starlingx/config
Code Issues Proposed changes

Remove read permission from key files

Browse Source 
After files being copied, the new code remove read permission
from key files. They are with read flag enabled for group and
other.

Files changed after this change:
  /etc/etcd/ca.key
  /etc/etcd/etcd-server.key
  /etc/etcd/etcd-client.key
  /etc/ssl/private/registry-cert.key

Test Plan:

PASS: Verify that read file permission of the file is removed
      from files with .key extension in /etc/etcd

Closes-Bug: 1949781
Change-Id: I8159ecc8c4a4f5255447b28a1826637673a7c0ef
Signed-off-by: Alexandre Horst <alexandre.horst@windriver.com>
This commit is contained in:
Alexandre Horst 2021-11-02 09:17:38 -03:00
parent c0003fd203
commit 9b5e0571e3
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
controllerconfig/controllerconfig/scripts/controller_config
View File

@ -309,7 +309,8 @@ start()
if [ -e $CONFIG_DIR/etcd/etcd-server.key ] if [ -e $CONFIG_DIR/etcd/etcd-server.key ]
then then
cp $CONFIG_DIR/etcd/etcd-server.key /etc/etcd/etcd-server.key cp $CONFIG_DIR/etcd/etcd-server.key /etc/etcd/etcd-server.key &&
chmod 600 /etc/etcd/etcd-server.key
if [ $? -ne 0 ] if [ $? -ne 0 ]
then then
fatal_error "Unable to copy $CONFIG_DIR/etcd/etcd-server.key" fatal_error "Unable to copy $CONFIG_DIR/etcd/etcd-server.key"
@ -327,7 +328,8 @@ start()
if [ -e $CONFIG_DIR/etcd/etcd-client.key ] if [ -e $CONFIG_DIR/etcd/etcd-client.key ]
then then
cp $CONFIG_DIR/etcd/etcd-client.key /etc/etcd/etcd-client.key cp $CONFIG_DIR/etcd/etcd-client.key /etc/etcd/etcd-client.key &&
chmod 600 /etc/etcd/etcd-client.key
if [ $? -ne 0 ] if [ $? -ne 0 ]
then then
fatal_error "Unable to copy $CONFIG_DIR/etcd/etcd-client.key" fatal_error "Unable to copy $CONFIG_DIR/etcd/etcd-client.key"
@ -345,7 +347,8 @@ start()
if [ -e $CONFIG_DIR/etcd/ca.key ] if [ -e $CONFIG_DIR/etcd/ca.key ]
then then
cp $CONFIG_DIR/etcd/ca.key /etc/etcd/ca.key cp $CONFIG_DIR/etcd/ca.key /etc/etcd/ca.key &&
chmod 600 /etc/etcd/ca.key
if [ $? -ne 0 ] if [ $? -ne 0 ]
then then
fatal_error "Unable to copy $CONFIG_DIR/etcd/ca.key" fatal_error "Unable to copy $CONFIG_DIR/etcd/ca.key"
@ -354,7 +357,8 @@ start()
if [ -e $CONFIG_DIR/registry-cert.key ] if [ -e $CONFIG_DIR/registry-cert.key ]
then then
cp $CONFIG_DIR/registry-cert.key /etc/ssl/private/registry-cert.key cp $CONFIG_DIR/registry-cert.key /etc/ssl/private/registry-cert.key &&
chmod 600 /etc/ssl/private/registry-cert.key
if [ $? -ne 0 ] if [ $? -ne 0 ]
then then
fatal_error "Unable to copy $CONFIG_DIR/registry-cert.key" fatal_error "Unable to copy $CONFIG_DIR/registry-cert.key"