Import version 0.6.3~bzr539-0ubuntu3ubuntu/0.6.3_bzr539-0ubuntu3

Imported using git-dsc-commit.

2 files changed, 11 insertions, 2 deletions

diff --git a/debian/changelog b/debian/changelog
index 4ae27f17..c504f567 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+cloud-init (0.6.3~bzr539-0ubuntu3) precise; urgency=low
+
+  * make maas config file only readable by root (LP: #954721)
+
+ -- Scott Moser <smoser@ubuntu.com>  Wed, 14 Mar 2012 01:19:32 -0400
+
 cloud-init (0.6.3~bzr539-0ubuntu2) precise; urgency=low
 
   [Cosmin Luta]
diff --git a/debian/cloud-init.postinst b/debian/cloud-init.postinst
index 4cb75d80..22139428 100644
--- a/debian/cloud-init.postinst
+++ b/debian/cloud-init.postinst
@@ -77,7 +77,7 @@ for k in sys.argv[2:]:
       local header="# written by cloud-init debian package per preseed entries
 # cloud-init/{maas-metadata-url,/maas-metadata-credentials}"
 
-      local pair="" k="" v="" pload=""
+      local pair="" k="" v="" pload="" orig_umask=""
       for pair in "metadata_url:$md_url" "consumer_key:${c_key}" \
          "token_key:${t_key}" "token_secret:$t_sec"; do
          k=${pair%%:*}
@@ -86,8 +86,11 @@ for k in sys.argv[2:]:
       done
 
       # '_' would indicate "delete", otherwise, existing entries are left
-      : >> "$cfg_file" && chmod go-w "$cfg_file"
+      orig_umask=$(umask)
+      umask 066
+      : >> "$cfg_file" && chmod 600 "$cfg_file"
       update_cfg "$cfg_file" "$header" "datasource: { MaaS: { ${pload%,} } }" _
+      umask ${orig_umask}
    fi
 
    # now clear the database of the values, as they've been consumed