fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
36 lines
1004 B
Bash
36 lines
1004 B
Bash
#!/usr/bin/env bash
|
|
# Secure .env file permissions (Quick Win). Run from project root.
|
|
# Usage: bash scripts/security/secure-env-permissions.sh [--dry-run]
|
|
|
|
set -euo pipefail
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
|
|
DRY_RUN=false
|
|
[[ "${1:-}" == "--dry-run" ]] && DRY_RUN=true
|
|
|
|
cd "$PROJECT_ROOT"
|
|
|
|
# Files to secure (relative to project root)
|
|
ENV_FILES=(
|
|
".env"
|
|
"unifi-api/.env"
|
|
"smom-dbis-138/.env"
|
|
"dbis_core/.env"
|
|
)
|
|
|
|
for f in "${ENV_FILES[@]}"; do
|
|
if [ -f "$f" ]; then
|
|
perms=$(stat -c "%a" "$f" 2>/dev/null || stat -f "%A" "$f" 2>/dev/null)
|
|
if [ "$perms" != "600" ]; then
|
|
if [[ "$DRY_RUN" == true ]]; then
|
|
echo "[DRY-RUN] would chmod 600 $f (current: $perms)"
|
|
else
|
|
chmod 600 "$f"
|
|
echo "chmod 600 $f"
|
|
fi
|
|
fi
|
|
fi
|
|
done
|
|
echo "Done. Ensure ownership: chown \$USER:\$USER .env (and other env files) if needed."
|