[arch-commits] Commit in gitlab/trunk (PKGBUILD)
Anatol Pomozov
anatolik at archlinux.org
Fri May 29 05:10:30 UTC 2020
Date: Friday, May 29, 2020 @ 05:10:28
Author: anatolik
Revision: 636956
Make /var/log/gitlab and /etc/webapps/gitlab listable by everyone
The list of log files is not secret. Let's make the directories visible.
If content of a specific file (like gitlab_workhorse_secret) need to restricted
the permissions for the file need to be set appropriately.
Modified:
gitlab/trunk/PKGBUILD
----------+
PKGBUILD | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2020-05-29 05:08:51 UTC (rev 636955)
+++ PKGBUILD 2020-05-29 05:10:28 UTC (rev 636956)
@@ -136,7 +136,8 @@
install -dm750 -o 105 -g 105 "${pkgdir}${_datadir}/builds"
install -dm700 -o 105 -g 105 "${pkgdir}${_datadir}/uploads"
install -dm750 -o 105 -g 105 "${pkgdir}${_datadir}/backups"
- install -dm750 -o 105 -g 105 "${pkgdir}${_etcdir}"
+ install -dm755 -o 105 -g 105 "${pkgdir}${_etcdir}"
+ install -dm755 -o 105 -g 105 "${pkgdir}${_logdir}"
install -dm755 "${pkgdir}/usr/share/doc/gitlab"
rm -r "${pkgdir}${_appdir}"/{.git,builds,tmp,log}
@@ -164,9 +165,10 @@
# TODO: ruby uses _appdir to load config files. Figure out if we can load files directly from /etc
ln -fs "${_etcdir}/secrets.yml" "${pkgdir}${_appdir}/config/secrets.yml"
- # files with password/secrets are set world-unreadable
+ # files with passwords/secrets are set world-unreadable
for secret_file in gitlab_workhorse_secret smtp_settings.rb; do
chmod 660 "${pkgdir}${_etcdir}/${secret_file}"
+ # TODO: should we just leave the
chown root:105 "${pkgdir}${_etcdir}/${secret_file}"
done
More information about the arch-commits
mailing list