forked from gitea/gitea
1
0
Fork 0

Make "install page" respect environment config (#25648)

Replace #25580

Fix #19453

The problem was: when users set "GITEA__XXX__YYY" , the "install page"
doesn't respect it.

So, to make the result consistent and avoid surprising end users, now
the "install page" also writes the environment variables to the config
file.

And, to make things clear, there are enough messages on the UI to tell
users what will happen.

There are some necessary/related changes to `environment-to-ini.go`:

* The "--clear" flag is removed and it was incorrectly written there.
The "clear" operation should be done if INSTALL_LOCK=true
* The "--prefix" flag is removed because it's never used, never
documented and it only causes inconsistent behavior.


![image](https://github.com/go-gitea/gitea/assets/2114189/12778ee4-3fb5-4664-a73a-41ebbd77cd5b)
This commit is contained in:
wxiaoguang 2023-07-10 06:43:37 +08:00 committed by GitHub
parent 61e0d1a767
commit fa0b5b14c2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 86 additions and 72 deletions

View File

@ -5,7 +5,6 @@ package main
import ( import (
"os" "os"
"strings"
"code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/setting"
@ -13,9 +12,6 @@ import (
"github.com/urfave/cli" "github.com/urfave/cli"
) )
// EnvironmentPrefix environment variables prefixed with this represent ini values to write
const EnvironmentPrefix = "GITEA"
func main() { func main() {
app := cli.NewApp() app := cli.NewApp()
app.Name = "environment-to-ini" app.Name = "environment-to-ini"
@ -70,15 +66,6 @@ func main() {
Value: "", Value: "",
Usage: "Destination file to write to", Usage: "Destination file to write to",
}, },
cli.BoolFlag{
Name: "clear",
Usage: "Clears the matched variables from the environment",
},
cli.StringFlag{
Name: "prefix, p",
Value: EnvironmentPrefix,
Usage: "Environment prefix to look for - will be suffixed by __ (2 underscores)",
},
} }
app.Action = runEnvironmentToIni app.Action = runEnvironmentToIni
err := app.Run(os.Args) err := app.Run(os.Args)
@ -99,9 +86,7 @@ func runEnvironmentToIni(c *cli.Context) error {
log.Fatal("Failed to load custom conf '%s': %v", setting.CustomConf, err) log.Fatal("Failed to load custom conf '%s': %v", setting.CustomConf, err)
} }
prefixGitea := c.String("prefix") + "__" changed := setting.EnvironmentToConfig(cfg, os.Environ())
suffixFile := "__FILE"
changed := setting.EnvironmentToConfig(cfg, prefixGitea, suffixFile, os.Environ())
// try to save the config file // try to save the config file
destination := c.String("out") destination := c.String("out")
@ -116,19 +101,5 @@ func runEnvironmentToIni(c *cli.Context) error {
} }
} }
// clear Gitea's specific environment variables if requested
if c.Bool("clear") {
for _, kv := range os.Environ() {
idx := strings.IndexByte(kv, '=')
if idx < 0 {
continue
}
eKey := kv[:idx]
if strings.HasPrefix(eKey, prefixGitea) {
_ = os.Unsetenv(eKey)
}
}
}
return nil return nil
} }

View File

@ -288,7 +288,7 @@ docker-compose up -d
In addition to the environment variables above, any settings in `app.ini` can be set In addition to the environment variables above, any settings in `app.ini` can be set
or overridden with an environment variable of the form: `GITEA__SECTION_NAME__KEY_NAME`. or overridden with an environment variable of the form: `GITEA__SECTION_NAME__KEY_NAME`.
These settings are applied each time the docker container starts. These settings are applied each time the docker container starts, and won't be passed into Gitea's sub-processes.
Full information [here](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini). Full information [here](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini).
These environment variables can be passed to the docker container in `docker-compose.yml`. These environment variables can be passed to the docker container in `docker-compose.yml`.

View File

@ -289,7 +289,7 @@ docker-compose up -d
In addition to the environment variables above, any settings in `app.ini` can be set In addition to the environment variables above, any settings in `app.ini` can be set
or overridden with an environment variable of the form: `GITEA__SECTION_NAME__KEY_NAME`. or overridden with an environment variable of the form: `GITEA__SECTION_NAME__KEY_NAME`.
These settings are applied each time the docker container starts. These settings are applied each time the docker container starts, and won't be passed into Gitea's sub-processes.
Full information [here](https://github.com/go-gitea/gitea/tree/master/contrib/environment-to-ini). Full information [here](https://github.com/go-gitea/gitea/tree/master/contrib/environment-to-ini).
These environment variables can be passed to the docker container in `docker-compose.yml`. These environment variables can be passed to the docker container in `docker-compose.yml`.

View File

@ -215,6 +215,7 @@ func (l *LayeredFS) WatchLocalChanges(ctx context.Context, callback func()) {
log.Error("Unable to list directories for asset local file-system %q: %v", layer.localPath, err) log.Error("Unable to list directories for asset local file-system %q: %v", layer.localPath, err)
continue continue
} }
layerDirs = append(layerDirs, ".")
for _, dir := range layerDirs { for _, dir := range layerDirs {
if err = watcher.Add(util.FilePathJoinAbs(layer.localPath, dir)); err != nil { if err = watcher.Add(util.FilePathJoinAbs(layer.localPath, dir)); err != nil {
log.Error("Unable to watch directory %s: %v", dir, err) log.Error("Unable to watch directory %s: %v", dir, err)

View File

@ -12,10 +12,31 @@ import (
"code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/log"
) )
const (
EnvConfigKeyPrefixGitea = "GITEA__"
EnvConfigKeySuffixFile = "__FILE"
)
const escapeRegexpString = "_0[xX](([0-9a-fA-F][0-9a-fA-F])+)_" const escapeRegexpString = "_0[xX](([0-9a-fA-F][0-9a-fA-F])+)_"
var escapeRegex = regexp.MustCompile(escapeRegexpString) var escapeRegex = regexp.MustCompile(escapeRegexpString)
func CollectEnvConfigKeys() (keys []string) {
for _, env := range os.Environ() {
if strings.HasPrefix(env, EnvConfigKeyPrefixGitea) {
k, _, _ := strings.Cut(env, "=")
keys = append(keys, k)
}
}
return keys
}
func ClearEnvConfigKeys() {
for _, k := range CollectEnvConfigKeys() {
_ = os.Unsetenv(k)
}
}
// decodeEnvSectionKey will decode a portable string encoded Section__Key pair // decodeEnvSectionKey will decode a portable string encoded Section__Key pair
// Portable strings are considered to be of the form [A-Z0-9_]* // Portable strings are considered to be of the form [A-Z0-9_]*
// We will encode a disallowed value as the UTF8 byte string preceded by _0X and // We will encode a disallowed value as the UTF8 byte string preceded by _0X and
@ -87,7 +108,7 @@ func decodeEnvironmentKey(prefixGitea, suffixFile, envKey string) (ok bool, sect
return ok, section, key, useFileValue return ok, section, key, useFileValue
} }
func EnvironmentToConfig(cfg ConfigProvider, prefixGitea, suffixFile string, envs []string) (changed bool) { func EnvironmentToConfig(cfg ConfigProvider, envs []string) (changed bool) {
for _, kv := range envs { for _, kv := range envs {
idx := strings.IndexByte(kv, '=') idx := strings.IndexByte(kv, '=')
if idx < 0 { if idx < 0 {
@ -97,7 +118,7 @@ func EnvironmentToConfig(cfg ConfigProvider, prefixGitea, suffixFile string, env
// parse the environment variable to config section name and key name // parse the environment variable to config section name and key name
envKey := kv[:idx] envKey := kv[:idx]
envValue := kv[idx+1:] envValue := kv[idx+1:]
ok, sectionName, keyName, useFileValue := decodeEnvironmentKey(prefixGitea, suffixFile, envKey) ok, sectionName, keyName, useFileValue := decodeEnvironmentKey(EnvConfigKeyPrefixGitea, EnvConfigKeySuffixFile, envKey)
if !ok { if !ok {
continue continue
} }

View File

@ -72,7 +72,7 @@ func TestDecodeEnvironmentKey(t *testing.T) {
func TestEnvironmentToConfig(t *testing.T) { func TestEnvironmentToConfig(t *testing.T) {
cfg, _ := NewConfigProviderFromData("") cfg, _ := NewConfigProviderFromData("")
changed := EnvironmentToConfig(cfg, "GITEA__", "__FILE", nil) changed := EnvironmentToConfig(cfg, nil)
assert.False(t, changed) assert.False(t, changed)
cfg, err := NewConfigProviderFromData(` cfg, err := NewConfigProviderFromData(`
@ -81,16 +81,16 @@ key = old
`) `)
assert.NoError(t, err) assert.NoError(t, err)
changed = EnvironmentToConfig(cfg, "GITEA__", "__FILE", []string{"GITEA__sec__key=new"}) changed = EnvironmentToConfig(cfg, []string{"GITEA__sec__key=new"})
assert.True(t, changed) assert.True(t, changed)
assert.Equal(t, "new", cfg.Section("sec").Key("key").String()) assert.Equal(t, "new", cfg.Section("sec").Key("key").String())
changed = EnvironmentToConfig(cfg, "GITEA__", "__FILE", []string{"GITEA__sec__key=new"}) changed = EnvironmentToConfig(cfg, []string{"GITEA__sec__key=new"})
assert.False(t, changed) assert.False(t, changed)
tmpFile := t.TempDir() + "/the-file" tmpFile := t.TempDir() + "/the-file"
_ = os.WriteFile(tmpFile, []byte("value-from-file"), 0o644) _ = os.WriteFile(tmpFile, []byte("value-from-file"), 0o644)
changed = EnvironmentToConfig(cfg, "GITEA__", "__FILE", []string{"GITEA__sec__key__FILE=" + tmpFile}) changed = EnvironmentToConfig(cfg, []string{"GITEA__sec__key__FILE=" + tmpFile})
assert.True(t, changed) assert.True(t, changed)
assert.Equal(t, "value-from-file", cfg.Section("sec").Key("key").String()) assert.Equal(t, "value-from-file", cfg.Section("sec").Key("key").String())
} }

View File

@ -171,6 +171,9 @@ func InitWorkPathAndCfgProvider(getEnvFn func(name string) string, args ArgWorkP
// only read the config but do not load/init anything more, because the AppWorkPath and CustomPath are not ready // only read the config but do not load/init anything more, because the AppWorkPath and CustomPath are not ready
InitCfgProvider(tmpCustomConf.Value) InitCfgProvider(tmpCustomConf.Value)
if HasInstallLock(CfgProvider) {
ClearEnvConfigKeys() // if the instance has been installed, do not pass the environment variables to sub-processes
}
configWorkPath := ConfigSectionKeyString(CfgProvider.Section(""), "WORK_PATH") configWorkPath := ConfigSectionKeyString(CfgProvider.Section(""), "WORK_PATH")
if configWorkPath != "" { if configWorkPath != "" {
if !filepath.IsAbs(configWorkPath) { if !filepath.IsAbs(configWorkPath) {

View File

@ -102,7 +102,7 @@ func generateSaveInternalToken(rootCfg ConfigProvider) {
func loadSecurityFrom(rootCfg ConfigProvider) { func loadSecurityFrom(rootCfg ConfigProvider) {
sec := rootCfg.Section("security") sec := rootCfg.Section("security")
InstallLock = sec.Key("INSTALL_LOCK").MustBool(false) InstallLock = HasInstallLock(rootCfg)
LogInRememberDays = sec.Key("LOGIN_REMEMBER_DAYS").MustInt(7) LogInRememberDays = sec.Key("LOGIN_REMEMBER_DAYS").MustInt(7)
CookieUserName = sec.Key("COOKIE_USERNAME").MustString("gitea_awesome") CookieUserName = sec.Key("COOKIE_USERNAME").MustString("gitea_awesome")
SecretKey = loadSecret(sec, "SECRET_KEY_URI", "SECRET_KEY") SecretKey = loadSecret(sec, "SECRET_KEY_URI", "SECRET_KEY")

View File

@ -183,10 +183,14 @@ func loadRunModeFrom(rootCfg ConfigProvider) {
} }
} }
// HasInstallLock checks the install-lock in ConfigProvider directly, because sometimes the config file is not loaded into setting variables yet.
func HasInstallLock(rootCfg ConfigProvider) bool {
return rootCfg.Section("security").Key("INSTALL_LOCK").MustBool(false)
}
func mustCurrentRunUserMatch(rootCfg ConfigProvider) { func mustCurrentRunUserMatch(rootCfg ConfigProvider) {
// Does not check run user when the "InstallLock" is off. // Does not check run user when the "InstallLock" is off.
installLock := rootCfg.Section("security").Key("INSTALL_LOCK").MustBool(false) if HasInstallLock(rootCfg) {
if installLock {
currentUser, match := IsRunUserMatchCurrentUser(RunUser) currentUser, match := IsRunUserMatchCurrentUser(RunUser)
if !match { if !match {
log.Fatal("Expect user '%s' but current user is: %s", RunUser, currentUser) log.Fatal("Expect user '%s' but current user is: %s", RunUser, currentUser)

View File

@ -296,6 +296,8 @@ invalid_password_algorithm = Invalid password hash algorithm
password_algorithm_helper = Set the password hashing algorithm. Algorithms have differing requirements and strength. The argon2 algorithm is rather secure but uses a lot of memory and may be inappropriate for small systems. password_algorithm_helper = Set the password hashing algorithm. Algorithms have differing requirements and strength. The argon2 algorithm is rather secure but uses a lot of memory and may be inappropriate for small systems.
enable_update_checker = Enable Update Checker enable_update_checker = Enable Update Checker
enable_update_checker_helper = Checks for new version releases periodically by connecting to gitea.io. enable_update_checker_helper = Checks for new version releases periodically by connecting to gitea.io.
env_config_keys = Environment Configuration
env_config_keys_prompt = The following environment variables will also be applied to your configuration file:
[home] [home]
uname_holder = Username or Email Address uname_holder = Username or Email Address

View File

@ -56,6 +56,7 @@ func getSupportedDbTypeNames() (dbTypeNames []map[string]string) {
func Contexter() func(next http.Handler) http.Handler { func Contexter() func(next http.Handler) http.Handler {
rnd := templates.HTMLRenderer() rnd := templates.HTMLRenderer()
dbTypeNames := getSupportedDbTypeNames() dbTypeNames := getSupportedDbTypeNames()
envConfigKeys := setting.CollectEnvConfigKeys()
return func(next http.Handler) http.Handler { return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) { return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
base, baseCleanUp := context.NewBaseContext(resp, req) base, baseCleanUp := context.NewBaseContext(resp, req)
@ -74,6 +75,8 @@ func Contexter() func(next http.Handler) http.Handler {
"Title": ctx.Locale.Tr("install.install"), "Title": ctx.Locale.Tr("install.install"),
"PageIsInstall": true, "PageIsInstall": true,
"DbTypeNames": dbTypeNames, "DbTypeNames": dbTypeNames,
"EnvConfigKeys": envConfigKeys,
"CustomConfFile": setting.CustomConf,
"AllLangs": translation.AllLangs(), "AllLangs": translation.AllLangs(),
"PasswordHashAlgorithms": hash.RecommendedHashAlgorithms, "PasswordHashAlgorithms": hash.RecommendedHashAlgorithms,
@ -218,7 +221,7 @@ func checkDatabase(ctx *context.Context, form *forms.InstallForm) bool {
return false return false
} }
log.Info("User confirmed reinstallation of Gitea into a pre-existing database") log.Info("User confirmed re-installation of Gitea into a pre-existing database")
} }
if hasPostInstallationUser || dbMigrationVersion > 0 { if hasPostInstallationUser || dbMigrationVersion > 0 {
@ -502,6 +505,8 @@ func SubmitInstall(ctx *context.Context) {
return return
} }
setting.EnvironmentToConfig(cfg, os.Environ())
if err = cfg.SaveTo(setting.CustomConf); err != nil { if err = cfg.SaveTo(setting.CustomConf); err != nil {
ctx.RenderWithErr(ctx.Tr("install.save_config_failed", err), tplInstall, &form) ctx.RenderWithErr(ctx.Tr("install.save_config_failed", err), tplInstall, &form)
return return
@ -568,6 +573,7 @@ func SubmitInstall(ctx *context.Context) {
} }
} }
setting.ClearEnvConfigKeys()
log.Info("First-time run install finished!") log.Info("First-time run install finished!")
InstallDone(ctx) InstallDone(ctx)

View File

@ -1,6 +1,6 @@
{{template "base/head" .}} {{template "base/head" .}}
<div role="main" aria-label="{{.Title}}" class="page-content install"> <div role="main" aria-label="{{.Title}}" class="page-content install">
<div class="ui middle very relaxed page grid"> <div class="ui grid install-config-container">
<div class="sixteen wide center aligned centered column"> <div class="sixteen wide center aligned centered column">
<h3 class="ui top attached header"> <h3 class="ui top attached header">
{{.locale.Tr "install.title"}} {{.locale.Tr "install.title"}}
@ -149,7 +149,7 @@
</div> </div>
<div class="inline field"> <div class="inline field">
<div class="ui checkbox"> <div class="ui checkbox">
<label for="enable_update_checker">{{.locale.Tr "install.enable_update_checker"}}</label> <label>{{.locale.Tr "install.enable_update_checker"}}</label>
<input name="enable_update_checker" type="checkbox"> <input name="enable_update_checker" type="checkbox">
</div> </div>
<span class="help">{{.locale.Tr "install.enable_update_checker_helper"}}</span> <span class="help">{{.locale.Tr "install.enable_update_checker_helper"}}</span>
@ -160,7 +160,7 @@
<!-- Email --> <!-- Email -->
<details class="optional field"> <details class="optional field">
<summary class="title gt-py-3{{if .Err_SMTP}} text red{{end}}"> <summary class="right-content gt-py-3{{if .Err_SMTP}} text red{{end}}">
{{.locale.Tr "install.email_title"}} {{.locale.Tr "install.email_title"}}
</summary> </summary>
<div class="inline field"> <div class="inline field">
@ -200,7 +200,7 @@
<!-- Server and other services --> <!-- Server and other services -->
<details class="optional field"> <details class="optional field">
<summary class="title gt-py-3{{if .Err_Services}} text red{{end}}"> <summary class="right-content gt-py-3{{if .Err_Services}} text red{{end}}">
{{.locale.Tr "install.server_service_title"}} {{.locale.Tr "install.server_service_title"}}
</summary> </summary>
<div class="inline field"> <div class="inline field">
@ -298,7 +298,7 @@
<!-- Admin --> <!-- Admin -->
<details class="optional field"> <details class="optional field">
<summary class="title gt-py-3{{if .Err_Admin}} text red{{end}}"> <summary class="right-content gt-py-3{{if .Err_Admin}} text red{{end}}">
{{.locale.Tr "install.admin_title"}} {{.locale.Tr "install.admin_title"}}
</summary> </summary>
<p class="center">{{.locale.Tr "install.admin_setting_desc"}}</p> <p class="center">{{.locale.Tr "install.admin_setting_desc"}}</p>
@ -320,11 +320,28 @@
</div> </div>
</details> </details>
{{if .EnvConfigKeys}}
<!-- Environment Config -->
<h4 class="ui dividing header">{{.locale.Tr "install.env_config_keys"}}</h4>
<div class="inline field">
<div class="right-content">
{{.locale.Tr "install.env_config_keys_prompt"}}
</div>
<div class="right-content gt-mt-3">
{{range .EnvConfigKeys}}<span class="ui label">{{.}}</span>{{end}}
</div>
</div>
{{end}}
<div class="divider"></div> <div class="divider"></div>
<div class="inline field"> <div class="inline field">
<label></label> <div class="right-content">
These configuration options will be written into: {{.CustomConfFile}}
</div>
<div class="right-content gt-mt-3">
<button class="ui primary button">{{.locale.Tr "install.install_btn_confirm"}}</button> <button class="ui primary button">{{.locale.Tr "install.install_btn_confirm"}}</button>
</div> </div>
</div>
</form> </form>
</div> </div>
</div> </div>

View File

@ -1,5 +1,6 @@
.page-content.install { .page-content.install .install-config-container {
padding-top: 45px; max-width: 900px;
margin: auto;
} }
.page-content.install form.ui.form .inline.field > label { .page-content.install form.ui.form .inline.field > label {
@ -9,26 +10,20 @@
margin-right: 0; margin-right: 0;
} }
.page-content.install form.ui.form .inline.field > .ui.checkbox:first-child { .page-content.install .ui.form .field > .help,
.page-content.install .ui.form .field > .ui.checkbox:first-child,
.page-content.install .ui.form .field > .right-content {
margin-left: 30%; margin-left: 30%;
padding-left: 5px; padding-left: 5px;
}
.page-content.install form.ui.form .inline.field > .ui.checkbox:first-child label {
width: auto; width: auto;
} }
.page-content.install form.ui.form .title {
margin-left: 30%;
padding-left: 5px;
}
.page-content.install form.ui.form input { .page-content.install form.ui.form input {
width: 60%; width: 60%;
} }
.page-content.install form.ui.form details.optional.field[open] { .page-content.install form.ui.form details.optional.field[open] {
border-bottom: 1px solid var(--color-secondary); border-bottom: 1px dashed var(--color-secondary);
padding-bottom: 10px; padding-bottom: 10px;
} }
@ -44,12 +39,6 @@
text-align: left; text-align: left;
} }
.page-content.install form.ui.form .field .help {
margin-left: 30%;
padding-left: 5px;
width: 60%;
}
.page-content.install .ui .reinstall-message { .page-content.install .ui .reinstall-message {
width: 70%; width: 70%;
margin: 20px auto; margin: 20px auto;