Skip to content
Snippets Groups Projects
Commit 126f1659 authored by Julian's avatar Julian
Browse files

Auto-generate SECRET_KEY in Debian package, minor improvement of uffd-admin

parent e34b87db
Branches
Tags
No related merge requests found
#!/bin/bash -x #!/bin/sh
set -e set -eu
export FLASK_APP=/usr/share/uffd/uffd export FLASK_APP=/usr/share/uffd/uffd
export CONFIG_FILENAME=/etc/uffd/uffd.cfg export CONFIG_FILENAME=/etc/uffd/uffd.cfg
if [ "$(whoami)" = "uffd" ]; then if [ "$(whoami)" = "uffd" ]; then
flask "$@" flask "$@"
elif command -v sudo &> /dev/null; then elif command -v sudo > /dev/null 2>&1; then
exec sudo --preserve-env=FLASK_APP,CONFIG_FILENAME -u uffd flask "$@" exec sudo --preserve-env=FLASK_APP,CONFIG_FILENAME -u uffd flask "$@"
elif command -v runuser &> /dev/null; then elif command -v runuser > /dev/null 2>&1; then
exec runuser --preserve-environment -u uffd -- flask "$@" exec runuser --preserve-environment -u uffd -- flask "$@"
else else
echo "Could not not become 'uffd' user, exiting" echo "Could not not become 'uffd' user, exiting"
......
...@@ -10,6 +10,13 @@ case "$1" in ...@@ -10,6 +10,13 @@ case "$1" in
chown -R uffd:uffd /var/lib/uffd chown -R uffd:uffd /var/lib/uffd
chmod 0770 /var/lib/uffd chmod 0770 /var/lib/uffd
python3 <<EOF
import secrets
cfg = open('/etc/uffd/uffd.cfg', 'r').read()
cfg = cfg.replace('\n#SECRET=autogenerated by postinst script\n',
'\nSECRET="'+secrets.token_hex(128)+'"\n', 1)
open('/etc/uffd/uffd.cfg', 'w').write(cfg)
EOF
chown root:uffd /etc/uffd/uffd.cfg chown root:uffd /etc/uffd/uffd.cfg
chmod 0640 /etc/uffd/uffd.cfg chmod 0640 /etc/uffd/uffd.cfg
......
FLASK_ENV="production" FLASK_ENV="production"
SQLALCHEMY_DATABASE_URI="sqlite:////var/lib/uffd/db.sqlite" SQLALCHEMY_DATABASE_URI="sqlite:////var/lib/uffd/db.sqlite"
#SECRET=autogenerated by postinst script
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment