lunny/gitea
Archived
1
1
Fork 1
Code Issues 1.7k Pull Requests 154 Projects Releases 128 Wiki Activity

Add environment variable support for Docker image #2201

Merged
twang2218 merged 2 commits from docker-variables into master 2017-10-31 08:55:47 +00:00
Conversation 5 Commits 2 Files Changed 5 +42 -2
5 changed files with 42 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Dockerfile
View File

@ -14,6 +14,7 @@ RUN apk --no-cache add \
s6 \
curl \
openssh \
gettext \
tzdata
RUN addgroup \
-S -g 1000 \

1
Dockerfile.aarch64
View File

@ -14,6 +14,7 @@ RUN apk --no-cache add \
s6 \
curl \
openssh \
gettext \
tzdata
RUN addgroup \
-S -g 1000 \

1
Dockerfile.rpi
View File

@ -14,6 +14,7 @@ RUN apk --no-cache add \
s6 \
curl \
openssh \
gettext \
tzdata
RUN addgroup \
-S -g 1000 \

24
docker/etc/s6/gitea/setup
View File

@ -12,7 +12,29 @@ fi
if [ ! -f /data/gitea/conf/app.ini ]; then
mkdir -p /data/gitea/conf
cp /etc/templates/app.ini /data/gitea/conf/app.ini
# Set INSTALL_LOCK to true only if SECRET_KEY is not empty and
# INSTALL_LOCK is empty
vtemian commented 2017-09-04 14:35:02 +00:00 (Migrated from github.com)
Review
Copy Link

This is pretty obvious from the instruction itself.
Maybe a more useful comment would by why it's needed to set INSTALL_LOCK to true.

This is pretty obvious from the instruction itself. Maybe a more useful comment would by why it's needed to set `INSTALL_LOCK` to `true`.
twang2218 commented 2017-09-11 00:32:37 +00:00 (Migrated from github.com)
Review
Copy Link

This is a good question, why it's needed?

It was obviously that we alway go through the installation process to setup the SECRET_KEY. However, why we have to?

I didn't find any document clear the relationship between INSTALL_LOCK and SECRET_KEY, so I read the code, and I found the SECRET_KEY will be randomly generated ONLY during the installation:

2c3a229a3c/routers/install.go (L315-L320)

	var secretKey string
	if secretKey, err = base.GetRandomString(10); err != nil {
		ctx.RenderWithErr(ctx.Tr("install.secret_key_failed", err), tplInstall, &form)
		return
	}
	cfg.Section("security").Key("SECRET_KEY").SetValue(secretKey)

Otherwise, it will try to find the user setting SECRET_KEY first, and if user is not providing the value, it will use the default string !#@FDEWREWR&*(, which is not safe and should be random generated.

ced50e0ec1/modules/setting/setting.go (L813)

	SecretKey = sec.Key("SECRET_KEY").MustString("!#@FDEWREWR&*(")

ping @sapk and @lunny , could you tell me why the default value for the SECRET_KEY is a static value, instead of a randomly generated key?

I read the issue https://github.com/go-gitea/gitea/pull/455 , I'm still not clear. I think the SECRET_KEY should always be generated if the value is not provided by the user, the static default string should be avoided in this case.

This is a good question, why it's needed? It was obviously that we alway go through the installation process to setup the `SECRET_KEY`. However, why we have to? I didn't find any document clear the relationship between `INSTALL_LOCK` and `SECRET_KEY`, so I read the code, and I found the `SECRET_KEY` will be randomly generated ONLY during the installation: https://github.com/go-gitea/gitea/blob/2c3a229a3c4cc3e86c5a1130bbd058ba78022a6a/routers/install.go#L315-L320 ```go var secretKey string if secretKey, err = base.GetRandomString(10); err != nil { ctx.RenderWithErr(ctx.Tr("install.secret_key_failed", err), tplInstall, &form) return } cfg.Section("security").Key("SECRET_KEY").SetValue(secretKey) ``` Otherwise, it will try to find the user setting `SECRET_KEY` first, and if user is not providing the value, it will use the default string `!#@FDEWREWR&*(`, which is not safe and should be random generated. https://github.com/go-gitea/gitea/blob/ced50e0ec13085504fa19c82f018a2eecb70ff68/modules/setting/setting.go#L813 ```go SecretKey = sec.Key("SECRET_KEY").MustString("!#@FDEWREWR&*(") ``` ping @sapk and @lunny , could you tell me why the default value for the `SECRET_KEY` is a static value, instead of a randomly generated key? I read the issue https://github.com/go-gitea/gitea/pull/455 , I'm still not clear. I think the `SECRET_KEY` should always be generated if the value is not provided by the user, the static default string should be avoided in this case.
lunny commented 2017-10-31 06:07:03 +00:00
Review
Copy Link

@twang2218 It should be.

@twang2218 It should be.
if [ -n "$SECRET_KEY" ] && [ -z "$INSTALL_LOCK" ]; then
INSTALL_LOCK=true
fi
# Substitude the environment variables in the template
APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
APP_MODE=${APP_MODE:-"dev"} \
SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \
HTTP_PORT=${HTTP_PORT:-"3000"} \
ROOT_URL=${ROOT_URL:-""} \
DISABLE_SSH=${DISABLE_SSH:-"false"} \
SSH_PORT=${SSH_PORT:-"22"} \
DB_TYPE=${DB_TYPE:-"sqlite3"} \
DB_HOST=${DB_HOST:-"localhost:3306"} \
DB_NAME=${DB_NAME:-"gitea"} \
DB_USER=${DB_USER:-"root"} \
DB_PASSWD=${DB_PASSWD:-""} \
INSTALL_LOCK=${INSTALL_LOCK:-"false"} \
SECRET_KEY=${SECRET_KEY:-""} \
envsubst < /etc/templates/app.ini > /data/gitea/conf/app.ini
fi
chown -R git:git /data/gitea /app/gitea /data/git

17
docker/etc/templates/app.ini
View File

@ -1,4 +1,6 @@
[repository]
APP_NAME = $APP_NAME
APP_MODE = $APP_MODE
ROOT = /data/git/repositories
[repository.upload]
@ -6,10 +8,19 @@ TEMP_PATH = /data/gitea/uploads
[server]
APP_DATA_PATH = /data/gitea
SSH_DOMAIN = $SSH_DOMAIN
HTTP_PORT = $HTTP_PORT
ROOT_URL = $ROOT_URL
DISABLE_SSH = $DISABLE_SSH
SSH_PORT = $SSH_PORT
[database]
DB_TYPE = sqlite3
PATH = /data/gitea/gitea.db
DB_TYPE = $DB_TYPE
HOST = $DB_HOST
NAME = $DB_NAME
USER = $DB_USER
PASSWD = $DB_PASSWD
[session]
PROVIDER_CONFIG = /data/gitea/sessions
@ -22,3 +33,7 @@ PATH = /data/gitea/attachments
[log]
ROOT_PATH = /data/gitea/log
[security]
INSTALL_LOCK = $INSTALL_LOCK
SECRET_KEY = $SECRET_KEY