From 9d3853cef802cb25ccc5c6749293d76990a3030c Mon Sep 17 00:00:00 2001
From: Karen Arutyunov <karen@codesynthesis.com>
Date: Fri, 19 May 2023 13:47:15 +0300
Subject: Fix upload-bindist-clean and update INSTALL

---
 INSTALL                                     | 12 +++++++++++-
 brep/handler/upload/upload-bindist-clean.in | 14 +++++++++++++-
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/INSTALL b/INSTALL
index 02f3d9a..34aa1a7 100644
--- a/INSTALL
+++ b/INSTALL
@@ -349,7 +349,17 @@ in the subsequent subsections.
 
 If the build artifacts upload functionality is enabled in addition to the
 build2 build bot functionality you most likely will want to additionally setup
-the cleanup of the outdated build artifacts.
+the cleanup of the outdated build artifacts. For example, for binary
+distribution package uploads handled by brep-upload-bindist the cleanup needs
+to be performed by periodic execution of brep-upload-bindist-clean script.
+Note that the directory where the uploads are saved to must exist and have
+read, write, and execute permissions granted to the brep user. This, for
+example, can be achieved with the following commands:
+
+# mkdir /var/bindist
+# chown www-data:www-data /var/bindist
+# setfacl -m u:brep:rwx /var/bindist
+# setfacl -dm u:brep:rwx /var/bindist
 
 If the CI request functionality is enabled you most likely will want to
 additionally setup the tenants cleanup.
diff --git a/brep/handler/upload/upload-bindist-clean.in b/brep/handler/upload/upload-bindist-clean.in
index 20c2b00..99914a7 100644
--- a/brep/handler/upload/upload-bindist-clean.in
+++ b/brep/handler/upload/upload-bindist-clean.in
@@ -187,7 +187,19 @@ for d in "${expired_dirs[@]}"; do
 
     # Remove the package configuration directory.
     #
-    run rm -r "$d"
+    # Note that this directory contains files copied from a subdirectory of
+    # upload-data. These files are normally owned by the Apache2 user/group
+    # and have rw-r--r-- permissions. This script is normally executed as the
+    # brep user/group and thus the uploads root directory and all its
+    # subdirectories must have read, write, and execute permissions granted to
+    # the brep user, for example, by using ACL (see INSTALL file for
+    # details). Since cp preserves the file permissions by default, these
+    # files effective permissions will normally be r-- (read-only) for this
+    # script. In this case rm pops up the 'remove write-protected regular
+    # file' prompt by default prior to removing these files. To suppress the
+    # prompt we will pass the -f option to rm.
+    #
+    run rm -rf "$d"
 
     # Remove the empty parent directories.
     #
-- 
cgit v1.1