uacme: use acme-common and make it able to use acme.sh dns apis

net/acme-acmesh/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=acme-acmesh
 PKG_VERSION:=3.1.2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/acmesh-official/acme.sh/tar.gz/$(PKG_VERSION)?
@@ -51,7 +51,7 @@ endef
 define Package/acme-acmesh-dnsapi
   SECTION:=net
   CATEGORY:=Network
-  DEPENDS:=+acme-acmesh
+  DEPENDS:=+acme
   TITLE:=DNS API integration for ACME (Letsencrypt) client
   PKGARCH:=all
 endef

net/acme-common/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=acme-common
-PKG_VERSION:=1.5.1
+PKG_VERSION:=1.5.2
 
 PKG_MAINTAINER:=Toke Høiland-Jørgensen <toke@toke.dk>
 PKG_LICENSE:=GPL-3.0-only

net/acme-common/files/acme.uci-defaults

@@ -36,17 +36,41 @@ handle_cert() {
 	local standalone=$(uci_get acme "$section" standalone)
 	[ -n "$standalone" ] && uci_remove acme "$section" standalone
 	local dns=$(uci_get acme "$section" dns)
+	local tls=$(uci_get acme "$section" tls)
 	local validation_method=$(uci_get acme "$section" validation_method)
 	if [ -z "$validation_method" ]; then
 		if [ -n "$dns" ]; then
 			validation_method="dns"
 		elif [ "$standalone" = 1 ]; then
 			validation_method="standalone"
+		elif [ "$tls" = 1 ]; then
+			validation_method="alpn"
 		else
 			validation_method="webroot"
 		fi
 		uci_set acme "$section" validation_method "$validation_method"
 	fi
+
+	#uacme migration
+	local ACME_URL=$(uci_get acme "$section" acme_uri)
+	local ACME_SERVER=$(uci_get acme "$section" acme_server)
+
+	if [ -n "$ACME_URL" ]; then
+		if [ -n "$ACME_SERVER" ]; then
+			if [ "$ACME_URL" = "$ACME_SERVER" ]; then
+				uci_remove acme "$section" acme_uri
+			else
+				log warn "Both acme_uri and acme_server set in $section, need manual cleanup. client will use acme_server in current state"
+			fi
+		else
+			uci_set acme "$section" acme_server "$ACME_URL"
+			uci_remove acme "$section" acme_uri
+		fi
+	fi
+	local ACME_STAGING_URL=$(uci_get acme "$section" acme_staging_url)
+	if [ -n "$ACME_STAGING_URL" ]; then
+		uci_remove acme "$section" acme_staging_url
+	fi
 }
 
 config_load acme

net/acme/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=acme
-PKG_VERSION:=4.0.0
+PKG_VERSION:=4.0.1
 
 PKG_MAINTAINER:=Toke Høiland-Jørgensen <toke@toke.dk>
 PKG_LICENSE:=GPL-3.0-only
@@ -19,13 +19,13 @@ include $(INCLUDE_DIR)/package.mk
 define Package/acme
   SECTION:=net
   CATEGORY:=Network
-  DEPENDS:=+acme-acmesh
-  TITLE:=Shorthand package for acme-acmesh
+  DEPENDS:=+!PACKAGE_uacme:acme-acmesh
+  TITLE:=Virtual package for any acme clients, default to acme-acmesh
   PKGARCH:=all
 endef
 
 define Package/acme/description
-Shorthand package for acme-acmesh.
+Shorthand package for proper acme backend, default to acme.sh and support uacme
 endef
 
 define Package/acme/install

net/uacme/Makefile

@@ -8,18 +8,18 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=uacme
-PKG_VERSION:=1.7.6
+PKG_VERSION:=1.8.1
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/ndilieto/uacme/tar.gz/upstream/$(PKG_VERSION)?
-PKG_HASH:=d11a86ac2a0dbf285de27dff4193c65f7f3736da3d0480049af50d305940e0d6
+PKG_HASH:=de7588577f8298dcb0d42dfaa9452a918fa692c4e165060207ac22f72fb0425d
 
 PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_LICENSE_FILES:=COPYING
 
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-upstream-$(PKG_VERSION)
+PKG_BUILD_DIR:=$(BUILD_DIR)/uacme-upstream-$(PKG_VERSION)
 PKG_INSTALL:=1
 PKG_BUILD_PARALLEL:=1
 
@@ -46,7 +46,7 @@ define Package/uacme
   $(call Package/uacme/Default)
   SECTION:=net
   CATEGORY:=Network
-  DEPENDS:=+libcurl +LIBCURL_WOLFSSL:libmbedtls
+  DEPENDS:=+libcurl +LIBCURL_WOLFSSL:libmbedtls +acme-common
   TITLE:=lightweight client for ACMEv2
   Menu:=1
 endef
@@ -58,6 +58,12 @@ define Package/uacme-ualpn
   URL:=https://github.com/ndilieto/uacme
 endef
 
+define Package/uacme-dnsapi-adapter
+  $(call Package/uacme/Default)
+  DEPENDS:= +uacme +acme-acmesh-dnsapi +curl
+  TITLE:=adapter script for use acme.sh dnsapi with uacme
+endef
+
 define Package/uacme/Default/description
   lightweight client for the RFC8555 ACMEv2 protocol, written in plain C code
   with minimal dependencies (libcurl and one of GnuTLS, OpenSSL or mbedTLS).
@@ -100,31 +106,33 @@ define Package/uacme/install
 	$(INSTALL_DIR) \
 	 $(1)/usr/sbin \
 	 $(1)/etc/acme \
-	 $(1)/etc/config \
-	 $(1)/etc/init.d \
-	 $(1)/usr/share/uacme
+	 $(1)/usr/share/uacme \
+	 $(1)/usr/lib/acme/client
 
+	$(INSTALL_BIN) ./files/hook.sh $(1)/usr/lib/acme/hook
+	$(INSTALL_BIN) ./files/httpchalhook.sh $(1)/usr/lib/acme/client/httpchalhook.sh
+	$(INSTALL_BIN) ./files/dns_persist.sh $(1)/usr/lib/acme/client/dns_persist.sh
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/uacme $(1)/usr/sbin/uacme
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/share/uacme/uacme.sh $(1)/usr/share/uacme/
-	$(SED) '/^CHALLENGE_PATH=/d' $(1)/usr/share/uacme/uacme.sh
-	$(INSTALL_CONF) ./files/acme.config $(1)/etc/config/acme
-	$(INSTALL_BIN) ./files/run.sh $(1)/usr/share/uacme/run-uacme
-	$(INSTALL_BIN) ./files/acme.init $(1)/etc/init.d/acme
 endef
 
 define Package/uacme-ualpn/install
 	$(INSTALL_DIR) \
 	 $(1)/usr/sbin \
-	 $(1)/usr/share/uacme
+	 $(1)/usr/share/uacme \
+	 $(1)/usr/lib/acme/client
 
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ualpn $(1)/usr/sbin/ualpn
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/ualpn.sh $(1)/usr/share/uacme/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/ualpn.sh $(1)/usr/lib/acme/client/ualpn.sh
 endef
 
-define Package/uacme/prerm
-#!/bin/sh
-sed -i '/\/etc\/init\.d\/acme start/d' /etc/crontabs/root
+define Package/uacme-dnsapi-adapter/install
+	$(INSTALL_DIR) \
+	 $(1)/usr/lib/acme/client
+
+	$(INSTALL_BIN) ./files/dnschalhook.sh $(1)/usr/lib/acme/client/dnschalhook.sh
+	$(INSTALL_BIN) ./files/dnsapi_helper.sh $(1)/usr/lib/acme/client/dnsapi_helper.sh
 endef
 
 $(eval $(call BuildPackage,uacme))
 $(eval $(call BuildPackage,uacme-ualpn))
+$(eval $(call BuildPackage,uacme-dnsapi-adapter))

net/uacme/files/dns_persist.sh

@@ -0,0 +1,48 @@
+#!/bin/sh
+# Copyright (C) 2019-2024 Nicola Di Lieto <nicola.dilieto@gmail.com>
+#
+# This file is part of uacme.
+#
+# uacme is free software: you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# uacme is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# Part of this is copied from acme.sh
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# noop challange 'solver' for challenge type select
+
+ARGS=5
+E_BADARGS=85
+LOG_TAG=acme-uacme-dns-persist
+
+if test $# -ne "$ARGS"
+then
+    echo "Usage: $(basename "$0") method type ident token auth" 1>&2
+    exit $E_BADARGS
+fi
+
+METHOD=$1
+TYPE=$2
+IDENT=$3
+TOKEN=$4
+AUTH=$5
+
+if [ "$TYPE" != "dns-persist-01" ]; then
+    echo "skipping $TYPE" 1>&2
+    exit 1
+fi
+
+if [ "$METHOD" = "failed" ]; then
+   logger -t "$LOG_TAG" -p "daemon.info" -- "Create TXT record $AUTH at _validation-persist.$IDENT to authorize domain"
+fi
+
+exit 0