Skip to content

Commit

Permalink
feat(PACKAGING): secure virtualenv permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
@niall-byrne
niall-byrne committed Mar 4, 2024
1 parent 87f8289 commit b19b867
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 4 deletions.
1 change: 1 addition & 0 deletions .vale/Vocab/pi_portal/accept.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ uid
umask
url
uuid
virtualenv
wip
workflows
xmlrpc
1 change: 1 addition & 0 deletions markdown/INSTALLATION.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,7 @@ Steps:
source /opt/venvs/pi_portal/bin/activate
pip install ./pi_portal-x.x.x-py3-none-any.whl
chown -R pi_portal:pi_portal /opt/venvs/pi_portal
chmod -R o=- /opt/venvs/pi_portal
```

- You can customize the location by setting an [environment variable](../pi_portal/config.py).
Expand Down
11 changes: 7 additions & 4 deletions packaging/debian/assets/debian/postinst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,13 @@ gpio_access() {
}

permissions() {
chown -R "${PACKAGE_USER}":"${PACKAGE_USER}" \
/opt/venvs/pi_portal \
/usr/bin/portal \
/var/lib/motion
local FILEPATH

FILEPATH_LIST=("/opt/venvs/pi_portal" "/usr/bin/portal" "/var/lib/motion")

for FILEPATH in "${FILEPATH_LIST[@]}"; do
chown -R "${PACKAGE_USER}":"${PACKAGE_USER}" "${FILEPATH}"
done
}

users() {
Expand Down
2 changes: 2 additions & 0 deletions packaging/debian/assets/debian/rules
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@ override_dh_fixperms:
find debian/$(PACKAGE)${PI_PORTAL_INSTALL_LOCATION} \
-type d \
-exec chmod 750 {} \;
chmod -R o=- \
debian/$(PACKAGE)${PI_PORTAL_INSTALL_LOCATION}
chmod 750 \
debian/$(PACKAGE)/usr/bin/filebeat \
debian/$(PACKAGE)/usr/bin/portal
Expand Down

0 comments on commit b19b867

Please sign in to comment.