Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: c29362632311
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 4c72d0ce2074
Choose a head ref
  • 1 commit
  • 2 files changed
  • 1 contributor

Commits on Nov 14, 2018

  1. nixos/postgresqlBackup: set to umask to 0077 

    * Ensure that the backup file is only readable by the owner
* Add file permission test to tests

(cherry picked from commit a0371d4)
    @markuskowa @samueldr
    markuskowa authored and samueldr committed Nov 14, 2018
    Copy the full SHA
    4c72d0c View commit details
Showing with 3 additions and 0 deletions.
  1. +2 −0 nixos/modules/services/backup/postgresql-backup.nix
  2. +1 −0 nixos/tests/postgresql.nix
2 changes: 2 additions & 0 deletions nixos/modules/services/backup/postgresql-backup.nix
View file
Original file line number Diff line number Diff line change
@@ -20,6 +20,8 @@ let
'';

script = ''
umask 0077 # ensure backup is only readable by postgres user
if [ -e ${cfg.location}/${db}.sql.gz ]; then
${pkgs.coreutils}/bin/mv ${cfg.location}/${db}.sql.gz ${cfg.location}/${db}.prev.sql.gz
fi
1 change: 1 addition & 0 deletions nixos/tests/postgresql.nix
View file
Original file line number Diff line number Diff line change
@@ -53,6 +53,7 @@ let
# Check backup service
$machine->succeed("systemctl start postgresqlBackup-postgres.service");
$machine->succeed("zcat /var/backup/postgresql/postgres.sql.gz | grep '<test>ok</test>'");
$machine->succeed("stat -c '%a' /var/backup/postgresql/postgres.sql.gz | grep 600");
$machine->shutdown;
'';