From: Florian Eckert <fe@dev.tdt.de>
Date: Fri, 21 Mar 2025 09:20:21 +0000 (+0100)
Subject: acme: fix service_triggers on config change
X-Git-Url: http://git.openwrt.org/%22https:/collectd.org//%22/%22https:/collectd.org/%22?a=commitdiff_plain;h=420210b3184237d60c5b1e81d186fe8d1b05c177;p=feed%2Fpackages.git

acme: fix service_triggers on config change

In the current implementation, the config change trigger is no longer set
at boot time. This is because during boot, only the '$CHALLENGE_DIR' is
created with the boot function. The 'start_service' is first called by first
cron call at midnight. This call is installing the service_triggers reload
handling.

To fix this, add a new extra_command 'renew' that is responsible to renew
the acme. This function is called from cron and the start_service
function does the rest.

* Create directories
* Install service reload trigger form acme config change

Fixes: 76f17ab15b (acme-common: Create challenge directory on boot)

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
---

diff --git a/net/acme-common/files/acme.init b/net/acme-common/files/acme.init
index 4f1a8f4d6d..d577bfaf5d 100644
--- a/net/acme-common/files/acme.init
+++ b/net/acme-common/files/acme.init
@@ -12,6 +12,8 @@ LOG_TAG=acme
 # shellcheck source=net/acme/files/functions.sh
 . "$IPKG_INSTROOT/usr/lib/acme/functions.sh"
 
+extra_command "renew" "Start a certificate renew"
+
 cleanup() {
 	log debug "cleaning up"
 	if [ -e $run_dir/lock ]; then
@@ -140,6 +142,23 @@ load_globals() {
 
 start_service() {
 	mkdir -p $run_dir
+	mkdir -p "$CHALLENGE_DIR"
+
+	grep -q '/etc/init.d/acme' /etc/crontabs/root 2>/dev/null || {
+		echo "0 0 * * * /etc/init.d/acme renew" >>/etc/crontabs/root
+	}
+}
+
+service_started() {
+	echo "Certificate renewal enabled via cron. To renew now, run '/etc/init.d/acme renew'."
+}
+
+service_triggers() {
+	procd_add_config_trigger config.change acme \
+		/etc/init.d/acme renew
+}
+
+renew() {
 	exec 200>$run_dir/lock
 	if ! flock -n 200; then
 		log err "Another ACME instance is already running."
@@ -153,13 +172,3 @@ start_service() {
 
 	config_foreach get_cert cert
 }
-
-service_triggers() {
-	procd_add_config_trigger config.change acme \
-		/etc/init.d/acme start
-}
-
-boot() {
-        mkdir -p "$CHALLENGE_DIR"
-        return 0
-}
diff --git a/net/acme-common/files/acme.uci-defaults b/net/acme-common/files/acme.uci-defaults
index d6c51604a5..bf1bcb10fa 100644
--- a/net/acme-common/files/acme.uci-defaults
+++ b/net/acme-common/files/acme.uci-defaults
@@ -53,5 +53,9 @@ config_load acme
 config_foreach handle_cert cert
 uci_commit
 
-grep -q '/etc/init.d/acme' /etc/crontabs/root 2>/dev/null && exit 0
-echo "0 0 * * * /etc/init.d/acme start" >>/etc/crontabs/root
+# Migrate '/etc/init.d/acme start' to '/etc/init.d/acme renew'
+grep -q '/etc/init.d/acme start' /etc/crontabs/root 2>/dev/null && {
+	echo "0 0 * * * /etc/init.d/acme renew" >>/etc/crontabs/root
+}
+
+exit 0