Change keygen.py to not require root

keygen.py now recommends that you run it as the user you want to have
ownership of secret.key and uploadkeys (such as www-data for nginx).
Then, if uploadkeys or secret.key don't exist, they will be created with
the correct ownership.
This commit is contained in:
BBaoVanC 2020-09-02 14:26:57 -05:00
parent 7fce3f57e9
commit f0bb30a747
No known key found for this signature in database
GPG Key ID: 6D74C8B0E7D791C2

View File

@ -8,11 +8,6 @@ import sys
import os import os
# Check if the script was run as root
if os.geteuid() != 0:
exit("Root privileges are necessary to run this script.\nPlease try again as root or using `sudo`.")
# Check if encryption key already exists # Check if encryption key already exists
enckey = Path(settings.ENCKEY_PATH) enckey = Path(settings.ENCKEY_PATH)
if enckey.is_file(): if enckey.is_file():
@ -63,20 +58,26 @@ def ask_yn(msg):
return proceed return proceed
N = 64 # Size of token start = ask_yn("Have you run this program as the correct user (for example, nginx uses www-data)? [y/n] ")
if not start:
print("Please run this as the correct user with: sudo su [user] -s /bin/sh -c 'python3 keygen/py'")
# Generate key
token = ''.join(secrets.choice(string.ascii_letters + string.digits) for i in range(N))
# Decrypt the existing keyfile
key = load_key()
keyf = Fernet(key)
genkey = True
uploadkeysp = Path("uploadkeys")
if not uploadkeysp.is_file():
uploadkeysp.touch()
else: else:
N = 64 # Size of token
# Generate key
token = ''.join(secrets.choice(string.ascii_letters + string.digits) for i in range(N))
# Decrypt the existing keyfile
key = load_key()
keyf = Fernet(key)
genkey = True
uploadkeysp = Path("uploadkeys")
if not uploadkeysp.is_file():
uploadkeysp.touch()
else:
with open("uploadkeys", "rb") as ukf: with open("uploadkeys", "rb") as ukf:
# read the encrypted data # read the encrypted data
encrypted_data = ukf.read() encrypted_data = ukf.read()
@ -97,6 +98,6 @@ else:
if not proceed2: if not proceed2:
genkey = False genkey = False
if genkey: if genkey:
print("Your new token is: " + str(token)) # Print token print("Your new token is: " + str(token)) # Print token
encrypt_key(str(token)) # Encrypt the key and save encrypt_key(str(token)) # Encrypt the key and save