Allow forgehook group to read secrets in the db
This commit is contained in:
parent
358c69c305
commit
8fb1786c18
|
@ -217,8 +217,9 @@ secret_cmd() {
|
|||
fi
|
||||
|
||||
owner="$(cat $db/."$rhex".owner)"
|
||||
if [[ "$owner" != "$user" ]]; then
|
||||
# TODO: when running with group forgehook, we don't exit because it's an endpoint asking
|
||||
db_owner="$(find /usr/local/bin/forgehook-db -maxdepth 0 -printf '%u')"
|
||||
if [[ "$owner" != "$user" ]] && [[ "$(id -gn $SUDO_GID)" != "$db_owner" ]]; then
|
||||
# TODO: when running with group forgehook, we don't exit because it's an endpoint asking (done?)
|
||||
echo "ERROR: Repository $r is owned by $owner"
|
||||
exit 1
|
||||
fi
|
||||
|
|
Reference in New Issue