From de073fd1397bf9a931f3b5d2a0c1991a98fb5bdb Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Wed, 15 Feb 2023 15:49:37 +0000 Subject: [PATCH] serverinfo: Do not install gems as root --- cookbooks/serverinfo/recipes/default.rb | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/cookbooks/serverinfo/recipes/default.rb b/cookbooks/serverinfo/recipes/default.rb index 3589308a0..82a61185b 100644 --- a/cookbooks/serverinfo/recipes/default.rb +++ b/cookbooks/serverinfo/recipes/default.rb @@ -64,27 +64,34 @@ directory "/srv/hardware.openstreetmap.org/_site" do group "nogroup" end -# Workaround https://github.com/jekyll/jekyll/issues/7804 -# by creating a .jekyll-cache folder -directory "/srv/hardware.openstreetmap.org/.jekyll-cache" do - mode "755" +# FIXME: fix the the vendor directory permissions from prior root installs +directory "/srv/hardware.openstreetmap.org/vendor" do + action :create + recursive true owner "nobody" group "nogroup" end bundle_install "/srv/hardware.openstreetmap.org" do action :nothing - options "--deployment" - user "root" - group "root" + user "nobody" + group "nogroup" + environment "BUNDLE_FROZEN" => "true", + "BUNDLE_WITHOUT" => "development:test", + "BUNDLE_PATH" => "vendor/bundle", + "BUNDLE_DEPLOYMENT" => "1", + "BUNDLE_JOBS" => node.cpu_cores.to_s notifies :run, "bundle_exec[/srv/hardware.openstreetmap.org]" end bundle_exec "/srv/hardware.openstreetmap.org" do action :nothing - command "jekyll build --trace --baseurl=https://hardware.openstreetmap.org" + command "jekyll build --trace --disable-disk-cache --baseurl=https://hardware.openstreetmap.org" user "nobody" group "nogroup" + environment "LANG" => "C.UTF-8", + "BUNDLE_PATH" => "vendor/bundle", + "BUNDLE_DEPLOYMENT" => "1" end ssl_certificate "hardware.openstreetmap.org" do -- 2.39.5