From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 1 Dec 2012 14:26:21 +0000 (+0000)
Subject: bin/setup: Fix permissions on `ca.key' and `ca.cert'.
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/ca/commitdiff_plain/9d7fd9609df0bae763ee9b523bc1456ef2e478de

bin/setup: Fix permissions on `ca.key' and `ca.cert'.

The previous thing was a mix of both, and didn't work properly.
---

diff --git a/bin/setup b/bin/setup
index 845c2a4..a87d5b4 100755
--- a/bin/setup
+++ b/bin/setup
@@ -67,9 +67,12 @@ exec >@stdout 2>@stderr openssl req -config "etc/openssl.conf"  \
     -text -out "ca.cert" -keyout "private/ca.key" \
     -new -x509 -days $C(ca-period) \
     -subj $subject
-file attributes "ca.cert" \
+file attributes "private/ca.key" \
     -owner $C(ca-owner) -group $C(ca-group) \
     -permissions 0640
+file attributes "ca.cert" \
+    -owner $C(ca-owner) -group $C(ca-group) \
+    -permissions 0644
 
 ## Set up the directories for the actual certificates.  These are published
 ## by the web server.