From 0689c09ff5ec373c978c55abb058f4dfdee6ada6 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Thu, 10 Jul 2014 21:13:00 +0100
Subject: [PATCH] Set SECRET_KEY_BASE for production web servers

---
 cookbooks/web/recipes/backend.rb                    | 3 +++
 cookbooks/web/recipes/frontend.rb                   | 3 +++
 cookbooks/web/templates/default/apache.backend.erb  | 1 +
 cookbooks/web/templates/default/apache.frontend.erb | 1 +
 4 files changed, 8 insertions(+)

diff --git a/cookbooks/web/recipes/backend.rb b/cookbooks/web/recipes/backend.rb
index 6898b42be..b059d4f44 100644
--- a/cookbooks/web/recipes/backend.rb
+++ b/cookbooks/web/recipes/backend.rb
@@ -22,6 +22,8 @@ include_recipe "apache::ssl"
 include_recipe "web::rails"
 include_recipe "web::cgimap"
 
+web_passwords = data_bag_item("web", "passwords")
+
 apache_module "fastcgi-handler"
 apache_module "remoteip"
 apache_module "rewrite"
@@ -32,6 +34,7 @@ end
 
 apache_site "www.openstreetmap.org" do
   template "apache.backend.erb"
+  variables :secret_key_base => web_passwords["secret_key_base"]
 end
 
 node.set[:memcached][:ip_address] = node.internal_ipaddress
diff --git a/cookbooks/web/recipes/frontend.rb b/cookbooks/web/recipes/frontend.rb
index 8ed2db77b..b6146eb8c 100644
--- a/cookbooks/web/recipes/frontend.rb
+++ b/cookbooks/web/recipes/frontend.rb
@@ -20,6 +20,8 @@
 include_recipe "apache::ssl"
 include_recipe "web::rails"
 
+web_passwords = data_bag_item("web", "passwords")
+
 apache_module "alias"
 apache_module "deflate"
 apache_module "expires"
@@ -34,6 +36,7 @@ end
 
 apache_site "www.openstreetmap.org" do
   template "apache.frontend.erb"
+  variables :secret_key_base => web_passwords["secret_key_base"]
 end
 
 gem_package "hpricot"
diff --git a/cookbooks/web/templates/default/apache.backend.erb b/cookbooks/web/templates/default/apache.backend.erb
index e1e65bee4..7f3c3977b 100644
--- a/cookbooks/web/templates/default/apache.backend.erb
+++ b/cookbooks/web/templates/default/apache.backend.erb
@@ -36,6 +36,7 @@
   PassengerMinInstances 3
   PassengerMaxRequests 500
   PassengerPreStart http://www.openstreetmap.org/
+  SetEnv SECRET_KEY_BASE <%= @secret_key_base %>
 
   #
   # Get the real remote IP for requests via a trusted proxy
diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb
index a3102d4b9..7bfe6a3e2 100644
--- a/cookbooks/web/templates/default/apache.frontend.erb
+++ b/cookbooks/web/templates/default/apache.frontend.erb
@@ -137,6 +137,7 @@
   PassengerMinInstances 10
   PassengerMaxRequests 5000
   PassengerPreStart http://www.openstreetmap.org/
+  SetEnv SECRET_KEY_BASE <%= @secret_key_base %>
   Alias /favicon.ico <%= node[:web][:base_directory] %>/rails/app/assets/images/favicon.ico
   Alias /openlayers <%= node[:web][:base_directory] %>/rails/vendor/assets/openlayers
   Alias /stats /store/rails/stats
-- 
2.43.2