paadi/tecamino-dbm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change user write so cert can be created without root

Browse Source
This commit is contained in:
Adrian Zürcher
2025-05-28 22:03:29 +02:00
parent 1c4b8a5995
commit 60b3f77e29
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
cert/cert.go
View File

@@ -63,7 +63,7 @@ func (c *Cert) GenerateSelfSignedCert() error {
} }
if _, err := os.Stat(path.Dir(c.CertFile)); os.IsNotExist(err) { if _, err := os.Stat(path.Dir(c.CertFile)); os.IsNotExist(err) {
os.MkdirAll(path.Dir(c.CertFile), 0666) os.MkdirAll(path.Dir(c.CertFile), 0700)
} }
certOut, err := os.Create(c.CertFile) certOut, err := os.Create(c.CertFile)
@@ -73,8 +73,13 @@ func (c *Cert) GenerateSelfSignedCert() error {
defer certOut.Close() defer certOut.Close()
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: certDER}) pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: certDER})
// Set permission to 0600 (read/write by owner only)
if err := os.Chmod(c.CertFile, 0600); err != nil {
return err
}
if _, err := os.Stat(path.Dir(c.KeyFile)); os.IsNotExist(err) { if _, err := os.Stat(path.Dir(c.KeyFile)); os.IsNotExist(err) {
os.MkdirAll(path.Dir(c.KeyFile), 0666) os.MkdirAll(path.Dir(c.KeyFile), 0700)
} }
keyOut, err := os.Create(c.KeyFile) keyOut, err := os.Create(c.KeyFile)
@@ -85,5 +90,10 @@ func (c *Cert) GenerateSelfSignedCert() error {
pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}) pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
// Set permission to 0600 (read/write by owner only)
if err := os.Chmod(c.KeyFile, 0600); err != nil {
return err
}
return nil return nil
} }