I’m doing my first packaging steps - so, bear with me.
I wonder about the STATIC_ROOT_PATH key (or setting.StaticRootPath).
Q: What is the propose of that directory?
As my understanding is, that the gitea binary file have all the assets already included. I’m saying this because I see people packaging such directory with the content (dirs) options, public, templates of the sources, that bloats it with more then 45MiB of data. My current layout looks like this
/etc/gitea/conf/app.example.ini
/etc/gitea/conf/app.ini
/etc/sysconfig/gitea
/usr/bin/gitea
/usr/lib/systemd/system/gitea.service
/usr/share/doc/gitea
/usr/share/doc/gitea/CHANGELOG.md
/usr/share/doc/gitea/README.md
/usr/share/doc/gitea/app.example.ini
/usr/share/licenses/gitea
/usr/share/licenses/gitea/LICENSE
/var/lib/gitea
/var/log/gitea
with the config
LDFLAGS="-X \"code.gitea.io/gitea/modules/setting.CustomPath=%{_sysconfdir}/%{name}\" \
-X \"code.gitea.io/gitea/modules/setting.CustomConf=%{_sysconfdir}/%{name}/conf/app.ini\" \
-X \"code.gitea.io/gitea/modules/setting.AppWorkPath=%{_sharedstatedir}/%{name}\" \
-X \"main.Version=%{full_version}\"" \
make build
and the application works as expected (without the above mentioned data). As I’m not setting the STATIC_ROOT_PATH / StaticRootPath key, it defaults to AppWorkPath. In this case resolves to /var/lib/gitea.
All that said; Q: how does this StaticRootPath relates to CustomPath key?
My understanding regards this is, that CustomPath should have such directories (options, public, templates) for individual configuration but Q: just with a selected amount of files, right?
Last one; the config file defaults to {CustomPath}/conf/app.ini albeit I configured it exactly that way with CustomConf but I wonder Q: If I should put the config file outside of CustomPath as a measure to prevent access to it by path traversals access (even when the code prevent it (not validated), just as a best practice).
Thanks in advance!