# and then clone a regular repository (with a checkout)
# from that.
- ssh $DEPLOY_USER@$NODE git init --bare ${GITTARGET}.git
- ssh $DEPLOY_USER@$NODE chmod 700 ${GITTARGET}.git
+ ssh $DEPLOY_USER@$NODE git init --bare --shared=0600 ${GITTARGET}.git
if ! git remote add $NODE $DEPLOY_USER@$NODE:${GITTARGET}.git ; then
git remote set-url $NODE $DEPLOY_USER@$NODE:${GITTARGET}.git
fi
git push $NODE $BRANCH
- ssh $DEPLOY_USER@$NODE git clone ${GITTARGET}.git ${GITTARGET}
- ssh $DEPLOY_USER@$NODE chmod 700 ${GITTARGET}
+ ssh $DEPLOY_USER@$NODE "umask 0077 && git clone ${GITTARGET}.git ${GITTARGET}"
fi
# The update case.
fi
echo "Initializing $SETUPDIR"
- git init $SETUPDIR
- chmod 700 $SETUPDIR
+ git init --shared=0600 $SETUPDIR
cp -r *.sh tests $SETUPDIR
cp local.params.example.$PARAMS $SETUPDIR/${CONFIG_FILE}
cert_dir=${1}
cert_name=${2}
- mkdir -p /srv/salt/certs
- chmod 700 /srv/salt/certs
+ mkdir -p --mode=0700 /srv/salt/certs
if [ -f ${cert_dir}/${cert_name}.crt ]; then
- cp -v ${cert_dir}/${cert_name}.crt /srv/salt/certs/arvados-${cert_name}.pem
- chmod 600 /srv/salt/certs/arvados-${cert_name}.pem
+ install --mode=0600 ${cert_dir}/${cert_name}.crt /srv/salt/certs/arvados-${cert_name}.pem
else
echo "${cert_dir}/${cert_name}.crt does not exist. Exiting"
exit 1
fi
if [ -f ${cert_dir}/${cert_name}.key ]; then
- cp -v ${cert_dir}/${cert_name}.key /srv/salt/certs/arvados-${cert_name}.key
- chmod 600 /srv/salt/certs/arvados-${cert_name}.key
+ install --mode=0600 ${cert_dir}/${cert_name}.key /srv/salt/certs/arvados-${cert_name}.key
else
echo "${cert_dir}/${cert_name}.key does not exist. Exiting"
exit 1
fi
grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
else
- mkdir -p /srv/salt/certs
- chmod 700 /srv/salt/certs
+ mkdir -p --mode=0700 /srv/salt/certs
if [ "${SSL_MODE}" = "bring-your-own" ]; then
# Copy certs to formula extra/files
- cp -rv ${CUSTOM_CERTS_DIR}/* /srv/salt/certs/
- chmod 600 /srv/salt/certs/*
+ install --mode=0600 ${CUSTOM_CERTS_DIR}/* /srv/salt/certs/
# We add the custom_certs state
grep -q "custom_certs" ${S_DIR}/top.sls || echo " - extra.custom_certs" >> ${S_DIR}/top.sls
if [ "${SSL_KEY_ENCRYPTED}" = "yes" ]; then