1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/mastodon_ynh.git synced 2024-09-03 19:46:02 +02:00

fix key for upgrade

This commit is contained in:
yalh76 2019-03-23 02:58:59 +01:00
parent 652d6f6c67
commit d1a1e67008
3 changed files with 49 additions and 16 deletions

View file

@ -36,6 +36,17 @@ LOCAL_DOMAIN=__DOMAIN__
SECRET_KEY_BASE=__SECRET_KEY_BASE__
OTP_SECRET=__OTP_SECRET__
# VAPID keys (used for push notifications
# You can generate the keys using the following command (first is the private key, second is the public one)
# You should only generate this once per instance. If you later decide to change it, all push subscription will
# be invalidated, requiring the users to access the website again to resubscribe.
#
# Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)
#
# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
VAPID_PRIVATE_KEY=__VAPID_PRIVATE_KEY__
VAPID_PUBLIC_KEY=__VAPID_PUBLIC_KEY__
# Registrations
# Single user mode will disable registrations and redirect frontpage to the first profile
# SINGLE_USER_MODE=true
@ -219,13 +230,3 @@ LDAP_UID=uid
# http_proxy=http://gateway.local:8118
# Access control for hidden service.
# ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
# VAPID keys (used for push notifications
# You can generate the keys using the following command (first is the private key, second is the public one)
# You should only generate this once per instance. If you later decide to change it, all push subscription will
# be invalidated, requiring the users to access the website again to resubscribe.
#
# Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)
#
# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html

View file

@ -181,8 +181,8 @@ ynh_replace_string "__OTP_SECRET__" "$otp_secret" "$final_path/live/.env.product
ynh_app_setting_set "$app" otp_secret "$otp_secret"
ldap_user="${app}ldap"
ldap_password=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
yunohost user create username -f $ldap_user -l $ldap_user -m $app@$domain -p $ldap_password -q 0
ldap_password=$(head -n32 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c32)
yunohost user create $ldap_user -f $ldap_user -l $ldap_user -m $app@$domain -p $ldap_password -q 0
ynh_replace_string "__LDAP_USER__" "$ldap_user" "${final_path}/live/.env.production"
ynh_replace_string "__LDAP_PASSWORD__" "$ldap_password" "${final_path}/live/.env.production"
ynh_app_setting_set "$app" ldap_user "$ldap_user"
@ -202,13 +202,24 @@ pushd "$final_path/live"
sudo -u "$app" echo "SAFETY_ASSURED=1">> .env.production
sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rails db:migrate --quiet
sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rails assets:precompile --quiet
sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rake mastodon:webpush:generate_vapid_key >> "${final_path}/live/.env.production"
sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt
sudo -u "$app" env PATH=$PATH RAILS_ENV=production bin/tootctl accounts create "$admin" --email="$admin_mail" --confirmed --role=admin > acc.txt
popd
admin_pass=$( tail -1 $final_path/live/acc.txt | head -1 | cut -c 15- )
ynh_secure_remove "$final_path/live/acc.txt"
vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K\w+" "$final_path/live/key.txt")
vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K\w+" "$final_path/live/key.txt")
ynh_replace_string "__VAPID_PRIVATE_KEY__" "$vapid_private_key" "${final_path}/live/.env.production"
ynh_replace_string "__VAPID_PUBLIC_KEY__" "$vapid_public_key" "${final_path}/live/.env.production"
ynh_app_setting_set "$app" vapid_private_key "$vapid_private_key"
ynh_app_setting_set "$app" vapid_public_key "$vapid_public_key"
ynh_secure_remove "$final_path/live/key.txt"
#=================================================
# SETUP CRON JOB FOR REMOVING CACHE
#=================================================

View file

@ -36,6 +36,8 @@ secret_key_base=$(ynh_app_setting_get "$app" secret_key_base)
otp_secret=$(ynh_app_setting_get "$app" otp_secret)
ldap_user=$(ynh_app_setting_get "$app" ldap_user)
ldap_password=$(ynh_app_setting_get "$app" ldap_password)
vapid_private_key=$(ynh_app_setting_get "$app" vapid_private_key)
vapid_public_key=$(ynh_app_setting_get "$app" vapid_public_key)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
@ -70,20 +72,29 @@ if [[ -z "$db_pwd" ]]; then
fi
# If paperclip_secret doesn't exist, retrieve it or create it
if [[ -z "$paperclip_secret" ]]; then
paperclip_secret=$(grep -oP "PAPERCLIP_SECRET=\K\w+" test)
if [[ -z "$paperclip_secret" ]]; then
paperclip_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
fi
ynh_app_setting_set "$app" paperclip_secret "$paperclip_secret"
fi
# If secret_key_base doesn't exist, retrieve it or create it
if [[ -z "$secret_key_base" ]]; then
secret_key_base=$(grep -oP "SECRET_KEY_BASE=\K\w+" test)
if [[ -z "$secret_key_base" ]]; then
secret_key_base=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
fi
ynh_app_setting_set "$app" secret_key_base "$secret_key_base"
fi
# If otp_secret doesn't exist, retrieve it or create it
if [[ -z "$otp_secret" ]]; then
otp_secret=$(grep -oP "OTP_SECRET=\K\w+" test)
if [[ -z "$otp_secret" ]]; then
otp_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
fi
ynh_app_setting_set "$app" otp_secret "$otp_secret"
fi
@ -234,6 +245,16 @@ pushd "$final_path/live"
sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rails db:migrate
popd
# If vapid_private_key doesn't exist, retrieve it or create it
if [[ -z "$vapid_private_key" ]]; then
sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt
vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K\w+" "$final_path/live/key.txt")
vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K\w+" "$final_path/live/key.txt")
ynh_app_setting_set "$app" vapid_private_key "$vapid_private_key"
ynh_app_setting_set "$app" vapid_public_key "$vapid_public_key"
ynh_secure_remove "$final_path/live/key.txt"
fi
# Recalculate and store the checksum of the file for the next upgrade.
ynh_store_file_checksum "${final_path}/live/.env.production"