Merge "Increase file permissions around generate keys" into feature/zuulv3

This commit is contained in:
Jenkins 2017-06-07 12:38:02 +00:00 committed by Gerrit Code Review
commit 08ec3bade9
1 changed files with 4 additions and 1 deletions

View File

@ -903,7 +903,7 @@ class TenantParser(object):
key_dir = os.path.dirname(project.private_key_file)
if not os.path.isdir(key_dir):
os.makedirs(key_dir)
os.makedirs(key_dir, 0o700)
TenantParser.log.info(
"Generating RSA keypair for project %s" % (project.name,)
@ -920,6 +920,9 @@ class TenantParser(object):
with open(project.private_key_file, 'wb') as f:
f.write(pem_private_key)
# Ensure private key is read/write for zuul user only.
os.chmod(project.private_key_file, 0o600)
@staticmethod
def _loadKeys(project):
# Check the key files specified are there