Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

acme: Update to v1.3.

Browse source 
This version handles transitioning from a previous certificate that was
issues using the staging server, adds more debug logging, and handles
state directories better if issuing fails.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This commit is contained in:
Toke Høiland-Jørgensen 2016-11-25 15:40:13 +01:00
parent 413ce0d033
commit 5a90e41b30
2 changed files with 38 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
net/acme/Makefile
View file

@ -9,8 +9,8 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=acme PKG_NAME:=acme
PKG_SOURCE_VERSION:=3c33cdfa3da68000a40b85304821705f0deea951 PKG_SOURCE_VERSION:=3c33cdfa3da68000a40b85304821705f0deea951
PKG_VERSION:=1.2 PKG_VERSION:=1.3
PKG_RELEASE:=2 PKG_RELEASE:=1
PKG_LICENSE:=GPLv3 PKG_LICENSE:=GPLv3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE).tar.xz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE).tar.xz

35
net/acme/files/run.sh
View file

@ -26,11 +26,18 @@ check_cron()
/etc/init.d/cron start /etc/init.d/cron start
} }
debug()
{
[ "$DEBUG" -eq "1" ] && echo "$@" >&2
}
pre_checks() pre_checks()
{ {
echo "Running pre checks." echo "Running pre checks."
check_cron check_cron
[ -d "$STATE_DIR" ] || mkdir -p "$STATE_DIR"
if [ -e /etc/init.d/uhttpd ]; then if [ -e /etc/init.d/uhttpd ]; then
UHTTPD_LISTEN_HTTP=$(uci get uhttpd.main.listen_http) UHTTPD_LISTEN_HTTP=$(uci get uhttpd.main.listen_http)
@ -42,6 +49,9 @@ pre_checks()
iptables -I input_rule -p tcp --dport 80 -j ACCEPT || return 1 iptables -I input_rule -p tcp --dport 80 -j ACCEPT || return 1
ip6tables -I input_rule -p tcp --dport 80 -j ACCEPT || return 1 ip6tables -I input_rule -p tcp --dport 80 -j ACCEPT || return 1
debug "v4 input_rule: $(iptables -nvL input_rule)"
debug "v6 input_rule: $(ip6tables -nvL input_rule)"
debug "port80 listens: $(netstat -ntpl | grep :80)"
return 0 return 0
} }
@ -71,6 +81,14 @@ int_out()
kill -INT $$ kill -INT $$
} }
is_staging()
{
local main_domain="$1"
grep -q "acme-staging" "$STATE_DIR/$main_domain/${main_domain}.conf"
return $?
}
issue_cert() issue_cert()
{ {
local section="$1" local section="$1"
@ -81,6 +99,8 @@ issue_cert()
local keylength local keylength
local domains local domains
local main_domain local main_domain
local moved_staging=0
local failed_dir
config_get_bool enabled "$section" enabled 0 config_get_bool enabled "$section" enabled 0
config_get_bool use_staging "$section" use_staging config_get_bool use_staging "$section" use_staging
@ -96,9 +116,16 @@ issue_cert()
main_domain=$1 main_domain=$1
if [ -e "$STATE_DIR/$main_domain" ]; then if [ -e "$STATE_DIR/$main_domain" ]; then
if [ "$use_staging" -eq "0" ] && is_staging "$main_domain"; then
echo "Found previous cert issued using staging server. Moving it out of the way."
mv "$STATE_DIR/$main_domain" "$STATE_DIR/$main_domain.staging"
moved_staging=1
else
echo "Found previous cert config. Issuing renew."
$ACME --home "$STATE_DIR" --renew -d "$main_domain" $acme_args || return 1 $ACME --home "$STATE_DIR" --renew -d "$main_domain" $acme_args || return 1
return 0 return 0
fi fi
fi
acme_args="$acme_args $(for d in $domains; do echo -n "-d $d "; done)" acme_args="$acme_args $(for d in $domains; do echo -n "-d $d "; done)"
@ -108,7 +135,13 @@ issue_cert()
[ "$use_staging" -eq "1" ] && acme_args="$acme_args --staging" [ "$use_staging" -eq "1" ] && acme_args="$acme_args --staging"
if ! $ACME --home "$STATE_DIR" --issue $acme_args; then if ! $ACME --home "$STATE_DIR" --issue $acme_args; then
echo "Issuing cert for $main_domain failed. It may be necessary to remove $STATE_DIR/$main_domain to recover." >&2 failed_dir="$STATE_DIR/${main_domain}.failed-$(date +%s)"
echo "Issuing cert for $main_domain failed. Moving state to $failed_dir" >&2
[ -d "$STATE_DIR/$main_domain" ] && mv "$STATE_DIR/$main_domain" "$failed_dir"
if [ "$moved_staging" -eq "1" ]; then
echo "Restoring staging certificate" >&2
mv "$STATE_DIR/${main_domain}.staging" "$STATE_DIR/${main_domain}"
fi
return 1 return 1
fi fi