From 342b588a3ade156a2fac1fc655661681ba3d1349 Mon Sep 17 00:00:00 2001
From: Tabis Kabis <Tabiskabis@users.noreply.github.com>
Date: Sat, 9 Sep 2023 12:17:08 +0200
Subject: [PATCH] gen-crl: preserve existing crl.pem ownership+mode

Signed-off-by: Tabis Kabis <Tabiskabis@users.noreply.github.com>
---
 easyrsa3/easyrsa | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index d266feb..1100ec2 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -3721,6 +3721,11 @@ gen_crl() {
 	easyrsa_mktemp out_file_tmp || \
 		die "gen_crl - easyrsa_mktemp out_file_tmp"
 
+	if [ -r "$out_file" ]; then 
+		cp -p "$out_file" "$out_file_tmp" || \
+			warn "Failed to copy existing crl.pem - won't preserve file permissions."
+	fi
+
 	easyrsa_openssl ca -utf8 -gencrl -out "$out_file_tmp" \
 		${EASYRSA_CRL_DAYS:+ -days "$EASYRSA_CRL_DAYS"} \
 		${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} || \