From f4caa52750f778b05ede0cbb0e58e3f115ee1ff1 Mon Sep 17 00:00:00 2001
From: Joachim Desroches <joachim.desroches@epfl.ch>
Date: Tue, 16 Mar 2021 13:03:25 +0100
Subject: [PATCH] Cleanup renew.sh.sh so the output is more elegant.

---
 type/__uacme_obtain/files/renew.sh.sh | 56 +++++++++++++++++----------
 1 file changed, 36 insertions(+), 20 deletions(-)

diff --git a/type/__uacme_obtain/files/renew.sh.sh b/type/__uacme_obtain/files/renew.sh.sh
index e3e041c..18bf061 100755
--- a/type/__uacme_obtain/files/renew.sh.sh
+++ b/type/__uacme_obtain/files/renew.sh.sh
@@ -3,34 +3,50 @@
 cat << EOF
 #!/bin/sh
 
-CERT_SOURCE=$CONFDIR/$MAIN_DOMAIN/cert.pem
-KEY_SOURCE=$CONFDIR/private/$MAIN_DOMAIN/key.pem
-
-export UACME_CHALLENGE_PATH=$CHALLENGEDIR
+UACME_CHALLENGE_PATH=${CHALLENGEDIR:?}
+export UACME_CHALLENGE_PATH
 
 # Issue certificate.
-uacme issue -c $CONFDIR -h $HOOKSCRIPT $DISABLE_OCSP $MUST_STABLE $KEYTYPE \
-$DOMAIN
-if [ $? -eq 2 ]; then
-	# Note: exit code 0 means that certificate was issued.
-	# Note: exit code 1 means that certificate was still valid, hence not renewed.
-	# Note: exit code 2 means that something went wrong.
+uacme -c ${CONFDIR:?} -h ${HOOKSCRIPT:?} ${DISABLE_OCSP?} ${MUST_STAPLE?} ${KEYTYPE?} \\
+	issue -- ${DOMAIN:?}
+
+# Note: exit code 0 means that certificate was issued.
+# Note: exit code 1 means that certificate was still valid, hence not renewed.
+# Note: exit code 2 means that something went wrong.
+status=\$?
+
+# All is well: we can stop now.
+if [ \$status -eq 1 ];
+then
+	exit 0
+fi
+
+# An error occured.
+if [ \$status -eq 2 ]; then
 	echo "Failed to renew certificate - exiting." >&2
 	exit 1
 fi
+EOF
 
 # Re-deploy, if needed.
-if [ -n "$KEY_TARGET" ] && [ -n "$CERT_TARGET" ]; then
-	set -e
+if [ -n "${KEY_TARGET?}" ] && [ -n "${CERT_TARGET?}" ];
+then
+cat << EOF
 
-	mkdir -p $(dirname "$CERT_TARGET") $(dirname "$KEY_TARGET")
-	
-	if ! cmp \$CERT_SOURCE $CERT_TARGET >/dev/null 2>&1; then
-		install -m 0640 \$KEY_SOURCE $KEY_TARGET
-		install -m 0644 \$CERT_SOURCE $CERT_TARGET
-		chown $OWNER $KEY_TARGET $CERT_TARGET
+# Deploy newly issued certificate.
+set -e
 
-		$RENEW_HOOK
-	fi
+CERT_SOURCE=${CONFDIR:?}/${MAIN_DOMAIN:?}/cert.pem
+KEY_SOURCE=${CONFDIR:?}/private/${MAIN_DOMAIN:?}/key.pem
+
+mkdir -p -- $(dirname "${CERT_TARGET?}") $(dirname "${KEY_TARGET?}")
+
+if ! cmp \${CERT_SOURCE:?} ${CERT_TARGET?} >/dev/null 2>&1; then
+	install -m 0640 \${KEY_SOURCE:?} ${KEY_TARGET?}
+	install -m 0644 \${CERT_SOURCE:?} ${CERT_TARGET?}
+	chown ${OWNER?} ${KEY_TARGET?} ${CERT_TARGET?}
+
+	${RENEW_HOOK?}
 fi
 EOF
+fi