From cb971b402f26dfb5a28698a2694f1471372af61e Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Tue, 4 Jun 2024 12:53:41 +0200
Subject: [PATCH] product-config: new create_secret_dir function

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
---
 proxmox-product-config/src/filesystem_helpers.rs | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/proxmox-product-config/src/filesystem_helpers.rs b/proxmox-product-config/src/filesystem_helpers.rs
index c5a372fa..4a7fabd4 100644
--- a/proxmox-product-config/src/filesystem_helpers.rs
+++ b/proxmox-product-config/src/filesystem_helpers.rs
@@ -3,6 +3,7 @@ use std::path::Path;
 use anyhow::Error;
 use nix::sys::stat::Mode;
 
+use proxmox_sys::error::SysError;
 use proxmox_sys::fs::CreateOptions;
 
 use super::{get_api_user, get_priv_user};
@@ -88,6 +89,18 @@ pub fn replace_secret_config<P: AsRef<Path>>(path: P, data: &[u8]) -> Result<(),
     Ok(())
 }
 
+/// Creates a directory owned by `priv_user.uid:priv_user.gid` with permission `0700`.
+///
+/// Simply returns Ok if the directory already exists.
+pub fn create_secret_dir<P: AsRef<Path>>(dir: P) -> Result<(), Error> {
+    let options = secret_create_options().perm(Mode::from_bits_truncate(0o700));
+    match proxmox_sys::fs::create_dir(dir, options) {
+        Ok(()) => Ok(()),
+        Err(err) if err.already_exists() => Ok(()),
+        Err(err) => Err(err.into()),
+    }
+}
+
 /// Atomically write data to file owned by `root:root` with permission `0644`.
 ///
 /// Everyone can read, but only the superuser can write those files. This is usually used