From 2732cc2d9807ddd07cff42cead0b7b8e1cc33b0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Mon, 1 Jul 2024 13:51:09 +0200 Subject: [PATCH] Add missing configuration keys --- conf/.env.production.sample | 7 ++++++- scripts/install | 10 +++++++++- scripts/upgrade | 11 +++++++++++ 3 files changed, 26 insertions(+), 2 deletions(-) diff --git a/conf/.env.production.sample b/conf/.env.production.sample index 4bd4d52..ca048d7 100644 --- a/conf/.env.production.sample +++ b/conf/.env.production.sample @@ -246,7 +246,7 @@ LDAP_TLS_NO_VERIFY=true # --------------- # Various ways to customize Mastodon's behavior # --------------- - + # Maximum allowed character count MAX_TOOT_CHARS=__MAX_TOOT_CHARS__ @@ -284,3 +284,8 @@ MAX_VIDEO_SIZE=__MAX_VIDEO_SIZE__ # Units are in bytes MAX_EMOJI_SIZE=__MAX_EMOJI_SIZE__ MAX_REMOTE_EMOJI_SIZE=__MAX_REMOTE_EMOJI_SIZE__ + +# Required by ActiveRecord encryption feature +ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=__DB_DETERMINISTIC_KEY__ +ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=__DB_KEY_DERIVATION_SALT__ +ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=__DB_PRIMARY_KEY__ diff --git a/scripts/install b/scripts/install index 2a13e58..a6dffc5 100644 --- a/scripts/install +++ b/scripts/install @@ -50,6 +50,15 @@ ynh_app_setting_set --app="$app" --key=secret_key_base --value="$secret_key_base otp_secret=$(ynh_string_random --length=128) ynh_app_setting_set --app="$app" --key=otp_secret --value="$otp_secret" +db_deterministic_key=$(ynh_string_random --length=32) +ynh_app_setting_set --app="$app" --key="db_deterministic_key" --value="$db_deterministic_key" + +db_key_derivation_salt=$(ynh_string_random --length=32) +ynh_app_setting_set --app="$app" --key="db_key_derivation_salt" --value="$db_key_derivation_salt" + +db_primary_key=$(ynh_string_random --length=32) +ynh_app_setting_set --app="$app" --key="db_primary_key" --value="$db_primary_key" + #================================================= # INSTALL DEPENDENCIES #================================================= @@ -132,7 +141,6 @@ pushd "$install_dir/live" # This export might be removed in yunohost 12 COREPACK_ENABLE_DOWNLOAD_PROMPT=0 yarn install echo "SAFETY_ASSURED=1">> "$config" - ynh_exec_warn_less ynh_exec_as "$app" RAILS_ENV=production COREPACK_ENABLE_DOWNLOAD_PROMPT=0 "$ynh_ruby_load_path" $ld_preload bin/bundle exec rails db:encryption:init ynh_exec_warn_less ynh_exec_as "$app" RAILS_ENV=production COREPACK_ENABLE_DOWNLOAD_PROMPT=0 "$ynh_ruby_load_path" $ld_preload bin/bundle exec rails db:migrate --quiet ynh_exec_warn_less ynh_exec_as "$app" RAILS_ENV=production COREPACK_ENABLE_DOWNLOAD_PROMPT=0 "$ynh_ruby_load_path" $ld_preload bin/bundle exec rails assets:precompile --quiet # Generate vapid keys diff --git a/scripts/upgrade b/scripts/upgrade index 70bdef5..e4401f7 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -44,6 +44,17 @@ if ynh_compare_current_package_version --comparison lt --version 2024.05.01~ynh1 ynh_exec_warn_less ynh_exec_as "$app" RAILS_ENV=production COREPACK_ENABLE_DOWNLOAD_PROMPT=0 "$ynh_ruby_load_path" "$ld_preload" bin/bundle exec rails db:encryption:init fi +if [[ -z "${db_deterministic_key:-}" ]]; then + db_deterministic_key=$(ynh_string_random --length=32) + ynh_app_setting_set --app="$app" --key="db_deterministic_key" --value="$db_deterministic_key" + + db_key_derivation_salt=$(ynh_string_random --length=32) + ynh_app_setting_set --app="$app" --key="db_key_derivation_salt" --value="$db_key_derivation_salt" + + db_primary_key=$(ynh_string_random --length=32) + ynh_app_setting_set --app="$app" --key="db_primary_key" --value="$db_primary_key" +fi + #================================================= # ADD SWAP IF NEEDED #=================================================