address feedback

jcscottiii · jcscottiii · commit 7e8fcfcb0119 · 2026-04-02T15:44:22.000Z
diff --git a/src/cloud-init.yaml b/src/cloud-init.yaml
@@ -1,11 +1,6 @@
 #cloud-config
 
 write_files:
-  - path: /etc/sysctl.d/99-unprivileged-ports.conf
-    permissions: 0644
-    owner: root
-    content: |
-      net.ipv4.ip_unprivileged_port_start=80
   - path: /etc/systemd/system/wpt-server.service
     permissions: 0644
     owner: root
diff --git a/src/fetch-certs.py b/src/fetch-certs.py
@@ -77,7 +77,7 @@ def main(bucket_name, outdir, period):
                     '{}/privkey.pem'.format(outdir)
                 )
                 os.chmod('{}/fullchain.pem'.format(outdir), 0o644)
-                os.chmod('{}/privkey.pem'.format(outdir), 0o644)
+                os.chmod('{}/privkey.pem'.format(outdir), 0o640)
 
                 break
 
diff --git a/wpt-server-tot.Dockerfile b/wpt-server-tot.Dockerfile
@@ -20,10 +20,8 @@ RUN \
     python3.10-venv \
     python3-pip \
     supervisor \
-    tzdata \
-    libcap2-bin && \
-  sed -i 's/chmod=0700/chmod=0770\nchown=root:wpt-sync/' /etc/supervisor/supervisord.conf && \
-  setcap 'cap_net_bind_service=+ep' /usr/bin/python3.10
+    tzdata && \
+  sed -i 's/chmod=0700/chmod=0770\nchown=root:wpt-sync/' /etc/supervisor/supervisord.conf
 
 RUN useradd -ms /bin/bash -u 1000 wpt-server && \
     useradd -ms /bin/bash -u 1001 wpt-sync && \

Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@ def main(bucket_name, outdir, period):`
`77`	`77`	`'{}/privkey.pem'.format(outdir)`
`78`	`78`	`)`
`79`	`79`	`os.chmod('{}/fullchain.pem'.format(outdir), 0o644)`
`80`		`- os.chmod('{}/privkey.pem'.format(outdir), 0o644)`
	`80`	`+ os.chmod('{}/privkey.pem'.format(outdir), 0o640)`
`81`	`81`
`82`	`82`	`break`
`83`	`83`