CVS commit: [netbsd-10] src

Wed, 06 Sep 2023 08:04:46 -0700 

Module Name:    src
Committed By:   martin
Date:           Wed Sep  6 15:04:33 UTC 2023

Modified Files:
        src/tests/usr.sbin/certctl [netbsd-10]: t_certctl.sh
        src/usr.sbin/certctl [netbsd-10]: certctl.sh

Log Message:
Pull up following revision(s) (requested by riastradh in ticket #350):

        tests/usr.sbin/certctl/t_certctl.sh: revision 1.10
        usr.sbin/certctl/certctl.sh: revision 1.5
        tests/usr.sbin/certctl/t_certctl.sh: revision 1.9

certctl(8): Test permissions of ca-certificates.crt.

Inadvertently created 0600 instead of 0644 due to copying file
created by mktemp(1) with cp(1).

certctl(8): Fix permissions on ca-certificates.crt bundle: 0644.

While here, write it atomically: write to .tmp first, then rename
when done; this way applications never see a partially-written bundle
at /etc/openssl/certs/ca-certificates.crt.


To generate a diff of this commit:
cvs rdiff -u -r1.8.2.2 -r1.8.2.3 src/tests/usr.sbin/certctl/t_certctl.sh
cvs rdiff -u -r1.4.2.2 -r1.4.2.3 src/usr.sbin/certctl/certctl.sh

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/tests/usr.sbin/certctl/t_certctl.sh
diff -u src/tests/usr.sbin/certctl/t_certctl.sh:1.8.2.2 src/tests/usr.sbin/certctl/t_certctl.sh:1.8.2.3
--- src/tests/usr.sbin/certctl/t_certctl.sh:1.8.2.2	Mon Sep  4 17:33:27 2023
+++ src/tests/usr.sbin/certctl/t_certctl.sh	Wed Sep  6 15:04:33 2023
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-#	$NetBSD: t_certctl.sh,v 1.8.2.2 2023/09/04 17:33:27 martin Exp $
+#	$NetBSD: t_certctl.sh,v 1.8.2.3 2023/09/06 15:04:33 martin Exp $
 #
 # Copyright (c) 2023 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -150,11 +150,14 @@ checks()
 		done
 	done
 
-	# Verify the certificate bundle is there and delete it.
+	# Verify the certificate bundle is there with the right
+	# permissions (0644) and delete it.
 	#
 	# XXX Verify its content.
 	atf_check -s exit:0 test -f certs/ca-certificates.crt
 	atf_check -s exit:0 test ! -h certs/ca-certificates.crt
+	atf_check -s exit:0 -o inline:'100644\n' \
+	    stat -f %p certs/ca-certificates.crt
 	rm certs/ca-certificates.crt
 
 	# Make sure after deleting everything there's nothing left.

Index: src/usr.sbin/certctl/certctl.sh
diff -u src/usr.sbin/certctl/certctl.sh:1.4.2.2 src/usr.sbin/certctl/certctl.sh:1.4.2.3
--- src/usr.sbin/certctl/certctl.sh:1.4.2.2	Mon Sep  4 17:33:27 2023
+++ src/usr.sbin/certctl/certctl.sh	Wed Sep  6 15:04:33 2023
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-#	$NetBSD: certctl.sh,v 1.4.2.2 2023/09/04 17:33:27 martin Exp $
+#	$NetBSD: certctl.sh,v 1.4.2.3 2023/09/06 15:04:33 martin Exp $
 #
 # Copyright (c) 2023 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -493,7 +493,8 @@ rehash()
 	vbundle=$(printf '%s' "$bundle" | vis -M)
 	$vflag && printf '# create %s\n' "$vbundle"
 	if ! $nflag; then
-		cp -- "$tmpfile" "$bundle"
+		(umask 0022; cat <$tmpfile >${bundle}.tmp)
+		mv -f -- "${bundle}.tmp" "$bundle"
 		rm -f -- "$tmpfile"
 		tmpfile=
 	fi

Reply via email to