fix: prevent package postinstall hang when generating jwt secret

kolaente · kolaente · commit 5ed685f7542a · 2026-05-30T14:31:32.000+02:00
The postinstall scripts generated the jwt secret with: cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1 This relies on SIGPIPE to terminate the infinite `cat /dev/urandom` once `head` has read its single line. Inside a dpkg/apt maintainer-script context the SIGPIPE disposition is not reliably delivered, so `cat /dev/urandom` spins forever, the postinstall never returns, and the whole `dpkg -i` / upgrade hangs. Read a bounded 512 bytes with `head -c` instead so nothing depends on SIGPIPE to terminate. 512 random bytes yield ~124 alphanumerics on average, so the trailing `head -c 32` reliably produces a full 32-char secret while staying dependency-free. Fixes #2660
diff --git a/build/after-install-openrc.sh b/build/after-install-openrc.sh
@@ -2,7 +2,7 @@
 rc-update add vikunja default
 
 # Fix the config to contain proper values
-NEW_SECRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
+NEW_SECRET=$(head -c 512 /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 32)
 sed -i "s/<jwt-secret>/$NEW_SECRET/g" /etc/vikunja/config.yml
 sed -i "s/<rootpath>/\/opt\/vikunja\//g" /etc/vikunja/config.yml
 sed -i "s/path: \"\.\/vikunja.db\"/path: \"\\/opt\/vikunja\/vikunja.db\"/g" /etc/vikunja/config.yml
diff --git a/build/after-install.sh b/build/after-install.sh
@@ -3,7 +3,7 @@
 systemctl enable vikunja.service
 
 # Fix the config to contain proper values
-NEW_SECRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
+NEW_SECRET=$(head -c 512 /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 32)
 sed -i "s/<jwt-secret>/$NEW_SECRET/g" /etc/vikunja/config.yml
 sed -i "s/<rootpath>/\/opt\/vikunja\//g" /etc/vikunja/config.yml
 sed -i "s/path: \"\.\/vikunja.db\"/path: \"\\/opt\/vikunja\/vikunja.db\"/g" /etc/vikunja/config.yml
