mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-12-28 14:22:50 +03:00
google-comute-image.nix: set umask 077 when downloading private keys from the metadata server.
This commit is contained in:
parent
e548a4330d
commit
b19ab1f046
@ -135,6 +135,8 @@ in
|
||||
path = [ pkgs.wget ];
|
||||
script =
|
||||
''
|
||||
# When dealing with cryptographic keys, we want to keep things private.
|
||||
umask 077
|
||||
wget="wget --retry-connrefused -t 6 --waitretry=10"
|
||||
# Don't download the SSH key if it has already been downloaded
|
||||
if ! [ -e /root/.ssh/authorized_keys ]; then
|
||||
|
Loading…
Reference in New Issue
Block a user