1. 03 Apr, 2019 2 commits
  2. 02 Apr, 2019 1 commit
  3. 01 Apr, 2019 6 commits
  4. 27 Mar, 2019 3 commits
  5. 26 Mar, 2019 2 commits
    • Andrew Lee (李健秋)'s avatar
      Update correct group permission for rb_sysopen · b62403bf
      Andrew Lee (李健秋) authored
      The rb_sysopen runs as www-data that needs to access to production.log,
      backend_access.log and database.yml.
      
      Revert the group owner to www-data to avoid following errors:
      
       Rails Error: Unable to access log file. Please ensure that
       /usr/share/obs/api/log/production.log exists and is writable (ie, make
       it writable for user and group: chmod 0664
       /usr/share/obs/api/log/production.log). The log level has been raised
       to WARN and the output directed to STDERR until the problem is fixed.
       rake aborted!
       Errno::EACCES: Cannot load `Rails.application.database_configuration`:
       Permission denied @ rb_sysopen - /usr/share/obs/api/config/database.yml
       /usr/share/obs/api/config/environment.rb:30:in `<top (required)>'
       Errno::EACCES: Permission denied @ rb_sysopen -
       /usr/share/obs/api/config/database.yml
       /usr/share/obs/api/config/environment.rb:30:in `<top (required)>'
       Tasks: TOP => environment
       (See full trace by running task with --trace)
       Errno::EACCES: Permission denied @ rb_sysopen -
       /usr/share/obs/api/log/backend_access.log
       /usr/share/obs/api/lib/opensuse/backend.rb:14:in `new'
       /usr/share/obs/api/lib/opensuse/backend.rb:14:in `<class:Backend>'
       /usr/share/obs/api/lib/opensuse/backend.rb:6:in `<module:Suse>'
       /usr/share/obs/api/lib/opensuse/backend.rb:5:in `<top (required)>'
       /usr/share/obs/api/app/models/project.rb:1:in `<top (required)>'
       /usr/share/obs/api/app/indices/project_index.rb:2:in `block in <top
       (required)>'
       Tasks: TOP => ts:index
       (See full trace by running task with --trace)
      Signed-off-by: default avatarAndrew Lee (李健秋) <ajqlee@debian.org>
      b62403bf
    • Andrew Lee (李健秋)'s avatar
      Make passenger rubyapp runs as obsapi user. · b40ef240
      Andrew Lee (李健秋) authored
      Passenger's default user is nobody:
       https://www.phusionpassenger.com/library/config/nginx/reference/#passenger_default_user
      
      So that we got Passenger and the RubyApp runs as nobody. However,
      according to Debian's SystemGroup usage:
        https://wiki.debian.org/SystemGroups
      
      nogroup (user: nobody): Daemons that need not own any files run as user
      nobody and group nogroup. Thus, no files on a system should be owned by
      this user or group.
      
      So that we should create a new user call 'obapi' and force passenger app
      to run as obs-api instead.
      
      And config files should be readable by that obsapi user but usually not
      writable.
      Signed-off-by: default avatarAndrew Lee (李健秋) <ajqlee@debian.org>
      Signed-off-by: Héctor Orón Martínez's avatarHéctor Orón Martínez <hector.oron@collabora.com>
      b40ef240
  6. 25 Mar, 2019 3 commits
  7. 22 Mar, 2019 11 commits
  8. 21 Mar, 2019 1 commit
  9. 20 Mar, 2019 2 commits
  10. 19 Sep, 2018 4 commits
  11. 14 Sep, 2018 1 commit
  12. 12 Sep, 2018 4 commits