pki: Prevent OpenBSD from changing permissions

2023-11-26 15:35:51 +00:00 · 2023-11-26 15:35:51 +00:00 · 270da668c3
commit 270da668c3
parent 3fdbd62aca
2 changed files with 17 additions and 0 deletions
--- a/roles/pki/files/mtree.patch
+++ b/roles/pki/files/mtree.patch
@ -0,0 +1,11 @@
+--- 4.4BSD.dist.orig	Sat Nov 25 20:29:26 2023
+++ 4.4BSD.dist	Sat Nov 25 20:29:36 2023
+@@ -105,7 +105,7 @@
+ 
+     # ./etc/ssl
+     ssl
+-        private			uname=root mode=0700
+        private			uname=root mode=0750
+         ..
+     ..
+ 
--- a/roles/pki/tasks/main.yml
+++ b/roles/pki/tasks/main.yml
@ -29,6 +29,12 @@
  ansible.builtin.set_fact:
    pki_cacert_hash: "{{ result.stdout }}"

+- name: Patch mtree to set correct permissions on /etc/ssl/private
+  ansible.posix.patch:
+    dest: /etc/mtree/4.4BSD.dist
+    src: mtree.patch
+  when: ansible_system == "OpenBSD"
+
 - name: Fix private key directory permissions
  ansible.builtin.file:
    path: "{{ tls_private }}"