Commit 43ee5b8e authored by Héctor Orón Martínez's avatar Héctor Orón Martínez

Merge branch 'permission-fix' into 'debian/master'

Move permission adjustment into maintainer script and fix permissions

See merge request !24
parents 2ce6c055 0f25a298
open-build-service (2.9.4-3) UNRELEASED; urgency=medium
[ Lucas Kanashiro ]
* Add patch to publish Debian upstream tarball signatures to the
* Add patch to publish Ubuntu ddeb files to the repositories
......@@ -10,7 +11,11 @@ open-build-service (2.9.4-3) UNRELEASED; urgency=medium
* Add patch to fix the database migration.
Limit the size of a VARCHAR to not extrapolate the number of bytes allocated.
-- Lucas Kanashiro <> Mon, 08 Apr 2019 09:33:51 -0300
[ Andrew Lee (李健秋) ]
* Move permission adjustment from into obs-api.postinst
script and fix permissions for upgrade. (Closes: #926198)
-- Andrew Lee (李健秋) <> Tue, 09 Apr 2019 12:25:55 +0800
open-build-service (2.9.4-2) unstable; urgency=medium
......@@ -47,6 +47,12 @@ else
chown obsapi:www-data $SECRET_KEY
# Generate production.sphinx.conf and set owner www-data
if [ ! -x /etc/obs/api/config/production.sphinx.conf ]; then
touch /etc/obs/api/config/production.sphinx.conf
chown www-data.www-data /etc/obs/api/config/production.sphinx.conf
# Generate log files
touch /var/log/obs/access.log
touch /var/log/obs/backend_access.log
......@@ -59,8 +65,15 @@ fi
touch /var/log/obs/
touch /var/log/obs/clockworkd.clock.output
chown -R www-data:www-data /var/log/obs
chown -R www-data:www-data /var/cache/obs/tmp
# Refine permissions for log and tmp
chown -R obsapi.www-data /var/log/obs
chown -R obsapi.www-data /var/cache/obs/tmp
# Grand www-data write access to the tmp folder
chmod -R g+w /var/cache/obs/tmp
# Set permissions for obsapi-*.service files as these runs as www-data
chown www-data.www-data /var/cache/obs/tmp/pids
# Config Database with dbconfig-common
. /usr/share/debconf/confmodule
......@@ -70,6 +83,10 @@ dbc_generate_include_args="-o template_infile=/usr/share/obs/api/config/database
dbc_go obs-api $@
# Secure database password
chown obsapi.www-data /etc/obs/api/config/database.yml
chmod 0440 /etc/obs/api/config/database.yml
# Test whether a2ensite is available (and thus also apache2ctl).
if [ -x "$(command -v a2ensite)" ]; then
# Enable the obs site
......@@ -18,24 +18,6 @@ reload_apache()
case "$1" in
# Refine permissions for rails app.
chown www-data:root /usr/share/obs/api/config/environment.rb
chown -R www-data:www-data /var/log/obs/
chown -R www-data:www-data /var/cache/obs/tmp/
chown obsapi:www-data /var/cache/obs/tmp/
chmod 775 /var/cache/obs/tmp/
chown -R www-data:www-data /usr/share/obs/api/db
chown -R www-data:www-data /usr/share/obs/api/public
if [ ! -x /etc/obs/api/config/production.sphinx.conf ]; then
touch /etc/obs/api/config/production.sphinx.conf
chown www-data:www-data /etc/obs/api/config/production.sphinx.conf
chmod 664 /var/log/obs/*.log
chown obsapi:www-data /etc/obs/api/config/database.yml
chmod 440 /etc/obs/api/config/database.yml
chown obsapi:www-data /var/log/obs/backend_access.log
chown obsapi:www-data /var/log/obs/production.log
# Generate Gemfile.lock file.
cd /usr/share/obs/api
rm -f Gemfile.lock
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment