certs/Makefile: Run key generation with a stricter umask (fixes a race condition)

diff --git a/certs/Makefile b/certs/Makefile
index f3854c5f98b9b5143d654d933f4cb8c031d34628..c709ff91f24a45677f697a3854892f712708726a 100644 (file)
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -26,5 +26,5 @@ keysize=2048
        sed 's,example\.com,$*,g' openssl.cnf > $@
 
 %.key:
-       openssl genrsa $(keysize) > $@
-       @chmod 400 $@
+       umask 0077 && openssl genrsa -out $@ $(keysize)
+       @chmod 400 $@ -c