| Fra: |
"Paul Smedley" <ecs-isp@2rosenthals.com> |
Full Headers
Undecoded message |
| Emne: |
Re: [eCS-ISP] Apache HTTPS |
| Dato: |
Fri, 16 Aug 2024 07:28:17 +0930 |
| Til: |
eCS ISP Mailing List <ecs-isp@2rosenthals.com> |
|
|---|
Hi Steven
On 16/8/24 06:56, Steven Levine wrote:
In <list-10601870@2rosenthals.com>, on 08/16/24
at 06:26 AM, "Paul Smedley" <ecs-isp@2rosenthals.com> said:
Hi Paul,
https://smedley.id.au/tmp/uacme-1.0.19-os2-20240816.zip is there now.
This one understands @unixroot. Thanks.
Additional change is that it uses symlink() rather than link().
I don't think this is going to work for use in practice. When updating a
certificate what uacme does is
create a new-crt.pem and new-key.pem
hardlink the existing key.pem to timestamped-key.pem
hardlink the existing crt.pem to timestamped-crt.pem
unlink key.pem
unlink crt.pem
rename new-crt.pem to crt.pem
rename new-key.pem to key.pem
With a symlink timestamped-key.pem will not contain the the content of
key.pem, so there will be no useful backup. The is why is suggested that
the link needed to be replaced with a copy operation.
OK... there is no copy() function in klibc - so I guess I'll find an implementation, the alternate option being to rely on the user having cp.exe available in path and calling that.
Cheers,
Paul
|