Loading pkgs/servers/pleroma/Revert-Config-Restrict-permissions-of-OTP-config.patch 0 → 100644 +40 −0 Original line number Diff line number Diff line From 29af78b112f7956ac1211fbfec2eadbf4caca40f Mon Sep 17 00:00:00 2001 From: Yaya <yaya@uwu.is> Date: Sun, 6 Aug 2023 00:02:40 +0000 Subject: [PATCH] Revert "Config: Restrict permissions of OTP config file" This reverts commit 4befb3b1d02f32eb2c56f12e4684a7bb3167b0ee. The Nix store is world readable by design. --- lib/pleroma/config/release_runtime_provider.ex | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/lib/pleroma/config/release_runtime_provider.ex b/lib/pleroma/config/release_runtime_provider.ex index 9ec0f975e..91e5f1a54 100644 --- a/lib/pleroma/config/release_runtime_provider.ex +++ b/lib/pleroma/config/release_runtime_provider.ex @@ -20,20 +20,6 @@ def load(config, opts) do with_runtime_config = if File.exists?(config_path) do - # <https://git.pleroma.social/pleroma/pleroma/-/issues/3135> - %File.Stat{mode: mode} = File.lstat!(config_path) - - if Bitwise.band(mode, 0o007) > 0 do - raise "Configuration at #{config_path} has world-permissions, execute the following: chmod o= #{config_path}" - end - - if Bitwise.band(mode, 0o020) > 0 do - raise "Configuration at #{config_path} has group-wise write permissions, execute the following: chmod g-w #{config_path}" - end - - # Note: Elixir doesn't provides a getuid(2) - # so cannot forbid group-read only when config is owned by us - runtime_config = Config.Reader.read!(config_path) with_defaults -- 2.40.1 pkgs/servers/pleroma/default.nix +6 −2 Original line number Diff line number Diff line Loading @@ -7,16 +7,20 @@ beamPackages.mixRelease rec { pname = "pleroma"; version = "2.5.2"; version = "2.5.4"; src = fetchFromGitLab { domain = "git.pleroma.social"; owner = "pleroma"; repo = "pleroma"; rev = "v${version}"; sha256 = "sha256-5qxop/hJj1hIsEcK6vJnI2RnAcLf3tO43B0e0FcNZcA="; sha256 = "sha256-V/q6qpQkdrtMLzihV/0d3B+QUWwG4cYy8c2jNd5npww="; }; patches = [ ./Revert-Config-Restrict-permissions-of-OTP-config.patch ]; mixNixDeps = import ./mix.nix { inherit beamPackages lib; overrides = final: prev: { Loading Loading
pkgs/servers/pleroma/Revert-Config-Restrict-permissions-of-OTP-config.patch 0 → 100644 +40 −0 Original line number Diff line number Diff line From 29af78b112f7956ac1211fbfec2eadbf4caca40f Mon Sep 17 00:00:00 2001 From: Yaya <yaya@uwu.is> Date: Sun, 6 Aug 2023 00:02:40 +0000 Subject: [PATCH] Revert "Config: Restrict permissions of OTP config file" This reverts commit 4befb3b1d02f32eb2c56f12e4684a7bb3167b0ee. The Nix store is world readable by design. --- lib/pleroma/config/release_runtime_provider.ex | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/lib/pleroma/config/release_runtime_provider.ex b/lib/pleroma/config/release_runtime_provider.ex index 9ec0f975e..91e5f1a54 100644 --- a/lib/pleroma/config/release_runtime_provider.ex +++ b/lib/pleroma/config/release_runtime_provider.ex @@ -20,20 +20,6 @@ def load(config, opts) do with_runtime_config = if File.exists?(config_path) do - # <https://git.pleroma.social/pleroma/pleroma/-/issues/3135> - %File.Stat{mode: mode} = File.lstat!(config_path) - - if Bitwise.band(mode, 0o007) > 0 do - raise "Configuration at #{config_path} has world-permissions, execute the following: chmod o= #{config_path}" - end - - if Bitwise.band(mode, 0o020) > 0 do - raise "Configuration at #{config_path} has group-wise write permissions, execute the following: chmod g-w #{config_path}" - end - - # Note: Elixir doesn't provides a getuid(2) - # so cannot forbid group-read only when config is owned by us - runtime_config = Config.Reader.read!(config_path) with_defaults -- 2.40.1
pkgs/servers/pleroma/default.nix +6 −2 Original line number Diff line number Diff line Loading @@ -7,16 +7,20 @@ beamPackages.mixRelease rec { pname = "pleroma"; version = "2.5.2"; version = "2.5.4"; src = fetchFromGitLab { domain = "git.pleroma.social"; owner = "pleroma"; repo = "pleroma"; rev = "v${version}"; sha256 = "sha256-5qxop/hJj1hIsEcK6vJnI2RnAcLf3tO43B0e0FcNZcA="; sha256 = "sha256-V/q6qpQkdrtMLzihV/0d3B+QUWwG4cYy8c2jNd5npww="; }; patches = [ ./Revert-Config-Restrict-permissions-of-OTP-config.patch ]; mixNixDeps = import ./mix.nix { inherit beamPackages lib; overrides = final: prev: { Loading
