From c0d6c8e9620ac42c39b8ee6b28b4fb2967ff90ea Mon Sep 17 00:00:00 2001
From: micheloe <micheloe@gmail.com>
Date: Wed, 28 Dec 2016 20:47:51 +0100
Subject: [PATCH] tidied up upgrade tmpfile handling (1.95)

---
 getssl | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/getssl b/getssl
index 12703f7..634cbf6 100755
--- a/getssl
+++ b/getssl
@@ -170,10 +170,11 @@
 # 2016-12-23 tidy code - place default variables in alphabetical order.
 # 2016-12-27 update checks to work with openssl in FIPS mode (1.93)
 # 2016-12-28 fix leftover tmpfiles in upgrade routine (1.94)
+# 2016-12-28 tidied up upgrade tmpfile handling (1.95)
 # ----------------------------------------------------------------------------------------
 
 PROGNAME=${0##*/}
-VERSION="1.94"
+VERSION="1.95"
 
 # defaults
 ACCOUNT_KEY_LENGTH=4096
@@ -205,6 +206,7 @@ REUSE_PRIVATE_KEY="true"
 SERVER_TYPE="https"
 SKIP_HTTP_TOKEN_CHECK="false"
 SSLCONF="$(openssl version -d 2>/dev/null| cut -d\" -f2)/openssl.cnf"
+TEMP_UPGRADE_FILE=""
 TOKEN_USER_ID=""
 USE_SINGLE_ACL="false"
 VALIDATE_VIA_DNS=""
@@ -300,17 +302,15 @@ check_challenge_completion() { # checks with the ACME server if our challenge is
 }
 
 check_getssl_upgrade() { # check if a more recent version of code is available available
-  temp_upgrade="$(mktemp)"
-  curl --silent "$CODE_LOCATION" --output "$temp_upgrade"
+  TEMP_UPGRADE_FILE="$(mktemp)"
+  curl --silent "$CODE_LOCATION" --output "$TEMP_UPGRADE_FILE"
   errcode=$?
   if [[ $errcode -eq 60 ]]; then
-    rm -f "$temp_upgrade"
     error_exit "curl needs updating, your version does not support SNI (multiple SSL domains on a single IP)"
   elif [[ $errcode -gt 0 ]]; then
-    rm -f "$temp_upgrade"
     error_exit "curl error : $errcode"
   fi
-  latestversion=$(awk -F '"' '$1 == "VERSION=" {print $2}' "$temp_upgrade")
+  latestversion=$(awk -F '"' '$1 == "VERSION=" {print $2}' "$TEMP_UPGRADE_FILE")
   latestvdec=$(echo "$latestversion"| tr -d '.')
   localvdec=$(echo "$VERSION"| tr -d '.' )
   debug "current code is version ${VERSION}"
@@ -319,16 +319,15 @@ check_getssl_upgrade() { # check if a more recent version of code is available a
   if [[ "${latestvdec:-0}" -gt "$localvdec" ]]; then
     if [[ ${_UPGRADE} -eq 1 ]]; then
       install "$0" "${0}.v${VERSION}"
-      install -m 700 "$temp_upgrade" "$0"
+      install -m 700 "$TEMP_UPGRADE_FILE" "$0"
       if [[ ${_MUTE} -eq 0 ]]; then
         echo "Updated getssl from v${VERSION} to v${latestversion}"
         echo "these update notification can be turned off using the -Q option"
         echo ""
         echo "Updates are;"
-        awk "/\(${VERSION}\)$/ {s=1} s; /\(${latestversion}\)$/ {s=0}" "$temp_upgrade" | awk '{if(NR>1)print}'
+        awk "/\(${VERSION}\)$/ {s=1} s; /\(${latestversion}\)$/ {s=0}" "$TEMP_UPGRADE_FILE" | awk '{if(NR>1)print}'
         echo ""
       fi
-      rm -f "$temp_upgrade"
       eval "$ORIGCMD"
       graceful_exit
     else
@@ -338,7 +337,6 @@ check_getssl_upgrade() { # check if a more recent version of code is available a
       info ""
     fi
   fi
-  rm -f "$temp_upgrade"
 }
 
 clean_up() { # Perform pre-exit housekeeping
@@ -357,6 +355,9 @@ clean_up() { # Perform pre-exit housekeeping
   if [[ ! -z "$DOMAIN_DIR" ]]; then
     rm -rf "${TEMP_DIR:?}"
   fi
+  if [[ ! -z "$TEMP_UPGRADE_FILE" ]] && [[ -f "$TEMP_UPGRADE_FILE" ]]; then
+    rm -f "$TEMP_UPGRADE_FILE"
+  fi
 }
 
 copy_file_to_location() { # copies a file, using scp if required.