From 0f03a5a06373a603d1dbeaeffc4b60ff00dfb940 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Fri, 27 Jan 2017 09:31:56 +0100
Subject: [PATCH] security/acme-client: finishing touches for #6

---
 .../src/etc/inc/plugins.inc.d/acmeclient.inc         | 12 ++++--------
 .../opnsense/scripts/OPNsense/AcmeClient/setup.sh    |  3 ---
 .../service/templates/OPNsense/AcmeClient/rc.conf.d  |  1 +
 3 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/security/acme-client/src/etc/inc/plugins.inc.d/acmeclient.inc b/security/acme-client/src/etc/inc/plugins.inc.d/acmeclient.inc
index 4ec83351d..52f93a5f5 100644
--- a/security/acme-client/src/etc/inc/plugins.inc.d/acmeclient.inc
+++ b/security/acme-client/src/etc/inc/plugins.inc.d/acmeclient.inc
@@ -2,7 +2,6 @@
 
 /**
  *    Copyright (C) 2017 Frank Wall
- *
  *    All rights reserved.
  *
  *    Redistribution and use in source and binary forms, with or without
@@ -25,18 +24,14 @@
  *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  *    POSSIBILITY OF SUCH DAMAGE.
- *
  */
 
 function acmeclient_enabled()
 {
     global $config;
 
-    if (isset($config['OPNsense']['AcmeClient']['general']['enabled']) && $config['OPNsense']['AcmeClient']['general']['enabled'] == 1) {
-        return true;
-    }
-
-    return false;
+    return isset($config['OPNsense']['AcmeClient']['settings']['enabled']) &&
+	$config['OPNsense']['AcmeClient']['settings']['enabled'] == 1;
 }
 
 function acmeclient_firewall($fw)
@@ -65,12 +60,13 @@ function acmeclient_services()
 
     $services[] = array(
         'description' => gettext('Let\'s Encrypt client'),
+        'pidfile' => '/var/run/lighttpd-acme-challenge.pid',
         'configd' => array(
             'restart' => array('acme-http-challenge restart'),
             'start' => array('acme-http-challenge start'),
             'stop' => array('acme-http-challenge stop'),
         ),
-        'name' => 'acmeclient',
+        'name' => 'acme',
     );
 
     return $services;
diff --git a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/setup.sh b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/setup.sh
index 0dce05038..8215a8262 100755
--- a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/setup.sh
+++ b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/setup.sh
@@ -8,7 +8,4 @@ for directory in ${ACME_DIRS}; do
     chmod -R 755 ${directory}
 done
 
-# XXX: fix file permissions of rc script (limitation of +TARGETS mechanism)
-chmod 755 /usr/local/etc/rc.d/acme_http_challenge
-
 exit 0
diff --git a/security/acme-client/src/opnsense/service/templates/OPNsense/AcmeClient/rc.conf.d b/security/acme-client/src/opnsense/service/templates/OPNsense/AcmeClient/rc.conf.d
index 7ad7a1f13..2f3a3ce7e 100644
--- a/security/acme-client/src/opnsense/service/templates/OPNsense/AcmeClient/rc.conf.d
+++ b/security/acme-client/src/opnsense/service/templates/OPNsense/AcmeClient/rc.conf.d
@@ -2,6 +2,7 @@
 acme_http_challenge_enable=YES
 acme_http_challenge_conf="/var/etc/lighttpd-acme-challenge.conf"
 acme_http_challenge_pidfile="/var/run/lighttpd-acme-challenge.pid"
+acme_http_challenge_opnsense_bootup_run="/usr/local/opnsense/scripts/OPNsense/AcmeClient/setup.sh"
 {% else %}
 acme_http_challenge_enable=NO
 {% endif %}