Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 6de148c19c62
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 25efd6cd588e
Choose a head ref
  • 3 commits
  • 3 files changed
  • 2 contributors

Commits on Sep 22, 2019

  1. wordpress: 5.2.2 -> 5.2.3 

    https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
    @mmilata
    mmilata committed Sep 22, 2019

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    6a42202 View commit details

  2. nixos/wordpress: generate secrets locally 

    Use /dev/urandom to generate keys and salts instead of downloading them
from https://api.wordpress.org/secret-key/1.1/salt/
    @mmilata
    mmilata committed Sep 22, 2019

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    2adb03f View commit details

  3. Merge pull request #69247 from mmilata/wordpress 

    wordpress: new package version, generate secrets locally
    @aanderse
    aanderse authored Sep 22, 2019
    Copy the full SHA
    25efd6c View commit details
Showing with 21 additions and 16 deletions.
  1. +14 −8 nixos/modules/services/web-apps/wordpress.nix
  2. +5 −6 nixos/tests/wordpress.nix
  3. +2 −2 pkgs/servers/web-apps/wordpress/default.nix
22 changes: 14 additions & 8 deletions nixos/modules/services/web-apps/wordpress.nix
View file
Original file line number Diff line number Diff line change
@@ -61,6 +61,19 @@ let
?>
'';

secretsVars = [ "AUTH_KEY" "SECURE_AUTH_KEY" "LOOGGED_IN_KEY" "NONCE_KEY" "AUTH_SALT" "SECURE_AUTH_SALT" "LOGGED_IN_SALT" "NONCE_SALT" ];
secretsScript = hostStateDir: ''
if ! test -e "${hostStateDir}/secret-keys.php"; then
umask 0177
echo "<?php" >> "${hostStateDir}/secret-keys.php"
${concatMapStringsSep "\n" (var: ''
echo "define('${var}', '`tr -dc a-zA-Z0-9 </dev/urandom | head -c 64`');" >> "${hostStateDir}/secret-keys.php"
'') secretsVars}
echo "?>" >> "${hostStateDir}/secret-keys.php"
chmod 440 "${hostStateDir}/secret-keys.php"
fi
'';

siteOpts = { lib, name, ... }:
{
options = {
@@ -340,14 +353,7 @@ in
wantedBy = [ "multi-user.target" ];
before = [ "phpfpm-wordpress-${hostName}.service" ];
after = optional cfg.database.createLocally "mysql.service";
script = ''
if ! test -e "${stateDir hostName}/secret-keys.php"; then
echo "<?php" >> "${stateDir hostName}/secret-keys.php"
${pkgs.curl}/bin/curl -s https://api.wordpress.org/secret-key/1.1/salt/ >> "${stateDir hostName}/secret-keys.php"
echo "?>" >> "${stateDir hostName}/secret-keys.php"
chmod 440 "${stateDir hostName}/secret-keys.php"
fi
'';
script = secretsScript (stateDir hostName);

serviceConfig = {
Type = "oneshot";
11 changes: 5 additions & 6 deletions nixos/tests/wordpress.nix
View file
Original file line number Diff line number Diff line change
@@ -20,12 +20,6 @@ import ./make-test.nix ({ pkgs, ... }:
};

networking.hosts."127.0.0.1" = [ "site1.local" "site2.local" ];

# required for wordpress-init.service to succeed
systemd.tmpfiles.rules = [
"F /var/lib/wordpress/site1.local/secret-keys.php 0440 wordpress wwwrun - -"
"F /var/lib/wordpress/site2.local/secret-keys.php 0440 wordpress wwwrun - -"
];
};

testScript = ''
@@ -37,6 +31,11 @@ import ./make-test.nix ({ pkgs, ... }:
$machine->succeed("curl -L site1.local | grep 'Welcome to the famous'");
$machine->succeed("curl -L site2.local | grep 'Welcome to the famous'");
$machine->succeed("systemctl --no-pager show wordpress-init-site1.local.service | grep 'ExecStart=.*status=0'");
$machine->succeed("systemctl --no-pager show wordpress-init-site2.local.service | grep 'ExecStart=.*status=0'");
$machine->succeed("grep -E '^define.*NONCE_SALT.{64,};\$' /var/lib/wordpress/site1.local/secret-keys.php");
$machine->succeed("grep -E '^define.*NONCE_SALT.{64,};\$' /var/lib/wordpress/site2.local/secret-keys.php");
'';

})
4 changes: 2 additions & 2 deletions pkgs/servers/web-apps/wordpress/default.nix
View file
Original file line number Diff line number Diff line change
@@ -2,11 +2,11 @@

stdenv.mkDerivation rec {
pname = "wordpress";
version = "5.2.2";
version = "5.2.3";

src = fetchurl {
url = "https://wordpress.org/${pname}-${version}.tar.gz";
sha256 = "08iilbvf1gam2nmacj0a8fgldnd2gighmslf9sny8dsdlqlwjgvq";
sha256 = "07gqdzhnqivyfah386lwyz984y9k2bc0hmji1y2pbvv0a60r63wr";
};

installPhase = ''