[shepherd] 07/07: support: Add a keyword argument '#:secure?' to verify-dir.

[Ludovic Courtès]

civodul pushed a commit to branch master
in repository shepherd.

commit f158e636f1079cfa0ae226274925f8cd7a0793a0
Author: Mathieu Lirzin <address@hidden>
Date:   Sat Jan 16 23:17:40 2016 +0100

    support: Add a keyword argument '#:secure?' to verify-dir.
    
    * modules/shepherd.scm (verify-dir): Replace argument INSECURE by a
    keyword argument #:SECURE?.  All callers changed.  Improve the logic of
    the implementation.
    
    Signed-off-by: Ludovic Courtès <address@hidden>
---
 modules/shepherd.scm         |    8 ++++----
 modules/shepherd/support.scm |   25 ++++++++++++-------------
 2 files changed, 16 insertions(+), 17 deletions(-)

diff --git a/modules/shepherd.scm b/modules/shepherd.scm
index a678d8c..cc74743 100644
--- a/modules/shepherd.scm
+++ b/modules/shepherd.scm
@@ -56,8 +56,8 @@
   (let ((config-file #f)
        (socket-file default-socket-file)
         (pid-file    #f)
-       (insecure #f)
-       (logfile default-logfile))
+        (secure      #t)
+        (logfile     default-logfile))
     ;; Process command line arguments.
     (process-args program-name args
                  ""
@@ -93,7 +93,7 @@
                    #:takes-arg? #f
                    #:description "don't ensure that the setup is secure"
                    #:action (lambda ()
-                              (set! insecure #t)))
+                               (set! secure #f)))
                  (make <option>
                    #:long "logfile" #:short #\l
                    #:takes-arg? #t #:optional-arg? #f #:arg-name "FILE"
@@ -135,7 +135,7 @@
                                              #f)))))))
     ;; We do this early so that we can abort early if necessary.
     (and socket-file
-        (verify-dir (dirname socket-file) insecure))
+         (verify-dir (dirname socket-file) #:secure? secure))
     ;; Enable logging as first action.
     (start-logging logfile)
 
diff --git a/modules/shepherd/support.scm b/modules/shepherd/support.scm
index 32b79e7..5b1ca7e 100644
--- a/modules/shepherd/support.scm
+++ b/modules/shepherd/support.scm
@@ -2,6 +2,7 @@
 ;; Copyright (C) 2014 A.Sassmannshausen <address@hidden>
 ;; Copyright (C) 2013, 2014, 2016 Ludovic Courtès <address@hidden>
 ;; Copyright (C) 2002, 2003 Wolfgang Jährling <address@hidden>
+;; Copyright (C) 2016 Mathieu Lirzin <address@hidden>
 ;;
 ;; This file is part of the GNU Shepherd.
 ;;
@@ -276,20 +277,18 @@ which has essential bindings pulled in."
        (set-current-module user-module)
        (primitive-load file)))))
 
-;; Check if the directory DIR exists and create it if it is the
-;; default directory, but does not exist.  If INSECURE is false, also
-;; checks for the permissions of the directory.
-(define (verify-dir dir insecure)
+(define* (verify-dir dir #:key (secure? #t))
+  "Check if the directory DIR exists and create it if it is the default
+directory, but does not exist.  If SECURE? is false, permissions of the
+directory are not checked."
   (and (string=? dir default-socket-dir)
        ;; If it exists already, this is fine, thus ignore errors.
        (catch-system-error
-       (mkdir default-socket-dir #o700)))
-
+        (mkdir default-socket-dir #o700)))
   ;; Check for permissions.
-  (or insecure
-      (let ((dir-stat (stat dir)))
-       (and (not (and (= (stat:uid dir-stat) (getuid))
-                      (= (stat:perms dir-stat) #o700)))
-            (begin
-              (local-output "Socket directory setup is insecure.")
-              (quit 1))))))
+  (when secure?
+    (let ((dir-stat (stat dir)))
+      (unless (and (= (stat:uid dir-stat) (getuid))
+                   (= (stat:perms dir-stat) #o700))
+        (local-output "Socket directory setup is insecure.")
+        (exit 1)))))