Misleading LFS_JWT_SECRET description

[pboguslawski]

Description

According to https://docs.gitea.io/en-us/config-cheat-sheet/#server-server

LFS_JWT_SECRET: <empty>: LFS authentication secret, change this a unique string.

which is not true because gitea requires such string to be unpadded urlsafe base64 encoded 32 bytes, i.e. generated with

dd if=/dev/urandom bs=1 count=32 status=none | base64 | tr '/+' '_-' | tr -d '='

If it's not - gitea generates own value on startup and logs

2023/02/01 22:26:08 ...s/setting/setting.go:1318:CreateOrAppendToCustomConf() [I] Settings for server.LFS_JWT_SECRET saved to: "[...]app.ini"

If LFS_JWT_SECRET is longer than 32 bytes i.e. generated with

dd if=/dev/urandom bs=1 count=33 status=none | base64 | tr '/+' '_-' | tr -d '='

gitea will panic on startup with

2023/02/02 10:29:24 cmd/web.go:95:func1() [F] PANIC: runtime error: index out of range [2] with length 2

which is caused by golang/go#54532 probably.

Consider fixing manual and handling panic.

Gitea Version

1.18.3

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

from git

Database

None

[lonix1]

Should be cross referenced to docs here which show how to generate the other three secrets, but not LFS_JWT_SECRET.

In fact, it would be nice to safely/easily create this secret with gitea generate secret.

[lunny]

This should be fixed by https://gitea.com/gitea/docs/pulls/46