mirror of
https://github.com/mastodon/mastodon.git
synced 2024-11-26 15:31:52 +00:00
0e1110c947
Some checks are pending
Check i18n / check-i18n (push) Waiting to run
CodeQL / Analyze (javascript) (push) Waiting to run
CodeQL / Analyze (ruby) (push) Waiting to run
Check formatting / lint (push) Waiting to run
Ruby Linting / lint (push) Waiting to run
Test one step migrations / pre_job (push) Waiting to run
Test one step migrations / test (14-alpine) (push) Blocked by required conditions
Test one step migrations / test (15-alpine) (push) Blocked by required conditions
Test two step migrations / pre_job (push) Waiting to run
Test two step migrations / test (14-alpine) (push) Blocked by required conditions
Test two step migrations / test (15-alpine) (push) Blocked by required conditions
Ruby Testing / build (production) (push) Waiting to run
Ruby Testing / build (test) (push) Waiting to run
Ruby Testing / test (.ruby-version) (push) Blocked by required conditions
Ruby Testing / test (3.1) (push) Blocked by required conditions
Ruby Testing / test (3.2) (push) Blocked by required conditions
Ruby Testing / Libvips tests (.ruby-version) (push) Blocked by required conditions
Ruby Testing / Libvips tests (3.1) (push) Blocked by required conditions
Ruby Testing / Libvips tests (3.2) (push) Blocked by required conditions
Ruby Testing / End to End testing (.ruby-version) (push) Blocked by required conditions
Ruby Testing / End to End testing (3.1) (push) Blocked by required conditions
Ruby Testing / End to End testing (3.2) (push) Blocked by required conditions
Ruby Testing / Elastic Search integration testing (.ruby-version, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions
Ruby Testing / Elastic Search integration testing (.ruby-version, docker.elastic.co/elasticsearch/elasticsearch:8.10.2) (push) Blocked by required conditions
Ruby Testing / Elastic Search integration testing (.ruby-version, opensearchproject/opensearch:2) (push) Blocked by required conditions
Ruby Testing / Elastic Search integration testing (3.1, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions
Ruby Testing / Elastic Search integration testing (3.2, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions
46 lines
1.6 KiB
Ruby
46 lines
1.6 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
%w(
|
|
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY
|
|
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
|
|
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
|
|
).each do |key|
|
|
if ENV['SECRET_KEY_BASE_DUMMY']
|
|
# Use placeholder value during production env asset compilation
|
|
ENV[key] = SecureRandom.hex(64)
|
|
end
|
|
|
|
value = ENV.fetch(key) do
|
|
abort <<~MESSAGE
|
|
|
|
Mastodon now requires that these variables are set:
|
|
|
|
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY
|
|
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
|
|
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
|
|
|
|
Run `bin/rails db:encryption:init` to generate new secrets and then assign the environment variables.
|
|
MESSAGE
|
|
end
|
|
|
|
next unless Rails.env.production? && value.end_with?('DO_NOT_USE_IN_PRODUCTION')
|
|
|
|
abort <<~MESSAGE
|
|
|
|
It looks like you are trying to run Mastodon in production with a #{key} value from the test environment.
|
|
|
|
Please generate fresh secrets using `bin/rails db:encryption:init` and use them instead.
|
|
MESSAGE
|
|
end
|
|
|
|
Rails.application.configure do
|
|
config.active_record.encryption.deterministic_key = ENV.fetch('ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY')
|
|
config.active_record.encryption.key_derivation_salt = ENV.fetch('ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT')
|
|
config.active_record.encryption.primary_key = ENV.fetch('ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY')
|
|
config.active_record.encryption.support_sha1_for_non_deterministic_encryption = true
|
|
|
|
# TODO: https://github.com/rails/rails/issues/50604#issuecomment-1880990392
|
|
# Remove after updating to Rails 7.1.4
|
|
ActiveRecord::Encryption.configure(**config.active_record.encryption)
|
|
end
|