freeipa

Clone
Source Code
GIT

fc63ad8 Ensure that public cert and CA bundle are readable

Authored and Committed by cheimes 5 years ago
raw patch tree parent
8 files changed. 22 lines added. 11 lines removed.
ipaclient/install/client.py
file modified
+7 -3
ipaclient/install/ipa_certupdate.py
file modified
+2 -2
ipalib/x509.py
file modified
+4 -1
ipaserver/install/cainstance.py
file modified
+1 -1
ipaserver/install/httpinstance.py
file modified
+1 -1
ipaserver/install/installutils.py
file modified
+5 -1
ipaserver/install/krbinstance.py
file modified
+1 -1
ipaserver/install/server/replicainstall.py
file modified
+1 -1 
    Ensure that public cert and CA bundle are readable
    
    In CIS hardened mode, the process umask is 027. This results in some
    files not being world readable. Ensure that write_certificate_list()
    calls in client installer, server installer, and upgrader create cert
    bundles with permission bits 0644.
    
    Fixes: https://pagure.io/freeipa/issue/7594
    Signed-off-by: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
file modified
+7 -3
file modified
+2 -2
file modified
+4 -1
file modified
+1 -1
file modified
+1 -1
file modified
+5 -1
file modified
+1 -1
file modified
+1 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.