Hello,
consider applying the following patch which fixes permissions of files
created in /etc/pki/func -- currently they are -rw-rw-rw-.
diff --git a/func/certs.py b/func/certs.py
index e454cc4..bb44b0d 100644
--- a/func/certs.py
+++ b/func/certs.py
@@ -54,9 +54,9 @@ def make_csr(pkey, dest=None, cn=None):
req.set_pubkey(pkey)
req.sign(pkey, 'md5')
if dest:
- destfo = open(dest, 'w')
- destfo.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, req))
- destfo.close()
+ destfd = os.open(dest, os.O_RDWR|os.O_CREAT, 0644)
+ os.write(destfd, crypto.dump_certificate_request(crypto.FILETYPE_PEM, req))
+ os.close(destfd)
return req
diff --git a/func/minion/utils.py b/func/minion/utils.py
index 4ed0bf4..bb715b3 100755
--- a/func/minion/utils.py
+++ b/func/minion/utils.py
@@ -109,13 +109,13 @@ def create_minion_keys():
if result:
- cert_fo = open(cert_file, 'w')
- cert_fo.write(cert_string)
- cert_fo.close()
+ cert_fd = os.open(cert_file, os.O_RDWR|os.O_CREAT, 0644)
+ os.write(cert_fd, cert_string)
+ os.close(cert_fd)
- ca_cert_fo = open(ca_cert_file, 'w')
- ca_cert_fo.write(ca_cert_string)
- ca_cert_fo.close()
+ ca_cert_fd = os.open(ca_cert_file, os.O_RDWR|os.O_CREAT, 0644)
+ os.write(ca_cert_fd, ca_cert_string)
+ os.close(ca_cert_fd)
def submit_csr_to_master(csr_file, master_uri):
""""
--
Jan Pazdziora
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
