From 9cf0a759407391589fb3cca3b224b6adcccef188 Mon Sep 17 00:00:00 2001
From: mirefly42 <143206683+mirefly42@users.noreply.github.com>
Date: Fri, 2 May 2025 14:44:58 +0700
Subject: [PATCH] Prevent openrc service from generating a config readable by
 everyone

---
 contrib/openrc/yggdrasil | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/openrc/yggdrasil b/contrib/openrc/yggdrasil
index aece8ecb..f77b2603 100755
--- a/contrib/openrc/yggdrasil
+++ b/contrib/openrc/yggdrasil
@@ -14,7 +14,7 @@ depend() {
 start_pre() {
 	if [ ! -f "${CONFFILE}" ]; then
 		ebegin "Generating new configuration file into ${CONFFILE}"
-		if ! eval ${command} -genconf > ${CONFFILE}; then
+		if ! (umask 037 && eval ${command} -genconf > ${CONFFILE}); then
 			eerror "Failed to generate configuration file"
 			exit 1
 		fi