acme: fix service_triggers on config change

In the current implementation, the config change trigger is no longer set at boot time. This is because during boot, only the '$CHALLENGE_DIR' is created with the boot function. The 'start_service' is first called by first cron call at midnight. This call is installing the service_triggers reload handling. To fix this, add a new extra_command 'renew' that is responsible to renew the acme. This function is called from cron and the start_service function does the rest. * Create directories * Install service reload trigger form acme config change Fixes: 76f17ab15b (acme-common: Create challenge directory on boot) Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2025-03-21 10:20:21 +01:00 · 2025-03-21 10:20:21 +01:00 · 420210b318
parent ea285eb460
commit 420210b318
2 changed files with 25 additions and 12 deletions
--- a/net/acme-common/files/acme.init
+++ b/net/acme-common/files/acme.init
@ -12,6 +12,8 @@ LOG_TAG=acme
 # shellcheck source=net/acme/files/functions.sh
 . "$IPKG_INSTROOT/usr/lib/acme/functions.sh"

+extra_command "renew" "Start a certificate renew"
+
 cleanup() {
 	log debug "cleaning up"
 	if [ -e $run_dir/lock ]; then
@ -140,6 +142,23 @@ load_globals() {

 start_service() {
 	mkdir -p $run_dir
+	mkdir -p "$CHALLENGE_DIR"
+
+	grep -q '/etc/init.d/acme' /etc/crontabs/root 2>/dev/null || {
+		echo "0 0 * * * /etc/init.d/acme renew" >>/etc/crontabs/root
+	}
+}
+
+service_started() {
+	echo "Certificate renewal enabled via cron. To renew now, run '/etc/init.d/acme renew'."
+}
+
+service_triggers() {
+	procd_add_config_trigger config.change acme \
+		/etc/init.d/acme renew
+}
+
+renew() {
 	exec 200>$run_dir/lock
 	if ! flock -n 200; then
 		log err "Another ACME instance is already running."
@ -153,13 +172,3 @@ start_service() {

 	config_foreach get_cert cert
 }
-
-service_triggers() {
-	procd_add_config_trigger config.change acme \
-		/etc/init.d/acme start
-}
-
-boot() {
-        mkdir -p "$CHALLENGE_DIR"
-        return 0
-}
--- a/net/acme-common/files/acme.uci-defaults
+++ b/net/acme-common/files/acme.uci-defaults
@ -53,5 +53,9 @@ config_load acme
 config_foreach handle_cert cert
 uci_commit

-grep -q '/etc/init.d/acme' /etc/crontabs/root 2>/dev/null && exit 0
-echo "0 0 * * * /etc/init.d/acme start" >>/etc/crontabs/root
+# Migrate '/etc/init.d/acme start' to '/etc/init.d/acme renew'
+grep -q '/etc/init.d/acme start' /etc/crontabs/root 2>/dev/null && {
+	echo "0 0 * * * /etc/init.d/acme renew" >>/etc/crontabs/root
+}
+
+exit 0