From cdaad871b3d50c85dfc41ccaec715e117ce9a855 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= <bserie@evolix.fr>
Date: Mon, 5 Mar 2018 14:44:21 +0100
Subject: [PATCH] Be sure to check the exit code of certbot

If we use set -e but no -o pipefail with a pipe, the last command exit code is
used by set -e.

certbot | grep -v something

If the grep exit with a non-zero exit code, set -e stop the execution of the
script.  We don't care about that grep, so we now use the PIPESTATUS.
---
 evoacme/files/evoacme.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/evoacme/files/evoacme.sh b/evoacme/files/evoacme.sh
index 73523588..814d4553 100755
--- a/evoacme/files/evoacme.sh
+++ b/evoacme/files/evoacme.sh
@@ -204,6 +204,8 @@ main() {
     sudo -u acme test -w "${NEW_DIR}" || error "Directory ${NEW_DIR} is not writable by user 'acme'"
 
     # create a certificate with certbot
+    # we disable the set -e during the certbot call
+    set +e
     sudo -u acme \
         "${CERTBOT_BIN}" \
         certonly \
@@ -220,6 +222,11 @@ main() {
         2>&1 \
             | grep -v "certbot.crypto_util"
 
+    if [ "${PIPESTATUS[0]}" != "0" ]; then
+        error "Certbot has exited with a non-zero exit code"
+    fi
+    set -e
+
     if [ "${DRY_RUN}" = "1" ]; then
         debug "In dry-run mode, we stop here. Bye"
         exit 0