From 15ecab80070d96fe8131de9d87d447ed86011106 Mon Sep 17 00:00:00 2001
From: Dennis Camera <dennis.camera@ssrq-sds-fds.ch>
Date: Mon, 27 Jul 2020 10:33:40 +0200
Subject: [PATCH] [type/__ssh_authorized_key] Set mode 0600 for new files

---
 .../type/__ssh_authorized_key/gencode-remote  | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/cdist/conf/type/__ssh_authorized_key/gencode-remote b/cdist/conf/type/__ssh_authorized_key/gencode-remote
index a4f915b8..778219ec 100755
--- a/cdist/conf/type/__ssh_authorized_key/gencode-remote
+++ b/cdist/conf/type/__ssh_authorized_key/gencode-remote
@@ -42,11 +42,20 @@ DONE
 }
 
 add_line() {
-   file="$1"
-   line="$2"
-   # escape single quotes
-   line_sanitised=$(echo "$line" | sed -e "s/'/'\"'\"'/g")
-   printf '%s' "printf '%s\\n' '$line_sanitised' >> $file"
+	file="$1"
+	line="$2"
+
+	# escape single quotes
+	line_sanitised=$(echo "$line" | sed -e "s/'/'\"'\"'/g")
+
+	cat <<-EOF
+	test -f '${file}' || {
+	    :>'${file}'
+	    chmod 0600 '${file}'
+	}
+
+	printf '%s\n' '${line_sanitised}' >>'${file}'
+	EOF
 }