#!/bin/sh

tokenfile=/var/lib/redmine/secret_token.rb
if [ -e $tokenfile ]; then
	exit 0
fi

if [ -e /dev/urandom ] && [ -x /usr/bin/hexdump ]; then
	token=$(/usr/bin/hexdump -n 32 -v -e '/1 "%02x"' /dev/urandom)
else
	token=$(for i in $(seq 0 31); do echo $RANDOM; done | sha1sum | awk '{print $1}')
fi

umask 027
cat >$tokenfile<<EOF
# This file was generated by redmine apk post-install script, and should
# not be made visible to public.
# If you have a load-balancing Redmine cluster, you will need to use the
# same version of this file on each machine. And be sure to restart your
# server when you modify this file.
#
# Your secret key for verifying cookie session data integrity. If you
# change this key, all old sessions will become invalid! Make sure the
# secret is at least 30 characters and all random, no regular words or
# you'll be exposed to dictionary attacks.
RedmineApp::Application.config.secret_key_base = '$token'
EOF

chgrp www-data $tokenfile
