Skip to content

Commit db9ee61

Browse files
aptalcaaptalca
committed
fix fernet key, add legacy-cgi
1 parent c3fca69 commit db9ee61

File tree

8 files changed

+10
-4
lines changed

8 files changed

+10
-4
lines changed

Dockerfile

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@ RUN \
2929
wheel && \
3030
pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.21/ \
3131
cryptography \
32+
legacy-cgi \
3233
python-ldap=="${LDAP_VERSION}" && \
3334
printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
3435
echo "**** cleanup ****" && \

Dockerfile.aarch64

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@ RUN \
2929
wheel && \
3030
pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.21/ \
3131
cryptography \
32+
legacy-cgi \
3233
python-ldap=="${LDAP_VERSION}" && \
3334
printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
3435
echo "**** cleanup ****" && \

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -296,6 +296,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
296296

297297
## Versions
298298

299+
* **25.12.24:** - Add `legacy-cgi`. Fix fernet key storage.
299300
* **22.12.24:** - Rebase to Alpine 3.21. Add support for read-only and non-root.
300301
* **30.06.24:** - Rebase to Alpine 3.20.
301302
* **23.12.23:** - Rebase to Alpine 3.19.

readme-vars.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,7 @@ init_diagram: |
7474
"ldap-auth:latest" <- Base Images
7575
# changelog
7676
changelogs:
77+
- {date: "25.12.24:", desc: "Add `legacy-cgi`. Fix fernet key storage."}
7778
- {date: "22.12.24:", desc: "Rebase to Alpine 3.21. Add support for read-only and non-root."}
7879
- {date: "30.06.24:", desc: "Rebase to Alpine 3.20."}
7980
- {date: "23.12.23:", desc: "Rebase to Alpine 3.19."}

root/app/fernet-key.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,4 +4,4 @@
44
from cryptography.fernet import Fernet
55

66
key = Fernet.generate_key()
7-
print(key)
7+
print(key.decode())

root/app/ldap-backend-app.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -137,7 +137,8 @@ def do_POST(self):
137137

138138
self.send_response(302)
139139

140-
cipher_suite = Fernet(os.getenv("FERNET_KEY"))
140+
fernetkey = os.getenv("FERNET_KEY").encode()
141+
cipher_suite = Fernet(fernetkey)
141142
enc = cipher_suite.encrypt(ensure_bytes(user + ':' + passwd))
142143
enc = enc.decode()
143144
self.send_header('Set-Cookie', 'nginxauth=' + enc + '; httponly')

root/app/nginx-ldap-auth-daemon.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,8 @@ def do_GET(self):
8585
ctx['action'] = 'decoding credentials'
8686

8787
try:
88-
cipher_suite = Fernet(os.getenv("FERNET_KEY"))
88+
fernetkey = os.getenv("FERNET_KEY").encode()
89+
cipher_suite = Fernet(fernetkey)
8990
self.log_message('Trying to dechipher credentials...')
9091
auth_decoded = auth_header[6:].encode()
9192
auth_decoded = cipher_suite.decrypt(auth_decoded)

root/etc/s6-overlay/s6-rc.d/init-ldap-config/run

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ if [[ ! -f "/run/.fernetkey" ]]; then
1111
KEY=$(python3 /app/fernet-key.py)
1212
echo "generated fernet key"
1313
else
14-
KEY="b'${FERNETKEY}'"
14+
KEY="${FERNETKEY}"
1515
echo "using FERNETKEY from env variable"
1616
fi
1717
echo "${KEY}" > /run/.fernetkey

0 commit comments

Comments
 (0)