cubixle/packages
1
0
Fork 0
mirror of https://github.com/novatiq/packages.git synced 2026-04-30 15:38:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

acme: Backport two bug fixes from master

Browse Source 
This backports the following bug-fix commits from the master branch:

c6b4d7f367 ("acme: Include empty 'dns' config option by default")
983cc995a3 ("acme: Correctly handle domain state dir for ECC certificates")

Fixes #11675.

Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
This commit is contained in:
Toke Høiland-Jørgensen
2020-03-26 16:37:09 +01:00
parent 40c5dd0ba1
commit 9ba7b1799c
3 changed files with 24 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
net/acme/Makefile
+1 -1
View File
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=acme PKG_NAME:=acme
PKG_VERSION:=2.8.5 PKG_VERSION:=2.8.5
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/Neilpang/acme.sh/tar.gz/$(PKG_VERSION)? PKG_SOURCE_URL:=https://codeload.github.com/Neilpang/acme.sh/tar.gz/$(PKG_VERSION)?
net/acme/files/acme.config
+1
View File
@@ -10,4 +10,5 @@ config cert 'example'
option update_uhttpd 1 option update_uhttpd 1
option update_nginx 1 option update_nginx 1
option webroot "" option webroot ""
option dns ""
list domains example.org list domains example.org
net/acme/files/run.sh
+22 -12
View File
@@ -165,9 +165,12 @@ int_out()
is_staging() is_staging()
{ {
local main_domain="$1" local main_domain
local domain_dir
main_domain="$1"
domain_dir="$2"
grep -q "acme-staging" "$STATE_DIR/$main_domain/${main_domain}.conf" grep -q "acme-staging" "${domain_dir}/${main_domain}.conf"
return $? return $?
} }
@@ -187,6 +190,7 @@ issue_cert()
local webroot local webroot
local dns local dns
local ret local ret
local domain_dir
config_get_bool enabled "$section" enabled 0 config_get_bool enabled "$section" enabled 0
config_get_bool use_staging "$section" use_staging config_get_bool use_staging "$section" use_staging
@@ -209,6 +213,12 @@ issue_cert()
[ -n "$webroot" ] || [ -n "$dns" ] || pre_checks "$main_domain" || return 1 [ -n "$webroot" ] || [ -n "$dns" ] || pre_checks "$main_domain" || return 1
if echo $keylength | grep -q "^ec-"; then
domain_dir="$STATE_DIR/${main_domain}_ecc"
else
domain_dir="$STATE_DIR/${main_domain}"
fi
log "Running ACME for $main_domain" log "Running ACME for $main_domain"
handle_credentials() { handle_credentials() {
@@ -217,10 +227,10 @@ issue_cert()
} }
config_list_foreach "$section" credentials handle_credentials config_list_foreach "$section" credentials handle_credentials
if [ -e "$STATE_DIR/$main_domain" ]; then if [ -e "$domain_dir" ]; then
if [ "$use_staging" -eq "0" ] && is_staging "$main_domain"; then if [ "$use_staging" -eq "0" ] && is_staging "$main_domain" "$domain_dir"; then
log "Found previous cert issued using staging server. Moving it out of the way." log "Found previous cert issued using staging server. Moving it out of the way."
mv "$STATE_DIR/$main_domain" "$STATE_DIR/$main_domain.staging" mv "$domain_dir" "${domain_dir}.staging"
moved_staging=1 moved_staging=1
else else
log "Found previous cert config. Issuing renew." log "Found previous cert config. Issuing renew."
@@ -253,26 +263,26 @@ issue_cert()
fi fi
if ! run_acme --home "$STATE_DIR" --issue $acme_args; then if ! run_acme --home "$STATE_DIR" --issue $acme_args; then
failed_dir="$STATE_DIR/${main_domain}.failed-$(date +%s)" failed_dir="${domain_dir}.failed-$(date +%s)"
err "Issuing cert for $main_domain failed. Moving state to $failed_dir" err "Issuing cert for $main_domain failed. Moving state to $failed_dir"
[ -d "$STATE_DIR/$main_domain" ] && mv "$STATE_DIR/$main_domain" "$failed_dir" [ -d "$domain_dir" ] && mv "$domain_dir" "$failed_dir"
if [ "$moved_staging" -eq "1" ]; then if [ "$moved_staging" -eq "1" ]; then
err "Restoring staging certificate" err "Restoring staging certificate"
mv "$STATE_DIR/${main_domain}.staging" "$STATE_DIR/${main_domain}" mv "${domain_dir}.staging" "${domain_dir}"
fi fi
post_checks post_checks
return 1 return 1
fi fi
if [ -e /etc/init.d/uhttpd ] && [ "$update_uhttpd" -eq "1" ]; then if [ -e /etc/init.d/uhttpd ] && [ "$update_uhttpd" -eq "1" ]; then
uci set uhttpd.main.key="$STATE_DIR/${main_domain}/${main_domain}.key" uci set uhttpd.main.key="${domain_dir}/${main_domain}.key"
uci set uhttpd.main.cert="$STATE_DIR/${main_domain}/fullchain.cer" uci set uhttpd.main.cert="${domain_dir}/fullchain.cer"
# commit and reload is in post_checks # commit and reload is in post_checks
fi fi
if [ -e /etc/init.d/nginx ] && [ "$update_nginx" -eq "1" ]; then if [ -e /etc/init.d/nginx ] && [ "$update_nginx" -eq "1" ]; then
sed -i "s#ssl_certificate\ .*#ssl_certificate $STATE_DIR/${main_domain}/fullchain.cer;#g" /etc/nginx/nginx.conf sed -i "s#ssl_certificate\ .*#ssl_certificate ${domain_dir}/fullchain.cer;#g" /etc/nginx/nginx.conf
sed -i "s#ssl_certificate_key\ .*#ssl_certificate_key $STATE_DIR/${main_domain}/${main_domain}.key;#g" /etc/nginx/nginx.conf sed -i "s#ssl_certificate_key\ .*#ssl_certificate_key ${domain_dir}/${main_domain}.key;#g" /etc/nginx/nginx.conf
# commit and reload is in post_checks # commit and reload is in post_checks
fi fi