Minor.

Author: pavel-raykov

keystore/file.go

@@ -1,12 +1,14 @@
 package keystore
 
 import (
+	"bytes"
 	"context"
+	"fmt"
+	"io"
 	"os"
+	"path/filepath"
 )
 
-const readWritePerms = os.FileMode(0600)
-
 var _ Storage = &FileStorage{}
 
 // FileStorage implements Storage using a file
@@ -25,5 +27,90 @@ func (f *FileStorage) GetEncryptedKeystore(ctx context.Context) ([]byte, error)
 }
 
 func (f *FileStorage) PutEncryptedKeystore(ctx context.Context, encryptedKeystore []byte) error {
-	return os.WriteFile(f.name, encryptedKeystore, readWritePerms)
+	return writeFile(f.name, bytes.NewReader(encryptedKeystore))
+}
+
+// The atomic write function below is from https://github.com/natefinch/atomic/blob/master/atomic.go under license:
+// The MIT License (MIT)
+//
+// # Copyright (c) 2015 Nate Finch
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+// SOFTWARE.
+//
+// writeFile atomically writes the contents of r to the specified filepath.  If
+// an error occurs, the target file is guaranteed to be either fully written, or
+// not written at all.  writeFile overwrites any file that exists at the
+// location (but only if the write fully succeeds, otherwise the existing file
+// is unmodified).
+func writeFile(filename string, r io.Reader) (err error) {
+	// write to a temp file first, then we'll atomically replace the target file
+	// with the temp file.
+	dir, file := filepath.Split(filename)
+	if dir == "" {
+		dir = "."
+	}
+
+	f, err := os.CreateTemp(dir, file)
+	if err != nil {
+		return fmt.Errorf("cannot create temp file: %v", err)
+	}
+	defer func() {
+		if err != nil {
+			// Don't leave the temp file lying around on error.
+			_ = os.Remove(f.Name()) // yes, ignore the error, not much we can do about it.
+		}
+	}()
+	// ensure we always close f. Note that this does not conflict with the
+	// close below, as close is idempotent.
+	defer f.Close()
+	name := f.Name()
+	if _, err := io.Copy(f, r); err != nil {
+		return fmt.Errorf("cannot write data to tempfile %q: %v", name, err)
+	}
+	// fsync is important, otherwise os.Rename could rename a zero-length file
+	if err := f.Sync(); err != nil {
+		return fmt.Errorf("can't flush tempfile %q: %v", name, err)
+	}
+	if err := f.Close(); err != nil {
+		return fmt.Errorf("can't close tempfile %q: %v", name, err)
+	}
+
+	// get the file mode from the original file and use that for the replacement
+	// file, too.
+	destInfo, err := os.Stat(filename)
+	if os.IsNotExist(err) {
+		// no original file
+	} else if err != nil {
+		return err
+	} else {
+		sourceInfo, err := os.Stat(name)
+		if err != nil {
+			return err
+		}
+		if sourceInfo.Mode() != destInfo.Mode() {
+			if err := os.Chmod(name, destInfo.Mode()); err != nil {
+				return fmt.Errorf("can't set filemode on tempfile %q: %v", name, err)
+			}
+		}
+	}
+	if err := os.Rename(name, filename); err != nil {
+		return fmt.Errorf("cannot replace %q with tempfile %q: %v", filename, name, err)
+	}
+	return nil
 }