* Modify shib-keygen to create the new certificate key group-readable by
_shibd and not world-readable. (Closes: #571631)
subjectKeyIdentifier=hash
EOF
+# Added for Debian. Make the key mode 640 and readable by group _shibd so
+# that the Debian shibd can use a non-root user.
+touch sp-key.pem
+chgrp _shibd sp-key.pem
+chmod 640 sp-key.pem
if [ -z "$BATCH" ] ; then
openssl req -config sp-cert.cnf -new -x509 -days $DAYS -keyout sp-key.pem -out sp-cert.pem
else
fi
rm sp-cert.cnf
-
-if [ -s sp-key.pem ] ; then
- chmod 600 sp-key.pem
-fi
+shibboleth-sp2 (2.3.1+dfsg-2) UNRELEASED; urgency=low
+
+ * Modify shib-keygen to create the new certificate key group-readable by
+ _shibd and not world-readable. (Closes: #571631)
+
+ -- Russ Allbery <rra@debian.org> Fri, 14 May 2010 17:29:48 -0700
+
shibboleth-sp2 (2.3.1+dfsg-1) unstable; urgency=low
* New upstream release.