diff --git a/conf/.env.production.sample b/conf/.env.production.sample index 4bd4d52..a3c912e 100644 --- a/conf/.env.production.sample +++ b/conf/.env.production.sample @@ -71,6 +71,10 @@ DB_PORT=5432 SECRET_KEY_BASE=__SECRET_KEY_BASE__ OTP_SECRET=__OTP_SECRET__ +ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=__ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY__ +ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=__ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY__ +ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=__ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT__ + # Web Push # -------- # Generate with `rake mastodon:webpush:generate_vapid_key` (first is the private key, second is the public one) @@ -283,4 +287,4 @@ MAX_VIDEO_SIZE=__MAX_VIDEO_SIZE__ # of MAX_EMOJI_SIZE will be used for MAX_REMOTE_EMOJI_SIZE # Units are in bytes MAX_EMOJI_SIZE=__MAX_EMOJI_SIZE__ -MAX_REMOTE_EMOJI_SIZE=__MAX_REMOTE_EMOJI_SIZE__ +MAX_REMOTE_EMOJI_SIZE=__MAX_REMOTE_EMOJI_SIZE__ \ No newline at end of file diff --git a/scripts/install b/scripts/install index 6499880..41b6d9c 100644 --- a/scripts/install +++ b/scripts/install @@ -50,6 +50,15 @@ ynh_app_setting_set --app="$app" --key=secret_key_base --value="$secret_key_base otp_secret=$(ynh_string_random --length=128) ynh_app_setting_set --app="$app" --key=otp_secret --value="$otp_secret" +active_record_encryption_primary_key=$(ynh_string_random --length=32) +ynh_app_setting_set --app="$app" --key=active_record_encryption_primary_key --value="$active_record_encryption_primary_key" + +active_record_encryption_deterministic_key=$(ynh_string_random --length=32) +ynh_app_setting_set --app="$app" --key=active_record_encryption_deterministic_key --value="$active_record_encryption_deterministic_key" + +active_record_encryption_key_derivation_salt=$(ynh_string_random --length=32) +ynh_app_setting_set --app="$app" --key=active_record_encryption_key_derivation_salt --value="$active_record_encryption_key_derivation_salt" + #================================================= # INSTALL DEPENDENCIES #================================================= @@ -132,7 +141,6 @@ pushd "$install_dir/live" # This export might be removed in yunohost 12 COREPACK_ENABLE_DOWNLOAD_PROMPT=0 yarn install echo "SAFETY_ASSURED=1">> "$config" - ynh_exec_warn_less ynh_exec_as "$app" RAILS_ENV=production COREPACK_ENABLE_DOWNLOAD_PROMPT=0 "$ynh_ruby_load_path" "$ld_preload" bin/bundle exec rails db:encryption:init --quiet ynh_exec_warn_less ynh_exec_as "$app" RAILS_ENV=production COREPACK_ENABLE_DOWNLOAD_PROMPT=0 "$ynh_ruby_load_path" "$ld_preload" bin/bundle exec rails db:migrate --quiet ynh_exec_warn_less ynh_exec_as "$app" RAILS_ENV=production COREPACK_ENABLE_DOWNLOAD_PROMPT=0 "$ynh_ruby_load_path" "$ld_preload" bin/bundle exec rails assets:precompile --quiet # Generate vapid keys diff --git a/scripts/upgrade b/scripts/upgrade index 70bdef5..ebb861a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -41,7 +41,18 @@ fi ynh_remove_extra_repo if ynh_compare_current_package_version --comparison lt --version 2024.05.01~ynh1; then - ynh_exec_warn_less ynh_exec_as "$app" RAILS_ENV=production COREPACK_ENABLE_DOWNLOAD_PROMPT=0 "$ynh_ruby_load_path" "$ld_preload" bin/bundle exec rails db:encryption:init + active_record_encryption_primary_key=$(ynh_string_random --length=32) + ynh_app_setting_set --app="$app" --key=active_record_encryption_primary_key --value="$active_record_encryption_primary_key" + + active_record_encryption_deterministic_key=$(ynh_string_random --length=32) + ynh_app_setting_set --app="$app" --key=active_record_encryption_deterministic_key --value="$active_record_encryption_deterministic_key" + + active_record_encryption_key_derivation_salt=$(ynh_string_random --length=32) + ynh_app_setting_set --app="$app" --key=active_record_encryption_key_derivation_salt --value="$active_record_encryption_key_derivation_salt" + + ynh_add_config --template=".env.production.sample" --destination="$config" + chmod 400 "$config" + chown "$app:$app" "$config" fi #=================================================