Make "install page" respect environment config (#25648) (#25799)

Backport #25648

Replace #25580

Fix #19453

The problem was: when users set "GITEA__XXX__YYY" , the "install page"
doesn't respect it.

So, to make the result consistent and avoid surprising end users, now
the "install page" also writes the environment variables to the config
file.

And, to make things clear, there are enough messages on the UI to tell
users what will happen.

There are some necessary/related changes to `environment-to-ini.go`:

* The "--clear" flag is removed and it was incorrectly written there.
The "clear" operation should be done if INSTALL_LOCK=true
* The "--prefix" flag is removed because it's never used, never
documented and it only causes inconsistent behavior.

The only conflict during backport is "ui divider" in
templates/install.tmpl

Author: wxiaoguang

contrib/environment-to-ini/environment-to-ini.go

@@ -5,17 +5,13 @@ package main
 
 import (
 	"os"
-	"strings"
 
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 
 	"github.com/urfave/cli"
 )
 
-// EnvironmentPrefix environment variables prefixed with this represent ini values to write
-const EnvironmentPrefix = "GITEA"
-
 func main() {
 	app := cli.NewApp()
 	app.Name = "environment-to-ini"
@@ -70,15 +66,6 @@ func main() {
 			Value: "",
 			Usage: "Destination file to write to",
 		},
-		cli.BoolFlag{
-			Name:  "clear",
-			Usage: "Clears the matched variables from the environment",
-		},
-		cli.StringFlag{
-			Name:  "prefix, p",
-			Value: EnvironmentPrefix,
-			Usage: "Environment prefix to look for - will be suffixed by __ (2 underscores)",
-		},
 	}
 	app.Action = runEnvironmentToIni
 	err := app.Run(os.Args)
@@ -99,9 +86,7 @@ func runEnvironmentToIni(c *cli.Context) error {
 		log.Fatal("Failed to load custom conf '%s': %v", setting.CustomConf, err)
 	}
 
-	prefixGitea := c.String("prefix") + "__"
-	suffixFile := "__FILE"
-	changed := setting.EnvironmentToConfig(cfg, prefixGitea, suffixFile, os.Environ())
+	changed := setting.EnvironmentToConfig(cfg, os.Environ())
 
 	// try to save the config file
 	destination := c.String("out")
@@ -116,19 +101,5 @@ func runEnvironmentToIni(c *cli.Context) error {
 		}
 	}
 
-	// clear Gitea's specific environment variables if requested
-	if c.Bool("clear") {
-		for _, kv := range os.Environ() {
-			idx := strings.IndexByte(kv, '=')
-			if idx < 0 {
-				continue
-			}
-			eKey := kv[:idx]
-			if strings.HasPrefix(eKey, prefixGitea) {
-				_ = os.Unsetenv(eKey)
-			}
-		}
-	}
-
 	return nil
 }

docs/content/doc/installation/with-docker-rootless.en-us.md

@@ -288,7 +288,7 @@ docker-compose up -d
 
 In addition to the environment variables above, any settings in `app.ini` can be set
 or overridden with an environment variable of the form: `GITEA__SECTION_NAME__KEY_NAME`.
-These settings are applied each time the docker container starts.
+These settings are applied each time the docker container starts, and won't be passed into Gitea's sub-processes.
 Full information [here](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini).
 
 These environment variables can be passed to the docker container in `docker-compose.yml`.

docs/content/doc/installation/with-docker.en-us.md

@@ -289,7 +289,7 @@ docker-compose up -d
 
 In addition to the environment variables above, any settings in `app.ini` can be set
 or overridden with an environment variable of the form: `GITEA__SECTION_NAME__KEY_NAME`.
-These settings are applied each time the docker container starts.
+These settings are applied each time the docker container starts, and won't be passed into Gitea's sub-processes.
 Full information [here](https://github.com/go-gitea/gitea/tree/master/contrib/environment-to-ini).
 
 These environment variables can be passed to the docker container in `docker-compose.yml`.

modules/assetfs/layered.go

@@ -215,6 +215,7 @@ func (l *LayeredFS) WatchLocalChanges(ctx context.Context, callback func()) {
 			log.Error("Unable to list directories for asset local file-system %q: %v", layer.localPath, err)
 			continue
 		}
+		layerDirs = append(layerDirs, ".")
 		for _, dir := range layerDirs {
 			if err = watcher.Add(util.FilePathJoinAbs(layer.localPath, dir)); err != nil {
 				log.Error("Unable to watch directory %s: %v", dir, err)

modules/setting/config_env.go

@@ -12,10 +12,31 @@ import (
 	"code.gitea.io/gitea/modules/log"
 )
 
+const (
+	EnvConfigKeyPrefixGitea = "GITEA__"
+	EnvConfigKeySuffixFile  = "__FILE"
+)
+
 const escapeRegexpString = "_0[xX](([0-9a-fA-F][0-9a-fA-F])+)_"
 
 var escapeRegex = regexp.MustCompile(escapeRegexpString)
 
+func CollectEnvConfigKeys() (keys []string) {
+	for _, env := range os.Environ() {
+		if strings.HasPrefix(env, EnvConfigKeyPrefixGitea) {
+			k, _, _ := strings.Cut(env, "=")
+			keys = append(keys, k)
+		}
+	}
+	return keys
+}
+
+func ClearEnvConfigKeys() {
+	for _, k := range CollectEnvConfigKeys() {
+		_ = os.Unsetenv(k)
+	}
+}
+
 // decodeEnvSectionKey will decode a portable string encoded Section__Key pair
 // Portable strings are considered to be of the form [A-Z0-9_]*
 // We will encode a disallowed value as the UTF8 byte string preceded by _0X and
@@ -87,7 +108,7 @@ func decodeEnvironmentKey(prefixGitea, suffixFile, envKey string) (ok bool, sect
 	return ok, section, key, useFileValue
 }
 
-func EnvironmentToConfig(cfg ConfigProvider, prefixGitea, suffixFile string, envs []string) (changed bool) {
+func EnvironmentToConfig(cfg ConfigProvider, envs []string) (changed bool) {
 	for _, kv := range envs {
 		idx := strings.IndexByte(kv, '=')
 		if idx < 0 {
@@ -97,7 +118,7 @@ func EnvironmentToConfig(cfg ConfigProvider, prefixGitea, suffixFile string, env
 		// parse the environment variable to config section name and key name
 		envKey := kv[:idx]
 		envValue := kv[idx+1:]
-		ok, sectionName, keyName, useFileValue := decodeEnvironmentKey(prefixGitea, suffixFile, envKey)
+		ok, sectionName, keyName, useFileValue := decodeEnvironmentKey(EnvConfigKeyPrefixGitea, EnvConfigKeySuffixFile, envKey)
 		if !ok {
 			continue
 		}

modules/setting/config_env_test.go

@@ -72,7 +72,7 @@ func TestDecodeEnvironmentKey(t *testing.T) {
 func TestEnvironmentToConfig(t *testing.T) {
 	cfg, _ := NewConfigProviderFromData("")
 
-	changed := EnvironmentToConfig(cfg, "GITEA__", "__FILE", nil)
+	changed := EnvironmentToConfig(cfg, nil)
 	assert.False(t, changed)
 
 	cfg, err := NewConfigProviderFromData(`
@@ -81,16 +81,16 @@ key = old
 `)
 	assert.NoError(t, err)
 
-	changed = EnvironmentToConfig(cfg, "GITEA__", "__FILE", []string{"GITEA__sec__key=new"})
+	changed = EnvironmentToConfig(cfg, []string{"GITEA__sec__key=new"})
 	assert.True(t, changed)
 	assert.Equal(t, "new", cfg.Section("sec").Key("key").String())
 
-	changed = EnvironmentToConfig(cfg, "GITEA__", "__FILE", []string{"GITEA__sec__key=new"})
+	changed = EnvironmentToConfig(cfg, []string{"GITEA__sec__key=new"})
 	assert.False(t, changed)
 
 	tmpFile := t.TempDir() + "/the-file"
 	_ = os.WriteFile(tmpFile, []byte("value-from-file"), 0o644)
-	changed = EnvironmentToConfig(cfg, "GITEA__", "__FILE", []string{"GITEA__sec__key__FILE=" + tmpFile})
+	changed = EnvironmentToConfig(cfg, []string{"GITEA__sec__key__FILE=" + tmpFile})
 	assert.True(t, changed)
 	assert.Equal(t, "value-from-file", cfg.Section("sec").Key("key").String())
 }

modules/setting/path.go

@@ -171,6 +171,9 @@ func InitWorkPathAndCfgProvider(getEnvFn func(name string) string, args ArgWorkP
 
 	// only read the config but do not load/init anything more, because the AppWorkPath and CustomPath are not ready
 	InitCfgProvider(tmpCustomConf.Value)
+	if HasInstallLock(CfgProvider) {
+		ClearEnvConfigKeys() // if the instance has been installed, do not pass the environment variables to sub-processes
+	}
 	configWorkPath := ConfigSectionKeyString(CfgProvider.Section(""), "WORK_PATH")
 	if configWorkPath != "" {
 		if !filepath.IsAbs(configWorkPath) {

modules/setting/security.go

@@ -102,7 +102,7 @@ func generateSaveInternalToken(rootCfg ConfigProvider) {
 
 func loadSecurityFrom(rootCfg ConfigProvider) {
 	sec := rootCfg.Section("security")
-	InstallLock = sec.Key("INSTALL_LOCK").MustBool(false)
+	InstallLock = HasInstallLock(rootCfg)
 	LogInRememberDays = sec.Key("LOGIN_REMEMBER_DAYS").MustInt(7)
 	CookieUserName = sec.Key("COOKIE_USERNAME").MustString("gitea_awesome")
 	SecretKey = loadSecret(sec, "SECRET_KEY_URI", "SECRET_KEY")

modules/setting/setting.go

@@ -183,10 +183,14 @@ func loadRunModeFrom(rootCfg ConfigProvider) {
 	}
 }
 
+// HasInstallLock checks the install-lock in ConfigProvider directly, because sometimes the config file is not loaded into setting variables yet.
+func HasInstallLock(rootCfg ConfigProvider) bool {
+	return rootCfg.Section("security").Key("INSTALL_LOCK").MustBool(false)
+}
+
 func mustCurrentRunUserMatch(rootCfg ConfigProvider) {
 	// Does not check run user when the "InstallLock" is off.
-	installLock := rootCfg.Section("security").Key("INSTALL_LOCK").MustBool(false)
-	if installLock {
+	if HasInstallLock(rootCfg) {
 		currentUser, match := IsRunUserMatchCurrentUser(RunUser)
 		if !match {
 			log.Fatal("Expect user '%s' but current user is: %s", RunUser, currentUser)

options/locale/locale_en-US.ini

@@ -290,6 +290,8 @@ invalid_password_algorithm = Invalid password hash algorithm
 password_algorithm_helper = Set the password hashing algorithm. Algorithms have differing requirements and strength. The argon2 algorithm is rather secure but uses a lot of memory and may be inappropriate for small systems.
 enable_update_checker = Enable Update Checker
 enable_update_checker_helper = Checks for new version releases periodically by connecting to gitea.io.
+env_config_keys = Environment Configuration
+env_config_keys_prompt = The following environment variables will also be applied to your configuration file:
 
 [home]
 uname_holder = Username or Email Address