Allow forgehook group to read secrets in the db

2020-04-28 18:23:13 +00:00 · 2020-04-28 18:23:13 +00:00 · 8fb1786c18
parent 358c69c305
commit 8fb1786c18
1 changed files with 3 additions and 2 deletions
--- a/databases/unix
+++ b/databases/unix
@ -217,8 +217,9 @@ secret_cmd() {
    fi
   
    owner="$(cat $db/."$rhex".owner)"
-    if [[ "$owner" != "$user" ]]; then
-        # TODO: when running with group forgehook, we don't exit because it's an endpoint asking
+    db_owner="$(find /usr/local/bin/forgehook-db -maxdepth 0 -printf '%u')"
+    if [[ "$owner" != "$user" ]] && [[ "$(id -gn $SUDO_GID)" != "$db_owner" ]]; then
+	# TODO: when running with group forgehook, we don't exit because it's an endpoint asking (done?)
        echo "ERROR: Repository $r is owned by $owner"
        exit 1
    fi