1 files changed, 72 insertions, 0 deletions

diff --git a/pkgs/applications/version-management/redmine/2003_externalize_session_config.patch b/pkgs/applications/version-management/redmine/2003_externalize_session_config.patch
new file mode 100644
index 00000000000..39af8e02e55
--- /dev/null
+++ b/pkgs/applications/version-management/redmine/2003_externalize_session_config.patch
@@ -0,0 +1,72 @@
+Description: Externalize session config to yml in /etc
+Forwarded: not-needed
+Author: Jérémy Lal <kapouer@melix.org>
+Last-Update: 2010-01-10
+--- redmine.orig/lib/tasks/initializers.rake
++++ redmine/lib/tasks/initializers.rake
+@@ -1,11 +1,12 @@
+ desc 'Generates a secret token for the application.'
++task :generate_secret_token do
+ 
+-file 'config/initializers/secret_token.rb' do
+-  path = File.join(Rails.root, 'config', 'initializers', 'secret_token.rb')
+-  secret = SecureRandom.hex(40)
+-  File.open(path, 'w') do |f|
+-    f.write <<"EOF"
+-# This file was generated by 'rake generate_secret_token', and should
++filename = ENV['YML_SESSION_FILENAME'] ? ENV['YML_SESSION_FILENAME'] : 'session.yml'
++path = File.join(ENV['RAILS_ETC'] ? ENV['RAILS_ETC'] : File.join(Rails.root, 'config'), filename)
++secret = SecureRandom.hex(40)
++File.open(path, 'w') do |f|
++  f.write <<"EOF"
++# This file was generated by 'rake generate_session_store',
+ # not be made visible to public.
+ # If you have a load-balancing Redmine cluster, you will need to use the
+ # same version of this file on each machine. And be sure to restart your
+@@ -15,10 +18,18 @@ file 'config/initializers/secret_token.r
+ # change this key, all old sessions will become invalid! Make sure the
+ # secret is at least 30 characters and all random, no regular words or
+ # you'll be exposed to dictionary attacks.
+-RedmineApp::Application.config.secret_token = '#{secret}'
++
++production:
++  key: _redmine_
++  secret: #{secret}
++
++development:
++  key: _redmine_
++  secret: #{secret}
++
++test:
++  key: _redmine_
++  secret: #{secret}
+ EOF
+   end
+ end
+-
+-desc 'Generates a secret token for the application.'
+-task :generate_secret_token => ['config/initializers/secret_token.rb']
+--- redmine.orig/config/application.rb
++++ redmine/config/application.rb
+@@ -66,7 +66,20 @@ module RedmineApp
+     # move tmp directory to RAILS_TMP
+     config.paths['tmp'] = ENV['RAILS_TMP']
+ 
+-    config.session_store :cookie_store, :key => '_redmine_session'
++    # loads cookie based session session and secret keys
++    # this is needed here because initializers are loaded after plugins,
++    # and some plugins initialize ActionController which requires a secret to be set.
++    # crash if file not found
++    relativeUrlRoot = ENV['RAILS_RELATIVE_URL_ROOT']
++    filename = ENV['RAILS_ETC'] ? File.join(ENV['RAILS_ETC'], 'session.yml') : File.join(File.dirname(__FILE__), '..', 'session.yml')
++    if File.exists?(filename)
++      sessionconfig = YAML::load_file(filename)
++      config.session_store :cookie_store, :key => sessionconfig[Rails.env]['key'], :path => (relativeUrlRoot.blank?) ? '/' : relativeUrlRoot
++      config.secret_token = sessionconfig[Rails.env]['secret']
++    else
++      # temporary settings before session.yml is created
++      config.session_store :cookie_store, :key => '_redmine_session', :path => (relativeUrlRoot.blank?) ? '/' : relativeUrlRoot
++    end
+ 
+     # log path
+     config.paths['log'] = File.join(ENV['RAILS_LOG'], "#{Rails.env}.log") unless !ENV['RAILS_LOG']