fix: Restore detection of letsencrypt certificate file changes (#2326)

The `DYNAMIC_FILES` var was quote wrapped, treating all filepaths to create checksums for as a single string that would be ignored instead of processed individually. Removed the quotes, and changed the for loop to an array which accomplishes the same goal. * fix: Prevent unnecessary change detection event `acme.json` change would extract new cert files, which would then be hashed after restarting services and considered a change event, running through the logic again and restarting services once more when that was not required. The checksum entries for those cert files are now replaced with new entries containing updated checksum hashes, after `acme.json` extraction.
2025-07-10 01:15:00 +02:00 · 2021-12-19 11:25:15 +13:00 · 2021-12-19 11:25:15 +13:00 · 6d06149581
commit 6d06149581
parent 6ad9dd3063
4 changed files with 49 additions and 39 deletions
--- a/target/scripts/helper-functions.sh
+++ b/target/scripts/helper-functions.sh
@ -187,9 +187,9 @@ function _extract_certs_from_acme
 }
 export -f _extract_certs_from_acme

-# Remove the `*.` prefix if it exists
+# Remove the `*.` prefix if it exists, else returns the input value
 function _strip_wildcard_prefix {
-  [[ "${1}" == "*."* ]] && echo "${1:2}"
+  [[ "${1}" == "*."* ]] && echo "${1:2}" || echo "${1}"
 }

 # ? --------------------------------------------- Notifications
@ -224,7 +224,8 @@ export -f _notify
 # shellcheck disable=SC2034
 CHKSUM_FILE=/tmp/docker-mailserver-config-chksum

-# Compute checksums of monitored files.
+# Compute checksums of monitored files,
+# returned output is lines of hashed content + filepath pairs.
 function _monitored_files_checksums
 {
  # If a wildcard path pattern (or an empty ENV) would yield an invalid path
@ -232,14 +233,15 @@ function _monitored_files_checksums
  shopt -s nullglob

  # React to any cert changes within the following letsencrypt locations:
-  local DYNAMIC_FILES
-  for FILE in /etc/letsencrypt/live/"${SSL_DOMAIN}"/*.pem \
-              /etc/letsencrypt/live/"${HOSTNAME}"/*.pem   \
-              /etc/letsencrypt/live/"${DOMAINNAME}"/*.pem
-  do
-    DYNAMIC_FILES="${DYNAMIC_FILES} ${FILE}"
-  done
+  local CERT_FILES=(
+    /etc/letsencrypt/live/"${SSL_DOMAIN}"/*.pem
+    /etc/letsencrypt/live/"${HOSTNAME}"/*.pem
+    /etc/letsencrypt/live/"${DOMAINNAME}"/*.pem
+  )

+  # CERT_FILES should expand to separate paths, not a single string;
+  # otherwise fails to generate checksums for these file paths.
+  #shellcheck disable=SC2068
  (
    cd /tmp/docker-mailserver || exit 1
    exec sha512sum 2>/dev/null -- \
@ -248,7 +250,7 @@ function _monitored_files_checksums
      postfix-aliases.cf \
      dovecot-quotas.cf \
      /etc/letsencrypt/acme.json \
-      "${DYNAMIC_FILES}"
+      ${CERT_FILES[@]}
  )
 }
 export -f _monitored_files_checksums