From c61f70b378fd865e829d564544b1aaa3ff137ae4 Mon Sep 17 00:00:00 2001 From: Daniel Winzen Date: Sat, 2 Jul 2022 20:30:28 +0200 Subject: [PATCH] Move mysql encryption key generation to install script --- README.md | 9 --------- install_binaries.sh | 7 +++++++ 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index ca9f07c..2641014 100644 --- a/README.md +++ b/README.md @@ -38,15 +38,6 @@ Note that debian also has an onion service package archive, so you may want to e deb tor://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian `lsb_release -cs` main ``` -Create encryption keys for mariadb -``` -mkdir -p /etc/mysql/encryption/ -echo "1;"$(openssl rand -hex 32) > /etc/mysql/encryption/keyfile -openssl rand -hex 128 > /etc/mysql/encryption/keyfile.key -openssl enc -aes-256-cbc -md sha1 -pass file:/etc/mysql/encryption/keyfile.key -in /etc/mysql/encryption/keyfile -out /etc/mysql/encryption/keyfile.enc -rm /etc/mysql/encryption/keyfile -``` - Copy (and modify according to your needs) the site files in `var/www` to `/var/www`, `usr/local` to `/usr/local` and the configuration files in `etc` to `/etc` after installation has finished. Then restart some services: ``` systemctl daemon-reload && systemctl restart bind9.service && systemctl restart tor@default.service diff --git a/install_binaries.sh b/install_binaries.sh index 7c71a05..6862383 100755 --- a/install_binaries.sh +++ b/install_binaries.sh @@ -1829,3 +1829,10 @@ composer self-update id -u _rspamd >/dev/null 2>&1 ||useradd -M -r -s /bin/false -d /var/lib/rspamd _rspamd mkdir -p /var/lib/rspamd chown _rspamd: /var/lib/rspamd + +# mysql encryption +if [ ! -e /etc/mysql/encryption/keyfile.enc ]; then + mkdir -p /etc/mysql/encryption/ + openssl rand -hex 128 > /etc/mysql/encryption/keyfile.key + echo "1;"$(openssl rand -hex 32) | openssl enc -aes-256-cbc -md sha1 -pass file:/etc/mysql/encryption/keyfile.key -out /etc/mysql/encryption/keyfile.enc +fi