[pbs-devel] applied: [PATCH v2 backup 04/27] config: factor out certificate writing

Wed Apr 28 12:59:20 CEST 2021

applied

On 4/22/21 4:01 PM, Wolfgang Bumiller wrote:
> for reuse in the certificate api
>
> Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
> ---
>   src/config.rs | 39 ++++++++++++++++++---------------------
>   1 file changed, 18 insertions(+), 21 deletions(-)
>
> diff --git a/src/config.rs b/src/config.rs
> index 1557e20a..37df2fd2 100644
> --- a/src/config.rs
> +++ b/src/config.rs
> @@ -98,10 +98,6 @@ pub fn create_configdir() -> Result<(), Error> {
>   /// Update self signed node certificate.
>   pub fn update_self_signed_cert(force: bool) -> Result<(), Error> {
>   
> -    let backup_user = crate::backup::backup_user()?;
> -
> -    create_configdir()?;
> -
>       let key_path = PathBuf::from(configdir!("/proxy.key"));
>       let cert_path = PathBuf::from(configdir!("/proxy.pem"));
>   
> @@ -111,15 +107,6 @@ pub fn update_self_signed_cert(force: bool) -> Result<(), Error> {
>   
>       let priv_pem = rsa.private_key_to_pem()?;
>   
> -    replace_file(
> -        &key_path,
> -        &priv_pem,
> -        CreateOptions::new()
> -            .perm(Mode::from_bits_truncate(0o0640))
> -            .owner(nix::unistd::ROOT)
> -            .group(backup_user.gid),
> -    )?;
> -
>       let mut x509 = X509Builder::new()?;
>   
>       x509.set_version(2)?;
> @@ -198,14 +185,24 @@ pub fn update_self_signed_cert(force: bool) -> Result<(), Error> {
>       let x509 = x509.build();
>       let cert_pem = x509.to_pem()?;
>   
> -    replace_file(
> -        &cert_path,
> -        &cert_pem,
> -        CreateOptions::new()
> -            .perm(Mode::from_bits_truncate(0o0640))
> -            .owner(nix::unistd::ROOT)
> -            .group(backup_user.gid),
> -    )?;
> +    set_proxy_certificate(&cert_pem, &priv_pem)?;
>   
>       Ok(())
>   }
> +
> +pub(crate) fn set_proxy_certificate(cert_pem: &[u8], key_pem: &[u8]) -> Result<(), Error> {
> +    let backup_user = crate::backup::backup_user()?;
> +    let options = CreateOptions::new()
> +        .perm(Mode::from_bits_truncate(0o0640))
> +        .owner(nix::unistd::ROOT)
> +        .group(backup_user.gid);
> +    let key_path = PathBuf::from(configdir!("/proxy.key"));
> +    let cert_path = PathBuf::from(configdir!("/proxy.pem"));
> +
> +    create_configdir()?;
> +    replace_file(&key_path, &key_pem, options.clone())
> +        .map_err(|err| format_err!("error writing certificate private key - {}", err))?;
> +    replace_file(&cert_path, &cert_pem, options)
> +        .map_err(|err| format_err!("error writing certificate file - {}", err))?;
> +    Ok(())
> +}