roundcube: recreate the session key on any restart of the install service, which includes any reboot

This commit is contained in:
Daniel Frank 2019-09-07 00:48:56 +02:00
parent 0f1deedeb9
commit ef3386d983
Signed by: tokudan
GPG key ID: 063CCCAD04182D32

View file

@ -95,13 +95,13 @@ in
mkdir -p ${config.variables.roundcubeDataDir}/temp ${config.variables.roundcubeDataDir}/logs
chown -Rc ${config.variables.roundcubeUser} ${config.variables.roundcubeDataDir}
chmod -c 700 ${config.variables.roundcubeDataDir}
if [ ! -s "${config.variables.roundcubeDataDir}/des_key" ]; then
${pkgs.coreutils}/bin/dd if=/dev/urandom bs=32 count=1 2>/dev/null | ${pkgs.coreutils}/bin/base64 > "${config.variables.roundcubeDataDir}/des_key"
chown -c "${config.variables.roundcubeUser}":root "${config.variables.roundcubeDataDir}/des_key"
chmod -c 400 "${config.variables.roundcubeDataDir}/des_key"
fi
# Regenerate the key every now and then. This invalidates all sessions, but during reboot should be good enough.
[ -f "${config.variables.roundcubeDataDir}/des_key" ] && ${pkgs.coreutils}/bin/shred "${config.variables.roundcubeDataDir}/des_key"
${pkgs.coreutils}/bin/dd if=/dev/urandom bs=32 count=1 2>/dev/null | ${pkgs.coreutils}/bin/base64 > "${config.variables.roundcubeDataDir}/des_key"
chown -c "${config.variables.roundcubeUser}":root "${config.variables.roundcubeDataDir}/des_key"
chmod -c 400 "${config.variables.roundcubeDataDir}/des_key"
if [ -s "${config.variables.roundcubeDataDir}/roundcube.sqlite" ]; then
# Just go ahead and remove the sessions on a boot
# Just go ahead and remove the sessions, the key to decrypt them has just been destroyed anyway.
${pkgs.sqlite}/bin/sqlite3 "${config.variables.roundcubeDataDir}/roundcube.sqlite" "DELETE FROM session;"
fi
'';