From f4af28d7e526bd56a78225daf84d11cdf96bd611 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 22 Feb 2017 10:51:08 +0100
Subject: new-cert: create certificate files atomically.

---
 lacme | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

(limited to 'lacme')

diff --git a/lacme b/lacme
index b654c7d..a8c25fe 100755
--- a/lacme
+++ b/lacme
@@ -524,16 +524,25 @@ sub spawn($@) {
 sub install_cert($$@) {
     my $filename = shift;
     my $x509 = shift;
-
-    open my $fh, '>', $filename or die "Can't open $filename: $!";
-    print $fh $x509;
-    foreach (@_) { # append the chain
-        open my $fh2, '<', $_ or die "Can't open $_: $!";
-        my $ca = do { local $/ = undef; $fh2->getline() };
-        print $fh $ca;
-        close $fh2 or die "Can't close: $!";
+    my @chain = @_;
+
+    my $tmp = "$filename.new";
+    open my $fh, '>', $tmp or die "Can't open $tmp: $!";
+    eval {
+        $fh->print($x509) or die "Can't print: $!";
+        foreach (@chain) { # append the chain
+            open my $fh2, '<', $_ or die "Can't open $_: $!";
+            my $ca = do { local $/ = undef; $fh2->getline() };
+            $fh2->close() or die "Can't close: $!";
+            $fh->print($ca) or die "Can't print: $!";
+        }
+        $fh->close() or die "Can't close: $!";
+    };
+    if ($@) {
+        unlink $tmp or warn "Can't unlink $tmp: $!";
+        die $@;
     }
-    close $fh or die "Can't close: $!";
+    rename($tmp, $filename) or die "Can't rename $tmp to $filename: $!";
 }
 
 
-- 
cgit v1.2.3