URL:
https://github.com/freeipa/freeipa/pull/2057
Author: tiran
Title: #2057: Ensure that public cert and CA bundle are readable
Action: opened
PR body:
"""
In CIS hardened mode, the process umask is 027. This results in some
files not being world readable. Ensure that write_certificate_list()
calls in client installer, server installer, and upgrader create cert
bundles with permission bits 0644.
Make CA bundles, certs, and cert directories world-accessible in
upgrader.
Fixes: pagure.io/freeipa/issue/7594
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2057/head:pr2057
git checkout pr2057