upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-03-15 07:02:13 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
certbot/certbot
History
sydneyli 7d0ac47139 Change default privkey permissions while preserving group permissions (#6480) 
Fixes #1473.

writes privkey.pem to 0600 by default for new lineages
on renewals where a new privkey is generated, preserves group mode and gid
Things this PR does not do:

we talked about forcing 0600 on privkeys when a Certbot upgrade is detected. Instead, this PR only creates new lineages with the more restrictive permission to prevent renewal breakages.
this doesn't solve many of the problems mentioned in #1473 that are not directly related to the title issue!

* safe_open on archive keyfiles

* keep group from current lineage

* clean up integration test

* safe_open can follow symlinks

* fix tests on windows, maybe

* Address Brad's comments

* Revert changes to safe_open
* Test chown is called when saving new key
* Reorder chown operation

* Changelog and documentation

* Fix documentation style
2018-11-29 09:33:05 -08:00
..
display [Windows] Change default paths for Certbot when run on Windows (#6416) 2018-11-20 14:06:09 -08:00
plugins Merge branch 'master' into warnings-are-errors 2018-11-05 16:57:50 -08:00
tests Change default privkey permissions while preserving group permissions (#6480) 2018-11-29 09:33:05 -08:00
.gitignore s/letsencrypt/certbot 2016-04-13 16:03:59 -07:00
__init__.py Bump version to 0.29.0 2018-11-07 13:22:59 -08:00
account.py Make Certbot runnable on Windows (#6296) 2018-09-08 07:34:27 -07:00
achallenges.py Use josepy instead of acme.jose. (#5203) 2017-12-11 11:25:09 -08:00
auth_handler.py Log warning about TLS-SNI deprecation in Certbot (#6468) 2018-11-05 15:01:16 -08:00
cert_manager.py Make Certbot runnable on Windows (#6296) 2018-09-08 07:34:27 -07:00
cli.py Merge branch 'master' into warnings-are-errors 2018-11-27 17:18:55 -08:00
client.py Make Certbot runnable on Windows (#6296) 2018-09-08 07:34:27 -07:00
compat.py [Windows] Change default paths for Certbot when run on Windows (#6416) 2018-11-20 14:06:09 -08:00
configuration.py Reuse ACMEv1 accounts for ACMEv2 (#5902) 2018-06-04 16:04:47 -07:00
constants.py [Windows] Change default paths for Certbot when run on Windows (#6416) 2018-11-20 14:06:09 -08:00
crypto_util.py no newline in py27 2018-11-05 17:47:38 -08:00
eff.py Changing opt-in ask for emails (#6035) 2018-05-23 20:40:34 -07:00
error_handler.py Prepare certbot module for mypy check untyped defs (#6005) 2018-05-18 06:28:17 -07:00
errors.py PluginStorage to store variables between invocations. (#5468) 2018-04-11 08:54:55 -07:00
hooks.py Prepare certbot module for mypy check untyped defs (#6005) 2018-05-18 06:28:17 -07:00
interfaces.py Do not call IPlugin.prepare() for updaters when running renew (#6167) 2018-07-06 13:19:29 -07:00
lock.py Make Certbot runnable on Windows (#6296) 2018-09-08 07:34:27 -07:00
log.py Make Certbot runnable on Windows (#6296) 2018-09-08 07:34:27 -07:00
main.py Add a random sleep for noninteractive renewals (#6393) 2018-11-20 23:55:51 -05:00
notify.py s/Let's Encrypt/Certbot 2016-04-13 16:13:50 -07:00
ocsp.py warn-->warning 2018-10-31 18:11:43 -07:00
renewal.py Clean up many warnings 2018-11-01 16:39:54 -07:00
reporter.py Refactoring for better logging (#4444) 2017-03-30 16:17:57 -07:00
reverter.py [Windows] Handle file renaming when the destination path already exists (#6415) 2018-11-06 15:35:09 -08:00
ssl-dhparams.pem Use ffdhe2048 Nginx DH params to fix Weak-DH bug (#4973) 2017-09-01 07:57:30 -07:00
storage.py Change default privkey permissions while preserving group permissions (#6480) 2018-11-29 09:33:05 -08:00
updater.py Do not call IPlugin.prepare() for updaters when running renew (#6167) 2018-07-06 13:19:29 -07:00
util.py [Windows] Create the CI logic (#6374) 2018-10-19 14:53:15 -07:00