[Da-tools-commits] ./debian/userdir-ldap r413: * Export ssh-keys.tar.gz to [UNTRUSTED] hosts. Since we already export

Peter Palfrader peter at palfrader.org
Mon May 19 06:56:21 UTC 2008 

------------------------------------------------------------
revno: 413
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Mon 2008-05-19 08:56:21 +0200
message:
  * Export ssh-keys.tar.gz to [UNTRUSTED] hosts.  Since we already export
    ssh-rsa-shadow this is probably the right thing.
  * Make keys in the ssh-keys tarball mode 0400 instead of mode 0600.
modified:
  debian/changelog
  ud-generate
-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog	2008-05-18 12:28:28 +0000
+++ b/debian/changelog	2008-05-19 06:56:21 +0000
@@ -1,3 +1,11 @@
+userdir-ldap (0.3.27) unstable; urgency=low
+
+  * Export ssh-keys.tar.gz to [UNTRUSTED] hosts.  Since we already export
+    ssh-rsa-shadow this is probably the right thing.
+  * Make keys in the ssh-keys tarball mode 0400 instead of mode 0600.
+
+ -- Peter Palfrader <weasel at debian.org>  Mon, 19 May 2008 08:55:28 +0200
+
 userdir-ldap (0.3.26) unstable; urgency=low
 
   * ud-replicate: sgran pointed out that if all we care about ignoring is

=== modified file 'ud-generate'
--- a/ud-generate	2008-05-17 14:15:26 +0000
+++ b/ud-generate	2008-05-19 06:56:21 +0000
@@ -960,10 +960,6 @@
       userlist = GenPasswd(l,OutDir+"passwd",Split[1], "x");
    sys.stdout.flush();
    grouprevmap = GenGroup(l,OutDir+"group");
-   if ExtraList.has_key("[UNTRUSTED]"):
-	continue;
-   if not ExtraList.has_key("[NOPASSWD]"):
-     GenShadow(l,OutDir+"shadow");
 
    # Now we know who we're allowing on the machine, export
    # the relevant ssh keys
@@ -1008,13 +1004,18 @@
         # to give a shit^W^W^Wcare about the UIDoffset stuff.
         to.uname = f
         to.gname = grname
-        to.mode  = 0600
+        to.mode  = 0400
         tf.addfile(to, file(os.path.join(GlobalDir, 'userkeys', f)))
 
       tf.close()
       os.rename(os.path.join(GlobalDir, 'ssh-keys-%s.tar.gz' % CurrentHost),
                 os.path.join(OutDir, 'ssh-keys.tar.gz'))
 
+   if ExtraList.has_key("[UNTRUSTED]"):
+     continue;
+   if not ExtraList.has_key("[NOPASSWD]"):
+     GenShadow(l,OutDir+"shadow");
+
    # Link in global things   
    DoLink(GlobalDir,OutDir,"markers");
    DoLink(GlobalDir,OutDir,"mail-forward.cdb");

More information about the Da-tools-commits mailing list