From 396a022ea240f7ce622b7b8e5587d66a62a67302 Mon Sep 17 00:00:00 2001 From: Jakub Jirutka Date: Thu, 26 Jul 2018 20:14:18 +0200 Subject: community/roundcubemail: generate random session key in post-install --- community/roundcubemail/APKBUILD | 6 +++-- community/roundcubemail/config-session_key.patch | 11 +++++++++ community/roundcubemail/roundcubemail.post-install | 27 ++++++++++++++++++++++ community/roundcubemail/roundcubemail.post-upgrade | 8 +------ 4 files changed, 43 insertions(+), 9 deletions(-) create mode 100644 community/roundcubemail/config-session_key.patch create mode 100644 community/roundcubemail/roundcubemail.post-install mode change 100644 => 120000 community/roundcubemail/roundcubemail.post-upgrade (limited to 'community/roundcubemail') diff --git a/community/roundcubemail/APKBUILD b/community/roundcubemail/APKBUILD index 24617a22f0..e97b0fd845 100644 --- a/community/roundcubemail/APKBUILD +++ b/community/roundcubemail/APKBUILD @@ -29,10 +29,11 @@ depends="$_php ca-certificates " options="!check" # no tests provided -install="$pkgname.post-upgrade" +install="$pkgname.post-install $pkgname.post-upgrade" subpackages="$pkgname-installer $pkgname-doc" source="https://github.com/roundcube/$pkgname/releases/download/$pkgver/$pkgname-$pkgver.tar.gz fix-dirs.patch + config-session_key.patch " builddir="$srcdir/$pkgname-$pkgver" @@ -93,4 +94,5 @@ _mv() { } sha512sums="c5e1e80034392ea4fcf780750ad2b7db43422a746462015865cbdb027e9e47b2bae7b191da19b65a7b9303c195bdfd0aa5b5a0382c09dd97d117671271cdc122 roundcubemail-1.3.6.tar.gz -d205ba8442870b26f93fb287e7fe2bd1a452ea534823869b7ef299e2dca52d64c8a3fdc9a44bd3bc731c1e400efcf745c1866974e3b908e4e54d05b47b835f3e fix-dirs.patch" +d205ba8442870b26f93fb287e7fe2bd1a452ea534823869b7ef299e2dca52d64c8a3fdc9a44bd3bc731c1e400efcf745c1866974e3b908e4e54d05b47b835f3e fix-dirs.patch +7c4b88da4d2baa53d247dcb7b130d564954a04611c13f2770f45924fafab2a0e98f8dd078cabc87f3eddd0ab03f3ca48a48f27a462676354af22566cb19d220b config-session_key.patch" diff --git a/community/roundcubemail/config-session_key.patch b/community/roundcubemail/config-session_key.patch new file mode 100644 index 0000000000..a94bd9bd10 --- /dev/null +++ b/community/roundcubemail/config-session_key.patch @@ -0,0 +1,11 @@ +--- a/config/config.inc.php.sample ++++ b/config/config.inc.php.sample +@@ -74,7 +74,7 @@ + // in the session record (and the client cookie if remember password is enabled). + // please provide a string of exactly 24 chars. + // YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS +-$config['des_key'] = 'rcmail-!24ByteDESkey*Str'; ++$config['des_key'] = trim(file(RCMAIL_CONFIG_DIR . '/session_key')[0]); + + // List of active plugins (in plugins/ directory) + $config['plugins'] = array( diff --git a/community/roundcubemail/roundcubemail.post-install b/community/roundcubemail/roundcubemail.post-install new file mode 100644 index 0000000000..f899f7e02d --- /dev/null +++ b/community/roundcubemail/roundcubemail.post-install @@ -0,0 +1,27 @@ +#!/bin/sh + +keyfile='/etc/roundcube/session_key' + +if ! [ -e "$keyfile" ]; then + echo '* Generating random session key' >&2 + + { head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 && echo ''; } > "$keyfile" + chmod 440 "$keyfile" + + # This is for silly and insecure type of installation when Roundcube + # is run under Apache with Apache's privileges instead of separate + # user. Just for backward compatibility. + # Ignore if group www-data does not exist. + chgrp www-data "$keyfile" 2>/dev/null || true +fi + +if [ "${0##*.}" = 'post-upgrade' ]; then + cat >&2 <<-EOF + * + * Please read /usr/share/doc/roundcube/UPGRADE + * in roundcubemail-doc package for schema or config update + * + EOF +fi + +exit 0 diff --git a/community/roundcubemail/roundcubemail.post-upgrade b/community/roundcubemail/roundcubemail.post-upgrade deleted file mode 100644 index 7557e4178f..0000000000 --- a/community/roundcubemail/roundcubemail.post-upgrade +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -echo "*" >&2 -echo -e "* Please read /usr/share/doc/roundcube/UPGRADE\n\ -* in roundcubemail-doc package for schema or config update" >&2 -echo "*" >&2 -exit 0 diff --git a/community/roundcubemail/roundcubemail.post-upgrade b/community/roundcubemail/roundcubemail.post-upgrade new file mode 120000 index 0000000000..ef34de84ef --- /dev/null +++ b/community/roundcubemail/roundcubemail.post-upgrade @@ -0,0 +1 @@ +roundcubemail.post-install \ No newline at end of file -- cgit v1.2.3