Index: /trunk/server/fedora/config/etc/httpd/export-scripts-certs =================================================================== --- /trunk/server/fedora/config/etc/httpd/export-scripts-certs (revision 2824) +++ /trunk/server/fedora/config/etc/httpd/export-scripts-certs (revision 2825) @@ -2,7 +2,10 @@ import base64 +import errno +import fcntl import hashlib import ldap import os +import subprocess import sys import textwrap @@ -98,12 +101,37 @@ yield '\n' -with open(os.path.join(CERTS_DIR, 'vhosts.conf.new'), 'w') as vhosts_file: - vhosts_file.write('# Generated by {}. Manual changes will be lost.\n\n'.format(os.path.realpath(__file__))) - vhosts_file.write(''.join(l for dn, vhost in vhosts for l in conf(vhost))) -os.rename(os.path.join(CERTS_DIR, 'vhosts.conf.new'), os.path.join(CERTS_DIR, 'vhosts.conf')) +with open(os.path.join(CERTS_DIR, '.lock'), 'w') as lock_file: + fcntl.flock(lock_file.fileno(), fcntl.LOCK_EX) -for filename in os.listdir(CERTS_DIR): - if filename.endswith('.pem') and filename not in cert_filenames: - os.remove(os.path.join(CERTS_DIR, filename)) + new_vhosts_conf = \ + '# Generated by {}. Manual changes will be lost.\n\n'.format(os.path.realpath(__file__)) + \ + ''.join(l for dn, vhost in vhosts for l in conf(vhost)) + + try: + with open(os.path.join(CERTS_DIR, 'vhosts.conf')) as vhosts_file: + old_vhosts_conf = vhosts_file.read() + except IOError as e: + if e.errno == errno.ENOENT: + old_vhosts_conf = None + else: + raise + + if old_vhosts_conf is not None and new_vhosts_conf != old_vhosts_conf: + with open(os.path.join(CERTS_DIR, 'vhosts.conf.new'), 'w') as new_vhosts_file: + new_vhosts_file.write(new_vhosts_conf) + os.rename(os.path.join(CERTS_DIR, 'vhosts.conf.new'), os.path.join(CERTS_DIR, 'vhosts.conf')) + + configtest = subprocess.Popen(['apachectl', 'configtest'], stderr=subprocess.PIPE) + e = configtest.communicate()[1] + if configtest.returncode == 0 and e == 'Syntax OK\n': + subprocess.check_call(['apachectl', 'graceful']) + else: + err('apachectl configtest failed:\n' + e) + + for filename in os.listdir(CERTS_DIR): + if filename.endswith('.pem') and filename not in cert_filenames: + os.remove(os.path.join(CERTS_DIR, filename)) + + fcntl.flock(lock_file.fileno(), fcntl.LOCK_UN) sys.exit(1 if error else 0)