Upgrade Gitea to 1.15.6

Configures the JWT signing algorithm to be the old, less secure algorithm, until we update the token for Drone CI (and any other OAuth apps). closes #338
2021-11-25 16:44:48 -06:00 · 2021-11-25 16:44:48 -06:00 · 24f94bdb02
parent f93909da70
commit 24f94bdb02
3 changed files with 4 additions and 3 deletions
--- a/site-cookbooks/kosmos_gitea/attributes/default.rb
+++ b/site-cookbooks/kosmos_gitea/attributes/default.rb
@ -1,6 +1,6 @@
-gitea_version = "1.14.6"
+gitea_version = "1.15.6"
 node.default["kosmos_gitea"]["version"] = gitea_version
 node.default["kosmos_gitea"]["binary_url"] = "https://dl.gitea.io/gitea/#{gitea_version}/gitea-#{gitea_version}-linux-amd64"
-node.default["kosmos_gitea"]["binary_checksum"] = "20cc0a89421695320b077c9fe4f16996f03aaf9d24f661f8d2255794551c849b"
+node.default["kosmos_gitea"]["binary_checksum"] = "1b7473b5993e07b33fec58edbc1a90f15f040759ca4647e97317c33d5dfe58be"
 node.default["kosmos_gitea"]["nginx"]["domain"] = "gitea.kosmos.org"
 node.default["kosmos_gitea"]["working_directory"] = "/var/lib/gitea"
--- a/site-cookbooks/kosmos_gitea/recipes/default.rb
+++ b/site-cookbooks/kosmos_gitea/recipes/default.rb
@ -76,7 +76,7 @@ template "#{config_directory}/app.ini" do
  source "app.ini.erb"
  owner "git"
  group "git"
-  mode "0640"
+  mode "0600"
  sensitive true
  variables working_directory: working_directory,
            git_home_directory: git_home_directory,
--- a/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb
+++ b/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb
@ -46,6 +46,7 @@ PASSWD = <%= @smtp_password %>

 [oauth2]
 JWT_SECRET = <%= @jwt_secret %>
+JWT_SIGNING_ALGORITHM = HS256

 [security]
 INTERNAL_TOKEN = <%= @internal_token %>