lacme: Don't write certificate(-chain) file on chown/chmod failure.

Otherwise we end up with files with mode 0644 owned by root:root, and subsequent lacme(8) invocations will likely not renew them for a while. This change also saves a chown(2) call. And the new logic (chown resp. chmod from root:root resp. 0600) is safe if we ever include private key material in there too.
author: Guilhem Moulin <guilhem@fripost.org> 2021-02-24 20:03:44 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2021-02-24 21:09:02 +0100
commit: cdd025133a306cd8d3e81aa832ac056119d65f3a (patch)
tree: 70124d1307c6bb9f49fb9b2440521a7fe15786b9 /Changelog
parent: faab30461b0f2b920e3dd19489ce458c0b38e6d9 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/Changelog b/Changelog
index e047ac5..2a027f1 100644
--- a/Changelog
+++ b/Changelog
@@ -2,6 +2,7 @@ lacme (0.8.1) upstream;
 
  + lacme-accountd: improve log messages and refactor logging logic.
  + lacme-accountd: refuse to sign JWS with an invalid Protected Header.
+ + lacme: don't write certificate(-chain) file on chown/chmod failure.
  - lacme: in the [accountd] config, let lacme-accountd(1) do the
    %-expansion for 'config', not lacme(8) when building the command.
  - lacme-accountd: don't log debug messages unless --debug is set.
author	Guilhem Moulin <guilhem@fripost.org>	2021-02-24 20:03:44 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2021-02-24 21:09:02 +0100
commit	cdd025133a306cd8d3e81aa832ac056119d65f3a (patch)
tree	70124d1307c6bb9f49fb9b2440521a7fe15786b9 /Changelog
parent	faab30461b0f2b920e3dd19489ce458c0b38e6d9 (diff)