switch to using runuser from su

This commit is contained in:
Praveen Arimbrathodiyil 2017-04-21 13:50:40 +05:30
parent e40cb82195
commit 993946077e
4 changed files with 15 additions and 15 deletions

View file

@ -10,4 +10,4 @@ cd /usr/share/gitlab
# Check gitlab is configured correctly # Check gitlab is configured correctly
printf "Check if Gitlab is configured correctly...\n" printf "Check if Gitlab is configured correctly...\n"
su ${gitlab_user} -s /bin/sh -c 'bundle exec rake gitlab:check' runuser -u ${gitlab_user} -s /bin/sh -c 'bundle exec rake gitlab:check'

14
debian/postinst vendored
View file

@ -73,9 +73,9 @@ gitlab_user=$RET >/dev/null
####################################################################### #######################################################################
# update Gemfile.lock, always # update Gemfile.lock, always
####################################################################### #######################################################################
su ${gitlab_user} -s /bin/sh -c "truncate -s 0 ${gitlab_data_dir}/Gemfile.lock" runuser -u ${gitlab_user} -s /bin/sh -c "truncate -s 0 ${gitlab_data_dir}/Gemfile.lock"
cd ${gitlab_app_root} cd ${gitlab_app_root}
if ! su ${gitlab_user} -s /bin/sh -c 'bundle --local --quiet'; then if ! runuser -u ${gitlab_user} -s /bin/sh -c 'bundle --local --quiet'; then
if [ "$1" = "triggered" ]; then if [ "$1" = "triggered" ]; then
# probably triggered in the middle of an system upgrade; ignore failure # probably triggered in the middle of an system upgrade; ignore failure
# but abort here # but abort here
@ -128,8 +128,8 @@ case "$1" in
chown -R ${gitlab_user}: $i chown -R ${gitlab_user}: $i
done done
su ${gitlab_user} -s /bin/sh -c "chmod 700 ${gitlab_uploads_path}" runuser -u ${gitlab_user} -s /bin/sh -c "chmod 700 ${gitlab_uploads_path}"
su ${gitlab_user} -s /bin/sh -c 'git config --global core.autocrlf "input"' runuser -u ${gitlab_user} -s /bin/sh -c 'git config --global core.autocrlf "input"'
# Commands below needs to be run from gitlab_app_root # Commands below needs to be run from gitlab_app_root
cd ${gitlab_app_root} cd ${gitlab_app_root}
@ -311,16 +311,16 @@ case "$1" in
db_stop db_stop
# enable the pg_trgm extension # enable the pg_trgm extension
su postgres -c "psql -d gitlab_production -c \"CREATE EXTENSION IF NOT EXISTS pg_trgm;\"" runuser -u postgres -c "psql -d gitlab_production -c \"CREATE EXTENSION IF NOT EXISTS pg_trgm;\""
# Remove Gemfile.lock if present # Remove Gemfile.lock if present
rm -f ${gitlab_data_dir}/Gemfile.lock rm -f ${gitlab_data_dir}/Gemfile.lock
# Create Gemfile.lock and .secret in /var/lib/gitlab # Create Gemfile.lock and .secret in /var/lib/gitlab
su ${gitlab_user} -s /bin/sh -c "touch ${gitlab_data_dir}/Gemfile.lock" runuser -u ${gitlab_user} -s /bin/sh -c "touch ${gitlab_data_dir}/Gemfile.lock"
echo "Verifying we have all required libraries..." echo "Verifying we have all required libraries..."
su ${gitlab_user} -s /bin/sh -c 'bundle install --without development test --local' runuser -u ${gitlab_user} -s /bin/sh -c 'bundle install --without development test --local'
echo "Running final rake tasks and tweaks..." echo "Running final rake tasks and tweaks..."
. /usr/lib/gitlab/scripts/rake-tasks.sh . /usr/lib/gitlab/scripts/rake-tasks.sh

2
debian/postrm vendored
View file

@ -71,7 +71,7 @@ ${gitlab_data_dir}; do
# Do only if gitlab_user is set # Do only if gitlab_user is set
if command -v dropdb >/dev/null; then if command -v dropdb >/dev/null; then
echo "Removing Database: gitlab_production" echo "Removing Database: gitlab_production"
if su ${gitlab_user} -c 'psql gitlab_production -c ""' ; then su postgres -c "dropdb gitlab_production"; fi if runuser -u ${gitlab_user} -c 'psql gitlab_production -c ""' ; then su postgres -c "dropdb gitlab_production"; fi
else else
echo "dropdb command not found. Hence not removing database." echo "dropdb command not found. Hence not removing database."
fi fi

12
debian/rake-tasks.sh vendored
View file

@ -9,21 +9,21 @@ export DB RAILS_ENV
cd /usr/share/gitlab cd /usr/share/gitlab
# Check if the db is already present # Check if the db is already present
if [ "$(LANG=C su postgres -c "psql gitlab_production -c \"\d\"")" = \ if [ "$(LANG=C runuser -u postgres -c "psql gitlab_production -c \"\d\"")" = \
"No relations found." ]; then "No relations found." ]; then
echo "Initializing database..." echo "Initializing database..."
test -f ${gitlab_home}/db/schema.rb || \ test -f ${gitlab_home}/db/schema.rb || \
su ${gitlab_user} -s /bin/sh -c\ runuser -u ${gitlab_user} -s /bin/sh -c\
"cp ${gitlab_data_dir}/db/schema.rb.template ${gitlab_data_dir}/db/schema.rb" "cp ${gitlab_data_dir}/db/schema.rb.template ${gitlab_data_dir}/db/schema.rb"
su ${gitlab_user} -s /bin/sh -c 'bundle exec rake db:schema:load' runuser -u ${gitlab_user} -s /bin/sh -c 'bundle exec rake db:schema:load'
su ${gitlab_user} -s /bin/sh -c 'bundle exec rake db:seed_fu' runuser -u ${gitlab_user} -s /bin/sh -c 'bundle exec rake db:seed_fu'
else else
echo "gitlab_production database is not empty, skipping gitlab setup" echo "gitlab_production database is not empty, skipping gitlab setup"
su ${gitlab_user} -s /bin/sh -c 'bundle exec rake db:migrate' runuser -u ${gitlab_user} -s /bin/sh -c 'bundle exec rake db:migrate'
fi fi
# Restrict permissions for secret files # Restrict permissions for secret files
chmod 0700 ${gitlab_data_dir}/.gitlab_shell_secret chmod 0700 ${gitlab_data_dir}/.gitlab_shell_secret
echo "Precompiling assets..." echo "Precompiling assets..."
su ${gitlab_user} -s /bin/sh -c 'bundle exec rake tmp:cache:clear assets:precompile' runuser -u ${gitlab_user} -s /bin/sh -c 'bundle exec rake tmp:cache:clear assets:precompile'