In <list-10601924@2rosenthals.com>, on 08/16/24
at 07:28 AM, "Paul Smedley" <ecs-isp@2rosenthals.com> said:
Hi,
>> create a new-crt.pem and new-key.pem
>> hardlink the existing key.pem to timestamped-key.pem
>> hardlink the existing crt.pem to timestamped-crt.pem
>> unlink key.pem
>> unlink crt.pem
>> rename new-crt.pem to crt.pem
>> rename new-key.pem to key.pem
>OK... there is no copy() function in klibc - so I guess I'll find an
>implementation, the alternate option being to rely on the user having
>cp.exe available in path and calling that.
It's going to be an edge case for cp.exe not to exist on a system that
would need to use uacme.exe. The system() call would fail so the
condiition would not go unnoticed.
You could also do
create a new-crt.pem and new-key.pem
rename existing key.pem to timestamped-key.pem
rename existing crt.pem to timestamped-crt.pem
rename new-crt.pem to crt.pem
rename new-key.pem to key.pem
It's not quite as safe as the method the developers chose, but the
difference is negligible, IMO
tilbake listen