diff options
Diffstat (limited to 'src/bin/tpd.rs')
| -rw-r--r-- | src/bin/tpd.rs | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/src/bin/tpd.rs b/src/bin/tpd.rs index 54dbd7f..a1edf79 100644 --- a/src/bin/tpd.rs +++ b/src/bin/tpd.rs @@ -308,14 +308,34 @@ fn load_or_create_identity(path: &std::path::Path) -> Vec<u8> { } let mut seed = [0u8; 32]; tesseras_dht::sys::random_bytes(&mut seed); - if let Err(e) = std::fs::write(path, seed) { - log::warn!("identity: failed to save to {}: {e}", path.display()); - } else { - log::info!("identity: generated new keypair at {}", path.display()); + match write_private_file(path, &seed) { + Ok(()) => { + log::info!("identity: generated new keypair at {}", path.display()); + } + Err(e) => { + log::warn!("identity: failed to save to {}: {e}", path.display()); + } } seed.to_vec() } +/// Write data to a file with mode 0600 (owner read/write only). +fn write_private_file( + path: &std::path::Path, + data: &[u8], +) -> std::io::Result<()> { + use std::io::Write; + use std::os::unix::fs::OpenOptionsExt; + let mut f = std::fs::OpenOptions::new() + .write(true) + .create(true) + .truncate(true) + .mode(0o600) + .open(path)?; + f.write_all(data)?; + f.sync_all() +} + const SIGINT: i32 = 2; const SIGTERM: i32 = 15; |