commit: 3a07b798e2b19c7ba7f23ba429eab24596a4cb98
parent fa36032d96ba785577d3862bace389cd481e49ae
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Mon, 12 Jun 2023 11:29:17 +0200
www-apps/pleroma: Fix permissions
Diffstat:
2 files changed, 44 insertions(+), 6 deletions(-)
diff --git a/www-apps/pleroma/pleroma-2.5.2.ebuild b/www-apps/pleroma/pleroma-2.5.2.ebuild
@@ -39,6 +39,7 @@ DEPEND="
RDEPEND="
${DEPEND}
acct-user/pleroma
+ acct-group/pleroma
imagemagick? ( media-gfx/imagemagick )
ffmpeg? ( media-video/ffmpeg )
exiftool? ( media-libs/exiftool )
@@ -68,7 +69,10 @@ src_prepare() {
-e 's;update "$@";echo "Unsupported, check the '"${CATEGORY}/${PN}"' package instead.";' \
rel/files/bin/pleroma_ctl || die
- echo "import Mix.Config" > config/prod.secret.exs || die
+ # Default ends up being inside /opt/pleroma which should be kept read-only to pleroma
+ echo 'config :tzdata, :data_dir, "/var/lib/pleroma/tzdata"' >> config/prod.exs || die
+
+ echo "import Config" > config/prod.secret.exs || die
}
src_compile() {
@@ -77,6 +81,21 @@ src_compile() {
}
src_install() {
- insinto /opt/
- doins -r pleroma
+ # doins doesn't seems to preserve permissions
+ mkdir -p "${ED}/opt" || die
+ cp -pr ./pleroma "${ED}/opt/pleroma" || die
+ fperms 0750 /opt/pleroma
+ fowners 0:pleroma /opt/pleroma
+
+ # This file controls console access
+ fperms 0750 /opt/pleroma/releases/COOKIE
+ fowners 0:pleroma /opt/pleroma/releases/COOKIE
+
+ keepdir /etc/pleroma
+ fperms 0750 /etc/pleroma
+ fowners 0:pleroma /etc/pleroma
+
+ keepdir /var/lib/pleroma
+ fperms 0750 /var/lib/pleroma
+ fowners pleroma:pleroma /var/lib/pleroma
}
diff --git a/www-apps/pleroma/pleroma-9999.ebuild b/www-apps/pleroma/pleroma-9999.ebuild
@@ -39,6 +39,7 @@ DEPEND="
RDEPEND="
${DEPEND}
acct-user/pleroma
+ acct-group/pleroma
imagemagick? ( media-gfx/imagemagick )
ffmpeg? ( media-video/ffmpeg )
exiftool? ( media-libs/exiftool )
@@ -68,7 +69,10 @@ src_prepare() {
-e 's;update "$@";echo "Unsupported, check the '"${CATEGORY}/${PN}"' package instead.";' \
rel/files/bin/pleroma_ctl || die
- echo "import Mix.Config" > config/prod.secret.exs || die
+ # Default ends up being inside /opt/pleroma which should be kept read-only to pleroma
+ echo 'config :tzdata, :data_dir, "/var/lib/pleroma/tzdata"' >> config/prod.exs || die
+
+ echo "import Config" > config/prod.secret.exs || die
}
src_compile() {
@@ -77,6 +81,21 @@ src_compile() {
}
src_install() {
- insinto /opt/
- doins -r pleroma
+ # doins doesn't seems to preserve permissions
+ mkdir -p "${ED}/opt" || die
+ cp -pr ./pleroma "${ED}/opt/pleroma" || die
+ fperms 0750 /opt/pleroma
+ fowners 0:pleroma /opt/pleroma
+
+ # This file controls console access
+ fperms 0750 /opt/pleroma/releases/COOKIE
+ fowners 0:pleroma /opt/pleroma/releases/COOKIE
+
+ keepdir /etc/pleroma
+ fperms 0750 /etc/pleroma
+ fowners 0:pleroma /etc/pleroma
+
+ keepdir /var/lib/pleroma
+ fperms 0750 /var/lib/pleroma
+ fowners pleroma:pleroma /var/lib/pleroma
}
