From f6ef44044d1c6d5bf4643e1d175299c10a526410 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Fri, 25 Jun 2021 21:58:01 -0700 Subject: [PATCH 1/2] acme: update to 2.9.0 Switch to AUTORELEASE to avoid bumping PKG_RELEASE all the time. Run shell scripts through shfmt -w -ci -bn -sr -s in order to have a standard style. Signed-off-by: Rosen Penev --- net/acme/Makefile | 6 ++--- net/acme/files/acme.init | 6 ++--- net/acme/files/run.sh | 51 +++++++++++++++------------------------- 3 files changed, 24 insertions(+), 39 deletions(-) diff --git a/net/acme/Makefile b/net/acme/Makefile index 7940a589d..90c0b5909 100644 --- a/net/acme/Makefile +++ b/net/acme/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=acme -PKG_VERSION:=2.8.7 -PKG_RELEASE:=6 +PKG_VERSION:=2.9.0 +PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/acmesh-official/acme.sh/tar.gz/$(PKG_VERSION)? -PKG_HASH:=774010429730882f6bbfcd3756ff0fa755846106664841092af828a814159861 +PKG_HASH:=bb8cfb8333bc9e986bb8b7644d518bc238b353c871c343b7edf8cda7b7dd903c PKG_BUILD_DIR:=$(BUILD_DIR)/acme.sh-$(PKG_VERSION) PKG_MAINTAINER:=Toke Høiland-Jørgensen diff --git a/net/acme/files/acme.init b/net/acme/files/acme.init index 7e144b4e8..6a20ccb91 100644 --- a/net/acme/files/acme.init +++ b/net/acme/files/acme.init @@ -5,8 +5,7 @@ USE_PROCD=1 START=50 SCRIPT=/usr/lib/acme/run-acme -start_service() -{ +start_service() { procd_open_instance procd_set_param command $SCRIPT procd_set_param file /etc/config/acme @@ -29,7 +28,6 @@ boot() { start } -service_triggers() -{ +service_triggers() { procd_add_reload_trigger acme } diff --git a/net/acme/files/run.sh b/net/acme/files/run.sh index c2c4a57eb..744e13338 100644 --- a/net/acme/files/run.sh +++ b/net/acme/files/run.sh @@ -24,45 +24,39 @@ USER_CLEANUP= . /lib/functions.sh -check_cron() -{ +check_cron() { [ -f "/etc/crontabs/root" ] && grep -q '/etc/init.d/acme' /etc/crontabs/root && return echo "0 0 * * * /etc/init.d/acme start" >> /etc/crontabs/root /etc/init.d/cron start } -log() -{ +log() { logger -t acme -s -p daemon.info -- "$@" } -err() -{ +err() { logger -t acme -s -p daemon.err -- "$@" } -debug() -{ +debug() { [ "$DEBUG" -eq "1" ] && logger -t acme -s -p daemon.debug -- "$@" } get_listeners() { local proto rq sq listen remote state program - netstat -nptl 2>/dev/null | while read proto rq sq listen remote state program; do + netstat -nptl 2> /dev/null | while read proto rq sq listen remote state program; do case "$proto#$listen#$program" in tcp#*:80#[0-9]*/*) echo -n "${program%% *} " ;; esac done } -run_acme() -{ +run_acme() { debug "Running acme.sh as '$ACME $@'" $ACME "$@" } -pre_checks() -{ +pre_checks() { main_domain="$1" log "Running pre checks for $main_domain." @@ -94,7 +88,7 @@ pre_checks() uci set uhttpd.main.listen_http='' uci commit uhttpd || return 1 - if ! /etc/init.d/uhttpd reload ; then + if ! /etc/init.d/uhttpd reload; then uci set uhttpd.main.listen_http="$UHTTPD_LISTEN_HTTP" uci commit uhttpd return 1 @@ -138,15 +132,14 @@ pre_checks() return 0 } -post_checks() -{ +post_checks() { log "Running post checks (cleanup)." # The comment ensures we only touch our own rules. If no rules exist, that # is fine, so hide any errors - iptables -D input_rule -p tcp --dport 80 -j ACCEPT -m comment --comment "ACME" 2>/dev/null - ip6tables -D input_rule -p tcp --dport 80 -j ACCEPT -m comment --comment "ACME" 2>/dev/null + iptables -D input_rule -p tcp --dport 80 -j ACCEPT -m comment --comment "ACME" 2> /dev/null + ip6tables -D input_rule -p tcp --dport 80 -j ACCEPT -m comment --comment "ACME" 2> /dev/null - if [ -e /etc/init.d/uhttpd ] && ( [ -n "$UHTTPD_LISTEN_HTTP" ] || [ "$UPDATE_UHTTPD" -eq 1 ] ); then + if [ -e /etc/init.d/uhttpd ] && ([ -n "$UHTTPD_LISTEN_HTTP" ] || [ "$UPDATE_UHTTPD" -eq 1 ]); then if [ -n "$UHTTPD_LISTEN_HTTP" ]; then uci set uhttpd.main.listen_http="$UHTTPD_LISTEN_HTTP" UHTTPD_LISTEN_HTTP= @@ -155,7 +148,7 @@ post_checks() /etc/init.d/uhttpd reload fi - if [ -e /etc/init.d/nginx ] && ( [ "$NGINX_WEBSERVER" -eq 1 ] || [ "$UPDATE_NGINX" -eq 1 ] ); then + if [ -e /etc/init.d/nginx ] && ([ "$NGINX_WEBSERVER" -eq 1 ] || [ "$UPDATE_NGINX" -eq 1 ]); then NGINX_WEBSERVER=0 /etc/init.d/nginx restart fi @@ -166,21 +159,18 @@ post_checks() fi } -err_out() -{ +err_out() { post_checks exit 1 } -int_out() -{ +int_out() { post_checks trap - INT kill -INT $$ } -is_staging() -{ +is_staging() { local main_domain local domain_dir main_domain="$1" @@ -190,8 +180,7 @@ is_staging() return $? } -issue_cert() -{ +issue_cert() { local section="$1" local acme_args= local enabled @@ -275,7 +264,6 @@ issue_cert() fi fi - acme_args="$acme_args $(for d in $domains; do echo -n "-d $d "; done)" acme_args="$acme_args --keylength $keylength" [ -n "$ACCOUNT_EMAIL" ] && acme_args="$acme_args --accountemail $ACCOUNT_EMAIL" @@ -337,7 +325,7 @@ issue_cert() local nginx_updated nginx_updated=0 - if command -v nginx-util 2>/dev/null && [ "$update_nginx" -eq "1" ]; then + if command -v nginx-util 2> /dev/null && [ "$update_nginx" -eq "1" ]; then nginx_updated=1 for domain in $domains; do nginx-util add_ssl "${domain}" acme "${domain_dir}/fullchain.cer" \ @@ -355,8 +343,7 @@ issue_cert() post_checks } -load_vars() -{ +load_vars() { local section="$1" STATE_DIR=$(config_get "$section" state_dir) From a9bb04058a7bc576815c0eef5faab1b0f9c32e4c Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Fri, 25 Jun 2021 22:06:20 -0700 Subject: [PATCH 2/2] acme: run through shellcheck Signed-off-by: Rosen Penev --- net/acme/files/run.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/net/acme/files/run.sh b/net/acme/files/run.sh index 744e13338..a42339daa 100644 --- a/net/acme/files/run.sh +++ b/net/acme/files/run.sh @@ -44,7 +44,7 @@ debug() { get_listeners() { local proto rq sq listen remote state program - netstat -nptl 2> /dev/null | while read proto rq sq listen remote state program; do + netstat -nptl 2> /dev/null | while read -r proto rq sq listen remote state program; do case "$proto#$listen#$program" in tcp#*:80#[0-9]*/*) echo -n "${program%% *} " ;; esac @@ -52,7 +52,7 @@ get_listeners() { } run_acme() { - debug "Running acme.sh as '$ACME $@'" + debug "Running acme.sh as '$ACME $*'" $ACME "$@" } @@ -139,7 +139,7 @@ post_checks() { iptables -D input_rule -p tcp --dport 80 -j ACCEPT -m comment --comment "ACME" 2> /dev/null ip6tables -D input_rule -p tcp --dport 80 -j ACCEPT -m comment --comment "ACME" 2> /dev/null - if [ -e /etc/init.d/uhttpd ] && ([ -n "$UHTTPD_LISTEN_HTTP" ] || [ "$UPDATE_UHTTPD" -eq 1 ]); then + if [ -e /etc/init.d/uhttpd ] && { [ -n "$UHTTPD_LISTEN_HTTP" ] || [ "$UPDATE_UHTTPD" -eq 1 ]; }; then if [ -n "$UHTTPD_LISTEN_HTTP" ]; then uci set uhttpd.main.listen_http="$UHTTPD_LISTEN_HTTP" UHTTPD_LISTEN_HTTP= @@ -148,7 +148,7 @@ post_checks() { /etc/init.d/uhttpd reload fi - if [ -e /etc/init.d/nginx ] && ([ "$NGINX_WEBSERVER" -eq 1 ] || [ "$UPDATE_NGINX" -eq 1 ]); then + if [ -e /etc/init.d/nginx ] && { [ "$NGINX_WEBSERVER" -eq 1 ] || [ "$UPDATE_NGINX" -eq 1 ]; }; then NGINX_WEBSERVER=0 /etc/init.d/nginx restart fi @@ -235,7 +235,7 @@ issue_cert() { [ -n "$webroot" ] || [ -n "$dns" ] || pre_checks "$main_domain" || return 1 fi - if echo $keylength | grep -q "^ec-"; then + if echo "$keylength" | grep -q "^ec-"; then domain_dir="$STATE_DIR/${main_domain}_ecc" keylength_ecc=1 else