Merge "Secure host file permissions"
This commit is contained in:
Zuul
Gerrit Code Review
commit
ee881f8970
|
|
@ -21,6 +21,7 @@ compare_copy_files() {
|
||||||
if [ ! -e /host{{ .dest }} ] || ! cmp -s {{ .source }} /host{{ .dest }}; then
|
if [ ! -e /host{{ .dest }} ] || ! cmp -s {{ .source }} /host{{ .dest }}; then
|
||||||
mkdir -p $(dirname /host{{ .dest }})
|
mkdir -p $(dirname /host{{ .dest }})
|
||||||
cp {{ .source }} /host{{ .dest }}
|
cp {{ .source }} /host{{ .dest }}
|
||||||
|
chmod go-rwx /host{{ .dest }}
|
||||||
fi
|
fi
|
||||||
{{end}}
|
{{end}}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,7 @@ compare_copy_files() {
|
||||||
if [ ! -e /host{{ .dest }} ] || ! cmp -s {{ .source }} /host{{ .dest }}; then
|
if [ ! -e /host{{ .dest }} ] || ! cmp -s {{ .source }} /host{{ .dest }}; then
|
||||||
mkdir -p $(dirname /host{{ .dest }})
|
mkdir -p $(dirname /host{{ .dest }})
|
||||||
cp {{ .source }} /host{{ .dest }}
|
cp {{ .source }} /host{{ .dest }}
|
||||||
|
chmod go-rwx /host{{ .dest }}
|
||||||
fi
|
fi
|
||||||
{{end}}
|
{{end}}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -44,6 +44,7 @@ function sync_configuration {
|
||||||
ETCD_INITIAL_CLUSTER_STATE=existing
|
ETCD_INITIAL_CLUSTER_STATE=existing
|
||||||
create_manifest "$ETCD_INITIAL_CLUSTER" "$ETCD_INITIAL_CLUSTER_STATE" "$TEMP_MANIFEST"
|
create_manifest "$ETCD_INITIAL_CLUSTER" "$ETCD_INITIAL_CLUSTER_STATE" "$TEMP_MANIFEST"
|
||||||
sync_file "${TEMP_MANIFEST}" "${MANIFEST_PATH}"
|
sync_file "${TEMP_MANIFEST}" "${MANIFEST_PATH}"
|
||||||
|
chmod go-rwx "${MANIFEST_PATH}"
|
||||||
}
|
}
|
||||||
firstrun=true
|
firstrun=true
|
||||||
while true; do
|
while true; do
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,7 @@ compare_copy_files() {
|
||||||
if [ ! -e /host{{ .dest }} ] || ! cmp -s {{ .source }} /host{{ .dest }}; then
|
if [ ! -e /host{{ .dest }} ] || ! cmp -s {{ .source }} /host{{ .dest }}; then
|
||||||
mkdir -p $(dirname /host{{ .dest }})
|
mkdir -p $(dirname /host{{ .dest }})
|
||||||
cp {{ .source }} /host{{ .dest }}
|
cp {{ .source }} /host{{ .dest }}
|
||||||
|
chmod go-rwx /host{{ .dest }}
|
||||||
fi
|
fi
|
||||||
{{- end }}
|
{{- end }}
|
||||||
}
|
}
|
||||||
|
|
@ -104,6 +105,7 @@ install_config() {
|
||||||
else
|
else
|
||||||
echo HAProxy config file unchanged.
|
echo HAProxy config file unchanged.
|
||||||
fi
|
fi
|
||||||
|
chmod -R go-rwx $(dirname "$HAPROXY_CONF")
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,7 @@ compare_copy_files() {
|
||||||
if [ ! -e /host{{ .dest }} ] || ! cmp -s {{ .source }} /host{{ .dest }}; then
|
if [ ! -e /host{{ .dest }} ] || ! cmp -s {{ .source }} /host{{ .dest }}; then
|
||||||
mkdir -p $(dirname /host{{ .dest }})
|
mkdir -p $(dirname /host{{ .dest }})
|
||||||
cp {{ .source }} /host{{ .dest }}
|
cp {{ .source }} /host{{ .dest }}
|
||||||
|
chmod go-rwx /host{{ .dest }}
|
||||||
fi
|
fi
|
||||||
{{- end }}
|
{{- end }}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,7 @@ echo "{{ encrypted_tarball | b64enc }}" | base64 -d | {{ decrypt_command }} | ta
|
||||||
set -x
|
set -x
|
||||||
|
|
||||||
for DIR in "${CURATED_DIRS[@]}"; do
|
for DIR in "${CURATED_DIRS[@]}"; do
|
||||||
chmod go-rwx "${DIR}"
|
chmod -R go-rwx "${DIR}"
|
||||||
done
|
done
|
||||||
|
|
||||||
# Adding apt repositories
|
# Adding apt repositories
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue