From a7b1f9a27caf415c3fca5715cc2fe3dd2f82ac62 Mon Sep 17 00:00:00 2001
From: Kay0u <pierre@kayou.io>
Date: Fri, 11 Dec 2020 14:39:35 +0100
Subject: [PATCH] do not run bundle as root

---
 scripts/install | 18 +++++++++---------
 scripts/upgrade | 16 ++++++++--------
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/scripts/install b/scripts/install
index 01a2efc..84e8553 100644
--- a/scripts/install
+++ b/scripts/install
@@ -189,16 +189,16 @@ chown -R "$app": "$final_path"
 
 pushd "$final_path/live"
 	ynh_use_nodejs
-	bundle config deployment 'true'
-	bundle config without 'development test'
-	bundle install -j$(getconf _NPROCESSORS_ONLN)
-	yarn install --pure-lockfile
+	sudo -u $app PATH=$PATH $RBENV_ROOT/shims/bundle config deployment 'true'
+	sudo -u $app PATH=$PATH $RBENV_ROOT/shims/bundle config without 'development test'
+	sudo -u $app PATH=$PATH $RBENV_ROOT/shims/bundle install -j$(getconf _NPROCESSORS_ONLN)
+	sudo -u $app PATH=$PATH yarn install --pure-lockfile
 	echo "SAFETY_ASSURED=1">> $config
-	RAILS_ENV=production bundle exec rails db:setup --quiet
-	RAILS_ENV=production bundle exec rails assets:precompile --quiet
-	RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key > key.txt
-	RAILS_ENV=production bin/tootctl accounts create "$admin" --email="$admin_mail" --confirmed --role=admin > /dev/null
-	RAILS_ENV=production bin/tootctl accounts modify "$admin" --approve
+	sudo -u $app RAILS_ENV=production PATH=$PATH bin/bundle exec rails db:setup --quiet
+	sudo -u $app RAILS_ENV=production PATH=$PATH bin/bundle exec rails assets:precompile --quiet
+	sudo -u $app RAILS_ENV=production PATH=$PATH bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt
+	sudo -u $app RAILS_ENV=production PATH=$PATH bin/tootctl accounts create "$admin" --email="$admin_mail" --confirmed --role=admin > /dev/null
+	sudo -u $app RAILS_ENV=production PATH=$PATH bin/tootctl accounts modify "$admin" --approve
 popd
 
 vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "$final_path/live/key.txt")
diff --git a/scripts/upgrade b/scripts/upgrade
index 2914550..895049b 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -284,14 +284,14 @@ chown -R "$app": "$final_path"
 
 pushd "$final_path/live"
 	ynh_use_nodejs
-	bundle config deployment 'true'
-	bundle config without 'development test'
-	bundle install -j$(getconf _NPROCESSORS_ONLN)
-	yarn install --pure-lockfile
-	RAILS_ENV=production bundle exec rails assets:clean
-	RAILS_ENV=production bundle exec rails assets:precompile
-	RAILS_ENV=production bundle exec rails db:migrate
-	RAILS_ENV=production bin/tootctl cache clear
+	sudo -u $app PATH=$PATH $RBENV_ROOT/shims/bundle config deployment 'true'
+	sudo -u $app PATH=$PATH $RBENV_ROOT/shims/bundle config without 'development test'
+	sudo -u $app PATH=$PATH $RBENV_ROOT/shims/bundle install -j$(getconf _NPROCESSORS_ONLN)
+	sudo -u $app PATH=$PATH yarn install --pure-lockfile
+	sudo -u $app RAILS_ENV=production PATH=$PATH bin/bundle exec rails assets:clean
+	sudo -u $app RAILS_ENV=production PATH=$PATH bin/bundle exec rails assets:precompile
+	sudo -u $app RAILS_ENV=production PATH=$PATH bin/bundle exec rails db:migrate
+	sudo -u $app RAILS_ENV=production PATH=$PATH bin/tootctl cache clear
 popd
 
 # Recalculate and store the checksum of the file for the next upgrade.