acme: deprecate state_dir
state_dir is actually a hardcoded value in conffiles. Allowing users to customize it could result in losing certificates after upgrading if they don't also specify the dir as being preserved. We shouldn't default to this dangerous behavior. With the new ACME package, certificates live in the standard location /etc/ssl/acme, users who need to do certificate customizations should look for them in that dir instead. Signed-off-by: Glen Huang <i@glenhuang.com>
This commit is contained in:
Glen Huang
parent
dd7e606f17
commit
b907223d57
3 changed files with 16 additions and 10 deletions
|
|
@ -8,7 +8,7 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=acme-common
|
||||
PKG_VERSION:=1.0.1
|
||||
PKG_VERSION:=1.0.2
|
||||
|
||||
PKG_MAINTAINER:=Toke Høiland-Jørgensen <toke@toke.dk>
|
||||
PKG_LICENSE:=GPL-3.0-only
|
||||
|
|
@ -34,6 +34,7 @@ define Package/acme-common/conffiles
|
|||
endef
|
||||
|
||||
define Package/acme-common/install
|
||||
$(INSTALL_DIR) $(1)/etc/acme
|
||||
$(INSTALL_DIR) $(1)/etc/ssl/acme
|
||||
$(INSTALL_DIR) $(1)/etc/config
|
||||
$(INSTALL_CONF) ./files/acme.config $(1)/etc/config/acme
|
||||
|
|
|
|||
|
|
@ -1,5 +1,4 @@
|
|||
config acme
|
||||
option state_dir '/etc/acme'
|
||||
option account_email 'email@example.org'
|
||||
option debug 0
|
||||
|
||||
|
|
|
|||
|
|
@ -8,10 +8,8 @@
|
|||
#
|
||||
# Authors: Toke Høiland-Jørgensen <toke@toke.dk>
|
||||
|
||||
export state_dir=/etc/acme
|
||||
export account_email=
|
||||
export debug=0
|
||||
export run_dir=/var/run/acme
|
||||
run_dir=/var/run/acme
|
||||
export challenge_dir=$run_dir/challenge
|
||||
NFT_HANDLE=
|
||||
HOOK=/usr/lib/acme/hook
|
||||
LOG_TAG=acme
|
||||
|
|
@ -65,7 +63,7 @@ load_options() {
|
|||
config_get webroot "$section" webroot
|
||||
export webroot
|
||||
if [ "$webroot" ]; then
|
||||
log warn "Option \"webroot\" is deprecated, please remove it and change your web server's config so it serves ACME challenge requests from $run_dir/challenge."
|
||||
log warn "Option \"webroot\" is deprecated, please remove it and change your web server's config so it serves ACME challenge requests from $challenge_dir."
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
@ -107,11 +105,19 @@ load_globals() {
|
|||
log err "account_email option is required"
|
||||
exit 1
|
||||
fi
|
||||
export account_email
|
||||
|
||||
config_get state_dir "$section" state_dir "$state_dir"
|
||||
mkdir -p "$state_dir"
|
||||
config_get state_dir "$section" state_dir
|
||||
if [ "$state_dir" ]; then
|
||||
log warn "Option \"state_dir\" is deprecated, please remove it. Certificates now exist in /etc/ssl/acme."
|
||||
mkdir -p "$state_dir"
|
||||
else
|
||||
state_dir=/etc/acme
|
||||
fi
|
||||
export state_dir
|
||||
|
||||
config_get debug "$section" debug "$debug"
|
||||
config_get debug "$section" debug 0
|
||||
export debug
|
||||
|
||||
# only look for the first acme section
|
||||
return 1
|
||||
|
|
|
|||
Loading…
Reference in a new issue