From d600bc21757ee918a5468910b5e98a9ce1562255 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jo@mein.io>
Date: Tue, 26 Jul 2016 20:09:27 +0200
Subject: [PATCH] phase1: enforce proper umask during signing

Ensure that the umask is set to 022 when signing tarballs since twistd invokes
the helper script with an umask of 077, preventing world access on the
resulting files.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---
 phase1/signall.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/phase1/signall.sh b/phase1/signall.sh
index f0d80fe..015470d 100755
--- a/phase1/signall.sh
+++ b/phase1/signall.sh
@@ -17,6 +17,8 @@ if [ ! -f "$tarball" ]; then
 	finish 1
 fi
 
+umask 022
+
 mkdir "$tmpdir" || finish 2
 tar -C "$tmpdir/" -xzf "$tarball" || finish 3
 find "$tmpdir/" -type f -not -name "*.gpg" -exec gpg --no-version --batch --yes -a -b ${keyid:+-u "$keyid"} ${comment:+--comment="$comment"} ${passfile:+--passphrase-file "$passfile"} -o "{}.gpg" "{}" \; || finish 4
-- 
2.30.2