Generating secrets in script

MaxAlmeida
1 parent 3f0918d1
Showing 1 changed file with 9 additions and 9 deletions Show diff stats
kalibro-configurations/kalibro-configurations.spec
@@ -29,6 +29,7 @@ cp -r * %{buildroot}/usr/lib/kalibro-configurations
 rm -rf %{buildroot}/usr/lib/kalibro-configurations/log
 ln -sfT /var/log/kalibro-configurations %{buildroot}/usr/lib/kalibro-configurations/log
 ln -sfT /etc/kalibro-configurations/database.yml %{buildroot}/usr/lib/kalibro-configurations/config/database.yml
+ln -sfT /etc/kalibro-configurations/secrets.yml %{buildroot}/usr/lib/kalibro-configurations/config/secrets.yml
 mkdir -p %{buildroot}/lib/systemd/system
 cat > %{buildroot}/lib/systemd/system/kalibro_configurations.service <<EOF
 [Unit]
@@ -55,6 +56,12 @@ production:
   password:
 EOF
+cat > %{buildroot}/etc/kalibro-configurations/secrets.yml << EOF
+# Do not keep production secrets in the repository,
+# instead read values from the environment.
+production:
+  secret_key_base: $(bundle exec rake secret)
+EOF
 #FIXME HACK, REMOVE LATER
 sed -i -e "s/require.*database_cleaner/# &/" %{buildroot}/usr/lib/kalibro-configurations/app/controllers/tests_controller.rb
@@ -66,13 +73,11 @@ fi
 mkdir -p /var/log/kalibro-configurations 
 chown -R kalibro_configurations:kalibro_configurations /var/log/kalibro-configurations
 chown -R kalibro_configurations:kalibro_configurations /usr/lib/kalibro-configurations
-
-if [ -x /usr/bin/postgres ]; then
+if [ -x /usr/bin/psql ]; then
   if [ `systemctl is-active postgresql`!="active" ]; then
     postgresql-setup initdb || true
     systemctl start postgresql
   fi
-
   if [ "$(sudo -u postgres -i psql --quiet --tuples-only -c "select count(*) from pg_user where usename = 'kalibro_configurations';")" -eq 0 ]; then
     # create user
     sudo -u postgres -i createuser kalibro_configurations
@@ -86,13 +91,7 @@ if [ -x /usr/bin/postgres ]; then
   cd /usr/lib/kalibro-configurations/
   su kalibro_configurations -c "RAILS_ENV=production bundle exec rake db:migrate"
   if [ $1 -eq 1 ]; then
-    echo "========================ENTREIEEEIIII"
     su kalibro_configurations -c "RAILS_ENV=production bundle exec rake db:seed"
-    cat >> %{buildroot}/etc/profile.d/kalibro_configurations.sh <<EOF
-      export RAILS_ENV=production 
-EOF
-    source %{buildroot}/etc/profile.d/kalibro_configurations.sh
-    #SECRET="$(RAILS_ENV=production bundle exec rake secret)"
   fi
 fi
@@ -111,5 +110,6 @@ rm -rf %{buildroot}
 /usr/lib/kalibro-configurations
 /lib/systemd/system/kalibro_configurations.service
 %config(noreplace) /etc/kalibro-configurations/database.yml
+%config(noreplace) /etc/kalibro-configurations/secrets.yml
 %changelog
	@@ -29,6 +29,7 @@ cp -r * %{buildroot}/usr/lib/kalibro-configurations		@@ -29,6 +29,7 @@ cp -r * %{buildroot}/usr/lib/kalibro-configurations
29	rm -rf %{buildroot}/usr/lib/kalibro-configurations/log	29	rm -rf %{buildroot}/usr/lib/kalibro-configurations/log
30	ln -sfT /var/log/kalibro-configurations %{buildroot}/usr/lib/kalibro-configurations/log	30	ln -sfT /var/log/kalibro-configurations %{buildroot}/usr/lib/kalibro-configurations/log
31	ln -sfT /etc/kalibro-configurations/database.yml %{buildroot}/usr/lib/kalibro-configurations/config/database.yml	31	ln -sfT /etc/kalibro-configurations/database.yml %{buildroot}/usr/lib/kalibro-configurations/config/database.yml
		32	+ln -sfT /etc/kalibro-configurations/secrets.yml %{buildroot}/usr/lib/kalibro-configurations/config/secrets.yml
32	mkdir -p %{buildroot}/lib/systemd/system	33	mkdir -p %{buildroot}/lib/systemd/system
33	cat > %{buildroot}/lib/systemd/system/kalibro_configurations.service <<EOF	34	cat > %{buildroot}/lib/systemd/system/kalibro_configurations.service <<EOF
34	[Unit]	35	[Unit]
	@@ -55,6 +56,12 @@ production:		@@ -55,6 +56,12 @@ production:
55	password:	56	password:
56	EOF	57	EOF
57		58
		59	+cat > %{buildroot}/etc/kalibro-configurations/secrets.yml << EOF
		60	+# Do not keep production secrets in the repository,
		61	+# instead read values from the environment.
		62	+production:
		63	+ secret_key_base: $(bundle exec rake secret)
		64	+EOF
58	#FIXME HACK, REMOVE LATER	65	#FIXME HACK, REMOVE LATER
59	sed -i -e "s/require.*database_cleaner/# &/" %{buildroot}/usr/lib/kalibro-configurations/app/controllers/tests_controller.rb	66	sed -i -e "s/require.*database_cleaner/# &/" %{buildroot}/usr/lib/kalibro-configurations/app/controllers/tests_controller.rb
60		67
	@@ -66,13 +73,11 @@ fi		@@ -66,13 +73,11 @@ fi
66	mkdir -p /var/log/kalibro-configurations	73	mkdir -p /var/log/kalibro-configurations
67	chown -R kalibro_configurations:kalibro_configurations /var/log/kalibro-configurations	74	chown -R kalibro_configurations:kalibro_configurations /var/log/kalibro-configurations
68	chown -R kalibro_configurations:kalibro_configurations /usr/lib/kalibro-configurations	75	chown -R kalibro_configurations:kalibro_configurations /usr/lib/kalibro-configurations
69	-
70	-if [ -x /usr/bin/postgres ]; then	76	+if [ -x /usr/bin/psql ]; then
71	if [ `systemctl is-active postgresql`!="active" ]; then	77	if [ `systemctl is-active postgresql`!="active" ]; then
72	postgresql-setup initdb \|\| true	78	postgresql-setup initdb \|\| true
73	systemctl start postgresql	79	systemctl start postgresql
74	fi	80	fi
75	-
76	if [ "$(sudo -u postgres -i psql --quiet --tuples-only -c "select count(*) from pg_user where usename = 'kalibro_configurations';")" -eq 0 ]; then	81	if [ "$(sudo -u postgres -i psql --quiet --tuples-only -c "select count(*) from pg_user where usename = 'kalibro_configurations';")" -eq 0 ]; then
77	# create user	82	# create user
78	sudo -u postgres -i createuser kalibro_configurations	83	sudo -u postgres -i createuser kalibro_configurations
	@@ -86,13 +91,7 @@ if [ -x /usr/bin/postgres ]; then		@@ -86,13 +91,7 @@ if [ -x /usr/bin/postgres ]; then
86	cd /usr/lib/kalibro-configurations/	91	cd /usr/lib/kalibro-configurations/
87	su kalibro_configurations -c "RAILS_ENV=production bundle exec rake db:migrate"	92	su kalibro_configurations -c "RAILS_ENV=production bundle exec rake db:migrate"
88	if [ $1 -eq 1 ]; then	93	if [ $1 -eq 1 ]; then
89	- echo "========================ENTREIEEEIIII"
90	su kalibro_configurations -c "RAILS_ENV=production bundle exec rake db:seed"	94	su kalibro_configurations -c "RAILS_ENV=production bundle exec rake db:seed"
91	- cat >> %{buildroot}/etc/profile.d/kalibro_configurations.sh <<EOF
92	- export RAILS_ENV=production
93	-EOF
94	- source %{buildroot}/etc/profile.d/kalibro_configurations.sh
95	- #SECRET="$(RAILS_ENV=production bundle exec rake secret)"
96	fi	95	fi
97	fi	96	fi
98		97
	@@ -111,5 +110,6 @@ rm -rf %{buildroot}		@@ -111,5 +110,6 @@ rm -rf %{buildroot}
111	/usr/lib/kalibro-configurations	110	/usr/lib/kalibro-configurations
112	/lib/systemd/system/kalibro_configurations.service	111	/lib/systemd/system/kalibro_configurations.service
113	%config(noreplace) /etc/kalibro-configurations/database.yml	112	%config(noreplace) /etc/kalibro-configurations/database.yml
		113	+%config(noreplace) /etc/kalibro-configurations/secrets.yml
114		114
115	%changelog	115	%changelog