From 993946077ea3be1af83039add7bf2a8c6c214037 Mon Sep 17 00:00:00 2001
From: Praveen Arimbrathodiyil <praveen@debian.org>
Date: Fri, 21 Apr 2017 13:50:40 +0530
Subject: [PATCH] switch to using runuser from su

---
 debian/gitlab-check.sh |  2 +-
 debian/postinst        | 14 +++++++-------
 debian/postrm          |  2 +-
 debian/rake-tasks.sh   | 12 ++++++------
 4 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/debian/gitlab-check.sh b/debian/gitlab-check.sh
index bbfd6bb0f4..986bc17e74 100755
--- a/debian/gitlab-check.sh
+++ b/debian/gitlab-check.sh
@@ -10,4 +10,4 @@ cd /usr/share/gitlab
 
 # Check gitlab is configured correctly
 printf "Check if Gitlab is configured correctly...\n"
-su ${gitlab_user} -s /bin/sh -c 'bundle exec rake gitlab:check'
+runuser -u ${gitlab_user} -s /bin/sh -c 'bundle exec rake gitlab:check'
diff --git a/debian/postinst b/debian/postinst
index 6881b1046f..4a3f0cf2ce 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -73,9 +73,9 @@ gitlab_user=$RET >/dev/null
 #######################################################################
 # update Gemfile.lock, always
 #######################################################################
-su ${gitlab_user} -s /bin/sh -c "truncate -s 0 ${gitlab_data_dir}/Gemfile.lock"
+runuser -u ${gitlab_user} -s /bin/sh -c "truncate -s 0 ${gitlab_data_dir}/Gemfile.lock"
 cd ${gitlab_app_root}
-if ! su ${gitlab_user} -s /bin/sh -c 'bundle --local --quiet'; then
+if ! runuser -u ${gitlab_user} -s /bin/sh -c 'bundle --local --quiet'; then
   if [ "$1" = "triggered" ]; then
     # probably triggered in the middle of an system upgrade; ignore failure
     # but abort here
@@ -128,8 +128,8 @@ case "$1" in
       chown -R ${gitlab_user}: $i
     done
 
-    su ${gitlab_user} -s /bin/sh -c "chmod 700 ${gitlab_uploads_path}"
-    su ${gitlab_user} -s /bin/sh -c 'git config --global core.autocrlf "input"'
+    runuser -u ${gitlab_user} -s /bin/sh -c "chmod 700 ${gitlab_uploads_path}"
+    runuser -u ${gitlab_user} -s /bin/sh -c 'git config --global core.autocrlf "input"'
 
     # Commands below needs to be run from gitlab_app_root
     cd ${gitlab_app_root}
@@ -311,16 +311,16 @@ case "$1" in
     db_stop
 
     # enable the pg_trgm extension
-    su postgres -c "psql -d gitlab_production -c \"CREATE EXTENSION IF NOT EXISTS pg_trgm;\""
+    runuser -u postgres -c "psql -d gitlab_production -c \"CREATE EXTENSION IF NOT EXISTS pg_trgm;\""
 
     # Remove Gemfile.lock if present
     rm -f ${gitlab_data_dir}/Gemfile.lock
 
     # Create Gemfile.lock and .secret in /var/lib/gitlab
-    su ${gitlab_user} -s /bin/sh -c "touch ${gitlab_data_dir}/Gemfile.lock"
+    runuser -u ${gitlab_user} -s /bin/sh -c "touch ${gitlab_data_dir}/Gemfile.lock"
 
     echo "Verifying we have all required libraries..."
-    su ${gitlab_user} -s /bin/sh -c 'bundle install --without development test --local'
+    runuser -u ${gitlab_user} -s /bin/sh -c 'bundle install --without development test --local'
         
     echo "Running final rake tasks and tweaks..."
     . /usr/lib/gitlab/scripts/rake-tasks.sh
diff --git a/debian/postrm b/debian/postrm
index fb80ffc6fb..d9b448a25e 100644
--- a/debian/postrm
+++ b/debian/postrm
@@ -71,7 +71,7 @@ ${gitlab_data_dir}; do
             # Do only if gitlab_user is set
             if command -v dropdb >/dev/null; then
                 echo "Removing Database: gitlab_production"
-                if su ${gitlab_user} -c 'psql gitlab_production -c ""' ; then su postgres -c "dropdb gitlab_production"; fi
+                if runuser -u ${gitlab_user} -c 'psql gitlab_production -c ""' ; then su postgres -c "dropdb gitlab_production"; fi
             else
                 echo "dropdb command not found. Hence not removing database."
            fi
diff --git a/debian/rake-tasks.sh b/debian/rake-tasks.sh
index df64c78a26..3416acf560 100755
--- a/debian/rake-tasks.sh
+++ b/debian/rake-tasks.sh
@@ -9,21 +9,21 @@ export DB RAILS_ENV
 cd /usr/share/gitlab
 
 # Check if the db is already present
-if [ "$(LANG=C su postgres -c "psql gitlab_production -c \"\d\"")" = \
+if [ "$(LANG=C runuser -u postgres -c "psql gitlab_production -c \"\d\"")" = \
 "No relations found." ]; then
   echo "Initializing database..."
   test -f ${gitlab_home}/db/schema.rb || \
-  su ${gitlab_user} -s /bin/sh -c\
+  runuser -u ${gitlab_user} -s /bin/sh -c\
   "cp ${gitlab_data_dir}/db/schema.rb.template ${gitlab_data_dir}/db/schema.rb"
-  su ${gitlab_user} -s /bin/sh -c 'bundle exec rake db:schema:load'
-  su ${gitlab_user} -s /bin/sh -c 'bundle exec rake db:seed_fu'
+  runuser -u ${gitlab_user} -s /bin/sh -c 'bundle exec rake db:schema:load'
+  runuser -u ${gitlab_user} -s /bin/sh -c 'bundle exec rake db:seed_fu'
 else
   echo "gitlab_production database is not empty, skipping gitlab setup"
-  su ${gitlab_user} -s /bin/sh -c 'bundle exec rake db:migrate'
+  runuser -u ${gitlab_user} -s /bin/sh -c 'bundle exec rake db:migrate'
 fi
 
 # Restrict permissions for secret files
 chmod 0700 ${gitlab_data_dir}/.gitlab_shell_secret
 
 echo "Precompiling assets..."
-su ${gitlab_user} -s /bin/sh -c 'bundle exec rake tmp:cache:clear assets:precompile'
+runuser -u ${gitlab_user} -s /bin/sh -c 'bundle exec rake tmp:cache:clear assets:precompile'