[elbe-devel] [PATCH] elbepack: egpg: create gpg director with tighter restrictions

Thomas Weißschuh thomas.weissschuh at linutronix.de
Wed Aug 21 11:39:11 CEST 2024


If the gpg directory has overly broad persmissions, gpg will emit
warnings. Avoid those.

Signed-off-by: Thomas Weißschuh <thomas.weissschuh at linutronix.de>
---
 elbepack/egpg.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/elbepack/egpg.py b/elbepack/egpg.py
index c995b2c70fc2..2a5e32fdebea 100644
--- a/elbepack/egpg.py
+++ b/elbepack/egpg.py
@@ -269,7 +269,7 @@ EOT = 4294967295
 
 def generate_elbe_internal_key():
     gpg_agent_conf = pathlib.Path('/var/cache/elbe/gnupg/gpg-agent.conf')
-    gpg_agent_conf.parent.mkdir(mode=0o755, parents=True, exist_ok=True)
+    gpg_agent_conf.parent.mkdir(mode=0o700, parents=True, exist_ok=True)
     gpg_agent_conf.write_text('allow-preset-passphrase\n'
                               f'default-cache-ttl {EOT}\n'
                               f'max-cache-ttl {EOT}\n')

---
base-commit: b9c9ecd45b95a8c53c2e9e19c4379e3e87c7983d
change-id: 20240821-gpg-warning-de554404b18a

Best regards,
-- 
Thomas Weißschuh <thomas.weissschuh at linutronix.de>



More information about the elbe-devel mailing list