From 2a5038d209c7e24581670bb9c1accf157446d1ec Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 23 Jun 2017 11:12:28 +0100
Subject: [PATCH] Permissions on root gpg keyring

---
 src/freedombone-base-email     | 2 ++
 src/freedombone-restore-local  | 4 ++++
 src/freedombone-restore-remote | 4 ++++
 src/freedombone-utils-keys     | 2 ++
 4 files changed, 12 insertions(+)

diff --git a/src/freedombone-base-email b/src/freedombone-base-email
index d1d37e63..e619d04d 100755
--- a/src/freedombone-base-email
+++ b/src/freedombone-base-email
@@ -1629,6 +1629,8 @@ function configure_gpg {
 
     if [ ! -d /root/.gnupg ]; then
         cp -r /home/$MY_USERNAME/.gnupg /root/
+        chmod 700 /root/.gnupg
+        chmod 600 /root/.gnupg/*
     fi
     gpg_agent_setup root
     gpg_agent_setup $MY_USERNAME
diff --git a/src/freedombone-restore-local b/src/freedombone-restore-local
index fef34d20..dab3068c 100755
--- a/src/freedombone-restore-local
+++ b/src/freedombone-restore-local
@@ -108,6 +108,8 @@ function check_admin_user {
 function copy_gpg_keys {
     echo $"Copying GPG keys from admin user to root"
     cp -r /home/$ADMIN_USERNAME/.gnupg /root
+    chmod 700 /root/.gnupg
+    chmod 600 /root/.gnupg/*
 }
 
 function restore_configfiles {
@@ -340,6 +342,8 @@ function restore_gpg {
                         backup_unmount_drive
                         exit 283
                     fi
+                    chmod 700 /root/.gnupg
+                    chmod 600 /root/.gnupg/*
                 fi
             fi
         done
diff --git a/src/freedombone-restore-remote b/src/freedombone-restore-remote
index 191cc672..1f839863 100755
--- a/src/freedombone-restore-remote
+++ b/src/freedombone-restore-remote
@@ -99,6 +99,8 @@ DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
 function copy_gpg_keys {
     echo $"Copying GPG keys from admin user to root"
     cp -r /home/$ADMIN_USERNAME/.gnupg /root
+    chmod 700 /root/.gnupg
+    chmod 600 /root/.gnupg/*
 }
 
 function restore_configfiles {
@@ -306,6 +308,8 @@ function restore_gpg {
                     if [ ! "$?" = "0" ]; then
                         exit 283
                     fi
+                    chmod 700 /root/.gnupg
+                    chmod 600 /root/.gnupg/*
                 fi
             fi
         fi
diff --git a/src/freedombone-utils-keys b/src/freedombone-utils-keys
index cd5f72b5..4bdcf71b 100755
--- a/src/freedombone-utils-keys
+++ b/src/freedombone-utils-keys
@@ -240,6 +240,8 @@ function interactive_key_recovery {
     ${PROJECT_NAME}-recoverkey -u $MY_USERNAME
     if [ -d /home/$MY_USERNAME/.gnupg ]; then
         cp -rf /home/$MY_USERNAME/.gnupg /root
+        chmod 700 /root/.gnupg
+        chmod 600 /root/.gnupg/*
     fi
 }