diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2017-02-22 10:51:08 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2017-02-24 08:45:45 +0100 |
| commit | f4af28d7e526bd56a78225daf84d11cdf96bd611 (patch) | |
| tree | 388f27495f2e44366edd5201f83da90a4667a713 | |
| parent | 1426a858ae1c4da30f777110e1253fa36bac2b41 (diff) | |
new-cert: create certificate files atomically.
| -rw-r--r-- | Changelog | 1 | ||||
| -rwxr-xr-x | lacme | 27 |
2 files changed, 19 insertions, 9 deletions
@@ -2,6 +2,7 @@ lacme (0.3) upstream; + When parsing config-cert files and directories (default "lacme-certs.conf lacme-certs.conf.d"), import the default section of files read earlier. + + new-cert: create certificate files atomically. - Ensure lacme's config file descriptor is not passed to the accountd or webserver components. - new-cert: sort section names if not passed explicitely. @@ -524,16 +524,25 @@ sub spawn($@) { sub install_cert($$@) { my $filename = shift; my $x509 = shift; - - open my $fh, '>', $filename or die "Can't open $filename: $!"; - print $fh $x509; - foreach (@_) { # append the chain - open my $fh2, '<', $_ or die "Can't open $_: $!"; - my $ca = do { local $/ = undef; $fh2->getline() }; - print $fh $ca; - close $fh2 or die "Can't close: $!"; + my @chain = @_; + + my $tmp = "$filename.new"; + open my $fh, '>', $tmp or die "Can't open $tmp: $!"; + eval { + $fh->print($x509) or die "Can't print: $!"; + foreach (@chain) { # append the chain + open my $fh2, '<', $_ or die "Can't open $_: $!"; + my $ca = do { local $/ = undef; $fh2->getline() }; + $fh2->close() or die "Can't close: $!"; + $fh->print($ca) or die "Can't print: $!"; + } + $fh->close() or die "Can't close: $!"; + }; + if ($@) { + unlink $tmp or warn "Can't unlink $tmp: $!"; + die $@; } - close $fh or die "Can't close: $!"; + rename($tmp, $filename) or die "Can't rename $tmp to $filename: $!"; } |