debug cert permissions

cont-init.d/50_configure.sh

@@ -15,11 +15,15 @@ cat /etc/group
 #
 # Note: Due to permissions problems, copy the secrets from the /run read-only path to /etc/tedge/device-certs/
 #
+echo "secret permissions: certificate_private_key"
+ls -l /run/secrets/certificate_private_key
+
+echo "secret permissions: certificate_public_key"
+ls -l /run/secrets/certificate_public_key
+
+
 CERT_FILE_KEY="$(tedge config get device.key_path)"
 if [ -f /run/secrets/certificate_private_key ]; then
-    echo "secret permissions: certificate_private_key"
-    ls -l /run/secrets/certificate_private_key
-
     cat /run/secrets/certificate_private_key > "$CERT_FILE_KEY"
     chmod 600 "$CERT_FILE_KEY"
 fi
@@ -28,9 +32,6 @@ ls -l "$CERT_FILE_KEY"
 
 CERT_FILE_PUB="$(tedge config get device.cert_path)"
 if [ -f /run/secrets/certificate_public_key ]; then
-    echo "secret permissions: certificate_public_key"
-    ls -l /run/secrets/certificate_public_key
-
     cat /run/secrets/certificate_public_key > "$CERT_FILE_PUB"
     chmod 644 "$CERT_FILE_PUB"
 fi

scripts/manage.sh

@@ -28,6 +28,7 @@ create_cert() {
     COMMON_NAME="$1"
     if command -V tedge >/dev/null 2>&1; then
         tedge cert create --config-dir "$(pwd)" --device-id "$COMMON_NAME"
+        chmod 644 "$(pwd)/device-certs"/*
     else
         # docker run $DOCKER_OPTIONS --user root -v "$DEVICE_CERTS:/etc/tedge/device-certs" ghcr.io/thin-edge/tedge:latest tedge cert create --device-id "$COMMON_NAME"
         docker run $DOCKER_OPTIONS --user "1000:101" -v "$DEVICE_CERTS:/etc/tedge/device-certs" ghcr.io/thin-edge/tedge:latest tedge cert create --device-id "$COMMON_NAME"