cleanup: also do cleanup if symlink is broken (closes #667)

The cleanup command skips filetypes for which the symlink is broken or
doesn't exist. However, if dehydrated fails, we may end up in exactly
the situation that the symlink doesn't exist (yet). If dehydrated fails
repeatedly, we may end up with a lot of old cert.csr, cert.pem and
privkey.pem files, so we really want to be able to clean them up.

Remove all files if the symlink is broken/missing, instead of skipping
those files.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This commit is contained in:
Arnout Vandecappelle (Essensium/Mind)
2019-08-30 17:02:56 +02:00
committed by Lukas Schauer
parent 835963fa6e
commit 129ec851ed
+7 -5
View File
@@ -1879,11 +1879,13 @@ command_cleanup() {
# Loop over file-types (certificates, keys, signing-requests, ...) # Loop over file-types (certificates, keys, signing-requests, ...)
for filetype in cert.csr cert.pem chain.pem fullchain.pem privkey.pem ocsp.der; do for filetype in cert.csr cert.pem chain.pem fullchain.pem privkey.pem ocsp.der; do
# Skip if symlink is broken # Delete all if symlink is broken
[[ -r "${certdir}/${filetype}" ]] || continue if [[ -r "${certdir}/${filetype}" ]]; then
# Look up current file in use
# Look up current file in use current="$(basename "$(readlink "${certdir}/${filetype}")")"
current="$(basename "$(readlink "${certdir}/${filetype}")")" else
current=""
fi
# Split filetype into name and extension # Split filetype into name and extension
filebase="$(echo "${filetype}" | cut -d. -f1)" filebase="$(echo "${filetype}" | cut -d. -f1)"