fix(passbolt): add 300s clock-skew tolerance to key creation date check
The isNotCreatedInTheFutureRule has zero tolerance, causing the browser extension to fail when generating a metadata key if the browser clock is even 1 second ahead of the server. Patching isDateInFuture to allow 300 seconds tolerance and mounting the file as a read-only volume so the fix survives image updates. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -7,7 +7,6 @@ services:
|
||||
PASSBOLT_SSL_FORCE: "false"
|
||||
TZ: ${TIMEZONE:-Europe/Amsterdam}
|
||||
PASSBOLT_REGISTRATION_PUBLIC: "false"
|
||||
PASSBOLT_PLUGINS_METADATA_ENABLE_FOR_NEW_INSTANCES: "false"
|
||||
DATASOURCES_DEFAULT_HOST: passbolt_db
|
||||
DATASOURCES_DEFAULT_PORT: "5432"
|
||||
DATASOURCES_DEFAULT_DATABASE: passbolt
|
||||
@@ -25,6 +24,8 @@ services:
|
||||
- ../.data/passbolt/gpg:/etc/passbolt/gpg
|
||||
- ../.data/passbolt/jwt:/etc/passbolt/jwt
|
||||
- ../.data/passbolt/gnupg:/var/lib/passbolt/.gnupg
|
||||
# Patched to allow 300s clock-skew tolerance in isNotCreatedInTheFutureRule
|
||||
- ./patches/PublicKeyValidationService.php:/usr/share/php/passbolt/src/Service/OpenPGP/PublicKeyValidationService.php:ro
|
||||
depends_on:
|
||||
db:
|
||||
condition: service_healthy
|
||||
|
||||
Reference in New Issue
Block a user