Store issuers cache under os.UserCacheDir

This commit is contained in:
Andrew Ayer 2025-05-06 14:25:41 -04:00
parent 6151cb26da
commit 8119925c16
3 changed files with 31 additions and 4 deletions

View File

@ -89,6 +89,13 @@ func defaultConfigDir() string {
return filepath.Join(homedir(), ".certspotter") return filepath.Join(homedir(), ".certspotter")
} }
} }
func defaultCacheDir() string {
userCacheDir, err := os.UserCacheDir()
if err != nil {
panic(fmt.Errorf("unable to determine user cache directory: %w", err))
}
return filepath.Join(userCacheDir, "certspotter")
}
func defaultWatchListPath() string { func defaultWatchListPath() string {
return filepath.Join(defaultConfigDir(), "watchlist") return filepath.Join(defaultConfigDir(), "watchlist")
} }
@ -192,6 +199,7 @@ func main() {
fsstate := &monitor.FilesystemState{ fsstate := &monitor.FilesystemState{
StateDir: flags.stateDir, StateDir: flags.stateDir,
CacheDir: defaultCacheDir(),
SaveCerts: !flags.noSave, SaveCerts: !flags.noSave,
Script: flags.script, Script: flags.script,
ScriptDir: defaultScriptDir(), ScriptDir: defaultScriptDir(),

View File

@ -28,6 +28,7 @@ import (
type FilesystemState struct { type FilesystemState struct {
StateDir string StateDir string
CacheDir string
SaveCerts bool SaveCerts bool
Script string Script string
ScriptDir string ScriptDir string
@ -40,7 +41,13 @@ func (s *FilesystemState) logStateDir(logID LogID) string {
} }
func (s *FilesystemState) Prepare(ctx context.Context) error { func (s *FilesystemState) Prepare(ctx context.Context) error {
return prepareStateDir(s.StateDir) if err := prepareStateDir(s.StateDir); err != nil {
return err
}
if err := prepareCacheDir(s.CacheDir); err != nil {
return err
}
return nil
} }
func (s *FilesystemState) PrepareLog(ctx context.Context, logID LogID) error { func (s *FilesystemState) PrepareLog(ctx context.Context, logID LogID) error {
@ -94,12 +101,12 @@ func (s *FilesystemState) RemoveSTH(ctx context.Context, logID LogID, sth *cttyp
} }
func (s *FilesystemState) StoreIssuer(ctx context.Context, fingerprint *[32]byte, issuer []byte) error { func (s *FilesystemState) StoreIssuer(ctx context.Context, fingerprint *[32]byte, issuer []byte) error {
filePath := filepath.Join(s.StateDir, "issuers", hex.EncodeToString(fingerprint[:])) filePath := filepath.Join(s.CacheDir, "issuers", hex.EncodeToString(fingerprint[:]))
return writeFile(filePath, issuer, 0666) return writeFile(filePath, issuer, 0666)
} }
func (s *FilesystemState) LoadIssuer(ctx context.Context, fingerprint *[32]byte) ([]byte, error) { func (s *FilesystemState) LoadIssuer(ctx context.Context, fingerprint *[32]byte) ([]byte, error) {
filePath := filepath.Join(s.StateDir, "issuers", hex.EncodeToString(fingerprint[:])) filePath := filepath.Join(s.CacheDir, "issuers", hex.EncodeToString(fingerprint[:]))
issuer, err := os.ReadFile(filePath) issuer, err := os.ReadFile(filePath)
if errors.Is(err, fs.ErrNotExist) { if errors.Is(err, fs.ErrNotExist) {
return nil, nil return nil, nil

View File

@ -145,7 +145,7 @@ func prepareStateDir(stateDir string) error {
return fmt.Errorf("%s was created by a newer version of certspotter; upgrade to the latest version of certspotter or remove this directory to start from scratch", stateDir) return fmt.Errorf("%s was created by a newer version of certspotter; upgrade to the latest version of certspotter or remove this directory to start from scratch", stateDir)
} }
for _, subdir := range []string{"certs", "logs", "healthchecks", "issuers"} { for _, subdir := range []string{"certs", "logs", "healthchecks"} {
if err := os.Mkdir(filepath.Join(stateDir, subdir), 0777); err != nil && !errors.Is(err, fs.ErrExist) { if err := os.Mkdir(filepath.Join(stateDir, subdir), 0777); err != nil && !errors.Is(err, fs.ErrExist) {
return err return err
} }
@ -153,3 +153,15 @@ func prepareStateDir(stateDir string) error {
return nil return nil
} }
func prepareCacheDir(cacheDir string) error {
if err := os.MkdirAll(cacheDir, 0777); err != nil {
return err
}
for _, subdir := range []string{"issuers"} {
if err := os.Mkdir(filepath.Join(cacheDir, subdir), 0777); err != nil && !errors.Is(err, fs.ErrExist) {
return err
}
}
return nil
}