public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Jeremy Cline <jeremycline@microsoft.com>
To: git-commits@fedoraproject.org
Subject: [rpms/rust-siguldry] f44: Mark the config directory world-readable
Date: Mon, 01 Jun 2026 18:42:13 GMT [thread overview]
Message-ID: <178033933347.1.11793360379376317923.rpms-rust-siguldry-df78708199dc@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/rust-siguldry
Branch : f44
Commit : df78708199dc8f3f0d806bf96f4130861984f626
Author : Jeremy Cline <jeremycline@microsoft.com>
Date : 2026-05-20T07:24:21-04:00
Stats : +8/-8 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/rust-siguldry/c/df78708199dc8f3f0d806bf96f4130861984f626?branch=f44
Log:
Mark the config directory world-readable
There's nothing secret in any of the configuration files; all secrets
are encrypted with systemd-creds. The bridge service, in particular,
runs as a dynamic user and needs to be able to read its config.
Additionally, the systemd units (implicitly) have systemd configure the
config directory as 0755, so this also fixes the systemd warning on
startup.
---
diff --git a/rust-siguldry.spec b/rust-siguldry.spec
index e919f1c..1dd01f1 100644
--- a/rust-siguldry.spec
+++ b/rust-siguldry.spec
@@ -170,10 +170,10 @@ use the "sigul-client" feature of the "%{crate}" crate.
%install
%cargo_install
-install -d -p -m 0750 %{buildroot}%{_sysconfdir}/siguldry
-install -D -p -m 0640 server.toml.example %{buildroot}%{_sysconfdir}/siguldry/server.toml
-install -D -p -m 0640 bridge.toml.example %{buildroot}%{_sysconfdir}/siguldry/bridge.toml
-install -D -p -m 0640 client.toml.example %{buildroot}%{_sysconfdir}/siguldry/client.toml
+install -d -p -m 0755 %{buildroot}%{_sysconfdir}/siguldry
+install -D -p -m 0644 server.toml.example %{buildroot}%{_sysconfdir}/siguldry/server.toml
+install -D -p -m 0644 bridge.toml.example %{buildroot}%{_sysconfdir}/siguldry/bridge.toml
+install -D -p -m 0644 client.toml.example %{buildroot}%{_sysconfdir}/siguldry/client.toml
install -D -p -m 0644 %{SOURCE2} %{buildroot}%{_sysusersdir}/siguldry.conf
## Server-related files ##
diff --git a/rust2rpm.toml b/rust2rpm.toml
index 9b31faa..c59fffa 100644
--- a/rust2rpm.toml
+++ b/rust2rpm.toml
@@ -37,10 +37,10 @@ file = "siguldry-sysuser.conf"
[scripts.install]
post = [
- "install -d -p -m 0750 %{buildroot}%{_sysconfdir}/siguldry",
- "install -D -p -m 0640 server.toml.example %{buildroot}%{_sysconfdir}/siguldry/server.toml",
- "install -D -p -m 0640 bridge.toml.example %{buildroot}%{_sysconfdir}/siguldry/bridge.toml",
- "install -D -p -m 0640 client.toml.example %{buildroot}%{_sysconfdir}/siguldry/client.toml",
+ "install -d -p -m 0755 %{buildroot}%{_sysconfdir}/siguldry",
+ "install -D -p -m 0644 server.toml.example %{buildroot}%{_sysconfdir}/siguldry/server.toml",
+ "install -D -p -m 0644 bridge.toml.example %{buildroot}%{_sysconfdir}/siguldry/bridge.toml",
+ "install -D -p -m 0644 client.toml.example %{buildroot}%{_sysconfdir}/siguldry/client.toml",
"install -D -p -m 0644 %{SOURCE2} %{buildroot}%{_sysusersdir}/siguldry.conf",
"",
"## Server-related files ##",
reply other threads:[~2026-06-01 18:42 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178033933347.1.11793360379376317923.rpms-rust-siguldry-df78708199dc@fedoraproject.org \
--to=jeremycline@microsoft.com \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox