From 69bc0c1061d99f386b5038f288822a6a49db3d54 Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@hp.com>
Date: Tue, 24 Apr 2012 07:36:24 -0700
Subject: [PATCH] Fix gerrit config file permissions.

Match what gerrit init creates; otherwise, gerrit init will
delete and recreate the secure config file, losing the database
password in the process.

Change-Id: Ic1632fe3b24a0e4498b2415029e8a1db0fd1dfe2
---
 modules/gerrit/manifests/init.pp | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/modules/gerrit/manifests/init.pp b/modules/gerrit/manifests/init.pp
index 1be615216b..0e3bbb8ab1 100644
--- a/modules/gerrit/manifests/init.pp
+++ b/modules/gerrit/manifests/init.pp
@@ -226,10 +226,11 @@ class gerrit($virtual_hostname='',
     }
   }
 
+  # Gerrit sets these permissions in 'init'; don't fight them.
   file { '/home/gerrit2/review_site/etc/gerrit.config':
-    owner => 'root',
-    group => 'root',
-    mode => 444,
+    owner => 'gerrit2',
+    group => 'gerrit2',
+    mode => 644,
     ensure => 'present',
     content => template('gerrit/gerrit.config.erb'),
     replace => 'true',
@@ -290,10 +291,13 @@ class gerrit($virtual_hostname='',
     require => User['gerrit2']
   }
 
+  # Gerrit sets these permissions in 'init'; don't fight them.  If
+  # these permissions aren't set correctly, gerrit init will write a
+  # new secure.config file and lose the mysql password.
   file { '/home/gerrit2/review_site/etc/secure.config':
-    owner => 'root',
+    owner => 'gerrit2',
     group => 'gerrit2',
-    mode => 440,
+    mode => 600,
     ensure => 'present',
     source => 'file:///root/secret-files/secure.config',
     replace => 'true',