The documentation reads:
--cut: http://exim.org/exim-html-current/doc/html/spec_html/ch39.html --
To replace the parameters with new ones, instead of deleting the
file and letting Exim re-create it, you can generate new parameters
using certtool and, when this has been done, replace Exim’s cache
file by renaming. The relevant commands are something like this:
# rm -f new-params
# touch new-params
# chown exim:exim new-params
# chmod 0400 new-params
# certtool --generate-privkey --bits 512 >new-params
# echo "" >>new-params
# certtool --generate-dh-params --bits 1024 >> new-params
# mv new-params gnutls-params
--cut:
http://exim.org/exim-html-current/doc/html/spec_html/ch39.html --
Arguably, it doesn't make sense to use >> here. Also, while it
may not be a problem in practice, the use of touch(1) followed
by chmod(1) is a race, easily avoidable with the use of the
umask command.
Consider, e. g., the following example code instead:
#!/bin/sh
rm -f new-params
umask 0277
{
certtool --generate-privkey --bits 512
echo ""
certtool --generate-dh-params --bits 1024
} > new-params
chown exim:exim new-params
mv new-params gnutls-params
Should something like mktemp(1) be used as well, the rm(1)
vs. touch(1) race will also be avoided, and it will be perfectly
safe to run multiple instances of the code above at once. (Just
as with Exim computing new D-H parameters by itself.)
--
FSF associate member #7257
