[arch-commits] Commit in gitlab/trunk (PKGBUILD)

Anatol Pomozov anatolik at archlinux.org
Fri May 29 05:10:30 UTC 2020


    Date: Friday, May 29, 2020 @ 05:10:28
  Author: anatolik
Revision: 636956

Make /var/log/gitlab and /etc/webapps/gitlab listable by everyone

The list of log files is not secret. Let's make the directories visible.
If content of a specific file (like gitlab_workhorse_secret) need to restricted
the permissions for the file need to be set appropriately.

Modified:
  gitlab/trunk/PKGBUILD

----------+
 PKGBUILD |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-05-29 05:08:51 UTC (rev 636955)
+++ PKGBUILD	2020-05-29 05:10:28 UTC (rev 636956)
@@ -136,7 +136,8 @@
   install -dm750 -o 105 -g 105 "${pkgdir}${_datadir}/builds"
   install -dm700 -o 105 -g 105 "${pkgdir}${_datadir}/uploads"
   install -dm750 -o 105 -g 105 "${pkgdir}${_datadir}/backups"
-  install -dm750 -o 105 -g 105 "${pkgdir}${_etcdir}"
+  install -dm755 -o 105 -g 105 "${pkgdir}${_etcdir}"
+  install -dm755 -o 105 -g 105 "${pkgdir}${_logdir}"
   install -dm755 "${pkgdir}/usr/share/doc/gitlab"
 
   rm -r "${pkgdir}${_appdir}"/{.git,builds,tmp,log}
@@ -164,9 +165,10 @@
   # TODO: ruby uses _appdir to load config files. Figure out if we can load files directly from /etc
   ln -fs "${_etcdir}/secrets.yml" "${pkgdir}${_appdir}/config/secrets.yml"
 
-  # files with password/secrets are set world-unreadable
+  # files with passwords/secrets are set world-unreadable
   for secret_file in gitlab_workhorse_secret smtp_settings.rb; do
     chmod 660 "${pkgdir}${_etcdir}/${secret_file}"
+    # TODO: should we just leave the 
     chown root:105 "${pkgdir}${_etcdir}/${secret_file}"
   done
 



More information about the arch-commits mailing list