From: Toke Høiland-Jørgensen Date: Wed, 14 Dec 2022 14:11:58 +0000 (+0100) Subject: acme-common: Export canonical paths for storing certificates and challenges X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=e3d6422dc551fae6a502a10a554296765e2c59f6;p=openwrt-packages.git acme-common: Export canonical paths for storing certificates and challenges The contract between the acme-common framework and consumers and hook scripts is that certificates can be consumed from /etc/ssl/acme and that web challenges are stored in /var/run/acme/challenge. Make this explicit by exporting $CERT_DIR and $CHALLENGE_DIR as environment variables as well, instead of having knowledge of those paths depend on out-of-band information. We already exported $challenge_dir, but let's change it to upper-case to make it clear that it's not a user configuration variable. Signed-off-by: Toke Høiland-Jørgensen --- diff --git a/net/acme-common/files/acme.sh b/net/acme-common/files/acme.sh index 5a2f7d739..defd66005 100644 --- a/net/acme-common/files/acme.sh +++ b/net/acme-common/files/acme.sh @@ -9,7 +9,8 @@ # Authors: Toke Høiland-Jørgensen run_dir=/var/run/acme -export challenge_dir=$run_dir/challenge +export CHALLENGE_DIR=$run_dir/challenge +export CERT_DIR=/etc/ssl/acme NFT_HANDLE= HOOK=/usr/lib/acme/hook LOG_TAG=acme @@ -63,7 +64,7 @@ load_options() { config_get webroot "$section" webroot export webroot if [ "$webroot" ]; then - log warn "Option \"webroot\" is deprecated, please remove it and change your web server's config so it serves ACME challenge requests from $challenge_dir." + log warn "Option \"webroot\" is deprecated, please remove it and change your web server's config so it serves ACME challenge requests from $CHALLENGE_DIR." fi } @@ -79,7 +80,7 @@ get_cert() { load_options "$section" if [ -z "$dns" ] && [ "$standalone" = 0 ]; then - mkdir -p "$challenge_dir" + mkdir -p "$CHALLENGE_DIR" fi if [ "$standalone" = 1 ] && [ -z "$NFT_HANDLE" ]; then @@ -109,7 +110,7 @@ load_globals() { config_get state_dir "$section" state_dir if [ "$state_dir" ]; then - log warn "Option \"state_dir\" is deprecated, please remove it. Certificates now exist in /etc/ssl/acme." + log warn "Option \"state_dir\" is deprecated, please remove it. Certificates now exist in $CERT_DIR." mkdir -p "$state_dir" else state_dir=/etc/acme