uacme: add support for user-provided setup and cleanup scripts

Add possibility for user to provide setup and cleanup scripts for
additional flexibility. Setup-script takes precedence over the built-in
behavior of uacme.

This helps users with more complex use-cases to utilize uacme to update
certificates without adding complexity to the provided run.sh script.

Signed-off-by: Antti Seppälä <a.seppala@gmail.com>

diff --git a/net/uacme/Makefile b/net/uacme/Makefile
index 6734b189a950d8baa56d98caf7359f4d6059fea2..2f0c1f744362bfc75f0b068387c0441b57a9e821 100644 (file)
--- a/net/uacme/Makefile
+++ b/net/uacme/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=uacme
 PKG_VERSION:=1.2.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/ndilieto/uacme/tar.gz/upstream/$(PKG_VERSION)?

diff --git a/net/uacme/files/acme.config b/net/uacme/files/acme.config
index 8846d12e81c98f8f34389e7140dd6deac6c070f5..f79b907192d1432cb055848e090c96bb73cba09e 100644 (file)
--- a/net/uacme/files/acme.config
+++ b/net/uacme/files/acme.config
@@ -11,4 +11,6 @@ config cert 'example'
        option update_nginx 1
        option update_haproxy 1
        option webroot "/www/.well-known/acme-challenge"
+       # option user_setup "path-to-custom-setup.script"
+       # option user_cleanup "path-to-custom-cleanup.script"
        list domains example.org

diff --git a/net/uacme/files/run.sh b/net/uacme/files/run.sh
index 6998e4a2099e27aedf378562b22f1e3bc56c220a..20b4076a29eab310ef5c76416b69d513ffda7f61 100644 (file)
--- a/net/uacme/files/run.sh
+++ b/net/uacme/files/run.sh
@@ -37,6 +37,7 @@ NGINX_WEBSERVER=0
 UPDATE_NGINX=0
 UPDATE_UHTTPD=0
 UPDATE_HAPROXY=0
+USER_CLEANUP=
 
 . /lib/functions.sh
 
@@ -168,6 +169,11 @@ post_checks()
        /etc/init.d/haproxy restart
        log "Restarting haproxy..."
     fi
+
+    if [ -n "$USER_CLEANUP" ] && [ -f "$USER_CLEANUP" ]; then
+       log "Running user-provided cleanup script from $USER_CLEANUP."
+       "$USER_CLEANUP" || return 1
+    fi
 }
 
 err_out()
@@ -207,6 +213,8 @@ issue_cert()
     local failed_dir
     local webroot
     local dns
+    local user_setup
+    local user_cleanup
     local ret
     local staging=
     local HOOK=
@@ -220,10 +228,13 @@ issue_cert()
     config_get keylength "$section" keylength
     config_get webroot "$section" webroot
     config_get dns "$section" dns
+    config_get user_setup "$section" user_setup
+    config_get user_cleanup "$section" user_cleanup
 
     UPDATE_NGINX=$update_nginx
     UPDATE_UHTTPD=$update_uhttpd
     UPDATE_HAPROXY=$update_haproxy
+    USER_CLEANUP=$user_cleanup
 
     [ "$enabled" -eq "1" ] || return
 
@@ -237,7 +248,12 @@ issue_cert()
     set -- $domains
     main_domain=$1
 
-    [ -n "$webroot" ] || [ -n "$dns" ] || pre_checks "$main_domain" || return 1
+    if [ -n "$user_setup" ] && [ -f "$user_setup" ]; then
+       log "Running user-provided setup script from $user_setup."
+       "$user_setup" "$main_domain" || return 1
+    else
+       [ -n "$webroot" ] || [ -n "$dns" ] || pre_checks "$main_domain" || return 1
+    fi
 
     log "Running $APP for $main_domain"