Module Name: src Committed By: martin Date: Wed Sep 6 15:04:33 UTC 2023
Modified Files: src/tests/usr.sbin/certctl [netbsd-10]: t_certctl.sh src/usr.sbin/certctl [netbsd-10]: certctl.sh Log Message: Pull up following revision(s) (requested by riastradh in ticket #350): tests/usr.sbin/certctl/t_certctl.sh: revision 1.10 usr.sbin/certctl/certctl.sh: revision 1.5 tests/usr.sbin/certctl/t_certctl.sh: revision 1.9 certctl(8): Test permissions of ca-certificates.crt. Inadvertently created 0600 instead of 0644 due to copying file created by mktemp(1) with cp(1). certctl(8): Fix permissions on ca-certificates.crt bundle: 0644. While here, write it atomically: write to .tmp first, then rename when done; this way applications never see a partially-written bundle at /etc/openssl/certs/ca-certificates.crt. To generate a diff of this commit: cvs rdiff -u -r1.8.2.2 -r1.8.2.3 src/tests/usr.sbin/certctl/t_certctl.sh cvs rdiff -u -r1.4.2.2 -r1.4.2.3 src/usr.sbin/certctl/certctl.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/tests/usr.sbin/certctl/t_certctl.sh diff -u src/tests/usr.sbin/certctl/t_certctl.sh:1.8.2.2 src/tests/usr.sbin/certctl/t_certctl.sh:1.8.2.3 --- src/tests/usr.sbin/certctl/t_certctl.sh:1.8.2.2 Mon Sep 4 17:33:27 2023 +++ src/tests/usr.sbin/certctl/t_certctl.sh Wed Sep 6 15:04:33 2023 @@ -1,6 +1,6 @@ #!/bin/sh -# $NetBSD: t_certctl.sh,v 1.8.2.2 2023/09/04 17:33:27 martin Exp $ +# $NetBSD: t_certctl.sh,v 1.8.2.3 2023/09/06 15:04:33 martin Exp $ # # Copyright (c) 2023 The NetBSD Foundation, Inc. # All rights reserved. @@ -150,11 +150,14 @@ checks() done done - # Verify the certificate bundle is there and delete it. + # Verify the certificate bundle is there with the right + # permissions (0644) and delete it. # # XXX Verify its content. atf_check -s exit:0 test -f certs/ca-certificates.crt atf_check -s exit:0 test ! -h certs/ca-certificates.crt + atf_check -s exit:0 -o inline:'100644\n' \ + stat -f %p certs/ca-certificates.crt rm certs/ca-certificates.crt # Make sure after deleting everything there's nothing left. Index: src/usr.sbin/certctl/certctl.sh diff -u src/usr.sbin/certctl/certctl.sh:1.4.2.2 src/usr.sbin/certctl/certctl.sh:1.4.2.3 --- src/usr.sbin/certctl/certctl.sh:1.4.2.2 Mon Sep 4 17:33:27 2023 +++ src/usr.sbin/certctl/certctl.sh Wed Sep 6 15:04:33 2023 @@ -1,6 +1,6 @@ #!/bin/sh -# $NetBSD: certctl.sh,v 1.4.2.2 2023/09/04 17:33:27 martin Exp $ +# $NetBSD: certctl.sh,v 1.4.2.3 2023/09/06 15:04:33 martin Exp $ # # Copyright (c) 2023 The NetBSD Foundation, Inc. # All rights reserved. @@ -493,7 +493,8 @@ rehash() vbundle=$(printf '%s' "$bundle" | vis -M) $vflag && printf '# create %s\n' "$vbundle" if ! $nflag; then - cp -- "$tmpfile" "$bundle" + (umask 0022; cat <$tmpfile >${bundle}.tmp) + mv -f -- "${bundle}.tmp" "$bundle" rm -f -- "$tmpfile" tmpfile= fi