debian/udpkey.initramfs-hook: Ensure seed is not publicly readable.

[udpkey] / debian / udpkey.initramfs-hook

diff --git a/debian/udpkey.initramfs-hook b/debian/udpkey.initramfs-hook
index 33be1c4375e4c8d1ac5d37652fd42ba2ea634cc3..0f3abf453c23c0005249a9c1142a1245c2f4f8cd 100755 (executable)
--- a/debian/udpkey.initramfs-hook
+++ b/debian/udpkey.initramfs-hook
@@ -15,4 +15,5 @@ esac
 
 copy_exec /usr/bin/udpkey
 cp -r /etc/udpkey $DESTDIR/etc/
-dd if=/dev/random of=$DESTDIR/etc/udpkey/seed bs=1 count=32
+
+(umask 077 && dd if=/dev/random of=$DESTDIR/etc/udpkey/seed bs=1 count=32)