From 619ea42d3e4f41def3c62a6fcb6c5858ca87f3b0 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Wed, 1 Sep 2021 17:46:06 +0300
Subject: [PATCH] Permissions on secure templated files.

---
 Makefile | 44 ++++++++++++++++++++++++++++----------------
 1 file changed, 28 insertions(+), 16 deletions(-)

diff --git a/Makefile b/Makefile
index 16d4b2c..2026e72 100644
--- a/Makefile
+++ b/Makefile
@@ -5,15 +5,18 @@ download = $(curl) --output $@
 mkd = mkdir -p $$(dirname $@)
 
 .PHONY: all
-all: .ssh/gitlab_ed25519
-all: .ssh/gitlab_fdo_ed25519
-all: .ssh/gitlab_toptal_ed25519
-all: .ssh/github_ed25519
-all: .ssh/shore_ecdsa
-all: .ssh/shore_ed25519
-all: .ssh/shore_rsa
-all: .ssh/smile_ed25519
-all: .ssh/smile_rsa
+all: ssh-keys
+
+.PHONY: ssh-keys
+ssh-keys: .ssh/gitlab_ed25519
+ssh-keys: .ssh/gitlab_fdo_ed25519
+ssh-keys: .ssh/gitlab_toptal_ed25519
+ssh-keys: .ssh/github_ed25519
+ssh-keys: .ssh/shore_ecdsa
+ssh-keys: .ssh/shore_ed25519
+ssh-keys: .ssh/shore_rsa
+ssh-keys: .ssh/smile_ed25519
+ssh-keys: .ssh/smile_rsa
 
 .ssh/%_rsa: Documents/Database.kdbx
 	$(mkd)
@@ -51,38 +54,47 @@ all: .ssh/authorized_keys
 	$(mkd)
 	-$(ansible-local) -m authorized_key -a "user=$$(whoami) key='$$(cat .ssh/localhost.pub)' key_options='from=\"127.0.0.1/8\"'"
 
-all: .gnupg/trustdb.gpg
+.PHONY: secure-templates
+all: secure-templates
+
+secure-templates: .gnupg/trustdb.gpg
 .gnupg/trustdb.gpg: Documents/Database.kdbx
 	ph show --field 'Notes' 'GPG/D3B913DE36AB5565DCAC91C6A322378C61339ECD' | gpg --import
 	echo 'D3B913DE36AB5565DCAC91C6A322378C61339ECD:6:' | gpg --import-ownertrust
 	chmod 600 '$@'
 
-all: .bashrc.private
+secure-templates: .bashrc.private
 .bashrc.private: .bashrc.private.j2 Documents/Database.kdbx
 	$(mkd)
 	template '$<' > '$@'
+	chmod 600 '$@'
 
-all: .config/python-gitlab.cfg
+secure-templates: .config/python-gitlab.cfg
 .config/python-gitlab.cfg: .config/python-gitlab.cfg.j2 Documents/Database.kdbx
 	$(mkd)
 	template '$<' > '$@'
+	chmod 600 '$@'
 
-all: .config/gem/gemrc
+secure-templates: .config/gem/gemrc
 .config/gem/gemrc: .config/gem/gemrc.j2 Documents/Database.kdbx
 	$(mkd)
 	template '$<' > '$@'
+	chmod 600 '$@'
 
-all: .bundle/config
+secure-templates: .bundle/config
 .bundle/config: .bundle/config.j2 Documents/Database.kdbx
 	$(mkd)
 	template '$<' > '$@'
+	chmod 600 '$@'
 
-all: .aws/credentials
+secure-templates: .aws/credentials
 .aws/credentials: .aws/credentials.j2 Documents/Database.kdbx
 	$(mkd)
 	template '$<' > '$@'
+	chmod 600 '$@'
 
-all: .netrc
+secure-templates: .netrc
 .netrc: .netrc.j2 Documents/Database.kdbx
 	$(mkd)
 	template '$<' > '$@'
+	chmod 600 '$@'
-- 
GitLab