From 4382120e37fae541e72cba695905198963a31332 Mon Sep 17 00:00:00 2001 From: Daniel Micay <daniel.micay@grapheneos.org> Date: Fri, 21 Jun 2024 22:36:27 -0400 Subject: [PATCH] set umask for encrypted swapfile creation --- deploy-initial | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-initial b/deploy-initial index 1d5e37b..443f8af 100755 --- a/deploy-initial +++ b/deploy-initial @@ -60,7 +60,7 @@ rsync -cv nftables/nftables-${hosts_firewall[$host]:-web}.conf $remote:/mnt/etc/ ssh $remote "arch-chroot /mnt systemctl enable chronyd.service fstrim.timer logrotate.timer nftables.service plocate-updatedb.timer systemd-networkd.service sshd.service unbound.service" ssh $remote "arch-chroot /mnt systemctl disable remote-fs.target systemd-network-generator.service" -ssh $remote "dd if=/dev/random of=/mnt/swapfile bs=1M count=$swap status=progress" +ssh $remote "umask 077 && dd if=/dev/random of=/mnt/swapfile bs=1M count=$swap status=progress" password=$(head -c32 <(tr -dc A-Za-z0-9 </dev/random)) echo password: $password