06/06: services: zabbix-server: Do not write database password to the st

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

06/06: services: zabbix-server: Do not write database password to the st

From:	guix-commits
Subject:	06/06: services: zabbix-server: Do not write database password to the store.
Date:	Wed, 26 Jan 2022 03:34:26 -0500 (EST)

mbakke pushed a commit to branch master
in repository guix.

commit 078f5bfae7ee174177791defcfd350117a503a6d
Author: Marius Bakke <marius@gnu.org>
AuthorDate: Wed Jan 26 09:28:46 2022 +0100

    services: zabbix-server: Do not write database password to the store.
    
    * gnu/services/monitoring.scm (zabbix-front-end-config): Read the secret 
file
    from zabbix.conf.php at runtime instead of embedding the contents.
---
 gnu/services/monitoring.scm | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm
index 5337161462..1b49dbd3cb 100644
--- a/gnu/services/monitoring.scm
+++ b/gnu/services/monitoring.scm
@@ -577,7 +577,7 @@ $DB['SERVER']   = '" db-host "';
 $DB['PORT']     = '" (number->string db-port) "';
 $DB['DATABASE'] = '" db-name "';
 $DB['USER']     = '" db-user "';
-$DB['PASSWORD'] = '" (let ((file (location-file %location))
+$DB['PASSWORD'] = " (let ((file (location-file %location))
                            (line (location-line %location))
                            (column (location-column %location)))
                        (if (string-null? db-password)
@@ -592,15 +592,14 @@ $DB['PASSWORD'] = '" (let ((file (location-file 
%location))
                                        (condition
                                         (&error-location
                                          (location %location)))))
-                               (string-trim-both
-                                (with-input-from-file db-secret-file
-                                  read-string)))
+                               (string-append "trim(file_get_contents('"
+                                              db-secret-file "'));\n"))
                            (begin
                              (display-hint (format #f (G_ "~a:~a:~a: ~a:
 Consider using @code{db-secret-file} instead of @code{db-password} for better
 security.") file line column 'zabbix-front-end-configuration))
-                             db-password))) "';
-
+                             db-password)))
+"
 // Schema name. Used for IBM DB2 and PostgreSQL.
 $DB['SCHEMA'] = '';

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (3563558172 -> 078f5bfae7), guix-commits, 2022/01/26
- 04/06: gnu: zabbix-server: Don't install agent., guix-commits, 2022/01/26
- 03/06: gnu: zabbix-server: Adjust style., guix-commits, 2022/01/26
- 02/06: services: zabbix-agent: Respect user and group configuration., guix-commits, 2022/01/26
- 06/06: services: zabbix-server: Do not write database password to the store., guix-commits <=
- 05/06: gnu: zabbix-server: Remove duplicate input., guix-commits, 2022/01/26
- 01/06: etc: Remove redundant SELinux permissions block., guix-commits, 2022/01/26

Prev by Date: 02/06: services: zabbix-agent: Respect user and group configuration.
Next by Date: 05/06: gnu: zabbix-server: Remove duplicate input.
Previous by thread: 02/06: services: zabbix-agent: Respect user and group configuration.
Next by thread: 05/06: gnu: zabbix-server: Remove duplicate input.
Index(es):
- Date
- Thread