From 99a76fa75feff819f58dc923cfc0e6d815dd1829 Mon Sep 17 00:00:00 2001
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Sun, 6 Nov 2011 03:24:50 +0100
Subject: Create random-seed with read access only to root.

---
 debian/hurd.postinst | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/debian/hurd.postinst b/debian/hurd.postinst
index f6b0ead5..4828112c 100644
--- a/debian/hurd.postinst
+++ b/debian/hurd.postinst
@@ -70,8 +70,11 @@ if [ "$1" = configure ] && [ "$2" ]; then
 	                    --slave /dev/urandom urandom /dev/urandom-hurd
 
 	# Generate initial pool
+	UMASK=`umask`
+	umask 077
 	[ -f /var/spool/random-seed ] || dd < /dev/urandom > /var/spool/random-seed bs=1 count=600
         # TODO: will need to run settrans -ga /dev/random at system stop to make
         # it save it back
+	umask $UMASK
 fi
 
-- 
cgit v1.2.3