mirror/iopsys-feed
1
0
Fork 0
mirror of https://dev.iopsys.eu/feed/iopsys.git synced 2025-12-10 07:44:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

genconfig: set 0700/0600 on /etc/ssl/private

Browse source 
This is needed so that private keys provided via default/customer
configuration do not become world readable.

Change-Id: I0e5d1b22730c7a44c82c34611412085fd500ce3a
This commit is contained in:
Erik Karlsson 2022-06-17 20:51:49 +02:00 committed by Erik Karlsson
parent b318a5b6f2
commit c05e258ceb
2 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
iop/scripts/genconfig.sh
View file

@ -436,6 +436,10 @@ function genconfig {
v "chmod 0600 $FILEDIR/etc/shadow"
chmod 0600 "$FILEDIR/etc/shadow"
fi
if [ -d "$FILEDIR/etc/ssl/private" ]; then
v "find $FILEDIR/etc/ssl/private -type d -exec chmod 0700 '{}' ';' -o -type f -exec chmod 0600 '{}' ';'"
find "$FILEDIR/etc/ssl/private" -type d -exec chmod 0700 '{}' ';' -o -type f -exec chmod 0600 '{}' ';'
fi
# Set target version
local git_version

4
iop/scripts/genconfig_min.sh
View file

@ -410,6 +410,10 @@ function genconfig_min {
v "chmod 0600 $FILEDIR/etc/shadow"
chmod 0600 "$FILEDIR/etc/shadow"
fi
if [ -d "$FILEDIR/etc/ssl/private" ]; then
v "find $FILEDIR/etc/ssl/private -type d -exec chmod 0700 '{}' ';' -o -type f -exec chmod 0600 '{}' ';'"
find "$FILEDIR/etc/ssl/private" -type d -exec chmod 0700 '{}' ';' -o -type f -exec chmod 0600 '{}' ';'
fi
# Set target version
local git_version