Merge pull request #69247 from mmilata/wordpress

wordpress: new package version, generate secrets locally
This commit is contained in:
Aaron Andersen 2019-09-22 10:23:20 -04:00 committed by GitHub
commit 25efd6cd58
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 16 deletions

View File

@ -61,6 +61,19 @@ let
?>
'';
secretsVars = [ "AUTH_KEY" "SECURE_AUTH_KEY" "LOOGGED_IN_KEY" "NONCE_KEY" "AUTH_SALT" "SECURE_AUTH_SALT" "LOGGED_IN_SALT" "NONCE_SALT" ];
secretsScript = hostStateDir: ''
if ! test -e "${hostStateDir}/secret-keys.php"; then
umask 0177
echo "<?php" >> "${hostStateDir}/secret-keys.php"
${concatMapStringsSep "\n" (var: ''
echo "define('${var}', '`tr -dc a-zA-Z0-9 </dev/urandom | head -c 64`');" >> "${hostStateDir}/secret-keys.php"
'') secretsVars}
echo "?>" >> "${hostStateDir}/secret-keys.php"
chmod 440 "${hostStateDir}/secret-keys.php"
fi
'';
siteOpts = { lib, name, ... }:
{
options = {
@ -340,14 +353,7 @@ in
wantedBy = [ "multi-user.target" ];
before = [ "phpfpm-wordpress-${hostName}.service" ];
after = optional cfg.database.createLocally "mysql.service";
script = ''
if ! test -e "${stateDir hostName}/secret-keys.php"; then
echo "<?php" >> "${stateDir hostName}/secret-keys.php"
${pkgs.curl}/bin/curl -s https://api.wordpress.org/secret-key/1.1/salt/ >> "${stateDir hostName}/secret-keys.php"
echo "?>" >> "${stateDir hostName}/secret-keys.php"
chmod 440 "${stateDir hostName}/secret-keys.php"
fi
'';
script = secretsScript (stateDir hostName);
serviceConfig = {
Type = "oneshot";

View File

@ -20,12 +20,6 @@ import ./make-test.nix ({ pkgs, ... }:
};
networking.hosts."127.0.0.1" = [ "site1.local" "site2.local" ];
# required for wordpress-init.service to succeed
systemd.tmpfiles.rules = [
"F /var/lib/wordpress/site1.local/secret-keys.php 0440 wordpress wwwrun - -"
"F /var/lib/wordpress/site2.local/secret-keys.php 0440 wordpress wwwrun - -"
];
};
testScript = ''
@ -37,6 +31,11 @@ import ./make-test.nix ({ pkgs, ... }:
$machine->succeed("curl -L site1.local | grep 'Welcome to the famous'");
$machine->succeed("curl -L site2.local | grep 'Welcome to the famous'");
$machine->succeed("systemctl --no-pager show wordpress-init-site1.local.service | grep 'ExecStart=.*status=0'");
$machine->succeed("systemctl --no-pager show wordpress-init-site2.local.service | grep 'ExecStart=.*status=0'");
$machine->succeed("grep -E '^define.*NONCE_SALT.{64,};\$' /var/lib/wordpress/site1.local/secret-keys.php");
$machine->succeed("grep -E '^define.*NONCE_SALT.{64,};\$' /var/lib/wordpress/site2.local/secret-keys.php");
'';
})

View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "wordpress";
version = "5.2.2";
version = "5.2.3";
src = fetchurl {
url = "https://wordpress.org/${pname}-${version}.tar.gz";
sha256 = "08iilbvf1gam2nmacj0a8fgldnd2gighmslf9sny8dsdlqlwjgvq";
sha256 = "07gqdzhnqivyfah386lwyz984y9k2bc0hmji1y2pbvv0a60r63wr";
};
installPhase = ''