lacme: allow direct use challenge-directory .well-known/acme-challenge

author: Benjamin Tietz <bt@bahntechnik.de> 2020-09-23 17:22:32 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2021-02-14 15:47:53 +0100
commit: 9dfb2cde7baf686113e49266c28940c8a564c1ca (patch)
tree: 35c0ab9b2b01b49a42758065cebd4980eeed9eee /lacme
parent: 1005c094839b76dffde6a10138af978cb8d83375 (diff)
1 files changed, 22 insertions, 4 deletions
diff --git a/lacme b/lacme
index 7f3d65d..d7ae8ce 100755
--- a/lacme
+++ b/lacme
@@ -28,6 +28,7 @@ my $NAME = 'lacme';
 use Errno 'EINTR';
 use Fcntl qw/F_GETFD F_SETFD FD_CLOEXEC SEEK_SET/;
 use File::Temp ();
+use File::Path 'remove_tree';
 use Getopt::Long qw/:config posix_default no_ignore_case gnu_getopt auto_version/;
 use List::Util 'first';
 use POSIX ();
@@ -104,6 +105,7 @@ do {
         webserver => {
             listen                => '@@runstatedir@@/lacme-www.socket',
             'challenge-directory' => undef,
+            'hard-copy-challenge-directory' => 'No',
             user                  => '@@lacme_www_user@@',
             group                 => '@@lacme_www_group@@',
             command               => '@@libexecdir@@/lacme/webserver',
@@ -289,10 +291,26 @@ sub spawn_webserver() {
     # serve ACME challenge reponses).
     if (defined (my $dir = $conf->{'challenge-directory'})) {
         print STDERR "[$$] Using existing webserver on $dir\n" if $OPTS{debug};
-        symlink $tmpdir, $dir or die "Can't symlink $dir -> $tmpdir: $!";
-        push @CLEANUP, sub() {
-            print STDERR "Unlinking $dir\n" if $OPTS{debug};
-            unlink $dir or warn "Warning: Can't unlink $dir: $!";
+        if (lc ($conf->{'hard-copy-challenge-directory'} // 'No') eq 'yes') {
+            mkdir $dir or die "Can't create directory $dir: $!";
+            $tmpdir = $dir;
+            push @CLEANUP, sub() {
+                my $error = undef;
+                remove_tree($dir, { safe => 1, error => \$error });
+                if ($error && @$error) {
+                    foreach my $e (@$error) {
+                        my ($file, $message) = %$e;
+                        my $msghead = $file?"Error removing $file in":"Error while removing";
+                        warn "$msghead challenge dir $dir: $message\n";
+                    }
+                }
+            }
+        } else {
+            symlink $tmpdir, $dir or die "Can't symlink $dir -> $tmpdir: $!";
+            push @CLEANUP, sub() {
+                print STDERR "Unlinking $dir\n" if $OPTS{debug};
+                unlink $dir or warn "Warning: Can't unlink $dir: $!";
+            }
         }
     }
     elsif (!@sockaddr) {
author	Benjamin Tietz <bt@bahntechnik.de>	2020-09-23 17:22:32 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2021-02-14 15:47:53 +0100
commit	9dfb2cde7baf686113e49266c28940c8a564c1ca (patch)
tree	35c0ab9b2b01b49a42758065cebd4980eeed9eee /lacme
parent	1005c094839b76dffde6a10138af978cb8d83375 (diff)