state_dir is actually a hardcoded value in conffiles. Allowing users to
customize it could result in losing certificates after upgrading if they
don't also specify the dir as being preserved. We shouldn't default to
this dangerous behavior.
With the new ACME package, certificates live in the standard location
/etc/ssl/acme, users who need to do certificate customizations should
look for them in that dir instead.
Signed-off-by: Glen Huang <i@glenhuang.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=acme-common
include $(TOPDIR)/rules.mk
PKG_NAME:=acme-common
PKG_MAINTAINER:=Toke Høiland-Jørgensen <toke@toke.dk>
PKG_LICENSE:=GPL-3.0-only
PKG_MAINTAINER:=Toke Høiland-Jørgensen <toke@toke.dk>
PKG_LICENSE:=GPL-3.0-only
endef
define Package/acme-common/install
endef
define Package/acme-common/install
+ $(INSTALL_DIR) $(1)/etc/acme
$(INSTALL_DIR) $(1)/etc/ssl/acme
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/acme.config $(1)/etc/config/acme
$(INSTALL_DIR) $(1)/etc/ssl/acme
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/acme.config $(1)/etc/config/acme
- option state_dir '/etc/acme'
option account_email 'email@example.org'
option debug 0
option account_email 'email@example.org'
option debug 0
#
# Authors: Toke Høiland-Jørgensen <toke@toke.dk>
#
# Authors: Toke Høiland-Jørgensen <toke@toke.dk>
-export state_dir=/etc/acme
-export account_email=
-export debug=0
-export run_dir=/var/run/acme
+run_dir=/var/run/acme
+export challenge_dir=$run_dir/challenge
NFT_HANDLE=
HOOK=/usr/lib/acme/hook
LOG_TAG=acme
NFT_HANDLE=
HOOK=/usr/lib/acme/hook
LOG_TAG=acme
config_get webroot "$section" webroot
export webroot
if [ "$webroot" ]; then
config_get webroot "$section" webroot
export webroot
if [ "$webroot" ]; then
- log warn "Option \"webroot\" is deprecated, please remove it and change your web server's config so it serves ACME challenge requests from $run_dir/challenge."
+ log warn "Option \"webroot\" is deprecated, please remove it and change your web server's config so it serves ACME challenge requests from $challenge_dir."
log err "account_email option is required"
exit 1
fi
log err "account_email option is required"
exit 1
fi
+ export account_email
+
+ config_get state_dir "$section" state_dir
+ if [ "$state_dir" ]; then
+ log warn "Option \"state_dir\" is deprecated, please remove it. Certificates now exist in /etc/ssl/acme."
+ mkdir -p "$state_dir"
+ else
+ state_dir=/etc/acme
+ fi
+ export state_dir
- config_get state_dir "$section" state_dir "$state_dir"
- mkdir -p "$state_dir"
-
- config_get debug "$section" debug "$debug"
+ config_get debug "$section" debug 0
+ export debug
# only look for the first acme section
return 1
# only look for the first acme section
return 1