From ec06bd20734c8e4fd94557d441640eacca31de9b Mon Sep 17 00:00:00 2001 From: wy65701436 Date: Mon, 10 Apr 2017 22:06:39 -0700 Subject: [PATCH] add crt 0600 --- Makefile | 3 +++ make/prepare | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 916984c22..6b6bf5bd9 100644 --- a/Makefile +++ b/Makefile @@ -266,7 +266,10 @@ modify_composefile: modify_sourcefiles: @echo "change mode of source files." @chmod 600 $(MAKEPATH)/common/templates/notary/notary-signer.key + @chmod 600 $(MAKEPATH)/common/templates/notary/notary-signer.crt + @chmod 600 $(MAKEPATH)/common/templates/notary/notary-signer-ca.crt @chmod 600 $(MAKEPATH)/common/templates/ui/private_key.pem + @chmod 600 $(MAKEPATH)/common/templates/registry/root.crt install: compile build modify_sourcefiles prepare modify_composefile start diff --git a/make/prepare b/make/prepare index 459ecdd6d..5a589df09 100755 --- a/make/prepare +++ b/make/prepare @@ -305,6 +305,7 @@ if customize_crt == 'on' and openssl_installed(): root_crt = os.path.join(config_dir, "registry", "root.crt") create_root_cert(empty_subj, key_path=private_key_pem, cert_path=root_crt) os.chmod(private_key_pem, 0600) + os.chmod(root_crt, 0600) else: print("Copied configuration file: %s" % ui_config_dir + "private_key.pem") shutil.copyfile(os.path.join(templates_dir, "ui", "private_key.pem"), os.path.join(ui_config_dir, "private_key.pem")) @@ -332,8 +333,10 @@ if args.notary_mode: create_root_cert(ca_subj, key_path=signer_ca_key, cert_path=signer_ca_cert) create_cert(cert_subj, signer_ca_key, signer_ca_cert, key_path=signer_key_path, cert_path=signer_cert_path) print("Copying certs for notary signer") + os.chmod(signer_cert_path, 0600) + os.chmod(signer_key_path, 0600) + os.chmod(signer_ca_path, 0600) shutil.copy2(signer_cert_path, notary_config_dir) - os.chmod(signer_key_path, 0600) shutil.copy2(signer_key_path, notary_config_dir) shutil.copy2(signer_ca_cert, notary_config_dir) finally: