gmoker/gitea
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: oauth2_jwt_secret mandatory

Browse Source
This commit is contained in:
ange 2024-06-04 18:37:19 +02:00
parent d2c2fbec8b
commit d645f3f7ff
Signed by: ange
GPG Key ID: 9E0C4157BB7BEB1D
3 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
config/app.ini
View File

@ -540,10 +540,10 @@ ENABLED = false
;; ;;
;; OAuth2 authentication secret for access and refresh tokens, change this yourself to a unique string. CLI generate option is helpful in this case. https://docs.gitea.io/en-us/command-line/#generate ;; OAuth2 authentication secret for access and refresh tokens, change this yourself to a unique string. CLI generate option is helpful in this case. https://docs.gitea.io/en-us/command-line/#generate
;; This setting is only needed if JWT_SIGNING_ALGORITHM is set to HS256, HS384 or HS512. ;; This setting is only needed if JWT_SIGNING_ALGORITHM is set to HS256, HS384 or HS512.
;JWT_SECRET = JWT_SECRET =
;; ;;
;; Alternative location to specify OAuth2 authentication secret. You cannot specify both this and JWT_SECRET, and must pick one ;; Alternative location to specify OAuth2 authentication secret. You cannot specify both this and JWT_SECRET, and must pick one
;JWT_SECRET_URI = file:/etc/gitea/oauth2_jwt_secret JWT_SECRET_URI = file:/etc/gitea/secrets/oauth2_jwt_secret
;; ;;
;; Lifetime of an OAuth2 access token in seconds ;; Lifetime of an OAuth2 access token in seconds
;ACCESS_TOKEN_EXPIRATION_TIME = 3600 ;ACCESS_TOKEN_EXPIRATION_TIME = 3600
@ -2035,6 +2035,17 @@ ENABLED = true
;; or only create new users if UPDATE_EXISTING is set to false ;; or only create new users if UPDATE_EXISTING is set to false
;UPDATE_EXISTING = true ;UPDATE_EXISTING = true
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Cleanup expired actions assets
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.cleanup_actions]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;ENABLED = true
;RUN_AT_START = true
;SCHEDULE = @midnight
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Clean-up deleted branches ;; Clean-up deleted branches

4
diff.sh
View File

@ -2,6 +2,6 @@
URL='https://raw.githubusercontent.com' URL='https://raw.githubusercontent.com'
REPO='go-gitea/gitea' REPO='go-gitea/gitea'
TAG="v$(awk -F: '/^IMAGEAPP/{sub("-rootless", ""); print $2}' .env)" TAG="release/v$(awk -F: '/^IMAGEAPP/{sub(".[0-9]+-rootless", ""); print $2}' .env)"
$EDITOR -d -c "wincmd l" -- "$URL/$REPO/$TAG/custom/conf/app.example.ini" app.ini $EDITOR -d -c "wincmd l" -- "$URL/$REPO/$TAG/custom/conf/app.example.ini" config/app.ini

3
manifests/bin/deploy.sh
View File

@ -52,7 +52,8 @@ kcreatesec gitea-admin \
kcreatesec gitea \ kcreatesec gitea \
--from-literal=secret_key="$(kgseckey gitea secret_key || openssl rand -hex 32)" \ --from-literal=secret_key="$(kgseckey gitea secret_key || openssl rand -hex 32)" \
--from-literal=internal_token="$(kgseckey gitea internal_token || openssl rand -hex 32)" --from-literal=internal_token="$(kgseckey gitea internal_token || openssl rand -hex 32)" \
--from-literal=oauth2_jwt_secret="$(kgseckey gitea oauth2_jwt_secret || openssl rand -hex 32)"
kcreatecm gitea \ kcreatecm gitea \
--from-file=app.ini=<(envsubst "$(env | xargs printf '$%s ')" < config/app.ini) --from-file=app.ini=<(envsubst "$(env | xargs printf '$%s ')" < config/app.ini)