[stacks-blockchain] check perms before setting them

hirosystems · Sep 29, 2022 · 65b6326 · 65b6326
1 parent e66816e
commit 65b6326
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 7 deletions.
diff --git a/hirosystems/stacks-blockchain/Chart.lock b/hirosystems/stacks-blockchain/Chart.lock
@@ -1,9 +1,9 @@
 dependencies:
 - name: bitcoin-core
   repository: https://charts.hiro.so/hirosystems
-  version: 1.1.3
+  version: 1.1.4
 - name: common
   repository: https://charts.bitnami.com/bitnami
   version: 1.17.1
-digest: sha256:7f7c5df57b72f4d15694aa5558f4f6c7d162cc9477ed715cc3a608e5ca40fc64
-generated: "2022-09-28T15:23:46.357345-04:00"
+digest: sha256:37e8ba95b0232bac8d0ffe9e28038c23b589b7b96cd317a5eb0460f26ce7782c
+generated: "2022-09-28T21:10:59.24842-04:00"
diff --git a/hirosystems/stacks-blockchain/Chart.yaml b/hirosystems/stacks-blockchain/Chart.yaml
@@ -33,4 +33,4 @@ name: stacks-blockchain
 sources:
   - https://github.com/stacks-network/stacks-blockchain
   - https://docs.stacks.co/
-version: 1.1.4
+version: 1.1.5
diff --git a/hirosystems/stacks-blockchain/templates/statefulset.yaml b/hirosystems/stacks-blockchain/templates/statefulset.yaml
@@ -85,8 +85,6 @@ spec:
                 wget ${ARCHIVE_URL} -O ${DATA_DIR}/archive.tar.gz
                 tar zxvf ${DATA_DIR}/archive.tar.gz -C ${DATA_DIR}
                 rm -f ${DATA_DIR}/archive.tar.gz
-                echo "Setting permissions"
-                chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} ${DATA_DIR}
               else
                 echo "Previous data found. Exiting."
               fi
@@ -111,7 +109,9 @@ spec:
             - /bin/bash
             - -ec
             - |
-              chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ .Values.persistence.mountPath }}
+              if [[ "$(stat {{ .Values.persistence.mountPath }} -c %u:%g)" != "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" ]]; then
+                chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ .Values.persistence.mountPath }}
+              fi
           {{- if .Values.volumePermissions.containerSecurityContext.enabled }}
           securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}