chown --reference="$WORKSPACE" "$WORKSPACE/packages/$TARGET"
fi
+# Required due to CVE-2022-24765
+git config --global --add safe.directory /arvados
+
# Perl packages
debug_echo -e "\nPerl packages\n"
--- /dev/null
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+[Unit]
+Description=Arvados Keep Proxy
+Documentation=https://doc.arvados.org/
+After=network.target
+AssertPathExists=/etc/arvados/config.yml
+
+# systemd>=230 (debian:9) obeys StartLimitIntervalSec in the [Unit] section
+StartLimitIntervalSec=0
+
+[Service]
+Type=notify
+EnvironmentFile=-/etc/arvados/environment
+ExecStart=/usr/bin/keepproxy
+# Set a reasonable default for the open file limit
+LimitNOFILE=65536
+Restart=always
+RestartSec=1
+
+# systemd<=219 (centos:7, debian:8, ubuntu:trusty) obeys StartLimitInterval in the [Service] section
+StartLimitInterval=0
+
+[Install]
+WantedBy=multi-user.target
fi
grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
else
- # Use custom certs, as both bring-your-own and self-signed are copied using this state
- # Copy certs to formula extra/files
- # In dev mode, the files will be created and put in the destination directory by the
- # snakeoil_certs.sls state file
mkdir -p /srv/salt/certs
- cp -rv ${CUSTOM_CERTS_DIR}/* /srv/salt/certs/
- # We add the custom_certs state
- grep -q "custom_certs" ${S_DIR}/top.sls || echo " - extra.custom_certs" >> ${S_DIR}/top.sls
+ if [ "${SSL_MODE}" = "bring-your-own" ]; then
+ # Copy certs to formula extra/files
+ cp -rv ${CUSTOM_CERTS_DIR}/* /srv/salt/certs/
+ # We add the custom_certs state
+ grep -q "custom_certs" ${S_DIR}/top.sls || echo " - extra.custom_certs" >> ${S_DIR}/top.sls
+ fi
+ # In self-signed mode, the certificate files will be created and put in the
+ # destination directory by the snakeoil_certs.sls state file
fi
echo " - postgres" >> ${S_DIR}/top.sls