cloud_discovery: place intermediate files into the /tmp folder

Fixes: WIFI-14694
Signed-off-by: John Crispin <john@phrozen.org>

feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery

@@ -155,7 +155,7 @@ function discover_dhcp() {
 }
 
 function generate_csr() {
-	if (!fs.stat('/etc/ucentral/csr.nohdr.p10')) {
+	if (!fs.stat('/rmp/csr.nohdr.p10')) {
 		let pipe = fs.popen('openssl x509 -in /etc/ucentral/cert.pem -noout -subject');
 		let subject = pipe.read("all");
 		pipe.close();
@@ -164,14 +164,14 @@ function generate_csr() {
 		subject = replace(subject, ' = ', '=');
 		subject = replace(subject, ', ', '/');
 
-		let ret = system(`openssl req -subj "${subject}" -new -key /etc/ucentral/key.pem -out /etc/ucentral/csr.p10`);
+		let ret = system(`openssl req -subj "${subject}" -new -key /etc/ucentral/key.pem -out /tmp/csr.p10`);
 		if (ret) {
 			ulog(LOG_INFO, 'Failed to generate CSR\n');
 			return 1;
 		}
 
-		let input = fs.open('/etc/ucentral/csr.p10', 'r');
-		let output = fs.open('/etc/ucentral/csr.nohdr.p10', 'w');
+		let input = fs.open('/tmp/csr.p10', 'r');
+		let output = fs.open('/tmp/csr.nohdr.p10', 'w');
 		let line;
 		while (line = input.read('line')) {
 		        if (substr(line, 0, 4) == '----')
@@ -214,14 +214,14 @@ function discover_operational_cert() {
 	if (generate_csr())
 		return 1;
 
-	let ret = system('curl -X POST https://qaest.certificates.open-lan.org:8001/.well-known/est/simpleenroll -d @/etc/ucentral/csr.nohdr.p10 -H "Content-Type: application/pkcs10" --cert /etc/ucentral/cert.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /etc/ucentral/operational.nohdr.p7');
+	let ret = system('curl -X POST https://qaest.certificates.open-lan.org:8001/.well-known/est/simpleenroll -d @/tmp/csr.nohdr.p10 -H "Content-Type: application/pkcs10" --cert /etc/ucentral/cert.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.nohdr.p7');
 	if (ret) {
 		ulog(LOG_INFO, 'Failed to request operational certificate\n');
 		return 1;
 	}
 	ulog(LOG_INFO, 'EST succeeded\n');
 
-	ret = p7_too_pem('/etc/ucentral/operational.nohdr.p7', '/etc/ucentral/operational.pem');
+	ret = p7_too_pem('/tmp/operational.nohdr.p7', '/etc/ucentral/operational.pem');
 	if (ret) {
 		ulog(LOG_INFO, 'Failed to convert P7 to PEM\n');
 		return 1;
@@ -236,9 +236,9 @@ function discover_operational_ca() {
 		ulog(LOG_INFO, 'Operational CA is present\n');
 		return 0;
 	}
-	let ret = system('curl -X GET https://qaest.certificates.open-lan.org:8001/.well-known/est/cacerts --cert /etc/ucentral/cert.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /etc/ucentral/operational.ca.nohdr.p7');
+	let ret = system('curl -X GET https://qaest.certificates.open-lan.org:8001/.well-known/est/cacerts --cert /etc/ucentral/cert.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.ca.nohdr.p7');
 	if (!ret)
-		ret = p7_too_pem('/etc/ucentral/operational.ca.nohdr.p7', '/etc/ucentral/operational.ca');
+		ret = p7_too_pem('/tmp/operational.ca.nohdr.p7', '/etc/ucentral/operational.ca');
 	if (ret) {
 		ulog(LOG_INFO, 'Failed to load CA\n');
 		return 1;