restrict file permissions for secrets
This commit is contained in:
parent
2d8014dee1
commit
35848950c3
2 changed files with 9 additions and 1 deletions
1
debian/changelog
vendored
1
debian/changelog
vendored
|
@ -3,6 +3,7 @@ gitlab (8.5.8+dfsg-4) UNRELEASED; urgency=medium
|
|||
* Tighten version requirements for dependencies
|
||||
* Fix permissions for uploads
|
||||
* Run db:migrate when db exist
|
||||
* Restrict file permissions for secret files (Closes: #819412)
|
||||
|
||||
-- Pirate Praveen <praveen@debian.org> Tue, 05 Apr 2016 11:38:52 +0530
|
||||
|
||||
|
|
9
debian/rake-tasks.sh
vendored
9
debian/rake-tasks.sh
vendored
|
@ -14,8 +14,15 @@ if ! [ -f "${gitlab_app_root}/config/secrets.yml" ]; then
|
|||
|
||||
cp ${gitlab_app_root}/config/secrets.yml.example ${gitlab_app_root}/config/secrets.yml
|
||||
sed -i "s/# db_key_base:/db_key_base: ${gitlab_app_secret}/" ${gitlab_app_root}/config/secrets.yml
|
||||
echo ${gitlab_app_root} > ${gitlab_app_root}/.secret
|
||||
echo ${gitlab_app_secret} > ${gitlab_app_root}/.secret
|
||||
}
|
||||
|
||||
# Restrict permissions for secret files
|
||||
|
||||
chmod 0700 ${gitlab_data_dir}/.secret
|
||||
chmod 0700 ${gitlab_data_dir}/.gitlab_shell_secret
|
||||
chmod 0700 ${gitlab_conf}/secrets.yml
|
||||
|
||||
fi
|
||||
if [ "$(LANG=C su postgres -c "psql gitlab_production -c \"\d\"")" = \
|
||||
"No relations found." ]; then
|
||||
|
|
Loading…
Reference in a new issue