searx: Changes from code review

- Use 32-bit key for HMAC-256 - Use secrets library instead of os.urandom - uwsgi enable/disable along with webserver enable/disable - Text changes Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com> Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
2026-06-03 10:50:20 +00:00 · 2018-02-20 14:41:26 +05:30 · 2018-02-20 14:41:26 +05:30 · 67274e1566
commit 67274e1566
parent 823c2968f0
6 changed files with 31 additions and 22 deletions
--- a/actions/searx
+++ b/actions/searx
@ -22,6 +22,8 @@ Configuration helper for searx.

 import argparse
 import os
+import secrets
+import shutil

 from plinth import action_utils
 from plinth.utils import YAMLFile, gunzip
@ -42,14 +44,17 @@ def parse_arguments():


 def _copy_uwsgi_configuration():
-    """Copy the example uwsgi configuration shipped with Searx to the
-    appropriate uwsgi directory."""
+    """Copy example uwsgi configuration
+
+    Copy the example uwsgi configuration shipped with Searx documentation to
+    the appropriate uwsgi directory.
+    """
    example_config = ('/usr/share/doc/searx/examples/'
                      'uwsgi/apps-available/searx.ini')
-    destination = '/etc/uwsgi/apps-enabled/searx.ini'
+    destination = '/etc/uwsgi/apps-available/'

    if not os.path.exists(destination):
-        os.symlink(example_config, destination)
+        shutil.copy(example_config, destination)
        action_utils.webserver_enable('uwsgi', kind='module')


@ -64,7 +69,7 @@ def _generate_secret_key():

    # Generate and set a secret key
    with YAMLFile(settings_file) as settings:
-        secret_key = os.urandom(16).hex()
+        secret_key = secrets.token_hex(32)
        settings['server']['secret_key'] = secret_key

    action_utils.service_restart('uwsgi')
@ -78,12 +83,16 @@ def subcommand_setup(_):

 def subcommand_enable(_):
    """Enable web configuration and reload."""
-    action_utils.webserver_enable('searx-plinth')
+    # TODO Write action_utils functions for enable/disable uwsgi
+    os.symlink('/etc/uwsgi/apps-available/searx.ini',
+               '/etc/uwsgi/apps-enabled/')
+    action_utils.webserver_enable('searx-freedombox')


 def subcommand_disable(_):
    """Disable web configuration and reload."""
-    action_utils.webserver_disable('searx-plinth')
+    action_utils.webserver_disable('searx-freedombox')
+    os.unlink('/etc/uwsgi/apps-enabled/searx.ini')


 def main():
--- a/data/etc/apache2/conf-available/searx-freedombox.conf
+++ b/data/etc/apache2/conf-available/searx-freedombox.conf
--- a/plinth/modules/searx/init.py
+++ b/plinth/modules/searx/init.py
@ -1,5 +1,5 @@
 #
-# This file is part of Plinth.
+# This file is part of FreedomBox.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as
@ -15,9 +15,11 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 """
-Plinth module to configure Searx
+FreedomBox module to configure Searx
 """

+import os
+
 from django.utils.translation import ugettext_lazy as _

 from plinth import service as service_module
@ -33,7 +35,7 @@ version = 1
 managed_services = ['searx']

 managed_packages = [
-    'searx', 'uwsgi', 'uwsgi-plugin-python3', 'libapache2-mod-uwsgi'
+    'searx', 'uwsgi', 'uwsgi-plugin-python3', 'libapache2-mod-proxy-uwsgi'
 ]

 name = _('Searx')
@ -44,10 +46,7 @@ description = [
    _('Searx is a privacy-respecting internet metasearch engine. '
      'It aggregrates and displays results from multiple search engines.'),
    _('Searx can be used to avoid tracking and profiling by search engines. '
-      'It stores no cookies by default. Additionally, Searx can be used over '
-      'Tor for online anonymity.'),
-    _('When enabled, Searx\'s web interface will be available from '
-      '<a href="/searx">/searx</a>.'),
+      'It stores no cookies by default.')
 ]

 service = None
@ -74,7 +73,7 @@ def init():
 def setup(helper, old_version=None):
    """Install and configure the module."""
    helper.install(managed_packages)
-    helper.call('setup', actions.superuser_run, 'searx', ['setup'])
+    helper.call('post', actions.superuser_run, 'searx', ['setup'])
    helper.call('post', actions.superuser_run, 'searx', ['enable'])
    global service
    if service is None:
@ -93,7 +92,8 @@ def add_shortcut():

 def is_enabled():
    """Return whether the module is enabled."""
-    return action_utils.webserver_is_enabled('searx-plinth')
+    return (action_utils.webserver_is_enabled('searx-freedombox')
+            and os.path.exists('/etc/uwsgi/apps-enabled/searx.ini'))


 def enable():
--- a/plinth/modules/searx/manifest.py
+++ b/plinth/modules/searx/manifest.py
@ -1,5 +1,5 @@
 #
-# This file is part of Plinth.
+# This file is part of FreedomBox.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as
--- a/plinth/modules/searx/urls.py
+++ b/plinth/modules/searx/urls.py
@ -1,5 +1,5 @@
 #
-# This file is part of Plinth.
+# This file is part of FreedomBox.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as
--- a/plinth/utils.py
+++ b/plinth/utils.py
@ -150,8 +150,8 @@ def gunzip(gzip_file, output_file):
    if not os.path.exists(output_dir):
        os.makedirs(output_dir, mode=0o755)

-    with gzip.open(gzip_file, 'rb') as f:
-        contents = f.read()
-    with open(output_file, 'wb') as f:
-        f.write(contents)
+    with gzip.open(gzip_file, 'rb') as file_handle:
+        contents = file_handle.read()
+    with open(output_file, 'wb') as file_handle:
+        file_handle.write(contents)
    os.chmod(output_file, 0o644)