config: fixup file permissions to be more strict
Normally the default in Arch is that all home directories are private. However, this may have been changed locally. To make sure we never expose secrets, lets use a umask of 0077 when writing the config. Additionally add some temporary fixup code to migrate the file and directory permissions of already existing paths. Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This commit is contained in:
parent
f3518e248c
commit
bc182032eb
|
@ -14,6 +14,13 @@ readonly XDG_DEVTOOLS_GITLAB_CONFIG="${XDG_DEVTOOLS_DIR}/gitlab.conf"
|
|||
export GITLAB_TOKEN=""
|
||||
|
||||
load_devtools_config() {
|
||||
# temporary permission fixup
|
||||
if [[ -d "${XDG_DEVTOOLS_DIR}" ]]; then
|
||||
chmod 700 "${XDG_DEVTOOLS_DIR}"
|
||||
fi
|
||||
if [[ -f "${XDG_DEVTOOLS_GITLAB_CONFIG}" ]]; then
|
||||
chmod 600 "${XDG_DEVTOOLS_GITLAB_CONFIG}"
|
||||
fi
|
||||
if [[ -n "${DEVTOOLS_GITLAB_TOKEN}" ]]; then
|
||||
GITLAB_TOKEN="${DEVTOOLS_GITLAB_TOKEN}"
|
||||
return
|
||||
|
@ -26,6 +33,16 @@ load_devtools_config() {
|
|||
}
|
||||
|
||||
save_devtools_config() {
|
||||
mkdir -p "${XDG_DEVTOOLS_DIR}"
|
||||
printf 'GITLAB_TOKEN="%s"\n' "${GITLAB_TOKEN}" > "${XDG_DEVTOOLS_GITLAB_CONFIG}"
|
||||
# temporary permission fixup
|
||||
if [[ -d "${XDG_DEVTOOLS_DIR}" ]]; then
|
||||
chmod 700 "${XDG_DEVTOOLS_DIR}"
|
||||
fi
|
||||
if [[ -f "${XDG_DEVTOOLS_GITLAB_CONFIG}" ]]; then
|
||||
chmod 600 "${XDG_DEVTOOLS_GITLAB_CONFIG}"
|
||||
fi
|
||||
(
|
||||
umask 0077
|
||||
mkdir -p "${XDG_DEVTOOLS_DIR}"
|
||||
printf 'GITLAB_TOKEN="%s"\n' "${GITLAB_TOKEN}" > "${XDG_DEVTOOLS_GITLAB_CONFIG}"
|
||||
)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue