2017-02-13 20:43:41 +01:00
#!/bin/bash
2018-01-30 23:44:49 +01:00
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
2017-07-21 22:28:49 +02:00
source /usr/share/yunohost/helpers
# Stop script if errors
ynh_abort_if_errors
2017-02-13 20:43:41 +01:00
# Import common cmd
2018-01-25 19:33:20 +01:00
source ./psql.sh
source ./experimental_helper.sh
2017-02-13 20:43:41 +01:00
source ./_common.sh
2018-01-30 23:44:49 +01:00
#=================================================
# SET ALL CONSTANT
#=================================================
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
#=================================================
# LOAD SETTINGS
#=================================================
2017-07-21 22:28:49 +02:00
domain=$(ynh_app_setting_get $app special_domain)
2018-01-19 22:05:39 +01:00
path_url=$(ynh_app_setting_get $app special_path)
2017-07-21 22:28:49 +02:00
final_path=$(ynh_app_setting_get $app final_path)
synapse_old_version=$(ynh_app_setting_get $app synapse_version)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
2017-02-13 20:43:41 +01:00
is_public=$(ynh_app_setting_get $app is_public)
2018-01-19 22:05:39 +01:00
port=$(ynh_app_setting_get $app synapse_port)
2017-02-13 20:43:41 +01:00
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
2018-01-19 22:05:39 +01:00
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
2017-02-13 20:43:41 +01:00
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
2018-01-19 22:05:39 +01:00
cli_port=$(ynh_app_setting_get $app cli_port)
2017-02-13 20:43:41 +01:00
2018-01-30 23:44:49 +01:00
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
2017-11-23 07:56:16 +01:00
# To be sure that the migration is sucessfull we check that the old synapse version is compatible with the synapse_port_db script.
2018-01-06 11:51:46 +01:00
if [[ -z $synapse_old_version ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.25") != 1 ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.26") != 1 ]]
2017-11-23 07:56:16 +01:00
then
ynh_die "Update from this synapse version is not available now. You need to wait for the next update."
fi
2018-01-30 23:44:49 +01:00
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
2017-02-13 20:43:41 +01:00
2018-01-30 23:44:49 +01:00
# Backup the current version of the app
2018-01-13 00:45:12 +01:00
if [[ $(ynh_app_setting_get $app disable_backup_before_upgrade) != '1' ]]
then
ynh_backup_before_upgrade
ynh_clean_setup () {
ynh_restore_upgradebackup
}
fi
2017-09-25 22:21:03 +02:00
2018-01-30 23:44:49 +01:00
# We stop the service before to enable TRAP because if this command fail the restoration might be not possible.
systemctl stop matrix-$app.service
# Exit if an error occurs during the execution of the script
2017-09-25 22:21:03 +02:00
ynh_abort_if_errors
2018-01-30 23:44:49 +01:00
#=================================================
# UPGRADE FROM DIFFERENTS PACKAGE EVOLUTION
#=================================================
# MIGRATION 1 : UPGRADE FROM OLD PACKAGE VERSION
# DEBIAN PACKAGE-> PYTHON VIRTUALENVIRONNEMENT
# SQLITE -> POSTGRESQL
2018-02-06 16:31:03 +01:00
# PART NO 1
2018-01-30 23:44:49 +01:00
#=================================================
# Actually this package use pythonvirtualenvironnement. The old package used the debian package. So if the app is not already migrated from the old package version we need to migrade the app from the debian package to a python virtualenvironnement. In the same time the package migrated from sqlite to postgresql for the database. So we do these both things in the same time.
2017-07-21 22:28:49 +02:00
if [[ -z $synapse_old_version ]]
2017-02-13 20:43:41 +01:00
then
2018-01-30 23:44:49 +01:00
#=================================================
# UPDATE SETTINGS
#=================================================
path_url="/_matrix"
domain=$(ynh_app_setting_get $app domain)
final_path="/opt/yunohost/matrix-synapse"
ynh_app_setting_set $app special_domain $domain
ynh_app_setting_set $app special_path $path_url
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_delete $app domain
ynh_app_setting_delete $app path
ynh_app_setting_delete $app skipped_uris
2018-02-06 16:31:03 +01:00
#=================================================
# CREATE A POSTGRESQL DATABASE
#=================================================
synapse_db_pwd=$(ynh_string_random 30)
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd
# Create postgresql database
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
"CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
2018-01-30 23:44:49 +01:00
#=================================================
# REMOVE OLD DEPENDDANCE
#=================================================
ynh_secure_remove /etc/apt/sources.list.d/matrix.list
ynh_package_autoremove --purge matrix-synapse python-matrix-synapse-ldap3 || true
# If we don't remove these line in dpkg config, dpkg fail on every new package install
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/lib/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/log/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /etc/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
#=================================================
# INSTALL NEW DEPENDENCIES
#=================================================
# add new package as dependance and install dependance
# WARRNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
ynh_install_app_dependencies coturn build-essential python2.7-dev libffi-dev python-pip python-setuptools sqlite3 libssl-dev python-virtualenv libxml2-dev libxslt1-dev python-lxml libjpeg-dev libpq-dev postgresql acl
pip install --upgrade pip
pip install --upgrade virtualenv
#=================================================
2018-02-06 16:31:03 +01:00
# CREATE EMPTY DIR FOR SYNAPSE
2018-01-30 23:44:49 +01:00
#=================================================
2018-02-06 16:31:03 +01:00
2018-01-30 23:44:49 +01:00
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
mkdir -p /var/lib/matrix-$app || true # If the dir aready exist the command could fail
mkdir -p /var/log/matrix-$app || true # If the dir aready exist the command could fail
mkdir -p /etc/matrix-$app/conf.d || true # If the dir aready exist the command could fail
mkdir -p $final_path || true # If the dir aready exist the command could fail
2018-02-06 16:31:03 +01:00
fi
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
# Install/upgrade synapse in virtualenv
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
if [ -n "$(uname -m | grep arm)" ]
then
ynh_setup_source $final_path/ "armv7"
else
# Install virtualenv if it don't exist
test -e $final_path/bin || virtualenv -p python2.7 $final_path
2018-01-30 23:44:49 +01:00
# Install synapse in virtualenv
2018-02-06 16:31:03 +01:00
PS1=""
cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
# We set all necessary environement variable to create a python virtualenvironnement.
source $final_path/bin/activate
pip install --upgrade pip
pip install --upgrade setuptools
pip install --upgrade cffi ndg-httpsclient psycopg2 lxml
# Download and check the checksum for the synapse source
src_url=$(grep 'SOURCE_URL=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-)
src_sum=$(grep 'SOURCE_SUM=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-)
wget -nv -O synapse_source.tar.gz "$src_url"
echo "${src_sum} synapse_source.tar.gz" | sha256sum -c --status \
|| ynh_die "Corrupt source"
pip install --upgrade synapse_source.tar.gz
# Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29
test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\
pip uninstall -y msgpack-python msgpack; \
pip install msgpack-python)
# This fonction was defined while we call "source $final_path/bin/activate". By this fonction de undo what does "$final_path/bin/activate"
deactivate
fi
2018-01-30 23:44:49 +01:00
2018-02-06 16:31:03 +01:00
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# UPDATE SYNAPSE CONFIG
#=================================================
2017-07-21 22:28:49 +02:00
2018-02-06 16:31:03 +01:00
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
2018-01-30 23:44:49 +01:00
2018-02-06 16:31:03 +01:00
homeserver_config_path="/etc/matrix-$app/homeserver.yaml"
cp ../conf/homeserver.yaml "$homeserver_config_path"
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
ynh_replace_string __APP__ $app "$homeserver_config_path"
ynh_replace_string __DOMAIN__ $domain "$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user "$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd "$homeserver_config_path"
ynh_replace_string __PORT__ $port "$homeserver_config_path"
ynh_replace_string __TLS_PORT__ $synapse_tls_port "$homeserver_config_path"
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port "$homeserver_config_path"
ynh_replace_string __TURNPWD__ $turnserver_pwd "$homeserver_config_path"
ynh_replace_string __APP__ $app "/etc/matrix-$app/log.yaml"
if [ "$is_public" = "0" ]
then
ynh_replace_string __ALLOWED_ACCESS__ False "$homeserver_config_path"
else
ynh_replace_string __ALLOWED_ACCESS__ True "$homeserver_config_path"
fi
ynh_store_file_checksum "$homeserver_config_path"
ynh_store_file_checksum "/etc/matrix-$app/log.yaml"
#=================================================
# MIGRATION 1 : UPGRADE FROM OLD PACKAGE VERSION
# DEBIAN PACKAGE-> PYTHON VIRTUALENVIRONNEMENT
# SQLITE -> POSTGRESQL
# PART NO 2
#=================================================
if [[ -z $synapse_old_version ]]
then
2018-01-30 23:44:49 +01:00
#=================================================
# UPDATE SSOWAT CONF
#=================================================
cp ../conf/add_sso_conf.py $final_path
cp ../conf/remove_sso_conf.py $final_path
python $final_path/add_sso_conf.py || echo "Error while sso config, please add '/_matrix' in /etc/ssowat/conf.json.persistent"
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_system_user_create $synapse_user /var/lib/matrix-synapse
2017-12-30 15:59:05 +01:00
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
2017-07-21 22:28:49 +02:00
2018-02-06 16:31:03 +01:00
# In the old synapse instance we stored the dh.pem in /etc/yunohost/certs/DOMAIN.TLD/ but it was problematics with lets'encrypt witch made a link to the key. While the letsencrypt key was changed the dh.pem file was lost. So we decided to move to /etc/matrix-synapse/ witch is a directory witch is not managed by any other component.
# Here we check if the dh.pem file is already moved. If not we try to copy the file from the old place. If the file in the old place was already removed (by letsencrypt) we create a new one.
test -e /etc/matrix-$app/dh.pem || \
cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-$app/dh.pem || \
openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null
2018-01-30 23:44:49 +01:00
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_secure_remove /etc/init.d/matrix-synapse
ynh_secure_remove /lib/systemd/system/matrix-synapse.service
ynh_secure_remove /etc/systemd/system/matrix-synapse.service
systemctl daemon-reload
systemctl disable matrix-synapse.service
cp ../conf/default_matrix-synapse /etc/default/matrix-synapse
cp ../conf/matrix-synapse.service /etc/systemd/system/matrix-synapse.service
ynh_replace_string __APP__ $app /etc/systemd/system/matrix-synapse.service
systemctl daemon-reload
systemctl enable matrix-synapse.service
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
2018-02-06 16:31:03 +01:00
yunohost service add matrix-$app -l "/var/log/matrix-$app/homeserver.log"
yunohost service add coturn-$app
2018-01-30 23:44:49 +01:00
#=================================================
# MIGRATE DATABASE
#=================================================
# We get the last version of the synapse_port_db script because an old version could be buggy.
cp ../sources/synapse_port_db /opt/yunohost/matrix-synapse/bin/synapse_port_db
# Migrate database (in virtualenv)
source $final_path/bin/activate
/opt/yunohost/matrix-synapse/bin/synapse_port_db --sqlite-database /var/lib/matrix-synapse/homeserver.db \
--postgres-config /etc/matrix-synapse/homeserver.yaml
deactivate
2017-02-13 20:43:41 +01:00
fi
2018-01-30 23:44:49 +01:00
#=================================================
# MIGRATION 2 : MULTINSTANCE SUPPORT
#=================================================
2018-01-19 22:05:39 +01:00
if [[ ! -e /etc/matrix-$app/coturn.conf ]]
then
2018-01-30 23:44:49 +01:00
#=================================================
# CREATE AN INDEPENDANT SERVICE FOR COTURN
#=================================================
# Disable default config for turnserver and create a new service
2018-01-19 22:05:39 +01:00
systemctl stop coturn.service
2018-01-30 23:44:49 +01:00
2018-01-19 22:05:39 +01:00
# Set by default the system config for coturn
echo "" > /etc/turnserver.conf
ynh_replace_string "TURNSERVER_ENABLED=1" "TURNSERVER_ENABLED=0" /etc/default/coturn
2018-01-30 23:44:49 +01:00
2018-01-19 22:05:39 +01:00
# Set a port for each service in turnserver
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1)))
cli_port=$(ynh_find_port 5766)
2018-01-30 23:44:49 +01:00
2018-01-19 22:05:39 +01:00
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
ynh_app_setting_set $app cli_port $cli_port
yunohost firewall allow --no-upnp Both $turnserver_alt_tls_port > /dev/null 2>&1
2018-01-30 23:44:49 +01:00
2018-01-19 22:05:39 +01:00
# Configure systemd
cp ../conf/default_coturn /etc/default/coturn-$app
2018-01-30 23:44:49 +01:00
ynh_add_systemd_config coturn-$app coturn-synapse.service
#=================================================
# MAKE A CLEAN LOGROTATE CONFIG
#=================================================
2018-01-19 22:05:39 +01:00
# Clean logrotate file for all old instances
ynh_remove_logrotate
ynh_use_logrotate /var/log/matrix-$app
fi
2017-12-08 21:07:37 +01:00
2018-01-30 23:44:49 +01:00
#=================================================
# MIGRATION 3 : USE STANDARD ACCESS FOR CERTIFCATE
# AND USE INDEPENDANT DH FILE
#=================================================
2017-12-30 15:59:05 +01:00
# Fix issue about certificates access
2018-01-19 22:05:39 +01:00
if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]]
2017-12-30 15:59:05 +01:00
then
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
fi
2018-02-03 15:05:35 +01:00
# In the old synapse instance we stored the dh.pem in /etc/yunohost/certs/DOMAIN.TLD/ but it was problematics with lets'encrypt witch made a link to the key. While the letsencrypt key was changed the dh.pem file was lost. So we decided to move to /etc/matrix-synapse/ witch is a directory witch is not managed by any other component.
# Here we check if the dh.pem file is already moved. If not we try to copy the file from the old place. If the file in the old place was already removed (by letsencrypt) we create a new one.
test -e /etc/matrix-$app/dh.pem || \
cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-$app/dh.pem || \
openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null
2018-01-03 11:07:16 +01:00
2018-01-30 23:44:49 +01:00
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# NGINX CONFIGURATION
#=================================================
2017-07-21 22:28:49 +02:00
2018-01-30 23:44:49 +01:00
ynh_add_nginx_config
2017-07-21 22:28:49 +02:00
2018-01-30 23:44:49 +01:00
#=================================================
# UPDATE COTURN CONFIG
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
2018-02-03 11:32:59 +01:00
coturn_config_path="/etc/matrix-$app/coturn.conf"
ynh_backup_if_checksum_is_different "$coturn_config_path"
cp ../conf/turnserver.conf "$coturn_config_path"
ynh_replace_string __APP__ $app "$coturn_config_path"
ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path"
ynh_replace_string __DOMAIN__ $domain "$coturn_config_path"
ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path"
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path"
ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path"
2018-01-30 23:44:49 +01:00
2018-02-03 11:32:59 +01:00
ynh_store_file_checksum "$coturn_config_path"
2018-01-30 23:44:49 +01:00
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE (2 times), RESTORE
# For any update do it in all files
chown $synapse_user:root -R $final_path
chown $synapse_user:root -R /var/lib/matrix-$app
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
chmod 600 /etc/matrix-$app/dh.pem
setfacl -R -m user:turnserver:rX /etc/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
#=================================================
# UPDATE VERSION SETTINGS
#=================================================
2018-01-13 01:07:17 +01:00
2018-01-25 19:33:20 +01:00
ynh_app_setting_set $app synapse_version $upstream_version
2017-02-13 20:43:41 +01:00
2018-01-30 23:44:49 +01:00
#=================================================
# RELOAD SERVICES
#=================================================
2018-01-19 22:05:39 +01:00
systemctl restart coturn-$app.service
2018-01-25 19:33:20 +01:00
ynh_check_starting "Synapse now listening on port 8448" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"
