Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #21079 from hgl/acme-common

Browse source 
acme: improve
This commit is contained in:
Toke Høiland-Jørgensen 2023-05-31 11:06:04 +02:00 committed by GitHub
commit cc78c5e2ba
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 42 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
net/acme-acmesh/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=acme-acmesh PKG_NAME:=acme-acmesh
PKG_VERSION:=3.0.1 PKG_VERSION:=3.0.1
PKG_RELEASE:=10 PKG_RELEASE:=11
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/acmesh-official/acme.sh/tar.gz/$(PKG_VERSION)? PKG_SOURCE_URL:=https://codeload.github.com/acmesh-official/acme.sh/tar.gz/$(PKG_VERSION)?

54
net/acme-acmesh/files/hook.sh
View file

@ -2,8 +2,6 @@
set -u set -u
ACME=/usr/lib/acme/client/acme.sh ACME=/usr/lib/acme/client/acme.sh
LOG_TAG=acme-acmesh LOG_TAG=acme-acmesh
# webroot option deprecated, use the exported value directly in the next major version
WEBROOT=${webroot:-$CHALLENGE_DIR}
NOTIFY=/usr/lib/acme/notify NOTIFY=/usr/lib/acme/notify
# shellcheck source=net/acme/files/functions.sh # shellcheck source=net/acme/files/functions.sh
@ -13,30 +11,32 @@ NOTIFY=/usr/lib/acme/notify
export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
export NO_TIMESTAMP=1 export NO_TIMESTAMP=1
link_certs() link_certs() {
{ local main_domain
local main_domain local domain_dir
local domain_dir domain_dir="$1"
domain_dir="$1" main_domain="$2"
main_domain="$2"
(umask 077; cat "$domain_dir/fullchain.cer" "$domain_dir/$main_domain.key" > "$domain_dir/combined.cer") (
umask 077
cat "$domain_dir/fullchain.cer" "$domain_dir/$main_domain.key" >"$domain_dir/combined.cer"
)
if [ ! -e "$CERT_DIR/$main_domain.crt" ]; then if [ ! -e "$CERT_DIR/$main_domain.crt" ]; then
ln -s "$domain_dir/$main_domain.cer" "$CERT_DIR/$main_domain.crt" ln -s "$domain_dir/$main_domain.cer" "$CERT_DIR/$main_domain.crt"
fi fi
if [ ! -e "$CERT_DIR/$main_domain.key" ]; then if [ ! -e "$CERT_DIR/$main_domain.key" ]; then
ln -s "$domain_dir/$main_domain.key" "$CERT_DIR/$main_domain.key" ln -s "$domain_dir/$main_domain.key" "$CERT_DIR/$main_domain.key"
fi fi
if [ ! -e "$CERT_DIR/$main_domain.fullchain.crt" ]; then if [ ! -e "$CERT_DIR/$main_domain.fullchain.crt" ]; then
ln -s "$domain_dir/fullchain.cer" "$CERT_DIR/$main_domain.fullchain.crt" ln -s "$domain_dir/fullchain.cer" "$CERT_DIR/$main_domain.fullchain.crt"
fi fi
if [ ! -e "$CERT_DIR/$main_domain.combined.crt" ]; then if [ ! -e "$CERT_DIR/$main_domain.combined.crt" ]; then
ln -s "$domain_dir/combined.cer" "$CERT_DIR/$main_domain.combined.crt" ln -s "$domain_dir/combined.cer" "$CERT_DIR/$main_domain.combined.crt"
fi fi
if [ ! -e "$CERT_DIR/$main_domain.chain.crt" ]; then if [ ! -e "$CERT_DIR/$main_domain.chain.crt" ]; then
ln -s "$domain_dir/ca.cer" "$CERT_DIR/$main_domain.chain.crt" ln -s "$domain_dir/ca.cer" "$CERT_DIR/$main_domain.chain.crt"
fi fi
} }
case $1 in case $1 in
@ -44,12 +44,14 @@ get)
set -- set --
[ "$debug" = 1 ] && set -- "$@" --debug [ "$debug" = 1 ] && set -- "$@" --debug
case $keylength in case $key_type in
ec-*) ec*)
keylength=${key_type/ec/ec-}
domain_dir="$state_dir/${main_domain}_ecc" domain_dir="$state_dir/${main_domain}_ecc"
set -- "$@" --ecc set -- "$@" --ecc
;; ;;
*) rsa*)
keylength=${key_type#rsa}
domain_dir="$state_dir/$main_domain" domain_dir="$state_dir/$main_domain"
;; ;;
esac esac
@ -71,7 +73,7 @@ get)
case $status in case $status in
0) 0)
link_certs "$domain_dir" "$main_domain" link_certs "$domain_dir" "$main_domain"
$NOTIFY renewed $NOTIFY renewed
exit exit
;; ;;
@ -121,8 +123,8 @@ get)
elif [ "$standalone" = 1 ]; then elif [ "$standalone" = 1 ]; then
set -- "$@" --standalone --listen-v6 set -- "$@" --standalone --listen-v6
else else
mkdir -p "$WEBROOT" mkdir -p "$CHALLENGE_DIR"
set -- "$@" --webroot "$WEBROOT" set -- "$@" --webroot "$CHALLENGE_DIR"
fi fi
set -- "$@" --issue --home "$state_dir" set -- "$@" --issue --home "$state_dir"
@ -137,7 +139,7 @@ get)
case $status in case $status in
0) 0)
link_certs "$domain_dir" "$main_domain" link_certs "$domain_dir" "$main_domain"
$NOTIFY issued $NOTIFY issued
;; ;;
*) *)

2
net/acme-common/Makefile
View file

@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=acme-common PKG_NAME:=acme-common
PKG_VERSION:=1.0.3 PKG_VERSION:=1.0.4
PKG_MAINTAINER:=Toke Høiland-Jørgensen <toke@toke.dk> PKG_MAINTAINER:=Toke Høiland-Jørgensen <toke@toke.dk>
PKG_LICENSE:=GPL-3.0-only PKG_LICENSE:=GPL-3.0-only

16
net/acme-common/files/acme.init
View file

@ -39,8 +39,17 @@ load_options() {
export domains export domains
export main_domain export main_domain
main_domain="$(first_arg $domains)" main_domain="$(first_arg $domains)"
config_get keylength "$section" keylength ec-256 config_get keylength "$section" keylength
export keylength if [ "$keylength" ]; then
log warn "Option \"keylength\" is deprecated, please use key_type (e.g., ec256, rsa2048) instead."
case $keylength in
ec-*) key_type=${keylength/-/} ;;
*) key_type=rsa$keylength ;;
esac
else
config_get key_type "$section" key_type ec256
fi
export key_type
config_get dns "$section" dns config_get dns "$section" dns
export dns export dns
config_get acme_server "$section" acme_server config_get acme_server "$section" acme_server
@ -51,11 +60,10 @@ load_options() {
export standalone export standalone
config_get dns_wait "$section" dns_wait config_get dns_wait "$section" dns_wait
export dns_wait export dns_wait
config_get webroot "$section" webroot config_get webroot "$section" webroot
export webroot
if [ "$webroot" ]; then if [ "$webroot" ]; then
log warn "Option \"webroot\" is deprecated, please remove it and change your web server's config so it serves ACME challenge requests from $CHALLENGE_DIR." log warn "Option \"webroot\" is deprecated, please remove it and change your web server's config so it serves ACME challenge requests from $CHALLENGE_DIR."
CHALLENGE_DIR=$webroot
fi fi
} }