acme-acmesh: Provide a 'combined' certificate bundle as well

The haproxy hotplug script creates a 'combined' certificate bundle that
contains both the certificate chain and the private key. However, having a
daemon hotplug script write into CERT_DIR is not great; so let's provide
the bundle as part of the main acme framework, keeping it in $domain_dir
and just linking it into CERT_DIR. That way we can keep CERT_DIR as just a
collection of links for everything, that no consumers should need to write
into.

Also make sure to set the umask correctly so the combined file is not
world-readable (since it contains the private key).

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>

2 files changed, 1 insertions, 11 deletions

diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile
index 179658361..1c0d8fde1 100644
--- a/net/haproxy/Makefile
+++ b/net/haproxy/Makefile
@@ -11,7 +11,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=haproxy
 PKG_VERSION:=2.6.6
-PKG_RELEASE:=103
+PKG_RELEASE:=104
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.haproxy.org/download/2.6/src
@@ -122,8 +122,6 @@ define Package/haproxy/install
 	$(INSTALL_CONF) ./files/haproxy.cfg $(1)/etc/
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/haproxy.init $(1)/etc/init.d/haproxy
-	$(INSTALL_DIR) $(1)/etc/hotplug.d/acme
-	$(INSTALL_DATA) ./files/acme.hotplug $(1)/etc/hotplug.d/acme/00-haproxy
 endef
 
 Package/haproxy-nossl/install = $(Package/haproxy/install)
diff --git a/net/haproxy/files/acme.hotplug b/net/haproxy/files/acme.hotplug
deleted file mode 100644
index 9896bbdee..000000000
--- a/net/haproxy/files/acme.hotplug
+++ /dev/null
@@ -1,8 +0,0 @@
-case $ACTION in
-issued|renewed)
-	cat \
-		"/etc/ssl/acme/$main_domain.fullchain.crt" \
-		"/etc/ssl/acme/$main_domain.key" \
-		>"/etc/ssl/acme/$main_domain.combined.crt"
-	;;
-esac