Bug#481765: marked as done (exim4-base: con.monthly recreate gnutls-params without read access)

[Marc Haber]

found #481765 4.69-5
thanks

On Thu, May 22, 2008 at 01:52:24PM +0200, Andreas Metzler wrote:
> This bug (gnutls-params unreadable for exim daemon), was *introduced*
> in 4.69-5. Previously the file was 400 Debian-exim:Debian-exim, but
> now it is 0400 root:root. - The file mode is set by tempfile(1).

*argh*

I had the impression that tempfile would honor umask.

> This would fix it:
> --- exim4_refresh_gnutls-params (Revision 2286)
> +++ exim4_refresh_gnutls-params (Arbeitskopie)
> @@ -37,6 +37,7 @@
>    if /usr/share/exim4/timeout.pl \
>        "$TIMEOUT" /usr/bin/certtool --generate-dh-params --bits 2048 \
>        > "$tempgnutls" 2> /dev/null ; then
> +    chmod 644 "$tempgnutls"
>      mv -f "$tempgnutls" "$PARAMFILE"
>    else
>      rm -f "$tempgnutls"

I think this one:
--- debian/exim4_refresh_gnutls-params  (revision 2286)
+++ debian/exim4_refresh_gnutls-params  (working copy)
@@ -30,7 +30,7 @@

 PARAMFILE="$EXIM4_SPOOLDIR/gnutls-params"

-tempgnutls=$(tempfile -d $EXIM4_SPOOLDIR -p "gnutp" )
+tempgnutls=$(tempfile --directory $EXIM4_SPOOLDIR --mode 644 --prefix  "gnutp" )

 if [ -x /usr/bin/certtool ] ; then
   # GnuTLS

is better. Do you agree?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190