From 9b3f9a3c4fe43b146249befe20184a4c3d8bb00d Mon Sep 17 00:00:00 2001
From: Dorian <dorian@Dorians-MacBook-Air.local>
Date: Thu, 19 Mar 2026 14:07:13 +0000
Subject: [PATCH] fix: deploy fixes secrets dir ownership (was root-only,
 backend couldn't read)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 scripts/deploy-to-target.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scripts/deploy-to-target.sh b/scripts/deploy-to-target.sh
index 23faed9b..5bfebb12 100755
--- a/scripts/deploy-to-target.sh
+++ b/scripts/deploy-to-target.sh
@@ -681,6 +681,9 @@ PYEOF
       sudo mkdir -p /var/lib/archipelago/identities
       sudo mkdir -p /var/lib/archipelago/tor-config
       sudo chown -R archipelago:archipelago /var/lib/archipelago/dwn /var/lib/archipelago/content /var/lib/archipelago/federation /var/lib/archipelago/identities /var/lib/archipelago/tor-config 2>/dev/null || true
+      # Fix secrets directory ownership (must be readable by archipelago user, not root)
+      sudo chown -R archipelago:archipelago /var/lib/archipelago/secrets 2>/dev/null || true
+      sudo chmod 700 /var/lib/archipelago/secrets 2>/dev/null || true
       # Fix any root-owned config files in data dir (dead man's switch, sessions, etc.)
       sudo find /var/lib/archipelago -maxdepth 1 -name '*.json' -user root -exec chown archipelago:archipelago {} \; 2>/dev/null || true
       echo "   Data directories OK"