acme: New version 1.2.

This version will use the standalone (netcat) mode of acme.sh during
verification instead of exposing uhttpd to the internet for the duration
of the verification. It will also add an ip6tables rule to also support
verification over IPv6.

Also contains an updated version of acme.sh.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>

net/acme/Makefile

@@ -8,8 +8,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=acme
-PKG_SOURCE_VERSION:=1e6b68f5d187fa3d64c889d04a77ee1c79726282
+PKG_SOURCE_VERSION:=3c33cdfa3da68000a40b85304821705f0deea951
-PKG_VERSION:=1.1
+PKG_VERSION:=1.2
 PKG_RELEASE:=1
 PKG_LICENSE:=GPLv3
 
@@ -25,7 +25,7 @@ include $(INCLUDE_DIR)/package.mk
 define Package/acme
   SECTION:=net
   CATEGORY:=Network
-  DEPENDS:=+curl +ca-certificates +uhttpd-mod-tls +openssl-util
+  DEPENDS:=+curl +ca-certificates +openssl-util +netcat
   TITLE:=ACME (Letsencrypt) client
   PKGARCH:=all
   MAINTAINER:=Toke Høiland-Jørgensen <toke@toke.dk>

net/acme/files/run.sh

@@ -12,7 +12,6 @@ CHECK_CRON=$1
 ACME=/usr/lib/acme/acme.sh
 export SSL_CERT_DIR=/etc/ssl/certs
 
-UHTTPD_REDIRECT_HTTPS=
 UHTTPD_LISTEN_HTTP=
 STATE_DIR='/etc/acme'
 ACCOUNT_EMAIL=
@@ -32,15 +31,17 @@ pre_checks()
     echo "Running pre checks."
     check_cron
 
-    UHTTPD_REDIRECT_HTTPS=$(uci get uhttpd.main.redirect_https)
+    if [ -e /etc/init.d/uhttpd ]; then
-    UHTTPD_LISTEN_HTTP=$(uci get uhttpd.main.listen_http)
 
-    uci set uhttpd.main.redirect_https=1
+       UHTTPD_LISTEN_HTTP=$(uci get uhttpd.main.listen_http)
-    uci set uhttpd.main.listen_http='0.0.0.0:80'
+
-    uci commit uhttpd
+       uci set uhttpd.main.listen_http=''
-    /etc/init.d/uhttpd reload || return 1
+       uci commit uhttpd
+       /etc/init.d/uhttpd reload || return 1
+    fi
 
     iptables -I input_rule -p tcp --dport 80 -j ACCEPT || return 1
+    ip6tables -I input_rule -p tcp --dport 80 -j ACCEPT || return 1
     return 0
 }
 
@@ -48,11 +49,13 @@ post_checks()
 {
     echo "Running post checks (cleanup)."
     iptables -D input_rule -p tcp --dport 80 -j ACCEPT
+    ip6tables -D input_rule -p tcp --dport 80 -j ACCEPT
 
-    uci set uhttpd.main.redirect_https="$UHTTPD_REDIRECT_HTTPS"
+    if [ -e /etc/init.d/uhttpd ]; then
-    uci set uhttpd.main.listen_http="$UHTTPD_LISTEN_HTTP"
+        uci set uhttpd.main.listen_http="$UHTTPD_LISTEN_HTTP"
-    uci commit uhttpd
+        uci commit uhttpd
-    /etc/init.d/uhttpd reload
+        /etc/init.d/uhttpd reload
+    fi
 }
 
 err_out()
@@ -64,8 +67,8 @@ err_out()
 int_out()
 {
     post_checks
-    trap - SIGINT
+    trap - INT
-    kill -SIGINT $$
+    kill -INT $$
 }
 
 issue_cert()
@@ -99,7 +102,7 @@ issue_cert()
 
 
     acme_args="$acme_args $(for d in $domains; do echo -n "-d $d "; done)"
-    acme_args="$acme_args --webroot $(uci get uhttpd.main.home)"
+    acme_args="$acme_args --standalone"
     acme_args="$acme_args --keylength $keylength"
     [ -n "$ACCOUNT_EMAIL" ] && acme_args="$acme_args --accountemail $ACCOUNT_EMAIL"
     [ "$use_staging" -eq "1" ] && acme_args="$acme_args --staging"
@@ -135,8 +138,8 @@ config_load acme
 config_foreach load_vars acme
 
 pre_checks || exit 1
-trap err_out SIGHUP SIGTERM
+trap err_out HUP TERM
-trap int_out SIGINT
+trap int_out INT
 
 config_foreach issue_cert cert
 post_checks