main/redmine: generate secret token from post-install

fix permissions too

1 files changed, 29 insertions, 0 deletions

diff --git a/main/redmine/redmine.post-install b/main/redmine/redmine.post-install
new file mode 100644
index 0000000000..f68632c78e
--- /dev/null
+++ b/main/redmine/redmine.post-install
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+tokenfile=/var/lib/redmine/secret_token.rb
+if [ -e $tokenfile ]; then
+	exit 0
+fi
+
+if [ -e /dev/urandom ] && [ -x /usr/bin/hexdump ]; then
+	token=$(/usr/bin/hexdump -n 32 -v -e '/1 "%02x"' /dev/urandom)
+else
+	token=$(for i in $(seq 0 31); do echo $RANDOM; done | sha1sum | awk '{print $1}')
+fi
+
+umask 027
+cat >$tokenfile<<EOF
+# This file was generated by redmine apk post-install script, and should
+# not be made visible to public.
+# If you have a load-balancing Redmine cluster, you will need to use the
+# same version of this file on each machine. And be sure to restart your
+# server when you modify this file.
+#
+# Your secret key for verifying cookie session data integrity. If you
+# change this key, all old sessions will become invalid! Make sure the
+# secret is at least 30 characters and all random, no regular words or
+# you'll be exposed to dictionary attacks.
+RedmineApp::Application.config.secret_key_base = '$token'
+EOF
+
+chgrp www-data $tokenfile