add crt 0600

This commit is contained in:
wy65701436 2017-04-10 22:06:39 -07:00
parent e6380567d4
commit ec06bd2073
2 changed files with 7 additions and 1 deletions

View File

@ -266,7 +266,10 @@ modify_composefile:
modify_sourcefiles: modify_sourcefiles:
@echo "change mode of source files." @echo "change mode of source files."
@chmod 600 $(MAKEPATH)/common/templates/notary/notary-signer.key @chmod 600 $(MAKEPATH)/common/templates/notary/notary-signer.key
@chmod 600 $(MAKEPATH)/common/templates/notary/notary-signer.crt
@chmod 600 $(MAKEPATH)/common/templates/notary/notary-signer-ca.crt
@chmod 600 $(MAKEPATH)/common/templates/ui/private_key.pem @chmod 600 $(MAKEPATH)/common/templates/ui/private_key.pem
@chmod 600 $(MAKEPATH)/common/templates/registry/root.crt
install: compile build modify_sourcefiles prepare modify_composefile start install: compile build modify_sourcefiles prepare modify_composefile start

View File

@ -305,6 +305,7 @@ if customize_crt == 'on' and openssl_installed():
root_crt = os.path.join(config_dir, "registry", "root.crt") root_crt = os.path.join(config_dir, "registry", "root.crt")
create_root_cert(empty_subj, key_path=private_key_pem, cert_path=root_crt) create_root_cert(empty_subj, key_path=private_key_pem, cert_path=root_crt)
os.chmod(private_key_pem, 0600) os.chmod(private_key_pem, 0600)
os.chmod(root_crt, 0600)
else: else:
print("Copied configuration file: %s" % ui_config_dir + "private_key.pem") print("Copied configuration file: %s" % ui_config_dir + "private_key.pem")
shutil.copyfile(os.path.join(templates_dir, "ui", "private_key.pem"), os.path.join(ui_config_dir, "private_key.pem")) shutil.copyfile(os.path.join(templates_dir, "ui", "private_key.pem"), os.path.join(ui_config_dir, "private_key.pem"))
@ -332,8 +333,10 @@ if args.notary_mode:
create_root_cert(ca_subj, key_path=signer_ca_key, cert_path=signer_ca_cert) create_root_cert(ca_subj, key_path=signer_ca_key, cert_path=signer_ca_cert)
create_cert(cert_subj, signer_ca_key, signer_ca_cert, key_path=signer_key_path, cert_path=signer_cert_path) create_cert(cert_subj, signer_ca_key, signer_ca_cert, key_path=signer_key_path, cert_path=signer_cert_path)
print("Copying certs for notary signer") print("Copying certs for notary signer")
shutil.copy2(signer_cert_path, notary_config_dir) os.chmod(signer_cert_path, 0600)
os.chmod(signer_key_path, 0600) os.chmod(signer_key_path, 0600)
os.chmod(signer_ca_path, 0600)
shutil.copy2(signer_cert_path, notary_config_dir)
shutil.copy2(signer_key_path, notary_config_dir) shutil.copy2(signer_key_path, notary_config_dir)
shutil.copy2(signer_ca_cert, notary_config_dir) shutil.copy2(signer_ca_cert, notary_config_dir)
finally: finally: