diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2015-03-31 15:07:15 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-03-31 15:08:04 +0000 |
| commit | 796bac11add9497785854e9884d80e65289be556 (patch) | |
| tree | 4bdcdcf50e1fc2b07dddf58ea1db4d1d5ae7a67d /main | |
| parent | 20267efb7743d7e0c9d37db0aa6b330a89bbec50 (diff) | |
| download | aports-796bac11add9497785854e9884d80e65289be556.tar.bz2 aports-796bac11add9497785854e9884d80e65289be556.tar.xz | |
main/redmine: generate secret token from post-install
fix permissions too
Diffstat (limited to 'main')
| -rw-r--r-- | main/redmine/APKBUILD | 13 | ||||
| -rw-r--r-- | main/redmine/redmine.post-install | 29 | ||||
| -rw-r--r-- | main/redmine/redmine.pre-install | 5 |
3 files changed, 42 insertions, 5 deletions
diff --git a/main/redmine/APKBUILD b/main/redmine/APKBUILD index 0745ca62a5..d156ad6284 100644 --- a/main/redmine/APKBUILD +++ b/main/redmine/APKBUILD @@ -3,7 +3,7 @@ _railsver=4.2 pkgname=redmine pkgver=3.0.1 -pkgrel=4 +pkgrel=5 pkgdesc="Project management web application written in Ruby" url="http://redmine.org" arch="noarch" @@ -32,7 +32,7 @@ depends="ruby " depends_dev= makedepends="$depends_dev" -install="$pkgname.pre-install" +install="$pkgname.pre-install $pkgname.post-install" subpackages="" pkgusers="$pkgname" pkggroups="$pkgname www-data" @@ -76,16 +76,21 @@ package() { for i in database.yml.example configuration.yml.example \ additional_environment.rb.example routes.rb; do mv config/${i} "$pkgdir"/etc/redmine/${i%.example} || return 1 - ln -s /etc/redmine/${i%.example} config/$i || return 1 + ln -s /etc/redmine/${i%.example} config/${i%.example} \ + || return 1 done # writeable data dirs - for i in files tmp public/plugin_assets; do + for i in db files tmp public/plugin_assets; do chown redmine:www-data $i || return 1 chmod 775 $i || return 1 mv $i "$pkgdir"/var/lib/redmine/ || return 1 ln -s /var/lib/redmine/${i#*/} $i || return 1 done + chown redmine Gemfile.lock || return 1 + + # the secret token is generated by post-install + ln -s /var/lib/redmine/secret_token.rb config/initializers/ # log dir rm -r log && ln -s /var/log/redmine log || return 1 diff --git a/main/redmine/redmine.post-install b/main/redmine/redmine.post-install new file mode 100644 index 0000000000..f68632c78e --- /dev/null +++ b/main/redmine/redmine.post-install @@ -0,0 +1,29 @@ +#!/bin/sh + +tokenfile=/var/lib/redmine/secret_token.rb +if [ -e $tokenfile ]; then + exit 0 +fi + +if [ -e /dev/urandom ] && [ -x /usr/bin/hexdump ]; then + token=$(/usr/bin/hexdump -n 32 -v -e '/1 "%02x"' /dev/urandom) +else + token=$(for i in $(seq 0 31); do echo $RANDOM; done | sha1sum | awk '{print $1}') +fi + +umask 027 +cat >$tokenfile<<EOF +# This file was generated by redmine apk post-install script, and should +# not be made visible to public. +# If you have a load-balancing Redmine cluster, you will need to use the +# same version of this file on each machine. And be sure to restart your +# server when you modify this file. +# +# Your secret key for verifying cookie session data integrity. If you +# change this key, all old sessions will become invalid! Make sure the +# secret is at least 30 characters and all random, no regular words or +# you'll be exposed to dictionary attacks. +RedmineApp::Application.config.secret_key_base = '$token' +EOF + +chgrp www-data $tokenfile diff --git a/main/redmine/redmine.pre-install b/main/redmine/redmine.pre-install index 7ab2ac744f..780b89f54b 100644 --- a/main/redmine/redmine.pre-install +++ b/main/redmine/redmine.pre-install @@ -1,4 +1,7 @@ #!/bin/sh -adduser -H -h /usr/share/webapps/redmine -s /sbin/nologin -D redmine 2>/dev/null +addgroup -g 82 -S www-data 2>/dev/null +adduser -S -H -h /usr/share/webapps/redmine -s /bin/sh -D redmine 2>/dev/null +addgroup redmine www-data 2>/dev/null + exit 0 |