[PATCH 2/3] support: Add a keyword argument '#:secure?' to verify-dir.

[Mathieu Lirzin]

* modules/shepherd.scm (verify-dir): Replace argument INSECURE by a
keyword argument #:SECURE?.  All callers changed.  Improve the logic of
the implementation.
---
 modules/shepherd.scm         |  8 ++++----
 modules/shepherd/support.scm | 25 ++++++++++++-------------
 2 files changed, 16 insertions(+), 17 deletions(-)


diff --git a/modules/shepherd.scm b/modules/shepherd.scm
index 290f691..e8e5704 100644
--- a/modules/shepherd.scm
+++ b/modules/shepherd.scm
@@ -56,8 +56,8 @@
   (let ((config-file #f)
 	(socket-file default-socket-file)
         (pid-file    #f)
-	(insecure #f)
-	(logfile default-logfile))
+        (secure      #t)
+        (logfile     default-logfile))
     ;; Process command line arguments.
     (process-args program-name args
 		  ""
@@ -93,7 +93,7 @@
 		    #:takes-arg? #f
 		    #:description "don't ensure that the setup is secure"
 		    #:action (lambda ()
-			       (set! insecure #t)))
+                               (set! secure #f)))
 		  (make <option>
 		    #:long "logfile" #:short #\l
 		    #:takes-arg? #t #:optional-arg? #f #:arg-name "FILE"
@@ -135,7 +135,7 @@
 					      #f)))))))
     ;; We do this early so that we can abort early if necessary.
     (and socket-file
-	 (verify-dir (dirname socket-file) insecure))
+         (verify-dir (dirname socket-file) #:secure? secure))
     ;; Enable logging as first action.
     (start-logging logfile)
 
diff --git a/modules/shepherd/support.scm b/modules/shepherd/support.scm
index dad7b2c..b6af5eb 100644
--- a/modules/shepherd/support.scm
+++ b/modules/shepherd/support.scm
@@ -2,6 +2,7 @@
 ;; Copyright (C) 2014 A.Sassmannshausen <alex.sassmannshau...@gmail.com>
 ;; Copyright (C) 2013, 2014, 2016 Ludovic Courtès <l...@gnu.org>
 ;; Copyright (C) 2002, 2003 Wolfgang Jährling <wolfg...@pro-linux.de>
+;; Copyright (C) 2016 Mathieu Lirzin <m...@gnu.org>
 ;;
 ;; This file is part of the GNU Shepherd.
 ;;
@@ -276,20 +277,18 @@ which has essential bindings pulled in."
        (set-current-module user-module)
        (primitive-load file)))))
 
-;; Check if the directory DIR exists and create it if it is the
-;; default directory, but does not exist.  If INSECURE is false, also
-;; checks for the permissions of the directory.
-(define (verify-dir dir insecure)
+(define* (verify-dir dir #:key (secure? #t))
+  "Check if the directory DIR exists and create it if it is the default
+directory, but does not exist.  If SECURE? is false, permissions of the
+directory are not checked."
   (and (string=? dir default-socket-dir)
        ;; If it exists already, this is fine, thus ignore errors.
        (catch-system-error
-	(mkdir default-socket-dir #o700)))
-
+        (mkdir default-socket-dir #o700)))
   ;; Check for permissions.
-  (or insecure
-      (let ((dir-stat (stat dir)))
-	(and (not (and (= (stat:uid dir-stat) (getuid))
-		       (= (stat:perms dir-stat) #o700)))
-	     (begin
-	       (local-output "Socket directory setup is insecure.")
-	       (quit 1))))))
+  (when secure?
+    (let ((dir-stat (stat dir)))
+      (unless (and (= (stat:uid dir-stat) (getuid))
+                   (= (stat:perms dir-stat) #o700))
+        (local-output "Socket directory setup is insecure.")
+        (exit 1)))))