From 6de31b7bc4a6c22a3b6a8b73da1f6db6f2715500 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Sat, 5 Oct 2024 18:32:09 +0000
Subject: [PATCH] sane-private-unlock: fix perms

---
 pkgs/by-name/sane-scripts/src/sane-private-unlock | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkgs/by-name/sane-scripts/src/sane-private-unlock b/pkgs/by-name/sane-scripts/src/sane-private-unlock
index c02ae9d81..47444b3b2 100755
--- a/pkgs/by-name/sane-scripts/src/sane-private-unlock
+++ b/pkgs/by-name/sane-scripts/src/sane-private-unlock
@@ -1,6 +1,8 @@
 #!/usr/bin/env nix-shell
 #!nix-shell -i bash -p bash -p coreutils -p systemdMinimal
 
+umask 027
+
 if ! systemctl is-active private-storage.target > /dev/null; then
   echo "unable to access encrypted data store."
   echo "unlock it now or cancel with Ctrl+C."
@@ -10,7 +12,7 @@ while ! systemctl is-active private-storage.target > /dev/null; do
   # see: <https://stackoverflow.com/a/2654096>
   IFS= read -s -r -p "password: " line
   echo
-  if [[ "$?" -eq 0 ]]; then
+  if [[ "$?" -eq 0 && -n "$line" ]]; then
     echo -n "$line" > /run/gocryptfs/private.key
     # give time for the store to be unlocked
     timeout 3s systemctl start private-storage.target