Merge pull request certbot#2547 from erikrose/safer-shell-script-updates

Use a new file for the updated le-auto script. Fix certbot#2456.
hackersdotmu · Feb 26, 2016 · 71cd638 · 71cd638
2 parents 20478e9 + d4804fd
commit 71cd638
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 8 deletions.
diff --git a/letsencrypt-auto-source/letsencrypt-auto b/letsencrypt-auto-source/letsencrypt-auto
@@ -1814,12 +1814,21 @@ UNLIKELY_EOF
     # future Windows compatibility.
     "$LE_PYTHON" "$TEMP_DIR/fetch.py" --le-auto-script "v$REMOTE_VERSION"
 
-    # Install new copy of letsencrypt-auto. This preserves permissions and
-    # ownership from the old copy.
+    # Install new copy of letsencrypt-auto.
     # TODO: Deal with quotes in pathnames.
     echo "Replacing letsencrypt-auto..."
-    echo "  " $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0"
-    $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0"
+    # Clone permissions with cp. chmod and chown don't have a --reference
+    # option on OS X or BSD, and stat -c on Linux is stat -f on OS X and BSD:
+    echo "  " $SUDO cp -p "$0" "$TEMP_DIR/letsencrypt-auto.permission-clone"
+    $SUDO cp -p "$0" "$TEMP_DIR/letsencrypt-auto.permission-clone"
+    echo "  " $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$TEMP_DIR/letsencrypt-auto.permission-clone"
+    $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$TEMP_DIR/letsencrypt-auto.permission-clone"
+    # Using mv rather than cp leaves the old file descriptor pointing to the
+    # original copy so the shell can continue to read it unmolested. mv across
+    # filesystems is non-atomic, doing `rm dest, cp src dest, rm src`, but the
+    # cp is unlikely to fail (esp. under sudo) if the rm doesn't.
+    echo "  " $SUDO mv -f "$TEMP_DIR/letsencrypt-auto.permission-clone" "$0"
+    $SUDO mv -f "$TEMP_DIR/letsencrypt-auto.permission-clone" "$0"
     # TODO: Clean up temp dir safely, even if it has quotes in its path.
     rm -rf "$TEMP_DIR"
   fi  # should upgrade

diff --git a/letsencrypt-auto-source/letsencrypt-auto.template b/letsencrypt-auto-source/letsencrypt-auto.template
@@ -252,12 +252,21 @@ UNLIKELY_EOF
     # future Windows compatibility.
     "$LE_PYTHON" "$TEMP_DIR/fetch.py" --le-auto-script "v$REMOTE_VERSION"
 
-    # Install new copy of letsencrypt-auto. This preserves permissions and
-    # ownership from the old copy.
+    # Install new copy of letsencrypt-auto.
     # TODO: Deal with quotes in pathnames.
     echo "Replacing letsencrypt-auto..."
-    echo "  " $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0"
-    $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0"
+    # Clone permissions with cp. chmod and chown don't have a --reference
+    # option on OS X or BSD, and stat -c on Linux is stat -f on OS X and BSD:
+    echo "  " $SUDO cp -p "$0" "$TEMP_DIR/letsencrypt-auto.permission-clone"
+    $SUDO cp -p "$0" "$TEMP_DIR/letsencrypt-auto.permission-clone"
+    echo "  " $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$TEMP_DIR/letsencrypt-auto.permission-clone"
+    $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$TEMP_DIR/letsencrypt-auto.permission-clone"
+    # Using mv rather than cp leaves the old file descriptor pointing to the
+    # original copy so the shell can continue to read it unmolested. mv across
+    # filesystems is non-atomic, doing `rm dest, cp src dest, rm src`, but the
+    # cp is unlikely to fail (esp. under sudo) if the rm doesn't.
+    echo "  " $SUDO mv -f "$TEMP_DIR/letsencrypt-auto.permission-clone" "$0"
+    $SUDO mv -f "$TEMP_DIR/letsencrypt-auto.permission-clone" "$0"
     # TODO: Clean up temp dir safely, even if it has quotes in its path.
     rm -rf "$TEMP_DIR"
   fi  # should upgrade