From 976668d89b7ebc9bdd12d59af8694dc98cfb77d1 Mon Sep 17 00:00:00 2001
From: Joseph Nuthalapati <njoseph@riseup.net>
Date: Fri, 21 Feb 2020 11:50:01 +0530
Subject: [PATCH] shadowsocks: Fix shadowsocks not able to start

Shadowsocks is unable to read its own configuration file because it
doesn't have read permissions to the file.

Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[jvalleroy: Add comment about security concerns]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
---
 actions/shadowsocks | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/actions/shadowsocks b/actions/shadowsocks
index 4709ac3ae..1ade9ec33 100755
--- a/actions/shadowsocks
+++ b/actions/shadowsocks
@@ -60,7 +60,10 @@ def subcommand_merge_config(arguments):
     new_config.update(config)
     new_config = json.dumps(new_config, indent=4, sort_keys=True)
 
-    old_umask = os.umask(0o027)
+    # XXX: Config file with password is world-readable. This is the
+    # same as the default config file, but find a way to avoid this.
+    # See https://salsa.debian.org/freedombox-team/plinth/-/merge_requests/1724
+    old_umask = os.umask(0o022)
     try:
         open(SHADOWSOCKS_CONFIG, 'w').write(new_config)
     finally: