From 4b3786b53f85223a8527e2fd39c7166471efd204 Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Fri, 5 Jan 2024 15:41:40 +0000 Subject: Set ownership and permissions on secret files. * genenetwork-development.scm (genenetwork-activation): Set ownership and permissions on secret files. * genenetwork-development-deploy.sh: Share /etc/genenetwork/conf instead of merely exposing it. --- genenetwork-development-deploy.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'genenetwork-development-deploy.sh') diff --git a/genenetwork-development-deploy.sh b/genenetwork-development-deploy.sh index e496fd0..d39bb7f 100755 --- a/genenetwork-development-deploy.sh +++ b/genenetwork-development-deploy.sh @@ -1,7 +1,7 @@ #! /bin/sh -e # genenetwork-machines --- Guix configuration for genenetwork machines -# Copyright © 2022 Arun Isaac +# Copyright © 2022–2024 Arun Isaac # # This file is part of genenetwork-machines. # @@ -24,6 +24,9 @@ # If we shared only the mysqld.sock socket file, it would break when # the external mysqld server is restarted. So, we share the mysqld # socket directory. + +# We set permissions on the secret files. So, we share +# /etc/genenetwork/conf instead of merely exposing it. container_script=$(guix system container --network \ --verbosity=3 \ --load-path=. \ @@ -34,7 +37,7 @@ container_script=$(guix system container --network \ --share=/export2/guix-containers/genenetwork-development/var/lib/tissue=/var/lib/tissue \ --share=/export2/guix-containers/genenetwork-development/var/lib/virtuoso=/var/lib/virtuoso \ --share=/export2/guix-containers/genenetwork-development/var/log/cd=/var/log/cd \ - --expose=/export2/guix-containers/genenetwork-development/etc/genenetwork/conf=/etc/genenetwork/conf \ + --share=/export2/guix-containers/genenetwork-development/etc/genenetwork/conf=/etc/genenetwork/conf \ --share=/export/data/genenetwork-virtuoso=/var/lib/data \ --expose=/export/data/genenetwork \ --share=/export/data/genenetwork-xapian \ -- cgit v1.2.3