move permissions change after gitlab shell is set

debian/rake-tasks.sh

@@ -17,17 +17,9 @@ if ! [ -f "${gitlab_app_root}/config/secrets.yml" ]; then
   echo ${gitlab_app_secret} > ${gitlab_app_root}/.secret
   }
 
-# Restrict permissions for secret files
-
-chown ${gitlab_user}: ${gitlab_data_dir}/.secret
-chmod 0700 ${gitlab_data_dir}/.secret
-if [ -e ${gitlab_data_dir}/.gitlab_shell_secret ]; then
-  chmod 0700 ${gitlab_data_dir}/.gitlab_shell_secret
 fi
-chown ${gitlab_user}: ${gitlab_conf}/secrets.yml
-chmod 0700 ${gitlab_conf}/secrets.yml
 
-fi
+# Check if the db is already present
 if [ "$(LANG=C su postgres -c "psql gitlab_production -c \"\d\"")" = \
 "No relations found." ]; then
   echo "Initializing database..."
@@ -41,6 +33,14 @@ else
   su ${gitlab_user} -s /bin/sh -c 'bundle exec rake db:migrate'
 fi
 
+# Restrict permissions for secret files
+chown ${gitlab_user}: ${gitlab_data_dir}/.secret
+chmod 0700 ${gitlab_data_dir}/.secret
+chmod 0700 ${gitlab_data_dir}/.gitlab_shell_secret
+chown ${gitlab_user}: ${gitlab_conf}/secrets.yml
+chmod 0700 ${gitlab_conf}/secrets.yml
+
+
 echo "Precompiling assets..."
 su ${gitlab_user} -s /bin/sh -c 'bundle exec rake assets:precompile RAILS_ENV=production'