YunoHost-Apps/jitsi_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/jitsi_ynh.git synced 2024-09-03 19:35:57 +02:00
Code Issues Activity Actions

Merge pull request #4 from yalh76/master

Browse source 
Apply example_ynh
This commit is contained in:
Kayou 2019-08-04 19:57:43 +02:00 committed by GitHub
commit b0c2dad3a0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
30 changed files with 2414 additions and 527 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
*~
*.sw[op]

219
LICENSE Normal file
View file

@ -0,0 +1,219 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Note:
This project was originally contributed to the community under the MIT license and with the following notice:
The MIT License (MIT)
Copyright (c) 2013 ESTOS GmbH
Copyright (c) 2013 BlueJimp SARL
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

71
README.md
View file

@ -1,4 +1,69 @@
Jitsi Meet for YunoHost
-------------------------
# Jitsi Meet for YunoHost
https://jitsi.org/Projects/JitMeet
[![Integration level](https://dash.yunohost.org/integration/jitsi.svg)](https://dash.yunohost.org/appci/app/jitsi)
[![Install Jitsi Meet with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=jitsi)
*[Lire ce readme en français.](./README_fr.md)*
> *This package allow you to install Jitsi Meet quickly and simply on a YunoHost server.
If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.*
## Overview
Jitsi Meet is an open-source (Apache) WebRTC JavaScript application that uses Jitsi Videobridge to provide high quality, secure and scalable video conferences.
**Shipped version:** 1.0.3387
## Important points to read before installing
1. **Jitsi** require a dedicated **root domain**, eg. jitsi.domain.tld
2. **Jitsi** require you create additionals domains in your dns and in your YunoHost
* auth.jitsi.domain.tld
* conference.jitsi.domain.tld
* jitsi-videobridge.jitsi.domain.tld
* focus.jitsi.domain.tld
3. **Jitsi** require the ports TCP/4443 and UDP/10000 been redirected to your YunoHost
## Screenshots
![](https://jitsi.org/wp-content/uploads/2018/08/brady-bunch-stand-up-1024x632.jpg)
## Demo
* [Official demo](https://meet.jit.si/)
## Configuration
How to configure this app: by an admin panel, a plain file with SSH, or any other way.
## Documentation
* Official documentation: https://jitsi.org/user-faq/
## YunoHost specific features
#### Supported architectures
* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/jitsi%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/jitsi/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/jitsi%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/jitsi/)
* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/jitsi%20%28Apps%29.svg)](https://ci-stretch.nohost.me/ci/apps/jitsi/)
## Links
* Report a bug: https://github.com/YunoHost-Apps/jitsi_ynh/issues
* App website: https://jitsi.org/
* Upstream app repository: https://github.com/jitsi/jitsi-meet
* YunoHost website: https://yunohost.org/
---
Developers info
----------------
Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/jitsi_ynh/tree/testing).
To try the testing branch, please proceed like that.
```
sudo yunohost app install https://github.com/YunoHost-Apps/jitsi_ynh/tree/testing --debug
or
sudo yunohost app upgrade jitsi -u https://github.com/YunoHost-Apps/jitsi_ynh/tree/testing --debug
```

14
TODO
View file

@ -1,14 +0,0 @@
* backport luasec 0.5 from jessie for PFS ciphers
* why tls between jicofo and metronome (luasec >= 0.5 required)
* why tls between jvb and metronome (luasec >= 0.5 required)
* support subdir : which rewrite rule ?
* desktop sharing : chrome extension needs to be reference the host explicitely
* config.js clientNode : what's this ? see XEP-0115
* metronome conf : bind vhost and components to localhost
* wireshark the thing : is everything encrypted ?
* recording : what can be done ?
* etherpad
* ipv6 : what's the status ? clients/server...
* mod_{smacks,carbons,mam,websocket,turncredentials} not needed actually ?
* jigasi SIP gateway
* is there any web based video-sip client around ?

33
check_process Normal file
View file

@ -0,0 +1,33 @@
# See here for more information
# https://github.com/YunoHost/package_check#syntax-check_process-file
# Move this file from check_process.default to check_process when you have filled it.
;; Test complet
; Manifest
domain="domain.tld" (DOMAIN)
; Checks
pkg_linter=1
setup_sub_dir=0
setup_root=1
setup_nourl=0
setup_private=0
setup_public=1
upgrade=1
backup_restore=1
multi_instance=0
# This test is no longer necessary since the version 2.7 (PR: https://github.com/YunoHost/yunohost/pull/304), you can still do it if your app could be installed with this version.
# incorrect_path=1
port_already_use=0
change_url=0
;;; Levels
# If the level 5 (Package linter) is forced to 1. Please add justifications here.
Level 5=auto
;;; Options
Email=
Notification=none
;;; Upgrade options
; commit=CommitHash
name=Name and date of the commit.
manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666&

12
conf/config.js Normal file
View file

@ -0,0 +1,12 @@
var config = {
hosts: {
domain: '__DOMAIN__',
muc: 'conference.__DOMAIN__',
bridge: 'jitsi-videobridge.__DOMAIN__',
focus: 'focus.__DOMAIN__'
},
useNicks: false,
bosh: '//__DOMAIN__/http-bind', // FIXME: use xep-0156 for that
//chromeExtensionId: 'diibjkoicjeejcmhdnailmkgecihlobk', // Id of desktop streamer Chrome extension
//minChromeExtVersion: '0.1' // Required version of Chrome extension
};

113
conf/jitsi-jicofo.init
View file

@ -1,113 +0,0 @@
#! /bin/sh
#
# INIT script for Jitsi Conference Focus
# Version: 1.0 4-Dec-2014 pawel.domas@jitsi.org
#
### BEGIN INIT INFO
# Provides: jicofo
# Required-Start: $local_fs $remote_fs
# Required-Stop: $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Jitsi conference Focus
# Description: Conference focus for Jitsi Meet application.
### END INIT INFO
. /lib/lsb/init-functions
# Include jicofo defaults if available
if [ -f /etc/default/jicofo ]; then
. /etc/default/jicofo
fi
# Assign default host if not configured
if [ ! $JICOFO_HOST ]; then
JICOFO_HOST=localhost
fi
PATH=/usr/lib/jvm/java-7-openjdk-amd64/jre/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/opt/yunohost/jicofo/jicofo.sh
DEAMON_DIR=/opt/yunohost/jicofo/
NAME=jicofo
USER=jicofo
PIDFILE=/var/run/jicofo.pid
LOGFILE=/var/log/jitsi/jicofo.log
DESC=jicofo
DAEMON_OPTS=" --host=$JICOFO_HOST --domain=$JICOFO_HOSTNAME --port=$JICOFO_PORT --secret=$JICOFO_SECRET --user_domain=$JICOFO_AUTH_DOMAIN --user_password=$JICOFO_AUTH_PASSWORD $JICOFO_OPTS"
test -x $DAEMON || exit 0
set -e
killParentPid() {
PARENT_PPID=$(ps -o pid --no-headers --ppid $1 || true)
if [ $PARENT_PPID ]; then
kill $PARENT_PPID
fi
}
stop() {
if [ -f $PIDFILE ]; then
PID=$(cat $PIDFILE)
fi
echo -n "Stopping $DESC: "
if [ $PID ]; then
killParentPid $PID
rm $PIDFILE || true
echo "$NAME stopped."
elif [ $(ps -C jicofo.sh --no-headers -o pid) ]; then
kill $(ps -o pid --no-headers --ppid $(ps -C jicofo.sh --no-headers -o pid))
rm $PIDFILE || true
echo "$NAME stopped."
else
echo "$NAME doesn't seem to be running."
fi
}
start() {
if [ -f $PIDFILE ]; then
echo "$DESC seems to be already running, we found pidfile $PIDFILE."
exit 1
fi
echo -n "Starting $DESC: "
start-stop-daemon --start --quiet --background --chuid $USER --make-pidfile --pidfile $PIDFILE \
--exec /bin/bash -- -c "cd $DEAMON_DIR; exec $DAEMON $DAEMON_OPTS < /dev/null >> $LOGFILE 2>&1"
echo "$NAME started."
}
reload() {
echo 'Not yet implemented.'
}
status() {
echo 'Not yet implemented.'
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
reload)
reload
;;
force-reload)
reload
;;
status)
status
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|reload|status}" >&2
exit 1
;;
esac
exit 0

13
conf/jitsi-jicofo.service Normal file
View file

@ -0,0 +1,13 @@
[Unit]
Description=jitsi-jicofo
After=network.target
[Service]
Type=simple
User=__APP__
Group=__APP__
WorkingDirectory=__FINALPATH__/jitsi-jicofo/
ExecStart=__FINALPATH__/jitsi-jicofo/jicofo.sh --host=localhost --domain=__DOMAIN__ --secret=__FOCUS_SECRET__ --user_domain=auth.__DOMAIN__ --user_name=__FOCUS_USER__ --user_password=__FOCUS_PASSWORD__ & >> /var/log/__APP__/__APP__-jitsi-jicofo.log 2>&1
[Install]
WantedBy=multi-user.target

6
conf/jitsi-jicofo.src Normal file
View file

@ -0,0 +1,6 @@
SOURCE_URL=https://github.com/jitsi/jicofo/archive/84698893c333b386438de9c69616e1cc5c7df243.tar.gz
SOURCE_SUM=569898ba95579c59a7e4e6ee467a99c90e9170c7c2596c3461d2652f8cda3b7a
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=

7
conf/jitsi-meet.src Normal file
View file

@ -0,0 +1,7 @@
SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-web_1.0.3387-1_all.deb
SOURCE_SUM=f10fe9ab7f07beaf2eea0cf052cbc500b32c088d1288808443c99323713f1dbb
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=deb
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=jitsi-meet-web.deb
SOURCE_EXTRACT=false

114
conf/jitsi-videobridge.init
View file

@ -1,114 +0,0 @@
#! /bin/sh
#
# INIT script for Jitsi Videobridge
# Version: 1.0 01-May-2014 yasen@bluejimp.com
#
### BEGIN INIT INFO
# Provides: jitsi-videobridge
# Required-Start: $local_fs $remote_fs
# Required-Stop: $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Jitsi Videobridge
# Description: WebRTC compatible Selective Forwarding Unit (SFU)
### END INIT INFO
. /lib/lsb/init-functions
# Include videobridge defaults if available
if [ -f /etc/default/jitsi-videobridge ]; then
. /etc/default/jitsi-videobridge
fi
PATH=/usr/lib/jvm/java-7-openjdk-amd64/jre/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/opt/yunohost/jitsi-videobridge/jvb.sh
NAME=jvb
USER=jvb
PIDFILE=/var/run/jitsi-videobridge.pid
LOGFILE=/var/log/jitsi/jvb.log
DESC=jitsi-videobridge
if [ ! $JVB_HOST ]; then
JVB_HOST=localhost
fi
DAEMON_OPTS=" --host=$JVB_HOST --domain=$JVB_HOSTNAME --port=$JVB_PORT --secret=$JVB_SECRET $JVB_OPTS"
test -x $DAEMON || exit 0
set -e
killParentPid() {
PARENT_PID=$(ps -o pid --no-headers --ppid $1 || true)
if [ $PARENT_PID ]; then
kill $PARENT_PID
fi
}
stop() {
if [ -f $PIDFILE ]; then
PID=$(cat $PIDFILE)
fi
echo -n "Stopping $DESC: "
if [ $PID ]; then
killParentPid $PID
rm $PIDFILE || true
echo "$NAME stopped."
elif [ $(ps -C jvb.sh --no-headers -o pid) ]; then
kill $(ps -o pid --no-headers --ppid $(ps -C jvb.sh --no-headers -o pid))
rm $PIDFILE || true
echo "$NAME stopped."
else
echo "$NAME doesn't seem to be running."
fi
}
start() {
if [ -f $PIDFILE ]; then
echo "$DESC seems to be already running, we found pidfile $PIDFILE."
exit 1
fi
echo -n "Starting $DESC: "
start-stop-daemon --start --quiet --background --chuid $USER --make-pidfile --pidfile $PIDFILE \
--exec /bin/bash -- -c "exec $DAEMON $DAEMON_OPTS < /dev/null >> $LOGFILE 2>&1"
echo "$NAME started."
}
reload() {
echo 'Not yet implemented.'
}
status() {
echo 'Not yet implemented.'
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
reload)
#reload
stop
start
;;
force-reload)
#reload
stop
start
;;
status)
status
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|reload|status}" >&2
exit 1
;;
esac
exit 0

13
conf/jitsi-videobridge.service Normal file
View file

@ -0,0 +1,13 @@
[Unit]
Description=jitsi-videobridge
After=network.target
[Service]
Type=simple
User=__APP__
Group=__APP__
WorkingDirectory=__FINALPATH__/jitsi-videobridge/
ExecStart=__FINALPATH__/jitsi-videobridge/jvb.sh --host=127.0.0.1 --domain=__DOMAIN__ --port=__PORT_COMPONENT__ --secret=__VIDEOBRIDGE_SECRET__ </dev/null >> /var/log/jvb.log 2>&1
[Install]
WantedBy=multi-user.target

6
conf/jitsi-videobridge.src Normal file
View file

@ -0,0 +1,6 @@
SOURCE_URL=https://download.jitsi.org/jitsi-videobridge/linux/jitsi-videobridge-linux-x64-1120.zip
SOURCE_SUM=6f00ce479d7f010b42fef3f262b1ecd42d11e6a5872c164231ea38db7216d680
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=

36
conf/jitsimeet-config.js
View file

@ -1,36 +0,0 @@
var config = {
hosts: {
domain: 'YNH_JITSI_XMPP_HOST',
//anonymousdomain: 'guest.example.com',
muc: 'conference.YNH_JITSI_XMPP_HOST', // FIXME: use XEP-0030
bridge: 'jitsi-videobridge.YNH_JITSI_XMPP_HOST', // FIXME: use XEP-0030
//jirecon: 'jirecon.YNH_JITSI_XMPP_HOST',
//call_control: 'callcontrol.YNH_JITSI_XMPP_HOST',
focus: 'focus.YNH_JITSI_XMPP_HOST' - defaults to 'focus.YNH_JITSI_XMPP_HOST'
},
//getroomnode: function (path) { return 'someprefixpossiblybasedonpath'; },
//useStunTurn: true, // use XEP-0215 to fetch STUN and TURN server
//useIPv6: true, // ipv6 support. use at your own risk
useNicks: false,
bosh: '//YNH_JITSI_XMPP_HOST/http-bind', // FIXME: use xep-0156 for that
clientNode: 'http://jitsi.org/jitsimeet', // The name of client node advertised in XEP-0115 'c' stanza
focusUserJid: 'focus@auth.YNH_JITSI_XMPP_HOST', // The real JID of focus participant - can be overridden here
//defaultSipNumber: '', // Default SIP number
desktopSharing: false, // Desktop sharing method. Can be set to 'ext', 'webrtc' or false to disable.
chromeExtensionId: 'diibjkoicjeejcmhdnailmkgecihlobk', // Id of desktop streamer Chrome extension
desktopSharingSources: ['screen', 'window'],
minChromeExtVersion: '0.1', // Required version of Chrome extension
enableRtpStats: true, // Enables RTP stats processing
openSctp: true, // Toggle to enable/disable SCTP channels
channelLastN: -1, // The default value of the channel attribute last-n.
adaptiveLastN: false,
adaptiveSimulcast: false,
useRtcpMux: true,
useBundle: true,
enableRecording: false,
enableWelcomePage: true,
enableSimulcast: false,
enableFirefoxSupport: false, //firefox support is still experimental, only one-to-one conferences with chrome focus
// will work when simulcast, bundle, mux, lastN and SCTP are disabled.
logStats: true // Enable logging of PeerConnection stats via the focus
};

1
conf/jvb.version
View file

@ -1 +0,0 @@
384

225
conf/metronome.cfg.lua Normal file
View file

@ -0,0 +1,225 @@
-- Prosody XMPP Server Configuration
--
-- Information on configuring Prosody can be found on our
-- website at http://prosody.im/doc/configure
--
-- Tip: You can check that the syntax of this file is correct
-- when you have finished by running: prosodyctl check config
-- If there are any errors, it will let you know what and where
-- they are, otherwise it will keep quiet.
--
-- Good luck, and happy Jabbering!
---------- Server-wide settings ----------
-- Settings in this section apply to the whole server and are the default settings
-- for any virtual hosts
-- This is a (by default, empty) list of accounts that are admins
-- for the server. Note that you must create the accounts separately
-- (see http://prosody.im/doc/creating_accounts for info)
-- Example: admins = { "user1@example.com", "user2@example.net" }
admins = { "focus__APP__@auth.__DOMAIN__" }
daemonize = true
cross_domain_bosh = true;
component_ports = { __PORT_COMPONENT__ }
--component_interface = "192.168.0.10"
-- Enable use of libevent for better performance under high load
-- For more information see: http://prosody.im/doc/libevent
--use_libevent = true
-- This is the list of modules Prosody will load on startup.
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
-- Documentation on modules can be found at: http://prosody.im/doc/modules
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"dialback"; -- s2s dialback support
"disco"; -- Service discovery
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
-- Not essential, but recommended
"private"; -- Private XML storage (for room bookmarks, etc.)
"vcard"; -- Allow users to set vCards
-- These are commented by default as they have a performance impact
--"privacy"; -- Support privacy lists
"compression"; -- Stream compression (requires the lua-zlib package installed)
-- Nice to have
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"pep"; -- Enables users to publish their mood, activity, playing music and more
"register"; -- Allow users to register on this server using a client and change passwords
-- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
--"admin_telnet"; -- Opens telnet console interface on localhost port 5582
-- HTTP modules
"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
--"http_files"; -- Serve static files from a directory over HTTP
-- Other specific functionality
--"groups"; -- Shared roster support
--"announce"; -- Send announcement to all online users
--"welcome"; -- Welcome users who register accounts
--"watchregistrations"; -- Alert admins of registrations
--"motd"; -- Send a message to users when they log in
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
-- jitsi
"smacks";
"carbons";
"mam";
"lastactivity";
"offline";
"pubsub";
"adhoc";
"websocket";
"http_altconnect";
}
-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
-- "offline"; -- Store offline messages
-- "c2s"; -- Handle client connections
-- "s2s"; -- Handle server-to-server connections
}
-- Disable account creation by default, for security
-- For more information see http://prosody.im/doc/creating_accounts
allow_registration = false
-- These are the SSL/TLS-related settings. If you don't want
-- to use SSL/TLS, you may comment or remove this
-- ssl = {
-- key = "/etc/prosody/certs/localhost.key";
-- certificate = "/etc/prosody/certs/localhost.crt";
--}
-- Force clients to use encrypted connections? This option will
-- prevent clients from authenticating unless they are using encryption.
-- c2s_require_encryption = true
-- Force certificate authentication for server-to-server connections?
-- This provides ideal security, but requires servers you communicate
-- with to support encryption AND present valid, trusted certificates.
-- NOTE: Your version of LuaSec must support certificate verification!
-- For more information see http://prosody.im/doc/s2s#security
-- s2s_secure_auth = false
-- Many servers don't support encryption or have invalid or self-signed
-- certificates. You can list domains here that will not be required to
-- authenticate using certificates. They will be authenticated using DNS.
--s2s_insecure_domains = { "gmail.com" }
-- Even if you leave s2s_secure_auth disabled, you can still require valid
-- certificates for some domains by specifying a list here.
--s2s_secure_domains = { "jabber.org" }
-- Required for init scripts and prosodyctl
-- pidfile = "/var/run/prosody/prosody.pid"
-- Select the authentication backend to use. The 'internal' providers
-- use Prosody's configured data storage to store the authentication data.
-- To allow Prosody to offer secure authentication mechanisms to clients, the
-- default provider stores passwords in plaintext. If you do not trust your
-- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed
-- for information about using the hashed backend.
-- authentication = "internal_plain"
authentication = "internal_hashed"
-- Select the storage backend to use. By default Prosody uses flat files
-- in its configured data directory, but it also supports more backends
-- through modules. An "sql" backend is included by default, but requires
-- additional dependencies. See http://prosody.im/doc/storage for more info.
--storage = "sql" -- Default is "internal"
-- For the "sql" backend, you can uncomment *one* of the below to configure:
--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
-- Logging configuration
-- For advanced logging see http://prosody.im/doc/logging
-- log = {
-- info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
-- error = "/var/log/prosody/prosody.err";
-- "*syslog";
-- }
----------- Virtual hosts -----------
-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
-- Settings under each VirtualHost entry apply *only* to that host.
--VirtualHost "localhost"
VirtualHost "__DOMAIN__"
-- enabled = false -- Remove this line to enable this host
authentication = "anonymous"
-- Assign this host a certificate for TLS, otherwise it would use the one
-- set in the global section (if any).
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
-- use the global one.
ssl = {
key = "/etc/yunohost/certs/__DOMAIN__/key.pem";
certificate = "/etc/yunohost/certs/__DOMAIN__/crt.pem";
}
c2s_require_encryption = false
VirtualHost "auth.__DOMAIN__"
ssl = {
key = "/etc/yunohost/certs/auth.__DOMAIN__/key.pem";
certificate = "/etc/yunohost/certs/auth.__DOMAIN__/crt.pem";
}
authentication = "ldap2"
ldap = {
hostname = "localhost",
user = {
basedn = "ou=users,dc=yunohost,dc=org",
filter = "(&(objectClass=posixAccount)(mail=*@auth.__DOMAIN__))",
usernamefield = "mail",
namefield = "cn",
},
}
------ Components ------
-- You can specify components to add hosts that provide special services,
-- like multi-user conferences, and transports.
-- For more information on components, see http://prosody.im/doc/components
---Set up a MUC (multi-user chat) room server on conference.example.com:
--Component "conference.example.com" "muc"
-- Set up a SOCKS5 bytestream proxy for server-proxied file transfers:
--Component "proxy.example.com" "proxy65"
---Set up an external component (default component port is 5347)
--
-- External components allow adding various services, such as gateways/
-- transports to other networks like ICQ, MSN and Yahoo. For more info
-- see: http://prosody.im/doc/components#adding_an_external_component
--
--Component "gateway.example.com"
-- component_secret = "password"
Component "conference.__DOMAIN__" "muc"
Component "jitsi-videobridge.__DOMAIN__"
component_secret = "__VIDEOBRIDGE_SECRET__"
Component "focus.__DOMAIN__"
component_secret = "__FOCUS_SECRET__"

30
conf/metronome.conf
View file

@ -1,30 +0,0 @@
VirtualHost "YNH_JITSI_XMPP_HOST"
c2s_require_encryption = false
authentication = "anonymous"
ssl = {
key = "/var/lib/metronome/YNH_JITSI_XMPP_HOST.key";
certificate = "/var/lib/metronome/YNH_JITSI_XMPP_HOST.crt";
}
-- turncredentials_secret = "YNH_SECRET4";
-- turncredentials = {
-- { type = "turn", host = "turn.host.name", port = 3478, transport = "tcp" }
-- }
Component "conference.YNH_JITSI_XMPP_HOST" "muc"
Component "jitsi-videobridge.YNH_JITSI_XMPP_HOST"
component_secret = "YNH_YOURSECRET1"
VirtualHost "auth.YNH_JITSI_XMPP_HOST"
c2s_require_encryption = false
authentication = "internal_plain"
ssl = {
key = "/var/lib/metronome/YNH_JITSI_XMPP_HOST.key";
certificate = "/var/lib/metronome/YNH_JITSI_XMPP_HOST.crt";
}
admins = { "focus@auth.YNH_JITSI_XMPP_HOST" }
Component "focus.YNH_JITSI_XMPP_HOST"
component_secret = "YNH_YOURSECRET2"

137
conf/mod_carbons.lua Normal file
View file

@ -0,0 +1,137 @@
-- XEP-0280: Message Carbons implementation for Prosody
-- Copyright (C) 2011 Kim Alvefur
--
-- This file is MIT/X11 licensed.
local st = require "util.stanza";
local jid_bare = require "util.jid".bare;
local xmlns_carbons = "urn:xmpp:carbons:2";
local xmlns_carbons_old = "urn:xmpp:carbons:1";
local xmlns_carbons_really_old = "urn:xmpp:carbons:0";
local xmlns_forward = "urn:xmpp:forward:0";
local full_sessions, bare_sessions = full_sessions, bare_sessions;
local function toggle_carbons(event)
local origin, stanza = event.origin, event.stanza;
local state = stanza.tags[1].attr.mode or stanza.tags[1].name;
module:log("debug", "%s %sd carbons", origin.full_jid, state);
origin.want_carbons = state == "enable" and stanza.tags[1].attr.xmlns;
return origin.send(st.reply(stanza));
end
module:hook("iq-set/self/"..xmlns_carbons..":disable", toggle_carbons);
module:hook("iq-set/self/"..xmlns_carbons..":enable", toggle_carbons);
-- COMPAT
module:hook("iq-set/self/"..xmlns_carbons_old..":disable", toggle_carbons);
module:hook("iq-set/self/"..xmlns_carbons_old..":enable", toggle_carbons);
module:hook("iq-set/self/"..xmlns_carbons_really_old..":carbons", toggle_carbons);
local function message_handler(event, c2s)
local origin, stanza = event.origin, event.stanza;
local orig_type = stanza.attr.type;
local orig_from = stanza.attr.from;
local orig_to = stanza.attr.to;
if not (orig_type == nil
or orig_type == "normal"
or orig_type == "chat") then
return -- No carbons for messages of type error or headline
end
-- Stanza sent by a local client
local bare_jid = jid_bare(orig_from);
local target_session = origin;
local top_priority = false;
local user_sessions = bare_sessions[bare_jid];
-- Stanza about to be delivered to a local client
if not c2s then
bare_jid = jid_bare(orig_to);
target_session = full_sessions[orig_to];
user_sessions = bare_sessions[bare_jid];
if not target_session and user_sessions then
-- The top resources will already receive this message per normal routing rules,
-- so we are going to skip them in order to avoid sending duplicated messages.
local top_resources = user_sessions.top_resources;
top_priority = top_resources and top_resources[1].priority
end
end
if not user_sessions then
module:log("debug", "Skip carbons for offline user");
return -- No use in sending carbons to an offline user
end
if stanza:get_child("private", xmlns_carbons) then
if not c2s then
stanza:maptags(function(tag)
if not ( tag.attr.xmlns == xmlns_carbons and tag.name == "private" ) then
return tag;
end
end);
end
module:log("debug", "Message tagged private, ignoring");
return
elseif stanza:get_child("no-copy", "urn:xmpp:hints") then
module:log("debug", "Message has no-copy hint, ignoring");
return
elseif stanza:get_child("x", "http://jabber.org/protocol/muc#user") then
module:log("debug", "MUC PM, ignoring");
return
end
-- Create the carbon copy and wrap it as per the Stanza Forwarding XEP
local copy = st.clone(stanza);
copy.attr.xmlns = "jabber:client";
local carbon = st.message{ from = bare_jid, type = orig_type, }
:tag(c2s and "sent" or "received", { xmlns = xmlns_carbons })
:tag("forwarded", { xmlns = xmlns_forward })
:add_child(copy):reset();
-- COMPAT
local carbon_old = st.message{ from = bare_jid, type = orig_type, }
:tag(c2s and "sent" or "received", { xmlns = xmlns_carbons_old }):up()
:tag("forwarded", { xmlns = xmlns_forward })
:add_child(copy):reset();
-- COMPAT
local carbon_really_old = st.clone(stanza)
:tag(c2s and "sent" or "received", { xmlns = xmlns_carbons_really_old }):up()
user_sessions = user_sessions and user_sessions.sessions;
for _, session in pairs(user_sessions) do
-- Carbons are sent to resources that have enabled it
if session.want_carbons
-- but not the resource that sent the message, or the one that it's directed to
and session ~= target_session
-- and isn't among the top resources that would receive the message per standard routing rules
and (c2s or session.priority ~= top_priority)
-- don't send v0 carbons (or copies) for c2s
and (not c2s or session.want_carbons ~= xmlns_carbons_really_old) then
carbon.attr.to = session.full_jid;
module:log("debug", "Sending carbon to %s", session.full_jid);
local carbon = session.want_carbons == xmlns_carbons_old and carbon_old -- COMPAT
or session.want_carbons == xmlns_carbons_really_old and carbon_really_old -- COMPAT
or carbon;
session.send(carbon);
end
end
end
local function c2s_message_handler(event)
return message_handler(event, true)
end
-- Stanzas sent by local clients
module:hook("pre-message/host", c2s_message_handler, 1);
module:hook("pre-message/bare", c2s_message_handler, 1);
module:hook("pre-message/full", c2s_message_handler, 1);
-- Stanzas to local clients
module:hook("message/bare", message_handler, 1);
module:hook("message/full", message_handler, 1);
module:add_feature(xmlns_carbons);
module:add_feature(xmlns_carbons_old);
if module:get_option_boolean("carbons_v0") then
module:add_feature(xmlns_carbons_really_old);
end

60
conf/mod_http_altconnect.lua Normal file
View file

@ -0,0 +1,60 @@
-- mod_http_altconnect
-- XEP-0156: Discovering Alternative XMPP Connection Methods
module:depends"http";
local json = require"util.json";
local st = require"util.stanza";
local array = require"util.array";
local host_modules = hosts[module.host].modules;
local function get_supported()
local uris = array();
if host_modules["bosh"] then
uris:push({ rel = "urn:xmpp:alt-connections:xbosh", href = module:http_url("bosh", "/http-bind") });
end
if host_modules["websocket"] then
uris:push({ rel = "urn:xmpp:alt-connections:websocket", href = module:http_url("websocket", "xmpp-websocket"):gsub("^http", "ws") });
end
return uris;
end
local function GET_xml(event)
local request, response = event.request, event.response;
local xrd = st.stanza("XRD", { xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0' });
local uris = get_supported();
for i, method in ipairs(uris) do
xrd:tag("Link", method):up();
end
response.headers.content_type = "application/xrd+xml"
response.headers.access_control_allow_origin = "*";
return '<?xml version="1.0" encoding="UTF-8"?>' .. tostring(xrd);
end
local function GET_json(event)
local request, response = event.request, event.response;
local jrd = { links = get_supported() };
response.headers.content_type = "application/json"
response.headers.access_control_allow_origin = "*";
return json.encode(jrd);
end;
local function GET_either(event)
local accept_type = event.request.headers.accept or "";
if ( accept_type:find("xml") or #accept_type ) < ( accept_type:find("json") or #accept_type+1 ) then
return GET_xml(event);
else
return GET_json(event);
end
end;
module:provides("http", {
default_path = "/.well-known";
route = {
["GET /host-meta"] = GET_either;
-- ["GET /host-meta.xml"] = GET_xml; -- Hmmm
["GET /host-meta.json"] = GET_json;
};
});

603
conf/mod_smacks.lua Normal file
View file

@ -0,0 +1,603 @@
-- XEP-0198: Stream Management for metronome IM
--
-- Copyright (C) 2010-2015 Matthew Wild
-- Copyright (C) 2010 Waqas Hussain
-- Copyright (C) 2012-2015 Kim Alvefur
-- Copyright (C) 2012 Thijs Alkemade
-- Copyright (C) 2014 Florian Zeitz
-- Copyright (C) 2016-2017 Thilo Molitor
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
local st = require "util.stanza";
local dep = require "util.dependencies";
local cache = dep.softreq("util.cache"); -- only available in metronome 0.10+
local uuid_generate = require "util.uuid".generate;
local jid = require "util.jid";
local t_insert, t_remove = table.insert, table.remove;
local math_min = math.min;
local math_max = math.max;
local os_time = os.time;
local tonumber, tostring = tonumber, tostring;
local add_filter = require "util.filters".add_filter;
local timer = require "util.timer";
local datetime = require "util.datetime";
local xmlns_sm2 = "urn:xmpp:sm:2";
local xmlns_sm3 = "urn:xmpp:sm:3";
local xmlns_errors = "urn:ietf:params:xml:ns:xmpp-stanzas";
local xmlns_delay = "urn:xmpp:delay";
local sm2_attr = { xmlns = xmlns_sm2 };
local sm3_attr = { xmlns = xmlns_sm3 };
local resume_timeout = module:get_option_number("smacks_hibernation_time", 300);
local s2s_smacks = module:get_option_boolean("smacks_enabled_s2s", false);
local s2s_resend = module:get_option_boolean("smacks_s2s_resend", false);
local max_unacked_stanzas = module:get_option_number("smacks_max_unacked_stanzas", 0);
local delayed_ack_timeout = module:get_option_number("smacks_max_ack_delay", 60);
local max_hibernated_sessions = module:get_option_number("smacks_max_hibernated_sessions", 10);
local max_old_sessions = module:get_option_number("smacks_max_old_sessions", 10);
local core_process_stanza = metronome.core_process_stanza;
local sessionmanager = require"core.sessionmanager";
assert(max_hibernated_sessions > 0, "smacks_max_hibernated_sessions must be greater than 0");
assert(max_old_sessions > 0, "smacks_old_sessions must be greater than 0");
local c2s_sessions = module:shared("/*/c2s/sessions");
local function init_session_cache(max_entries, evict_callback)
-- old metronome version < 0.10 (no limiting at all!)
if not cache then
local store = {};
return {
get = function(user, key)
if not user then return nil; end
if not key then return nil; end
return store[key];
end;
set = function(user, key, value)
if not user then return nil; end
if not key then return nil; end
store[key] = value;
end;
};
end
-- use per user limited cache for metronome >= 0.10
local stores = {};
return {
get = function(user, key)
if not user then return nil; end
if not key then return nil; end
if not stores[user] then
stores[user] = cache.new(max_entries, evict_callback);
end
return stores[user]:get(key);
end;
set = function(user, key, value)
if not user then return nil; end
if not key then return nil; end
if not stores[user] then stores[user] = cache.new(max_entries, evict_callback); end
stores[user]:set(key, value);
-- remove empty caches completely
if not stores[user]:count() then stores[user] = nil; end
end;
};
end
local old_session_registry = init_session_cache(max_old_sessions, nil);
local session_registry = init_session_cache(max_hibernated_sessions, function(resumption_token, session)
if session.destroyed then return true; end -- destroyed session can always be removed from cache
session.log("warn", "User has too much hibernated sessions, removing oldest session (token: %s)", resumption_token);
-- store old session's h values on force delete
-- save only actual h value and username/host (for security)
old_session_registry.set(session.username, resumption_token, {
h = session.handled_stanza_count,
username = session.username,
host = session.host
});
return true; -- allow session to be removed from full cache to make room for new one
end);
local function stoppable_timer(delay, callback)
local stopped = false;
local timer = module:add_timer(delay, function (t)
if stopped then return; end
return callback(t);
end);
if timer and timer.stop then return timer; end -- new metronome api includes stop() function
return {
stop = function () stopped = true end;
timer;
};
end
local function delayed_ack_function(session)
-- fire event only if configured to do so and our session is not hibernated or destroyed
if delayed_ack_timeout > 0 and session.awaiting_ack
and not session.hibernating and not session.destroyed then
session.log("debug", "Firing event 'smacks-ack-delayed', queue = %d",
session.outgoing_stanza_queue and #session.outgoing_stanza_queue or 0);
module:fire_event("smacks-ack-delayed", {origin = session, queue = session.outgoing_stanza_queue});
end
session.delayed_ack_timer = nil;
end
local function can_do_smacks(session, advertise_only)
if session.smacks then return false, "unexpected-request", "Stream management is already enabled"; end
local session_type = session.type;
if session.username then
if not(advertise_only) and not(session.resource) then -- Fail unless we're only advertising sm
return false, "unexpected-request", "Client must bind a resource before enabling stream management";
end
return true;
elseif s2s_smacks and (session_type == "s2sin" or session_type == "s2sout") then
return true;
end
return false, "service-unavailable", "Stream management is not available for this stream";
end
module:hook("stream-features",
function (event)
if can_do_smacks(event.origin, true) then
event.features:tag("sm", sm2_attr):tag("optional"):up():up();
event.features:tag("sm", sm3_attr):tag("optional"):up():up();
end
end);
module:hook("s2s-stream-features",
function (event)
if can_do_smacks(event.origin, true) then
event.features:tag("sm", sm2_attr):tag("optional"):up():up();
event.features:tag("sm", sm3_attr):tag("optional"):up():up();
end
end);
local function request_ack_if_needed(session, force, reason)
local queue = session.outgoing_stanza_queue;
if session.awaiting_ack == nil and not session.hibernating then
if (#queue > max_unacked_stanzas and session.last_queue_count ~= #queue) or force then
session.log("debug", "Queuing <r> (in a moment) from %s - #queue=%d", reason, #queue);
session.awaiting_ack = false;
session.awaiting_ack_timer = stoppable_timer(1e-06, function ()
if not session.awaiting_ack and not session.hibernating then
session.log("debug", "Sending <r> (inside timer, before send)");
(session.sends2s or session.send)(st.stanza("r", { xmlns = session.smacks }))
session.log("debug", "Sending <r> (inside timer, after send)");
session.awaiting_ack = true;
if not session.delayed_ack_timer then
session.delayed_ack_timer = stoppable_timer(delayed_ack_timeout, function()
delayed_ack_function(session);
end);
end
end
end);
end
end
-- Trigger "smacks-ack-delayed"-event if we added new (ackable) stanzas to the outgoing queue
-- and there isn't already a timer for this event running.
-- If we wouldn't do this, stanzas added to the queue after the first "smacks-ack-delayed"-event
-- would not trigger this event (again).
if #queue > max_unacked_stanzas and session.awaiting_ack and session.delayed_ack_timer == nil then
session.log("debug", "Calling delayed_ack_function directly (still waiting for ack)");
delayed_ack_function(session);
end
session.last_queue_count = #queue;
end
local function outgoing_stanza_filter(stanza, session)
local is_stanza = stanza.attr and not stanza.attr.xmlns and not stanza.name:find":";
if is_stanza and not stanza._cached then -- Stanza in default stream namespace
local queue = session.outgoing_stanza_queue;
local cached_stanza = st.clone(stanza);
cached_stanza._cached = true;
if cached_stanza and cached_stanza.name ~= "iq" and cached_stanza:get_child("delay", xmlns_delay) == nil then
cached_stanza = cached_stanza:tag("delay", {
xmlns = xmlns_delay,
from = jid.bare(session.full_jid or session.host),
stamp = datetime.datetime()
});
end
queue[#queue+1] = cached_stanza;
if session.hibernating then
session.log("debug", "hibernating, stanza queued");
module:fire_event("smacks-hibernation-stanza-queued", {origin = session, queue = queue, stanza = cached_stanza});
return nil;
end
request_ack_if_needed(session, false, "outgoing_stanza_filter");
end
return stanza;
end
local function count_incoming_stanzas(stanza, session)
if not stanza.attr.xmlns then
session.handled_stanza_count = session.handled_stanza_count + 1;
session.log("debug", "Handled %d incoming stanzas", session.handled_stanza_count);
end
return stanza;
end
local function wrap_session_out(session, resume)
if not resume then
session.outgoing_stanza_queue = {};
session.last_acknowledged_stanza = 0;
end
add_filter(session, "stanzas/out", outgoing_stanza_filter, -999);
local session_close = session.close;
function session.close(...)
if session.resumption_token then
session_registry.set(session.username, session.resumption_token, nil);
old_session_registry.set(session.username, session.resumption_token, nil);
session.resumption_token = nil;
end
-- send out last ack as per revision 1.5.2 of XEP-0198
if session.smacks and session.conn then
(session.sends2s or session.send)(st.stanza("a", { xmlns = session.smacks, h = string.format("%d", session.handled_stanza_count) }));
end
return session_close(...);
end
return session;
end
local function wrap_session_in(session, resume)
if not resume then
session.handled_stanza_count = 0;
end
add_filter(session, "stanzas/in", count_incoming_stanzas, 999);
return session;
end
local function wrap_session(session, resume)
wrap_session_out(session, resume);
wrap_session_in(session, resume);
return session;
end
function handle_enable(session, stanza, xmlns_sm)
local ok, err, err_text = can_do_smacks(session);
if not ok then
session.log("warn", "Failed to enable smacks: %s", err_text); -- TODO: XEP doesn't say we can send error text, should it?
(session.sends2s or session.send)(st.stanza("failed", { xmlns = xmlns_sm }):tag(err, { xmlns = xmlns_errors}));
return true;
end
module:log("debug", "Enabling stream management");
session.smacks = xmlns_sm;
wrap_session(session, false);
local resume_token;
local resume = stanza.attr.resume;
if resume == "true" or resume == "1" then
resume_token = uuid_generate();
session_registry.set(session.username, resume_token, session);
session.resumption_token = resume_token;
end
(session.sends2s or session.send)(st.stanza("enabled", { xmlns = xmlns_sm, id = resume_token, resume = resume, max = tostring(resume_timeout) }));
return true;
end
module:hook_stanza(xmlns_sm2, "enable", function (session, stanza) return handle_enable(session, stanza, xmlns_sm2); end, 100);
module:hook_stanza(xmlns_sm3, "enable", function (session, stanza) return handle_enable(session, stanza, xmlns_sm3); end, 100);
module:hook_stanza("http://etherx.jabber.org/streams", "features",
function (session, stanza)
stoppable_timer(1e-6, function ()
if can_do_smacks(session) then
if stanza:get_child("sm", xmlns_sm3) then
session.sends2s(st.stanza("enable", sm3_attr));
session.smacks = xmlns_sm3;
elseif stanza:get_child("sm", xmlns_sm2) then
session.sends2s(st.stanza("enable", sm2_attr));
session.smacks = xmlns_sm2;
else
return;
end
wrap_session_out(session, false);
end
end);
end);
function handle_enabled(session, stanza, xmlns_sm)
module:log("debug", "Enabling stream management");
session.smacks = xmlns_sm;
wrap_session_in(session, false);
-- FIXME Resume?
return true;
end
module:hook_stanza(xmlns_sm2, "enabled", function (session, stanza) return handle_enabled(session, stanza, xmlns_sm2); end, 100);
module:hook_stanza(xmlns_sm3, "enabled", function (session, stanza) return handle_enabled(session, stanza, xmlns_sm3); end, 100);
function handle_r(origin, stanza, xmlns_sm)
if not origin.smacks then
module:log("debug", "Received ack request from non-smack-enabled session");
return;
end
module:log("debug", "Received ack request, acking for %d", origin.handled_stanza_count);
-- Reply with <a>
(origin.sends2s or origin.send)(st.stanza("a", { xmlns = xmlns_sm, h = string.format("%d", origin.handled_stanza_count) }));
-- piggyback our own ack request
if #origin.outgoing_stanza_queue > 0 and origin.last_queue_count ~= #origin.outgoing_stanza_queue then
request_ack_if_needed(origin, true, "piggybacked by handle_r");
end
return true;
end
module:hook_stanza(xmlns_sm2, "r", function (origin, stanza) return handle_r(origin, stanza, xmlns_sm2); end);
module:hook_stanza(xmlns_sm3, "r", function (origin, stanza) return handle_r(origin, stanza, xmlns_sm3); end);
function handle_a(origin, stanza)
if not origin.smacks then return; end
origin.awaiting_ack = nil;
if origin.awaiting_ack_timer then
origin.awaiting_ack_timer:stop();
end
if origin.delayed_ack_timer then
origin.delayed_ack_timer:stop();
origin.delayed_ack_timer = nil;
end
-- Remove handled stanzas from outgoing_stanza_queue
-- origin.log("debug", "ACK: h=%s, last=%s", stanza.attr.h or "", origin.last_acknowledged_stanza or "");
local h = tonumber(stanza.attr.h);
if not h then
origin:close{ condition = "invalid-xml"; text = "Missing or invalid 'h' attribute"; };
return;
end
local handled_stanza_count = h-origin.last_acknowledged_stanza;
local queue = origin.outgoing_stanza_queue;
if handled_stanza_count > #queue then
origin.log("warn", "The client says it handled %d new stanzas, but we only sent %d :)",
handled_stanza_count, #queue);
origin.log("debug", "Client h: %d, our h: %d", tonumber(stanza.attr.h), origin.last_acknowledged_stanza);
for i=1,#queue do
origin.log("debug", "Q item %d: %s", i, tostring(queue[i]));
end
end
for i=1,math_min(handled_stanza_count,#queue) do
local handled_stanza = t_remove(origin.outgoing_stanza_queue, 1);
module:fire_event("delivery/success", { session = origin, stanza = handled_stanza });
end
origin.log("debug", "#queue = %d", #queue);
origin.last_acknowledged_stanza = origin.last_acknowledged_stanza + handled_stanza_count;
request_ack_if_needed(origin, false, "handle_a")
return true;
end
module:hook_stanza(xmlns_sm2, "a", handle_a);
module:hook_stanza(xmlns_sm3, "a", handle_a);
--TODO: Optimise... incoming stanzas should be handled by a per-session
-- function that has a counter as an upvalue (no table indexing for increments,
-- and won't slow non-198 sessions). We can also then remove the .handled flag
-- on stanzas
function handle_unacked_stanzas(session)
local queue = session.outgoing_stanza_queue;
local error_attr = { type = "cancel" };
if #queue > 0 then
session.outgoing_stanza_queue = {};
for i=1,#queue do
if not module:fire_event("delivery/failure", { session = session, stanza = queue[i] }) then
local reply = st.reply(queue[i]);
if reply.attr.to ~= session.full_jid then
reply.attr.type = "error";
reply:tag("error", error_attr)
:tag("recipient-unavailable", {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"});
core_process_stanza(session, reply);
end
end
end
end
end
module:hook("pre-resource-unbind", function (event)
local session, err = event.session, event.error;
if session.smacks then
if not session.resumption_token then
local queue = session.outgoing_stanza_queue;
if #queue > 0 then
session.log("debug", "Destroying session with %d unacked stanzas", #queue);
handle_unacked_stanzas(session);
end
else
session.log("debug", "mod_smacks hibernating session for up to %d seconds", resume_timeout);
local hibernate_time = os_time(); -- Track the time we went into hibernation
session.hibernating = hibernate_time;
local resumption_token = session.resumption_token;
module:fire_event("smacks-hibernation-start", {origin = session, queue = session.outgoing_stanza_queue});
timer.add_task(resume_timeout, function ()
session.log("debug", "mod_smacks hibernation timeout reached...");
-- We need to check the current resumption token for this resource
-- matches the smacks session this timer is for in case it changed
-- (for example, the client may have bound a new resource and
-- started a new smacks session, or not be using smacks)
local curr_session = full_sessions[session.full_jid];
if session.destroyed then
session.log("debug", "The session has already been destroyed");
elseif curr_session and curr_session.resumption_token == resumption_token
-- Check the hibernate time still matches what we think it is,
-- otherwise the session resumed and re-hibernated.
and session.hibernating == hibernate_time then
-- wait longer if the timeout isn't reached because push was enabled for this session
-- session.first_hibernated_push is the starting point for hibernation timeouts of those push enabled clients
-- wait for an additional resume_timeout seconds if no push occured since hibernation at all
local current_time = os_time();
local timeout_start = math_max(session.hibernating, session.first_hibernated_push or session.hibernating);
if session.push_identifier ~= nil and not session.first_hibernated_push then
session.log("debug", "No push happened since hibernation started, hibernating session for up to %d extra seconds", resume_timeout);
return resume_timeout;
end
if current_time-timeout_start < resume_timeout and session.push_identifier ~= nil then
session.log("debug", "A push happened since hibernation started, hibernating session for up to %d extra seconds", current_time-timeout_start);
return current_time-timeout_start; -- time left to wait
end
session.log("debug", "Destroying session for hibernating too long");
session_registry.set(session.username, session.resumption_token, nil);
-- save only actual h value and username/host (for security)
old_session_registry.set(session.username, session.resumption_token, {
h = session.handled_stanza_count,
username = session.username,
host = session.host
});
session.resumption_token = nil;
sessionmanager.destroy_session(session);
else
session.log("debug", "Session resumed before hibernation timeout, all is well")
end
end);
return true; -- Postpone destruction for now
end
end
end);
local function handle_s2s_destroyed(event)
local session = event.session;
local queue = session.outgoing_stanza_queue;
if queue and #queue > 0 then
session.log("warn", "Destroying session with %d unacked stanzas", #queue);
if s2s_resend then
for i = 1, #queue do
module:send(queue[i]);
end
session.outgoing_stanza_queue = nil;
else
handle_unacked_stanzas(session);
end
end
end
module:hook("s2sout-destroyed", handle_s2s_destroyed);
module:hook("s2sin-destroyed", handle_s2s_destroyed);
local function get_session_id(session)
return session.id or (tostring(session):match("[a-f0-9]+$"));
end
function handle_resume(session, stanza, xmlns_sm)
if session.full_jid then
session.log("warn", "Tried to resume after resource binding");
session.send(st.stanza("failed", { xmlns = xmlns_sm })
:tag("unexpected-request", { xmlns = xmlns_errors })
);
return true;
end
local id = stanza.attr.previd;
local original_session = session_registry.get(session.username, id);
if not original_session then
session.log("debug", "Tried to resume non-existent session with id %s", id);
local old_session = old_session_registry.get(session.username, id);
if old_session and session.username == old_session.username
and session.host == old_session.host
and old_session.h then
session.send(st.stanza("failed", { xmlns = xmlns_sm, h = string.format("%d", old_session.h) })
:tag("item-not-found", { xmlns = xmlns_errors })
);
else
session.send(st.stanza("failed", { xmlns = xmlns_sm })
:tag("item-not-found", { xmlns = xmlns_errors })
);
end;
elseif session.username == original_session.username
and session.host == original_session.host then
session.log("debug", "mod_smacks resuming existing session %s...", get_session_id(original_session));
original_session.log("debug", "mod_smacks session resumed from %s...", get_session_id(session));
-- TODO: All this should move to sessionmanager (e.g. session:replace(new_session))
if original_session.conn then
original_session.log("debug", "mod_smacks closing an old connection for this session");
local conn = original_session.conn;
c2s_sessions[conn] = nil;
conn:close();
end
original_session.ip = session.ip;
original_session.conn = session.conn;
original_session.send = session.send;
original_session.close = session.close;
original_session.filter = session.filter;
original_session.filter.session = original_session;
original_session.filters = session.filters;
original_session.stream = session.stream;
original_session.secure = session.secure;
original_session.hibernating = nil;
session.log = original_session.log;
session.type = original_session.type;
wrap_session(original_session, true);
-- Inform xmppstream of the new session (passed to its callbacks)
original_session.stream:set_session(original_session);
-- Similar for connlisteners
c2s_sessions[session.conn] = original_session;
original_session.send(st.stanza("resumed", { xmlns = xmlns_sm,
h = string.format("%d", original_session.handled_stanza_count), previd = id }));
-- Fake an <a> with the h of the <resume/> from the client
original_session:dispatch_stanza(st.stanza("a", { xmlns = xmlns_sm,
h = stanza.attr.h }));
-- Ok, we need to re-send any stanzas that the client didn't see
-- ...they are what is now left in the outgoing stanza queue
local queue = original_session.outgoing_stanza_queue;
original_session.log("debug", "#queue = %d", #queue);
for i=1,#queue do
original_session.send(queue[i]);
end
original_session.log("debug", "#queue = %d -- after send", #queue);
function session.send(stanza)
session.log("warn", "Tried to send stanza on old session migrated by smacks resume (maybe there is a bug?): %s", tostring(stanza));
return false;
end
module:fire_event("smacks-hibernation-end", {origin = session, resumed = original_session, queue = queue});
request_ack_if_needed(original_session, true, "handle_resume");
else
module:log("warn", "Client %s@%s[%s] tried to resume stream for %s@%s[%s]",
session.username or "?", session.host or "?", session.type,
original_session.username or "?", original_session.host or "?", original_session.type);
session.send(st.stanza("failed", { xmlns = xmlns_sm })
:tag("not-authorized", { xmlns = xmlns_errors }));
end
return true;
end
module:hook_stanza(xmlns_sm2, "resume", function (session, stanza) return handle_resume(session, stanza, xmlns_sm2); end);
module:hook_stanza(xmlns_sm3, "resume", function (session, stanza) return handle_resume(session, stanza, xmlns_sm3); end);
local function handle_read_timeout(event)
local session = event.session;
if session.smacks then
if session.awaiting_ack then
if session.awaiting_ack_timer then
session.awaiting_ack_timer:stop();
end
if session.delayed_ack_timer then
session.delayed_ack_timer:stop();
session.delayed_ack_timer = nil;
end
return false; -- Kick the session
end
session.log("debug", "Sending <r> (read timeout)");
session.awaiting_ack = false;
(session.sends2s or session.send)(st.stanza("r", { xmlns = session.smacks }));
session.awaiting_ack = true;
if not session.delayed_ack_timer then
session.delayed_ack_timer = stoppable_timer(delayed_ack_timeout, function()
delayed_ack_function(session);
end);
end
return true;
end
end
module:hook("s2s-read-timeout", handle_read_timeout);
module:hook("c2s-read-timeout", handle_read_timeout);

36
conf/nginx.conf
View file

@ -1,14 +1,26 @@
location YNH_LOCATION/ {
alias /var/www/jitsi/;
index index.html;
ssi on;
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
# Path to source
alias __FINALPATH__/jitsi-meet/ ;
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
index index.html;
ssi on;
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}
location ~ ^YNH_LOCATION/([a-zA-Z0-9]+)$ {
rewrite ^YNH_LOCATION/(.*)$ YNH_LOCATION/ break;
location ~ ^/([a-zA-Z0-9=\?]+)$ {
rewrite ^/(.*)$ / break;
}
location YNH_LOCATION/http-bind {
# BOSH
location __PATH__/http-bind {
proxy_pass http://localhost:5290/http-bind;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
@ -16,3 +28,13 @@ location YNH_LOCATION/http-bind {
tcp_nodelay on;
access_log off;
}
# xmpp websockets
location /xmpp-websocket {
proxy_pass http://localhost:5290/xmpp-websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
tcp_nodelay on;
}

2
conf/sip-communicator.properties Normal file
View file

@ -0,0 +1,2 @@
org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
org.jitsi.videobridge.TCP_HARVESTER_PORT=__PORT__

67
manifest.json
View file

@ -1,37 +1,36 @@
{
"name": "Jitsi Meet",
"id": "jitsi",
"description": {
"en": "Video conferencing web application",
"fr": "Application web de conférence vidéo"
},
"url": "https://jitsi.org/Projects/JitMeet",
"maintainer": {
"name": "ju",
"email": "julien.malik@paraiso.me"
},
"multi_instance": "false",
"arguments": {
"install": [
{
"name": "domain",
"type": "domain",
"ask": {
"en": "Choose a domain for Jitsi Meet",
"fr": "Choisissez un domaine pour Jitsi Meet"
},
"example": "domain.org"
"name": "Jitsi Meet",
"id": "jitsi",
"packaging_format": 1,
"description": {
"en": "Video conferencing web application",
"fr": "Application web de conférence vidéo"
},
"version": "1.0.3387~ynh1",
"url": "https://jitsi.org/Projects/JitMeet",
"license": "Apache-2.0",
"maintainer": {
"name": "ju",
"email": "julien.malik@paraiso.me"
},
"requirements": {
"yunohost": ">= 3.6"
},
{
"name": "path",
"type": "path",
"ask": {
"en": "Choose a path for Jitsi Meet",
"fr": "Choisissez un chemin pour Jitsi Meet"
},
"example": "/",
"default": "/"
}
]
}
"multi_instance": false,
"services": [
"nginx"
],
"arguments": {
"install" : [
{
"name": "domain",
"type": "domain",
"ask": {
"en": "Choose a domain for Jitsi Meet",
"fr": "Choisissez un domaine pour Jitsi Meet"
},
"example": "domain.org"
}
]
}
}

18
pull_request_template.md Normal file
View file

@ -0,0 +1,18 @@
## Problem
- *Description of why you made this PR*
## Solution
- *And how do you fix that problem*
## PR Status
- [ ] Code finished.
- [ ] Tested with Package_check.
- [ ] Fix or enhancement tested.
- [ ] Upgrade from last version tested.
- [ ] Can be reviewed and tested.
## Package_check results
---
*If you have access to [App Continuous Integration for packagers](https://yunohost.org/#/packaging_apps_ci) you can provide a link to the package_check results like below, replacing '-NUM-' in this link by the PR number and USERNAME by your username on the ci-apps-dev. Or you provide a screenshot or a pastebin of the results*
[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/jitsi_ynh%20PR-NUM-%20(USERNAME)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/jitsi_ynh%20PR-NUM-%20(USERNAME)/)

20
scripts/_common.sh Normal file
View file

@ -0,0 +1,20 @@
#!/bin/bash
#=================================================
# COMMON VARIABLES
#=================================================
# dependencies used by the app
pkg_dependencies="openjdk-8-jdk openjdk-8-jre maven"
#=================================================
# PERSONAL HELPERS
#=================================================
#=================================================
# EXPERIMENTAL HELPERS
#=================================================
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================

97
scripts/backup Normal file
View file

@ -0,0 +1,97 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
#=================================================
# STANDARD BACKUP STEPS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_print_info --message="Stopping a systemd service..."
ynh_systemd_action --service_name=$app-videobridge --action="stop" --log_path="/var/log/$app/$app-videobridge.log"
ynh_systemd_action --service_name=$app-jicofo --action="stop" --log_path="/var/log/$app/$app-jicofo.log"
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
ynh_print_info --message="Backing up the main app directory..."
ynh_backup --src_path="$final_path"
#=================================================
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_print_info --message="Backing up nginx web server configuration..."
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
#=================================================
# BACKUP LOGROTATE
#=================================================
ynh_print_info --message="Backing up logrotate configuration..."
ynh_backup --src_path="/etc/logrotate.d/$app"
#=================================================
# BACKUP METRONOME CONFIG
#=================================================
ynh_print_info --message="Backing up Metronome configuration..."
ynh_backup --src_path="/etc/metronome/conf.d/$domain.cfg.lua"
ynh_backup --src_path="/usr/lib/metronome/modules/mod_carbons.lua"
ynh_backup --src_path="/usr/lib/metronome/modules/mod_http_altconnect.lua"
ynh_backup --src_path="/usr/lib/metronome/modules/mod_smacks.lua"
#=================================================
# BACKUP SYSTEMD
#=================================================
ynh_print_info --message="Backing up systemd configuration..."
ynh_backup --src_path="/etc/systemd/system/$app-videobridge.service"
ynh_backup --src_path="/etc/systemd/system/$app-jicofo.service"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_print_info --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log"
ynh_systemd_action --service_name=$app-jicofo --action="start" --log_path="/var/log/$app/$app-jicofo.log"
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."

392
scripts/install
View file

@ -1,173 +1,283 @@
#!/bin/bash
#!/bin/bash
# Retrieve arguments
domain=$1
path=$2
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
arch=$(uname -m)
if [[ "$arch" != "i686" ]] && [[ "$arch" != "x86_64" ]] ; then
echo "Currently supported only on i686 or x86_64."
echo "ARM platforms are NOT supported right now."
exit 1
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN
path_url="/"
app=$YNH_APP_INSTANCE_NAME
#YOURSECRET3
focus_password=$(ynh_string_random --length=8)
#YOURSECRET1
videobridge_secret=$(ynh_string_random --length=8)
#YOURSECRET2
focus_secret=$(ynh_string_random --length=8)
focus_user="svc${app}focus"
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_print_info --message="Validating installation parameters..."
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Register (book) web path
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_print_info --message="Storing installation settings..."
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=focus_password --value=$focus_password
ynh_app_setting_set --app=$app --key=videobridge_secret --value=$videobridge_secret
ynh_app_setting_set --app=$app --key=focus_secret --value=$focus_secret
ynh_app_setting_set --app=$app --key=focus_user --value=$focus_user
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_print_info --message="Configuring firewall..."
# Find a free port
port=$(ynh_find_port --port=4443)
# Open this port
ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
ynh_app_setting_set --app=$app --key=port --value=$port
# Find a free port
port_videobridge=$(ynh_find_port --port=10000)
# Open this port
ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_videobridge
ynh_app_setting_set --app=$app --key=port_videobridge --value=$port_videobridge
# Find a free port
port_component=$(ynh_find_port --port=5347)
# Open this port
ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port_component
ynh_app_setting_set --app=$app --key=port_component --value=$port_component
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_print_info --message="Installing dependencies..."
ynh_install_app_dependencies $pkg_dependencies
ynh_install_nodejs --nodejs_version=10
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_print_info --message="Setting up source files..."
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path/jitsi-videobridge" --source_id=jitsi-videobridge
ynh_setup_source --dest_dir="$final_path/jitsi-jicofo-build" --source_id=jitsi-jicofo
ynh_setup_source --dest_dir="$final_path/jitsi-meet_temp" --source_id=jitsi-meet
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_print_info --message="Configuring nginx web server..."
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_print_info --message="Configuring system user..."
# Create a system user
ynh_system_user_create --username=$app --home_dir=$final_path
#=================================================
# SPECIFIC SETUP
#=================================================
# CONFIGURE METRONOME
#=================================================
ynh_print_info --message="Configuring metronome..."
# Create additional domains
if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
yunohost domain add auth.$domain
yunohost domain add conference.$domain
yunohost domain add jitsi-videobridge.$domain
yunohost domain add focus.$domain
fi
if [[ "$path" != "/" ]] ; then
echo "Only '/' is supported as path for the moment."
exit 1
fi
# Create focus user
yunohost user create $focus_user -f $focus_user -l $focus_user -m ${focus_user}@auth.$domain -p $focus_password -q 0
sudo yunohost app checkurl $domain$path -a jitsi
if [[ ! $? -eq 0 ]]; then
exit 1
fi
# Configure metronome
mv /etc/metronome/conf.d/$domain.cfg.lua /etc/metronome/conf.d/$domain.cfg.lua.back
mv /etc/metronome/conf.d/auth.$domain.cfg.lua /etc/metronome/conf.d/auth.$domain.cfg.lua.back
mv /etc/metronome/conf.d/conference.$domain.cfg.lua /etc/metronome/conf.d/conference.$domain.cfg.lua.back
mv /etc/metronome/conf.d/jitsi-videobridge.$domain.cfg.lua /etc/metronome/conf.d/jitsi-videobridge.$domain.cfg.lua.back
mv /etc/metronome/conf.d/focus.$domain.cfg.lua /etc/metronome/conf.d/focus.$domain.cfg.lua.back
sudo apt-get update
sudo apt-get install openjdk-7-jdk ant -y
metronome="/etc/metronome/conf.d/$domain.cfg.lua"
cp ../conf/metronome.cfg.lua "$metronome"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$metronome"
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$metronome"
ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="$metronome"
ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="$metronome"
ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$metronome"
chown -R metronome:metronome "/etc/metronome/conf.d/"
# TODO need lua-sec >= 0.5 otherwise jicofo cannot connect because of "no shared ciphers"
cp ../conf/mod_carbons.lua /usr/lib/metronome/modules/mod_carbons.lua
cp ../conf/mod_http_altconnect.lua /usr/lib/metronome/modules/mod_http_altconnect.lua
cp ../conf/mod_smacks.lua /usr/lib/metronome/modules/mod_smacks.lua
#git clone https://github.com/andyet/otalk-server ../src/otalk-server
# TODO mam,websocket(s) already available in default metronome
#cp -r ../src/otalk-server/mod_{smacks,carbons,mam,websocket,turncredentials} /usr/lib/metronome/modules
ynh_systemd_action --service_name=metronome --action=restart
YNH_YOURSECRET1=$(dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d 'A-Za-z0-9' | sed -n 's/\(.\{24\}\).*/\1/p')
YNH_YOURSECRET2=$(dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d 'A-Za-z0-9' | sed -n 's/\(.\{24\}\).*/\1/p')
YNH_YOURSECRET3=$(dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d 'A-Za-z0-9' | sed -n 's/\(.\{24\}\).*/\1/p')
YNH_YOURSECRET4=$(dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d 'A-Za-z0-9' | sed -n 's/\(.\{24\}\).*/\1/p')
#=================================================
# BUILD JITSI-VIDEOBRIDGE
#=================================================
ynh_print_info --message="Building Jitsi-Videobridge..."
jitsi_domain="jitsi.${domain}"
# TODO verify $jitsi_domain is not already used somehow...
mkdir -p "$final_path/.sip-communicator"
cp ../conf/sip-communicator.properties "$final_path/.sip-communicator/sip-communicator.properties"
ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/.sip-communicator/sip-communicator.properties"
chown -R $app: $final_path
sudo groupadd jitsi
#=================================================
# BUILD JITSI-JICOFO
#=================================================
ynh_print_info --message="Building Jitsi-Jicofo..."
#--- Install Jitsi videobridge ---
jvb_buildnum=$(cat ../conf/jvb.version)
if [[ "$arch" == "i686" ]] ; then
jvb_arch="x86"
else
jvb_arch="x64"
fi
mkdir ../src
wget -O ../src/jitsi-videobridge.zip https://download.jitsi.org/jitsi-videobridge/linux/jitsi-videobridge-linux-$jvb_arch-$jvb_buildnum.zip
unzip ../src/jitsi-videobridge.zip -d ../src/jitsi-videobridge
jvb_root=/opt/yunohost/jitsi-videobridge
sudo mkdir -p $jvb_root
sudo cp -ar ../src/jitsi-videobridge/jitsi-videobridge-linux-$jvb_arch-$jvb_buildnum/* $jvb_root
sudo useradd -r -g jitsi -d $jvb_root --shell /bin/bash jvb
sudo chown -R jvb:jitsi $jvb_root
sudo mkdir -p /var/log/jitsi
sudo chown jvb:jitsi /var/log/jitsi
sudo chmod 770 /var/log/jitsi
pushd "$final_path/jitsi-jicofo-build"
mvn package -DskipTests -Dassembly.skipAssembly=false
popd
cat << EOF > ../src/jvb_options
JVB_HOSTNAME=$jitsi_domain
JVB_PORT=5347
JVB_SECRET=$YNH_YOURSECRET1
JVB_OPTS=""
EOF
unzip $final_path/jitsi-jicofo-build/target/jicofo-linux-x64-1.1-SNAPSHOT.zip -d $final_path
sudo mv ../src/jvb_options /etc/default/jitsi-videobridge
sudo cp ../conf/jitsi-videobridge.init /etc/init.d/jitsi-videobridge
sudo chmod +x /etc/init.d/jitsi-videobridge
sudo update-rc.d jitsi-videobridge defaults
sudo yunohost service add jitsi-videobridge -l /var/log/jitsi/jvb.log
mv $final_path/jicofo-linux-x64-1.1-SNAPSHOT/ $final_path/jitsi-jicofo/
# TODO : install java7
# TODO : create .sip-communicator to handle videobridge behind NAT
# TODO : avoid error in logs Failed to load class "org.slf4j.impl.StaticLoggerBinder"
# See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
# TODO : logrotate
# TODO : hook to monit
# TODO : enable jitsi stats : what do we do with it ?
ynh_secure_remove --file="$final_path/jitsi-jicofo-build"
#--- Install Jicofo ---
wget -O ../src/jicofo.zip https://github.com/jitsi/jicofo/archive/master.zip
unzip ../src/jicofo.zip -d ../src/jicofo
if [[ "$arch" == "i686" ]] ; then
jicofo_target="lin"
jicofo_arch="x86"
else
jicofo_target="lin64"
jicofo_arch="x64"
fi
bash -c "cd ../src/jicofo/jicofo-master; PATH=/usr/lib/jvm/java-7-openjdk-amd64/bin:$PATH ant dist.$jicofo_target"
jicofo_dist_zip=$(ls ../src/jicofo/jicofo-master/dist/linux/*.zip)
unzip $jicofo_dist_zip -d ../src/jicofo_dist
#=================================================
# BUILD JITSI-MEET
#=================================================
ynh_print_info --message="Building Jitsi-Meet..."
jicofo_root=/opt/yunohost/jicofo
sudo mkdir -p $jicofo_root
sudo cp -ar ../src/jicofo_dist/$(basename "$jicofo_dist_zip" .zip)/* $jicofo_root
sudo useradd -r -g jitsi -d $jicofo_root --shell /bin/bash jicofo
sudo chown -R jicofo:jitsi $jicofo_root
pushd "$final_path/jitsi-meet_temp"
ar x jitsi-meet-web.deb data.tar.xz
tar xf data.tar.xz
popd
cat << EOF > ../src/jicofo_options
# Jitsi Conference Focus settings
JICOFO_HOST=localhost
JICOFO_HOSTNAME=$jitsi_domain
JICOFO_SECRET=$YNH_YOURSECRET2
JICOFO_PORT=5347
JICOFO_AUTH_DOMAIN=auth.$jitsi_domain
JICOFO_AUTH_USER=focus
JICOFO_AUTH_PASSWORD=$YNH_YOURSECRET3
JICOFO_OPTS=""
EOF
mv "$final_path/jitsi-meet_temp/usr/share/jitsi-meet/" "$final_path/jitsi-meet/"
ynh_secure_remove --file="$final_path/jitsi-meet_temp"
sudo mv ../src/jicofo_options /etc/default/jicofo
sudo cp ../conf/jitsi-jicofo.init /etc/init.d/jicofo
sudo chmod +x /etc/init.d/jicofo
sudo update-rc.d jicofo defaults
sudo yunohost service add jicofo -l /var/log/jitsi/jvb.log
config="$final_path/jitsi-meet/config.js"
cp ../conf/config.js "$config"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
# TODO : build with java7, since java6 outputs more warnings
# TODO : logrotate
# TODO : hook to monit
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_print_info --message="Configuring a systemd service..."
#--- Install Jireco daemon ---
# TODO for later...
# Create a dedicated systemd config
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/jitsi-videobridge.service"
ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="../conf/jitsi-videobridge.service"
ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="../conf/jitsi-videobridge.service"
ynh_add_systemd_config --service=$app-videobridge --template="jitsi-videobridge.service"
#--- Install Jitsi-meet ---
wget -O ../src/jitsi-meet.zip https://github.com/jitsi/jitsi-meet/archive/master.zip
unzip ../src/jitsi-meet.zip -d ../src/jitsi-meet
jitsimeet_path=/var/www/jitsi
sudo mkdir -p $jitsimeet_path
sudo cp -ar ../src/jitsi-meet/jitsi-meet-master/* $jitsimeet_path
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/jitsi-jicofo.service"
ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="../conf/jitsi-jicofo.service"
ynh_replace_string --match_string="__FOCUS_USER__" --replace_string="$focus_user" --target_file="../conf/jitsi-jicofo.service"
ynh_replace_string --match_string="__FOCUS_PASSWORD__" --replace_string="$focus_password" --target_file="../conf/jitsi-jicofo.service"
ynh_add_systemd_config --service=$app-jicofo --template="jitsi-jicofo.service"
sed -i "s@YNH_JITSI_XMPP_HOST@$jitsi_domain@g" ../conf/jitsimeet-config.js
sudo cp ../conf/jitsimeet-config.js $jitsimeet_path/config.js
#=================================================
# STORE THE CONFIG FILE CHECKSUM
#=================================================
sudo chown -R root: $jitsimeet_path
sudo find $jitsimeet_path -type f | xargs sudo chmod 644
sudo find $jitsimeet_path -type d | xargs sudo chmod 755
# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum --file="$config"
# TODO : remove tracking
# TODO : remove GoogleAnalytics
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
#--- Configure metronome ---
sed -i "s@YNH_JITSI_XMPP_HOST@$jitsi_domain@g" ../conf/metronome.conf
sed -i "s@YNH_YOURSECRET1@$YNH_YOURSECRET1@g" ../conf/metronome.conf
sed -i "s@YNH_YOURSECRET2@$YNH_YOURSECRET2@g" ../conf/metronome.conf
sed -i "s@YNH_YOURSECRET4@$YNH_YOURSECRET4@g" ../conf/metronome.conf
# Set permissions to app files
chown -R $app: $final_path
sudo cp ../conf/metronome.conf /etc/metronome/conf.d/$jitsi_domain.cfg.lua
sudo chown metronome: /etc/metronome/conf.d/$jitsi_domain.cfg.lua
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_print_info --message="Configuring log rotation..."
sudo openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj \
"/O=$domain/OU=$domain/CN=$jitsi_domain/emailAddress=webmaster@$domain" \
-keyout /var/lib/metronome/$jitsi_domain.key \
-out /var/lib/metronome/$jitsi_domain.crt
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
# TODO : adduser headless with python pexpect ?
#sudo metronomectl adduser focus@auth.$jitsi_domain # $YNH_YOURSECRET3
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
#--- Configure Nginx ---
# remove trailing '/'. this leaves '/something' untouched, but changes '/' to ''
path=${path%/}
sed -i "s@YNH_LOCATION@$path@g" ../conf/nginx.conf
sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/jitsi.conf
# if using yunohost version 3.2 or more in the 'manifest.json', a description can be added
yunohost service add $app-videobridge --description "$app jitsi-videobridge for jitsi" --log "/var/log/$app/$app-videobridge.log"
yunohost service add $app-jicofo --description "$app jitsi-jicofo for jitsi" --log "/var/log/$app/$app-jicofo.log"
# TODO : subdir support
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_print_info --message="Starting a systemd service..."
sudo service metronome reload
sudo service jitsi-videobridge restart
sudo service jicofo restart
sudo service nginx reload
# Start a systemd service
ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log"
ynh_systemd_action --service_name=$app-jicofo --action="start" --log_path="/var/log/$app/$app-jicofo.log"
#=================================================
# SETUP SSOWAT
#=================================================
ynh_print_info --message="Configuring SSOwat..."
# Make app public
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
#=================================================
# RELOAD NGINX
#=================================================
ynh_print_info --message="Reloading nginx web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info --message="Installation of $app completed"

175
scripts/remove
View file

@ -1,34 +1,163 @@
#!/bin/bash
domain=$(sudo yunohost app setting jitsi domain)
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
sudo service jitsi-videobridge stop
sudo service jicofo stop
source _common.sh
source /usr/share/yunohost/helpers
sudo rm -rf /opt/yunohost/jicofo
sudo rm -rf /opt/yunohost/jitsi-videobridge
sudo rm /etc/default/jitsi-videobridge
sudo rm /etc/default/jicofo
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading installation settings..."
sudo update-rc.d jitsi-videobridge remove
sudo rm /etc/init.d/jitsi-videobridge
sudo yunohost service remove jitsi-videobridge
app=$YNH_APP_INSTANCE_NAME
sudo update-rc.d jicofo remove
sudo rm /etc/init.d/jicofo
sudo yunohost service remove jicofo
domain=$(ynh_app_setting_get --app=$app --key=domain)
port=$(ynh_app_setting_get --app=$app --key=port)
port_videobridge=$(ynh_app_setting_get --app=$app --key=port_videobridge)
port_component=$(ynh_app_setting_get --app=$app --key=port_component)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
focus_user=$(ynh_app_setting_get --app=$app --key=focus_user)
jitsi_domain=jitsi.$domain
sudo rm /etc/metronome/conf.d/$jitsi_domain.cfg.lua
sudo service metronome restart
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE SERVICE FROM ADMIN PANEL
#=================================================
sudo rm /etc/nginx/conf.d/$domain.d/jitsi.conf
sudo service nginx reload
sudo yunohost app ssowatconf
# Remove a service from the admin panel, added by `yunohost service add`
if ynh_exec_warn_less yunohost service status $app-videobridge >/dev/null
then
ynh_print_info --message="Removing $app-videobridge service..."
yunohost service remove $app-videobridge
fi
sudo rm -rf /var/log/jitsi
if ynh_exec_warn_less yunohost service status $app-jicofo >/dev/null
then
ynh_print_info --message="Removing $app-jicofo service..."
yunohost service remove $app-jicofo
fi
sudo userdel jvb
sudo userdel jicofo
sudo groupdel jitsi
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
ynh_print_info --message="Stopping and removing the systemd service..."
# Remove the dedicated systemd config
ynh_remove_systemd_config --service=$app-videobridge
ynh_remove_systemd_config --service=$app-jicofo
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_print_info --message="Removing dependencies..."
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
ynh_remove_nodejs
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_print_info --message="Removing app main directory..."
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_print_info --message="Removing nginx web server configuration..."
# Remove the dedicated nginx config
ynh_remove_nginx_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_print_info --message="Removing logrotate configuration..."
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# CLOSE A PORT
#=================================================
if yunohost firewall list | grep -q "\- $port$"
then
ynh_print_info --message="Closing port $port..."
ynh_exec_warn_less yunohost firewall disallow TCP $port
fi
if yunohost firewall list | grep -q "\- $port_videobridge$"
then
ynh_print_info --message="Closing port $port_videobridge..."
ynh_exec_warn_less yunohost firewall disallow UDP $port_videobridge
fi
if yunohost firewall list | grep -q "\- $port_component$"
then
ynh_print_info --message="Closing port $port_component..."
ynh_exec_warn_less yunohost firewall disallow TCP $port_component
fi
#=================================================
# SPECIFIC REMOVE
#=================================================
# RECONFIGURE METRONOME
#=================================================
ynh_print_info --message="Reconfiguring Metronome..."
# Reconfigure metronome
ynh_secure_remove --file="/etc/metronome/conf.d/$domain.cfg.lua"
mv /etc/metronome/conf.d/$domain.cfg.lua.back /etc/metronome/conf.d/$domain.cfg.lua
mv /etc/metronome/conf.d/auth.$domain.cfg.lua.back /etc/metronome/conf.d/auth.$domain.cfg.lua
mv /etc/metronome/conf.d/conference.$domain.cfg.lua.back /etc/metronome/conf.d/conference.$domain.cfg.lua
mv /etc/metronome/conf.d/jitsi-videobridge.$domain.cfg.lua.back /etc/metronome/conf.d/jitsi-videobridge.$domain.cfg.lua
mv /etc/metronome/conf.d/focus.$domain.cfg.lua.back /etc/metronome/conf.d/focus.$domain.cfg.lua
ynh_secure_remove --file="/usr/lib/metronome/modules/mod_carbons.lua"
ynh_secure_remove --file="/usr/lib/metronome/modules/mod_http_altconnect.lua"
ynh_secure_remove --file="/usr/lib/metronome/modules/mod_smacks.lua"
ynh_systemd_action --service_name=metronome --action=restart
# Delete focus user
yunohost user delete $focus_user --purge
# Removing additional domains
if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
yunohost domain remove auth.$domain
yunohost domain remove conference.$domain
yunohost domain remove jitsi-videobridge.$domain
yunohost domain remove focus.$domain
fi
#=================================================
# REMOVE THE CRON FILE
#=================================================
# Remove the log files
ynh_secure_remove --file="/var/log/$app/"
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_print_info --message="Removing the dedicated system user..."
# Delete a system user
ynh_system_user_delete --username=$app
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info --message="Removal of $app completed"

179
scripts/restore Normal file
View file

@ -0,0 +1,179 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
focus_user=$(ynh_app_setting_get --app=$app --key=focus_user)
focus_password=$(ynh_app_setting_get --app=$app --key=focus_password)
port=$(ynh_app_setting_get --app=$app --key=port)
port_videobridge=$(ynh_app_setting_get --app=$app --key=port_videobridge)
port_component=$(ynh_app_setting_get --app=$app --key=port_component)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_print_info --message="Validating restoration parameters..."
ynh_webpath_available --domain=$domain --path_url=$path_url \
|| ynh_die --message="Path not available: ${domain}${path_url}"
test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_print_info --message="Restoring the app main directory..."
ynh_restore_file --origin_path="$final_path"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_print_info --message="Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir=$final_path
#=================================================
# RESTORE USER RIGHTS
#=================================================
# Restore permissions on app files
chown -R root: $final_path
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_print_info --message="Reinstalling dependencies..."
# Define and install dependencies
ynh_install_app_dependencies $pkg_dependencies
ynh_install_nodejs --nodejs_version=10
#=================================================
# CONFIGURE FIREWALL
#=================================================
ynh_print_info --message="Configuring firewall..."
# Open this port
ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_videobridge
ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port_component
#=================================================
# CONFIGURE METRONOME
#=================================================
ynh_print_info --message="Configuring metronome..."
# Create additional domains
if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
yunohost domain add auth.$domain
yunohost domain add conference.$domain
yunohost domain add jitsi-videobridge.$domain
yunohost domain add focus.$domain
fi
# Create focus user
yunohost user create $focus_user -f $focus_user -l $focus_user -m ${focus_user}@auth.$domain -p $focus_password -q 0
# Configure metronome
mv /etc/metronome/conf.d/$domain.cfg.lua /etc/metronome/conf.d/$domain.cfg.lua.back
mv /etc/metronome/conf.d/auth.$domain.cfg.lua /etc/metronome/conf.d/auth.$domain.cfg.lua.back
mv /etc/metronome/conf.d/conference.$domain.cfg.lua /etc/metronome/conf.d/conference.$domain.cfg.lua.back
mv /etc/metronome/conf.d/jitsi-videobridge.$domain.cfg.lua /etc/metronome/conf.d/jitsi-videobridge.$domain.cfg.lua.back
mv /etc/metronome/conf.d/focus.$domain.cfg.lua /etc/metronome/conf.d/focus.$domain.cfg.lua.back
ynh_restore_file --origin_path="/etc/metronome/conf.d/$domain.cfg.lua"
chown -R metronome:metronome "/etc/metronome/conf.d/"
ynh_restore_file --origin_path="/usr/lib/metronome/modules/mod_carbons.lua"
ynh_restore_file --origin_path="/usr/lib/metronome/modules/mod_http_altconnect.lua"
ynh_restore_file --origin_path="/usr/lib/metronome/modules/mod_smacks.lua"
ynh_systemd_action --service_name=metronome --action=restart
#=================================================
# RESTORE SYSTEMD
#=================================================
ynh_print_info --message="Restoring the systemd configuration..."
ynh_restore_file --origin_path="/etc/systemd/system/$app-videobridge.service"
systemctl enable $app-videobridge.service
ynh_restore_file --origin_path="/etc/systemd/system/$app-jicofo.service"
systemctl enable $app-jicofo.service
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add $app-videobridge --log "/var/log/$app/$app-videobridge.log"
yunohost service add $app-jicofo --log "/var/log/$app/$app-jicofo.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_print_info --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log"
ynh_systemd_action --service_name=$app-jicofo --action="start" --log_path="/var/log/$app/$app-jicofo.log"
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_print_info --message="Reloading nginx web server and php-fpm..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info --message="Restoration completed for $app"

240
scripts/upgrade
View file

@ -1,14 +1,232 @@
#!/bin/bash
#!/bin/bash
# Retrieve arguments
domain=$(sudo yunohost app setting jitsi domain)
path=$(sudo yunohost app setting jitsi path)
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
# Remove trailing "/" for next commands
path=${path%/}
source _common.sh
source /usr/share/yunohost/helpers
# Configure Nginx and reload
sed -i "s@PATHTOCHANGE@$path@g" ../conf/nginx.conf
sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/jitsi.conf
sudo service nginx reload
sudo service jitsi reload
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
videobridge_secret=$(ynh_app_setting_get --app=$app --key=videobridge_secret)
focus_secret=$(ynh_app_setting_get --app=$app --key=focus_secret)
port_component=$(ynh_app_setting_get --app=$app --key=port_component)
focus_user=$(ynh_app_setting_get --app=$app --key=focus_user)
focus_password=$(ynh_app_setting_get --app=$app --key=focus_password)
#=================================================
# CHECK VERSION
#=================================================
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_print_info --message="Ensuring downward compatibility..."
# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
final_path=/var/www/$app
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_print_info --message="Backing up the app before upgrading (may take a while)..."
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_print_info --message="Stopping a systemd service..."
ynh_systemd_action --service_name=$app-videobridge --action="stop" --log_path="/var/log/$app/$app-videobridge.log"
ynh_systemd_action --service_name=$app-jicofo --action="stop" --log_path="/var/log/$app/$app-jicofo.log"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_print_info --message="Upgrading source files..."
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path/jitsi-videobridge" --source_id=jitsi-videobridge
ynh_setup_source --dest_dir="$final_path/jitsi-jicofo-build" --source_id=jitsi-jicofo
ynh_setup_source --dest_dir="$final_path/jitsi-meet_temp" --source_id=jitsi-meet
fi
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_print_info --message="Upgrading nginx web server configuration..."
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_print_info --message="Upgrading dependencies..."
ynh_install_app_dependencies $pkg_dependencies
ynh_install_nodejs --nodejs_version=10
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_print_info --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir=$final_path
#=================================================
# SPECIFIC UPGRADE
#=================================================
# BUILD JITSI-VIDEOBRIDGE
#=================================================
ynh_print_info --message="Building Jitsi-Videobridge..."
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
mkdir -p "$final_path/.sip-communicator"
cp ../conf/sip-communicator.properties "$final_path/.sip-communicator/sip-communicator.properties"
chown -R $app: $final_path
fi
#=================================================
# BUILD JITSI-JICOFO
#=================================================
ynh_print_info --message="Building Jitsi-Jicofo..."
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
pushd "$final_path/jitsi-jicofo-build"
mvn package -DskipTests -Dassembly.skipAssembly=false
popd
unzip $final_path/jitsi-jicofo-build/target/jicofo-linux-x64-1.1-SNAPSHOT.zip -d $final_path
ynh_secure_remove --file="$final_path/jitsi-jicofo/"
mv $final_path/jicofo-linux-x64-1.1-SNAPSHOT/ $final_path/jitsi-jicofo/
ynh_secure_remove --file="$final_path/jitsi-jicofo-build"
fi
#=================================================
# BUILD JITSI-MEET
#=================================================
ynh_print_info --message="Building Jitsi-Meet..."
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
pushd "$final_path/jitsi-meet_temp"
ar x jitsi-meet-web.deb data.tar.xz
tar xf data.tar.xz
popd
ynh_secure_remove --file="$final_path/jitsi-meet/"
mv "$final_path/jitsi-meet_temp/usr/share/jitsi-meet/" "$final_path/jitsi-meet/"
ynh_secure_remove --file="$final_path/jitsi-meet_temp"
config="$final_path/jitsi-meet/config.js"
ynh_backup_if_checksum_is_different --file="$config"
cp ../conf/config.js "$config"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
# Recalculate and store the checksum of the file for the next upgrade.
ynh_store_file_checksum --file="$config"
fi
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_print_info --message="Upgrading logrotate configuration..."
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_print_info --message="Upgrading systemd configuration..."
# Create a dedicated systemd config
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/jitsi-videobridge.service"
ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="../conf/jitsi-videobridge.service"
ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="../conf/jitsi-videobridge.service"
ynh_add_systemd_config --service=$app-videobridge --template="jitsi-videobridge.service"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/jitsi-jicofo.service"
ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="../conf/jitsi-jicofo.service"
ynh_replace_string --match_string="__FOCUS_USER__" --replace_string="$focus_user" --target_file="../conf/jitsi-jicofo.service"
ynh_replace_string --match_string="__FOCUS_PASSWORD__" --replace_string="$focus_password" --target_file="../conf/jitsi-jicofo.service"
ynh_add_systemd_config --service=$app-jicofo --template="jitsi-jicofo.service"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# Set permissions on app files
chown -R root: $final_path
#=================================================
# SETUP SSOWAT
#=================================================
ynh_print_info --message="Upgrading SSOwat configuration..."
# Make app public
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_print_info --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log"
ynh_systemd_action --service_name=$app-jicofo --action="start" --log_path="/var/log/$app/$app-jicofo.log"
#=================================================
# RELOAD NGINX
#=================================================
ynh_print_info --message="Reloading nginx web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info --message="Upgrade of $app completed"