From c4844d58ed7e67ccfdd50d0a01cbf4058706cfe9 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Tue, 12 Jun 2018 11:10:28 +0200
Subject: [PATCH] Move cgit to suexec'd as well

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/distgit/files/cgit.conf      | 2 +-
 roles/distgit/files/suexec-cgit.sh | 2 ++
 roles/distgit/tasks/main.yml       | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 roles/distgit/files/suexec-cgit.sh

diff --git a/roles/distgit/files/cgit.conf b/roles/distgit/files/cgit.conf
index 832c6701e3..a4270e084f 100644
--- a/roles/distgit/files/cgit.conf
+++ b/roles/distgit/files/cgit.conf
@@ -2,7 +2,7 @@
 #Redirect /cgit/rpms/ /rpms/
 #Redirect permanent /cgit/ /
 Alias /cgit-data /usr/share/cgit
-ScriptAlias /cgit /var/www/cgi-bin/cgit
+ScriptAlias /cgit /var/www/bin/suexec-cgit.conf
 <Directory "/usr/share/cgit">
     Require all granted
 </Directory>
diff --git a/roles/distgit/files/suexec-cgit.sh b/roles/distgit/files/suexec-cgit.sh
new file mode 100644
index 0000000000..f5b9ccfe92
--- /dev/null
+++ b/roles/distgit/files/suexec-cgit.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+exec sudo -E -u apache /var/www/cgi-bin/cgit
diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml
index cfcdd3af80..f16a600bfe 100644
--- a/roles/distgit/tasks/main.yml
+++ b/roles/distgit/tasks/main.yml
@@ -45,6 +45,7 @@
     group=packager
     mode=0755
   with_items:
+  - cgit
   - gitolite
   - upload
   tags: