CVS commit: src

Tue, 05 Sep 2023 05:32:37 -0700 

Module Name:    src
Committed By:   riastradh
Date:           Tue Sep  5 12:32:30 UTC 2023

Modified Files:
        src/tests/usr.sbin/certctl: t_certctl.sh
        src/usr.sbin/certctl: certctl.sh

Log Message:
certctl(8): Fix permissions on ca-certificates.crt bundle: 0644.

While here, write it atomically: write to .tmp first, then rename
when done; this way applications never see a partially-written bundle
at /etc/openssl/certs/ca-certificates.crt.


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/tests/usr.sbin/certctl/t_certctl.sh
cvs rdiff -u -r1.4 -r1.5 src/usr.sbin/certctl/certctl.sh

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/tests/usr.sbin/certctl/t_certctl.sh
diff -u src/tests/usr.sbin/certctl/t_certctl.sh:1.9 src/tests/usr.sbin/certctl/t_certctl.sh:1.10
--- src/tests/usr.sbin/certctl/t_certctl.sh:1.9	Tue Sep  5 12:31:33 2023
+++ src/tests/usr.sbin/certctl/t_certctl.sh	Tue Sep  5 12:32:30 2023
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-#	$NetBSD: t_certctl.sh,v 1.9 2023/09/05 12:31:33 riastradh Exp $
+#	$NetBSD: t_certctl.sh,v 1.10 2023/09/05 12:32:30 riastradh Exp $
 #
 # Copyright (c) 2023 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -156,7 +156,6 @@ checks()
 	# XXX Verify its content.
 	atf_check -s exit:0 test -f certs/ca-certificates.crt
 	atf_check -s exit:0 test ! -h certs/ca-certificates.crt
-	atf_expect_fail "wrong permissions on ca-certificates.crt"
 	atf_check -s exit:0 -o inline:'100644\n' \
 	    stat -f %p certs/ca-certificates.crt
 	rm certs/ca-certificates.crt

Index: src/usr.sbin/certctl/certctl.sh
diff -u src/usr.sbin/certctl/certctl.sh:1.4 src/usr.sbin/certctl/certctl.sh:1.5
--- src/usr.sbin/certctl/certctl.sh:1.4	Sat Sep  2 17:41:43 2023
+++ src/usr.sbin/certctl/certctl.sh	Tue Sep  5 12:32:30 2023
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-#	$NetBSD: certctl.sh,v 1.4 2023/09/02 17:41:43 riastradh Exp $
+#	$NetBSD: certctl.sh,v 1.5 2023/09/05 12:32:30 riastradh Exp $
 #
 # Copyright (c) 2023 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -493,7 +493,8 @@ rehash()
 	vbundle=$(printf '%s' "$bundle" | vis -M)
 	$vflag && printf '# create %s\n' "$vbundle"
 	if ! $nflag; then
-		cp -- "$tmpfile" "$bundle"
+		(umask 0022; cat <$tmpfile >${bundle}.tmp)
+		mv -f -- "${bundle}.tmp" "$bundle"
 		rm -f -- "$tmpfile"
 		tmpfile=
 	fi

Reply via email to