prosody
dfe6a70efaa2
prosodyctl

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

prosodyctl @ 5151:dfe6a70efaa2

prosodyctl: Set stricter umask while generating key (thanks darkrain)
author Kim Alvefur <zash@zash.se>
date Wed, 19 Sep 2012 23:26:38 +0200
parent 5150:81b49bb0ecc7
child 5152:fee5f8d4ec74
comparison
equal deleted inserted replaced
5150:81b49bb0ecc7 5151:dfe6a70efaa2
685 if #arg >= 1 and arg[1] ~= "--help" then 685 if #arg >= 1 and arg[1] ~= "--help" then
686 local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key"; 686 local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key";
687 if ask_overwrite(key_filename) then 687 if ask_overwrite(key_filename) then
688 return nil, key_filename; 688 return nil, key_filename;
689 end 689 end
690 os.remove(key_filename); -- We chmod this file to not have write permissions 690 os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions
691 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); 691 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048);
692 local old_umask = pposix.umask("0377");
692 if openssl.genrsa{out=key_filename, key_size} then 693 if openssl.genrsa{out=key_filename, key_size} then
693 os.execute(("chmod 400 '%s'"):format(key_filename)); 694 os.execute(("chmod 400 '%s'"):format(key_filename));
694 show_message("Key written to ".. key_filename); 695 show_message("Key written to ".. key_filename);
696 pposix.umask(old_umask);
695 return nil, key_filename; 697 return nil, key_filename;
696 end 698 end
697 show_message("There was a problem, see OpenSSL output"); 699 show_message("There was a problem, see OpenSSL output");
698 else 700 else
699 show_usage("cert key HOSTNAME <bits>", "Generates a RSA key named HOSTNAME.key\n " 701 show_usage("cert key HOSTNAME <bits>", "Generates a RSA key named HOSTNAME.key\n "