Use tempoary, writable directory

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-14 19:22:48 +02:00 · 2019-05-14 19:22:48 +02:00 · 0f1606ad25
commit 0f1606ad25
parent 5138df2848
2 changed files with 4 additions and 1 deletions
--- a/roles/fas_server/templates/configmap.yml
+++ b/roles/fas_server/templates/configmap.yml
@ -80,6 +80,9 @@ data:
    </Directory>
  app_start.sh: |-
    set -xe
+    rm -rf /tmp/fas-gpg
+    mkdir /tmp/fas-gpg
+    ln -s /etc/fas-gpg/pubring.gpg /tmp/fas-gpg/pubring.gpg
    python /etc/fas/app_gunicorn.py --bind :8000 --chdir /app app
  app_gunicorn.py: |-
    # We need a custom gunicorn script because we need to inject various requires
--- a/roles/fas_server/templates/fas.cfg.j2
+++ b/roles/fas_server/templates/fas.cfg.j2
@ -257,7 +257,7 @@ use_openssl_rand_bytes = True

 # These determine where FAS will read the public keyring from used in all GPG operations
 gpgexec = "/usr/bin/gpg"
-gpghome = "/etc/fas-gpg"
+gpghome = "/tmp/fas-gpg"
 # Note: gpg_fingerprint and gpg_passphrase are for encrypting password reset mail if the user has
 # a gpg key registered.  It's currently broken
 gpg_fingerprint = "7662 A6D3 4F21 A653 7BD4  BA64 20A0 8C45 4A0E 6255"