From 8e588aebcbf5a7d165b77059ea32aa4fd2549c7b Mon Sep 17 00:00:00 2001
From: Kevin Daudt <kdaudt@alpinelinux.org>
Date: Fri, 5 May 2023 20:12:53 +0000
Subject: [PATCH] community/yggdrasil: prevent generated config from being
 world-readable

The file contains secrets and thus should not be world-readable.
---
 community/yggdrasil/APKBUILD               | 2 +-
 community/yggdrasil/yggdrasil.post-install | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/community/yggdrasil/APKBUILD b/community/yggdrasil/APKBUILD
index 829e489a47f..53a5e5a02d2 100644
--- a/community/yggdrasil/APKBUILD
+++ b/community/yggdrasil/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Drew DeVault <sir@cmpwn.com>
 pkgname=yggdrasil
 pkgver=0.4.7
-pkgrel=5
+pkgrel=6
 pkgdesc="An experiment in scalable routing as an encrypted IPv6 overlay network"
 url="https://yggdrasil-network.github.io/"
 arch="all"
diff --git a/community/yggdrasil/yggdrasil.post-install b/community/yggdrasil/yggdrasil.post-install
index 057ead88d41..d549ff63761 100644
--- a/community/yggdrasil/yggdrasil.post-install
+++ b/community/yggdrasil/yggdrasil.post-install
@@ -2,5 +2,5 @@
 modprobe tun
 
 if [ ! -e "/etc/yggdrasil.conf" ]; then
-	yggdrasil -genconf > /etc/yggdrasil.conf
+	(umask 077; yggdrasil -genconf > /etc/yggdrasil.conf)
 fi