37 lines
1.6 KiB
Plaintext
37 lines
1.6 KiB
Plaintext
---
|
|
summary: debian pkg creates world readable private key :(
|
|
---
|
|
created: 2016-04-03 21:07:42.0
|
|
creator: neb
|
|
description: Submitted by @matthew:matrix.org
|
|
id: '12608'
|
|
key: SYN-671
|
|
number: '671'
|
|
priority: '3'
|
|
project: '10000'
|
|
reporter: neb
|
|
status: '10100'
|
|
type: '1'
|
|
updated: 2016-11-07 18:29:22.0
|
|
votes: '0'
|
|
watches: '3'
|
|
workflowId: '12708'
|
|
---
|
|
actions:
|
|
- author: crashkopf
|
|
body: "My quick fix is something like this:\n{code:bash}\n#!/bin/bash\nUSER=\"matrix-synapse\"\nGROUP=\"matrix-synapse\"\n\nPRIVKEYFILE=/etc/matrix-synapse/homeserver.tls.key\nSIGNKEYFILE=/etc/matrix-synapse/homeserver.signing.key\n\nif ! getent group $GROUP >/dev/null; then\n addgroup --quiet --system $GROUP\nfi\n\nif ! getent group $GROUP | cut -d : -f 4 | grep $USER > /dev/null; then\n\taddgroup $USER $GROUP\nfi\n\nif [ -f $PRIVKEYFILE ]; then \n\tchgrp $GROUP $PRIVKEYFILE\n\tchmod 640 $PRIVKEYFILE\nfi\n\nif [ -f $SIGNKEYFILE ]; then \n\tchgrp $GROUP $SIGNKEYFILE\n\tchmod 640 $SIGNKEYFILE\nfi\n{code}\n\nThe key files get created by the init script using {{--generate-config}} if they don't exist. If there were an easy way to get {{tls_private_key_path}} and {{signing_key_path}} from the synapse.config module then the key permissions could be checked on every start."
|
|
created: 2016-04-04 02:40:29.0
|
|
id: '12805'
|
|
issue: '12608'
|
|
type: comment
|
|
updateauthor: crashkopf
|
|
updated: 2016-04-04 02:40:29.0
|
|
- author: richvdh
|
|
body: 'Migrated to github: https://github.com/matrix-org/synapse/issues/1528'
|
|
created: 2016-11-07 18:29:22.0
|
|
id: '13837'
|
|
issue: '12608'
|
|
type: comment
|
|
updateauthor: richvdh
|
|
updated: 2016-11-07 18:29:22.0
|