fix: deploy fixes secrets dir ownership (was root-only, backend couldn't read)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 14:07:13 +00:00
parent 68ca4189f6
commit 9b3f9a3c4f
1 changed files with 3 additions and 0 deletions
--- a/scripts/deploy-to-target.sh
+++ b/scripts/deploy-to-target.sh
@@ -681,6 +681,9 @@ PYEOF
      sudo mkdir -p /var/lib/archipelago/identities
      sudo mkdir -p /var/lib/archipelago/tor-config
      sudo chown -R archipelago:archipelago /var/lib/archipelago/dwn /var/lib/archipelago/content /var/lib/archipelago/federation /var/lib/archipelago/identities /var/lib/archipelago/tor-config 2>/dev/null || true
+      # Fix secrets directory ownership (must be readable by archipelago user, not root)
+      sudo chown -R archipelago:archipelago /var/lib/archipelago/secrets 2>/dev/null || true
+      sudo chmod 700 /var/lib/archipelago/secrets 2>/dev/null || true
      # Fix any root-owned config files in data dir (dead man's switch, sessions, etc.)
      sudo find /var/lib/archipelago -maxdepth 1 -name '*.json' -user root -exec chown archipelago:archipelago {} \; 2>/dev/null || true
      echo "   Data directories OK"