automatically set permissions on unix

src/bin/duralumin-keygen.rs

@@ -1,8 +1,8 @@
-use std::io::Write;
+use std::{fs::Permissions, io::Write};
 
 use clap::Parser;
 use libduralumin::ed25519::{generate_ed25519_keypair, randomart};
-use osshkeys::{error::OsshResult, Key, PublicParts};
+use osshkeys::{error::OsshResult, PublicParts};
 
 /// program that generates ed25519 keypairs seeded by a passphrase and an optional ID.
 #[derive(Parser)]
@@ -25,6 +25,8 @@ fn fix_newline_ref(line: &mut String) {
         }
     }
 }
+
+#[allow(dead_code)]
 fn fix_newline(mut line: String) -> String {
     fix_newline_ref(&mut line);
 
@@ -94,14 +96,24 @@ fn main() -> OsshResult<()> {
 
     println!("RandomArt:\n{}", randomart);
 
+    let private_path = opts.file.clone();
+    let public_path = opts.file.clone() + ".pub";
+
     let private_key = keypair.serialize_openssh(
         encrypt.then(|| passphrase.as_str()),
         osshkeys::cipher::Cipher::Aes256_Ctr,
     )?;
-    std::fs::write(&opts.file, private_key)?;
+    std::fs::write(&private_path, private_key)?;
 
     let public_key = keypair.serialize_publickey()?;
-    std::fs::write(opts.file + ".pub", public_key)?;
+    std::fs::write(&public_path, public_key)?;
+
+    use std::os::unix::fs::PermissionsExt;
+
+    #[cfg(target_family = "unix")]
+    std::fs::set_permissions(private_path, Permissions::from_mode(0o0600))?;
+    #[cfg(target_family = "unix")]
+    std::fs::set_permissions(public_path, Permissions::from_mode(0o0600))?;
 
     Ok(())
 }