acme-acmesh: Don't hard-code certificate directory

The acme-acmesh package hardcoded the certificate path in its hook script.
Now that we export it as a variable we can avoid hard-coding and use the
variable version instead. Also factor out the linking of certificates into
a function so it's not repeated.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>

diff --git a/net/acme-acmesh/files/hook.sh b/net/acme-acmesh/files/hook.sh
index 149a3e751aec28d600cc3491b35da223d31e91fc..4eb3f04faddb3ded34712c736f60aba2134a7678 100644 (file)
--- a/net/acme-acmesh/files/hook.sh
+++ b/net/acme-acmesh/files/hook.sh
@@ -2,8 +2,8 @@
 set -u
 ACME=/usr/lib/acme/client/acme.sh
 LOG_TAG=acme-acmesh
-# webroot option deprecated, use the hardcoded value directly in the next major version
-WEBROOT=${webroot:-$challenge_dir}
+# webroot option deprecated, use the exported value directly in the next major version
+WEBROOT=${webroot:-$CHALLENGE_DIR}
 NOTIFY=/usr/lib/acme/notify
 
 # shellcheck source=net/acme/files/functions.sh
@@ -13,6 +13,28 @@ NOTIFY=/usr/lib/acme/notify
 export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
 export NO_TIMESTAMP=1
 
+link_certs()
+{
+    local main_domain
+    local domain_dir
+    domain_dir="$1"
+    main_domain="$2"
+
+
+    if [ ! -e "$CERT_DIR/$main_domain.crt" ]; then
+               ln -s "$domain_dir/$main_domain.cer" "$CERT_DIR/$main_domain.crt"
+    fi
+    if [ ! -e "$CERT_DIR/$main_domain.key" ]; then
+               ln -s "$domain_dir/$main_domain.key" "$CERT_DIR/$main_domain.key"
+    fi
+    if [ ! -e "$CERT_DIR/$main_domain.fullchain.crt" ]; then
+               ln -s "$domain_dir/fullchain.cer" "$CERT_DIR/$main_domain.fullchain.crt"
+    fi
+    if [ ! -e "$CERT_DIR/$main_domain.chain.crt" ]; then
+               ln -s "$domain_dir/ca.cer" "$CERT_DIR/$main_domain.chain.crt"
+    fi
+}
+
 case $1 in
 get)
        set --
@@ -45,20 +67,7 @@ get)
 
                        case $status in
                        0)
-                               mkdir -p /etc/ssl/acme
-                               if [ ! -e "/etc/ssl/acme/$main_domain.crt" ]; then
-                                       ln -s "$domain_dir/$main_domain.cer" "/etc/ssl/acme/$main_domain.crt"
-                               fi
-                               if [ ! -e "/etc/ssl/acme/$main_domain.key" ]; then
-                                       ln -s "$domain_dir/$main_domain.key" "/etc/ssl/acme/$main_domain.key"
-                               fi
-                               if [ ! -e "/etc/ssl/acme/$main_domain.fullchain.crt" ]; then
-                                       ln -s "$domain_dir/fullchain.cer" "/etc/ssl/acme/$main_domain.fullchain.crt"
-                               fi
-                               if [ ! -e "/etc/ssl/acme/$main_domain.chain.crt" ]; then
-                                       ln -s "$domain_dir/ca.cer" "/etc/ssl/acme/$main_domain.chain.crt"
-                               fi
-
+                                link_certs "$domain_dir" "$main_domain"
                                $NOTIFY renewed
                                exit
                                ;;
@@ -124,10 +133,7 @@ get)
 
        case $status in
        0)
-               ln -s "$domain_dir/$main_domain.cer" "/etc/ssl/acme/$main_domain.crt"
-               ln -s "$domain_dir/$main_domain.key" "/etc/ssl/acme/$main_domain.key"
-               ln -s "$domain_dir/fullchain.cer" "/etc/ssl/acme/$main_domain.fullchain.crt"
-               ln -s "$domain_dir/ca.cer" "/etc/ssl/acme/$main_domain.chain.crt"
+                link_certs "$domain_dir" "$main_domain"
                $NOTIFY issued
                ;;
        *)