diff options
| author | yalh76 <yalh@yahoo.com> | 2019-03-23 02:58:59 +0100 |
|---|---|---|
| committer | yalh76 <yalh@yahoo.com> | 2019-03-23 02:58:59 +0100 |
| commit | d1a1e67008d0838257528344d56b285ad7a39f34 (patch) | |
| tree | 8756e9dddda32f92977de63513a99889b248f375 | |
| parent | 652d6f6c67c200fc22bf03efed0174ebc4f38d29 (diff) | |
| download | mastodon_ynh-d1a1e67008d0838257528344d56b285ad7a39f34.tar.gz mastodon_ynh-d1a1e67008d0838257528344d56b285ad7a39f34.tar.bz2 mastodon_ynh-d1a1e67008d0838257528344d56b285ad7a39f34.zip | |
fix key for upgrade
| -rw-r--r-- | conf/.env.production.sample | 21 | ||||
| -rw-r--r-- | scripts/install | 17 | ||||
| -rw-r--r-- | scripts/upgrade | 27 |
3 files changed, 49 insertions, 16 deletions
diff --git a/conf/.env.production.sample b/conf/.env.production.sample index 68249e1..6606352 100644 --- a/conf/.env.production.sample +++ b/conf/.env.production.sample @@ -36,6 +36,17 @@ LOCAL_DOMAIN=__DOMAIN__ SECRET_KEY_BASE=__SECRET_KEY_BASE__ OTP_SECRET=__OTP_SECRET__ +# VAPID keys (used for push notifications +# You can generate the keys using the following command (first is the private key, second is the public one) +# You should only generate this once per instance. If you later decide to change it, all push subscription will +# be invalidated, requiring the users to access the website again to resubscribe. +# +# Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose) +# +# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html +VAPID_PRIVATE_KEY=__VAPID_PRIVATE_KEY__ +VAPID_PUBLIC_KEY=__VAPID_PUBLIC_KEY__ + # Registrations # Single user mode will disable registrations and redirect frontpage to the first profile # SINGLE_USER_MODE=true @@ -219,13 +230,3 @@ LDAP_UID=uid # http_proxy=http://gateway.local:8118 # Access control for hidden service. # ALLOW_ACCESS_TO_HIDDEN_SERVICE=true - - -# VAPID keys (used for push notifications -# You can generate the keys using the following command (first is the private key, second is the public one) -# You should only generate this once per instance. If you later decide to change it, all push subscription will -# be invalidated, requiring the users to access the website again to resubscribe. -# -# Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose) -# -# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html diff --git a/scripts/install b/scripts/install index bc2229c..2d43ce7 100644 --- a/scripts/install +++ b/scripts/install @@ -181,8 +181,8 @@ ynh_replace_string "__OTP_SECRET__" "$otp_secret" "$final_path/live/.env.product ynh_app_setting_set "$app" otp_secret "$otp_secret" ldap_user="${app}ldap" -ldap_password=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) -yunohost user create username -f $ldap_user -l $ldap_user -m $app@$domain -p $ldap_password -q 0 +ldap_password=$(head -n32 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c32) +yunohost user create $ldap_user -f $ldap_user -l $ldap_user -m $app@$domain -p $ldap_password -q 0 ynh_replace_string "__LDAP_USER__" "$ldap_user" "${final_path}/live/.env.production" ynh_replace_string "__LDAP_PASSWORD__" "$ldap_password" "${final_path}/live/.env.production" ynh_app_setting_set "$app" ldap_user "$ldap_user" @@ -202,13 +202,24 @@ pushd "$final_path/live" sudo -u "$app" echo "SAFETY_ASSURED=1">> .env.production sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rails db:migrate --quiet sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rails assets:precompile --quiet - sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rake mastodon:webpush:generate_vapid_key >> "${final_path}/live/.env.production" + sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt sudo -u "$app" env PATH=$PATH RAILS_ENV=production bin/tootctl accounts create "$admin" --email="$admin_mail" --confirmed --role=admin > acc.txt popd admin_pass=$( tail -1 $final_path/live/acc.txt | head -1 | cut -c 15- ) ynh_secure_remove "$final_path/live/acc.txt" +vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K\w+" "$final_path/live/key.txt") +vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K\w+" "$final_path/live/key.txt") + +ynh_replace_string "__VAPID_PRIVATE_KEY__" "$vapid_private_key" "${final_path}/live/.env.production" +ynh_replace_string "__VAPID_PUBLIC_KEY__" "$vapid_public_key" "${final_path}/live/.env.production" + +ynh_app_setting_set "$app" vapid_private_key "$vapid_private_key" +ynh_app_setting_set "$app" vapid_public_key "$vapid_public_key" + +ynh_secure_remove "$final_path/live/key.txt" + #================================================= # SETUP CRON JOB FOR REMOVING CACHE #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index fbe9ec7..c906570 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -36,6 +36,8 @@ secret_key_base=$(ynh_app_setting_get "$app" secret_key_base) otp_secret=$(ynh_app_setting_get "$app" otp_secret) ldap_user=$(ynh_app_setting_get "$app" ldap_user) ldap_password=$(ynh_app_setting_get "$app" ldap_password) +vapid_private_key=$(ynh_app_setting_get "$app" vapid_private_key) +vapid_public_key=$(ynh_app_setting_get "$app" vapid_public_key) #================================================= # ENSURE DOWNWARD COMPATIBILITY @@ -71,19 +73,28 @@ fi # If paperclip_secret doesn't exist, retrieve it or create it if [[ -z "$paperclip_secret" ]]; then - paperclip_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) + paperclip_secret=$(grep -oP "PAPERCLIP_SECRET=\K\w+" test) + if [[ -z "$paperclip_secret" ]]; then + paperclip_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) + fi ynh_app_setting_set "$app" paperclip_secret "$paperclip_secret" fi # If secret_key_base doesn't exist, retrieve it or create it if [[ -z "$secret_key_base" ]]; then - secret_key_base=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) + secret_key_base=$(grep -oP "SECRET_KEY_BASE=\K\w+" test) + if [[ -z "$secret_key_base" ]]; then + secret_key_base=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) + fi ynh_app_setting_set "$app" secret_key_base "$secret_key_base" fi # If otp_secret doesn't exist, retrieve it or create it if [[ -z "$otp_secret" ]]; then - otp_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) + otp_secret=$(grep -oP "OTP_SECRET=\K\w+" test) + if [[ -z "$otp_secret" ]]; then + otp_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) + fi ynh_app_setting_set "$app" otp_secret "$otp_secret" fi @@ -234,6 +245,16 @@ pushd "$final_path/live" sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rails db:migrate popd +# If vapid_private_key doesn't exist, retrieve it or create it +if [[ -z "$vapid_private_key" ]]; then + sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt + vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K\w+" "$final_path/live/key.txt") + vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K\w+" "$final_path/live/key.txt") + ynh_app_setting_set "$app" vapid_private_key "$vapid_private_key" + ynh_app_setting_set "$app" vapid_public_key "$vapid_public_key" + ynh_secure_remove "$final_path/live/key.txt" +fi + # Recalculate and store the checksum of the file for the next upgrade. ynh_store_file_checksum "${final_path}/live/.env.production" |