Bileto

Merge ~barryprice/bileto/+git/bileto:xenial-charm into bileto:xenial-charm

  1. Git
  2. lp:~barryprice/bileto/+git/bileto
  3. xenial-charm
  4. Merge into xenial-charm
Proposed by Barry Price
Status: Merged
Approved by: Łukasz Zemczak
Approved revision: 071ca2b9d8cef831c30be4c6aadef143a3975455
Merged at revision: 071ca2b9d8cef831c30be4c6aadef143a3975455
Proposed branch: ~barryprice/bileto/+git/bileto:xenial-charm
Merge into: bileto:xenial-charm
Diff against target: 13 lines (+1/-1)
1 file modified
hooks/config-changed (+1/-1)
Reviewer Review Type Date Requested Status
Łukasz Zemczak Approve
Review via email: mp+323216@code.launchpad.net

Description of the change

The config-changed hook currently runs a "chmod 0600" on everything within the ~/.gnupg directory. Unfortunately this includes the private-keys-v1.d directory, which needs to be 0700.

This change restricts the chmod to only affect the files we're writing, and leave anything else alone.

To post a comment you must log in.
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Nice catch!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/hooks/config-changed b/hooks/config-changed
2index 1d75b04..bea02dd 100755
3--- a/hooks/config-changed
4+++ b/hooks/config-changed
5@@ -40,7 +40,7 @@ config-get gpg-private | base64 --decode > "$GPG/secring.gpg"
6 config-get gpg-public | base64 --decode > "$GPG/pubring.gpg"
7 config-get lp-oauth | base64 --decode > "$WWW_HOME/.launchpad.credentials"
8 chmod 0700 $GPG $SSH
9-chmod 0600 $GPG/* $SSH/* $WWW_HOME/.*cred*
10+chmod 0600 $GPG/*.gpg $SSH/* $WWW_HOME/.*cred*
11
12
13 HOSTS="$SSH/known_hosts"

Subscribers

People subscribed via source and target branches

to all changes: