Merge pull request #20059 from hgl/acme

acme: deprecate state_dir

4 files changed, 18 insertions, 12 deletions

diff --git a/net/acme-acmesh/files/hook.sh b/net/acme-acmesh/files/hook.sh
index 4df82643d..149a3e751 100644
--- a/net/acme-acmesh/files/hook.sh
+++ b/net/acme-acmesh/files/hook.sh
@@ -3,7 +3,7 @@ set -u
 ACME=/usr/lib/acme/client/acme.sh
 LOG_TAG=acme-acmesh
 # webroot option deprecated, use the hardcoded value directly in the next major version
-WEBROOT=${webroot:-/var/run/acme/challenge}
+WEBROOT=${webroot:-$challenge_dir}
 NOTIFY=/usr/lib/acme/notify
 
 # shellcheck source=net/acme/files/functions.sh
diff --git a/net/acme-common/Makefile b/net/acme-common/Makefile
index 268df5c68..c8c4a0bb3 100644
--- a/net/acme-common/Makefile
+++ b/net/acme-common/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=acme-common
-PKG_VERSION:=1.0.1
+PKG_VERSION:=1.0.2
 
 PKG_MAINTAINER:=Toke Høiland-Jørgensen <toke@toke.dk>
 PKG_LICENSE:=GPL-3.0-only
@@ -34,6 +34,7 @@ define Package/acme-common/conffiles
 endef
 
 define Package/acme-common/install
+	$(INSTALL_DIR) $(1)/etc/acme
 	$(INSTALL_DIR) $(1)/etc/ssl/acme
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_CONF) ./files/acme.config $(1)/etc/config/acme
diff --git a/net/acme-common/files/acme.config b/net/acme-common/files/acme.config
index d72547a6e..75fd1cf09 100644
--- a/net/acme-common/files/acme.config
+++ b/net/acme-common/files/acme.config
@@ -1,5 +1,4 @@
 config acme
-	option state_dir '/etc/acme'
 	option account_email 'email@example.org'
 	option debug 0
 
diff --git a/net/acme-common/files/acme.sh b/net/acme-common/files/acme.sh
index 582575f89..5a2f7d739 100644
--- a/net/acme-common/files/acme.sh
+++ b/net/acme-common/files/acme.sh
@@ -8,10 +8,8 @@
 #
 # Authors: Toke Høiland-Jørgensen <toke@toke.dk>
 
-export state_dir=/etc/acme
-export account_email=
-export debug=0
-export run_dir=/var/run/acme
+run_dir=/var/run/acme
+export challenge_dir=$run_dir/challenge
 NFT_HANDLE=
 HOOK=/usr/lib/acme/hook
 LOG_TAG=acme
@@ -65,7 +63,7 @@ load_options() {
 	config_get webroot "$section" webroot
 	export webroot
 	if [ "$webroot" ]; then
-		log warn "Option \"webroot\" is deprecated, please remove it and change your web server's config so it serves ACME challenge requests from $run_dir/challenge."
+		log warn "Option \"webroot\" is deprecated, please remove it and change your web server's config so it serves ACME challenge requests from $challenge_dir."
 	fi
 }
 
@@ -107,11 +105,19 @@ load_globals() {
 		log err "account_email option is required"
 		exit 1
 	fi
+	export account_email
+
+	config_get state_dir "$section" state_dir
+	if [ "$state_dir" ]; then
+		log warn "Option \"state_dir\" is deprecated, please remove it. Certificates now exist in /etc/ssl/acme."
+		mkdir -p "$state_dir"
+	else
+		state_dir=/etc/acme
+	fi
+	export state_dir
 
-	config_get state_dir "$section" state_dir "$state_dir"
-	mkdir -p "$state_dir"
-
-	config_get debug "$section" debug "$debug"
+	config_get debug "$section" debug 0
+	export debug
 
 	# only look for the first acme section
 	return 1