From 1f7ef3663f6374b80bc42416cea02fc114dc574d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?F=E1=B4=80=CA=99=C9=AA=E1=B4=87=C9=B4=20W=E1=B4=87=CA=80?=
 =?UTF-8?q?=C9=B4=CA=9F=C9=AA?= <github@faxmodem.org>
Date: Tue, 12 Oct 2021 10:15:27 +0200
Subject: [PATCH] Add possibility to configure umask

---
 doc/EasyRSA-Advanced.md | 2 ++
 easyrsa3/easyrsa        | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/doc/EasyRSA-Advanced.md b/doc/EasyRSA-Advanced.md
index 2ced95f..d1c140d 100644
--- a/doc/EasyRSA-Advanced.md
+++ b/doc/EasyRSA-Advanced.md
@@ -120,5 +120,7 @@ possible terse description is shown below:
     password using any openssl password options like pass:1234 or env:var
  *  `EASYRSA_PASSOUT` (CLI: `--passout`) - allows to specify a source for
     password using any openssl password options like pass:1234 or env:var
+ *  `EASYRSA_UMASK` - safe umask to use for file creation. Defaults to `077`
+ *  `EASYRSA_NO_UMASK` - disable safe umask. Files will be created using the system's defúlts
     
 **NOTE:** the global options need to be provided before the actual commands.
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 36e154d..9f7c0c6 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -2392,7 +2392,7 @@ NL='
 '
 
 # Be secure with a restrictive umask
-[ -z "$EASYRSA_NO_UMASK" ] && umask 077
+[ -z "$EASYRSA_NO_UMASK" ] && umask ${EASYRSA_UMASK:-077}
 
 # Parse options
 while :; do