diff --git a/.travis.yml b/.travis.yml index 0c9a3baf7..8977620aa 100644 --- a/.travis.yml +++ b/.travis.yml @@ -80,7 +80,7 @@ script: - sudo mv ./VERSION /harbor/VERSION - sudo service mysql stop - sudo ./tests/testprepare.sh - - docker-compose -f ./make/docker-compose.test.yml up -d + - sudo docker-compose -f ./make/docker-compose.test.yml up -d - go list ./... | grep -v -E 'vendor|tests' | xargs -L1 fgt golint - go list ./... | grep -v -E 'vendor|tests' | xargs -L1 go vet - export MYSQL_HOST=$IP @@ -91,7 +91,7 @@ script: - sudo ./ldapprepare.sh - cd .. - go test -i ./src/ui ./src/adminserver ./src/jobservice - - ./tests/coverage4gotest.sh + - sudo -E env "PATH=$PATH" ./tests/coverage4gotest.sh - goveralls -coverprofile=profile.cov -service=travis-ci - docker-compose -f make/docker-compose.test.yml down diff --git a/Makefile b/Makefile index bcb675710..916984c22 100644 --- a/Makefile +++ b/Makefile @@ -262,8 +262,13 @@ modify_composefile: @echo "preparing docker-compose file..." @cp $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSETPLFILENAME) $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) @$(SEDCMD) -i 's/__version__/$(VERSIONTAG)/g' $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) + +modify_sourcefiles: + @echo "change mode of source files." + @chmod 600 $(MAKEPATH)/common/templates/notary/notary-signer.key + @chmod 600 $(MAKEPATH)/common/templates/ui/private_key.pem -install: compile build prepare modify_composefile start +install: compile build modify_sourcefiles prepare modify_composefile start package_online: modify_composefile @echo "packing online package ..." @@ -292,7 +297,7 @@ package_online: modify_composefile @rm -rf $(HARBORPKG) @echo "Done." -package_offline: compile build modify_composefile +package_offline: compile build modify_sourcefiles modify_composefile @echo "packing offline package ..." @cp -r make $(HARBORPKG) diff --git a/make/prepare b/make/prepare index 57da6cbbb..459ecdd6d 100755 --- a/make/prepare +++ b/make/prepare @@ -62,6 +62,7 @@ def _get_secret(folder, filename, length=16): with open(key_file, 'w') as f: f.write(key) print("Generated and saved secret to file: %s" % key_file) + os.chmod(key_file, 0600) return key def prep_conf_dir(root, name): @@ -303,6 +304,7 @@ if customize_crt == 'on' and openssl_installed(): private_key_pem = os.path.join(config_dir, "ui", "private_key.pem") root_crt = os.path.join(config_dir, "registry", "root.crt") create_root_cert(empty_subj, key_path=private_key_pem, cert_path=root_crt) + os.chmod(private_key_pem, 0600) else: print("Copied configuration file: %s" % ui_config_dir + "private_key.pem") shutil.copyfile(os.path.join(templates_dir, "ui", "private_key.pem"), os.path.join(ui_config_dir, "private_key.pem")) @@ -331,6 +333,7 @@ if args.notary_mode: create_cert(cert_subj, signer_ca_key, signer_ca_cert, key_path=signer_key_path, cert_path=signer_cert_path) print("Copying certs for notary signer") shutil.copy2(signer_cert_path, notary_config_dir) + os.chmod(signer_key_path, 0600) shutil.copy2(signer_key_path, notary_config_dir) shutil.copy2(signer_ca_cert, notary_config_dir) finally: