prosody
5b600514f654
prosodyctl

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

prosodyctl @ 5140:5b600514f654

prosodyctl: Set stricter umask while generating key (thanks darkrain)
author Kim Alvefur <zash@zash.se>
date Wed, 19 Sep 2012 23:26:38 +0200
parent 5139:0db82143ac00
child 5141:9ca67015ba0e
comparison
equal deleted inserted replaced
5139:0db82143ac00 5140:5b600514f654
684 if #arg >= 1 and arg[1] ~= "--help" then 684 if #arg >= 1 and arg[1] ~= "--help" then
685 local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key"; 685 local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key";
686 if ask_overwrite(key_filename) then 686 if ask_overwrite(key_filename) then
687 return nil, key_filename; 687 return nil, key_filename;
688 end 688 end
689 os.remove(key_filename); -- We chmod this file to not have write permissions 689 os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions
690 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); 690 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048);
691 local old_umask = pposix.umask("0377");
691 if openssl.genrsa{out=key_filename, key_size} then 692 if openssl.genrsa{out=key_filename, key_size} then
692 os.execute(("chmod 400 '%s'"):format(key_filename)); 693 os.execute(("chmod 400 '%s'"):format(key_filename));
693 show_message("Key written to ".. key_filename); 694 show_message("Key written to ".. key_filename);
695 pposix.umask(old_umask);
694 return nil, key_filename; 696 return nil, key_filename;
695 end 697 end
696 show_message("There was a problem, see OpenSSL output"); 698 show_message("There was a problem, see OpenSSL output");
697 else 699 else
698 show_usage("cert key HOSTNAME <bits>", "Generates a RSA key named HOSTNAME.key\n " 700 show_usage("cert key HOSTNAME <bits>", "Generates a RSA key named HOSTNAME.key\n "