Remove backup option. This is not acme-client's business; also it gets

in the way.
OK benno

4 files changed, 10 insertions, 65 deletions

diff --git a/usr.sbin/acme-client/acme-client.1 b/usr.sbin/acme-client/acme-client.1
index d2e784551e3..e13963a64b7 100644
--- a/usr.sbin/acme-client/acme-client.1
+++ b/usr.sbin/acme-client/acme-client.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: acme-client.1,v 1.15 2017/01/21 08:47:21 benno Exp $
+.\"	$OpenBSD: acme-client.1,v 1.16 2017/01/21 08:52:30 florian Exp $
 .\"
 .\" Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
 .\"
@@ -22,7 +22,7 @@
 .Nd ACME client
 .Sh SYNOPSIS
 .Nm acme-client
-.Op Fl bFADrvn
+.Op Fl FADrvn
 .Op Fl f Ar configfile
 .Ar domain
 .Sh DESCRIPTION
@@ -33,21 +33,6 @@ Automatic Certificate Management Environment (ACME) client.
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
-.It Fl b
-Back up all certificates in the certificate directory.
-This only happens if a remove or replace operation is possible.
-The backups are named
-.Pa cert-NNNNN.pem ,
-.Pa chain-NNNNN.pem ,
-and
-.Pa fullchain-NNNNN.pem ,
-where
-.Li NNNNN
-is the current
-.Ux
-Epoch.
-Any given backup uses the same Epoch time for all three certificates.
-If there are no certificates in place, this option does nothing.
 .It Fl F
 Force updating the certificate signature even if it's too soon.
 .It Fl f Ar configfile
diff --git a/usr.sbin/acme-client/extern.h b/usr.sbin/acme-client/extern.h
index b8503a7a750..f7a27abb1a3 100644
--- a/usr.sbin/acme-client/extern.h
+++ b/usr.sbin/acme-client/extern.h
@@ -1,4 +1,4 @@
-/*	$Id: extern.h,v 1.6 2017/01/21 08:41:42 benno Exp $ */
+/*	$Id: extern.h,v 1.7 2017/01/21 08:52:30 florian Exp $ */
 /*
  * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -185,7 +185,7 @@ int		 chngproc(int, const char *);
 int		 dnsproc(int);
 int		 revokeproc(int, const char *,
 			int, int, const char *const *, size_t);
-int		 fileproc(int, int, const char *);
+int		 fileproc(int, const char *);
 int		 keyproc(int, const char *,
 			const char **, size_t, int);
 int		 netproc(int, int, int, int, int, int, int, int,
diff --git a/usr.sbin/acme-client/fileproc.c b/usr.sbin/acme-client/fileproc.c
index e7dd2273409..dfe2a547773 100644
--- a/usr.sbin/acme-client/fileproc.c
+++ b/usr.sbin/acme-client/fileproc.c
@@ -1,4 +1,4 @@
-/*	$Id: fileproc.c,v 1.6 2016/09/13 17:13:37 deraadt Exp $ */
+/*	$Id: fileproc.c,v 1.7 2017/01/21 08:52:30 florian Exp $ */
 /*
  * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -62,7 +62,7 @@ serialise(const char *tmp, const char *real,
 }
 
 int
-fileproc(int certsock, int backup, const char *certdir)
+fileproc(int certsock, const char *certdir)
 {
 	char		*csr = NULL, *ch = NULL;
 	char		 file[PATH_MAX];
@@ -109,42 +109,6 @@ fileproc(int certsock, int backup, const char *certdir)
 	}
 
 	/*
-	 * If we're backing up, then copy all files (found) by linking
-	 * them to the file followed by the epoch in seconds.
-	 * If we're going to remove, the unlink(2) will cause the
-	 * original to go away.
-	 * If we're going to update, the rename(2) will replace the
-	 * certificate, leaving the backup as the only one.
-	 */
-
-	if (backup) {
-		t = time(NULL);
-		snprintf(file, sizeof(file),
-			"cert-%llu.pem", (unsigned long long)t);
-		if (-1 == link(CERT_PEM, file) && ENOENT != errno) {
-			warnx("%s/%s", certdir, CERT_PEM);
-			goto out;
-		} else
-			dodbg("%s/%s: linked to %s", certdir, CERT_PEM, file);
-
-		snprintf(file, sizeof(file),
-			"chain-%llu.pem", (unsigned long long)t);
-		if (-1 == link(CHAIN_PEM, file) && ENOENT != errno) {
-			warnx("%s/%s", certdir, CHAIN_PEM);
-			goto out;
-		} else
-			dodbg("%s/%s: linked to %s", certdir, CHAIN_PEM, file);
-
-		snprintf(file, sizeof(file),
-			"fullchain-%llu.pem", (unsigned long long)t);
-		if (-1 == link(FCHAIN_PEM, file) && ENOENT != errno) {
-			warnx("%s/%s", certdir, FCHAIN_PEM);
-			goto out;
-		} else
-			dodbg("%s/%s: linked to %s", certdir, FCHAIN_PEM, file);
-	}
-
-	/*
 	 * If revoking certificates, just unlink the files.
 	 * We return the special error code of 2 to indicate that the
 	 * certificates were removed.
diff --git a/usr.sbin/acme-client/main.c b/usr.sbin/acme-client/main.c
index ef0707b1250..b831f7085d1 100644
--- a/usr.sbin/acme-client/main.c
+++ b/usr.sbin/acme-client/main.c
@@ -1,4 +1,4 @@
-/*	$Id: main.c,v 1.22 2017/01/21 08:51:00 florian Exp $ */
+/*	$Id: main.c,v 1.23 2017/01/21 08:52:30 florian Exp $ */
 /*
  * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -40,7 +40,6 @@ main(int argc, char *argv[])
 	char		 *conffile = CONF_FILE;
 	int		  key_fds[2], acct_fds[2], chng_fds[2], cert_fds[2];
 	int		  file_fds[2], dns_fds[2], rvk_fds[2];
-	int		  backup = 0;
 	int		  force = 0;
 	int		  c, rc, revocate = 0;
 	int		  popts = 0;
@@ -54,11 +53,8 @@ main(int argc, char *argv[])
 	struct domain_c		*domain = NULL;
 	struct altname_c	*ac;
 
-	while (-1 != (c = getopt(argc, argv, "bFADrvnf:")))
+	while (-1 != (c = getopt(argc, argv, "FADrvnf:")))
 		switch (c) {
-		case 'b':
-			backup = 1;
-			break;
 		case 'f':
 			if (NULL == (conffile = strdup(optarg)))
 				err(EXIT_FAILURE, "strdup");
@@ -329,7 +325,7 @@ main(int argc, char *argv[])
 		free(alts);
 		close(dns_fds[0]);
 		close(rvk_fds[0]);
-		c = fileproc(file_fds[1], backup, certdir);
+		c = fileproc(file_fds[1], certdir);
 		/*
 		 * This is different from the other processes in that it
 		 * can return 2 if the certificates were updated.
@@ -395,6 +391,6 @@ main(int argc, char *argv[])
 	    (2 == c ? EXIT_SUCCESS : 2));
 usage:
 	fprintf(stderr,
-	    "usage: acme-client [-bFADrvn] [-f file] domain\n");
+	    "usage: acme-client [-FADrvn] [-f file] domain\n");
 	return (EXIT_FAILURE);
 }