From d1cef98e4cce98873b9be136b455247273449fc8 Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik@corexmanagement.de>
Date: Fri, 1 May 2026 18:07:24 +0200
Subject: [PATCH] update.sh: run git as service user (avoid dubious-ownership
 when invoked as root)

---
 scripts/update.sh | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/scripts/update.sh b/scripts/update.sh
index 9630f01..7725740 100644
--- a/scripts/update.sh
+++ b/scripts/update.sh
@@ -12,15 +12,16 @@ SERVICE_USER="nexredirect"
 cd "$INSTALL_DIR"
 
 chmod +x "$INSTALL_DIR/scripts/"*.sh 2>/dev/null || true
-git fetch --tags --quiet
+chown -R "$SERVICE_USER:$SERVICE_USER" "$INSTALL_DIR"
+
 if [[ -n "$TAG" ]]; then
-  git checkout --quiet "$TAG"
+  sudo -u "$SERVICE_USER" -H bash -c "cd '$INSTALL_DIR' && git fetch --tags --quiet && git checkout --quiet '$TAG'"
 else
-  git pull --ff-only --quiet
+  sudo -u "$SERVICE_USER" -H bash -c "cd '$INSTALL_DIR' && git fetch --quiet && git pull --ff-only --quiet"
 fi
 
 sudo -u "$SERVICE_USER" -H bash -c "cd '$INSTALL_DIR' && npm ci --no-audit --no-fund"
 sudo -u "$SERVICE_USER" -H bash -c "cd '$INSTALL_DIR' && npm run build"
 
 systemctl restart corex-nexredirect
-echo "Update auf $(git describe --tags --always) abgeschlossen"
+echo "Update auf $(sudo -u "$SERVICE_USER" -H bash -c "cd '$INSTALL_DIR' && git describe --tags --always") abgeschlossen"