freeipa/ipalib
Christian Heimes ba8cbb8c62
Ensure that public cert and CA bundle are readable
In CIS hardened mode, the process umask is 027. This results in some
files not being world readable. Ensure that write_certificate_list()
calls in client installer, server installer, and upgrader create cert
bundles with permission bits 0644.

Fixes: https://pagure.io/freeipa/issue/7594
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-06-27 11:05:01 +02:00
..
install Add absolute_import future imports 2018-04-20 09:43:37 +02:00
__init__.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
aci.py Handle subyptes in ACIs 2018-06-20 08:38:03 +02:00
backend.py Fix pylint warnings inconsistent-return-statements 2017-12-18 11:51:14 +01:00
base.py Modernize use of range() 2015-09-01 11:42:01 +02:00
capabilities.py Replace LooseVersion 2016-11-24 15:46:40 +01:00
cli.py Load certificate files as binary data 2018-04-30 20:42:00 +02:00
config.py Fix multiple uninstallation of server 2018-02-15 14:02:03 +01:00
constants.py Use common replication wait timeout of 5min 2018-06-22 13:01:55 +02:00
crud.py ipalib, ipaserver: fix incorrect API.register calls in docstrings 2016-05-25 16:06:26 +02:00
dns.py dns: do not rely on custom param fields in record attributes 2016-06-20 16:39:12 +02:00
errors.py Require UTF-8 fs encoding 2017-11-21 16:13:28 +01:00
frontend.py Fix pylint warnings inconsistent-return-statements 2017-12-18 11:51:14 +01:00
krb_utils.py Allow login to WebUI using Kerberos aliases/enterprise principals 2017-03-08 15:56:11 +01:00
Makefile.am Build: Makefiles for Python packages 2016-11-09 13:08:32 +01:00
messages.py ipa host-add: do not raise exception when reverse record not added 2018-02-23 14:39:34 +01:00
misc.py Add fix for ipa plugins command 2017-02-17 10:22:07 +01:00
output.py Generate same API.txt under Python 2 and 3 2018-02-15 09:41:30 +01:00
parameters.py Load certificate files as binary data 2018-04-30 20:42:00 +02:00
pkcs10.py Remove pkcs10 module contents 2017-10-25 09:46:41 +02:00
plugable.py pylint3: workaround false positives reported for W1662 2018-05-17 16:55:42 -04:00
request.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
rpc.py server install: drop some print statements, change log level 2018-06-20 08:38:03 +02:00
setup.cfg Port all setup.py to setuptools 2016-10-20 18:43:37 +02:00
setup.py Have all the scripts run in python 3 by default 2018-02-15 18:43:12 +01:00
text.py Add support for format method to translation objects 2018-06-21 15:30:58 +02:00
util.py Sort and shuffle SRV record by priority and weight 2018-06-19 08:56:46 +02:00
x509.py Ensure that public cert and CA bundle are readable 2018-06-27 11:05:01 +02:00