Reconcile the accepted safe federation helper with E2EE integration hardening and complete PIN-based encrypted DMs
Hop-State: A_06FPC0CGS3F7SJG3BGW0YF0 Hop-Proposal: R_06FPC0BK6YEV7XASNM7C908 Hop-Task: T_06FPAWA3279RBMJAR0BHM10 Hop-Attempt: AT_06FPBZWSBFTB9B5YH9JY9QR
This commit is contained in:
@@ -38,12 +38,14 @@ chown -R synapsis:synapsis "$APP_DIR"
|
||||
|
||||
if [[ ! -e "$ENV_FILE" ]]; then
|
||||
auth_secret="$(openssl rand -base64 48 | tr -d '\n')"
|
||||
e2ee_recovery_secret="$(openssl rand -base64 48 | tr -d '\n')"
|
||||
port="43821"
|
||||
install -m 0600 -o root -g synapsis /dev/null "$ENV_FILE"
|
||||
{
|
||||
echo "DATABASE_PATH=$DATA_DIR/synapsis.db"
|
||||
echo "PORT=$port"
|
||||
echo "AUTH_SECRET=$auth_secret"
|
||||
echo "E2EE_RECOVERY_SECRET=$e2ee_recovery_secret"
|
||||
echo "ADMIN_EMAILS=admin@example.com"
|
||||
echo "NEXT_PUBLIC_NODE_DOMAIN=localhost:$port"
|
||||
echo "STUFFBOX_URL=https://stuffbox.xyz"
|
||||
|
||||
@@ -19,6 +19,16 @@ set -a
|
||||
source "$ENV_FILE"
|
||||
set +a
|
||||
|
||||
# Existing installations predate encrypted-message recovery. Enroll them with
|
||||
# a distinct stable secret before migrations/builds make E2EE available.
|
||||
if [[ -z "${E2EE_RECOVERY_SECRET:-}" ]]; then
|
||||
command -v openssl >/dev/null || { echo "Missing required command: openssl" >&2; exit 1; }
|
||||
E2EE_RECOVERY_SECRET="$(openssl rand -base64 48 | tr -d '\n')"
|
||||
printf '\nE2EE_RECOVERY_SECRET=%s\n' "$E2EE_RECOVERY_SECRET" >> "$ENV_FILE"
|
||||
export E2EE_RECOVERY_SECRET
|
||||
echo "Added E2EE_RECOVERY_SECRET to $ENV_FILE. Back it up separately from the database."
|
||||
fi
|
||||
|
||||
install_update_units() {
|
||||
units_changed=0
|
||||
for unit in synapsis.service synapsis-maintenance.service synapsis-update.service synapsis-update.timer; do
|
||||
|
||||
Reference in New Issue
Block a user