From: Mark Wooding <mdw@distorted.org.uk>
Date: Sun, 5 May 2024 15:17:25 +0000 (+0100)
Subject: dkim-keys.in (generate_key): Set the permission bits explicitly.
X-Git-Tag: 1.0.0~1
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/distorted-dkim/commitdiff_plain/3e39bc7a2c6faeaafa967d616c77ff76a0a2cd75?ds=inline

dkim-keys.in (generate_key): Set the permission bits explicitly.

OpenSSL denies group read permissions by default, so we have to allow
them by hand.  This means that the umask fiddling is redundant, but belt
and braces.
---

diff --git a/dkim-keys.in b/dkim-keys.in
index ef38d4d..cf07acc 100755
--- a/dkim-keys.in
+++ b/dkim-keys.in
@@ -556,6 +556,7 @@ sub generate_key ($) {
   my $oldmask = umask 0037;
   print "generate new key\n";
   run "openssl", "genrsa", "-out", $file, "3072";
+  chmod 0640, $file;
   umask $oldmask;
 }