From 39711d4c87cbc037955a6abefe1abb98939a0f92 Mon Sep 17 00:00:00 2001
From: mirefly42 <143206683+mirefly42@users.noreply.github.com>
Date: Fri, 2 May 2025 17:08:02 +0700
Subject: [PATCH] Prevent contrib/docker/entrypoint.sh script from generating a
 config readable by everyone

---
 contrib/docker/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/docker/entrypoint.sh b/contrib/docker/entrypoint.sh
index 26c685a8..5bbf0f0a 100755
--- a/contrib/docker/entrypoint.sh
+++ b/contrib/docker/entrypoint.sh
@@ -6,7 +6,7 @@ CONF_DIR="/etc/yggdrasil-network"
 
 if [ ! -f "$CONF_DIR/config.conf" ]; then
   echo "generate $CONF_DIR/config.conf"
-  yggdrasil --genconf > "$CONF_DIR/config.conf"
+  (umask 037 && yggdrasil --genconf > "$CONF_DIR/config.conf")
 fi
 
 yggdrasil --useconf < "$CONF_DIR/config.conf"