# HG changeset patch # User Franz Glasner # Date 1677185814 -3600 # Node ID 8b1740deedbb498e0358f426e5917defb1290aa4 # Parent 015a9d7e3d554689a49c59e678499cb213b04ff4 Refactor: Renamed the weekly 800.local-certbot-post-deploy to a daily 720.local-triggered-action. This is because the script is generic enough to not only work for certbot (ACME, Let's Encrypt) related deploy actions. diff -r 015a9d7e3d55 -r 8b1740deedbb Makefile --- a/Makefile Thu Feb 23 09:28:34 2023 +0100 +++ b/Makefile Thu Feb 23 21:56:54 2023 +0100 @@ -52,8 +52,7 @@ ${SED} -i "" -e "s|@@SIMPLEVERSIONSTR@@|${SIMPLEVERSIONSTR}|" ${WRKSRC}/${_rp} .endfor ${MKDIR} ${WRKSRC}/etc/periodic/daily - ${MKDIR} ${WRKSRC}/etc/periodic/weekly -.for _ef in etc/package-mapping.conf.sample etc/pkgtools.conf.sample etc/bsmtp2dma.conf.sample etc/periodic/daily/800.local-ipv6-refresh etc/periodic/daily/750.local-trim-zfs etc/periodic/weekly/800.local-certbot-post-deploy +.for _ef in etc/package-mapping.conf.sample etc/pkgtools.conf.sample etc/bsmtp2dma.conf.sample etc/periodic/daily/800.local-ipv6-refresh etc/periodic/daily/750.local-trim-zfs etc/periodic/daily/720.local-triggered-action ${CP} -v ${SRC}/${_ef} ${WRKSRC}/${_ef} ${SED} -i "" -e "s|@@SIMPLEVERSIONTAG@@|${SIMPLEVERSIONTAG}|" ${WRKSRC}/${_ef} .endfor @@ -81,13 +80,9 @@ ${INSTALL_DATA} ${WRKSRC}/etc/${_ef} ${STAGEDIR}${ETCDIR}/${_ef} .endfor ${MKDIR} ${STAGEDIR}${PREFIX}/etc/periodic/daily -.for _ps in 800.local-ipv6-refresh 750.local-trim-zfs +.for _ps in 800.local-ipv6-refresh 750.local-trim-zfs 720.local-triggered-action ${INSTALL_SCRIPT} ${WRKSRC}/etc/periodic/daily/${_ps} ${STAGEDIR}${PREFIX}/etc/periodic/daily .endfor - ${MKDIR} ${STAGEDIR}${PREFIX}/etc/periodic/weekly -.for _ps in 800.local-certbot-post-deploy - ${INSTALL_SCRIPT} ${WRKSRC}/etc/periodic/weekly/${_ps} ${STAGEDIR}${PREFIX}/etc/periodic/weekly -.endfor post-install-DOCS-on: .for _mp in ${MANPAGES8:R} diff -r 015a9d7e3d55 -r 8b1740deedbb docs/man/man8/local-bsdtools.rst --- a/docs/man/man8/local-bsdtools.rst Thu Feb 23 09:28:34 2023 +0100 +++ b/docs/man/man8/local-bsdtools.rst Thu Feb 23 21:56:54 2023 +0100 @@ -23,11 +23,8 @@ - trim ZFS pools - update the IPv6 neighbour cache - -The package contains also a set of weekly periodic scripts to - -- handle certbot post deploy actions - +- handle (file-)triggered actions (e.g. to indirectly handle certbot + deploy actions) All the periodic scripts are disabled by default. diff -r 015a9d7e3d55 -r 8b1740deedbb etc/periodic/daily/720.local-triggered-action --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/etc/periodic/daily/720.local-triggered-action Thu Feb 23 21:56:54 2023 +0100 @@ -0,0 +1,83 @@ +#!/bin/sh +# -*- indent-tabs-mode: nil; -*- +# +# @(#)@@SIMPLEVERSIONTAG@@ +# +# Weekly script to handle actions triggered by newly existing files. +# This is e.g. convenient to notify a running daemon to reload because +# of renewed certificates. +# + +# If there is a global system configuration file, suck it in. +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +: ${daily_local_triggered_action_enable:=NO} +: ${daily_local_triggered_action_files:=} +# e.g. "service nginx onestatus" +: ${daily_local_triggered_action_condition:=} +# e.g. "service nginx reload" +: ${daily_local_triggered_action_action:=} +: ${daily_local_triggered_action_files_remove:=YES} + +case "${daily_local_triggered_action_enable}" in + [Yy][Ee][Ss]) + echo + echo "Testing for newly renewed Let's Encrypt certificates" + + rc=0 + + _do_action="" + _remove_files="" + + for _f in ${daily_local_triggered_action_files}; do + if [ -r "${_f}" ]; then + _do_action="yes" + case "${daily_local_triggered_action_files_remove}" in + [Yy][Ee][Ss]) + _remove_files="${_remove_files} ${_f}" + ;; + esac + fi + done + + if [ "${_do_action}" = "yes" ]; then + if [ -z "${daily_local_triggered_action_action}" ]; then + echo "ERROR: no deploy action defined" 1>&2 + exit 2 + fi + + echo "Deploying newly renewed Let's Encrypt certificates" + if [ -n "${daily_local_triggered_action_condition}" ]; then + if ${daily_local_triggered_action_condition} ; then + ${daily_local_triggered_action_action} + rc=$? + else + rc=1 + fi + else + ${daily_local_triggered_action_action} + rc=$? + fi + + # Remove trigger files if configured to do so + if [ ${rc} -eq 0 ]; then + echo "Removing trigger files..." + for _rf in ${_remove_files}; do + rm -fv "${_rf}" + done + fi + else + echo "No newly renewed Let's Encrypt certificates found" + fi + ;; + + *) + rc=0 + ;; +esac + +exit ${rc} diff -r 015a9d7e3d55 -r 8b1740deedbb etc/periodic/weekly/800.local-certbot-post-deploy --- a/etc/periodic/weekly/800.local-certbot-post-deploy Thu Feb 23 09:28:34 2023 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,84 +0,0 @@ -#!/bin/sh -# -*- indent-tabs-mode: nil; -*- -# -# @(#)@@SIMPLEVERSIONTAG@@ -# -# Weekly script to indirectly trigger post deploy actions -# -# Must be executed **after** 500.certbot. -# Otherwise an extra week of delay is encountered. -# - -# If there is a global system configuration file, suck it in. -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi - -: ${weekly_local_certbot_post_deploy_enable:=NO} -: ${weekly_local_certbot_post_deploy_files:=} -# e.g. "service nginx onestatus" -: ${weekly_local_certbot_post_deploy_condition:=} -# e.g. "service nginx reload" -: ${weekly_local_certbot_post_deploy_action:=} -: ${weekly_local_certbot_post_deploy_files_remove:=YES} - -case "${weekly_local_certbot_post_deploy_enable}" in - [Yy][Ee][Ss]) - echo - echo "Testing for newly renewed Let's Encrypt certificates" - - rc=0 - - _do_action="" - _remove_files="" - - for _f in ${weekly_local_certbot_post_deploy_files}; do - if [ -r "${_f}" ]; then - _do_action="yes" - case "${weekly_local_certbot_post_deploy_files_remove}" in - [Yy][Ee][Ss]) - _remove_files="${_remove_files} ${_f}" - ;; - esac - fi - done - - if [ "${_do_action}" = "yes" ]; then - if [ -z "${weekly_local_certbot_post_deploy_action}" ]; then - echo "ERROR: no deploy action defined" 1>&2 - exit 2 - fi - - echo "Deploying newly renewed Let's Encrypt certificates" - if [ -n "${weekly_local_certbot_post_deploy_condition}" ]; then - if ${weekly_local_certbot_post_deploy_condition} ; then - ${weekly_local_certbot_post_deploy_action} - rc=$? - else - rc=1 - fi - else - ${weekly_local_certbot_post_deploy_action} - rc=$? - fi - - # Remove trigger files if configured to do so - if [ ${rc} -eq 0 ]; then - echo "Removing trigger files..." - for _rf in ${_remove_files}; do - rm -fv "${_rf}" - done - fi - else - echo "No newly renewed Let's Encrypt certificates found" - fi - ;; - - *) - rc=0 - ;; -esac - -exit ${rc} diff -r 015a9d7e3d55 -r 8b1740deedbb pkg-plist --- a/pkg-plist Thu Feb 23 09:28:34 2023 +0100 +++ b/pkg-plist Thu Feb 23 21:56:54 2023 +0100 @@ -1,7 +1,7 @@ @comment FILES +etc/periodic/daily/720.local-triggered-action etc/periodic/daily/750.local-trim-zfs etc/periodic/daily/800.local-ipv6-refresh -etc/periodic/weekly/800.local-certbot-post-deploy sbin/bsmtp2dma sbin/check-ports sbin/fjail