FIX: Quote all strings in discourse.conf

Fixes the problem of DB passwords with hashes in them (including passwords
that start with a hash, as reported in https://meta.discourse.org/t/76409).

The problem of passwords with single quotes in them still exists, and will
require modifications to Discourse's GlobalSetting::FileProvider parser,
because the current format doesn't support escaping quote characters.  That
work will have to be deferred to a later time.

diff --git a/templates/web.template.yml b/templates/web.template.yml
index fffea3471330910fe2ef55990954ea5b75009f2c..316d835113ceadf1a4869956ba204017fdc9db6b 100644 (file)
--- a/templates/web.template.yml
+++ b/templates/web.template.yml
@@ -61,7 +61,7 @@ run:
         conf=/var/www/discourse/config/discourse.conf
 
         # find DISCOURSE_ env vars, strip the leader, lowercase the key
-        /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = #{v}" if k =~ /^DISCOURSE_(.*)/}' > $conf
+        /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = '\''#{v}'\''" if k =~ /^DISCOURSE_(.*)/}' > $conf
 
   - file:
      path: /etc/runit/1.d/enable-brotli