diff options
| -rwxr-xr-x | lacme | 19 |
1 files changed, 13 insertions, 6 deletions
@@ -604,14 +604,19 @@ sub spawn($@) { ############################################################################# # Install the certificate # -sub install_cert($$@) { +sub install_cert($$;$) { my $filename = shift; my $x509 = shift; - my @chain = @_; + my @chain = grep !/\A\s*\z/, @_; # ignore empty CAfile + + my ($dirname, $basename) = + $filename =~ /\A(.*)\/([^\/]+)\z/ ? ($1, $2) : ('.', $filename); + my $fh = File::Temp::->new(UNLINK => 0, DIR => $dirname, + TEMPLATE => "$basename.XXXXXX") // die; - my $tmp = "$filename.new"; - open my $fh, '>', $tmp or die "Can't open $tmp: $!"; eval { + my $umask = umask() // die "umask: $!"; + chmod(0644 &~ $umask, $fh) or die "chmod: $!"; $fh->print($x509) or die "Can't print: $!"; foreach (@chain) { # append the chain open my $fh2, '<', $_ or die "Can't open $_: $!"; @@ -621,11 +626,13 @@ sub install_cert($$@) { } $fh->close() or die "Can't close: $!"; }; + my $path = $fh->filename(); if ($@) { - unlink $tmp or warn "Can't unlink $tmp: $!"; + print STDERR "Unlinking $path\n" if $OPTS{debug}; + unlink $path or warn "Can't unlink $path: $!"; die $@; } - rename($tmp, $filename) or die "Can't rename $tmp to $filename: $!"; + rename($path, $filename) or die "Can't rename $path to $filename: $!"; } |