alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
nixpkgs/nixos/modules/services/web-apps
History
Martin Weinelt 724ed08df0
nixos/wordpress: regenerate secret keys if misspelled key name is found 
A secret key generated by the nixos module was misspelled, which could
possibly impact the security of session cookies.

To recover from this situation we will wipe all security keys that were
previously generated by the NixOS module, when the misspelled one is
found. This will result in all session cookies being invalidated. This
is confirmed by the wordpress documentation:

> You can change these at any point in time to invalidate all existing
> cookies. This does mean that all users will have to login again.

https://wordpress.org/support/article/editing-wp-config-php/#security-keys

Meanwhile this issue shouldn't be too grave, since the salting function
of wordpress will rely on the concatenation of both the user-provided
and automatically generated values, that are stored in the database.

> Secret keys are located in two places: in the database and in the
> wp-config.php file. The secret key in the database is randomly
> generated and will be appended to the secret keys in wp-config.php.

https://developer.wordpress.org/reference/functions/wp_salt/

Fixes: 2adb03fdae ("nixos/wordpress:
generate secrets locally")

Reported-by: Moritz Hedtke <Moritz.Hedtke@t-online.de>
2021-05-29 04:24:42 +02:00
..
atlassian
icingaweb2
ihatemoney
bookstack.nix nixos/bookstack: use umask before echoing & clear cache before starting 2021-05-03 16:27:38 +02:00
calibre-web.nix nixos/calibre-web: init module 2021-03-27 14:43:33 +03:00
convos.nix
cryptpad.nix
discourse.nix nixos/discourse: Use replace-secret to avoid leaking secrets 2021-05-19 09:32:06 +02:00
discourse.xml nixos/discourse: Add NixOS manual entry 2021-04-05 13:55:57 +02:00
documize.nix
dokuwiki.nix Merge pull request #115228 from siraben/unzip-buildInputs 2021-03-06 13:30:43 -05:00
engelsystem.nix
galene.nix galene: 0.2 -> 0.3 and bugfix of the associated module 2021-02-19 21:26:08 +01:00
gerrit.nix
gotify-server.nix
grocy.nix
grocy.xml
hedgedoc.nix treewide: update 21.03 to 21.05 2021-02-12 14:12:48 -08:00
hledger-web.nix nixos/hledger-web: set capabilites as boolean 2021-03-26 13:45:13 +01:00
jirafeau.nix
jitsi-meet.nix
jitsi-meet.xml
keycloak.nix nixos/keycloak: Split certificatePrivateKeyBundle into two options 2021-05-21 13:09:38 +02:00
keycloak.xml nixos/keycloak: Split certificatePrivateKeyBundle into two options 2021-05-21 13:09:38 +02:00
limesurvey.nix
mastodon.nix nixos/mastodon: use rails command instead of rake 2021-05-21 15:04:12 +02:00
matomo-doc.xml
matomo.nix
mattermost.nix
mediawiki.nix
miniflux.nix Merge pull request #111030 from cript0nauta/miniflux-sudo 2021-03-12 20:42:09 -05:00
moinmoin.nix
moodle.nix
nextcloud.nix nixos/nextcloud: Rename services.nextcloud.nginx.disableImagemagick to services.nextcloud.nginx.enableImagemagick 2021-04-22 02:17:12 +02:00
nextcloud.xml nextcloud21: init at 21.0.0, set as default version 2021-02-22 13:04:42 +01:00
nexus.nix
pgpkeyserver-lite.nix
plantuml-server.nix
restya-board.nix
rss-bridge.nix
selfoss.nix
shiori.nix treewide: remove duplicates SystemCallFilters 2021-05-13 15:44:56 +03:00
sogo.nix
trac.nix
trilium.nix nixos/trilium-server: noBackup option 2021-05-24 09:55:49 +02:00
tt-rss.nix
virtlyst.nix
whitebophir.nix
wiki-js.nix wiki-js: init at 2.5.191 2021-03-20 20:43:21 +01:00
wordpress.nix nixos/wordpress: regenerate secret keys if misspelled key name is found 2021-05-29 04:24:42 +02:00
youtrack.nix
zabbix.nix