aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Changelog1
-rwxr-xr-xlacme27
2 files changed, 19 insertions, 9 deletions
diff --git a/Changelog b/Changelog
index 451eace..b23191f 100644
--- a/Changelog
+++ b/Changelog
@@ -2,6 +2,7 @@ lacme (0.3) upstream;
+ When parsing config-cert files and directories (default "lacme-certs.conf
lacme-certs.conf.d"), import the default section of files read earlier.
+ + new-cert: create certificate files atomically.
- Ensure lacme's config file descriptor is not passed to the accountd
or webserver components.
- new-cert: sort section names if not passed explicitely.
diff --git a/lacme b/lacme
index b654c7d..a8c25fe 100755
--- a/lacme
+++ b/lacme
@@ -524,16 +524,25 @@ sub spawn($@) {
sub install_cert($$@) {
my $filename = shift;
my $x509 = shift;
-
- open my $fh, '>', $filename or die "Can't open $filename: $!";
- print $fh $x509;
- foreach (@_) { # append the chain
- open my $fh2, '<', $_ or die "Can't open $_: $!";
- my $ca = do { local $/ = undef; $fh2->getline() };
- print $fh $ca;
- close $fh2 or die "Can't close: $!";
+ my @chain = @_;
+
+ my $tmp = "$filename.new";
+ open my $fh, '>', $tmp or die "Can't open $tmp: $!";
+ eval {
+ $fh->print($x509) or die "Can't print: $!";
+ foreach (@chain) { # append the chain
+ open my $fh2, '<', $_ or die "Can't open $_: $!";
+ my $ca = do { local $/ = undef; $fh2->getline() };
+ $fh2->close() or die "Can't close: $!";
+ $fh->print($ca) or die "Can't print: $!";
+ }
+ $fh->close() or die "Can't close: $!";
+ };
+ if ($@) {
+ unlink $tmp or warn "Can't unlink $tmp: $!";
+ die $@;
}
- close $fh or die "Can't close: $!";
+ rename($tmp, $filename) or die "Can't rename $tmp to $filename: $!";
}