Refactor to not use setuid and not bypass the git daemon

2 files changed, 6 insertions, 15 deletions

diff --git a/templates/deploy.sh.erb b/templates/deploy.sh.erb
index 91aee0e..4ebbf1d 100644
--- a/templates/deploy.sh.erb
+++ b/templates/deploy.sh.erb
@@ -5,10 +5,6 @@ INSTANCE="$2"
 BASE="<%= scope.lookupvar('ikiwiki::sites_folder') %>"
 SITE=$BASE/$NAME
 CONF="/etc/ikiwiki"
-WEB_OWNER="www-data"
-WEB_GROUP="www-data"
-REPO_OWNER="<%= scope.lookupvar('ikiwiki::git_implementation') %>"
-REPO_GROUP="<%= scope.lookupvar('ikiwiki::git_implementation') %>"
 REPO="/var/git/repositories/$NAME.git"
 
 if [ -z "$INSTANCE" ]; then
@@ -43,6 +39,3 @@ if [ ! -d "$REPO" ]; then
   touch $REPO/git-daemon-export-ok
   ( cd $REPO/$NAME.git && git --bare update-server-info )
 fi
-
-# Refresh the instance
-ikiwiki-refresh $NAME $INSTANCE
diff --git a/templates/refresh.sh.erb b/templates/refresh.sh.erb
index 4308934..41b5296 100644
--- a/templates/refresh.sh.erb
+++ b/templates/refresh.sh.erb
@@ -2,11 +2,11 @@
 
 NAME="$1"
 INSTANCE="$2"
+WEB_OWNER="$3"
+WEB_GROUP="$4"
 BASE="<%= scope.lookupvar('ikiwiki::sites_folder') %>"
-SITE=$BASE/$NAME
+SITE="$BASE/$NAME"
 CONF="/etc/ikiwiki"
-WEB_OWNER="www-data"
-WEB_GROUP="www-data"
 REPO_OWNER="<%= scope.lookupvar('ikiwiki::git_implementation') %>"
 REPO_GROUP="<%= scope.lookupvar('ikiwiki::git_implementation') %>"
 REPO="/var/git/repositories/$NAME.git"
@@ -30,11 +30,9 @@ fi
 ikiwiki --setup /etc/ikiwiki/$NAME.setup
 
 # Fix permissions
-chown -R $WEB_OWNER.$WEB_GROUP $SITE/"$INSTANCE"_src $SITE/$INSTANCE
 chown -R $REPO_OWNER.$REPO_GROUP $REPO
-chown $WEB_OWNER.$REPO_GROUP $REPO/hooks/post-update
-chown $WEB_OWNER.$REPO_GROUP $SITE/$INSTANCE/ikiwiki.cgi
+chown -R $WEB_OWNER.$WEB_GROUP $SITE/"$INSTANCE"_src $SITE/$INSTANCE
 
 # Setuid/setgid
-chmod 6550 $REPO/hooks/post-update
-chmod 6550 $SITE/$INSTANCE/ikiwiki.cgi
+chmod 0755 $REPO/hooks/post-update
+chmod 0550 $SITE/$INSTANCE/ikiwiki.cgi