From 9d3853cef802cb25ccc5c6749293d76990a3030c Mon Sep 17 00:00:00 2001 From: Karen Arutyunov Date: Fri, 19 May 2023 13:47:15 +0300 Subject: Fix upload-bindist-clean and update INSTALL --- INSTALL | 12 +++++++++++- brep/handler/upload/upload-bindist-clean.in | 14 +++++++++++++- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/INSTALL b/INSTALL index 02f3d9a..34aa1a7 100644 --- a/INSTALL +++ b/INSTALL @@ -349,7 +349,17 @@ in the subsequent subsections. If the build artifacts upload functionality is enabled in addition to the build2 build bot functionality you most likely will want to additionally setup -the cleanup of the outdated build artifacts. +the cleanup of the outdated build artifacts. For example, for binary +distribution package uploads handled by brep-upload-bindist the cleanup needs +to be performed by periodic execution of brep-upload-bindist-clean script. +Note that the directory where the uploads are saved to must exist and have +read, write, and execute permissions granted to the brep user. This, for +example, can be achieved with the following commands: + +# mkdir /var/bindist +# chown www-data:www-data /var/bindist +# setfacl -m u:brep:rwx /var/bindist +# setfacl -dm u:brep:rwx /var/bindist If the CI request functionality is enabled you most likely will want to additionally setup the tenants cleanup. diff --git a/brep/handler/upload/upload-bindist-clean.in b/brep/handler/upload/upload-bindist-clean.in index 20c2b00..99914a7 100644 --- a/brep/handler/upload/upload-bindist-clean.in +++ b/brep/handler/upload/upload-bindist-clean.in @@ -187,7 +187,19 @@ for d in "${expired_dirs[@]}"; do # Remove the package configuration directory. # - run rm -r "$d" + # Note that this directory contains files copied from a subdirectory of + # upload-data. These files are normally owned by the Apache2 user/group + # and have rw-r--r-- permissions. This script is normally executed as the + # brep user/group and thus the uploads root directory and all its + # subdirectories must have read, write, and execute permissions granted to + # the brep user, for example, by using ACL (see INSTALL file for + # details). Since cp preserves the file permissions by default, these + # files effective permissions will normally be r-- (read-only) for this + # script. In this case rm pops up the 'remove write-protected regular + # file' prompt by default prior to removing these files. To suppress the + # prompt we will pass the -f option to rm. + # + run rm -rf "$d" # Remove the empty parent directories. # -- cgit v1.1