summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorValery Sizov <valery@gitlab.com>2015-07-15 15:12:53 +0000
committerValery Sizov <valery@gitlab.com>2015-07-15 15:12:53 +0000
commit288f8269b5660407bdec13a280523eb2adf04a15 (patch)
tree7d4ced1a24e7c993aa9b5b168ea9cec6eb2567a6
parent67bf18b1533ea7651bb267d482b607c133ed163d (diff)
parent0def90b9ca498cbf7c170ad6187f64bc164767e0 (diff)
downloadgitlab-ci-288f8269b5660407bdec13a280523eb2adf04a15.tar.gz
Merge branch 'secrets-perm' into '7-13-stable'
Create config/secrets.yml with 0600 See merge request !200
Diffstat
-rw-r--r--config/initializers/secret_token.rb2
-rw-r--r--doc/install/installation.md4
-rw-r--r--doc/update/7.12-to-7.13.md1
3 files changed, 3 insertions, 4 deletions
diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
index 7ebae44..32883cf 100644
--- a/config/initializers/secret_token.rb
+++ b/config/initializers/secret_token.rb
@@ -36,7 +36,7 @@ if GitlabCi::Application.secrets.secret_key_base.blank? || GitlabCi::Application
all_secrets[Rails.env] = env_secrets
# save secrets
- File.open('config/secrets.yml', 'w') do |file|
+ File.open('config/secrets.yml', 'w', 0600) do |file|
file.write(YAML.dump(all_secrets))
end
diff --git a/doc/install/installation.md b/doc/install/installation.md
index 9f476b6..8cbc858 100644
--- a/doc/install/installation.md
+++ b/doc/install/installation.md
@@ -121,6 +121,7 @@ We recommend PostgreSQL but you can also use MySQL
# Copy the example secrets file
sudo -u gitlab_ci -H cp config/secrets.yml.example config/secrets.yml
+ sudo -u gitlab_ci -H chmod 0600 config/secrets.yml
# Edit web server settings
sudo -u gitlab_ci -H cp config/unicorn.rb.example config/unicorn.rb
@@ -135,9 +136,6 @@ We recommend PostgreSQL but you can also use MySQL
# Change the permissions of the directory where build traces are stored
sudo chmod -R u+rwX builds/
- # Make sure GitLab CI can write to the builds/ directory
- sudo chmod -R u+rwX builds
-
### Install gems
# For MySQL (note, the option says "without ... postgres")
diff --git a/doc/update/7.12-to-7.13.md b/doc/update/7.12-to-7.13.md
index 7fc85f6..2877c29 100644
--- a/doc/update/7.12-to-7.13.md
+++ b/doc/update/7.12-to-7.13.md
@@ -37,6 +37,7 @@ otherwise your secrets are exposed if one of your backups is compromised.
```
sudo -u gitlab_ci -H cp config/secrets.yml.example config/secrets.yml
+sudo -u gitlab_ci -H chmod 0600 config/secrets.yml
```
### 5. Install libs, migrations etc
View Lorry Controller Status