From 80c5d2946670f985d1ccd6a4cb130fe7027df777 Mon Sep 17 00:00:00 2001
From: "CanbiZ (MickLesk)" <47820557+MickLesk@users.noreply.github.com>
Date: Fri, 17 Apr 2026 09:43:40 +0200
Subject: [PATCH] fix(slink): use lexik:jwt:generate-keypair instead of manual
 openssl, fix key permissions

- Manual openssl keys were root:600, unreadable by PHP-FPM (www-data)
- lexik:jwt:generate-keypair sets correct ownership/permissions automatically
- chmod 644 private.pem as safety net
- Remove redundant duplicate call with --skip-if-exists
---
 install/slink-install.sh | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/install/slink-install.sh b/install/slink-install.sh
index 0e25f0ae..a981bd26 100644
--- a/install/slink-install.sh
+++ b/install/slink-install.sh
@@ -54,12 +54,11 @@ sed -i "s|sqlite:////app/var/data|sqlite:////opt/slink/services/api/var/data|g"
 export APP_ENV=prod
 mkdir -p /opt/slink/services/api/var/data
 mkdir -p /opt/slink/services/api/config/jwt
-openssl genpkey -algorithm RSA -out /opt/slink/services/api/config/jwt/private.pem -aes256 -pass "pass:${JWT_PASS}" 2>/dev/null
-openssl pkey -in /opt/slink/services/api/config/jwt/private.pem -out /opt/slink/services/api/config/jwt/public.pem -pubout -passin "pass:${JWT_PASS}" 2>/dev/null
 $STD composer install --no-dev --optimize-autoloader --no-interaction
 mkdir -p /opt/slink/{data,images}
 sed -i "s|'/services/api/|'/opt/slink/services/api/|" config/migrations/event_store.yaml
-php bin/console lexik:jwt:generate-keypair --skip-if-exists >/dev/null 2>&1 || true
+$STD php bin/console lexik:jwt:generate-keypair --overwrite --no-interaction
+chmod 644 /opt/slink/services/api/config/jwt/private.pem
 touch /opt/slink/services/api/var/data/slink_store.db
 touch /opt/slink/services/api/var/data/slink.db
 $STD php bin/console doctrine:migrations:migrate --no-interaction --em=read_model