roundcube: recreate the session key on any restart of the install service, which includes any reboot
This commit is contained in:
parent
0f1deedeb9
commit
ef3386d983
|
@ -95,13 +95,13 @@ in
|
|||
mkdir -p ${config.variables.roundcubeDataDir}/temp ${config.variables.roundcubeDataDir}/logs
|
||||
chown -Rc ${config.variables.roundcubeUser} ${config.variables.roundcubeDataDir}
|
||||
chmod -c 700 ${config.variables.roundcubeDataDir}
|
||||
if [ ! -s "${config.variables.roundcubeDataDir}/des_key" ]; then
|
||||
${pkgs.coreutils}/bin/dd if=/dev/urandom bs=32 count=1 2>/dev/null | ${pkgs.coreutils}/bin/base64 > "${config.variables.roundcubeDataDir}/des_key"
|
||||
chown -c "${config.variables.roundcubeUser}":root "${config.variables.roundcubeDataDir}/des_key"
|
||||
chmod -c 400 "${config.variables.roundcubeDataDir}/des_key"
|
||||
fi
|
||||
# Regenerate the key every now and then. This invalidates all sessions, but during reboot should be good enough.
|
||||
[ -f "${config.variables.roundcubeDataDir}/des_key" ] && ${pkgs.coreutils}/bin/shred "${config.variables.roundcubeDataDir}/des_key"
|
||||
${pkgs.coreutils}/bin/dd if=/dev/urandom bs=32 count=1 2>/dev/null | ${pkgs.coreutils}/bin/base64 > "${config.variables.roundcubeDataDir}/des_key"
|
||||
chown -c "${config.variables.roundcubeUser}":root "${config.variables.roundcubeDataDir}/des_key"
|
||||
chmod -c 400 "${config.variables.roundcubeDataDir}/des_key"
|
||||
if [ -s "${config.variables.roundcubeDataDir}/roundcube.sqlite" ]; then
|
||||
# Just go ahead and remove the sessions on a boot
|
||||
# Just go ahead and remove the sessions, the key to decrypt them has just been destroyed anyway.
|
||||
${pkgs.sqlite}/bin/sqlite3 "${config.variables.roundcubeDataDir}/roundcube.sqlite" "DELETE FROM session;"
|
||||
fi
|
||||
'';
|
||||
|
|
Loading…
Reference in a new issue