From 424acfe16e542b28e2aabe66ccee796b1d548be5 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Thu, 21 May 2015 18:58:40 -0700 Subject: [PATCH] Fixes to running on command line. Use cert_dir instead of cert_path Restore server_url When creating a unique file, only loop for EEXISTS, not other OS errors like permission denied. Pass uid explicitly to make_or_verify_dir. --- letsencrypt/client.py | 12 ++++++------ letsencrypt/configuration.py | 4 ++++ letsencrypt/crypto_util.py | 2 +- letsencrypt/le_util.py | 6 ++++-- 4 files changed, 15 insertions(+), 9 deletions(-) diff --git a/letsencrypt/client.py b/letsencrypt/client.py index 8b6bbf2e2..e2b5cf2df 100644 --- a/letsencrypt/client.py +++ b/letsencrypt/client.py @@ -138,22 +138,22 @@ class Client(object): # Save Certificate cert_path, chain_path = self.save_certificate( - certr, self.config.cert_path, self.config.chain_path) + certr, self.config.cert_dir, self.config.cert_dir) revoker.Revoker.store_cert_key( cert_path, self.account.key.file, self.config) return cert_key, cert_path, chain_path - def save_certificate(self, certr, cert_path, chain_path): + def save_certificate(self, certr, cert_dir, chain_dir): # pylint: disable=no-self-use """Saves the certificate received from the ACME server. :param certr: ACME "certificate" resource. :type certr: :class:`acme.messages.Certificate` - :param str cert_path: Path to attempt to save the cert file - :param str chain_path: Path to attempt to save the chain file + :param str cert_dir: Path to attempt to save the cert file + :param str chain_dir: Path to attempt to save the chain file :returns: cert_path, chain_path (absolute paths to the actual files) :rtype: `tuple` of `str` @@ -163,7 +163,7 @@ class Client(object): """ # try finally close cert_chain_abspath = None - cert_file, act_cert_path = le_util.unique_file(cert_path, 0o644) + cert_file, act_cert_path = le_util.unique_file(cert_dir, 0o644) # TODO: Except cert_pem = certr.body.as_pem() try: @@ -178,7 +178,7 @@ class Client(object): chain_cert = self.network.fetch_chain(certr) if chain_cert is not None: chain_file, act_chain_path = le_util.unique_file( - chain_path, 0o644) + chain_dir, 0o644) chain_pem = chain_cert.as_pem() try: chain_file.write(chain_pem) diff --git a/letsencrypt/configuration.py b/letsencrypt/configuration.py index 6a808a6a9..9fba3047a 100644 --- a/letsencrypt/configuration.py +++ b/letsencrypt/configuration.py @@ -44,6 +44,10 @@ class NamespaceConfig(object): def in_progress_dir(self): # pylint: disable=missing-docstring return os.path.join(self.namespace.work_dir, constants.IN_PROGRESS_DIR) + @property + def server_url(self): + return self.namespace.server + @property def server_path(self): """File path based on ``server``.""" diff --git a/letsencrypt/crypto_util.py b/letsencrypt/crypto_util.py index 94617eef6..6fb6adbdc 100644 --- a/letsencrypt/crypto_util.py +++ b/letsencrypt/crypto_util.py @@ -72,7 +72,7 @@ def init_save_csr(privkey, names, cert_dir, csrname="csr-letsencrypt.pem"): csr_pem, csr_der = make_csr(privkey.pem, names) # Save CSR - le_util.make_or_verify_dir(cert_dir, 0o755) + le_util.make_or_verify_dir(cert_dir, 0o755, os.geteuid()) csr_f, csr_filename = le_util.unique_file( os.path.join(cert_dir, csrname), 0o644) csr_f.write(csr_pem) diff --git a/letsencrypt/le_util.py b/letsencrypt/le_util.py index 27d795749..cab13965e 100644 --- a/letsencrypt/le_util.py +++ b/letsencrypt/le_util.py @@ -70,8 +70,10 @@ def unique_file(path, mode=0o777): try: file_d = os.open(fname, os.O_CREAT | os.O_EXCL | os.O_RDWR, mode) return os.fdopen(file_d, "w"), fname - except OSError: - pass + except OSError, e: + # Errno 17, "File exists," is okay. + if e.errno != 17: + raise count += 1