Mirrors/go-chasquid-smtp
1
0
Fork 0
mirror of https://blitiri.com.ar/repos/chasquid synced 2025-12-17 14:37:02 +00:00
Code Releases Activity

docker: Only do setfacl if we issued the certificates

Browse Source 
Today, we do setfacl unconditionally; this can be a problem for
user-provided certificates because they may be located somewhere else.

This patch fixes the problem by only doing setfacl after renewing the
certificates.

Externally provided certificates will be untouched, and the user is
responsible for ensuring that chasquid can read them.

Thanks to Alex Ellwein (aellwein@github) for reporting this in
https://github.com/albertito/chasquid/issues/29!
This commit is contained in:
Alberto Bertogli
2022-08-23 23:48:35 +01:00
parent b779941f90
commit 567ad35122
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docker/entrypoint.sh
View File

@@ -46,6 +46,10 @@ if [ "$AUTO_CERTS" != "" ]; then
# Note this requires you to restart every week or so, to make sure # Note this requires you to restart every week or so, to make sure
# your certificate does not expire. # your certificate does not expire.
certbot renew certbot renew
# Give chasquid access to the certificates.
# Dovecot does not need this as it reads them as root.
setfacl -R -m u:chasquid:rX /etc/letsencrypt/{live,archive}
fi fi
CERT_DOMAINS="" CERT_DOMAINS=""
@@ -66,10 +70,6 @@ if [ "$CERT_DOMAINS" == "" ]; then
exit 1 exit 1
fi fi
# Give chasquid access to the certificates.
# Dovecot does not need this as it reads them as root.
setfacl -R -m u:chasquid:rX /etc/letsencrypt/{live,archive}
# Give chasquid access to the data directory. # Give chasquid access to the data directory.
mkdir -p /data/chasquid/data mkdir -p /data/chasquid/data
chown -R chasquid /data/chasquid/ chown -R chasquid /data/chasquid/