Use secret seed for internal mail passwords

commit: 177e6109c46c407bd40e0cfe902add9f58949c33 [log] [tgz]
author: Nico Huber <nico.h@gmx.de> Tue Jul 25 13:39:16 2023 +0000
committer: Nico Huber <nico.h@gmx.de> Tue Jul 25 16:55:06 2023 +0000
tree: 22366ab308833c85497523498a654753fcc5f0d7
parent: 8d9f45ebd57d2d665bac76c9a04e775135265729 [diff] [blame]
diff --git a/gerrit/Dockerfile.entrypoint b/gerrit/Dockerfile.entrypoint
index 3aa8ae1..7079792 100644
--- a/gerrit/Dockerfile.entrypoint
+++ b/gerrit/Dockerfile.entrypoint

@@ -2,8 +2,15 @@
 
 set -e
 
+secret() {
+    seed=$(cat /run/secrets/seed)
+    printf "%s:%40s" "${seed}" "$*" | sha256sum | sed 's/[[:space:]].*//'
+}
+
+export GERRIT_MAIL_PASSWORD=$(secret mail:gerrit)
+
 # Allows us to bind mount arbitrary owned files
-chown -R gerrit:gerrit /var/gerrit/{logs,etc,db,git,index,cache,passwd}/
+chown -R gerrit:gerrit /var/gerrit/{logs,etc,db,git,index,cache}/
 
 # Drop privileges as we set `USER root` only to change file permissions
 exec setpriv --reuid=gerrit --regid=gerrit --init-groups --inh-caps=-all /unprivileged.sh "$@"
commit	177e6109c46c407bd40e0cfe902add9f58949c33	[log] [tgz]
author	Nico Huber <nico.h@gmx.de>	Tue Jul 25 13:39:16 2023 +0000
committer	Nico Huber <nico.h@gmx.de>	Tue Jul 25 16:55:06 2023 +0000
tree	22366ab308833c85497523498a654753fcc5f0d7
parent	8d9f45ebd57d2d665bac76c9a04e775135265729 [diff] [blame]