X-Original-To: alpine-devel@lists.alpinelinux.org Received: from smtp-sh2.infomaniak.ch (smtp-sh2.infomaniak.ch [128.65.195.6]) by lists.alpinelinux.org (Postfix) with ESMTP id 499EEF85646 for ; Thu, 20 Dec 2018 14:49:37 +0000 (UTC) Received: from smtp8.infomaniak.ch (smtp8.infomaniak.ch [83.166.132.38]) by smtp-sh.infomaniak.ch (8.14.5/8.14.5) with ESMTP id wBKEnaa0016112 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Thu, 20 Dec 2018 15:49:37 +0100 Received: from jura (84-73-9-131.dclient.hispeed.ch [84.73.9.131]) (authenticated bits=0) by smtp8.infomaniak.ch (8.14.5/8.14.5) with ESMTP id wBKEnaDD068367 (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 20 Dec 2018 15:49:36 +0100 From: Daniel Gerber To: alpine-devel@lists.alpinelinux.org Subject: [alpine-devel] Permissions on initramfs with cryptkey feature Date: Thu, 20 Dec 2018 15:50:03 +0100 Message-ID: <87pntw1cdg.fsf@atufi.org> X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; format=flowed X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.2.8 X-Antivirus-Code: 0x100000 Hello alpine, When using mkinitfs cryptkey feature, shouldn't the initramfs file have stricter permissions? It would be convenient if it were done by default in the mkinitfs package. diff --git a/main/mkinitfs/mkinitfs.trigger b/main/mkinitfs/mkinitfs.trigger index e8acc97854..53125959f3 100644 --- a/main/mkinitfs/mkinitfs.trigger +++ b/main/mkinitfs/mkinitfs.trigger @@ -13,6 +13,7 @@ for i in "$@"; do abi_release=$(cat "$i"/kernel.release) initfs=initramfs-$flavor mkinitfs -o /boot/$initfs $abi_release + chmod 0600 /boot/$initfs done # extlinux will use path relative partition, so if /boot is on a -- Daniel Gerber -- --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---