From 215adf841e68648f3eeaa6d1638bc2d9aa890214 Mon Sep 17 00:00:00 2001
From: Felix Schizlein <fschnizlein@suse.com>
Date: Thu, 4 Jan 2024 11:36:39 +0100
Subject: [PATCH 1/2] Set secret key file mode during fresh installation

---
 lib/tasks/encrypted_key.rake                    | 4 ++++
 package/files/update_rmt_app_dir_permissions.sh | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/tasks/encrypted_key.rake b/lib/tasks/encrypted_key.rake
index ffc6843cf..ed27c3adf 100644
--- a/lib/tasks/encrypted_key.rake
+++ b/lib/tasks/encrypted_key.rake
@@ -6,6 +6,8 @@ namespace :rmt do
 
       Rails::Generators::EncryptionKeyFileGenerator
         .new.add_key_file('config/secrets.yml.key')
+
+      FileUtils.chmod(0o640, 'config/secrets.yml.key')
     end
 
     desc 'Create the `secret_key_base` for Rails'
@@ -13,6 +15,8 @@ namespace :rmt do
       Rails::Secrets.write(
         { 'production' => { 'secret_key_base' => SecureRandom.hex(64) } }.to_yaml
       )
+
+      FileUtils.chmod(0o640, 'config/secrets.yml.enc')
     end
   end
 end
diff --git a/package/files/update_rmt_app_dir_permissions.sh b/package/files/update_rmt_app_dir_permissions.sh
index ec2d1b780..16e8f9951 100644
--- a/package/files/update_rmt_app_dir_permissions.sh
+++ b/package/files/update_rmt_app_dir_permissions.sh
@@ -20,7 +20,7 @@ fi
 # Change secrets encrypted and key files to nginx readable
 secret_key_files=('config/secrets.yml.key' 'config/secrets.yml.enc')
 
-for secretFile in $secret_key_files; do
+for secretFile in ${secret_key_files[@]}; do
   file_path="$app_dir/$secretFile"
   if [[ -e $file_path ]]; then
     if [[ "$(stat -c "%U %G" $file_path)" == "root root" ]]; then

From 6b0381b6e8f38aedef5e65ed7a3fcba73e9ae9ba Mon Sep 17 00:00:00 2001
From: Felix Schizlein <fschnizlein@suse.com>
Date: Thu, 4 Jan 2024 11:37:02 +0100
Subject: [PATCH 2/2] 2.15 Release

---
 package/obs/rmt-server.changes | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/package/obs/rmt-server.changes b/package/obs/rmt-server.changes
index 5d54a9751..faf742ed6 100644
--- a/package/obs/rmt-server.changes
+++ b/package/obs/rmt-server.changes
@@ -6,6 +6,8 @@ Wed Oct 04 13:23:00 UTC 2023 - Felix Schnizlein <fschnizlein@suse.com>
     allow transmitting system information dynamically. (jsc#PED-3734)
   * Fix secrets access for server user (bsc#1215176)
   * rmt-client-setup-res script: fix for CentOS8 clients (bsc#1214709)
+  * Updated supportconfig script (bsc#1216389)
+
 -------------------------------------------------------------------
 Thu Jun 06 15:44:00 UTC 2023 - Luís Caparroz <lcaparroz@suse.com>