summaryrefslogtreecommitdiff
path: root/lib/chef
diff options
context:
space:
mode:
Diffstat (limited to 'lib/chef')
-rw-r--r--lib/chef/knife/bootstrap/templates/chef-full.erb12
1 files changed, 6 insertions, 6 deletions
diff --git a/lib/chef/knife/bootstrap/templates/chef-full.erb b/lib/chef/knife/bootstrap/templates/chef-full.erb
index cfcdf11a28..b0476c8d57 100644
--- a/lib/chef/knife/bootstrap/templates/chef-full.erb
+++ b/lib/chef/knife/bootstrap/templates/chef-full.erb
@@ -188,24 +188,24 @@ fi
mkdir -p <%= Chef::Dist::CONF_DIR %>
<% if client_pem -%>
-cat > <%= Chef::Dist::CONF_DIR %>/client.pem <<'EOP'
+(umask 077 && (cat > <%= Chef::Dist::CONF_DIR %>/client.pem <<'EOP'
<%= ::File.read(::File.expand_path(client_pem)) %>
EOP
-chmod 0600 <%= Chef::Dist::CONF_DIR %>/client.pem
+)) || exit 1
<% end -%>
<% if validation_key -%>
-cat > <%= Chef::Dist::CONF_DIR %>/validation.pem <<'EOP'
+(umask 077 && (cat > <%= Chef::Dist::CONF_DIR %>/validation.pem <<'EOP'
<%= validation_key %>
EOP
-chmod 0600 <%= Chef::Dist::CONF_DIR %>/validation.pem
+)) || exit 1
<% end -%>
<% if encrypted_data_bag_secret -%>
-cat > <%= Chef::Dist::CONF_DIR %>/encrypted_data_bag_secret <<'EOP'
+(umask 077 && (cat > <%= Chef::Dist::CONF_DIR %>/encrypted_data_bag_secret <<'EOP'
<%= encrypted_data_bag_secret %>
EOP
-chmod 0600 <%= Chef::Dist::CONF_DIR %>/encrypted_data_bag_secret
+)) || exit 1
<% end -%>
<% unless trusted_certs.empty? -%>
View Lorry Controller Status