lukegb/depot
1
0
Fork 0
Code Issues 1 Pull requests Projects Packages Activity Actions

go/secretsmgr: set group after deleting files

Browse source
This commit is contained in:
Luke Granger-Brown 2022-06-25 17:35:23 +00:00
parent 2c04359cfe
commit e9a2ac4980
1 changed files with 10 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
go/secretsmgr/secretsmgr.go
View file

@ -479,12 +479,6 @@ func shouldRenewACMECert(c acmeCertificate) (bool, error) {
}
func writeCertificate(certDef acmeCertificate, cert *vapi.Secret) error {
restoreGroup, err := setGroup(certDef.Group)
if err != nil {
return fmt.Errorf("setting group to write output: %w", err)
}
defer restoreGroup()
setFiles := []struct {
name string
content []byte
@ -504,10 +498,18 @@ func writeCertificate(certDef acmeCertificate, cert *vapi.Secret) error {
}}
for _, sf := range setFiles {
log.Infof("writing file %v mode %s", sf.name, sf.perm)
os.Remove(sf.name) // optimistically try to remove the file, we don't care if it succeeds
// if it doesn't, we'll error when we try to open it
}
restoreGroup, err := setGroup(certDef.Group)
if err != nil {
return fmt.Errorf("setting group to write output: %w", err)
}
defer restoreGroup()
for _, sf := range setFiles {
log.Infof("writing file %v mode %s group %s", sf.name, sf.perm, certDef.Group)
f, err := os.OpenFile(sf.name, os.O_WRONLY|os.O_CREATE|os.O_EXCL, sf.perm)
if err != nil {