From eda6e874324d24e71f5e337aac51468c5e32e2aa Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Mon, 8 Apr 2024 03:38:42 +0200 Subject: [PATCH 01/38] Upgrade to v0.5.1 https://github.com/mautrix/signal/releases/tag/v0.5.1 --- manifest.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifest.toml b/manifest.toml index f2ee1a6..3860b72 100644 --- a/manifest.toml +++ b/manifest.toml @@ -7,7 +7,7 @@ name = "Matrix Signal bridge" description.en = "Matrix / Synapse puppeting bridge for Signal" description.fr = "Passerelle Matrix / Synapse pour Signal" -version = "0.4.3~ynh2" +version = "0.5.1~ynh1" maintainers = ["MayeulC"] @@ -67,8 +67,8 @@ ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requiremen [resources] [resources.sources] [resources.sources.main] - url = "https://github.com/mautrix/signal/archive/refs/tags/v0.4.3.tar.gz" - sha256 = "e75636e845d4b9d84070efec510b7358b93a4fb0d6ffe4300dbdb9260725ba53" + url = "https://github.com/mautrix/signal/archive/refs/tags/v0.5.1.tar.gz" + sha256 = "646736a97421b4a3e25afa4410ef3168cba66b4964b3df0d2468d36ca409b193" rename = "mautrix-signal.tar.gz" extract = false From 9728086f8d1bf2807e7784da1049020727bf6d38 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Mon, 8 Apr 2024 01:38:45 +0000 Subject: [PATCH 02/38] Auto-update READMEs --- README.md | 2 +- README_eu.md | 2 +- README_fr.md | 2 +- README_gl.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index cabdeae..89c70f2 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ Currently the Matrix user can NOT invite other Matrix user in a bridged Signal r The ["Mautrix-Signal"](https://docs.mau.fi/bridges/python/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. -**Shipped version:** 0.4.3~ynh2 +**Shipped version:** 0.5.1~ynh1 ## Documentation and resources - Official user documentation: diff --git a/README_eu.md b/README_eu.md index 4d9f41d..2e4f556 100644 --- a/README_eu.md +++ b/README_eu.md @@ -22,7 +22,7 @@ Currently the Matrix user can NOT invite other Matrix user in a bridged Signal r The ["Mautrix-Signal"](https://docs.mau.fi/bridges/python/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. -**Paketatutako bertsioa:** 0.4.3~ynh2 +**Paketatutako bertsioa:** 0.5.1~ynh1 ## Dokumentazioa eta baliabideak - Erabiltzaileen dokumentazio ofiziala: diff --git a/README_fr.md b/README_fr.md index aad8de4..04d62af 100644 --- a/README_fr.md +++ b/README_fr.md @@ -23,7 +23,7 @@ La passerelle ["Mautrix-Signal"](https://docs.mau.fi/bridges/python/signal/index **Attention : sauvegardez et restaurez toujours les deux applications Yunohost matrix-synapse et mautrix_signal en même temps!** -**Version incluse :** 0.4.3~ynh2 +**Version incluse :** 0.5.1~ynh1 ## Documentations et ressources - Documentation officielle utilisateur : diff --git a/README_gl.md b/README_gl.md index c68463f..111b63f 100644 --- a/README_gl.md +++ b/README_gl.md @@ -22,7 +22,7 @@ Currently the Matrix user can NOT invite other Matrix user in a bridged Signal r The ["Mautrix-Signal"](https://docs.mau.fi/bridges/python/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. -**Versión proporcionada:** 0.4.3~ynh2 +**Versión proporcionada:** 0.5.1~ynh1 ## Documentación e recursos - Documentación oficial para usuarias: From f8e535c1cda1e2360a39ae4f73200f222f1514ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nathana=C3=ABl=20Hannebert?= Date: Tue, 9 Apr 2024 07:55:28 +0200 Subject: [PATCH 03/38] chg: update config.yaml template from upstream --- conf/config.yaml | 409 ++++++++++++++++++++--------------------------- 1 file changed, 175 insertions(+), 234 deletions(-) diff --git a/conf/config.yaml b/conf/config.yaml index c1b528b..dd227f6 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -1,168 +1,185 @@ -# Homeserver details +# Homeserver details. homeserver: # The address that this appservice can use to connect to the homeserver. - address: https://__DOMAIN__ + address: https://matrix.example.com # The domain of the homeserver (also known as server_name, used for MXIDs, etc). domain: __SERVER_NAME__ - # Whether or not to verify the SSL certificate of the homeserver. - # Only applies if address starts with https:// - verify_ssl: true + # What software is the homeserver running? # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. software: standard - # Number of retries for all HTTP requests if the homeserver isn't reachable. - http_retry_count: 4 # The URL to push real-time bridge status to. # If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes. # The bridge will use the appservice as_token to authorize requests. status_endpoint: null # Endpoint for reporting per-message status. message_send_checkpoint_endpoint: null - # Maximum number of simultaneous HTTP connections to the homeserver. - connection_limit: 100 - # Whether asynchronous uploads via MSC2246 should be enabled for media. - # Requires a media repo that supports MSC2246. + # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? async_media: false -# Application service host/registration related details + # Should the bridge use a websocket for connecting to the homeserver? + # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, + # mautrix-asmux (deprecated), and hungryserv (proprietary). + websocket: false + # How often should the websocket be pinged? Pinging will be disabled if this is zero. + ping_interval_seconds: 0 + +# Application service host/registration related details. # Changing these values requires regeneration of the registration. appservice: # The address that the homeserver can use to connect to this appservice. address: http://localhost:__PORT__ - # When using https:// the TLS certificate and key files for the address. - tls_cert: false - tls_key: false # The hostname and port where this appservice should listen. hostname: 0.0.0.0 port: __PORT__ - # The maximum body size of appservice API requests (from the homeserver) in mebibytes - # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s - max_body_size: 1 - # The full URI to the database. SQLite and Postgres are supported. - # Format examples: - # SQLite: sqlite:///filename.db - # Postgres: postgres://username:password@hostname/dbname - database: postgres://__APP__:__DB_PWD__@localhost:5432/__DB_NAME__ - # Additional arguments for asyncpg.create_pool() or sqlite3.connect() - # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool - # https://docs.python.org/3/library/sqlite3.html#sqlite3.connect - # For sqlite, min_size is used as the connection thread pool size and max_size is ignored. - # Additionally, SQLite supports init_commands as an array of SQL queries to run on connect (e.g. to set PRAGMAs). - database_opts: - min_size: 5 - max_size: 10 + # Database config. + database: + # The database type. "sqlite3-fk-wal" and "postgres" are supported. + type: postgres + # The database URI. + # SQLite: A raw file path is supported, but `file:?_txlock=immediate` is recommended. + # https://github.com/mattn/go-sqlite3#connection-string + # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable + # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql + uri: postgres://__APP__:__DB_PWD__@localhost:5432/__DB_NAME__?sslmode=disable + # Maximum number of connections. Mostly relevant for Postgres. + max_open_conns: 20 + max_idle_conns: 2 + # Maximum connection idle time and lifetime before they're closed. Disabled if null. + # Parsed with https://pkg.go.dev/time#ParseDuration + max_conn_idle_time: null + max_conn_lifetime: null # The unique ID of this appservice. id: __BOTNAME__ - # Username of the appservice bot. - bot_username: __BOTNAME__ - # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty - # to leave display name/avatar as-is. - bot_displayname: Signal bridge bot - bot_avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp + # Appservice bot details. + bot: + # Username of the appservice bot. + username: __BOTNAME__ + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + displayname: Signal bridge bot + avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). - # You should disable bridge -> sync_with_custom_puppets when this is enabled. - ephemeral_events: false + ephemeral_events: true + + # Should incoming events be handled asynchronously? + # This may be necessary for large public instances with lots of messages going through. + # However, messages will not be guaranteed to be bridged in the same order they were sent in. + async_transactions: false # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. as_token: "This value is generated when generating the registration" hs_token: "This value is generated when generating the registration" -# Prometheus telemetry config. Requires prometheus-client to be installed. +# Prometheus config. metrics: + # Enable prometheus metrics? enabled: false - listen_port: 8000 - -# Manhole config. -manhole: - # Whether or not opening the manhole is allowed. - enabled: false - # The path for the unix socket. - path: /var/tmp/mautrix-signal.manhole - # The list of UIDs who can be added to the whitelist. - # If empty, any UIDs can be specified in the open-manhole command. - whitelist: - - 0 + # IP and port where the metrics listener should be. The path is always /metrics + listen: 127.0.0.1:8000 signal: - # Path to signald unix socket - socket_path: /var/run/signald/signald.sock - # Directory for temp files when sending files to Signal. This should be an - # absolute path that signald can read. For attachments in the other direction, - # make sure signald is configured to use an absolute path as the data directory. - outgoing_attachment_dir: /tmp - # Directory where signald stores avatars for groups. - avatar_dir: ~/.config/signald/avatars - # Directory where signald stores auth data. Used to delete data when logging out. - data_dir: ~/.config/signald/data - # Whether or not unknown signald accounts should be deleted when the bridge is started. - # When this is enabled, any UserInUse errors should be resolved by restarting the bridge. - delete_unknown_accounts_on_start: false - # Whether or not message attachments should be removed from disk after they're bridged. - remove_file_after_handling: true - # Whether or not users can register a primary device - registration_enabled: true - # Whether or not to enable disappearing messages in groups. If enabled, then the expiration - # time of the messages will be determined by the first users to read the message, rather - # than individually. If the bridge has a single user, this can be turned on safely. - enable_disappearing_messages_in_groups: false + # Default device name that shows up in the Signal app. + device_name: mautrix-signal # Bridge config bridge: # Localpart template of MXIDs for Signal users. - # {userid} is replaced with the UUID of the Signal user. - username_template: "sg_{userid}" - # Displayname template for Signal users. - # {displayname} is replaced with the displayname of the Signal user, which is the first - # available variable in displayname_preference. The variables in displayname_preference - # can also be used here directly. - displayname_template: "{displayname} (SG)" - # Whether or not contact list displaynames should be used. - # Possible values: disallow, allow, prefer - # - # Multi-user instances are recommended to disallow contact list names, as otherwise there can - # be conflicts between names from different users' contact lists. - contact_list_names: disallow - # Available variables: full_name, first_name, last_name, phone, uuid - displayname_preference: - - full_name - - phone + # {{.}} is replaced with the internal ID of the Signal user. + username_template: sg_{{.UUID}} + # Displayname template for Signal users. This is also used as the room name in DMs if private_chat_portal_meta is enabled. + # {{.ProfileName}} - The Signal profile name set by the user. + # {{.ContactName}} - The name for the user from your phone's contact list. This is not safe on multi-user instances. + # {{.PhoneNumber}} - The phone number of the user. + # {{.UUID}} - The UUID of the Signal user. + # {{.AboutEmoji}} - The emoji set by the user in their profile. + displayname_template: '{{or .ProfileName .PhoneNumber "Unknown user"}}' + # Whether to explicitly set the avatar and room name for private chat portal rooms. + # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms. + # If set to `always`, all DM rooms will have explicit names and avatars set. + # If set to `never`, DM rooms will never have names and avatars set. + private_chat_portal_meta: default + # Should avatars from the user's contact list be used? This is not safe on multi-user instances. + use_contact_avatars: false + # Should the bridge sync ghost user info even if profile fetching fails? This is not safe on multi-user instances. + use_outdated_profiles: false + # Should the Signal user's phone number be included in the room topic in private chat portal rooms? + number_in_topic: true + # Avatar image for the Note to Self room. + note_to_self_avatar: mxc://maunium.net/REBIVrqjZwmaWpssCZpBlmlL - # Whether or not to create portals for all groups on login/connect. - autocreate_group_portal: true - # Whether or not to create portals for all contacts on login/connect. - autocreate_contact_portal: false - # Whether or not to make portals of Signal groups in which joining via invite link does - # not need to be approved by an administrator publicly joinable on Matrix. - public_portals: false - # Whether or not to use /sync to get read receipts and typing notifications - # when double puppeting is enabled - sync_with_custom_puppets: true - # Whether or not to update the m.direct account data event when double puppeting is enabled. + portal_message_buffer: 128 + + # Should the bridge create a space for each logged-in user and add bridged rooms to it? + # Users who logged in before turning this on should run `!signal sync-space` to create and fill the space for the first time. + personal_filtering_spaces: true + # Should Matrix m.notice-type messages be bridged? + bridge_notices: true + # Should the bridge send a read receipt from the bridge bot when a message has been sent to Signal? + delivery_receipts: false + # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. + message_status_events: false + # Whether the bridge should send error notices via m.notice events when a message fails to bridge. + message_error_notices: true + # Should the bridge update the m.direct account data event when double puppeting is enabled. # Note that updating the m.direct event is not atomic (except with mautrix-asmux) # and is therefore prone to race conditions. sync_direct_chat_list: false - # Allow using double puppeting from any server with a valid client .well-known file. - double_puppet_allow_discovery: false - # Servers to allow double puppeting from, even if double_puppet_allow_discovery is false. - double_puppet_server_map: - example.com: https://example.com - # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth - # - # If set, custom puppets will be enabled automatically for local users - # instead of users having to find an access token and run `login-matrix` - # manually. - # If using this for other servers than the bridge's server, - # you must also set the URL in the double_puppet_server_map. - login_shared_secret_map: - example.com: foo + # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. + # This field will automatically be changed back to false after it, except if the config file is not writable. + resend_bridge_info: false + # Whether or not to make portals of groups that don't need approval of an admin to join by invite + # link publicly joinable on Matrix. + public_portals: false + # Send captions in the same message as images. This will send data compatible with both MSC2530. + # This is currently not supported in most clients. + caption_in_message: false # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. federate_rooms: true + # Servers to always allow double puppeting from + double_puppet_server_map: + example.com: https://example.com + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, double puppeting will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret_map: + example.com: foobar + + # Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration + # Null means there's no enforced timeout. + message_handling_timeout: + # Send an error message after this timeout, but keep waiting for the response until the deadline. + # This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay. + # If the message is older than this when it reaches the bridge, the message won't be handled at all. + error_after: null + # Drop messages after this timeout. They may still go through if the message got sent to the servers. + # This is counted from the time the bridge starts handling the message. + deadline: 120s + + # The prefix for commands. Only required in non-management rooms. + command_prefix: '!signal' + # Messages sent upon joining a management room. + # Markdown is supported. The defaults are listed below. + management_room_text: + # Sent when joining a room. + welcome: "Hello, I'm a Signal bridge bot." + # Sent when joining a management room and the user is already logged in. + welcome_connected: "Use `help` for help." + # Sent when joining a management room and the user is not logged in. + welcome_unconnected: "Use `help` for help or `login` to log in." + # Optional extra text sent when joining a management room. + additional_help: "" + # End-to-bridge encryption support options. # # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. @@ -196,6 +213,10 @@ bridge: delete_on_device_delete: false # Periodically delete megolm sessions when 2x max_age has passed since receiving the session. periodically_delete_expired: false + # Delete inbound megolm sessions that don't have the received_at field used for + # automatic ratcheting and expired session deletion. This is meant as a migration + # to delete old keys prior to the bridge update. + delete_outdated_inbound: false # What level of device verification should be required from users? # # Valid levels: @@ -207,7 +228,7 @@ bridge: # verified - Require manual per-device verification # (currently only possible by modifying the `trust` column in the `crypto_device` database table). verification_levels: - # Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix. + # Minimum level for which the bridge should send keys to when bridging messages from Signal to Matrix. receive: unverified # Minimum level that the bridge should accept for incoming Matrix messages. send: unverified @@ -231,142 +252,62 @@ bridge: # default. messages: 100 - # Whether to explicitly set the avatar and room name for private chat portal rooms. - # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms. - # If set to `always`, all DM rooms will have explicit names and avatars set. - # If set to `never`, DM rooms will never have names and avatars set. - private_chat_portal_meta: default - # Whether or not the bridge should send a read receipt from the bridge bot when a message has - # been sent to Signal. This let's you check manually whether the bridge is receiving your - # messages. - # Note that this is not related to Signal delivery receipts. - delivery_receipts: false - # Whether or not delivery errors should be reported as messages in the Matrix room. - delivery_error_reports: true - # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. - message_status_events: false - # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. - # This field will automatically be changed back to false after it, - # except if the config file is not writable. - resend_bridge_info: false - # Interval at which to resync contacts (in seconds). - periodic_sync: 0 + # Disable rotating keys when a user's devices change? + # You should not enable this option unless you understand all the implications. + disable_device_change_key_rotation: false # Should leaving the room on Matrix make the user leave on Signal? bridge_matrix_leave: true - # Should the bridge auto-create a group chat on Signal when a ghost is invited to a room? - # Requires the user to have sufficient power level and double puppeting enabled. - create_group_on_invite: true - hacky_contact_name_mixup_detection: false - - # Provisioning API part of the web server for automated portal creation and fetching information. - # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). + # Settings for provisioning API provisioning: - # Whether or not the provisioning API should be enabled. - enabled: false - # The prefix to use in the provisioning API endpoints. + # Prefix for the provisioning API paths. prefix: /_matrix/provision - # The shared secret to authorize users of the API. - # Set to "generate" to generate and save a new token. + # Shared secret for authentication. If set to "generate", a random secret will be generated, + # or if set to "disable", the provisioning API will be disabled. shared_secret: generate - # Segment API key to enable analytics tracking for web server - # endpoints. Set to null to disable. - # Currently the only events are login start, QR code scan, and login - # success/failure. - segment_key: null - # Optional user_id to use when sending Segment events. If null, defaults to using mxID. - segment_user_id: null - - # The prefix for commands. Only required in non-management rooms. - command_prefix: "!sg" - - # Messages sent upon joining a management room. - # Markdown is supported. The defaults are listed below. - management_room_text: - # Sent when joining a room. - welcome: "Hello, I'm a Signal bridge bot." - # Sent when joining a management room and the user is already logged in. - welcome_connected: "Use `help` for help." - # Sent when joining a management room and the user is not logged in. - welcome_unconnected: "Use `help` for help or `link` to log in." - # Optional extra text sent when joining a management room. - additional_help: "" - - # Send each message separately (for readability in some clients) - management_room_multiple_messages: false + # Enable debug API at /debug with provisioning authentication. + debug_endpoints: false # Permissions for using the bridge. # Permitted values: - # relay - Allowed to be relayed through the bridge, no access to commands. - # user - Use the bridge with puppeting. - # admin - Use and administrate the bridge. + # relay - Talk through the relaybot (if enabled), no access otherwise + # user - Access to use the bridge to chat with a Signal account. + # admin - User level and some additional administration tools # Permitted keys: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user permissions: - "*": "relay" - __IF_BOTUSERS__"__BOTUSERS__": "user" - "__BOTADMIN__": "admin" + "*": relay + __IF_BOTUSERS__"__BOTUSERS__": user + "__BOTADMIN__": admin + # Settings for relay mode relay: # Whether relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any # authenticated user into a relaybot for that chat. enabled: __ENABLE_RELAYBOT__ - # The formats to use when sending messages to Signal via a relay user. - # - # Available variables: - # $sender_displayname - The display name of the sender (e.g. Example User) - # $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser) - # $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com) - # $message - The message content + # Should only admins be allowed to set themselves as relay users? + admin_only: false + # The formats to use when sending messages to Signal via the relaybot. message_formats: - m.text: '$sender_displayname: $message' - m.notice: '$sender_displayname: $message' - m.emote: '* $sender_displayname $message' - m.file: '$sender_displayname sent a file' - m.image: '$sender_displayname sent an image' - m.audio: '$sender_displayname sent an audio file' - m.video: '$sender_displayname sent a video' - m.location: '$sender_displayname sent a location' - # Specify a dedicated relay account. Must be a regular matrix account logged into this bridge - # and double puppeting working to auto-accept invites. When this user is invited to a room - # it will automatically be set as the relay user. May be overridden with `set-relay` or `unset-relay` - # relaybot: '@relaybot:example.com' - # Whether or not invites from non-logged-in users should be relayed - invite: true + m.text: "{{ .Sender.Displayname }}: {{ .Message }}" + m.notice: "{{ .Sender.Displayname }}: {{ .Message }}" + m.emote: "* {{ .Sender.Displayname }} {{ .Message }}" + m.file: "{{ .Sender.Displayname }} sent a file" + m.image: "{{ .Sender.Displayname }} sent an image" + m.audio: "{{ .Sender.Displayname }} sent an audio file" + m.video: "{{ .Sender.Displayname }} sent a video" + m.location: "{{ .Sender.Displayname }} sent a location" - # Format for generating URLs from location messages for sending to Signal - # Google Maps: 'https://www.google.com/maps/place/{lat},{long}' - # OpenStreetMap: 'https://www.openstreetmap.org/?mlat={lat}&mlon={long}' - location_format: 'https://www.google.com/maps/place/{lat},{long}' - -# Python logging configuration. -# -# See section 16.7.2 of the Python documentation for more info: -# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema +# Logging config. See https://github.com/tulir/zeroconfig for details. logging: - version: 1 - formatters: - colored: - (): mautrix_signal.util.ColorFormatter - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - normal: - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - handlers: - file: - class: logging.handlers.RotatingFileHandler - formatter: normal - filename: /var/log/__APP__/__APP__.log - maxBytes: 10485760 - backupCount: 10 - console: - class: logging.StreamHandler - formatter: colored - loggers: - mau: - level: INFO - aiohttp: - level: INFO - root: - level: INFO - handlers: [file, console] + min_level: _PRINT_LEVEL__ + writers: + - type: stdout + format: pretty-colored + - type: file + format: json + filename: /var/log/__APP__/__APP__.log + max_size: 100 + max_backups: 10 + compress: true \ No newline at end of file From 3b88c236049d3d2f37acad8f920ea843fb8ecc8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nathana=C3=ABl=20Hannebert?= Date: Tue, 9 Apr 2024 07:57:03 +0200 Subject: [PATCH 04/38] chg: update systemd.service file to run go binary instead of old python app --- conf/systemd.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/systemd.service b/conf/systemd.service index ced26f1..b0c69e3 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -7,7 +7,7 @@ Type=simple User=__APP__ Group=__APP__ WorkingDirectory=__INSTALL_DIR__/ -ExecStart=__INSTALL_DIR__/bin/python3 -m mautrix_signal +ExecStart=__INSTALL_DIR__/mautrix-signal [Install] WantedBy=multi-user.target From 3f2db7ea34206be7db38f40f0ccbff6b27a1754c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nathana=C3=ABl=20Hannebert?= Date: Tue, 9 Apr 2024 08:27:13 +0200 Subject: [PATCH 05/38] chg: update manifest.toml for new types of reales artifacts, removed signald from manifest.toml, update dependencies needed --- manifest.toml | 34 ++++++++++------------------------ 1 file changed, 10 insertions(+), 24 deletions(-) diff --git a/manifest.toml b/manifest.toml index 3860b72..5d160cb 100644 --- a/manifest.toml +++ b/manifest.toml @@ -19,7 +19,7 @@ fund = "https://github.com/sponsors/tulir" [integration] yunohost = ">= 11.2" -architectures = "all" +architectures = ["amd64", "arm64"] multi_instance = true ldap = "not_relevant" sso = "not_relevant" @@ -67,16 +67,17 @@ ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requiremen [resources] [resources.sources] [resources.sources.main] - url = "https://github.com/mautrix/signal/archive/refs/tags/v0.5.1.tar.gz" - sha256 = "646736a97421b4a3e25afa4410ef3168cba66b4964b3df0d2468d36ca409b193" - rename = "mautrix-signal.tar.gz" + in_subdir = false extract = false + rename = "mautrix-signal" + amd64.url = "https://github.com/mautrix/signal/releases/download/v0.5.1/mautrix-signal-amd64" + amd64.sha256 = "571919fa4402a22b6ff8bdcc451377174a2d0344a08d65d5dfcdbd2998902ba5" + arm64.url = "https://github.com/mautrix/signal/releases/download/v0.5.1/mautrix-signal-arm64" + arm64.sha256 = "55c5e685bf9d63a2cc5b436215adff1bc31cb78a8bc4845c94bb150e1d12760c" autoupdate.strategy = "latest_github_release" - - [resources.sources.signald] - url = "https://gitlab.com/signald/signald/-/archive/0.17.0/signald-0.17.0.tar.gz" - sha256 = "225e36637daccf5f01138b7e29e3b2195bced7b13a290d163e34fe1f5d4a5d2a" + autoupdate.asset.amd64 = "^mautrix-signal-amd64$" + autoupdate.asset.arm64 = "^mautrix-signal-arm64$" [resources.system_user] @@ -88,22 +89,7 @@ ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requiremen main.default = 8449 [resources.apt] - packages = [ - "postgresql", - "python3", - "python3-dev", - "build-essential", - "libolm-dev", - ] - - [resources.apt.extras.signal] - repo = "https://updates.signald.org unstable main" - key = "https://updates.signald.org/apt-signing-key.asc" - packages = [ - "libunixsocket-java", - "signald", - "signaldctl", - ] + packages = "g++, postgresql, ffmpeg" [resources.database] type = "postgresql" From 5a2771bd0094f8cff67bab88e274b0974cf4947d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nathana=C3=ABl=20Hannebert?= Date: Tue, 9 Apr 2024 22:42:50 +0200 Subject: [PATCH 06/38] chg: continue to make needed changes for this python-->go upgrade --- conf/config.yaml | 4 +-- manifest.toml | 2 +- scripts/_common.sh | 4 --- scripts/backup | 2 +- scripts/install | 36 ++++++------------------- scripts/remove | 3 +-- scripts/restore | 24 +++++------------ scripts/upgrade | 67 +++++++++++++++++++++++++++------------------- tests.toml | 2 +- 9 files changed, 61 insertions(+), 83 deletions(-) diff --git a/conf/config.yaml b/conf/config.yaml index dd227f6..cbe23d0 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -91,7 +91,7 @@ signal: bridge: # Localpart template of MXIDs for Signal users. # {{.}} is replaced with the internal ID of the Signal user. - username_template: sg_{{.UUID}} + username_template: sg_{{.}} # Displayname template for Signal users. This is also used as the room name in DMs if private_chat_portal_meta is enabled. # {{.ProfileName}} - The Signal profile name set by the user. # {{.ContactName}} - The name for the user from your phone's contact list. This is not safe on multi-user instances. @@ -301,7 +301,7 @@ bridge: # Logging config. See https://github.com/tulir/zeroconfig for details. logging: - min_level: _PRINT_LEVEL__ + min_level: info writers: - type: stdout format: pretty-colored diff --git a/manifest.toml b/manifest.toml index 5d160cb..901bd92 100644 --- a/manifest.toml +++ b/manifest.toml @@ -13,7 +13,7 @@ maintainers = ["MayeulC"] [upstream] license = "AGPL-3.0-or-later" -userdoc = "https://docs.mau.fi/bridges/python/signal/index.html" +userdoc = "https://docs.mau.fi/bridges/go/signal/index.html" code = "https://github.com/mautrix/signal" fund = "https://github.com/sponsors/tulir" diff --git a/scripts/_common.sh b/scripts/_common.sh index a39c092..b8fe056 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,10 +4,6 @@ # COMMON VARIABLES #================================================= -signald_data="/var/lib/signald" -signald_exe="/usr/bin/signald" -signald_user="signald" - enable_relaybot=true #================================================= diff --git a/scripts/backup b/scripts/backup index 3486259..d70f34a 100755 --- a/scripts/backup +++ b/scripts/backup @@ -33,7 +33,7 @@ ynh_backup --src_path="/etc/logrotate.d/$app" # BACKUP VARIOUS FILES #================================================= -ynh_backup --src_path="$signald_data" +# TODO: check if there are some files to backup ynh_backup --src_path="/var/log/$app/" diff --git a/scripts/install b/scripts/install index 93245d5..4244856 100755 --- a/scripts/install +++ b/scripts/install @@ -42,24 +42,17 @@ ynh_app_setting_set --app=$app --key=synapse_instance --value=$synapse_instance ynh_app_setting_set --app=$app --key=server_name --value=$server_name ynh_app_setting_set --app=$app --key=mautrix_version --value=$mautrix_version - -# Add the user to the signald group. The signald group was created when the signald -# package was installed from the extra repository -# resolved by https://gitlab.com/signald/signald/-/commit/278240f3f1cc40a3b444c958b68ca3d6908e98a8 -usermod -a -G "$signald_user" "$app" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Setting up source files..." --weight=3 +ynh_script_progression --message="Setting up source files..." --weight=5 # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$install_dir/src" +ynh_setup_source --dest_dir="$install_dir" -chmod -R o-rwx "$install_dir" -chown -R "$app:$app" "$install_dir" - -mkdir -p /var/log/$app +chmod 750 "$install_dir" +chmod -R 750 "$install_dir" +chown -R $app:$app "$install_dir" #================================================= # ADD A CONFIGURATION @@ -71,28 +64,15 @@ ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml" chmod 400 "$install_dir/config.yaml" chown "$app:$app" "$install_dir/config.yaml" -#================================================= -# INSTALL MAUTRIX-BRIDGE PYTHON MODULE -#================================================= -ynh_script_progression --message="Installing Mautrix-Bridge Python Module..." --weight=6 - -if [ "$YNH_ARCH" == "armhf" ] || [ "$YNH_ARCH" == "armel" ]; then - # Install rustup is not already installed - # We need this to be able to install cryptgraphy - _install_rustup -fi - -_mautrix_signal_build_venv - #================================================= # REGISTER SYNAPSE APP-SERVICE #================================================= ynh_script_progression --message="Registering Synapse app-service" --weight=1 -"$install_dir/venv/bin/python3" -m mautrix_signal -g -c "$install_dir/config.yaml" -r "/etc/matrix-$synapse_instance/app-service/$app.yaml" -"/opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh" || ynh_die --message="Synapse can't restart with the appservice configuration" +$install_dir/mautrix-signal -g -c $install_dir/config.yaml -r /etc/matrix-$synapse_instance/app-service/$app.yaml +/opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh || ynh_die --message="Synapse can't restart with the appservice configuration" -chown -R "$app:$app" "$install_dir" +chown -R $app:$app "$install_dir" ynh_store_file_checksum --file="/etc/matrix-$synapse_instance/app-service/$app.yaml" ynh_store_file_checksum --file="$install_dir/config.yaml" diff --git a/scripts/remove b/scripts/remove index 403f0c0..e1f2321 100755 --- a/scripts/remove +++ b/scripts/remove @@ -48,8 +48,7 @@ ynh_psql_execute_as_root --database="$synapse_db_name" --sql="DROP OWNED BY \"$a #================================================= ynh_script_progression --message="Removing various files..." --weight=6 -ynh_secure_remove --file="$signald_data" -ynh_secure_remove --file="$signald_exe" +# TODO: check if there is a data dir or some files to remove # Remove a directory securely ynh_secure_remove --file="/etc/matrix-$synapse_instance/app-service/$app.yaml" diff --git a/scripts/restore b/scripts/restore index 778dce8..adcf9e2 100755 --- a/scripts/restore +++ b/scripts/restore @@ -35,32 +35,22 @@ ynh_psql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" # RESTORE VARIOUS FILES #================================================= -ynh_systemd_action --service_name=signald --action="stop" -ynh_restore_file --origin_path="$signald_data" -ynh_systemd_action --service_name=signald --action="start" +# TODO: check if there are some files to restore ynh_restore_file --origin_path="/var/log/$app/" -#================================================= -# INSTALL MAUTRIX-BRIDGE PYTHON MODULE -#================================================= -ynh_script_progression --message="Installing Mautrix-Bridge Python Module..." --weight=6 - -if [ "$YNH_ARCH" == "armhf" ] || [ "$YNH_ARCH" == "armel" ]; then - # Install rustup is not already installed - # We need this to be able to install cryptgraphy - _install_rustup -fi - -_mautrix_signal_build_venv #================================================= # REGISTER SYNAPSE APP-SERVICE #================================================= ynh_script_progression --message="Registering Synapse app-service" --weight=1 -"$install_dir/venv/bin/python3" -m mautrix_signal -g -c "$install_dir/config.yaml" -r "/etc/matrix-$synapse_instance/app-service/$app.yaml" -"/opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh" || ynh_die "Synapse can't restart with the appservice configuration" +$install_dir/mautrix-signal -g -c $install_dir/config.yaml -r /etc/matrix-$synapse_instance/app-service/$app.yaml +/opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh || ynh_die --message="Synapse can't restart with the appservice configuration" + +chown -R $app:$app "$install_dir" +ynh_store_file_checksum --file="/etc/matrix-$synapse_instance/app-service/$app.yaml" +ynh_store_file_checksum --file="$install_dir/config.yaml" #================================================= # RESTORE SYSTEM CONFIGURATIONS diff --git a/scripts/upgrade b/scripts/upgrade index ff3b0da..dc2a81b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -14,6 +14,13 @@ synapse_db_name="matrix_$synapse_instance" server_name=$(ynh_app_setting_get --app $synapse_instance --key server_name) domain=$(ynh_app_setting_get --app $synapse_instance --key domain) +#================================================= +# CHECK VERSION +#================================================= +ynh_script_progression --message="Checking version..." --weight=1 + +upgrade_type=$(ynh_check_app_version_changed) + #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -28,27 +35,47 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 -# Fix possible permission issues with a previous signald version, esp. with stickers -mkdir -p /var/lib/signald/{avatars,attachments,stickers} -chown "$signald_user:$signald_user" /var/lib/signald/{avatars,attachments,stickers} -chmod -R g+rwX /var/lib/signald/{avatars,attachments,stickers} +# TODO: check if there are some file that need some chown chmod +# TODO: look at whatsapp to compare + +#================================================= +# MIGRATION 1 : PYTHON TO GO BRIDGE +#================================================= + +# Version 0.5.1 of Mautrix Signal Bridge is written in Go, whereas previous versions +# were written in Python. Also signald data is not needed anymore. + +# Remove rustup + +# Remove signald and its repository + +# Remove signald data + +# Remove signald system user + + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Upgrading source files..." --weight=1 -# Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$install_dir/src" --full_replace=1 +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." --weight=2 -chmod -R o-rwx "$install_dir" -chown -R "$app:$app" "$install_dir" + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$install_dir" +fi + +chmod 750 "$install_dir" +chmod -R 750 "$install_dir" +chown -R $app:$app "$install_dir" #================================================= # UPDATE A CONFIG FILE #================================================= ynh_script_progression --message="Updating a configuration file..." --weight=2 - +echo "botusers=$botusers" if [[ -z "$botusers" ]] || [ "$botusers" == "admin" ]; then if_botusers="# " else @@ -60,29 +87,15 @@ ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml" chmod 400 "$install_dir/config.yaml" chown "$app:$app" "$install_dir/config.yaml" -#================================================= -# UPGRADE MAUTRIX-BRIDGE PYTHON MODULE -#================================================= -ynh_script_progression --message="Upgrading Mautrix-Bridge Python Module..." --weight=2 - -if [ "$YNH_ARCH" == "armhf" ] || [ "$YNH_ARCH" == "armel" ]; then - # Install rustup is not already installed - # We need this to be able to install cryptgraphy - _install_rustup -fi - -_mautrix_signal_build_venv - #================================================= # REGISTER SYNAPSE APP-SERVICE #================================================= ynh_script_progression --message="Registering Synapse app-service" --weight=1 -"$install_dir/venv/bin/python3" -m mautrix_signal -g -c "$install_dir/config.yaml" -r "/etc/matrix-$synapse_instance/app-service/$app.yaml" -/opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh || ynh_die "Synapse can't restart with the appservice configuration" +$install_dir/mautrix-signal -g -c $install_dir/config.yaml -r /etc/matrix-$synapse_instance/app-service/$app.yaml +/opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh || ynh_die --message="Synapse can't restart with the appservice configuration" -# Set permissions on app files -chown -R "$app:$app" "$install_dir" +chown -R $app:$app "$install_dir" ynh_store_file_checksum --file="/etc/matrix-$synapse_instance/app-service/$app.yaml" ynh_store_file_checksum --file="$install_dir/config.yaml" diff --git a/tests.toml b/tests.toml index 07836c8..251be62 100644 --- a/tests.toml +++ b/tests.toml @@ -12,4 +12,4 @@ test_format = 1.0 args.botadmin = "@johndoe:synapsedomain.tld" args.botusers = "synapsedomain.tld" - test_upgrade_from.40c16d3c8898196c6e1a43e8f0af70c052dd41f6.name = "0.2.3~ynh1" + test_upgrade_from.76c28b29e4a9bfed0ef9765d08fc8f58fbd6dd2d.name = "0.4.3~ynh1" From 1ea44d1eaec83a902fddca90e62b7d0fdad281bb Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 9 Apr 2024 20:42:58 +0000 Subject: [PATCH 07/38] Auto-update READMEs --- README.md | 2 +- README_eu.md | 2 +- README_fr.md | 2 +- README_gl.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 89c70f2..83d78df 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ The ["Mautrix-Signal"](https://docs.mau.fi/bridges/python/signal/index.html) bri **Shipped version:** 0.5.1~ynh1 ## Documentation and resources -- Official user documentation: +- Official user documentation: - Upstream app code repository: - YunoHost Store: - Report a bug: diff --git a/README_eu.md b/README_eu.md index 2e4f556..26857c7 100644 --- a/README_eu.md +++ b/README_eu.md @@ -25,7 +25,7 @@ The ["Mautrix-Signal"](https://docs.mau.fi/bridges/python/signal/index.html) bri **Paketatutako bertsioa:** 0.5.1~ynh1 ## Dokumentazioa eta baliabideak -- Erabiltzaileen dokumentazio ofiziala: +- Erabiltzaileen dokumentazio ofiziala: - Jatorrizko aplikazioaren kode-gordailua: - YunoHost Denda: - Eman errore baten berri: diff --git a/README_fr.md b/README_fr.md index 04d62af..f14ebd3 100644 --- a/README_fr.md +++ b/README_fr.md @@ -26,7 +26,7 @@ La passerelle ["Mautrix-Signal"](https://docs.mau.fi/bridges/python/signal/index **Version incluse :** 0.5.1~ynh1 ## Documentations et ressources -- Documentation officielle utilisateur : +- Documentation officielle utilisateur : - Dépôt de code officiel de l’app : - YunoHost Store : - Signaler un bug : diff --git a/README_gl.md b/README_gl.md index 111b63f..b43a0b9 100644 --- a/README_gl.md +++ b/README_gl.md @@ -25,7 +25,7 @@ The ["Mautrix-Signal"](https://docs.mau.fi/bridges/python/signal/index.html) bri **Versión proporcionada:** 0.5.1~ynh1 ## Documentación e recursos -- Documentación oficial para usuarias: +- Documentación oficial para usuarias: - Repositorio de orixe do código: - Tenda YunoHost: - Informar dun problema: From a4d2695d22f8966add12974aab21f99750fdca5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nathana=C3=ABl=20Hannebert?= Date: Wed, 10 Apr 2024 08:02:48 +0200 Subject: [PATCH 08/38] chg: fix linter warning : remove signald service, harden systemd.service file, listen only on localhost in config.yaml --- conf/config.yaml | 2 +- conf/signald.service | 21 --------------------- conf/systemd.service | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 35 insertions(+), 22 deletions(-) delete mode 100644 conf/signald.service diff --git a/conf/config.yaml b/conf/config.yaml index cbe23d0..e7a9e65 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -31,7 +31,7 @@ appservice: address: http://localhost:__PORT__ # The hostname and port where this appservice should listen. - hostname: 0.0.0.0 + hostname: localhost port: __PORT__ # Database config. diff --git a/conf/signald.service b/conf/signald.service deleted file mode 100644 index f53053b..0000000 --- a/conf/signald.service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=A daemon for interacting with the Signal Private Messenger -Wants=network.target -After=network.target - -[Service] -Type=simple -RuntimeDirectory=signald -RuntimeDirectoryMode=0770 -User=__SIGNALD_USER__ -Group=__SIGNALD_USER__ -#ExecStart=/usr/bin/signald -d /var/lib/signald -ExecStart=__SIGNALD_PATH__/build/install/signald/bin/signald -d /var/lib/signald -EnvironmentFile=-/etc/default/signald -Restart=on-failure -UMask=0007 -# JVM always exits with 143 in reaction to SIGTERM signal -SuccessExitStatus=143 - -[Install] -WantedBy=default.target diff --git a/conf/systemd.service b/conf/systemd.service index b0c69e3..805b2d8 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -9,5 +9,39 @@ Group=__APP__ WorkingDirectory=__INSTALL_DIR__/ ExecStart=__INSTALL_DIR__/mautrix-signal +### Depending on specificities of your service/app, you may need to tweak these +### .. but this should be a good baseline +# Sandboxing options to harden security +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectClock=yes +ProtectHostname=yes +ProtectProc=invisible +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallArchitectures=native +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target From 6da2c6d3c39cdf63cb54b98f9286f1c3daddebab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nathana=C3=ABl=20Hannebert?= Date: Thu, 11 Apr 2024 21:24:31 +0200 Subject: [PATCH 09/38] fix: small fix in config.yaml --- conf/config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/config.yaml b/conf/config.yaml index e7a9e65..526ac0c 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -1,7 +1,7 @@ # Homeserver details. homeserver: # The address that this appservice can use to connect to the homeserver. - address: https://matrix.example.com + address: https://__DOMAIN__ # The domain of the homeserver (also known as server_name, used for MXIDs, etc). domain: __SERVER_NAME__ From 22abbe338ad745de292d0b8de80dcab3f9f7079b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nathana=C3=ABl=20Hannebert?= Date: Thu, 11 Apr 2024 21:26:55 +0200 Subject: [PATCH 10/38] chg: small fix and rollback systemd.service hardening as the app is not working with this change, we should postpone this improvment to a dedicated PR --- conf/systemd.service | 36 +----------------------------------- 1 file changed, 1 insertion(+), 35 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index 805b2d8..2f37346 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -7,41 +7,7 @@ Type=simple User=__APP__ Group=__APP__ WorkingDirectory=__INSTALL_DIR__/ -ExecStart=__INSTALL_DIR__/mautrix-signal - -### Depending on specificities of your service/app, you may need to tweak these -### .. but this should be a good baseline -# Sandboxing options to harden security -# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html -NoNewPrivileges=yes -PrivateTmp=yes -PrivateDevices=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK -RestrictNamespaces=yes -RestrictRealtime=yes -DevicePolicy=closed -ProtectClock=yes -ProtectHostname=yes -ProtectProc=invisible -ProtectSystem=full -ProtectControlGroups=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -LockPersonality=yes -SystemCallArchitectures=native -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged - -# Denying access to capabilities that should not be relevant for webapps -# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html -CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD -CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE -CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT -CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK -CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM -CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG -CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE -CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW -CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG +ExecStart=__INSTALL_DIR__/mautrix-signal -c=__INSTALL_DIR__/config.yaml [Install] WantedBy=multi-user.target From 7ea834c07449ea80db736cfbf4b1555973b9a2fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nathana=C3=ABl=20Hannebert?= Date: Thu, 11 Apr 2024 21:29:07 +0200 Subject: [PATCH 11/38] chg: install_dir was changed in the package v2 migration, set it back to /opt/yunohost/$app #94 --- manifest.toml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manifest.toml b/manifest.toml index 901bd92..e9c277d 100644 --- a/manifest.toml +++ b/manifest.toml @@ -80,8 +80,10 @@ ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requiremen autoupdate.asset.arm64 = "^mautrix-signal-arm64$" [resources.system_user] + home = "/opt/yunohost/__APP__" [resources.install_dir] + dir = "/opt/yunohost/__APP__" [resources.permissions] From 8b73f168b353a56f85159f34db841a50b759f0e1 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Thu, 11 Apr 2024 19:29:12 +0000 Subject: [PATCH 12/38] Auto-update READMEs --- README_zh_Hans.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README_zh_Hans.md b/README_zh_Hans.md index e0dfb8f..744ce1e 100644 --- a/README_zh_Hans.md +++ b/README_zh_Hans.md @@ -22,10 +22,10 @@ Currently the Matrix user can NOT invite other Matrix user in a bridged Signal r The ["Mautrix-Signal"](https://docs.mau.fi/bridges/python/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. -**分发版本:** 0.4.3~ynh2 +**分发版本:** 0.5.1~ynh1 ## 文档与资源 -- 官方用户文档: +- 官方用户文档: - 上游应用代码库: - YunoHost 商店: - 报告 bug: From 193fb3a57985ce8e469106bd6b41b4109e433e1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nathana=C3=ABl=20Hannebert?= Date: Thu, 11 Apr 2024 22:22:08 +0200 Subject: [PATCH 13/38] add: python-->go migration, remove signald stuff --- scripts/_common.sh | 4 ++++ scripts/upgrade | 11 ++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index b8fe056..a39c092 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,6 +4,10 @@ # COMMON VARIABLES #================================================= +signald_data="/var/lib/signald" +signald_exe="/usr/bin/signald" +signald_user="signald" + enable_relaybot=true #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index dc2a81b..6f36d27 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -46,13 +46,18 @@ ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 # were written in Python. Also signald data is not needed anymore. # Remove rustup +export PATH="$PATH:$install_dir/.cargo/bin:$install_dir/.local/bin:/usr/local/sbin" -# Remove signald and its repository +if [ -e "$install_dir/.rustup" ]; then + ynh_exec_as "$app" env "PATH=$PATH" rustup self uninstall +fi +# Remove signald executable +ynh_secure_remove --file="$signald_exe" # Remove signald data - +ynh_secure_remove --file="$signald_data" # Remove signald system user - +ynh_system_user_delete --username=$signald_user #================================================= From 7c79e934e75cc8f016afd401c74ca9e6da692963 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nathana=C3=ABl=20Hannebert?= Date: Thu, 11 Apr 2024 22:44:19 +0200 Subject: [PATCH 14/38] fix: try to fix log permission error --- scripts/install | 2 +- scripts/upgrade | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index 4244856..d3e5a80 100755 --- a/scripts/install +++ b/scripts/install @@ -86,7 +86,7 @@ ynh_add_systemd_config yunohost service add "$app" --description="$app daemon for bridging Signal and Matrix messages" --log=/var/log/$app/$app.log # Use logrotate to manage application logfile(s) -ynh_use_logrotate +ynh_use_logrotate --logfile "/var/log/$app/$app.log" --nonappend --specific_user $app/$app #================================================= # START SYSTEMD SERVICE diff --git a/scripts/upgrade b/scripts/upgrade index 6f36d27..5045a8f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -114,7 +114,7 @@ ynh_add_systemd_config yunohost service add "$app" --description="$app daemon for bridging Signal and Matrix messages" --log="/var/log/$app/$app.log" # Use logrotate to manage app-specific logfile(s) -ynh_use_logrotate --nonappend +ynh_use_logrotate --logfile "/var/log/$app/$app.log" --nonappend --specific_user $app/$app #================================================= # START SYSTEMD SERVICE From b619888179f01a7f8a926d8ed551f1481bcdb355 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nathana=C3=ABl=20Hannebert?= Date: Thu, 11 Apr 2024 23:19:22 +0200 Subject: [PATCH 15/38] fix: signald, remove systemd service --- scripts/upgrade | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/upgrade b/scripts/upgrade index 5045a8f..d5713e1 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -52,6 +52,7 @@ if [ -e "$install_dir/.rustup" ]; then ynh_exec_as "$app" env "PATH=$PATH" rustup self uninstall fi # Remove signald executable +ynh_remove_systemd_config --service="signald" ynh_secure_remove --file="$signald_exe" # Remove signald data From f6941f1e7f879ed367f2143961eb8152dbe9b726 Mon Sep 17 00:00:00 2001 From: Mayeul Cantan Date: Sun, 21 Apr 2024 17:31:22 +0200 Subject: [PATCH 16/38] Split pre-0.5 upgrade script, check version before executing --- scripts/upgrade | 27 ++++++--------------------- scripts/upgrade-pre-0.5.sh | 30 ++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 21 deletions(-) mode change 100644 => 100755 scripts/upgrade create mode 100755 scripts/upgrade-pre-0.5.sh diff --git a/scripts/upgrade b/scripts/upgrade old mode 100644 new mode 100755 index d5713e1..9af6cde --- a/scripts/upgrade +++ b/scripts/upgrade @@ -38,28 +38,13 @@ ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 # TODO: check if there are some file that need some chown chmod # TODO: look at whatsapp to compare -#================================================= -# MIGRATION 1 : PYTHON TO GO BRIDGE -#================================================= - -# Version 0.5.1 of Mautrix Signal Bridge is written in Go, whereas previous versions -# were written in Python. Also signald data is not needed anymore. - -# Remove rustup -export PATH="$PATH:$install_dir/.cargo/bin:$install_dir/.local/bin:/usr/local/sbin" - -if [ -e "$install_dir/.rustup" ]; then - ynh_exec_as "$app" env "PATH=$PATH" rustup self uninstall +# Check if an old version of the bridge is in use +# In this case it needs to be upgraded from python to go +# Note that 0.5.0 was never released, but it makes for a good cut-off +if ynh_compare_current_package_version --comparison lt --version 0.5.0~ynh1 +then + source upgrade-pre-0.5.sh fi -# Remove signald executable -ynh_remove_systemd_config --service="signald" -ynh_secure_remove --file="$signald_exe" - -# Remove signald data -ynh_secure_remove --file="$signald_data" -# Remove signald system user -ynh_system_user_delete --username=$signald_user - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE diff --git a/scripts/upgrade-pre-0.5.sh b/scripts/upgrade-pre-0.5.sh new file mode 100755 index 0000000..6fcf1f9 --- /dev/null +++ b/scripts/upgrade-pre-0.5.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +# This script is intended to handle the upgrade from python to go. +# It should be ran exactly once, when installing a post-v5.0 version onto a pre-v5.0 version. +# +# This script is intended to be sourced from the main upgrade script, in order to retain variables + +#================================================= +# MIGRATION 1 : PYTHON TO GO BRIDGE +#================================================= + +# Version 0.5.1 of Mautrix Signal Bridge is written in Go, whereas previous versions +# were written in Python. Also signald data is not needed anymore. + +# Remove rustup +export PATH="$PATH:$install_dir/.cargo/bin:$install_dir/.local/bin:/usr/local/sbin" + +if [ -e "$install_dir/.rustup" ]; then + ynh_exec_as "$app" env "PATH=$PATH" rustup self uninstall +fi + +# Remove signald executable +ynh_remove_systemd_config --service="signald" +ynh_secure_remove --file="$signald_exe" + +# Remove signald data +ynh_secure_remove --file="$signald_data" +# Remove signald system user +ynh_system_user_delete --username=$signald_user + From 10cd9d4295cacad74e9aa78cb3ada93abd1993c8 Mon Sep 17 00:00:00 2001 From: Mayeul Cantan Date: Sun, 21 Apr 2024 18:08:20 +0200 Subject: [PATCH 17/38] Cleanup "common" variables only used for migration --- scripts/_common.sh | 4 ---- scripts/upgrade-pre-0.5.sh | 9 ++++++--- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index a39c092..b8fe056 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,10 +4,6 @@ # COMMON VARIABLES #================================================= -signald_data="/var/lib/signald" -signald_exe="/usr/bin/signald" -signald_user="signald" - enable_relaybot=true #================================================= diff --git a/scripts/upgrade-pre-0.5.sh b/scripts/upgrade-pre-0.5.sh index 6fcf1f9..95b2fef 100755 --- a/scripts/upgrade-pre-0.5.sh +++ b/scripts/upgrade-pre-0.5.sh @@ -12,11 +12,13 @@ # Version 0.5.1 of Mautrix Signal Bridge is written in Go, whereas previous versions # were written in Python. Also signald data is not needed anymore. -# Remove rustup -export PATH="$PATH:$install_dir/.cargo/bin:$install_dir/.local/bin:/usr/local/sbin" +signald_data="/var/lib/signald" +signald_exe="/usr/bin/signald" +signald_user="signald" +# Remove rustup if [ -e "$install_dir/.rustup" ]; then - ynh_exec_as "$app" env "PATH=$PATH" rustup self uninstall + ynh_exec_as "$app" "$install_dir/.cargo/bin/rustup" self uninstall fi # Remove signald executable @@ -25,6 +27,7 @@ ynh_secure_remove --file="$signald_exe" # Remove signald data ynh_secure_remove --file="$signald_data" + # Remove signald system user ynh_system_user_delete --username=$signald_user From 4fc14d947f5f7d71b5c99ce3ee9faedc4f66585f Mon Sep 17 00:00:00 2001 From: Mayeul Cantan Date: Sun, 21 Apr 2024 18:09:44 +0200 Subject: [PATCH 18/38] Common: remove obsolete variables and functions --- scripts/_common.sh | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index b8fe056..944a65e 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,29 +4,10 @@ # COMMON VARIABLES #================================================= -enable_relaybot=true - #================================================= # PERSONAL HELPERS #================================================= -_install_rustup() { - export PATH="$PATH:$install_dir/.cargo/bin:$install_dir/.local/bin:/usr/local/sbin" - - if [ -e "$install_dir/.rustup" ]; then - ynh_exec_as "$app" env "PATH=$PATH" rustup update - else - ynh_exec_as "$app" bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain=stable --profile=minimal' - fi -} - -_mautrix_signal_build_venv() { - python3 -m venv "$install_dir/venv" - "$install_dir/venv/bin/pip3" install --upgrade pip setuptools wheel - "$install_dir/venv/bin/pip3" install --upgrade \ - "$install_dir/src/mautrix-signal.tar.gz[metrics,e2be,formattednumbers,qrlink,stickers]" -} - #================================================= # EXPERIMENTAL HELPERS #================================================= From 6fb89341685add64c2b1192ca618498587cf93b2 Mon Sep 17 00:00:00 2001 From: Mayeul Cantan Date: Sun, 21 Apr 2024 18:23:25 +0200 Subject: [PATCH 19/38] Update documentation following the python->go migration --- README.md | 2 +- doc/ADMIN.md | 5 ++--- doc/DESCRIPTION.md | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 83d78df..51e80d0 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ It shall NOT be edited by hand. A puppeting bridge between Matrix and Signal packaged as a YunoHost service. Messages, notifications (and sometimes media) are bridged between a Signal user and a Matrix user. Currently the Matrix user can NOT invite other Matrix user in a bridged Signal room, so only someone with a Signal account can participate to Signal group conversations. -The ["Mautrix-Signal"](https://docs.mau.fi/bridges/python/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. +The ["Mautrix-Signal"](https://docs.mau.fi/bridges/go/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. **Shipped version:** 0.5.1~ynh1 diff --git a/doc/ADMIN.md b/doc/ADMIN.md index 5f346a6..2081f7b 100644 --- a/doc/ADMIN.md +++ b/doc/ADMIN.md @@ -12,7 +12,7 @@ * Then, invite the bot (default @signalbot:yoursynapse.domain) in this new Mautrix-Signal bot administration room. * If the Bot does bot accept, see the [troubleshooting page](https://docs.mau.fi/bridges/general/troubleshooting.html) * Send ``!sg help`` to the bot in the created room to know how to control the bot. -See also [upstream wiki Authentication page](https://docs.mau.fi/bridges/python/signal/authentication.html) +See also [upstream wiki Authentication page](https://docs.mau.fi/bridges/go/signal/authentication.html) #### Linking the Bridge as a secondary device @@ -50,12 +50,11 @@ and then restarting the mautrix_signal service. ## Documentation -* Official "Mautrix-Signal" documentation: +* Official "Mautrix-Signal" documentation: * Matrix room (Matrix Bridges in Yunohost): #mautrix_yunohost:matrix.fdn.fr * Matrix room (upstream app): #signal:maunium.net In case you need to upload your logs somewhere, be aware that they contain your contacts' and your phone numbers. Strip them out with ```| sed -r 's/[0-9]{10,}/📞/g'``` -* "Mautrix-Signal" bridge is based on the [signal daemon](https://gitlab.com/signald/signald) project. * YunoHost documentation: If more specific documentation is needed, feel free to contribute. ## YunoHost specific features diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md index d3721dd..1a4ca9a 100644 --- a/doc/DESCRIPTION.md +++ b/doc/DESCRIPTION.md @@ -1,4 +1,4 @@ A puppeting bridge between Matrix and Signal packaged as a YunoHost service. Messages, notifications (and sometimes media) are bridged between a Signal user and a Matrix user. Currently the Matrix user can NOT invite other Matrix user in a bridged Signal room, so only someone with a Signal account can participate to Signal group conversations. -The ["Mautrix-Signal"](https://docs.mau.fi/bridges/python/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. +The ["Mautrix-Signal"](https://docs.mau.fi/bridges/go/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. From 632f308c3b11e6359daf2b74a66de92687fddd89 Mon Sep 17 00:00:00 2001 From: Mayeul Cantan Date: Sun, 21 Apr 2024 18:34:51 +0200 Subject: [PATCH 20/38] Testing: test upgrade both from both from pre-go and Pre-manifestV2 --- tests.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests.toml b/tests.toml index 251be62..142ce5b 100644 --- a/tests.toml +++ b/tests.toml @@ -12,4 +12,4 @@ test_format = 1.0 args.botadmin = "@johndoe:synapsedomain.tld" args.botusers = "synapsedomain.tld" - test_upgrade_from.76c28b29e4a9bfed0ef9765d08fc8f58fbd6dd2d.name = "0.4.3~ynh1" + test_upgrade_from.53823e7d92a678c5c27f62f64f7e914bd7096d0d.name = "Upgrade from 0.4.3~ynh2 (latest Python version)" From f2d359e254b8f37237d183a673463f49c0cd9b11 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sun, 21 Apr 2024 16:40:40 +0000 Subject: [PATCH 21/38] Auto-update READMEs --- README_eu.md | 2 +- README_gl.md | 2 +- README_zh_Hans.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README_eu.md b/README_eu.md index 26857c7..d8b89c0 100644 --- a/README_eu.md +++ b/README_eu.md @@ -19,7 +19,7 @@ EZ editatu eskuz. A puppeting bridge between Matrix and Signal packaged as a YunoHost service. Messages, notifications (and sometimes media) are bridged between a Signal user and a Matrix user. Currently the Matrix user can NOT invite other Matrix user in a bridged Signal room, so only someone with a Signal account can participate to Signal group conversations. -The ["Mautrix-Signal"](https://docs.mau.fi/bridges/python/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. +The ["Mautrix-Signal"](https://docs.mau.fi/bridges/go/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. **Paketatutako bertsioa:** 0.5.1~ynh1 diff --git a/README_gl.md b/README_gl.md index b43a0b9..c1feebf 100644 --- a/README_gl.md +++ b/README_gl.md @@ -19,7 +19,7 @@ NON debe editarse manualmente. A puppeting bridge between Matrix and Signal packaged as a YunoHost service. Messages, notifications (and sometimes media) are bridged between a Signal user and a Matrix user. Currently the Matrix user can NOT invite other Matrix user in a bridged Signal room, so only someone with a Signal account can participate to Signal group conversations. -The ["Mautrix-Signal"](https://docs.mau.fi/bridges/python/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. +The ["Mautrix-Signal"](https://docs.mau.fi/bridges/go/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. **Versión proporcionada:** 0.5.1~ynh1 diff --git a/README_zh_Hans.md b/README_zh_Hans.md index 744ce1e..a0cf338 100644 --- a/README_zh_Hans.md +++ b/README_zh_Hans.md @@ -19,7 +19,7 @@ A puppeting bridge between Matrix and Signal packaged as a YunoHost service. Messages, notifications (and sometimes media) are bridged between a Signal user and a Matrix user. Currently the Matrix user can NOT invite other Matrix user in a bridged Signal room, so only someone with a Signal account can participate to Signal group conversations. -The ["Mautrix-Signal"](https://docs.mau.fi/bridges/python/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. +The ["Mautrix-Signal"](https://docs.mau.fi/bridges/go/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. **分发版本:** 0.5.1~ynh1 From 070b255e0ee18ccff6bd9583448e3771ba839673 Mon Sep 17 00:00:00 2001 From: Mayeul Cantan Date: Sun, 21 Apr 2024 19:57:21 +0200 Subject: [PATCH 22/38] Handle missing enable_relaybot setting Also add a helper "yaml2json" python script to allow using jq from the shell to query config values. --- manifest.toml | 8 ++++++++ scripts/install | 10 ++++++++++ scripts/upgrade-pre-0.5.sh | 20 ++++++++++++++++++++ scripts/yaml2json.py | 18 ++++++++++++++++++ 4 files changed, 56 insertions(+) create mode 100644 scripts/yaml2json.py diff --git a/manifest.toml b/manifest.toml index e9c277d..0edcbfb 100644 --- a/manifest.toml +++ b/manifest.toml @@ -64,6 +64,14 @@ ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requiremen example = "admin or domain or @johndoe:server.name or server.name or *" default = "domain" + [install.enable_relaybot] + ask.en = "Choose whether to enable the relay bot feature" + ask.fr = "Choisissez si vous souhaitez activer la fonctionnalité de relai par bot" + help.en = "If enabled, allows to use a single signal account (bot) to forward messages from multiple Matrix users. Messages will appear on Signal as if originating from a single user, with a prefix that indicates who is talking." + help.fr = "Si activé, permet d'utiliser un seul compte signal (bot) pour transmettre les messages de multiples utilisateurs Matrix. Les messages apparaîtront sur Signal comme envoyés par un seul utilisateur, avec un préfixe indiquant leur auteur." + type = "boolean" + default = true + [resources] [resources.sources] [resources.sources.main] diff --git a/scripts/install b/scripts/install index d3e5a80..855dd78 100755 --- a/scripts/install +++ b/scripts/install @@ -30,6 +30,15 @@ then else synapse_instance="synapse__$synapsenumber" fi + +# Convert user choice boolean from the manifest into a config value +if [ "$enable_relaybot" -eq "1" ] +then + enable_relaybot="true" +else + enable_relaybot="false" +fi + server_name=$(ynh_app_setting_get --app $synapse_instance --key server_name) domain=$(ynh_app_setting_get --app $synapse_instance --key domain) mautrix_version=$(ynh_app_upstream_version) @@ -38,6 +47,7 @@ synapse_db_name="matrix_$synapse_instance" ynh_app_setting_set --app=$app --key=bot_synapse_adm --value=$bot_synapse_adm ynh_app_setting_set --app=$app --key=encryption --value=$encryption +ynh_app_setting_set --app="$app" --key=enable_relaybot --value="$enable_relaybot" ynh_app_setting_set --app=$app --key=synapse_instance --value=$synapse_instance ynh_app_setting_set --app=$app --key=server_name --value=$server_name ynh_app_setting_set --app=$app --key=mautrix_version --value=$mautrix_version diff --git a/scripts/upgrade-pre-0.5.sh b/scripts/upgrade-pre-0.5.sh index 95b2fef..e3a5275 100755 --- a/scripts/upgrade-pre-0.5.sh +++ b/scripts/upgrade-pre-0.5.sh @@ -31,3 +31,23 @@ ynh_secure_remove --file="$signald_data" # Remove signald system user ynh_system_user_delete --username=$signald_user + +#================================================= +# MIGRATION 2 : MISSING CONFIGURATION VARIABLES +#================================================= + +# Check if variable exists +enable_relaybot="$(ynh_app_setting_get --app="$app" --key=enable_relaybot)" + +if [[ ! "$enable_relaybot" = "true" && ! "$enable_relaybot" = "false" ]] # Check setting is valid +then + enable_relaybot=$(python yaml2json.py "$install_dir/config.yaml" | jq -r .bridge.relay.enabled) + if [[ ! "$enable_relaybot" = "true" && ! "$enable_relaybot" = "false" ]] + then + ynh_script_progression --message="Previous setting for enable_relaybot was invalid, defaulting to enabled" --weight=2 + enable_relaybot="true" + else + ynh_script_progression --message="Migrating previous configuration value for enable_relaybot: $enable_relaybot" --weight=1 + fi + ynh_app_setting_set --app="$app" --key=enable_relaybot --value="$enable_relaybot" +fi diff --git a/scripts/yaml2json.py b/scripts/yaml2json.py new file mode 100644 index 0000000..da845af --- /dev/null +++ b/scripts/yaml2json.py @@ -0,0 +1,18 @@ +#!/usr/bin/python + +# Usage: yaml2json.py + +import sys +import yaml +import json + + +assert len(sys.argv) == 2, "Expected a file as argument" + + +with open(sys.argv[1], "r") as f: + y = yaml.safe_load(f) + +j = json.dumps(y) + +print(j) From aa49af116168cd553cec3acbf962ce996179a774 Mon Sep 17 00:00:00 2001 From: Mayeul Cantan Date: Wed, 24 Apr 2024 20:13:20 +0200 Subject: [PATCH 23/38] Fix getting synapse's database name This relies on Synapse using manifest v2, so it needs to be upgraded first. --- scripts/_common.sh | 7 +++++++ scripts/remove | 2 +- scripts/restore | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 944a65e..254a379 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -8,6 +8,13 @@ # PERSONAL HELPERS #================================================= +get_synapse_db_name() { + # Parameters: synapse instance identifier + # Returns: database name + ynh_app_setting_get --app="$1" --key=db_name +} + + #================================================= # EXPERIMENTAL HELPERS #================================================= diff --git a/scripts/remove b/scripts/remove index e1f2321..2022ef9 100755 --- a/scripts/remove +++ b/scripts/remove @@ -13,7 +13,7 @@ source /usr/share/yunohost/helpers # LOAD SETTINGS #================================================= -synapse_db_name="matrix_$synapse_instance" +synapse_db_name="$(get_synapse_db_name $synapse_instance)" bot_synapse_db_user="@$botname:$server_name" #================================================= diff --git a/scripts/restore b/scripts/restore index adcf9e2..94755cf 100755 --- a/scripts/restore +++ b/scripts/restore @@ -11,7 +11,7 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers mautrix_version=$(ynh_app_upstream_version) -synapse_db_name="matrix_$synapse_instance" +synapse_db_name="$(get_synapse_db_name $synapse_instance)" bot_synapse_db_user="@$botname:$server_name" #================================================= From b87c3d73e6e1fba61588a1af75fbfc1e6123253c Mon Sep 17 00:00:00 2001 From: Mayeul Cantan Date: Sat, 27 Apr 2024 15:57:26 +0200 Subject: [PATCH 24/38] Add settings to manifest: encryption, bot as admin These settings were migrated over from the WhatsApp bridge. --- manifest.toml | 16 ++++++++++++++++ scripts/install | 10 +++++++--- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/manifest.toml b/manifest.toml index 0edcbfb..20e5e92 100644 --- a/manifest.toml +++ b/manifest.toml @@ -46,6 +46,22 @@ ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requiremen example = "signalbot" default = "signalbot" + [install.bot_synapse_adm] + ask.en = "Give the Signal bot administrator rights to the Synapse instance?" + ask.fr = "Donner au robot Signal des droits administrateur à l'instance Synapse ?" + type = "boolean" + help.en = "If activated, the bot can group Signal chats in a Matrix space.Not required if you set up Synapse so that non-admins are authorized to create communities." + help.fr = "Si activé, le robot groupera les conversations Signal dans une communauté Matrix.Pas nécessaire si vous avez réglé Synapse pour qu'il autorise les non-admin à créer des communautés." + default = true + + [install.encryption] + ask.en = "Enable end-to-bridge encryption?" + ask.fr = "Activer le chiffrement entre Synapse et le bridge ?" + type = "boolean" + help.en = "Only activate if you know the prerequisites and constraints related to E2B." + help.fr = "N'activer que si vous connaissez les prérequis et constraintes liées à E2B." + default = true + [install.botadmin] ask.en = "Choose the Matrix account administrator of the Signal bot" ask.fr = "Choisissez le compte Matrix administrateur du robot Signal" diff --git a/scripts/install b/scripts/install index 855dd78..dece739 100755 --- a/scripts/install +++ b/scripts/install @@ -14,9 +14,6 @@ source /usr/share/yunohost/helpers # INITIALIZE AND STORE SETTINGS #================================================= -bot_synapse_adm=true -encryption=false - if [[ -z "$botusers" ]] || [ "$botusers" == "admin" ]; then if_botusers="# " else @@ -39,6 +36,13 @@ else enable_relaybot="false" fi +if [ "$encryption" -eq "1" ] +then + encryption="true" +else + encryption="false" +fi + server_name=$(ynh_app_setting_get --app $synapse_instance --key server_name) domain=$(ynh_app_setting_get --app $synapse_instance --key domain) mautrix_version=$(ynh_app_upstream_version) From 2171a7fc09a711f72a60e6194c11018665b6e694 Mon Sep 17 00:00:00 2001 From: Mayeul Cantan Date: Sat, 27 Apr 2024 15:58:30 +0200 Subject: [PATCH 25/38] Fix setting the bot admin in restore --- scripts/restore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/restore b/scripts/restore index 94755cf..1af86d3 100755 --- a/scripts/restore +++ b/scripts/restore @@ -74,8 +74,8 @@ ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$ # Wait until the synapse user is created sleep 30 # (Note that, by default, non-admins might not have your homeserver's permission to create communities.) -if [ "$bot_synapse_adm" = true ]; then - ynh_psql_execute_as_root --database="$synapse_db_name" --sql="UPDATE users SET admin = 1 WHERE name = \"$botname\";" +if [ "$bot_synapse_adm" = true ] || [ "$bot_synapse_adm" = "1" ]; then + ynh_psql_execute_as_root --database="$synapse_db_name" --sql="UPDATE users SET admin = 1 WHERE name LIKE '@$botname:';" # #yunohost app action run $synapse_instance set_admin_user -a username=$botname fi From 9bc70ac5e9acfdf40f049c32601b3cc8dc38b369 Mon Sep 17 00:00:00 2001 From: Mayeul Cantan Date: Sat, 27 Apr 2024 16:34:56 +0200 Subject: [PATCH 26/38] Satisfy shellcheck in scripts/install I personally use shellcheck to help me find mistakes, so reducing noise helps. --- scripts/install | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/scripts/install b/scripts/install index dece739..e747e91 100755 --- a/scripts/install +++ b/scripts/install @@ -9,6 +9,10 @@ source _common.sh source /usr/share/yunohost/helpers +# Satisfy shellcheck, those variables are known when starting the script: +# shellcheck disable=SC2154 +echo From manifest: "$synapsenumber $bot_synapse_adm", \ + From yunohost: "$app $install_dir" > /dev/null #================================================= # INITIALIZE AND STORE SETTINGS @@ -21,7 +25,7 @@ else fi # ToDo check (in manifest?) if the selected synapse instance is not already connected to a mautrix_bridge bridge -if [ $synapsenumber -eq "1" ] +if [ "$synapsenumber" -eq "1" ] then synapse_instance="synapse" else @@ -43,18 +47,18 @@ else encryption="false" fi -server_name=$(ynh_app_setting_get --app $synapse_instance --key server_name) +server_name=$(ynh_app_setting_get --app "$synapse_instance" --key server_name) domain=$(ynh_app_setting_get --app $synapse_instance --key domain) mautrix_version=$(ynh_app_upstream_version) bot_synapse_db_user="@$botname:$server_name" synapse_db_name="matrix_$synapse_instance" -ynh_app_setting_set --app=$app --key=bot_synapse_adm --value=$bot_synapse_adm -ynh_app_setting_set --app=$app --key=encryption --value=$encryption +ynh_app_setting_set --app="$app" --key=bot_synapse_adm --value="$bot_synapse_adm" +ynh_app_setting_set --app="$app" --key=encryption --value="$encryption" ynh_app_setting_set --app="$app" --key=enable_relaybot --value="$enable_relaybot" -ynh_app_setting_set --app=$app --key=synapse_instance --value=$synapse_instance -ynh_app_setting_set --app=$app --key=server_name --value=$server_name -ynh_app_setting_set --app=$app --key=mautrix_version --value=$mautrix_version +ynh_app_setting_set --app="$app" --key=synapse_instance --value="$synapse_instance" +ynh_app_setting_set --app="$app" --key=server_name --value="$server_name" +ynh_app_setting_set --app="$app" --key=mautrix_version --value="$mautrix_version" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -66,7 +70,7 @@ ynh_setup_source --dest_dir="$install_dir" chmod 750 "$install_dir" chmod -R 750 "$install_dir" -chown -R $app:$app "$install_dir" +chown -R "$app":"$app" "$install_dir" #================================================= # ADD A CONFIGURATION @@ -83,10 +87,10 @@ chown "$app:$app" "$install_dir/config.yaml" #================================================= ynh_script_progression --message="Registering Synapse app-service" --weight=1 -$install_dir/mautrix-signal -g -c $install_dir/config.yaml -r /etc/matrix-$synapse_instance/app-service/$app.yaml -/opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh || ynh_die --message="Synapse can't restart with the appservice configuration" +"$install_dir"/mautrix-signal -g -c "$install_dir"/config.yaml -r "/etc/matrix-$synapse_instance/app-service/$app.yaml" +/opt/yunohost/matrix-"$synapse_instance"/update_synapse_for_appservice.sh || ynh_die --message="Synapse can't restart with the appservice configuration" -chown -R $app:$app "$install_dir" +chown -R "$app":"$app" "$install_dir" ynh_store_file_checksum --file="/etc/matrix-$synapse_instance/app-service/$app.yaml" ynh_store_file_checksum --file="$install_dir/config.yaml" @@ -97,10 +101,10 @@ ynh_script_progression --message="Adding system configurations related to $app.. # Create a dedicated systemd config ynh_add_systemd_config -yunohost service add "$app" --description="$app daemon for bridging Signal and Matrix messages" --log=/var/log/$app/$app.log +yunohost service add "$app" --description="$app daemon for bridging Signal and Matrix messages" --log="/var/log/$app/$app.log" # Use logrotate to manage application logfile(s) -ynh_use_logrotate --logfile "/var/log/$app/$app.log" --nonappend --specific_user $app/$app +ynh_use_logrotate --logfile "/var/log/$app/$app.log" --nonappend --specific_user "$app/$app" #================================================= # START SYSTEMD SERVICE From 57dd7b8d8ca5016077e0753fb34a95b391a12d28 Mon Sep 17 00:00:00 2001 From: Mayeul Cantan Date: Sat, 27 Apr 2024 16:55:48 +0200 Subject: [PATCH 27/38] Improve update of synapse bot user admin status --- scripts/_common.sh | 51 ++++++++++++++++++++++++++++++++++++++++++++++ scripts/install | 6 +++--- scripts/restore | 11 ++-------- 3 files changed, 56 insertions(+), 12 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 254a379..e008a1d 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -14,6 +14,57 @@ get_synapse_db_name() { ynh_app_setting_get --app="$1" --key=db_name } +wait_for_user_to_exist_in_synapse_db() { + # Indefinitely check if the user exists + # This is a separate script to allow launching with timeout(1) + # Parameters: + # - username (in the form @user:server) + # - synapse database + # Returns 0 if user is found to exist + + local username="$1" + local synapse_db="$2" + + sql="select exists(select 1 from users where name = '$username');" + retval="" + while true; do + # A yunohost helper to do that would be welcome + retval=$(cd / && sudo -u postgres psql --dbname="$synapse_db" -c "$sql" -q -t) + if [ "$retval" = " t" ]; then # User exists + break + fi + sleep 0.5 # Avoid retrying too eagerly + done + return 0 +} + +set_bot_admin_status() { + # Set bot admin status in synapse DB + # This relies on several bash variables being set in the caller environment: + # server_name, botname, bot_synapse_adm, app + + local timeout=120 + local bot_synapse_db_user="@$botname:$server_name" + local synapse_db_name=$(get_synapse_db_name $synapse_instance) + + ynh_print_info --message="Updating bot user admin status" + export -f wait_for_user_to_exist_in_synapse_db # Export function to subprocesses so that it may be called with timeout + # Wait until the user is created in synapse db + if ! timeout $timeout bash -c "wait_for_user_to_exist_in_synapse_db \"$bot_synapse_db_user\" \"$synapse_db_name" 2>&1; then + ynh_print_warn --message="Bot user $botname did not exist after $timeout seconds, skipping changing its admin status" + fi + + # (Note that, by default, non-admins might not have your homeserver's permission to create communities.) + if [ "$bot_synapse_adm" = true ] || [ "$bot_synapse_adm" = "1" ]; then + bot_synapse_adm=1 + # #yunohost app action run $synapse_instance set_admin_user -a username=$botname + else + bot_synapse_adm=0 + fi + ynh_psql_execute_as_root --database="$synapse_db_name" --sql="UPDATE users SET admin = $bot_synapse_adm WHERE name = '$bot_synapse_db_user';" + + ynh_systemd_action --service_name="$app" --action="restart" --log_path="/var/log/$app/$app.log" +} #================================================= # EXPERIMENTAL HELPERS diff --git a/scripts/install b/scripts/install index e747e91..08fe1c6 100755 --- a/scripts/install +++ b/scripts/install @@ -48,10 +48,7 @@ else fi server_name=$(ynh_app_setting_get --app "$synapse_instance" --key server_name) -domain=$(ynh_app_setting_get --app $synapse_instance --key domain) mautrix_version=$(ynh_app_upstream_version) -bot_synapse_db_user="@$botname:$server_name" -synapse_db_name="matrix_$synapse_instance" ynh_app_setting_set --app="$app" --key=bot_synapse_adm --value="$bot_synapse_adm" ynh_app_setting_set --app="$app" --key=encryption --value="$encryption" @@ -114,6 +111,9 @@ ynh_script_progression --message="Starting $app's systemd service..." --weight=2 # Start a systemd service ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" +# Update bot admin status +set_bot_admin_status + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 1af86d3..e9858f4 100755 --- a/scripts/restore +++ b/scripts/restore @@ -71,15 +71,8 @@ ynh_script_progression --message="Starting $app's systemd service..." --weight=1 # Start a systemd service ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" -# Wait until the synapse user is created -sleep 30 -# (Note that, by default, non-admins might not have your homeserver's permission to create communities.) -if [ "$bot_synapse_adm" = true ] || [ "$bot_synapse_adm" = "1" ]; then - ynh_psql_execute_as_root --database="$synapse_db_name" --sql="UPDATE users SET admin = 1 WHERE name LIKE '@$botname:';" -# #yunohost app action run $synapse_instance set_admin_user -a username=$botname -fi - -ynh_systemd_action --service_name="$app" --action="restart" --log_path="/var/log/$app/$app.log" +# Update bot admin status +set_bot_admin_status #================================================= # END OF SCRIPT From 8001775498adbe75f9008844a713c26d436bd156 Mon Sep 17 00:00:00 2001 From: Mayeul Cantan Date: Sat, 27 Apr 2024 17:00:05 +0200 Subject: [PATCH 28/38] Provide estimates for resource usage in the manifest The disk size estimate is relatively large to anticipate media attachments. --- manifest.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifest.toml b/manifest.toml index 20e5e92..35a573c 100644 --- a/manifest.toml +++ b/manifest.toml @@ -23,9 +23,9 @@ architectures = ["amd64", "arm64"] multi_instance = true ldap = "not_relevant" sso = "not_relevant" -disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ... -ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... -ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... +disk = "1G" +ram.build = "128M" +ram.runtime = "128M" [install] [install.synapsenumber] From 5e01946b66a50c19d2366b313cea55182c34c754 Mon Sep 17 00:00:00 2001 From: Mayeul Cantan Date: Sat, 27 Apr 2024 17:02:06 +0200 Subject: [PATCH 29/38] Add nathanael-h as co-maintainer --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 35a573c..91e7545 100644 --- a/manifest.toml +++ b/manifest.toml @@ -9,7 +9,7 @@ description.fr = "Passerelle Matrix / Synapse pour Signal" version = "0.5.1~ynh1" -maintainers = ["MayeulC"] +maintainers = ["MayeulC", "nathanael-h"] [upstream] license = "AGPL-3.0-or-later" From 251f926990301ee5b6c1cb735711bd53715c790b Mon Sep 17 00:00:00 2001 From: Mayeul Cantan Date: Sat, 27 Apr 2024 17:28:13 +0200 Subject: [PATCH 30/38] Restore domain setting This is used for communicating with synapse. Note that previously, the setting wasn't being saved correctly on install. --- scripts/install | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/install b/scripts/install index 08fe1c6..fd69222 100755 --- a/scripts/install +++ b/scripts/install @@ -48,6 +48,7 @@ else fi server_name=$(ynh_app_setting_get --app "$synapse_instance" --key server_name) +domain=$(ynh_app_setting_get --app "$synapse_instance" --key domain) mautrix_version=$(ynh_app_upstream_version) ynh_app_setting_set --app="$app" --key=bot_synapse_adm --value="$bot_synapse_adm" @@ -55,6 +56,7 @@ ynh_app_setting_set --app="$app" --key=encryption --value="$encryption" ynh_app_setting_set --app="$app" --key=enable_relaybot --value="$enable_relaybot" ynh_app_setting_set --app="$app" --key=synapse_instance --value="$synapse_instance" ynh_app_setting_set --app="$app" --key=server_name --value="$server_name" +ynh_app_setting_set --app="$app" --key=domain --value="$domain" ynh_app_setting_set --app="$app" --key=mautrix_version --value="$mautrix_version" #================================================= From 7d166f53d820315ef4a8b02e8318a51f95acfdab Mon Sep 17 00:00:00 2001 From: Mayeul Cantan Date: Sun, 28 Apr 2024 13:36:54 +0200 Subject: [PATCH 31/38] Python -> Go upgrade: try harder to stop signald and processes --- scripts/upgrade-pre-0.5.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/upgrade-pre-0.5.sh b/scripts/upgrade-pre-0.5.sh index e3a5275..311c942 100755 --- a/scripts/upgrade-pre-0.5.sh +++ b/scripts/upgrade-pre-0.5.sh @@ -16,6 +16,12 @@ signald_data="/var/lib/signald" signald_exe="/usr/bin/signald" signald_user="signald" +# Stop signald, and force stop all processes just in case +# We do not care about data loss, since we are going to delete the data anyway +ynh_systemd_action --service_name="signald" --action="stop" +sleep 10 # Temporisation to allow signald to stop gracefully +pkill -u "$signald_user" --signal 9 || true + # Remove rustup if [ -e "$install_dir/.rustup" ]; then ynh_exec_as "$app" "$install_dir/.cargo/bin/rustup" self uninstall From 120cb079fa36ff80ce89255a441004732cdd2850 Mon Sep 17 00:00:00 2001 From: Mayeul Cantan Date: Sun, 28 Apr 2024 21:47:22 +0200 Subject: [PATCH 32/38] Shuffle settings in install script, to put them in a more logical order --- scripts/install | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index fd69222..a8cee96 100755 --- a/scripts/install +++ b/scripts/install @@ -51,14 +51,16 @@ server_name=$(ynh_app_setting_get --app "$synapse_instance" --key server_name) domain=$(ynh_app_setting_get --app "$synapse_instance" --key domain) mautrix_version=$(ynh_app_upstream_version) -ynh_app_setting_set --app="$app" --key=bot_synapse_adm --value="$bot_synapse_adm" -ynh_app_setting_set --app="$app" --key=encryption --value="$encryption" -ynh_app_setting_set --app="$app" --key=enable_relaybot --value="$enable_relaybot" ynh_app_setting_set --app="$app" --key=synapse_instance --value="$synapse_instance" +ynh_app_setting_set --app="$app" --key=enable_relaybot --value="$enable_relaybot" +ynh_app_setting_set --app="$app" --key=encryption --value="$encryption" + ynh_app_setting_set --app="$app" --key=server_name --value="$server_name" ynh_app_setting_set --app="$app" --key=domain --value="$domain" ynh_app_setting_set --app="$app" --key=mautrix_version --value="$mautrix_version" +ynh_app_setting_set --app="$app" --key=bot_synapse_adm --value="$bot_synapse_adm" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= From 87274edcf146075544db6a9eb47213d715c89b61 Mon Sep 17 00:00:00 2001 From: Mayeul Cantan Date: Sun, 28 Apr 2024 21:57:33 +0200 Subject: [PATCH 33/38] Python->Go migration: also remove signald group --- scripts/upgrade-pre-0.5.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/upgrade-pre-0.5.sh b/scripts/upgrade-pre-0.5.sh index 311c942..22def92 100755 --- a/scripts/upgrade-pre-0.5.sh +++ b/scripts/upgrade-pre-0.5.sh @@ -34,8 +34,11 @@ ynh_secure_remove --file="$signald_exe" # Remove signald data ynh_secure_remove --file="$signald_data" -# Remove signald system user +# Remove signald system user and group ynh_system_user_delete --username=$signald_user +if ynh_system_group_exists --group="$signald_user"; then + groupdel "$signald_user" +fi #================================================= From b3670aecf3fef18a6f62c62b2f4ac246cfe186cf Mon Sep 17 00:00:00 2001 From: Mayeul Cantan Date: Sun, 28 Apr 2024 23:22:03 +0200 Subject: [PATCH 34/38] fixup! Improve update of synapse bot user admin status --- scripts/_common.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index e008a1d..84594fb 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -50,8 +50,8 @@ set_bot_admin_status() { ynh_print_info --message="Updating bot user admin status" export -f wait_for_user_to_exist_in_synapse_db # Export function to subprocesses so that it may be called with timeout # Wait until the user is created in synapse db - if ! timeout $timeout bash -c "wait_for_user_to_exist_in_synapse_db \"$bot_synapse_db_user\" \"$synapse_db_name" 2>&1; then - ynh_print_warn --message="Bot user $botname did not exist after $timeout seconds, skipping changing its admin status" + if ! timeout $timeout bash -c "wait_for_user_to_exist_in_synapse_db \"$bot_synapse_db_user\" \"$synapse_db_name\"" 2>&1; then + ynh_print_warn --message="Bot user $bot_synapse_db_user did not exist after $timeout seconds, skipping changing its admin status" fi # (Note that, by default, non-admins might not have your homeserver's permission to create communities.) From 711532a51ad5f089fa2900d67eabef8132c3a81f Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Wed, 15 May 2024 07:12:11 +0000 Subject: [PATCH 35/38] Auto-update READMEs --- ALL_README.md | 1 + README_es.md | 45 +++++++++++++++++++++++++++++++++++++++++++++ README_zh_Hans.md | 2 +- 3 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 README_es.md diff --git a/ALL_README.md b/ALL_README.md index a01b345..8938aae 100644 --- a/ALL_README.md +++ b/ALL_README.md @@ -1,6 +1,7 @@ # All available README files by language - [Read the README in English](README.md) +- [Lee el README en español](README_es.md) - [Irakurri README euskaraz](README_eu.md) - [Lire le README en français](README_fr.md) - [Le o README en galego](README_gl.md) diff --git a/README_es.md b/README_es.md new file mode 100644 index 0000000..fdf0814 --- /dev/null +++ b/README_es.md @@ -0,0 +1,45 @@ + + +# Matrix Signal bridge para Yunohost + +[![Nivel de integración](https://dash.yunohost.org/integration/mautrix_signal.svg)](https://dash.yunohost.org/appci/app/mautrix_signal) ![Estado funcional](https://ci-apps.yunohost.org/ci/badges/mautrix_signal.status.svg) ![Estado En Mantención](https://ci-apps.yunohost.org/ci/badges/mautrix_signal.maintain.svg) + +[![Instalar Matrix Signal bridge con Yunhost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=mautrix_signal) + +*[Leer este README en otros idiomas.](./ALL_README.md)* + +> *Este paquete le permite instalarMatrix Signal bridge rapidamente y simplement en un servidor YunoHost.* +> *Si no tiene YunoHost, visita [the guide](https://yunohost.org/install) para aprender como instalarla.* + +## Descripción general + +A puppeting bridge between Matrix and Signal packaged as a YunoHost service. Messages, notifications (and sometimes media) are bridged between a Signal user and a Matrix user. +Currently the Matrix user can NOT invite other Matrix user in a bridged Signal room, so only someone with a Signal account can participate to Signal group conversations. + +The ["Mautrix-Signal"](https://docs.mau.fi/bridges/go/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. + + +**Versión actual:** 0.5.1~ynh1 +## Documentaciones y recursos + +- Documentación usuario oficial: +- Repositorio del código fuente oficial de la aplicación : +- Catálogo YunoHost: +- Reportar un error: + +## Información para desarrolladores + +Por favor enviar sus correcciones a la [`branch testing`](https://github.com/YunoHost-Apps/mautrix_signal_ynh/tree/testing + +Para probar la rama `testing`, sigue asÍ: + +```bash +sudo yunohost app install https://github.com/YunoHost-Apps/mautrix_signal_ynh/tree/testing --debug +o +sudo yunohost app upgrade mautrix_signal -u https://github.com/YunoHost-Apps/mautrix_signal_ynh/tree/testing --debug +``` + +**Mas informaciones sobre el empaquetado de aplicaciones:** diff --git a/README_zh_Hans.md b/README_zh_Hans.md index a0cf338..c19116c 100644 --- a/README_zh_Hans.md +++ b/README_zh_Hans.md @@ -3,7 +3,7 @@ 请勿手动编辑。 --> -# YunoHost 的 Matrix Signal bridge +# YunoHost 上的 Matrix Signal bridge [![集成程度](https://dash.yunohost.org/integration/mautrix_signal.svg)](https://dash.yunohost.org/appci/app/mautrix_signal) ![工作状态](https://ci-apps.yunohost.org/ci/badges/mautrix_signal.status.svg) ![维护状态](https://ci-apps.yunohost.org/ci/badges/mautrix_signal.maintain.svg) From f8c063d484ec4d64e84e6b5f5b56dcfb2615d31e Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 17 May 2024 03:45:12 +0200 Subject: [PATCH 36/38] Upgrade to v0.6.1 https://github.com/mautrix/signal/releases/tag/v0.6.1 --- manifest.toml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifest.toml b/manifest.toml index 91e7545..e0fa555 100644 --- a/manifest.toml +++ b/manifest.toml @@ -7,7 +7,7 @@ name = "Matrix Signal bridge" description.en = "Matrix / Synapse puppeting bridge for Signal" description.fr = "Passerelle Matrix / Synapse pour Signal" -version = "0.5.1~ynh1" +version = "0.6.1~ynh1" maintainers = ["MayeulC", "nathanael-h"] @@ -94,10 +94,10 @@ ram.runtime = "128M" in_subdir = false extract = false rename = "mautrix-signal" - amd64.url = "https://github.com/mautrix/signal/releases/download/v0.5.1/mautrix-signal-amd64" - amd64.sha256 = "571919fa4402a22b6ff8bdcc451377174a2d0344a08d65d5dfcdbd2998902ba5" - arm64.url = "https://github.com/mautrix/signal/releases/download/v0.5.1/mautrix-signal-arm64" - arm64.sha256 = "55c5e685bf9d63a2cc5b436215adff1bc31cb78a8bc4845c94bb150e1d12760c" + amd64.url = "https://github.com/mautrix/signal/releases/download/v0.6.1/mautrix-signal-amd64" + amd64.sha256 = "ea4a5dc7dc680bd43d4f4a1bc9a5e0bfc77bef8fd67dc19603ac715d5b14f588" + arm64.url = "https://github.com/mautrix/signal/releases/download/v0.6.1/mautrix-signal-arm64" + arm64.sha256 = "054adafd7835ccc48198842cae063e0d47728fc01c8f47be3af08ff7d248842a" autoupdate.strategy = "latest_github_release" autoupdate.asset.amd64 = "^mautrix-signal-amd64$" From f26f86d26744475dc365af0ee85ec4be3d56225a Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 17 May 2024 01:45:14 +0000 Subject: [PATCH 37/38] Auto-update READMEs --- README.md | 2 +- README_es.md | 2 +- README_eu.md | 2 +- README_fr.md | 2 +- README_gl.md | 2 +- README_zh_Hans.md | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 51e80d0..9e693af 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ Currently the Matrix user can NOT invite other Matrix user in a bridged Signal r The ["Mautrix-Signal"](https://docs.mau.fi/bridges/go/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. -**Shipped version:** 0.5.1~ynh1 +**Shipped version:** 0.6.1~ynh1 ## Documentation and resources - Official user documentation: diff --git a/README_es.md b/README_es.md index fdf0814..be36664 100644 --- a/README_es.md +++ b/README_es.md @@ -22,7 +22,7 @@ Currently the Matrix user can NOT invite other Matrix user in a bridged Signal r The ["Mautrix-Signal"](https://docs.mau.fi/bridges/go/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. -**Versión actual:** 0.5.1~ynh1 +**Versión actual:** 0.6.1~ynh1 ## Documentaciones y recursos - Documentación usuario oficial: diff --git a/README_eu.md b/README_eu.md index d8b89c0..c83c10d 100644 --- a/README_eu.md +++ b/README_eu.md @@ -22,7 +22,7 @@ Currently the Matrix user can NOT invite other Matrix user in a bridged Signal r The ["Mautrix-Signal"](https://docs.mau.fi/bridges/go/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. -**Paketatutako bertsioa:** 0.5.1~ynh1 +**Paketatutako bertsioa:** 0.6.1~ynh1 ## Dokumentazioa eta baliabideak - Erabiltzaileen dokumentazio ofiziala: diff --git a/README_fr.md b/README_fr.md index f14ebd3..7985c59 100644 --- a/README_fr.md +++ b/README_fr.md @@ -23,7 +23,7 @@ La passerelle ["Mautrix-Signal"](https://docs.mau.fi/bridges/python/signal/index **Attention : sauvegardez et restaurez toujours les deux applications Yunohost matrix-synapse et mautrix_signal en même temps!** -**Version incluse :** 0.5.1~ynh1 +**Version incluse :** 0.6.1~ynh1 ## Documentations et ressources - Documentation officielle utilisateur : diff --git a/README_gl.md b/README_gl.md index c1feebf..171326b 100644 --- a/README_gl.md +++ b/README_gl.md @@ -22,7 +22,7 @@ Currently the Matrix user can NOT invite other Matrix user in a bridged Signal r The ["Mautrix-Signal"](https://docs.mau.fi/bridges/go/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. -**Versión proporcionada:** 0.5.1~ynh1 +**Versión proporcionada:** 0.6.1~ynh1 ## Documentación e recursos - Documentación oficial para usuarias: diff --git a/README_zh_Hans.md b/README_zh_Hans.md index c19116c..521b436 100644 --- a/README_zh_Hans.md +++ b/README_zh_Hans.md @@ -22,7 +22,7 @@ Currently the Matrix user can NOT invite other Matrix user in a bridged Signal r The ["Mautrix-Signal"](https://docs.mau.fi/bridges/go/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. -**分发版本:** 0.5.1~ynh1 +**分发版本:** 0.6.1~ynh1 ## 文档与资源 - 官方用户文档: From 94070c93a288e0613dcd9f495ad4bd2f7127544d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nathana=C3=ABl=20Hannebert?= Date: Fri, 17 May 2024 18:15:42 +0200 Subject: [PATCH 38/38] Update the config.yaml file from upstream template --- conf/config.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/conf/config.yaml b/conf/config.yaml index 526ac0c..997e91b 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -139,6 +139,10 @@ bridge: # Send captions in the same message as images. This will send data compatible with both MSC2530. # This is currently not supported in most clients. caption_in_message: false + # Format for generating URLs from location messages for sending to Signal + # Google Maps: 'https://www.google.com/maps/place/%[1]s,%[2]s' + # OpenStreetMap: 'https://www.openstreetmap.org/?mlat=%[1]s&mlon=%[2]' + location_format: 'https://www.google.com/maps/place/%[1]s,%[2]s' # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. federate_rooms: true @@ -310,4 +314,4 @@ logging: filename: /var/log/__APP__/__APP__.log max_size: 100 max_backups: 10 - compress: true \ No newline at end of file + compress: true