From e65e743a2a736da920d008807f60985ec6081054 Mon Sep 17 00:00:00 2001
From: Munyoki Kilyungi
Date: Tue, 22 Apr 2025 20:35:56 +0300
Subject: Set correct file and dir permissions for gn conf files.

---
 genenetwork-local-container.scm | 40 ++++++++++++++++++----------------------
 1 file changed, 18 insertions(+), 22 deletions(-)

(limited to 'genenetwork-local-container.scm')

diff --git a/genenetwork-local-container.scm b/genenetwork-local-container.scm
index 5d13f6c..85e8c08 100644
--- a/genenetwork-local-container.scm
+++ b/genenetwork-local-container.scm
@@ -190,42 +190,38 @@ server described by CONFIG, a <genenetwork-configuration> object."
 
 (define (genenetwork-activation config)
   (match-record config <genenetwork-configuration>
-    (gn2-secrets gn3-secrets auth-db-path gn-auth-secrets)
+    (gn2-secrets gn3-secrets auth-db-path gn-auth-secrets gn-doc-git-checkout)
     (with-imported-modules '((guix build utils))
       #~(begin
           (use-modules (guix build utils))
-
           ;; Set ownership of files.
           (for-each (lambda (file)
+                      (when (eq? (stat:type (stat file)) 'directory)
+                        (chmod file #o755))
                       (chown file
                              (passwd:uid (getpw "genenetwork"))
                              (passwd:gid (getpw "genenetwork"))))
-                    (cons* #$gn3-secrets
-                           (append (list "/etc/genenetwork/conf/gn-auth"
-                                       "/etc/genenetwork/conf/gn-auth/secrets.py"
-                                       "/etc/genenetwork/conf/gn2"
-                                       "/etc/genenetwork/conf/gn3"
-                                       "/var/lib/gn-docs"
-                                       #$(dirname auth-db-path))
-                                 (find-files "/etc/genenetwork/conf/gn-auth"
-                                           #:directories? #t)
-                                 (find-files "/etc/genenetwork/conf/gn2"
-                                           #:directories? #t)
-                                 (find-files "/etc/genenetwork/conf/gn3"
-                                           #:directories? #t)
-                                 (find-files "/var/lib/gn-docs"
-                                           #:directories? #t)
-                                 (find-files #$(dirname auth-db-path)
-                                           #:directories? #t))))
+                    (cons* "/etc/genenetwork/conf"
+                           (append
+                            (find-files #$(dirname gn-auth-secrets)
+                                        #:directories? #t)
+                            (find-files #$(dirname gn2-secrets)
+                                        #:directories? #t)
+                            (find-files #$(dirname gn3-secrets)
+                                        #:directories? #t)
+                            (find-files #$(dirname auth-db-path)
+                                        #:directories? #t)
+                            (find-files #$(dirname gn-doc-git-checkout)
+                                        #:directories? #t))))
           ;; Prevent other users from reading secret files.
           (for-each (lambda (file)
                       (chmod file #o600))
                     (append
-                     (find-files "/etc/genenetwork/conf/gn-auth/secrets.py"
+                     (find-files #$gn-auth-secrets
                                  #:directories? #f)
-                     (find-files "/etc/genenetwork/conf/gn2/secrets.py"
+                     (find-files #$gn2-secrets
                                  #:directories? #f)
-                     (find-files "/etc/genenetwork/conf/gn3/secrets.py"
+                     (find-files #$gn3-secrets
                                  #:directories? #f)))))))
 
 (define (gn-guile-gexp gn-guile-port)
-- 
cgit v1.2.3