aboutsummaryrefslogtreecommitdiffstats
path: root/tests/cert-install
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2021-02-24 20:03:44 +0100
committerGuilhem Moulin <guilhem@fripost.org>2021-02-24 21:09:02 +0100
commitcdd025133a306cd8d3e81aa832ac056119d65f3a (patch)
tree70124d1307c6bb9f49fb9b2440521a7fe15786b9 /tests/cert-install
parentfaab30461b0f2b920e3dd19489ce458c0b38e6d9 (diff)
lacme: Don't write certificate(-chain) file on chown/chmod failure.
Otherwise we end up with files with mode 0644 owned by root:root, and subsequent lacme(8) invocations will likely not renew them for a while. This change also saves a chown(2) call. And the new logic (chown resp. chmod from root:root resp. 0600) is safe if we ever include private key material in there too.
Diffstat (limited to 'tests/cert-install')
-rw-r--r--tests/cert-install34
1 files changed, 14 insertions, 20 deletions
diff --git a/tests/cert-install b/tests/cert-install
index 39110f4..5d8a239 100644
--- a/tests/cert-install
+++ b/tests/cert-install
@@ -110,25 +110,22 @@ cat >"/etc/lacme/lacme-certs.conf.d/test4.conf" <<- EOF
certificate-key = /etc/lacme/test4.key
certificate = /etc/lacme/test4.pem
certificate-chain = /etc/lacme/test4.crt
- chown = nobody
+ chown = nonexistent-user
subject = $subject
EOF
+! lacme newOrder test4 2>"$STDERR" || fail newOrder test4
+grepstderr -Fxq "getpwnam(nonexistent-user)"
+! test -e /etc/lacme/test4.pem
+! test -e /etc/lacme/test4.crt
+
+sed -ri "s/^chown\\s*=.*/chown = nobody/" /etc/lacme/lacme-certs.conf.d/test4.conf
lacme newOrder test4 2>"$STDERR" || fail newOrder test4
st="$(stat -c "%U:%G %#a" /etc/lacme/test4.pem)"
[ "$st" = "nobody:root 0644" ]
st="$(stat -c "%U:%G %#a" /etc/lacme/test4.crt)"
[ "$st" = "nobody:root 0644" ]
-rm -f /etc/lacme/test4.pem /etc/lacme/test4.crt
-sed -ri "s/^chown\\s*=.*/chown = nonexistent-user/" /etc/lacme/lacme-certs.conf.d/test4.conf
-! lacme newOrder test4 2>"$STDERR" || fail newOrder test4
-grepstderr -Fxq "getpwnam(nonexistent-user)"
-st="$(stat -c "%U:%G %#a" /etc/lacme/test4.pem)"
-[ "$st" = "root:root 0644" ]
-st="$(stat -c "%U:%G %#a" /etc/lacme/test4.crt)"
-[ "$st" = "root:root 0644" ]
-
# chown user:group
openssl genpkey -algorithm RSA -out /etc/lacme/test5.key
cat >"/etc/lacme/lacme-certs.conf.d/test5.conf" <<- EOF
@@ -136,25 +133,22 @@ cat >"/etc/lacme/lacme-certs.conf.d/test5.conf" <<- EOF
certificate-key = /etc/lacme/test5.key
certificate = /etc/lacme/test5.pem
certificate-chain = /etc/lacme/test5.crt
- chown = nobody:nogroup
+ chown = nobody:nonexistent-group
subject = $subject
EOF
+! lacme newOrder test5 2>"$STDERR" || fail newOrder test5
+grepstderr -Fxq "getgrnam(nonexistent-group)"
+! test -e /etc/lacme/test5.pem
+! test -e /etc/lacme/test5.crt
+
+sed -ri "s/^chown\\s*=.*/chown = nobody:nogroup/" /etc/lacme/lacme-certs.conf.d/test5.conf
lacme newOrder test5 2>"$STDERR" || fail newOrder test5
st="$(stat -c "%U:%G %#a" /etc/lacme/test5.pem)"
[ "$st" = "nobody:nogroup 0644" ]
st="$(stat -c "%U:%G %#a" /etc/lacme/test5.crt)"
[ "$st" = "nobody:nogroup 0644" ]
-rm -f /etc/lacme/test5.pem /etc/lacme/test5.crt
-sed -ri "s/^chown\\s*=.*/chown = nobody:nonexistent-group/" /etc/lacme/lacme-certs.conf.d/test5.conf
-! lacme newOrder test5 2>"$STDERR" || fail newOrder test5
-grepstderr -Fxq "getgrnam(nonexistent-group)"
-st="$(stat -c "%U:%G %#a" /etc/lacme/test5.pem)"
-[ "$st" = "root:root 0644" ]
-st="$(stat -c "%U:%G %#a" /etc/lacme/test5.crt)"
-[ "$st" = "root:root 0644" ]
-
# chmod
openssl genpkey -algorithm RSA -out /etc/lacme/test6.key
cat >"/etc/lacme/lacme-certs.conf.d/test6.conf" <<- EOF