Generating secrets in script

MaxAlmeida
1 parent 3f0918d1
Showing 1 changed file with 9 additions and 9 deletions Show diff stats
kalibro-configurations/kalibro-configurations.spec
@@ -29,6 +29,7 @@ cp -r * %{buildroot}/usr/lib/kalibro-configurations
 rm -rf %{buildroot}/usr/lib/kalibro-configurations/log
 ln -sfT /var/log/kalibro-configurations %{buildroot}/usr/lib/kalibro-configurations/log
 ln -sfT /etc/kalibro-configurations/database.yml %{buildroot}/usr/lib/kalibro-configurations/config/database.yml
+ln -sfT /etc/kalibro-configurations/secrets.yml %{buildroot}/usr/lib/kalibro-configurations/config/secrets.yml
 mkdir -p %{buildroot}/lib/systemd/system
 cat > %{buildroot}/lib/systemd/system/kalibro_configurations.service <<EOF
 [Unit]
@@ -55,6 +56,12 @@ production:
   password:
 EOF
  
+cat > %{buildroot}/etc/kalibro-configurations/secrets.yml << EOF
+# Do not keep production secrets in the repository,
+# instead read values from the environment.
+production:
+  secret_key_base: $(bundle exec rake secret)
+EOF
 #FIXME HACK, REMOVE LATER
 sed -i -e "s/require.*database_cleaner/# &/" %{buildroot}/usr/lib/kalibro-configurations/app/controllers/tests_controller.rb
  
@@ -66,13 +73,11 @@ fi
 mkdir -p /var/log/kalibro-configurations 
 chown -R kalibro_configurations:kalibro_configurations /var/log/kalibro-configurations
 chown -R kalibro_configurations:kalibro_configurations /usr/lib/kalibro-configurations
-
-if [ -x /usr/bin/postgres ]; then
+if [ -x /usr/bin/psql ]; then
   if [ `systemctl is-active postgresql`!="active" ]; then
     postgresql-setup initdb || true
     systemctl start postgresql
   fi
-
   if [ "$(sudo -u postgres -i psql --quiet --tuples-only -c "select count(*) from pg_user where usename = 'kalibro_configurations';")" -eq 0 ]; then
     # create user
     sudo -u postgres -i createuser kalibro_configurations
@@ -86,13 +91,7 @@ if [ -x /usr/bin/postgres ]; then
   cd /usr/lib/kalibro-configurations/
   su kalibro_configurations -c "RAILS_ENV=production bundle exec rake db:migrate"
   if [ $1 -eq 1 ]; then
-    echo "========================ENTREIEEEIIII"
     su kalibro_configurations -c "RAILS_ENV=production bundle exec rake db:seed"
-    cat >> %{buildroot}/etc/profile.d/kalibro_configurations.sh <<EOF
-      export RAILS_ENV=production 
-EOF
-    source %{buildroot}/etc/profile.d/kalibro_configurations.sh
-    #SECRET="$(RAILS_ENV=production bundle exec rake secret)"
   fi
 fi
  
@@ -111,5 +110,6 @@ rm -rf %{buildroot}
 /usr/lib/kalibro-configurations
 /lib/systemd/system/kalibro_configurations.service
 %config(noreplace) /etc/kalibro-configurations/database.yml
+%config(noreplace) /etc/kalibro-configurations/secrets.yml
  
 %changelog
...	...	@@ -29,6 +29,7 @@ cp -r * %{buildroot}/usr/lib/kalibro-configurations
29	29	rm -rf %{buildroot}/usr/lib/kalibro-configurations/log
30	30	ln -sfT /var/log/kalibro-configurations %{buildroot}/usr/lib/kalibro-configurations/log
31	31	ln -sfT /etc/kalibro-configurations/database.yml %{buildroot}/usr/lib/kalibro-configurations/config/database.yml
	32	+ln -sfT /etc/kalibro-configurations/secrets.yml %{buildroot}/usr/lib/kalibro-configurations/config/secrets.yml
32	33	mkdir -p %{buildroot}/lib/systemd/system
33	34	cat > %{buildroot}/lib/systemd/system/kalibro_configurations.service <<EOF
34	35	[Unit]
...	...	@@ -55,6 +56,12 @@ production:
55	56	password:
56	57	EOF
57	58
	59	+cat > %{buildroot}/etc/kalibro-configurations/secrets.yml << EOF
	60	+# Do not keep production secrets in the repository,
	61	+# instead read values from the environment.
	62	+production:
	63	+ secret_key_base: $(bundle exec rake secret)
	64	+EOF
58	65	#FIXME HACK, REMOVE LATER
59	66	sed -i -e "s/require.*database_cleaner/# &/" %{buildroot}/usr/lib/kalibro-configurations/app/controllers/tests_controller.rb
60	67
...	...	@@ -66,13 +73,11 @@ fi
66	73	mkdir -p /var/log/kalibro-configurations
67	74	chown -R kalibro_configurations:kalibro_configurations /var/log/kalibro-configurations
68	75	chown -R kalibro_configurations:kalibro_configurations /usr/lib/kalibro-configurations
69		-
70		-if [ -x /usr/bin/postgres ]; then
	76	+if [ -x /usr/bin/psql ]; then
71	77	if [ `systemctl is-active postgresql`!="active" ]; then
72	78	postgresql-setup initdb \|\| true
73	79	systemctl start postgresql
74	80	fi
75		-
76	81	if [ "$(sudo -u postgres -i psql --quiet --tuples-only -c "select count(*) from pg_user where usename = 'kalibro_configurations';")" -eq 0 ]; then
77	82	# create user
78	83	sudo -u postgres -i createuser kalibro_configurations
...	...	@@ -86,13 +91,7 @@ if [ -x /usr/bin/postgres ]; then
86	91	cd /usr/lib/kalibro-configurations/
87	92	su kalibro_configurations -c "RAILS_ENV=production bundle exec rake db:migrate"
88	93	if [ $1 -eq 1 ]; then
89		- echo "========================ENTREIEEEIIII"
90	94	su kalibro_configurations -c "RAILS_ENV=production bundle exec rake db:seed"
91		- cat >> %{buildroot}/etc/profile.d/kalibro_configurations.sh <<EOF
92		- export RAILS_ENV=production
93		-EOF
94		- source %{buildroot}/etc/profile.d/kalibro_configurations.sh
95		- #SECRET="$(RAILS_ENV=production bundle exec rake secret)"
96	95	fi
97	96	fi
98	97
...	...	@@ -111,5 +110,6 @@ rm -rf %{buildroot}
111	110	/usr/lib/kalibro-configurations
112	111	/lib/systemd/system/kalibro_configurations.service
113	112	%config(noreplace) /etc/kalibro-configurations/database.yml
	113	+%config(noreplace) /etc/kalibro-configurations/secrets.yml
114	114
115	115	%changelog
...	...