external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-11-25 02:47:04 +00:00
Code Issues Releases Wiki Activity

Merge pull request #150 from hjjg/secretkeyfix

Browse Source 
The secret key that encrypts the backups should not be world readable.
This commit is contained in:
Joshua Tauberer 2014-08-24 17:21:38 -04:00
commit 28231ac248
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
setup/management.sh
View File

@ -8,7 +8,7 @@ hide_output pip3 install rtyaml
# Create a backup directory and a random key for encrypting backups. # Create a backup directory and a random key for encrypting backups.
mkdir -p $STORAGE_ROOT/backup mkdir -p $STORAGE_ROOT/backup
if [ ! -f $STORAGE_ROOT/backup/secret_key.txt ]; then if [ ! -f $STORAGE_ROOT/backup/secret_key.txt ]; then
openssl rand -base64 2048 > $STORAGE_ROOT/backup/secret_key.txt $(umask 077; openssl rand -base64 2048 > $STORAGE_ROOT/backup/secret_key.txt)
fi fi
# Link the management server daemon into a well known location. # Link the management server daemon into a well known location.

4
setup/migrate.py
View File

@ -56,6 +56,10 @@ def migration_4(env):
db = os.path.join(env["STORAGE_ROOT"], 'mail/users.sqlite') db = os.path.join(env["STORAGE_ROOT"], 'mail/users.sqlite')
shell("check_call", ["sqlite3", db, "ALTER TABLE users ADD privileges TEXT NOT NULL DEFAULT ''"]) shell("check_call", ["sqlite3", db, "ALTER TABLE users ADD privileges TEXT NOT NULL DEFAULT ''"])
def migration_5(env):
# The secret key for encrypting backups was world readable. Fix here.
os.chmod(os.path.join(env["STORAGE_ROOT"], 'backup/secret_key.txt'), 0o600)
def get_current_migration(): def get_current_migration():
ver = 0 ver = 0
while True: while True: