From 6c00d789e056b9925a5194cd91a9df855988236b Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sat, 19 Mar 2022 15:01:07 +0100 Subject: [PATCH 1/9] Apply example_ynh --- check_process | 6 - conf/app.src | 1 + conf/dendrite.yaml | 231 +++++++++++++++------------ conf/go.src | 7 - conf/systemd.service | 4 +- manifest.json | 13 +- scripts/_common.sh | 2 + scripts/backup | 1 - scripts/change_url | 14 +- scripts/install | 77 ++++----- scripts/remove | 28 ++-- scripts/restore | 67 +++----- scripts/upgrade | 83 +++++----- scripts/ynh_install_go | 247 +++++++++++++++++++++++++++++ sources/extra_files/app/.gitignore | 2 - sources/patches/.gitignore | 2 - 16 files changed, 515 insertions(+), 270 deletions(-) delete mode 100644 conf/go.src create mode 100644 scripts/ynh_install_go delete mode 100644 sources/extra_files/app/.gitignore delete mode 100644 sources/patches/.gitignore diff --git a/check_process b/check_process index 02214c7..0292645 100644 --- a/check_process +++ b/check_process @@ -1,7 +1,6 @@ ;; Test complet ; Manifest domain="domain.tld" - path="/path" is_public=1 port="666" ; Checks @@ -20,8 +19,3 @@ ;;; Options Email= Notification=none -;;; Upgrade options - ; commit=CommitHash - name=Name and date of the commit. - manifest_arg=domain=DOMAIN&path=PATH&is_public=1&port=666& - diff --git a/conf/app.src b/conf/app.src index cc056b9..c89f70f 100644 --- a/conf/app.src +++ b/conf/app.src @@ -4,3 +4,4 @@ SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/dendrite.yaml b/conf/dendrite.yaml index a66caef..c2a80c8 100644 --- a/conf/dendrite.yaml +++ b/conf/dendrite.yaml @@ -28,7 +28,7 @@ # connection can be idle in seconds - a negative value is unlimited. # The version of the configuration file. -version: 1 +version: 2 # Global Matrix configuration. This configuration applies to all components. global: @@ -54,6 +54,10 @@ global: # considered valid by other homeservers. key_validity_period: 168h0m0s + # The server name to delegate server-server communications to, with optional port + # e.g. localhost:443 + well_known_server_name: "" + # Lists of domains that the server will trust as identity servers to verify third # party identifiers such as phone numbers and email addresses. trusted_third_party_id_servers: @@ -64,35 +68,40 @@ global: # to other servers and the federation API will not be exposed. disable_federation: false - # Configuration for Kafka/Naffka. - kafka: - # List of Kafka broker addresses to connect to. This is not needed if using - # Naffka in monolith mode. + # Server notices allows server admins to send messages to all users. + server_notices: + enabled: false + # The server localpart to be used when sending notices, ensure this is not yet taken + local_part: "_server" + # The displayname to be used when sending notices + display_name: "Server alerts" + # The mxid of the avatar to use + avatar_url: "" + # The roomname to be used when creating messages + room_name: "Server Alerts" + + # Configuration for NATS JetStream + jetstream: + # A list of NATS Server addresses to connect to. If none are specified, an + # internal NATS server will be started automatically when running Dendrite + # in monolith mode. It is required to specify the address of at least one + # NATS Server node if running in polylith mode. addresses: - - localhost:2181 + # - localhost:4222 - # The prefix to use for Kafka topic names for this homeserver. Change this only if - # you are running more than one Dendrite homeserver on the same Kafka deployment. + # Keep all NATS streams in memory, rather than persisting it to the storage + # path below. This option is present primarily for integration testing and + # should not be used on a real world Dendrite deployment. + in_memory: false + + # Persistent directory to store JetStream streams in. This directory + # should be preserved across Dendrite restarts. + storage_path: ./ + + # The prefix to use for stream names for this homeserver - really only + # useful if running more than one Dendrite on the same NATS deployment. topic_prefix: Dendrite - # Whether to use Naffka instead of Kafka. This is only available in monolith - # mode, but means that you can run a single-process server without requiring - # Kafka. - use_naffka: true - - # The max size a Kafka message is allowed to use. - # You only need to change this value, if you encounter issues with too large messages. - # Must be less than/equal to "max.message.bytes" configured in Kafka. - # Defaults to 8388608 bytes. - # max_message_bytes: 8388608 - - # Naffka database options. Not required when using Kafka. - naffka_database: - connection_string: postgres://__APP__:__DB_PWD__@localhost/__APP__ - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - # Configuration for Prometheus metric collection. metrics: # Whether or not Prometheus metrics are enabled. @@ -103,25 +112,41 @@ global: username: metrics password: metrics + # DNS cache options. The DNS cache may reduce the load on DNS servers + # if there is no local caching resolver available for use. + dns_cache: + # Whether or not the DNS cache is enabled. + enabled: false + + # Maximum number of entries to hold in the DNS cache, and + # for how long those items should be considered valid in seconds. + cache_size: 256 + cache_lifetime: "5m" # 5minutes; see https://pkg.go.dev/time@master#ParseDuration for more + # Configuration for the Appservice API. app_service_api: internal_api: - listen: http://localhost:7777 - connect: http://localhost:7777 + listen: http://localhost:7777 # Only used in polylith deployments + connect: http://localhost:7777 # Only used in polylith deployments database: connection_string: file:appservice.db max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 + # Disable the validation of TLS certificates of appservices. This is + # not recommended in production since it may allow appservice traffic + # to be sent to an unverified endpoint. + disable_tls_validation: false + # Appservice configuration files to load into this homeserver. config_files: [] # Configuration for the Client API. client_api: internal_api: - listen: http://localhost:7771 - connect: http://localhost:7771 + listen: http://localhost:7771 # Only used in polylith deployments + connect: http://localhost:7771 # Only used in polylith deployments external_api: listen: http://[::]:8071 @@ -129,6 +154,10 @@ client_api: # using the registration shared secret below. registration_disabled: __REGISTRATION__ + # Prevents new guest accounts from being created. Guest registration is also + # disabled implicitly by setting 'registration_disabled' above. + guests_disabled: true + # If set, allows registration by anyone who knows the shared secret, regardless of # whether registration is otherwise disabled. registration_shared_secret: "" @@ -161,16 +190,21 @@ client_api: # Configuration for the EDU server. edu_server: internal_api: - listen: http://localhost:7778 - connect: http://localhost:7778 + listen: http://localhost:7778 # Only used in polylith deployments + connect: http://localhost:7778 # Only used in polylith deployments # Configuration for the Federation API. federation_api: internal_api: - listen: http://localhost:7772 - connect: http://localhost:7772 + listen: http://localhost:7772 # Only used in polylith deployments + connect: http://localhost:7772 # Only used in polylith deployments external_api: listen: http://[::]:8072 + database: + connection_string: file:federationapi.db + max_open_conns: 10 + max_idle_conns: 2 + conn_max_lifetime: -1 # List of paths to X.509 certificates to be used by the external federation listeners. # These certificates will be used to calculate the TLS fingerprints and other servers @@ -178,17 +212,6 @@ federation_api: # format. federation_certificates: [] -# Configuration for the Federation Sender. -federation_sender: - internal_api: - listen: http://localhost:7775 - connect: http://localhost:7775 - database: - connection_string: file:federationsender.db - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - # How many times we will try to resend a failed transaction to a specific server. The # backoff is 2**x seconds, so 1 = 2 seconds, 2 = 4 seconds, 3 = 8 seconds etc. send_max_retries: 16 @@ -197,18 +220,27 @@ federation_sender: # enable this option in production as it presents a security risk! disable_tls_validation: false - # Use the following proxy server for outbound federation traffic. - proxy_outbound: - enabled: false - protocol: http - host: localhost - port: 8080 + # Perspective keyservers to use as a backup when direct key fetches fail. This may + # be required to satisfy key requests for servers that are no longer online when + # joining some rooms. + key_perspectives: + - server_name: matrix.org + keys: + - key_id: ed25519:auto + public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw + - key_id: ed25519:a_RXGa + public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ + + # This option will control whether Dendrite will prefer to look up keys directly + # or whether it should try perspective servers first, using direct fetches as a + # last resort. + prefer_direct_fetch: false # Configuration for the Key Server (for end-to-end encryption). key_server: internal_api: - listen: http://localhost:7779 - connect: http://localhost:7779 + listen: http://localhost:7779 # Only used in polylith deployments + connect: http://localhost:7779 # Only used in polylith deployments database: connection_string: file:keyserver.db max_open_conns: 10 @@ -218,13 +250,13 @@ key_server: # Configuration for the Media API. media_api: internal_api: - listen: http://localhost:7774 - connect: http://localhost:7774 + listen: http://localhost:7774 # Only used in polylith deployments + connect: http://localhost:7774 # Only used in polylith deployments external_api: listen: http://[::]:8074 database: connection_string: file:mediaapi.db - max_open_conns: 10 + max_open_conns: 5 max_idle_conns: 2 conn_max_lifetime: -1 @@ -232,7 +264,8 @@ media_api: base_path: ./media_store # The maximum allowed file size (in bytes) for media uploads to this homeserver - # (0 = unlimited). + # (0 = unlimited). If using a reverse proxy, ensure it allows requests at + # least this large (e.g. client_max_body_size in nginx.) max_file_size_bytes: 10485760 # Whether to dynamically generate thumbnails if needed. @@ -253,49 +286,35 @@ media_api: height: 480 method: scale +# Configuration for experimental MSC's +mscs: + # A list of enabled MSC's + # Currently valid values are: + # - msc2836 (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836) + # - msc2946 (Spaces Summary, see https://github.com/matrix-org/matrix-doc/pull/2946) + mscs: [] + database: + connection_string: file:mscs.db + max_open_conns: 5 + max_idle_conns: 2 + conn_max_lifetime: -1 + # Configuration for the Room Server. room_server: internal_api: - listen: http://localhost:7770 - connect: http://localhost:7770 + listen: http://localhost:7770 # Only used in polylith deployments + connect: http://localhost:7770 # Only used in polylith deployments database: connection_string: file:roomserver.db max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 -# Configuration for the Signing Key Server (for server signing keys). -signing_key_server: - internal_api: - listen: http://localhost:7780 - connect: http://localhost:7780 - database: - connection_string: file:signingkeyserver.db - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - - # Perspective keyservers to use as a backup when direct key fetches fail. This may - # be required to satisfy key requests for servers that are no longer online when - # joining some rooms. - key_perspectives: - - server_name: matrix.org - keys: - - key_id: ed25519:auto - public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw - - key_id: ed25519:a_RXGa - public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ - - # This option will control whether Dendrite will prefer to look up keys directly - # or whether it should try perspective servers first, using direct fetches as a - # last resort. - prefer_direct_fetch: false - # Configuration for the Sync API. sync_api: internal_api: - listen: http://localhost:7773 - connect: http://localhost:7773 + listen: http://localhost:7773 # Only used in polylith deployments + connect: http://localhost:7773 # Only used in polylith deployments external_api: listen: http://[::]:8073 database: @@ -311,19 +330,26 @@ sync_api: # Configuration for the User API. user_api: + # The cost when hashing passwords on registration/login. Default: 10. Min: 4, Max: 31 + # See https://pkg.go.dev/golang.org/x/crypto/bcrypt for more information. + # Setting this lower makes registration/login consume less CPU resources at the cost of security + # should the database be compromised. Setting this higher makes registration/login consume more + # CPU resources but makes it harder to brute force password hashes. + # This value can be low if performing tests or on embedded Dendrite instances (e.g WASM builds) + # bcrypt_cost: 10 internal_api: - listen: http://localhost:7781 - connect: http://localhost:7781 + listen: http://localhost:7781 # Only used in polylith deployments + connect: http://localhost:7781 # Only used in polylith deployments account_database: connection_string: file:userapi_accounts.db max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 - device_database: - connection_string: file:userapi_devices.db - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 + # The length of time that a token issued for a relying party from + # /_matrix/client/r0/user/{userId}/openid/request_token endpoint + # is considered to be valid in milliseconds. + # The default lifetime is 3600000ms (60 minutes). + # openid_token_lifetime_ms: 3600000 # Configuration for Opentracing. # See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on @@ -341,11 +367,12 @@ tracing: baggage_restrictions: null throttler: null -# Logging configuration, in addition to the standard logging that is sent to -# stdout by Dendrite. +# Logging configuration logging: -- type: file - level: info - params: - path: /var/log/__APP__ - + - type: std + level: info + - type: file + # The logging level, must be one of debug, info, warn, error, fatal, panic. + level: info + params: + path: /var/log/__APP__ diff --git a/conf/go.src b/conf/go.src deleted file mode 100644 index 03b9985..0000000 --- a/conf/go.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://golang.org/dl/go1.15.8.linux-amd64.tar.gz -SOURCE_SUM=d3379c32a90fdf9382166f8f48034c459a8cc433730bc9476d39d9082c94583b -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=false -SOURCE_FILENAME= -SOURCE_EXTRACT=true diff --git a/conf/systemd.service b/conf/systemd.service index 996a086..40396ee 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -7,7 +7,9 @@ Type=simple User=__APP__ Group=__APP__ WorkingDirectory=__FINALPATH__/ -ExecStart=__FINALPATH__/./bin/dendrite-monolith-server --tls-cert=/etc/yunohost/certs/__DOMAIN__/crt.pem --tls-key=/etc/yunohost/certs/__DOMAIN__/key.pem --config=dendrite.yaml --http-bind-address=:__PORT__ --https-bind-address=:__TLS_PORT__ >> /var/log/__APP__/__APP__.log 2>&1 +ExecStart=__FINALPATH__/./bin/dendrite-monolith-server --tls-cert=/etc/yunohost/certs/__DOMAIN__/crt.pem --tls-key=/etc/yunohost/certs/__DOMAIN__/key.pem --config=dendrite.yaml --http-bind-address=:__PORT__ --https-bind-address=:__TLS_PORT__ +StandardOutput=append:/var/log/__APP__/__APP__.log +StandardError=inherit # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these diff --git a/manifest.json b/manifest.json index 16ab4b8..e280b1b 100644 --- a/manifest.json +++ b/manifest.json @@ -24,8 +24,7 @@ }, "multi_instance": true, "services": [ - "nginx", - "psql" + "nginx" ], "arguments": { "install": [ @@ -39,19 +38,11 @@ }, { "name": "domain", - "type": "domain", - "help": { - "en": "Dendrite requires its own domain, so make sure to create a new one.", - "fr": "Dendrite a besoin de son propre domaine, créez-en un au préalable." - } + "type": "domain" }, { "name": "is_public", "type": "boolean", - "help": { - "en": "A public server means that anybody will be able to register.", - "fr": "Un serveur public permet à quiconque de s'y enregistrer." - }, "default": false } ] diff --git a/scripts/_common.sh b/scripts/_common.sh index c0220ac..cd22c33 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -7,6 +7,8 @@ # dependencies used by the app pkg_dependencies="postgresql postgresql-contrib" +GO_VERSION="1.16" + #================================================= # PERSONAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index 1197e3d..7db41e5 100644 --- a/scripts/backup +++ b/scripts/backup @@ -15,7 +15,6 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script diff --git a/scripts/change_url b/scripts/change_url index 6160dea..7d93bc8 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -21,11 +21,6 @@ new_path=$YNH_APP_NEW_PATH app=$YNH_APP_INSTANCE_NAME -# For systemd update -domain=$YNH_APP_NEW_DOMAIN -port=$(ynh_app_setting_get --app=$app --key=port) -tls_port=$(ynh_app_setting_get --app=$app --key=tls_port) - #================================================= # LOAD SETTINGS #================================================= @@ -34,14 +29,20 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) +# Add settings here as needed by your application +domain=$YNH_APP_NEW_DOMAIN +port=$(ynh_app_setting_get --app=$app --key=port) +tls_port=$(ynh_app_setting_get --app=$app --key=tls_port) + #================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP #================================================= ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1 # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { + ynh_clean_check_starting # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" @@ -122,6 +123,7 @@ ynh_add_systemd_config #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 +# Start a systemd service ynh_systemd_action --service_name=$app --action="start" --line_match="Starting external Monolith listener" --log_path="systemd" #================================================= diff --git a/scripts/install b/scripts/install index d03d6b6..6ca4823 100644 --- a/scripts/install +++ b/scripts/install @@ -7,6 +7,7 @@ #================================================= source _common.sh +source ynh_install_go source /usr/share/yunohost/helpers #================================================= @@ -14,8 +15,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. - true + ynh_clean_check_starting } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -58,15 +58,13 @@ ynh_script_progression --message="Configuring firewall..." --weight=1 # Find available ports port=$(ynh_find_port --port=8008) +ynh_app_setting_set --app=$app --key=port --value=$port tls_port=$(ynh_find_port --port=8448) +ynh_app_setting_set --app=$app --key=tls_port --value=$tls_port # Open TLS port ynh_exec_warn_less yunohost firewall allow TCP $tls_port -# Store opened ports -ynh_app_setting_set --app=$app --key=port --value=$port -ynh_app_setting_set --app=$app --key=tls_port --value=$tls_port - #================================================= # INSTALL DEPENDENCIES #================================================= @@ -74,15 +72,14 @@ ynh_script_progression --message="Installing dependencies..." --weight=3 ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies -# Install Go if needed -if ! command -v /usr/local/go/bin/go &> /dev/null -then - ynh_script_progression --message="Installing Go dependency... (this will take some time)" --weight=3 - ynh_setup_source --source_id="go" --dest_dir="/usr/local/" -fi +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=1 -export PATH=$PATH:/usr/local/go/bin -env_path=$PATH +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" +adduser $app ssl-cert #================================================= # CREATE A POSTGRESQL DATABASE @@ -90,12 +87,11 @@ env_path=$PATH ynh_script_progression --message="Creating a PostgreSQL database..." --weight=2 db_name=$(ynh_sanitize_dbid --db_name=$app) +db_user=$db_name ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_psql_test_if_first_run -ynh_psql_setup_db --db_user=$db_name --db_name=$db_name - -ynh_psql_execute_as_root \ ---sql="CREATE DATABASE $db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $app;" +ynh_psql_setup_db --db_user=$db_user --db_name=$db_name +ynh_psql_execute_as_root --sql="CREATE DATABASE $db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $app;" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -106,6 +102,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:root "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -114,26 +114,22 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a system user -ynh_system_user_create --username=$app -adduser $app ssl-cert - #================================================= # SPECIFIC SETUP #================================================= # BUILDING SOURCES AND SETTING UP THE SERVER #================================================= +ynh_script_progression --message="Building the sources (it will take some time)..." --weight=6 + +ynh_install_go --go_version=$GO_VERSION pushd "$final_path" - ynh_script_progression --message="Building the sources (it will take some time)..." --weight=6 + ynh_use_go + # Build the sources mkdir ./bin ynh_exec_warn_less ./build.sh + read -p "999" ynh_script_progression --message="Generating the keys..." --weight=1 # Generate a Matrix signing key for federation ./bin/generate-keys --private-key matrix_key.pem @@ -141,6 +137,16 @@ pushd "$final_path" ./bin/generate-keys --tls-cert server.crt --tls-key server.key popd +ynh_remove_go + +# Set permissions to app files +chown -R $app:root "$final_path" + +#================================================= +# ADD A CONFIGURATION +#================================================= +ynh_script_progression --message="Adding a configuration file..." + # Allow or deny registration based of is_public registration=false if [ $is_public -eq 1 ] @@ -151,6 +157,9 @@ fi # Copy and modify the config file ynh_add_config --template="../conf/dendrite.yaml" --destination="$final_path/dendrite.yaml" +chmod 400 "$final_path/dendrite.yaml" +chown $app:$app "$final_path/dendrite.yaml" + #================================================= # SETUP SYSTEMD #================================================= @@ -161,20 +170,14 @@ ynh_add_systemd_config #================================================= # GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -chown -R $app:root $final_path -mkdir -p /var/log/$app -chown -R $app:root /var/log/$app - #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Configuring log rotation..." --weight=1 +mkdir -p /var/log/$app +chown -R $app:root /var/log/$app + # Use logrotate to manage application logfile(s) ynh_use_logrotate # HACKY: Match the weirdly renamed rotated logs. diff --git a/scripts/remove b/scripts/remove index 601e5f3..090c95c 100644 --- a/scripts/remove +++ b/scripts/remove @@ -19,6 +19,8 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) port=$(ynh_app_setting_get --app=$app --key=port) tls_port=$(ynh_app_setting_get --app=$app --key=tls_port) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= @@ -42,21 +44,21 @@ ynh_script_progression --message="Stopping and removing the systemd service..." # Remove the dedicated systemd config ynh_remove_systemd_config +#================================================= +# REMOVE LOGROTATE CONFIGURATION +#================================================= +ynh_script_progression --message="Removing logrotate configuration..." --weight=1 + +# Remove the app-specific logrotate config +ynh_remove_logrotate + #================================================= # REMOVE THE POSTGRESQL DATABASE #================================================= ynh_script_progression --message="Removing the PostgreSQL database" --weight=2 # Remove a database if it exists, along with the associated user -ynh_psql_remove_db --db_user=$app --db_name=$app - -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=3 - -# Remove metapackage and its dependencies -ynh_remove_app_dependencies +ynh_psql_remove_db --db_user=$db_user --db_name=$db_name #================================================= # REMOVE APP MAIN DIR @@ -75,12 +77,12 @@ ynh_script_progression --message="Removing NGINX web server configuration..." -- ynh_remove_nginx_config #================================================= -# REMOVE LOGROTATE CONFIGURATION +# REMOVE DEPENDENCIES #================================================= -ynh_script_progression --message="Removing logrotate configuration..." --weight=1 +ynh_script_progression --message="Removing dependencies..." --weight=3 -# Remove the app-specific logrotate config -ynh_remove_logrotate +# Remove metapackage and its dependencies +ynh_remove_app_dependencies #================================================= # CLOSE A PORT diff --git a/scripts/restore b/scripts/restore index 375b040..68d19ad 100644 --- a/scripts/restore +++ b/scripts/restore @@ -15,8 +15,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - #### Remove this function if there's nothing to clean before calling the remove script. - true + ynh_clean_check_starting } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -35,7 +34,6 @@ port=$(ynh_app_setting_get --app=$app --key=port) tls_port=$(ynh_app_setting_get --app=$app --key=tls_port) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) #================================================= # CHECK IF THE APP CAN BE RESTORED @@ -50,9 +48,18 @@ test ! -d $final_path \ #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the NGINX web server configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -60,22 +67,9 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$final_path" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app - -#================================================= -# RESTORE USER RIGHTS -#================================================= - -# Restore permissions on app files -chown -R $app:root $final_path -mkdir -p /var/log/$app -chown -R $app:root /var/log/$app +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:root "$final_path" #================================================= # SPECIFIC RESTORATION @@ -87,21 +81,12 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=3 # Define and install dependencies ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies -# Install Go if needed -if ! command -v /usr/local/go/bin/go &> /dev/null -then - ynh_script_progression --message="Installing Go dependency... (this will take some time)" --weight=3 - ynh_setup_source --source_id="go" --dest_dir="/usr/local/" -fi - -export PATH=$PATH:/usr/local/go/bin -env_path=$PATH - #================================================= -# RESTORE THE PSQL DATABASE +# RESTORE THE POSTGRESQL DATABASE #================================================= -ynh_script_progression --message="Restoring the PSQL database..." --weight=3 +ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=3 +db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) ynh_psql_test_if_first_run ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd ynh_psql_execute_file_as_root --file="./db.sql" --database=$db_name @@ -114,6 +99,16 @@ ynh_script_progression --message="Restoring the systemd configuration..." --weig ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service --quiet +#================================================= +# RESTORE THE LOGROTATE CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the logrotate configuration..." + +mkdir -p /var/log/$app +chown -R $app:root /var/log/$app + +ynh_restore_file --origin_path="/etc/logrotate.d/$app" + #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= @@ -128,16 +123,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="start" --line_match="Starting external Monolith listener" --log_path="systemd" -#================================================= -# RESTORE VARIOUS FILES -#================================================= - -#================================================= -# RESTORE THE LOGROTATE CONFIGURATION -#================================================= - -ynh_restore_file --origin_path="/etc/logrotate.d/$app" - #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index f490dbc..b58763f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -7,6 +7,7 @@ #================================================= source _common.sh +source ynh_install_go source /usr/share/yunohost/helpers #================================================= @@ -26,18 +27,10 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name) #================================================= # CHECK VERSION #================================================= +ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# ENSURE DOWNWARD COMPATIBILITY -#================================================= -ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 - -if ! groups $app | grep -q 'ssl-cert'; then - adduser $app ssl-cert -fi - #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -46,6 +39,7 @@ ynh_script_progression --message="Backing up the app before upgrading (may take # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { + ynh_clean_check_starting # Restore it if the upgrade fails ynh_restore_upgradebackup } @@ -61,6 +55,23 @@ ynh_script_progression --message="Stopping a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped Dendrite Matrix homeserver" --log_path="systemd" +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 + +if ! groups $app | grep -q 'ssl-cert'; then + adduser $app ssl-cert +fi + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -73,6 +84,10 @@ then ynh_setup_source --dest_dir="$final_path" --keep="$final_path/dendrite.yaml" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:root "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -88,35 +103,27 @@ ynh_script_progression --message="Upgrading dependencies..." --weight=1 ynh_exec_warn_less ynh_install_app_dependencies "$pkg_dependencies" -# TODO: check Go version and upgrade if needed -if ! command -v /usr/local/go/bin/go &> /dev/null -then - ynh_script_progression --message="Installing Go dependency... (this will take some time)" --weight=3 - ynh_setup_source --source_id="go" --dest_dir="/usr/local/" -fi - -export PATH=$PATH:/usr/local/go/bin -env_path=$PATH - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - #================================================= # SPECIFIC UPGRADE #================================================= # BUILDING SOURCES AND SETTING UP THE SERVER #================================================= -pushd "$final_path" - ynh_script_progression --message="Building the sources (it will take some time)..." --weight=6 - # Build the sources - ynh_exec_warn_less ./build.sh -popd +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Building the sources (it will take some time)..." --weight=6 + + ynh_install_go --go_version=$GO_VERSION + pushd "$final_path" + ynh_use_go + # Build the sources + ynh_exec_warn_less ./build.sh + popd + + ynh_remove_go +fi + +chown -R $app:root "$final_path" #================================================= # SETUP SYSTEMD @@ -128,20 +135,14 @@ ynh_add_systemd_config #================================================= # GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions on app files -chown -R $app:root $final_path -mkdir -p /var/log/$app -chown -R $app:root /var/log/$app - #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1 +mkdir -p /var/log/$app +chown -R $app:root /var/log/$app + # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append diff --git a/scripts/ynh_install_go b/scripts/ynh_install_go new file mode 100644 index 0000000..4fbf4e9 --- /dev/null +++ b/scripts/ynh_install_go @@ -0,0 +1,247 @@ +#!/bin/bash + +ynh_go_try_bash_extension() { + if [ -x src/configure ]; then + src/configure && make -C src || { + ynh_print_info --message="Optional bash extension failed to build, but things will still work normally." + } + fi +} + +goenv_install_dir="/opt/goenv" +go_version_path="$goenv_install_dir/versions" +# goenv_ROOT is the directory of goenv, it needs to be loaded as a environment variable. +export GOENV_ROOT="$goenv_install_dir" + +# Load the version of Go for an app, and set variables. +# +# ynh_use_go has to be used in any app scripts before using Go for the first time. +# This helper will provide alias and variables to use in your scripts. +# +# To use gem or Go, use the alias `ynh_gem` and `ynh_go` +# Those alias will use the correct version installed for the app +# For example: use `ynh_gem install` instead of `gem install` +# +# With `sudo` or `ynh_exec_as`, use instead the fallback variables `$ynh_gem` and `$ynh_go` +# And propagate $PATH to sudo with $ynh_go_load_path +# Exemple: `ynh_exec_as $app $ynh_go_load_path $ynh_gem install` +# +# $PATH contains the path of the requested version of Go. +# However, $PATH is duplicated into $go_path to outlast any manipulation of $PATH +# You can use the variable `$ynh_go_load_path` to quickly load your Go version +# in $PATH for an usage into a separate script. +# Exemple: $ynh_go_load_path $final_path/script_that_use_gem.sh` +# +# +# Finally, to start a Go service with the correct version, 2 solutions +# Either the app is dependent of Go or gem, but does not called it directly. +# In such situation, you need to load PATH +# `Environment="__YNH_GO_LOAD_PATH__"` +# `ExecStart=__FINALPATH__/my_app` +# You will replace __YNH_GO_LOAD_PATH__ with $ynh_go_load_path +# +# Or Go start the app directly, then you don't need to load the PATH variable +# `ExecStart=__YNH_GO__ my_app run` +# You will replace __YNH_GO__ with $ynh_go +# +# +# one other variable is also available +# - $go_path: The absolute path to Go binaries for the chosen version. +# +# usage: ynh_use_go +# +# Requires YunoHost version 3.2.2 or higher. +ynh_use_go () { + go_version=$(ynh_app_setting_get --app=$app --key=go_version) + + # Get the absolute path of this version of Go + go_path="$go_version_path/$go_version/bin" + + # Allow alias to be used into bash script + shopt -s expand_aliases + + # Create an alias for the specific version of Go and a variable as fallback + ynh_go="$go_path/go" + alias ynh_go="$ynh_go" + + # Load the path of this version of Go in $PATH + if [[ :$PATH: != *":$go_path"* ]]; then + PATH="$go_path:$PATH" + fi + # Create an alias to easily load the PATH + ynh_go_load_path="PATH=$PATH" + + # Sets the local application-specific Go version + pushd $final_path + $goenv_install_dir/bin/goenv local $go_version + popd +} + +# Install a specific version of Go +# +# ynh_install_go will install the version of Go provided as argument by using goenv. +# +# This helper creates a /etc/profile.d/goenv.sh that configures PATH environment for goenv +# for every LOGIN user, hence your user must have a defined shell (as opposed to /usr/sbin/nologin) +# +# Don't forget to execute go-dependent command in a login environment +# (e.g. sudo --login option) +# When not possible (e.g. in systemd service definition), please use direct path +# to goenv shims (e.g. $goenv_ROOT/shims/bundle) +# +# usage: ynh_install_go --go_version=go_version +# | arg: -v, --go_version= - Version of go to install. +# +# Requires YunoHost version 3.2.2 or higher. +ynh_install_go () { + # Declare an array to define the options of this helper. + local legacy_args=v + local -A args_array=( [v]=go_version= ) + local go_version + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + # Load goenv path in PATH + local CLEAR_PATH="$goenv_install_dir/bin:$PATH" + + # Remove /usr/local/bin in PATH in case of Go prior installation + PATH=$(echo $CLEAR_PATH | sed 's@/usr/local/bin:@@') + + # Move an existing Go binary, to avoid to block goenv + test -x /usr/bin/go && mv /usr/bin/go /usr/bin/go_goenv + + # Install or update goenv + goenv="$(command -v goenv $goenv_install_dir/bin/goenv | head -1)" + if [ -n "$goenv" ]; then + ynh_print_info --message="goenv already seems installed in \`$goenv'." + pushd "${goenv%/*/*}" + if git remote -v 2>/dev/null | grep "https://github.com/syndbg/goenv.git"; then + echo "Trying to update with git..." + git pull -q --tags origin master + cd .. + ynh_go_try_bash_extension + fi + popd + else + ynh_print_info --message="Installing goenv with git..." + mkdir -p $goenv_install_dir + pushd $goenv_install_dir + git init -q + git remote add -f -t master origin https://github.com/syndbg/goenv.git > /dev/null 2>&1 + git checkout -q -b master origin/master + ynh_go_try_bash_extension + goenv=$goenv_install_dir/bin/goenv + popd + fi + + goenv_latest="$(command -v "$goenv_install_dir"/plugins/*/bin/goenv-latest goenv-latest | head -1)" + if [ -n "$goenv_latest" ]; then + ynh_print_info --message="\`goenv latest' command already available in \`$goenv_latest'." + pushd "${goenv_latest%/*/*}" + if git remote -v 2>/dev/null | grep "https://github.com/momo-lab/xxenv-latest.git"; then + ynh_print_info --message="Trying to update xxenv-latest with git..." + git pull -q origin master + fi + popd + else + ynh_print_info --message="Installing xxenv-latest with git..." + mkdir -p "${goenv_install_dir}/plugins" + git clone -q https://github.com/momo-lab/xxenv-latest.git "${goenv_install_dir}/plugins/xxenv-latest" + fi + + # Enable caching + mkdir -p "${goenv_install_dir}/cache" + + # Create shims directory if needed + mkdir -p "${goenv_install_dir}/shims" + + # Restore /usr/local/bin in PATH + PATH=$CLEAR_PATH + + # And replace the old Go binary + test -x /usr/bin/go_goenv && mv /usr/bin/go_goenv /usr/bin/go + + # Install the requested version of Go + local final_go_version=$(goenv latest --print $go_version) + ynh_print_info --message="Installation of Go-$final_go_version" + goenv install --skip-existing $final_go_version + + # Store go_version into the config of this app + ynh_app_setting_set --app=$YNH_APP_INSTANCE_NAME --key=go_version --value=$final_go_version + + # Cleanup Go versions + ynh_cleanup_go + + # Set environment for Go users + echo "#goenv +export GOENV_ROOT=$goenv_install_dir +export PATH=\"$goenv_install_dir/bin:$PATH\" +eval \"\$(goenv init -)\" +#goenv" > /etc/profile.d/goenv.sh + + # Load the environment + eval "$(goenv init -)" +} + +# Remove the version of Go used by the app. +# +# This helper will also cleanup Go versions +# +# usage: ynh_remove_go +ynh_remove_go () { + local go_version=$(ynh_app_setting_get --app=$YNH_APP_INSTANCE_NAME --key=go_version) + + # Load goenv path in PATH + local CLEAR_PATH="$goenv_install_dir/bin:$PATH" + + # Remove /usr/local/bin in PATH in case of Go prior installation + PATH=$(echo $CLEAR_PATH | sed 's@/usr/local/bin:@@') + + # Remove the line for this app + ynh_app_setting_delete --app=$YNH_APP_INSTANCE_NAME --key=go_version + + # Cleanup Go versions + ynh_cleanup_go +} + +# Remove no more needed versions of Go used by the app. +# +# This helper will check what Go version are no more required, +# and uninstall them +# If no app uses Go, goenv will be also removed. +# +# usage: ynh_cleanup_go +ynh_cleanup_go () { + + # List required Go versions + local installed_apps=$(yunohost app list | grep -oP 'id: \K.*$') + local required_go_versions="" + for installed_app in $installed_apps + do + local installed_app_go_version=$(ynh_app_setting_get --app=$installed_app --key="go_version") + if [[ $installed_app_go_version ]] + then + required_go_versions="${installed_app_go_version}\n${required_go_versions}" + fi + done + + # Remove no more needed Go versions + local installed_go_versions=$(goenv versions --bare --skip-aliases | grep -Ev '/') + for installed_go_version in $installed_go_versions + do + if ! `echo ${required_go_versions} | grep "${installed_go_version}" 1>/dev/null 2>&1` + then + ynh_print_info --message="Removing of Go-$installed_go_version" + $goenv_install_dir/bin/goenv uninstall --force $installed_go_version + fi + done + + # If none Go version is required + if [[ ! $required_go_versions ]] + then + # Remove goenv environment configuration + ynh_print_info --message="Removing of goenv" + ynh_secure_remove --file="$goenv_install_dir" + ynh_secure_remove --file="/etc/profile.d/goenv.sh" + fi +} diff --git a/sources/extra_files/app/.gitignore b/sources/extra_files/app/.gitignore deleted file mode 100644 index 783a4ae..0000000 --- a/sources/extra_files/app/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -*~ -*.sw[op] diff --git a/sources/patches/.gitignore b/sources/patches/.gitignore deleted file mode 100644 index 783a4ae..0000000 --- a/sources/patches/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -*~ -*.sw[op] From 329d4a1e79bd64ecf7d6921aeea1a0d044dfc9ef Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sat, 19 Mar 2022 15:01:33 +0100 Subject: [PATCH 2/9] Cleanup --- scripts/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index 6ca4823..7a72d70 100644 --- a/scripts/install +++ b/scripts/install @@ -129,7 +129,7 @@ pushd "$final_path" # Build the sources mkdir ./bin ynh_exec_warn_less ./build.sh - read -p "999" + ynh_script_progression --message="Generating the keys..." --weight=1 # Generate a Matrix signing key for federation ./bin/generate-keys --private-key matrix_key.pem From 7ec59f4c86243a7df6fbda7810d9991c756de248 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sat, 19 Mar 2022 15:28:17 +0100 Subject: [PATCH 3/9] Use postgresql instead of file --- conf/dendrite.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/conf/dendrite.yaml b/conf/dendrite.yaml index c2a80c8..06de6b0 100644 --- a/conf/dendrite.yaml +++ b/conf/dendrite.yaml @@ -129,7 +129,7 @@ app_service_api: listen: http://localhost:7777 # Only used in polylith deployments connect: http://localhost:7777 # Only used in polylith deployments database: - connection_string: file:appservice.db + connection_string: postgres://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__ max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -201,7 +201,7 @@ federation_api: external_api: listen: http://[::]:8072 database: - connection_string: file:federationapi.db + connection_string: postgres://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__ max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -242,7 +242,7 @@ key_server: listen: http://localhost:7779 # Only used in polylith deployments connect: http://localhost:7779 # Only used in polylith deployments database: - connection_string: file:keyserver.db + connection_string: postgres://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__ max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -255,7 +255,7 @@ media_api: external_api: listen: http://[::]:8074 database: - connection_string: file:mediaapi.db + connection_string: postgres://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__ max_open_conns: 5 max_idle_conns: 2 conn_max_lifetime: -1 @@ -294,7 +294,7 @@ mscs: # - msc2946 (Spaces Summary, see https://github.com/matrix-org/matrix-doc/pull/2946) mscs: [] database: - connection_string: file:mscs.db + connection_string: postgres://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__ max_open_conns: 5 max_idle_conns: 2 conn_max_lifetime: -1 @@ -305,7 +305,7 @@ room_server: listen: http://localhost:7770 # Only used in polylith deployments connect: http://localhost:7770 # Only used in polylith deployments database: - connection_string: file:roomserver.db + connection_string: postgres://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__ max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -318,7 +318,7 @@ sync_api: external_api: listen: http://[::]:8073 database: - connection_string: file:syncapi.db + connection_string: postgres://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__ max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -341,7 +341,7 @@ user_api: listen: http://localhost:7781 # Only used in polylith deployments connect: http://localhost:7781 # Only used in polylith deployments account_database: - connection_string: file:userapi_accounts.db + connection_string: postgres://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__ max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 From d6bdad1c90074ba83d4e454c247245ead2bb9ff3 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sat, 19 Mar 2022 15:28:40 +0100 Subject: [PATCH 4/9] More clean install --- scripts/install | 21 ++++++++++++--------- scripts/upgrade | 21 +++++++++++++++++---- 2 files changed, 29 insertions(+), 13 deletions(-) diff --git a/scripts/install b/scripts/install index 7a72d70..06229dc 100644 --- a/scripts/install +++ b/scripts/install @@ -100,7 +100,7 @@ ynh_script_progression --message="Setting up source files..." --weight=2 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path" +ynh_setup_source --dest_dir="$final_path/build" chmod 750 "$final_path" chmod -R o-rwx "$final_path" @@ -123,22 +123,25 @@ ynh_script_progression --message="Building the sources (it will take some time). ynh_install_go --go_version=$GO_VERSION -pushd "$final_path" - ynh_use_go - +pushd "$final_path/build" # Build the sources - mkdir ./bin - ynh_exec_warn_less ./build.sh + ynh_use_go + CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/... + CGO_ENABLED=0 GOOS=js GOARCH=wasm go build -trimpath -o "$final_path/bin/main.wasm" ./cmd/dendritejs-pinecone +popd - ynh_script_progression --message="Generating the keys..." --weight=1 +ynh_secure_remove --file="$final_path/build" +ynh_remove_go + +ynh_script_progression --message="Generating the keys..." --weight=1 + +pushd "$final_path" # Generate a Matrix signing key for federation ./bin/generate-keys --private-key matrix_key.pem # Generate a self-signed certificate ./bin/generate-keys --tls-cert server.crt --tls-key server.key popd -ynh_remove_go - # Set permissions to app files chown -R $app:root "$final_path" diff --git a/scripts/upgrade b/scripts/upgrade index b58763f..6ff70d3 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -81,7 +81,7 @@ then ynh_script_progression --message="Upgrading source files..." --weight=3 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" --keep="$final_path/dendrite.yaml" + ynh_setup_source --dest_dir="$final_path/build" --keep="$final_path/dendrite.yaml" fi chmod 750 "$final_path" @@ -114,17 +114,30 @@ then ynh_script_progression --message="Building the sources (it will take some time)..." --weight=6 ynh_install_go --go_version=$GO_VERSION - pushd "$final_path" + + pushd "$final_path/build" + # Build the sources ynh_use_go - # Build the sources - ynh_exec_warn_less ./build.sh + CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/... + CGO_ENABLED=0 GOOS=js GOARCH=wasm go build -trimpath -o "$final_path/bin/main.wasm" ./cmd/dendritejs-pinecone popd + ynh_secure_remove --file="$final_path/build" ynh_remove_go fi chown -R $app:root "$final_path" +#================================================= +# UPDATE A CONFIG FILE +#================================================= +ynh_script_progression --message="Updating a configuration file..." + +ynh_add_config --template="../conf/dendrite.yaml" --destination="$final_path/dendrite.yaml" + +chmod 400 "$final_path/dendrite.yaml" +chown $app:$app "$final_path/dendrite.yaml" + #================================================= # SETUP SYSTEMD #================================================= From f6f45487d0b2ffee28a79b6bc1e34975d73e0b10 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sat, 19 Mar 2022 15:52:07 +0100 Subject: [PATCH 5/9] Better build --- scripts/change_url | 4 ++-- scripts/install | 8 +++++--- scripts/restore | 2 +- scripts/upgrade | 8 +++++--- 4 files changed, 13 insertions(+), 9 deletions(-) diff --git a/scripts/change_url b/scripts/change_url index 7d93bc8..2b97884 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -75,7 +75,7 @@ fi #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="stop" +ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped Dendrite Matrix homeserver" --log_path="systemd" #================================================= # MODIFY URL IN NGINX CONF @@ -124,7 +124,7 @@ ynh_add_systemd_config ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --line_match="Starting external Monolith listener" --log_path="systemd" +ynh_systemd_action --service_name=$app --action="start" --line_match="Starting external Monolith listener" --log_path="/var/log/$app/$app.log" #================================================= # RELOAD NGINX diff --git a/scripts/install b/scripts/install index 06229dc..552b9af 100644 --- a/scripts/install +++ b/scripts/install @@ -126,8 +126,10 @@ ynh_install_go --go_version=$GO_VERSION pushd "$final_path/build" # Build the sources ynh_use_go - CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/... - CGO_ENABLED=0 GOOS=js GOARCH=wasm go build -trimpath -o "$final_path/bin/main.wasm" ./cmd/dendritejs-pinecone + CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/dendrite-monolith-server + CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/goose + CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/create-account + CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/generate-keys popd ynh_secure_remove --file="$final_path/build" @@ -200,7 +202,7 @@ yunohost service add $app --description="Dendrite Matrix homeserver" --log="/var ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --line_match="Starting external Monolith listener" --log_path="systemd" +ynh_systemd_action --service_name=$app --action="start" --line_match="Starting external Monolith listener" --log_path="/var/log/$app/$app.log" #================================================= # RELOAD NGINX diff --git a/scripts/restore b/scripts/restore index 68d19ad..fddb741 100644 --- a/scripts/restore +++ b/scripts/restore @@ -121,7 +121,7 @@ yunohost service add $app --description="Dendrite Matrix homeserver" --log="/var #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --line_match="Starting external Monolith listener" --log_path="systemd" +ynh_systemd_action --service_name=$app --action="start" --line_match="Starting external Monolith listener" --log_path="/var/log/$app/$app.log" #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index 6ff70d3..2b11eca 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -118,8 +118,10 @@ then pushd "$final_path/build" # Build the sources ynh_use_go - CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/... - CGO_ENABLED=0 GOOS=js GOARCH=wasm go build -trimpath -o "$final_path/bin/main.wasm" ./cmd/dendritejs-pinecone + CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/dendrite-monolith-server + CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/goose + CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/create-account + CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/generate-keys popd ynh_secure_remove --file="$final_path/build" @@ -171,7 +173,7 @@ yunohost service add $app --description="Dendrite Matrix homeserver" --log="/var #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --line_match="Starting external Monolith listener" --log_path="systemd" +ynh_systemd_action --service_name=$app --action="start" --line_match="Starting external Monolith listener" --log_path="/var/log/$app/$app.log" #================================================= # RELOAD NGINX From 31e26915a57c53666ef3fdd4f8da6812c4bfd5d4 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sat, 19 Mar 2022 23:35:49 +0100 Subject: [PATCH 6/9] Missing varirable in upgrade --- scripts/upgrade | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index 2b11eca..8eb74c6 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -23,6 +23,8 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) port=$(ynh_app_setting_get --app=$app --key=port) tls_port=$(ynh_app_setting_get --app=$app --key=tls_port) db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name +db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) #================================================= # CHECK VERSION From 06a1779973ce6c67354a5af36d91ef2be4034e8e Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 20 Mar 2022 13:36:41 +0100 Subject: [PATCH 7/9] ynh_exec_warn_less --- scripts/install | 10 +++++----- scripts/upgrade | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/scripts/install b/scripts/install index 552b9af..5ec7f39 100644 --- a/scripts/install +++ b/scripts/install @@ -121,15 +121,15 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Building the sources (it will take some time)..." --weight=6 -ynh_install_go --go_version=$GO_VERSION +ynh_exec_warn_less ynh_install_go --go_version=$GO_VERSION pushd "$final_path/build" # Build the sources ynh_use_go - CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/dendrite-monolith-server - CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/goose - CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/create-account - CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/generate-keys + ynh_exec_warn_less CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/dendrite-monolith-server + ynh_exec_warn_less CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/goose + ynh_exec_warn_less CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/create-account + ynh_exec_warn_less CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/generate-keys popd ynh_secure_remove --file="$final_path/build" diff --git a/scripts/upgrade b/scripts/upgrade index 8eb74c6..271d86f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -115,15 +115,15 @@ if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Building the sources (it will take some time)..." --weight=6 - ynh_install_go --go_version=$GO_VERSION + ynh_exec_warn_less ynh_install_go --go_version=$GO_VERSION pushd "$final_path/build" # Build the sources ynh_use_go - CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/dendrite-monolith-server - CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/goose - CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/create-account - CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/generate-keys + ynh_exec_warn_less CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/dendrite-monolith-server + ynh_exec_warn_less CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/goose + ynh_exec_warn_less CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/create-account + ynh_exec_warn_less =1 go build -trimpath -v -o "$final_path/bin/" ./cmd/generate-keys popd ynh_secure_remove --file="$final_path/build" From e5d0bc55f892597c62e7b4fef6debf3663fce001 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 20 Mar 2022 13:46:41 +0100 Subject: [PATCH 8/9] missing registration --- scripts/upgrade | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index 271d86f..e923df0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -137,6 +137,13 @@ chown -R $app:root "$final_path" #================================================= ynh_script_progression --message="Updating a configuration file..." +if ynh_permission_has_user --permission=main --user=visitors +then + registration="true" +else + registration="false" +fi + ynh_add_config --template="../conf/dendrite.yaml" --destination="$final_path/dendrite.yaml" chmod 400 "$final_path/dendrite.yaml" From b3c76fdc02b78b5701df2f3f30148ad364401d77 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Mon, 21 Mar 2022 14:02:49 +0100 Subject: [PATCH 9/9] Remove ynh_exec_warn_less --- scripts/install | 8 ++++---- scripts/upgrade | 7 +++---- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/scripts/install b/scripts/install index 5ec7f39..badea49 100644 --- a/scripts/install +++ b/scripts/install @@ -126,10 +126,10 @@ ynh_exec_warn_less ynh_install_go --go_version=$GO_VERSION pushd "$final_path/build" # Build the sources ynh_use_go - ynh_exec_warn_less CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/dendrite-monolith-server - ynh_exec_warn_less CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/goose - ynh_exec_warn_less CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/create-account - ynh_exec_warn_less CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/generate-keys + CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/dendrite-monolith-server > /dev/null 2>&1 + CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/goose > /dev/null 2>&1 + CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/create-account > /dev/null 2>&1 + CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/generate-keys > /dev/null 2>&1 popd ynh_secure_remove --file="$final_path/build" diff --git a/scripts/upgrade b/scripts/upgrade index e923df0..77453fa 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -120,10 +120,9 @@ then pushd "$final_path/build" # Build the sources ynh_use_go - ynh_exec_warn_less CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/dendrite-monolith-server - ynh_exec_warn_less CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/goose - ynh_exec_warn_less CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/create-account - ynh_exec_warn_less =1 go build -trimpath -v -o "$final_path/bin/" ./cmd/generate-keys + CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/dendrite-monolith-server > /dev/null 2>&1 + CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/goose > /dev/null 2>&1 + CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/create-account > /dev/null 2>&1 popd ynh_secure_remove --file="$final_path/build"