diff --git a/nix/0001-allow-secrets-to-be-group-readable.patch b/nix/0001-allow-secrets-to-be-group-readable.patch deleted file mode 100644 index 8c1c726..0000000 --- a/nix/0001-allow-secrets-to-be-group-readable.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 41bd68a23e605fb97b0fccff2af00a39cfd386f3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= -Date: Sat, 14 Oct 2023 11:45:30 +0200 -Subject: [PATCH] allow secrets to be group-readable -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Systemd's LoadCredential feature makes have the following 0o440 permissions. -Services cannot modify secrets or their permission. -By relaxing the check we allow buildbot to use secrets provided by systemd. - -Signed-off-by: Jörg Thalheim ---- - master/buildbot/secrets/providers/file.py | 2 +- - master/buildbot/test/unit/test_secret_in_file.py | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/master/buildbot/secrets/providers/file.py b/master/buildbot/secrets/providers/file.py -index 11daf327a..293a9f410 100644 ---- a/buildbot/secrets/providers/file.py -+++ b/buildbot/secrets/providers/file.py -@@ -32,7 +32,7 @@ class SecretInAFile(SecretProviderBase): - def checkFileIsReadOnly(self, dirname, secretfile): - filepath = os.path.join(dirname, secretfile) - obs_stat = stat.S_IMODE(os.stat(filepath).st_mode) -- if (obs_stat & 0o77) != 0 and os.name == "posix": -+ if (obs_stat & 0o7) != 0 and os.name == "posix": - config.error(f"Permissions {oct(obs_stat)} on file {secretfile} are too open." - " It is required that your secret files are NOT" - " accessible by others!") -diff --git a/master/buildbot/test/unit/test_secret_in_file.py b/master/buildbot/test/unit/test_secret_in_file.py -index 01750172d..041b9654f 100644 ---- a/buildbot/test/unit/test_secret_in_file.py -+++ b/buildbot/test/unit/test_secret_in_file.py -@@ -57,7 +57,7 @@ def testCheckConfigErrorSecretInAFileService(self): - if os.name != "posix": - self.skipTest("Permission checks only works on posix systems") - filepath = self.createFileTemp(self.tmp_dir, "tempfile2.txt", -- chmodRights=stat.S_IRGRP) -+ chmodRights=stat.S_IROTH) - expctd_msg_error = " on file tempfile2.txt are too " \ - "open. It is required that your secret files are" \ - " NOT accessible by others!" --- -2.42.0 -