From e4b55ed8e7004c8ba6119fcc27438198f1ca0457 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 6 Nov 2023 07:29:08 +0100
Subject: [PATCH] buildbot: drop secret patch

we have to wait until https://github.com/buildbot/buildbot/pull/7159 is
part of a new release.
---
 ...1-allow-secrets-to-be-group-readable.patch | 47 -------------------
 1 file changed, 47 deletions(-)
 delete mode 100644 nix/0001-allow-secrets-to-be-group-readable.patch

diff --git a/nix/0001-allow-secrets-to-be-group-readable.patch b/nix/0001-allow-secrets-to-be-group-readable.patch
deleted file mode 100644
index 8c1c726..0000000
--- a/nix/0001-allow-secrets-to-be-group-readable.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 41bd68a23e605fb97b0fccff2af00a39cfd386f3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
-Date: Sat, 14 Oct 2023 11:45:30 +0200
-Subject: [PATCH] allow secrets to be group-readable
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Systemd's LoadCredential feature makes have the following 0o440 permissions.
-Services cannot modify secrets or their permission.
-By relaxing the check we allow buildbot to use secrets provided by systemd.
-
-Signed-off-by: Jörg Thalheim <joerg@thalheim.io>
----
- master/buildbot/secrets/providers/file.py        | 2 +-
- master/buildbot/test/unit/test_secret_in_file.py | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/master/buildbot/secrets/providers/file.py b/master/buildbot/secrets/providers/file.py
-index 11daf327a..293a9f410 100644
---- a/buildbot/secrets/providers/file.py
-+++ b/buildbot/secrets/providers/file.py
-@@ -32,7 +32,7 @@ class SecretInAFile(SecretProviderBase):
-     def checkFileIsReadOnly(self, dirname, secretfile):
-         filepath = os.path.join(dirname, secretfile)
-         obs_stat = stat.S_IMODE(os.stat(filepath).st_mode)
--        if (obs_stat & 0o77) != 0 and os.name == "posix":
-+        if (obs_stat & 0o7) != 0 and os.name == "posix":
-             config.error(f"Permissions {oct(obs_stat)} on file {secretfile} are too open."
-                          " It is required that your secret files are NOT"
-                          " accessible by others!")
-diff --git a/master/buildbot/test/unit/test_secret_in_file.py b/master/buildbot/test/unit/test_secret_in_file.py
-index 01750172d..041b9654f 100644
---- a/buildbot/test/unit/test_secret_in_file.py
-+++ b/buildbot/test/unit/test_secret_in_file.py
-@@ -57,7 +57,7 @@ def testCheckConfigErrorSecretInAFileService(self):
-         if os.name != "posix":
-             self.skipTest("Permission checks only works on posix systems")
-         filepath = self.createFileTemp(self.tmp_dir, "tempfile2.txt",
--                                       chmodRights=stat.S_IRGRP)
-+                                       chmodRights=stat.S_IROTH)
-         expctd_msg_error = " on file tempfile2.txt are too " \
-                            "open. It is required that your secret files are" \
-                            " NOT accessible by others!"
--- 
-2.42.0
-