aboutsummaryrefslogtreecommitdiffstats
path: root/lacme
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2017-02-22 10:51:08 +0100
committerGuilhem Moulin <guilhem@fripost.org>2017-02-24 08:45:45 +0100
commitf4af28d7e526bd56a78225daf84d11cdf96bd611 (patch)
tree388f27495f2e44366edd5201f83da90a4667a713 /lacme
parent1426a858ae1c4da30f777110e1253fa36bac2b41 (diff)
new-cert: create certificate files atomically.
Diffstat (limited to 'lacme')
-rwxr-xr-xlacme27
1 files changed, 18 insertions, 9 deletions
diff --git a/lacme b/lacme
index b654c7d..a8c25fe 100755
--- a/lacme
+++ b/lacme
@@ -524,16 +524,25 @@ sub spawn($@) {
sub install_cert($$@) {
my $filename = shift;
my $x509 = shift;
-
- open my $fh, '>', $filename or die "Can't open $filename: $!";
- print $fh $x509;
- foreach (@_) { # append the chain
- open my $fh2, '<', $_ or die "Can't open $_: $!";
- my $ca = do { local $/ = undef; $fh2->getline() };
- print $fh $ca;
- close $fh2 or die "Can't close: $!";
+ my @chain = @_;
+
+ my $tmp = "$filename.new";
+ open my $fh, '>', $tmp or die "Can't open $tmp: $!";
+ eval {
+ $fh->print($x509) or die "Can't print: $!";
+ foreach (@chain) { # append the chain
+ open my $fh2, '<', $_ or die "Can't open $_: $!";
+ my $ca = do { local $/ = undef; $fh2->getline() };
+ $fh2->close() or die "Can't close: $!";
+ $fh->print($ca) or die "Can't print: $!";
+ }
+ $fh->close() or die "Can't close: $!";
+ };
+ if ($@) {
+ unlink $tmp or warn "Can't unlink $tmp: $!";
+ die $@;
}
- close $fh or die "Can't close: $!";
+ rename($tmp, $filename) or die "Can't rename $tmp to $filename: $!";
}