From 3b5ce11787ffe36df22cededc52d7c993882133e Mon Sep 17 00:00:00 2001 From: Dante Date: Tue, 12 Apr 2022 17:25:33 +0100 Subject: [PATCH] Configure end-to-bridge encryption --- conf/config.yaml | 4 ++-- scripts/_common.sh | 1 + scripts/install | 16 ++++++++++++++++ scripts/upgrade | 15 +++++++++++++++ 4 files changed, 34 insertions(+), 2 deletions(-) diff --git a/conf/config.yaml b/conf/config.yaml index aec934f..4edaa44 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -233,10 +233,10 @@ bridge: # application service. encryption: # Allow encryption, work in group chat rooms with e2ee enabled - allow: false + allow: __IS_ENCRYPTION_ENABLED__ # Default to encryption, force-enable encryption in all portals the bridge creates # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false + default: __IS_ENCRYPTION_ENABLED__ # Database for the encryption data. Currently only supports Postgres and an in-memory # store that's persisted as a pickle. # If set to `default`, will use the appservice postgres database diff --git a/scripts/_common.sh b/scripts/_common.sh index 7a9038d..8d785a2 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -7,6 +7,7 @@ # dependencies used by the app # HACK zlib1g-dev libjpeg-dev (libwebp-dev optional but necessary for stickers) are necessary to compile / install pillow pkg_dependencies="postgresql python3 zlib1g-dev libjpeg-dev libwebp-dev python3-venv libpq-dev" +pkg_dependencies_e2be="libolm-dev" #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index 7bcefe1..081a00d 100755 --- a/scripts/install +++ b/scripts/install @@ -108,6 +108,11 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path #================================================= ynh_script_progression --message="Installing dependencies..." --weight=97 +if [ $encryption -eq 1 ]; then + # Install libolm-dev from backports to avoid break on Debian Buster + ynh_install_extra_app_dependencies --repo="http://ftp.debian.org/debian/ buster-backports main" --package="$pkg_dependencies_e2be" --key="https://ftp-master.debian.org/keys/archive-key-10.asc" --name="$app" +fi + ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies #================================================= @@ -178,6 +183,12 @@ ynh_script_progression --message="Configuring Mautrix-Bridge..." --weight=2 mautrix_config_path="$final_path/config.yaml" as_token="\"This value is generated when generating the registration\"" hs_token="\"This value is generated when generating the registration\"" +is_encryption_enabled=$encryption + +if [ $encryption -eq 1 ]; then + is_encryption_enabled=true +fi + write_bridge_config #================================================= @@ -190,6 +201,11 @@ python3 -m venv $final_path export HOME=$final_path # HACK see https://github.com/mautrix/telegram/issues/661 $final_path/bin/pip3 install --upgrade setuptools wheel # HACK fixes "error: invalid command 'bdist_wheel'" $final_path/bin/pip3 install --upgrade $final_path/src/mautrix-telegram.tar.gz[postgres,speedups,qr_login] # metrics,hq_thumbnails,e2be + +if [ $encryption -eq 1 ]; then + $final_path/bin/pip3 install --upgrade $final_path/src/mautrix-telegram.tar.gz[e2be] +fi + # -r optional-requirements.txt $final_path/bin/python3 -m mautrix_telegram -g -c "$mautrix_config_path" -r "$app_service_registration_path/$app.yaml" # initialize the database diff --git a/scripts/upgrade b/scripts/upgrade index efe9cac..fc40a5d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -99,6 +99,11 @@ fi #================================================= ynh_script_progression --message="Upgrading dependencies..." --weight=1 +if [ $encryption -eq 1 ]; then + # Install libolm-dev from backports to avoid break on Debian Buster + ynh_install_extra_app_dependencies --repo="http://ftp.debian.org/debian/ buster-backports main" --package="$pkg_dependencies_e2be" --key="https://ftp-master.debian.org/keys/archive-key-10.asc" --name="$app" +fi + ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies #================================================= @@ -120,6 +125,10 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]; then export HOME=$final_path # HACK see https://github.com/mautrix/telegram/issues/661 $final_path/bin/pip3 install --upgrade setuptools wheel # HACK fixes "error: invalid command 'bdist_wheel'" $final_path/bin/pip3 install --upgrade $final_path/src/mautrix-telegram.tar.gz[postgres,speedups,qr_login] #,hq_thumbnails + + if [ $encryption -eq 1 ]; then + $final_path/bin/pip3 install --upgrade $final_path/src/mautrix-telegram.tar.gz[e2be] + fi fi #================================================= @@ -142,6 +151,12 @@ as_token=$(grep "as_token:" "$mautrix_config_path" | sed -r "s/ *as_token: *//") hs_token=$(grep "hs_token:" "$mautrix_config_path" | sed -r "s/ *hs_token: *//") # ynh_replace_string --match_string=__AS_TOKEN__ --replace_string="$as_token" --target_file="$mautrix_config_path" # ynh_replace_string --match_string=__HS_TOKEN__ --replace_string="$hs_token" --target_file="$mautrix_config_path" +is_encryption_enabled=$encryption + +if [ $encryption -eq 1 ]; then + is_encryption_enabled=true +fi + write_bridge_config # upgrade the app-service-registration