Create .1 backup files when acme-client is going to overwrite a certificate file.
This files are not terribly big and it's convenient to keep one previous file around for example if one adds or removes domains to the certificate and then wants to revoke the previous one. (Note that it's kinda difficult to revoke the old certificate with acme-client currently. The whole revoke machinery needs to be overhauled. I have ideas...) Comments, OKs? diff --git acme-client.conf.5 acme-client.conf.5 index 3c5fd1c2362..3fdd40a5eb0 100644 --- acme-client.conf.5 +++ acme-client.conf.5 @@ -149,6 +149,11 @@ The filename of the certificate that will be issued. This is optional if .Ar domain full chain certificate is specified. +A backup with name +.Ar file.1 +is created if +.Ar file +exists. .It Ic domain chain certificate Ar file The filename in which to store the certificate chain that will be returned by the certificate authority. @@ -156,6 +161,11 @@ It needs to be in the same directory as the .Ar domain certificate (or in a subdirectory) and can be specified as a relative or absolute path. This setting is optional. +A backup with name +.Ar file.1 +is created if +.Ar file +exists. .It Ic domain full chain certificate Ar file The filename in which to store the full certificate chain that will be returned by the certificate authority. @@ -170,6 +180,11 @@ in one file, and is required by most browsers. This is optional if .Ar domain certificate is specified. +A backup with name +.Ar file.1 +is created if +.Ar file +exists. .It Ic sign with Ar authority The certificate authority (as declared above in the .Sx AUTHORITIES diff --git fileproc.c fileproc.c index b7cdff5525d..cc3aa293712 100644 --- fileproc.c +++ fileproc.c @@ -34,6 +34,19 @@ serialise(const char *real, const char *v, size_t vsz, const char *v2, size_t v2 int fd; char *tmp; + /* create backup hardlink */ + if (asprintf(&tmp, "%s.1", real) == -1) { + warn("asprintf"); + return 0; + } + (void) unlink(tmp); + if (link(real, tmp) == -1 && errno != ENOENT) { + warn("link"); + free(tmp); + return 0; + } + free(tmp); + /* * Write into backup location, overwriting. * Then atomically do the rename. -- I'm not entirely sure you are real.