Merge pull request #2547 from erikrose/safer-shell-script-updates

Use a new file for the updated le-auto script. Fix #2456.
2026-05-28 04:34:11 -04:00 · 2016-02-25 23:58:04 -08:00 · 2016-02-25 23:58:04 -08:00 · 71cd638183
commit 71cd638183
parent 20478e9443 d4804fd9e6
2 changed files with 26 additions and 8 deletions
--- a/letsencrypt-auto-source/letsencrypt-auto
+++ b/letsencrypt-auto-source/letsencrypt-auto
@ -1814,12 +1814,21 @@ UNLIKELY_EOF
    # future Windows compatibility.
    "$LE_PYTHON" "$TEMP_DIR/fetch.py" --le-auto-script "v$REMOTE_VERSION"

-    # Install new copy of letsencrypt-auto. This preserves permissions and
-    # ownership from the old copy.
+    # Install new copy of letsencrypt-auto.
    # TODO: Deal with quotes in pathnames.
    echo "Replacing letsencrypt-auto..."
-    echo "  " $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0"
-    $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0"
+    # Clone permissions with cp. chmod and chown don't have a --reference
+    # option on OS X or BSD, and stat -c on Linux is stat -f on OS X and BSD:
+    echo "  " $SUDO cp -p "$0" "$TEMP_DIR/letsencrypt-auto.permission-clone"
+    $SUDO cp -p "$0" "$TEMP_DIR/letsencrypt-auto.permission-clone"
+    echo "  " $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$TEMP_DIR/letsencrypt-auto.permission-clone"
+    $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$TEMP_DIR/letsencrypt-auto.permission-clone"
+    # Using mv rather than cp leaves the old file descriptor pointing to the
+    # original copy so the shell can continue to read it unmolested. mv across
+    # filesystems is non-atomic, doing `rm dest, cp src dest, rm src`, but the
+    # cp is unlikely to fail (esp. under sudo) if the rm doesn't.
+    echo "  " $SUDO mv -f "$TEMP_DIR/letsencrypt-auto.permission-clone" "$0"
+    $SUDO mv -f "$TEMP_DIR/letsencrypt-auto.permission-clone" "$0"
    # TODO: Clean up temp dir safely, even if it has quotes in its path.
    rm -rf "$TEMP_DIR"
  fi  # should upgrade
--- a/letsencrypt-auto-source/letsencrypt-auto.template
+++ b/letsencrypt-auto-source/letsencrypt-auto.template
@ -252,12 +252,21 @@ UNLIKELY_EOF
    # future Windows compatibility.
    "$LE_PYTHON" "$TEMP_DIR/fetch.py" --le-auto-script "v$REMOTE_VERSION"

-    # Install new copy of letsencrypt-auto. This preserves permissions and
-    # ownership from the old copy.
+    # Install new copy of letsencrypt-auto.
    # TODO: Deal with quotes in pathnames.
    echo "Replacing letsencrypt-auto..."
-    echo "  " $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0"
-    $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0"
+    # Clone permissions with cp. chmod and chown don't have a --reference
+    # option on OS X or BSD, and stat -c on Linux is stat -f on OS X and BSD:
+    echo "  " $SUDO cp -p "$0" "$TEMP_DIR/letsencrypt-auto.permission-clone"
+    $SUDO cp -p "$0" "$TEMP_DIR/letsencrypt-auto.permission-clone"
+    echo "  " $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$TEMP_DIR/letsencrypt-auto.permission-clone"
+    $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$TEMP_DIR/letsencrypt-auto.permission-clone"
+    # Using mv rather than cp leaves the old file descriptor pointing to the
+    # original copy so the shell can continue to read it unmolested. mv across
+    # filesystems is non-atomic, doing `rm dest, cp src dest, rm src`, but the
+    # cp is unlikely to fail (esp. under sudo) if the rm doesn't.
+    echo "  " $SUDO mv -f "$TEMP_DIR/letsencrypt-auto.permission-clone" "$0"
+    $SUDO mv -f "$TEMP_DIR/letsencrypt-auto.permission-clone" "$0"
    # TODO: Clean up temp dir safely, even if it has quotes in its path.
    rm -rf "$TEMP_DIR"
  fi  # should upgrade