FS#71951 - [traefik] package has wrong permission of acme.json

Attached to Project: Community Packages
Opened by aya (gyara) - Monday, 30 August 2021, 11:08 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:02 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Christian Rebischke (Shibumi)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description:

In current version(2.5.1-1)'s pkgbuild file, the permission is 644 (and owner is root), while traefik service need it's permission to be 600 (and thus need it's owner to be traefik).

Steps to reproduce:

`pacman -S traefik`
This task depends upon

Closed by  Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:02 GMT
Reason for closing:  Moved
Additional comments about closing:  https://gitlab.archlinux.org/archlinux/p ackaging/packages/traefik/issues/1
Comment by Roland (ModProg) - Wednesday, 28 September 2022, 22:08 GMT
I have an idea to fix this:

1. remove the file creation in PKGBUILD, it creates the file with root so is of no use for us
2. touch and chmod the file in traefik.service:
```
ExecStartPre=/usr/bin/touch /etc/traefik/acme.json
ExecStartPre=/usr/bin/chmod 600 /etc/traefik/acme.json
```
3. for that to work change the path access from just the acme to the whole directory:
```
ReadWritePaths=/etc/traefik
```
Comment by Roland (ModProg) - Wednesday, 10 May 2023, 09:29 GMT
Found a workaround for those that run into this issue every update, just change the path in the `etc/traefik/traefik.toml` to a file

```toml
[certificatesResolvers.https.acme]
storage = "/etc/traefik/acme.donotupdate.json"
```

Loading...