mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-12-22 07:17:05 +00:00
Fix permissions of backup secret according to Josh's comment at
https://github.com/mail-in-a-box/mailinabox/pull/150#issuecomment-53120156
This commit is contained in:
parent
a68fd6429f
commit
ee9552734f
@ -8,10 +8,8 @@ hide_output pip3 install rtyaml
|
||||
# Create a backup directory and a random key for encrypting backups.
|
||||
mkdir -p $STORAGE_ROOT/backup
|
||||
if [ ! -f $STORAGE_ROOT/backup/secret_key.txt ]; then
|
||||
openssl rand -base64 2048 > $STORAGE_ROOT/backup/secret_key.txt
|
||||
$(umask 077; openssl rand -base64 2048 > $STORAGE_ROOT/backup/secret_key.txt)
|
||||
fi
|
||||
# The secret key to encrypt backups should not be world readable.
|
||||
chmod 0600 $STORAGE_ROOT/backup/secret_key.txt
|
||||
|
||||
# Link the management server daemon into a well known location.
|
||||
rm -f /usr/local/bin/mailinabox-daemon
|
||||
|
@ -56,6 +56,10 @@ def migration_4(env):
|
||||
db = os.path.join(env["STORAGE_ROOT"], 'mail/users.sqlite')
|
||||
shell("check_call", ["sqlite3", db, "ALTER TABLE users ADD privileges TEXT NOT NULL DEFAULT ''"])
|
||||
|
||||
def migration_5(env):
|
||||
# The secret key for encrypting backups was world readable. Fix here.
|
||||
os.chmod(os.path.join(env["STORAGE_ROOT"], 'backup/secret_key.txt'), 600)
|
||||
|
||||
def get_current_migration():
|
||||
ver = 0
|
||||
while True:
|
||||
|
Loading…
Reference in New Issue
Block a user