samply
/
bridgehead
mirror of https://github.com/samply/bridgehead.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: Correctly set file permissions

This commit is contained in:
janskiba 2024-01-31 14:23:14 +00:00 committed by juarez
parent b7d5c97c90
commit f65c019065
3 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ccp/modules/datashield-setup.sh
View File

@ -12,9 +12,7 @@ if [ "$ENABLE_DATASHIELD" == true ]; then
TOKEN_MANAGER_SECRET="$(echo \"Token Manager\" | generate_simple_password)" TOKEN_MANAGER_SECRET="$(echo \"Token Manager\" | generate_simple_password)"
if [ ! -e /tmp/bridgehead/opal-cert.pem ]; then if [ ! -e /tmp/bridgehead/opal-cert.pem ]; then
mkdir -p /tmp/bridgehead/ mkdir -p /tmp/bridgehead/
chown -R bridgehead:docker /tmp/bridgehead/
openssl req -x509 -newkey rsa:4096 -nodes -keyout /tmp/bridgehead/opal-key.pem -out /tmp/bridgehead/opal-cert.pem -days 3650 -subj "/CN=opal/C=DE" openssl req -x509 -newkey rsa:4096 -nodes -keyout /tmp/bridgehead/opal-key.pem -out /tmp/bridgehead/opal-cert.pem -days 3650 -subj "/CN=opal/C=DE"
chmod g+r /tmp/bridgehead/opal-key.pem
fi fi
mkdir -p /tmp/bridgehead/opal-map mkdir -p /tmp/bridgehead/opal-map
sites="$(cat ./$PROJECT/modules/datashield-mappings.json)" sites="$(cat ./$PROJECT/modules/datashield-mappings.json)"
@ -29,6 +27,10 @@ if [ "$ENABLE_DATASHIELD" == true ]; then
"internal": "opal:8443", "internal": "opal:8443",
"allowed": input | map("datashield-connect.\(.).'"$BROKER_ID"'") "allowed": input | map("datashield-connect.\(.).'"$BROKER_ID"'")
}]' > /tmp/bridgehead/opal-map/local.json }]' > /tmp/bridgehead/opal-map/local.json
chown -R bridgehead:docker /tmp/bridgehead/* if [ "$USER" == "root" ]; then
chown -R bridgehead:docker /tmp/bridgehead
chmod g+wr /tmp/bridgehead/opal-map/*
chmod g+r /tmp/bridgehead/opal-key.pem
fi
add_private_oidc_redirect_url "/opal/*" add_private_oidc_redirect_url "/opal/*"
fi fi

1
lib/functions.sh
View File

@ -279,7 +279,6 @@ function sync_secrets() {
fi fi
mkdir -p /var/cache/bridgehead/secrets/ mkdir -p /var/cache/bridgehead/secrets/
touch /var/cache/bridgehead/secrets/oidc touch /var/cache/bridgehead/secrets/oidc
chown -R bridgehead:docker /var/cache/bridgehead/secrets
# The oidc provider will need to be switched based on the project at some point I guess # The oidc provider will need to be switched based on the project at some point I guess
docker run --rm \ docker run --rm \
-v /var/cache/bridgehead/secrets/oidc:/usr/local/cache \ -v /var/cache/bridgehead/secrets/oidc:/usr/local/cache \

4
lib/prepare-system.sh
View File

@ -88,7 +88,9 @@ elif [[ "$DEV_MODE" == "DEV" ]]; then
git clone "$url" /etc/bridgehead git clone "$url" /etc/bridgehead
fi fi
chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead mkdir -p /tmp/bridgehead /var/cache/bridgehead
chown -R bridgehead:docker /etc/bridgehead /srv/docker/bridgehead /tmp/bridgehead /var/cache/bridgehead
chmod -R g+wr /var/cache/bridgehead /tmp/bridgehead
log INFO "System preparation is completed and configuration is present." log INFO "System preparation is completed and configuration is present."