2017-02-13 20:43:41 +01:00
#!/bin/bash
2018-01-30 23:44:49 +01:00
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
2017-07-21 22:28:49 +02:00
source /usr/share/yunohost/helpers
# Stop script if errors
ynh_abort_if_errors
2017-02-13 20:43:41 +01:00
# Import common cmd
2018-01-25 19:33:20 +01:00
source ./psql.sh
source ./experimental_helper.sh
2017-02-13 20:43:41 +01:00
source ./_common.sh
2018-01-30 23:44:49 +01:00
#=================================================
# SET ALL CONSTANT
#=================================================
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
#=================================================
# LOAD SETTINGS
#=================================================
2017-07-21 22:28:49 +02:00
domain=$(ynh_app_setting_get $app special_domain)
2018-01-19 22:05:39 +01:00
path_url=$(ynh_app_setting_get $app special_path)
2017-07-21 22:28:49 +02:00
final_path=$(ynh_app_setting_get $app final_path)
synapse_old_version=$(ynh_app_setting_get $app synapse_version)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
2017-02-13 20:43:41 +01:00
is_public=$(ynh_app_setting_get $app is_public)
2018-01-19 22:05:39 +01:00
port=$(ynh_app_setting_get $app synapse_port)
2017-02-13 20:43:41 +01:00
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
2018-01-19 22:05:39 +01:00
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
2017-02-13 20:43:41 +01:00
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
2018-01-19 22:05:39 +01:00
cli_port=$(ynh_app_setting_get $app cli_port)
2017-02-13 20:43:41 +01:00
2018-01-30 23:44:49 +01:00
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
2018-05-30 20:24:30 +02:00
# Following the discussion here https://github.com/YunoHost-Apps/synapse_ynh/pull/51 we decided to remove definitely the support of the old package migration.
2018-05-30 08:24:29 +02:00
if [[ -z $synapse_old_version ]]
2017-11-23 07:56:16 +01:00
then
2018-05-30 20:24:30 +02:00
ynh_die "Update from this synapse version is not available. You need to remove this package and reinstall the new package version."
2017-11-23 07:56:16 +01:00
fi
2018-01-30 23:44:49 +01:00
#=================================================
2018-02-12 10:26:59 +01:00
# BACKUP BEFORE UPGRADE
2018-01-30 23:44:49 +01:00
#=================================================
2017-02-13 20:43:41 +01:00
2018-02-12 10:26:59 +01:00
# We stop the service before to set ynh_clean_setup
systemctl stop matrix-$app.service
2018-01-30 23:44:49 +01:00
# Backup the current version of the app
2018-01-13 00:45:12 +01:00
if [[ $(ynh_app_setting_get $app disable_backup_before_upgrade) != '1' ]]
then
ynh_backup_before_upgrade
ynh_clean_setup () {
ynh_restore_upgradebackup
}
fi
2017-09-25 22:21:03 +02:00
2018-01-30 23:44:49 +01:00
#=================================================
2018-05-30 08:24:29 +02:00
# STANDARD UPGRADE STEPS
2018-02-06 16:31:03 +01:00
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
# Install/upgrade synapse in virtualenv
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
if [ -n "$(uname -m | grep arm)" ]
then
2018-06-12 21:14:10 +02:00
ynh_setup_source $final_path/ "armv7_$(lsb_release --codename --short)"
2018-02-06 16:31:03 +01:00
else
# Install virtualenv if it don't exist
test -e $final_path/bin || virtualenv -p python2.7 $final_path
2018-01-30 23:44:49 +01:00
# Install synapse in virtualenv
2018-02-06 16:31:03 +01:00
PS1=""
cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
# We set all necessary environement variable to create a python virtualenvironnement.
source $final_path/bin/activate
pip install --upgrade setuptools
pip install --upgrade cffi ndg-httpsclient psycopg2 lxml
# Download and check the checksum for the synapse source
src_url=$(grep 'SOURCE_URL=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-)
src_sum=$(grep 'SOURCE_SUM=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-)
wget -nv -O synapse_source.tar.gz "$src_url"
echo "${src_sum} synapse_source.tar.gz" | sha256sum -c --status \
|| ynh_die "Corrupt source"
pip install --upgrade synapse_source.tar.gz
# Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29
test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\
pip uninstall -y msgpack-python msgpack; \
pip install msgpack-python)
# This fonction was defined while we call "source $final_path/bin/activate". By this fonction de undo what does "$final_path/bin/activate"
deactivate
fi
2018-01-30 23:44:49 +01:00
2018-02-06 16:31:03 +01:00
#=================================================
# UPDATE SYNAPSE CONFIG
#=================================================
2017-07-21 22:28:49 +02:00
2018-02-06 16:31:03 +01:00
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
2018-01-30 23:44:49 +01:00
2018-02-06 16:31:03 +01:00
homeserver_config_path="/etc/matrix-$app/homeserver.yaml"
cp ../conf/homeserver.yaml "$homeserver_config_path"
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
ynh_replace_string __APP__ $app "$homeserver_config_path"
ynh_replace_string __DOMAIN__ $domain "$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user "$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd "$homeserver_config_path"
ynh_replace_string __PORT__ $port "$homeserver_config_path"
ynh_replace_string __TLS_PORT__ $synapse_tls_port "$homeserver_config_path"
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port "$homeserver_config_path"
ynh_replace_string __TURNPWD__ $turnserver_pwd "$homeserver_config_path"
ynh_replace_string __APP__ $app "/etc/matrix-$app/log.yaml"
if [ "$is_public" = "0" ]
then
ynh_replace_string __ALLOWED_ACCESS__ False "$homeserver_config_path"
else
ynh_replace_string __ALLOWED_ACCESS__ True "$homeserver_config_path"
fi
ynh_store_file_checksum "$homeserver_config_path"
ynh_store_file_checksum "/etc/matrix-$app/log.yaml"
#=================================================
2018-05-30 08:24:29 +02:00
# MIGRATION 1 : MULTINSTANCE SUPPORT
2018-01-30 23:44:49 +01:00
#=================================================
2018-01-19 22:05:39 +01:00
if [[ ! -e /etc/matrix-$app/coturn.conf ]]
then
2018-01-30 23:44:49 +01:00
#=================================================
# CREATE AN INDEPENDANT SERVICE FOR COTURN
#=================================================
# Disable default config for turnserver and create a new service
2018-01-19 22:05:39 +01:00
systemctl stop coturn.service
2018-01-30 23:44:49 +01:00
2018-01-19 22:05:39 +01:00
# Set by default the system config for coturn
echo "" > /etc/turnserver.conf
ynh_replace_string "TURNSERVER_ENABLED=1" "TURNSERVER_ENABLED=0" /etc/default/coturn
2018-01-30 23:44:49 +01:00
2018-01-19 22:05:39 +01:00
# Set a port for each service in turnserver
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1)))
cli_port=$(ynh_find_port 5766)
2018-01-30 23:44:49 +01:00
2018-01-19 22:05:39 +01:00
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
ynh_app_setting_set $app cli_port $cli_port
2018-02-12 20:31:05 +01:00
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
2018-01-30 23:44:49 +01:00
2018-01-19 22:05:39 +01:00
# Configure systemd
cp ../conf/default_coturn /etc/default/coturn-$app
2018-01-30 23:44:49 +01:00
ynh_add_systemd_config coturn-$app coturn-synapse.service
#=================================================
# MAKE A CLEAN LOGROTATE CONFIG
#=================================================
2018-01-19 22:05:39 +01:00
2018-02-11 17:44:29 +01:00
ynh_use_logrotate /var/log/matrix-$app --non-append
2018-01-19 22:05:39 +01:00
fi
2017-12-08 21:07:37 +01:00
2018-01-30 23:44:49 +01:00
#=================================================
2018-05-30 08:24:29 +02:00
# MIGRATION 2 : USE STANDARD ACCESS FOR CERTIFCATE
2018-01-30 23:44:49 +01:00
# AND USE INDEPENDANT DH FILE
#=================================================
2017-12-30 15:59:05 +01:00
# Fix issue about certificates access
2018-01-19 22:05:39 +01:00
if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]]
2017-12-30 15:59:05 +01:00
then
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
fi
2018-02-03 15:05:35 +01:00
# In the old synapse instance we stored the dh.pem in /etc/yunohost/certs/DOMAIN.TLD/ but it was problematics with lets'encrypt witch made a link to the key. While the letsencrypt key was changed the dh.pem file was lost. So we decided to move to /etc/matrix-synapse/ witch is a directory witch is not managed by any other component.
# Here we check if the dh.pem file is already moved. If not we try to copy the file from the old place. If the file in the old place was already removed (by letsencrypt) we create a new one.
test -e /etc/matrix-$app/dh.pem || \
cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-$app/dh.pem || \
openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null
2018-01-03 11:07:16 +01:00
2018-05-06 00:35:58 +02:00
#=================================================
# MIGRATION 4 : FIX TURNSERVER CONFIG
#=================================================
if ! yunohost firewall list | grep -q "\- 49152:49192$"
then
yunohost firewall allow Both 49152:49192 > /dev/null 2>&1
fi
2018-01-30 23:44:49 +01:00
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# NGINX CONFIGURATION
#=================================================
2017-07-21 22:28:49 +02:00
2018-01-30 23:44:49 +01:00
ynh_add_nginx_config
2017-07-21 22:28:49 +02:00
2018-01-30 23:44:49 +01:00
#=================================================
# UPDATE COTURN CONFIG
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
2018-02-03 11:32:59 +01:00
coturn_config_path="/etc/matrix-$app/coturn.conf"
cp ../conf/turnserver.conf "$coturn_config_path"
ynh_replace_string __APP__ $app "$coturn_config_path"
ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path"
ynh_replace_string __DOMAIN__ $domain "$coturn_config_path"
ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path"
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path"
ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path"
2018-01-30 23:44:49 +01:00
2018-05-06 00:35:58 +02:00
# Get public IP and set as external IP for coturn
2018-05-10 14:23:26 +02:00
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4"
2018-05-06 00:35:58 +02:00
then
ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path"
else
ynh_replace_string '__IPV4__,' "" "$coturn_config_path"
fi
2018-05-10 14:23:26 +02:00
if [[ -n "$public_ip6" ]] && ynh_valide_ip6 "$public_ip6"
2018-05-06 00:35:58 +02:00
then
ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path"
else
ynh_replace_string ',__IPV6__' "" "$coturn_config_path"
fi
2018-02-03 11:32:59 +01:00
ynh_store_file_checksum "$coturn_config_path"
2018-01-30 23:44:49 +01:00
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE (2 times), RESTORE
# For any update do it in all files
chown $synapse_user:root -R $final_path
chown $synapse_user:root -R /var/lib/matrix-$app
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
chmod 600 /etc/matrix-$app/dh.pem
setfacl -R -m user:turnserver:rX /etc/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
#=================================================
# UPDATE VERSION SETTINGS
#=================================================
2018-01-13 01:07:17 +01:00
2018-01-25 19:33:20 +01:00
ynh_app_setting_set $app synapse_version $upstream_version
2017-02-13 20:43:41 +01:00
2018-01-30 23:44:49 +01:00
#=================================================
# RELOAD SERVICES
#=================================================
2018-01-19 22:05:39 +01:00
systemctl restart coturn-$app.service
2018-02-11 17:44:29 +01:00
ynh_check_starting "Synapse now listening on port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"