setuid and setgid with given user for git pull

aura/aura.cabal

@@ -58,6 +58,7 @@ common libexec
     , scheduler                    >=1.1 && <2.1
     , transformers                 ^>=0.5
     , typed-process                ^>=0.2
+    , unix                         ^>=2.7.2.2
 
 library
   import:          commons, libexec

aura/lib/Aura/Build.hs

@@ -38,6 +38,7 @@ import qualified RIO.Set as S
 import qualified RIO.Text as T
 import           RIO.Time
 import           System.Process.Typed
+import           System.Posix.User
 
 ---
 
@@ -193,8 +194,11 @@ pullRepo :: User -> RIO Env (Either Failure ())
 pullRepo usr = do
   logDebug "git: Clearing worktree. "
   void . runProcess . setStderr closed . setStdout closed $ proc "git" ["reset", "--hard", "HEAD"]
-  logDebug "git: Pulling repo."
-  ec <- runProcess . setStderr closed . setStdout closed $ proc "git" ["pull"]
+  logDebug $ "git: Pulling repo as " <> display (user usr)
+  ue <- liftIO . getUserEntryForName . T.unpack . user $ usr
+  let uid = userID ue
+  let gid = userGroupID ue
+  ec <- runProcess . setChildUser uid . setChildGroup gid . setStderr closed . setStdout closed $ proc "git" ["pull"]
   case ec of
     ExitFailure _ -> pure . Left . Failure $ FailMsg buildFail_12
     ExitSuccess   -> liftIO (chown usr "." ["-R"]) $> Right ()

stack.yaml

@@ -1,4 +1,4 @@
-resolver: lts-19.1
+resolver: lts-19.4
 
 ghc-options:
   $everything: -split-sections -haddock

stack.yaml.lock

@@ -27,7 +27,7 @@ packages:
     hackage: text-2.0
 snapshots:
 - completed:
-    size: 617355
-    url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/19/1.yaml
-    sha256: cbd5e8593869445794924668479b5bd9f1738d075898623dceacc13b2576b6e3
-  original: lts-19.1
+    size: 618683
+    url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/19/4.yaml
+    sha256: d4ee004c46ba878d2f304f5d748d493057be579192a8d148527f3ba55c9df57f
+  original: lts-19.4