deploy.sh: fix SQLite journal permissions; cli: upsert drivers by kind

SQLite needs write access to the repo directory to create journal files
alongside pipekit.db. Fixed by setting group pipekit + g+w on the
directory itself only (not recursive).

Driver registration now matches existing rows by kind before falling
back to name, so re-deploys update the correct row regardless of what
name was used at initial registration.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Paul Trowbridge 2026-06-03 21:42:55 -04:00
parent a3ff5337ee
commit 95292bd3f8
2 changed files with 11 additions and 3 deletions

View File

@ -80,15 +80,19 @@ fi
# ── 3. Ownership ────────────────────────────────────────────────────────────── # ── 3. Ownership ──────────────────────────────────────────────────────────────
step "File ownership and permissions" step "File ownership and permissions"
# Only chown what the service needs to write at runtime.
# Source code stays owned by the invoking user. # Source code stays owned by the invoking user.
# pipekit needs to own pipekit.db and write to the repo directory
# (SQLite creates journal files alongside the db file).
DB_FILE="$REPO_DIR/pipekit.db" DB_FILE="$REPO_DIR/pipekit.db"
if [ -f "$DB_FILE" ]; then if [ -f "$DB_FILE" ]; then
echo " $DB_FILE$SERVICE_NAME" echo " $DB_FILE$SERVICE_NAME:$SERVICE_NAME"
chown "$SERVICE_NAME:$SERVICE_NAME" "$DB_FILE" chown "$SERVICE_NAME:$SERVICE_NAME" "$DB_FILE"
else else
echo " $DB_FILE not yet created (pipekit init will create it as $SERVICE_NAME)" echo " $DB_FILE not yet created (pipekit init will create it as $SERVICE_NAME)"
fi fi
echo " $REPO_DIR (directory only) → group $SERVICE_NAME, group-writable"
chgrp "$SERVICE_NAME" "$REPO_DIR"
chmod g+w "$REPO_DIR"
echo " $VENV_DIR$SERVICE_NAME (created/managed below)" echo " $VENV_DIR$SERVICE_NAME (created/managed below)"
echo " Done." echo " Done."
@ -101,6 +105,8 @@ fi
if [ ! -d "$VENV_DIR" ]; then if [ ! -d "$VENV_DIR" ]; then
echo " Creating venv at $VENV_DIR" echo " Creating venv at $VENV_DIR"
mkdir -p "$VENV_DIR"
chown "$SERVICE_NAME:$SERVICE_NAME" "$VENV_DIR"
sudo -u "$SERVICE_NAME" HOME=/nonexistent python3 -m venv "$VENV_DIR" sudo -u "$SERVICE_NAME" HOME=/nonexistent python3 -m venv "$VENV_DIR"
else else
echo " Venv already exists at $VENV_DIR." echo " Venv already exists at $VENV_DIR."

View File

@ -71,7 +71,9 @@ def cmd_drivers_register(args) -> int:
f"(registering anyway)") f"(registering anyway)")
name = args.name or f"{args.kind}-jdbc" name = args.name or f"{args.kind}-jdbc"
existing = repo.get_driver_by_name(name) # Match by kind first (the meaningful key), fall back to name.
existing_by_kind = [d for d in repo.list_drivers() if d["kind"] == args.kind]
existing = existing_by_kind[0] if existing_by_kind else repo.get_driver_by_name(name)
if existing: if existing:
row = repo.update_driver(existing["id"], jar_file=args.jar, row = repo.update_driver(existing["id"], jar_file=args.jar,
class_name=class_name, class_name=class_name,