From 04784be03e61dd126abd465211cebb8a59c76587 Mon Sep 17 00:00:00 2001
From: Carl Tashian <carl@smallstep.com>
Date: Tue, 21 Sep 2021 17:23:29 -0700
Subject: [PATCH] Update cert-renewer@.service

Wrap command line env variables in braces so they are treated as a single argument (rather than split on whitespace)
---
 systemd/cert-renewer@.service | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/systemd/cert-renewer@.service b/systemd/cert-renewer@.service
index 5b56f5fc..a9962c2e 100644
--- a/systemd/cert-renewer@.service
+++ b/systemd/cert-renewer@.service
@@ -15,10 +15,10 @@ Environment=STEPPATH=/etc/step-ca \
 ; ExecCondition checks if the certificate is ready for renewal,
 ; based on the exit status of the command.
 ; (In systemd 242 or below, you can use ExecStartPre= here.)
-ExecCondition=/usr/bin/step certificate needs-renewal $CERT_LOCATION
+ExecCondition=/usr/bin/step certificate needs-renewal ${CERT_LOCATION}
 
 ; ExecStart renews the certificate, if ExecStartPre was successful.
-ExecStart=/usr/bin/step ca renew --force $CERT_LOCATION $KEY_LOCATION
+ExecStart=/usr/bin/step ca renew --force ${CERT_LOCATION} ${KEY_LOCATION}
 
 ; Try to reload or restart the systemd service that relies on this cert-renewer
 ; If the relying service doesn't exist, forge ahead.