mirror of https://github.com/poanetwork/gecko.git
make staking cert/key read-only
This commit is contained in:
parent
45b9a230b6
commit
5cb106d349
|
@ -40,20 +40,27 @@ func GenerateStakingKeyCert(keyPath, certPath string) error {
|
||||||
return fmt.Errorf("couldn't create certificate: %w", err)
|
return fmt.Errorf("couldn't create certificate: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Write cert to disk
|
// Ensure directory where key/cert will live exist
|
||||||
if err := os.MkdirAll(filepath.Dir(certPath), 0755); err != nil {
|
if err := os.MkdirAll(filepath.Dir(certPath), 0700); err != nil {
|
||||||
return fmt.Errorf("couldn't create path for key/cert: %w", err)
|
return fmt.Errorf("couldn't create path for cert: %w", err)
|
||||||
|
} else if err := os.MkdirAll(filepath.Dir(keyPath), 0700); err != nil {
|
||||||
|
return fmt.Errorf("couldn't create path for key: %w", err)
|
||||||
}
|
}
|
||||||
certOut, err := os.Create(certPath)
|
|
||||||
|
// Write cert to disk
|
||||||
|
certFile, err := os.Create(certPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("couldn't create cert file: %w", err)
|
return fmt.Errorf("couldn't create cert file: %w", err)
|
||||||
}
|
}
|
||||||
if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: certBytes}); err != nil {
|
if err := pem.Encode(certFile, &pem.Block{Type: "CERTIFICATE", Bytes: certBytes}); err != nil {
|
||||||
return fmt.Errorf("couldn't write cert file: %w", err)
|
return fmt.Errorf("couldn't write cert file: %w", err)
|
||||||
}
|
}
|
||||||
if err := certOut.Close(); err != nil {
|
if err := certFile.Close(); err != nil {
|
||||||
return fmt.Errorf("couldn't close cert file: %w", err)
|
return fmt.Errorf("couldn't close cert file: %w", err)
|
||||||
}
|
}
|
||||||
|
if err := os.Chmod(certPath, 0400); err != nil { // Make cert read-only
|
||||||
|
return fmt.Errorf("couldn't change permissions on cert: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
// Write key to disk
|
// Write key to disk
|
||||||
keyOut, err := os.Create(keyPath)
|
keyOut, err := os.Create(keyPath)
|
||||||
|
@ -70,5 +77,9 @@ func GenerateStakingKeyCert(keyPath, certPath string) error {
|
||||||
if err := keyOut.Close(); err != nil {
|
if err := keyOut.Close(); err != nil {
|
||||||
return fmt.Errorf("couldn't close key file: %w", err)
|
return fmt.Errorf("couldn't close key file: %w", err)
|
||||||
}
|
}
|
||||||
|
if err := os.Chmod(keyPath, 0400); err != nil { // Make key read-only
|
||||||
|
return fmt.Errorf("couldn't change permissions on key")
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue