Create Claude auth state directories
All checks were successful
ci/woodpecker/push/default Pipeline was successful
All checks were successful
ci/woodpecker/push/default Pipeline was successful
The first live renewal run showed systemd could not create state beneath a read-only home sandbox. Provision each user's writable state directory before enabling the timer so automatic renewal can run.
This commit is contained in:
Viktor Barzin
parent
7f1788a106
commit
600f1f933c
1 changed files with 9 additions and 0 deletions
|
|
@ -272,6 +272,15 @@ install_claude_auth_sync() {
|
|||
token_file="$cfg/vault-token"
|
||||
policy="workstation-claude-$user"
|
||||
|
||||
# The service sandbox makes the rest of $HOME read-only. Pre-create every
|
||||
# writable path before systemd enters that sandbox; ReadWritePaths cannot
|
||||
# create a missing child beneath a read-only parent.
|
||||
if [[ "$DRY_RUN" == 1 ]]; then
|
||||
echo "[dry-run] ensure Claude-auth state dirs -> $user"
|
||||
else
|
||||
install -d -o "$user" -g "$user" -m 0700 "$cfg" "$home/.local/state/claude-auth-sync"
|
||||
fi
|
||||
|
||||
if [[ ! -s "$token_file" ]]; then
|
||||
if [[ "$DRY_RUN" == 1 ]]; then
|
||||
echo "[dry-run] mint scoped Claude-auth Vault token -> $user"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue