diff options
-rw-r--r-- | Changelog | 1 | ||||
-rwxr-xr-x | lacme | 27 |
2 files changed, 19 insertions, 9 deletions
@@ -2,6 +2,7 @@ lacme (0.3) upstream; + When parsing config-cert files and directories (default "lacme-certs.conf lacme-certs.conf.d"), import the default section of files read earlier. + + new-cert: create certificate files atomically. - Ensure lacme's config file descriptor is not passed to the accountd or webserver components. - new-cert: sort section names if not passed explicitely. @@ -524,16 +524,25 @@ sub spawn($@) { sub install_cert($$@) { my $filename = shift; my $x509 = shift; - - open my $fh, '>', $filename or die "Can't open $filename: $!"; - print $fh $x509; - foreach (@_) { # append the chain - open my $fh2, '<', $_ or die "Can't open $_: $!"; - my $ca = do { local $/ = undef; $fh2->getline() }; - print $fh $ca; - close $fh2 or die "Can't close: $!"; + my @chain = @_; + + my $tmp = "$filename.new"; + open my $fh, '>', $tmp or die "Can't open $tmp: $!"; + eval { + $fh->print($x509) or die "Can't print: $!"; + foreach (@chain) { # append the chain + open my $fh2, '<', $_ or die "Can't open $_: $!"; + my $ca = do { local $/ = undef; $fh2->getline() }; + $fh2->close() or die "Can't close: $!"; + $fh->print($ca) or die "Can't print: $!"; + } + $fh->close() or die "Can't close: $!"; + }; + if ($@) { + unlink $tmp or warn "Can't unlink $tmp: $!"; + die $@; } - close $fh or die "Can't close: $!"; + rename($tmp, $filename) or die "Can't rename $tmp to $filename: $!"; } |