From ed0dc0d11577c2b9abd24625b70928b06861425d Mon Sep 17 00:00:00 2001
From: mirefly42 <143206683+mirefly42@users.noreply.github.com>
Date: Fri, 2 May 2025 16:05:28 +0700
Subject: [PATCH] Prevent deb package postinst script from generating a config
 readable by everyone

---
 contrib/deb/generate.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/deb/generate.sh b/contrib/deb/generate.sh
index 5731827c..acc81a07 100644
--- a/contrib/deb/generate.sh
+++ b/contrib/deb/generate.sh
@@ -108,7 +108,7 @@ then
   chmod 640 /etc/yggdrasil/yggdrasil.conf
 else
   echo "Generating initial configuration file /etc/yggdrasil/yggdrasil.conf"
-  /usr/bin/yggdrasil -genconf > /etc/yggdrasil/yggdrasil.conf
+  (umask 037 && /usr/bin/yggdrasil -genconf > /etc/yggdrasil/yggdrasil.conf)
 
   chown root:yggdrasil /etc/yggdrasil/yggdrasil.conf
   chmod 640 /etc/yggdrasil/yggdrasil.conf