From ce2f2880da1041fcbdabaf18f7263fb30ba3cdf1 Mon Sep 17 00:00:00 2001
From: drebs <drebs@leap.se>
Date: Fri, 23 Dec 2016 16:24:54 -0200
Subject: [pkg] add soledad to the ssl-cert group

Now that uid an gid of the application are changed earlier by systemd
(instead of twistd), soledad will fail to start if it doesn't have
permission to read the ssl certificate with the new uid/gid.

This commit adds soledad to the ssl-cert group, which is the group of
the certificate as set by the platform.
---
 debian/soledad-server.postinst | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/debian/soledad-server.postinst b/debian/soledad-server.postinst
index f7dadaed..44112fc7 100644
--- a/debian/soledad-server.postinst
+++ b/debian/soledad-server.postinst
@@ -18,6 +18,9 @@ if [ ! $RET -eq 0 ]; then
   adduser --system soledad --no-create-home --home /srv/leap/ --ingroup soledad
 fi
 
+# allow soledad user to read ssl certificates
+usermod -aG ssl-cert soledad
+
 # create soledad-admin user
 id soledad-admin > /dev/null 2>&1
 RET=$?
-- 
cgit v1.2.3