From e3ae0aeaee6b58c870cf97dba70514fc117d75e9 Mon Sep 17 00:00:00 2001
From: Conor Schaefer <conor@freedom.press>
Date: Mon, 19 Oct 2020 11:17:14 -0700
Subject: [PATCH] Fix mimetype private volume perms

Using "mode" and "makedirs" together for a symlink led to a broken
config: Salt was creating the parent directories with mode 644, so they
weren't traversable, so the mimeapps.list file couldn't be read by
normal user. Fixed.
---
 dom0/sd-mime-handling.sls | 16 ++++++++++++----
 dom0/sd-workstation.top   |  2 ++
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/dom0/sd-mime-handling.sls b/dom0/sd-mime-handling.sls
index 9b1cfe7ad..ac827340b 100644
--- a/dom0/sd-mime-handling.sls
+++ b/dom0/sd-mime-handling.sls
@@ -12,6 +12,14 @@
 # respective AppVMs.
 ##
 
+sd-private-volume-mimeapps-config-dir:
+  file.directory:
+    - name: /home/user/.local/share/applications
+    - user: user
+    - group: user
+    - makedirs: True
+    - mode: "0755"
+
 {% if grains['id'] in ["sd-viewer", "sd-app", "sd-devices-dvm"] %}
 
 sd-private-volume-mimeapps-handling:
@@ -20,8 +28,8 @@ sd-private-volume-mimeapps-handling:
     - target: /opt/sdw/mimeapps.list.{{ grains['id'] }}
     - user: user
     - group: user
-    - mode: "644"
-    - makedirs: True
+    - require:
+      - file: sd-private-volume-mimeapps-config-dir
 
 {% else %}
 
@@ -31,7 +39,7 @@ sd-private-volume-mimeapps-handling:
     - target: /opt/sdw/mimeapps.list.default
     - user: user
     - group: user
-    - mode: "644"
-    - makedirs: True
+    - require:
+      - file: sd-private-volume-mimeapps-config-dir
 
 {% endif %}
diff --git a/dom0/sd-workstation.top b/dom0/sd-workstation.top
index aba0051fb..9b25a8187 100644
--- a/dom0/sd-workstation.top
+++ b/dom0/sd-workstation.top
@@ -52,6 +52,8 @@ base:
     - sd-logging-setup
   sd-viewer:
     - sd-mime-handling
+  sd-devices:
+    - sd-mime-handling
   sd-devices-dvm:
     - sd-mime-handling
   sd-proxy: