From 3b5ce11787ffe36df22cededc52d7c993882133e Mon Sep 17 00:00:00 2001 From: Dante Date: Tue, 12 Apr 2022 17:25:33 +0100 Subject: [PATCH 01/12] Configure end-to-bridge encryption --- conf/config.yaml | 4 ++-- scripts/_common.sh | 1 + scripts/install | 16 ++++++++++++++++ scripts/upgrade | 15 +++++++++++++++ 4 files changed, 34 insertions(+), 2 deletions(-) diff --git a/conf/config.yaml b/conf/config.yaml index aec934f..4edaa44 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -233,10 +233,10 @@ bridge: # application service. encryption: # Allow encryption, work in group chat rooms with e2ee enabled - allow: false + allow: __IS_ENCRYPTION_ENABLED__ # Default to encryption, force-enable encryption in all portals the bridge creates # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false + default: __IS_ENCRYPTION_ENABLED__ # Database for the encryption data. Currently only supports Postgres and an in-memory # store that's persisted as a pickle. # If set to `default`, will use the appservice postgres database diff --git a/scripts/_common.sh b/scripts/_common.sh index 7a9038d..8d785a2 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -7,6 +7,7 @@ # dependencies used by the app # HACK zlib1g-dev libjpeg-dev (libwebp-dev optional but necessary for stickers) are necessary to compile / install pillow pkg_dependencies="postgresql python3 zlib1g-dev libjpeg-dev libwebp-dev python3-venv libpq-dev" +pkg_dependencies_e2be="libolm-dev" #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index 7bcefe1..081a00d 100755 --- a/scripts/install +++ b/scripts/install @@ -108,6 +108,11 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path #================================================= ynh_script_progression --message="Installing dependencies..." --weight=97 +if [ $encryption -eq 1 ]; then + # Install libolm-dev from backports to avoid break on Debian Buster + ynh_install_extra_app_dependencies --repo="http://ftp.debian.org/debian/ buster-backports main" --package="$pkg_dependencies_e2be" --key="https://ftp-master.debian.org/keys/archive-key-10.asc" --name="$app" +fi + ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies #================================================= @@ -178,6 +183,12 @@ ynh_script_progression --message="Configuring Mautrix-Bridge..." --weight=2 mautrix_config_path="$final_path/config.yaml" as_token="\"This value is generated when generating the registration\"" hs_token="\"This value is generated when generating the registration\"" +is_encryption_enabled=$encryption + +if [ $encryption -eq 1 ]; then + is_encryption_enabled=true +fi + write_bridge_config #================================================= @@ -190,6 +201,11 @@ python3 -m venv $final_path export HOME=$final_path # HACK see https://github.com/mautrix/telegram/issues/661 $final_path/bin/pip3 install --upgrade setuptools wheel # HACK fixes "error: invalid command 'bdist_wheel'" $final_path/bin/pip3 install --upgrade $final_path/src/mautrix-telegram.tar.gz[postgres,speedups,qr_login] # metrics,hq_thumbnails,e2be + +if [ $encryption -eq 1 ]; then + $final_path/bin/pip3 install --upgrade $final_path/src/mautrix-telegram.tar.gz[e2be] +fi + # -r optional-requirements.txt $final_path/bin/python3 -m mautrix_telegram -g -c "$mautrix_config_path" -r "$app_service_registration_path/$app.yaml" # initialize the database diff --git a/scripts/upgrade b/scripts/upgrade index efe9cac..fc40a5d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -99,6 +99,11 @@ fi #================================================= ynh_script_progression --message="Upgrading dependencies..." --weight=1 +if [ $encryption -eq 1 ]; then + # Install libolm-dev from backports to avoid break on Debian Buster + ynh_install_extra_app_dependencies --repo="http://ftp.debian.org/debian/ buster-backports main" --package="$pkg_dependencies_e2be" --key="https://ftp-master.debian.org/keys/archive-key-10.asc" --name="$app" +fi + ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies #================================================= @@ -120,6 +125,10 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]; then export HOME=$final_path # HACK see https://github.com/mautrix/telegram/issues/661 $final_path/bin/pip3 install --upgrade setuptools wheel # HACK fixes "error: invalid command 'bdist_wheel'" $final_path/bin/pip3 install --upgrade $final_path/src/mautrix-telegram.tar.gz[postgres,speedups,qr_login] #,hq_thumbnails + + if [ $encryption -eq 1 ]; then + $final_path/bin/pip3 install --upgrade $final_path/src/mautrix-telegram.tar.gz[e2be] + fi fi #================================================= @@ -142,6 +151,12 @@ as_token=$(grep "as_token:" "$mautrix_config_path" | sed -r "s/ *as_token: *//") hs_token=$(grep "hs_token:" "$mautrix_config_path" | sed -r "s/ *hs_token: *//") # ynh_replace_string --match_string=__AS_TOKEN__ --replace_string="$as_token" --target_file="$mautrix_config_path" # ynh_replace_string --match_string=__HS_TOKEN__ --replace_string="$hs_token" --target_file="$mautrix_config_path" +is_encryption_enabled=$encryption + +if [ $encryption -eq 1 ]; then + is_encryption_enabled=true +fi + write_bridge_config # upgrade the app-service-registration From a66045a369947124468ac595f8bb44e99682e3d6 Mon Sep 17 00:00:00 2001 From: Dante Date: Mon, 8 Aug 2022 12:57:05 +0100 Subject: [PATCH 02/12] Bump yuno version --- README.md | 4 ++-- README_fr.md | 4 ++-- manifest.json | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 764d25c..d034727 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ See also [upstream wiki Authentication page](https://docs.mau.fi/bridges/python/ * see https://docs.mau.fi/bridges/python/telegram/relay-bot.html -**Shipped version:** 0.10.2~ynh3 +**Shipped version:** 0.10.2~ynh4 @@ -123,4 +123,4 @@ or sudo yunohost app upgrade mautrix_telegram -u https://github.com/YunoHost-Apps/mautrix_telegram_ynh/tree/testing --debug ``` -**More info regarding app packaging:** https://yunohost.org/packaging_apps \ No newline at end of file +**More info regarding app packaging:** https://yunohost.org/packaging_apps diff --git a/README_fr.md b/README_fr.md index 5612b12..e23337a 100644 --- a/README_fr.md +++ b/README_fr.md @@ -46,7 +46,7 @@ See also [upstream wiki Authentication page](https://docs.mau.fi/bridges/python/ * see https://docs.mau.fi/bridges/python/telegram/relay-bot.html -**Version incluse :** 0.10.2~ynh3 +**Version incluse :** 0.10.2~ynh4 @@ -119,4 +119,4 @@ ou sudo yunohost app upgrade mautrix_telegram -u https://github.com/YunoHost-Apps/mautrix_telegram_ynh/tree/testing --debug ``` -**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps \ No newline at end of file +**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps diff --git a/manifest.json b/manifest.json index 2df5204..73eb8dd 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Telegram puppeting bridge for Matrix/Synapse", "fr": "Passerelle Telegram pour Matrix/Synapse" }, - "version": "0.10.2~ynh3", + "version": "0.10.2~ynh4", "url": "https://docs.mau.fi/bridges/python/telegram/index.html", "upstream": { "license": "free", From bb02df5dcc589564a5fb3c05f395fcbf6286b1a6 Mon Sep 17 00:00:00 2001 From: Dante Date: Mon, 8 Aug 2022 13:11:30 +0100 Subject: [PATCH 03/12] Bump yuno version ynh5 --- README.md | 5 +---- README_fr.md | 5 +---- manifest.json | 2 +- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 26fbafa..03010f8 100644 --- a/README.md +++ b/README.md @@ -50,10 +50,7 @@ See also [upstream wiki Authentication page](https://docs.mau.fi/bridges/python/ * see https://docs.mau.fi/bridges/python/telegram/relay-bot.html -**Shipped version:** 0.10.2~ynh4 - - - +**Shipped version:** 0.10.2~ynh5 ## Disclaimers / important information ### Configuration of the bridge diff --git a/README_fr.md b/README_fr.md index 2f5c1e2..e33558b 100644 --- a/README_fr.md +++ b/README_fr.md @@ -50,10 +50,7 @@ See also [upstream wiki Authentication page](https://docs.mau.fi/bridges/python/ * see https://docs.mau.fi/bridges/python/telegram/relay-bot.html -**Version incluse :** 0.10.2~ynh4 - - - +**Version incluse :** 0.10.2~ynh5 ## Avertissements / informations importantes ### Configuration of the bridge diff --git a/manifest.json b/manifest.json index ce097d5..165c0a5 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Telegram puppeting bridge for Matrix/Synapse", "fr": "Passerelle Telegram pour Matrix/Synapse" }, - "version": "0.10.2~ynh4", + "version": "0.10.2~ynh5", "url": "https://docs.mau.fi/bridges/python/telegram/index.html", "upstream": { "license": "AGPL-3.0-or-later", From a16eff7d39368bddf112fa62cae94baf999d6b71 Mon Sep 17 00:00:00 2001 From: Dante Date: Mon, 8 Aug 2022 19:21:34 +0100 Subject: [PATCH 04/12] Update version 0.11.3 --- README.md | 2 +- README_fr.md | 2 +- conf/app.src | 4 +- conf/config.yaml | 134 ++++++++++++++++++++++++++++------------------- manifest.json | 2 +- scripts/install | 6 --- scripts/upgrade | 7 --- 7 files changed, 84 insertions(+), 73 deletions(-) diff --git a/README.md b/README.md index 4173e86..c73c2b3 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ See also [upstream wiki Authentication page](https://docs.mau.fi/bridges/python/ * see https://docs.mau.fi/bridges/python/telegram/relay-bot.html -**Shipped version:** 0.10.2~ynh4 +**Shipped version:** 0.11.3~ynh1 ## Disclaimers / important information ### Configuration of the bridge diff --git a/README_fr.md b/README_fr.md index 56d7d09..1449ebe 100644 --- a/README_fr.md +++ b/README_fr.md @@ -50,7 +50,7 @@ See also [upstream wiki Authentication page](https://docs.mau.fi/bridges/python/ * see https://docs.mau.fi/bridges/python/telegram/relay-bot.html -**Version incluse :** 0.10.2~ynh4 +**Version incluse :** 0.11.3~ynh1 ## Avertissements / informations importantes ### Configuration of the bridge diff --git a/conf/app.src b/conf/app.src index 49724ac..beb5781 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/mautrix/telegram/archive/refs/tags/v0.10.2.tar.gz -SOURCE_SUM=6c55dd22d71dc8c78a3069acabcd66d8c181c795688f37bfc88fc461e99f5e25 +SOURCE_URL=https://github.com/mautrix/telegram/archive/refs/tags/v0.11.3.tar.gz +SOURCE_SUM=5ce51e8265316e1ac706c7f70c446d28b9728cb26e63b6afc48412d12ccd9a97 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/config.yaml b/conf/config.yaml index aec934f..e5e453f 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -8,6 +8,17 @@ homeserver: # Only applies if address starts with https:// verify_ssl: __VERIFY_SERVER_SSL_CERTIFICATES__ asmux: __MATRIX_SERVER_SUPPORTS_ASMUX__ + # Number of retries for all HTTP requests if the homeserver isn't reachable. + http_retry_count: 4 + # The URL to push real-time bridge status to. + # If set, the bridge will make POST requests to this URL whenever a user's Telegram connection state changes. + # The bridge will use the appservice as_token to authorize requests. + status_endpoint: null + # Endpoint for reporting per-message status. + message_send_checkpoint_endpoint: null + # Whether asynchronous uploads via MSC2246 should be enabled for media. + # Requires a media repo that supports MSC2246. + async_media: false # Application service host/registration related details # Changing these values requires regeneration of the registration. @@ -25,14 +36,18 @@ appservice: # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s max_body_size: 1 - # The full URI to the database. SQLite and Postgres are fully supported. - # Other DBMSes supported by SQLAlchemy may or may not work. + # The full URI to the database. SQLite and Postgres are supported. # Format examples: # SQLite: sqlite:///filename.db # Postgres: postgres://username:password@hostname/dbname database: postgres://__MAUTRIX_BRIDGE_USER__:__MAUTRIX_BRIDGE_DB_PWD__@localhost:5432/__MAUTRIX_BRIDGE_DB_NAME__ - # Optional extra arguments for SQLAlchemy's create_engine - database_opts: {} + # Additional arguments for asyncpg.create_pool() or sqlite3.connect() + # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool + # https://docs.python.org/3/library/sqlite3.html#sqlite3.connect + # For sqlite, min_size is used as the connection thread pool size and max_size is ignored. + database_opts: + min_size: 1 + max_size: 10 # Public part of web server for out-of-Matrix interaction with the bridge. # Used for things like login if the user wants to make sure the 2FA password isn't stored in @@ -47,12 +62,12 @@ appservice: external: https://example.com/public # Provisioning API part of the web server for automated portal creation and fetching information. - # Used by things like mautrix-manager (https://github.com/mautrix/manager). + # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). provisioning: # Whether or not the provisioning API should be enabled. enabled: false # The prefix to use in the provisioning API endpoints. - prefix: /_matrix/provision/v1 + prefix: /_matrix/provision # The shared secret to authorize users of the API. # Set to "generate" to generate and save a new token. shared_secret: generate @@ -66,12 +81,6 @@ appservice: bot_displayname: Telegram bridge bot bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX - # Community ID for bridged users (changes registration file) and rooms. - # Must be created manually. - # - # Example: "+telegram:example.com". Set to false to disable. - community_id: +telegram:__SERVER_NAME__ - # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). # You should disable bridge -> sync_with_custom_puppets when this is enabled. @@ -95,7 +104,7 @@ manhole: # The list of UIDs who can be added to the whitelist. # If empty, any UIDs can be specified in the open-manhole command. whitelist: - - 0 + - 0 # Bridge config bridge: @@ -124,9 +133,9 @@ bridge: # "username" # "phone number" displayname_preference: - - full name - - username - - phone number + - full name + - username + - phone number # Maximum length of displayname displayname_max_length: 100 # Remove avatars from Telegram ghost users when removed on Telegram. This is disabled by default @@ -202,11 +211,12 @@ bridge: inline_images: false # Maximum size of image in megabytes before sending to Telegram as a document. image_as_file_size: 10 - # Maximum size of Telegram documents in megabytes to bridge. - max_document_size: 100 + # Maximum number of pixels in an image before sending to Telegram as a document. Defaults to 1280x1280 = 1638400. + image_as_file_pixels: 1638400 # Enable experimental parallel file transfer, which makes uploads/downloads much faster by # streaming from/to Matrix and using many connections for Telegram. # Note that generating HQ thumbnails for videos is not possible with streamed transfers. + # This option uses internal Telethon implementation details and may break with minor updates. parallel_file_transfer: false # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. @@ -216,35 +226,24 @@ bridge: # Format to which animated stickers should be converted. # disable - No conversion, send as-is (gzipped lottie) # png - converts to non-animated png (fastest), - # gif - converts to animated gif, but loses transparency + # gif - converts to animated gif # webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support target: gif # Arguments for converter. All converters take width and height. - # GIF converter takes background as a hex color. args: width: 256 height: 256 - background: "020202" # only for gif - fps: 30 # only for webm - # End-to-bridge encryption support options. These require matrix-nio to be installed with pip - # and login_shared_secret to be configured in order to get a device for the bridge bot. + fps: 25 # only for webm and gif (2, 5, 10, 20 or 25 recommended) + # End-to-bridge encryption support options. # - # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal - # application service. + # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. encryption: # Allow encryption, work in group chat rooms with e2ee enabled allow: false # Default to encryption, force-enable encryption in all portals the bridge creates # This will cause the bridge bot to be in private chats for the encryption to work properly. default: false - # Database for the encryption data. Currently only supports Postgres and an in-memory - # store that's persisted as a pickle. - # If set to `default`, will use the appservice postgres database - # or a pickle file if the appservice database is sqlite. - # - # Format examples: - # Pickle: pickle:///filename.pickle - # Postgres: postgres://username:password@hostname/dbname + # Database for the encryption data. If set to `default`, will use the appservice database. database: default # Options for automatic key sharing. key_sharing: @@ -270,6 +269,21 @@ bridge: # This field will automatically be changed back to false after it, # except if the config file is not writable. resend_bridge_info: false + # When using double puppeting, should muted chats be muted in Matrix? + mute_bridging: false + # When using double puppeting, should pinned chats be moved to a specific tag in Matrix? + # The favorites tag is `m.favourite`. + pinned_tag: null + # Same as above for archived chats, the low priority tag is `m.lowpriority`. + archive_tag: null + # Whether or not mute status and tags should only be bridged when the portal room is created. + tag_only_on_create: true + # Should leaving the room on Matrix make the user leave on Telegram? + bridge_matrix_leave: true + # Should the user be kicked out of all portals when logging out of the bridge? + kick_on_logout: true + # Should the "* user joined Telegram" notice always be marked as read automatically? + always_read_joined_telegram_notice: true # Settings for backfilling messages from Telegram. backfill: # Whether or not the Telegram ghosts of logged in Matrix users should be @@ -316,16 +330,10 @@ bridge: exceptions: - "@importantbot:example.com" - # Some config options related to Telegram message deduplication. - # The default values are usually fine, but some debug messages/warnings might recommend you - # change these. - deduplication: - # Whether or not to check the database if the message about to be sent is a duplicate. - pre_db_check: false - # The number of latest events to keep when checking for duplicates. - # You might need to increase this on high-traffic bridge instances. - cache_queue_length: 20 - + # An array of possible values for the $distinguisher variable in message formats. + # Each user gets one of the values here, based on a hash of their user ID. + # If the array is empty, the $distinguisher variable will also be empty. + relay_user_distinguishers: ["🟦", "🟣", "🟩", "⭕️", "🔶", "⬛️", "🔵", "🟢"] # The formats to use when sending messages to Telegram via the relay bot. # Text msgtypes (m.text, m.notice and m.emote) support HTML, media msgtypes don't. # @@ -333,16 +341,17 @@ bridge: # $sender_displayname - The display name of the sender (e.g. Example User) # $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser) # $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com) + # $distinguisher - A random string from the options in the relay_user_distinguishers array. # $message - The message content message_formats: - m.text: "$sender_displayname: $message" - m.notice: "$sender_displayname: $message" - m.emote: "* $sender_displayname $message" - m.file: "$sender_displayname sent a file: $message" - m.image: "$sender_displayname sent an image: $message" - m.audio: "$sender_displayname sent an audio file: $message" - m.video: "$sender_displayname sent a video: $message" - m.location: "$sender_displayname sent a location: $message" + m.text: "$distinguisher $sender_displayname: $message" + m.notice: "$distinguisher $sender_displayname: $message" + m.emote: "* $distinguisher $sender_displayname $message" + m.file: "$distinguisher $sender_displayname sent a file: $message" + m.image: "$distinguisher $sender_displayname sent an image: $message" + m.audio: "$distinguisher $sender_displayname sent an audio file: $message" + m.video: "$distinguisher $sender_displayname sent a video: $message" + m.location: "$distinguisher $sender_displayname sent a location: $message" # Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated # users are sent to telegram. All fields in message_formats are supported. Additionally, the # Telegram user info is available in the following variables: @@ -358,9 +367,9 @@ bridge: # # Set format to an empty string to disable the messages for that event. state_event_formats: - join: "$displayname joined the room." - leave: "$displayname left the room." - name_change: "$prev_displayname changed their name to $displayname" + join: "$distinguisher $displayname joined the room." + leave: "$distinguisher $displayname left the room." + name_change: "$distinguisher $prev_displayname changed their name to $distinguisher $displayname" # Filter rooms that can/can't be bridged. Can also be managed using the `filter` and # `filter-mode` management commands. @@ -378,6 +387,21 @@ bridge: # The prefix for commands. Only required in non-management rooms. command_prefix: "!tg" + # Messages sent upon joining a management room. + # Markdown is supported. The defaults are listed below. + management_room_text: + # Sent when joining a room. + welcome: "Hello, I'm a Telegram bridge bot." + # Sent when joining a management room and the user is already logged in. + welcome_connected: "Use `help` for help." + # Sent when joining a management room and the user is not logged in. + welcome_unconnected: "Use `help` for help or `login` to log in." + # Optional extra text sent when joining a management room. + additional_help: "" + + # Send each message separately (for readability in some clients) + management_room_multiple_messages: false + # Permissions for using the bridge. # Permitted values: # relaybot - Only use the bridge via the relaybot, no access to commands. diff --git a/manifest.json b/manifest.json index ce097d5..9335615 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Telegram puppeting bridge for Matrix/Synapse", "fr": "Passerelle Telegram pour Matrix/Synapse" }, - "version": "0.10.2~ynh4", + "version": "0.11.3~ynh1", "url": "https://docs.mau.fi/bridges/python/telegram/index.html", "upstream": { "license": "AGPL-3.0-or-later", diff --git a/scripts/install b/scripts/install index 2880324..c58044a 100755 --- a/scripts/install +++ b/scripts/install @@ -173,11 +173,6 @@ $final_path/bin/pip3 install --upgrade pip setuptools wheel $final_path/bin/pip3 install --upgrade $final_path/src/mautrix-telegram.tar.gz[postgres,speedups,qr_login] # metrics,hq_thumbnails,e2be # -r optional-requirements.txt $final_path/bin/python3 -m mautrix_telegram -g -c "$mautrix_config_path" -r "$app_service_registration_path/$app.yaml" -# initialize the database -# HACK alembic won't find its script dir using a relative path unless when started from $final_path -# therefore we replace the script_location -ynh_replace_string --match_string="script_location = alembic" --replace_string="script_location = $final_path/alembic" --target_file="$final_path/alembic.ini" -ynh_exec_warn_less $final_path/bin/alembic -c "$final_path/alembic.ini" -x config="$mautrix_config_path" upgrade head # Handled by synapse: synapse_ynh adds all registration files added in $app_service_registration_path to the app_service_config_files list /opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh || ynh_die --message="Synapse can't restart with the appservice configuration" @@ -189,7 +184,6 @@ ynh_exec_warn_less $final_path/bin/alembic -c "$final_path/alembic.ini" -x conf # Calculate and store the config file checksum into the app settings ynh_store_file_checksum --file="$mautrix_config_path" ynh_store_file_checksum --file="$app_service_registration_path/$app.yaml" -ynh_store_file_checksum --file="$final_path/alembic.ini" #================================================= # SETUP SYSTEMD diff --git a/scripts/upgrade b/scripts/upgrade index 461907b..eba2306 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -132,16 +132,9 @@ write_bridge_config ynh_backup_if_checksum_is_different --file="$app_service_registration_path/$app.yaml" $final_path/bin/python3 -m mautrix_telegram -g -c "$mautrix_config_path" -r "$app_service_registration_path/$app.yaml" -# upgrade the alembic database -# TODO remove on next upgrade -# ynh_backup_if_checksum_is_different --file="$final_path/alembic.ini" -ynh_replace_string --match_string="script_location = alembic" --replace_string="script_location = $final_path/alembic" --target_file="$final_path/alembic.ini" -ynh_exec_warn_less $final_path/bin/alembic -c "$final_path/alembic.ini" -x config="$mautrix_config_path" upgrade head - # Recalculate and store the checksum of the file for the next upgrade. ynh_store_file_checksum --file="$mautrix_config_path" ynh_store_file_checksum --file="$app_service_registration_path/$app.yaml" -ynh_store_file_checksum --file="$final_path/alembic.ini" #================================================= # SETUP SYSTEMD From 26fdbc4c3d09244a8ee3ad212bf463acb111d2cf Mon Sep 17 00:00:00 2001 From: Dante Date: Wed, 10 Aug 2022 14:20:36 +0100 Subject: [PATCH 05/12] Stop supporting Debian Buster require Yuno version >= 11.0.0 --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 9335615..4b3c417 100644 --- a/manifest.json +++ b/manifest.json @@ -21,7 +21,7 @@ "email": "" }, "requirements": { - "yunohost": ">= 4.3.0" + "yunohost": ">= 11.0.0" }, "multi_instance": true, "services": [ From 4ab20adadb1e47886074cd30086288ab86a4d137 Mon Sep 17 00:00:00 2001 From: Dante Date: Wed, 10 Aug 2022 14:30:17 +0100 Subject: [PATCH 06/12] Fix database_opts config invalid for postgres --- conf/config.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/conf/config.yaml b/conf/config.yaml index e5e453f..a25d383 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -45,9 +45,7 @@ appservice: # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool # https://docs.python.org/3/library/sqlite3.html#sqlite3.connect # For sqlite, min_size is used as the connection thread pool size and max_size is ignored. - database_opts: - min_size: 1 - max_size: 10 + database_opts: {} # Public part of web server for out-of-Matrix interaction with the bridge. # Used for things like login if the user wants to make sure the 2FA password isn't stored in From fc0154f950cb567eaa54f3276f89f4f800cadf3d Mon Sep 17 00:00:00 2001 From: Dante Date: Wed, 10 Aug 2022 15:00:34 +0100 Subject: [PATCH 07/12] Remove postgres from optional deps as it is used by default now --- scripts/install | 2 +- scripts/upgrade | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index c58044a..d91b3be 100755 --- a/scripts/install +++ b/scripts/install @@ -170,7 +170,7 @@ mkdir -p /var/log/$app python3 -m venv $final_path export HOME=$final_path # HACK see https://github.com/mautrix/telegram/issues/661 $final_path/bin/pip3 install --upgrade pip setuptools wheel -$final_path/bin/pip3 install --upgrade $final_path/src/mautrix-telegram.tar.gz[postgres,speedups,qr_login] # metrics,hq_thumbnails,e2be +$final_path/bin/pip3 install --upgrade $final_path/src/mautrix-telegram.tar.gz[speedups,qr_login] # metrics,e2be,hq_thumbnails,sqlite,formattednumbers # -r optional-requirements.txt $final_path/bin/python3 -m mautrix_telegram -g -c "$mautrix_config_path" -r "$app_service_registration_path/$app.yaml" diff --git a/scripts/upgrade b/scripts/upgrade index eba2306..1cdc4c9 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -110,7 +110,7 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]; then python3 -m venv $final_path export HOME=$final_path $final_path/bin/pip3 install --upgrade pip setuptools wheel - $final_path/bin/pip3 install --upgrade $final_path/src/mautrix-telegram.tar.gz[postgres,speedups,qr_login] #,hq_thumbnails + $final_path/bin/pip3 install --upgrade $final_path/src/mautrix-telegram.tar.gz[speedups,qr_login] # metrics,e2be,hq_thumbnails,sqlite,formattednumbers fi #================================================= From eca0accb0d00ba7664699de09d74de81ed215f85 Mon Sep 17 00:00:00 2001 From: Dante Date: Thu, 11 Aug 2022 15:36:16 +0100 Subject: [PATCH 08/12] Update check process to a recent more reliable upgrade version --- check_process | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/check_process b/check_process index 4f280a9..2e09be7 100644 --- a/check_process +++ b/check_process @@ -20,7 +20,7 @@ setup_private=0 setup_public=0 upgrade=1 - upgrade=1 from_commit=78e25377746ff6a488614c6ea00b8ce7c7e6d88a + upgrade=1 from_commit=dfed70e3419d23349690ea2234747ac1de2d7fb0 backup_restore=1 multi_instance=1 port_already_use=1 @@ -29,5 +29,5 @@ Email= Notification=none ;;; Upgrade options - ; commit=78e25377746ff6a488614c6ea00b8ce7c7e6d88a - name=0.10.1~ynh3 + ; commit=dfed70e3419d23349690ea2234747ac1de2d7fb0 + name=0.10.2~ynh3 From d0d8ec9628493d380f5b8037f818100c7d18c90b Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 12 Aug 2022 16:51:49 +0000 Subject: [PATCH 09/12] Auto-update README --- README.md | 1 + README_fr.md | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c73c2b3..e0ad5d5 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,7 @@ See also [upstream wiki Authentication page](https://docs.mau.fi/bridges/python/ **Shipped version:** 0.11.3~ynh1 + ## Disclaimers / important information ### Configuration of the bridge diff --git a/README_fr.md b/README_fr.md index 1449ebe..351e1c4 100644 --- a/README_fr.md +++ b/README_fr.md @@ -50,7 +50,8 @@ See also [upstream wiki Authentication page](https://docs.mau.fi/bridges/python/ * see https://docs.mau.fi/bridges/python/telegram/relay-bot.html -**Version incluse :** 0.11.3~ynh1 +**Version incluse :** 0.11.3~ynh1 + ## Avertissements / informations importantes ### Configuration of the bridge From b042fa3db3e70914a2a29724781468904273e9da Mon Sep 17 00:00:00 2001 From: Dante Date: Fri, 12 Aug 2022 18:26:48 +0100 Subject: [PATCH 10/12] Remove specific steps for Buster and add more info on E2BE --- manifest.json | 4 ++-- scripts/install | 4 ++-- scripts/upgrade | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/manifest.json b/manifest.json index c5d31c3..2045037 100644 --- a/manifest.json +++ b/manifest.json @@ -64,8 +64,8 @@ "fr": "Activer le chiffrement entre Synapse et le bridge ?" }, "help": { - "en": "Only activate if you know the prerequisites and constraints related to e2b.", - "fr": "N'activer que si vous connaissez les prérequis et constraintes liées à e2b." + "en": "Only activate if you know the prerequisites and constraints related to e2b. Voir aussi : https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html", + "fr": "N'activer que si vous connaissez les prérequis et constraintes liées à e2b. See more: https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html" }, "default": false }, diff --git a/scripts/install b/scripts/install index fae393a..0362dc4 100755 --- a/scripts/install +++ b/scripts/install @@ -108,8 +108,8 @@ ynh_app_setting_set --app=$app --key=port --value=$port ynh_script_progression --message="Installing dependencies..." --weight=97 if [ $encryption -eq 1 ]; then - # Install libolm-dev from backports to avoid break on Debian Buster - ynh_install_extra_app_dependencies --repo="http://ftp.debian.org/debian/ buster-backports main" --package="$pkg_dependencies_e2be" --key="https://ftp-master.debian.org/keys/archive-key-10.asc" --name="$app" + # Install libolm-dev to be able to use encryption + ynh_install_extra_app_dependencies $pkg_dependencies_e2be fi ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies diff --git a/scripts/upgrade b/scripts/upgrade index 28f8836..170d407 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -98,8 +98,8 @@ fi ynh_script_progression --message="Upgrading dependencies..." --weight=1 if [ $encryption -eq 1 ]; then - # Install libolm-dev from backports to avoid break on Debian Buster - ynh_install_extra_app_dependencies --repo="http://ftp.debian.org/debian/ buster-backports main" --package="$pkg_dependencies_e2be" --key="https://ftp-master.debian.org/keys/archive-key-10.asc" --name="$app" + # Install libolm-dev to be able to use encryption + ynh_install_extra_app_dependencies $pkg_dependencies_e2be fi ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies From 1ac6f955fac0429eab9798e2051352686504010a Mon Sep 17 00:00:00 2001 From: Dante Date: Tue, 16 Aug 2022 14:42:16 +0100 Subject: [PATCH 11/12] Fix translation manifest --- manifest.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.json b/manifest.json index 2045037..b70bde8 100644 --- a/manifest.json +++ b/manifest.json @@ -64,8 +64,8 @@ "fr": "Activer le chiffrement entre Synapse et le bridge ?" }, "help": { - "en": "Only activate if you know the prerequisites and constraints related to e2b. Voir aussi : https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html", - "fr": "N'activer que si vous connaissez les prérequis et constraintes liées à e2b. See more: https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html" + "en": "Only activate if you know the prerequisites and constraints related to e2b. See more: https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html", + "fr": "N'activer que si vous connaissez les prérequis et constraintes liées à e2b. Voir aussi : https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html" }, "default": false }, From c49378c23d41186a3c3f9925a1e9d181d8338c84 Mon Sep 17 00:00:00 2001 From: Dante Date: Tue, 16 Aug 2022 16:09:32 +0100 Subject: [PATCH 12/12] Add autoupdater --- .github/workflows/updater.sh | 93 +++++++++++++++++++++++++++++++++++ .github/workflows/updater.yml | 49 ++++++++++++++++++ 2 files changed, 142 insertions(+) create mode 100755 .github/workflows/updater.sh create mode 100644 .github/workflows/updater.yml diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh new file mode 100755 index 0000000..0bf2f64 --- /dev/null +++ b/.github/workflows/updater.sh @@ -0,0 +1,93 @@ +#!/bin/bash + +#================================================= +# PACKAGE UPDATING HELPER +#================================================= + +# This script is meant to be run by GitHub Actions +# The YunoHost-Apps organisation offers a template Action to run this script periodically +# Since each app is different, maintainers can adapt its contents so as to perform +# automatic actions when a new upstream release is detected. + +#================================================= +# FETCHING LATEST RELEASE AND ITS ASSETS +#================================================= + +# Fetching information +current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') +repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') +# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) +version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) +tarball_url="https://github.com/$repo/archive/refs/tags/$version.tar.gz" + +# Later down the script, we assume the version has only digits and dots +# Sometimes the release name starts with a "v", so let's filter it out. +# You may need more tweaks here if the upstream repository has different naming conventions. +if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then + version=${version:1} +fi + +# Setting up the environment variables +echo "Current version: $current_version" +echo "Latest release from upstream: $version" +echo "VERSION=$version" >> $GITHUB_ENV +# For the time being, let's assume the script will fail +echo "PROCEED=false" >> $GITHUB_ENV + +# Proceed only if the retrieved version is greater than the current one +if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then + echo "::warning ::No new version available" + exit 0 +# Proceed only if a PR for this new version does not already exist +elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then + echo "::warning ::A branch already exists for this update" + exit 0 +fi + +#================================================= +# UPDATE SOURCE FILES +#================================================= + +# Create the temporary directory +tempdir="$(mktemp -d)" + +# Download sources and calculate checksum +filename=${tarball_url##*/} +curl --silent -4 -L "$tarball_url" -o "$tempdir/$filename" +checksum=$(sha256sum "$tempdir/$filename" | head -c 64) + +# Rewrite source file +cat < conf/app.src +SOURCE_URL=$tarball_url +SOURCE_SUM=$checksum +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME=mautrix-telegram.tar.gz +SOURCE_EXTRACT=false +EOT + +echo "... conf/app.src updated" + +# Delete temporary directory +rm -rf $tempdir + +#================================================= +# SPECIFIC UPDATE STEPS +#================================================= + +# Any action on the app's source code can be done. +# The GitHub Action workflow takes care of committing all changes after this script ends. + +#================================================= +# GENERIC FINALIZATION +#================================================= + +# Replace new version in manifest +echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json + +# No need to update the README, yunohost-bot takes care of it + +# The Action will proceed only if the PROCEED environment variable is set to true +echo "PROCEED=true" >> $GITHUB_ENV +exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml new file mode 100644 index 0000000..fb72ba0 --- /dev/null +++ b/.github/workflows/updater.yml @@ -0,0 +1,49 @@ +# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. +# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. +# This file should be enough by itself, but feel free to tune it to your needs. +# It calls updater.sh, which is where you should put the app-specific update steps. +name: Check for new upstream releases +on: + # Allow to manually trigger the workflow + workflow_dispatch: + # Run it every day at 6:00 UTC + schedule: + - cron: '0 6 * * *' +jobs: + updater: + runs-on: ubuntu-latest + steps: + - name: Fetch the source code + uses: actions/checkout@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run the updater script + id: run_updater + run: | + # Setting up Git user + git config --global user.name 'yunohost-bot' + git config --global user.email 'yunohost-bot@users.noreply.github.com' + # Run the updater script + /bin/bash .github/workflows/updater.sh + - name: Commit changes + id: commit + if: ${{ env.PROCEED == 'true' }} + run: | + git commit -am "Upgrade to v$VERSION" + - name: Create Pull Request + id: cpr + if: ${{ env.PROCEED == 'true' }} + uses: peter-evans/create-pull-request@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: Update to version ${{ env.VERSION }} + committer: 'yunohost-bot ' + author: 'yunohost-bot ' + signoff: false + base: testing + branch: ci-auto-update-v${{ env.VERSION }} + delete-branch: true + title: 'Upgrade to version ${{ env.VERSION }}' + body: | + Upgrade to v${{ env.VERSION }} + draft: false