[rpms/rust-siguldry] f44: Mark the config directory world-readable

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/rust-siguldry] f44: Mark the config directory world-readable
@ 2026-06-01 18:42 Jeremy Cline
  0 siblings, 0 replies; only message in thread
From: Jeremy Cline @ 2026-06-01 18:42 UTC (permalink / raw)
  To: git-commits

            A new commit has been pushed.

            Repo   : rpms/rust-siguldry
            Branch : f44
            Commit : df78708199dc8f3f0d806bf96f4130861984f626
            Author : Jeremy Cline <jeremycline@microsoft.com>
            Date   : 2026-05-20T07:24:21-04:00
            Stats  : +8/-8 in 2 file(s)
            URL    : https://src.fedoraproject.org/rpms/rust-siguldry/c/df78708199dc8f3f0d806bf96f4130861984f626?branch=f44

            Log:
            Mark the config directory world-readable

There's nothing secret in any of the configuration files; all secrets
are encrypted with systemd-creds. The bridge service, in particular,
runs as a dynamic user and needs to be able to read its config.
Additionally, the systemd units (implicitly) have systemd configure the
config directory as 0755, so this also fixes the systemd warning on
startup.

---
diff --git a/rust-siguldry.spec b/rust-siguldry.spec
index e919f1c..1dd01f1 100644
--- a/rust-siguldry.spec
+++ b/rust-siguldry.spec
@@ -170,10 +170,10 @@ use the "sigul-client" feature of the "%{crate}" crate.
 
 %install
 %cargo_install
-install -d -p -m 0750 %{buildroot}%{_sysconfdir}/siguldry
-install -D -p -m 0640 server.toml.example %{buildroot}%{_sysconfdir}/siguldry/server.toml
-install -D -p -m 0640 bridge.toml.example %{buildroot}%{_sysconfdir}/siguldry/bridge.toml
-install -D -p -m 0640 client.toml.example %{buildroot}%{_sysconfdir}/siguldry/client.toml
+install -d -p -m 0755 %{buildroot}%{_sysconfdir}/siguldry
+install -D -p -m 0644 server.toml.example %{buildroot}%{_sysconfdir}/siguldry/server.toml
+install -D -p -m 0644 bridge.toml.example %{buildroot}%{_sysconfdir}/siguldry/bridge.toml
+install -D -p -m 0644 client.toml.example %{buildroot}%{_sysconfdir}/siguldry/client.toml
 install -D -p -m 0644 %{SOURCE2} %{buildroot}%{_sysusersdir}/siguldry.conf
 
 ## Server-related files ##

diff --git a/rust2rpm.toml b/rust2rpm.toml
index 9b31faa..c59fffa 100644
--- a/rust2rpm.toml
+++ b/rust2rpm.toml
@@ -37,10 +37,10 @@ file = "siguldry-sysuser.conf"
 
 [scripts.install]
 post = [
-	"install -d -p -m 0750 %{buildroot}%{_sysconfdir}/siguldry",
-	"install -D -p -m 0640 server.toml.example %{buildroot}%{_sysconfdir}/siguldry/server.toml",
-	"install -D -p -m 0640 bridge.toml.example %{buildroot}%{_sysconfdir}/siguldry/bridge.toml",
-	"install -D -p -m 0640 client.toml.example %{buildroot}%{_sysconfdir}/siguldry/client.toml",
+	"install -d -p -m 0755 %{buildroot}%{_sysconfdir}/siguldry",
+	"install -D -p -m 0644 server.toml.example %{buildroot}%{_sysconfdir}/siguldry/server.toml",
+	"install -D -p -m 0644 bridge.toml.example %{buildroot}%{_sysconfdir}/siguldry/bridge.toml",
+	"install -D -p -m 0644 client.toml.example %{buildroot}%{_sysconfdir}/siguldry/client.toml",
 	"install -D -p -m 0644 %{SOURCE2} %{buildroot}%{_sysusersdir}/siguldry.conf",
 	"",
 	"## Server-related files ##",

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-01 18:42 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-01 18:42 [rpms/rust-siguldry] f44: Mark the config directory world-readable Jeremy Cline

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox