From 24f94bdb026f2a154976c04dbc6085499ebb1c46 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Thu, 25 Nov 2021 16:44:48 -0600
Subject: [PATCH] Upgrade Gitea to 1.15.6

Configures the JWT signing algorithm to be the old, less secure
algorithm, until we update the token for Drone CI (and any other OAuth
apps).

closes #338
---
 site-cookbooks/kosmos_gitea/attributes/default.rb         | 4 ++--
 site-cookbooks/kosmos_gitea/recipes/default.rb            | 2 +-
 site-cookbooks/kosmos_gitea/templates/default/app.ini.erb | 1 +
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/site-cookbooks/kosmos_gitea/attributes/default.rb b/site-cookbooks/kosmos_gitea/attributes/default.rb
index 5ede51d..a2d7925 100644
--- a/site-cookbooks/kosmos_gitea/attributes/default.rb
+++ b/site-cookbooks/kosmos_gitea/attributes/default.rb
@@ -1,6 +1,6 @@
-gitea_version = "1.14.6"
+gitea_version = "1.15.6"
 node.default["kosmos_gitea"]["version"] = gitea_version
 node.default["kosmos_gitea"]["binary_url"] = "https://dl.gitea.io/gitea/#{gitea_version}/gitea-#{gitea_version}-linux-amd64"
-node.default["kosmos_gitea"]["binary_checksum"] = "20cc0a89421695320b077c9fe4f16996f03aaf9d24f661f8d2255794551c849b"
+node.default["kosmos_gitea"]["binary_checksum"] = "1b7473b5993e07b33fec58edbc1a90f15f040759ca4647e97317c33d5dfe58be"
 node.default["kosmos_gitea"]["nginx"]["domain"] = "gitea.kosmos.org"
 node.default["kosmos_gitea"]["working_directory"] = "/var/lib/gitea"
diff --git a/site-cookbooks/kosmos_gitea/recipes/default.rb b/site-cookbooks/kosmos_gitea/recipes/default.rb
index 22d148e..9a2bddf 100644
--- a/site-cookbooks/kosmos_gitea/recipes/default.rb
+++ b/site-cookbooks/kosmos_gitea/recipes/default.rb
@@ -76,7 +76,7 @@ template "#{config_directory}/app.ini" do
   source "app.ini.erb"
   owner "git"
   group "git"
-  mode "0640"
+  mode "0600"
   sensitive true
   variables working_directory: working_directory,
             git_home_directory: git_home_directory,
diff --git a/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb b/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb
index 04eab6e..e013a0d 100644
--- a/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb
+++ b/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb
@@ -46,6 +46,7 @@ PASSWD = <%= @smtp_password %>
 
 [oauth2]
 JWT_SECRET = <%= @jwt_secret %>
+JWT_SIGNING_ALGORITHM = HS256
 
 [security]
 INTERNAL_TOKEN = <%= @internal_token %>