From f3d1f95d4aed8e1cd02046650c17dd7a7bdbd952 Mon Sep 17 00:00:00 2001
Message-Id: <f3d1f95d4aed8e1cd02046650c17dd7a7bdbd952.1715724913.git.mdw@distorted.org.uk>
From: Mark Wooding <mdw@chiark.greenend.org.uk>
Date: Sat, 29 Jun 2013 17:27:24 +0100
Subject: [PATCH] debian/udpkey.initramfs-hook: Ensure seed is not publicly
 readable.
Organization: Straylight/Edgeware

From: Mark Wooding <mdw@distorted.org.uk>

---
 debian/udpkey.initramfs-hook | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/debian/udpkey.initramfs-hook b/debian/udpkey.initramfs-hook
index 33be1c4..0f3abf4 100755
--- a/debian/udpkey.initramfs-hook
+++ b/debian/udpkey.initramfs-hook
@@ -15,4 +15,5 @@ esac
 
 copy_exec /usr/bin/udpkey
 cp -r /etc/udpkey $DESTDIR/etc/
-dd if=/dev/random of=$DESTDIR/etc/udpkey/seed bs=1 count=32
+
+(umask 077 && dd if=/dev/random of=$DESTDIR/etc/udpkey/seed bs=1 count=32)
-- 
[mdw]