security: don't provide default passwords

Also check if they are not provided at sstartup time and fail to start in that case.
2020-04-06 12:22:11 +02:00
parent aaec22dd99
commit a015710e54
9 changed files with 73 additions and 23 deletions
--- a/jicofo/rootfs/etc/cont-init.d/10-config
+++ b/jicofo/rootfs/etc/cont-init.d/10-config
@@ -1,5 +1,10 @@
 #!/usr/bin/with-contenv bash

+if [[ -z $JICOFO_COMPONENT_SECRET || -z $JICOFO_AUTH_PASSWORD ]]; then
+    echo 'FATAL ERROR: Jicofo component secret and auth password must be set'
+    exit 1
+fi
+
 if [[ ! -f /config/sip-communicator.properties ]]; then
    tpl /defaults/sip-communicator.properties > /config/sip-communicator.properties
 fi
@@ -8,4 +13,4 @@ if [[ ! -f /config/logging.properties ]]; then
    cp /defaults/logging.properties /config
 fi

-chown -R jicofo:jitsi /config
+chown -R jicofo:jitsi /config
--- a/jicofo/rootfs/etc/services.d/jicofo/run
+++ b/jicofo/rootfs/etc/services.d/jicofo/run
@@ -6,4 +6,3 @@ DAEMON_DIR=/usr/share/jicofo/
 DAEMON_OPTS="--domain=$XMPP_DOMAIN --host=$XMPP_SERVER --secret=$JICOFO_COMPONENT_SECRET --user_name=$JICOFO_AUTH_USER --user_domain=$XMPP_AUTH_DOMAIN --user_password=$JICOFO_AUTH_PASSWORD"

 exec s6-setuidgid jicofo /bin/bash -c "cd $DAEMON_DIR; JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON $DAEMON_OPTS"
-