images, by running, as root:
+	 --     propellor installer.builder
+	 installer_builder :: Host
+	-installer_builder = host \"installer.builder\" $ props
+	+installer_builder = host \"previous_attempt_on_paddy.gpm.stappers.nl\" $ props
+	        & bootstrapWith (Robustly Stack) -- temporary
+	        & osDebian Unstable X86_64
+	        & installerBuilt
+	@@ -42,12 +42,12 @@ installer_builder = host \"installer.builder\" $ props
+	 --     propellor --spin darkstar.kitenet.net
+	 -- (Replace darkstar with your own hostname.)
+	 darkstar :: Host
+	-darkstar = host \"darkstar.kitenet.net\" $ props
+	+darkstar = host \"paddy.gpm.stappers.nl\" $ props
+	        & bootstrapWith (Robustly Stack) -- temporary
+	        & osDebian Unstable X86_64
+	        & installerBuilt
+	-               `before` File.ownerGroup \"/srv/installer.img\" (User \"joey\") (Group \"joey\")
+	-               `before` File.ownerGroup \"/srv/installer.vmdk\" (User \"joey\") (Group \"joey\")
+	+               `before` File.ownerGroup \"/srv/installer.img\" (User \"stappers\") (Group \"stappers\")
+	+               `before` File.ownerGroup \"/srv/installer.vmdk\" (User \"stappers\") (Group \"stappers\")
+	 
+	 -- | Build a disk image for the installer.
+	 installerBuilt :: RevertableProperty (HasInfo + DebianLike) Linux
+	
+
+When I follow the instructions from README  I get:
+
+	$ stack build
+	secret-project-0.0: build (exe)
+	Preprocessing executable 'propellor-config' for secret-project-0.0...
+	[9 of 9] Compiling Main             ( config.hs, .stack-work/dist/x86_64-linux-nopie/Cabal-1.24.2.0/build/propellor-config/propellor-config-tmp/Main.o )
+	Linking .stack-work/dist/x86_64-linux-nopie/Cabal-1.24.2.0/build/propellor-config/propellor-config ...
+	
+	Warning: The following modules should be added to exposed-modules or other-modules in /home/stappers/src/secret-project/secret-project.cabal:
+	             - In propellor-config component:
+	                 Installer.Types
+	         
+	         Missing modules in the cabal file are likely to cause undefined reference errors from the linker, along with other problems.
+	secret-project-0.0: copy/register
+	Installing executable(s) in
+	/home/stappers/src/secret-project/.stack-work/install/x86_64-linux-nopie/lts-8.12/8.0.2/bin
+	$ sudo stack --allow-different-user exec propellor-config paddy.gpm.stappers.nl
+	Pull from central git repository ... done
+	paddy.gpm.stappers.nl has propellor bootstrapped with stack ... ok
+	paddy.gpm.stappers.nl has Operating System (Debian Linux Unstable) X86_64 ... ok
+	** error: cannot find chroot /srv/installer.img.chroot on host paddy.gpm.stappers.nl
+	propellor: Cannot continue!
+	CallStack (from HasCallStack):
+	  error, called at src/Propellor/Message.hs:143:9 in main:Propellor.Message
+	** warning: user error (chroot [\"/srv/installer.img.chroot\"
+		,\"/usr/local/propellor/chroot/_srv_installer.img.chroot.shim/propellor\"
+		,\"--continue\"
+		,\"ChrootChain \\"paddy.gpm.stappers.nl\\" \\"/srv/installer.img.chroot\\" False True\"] exited 1)
+	paddy.gpm.stappers.nl built disk image /srv/installer.vmdk ... failed
+	paddy.gpm.stappers.nl overall ... failed
+	$ 
+
+How do I get unstuck??
+
+"""]]

add news item for propellor 5.2.0
diff --git a/doc/news/version_5.1.0.mdwn b/doc/news/version_5.1.0.mdwn
deleted file mode 100644
index dd007a24..00000000
--- a/doc/news/version_5.1.0.mdwn
+++ /dev/null
@@ -1,18 +0,0 @@
-propellor 5.1.0 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
- * [ Sean Whitton ]
-   * File.isSymlinkedTo now revertable. (minor API change)
-   * Sbuild module changes:
-     - Type of Sbuild.built changed to accept additional properties to be
-       ensured inside schroots. (API change)
-       See the suggested usage in module's documentation for new syntax.
-     - Drop Sbuild.installed, Sbuild.builtFor, Sbuild.updated,
-       Sbuild.updatedFor. (API change)
-       Use Sbuild.built instead.  See suggested usage in module's documentation.
-     - Propellor no longer sets up apt proxies in sbuild chroots automatically.
-       Instead, pass the new Sbuild.useHostProxy to Sbuild.built to have
-       Propellor propagate the host's Apt proxy configuration into the chroot.
-       See suggested usage in module's documentation.
-     - Internally, Propellor no longer invokes sbuild-createchroot(1) to build
-       schroots.
-     - Update documentation."""]]
\ No newline at end of file
diff --git a/doc/news/version_5.2.0.mdwn b/doc/news/version_5.2.0.mdwn
new file mode 100644
index 00000000..8cd1edaf
--- /dev/null
+++ b/doc/news/version_5.2.0.mdwn
@@ -0,0 +1,24 @@
+propellor 5.2.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * [ Joey Hess ]
+   * bootstrappedFrom: Set up local privdata file.
+   * Parted: Fix names used for FAT and VFAT partitions.
+   * Parted: Add an Alignment parameter. (API change)
+     A good default to use is safeAlignment, which is 4MiB,
+     well suited for inexpensive flash drives, and fine for other disks too.
+     Previously, a very non-optimial 1MB (not 1MiB) alignment had been used.
+   * DiskImage: Use safeAlignment. It didn't seem worth making the
+     alignment configurable here.
+   * Fixed rounding bug in Parted.calcPartTable.
+   * DiskImage: Fix rsync crash when a mount point does not exist in the
+     chroot.
+   * Fix bug in unmountBelow that caused unmounting of nested mounts to
+     fail.
+   * Grub.boots, Grub.bootsMounted: Pass --target to grub-install.
+   * Added Propellor.Property.Installer modules, which can be used to create
+     bootable installer disk images, which then run propellor to install
+     a system. This code was extracted from the demo I gave in my
+     talk at DebConf 2017.
+ * [ Sean Whitton ]
+   * Sbuild: add notes about Debian jessie hosts and backports of sbuild and
+     autopkgtest."""]]
\ No newline at end of file

Added a comment: almost there
diff --git a/doc/forum/secret-project_deliverable/comment_2_a3faea076e7477d5ce4fcb03a38d74a7._comment b/doc/forum/secret-project_deliverable/comment_2_a3faea076e7477d5ce4fcb03a38d74a7._comment
new file mode 100644
index 00000000..24738e49
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_2_a3faea076e7477d5ce4fcb03a38d74a7._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="almost there"
+ date="2017-12-29T21:09:04Z"
+ content="""
+thanks
+
+got another error that I probaly can fix my self
+"""]]

response
diff --git a/doc/forum/secret-project_deliverable/comment_1_49f421da4a94d9267ca5e75679a4c92c._comment b/doc/forum/secret-project_deliverable/comment_1_49f421da4a94d9267ca5e75679a4c92c._comment
new file mode 100644
index 00000000..9f8c8a90
--- /dev/null
+++ b/doc/forum/secret-project_deliverable/comment_1_49f421da4a94d9267ca5e75679a4c92c._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2017-12-29T19:49:02Z"
+ content="""
+I've added some hints to the README, of course it's been a while since I
+ran it and I only ran it a couple times. The content of the config.hs is
+really more important than the gory details of how to run it, in my opinion.
+"""]]

diff --git a/doc/forum/secret-project_deliverable.mdwn b/doc/forum/secret-project_deliverable.mdwn
new file mode 100644
index 00000000..b1fcab54
--- /dev/null
+++ b/doc/forum/secret-project_deliverable.mdwn
@@ -0,0 +1,27 @@
+Hi,
+
+The secret-project README says to do `stack build`.
+
+Doing that gives me a clean compile.
+
+
+But what deliverable should I have now?
+
+
+Snippet from `secret-project.cabal`:
+
+    Executable propellor-config
+      Main-Is: config.hs
+
+But I don't have a `propellor-config`.
+
+Running `propellor` gives compile errors.
+So that doesn't seem the next step for getting any deliverable.
+
+For what should I be looking??
+
+
+Cheers
+
+Geert Stappers
+

Added a comment: Clean build
diff --git a/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_8_66bab35f7eb78584e1adf93b4b8dccb4._comment b/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_8_66bab35f7eb78584e1adf93b4b8dccb4._comment
new file mode 100644
index 00000000..a5c37aac
--- /dev/null
+++ b/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_8_66bab35f7eb78584e1adf93b4b8dccb4._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="Clean build"
+ date="2017-12-29T17:41:02Z"
+ content="""
+Yes, with the updated  `stack.yaml` I do get a clean build upon `stack build`.
+
+Yeah
+
+"""]]

update
diff --git a/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_7_cf7efafc0ee96d5cecf452ebe49015d5._comment b/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_7_cf7efafc0ee96d5cecf452ebe49015d5._comment
new file mode 100644
index 00000000..3f140c2e
--- /dev/null
+++ b/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_7_cf7efafc0ee96d5cecf452ebe49015d5._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 7"""
+ date="2017-12-29T16:26:41Z"
+ content="""
+Asked the stack developers and found a stack.yaml that
+I think worked with both versions of stack. At least both can build with
+it, have not tried running secret-project again.
+"""]]

comment
diff --git a/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_6_249337c7f647cca8f4e23c99897458d9._comment b/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_6_249337c7f647cca8f4e23c99897458d9._comment
new file mode 100644
index 00000000..9d540993
--- /dev/null
+++ b/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_6_249337c7f647cca8f4e23c99897458d9._comment
@@ -0,0 +1,22 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 6"""
+ date="2017-12-29T15:56:21Z"
+ content="""
+You need this for it to build with the newer stack:
+
+	--- a/stack.yaml
+	+++ b/stack.yaml
+	@@ -4,4 +4,5 @@ packages:
+	 resolver: lts-8.12
+	 extra-deps:
+	 - propellor-5.1.0
+	+- archive: http://github.com/joeyh/threepenny-gui/archive/59242cf93bdb8eaa805f5c2b0241e9a1cba9a70f.zip
+	 explicit-setup-deps:
+
+However, that won't work with the 
+[stack currently in debian](http://package.debian.org/haskell-stack)
+and since secret-project later installs that version of stack and runs
+it against the same stack.yaml file, I can't commit that change until 
+Debian gets around to [upgrading haskell-stack](http://bugs.debian.org/877256)
+"""]]

Added a comment: stack extra dep threepenny-gui-0.8.2.0 compile error
diff --git a/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_5_4cda097e7650c4ba46e26c6e3dbbdc75._comment b/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_5_4cda097e7650c4ba46e26c6e3dbbdc75._comment
new file mode 100644
index 00000000..608e0bb1
--- /dev/null
+++ b/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_5_4cda097e7650c4ba46e26c6e3dbbdc75._comment
@@ -0,0 +1,65 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="stack extra dep  threepenny-gui-0.8.2.0   compile error"
+ date="2017-12-29T09:22:34Z"
+ content="""
+With having
+
+	extra-deps:
+	- propellor-5.1.0
+	- threepenny-gui-0.8.2.0
+
+in `stack.yaml` gives me this compile error:
+
+	Preprocessing executable 'propellor-config' for secret-project-0.0...
+	[ 7 of 10] Compiling Installer.UI     ( Installer/UI.hs, .stack-work/dist/x86_64-linux-nopie/Cabal-1.24.2.0/build/propellor-config/propellor-config-tmp/Installer/UI.o )
+	             
+	/home/stappers/src/secret-project/Installer/UI.hs:282:32: error:
+	    • Couldn't match type ‘(t1, (Int, Int))’ with ‘[Char]’
+	      Expected type: UI.DragData
+	        Actual type: (t1, (Int, Int))
+	    • In the pattern: (_d, (x, y))
+	      In the second argument of ‘($)’, namely
+	        ‘\ (_d, (x, y))
+	           -> void
+	              $ do { now <- getTime clock;
+	                     liftIO $ writeIORef draginfo (x, y, now);
+	                     .... }’
+	      In a stmt of a 'do' block:
+	        on UI.dragStart elt
+	        $ \ (_d, (x, y))
+	            -> void
+	               $ do { now <- getTime clock;
+	                      liftIO $ writeIORef draginfo (x, y, now);
+	                      .... }
+	             
+	/home/stappers/src/secret-project/Installer/UI.hs:487:27: error:
+	    • Couldn't match type ‘(t0 a0, (Int, Int))’ with ‘[Char]’
+	      Expected type: UI.DragData
+	        Actual type: (t0 a0, (Int, Int))
+	    • In the pattern: (d, (x, y))
+	      In the second argument of ‘($)’, namely
+	        ‘\ (d, (x, y))
+	           -> when (not (null d))
+	              $ liftIO $ writeIORef dropSuccess (True, (x, y))’
+	      In a stmt of a 'do' block:
+	        on UI.drop elt
+	        $ \ (d, (x, y))
+	            -> when (not (null d))
+	               $ liftIO $ writeIORef dropSuccess (True, (x, y))
+	             
+	--  While building custom Setup.hs for package secret-project-0.0 using:
+	      /root/.stack/setup-exe-cache/x86_64-linux-nopie/Cabal-simple_mPHDZzAJ_1.24.2.0_ghc-8.0.2 --builddir=.stack-work/dist/x86_64-linux-nopie/Cabal-1.24.2.0 build exe:propellor-config --ghc-options \" -ddump-hi -ddump-to-file\"
+	    Process exited with code: ExitFailure 1
+	
+I hope it is reproduceable and that it can be fixed.
+
+Thank you
+
+Groeten
+
+Geert Stappers
+
+"""]]

Added a comment: threepenny-ui in cabal
diff --git a/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_4_074a7c14425635ddb25b7d3046337533._comment b/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_4_074a7c14425635ddb25b7d3046337533._comment
new file mode 100644
index 00000000..4ea04076
--- /dev/null
+++ b/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_4_074a7c14425635ddb25b7d3046337533._comment
@@ -0,0 +1,38 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="threepenny-ui in cabal"
+ date="2017-12-29T08:46:19Z"
+ content="""
+Without a version for threepenny-ui in secret-project.cabal gets 0.7.0.1 installed by `stack build`.
+
+Where 0.7.0.1 comes from is unclear to me.
+Downloading and unzipping <https://github.com/joeyh/threepenny-gui/archive/59242cf93bdb8eaa805f5c2b0241e9a1cba9a70f.zip> didn't reveal any 0.7.0.1.
+
+Having `threepenny-gui (>= 0.8.0.0)` in secret-project.cabal gives this compile error:
+
+	
+	Error: While constructing the build plan, the following exceptions were encountered:
+	
+	In the dependencies for secret-project-0.0:
+	    threepenny-gui-0.7.0.1 from stack configuration does not match (>=0.8.0.0) (latest matching version
+	                           is 0.8.2.0)
+	needed since secret-project is a build target.
+	
+	Some potential ways to resolve this:
+	
+	  * Recommended action: try adding the following to your extra-deps
+	    in /home/stappers/src/secret-project/stack.yaml:
+	
+	- threepenny-gui-0.8.2.0
+	
+	  * Set 'allow-newer: true' to ignore all version constraints and build anyway.
+	
+	  * You may also want to try using the 'stack solver' command.
+	
+	Plan construction failed.
+
+
+
+"""]]

Added a comment: my stack version
diff --git a/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_3_e288978072a6f38539150be1ebf4b0f2._comment b/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_3_e288978072a6f38539150be1ebf4b0f2._comment
new file mode 100644
index 00000000..5dc314de
--- /dev/null
+++ b/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_3_e288978072a6f38539150be1ebf4b0f2._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="stappers@eb96885816da287c29f6f699999434d532149234"
+ nickname="stappers"
+ avatar="http://cdn.libravatar.org/avatar/bf33450acf6fc2a17a8b4e6fc7749c65"
+ subject="my stack version"
+ date="2017-12-28T22:13:21Z"
+ content="""
+    $ stack --version
+    Version 1.6.3, Git revision b27e629b8c4ce369e3b8273f04db193b060000db (5454 commits) x86_64 hpack-0.20.0
+
+"""]]

response
diff --git a/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_2_10e8132f96e66a4c215ed275e22d1bda._comment b/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_2_10e8132f96e66a4c215ed275e22d1bda._comment
new file mode 100644
index 00000000..f25b614b
--- /dev/null
+++ b/doc/forum/secret-project_and_Module___8216__Graphics.UI.Threepenny__8217___does_not_export___8216__loadFile__8217__./comment_2_10e8132f96e66a4c215ed275e22d1bda._comment
@@ -0,0 +1,16 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2017-12-28T17:01:21Z"
+ content="""
+The zip file pointed to by the stack.yaml file contains a patched version
+of threepenny-gui 0.8.0.0, the same as the cabal file requires.
+
+Downgrading the dependency won't work, thus your build problems. All I can
+tell you is it's built successfully with stack every time I've tried to
+build it, and stack pins all package versions to ensure a reproducible
+build.
+
+It may be that you're using too old a version of stack or 
+something like that; I've used stack 1.1.2.
+"""]]