fix(install-log): pre-create /var/log/archipelago/ so non-root backend can write
The backend runs as `archipelago` and calls `install_log()` to append audit lines to the install log on every install / update / remove / start / stop / restart. Target path was /var/log/archipelago-container-installs.log, which does not exist and cannot be created by the service because /var/log/ is root-owned. OpenOptions errors were silently swallowed, so the log was never written on any node. Ship a tmpfiles.d rule that pre-creates /var/log/archipelago/ and container-installs.log with archipelago:archipelago ownership. Move the const path to match, keeping logs inside the directory logrotate already rotates (image-recipe/configs/logrotate.conf). Install the rule from both the ISO build and self-update, and apply it immediately on self-update so existing nodes get a working log without needing a reboot. Verified on .228: file created, backend user can write, backend binary rebuilt with new const.
This commit is contained in:
@@ -198,6 +198,17 @@ if [ -f "$REPO_DIR/image-recipe/configs/archipelago.service" ]; then
|
||||
fi
|
||||
fi
|
||||
|
||||
# Install/refresh tmpfiles.d rules. The logs rule creates
|
||||
# /var/log/archipelago/ + container-installs.log with archipelago:archipelago
|
||||
# ownership so the non-root backend can append install audit lines.
|
||||
# Apply immediately so existing nodes don't need a reboot.
|
||||
if [ -f "$REPO_DIR/image-recipe/configs/archipelago-tmpfiles.conf" ]; then
|
||||
sudo install -m 644 "$REPO_DIR/image-recipe/configs/archipelago-tmpfiles.conf" \
|
||||
/usr/lib/tmpfiles.d/archipelago-logs.conf
|
||||
sudo systemd-tmpfiles --create /usr/lib/tmpfiles.d/archipelago-logs.conf 2>/dev/null || true
|
||||
ok "Log tmpfiles rule installed"
|
||||
fi
|
||||
|
||||
# Restart service
|
||||
log "Restarting archipelago service..."
|
||||
sudo systemctl restart archipelago
|
||||
|
||||
Reference in New Issue
Block a user