automatically generete Django SECRET KEY

debian/authentic2.init

@@ -65,9 +65,6 @@ fi
 #
 do_start()
 {
-    log_action_msg "Applying new migrations .."
-    su authentic -p -c "/usr/bin/authentic2-ctl syncdb --migrate --noinput"
-    log_action_msg ".. done"
 	# Return
 	#   0 if daemon has been started
 	#   1 if daemon was already running
@@ -120,6 +117,9 @@ do_reload() {
 
 case "$1" in
   start)
+    log_action_msg "Applying new migrations .."
+    su authentic -p -c "/usr/bin/authentic2-ctl syncdb --migrate --noinput"
+    log_action_msg ".. done"
     log_daemon_msg "Starting $DESC " "$NAME"
     do_start
     case "$?" in

debian/authentic2.postinst

@@ -27,10 +27,18 @@ case "$1" in
                     $AUTHENTIC_USER
             echo "..done" >&2
         fi
+        if [ -f "/etc/$NAME/secret"]; then
+            echo "export SECRET_KEY='`</dev/urandom tr -dc [:alnum:]-_\!\%\^:\; | head -c70`'" > /etc/$NAME/secret
+            chmod 0600 /etc/$NAME/secret
+            chown $AUTHENTIC_USER:$AUTHENTIC_GROUP /etc/$NAME/secret
+        fi
 
-        chown $AUTHENTIC_USER:$AUTHENTIC_GROUP /var/lib/authentic2 /var/run/authentic2 /var/log/authentic2
-        chown $AUTHENTIC_USER:$AUTHENTIC_GROUP /var/lib/authentic2/static /var/lib/authentic2/extra-static
-        chown $AUTHENTIC_USER:$AUTHENTIC_GROUP /var/lib/authentic2/media
+        chown $AUTHENTIC_USER:$AUTHENTIC_GROUP /var/lib/authentic2 \
+            /var/lib/authentic2/static \
+            /var/lib/authentic2/extra-static \
+            /var/lib/authentic2/media \
+            /var/run/authentic2 \
+            /var/log/authentic2
 
         # source dbconfig-common shell library, and call the hook function
         if [ -f /usr/share/dbconfig-common/dpkg/postinst.pgsql ]; then

debian/conf/authentic.conf

@@ -1,5 +1,7 @@
 # do not remove this line, it imports db configuration from dbconfig-common
 . /etc/authentic2/db.conf
+# do not remove this line, it imports secret which is automatically generated
+. /etc/authentic2/secret
 
 # Debug
 # export DEBUG=yes
@@ -7,9 +9,7 @@
 # Define administrators / managers
 # export ADMINS='admin eo;admin+authentic2@entrouvert.com'
 
-# Database configuration
-export DATABASE_ENGINE='django.db.backends.sqlite3'
-export DATABASE_NAME='/var/lib/authentic2/authentic.db'
+# Database configuration (please use dpkg-reconfigure authentic2)
 
 # Static root directory
 export STATIC_ROOT='/var/lib/authentic2/static'
@@ -17,9 +17,6 @@ export STATIC_ROOT='/var/lib/authentic2/static'
 # We are behind a reverse proxy so we accept every hosts
 export ALLOWED_HOSTS='*'
 
-# Secret to CHANGE
-#export SECRET_KEY='changeme'
-
 # You MUST set RSA key here
 # you can generate this key with this commands :
 # openssl genrsa -out saml.key 2048

debian/sql/db.conf

@@ -1,5 +1,3 @@
-#!/bin/sh
-
 export DATABASE_ENGINE='django.db.backends.postgresql_psycopg2'
 export DATABASE_NAME='_DBC_DBNAME_'
 export DATABASE_USER='_DBC_DBUSER_'