From d79acdeb57fbb7e6f5aac43b819c67abbc417a79 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Fri, 22 Aug 2025 12:16:32 -0500
Subject: gn-uploader: Change ownership of and map secrets directory.

* Change the ownership of the secrets directory and all its children
  rather than just the secrets file.
* Expose the secrets directory to the application, rather than just
  the secrets file. Make the directory writable.
---
 genenetwork/services/genenetwork.scm | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/genenetwork/services/genenetwork.scm b/genenetwork/services/genenetwork.scm
index 0281c5a..99e78b9 100644
--- a/genenetwork/services/genenetwork.scm
+++ b/genenetwork/services/genenetwork.scm
@@ -744,7 +744,7 @@ a @code{<genenetwork-configuration>} record."
                       (chown file
                              (passwd:uid (getpw "gunicorn-gn-uploader"))
                              (passwd:gid (getpw "gunicorn-gn-uploader"))))
-                    (append (list #$secrets)
+                    (append (list #$(dirname secrets))
                             (find-files #$sessions-dir
                                         #:directories? #t)
                             (find-files #$sqlite-databases-directory
@@ -811,8 +811,9 @@ a @code{<genenetwork-configuration>} record."
                               (source gn-uploader-conf)
                               (target source))
                              (file-system-mapping
-                              (source secrets)
-                              (target source))
+                              (source (dirname secrets))
+                              (target source)
+                              (writable? #t))
                              (file-system-mapping
                               (source data-directory)
                               (target source)
-- 
cgit 1.4.1