/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to debian/mandos-client.postinst

  • Committer: Teddy Hogeborn
  • Date: 2019-03-09 00:46:46 UTC
  • Revision ID: teddy@recompile.se-20190309004646-rplp42103zkabetc
mandos-ctl: Disallow --remove combined with any action except --deny

* mandos-ctl (check_option_syntax): Disallow --remove combined with
                                    any action except --deny.
  (Test_check_option_syntax.test_remove_can_only_be_combined_with_action_deny):
  New.

Show diffs side-by-side

added added

removed removed

Lines of Context:
71
71
             --load-privkey=/etc/keys/mandos/tls-privkey.pem \
72
72
             --outfile=/dev/null --pubkey-info --no-text \
73
73
             2>/dev/null; then
74
 
            shred --remove -- /etc/keys/mandos/tls-privkey.pem
75
 
            rm -- /etc/keys/mandos/tls-pubkey.pem
 
74
            shred --remove -- /etc/keys/mandos/tls-privkey.pem \
 
75
                  2>/dev/null || :
 
76
            rm --force -- /etc/keys/mandos/tls-pubkey.pem
76
77
        fi
77
78
    fi
78
79
 
93
94
        local umask=$(umask)
94
95
        umask 077
95
96
        cp --archive "$TLS_PRIVKEYTMP" /etc/keys/mandos/tls-privkey.pem
96
 
        shred --remove -- "$TLS_PRIVKEYTMP"
 
97
        shred --remove -- "$TLS_PRIVKEYTMP" 2>/dev/null || :
97
98
 
98
99
        # First try certtool from GnuTLS
99
100
        if ! certtool --password='' \
122
123
        db_go
123
124
        db_stop
124
125
    else
125
 
        shred --remove -- "$TLS_PRIVKEYTMP"
 
126
        shred --remove -- "$TLS_PRIVKEYTMP" 2>/dev/null || :
126
127
    fi
127
128
}
128
129