movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

google-comute-image.nix: set umask 077 when downloading private keys from the metadata server.

Browse source
This commit is contained in:
Russell O'Connor 2015-01-05 15:01:49 -05:00
parent e548a4330d
commit b19ab1f046
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nixos/modules/virtualisation/google-compute-image.nix
View file

@ -135,6 +135,8 @@ in
path = [ pkgs.wget ]; path = [ pkgs.wget ];
script = script =
'' ''
# When dealing with cryptographic keys, we want to keep things private.
umask 077
wget="wget --retry-connrefused -t 6 --waitretry=10" wget="wget --retry-connrefused -t 6 --waitretry=10"
# Don't download the SSH key if it has already been downloaded # Don't download the SSH key if it has already been downloaded
if ! [ -e /root/.ssh/authorized_keys ]; then if ! [ -e /root/.ssh/authorized_keys ]; then