wg-quick: enforce good permissions
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
Jason A. Donenfeld
parent
bf5d24eca4
commit
16060516bb
2 changed files with 3 additions and 1 deletions
|
|
@ -1,6 +1,7 @@
|
||||||
PKG_CONFIG ?= pkg-config
|
PKG_CONFIG ?= pkg-config
|
||||||
PREFIX ?= /usr
|
PREFIX ?= /usr
|
||||||
DESTDIR ?=
|
DESTDIR ?=
|
||||||
|
SYSCONFDIR ?= /etc
|
||||||
BINDIR ?= $(PREFIX)/bin
|
BINDIR ?= $(PREFIX)/bin
|
||||||
LIBDIR ?= $(PREFIX)/lib
|
LIBDIR ?= $(PREFIX)/lib
|
||||||
MANDIR ?= $(PREFIX)/share/man
|
MANDIR ?= $(PREFIX)/share/man
|
||||||
|
|
@ -54,7 +55,7 @@ install: wg
|
||||||
@[ "$(WITH_BASHCOMPLETION)" = "yes" ] || exit 0; \
|
@[ "$(WITH_BASHCOMPLETION)" = "yes" ] || exit 0; \
|
||||||
install -v -d "$(DESTDIR)$(BASHCOMPDIR)" && install -m 0644 -v completion/wg.bash-completion "$(DESTDIR)$(BASHCOMPDIR)/wg"
|
install -v -d "$(DESTDIR)$(BASHCOMPDIR)" && install -m 0644 -v completion/wg.bash-completion "$(DESTDIR)$(BASHCOMPDIR)/wg"
|
||||||
@[ "$(WITH_WGQUICK)" = "yes" ] || exit 0; \
|
@[ "$(WITH_WGQUICK)" = "yes" ] || exit 0; \
|
||||||
install -m 0755 -v wg-quick.bash "$(DESTDIR)$(BINDIR)/wg-quick"
|
install -m 0755 -v wg-quick.bash "$(DESTDIR)$(BINDIR)/wg-quick" && install -m 0700 -v -d "$(DESTDIR)$(SYSCONFDIR)/wireguard"
|
||||||
@[ "$(WITH_WGQUICK)" = "yes" ] || exit 0; \
|
@[ "$(WITH_WGQUICK)" = "yes" ] || exit 0; \
|
||||||
install -m 0644 -v wg-quick.8 "$(DESTDIR)$(MANDIR)/man8/wg-quick.8"
|
install -m 0644 -v wg-quick.8 "$(DESTDIR)$(MANDIR)/man8/wg-quick.8"
|
||||||
@[ "$(WITH_WGQUICK)" = "yes" -a "$(WITH_BASHCOMPLETION)" = "yes" ] || exit 0; \
|
@[ "$(WITH_WGQUICK)" = "yes" -a "$(WITH_BASHCOMPLETION)" = "yes" ] || exit 0; \
|
||||||
|
|
|
||||||
|
|
@ -27,6 +27,7 @@ parse_options() {
|
||||||
[[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,16}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf"
|
[[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,16}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf"
|
||||||
[[ -e $CONFIG_FILE ]] || die "\`$CONFIG_FILE' does not exist"
|
[[ -e $CONFIG_FILE ]] || die "\`$CONFIG_FILE' does not exist"
|
||||||
[[ $CONFIG_FILE =~ /?([a-zA-Z0-9_=+.-]{1,16})\.conf$ ]] || die "The config file must be a valid interface name, followed by .conf"
|
[[ $CONFIG_FILE =~ /?([a-zA-Z0-9_=+.-]{1,16})\.conf$ ]] || die "The config file must be a valid interface name, followed by .conf"
|
||||||
|
((($(stat -c '%#a' "$CONFIG_FILE") & 0007) == 0)) || echo "Warning: \`$CONFIG_FILE' is world accessible" >&2
|
||||||
INTERFACE="${BASH_REMATCH[1]}"
|
INTERFACE="${BASH_REMATCH[1]}"
|
||||||
shopt -s nocasematch
|
shopt -s nocasematch
|
||||||
while read -r line; do
|
while read -r line; do
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue