bugfix, tested working

.env.sample

@@ -7,7 +7,7 @@ LETS_ENCRYPT_ENV=production
 #==============================================================================
 SECRET_SECRET_KEY_VERSION=v1
 SECRET_DB_PASSWORD_VERSION=v1
-SECRET_CRYPTO_KEY_VERSION=v1
+CRYPTO_KEY_VERSION=v1 # This secret is managed in the entrypoint, not as a docker secret
 
 #==============================================================================
 # ADMINISTRATION

README.md

@@ -1,11 +1,11 @@
-# liberaforms PRE-Release, testing
+# liberaforms
 
 > Ethical form software
 
 <!-- metadata -->
 
 - **Category**: Apps
-- **Status**: 0
+- **Status**: wip
 - **Image**: [`liberaforms`](https://fung.uy/mycosystems/-/packages/container/liberaforms/), 1
 - **Healthcheck**: Yes
 - **Backups**: Yes
@@ -17,10 +17,16 @@
 
 ## Quick start
 
-- `abra app new liberaforms --secrets`
+- `abra app new liberaforms`
+- Generate secrets 
+    - `abra app secret g <domain-name> secret_key v1`
+    - `abra app secret g <domain-name> db_password v1`
 - Set an admin email address `abra app config <domain-name>`
 - `abra app deploy <domain-name>`
 - Create tables `abra app cmd <domain-name> forms setup_db` more info in [liberaforms docs](https://codeberg.org/LiberaForms/server/src/branch/main/docs/docker.md#create-the-database)
+- Generate keypair used to sign form entries/uploads `abra app cmd <domain-name> forms gen_key`
+- Insert the key `abra app secret i forms.fung.uy crypto_key v1 <key>`
+- Re-deploy
 
 ## Admin account setup
 

abra.sh

@@ -40,4 +40,4 @@ setup_db() {
     fi
 
     echo "Database setup complete. <3"
-}
+}

compose.yml

@@ -33,7 +33,7 @@ services:
       start_period: 1m
 
   forms:
-    image: fung.uy/mycosystems/liberaforms:v4.5.1
+    image: fung.uy/mycosystems/liberaforms:v4.6.1
     configs:
       - source: entrypoint
         mode: 555
@@ -55,10 +55,10 @@ services:
       - DB_PASSWORD_FILE=/run/secrets/db_password
       - DB_NAME=liberaforms
       - BASE_URL=https://${DOMAIN}
+      - SERVER_NAME=${DOMAIN}
       - ROOT_USER=${ADMIN_USER}
       - TMP_DIR=/tmp
       - SECRET_KEY_FILE=/run/secrets/secret_key
-      - CRYPTO_KEY_FILE=/run/secrets/crypto_key
       - SESSION_TYPE=filesystem
       - LOG_LEVEL=INFO
       - LOG_DIR=/app/logs
@@ -85,6 +85,7 @@ services:
       - LDAP_MAIL_ATTRIB
       - LDAP_RECOVER_PASSWD_URL
       - E2EE_MODE
+      - CRYPTO_KEY_VERSION
     deploy:
       labels:
         backupbot.backup: "true"
@@ -95,10 +96,10 @@ services:
       - uploads:/app/uploads
       - log:/app/logs
       - static:/app/liberaforms/static
+      - cryptokey:/cryptokey
     secrets:
       - db_password
       - secret_key
-      - crypto_key
     networks:
       - internal
 
@@ -136,15 +137,13 @@ secrets:
   secret_key:
     external: true
     name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
-  crypto_key:
-    external: true
-    name: ${STACK_NAME}_crypto_key_${SECRET_CRYPTO_KEY_VERSION}
 
 volumes:
   uploads:
   static:
   log:
   db:
+  cryptokey:
 
 
 networks:

entrypoint.sh.tmpl

@@ -25,8 +25,12 @@ file_env() {
 }
 
 file_env "DB_PASSWORD"
-file_env "CRYPTO_KEY"
 file_env "SECRET_KEY"
 file_env "LDAP_BIND_PASSWORD"
 
+if [ ! -f "/cryptokey/$CRYPTO_KEY_VERSION" ]; then
+   flask cryptokey create > /cryptokey/$CRYPTO_KEY_VERSION
+fi
+export CRYPTO_KEY=`cat /cryptokey/$CRYPTO_KEY_VERSION`
+
 /usr/bin/supervisord -n

release/0.4.3+4.6.1

@@ -0,0 +1 @@
+bump liberaforms container to 4.6.1

release/0.5.0+4.6.1

@@ -0,0 +1 @@
+add key generation steps to support file uploads in forms.