From e80e610443f10ce128e5d0e9e94cff83e267f3cc Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Tue, 21 Jun 2016 17:50:37 +0900 Subject: fix permissions of ccache on upgrade from 3.0.5 --- src/Propellor/Property/Ccache.hs | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) (limited to 'src/Propellor/Property/Ccache.hs') diff --git a/src/Propellor/Property/Ccache.hs b/src/Propellor/Property/Ccache.hs index a573cf63..54d84279 100644 --- a/src/Propellor/Property/Ccache.hs +++ b/src/Propellor/Property/Ccache.hs @@ -95,17 +95,40 @@ group@(Group g) `hasCache` limit = (make `requires` installed) delete & File.dirExists path & File.ownerGroup path (User "root") group & File.mode path (combineModes $ - readModes ++ executeModes ++ - [ ownerWriteMode - , groupWriteMode - , setGroupIDMode - ]) + readModes ++ executeModes ++ + [ ownerWriteMode + , groupWriteMode + , setGroupIDMode + ]) `onChange` fixSetgidBit + -- ^ we use onChange to catch upgrades from + -- 3.0.5 where the setGroupIDMode line was not + -- present & hasLimits path limit delete = check (doesDirectoryExist path) $ cmdProperty "rm" ["-r", path] `assume` MadeChange `describe` ("ccache for " ++ g ++ " does not exist") + -- Here we deal with a bug in Propellor 3.0.5. If the ccache was + -- created with that version, it will not have the setgid bit set. That + -- means its subdirectories won't have inherited the setgid bit, and + -- then the files in those directories won't be owned by group sbuild. + -- This breaks ccache. + fixSetgidBit :: Property UnixLike + fixSetgidBit = + (cmdProperty "find" + [ path + , "-type", "d" + , "-exec", "chmod", "g+s" + , "{}", "+" + ] `assume` MadeChange) + `before` + (cmdProperty "chown" + [ "-R" + , "root:" ++ g + , path + ] `assume` MadeChange) + path = "/var/cache/ccache-" ++ g installed :: Property DebianLike -- cgit v1.2.3