[Engine-patches] Change in ovirt-engine[master]: pki: support umask 0077

Sun, 09 Jun 2013 11:14:11 -0700 

Alon Bar-Lev has uploaded a new change for review.

Change subject: pki: support umask 0077
......................................................................

pki: support umask 0077

Change-Id: I5938b0e75777a4d56674b8e55b8694e2d385e0d1
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
---
M packaging/etc/pki/CreateCA.sh
M packaging/etc/pki/SignReq.sh
M packaging/etc/pki/installCA.sh
3 files changed, 7 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/95/15495/1

diff --git a/packaging/etc/pki/CreateCA.sh b/packaging/etc/pki/CreateCA.sh
index 175874f..585eb82 100755
--- a/packaging/etc/pki/CreateCA.sh
+++ b/packaging/etc/pki/CreateCA.sh
@@ -21,6 +21,7 @@
 echo "O = $2" >> cacert.conf
 echo "CN = $3" >> cacert.conf
 cp cert.template cert.conf
+chmod a+r cacert.conf cert.conf
 
 #
 # openssl ca directory must
@@ -42,3 +43,5 @@
                -config openssl.conf -extfile cacert.conf \
                -extensions v3_ca -batch && \
        openssl x509 -in ca.pem -out certs/ca.der
+chmod a+r ca.pem certs/ca.der
+chown --reference=private private/ca.pem
diff --git a/packaging/etc/pki/SignReq.sh b/packaging/etc/pki/SignReq.sh
index 8ebebba..cf09dfb 100755
--- a/packaging/etc/pki/SignReq.sh
+++ b/packaging/etc/pki/SignReq.sh
@@ -37,6 +37,7 @@
         -days "$exp_time" -out "certs/$out_file" -startdate "$start_time" \
         ${req_name:+-subj "/O=$req_org/CN=$req_name"} \
         ${EXTRA_COMMAND}
+      chmod a+r "certs/$out_file"
 }
 
 result=9
diff --git a/packaging/etc/pki/installCA.sh b/packaging/etc/pki/installCA.sh
index cf8f2a0..244803e 100755
--- a/packaging/etc/pki/installCA.sh
+++ b/packaging/etc/pki/installCA.sh
@@ -32,6 +32,7 @@
        echo " "
        echo "}} Creating Engine Key..."
        openssl req -newkey rsa:2048 -days 365 -out "requests/${name}.req" 
-keyout "${ENGINE_KEY}" -passout "pass:${pass}" -subj "${subj}" || die "Cannot 
create certificate request"
+       chmod u=rw "requests/${name}.req" "${ENGINE_KEY}"
 
        echo " "
        echo "}} Signing certificate request..."
@@ -41,6 +42,7 @@
        echo " "
        echo "}} Creating PKCS#12 store..."
        openssl pkcs12 -export -in "certs/${name}.cer" -inkey "${ENGINE_KEY}" 
-passin "pass:${pass}" -out "keys/${name}.p12" -passout "pass:${pass}" || die 
"Cannot createPKCS#12"
+       chmod u=rw "keys/${name}.p12"
 }
 
 # Set var's
@@ -76,6 +78,7 @@
 # Generate truststore
 keytool -delete -noprompt -alias cacert -keystore ./.truststore -storepass 
"$PASS" > /dev/null 2>&1
 keytool -import -noprompt -trustcacerts -alias cacert -keypass "$PASS" -file 
certs/ca.der -keystore ./.truststore -storepass "$PASS"
+chmod a+r ./.truststore
 
 echo " "
 echo "} Creating client certificates for oVirt..."


-- 
To view, visit http://gerrit.ovirt.org/15495
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5938b0e75777a4d56674b8e55b8694e2d385e0d1
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to