From 8a34a7093e833b71e4e22a41a972aab2be1b7b6d Mon Sep 17 00:00:00 2001
From: Johannes Zellner <johannes@nebulon.de>
Date: Thu, 10 Oct 2024 10:29:03 +0200
Subject: [PATCH] Ensure we have the new required active record secrets

---
 start.sh | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/start.sh b/start.sh
index a79dc36..f8d6c18 100755
--- a/start.sh
+++ b/start.sh
@@ -47,6 +47,17 @@ fi
 
 rm -f /run/mastodon/Gemfile.lock && cp /app/code/Gemfile.lock.original /run/mastodon/Gemfile.lock
 
+# generate new secrets
+if ! grep "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY" /app/data/env.production; then
+    echo "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=$(openssl rand -hex 16)" >> /app/data/env.production
+fi
+if ! grep "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT" /app/data/env.production; then
+    echo "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=$(openssl rand -hex 16)" >> /app/data/env.production
+fi
+if ! grep "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY" /app/data/env.production; then
+    echo "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=$(openssl rand -hex 16)" >> /app/data/env.production
+fi
+
 if grep -q "^SECRET_KEY_BASE=$" /app/data/env.production; then
     echo "==> Generating secrets"
     export RANDFILE=/tmp/.rnd