From c05e258ceb62a99012f7b0b4da32d7b6cd4ef284 Mon Sep 17 00:00:00 2001
From: Erik Karlsson <erik.r.karlsson@gmail.com>
Date: Fri, 17 Jun 2022 20:51:49 +0200
Subject: [PATCH] genconfig: set 0700/0600 on /etc/ssl/private

This is needed so that private keys provided via default/customer
configuration do not become world readable.

Change-Id: I0e5d1b22730c7a44c82c34611412085fd500ce3a
---
 iop/scripts/genconfig.sh     | 4 ++++
 iop/scripts/genconfig_min.sh | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/iop/scripts/genconfig.sh b/iop/scripts/genconfig.sh
index a167b4286..c07984536 100755
--- a/iop/scripts/genconfig.sh
+++ b/iop/scripts/genconfig.sh
@@ -436,6 +436,10 @@ function genconfig {
 			v "chmod 0600 $FILEDIR/etc/shadow"
 			chmod 0600 "$FILEDIR/etc/shadow"
 		fi
+		if [ -d "$FILEDIR/etc/ssl/private" ]; then
+			v "find $FILEDIR/etc/ssl/private -type d -exec chmod 0700 '{}' ';' -o -type f -exec chmod 0600 '{}' ';'"
+			find "$FILEDIR/etc/ssl/private" -type d -exec chmod 0700 '{}' ';' -o -type f -exec chmod 0600 '{}' ';'
+		fi
 
 		# Set target version
 		local git_version
diff --git a/iop/scripts/genconfig_min.sh b/iop/scripts/genconfig_min.sh
index e99dde554..df47586da 100644
--- a/iop/scripts/genconfig_min.sh
+++ b/iop/scripts/genconfig_min.sh
@@ -410,6 +410,10 @@ function genconfig_min {
 			v "chmod 0600 $FILEDIR/etc/shadow"
 			chmod 0600 "$FILEDIR/etc/shadow"
 		fi
+		if [ -d "$FILEDIR/etc/ssl/private" ]; then
+			v "find $FILEDIR/etc/ssl/private -type d -exec chmod 0700 '{}' ';' -o -type f -exec chmod 0600 '{}' ';'"
+			find "$FILEDIR/etc/ssl/private" -type d -exec chmod 0700 '{}' ';' -o -type f -exec chmod 0600 '{}' ';'
+		fi
 
 		# Set target version
 		local git_version