e7edb95142
Upstream Changelog: https://git.pleroma.social/pleroma/pleroma/-/releases/v2.7.0 Nixpkgs package changelog: - build with elixir 1.17. - update dependencies hashes. - remove prometheus_phoenix as it's apparently unused. - fix git deps. - update OTP permission restriction patch. - modify test to work (adapt from akkoma test). Co-authored-by: Leona Maroni <dev@leona.is>
42 lines
1.5 KiB
Diff
42 lines
1.5 KiB
Diff
From 29af78b112f7956ac1211fbfec2eadbf4caca40f Mon Sep 17 00:00:00 2001
|
|
From: Yaya <yaya@uwu.is>
|
|
Date: Sun, 6 Aug 2023 00:02:40 +0000
|
|
Subject: [PATCH] Revert "Config: Restrict permissions of OTP config file"
|
|
|
|
This reverts commit 4befb3b1d02f32eb2c56f12e4684a7bb3167b0ee
|
|
and 3b82864bccee1af625dd19faed511d5b76f66f9d.
|
|
|
|
The Nix store is world readable by design.
|
|
---
|
|
lib/pleroma/config/release_runtime_provider.ex | 14 --------------
|
|
1 file changed, 14 deletions(-)
|
|
|
|
diff --git a/lib/pleroma/config/release_runtime_provider.ex b/lib/pleroma/config/release_runtime_provider.ex
|
|
index 9ec0f975e..91e5f1a54 100644
|
|
--- a/lib/pleroma/config/release_runtime_provider.ex
|
|
+++ b/lib/pleroma/config/release_runtime_provider.ex
|
|
@@ -20,20 +20,6 @@ def load(config, opts) do
|
|
|
|
with_runtime_config =
|
|
if File.exists?(config_path) do
|
|
- # <https://git.pleroma.social/pleroma/pleroma/-/issues/3135>
|
|
- %File.Stat{mode: mode} = File.stat!(config_path)
|
|
-
|
|
- if Bitwise.band(mode, 0o007) > 0 do
|
|
- raise "Configuration at #{config_path} has world-permissions, execute the following: chmod o= #{config_path}"
|
|
- end
|
|
-
|
|
- if Bitwise.band(mode, 0o020) > 0 do
|
|
- raise "Configuration at #{config_path} has group-wise write permissions, execute the following: chmod g-w #{config_path}"
|
|
- end
|
|
-
|
|
- # Note: Elixir doesn't provides a getuid(2)
|
|
- # so cannot forbid group-read only when config is owned by us
|
|
-
|
|
runtime_config = Config.Reader.read!(config_path)
|
|
|
|
with_defaults
|
|
--
|
|
2.40.1
|
|
|