restrict file permissions for secrets

This commit is contained in:
Praveen Arimbrathodiyil 2016-04-05 12:37:43 +05:30
parent 2d8014dee1
commit 35848950c3
2 changed files with 9 additions and 1 deletions

1
debian/changelog vendored
View file

@ -3,6 +3,7 @@ gitlab (8.5.8+dfsg-4) UNRELEASED; urgency=medium
* Tighten version requirements for dependencies * Tighten version requirements for dependencies
* Fix permissions for uploads * Fix permissions for uploads
* Run db:migrate when db exist * Run db:migrate when db exist
* Restrict file permissions for secret files (Closes: #819412)
-- Pirate Praveen <praveen@debian.org> Tue, 05 Apr 2016 11:38:52 +0530 -- Pirate Praveen <praveen@debian.org> Tue, 05 Apr 2016 11:38:52 +0530

View file

@ -14,8 +14,15 @@ if ! [ -f "${gitlab_app_root}/config/secrets.yml" ]; then
cp ${gitlab_app_root}/config/secrets.yml.example ${gitlab_app_root}/config/secrets.yml cp ${gitlab_app_root}/config/secrets.yml.example ${gitlab_app_root}/config/secrets.yml
sed -i "s/# db_key_base:/db_key_base: ${gitlab_app_secret}/" ${gitlab_app_root}/config/secrets.yml sed -i "s/# db_key_base:/db_key_base: ${gitlab_app_secret}/" ${gitlab_app_root}/config/secrets.yml
echo ${gitlab_app_root} > ${gitlab_app_root}/.secret echo ${gitlab_app_secret} > ${gitlab_app_root}/.secret
} }
# Restrict permissions for secret files
chmod 0700 ${gitlab_data_dir}/.secret
chmod 0700 ${gitlab_data_dir}/.gitlab_shell_secret
chmod 0700 ${gitlab_conf}/secrets.yml
fi fi
if [ "$(LANG=C su postgres -c "psql gitlab_production -c \"\d\"")" = \ if [ "$(LANG=C su postgres -c "psql gitlab_production -c \"\d\"")" = \
"No relations found." ]; then "No relations found." ]; then