| Nico Huber | a1a296f | 2023-06-25 10:07:07 +0000 | [diff] [blame] | 1 | #!/bin/sh |
| 2 | |
| 3 | set -e |
| 4 | |
| Nico Huber | 177e610 | 2023-07-25 13:39:16 +0000 | [diff] [blame^] | 5 | secret() { |
| 6 | seed=$(cat /run/secrets/seed) |
| 7 | printf "%s:%40s" "${seed}" "$*" | sha256sum | sed 's/[[:space:]].*//' |
| 8 | } |
| 9 | |
| 10 | export GERRIT_MAIL_PASSWORD=$(secret mail:gerrit) |
| 11 | |
| Nico Huber | a1a296f | 2023-06-25 10:07:07 +0000 | [diff] [blame] | 12 | # Allows us to bind mount arbitrary owned files |
| Nico Huber | 177e610 | 2023-07-25 13:39:16 +0000 | [diff] [blame^] | 13 | chown -R gerrit:gerrit /var/gerrit/{logs,etc,db,git,index,cache}/ |
| Nico Huber | a1a296f | 2023-06-25 10:07:07 +0000 | [diff] [blame] | 14 | |
| 15 | # Drop privileges as we set `USER root` only to change file permissions |
| 16 | exec setpriv --reuid=gerrit --regid=gerrit --init-groups --inh-caps=-all /unprivileged.sh "$@" |