[Buildroot] [PATCH 10/11 v5] package/freerdp: install server key and certificate

[Yann E. MORIN <yann.morin.1998@free.fr>]

Thomas, All,

On 2015-02-22 14:45 +0100, Thomas Petazzoni spake thusly:
> On Sun, 22 Feb 2015 14:16:23 +0100, Yann E. MORIN wrote:
> 
> > Yup, I forgot it.
> > 
> > But now I wonder what those should be: 0644 or 0600 ?
> 
> I was also unsure, and that's why I decided to not add the '-m' myself,
> and open up the discussion. Is it problematic if a non-root user has
> access to this key and certificate?

Well, I don't think so. am not 100% sure about this either.

However, know that those key and cert are already highly public: they
*are* in the FreeRDP repository (i.e. they are not generated at build
time).

So, there is no real security concern about that pair, and I would be
tempted to leave them at 0644.

However, I believe the user should be responsible about providing their
own set of key+cert (and thus set the appropriate permissions on them).

I said in the help text of Weston:

    By default, Buildroot installs such files in /etc/freerdp/server/
    so you may want to change them in a post-build script or a rootfs
    overlay.

So, thanks to your comment, I noticed a few issues, now:

  - the key+cert are only installed when FreeRDP server is installed,
    so we're missing them when onlt the lib is installed. Damn smartin
    who made me change to that situation! :-]

  - the comment about the keys should be moved to the FreeRDP option.

I'll provide follow-up patches soon.

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'