archwiki: Switch captcha to time-based method

Up until now the captcha has depended on the exact output of the pacman version command which could lead to multiple problematic scenarios: a) User uses testing repos (user pacman newer) b) Server is not instantly updated (user pacman newer) c) User system is not updated (user pacman older) Circumvent this problem by switching to a time based captcha instead. Signed-off-by: Christian Heusel <christian@heusel.eu>

archwiki: Switch captcha to time-based method
048167d6 · Christian Heusel · 5909800f · 048167d6 · 048167d6 · 5909800f
Verified Commit 048167d6 authored 1 year ago by Christian Heusel
--- a/roles/archwiki/tasks/main.yml
+++ b/roles/archwiki/tasks/main.yml
@@ -107,6 +107,7 @@
    - archwiki-prune-cache.service
    - archwiki-prune-cache.timer
    - archwiki-question-updater.service
+    - archwiki-question-updater.timer

 - name: Start and enable archwiki timers and services
  systemd:
@@ -118,6 +119,7 @@
    - archwiki-runjobs.timer
    - archwiki-prune-cache.timer
    - archwiki-runjobs-wait.service
+    - archwiki-question-updater.timer

 - name: Create question answer file
  systemd:
@@ -127,9 +129,3 @@

 - name: Ensure question answer file exists and set permissions
  file: state=file path="{{ archwiki_question_answer_file }}" owner=root group=root mode=0644
-
- name: Create pacman.d hooks dir
-  file: state=directory owner=root group=root mode=0755 path=/etc/pacman.d/hooks
-
- name: Install archwiki question updater hook
-  template: src=archwiki-question-updater.hook.j2 dest=/etc/pacman.d/hooks/archwiki-question-updater.hook owner=root group=root mode=0644
--- a/roles/archwiki/templates/LocalSettings.php.j2
+++ b/roles/archwiki/templates/LocalSettings.php.j2
@@ -421,7 +421,7 @@ $wgCaptchaTriggers['addurl'] = false;
 $wgCaptchaTriggers['createaccount'] = true;
 $wgCaptchaTriggers['badlogin'] = true;
 $wgCaptchaQuestions = [
-    'What is the output of: <code>pacman -V|base32|head -1</code>' => trim(file_get_contents("{{ archwiki_question_answer_file }}"))
+    'What is the output of: <code>LC_ALL=C pacman -V|sed -r "s#[0-9]+#$(date -u +%m)#g"|base32|head -1</code>' => trim(file_get_contents("{{ archwiki_question_answer_file }}"))
 ];

 # Restrict expensive actions to logged in users

--- a/roles/archwiki/templates/archwiki-question-updater.hook.j2
+++ b/roles/archwiki/templates/archwiki-question-updater.hook.j2
-[Trigger]
-Operation = Install
-Operation = Upgrade
-Type = Package
-Target = pacman
-
-[Action]
-When = PostTransaction
-Exec = /usr/bin/systemctl start archwiki-question-updater.service
--- a/roles/archwiki/templates/archwiki-question-updater.service.j2
+++ b/roles/archwiki/templates/archwiki-question-updater.service.j2
@@ -3,4 +3,5 @@ Description=Update Archwiki pacman question answer

 [Service]
 Type=oneshot
-ExecStart=/bin/bash -c 'pacman -V|base32|head -1 > "{{archwiki_question_answer_file}}"'
+# %% is needed here to escape systemd's own templating
+ExecStart=/bin/bash -c 'LC_ALL=C pacman -V|sed -r "s#[0-9]+#$(date -u +%%m)#g"|base32|head -1 > "{{archwiki_question_answer_file}}"'
--- a/roles/archwiki/templates/archwiki-question-updater.timer.j2
+++ b/roles/archwiki/templates/archwiki-question-updater.timer.j2
+[Unit]
+Description=Monthly Timer to update the Archwiki pacman question
+
+[Timer]
+OnCalendar=*-*-1 00:00:00
+Persistent=true
+
+[Install]
+WantedBy=timers.target