From 9d07aaefbff67b847bc0b33ab2dd5e8fa2e177a4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 8 Jul 2019 10:13:45 +0300 Subject: [PATCH] Fix passkey.pem permissions breaking IRC bridge Regression since 174a6fcd1b3, #204 (Github Pull Request), which only affects new servers. Old servers which had their passkey.pem file relocated were okay. --- .../tasks/setup_install.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index 059b9d36..f3340094 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -59,8 +59,19 @@ - name: Generate Appservice IRC passkey if it doesn't exist shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048 + become: true + become_user: "{{ matrix_user_username }}" when: "not irc_passkey_file.stat.exists" +# In the past, we used to generate the passkey.pem file with root, so permissions may not be okay. +# Fix it. +- name: (Migration) Ensure Appservice IRC passkey permissions are okay + file: + path: "{{ matrix_appservice_irc_data_path }}/passkey.pem" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + # Ideally, we'd like to generate the final registration.yaml file by ourselves. # # However, the IRC bridge supports multiple servers, which leads to multiple