Make sure onionbalance private keys are group-readable

author Julien Cristau <jcristau@debian.org>

Mon, 2 Oct 2017 12:27:26 +0000 (14:27 +0200)

committer Julien Cristau <jcristau@debian.org>

Mon, 2 Oct 2017 12:27:26 +0000 (14:27 +0200)
author Julien Cristau <jcristau@debian.org>
Mon, 2 Oct 2017 12:27:26 +0000 (14:27 +0200)
committer Julien Cristau <jcristau@debian.org>
Mon, 2 Oct 2017 12:27:26 +0000 (14:27 +0200)
diff --git a/modules/onion/files/create-onionbalance-config b/modules/onion/files/create-onionbalance-config

index 90e2ed7..5903a74 100755 (executable)
--- a/modules/onion/files/create-onionbalance-config
+++ b/modules/onion/files/create-onionbalance-config
@@ -71,7 +71,7 @@ for s in service_instances:
    keyfile = os.path.join(keydir, s+'.key')
    relkeyfile = os.path.join(relkeydir, s+'.key')
    if (not os.path.exists(keyfile)):
-    subprocess.check_call('umask 0027 && openssl genrsa -out %s 1024 && chgrp onionbalance %s'%(keyfile, keyfile), shell=True)
+    subprocess.check_call('umask 0027 && openssl genrsa -out %s 1024 && chgrp onionbalance %s && chmod 0640 %s'%(keyfile, keyfile, keyfile), shell=True)
  
    service = {
      'key': relkeyfile,
author	Julien Cristau <jcristau@debian.org>
	Mon, 2 Oct 2017 12:27:26 +0000 (14:27 +0200)
committer	Julien Cristau <jcristau@debian.org>
	Mon, 2 Oct 2017 12:27:26 +0000 (14:27 +0200)