From e760b803f13bb0597cb7bd6305fe34202deae335 Mon Sep 17 00:00:00 2001
From: Adrian Dombeck <adrian.dombeck@canonical.com>
Date: Wed, 18 Dec 2024 21:07:55 +0100
Subject: [PATCH] Create broker.conf and broker.conf.d with permissions 0700

---
 snap/hooks/install      | 2 +-
 snap/hooks/post-refresh | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/snap/hooks/install b/snap/hooks/install
index 077b3cbd..cce533c2 100755
--- a/snap/hooks/install
+++ b/snap/hooks/install
@@ -1,4 +1,4 @@
 #!/bin/sh
 set -eu
 
-cp --update=none ${SNAP}/conf/broker.conf.orig ${SNAP_DATA}/broker.conf
+install --mode=0700 "${SNAP}/conf/broker.conf.orig" "${SNAP_DATA}/broker.conf"
diff --git a/snap/hooks/post-refresh b/snap/hooks/post-refresh
index 89f7916a..110a2cf1 100755
--- a/snap/hooks/post-refresh
+++ b/snap/hooks/post-refresh
@@ -25,8 +25,7 @@ should_transition_to_allowed_users() {
 
 transition_to_allowed_users() {
   log "Transitioning to allowed users"
-  mkdir -p "${SNAP_DATA}/broker.conf.d"
-  cp --update=none "${SNAP}/conf/migrations/pre-${INITIAL_ALLOWED_USERS_VERSION}/broker.conf.d/"* "${SNAP_DATA}/broker.conf.d/"
+  install -D --target-directory --mode=0700"${SNAP_DATA}/broker.conf.d" "${SNAP}/conf/migrations/pre-${INITIAL_ALLOWED_USERS_VERSION}/broker.conf.d/"*
 }
 
 if [ -z "${PREVIOUS_VERSION}" ]; then