diff options
-rw-r--r-- | machines/profpatsch/patches/searx-secret-key.patch | 51 | ||||
-rw-r--r-- | machines/profpatsch/pkgs.nix | 5 |
2 files changed, 30 insertions, 26 deletions
diff --git a/machines/profpatsch/patches/searx-secret-key.patch b/machines/profpatsch/patches/searx-secret-key.patch index ac26be7f..448ef510 100644 --- a/machines/profpatsch/patches/searx-secret-key.patch +++ b/machines/profpatsch/patches/searx-secret-key.patch @@ -1,8 +1,8 @@ diff --git a/README.rst b/README.rst -index a0bb12f..9e32b53 100644 +index 86334c3c..0f039cd5 100644 --- a/README.rst +++ b/README.rst -@@ -18,8 +18,7 @@ Installation +@@ -19,8 +19,7 @@ Installation ``git clone https://github.com/asciimoo/searx.git && cd searx`` - install dependencies: ``./manage.sh update_packages`` - edit your @@ -13,7 +13,7 @@ index a0bb12f..9e32b53 100644 For all the details, follow this `step by step diff --git a/searx/settings.yml b/searx/settings.yml -index 17b0bd5..ce19764 100644 +index 00cac5fe..477b1da1 100644 --- a/searx/settings.yml +++ b/searx/settings.yml @@ -10,7 +10,6 @@ search: @@ -25,7 +25,7 @@ index 17b0bd5..ce19764 100644 image_proxy : False # Proxying image results through searx http_protocol_version : "1.0" # 1.0 and 1.1 are supported diff --git a/searx/settings_robot.yml b/searx/settings_robot.yml -index 070a0ed..27227f3 100644 +index 070a0edb..27227f3a 100644 --- a/searx/settings_robot.yml +++ b/searx/settings_robot.yml @@ -10,7 +10,6 @@ search: @@ -37,11 +37,11 @@ index 070a0ed..27227f3 100644 image_proxy : False http_protocol_version : "1.0" diff --git a/searx/utils.py b/searx/utils.py -index 498f8d0..6588863 100644 +index 9494bdf3..6657e6f5 100644 --- a/searx/utils.py +++ b/searx/utils.py -@@ -1,6 +1,8 @@ - import csv +@@ -3,6 +3,8 @@ import hashlib + import hmac import os import re +import stat @@ -49,10 +49,10 @@ index 498f8d0..6588863 100644 from babel.dates import format_date from codecs import getincrementalencoder -@@ -312,3 +314,61 @@ def load_module(filename, module_dir): - module = load_source(modname, filepath) - module.name = modname - return module +@@ -336,3 +338,60 @@ def new_hmac(secret_key, url): + return hmac.new(bytes(secret_key), url, hashlib.sha256).hexdigest() + else: + return hmac.new(bytes(secret_key, 'utf-8'), url, hashlib.sha256).hexdigest() + + +class SecretAppKeyError(IOError): @@ -62,7 +62,7 @@ index 498f8d0..6588863 100644 + + def __str__(self): + err = "" -+ if self.caught != None: ++ if self.caught is not None: + err = '\n' + str(self.caught) + return repr(self.reason) + err + @@ -82,8 +82,7 @@ index 498f8d0..6588863 100644 + try: + directory = xdg.BaseDirectory.save_cache_path("searx") + except OSError as e: -+ raise(SecretAppKeyError("could not get XDG_CACHE_DIR")) -+ ++ raise SecretAppKeyError("could not get XDG_CACHE_HOME") + + # we save it as plaintext, assuming only the owner has access + f = os.path.join(directory, _secret_app_key_file_name) @@ -112,7 +111,7 @@ index 498f8d0..6588863 100644 + except OSError as e: + saError("could not be chmodded to 600", e) diff --git a/searx/webapp.py b/searx/webapp.py -index fcea5f2..9d7c960 100644 +index abbbce95..8614cf90 100644 --- a/searx/webapp.py +++ b/searx/webapp.py @@ -29,6 +29,7 @@ import os @@ -132,7 +131,7 @@ index fcea5f2..9d7c960 100644 ) from searx.version import VERSION_STRING from searx.languages import language_codes -@@ -118,7 +119,11 @@ app = Flask( +@@ -123,7 +124,11 @@ app = Flask( app.jinja_env.trim_blocks = True app.jinja_env.lstrip_blocks = True @@ -143,9 +142,9 @@ index fcea5f2..9d7c960 100644 + logger.warning(' The "secret_key" config key is no longer used.') +app.secret_key = get_secret_app_key() - if not searx_debug or os.environ.get("WERKZEUG_RUN_MAIN") == "true": - initialize_engines(settings['engines']) -@@ -273,7 +278,7 @@ def proxify(url): + if not searx_debug \ + or os.environ.get("WERKZEUG_RUN_MAIN") == "true" \ +@@ -280,7 +285,7 @@ def proxify(url): url.encode('utf-8'), hashlib.sha256).hexdigest() @@ -154,26 +153,26 @@ index fcea5f2..9d7c960 100644 urlencode(url_params)) -@@ -288,7 +293,7 @@ def image_proxify(url): +@@ -295,7 +300,7 @@ def image_proxify(url): if settings.get('result_proxy'): return proxify(url) -- h = hmac.new(settings['server']['secret_key'], url.encode('utf-8'), hashlib.sha256).hexdigest() -+ h = hmac.new(app.secret_key, url.encode('utf-8'), hashlib.sha256).hexdigest() +- h = new_hmac(settings['server']['secret_key'], url.encode('utf-8')) ++ h = new_hmac(app.secret_key, url.encode('utf-8')) return '{0}?{1}'.format(url_for('image_proxy'), urlencode(dict(url=url.encode('utf-8'), h=h))) -@@ -693,7 +698,7 @@ def image_proxy(): +@@ -719,7 +724,7 @@ def image_proxy(): if not url: return '', 400 -- h = hmac.new(settings['server']['secret_key'], url, hashlib.sha256).hexdigest() -+ h = hmac.new(app.secret_key, url, hashlib.sha256).hexdigest() +- h = new_hmac(settings['server']['secret_key'], url) ++ h = new_hmac(app.secret_key, url) if h != request.args.get('h'): return '', 400 diff --git a/tests/unit/test_utils.py b/tests/unit/test_utils.py -index eb40e62..b53aec2 100644 +index eb40e62e..b53aec27 100644 --- a/tests/unit/test_utils.py +++ b/tests/unit/test_utils.py @@ -1,4 +1,8 @@ diff --git a/machines/profpatsch/pkgs.nix b/machines/profpatsch/pkgs.nix index 86fa1611..39dd85a3 100644 --- a/machines/profpatsch/pkgs.nix +++ b/machines/profpatsch/pkgs.nix @@ -68,6 +68,11 @@ let ./patches/searx-secret-key.patch ./patches/searx-rm-soundcloud.patch ]; + # xdg.BaseDirectory.save_cache_path() will try to create leading dirs, but + # within the builder we don't have a writable home directory. + preCheck = (old.preCheck or "") + '' + export XDG_CACHE_HOME="$TMPDIR/cache" + ''; }); # A ghci with some sane default packages in scope, & hoogle |