From 5f5aa68b1702d90063c5819b2db757428a10d345 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Mon, 25 Jan 2010 22:05:23 -0200
Subject: Trying to fix permission issue

---
 manifests/init.pp           | 24 ++++++++++++++++++------
 templates/deploy.sh.erb     |  8 +++-----
 templates/ikiwiki.setup.erb |  4 +++-
 templates/update.sh.erb     | 29 +++++++++++++++++++++++++++++
 4 files changed, 53 insertions(+), 12 deletions(-)
 create mode 100644 templates/update.sh.erb

diff --git a/manifests/init.pp b/manifests/init.pp
index 8a0048e..7997903 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -15,6 +15,14 @@ class ikiwiki {
     mode    => 755,
   }
 
+  file { "/usr/local/sbin/ikiwiki-refresh":
+    ensure  => present,
+    content => template('ikiwiki/refresh.sh.erb'),
+    owner   => root,
+    group   => root,
+    mode    => 755,
+  }
+
   define instance($base_url = false, $ensure = 'present', $description = false,
                   $adminuser = 'yourname', $adminemail = 'me@example.org', $instance = 'ikiwiki') {
 
@@ -35,13 +43,14 @@ class ikiwiki {
       owner   => root,
       group   => root,
       mode    => 644,
-      notify  => Exec["ikiwiki --setup /etc/ikiwiki/$name.setup"],
+      notify  => Exec["ikiwiki_refresh_${name}"],
     }
 
     case $ensure {
       'present': {
-        exec { "ikiwiki --setup /etc/ikiwiki/$name.setup":
-          user        => www-data,
+        exec { "ikiwiki_refresh_${name}":
+          command     => "/usr/local/sbin/ikiwiki-refresh $name $instance",
+          user        => root,
           refreshonly => true,
         }
     
@@ -56,7 +65,7 @@ class ikiwiki {
             owner   => www-data,
             group   => www-data,
             recurse => true,
-            notify  => Exec["ikiwiki --setup /etc/ikiwiki/$name.setup"],
+            notify  => Exec["ikiwiki_refresh_${name}"],
             require => File["${apache_sites_folder}/${name}"],
           }
         }
@@ -83,14 +92,17 @@ class ikiwiki {
         # gitosis can do a setuid to it and write to ikiwiki
         # folders without messing the permission scheme.
         #
+        # The same is valid for the cgi.
+        #
         # See http://ikiwiki.info/rcs/git/
         #     http://ikiwiki.info/forum/multi-user_setup_of_ikiwiki__44___gitosis_and_apache2_in_Debian_Sid/
         #
-        file { "/var/git/repositories/${name}.git/hooks/post-update":
+        file { [ "/var/git/repositories/${name}.git/hooks/post-update",
+                 "${apache_sites_folder}/${name}/${instance}/ikiwiki.cgi" ]:
           ensure => present,
           owner  => www-data,
           group  => gitosis,
-          mode   => 4550,
+          mode   => 6550,
         }
       }
     }
diff --git a/templates/deploy.sh.erb b/templates/deploy.sh.erb
index aac3de7..751264d 100644
--- a/templates/deploy.sh.erb
+++ b/templates/deploy.sh.erb
@@ -7,7 +7,7 @@ SITE=$BASE/$NAME
 CONF="/etc/ikiwiki"
 WEB_OWNER="www-data"
 WEB_GROUP="www-data"
-REPO_OWNER="www-data"
+REPO_OWNER="gitosis"
 REPO_GROUP="gitosis"
 REPO="/var/git/repositories/$NAME.git"
 
@@ -37,8 +37,6 @@ EOF
 ikiwiki-makerepo git $SITE/"$INSTANCE"_src/ $REPO
 touch $REPO/git-daemon-export-ok
 ( cd $REPO/$NAME.git && git --bare update-server-info )
-ikiwiki --setup /etc/ikiwiki/$NAME.setup
 
-# Set permissions
-chown -R $WEB_OWNER.$WEB_GROUP $SITE/"$INSTANCE"_src $SITE/$INSTANCE
-chown -R $REPO_OWNER.$REPO_GROUP $REPO
+# Refresh the instance
+ikiwiki-refresh $NAME $INSTANCE
diff --git a/templates/ikiwiki.setup.erb b/templates/ikiwiki.setup.erb
index 359932c..a2f40d1 100644
--- a/templates/ikiwiki.setup.erb
+++ b/templates/ikiwiki.setup.erb
@@ -64,7 +64,8 @@ use IkiWiki::Setup::Standard {
 			# The cgi wrapper.
 			cgi => 1,
 			wrapper => "<%= apache_sites_folder %>/<%= name %>/ikiwiki/ikiwiki.cgi",
-			wrappermode => "06755",
+			wrappermode => "06750",
+      wrappergroup => "gitosis",
 		},
 		#{
 		#	# The svn post-commit wrapper.
@@ -84,6 +85,7 @@ use IkiWiki::Setup::Standard {
 			# what you want.
       wrapper => "/var/git/repositories/<%= name %>.git/hooks/post-update",
 			wrappermode => "04550",
+      wrappergroup => "gitosis",
 		},
 		#{
 		#	# The monotone netsync hook.
diff --git a/templates/update.sh.erb b/templates/update.sh.erb
new file mode 100644
index 0000000..e158f58
--- /dev/null
+++ b/templates/update.sh.erb
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+NAME="$1"
+INSTANCE="$2"
+BASE="<%= apache_sites_folder %>"
+SITE=$BASE/$NAME
+CONF="/etc/ikiwiki"
+WEB_OWNER="www-data"
+WEB_GROUP="www-data"
+REPO_OWNER="gitosis"
+REPO_GROUP="gitosis"
+REPO="/var/git/repositories/$NAME.git"
+
+if [ -z "$INSTANCE" ]; then
+  echo "Usage:`basename $0` <site> <instance>"
+fi
+
+if [ ! -e "$CONF/$NAME" ]; then
+  echo "No config file for $NAME"
+fi
+
+# Setup
+ikiwiki --setup /etc/ikiwiki/$NAME.setup
+
+# Fix permissions
+chown -R $WEB_OWNER.$WEB_GROUP $SITE/"$INSTANCE"_src $SITE/$INSTANCE
+chown -R $REPO_OWNER.$REPO_GROUP $REPO
+chown $WEB_OWNER.$REPO_GROUP $REPO/hooks/post-update
+chown $WEB_OWNER.$REPO_GROUP $SITE/$INSTANCE/ikiwiki.cgi
-- 
cgit v1.2.3