[DRE-commits] [diaspora-installer] 03/07: remove read permissions from config files with secrets

Praveen Arimbrathodiyil praveen at moszumanska.debian.org
Fri Jan 13 16:13:45 UTC 2017 

This is an automated email from the git hooks/post-receive script.

praveen pushed a commit to branch master
in repository diaspora-installer.

commit 6dd4c940eef321b9ed67a0271267d3c5b96cdad8
Author: Praveen Arimbrathodiyil <praveen at debian.org>
Date:   Fri Jan 13 19:39:39 2017 +0530

    remove read permissions from config files with secrets
---
 debian/diaspora-common.postinst | 3 +++
 grantpriv.sh                    | 1 +
 2 files changed, 4 insertions(+)

diff --git a/debian/diaspora-common.postinst b/debian/diaspora-common.postinst
index 5096cbe..df7811d 100755
--- a/debian/diaspora-common.postinst
+++ b/debian/diaspora-common.postinst
@@ -106,6 +106,7 @@ case "$1" in
     selectedservices=$RET
     echo $selectedservices
     if [ "$RET" != "" ]; then
+      chmod a-r ${diaspora_conf_private}
       #Check if Facebook is selected
       servicename="Facebook"
       if [ "${selectedservices#*$servicename}" != "$RET" ]; then
@@ -161,8 +162,10 @@ case "$1" in
 	    echo "Registering ${diaspora_conf} via ucf"
     ucf --debconf-ok --three-way ${diaspora_conf_private} ${diaspora_conf}
     ucfr diaspora-common ${diaspora_conf}
+    chmod a-r ${diaspora_conf}
     ucf --debconf-ok --three-way ${diaspora_database_yml_private} ${diaspora_database_yml}
     ucfr diaspora-common ${diaspora_database_yml}
+    chmod a-r ${diaspora_database_yml}
     mkdir -p ${diaspora_nginx_log}
     mkdir -p ${diaspora_log_dir}
     mkdir -p ${diaspora_home}
diff --git a/grantpriv.sh b/grantpriv.sh
index 0373869..983cbc4 100755
--- a/grantpriv.sh
+++ b/grantpriv.sh
@@ -10,6 +10,7 @@ test -f /etc/dbconfig-common/diaspora-common.conf && . /etc/dbconfig-common/dias
 
 test -f ${diaspora_database_yml_private} ||\
 cp ${diaspora_database_yml_example} ${diaspora_database_yml_private}
+chmod a-r ${diaspora_database_yml_private}
 
 if [ "$dbc_dbtype" = "mysql" ]; then
   # Switch to mysql adapter, ugly hack, see #818863

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/diaspora-installer.git

More information about the Pkg-ruby-extras-commits mailing list