From 71aa208b1650f44f7a2a7f16f91f5e9df7b7899f Mon Sep 17 00:00:00 2001 From: Disassembler Date: Thu, 12 Mar 2020 23:18:11 +0100 Subject: [PATCH] Use the default Alpine acme.sh --- APKBUILD | 2 +- usr/lib/python3.6/vmmgr/vmmgr.py | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/APKBUILD b/APKBUILD index a0604f0..bfae666 100644 --- a/APKBUILD +++ b/APKBUILD @@ -7,7 +7,7 @@ pkgdesc="VM and LXC-packages application Manager" url="https://spotter.vm/" arch="noarch" license="GPL" -depends="python3 py3-bcrypt py3-cffi py3-cryptography py3-dnspython py3-jinja2 py3-requests py3-six py3-werkzeug" +depends="acme-sh lxc python3 py3-bcrypt py3-cffi py3-cryptography py3-dnspython py3-jinja2 py3-requests py3-six py3-werkzeug shadow-uidmap" options="!check !strip" build() { diff --git a/usr/lib/python3.6/vmmgr/vmmgr.py b/usr/lib/python3.6/vmmgr/vmmgr.py index 5cec21c..e066b4f 100644 --- a/usr/lib/python3.6/vmmgr/vmmgr.py +++ b/usr/lib/python3.6/vmmgr/vmmgr.py @@ -110,7 +110,7 @@ class VMMgr: certs = [i for i in os.listdir(ACME_DIR) if i not in ('account.conf', 'ca', 'http.header')] for cert in certs: if cert != self.domain: - subprocess.run(['/usr/bin/acme.sh', '--remove', '-d', cert]) + subprocess.run(['/usr/bin/acme.sh', '--home', '/etc/acme.sh.d', '--remove', '-d', cert]) # Compile an acme.sh command for certificate requisition only if the certificate hasn't been requested before if not os.path.exists(os.path.join(ACME_DIR, self.domain)): cmd = ['/usr/bin/acme.sh', '--issue', '-d', self.domain] @@ -123,12 +123,12 @@ class VMMgr: else: # Acme.sh returns code 2 on skipped renew try: - subprocess.run(['/usr/bin/acme.sh', '--renew', '-d', self.domain], check=True) + subprocess.run(['/usr/bin/acme.sh', '--home', '/etc/acme.sh.d', '--renew', '-d', self.domain], check=True) except subprocess.CalledProcessError as e: if e.returncode != 2: raise # Install the issued certificate - subprocess.run(['/usr/bin/acme.sh', '--install-cert', '-d', self.domain, '--key-file', crypto.CERT_KEY_FILE, '--fullchain-file', crypto.CERT_PUB_FILE, '--reloadcmd', '/sbin/service nginx reload'], check=True) + subprocess.run(['/usr/bin/acme.sh', '--home', '/etc/acme.sh.d', '--install-cert', '-d', self.domain, '--key-file', crypto.CERT_KEY_FILE, '--fullchain-file', crypto.CERT_PUB_FILE, '--reloadcmd', '/sbin/service nginx reload'], check=True) # Enable acme.sh cronjob os.chmod(ACME_CRON, 0o750)