Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Write signing keys with file mode 040
Browse files Browse the repository at this point in the history 
Signed-off-by: Fabian Klemp <fabian.klemp@frequentis.com>
  • Loading branch information
Fabian Klemp committed Dec 8, 2023
1 parent aa983c7 commit 67b023d
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions synapse/config/key.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -263,7 +263,9 @@ def generate_files(self, config: Dict[str, Any], config_dir_path: str) -> None:

if not self.path_exists(signing_key_path):
print("Generating signing key file %s" % (signing_key_path,))
with open(signing_key_path, "w") as signing_key_file:
with open(
signing_key_path, "w", opener=lambda p, f: os.open(p, f, mode=0o640)
) as signing_key_file:
key_id = "a_" + random_string(4)
write_signing_keys(signing_key_file, (generate_signing_key(key_id),))
else:
Expand All @@ -274,7 +276,9 @@ def generate_files(self, config: Dict[str, Any], config_dir_path: str) -> None:
key = decode_signing_key_base64(
NACL_ED25519, key_id, signing_keys.split("\n")[0]
)
with open(signing_key_path, "w") as signing_key_file:
with open(
signing_key_path, "w", opener=lambda p, f: os.open(p, f, mode=0o640)
) as signing_key_file:
write_signing_keys(signing_key_file, (key,))


Expand Down

0 comments on commit 67b023d

Please sign in to comment.