From 2112d1ea67ded94a9282d328fda98b08580c10aa Mon Sep 17 00:00:00 2001
From: Keenan Brock <keenan@thebrocks.net>
Date: Wed, 28 Jul 2021 18:07:29 -0400
Subject: [PATCH] add prod dirs

These directories are created in the core repo
The rpm is making them writeable by user manageiq so the app
will run fine as a non-root user

add prod dirs

These directories are created in the core repo (via .gitkeep)
no need to create them here.

The rpm is making them writeable by user manageiq so the app
will run fine as a non-root user

No longer locking down the files that are in these directories because
the directories are not accessible by other, therefore files are not either.
---
 rpm_spec/manageiq.spec.in          | 6 ++----
 rpm_spec/subpackages/manageiq-core | 4 +---
 rpm_spec/subpackages/manageiq-ui   | 6 +++++-
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/rpm_spec/manageiq.spec.in b/rpm_spec/manageiq.spec.in
index 55a52831..ebe9d9ad 100644
--- a/rpm_spec/manageiq.spec.in
+++ b/rpm_spec/manageiq.spec.in
@@ -69,11 +69,9 @@ cd %{_builddir}
 %{__mkdir} -p %{buildroot}/etc/httpd/conf.d
 %{__mkdir} -p %{buildroot}%{app_root}/log/apache
 %{__mkdir} -p %{buildroot}%{app_root}/tmp/{,sockets,pids}
-%{__mkdir} -p %{buildroot}%{app_root}/{certs,config}
-%{__mkdir} -p %{buildroot}%{app_root}/public/pictures
-%{__chmod} 4750 %{buildroot}%{app_root}/{log,config,certs}
+%{__chmod} 6750 %{buildroot}%{app_root}/{log,config,certs}
+%{__chmod} 6750 %{buildroot}%{app_root}/data/git_repos
 %{__chmod} 700 %{buildroot}%{app_root}/tmp/{,pids,sockets}
-%{__chmod} 755 %{buildroot}%{app_root}/public/pictures
 
 ### from gemset
 %{__mkdir} -p %{buildroot}%{gemset_root}
diff --git a/rpm_spec/subpackages/manageiq-core b/rpm_spec/subpackages/manageiq-core
index 25653f88..2bf7534b 100644
--- a/rpm_spec/subpackages/manageiq-core
+++ b/rpm_spec/subpackages/manageiq-core
@@ -41,9 +41,6 @@ done
 #  so root and manageiq users can read them.
 %{__chown} manageiq.manageiq %{app_root}/certs/v2_key %{app_root}/log/*.log
 %{__chown} manageiq.manageiq %{app_root}/tmp/pids/*.pid %{app_root}/config/*.yml
-%{__chmod} o-rw %{app_root}/certs/v2_key
-%{__chmod} o-rw %{app_root}/config/*.yml %{app_root}/tmp/pids/*.pid
-%{__chmod} o-rw %{app_root}/log/*.log
 
 %files core
 %defattr(-,root,root,-)
@@ -53,6 +50,7 @@ done
 %attr(-,manageiq,manageiq) %{app_root}/config
 %attr(-,manageiq,manageiq) %{app_root}/log
 %attr(-,manageiq,manageiq) %{app_root}/tmp
+%attr(-,manageiq,manageiq) %{app_root}/data/git_repos
 %exclude %{app_root}/public/pictures
 %exclude %{app_root}/public/assets
 %exclude %{app_root}/public/packs
diff --git a/rpm_spec/subpackages/manageiq-ui b/rpm_spec/subpackages/manageiq-ui
index c99014b5..11124410 100644
--- a/rpm_spec/subpackages/manageiq-ui
+++ b/rpm_spec/subpackages/manageiq-ui
@@ -7,10 +7,14 @@ Requires: mod_ssl
 %description ui
 %{product_summary} UI
 
+%post ui
+%{__chown} manageiq.manageiq %{app_root}/data/git_repos/*
+%{__chown} manageiq.manageiq %{app_root}/public/{pictures,upload}/*
+
 %files ui
 %defattr(-,root,root,-)
 %attr(-,manageiq,manageiq) %{app_root}/public/pictures
-%{app_root}/public/pictures
+%attr(-,manageiq,manageiq) %{app_root}/public/upload
 %{app_root}/public/assets
 %{app_root}/public/packs
 %{app_root}/public/ui