From 3aef495c77ca72dcbbeb2f0f5f96d45d9096f231 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Mon, 17 Jan 2022 10:00:06 +0100
Subject: [PATCH] Update to 2022-01-17 10:00

---
 roles/gitea/defaults/main.yml            | 4 ++--
 roles/metabase/defaults/main.yml         | 4 ++--
 roles/zabbix_proxy/files/zabbix_proxy.te | 5 +++--
 roles/zabbix_proxy/tasks/conf.yml        | 6 ++++++
 4 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml
index a9e19bd..d8aab81 100644
--- a/roles/gitea/defaults/main.yml
+++ b/roles/gitea/defaults/main.yml
@@ -1,11 +1,11 @@
 ---
 
 # Version to install
-gitea_version: 1.15.9
+gitea_version: 1.15.10
 # URL to the binary
 gitea_bin_url: https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64
 # sha256 of the binary
-gitea_bin_sha256: dbdefbeed7073951ba955cb6c40bd7d9ece7a349c1326ad80c314690ff3616f1
+gitea_bin_sha256: 8dfab91bde02a27fba0248ba1d0175b2e4ff57ba3ef7a9da3e68cbb11d15178a
 # Handle updates. If set to false, ansible will only install
 # Gitea and then won't touch an existing installation
 gitea_manage_upgrade: True
diff --git a/roles/metabase/defaults/main.yml b/roles/metabase/defaults/main.yml
index 122a7fb..6886a63 100644
--- a/roles/metabase/defaults/main.yml
+++ b/roles/metabase/defaults/main.yml
@@ -1,11 +1,11 @@
 ---
 
 # Version to deploy
-metabase_version: 0.41.5
+metabase_version: 0.41.6
 # URL to fetch the jar
 metabase_jar_url: https://downloads.metabase.com/v{{ metabase_version }}/metabase.jar
 # Expected sha1 of the jar
-metabase_jar_sha256: 0c7d71cb571354334d5f238869ac861f33a2e20d19ba434515b663b9f63e5cb9
+metabase_jar_sha256: 9aa2e8429a39d4ef1fa3e304ce67c85e115392352e6fd35ce279872a087e7108
 # Should ansible handle upgrades ? If set to false, only the initial install (and the config) will be handled
 metabase_manage_upgrade: True
 
diff --git a/roles/zabbix_proxy/files/zabbix_proxy.te b/roles/zabbix_proxy/files/zabbix_proxy.te
index 79bfd77..2d5cb43 100644
--- a/roles/zabbix_proxy/files/zabbix_proxy.te
+++ b/roles/zabbix_proxy/files/zabbix_proxy.te
@@ -1,4 +1,4 @@
-module zabbix_proxy 1.1;
+module zabbix_proxy 1.2;
 
 require {
         type zabbix_var_run_t;
@@ -7,7 +7,7 @@ require {
         type ping_t;
         class sock_file { create unlink };
         class unix_stream_socket connectto;
-        class file { getattr read };
+        class file { getattr read execute execute_no_trans };
         class capability dac_override;
 }
 
@@ -18,3 +18,4 @@ allow ping_t zabbix_var_lib_t:file { getattr read };
 allow zabbix_t self:unix_stream_socket connectto;
 allow zabbix_t zabbix_var_run_t:sock_file { create unlink };
 allow zabbix_t self:capability dac_override;
+allow zabbix_t zabbix_var_lib_t:file { execute execute_no_trans };
diff --git a/roles/zabbix_proxy/tasks/conf.yml b/roles/zabbix_proxy/tasks/conf.yml
index 5315fe7..d97196c 100644
--- a/roles/zabbix_proxy/tasks/conf.yml
+++ b/roles/zabbix_proxy/tasks/conf.yml
@@ -7,3 +7,9 @@
 - name: Install server scripts
   copy: src=../zabbix_server/files/scripts/ dest=/var/lib/zabbix/bin/
   tags: zabbix
+
+- name: Make scripts executable
+  file: path=/var/lib/zabbix/bin/{{ item }} mode=755
+  loop:
+    - check_cert.pl
+  tags: zabbix