paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[WebAuthn] rename env var

master
FreddleSpl0it 2022-01-20 11:19:00 +01:00
parent 7df2bb28f8
commit aaf5da240a
No known key found for this signature in database
GPG Key ID: 38F5FCC689C181F9
3 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docker-compose.yml
View File

@ -157,7 +157,7 @@ services:
- ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n} - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
- MASTER=${MASTER:-y} - MASTER=${MASTER:-y}
- DEV_MODE=${DEV_MODE:-n} - DEV_MODE=${DEV_MODE:-n}
- WEBAUTHN_RESPECT_ROOTCA=${WEBAUTHN_RESPECT_ROOTCA:-n} - WEBAUTHN_ONLY_TRUSTED_VENDORS=${WEBAUTHN_ONLY_TRUSTED_VENDORS:-n}
restart: always restart: always
networks: networks:
mailcow-network: mailcow-network:

6
generate_config.sh
View File

@ -344,10 +344,10 @@ DOVECOT_MASTER_PASS=
# https://mailcow.github.io/mailcow-dockerized-docs/debug-reset_tls/ # https://mailcow.github.io/mailcow-dockerized-docs/debug-reset_tls/
ACME_CONTACT= ACME_CONTACT=
# Enable webauthn device manufacturer verification # WebAuthn device manufacturer verification
# After setting WEBAUTHN_RESPECT_ROOTCA=y only devices from trusted manufacturers are allowed # After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed
# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates # root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates
WEBAUTHN_RESPECT_ROOTCA=n WEBAUTHN_ONLY_TRUSTED_VENDORS=n
EOF EOF

10
update.sh
View File

@ -307,7 +307,7 @@ CONFIG_ARRAY=(
"ADDITIONAL_SERVER_NAMES" "ADDITIONAL_SERVER_NAMES"
"ACME_CONTACT" "ACME_CONTACT"
"WATCHDOG_VERBOSE" "WATCHDOG_VERBOSE"
"WEBAUTHN_RESPECT_ROOTCA" "WEBAUTHN_ONLY_TRUSTED_VENDORS"
) )
sed -i --follow-symlinks '$a\' mailcow.conf sed -i --follow-symlinks '$a\' mailcow.conf
@ -515,12 +515,12 @@ for option in ${CONFIG_ARRAY[@]}; do
echo '# https://mailcow.github.io/mailcow-dockerized-docs/debug-reset-tls/' >> mailcow.conf echo '# https://mailcow.github.io/mailcow-dockerized-docs/debug-reset-tls/' >> mailcow.conf
echo 'ACME_CONTACT=' >> mailcow.conf echo 'ACME_CONTACT=' >> mailcow.conf
fi fi
elif [[ ${option} == "WEBAUTHN_RESPECT_ROOTCA" ]]; then elif [[ ${option} == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
if ! grep -q ${option} mailcow.conf; then if ! grep -q ${option} mailcow.conf; then
echo "# Enable webauthn device manufacturer verification" >> mailcow.conf echo "# WebAuthn device manufacturer verification" >> mailcow.conf
echo '# After setting WEBAUTHN_RESPECT_ROOTCA=y only devices from trusted manufacturers are allowed' >> mailcow.conf echo '# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed' >> mailcow.conf
echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf
echo 'WEBAUTHN_RESPECT_ROOTCA=n' >> mailcow.conf echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf
fi fi
elif [[ ${option} == "WATCHDOG_VERBOSE" ]]; then elif [[ ${option} == "WATCHDOG_VERBOSE" ]]; then
if ! grep -q ${option} mailcow.conf; then if ! grep -q ${option} mailcow.conf; then