Commit f6b917f0 authored by Emanuele Aina's avatar Emanuele Aina

Jenkinsfile: Always force specific permission bits

Using `--no-perms` alone yielded surprising results, such as
directories with no execute bit set, which could thus not be accessed
by the web server.

One option would be to use `--no-perms --chmod=ugo=rwX` as suggested by
the `rsync` man page:

> In summary: to give destination files (both old and new) the source
> permissions, use --perms.  To give new files the destination-default
> permissions (while leaving existing files unchanged), make sure that
> the --perms option is off and use --chmod=ugo=rwX (which ensures that
> all non-masked bits get enabled)

This would mean that existing files would preserve their permissions.
But we don't actually care about preserving them, to the contrary we may
prefer forcing them to a known state such that redeploying from scratch
would give the same results.

In order to achieve this, set `--chmod=ugo=rwX` in combination with
`--perms` (implied by `-a`).
Signed-off-by: Emanuele Aina's avatarEmanuele Aina <emanuele.aina@collabora.com>
parent d34c7fbb
......@@ -31,7 +31,7 @@ pipeline {
script {
sshagent (credentials: [ "collabora-rodoric-docsync", ] ) {
sh 'echo docker:x:$(id -u):$(id -g):docker gecos:/tmp:/bin/false > ${NSS_WRAPPER_PASSWD}'
sh 'LD_PRELOAD=libnss_wrapper.so rsync -e "ssh -oStrictHostKeyChecking=no" -va --no-group --no-owner --no-perms --delete-after out/usr/share/doc/apertis-designs/apertis-designs/ docsync@designs.apertis.org:/srv/designs.apertis.org/www/${RELEASE}'
sh 'LD_PRELOAD=libnss_wrapper.so rsync -e "ssh -oStrictHostKeyChecking=no" -va --no-group --no-owner --chmod=ugo=rwX --delete-after out/usr/share/doc/apertis-designs/apertis-designs/ docsync@designs.apertis.org:/srv/designs.apertis.org/www/${RELEASE}'
}
}
}
......@@ -52,7 +52,7 @@ pipeline {
script {
sshagent (credentials: [ "collabora-rodoric-docsync", ] ) {
sh 'echo docker:x:$(id -u):$(id -g):docker gecos:/tmp:/bin/false > ${NSS_WRAPPER_PASSWD}'
sh 'LD_PRELOAD=libnss_wrapper.so rsync -e "ssh -oStrictHostKeyChecking=no" -va --no-group --no-owner --no-perms --delete-after build/pdf/*.pdf docsync@designs.apertis.org:/srv/designs.apertis.org/www/${RELEASE}'
sh 'LD_PRELOAD=libnss_wrapper.so rsync -e "ssh -oStrictHostKeyChecking=no" -va --no-group --no-owner --chmod=ugo=rwX --delete-after build/pdf/*.pdf docsync@designs.apertis.org:/srv/designs.apertis.org/www/${RELEASE}'
}
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment