From 3df8dbdc797fa48039c5756d14b8f2243318098d Mon Sep 17 00:00:00 2001
From: Keenan Brock <keenan@thebrocks.net>
Date: Wed, 28 Jul 2021 18:07:29 -0400
Subject: [PATCH] add prod dirs

These directories are created in the core repo (via .gitkeep)
no need to create them here.

The rpm is making them writeable by user manageiq so the app
will run fine as a non-root user
---
 rpm_spec/manageiq.spec.in          | 11 ++++-------
 rpm_spec/subpackages/manageiq-core |  3 +++
 rpm_spec/subpackages/manageiq-ui   |  8 +++++++-
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/rpm_spec/manageiq.spec.in b/rpm_spec/manageiq.spec.in
index 55a52831..9e3cbda0 100644
--- a/rpm_spec/manageiq.spec.in
+++ b/rpm_spec/manageiq.spec.in
@@ -62,18 +62,15 @@ cd %{_builddir}
 ### from core
 %{__mkdir} -p %{buildroot}%{app_root}
 %{__cp} -a %{core_builddir}/* %{buildroot}%{app_root}
+%{__mkdir} -p %{buildroot}%{app_root}/log/apache
+%{__mkdir} -p %{buildroot}%{app_root}/tmp/{,sockets,pids}
+%{__chmod} 6750 %{buildroot}%{app_root}/{log,config,certs,data,data/git_repos}
+%{__chmod} 700 %{buildroot}%{app_root}/tmp/{,pids,sockets}
 
 ### from appliance
 %{__mkdir} -p %{buildroot}%{appliance_root}
 %{__cp} -a %{appliance_builddir}/* %{buildroot}%{appliance_root}
 %{__mkdir} -p %{buildroot}/etc/httpd/conf.d
-%{__mkdir} -p %{buildroot}%{app_root}/log/apache
-%{__mkdir} -p %{buildroot}%{app_root}/tmp/{,sockets,pids}
-%{__mkdir} -p %{buildroot}%{app_root}/{certs,config}
-%{__mkdir} -p %{buildroot}%{app_root}/public/pictures
-%{__chmod} 4750 %{buildroot}%{app_root}/{log,config,certs}
-%{__chmod} 700 %{buildroot}%{app_root}/tmp/{,pids,sockets}
-%{__chmod} 755 %{buildroot}%{app_root}/public/pictures
 
 ### from gemset
 %{__mkdir} -p %{buildroot}%{gemset_root}
diff --git a/rpm_spec/subpackages/manageiq-core b/rpm_spec/subpackages/manageiq-core
index 25653f88..aa65d4e5 100644
--- a/rpm_spec/subpackages/manageiq-core
+++ b/rpm_spec/subpackages/manageiq-core
@@ -41,6 +41,7 @@ done
 #  so root and manageiq users can read them.
 %{__chown} manageiq.manageiq %{app_root}/certs/v2_key %{app_root}/log/*.log
 %{__chown} manageiq.manageiq %{app_root}/tmp/pids/*.pid %{app_root}/config/*.yml
+%{__chown} -r manageiq.manageiq %{app_root}/data/
 %{__chmod} o-rw %{app_root}/certs/v2_key
 %{__chmod} o-rw %{app_root}/config/*.yml %{app_root}/tmp/pids/*.pid
 %{__chmod} o-rw %{app_root}/log/*.log
@@ -53,8 +54,10 @@ done
 %attr(-,manageiq,manageiq) %{app_root}/config
 %attr(-,manageiq,manageiq) %{app_root}/log
 %attr(-,manageiq,manageiq) %{app_root}/tmp
+%attr(-,manageiq,manageiq) %{app_root}/data/git_repos
 %exclude %{app_root}/public/pictures
 %exclude %{app_root}/public/assets
 %exclude %{app_root}/public/packs
 %exclude %{app_root}/public/ui
+%exclude %{app_root}/public/upload
 %exclude %{app_root}/log/apache
diff --git a/rpm_spec/subpackages/manageiq-ui b/rpm_spec/subpackages/manageiq-ui
index c99014b5..dc17ab1e 100644
--- a/rpm_spec/subpackages/manageiq-ui
+++ b/rpm_spec/subpackages/manageiq-ui
@@ -7,10 +7,16 @@ Requires: mod_ssl
 %description ui
 %{product_summary} UI
 
+%post ui
+# These files are not owned by the rpm.
+#  For upgrades, ensure they have the correct group privs
+#  so root and manageiq users can read them.
+%{__chown} manageiq.manageiq %{app_root}/public/{pictures,upload}/*
+
 %files ui
 %defattr(-,root,root,-)
 %attr(-,manageiq,manageiq) %{app_root}/public/pictures
-%{app_root}/public/pictures
+%attr(-,manageiq,manageiq) %{app_root}/public/upload
 %{app_root}/public/assets
 %{app_root}/public/packs
 %{app_root}/public/ui