Created by James Page and last modified
Get this branch:
bzr branch lp:~james-page/charm-helpers/remove-alternative
Only James Page can upload to this branch. If you are James Page please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

James Page
Charm Helpers

Recent revisions

789. By James Page on 2017-09-18

Add remove_alternative helper

Add helper for removal of alternative configuration files from
an installed unit.

'--remove' is idempotent; removal will always occur, but if the
alternative is not already installed, the command will exit 0.

788. By Alex Kavanagh on 2017-08-31

[shaner,r=ajkavanagh] Fixes parsing of currently loaded apache modules

When hardening apache, the returned list of currently
enabled modules is always empty.

This change splits on linefeeds from the output of
'apachectl -M' instead of spaces which allows the
regex to match.

Since the returned list of modules could potentitialy
be used as input to '_disable_module' the regex was tweaked
to truncate the module name, removing the '_module' since
this is what a2dismod expects.

Closes-Bug: #1712203

787. By Tim Van Steenburgh on 2017-08-29


786. By Stuart Bishop on 2017-08-28

[xtrusia,r=stub] Fix hookenv.principal_unit failure, attempting to read metadata of non-cohosted charm

785. By Tim Van Steenburgh on 2017-08-28


784. By Alex Kavanagh on 2017-08-17

[joeborg, r=tinwood] Adding test coverage for FilePermissionAudit

(note tinwood had to patch the test slightly to get it to merge due
to recent changes in charm-helpers).

783. By Alex Kavanagh on 2017-08-15

[stub, r=tinwood] A feature of the PostgreSQL charm had stopped working, as
charm-helpers was attempting to do more validation of GPG key formats and the
PG charm happens to add comments to its keys so they don't get mixed up.

While fixing this, noticed that insecure usage still seems to be promoted.
Clearly flag this cases in the docstring and add WARNING messages to logs when
people open themselves up to attack (the key retrieval protocol is unencrypted
for historical reasons and the same man-in-the-middle attack that poisons an
archive can also make people trust keys retrieved this way).

782. By David Ames on 2017-08-14

[tinwood, r=thedac] Update the core.host.write_file(...) function to do less work

The primary motivation for this change is to do less work, touch the
filesystem less, and try to clean the logs up a bit. This change is
to the rendering of configuration files, which generates noise in the
logs (at INFO) level, and often results in writing the exact same
content, thus updating the atime of the file even when the contents
haven't changed.

This change detects if the content will change, and if not, doesn't
write the file. It does detect if the uid,gid is changing and takes
the appropriate action. The logs are demoted to the lowest level of
DEBUG/TRACE, and are only generated IFF the file is actually written
or the uid/gid is changed.

781. By Billy Olsen on 2017-08-11

[thedac,r=billy-olsen] Allow IPv4/IPv6 Dual Stack

780. By David Ames on 2017-08-08

[jamespage, r=thedac,tinwood] Refactoring ApacheSSLContext for network-space support

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.