From 8cd4710b169f6e01f9392a3e1e62fcdeb58fea3b Mon Sep 17 00:00:00 2001 From: john lee <64lamei@gmail.com> Date: Wed, 20 May 2026 10:43:18 +0800 Subject: [PATCH] fix(deploy): fall back to python/openssl when python3 is absent for secret generation (#3074) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix(deploy): fall back to python/openssl when python3 is absent for secret generation Bare python3 call in deploy.sh exits 49 on systems without python3 in PATH (e.g. some Alpine/minimal containers, or Windows environments where only 'python' is on PATH). Add a fallback chain: python3 → python → openssl rand -hex 32. If all three are unavailable, emit a clear error message and exit with a non-zero status instead of a cryptic recipe failure. Closes #2922 Co-Authored-By: Claude Sonnet 4.6 * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Claude Sonnet 4.6 Co-authored-by: Willem Jiang Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- scripts/deploy.sh | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/scripts/deploy.sh b/scripts/deploy.sh index b4b030d4b..41c9dfa3f 100755 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -120,7 +120,20 @@ if [ -z "$BETTER_AUTH_SECRET" ]; then echo -e "${GREEN}✓ BETTER_AUTH_SECRET loaded from $_secret_file${NC}" else export BETTER_AUTH_SECRET - BETTER_AUTH_SECRET="$(python3 -c 'import secrets; print(secrets.token_hex(32))')" + if command -v python3 > /dev/null 2>&1 && \ + BETTER_AUTH_SECRET="$(python3 -c 'import sys; sys.version_info >= (3, 6) or sys.exit(1); import secrets; print(secrets.token_hex(32))' 2>/dev/null)"; then + true + elif command -v python > /dev/null 2>&1 && \ + BETTER_AUTH_SECRET="$(python -c 'import sys; sys.version_info >= (3, 6) or sys.exit(1); import secrets; print(secrets.token_hex(32))' 2>/dev/null)"; then + true + elif command -v openssl > /dev/null 2>&1 && \ + BETTER_AUTH_SECRET="$(openssl rand -hex 32)"; then + true + else + echo -e "${RED}✗ Cannot generate BETTER_AUTH_SECRET: python3, python, and openssl are all unavailable.${NC}" >&2 + echo -e "${RED} Set BETTER_AUTH_SECRET manually before running make up.${NC}" >&2 + exit 1 + fi echo "$BETTER_AUTH_SECRET" > "$_secret_file" chmod 600 "$_secret_file" echo -e "${GREEN}✓ BETTER_AUTH_SECRET generated → $_secret_file${NC}"