1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00

Solve error with custom certificat

This commit is contained in:
Josué Tille 2017-02-18 22:40:22 +01:00
parent f4805d6996
commit 0dcd75eeeb
5 changed files with 106 additions and 19 deletions

View file

@ -3,21 +3,20 @@
# Commentaire ignoré # Commentaire ignoré
; Manifest ; Manifest
domain="$DOMAIN" (DOMAIN) domain="$DOMAIN" (DOMAIN)
path="$PATH" (PATH)
is_public=1 (PUBLIC|public=1|private=0) is_public=1 (PUBLIC|public=1|private=0)
; Checks ; Checks
pkg_linter=1 pkg_linter=1
setup_sub_dir=1 setup_sub_dir=1
setup_root=1 setup_root=0
setup_nourl=0 setup_nourl=1
setup_private=1 setup_private=1
setup_public=1 setup_public=1
upgrade=1 upgrade=1
backup_restore=1 backup_restore=1
multi_instance=0 multi_instance=0
wrong_user=1 wrong_user=0
wrong_path=1 wrong_path=2
incorrect_path=1 incorrect_path=0
corrupt_source=1 corrupt_source=1
fail_download_source=1 fail_download_source=1
port_already_use=1 (8008) port_already_use=1 (8008)

View file

@ -50,13 +50,53 @@ GET_DEBIAN_VERSION() {
} }
enable_backport_repos() { enable_backport_repos() {
if [[ -z "$(grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list ; grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list.d/*)" ]] if [[ -z "$(grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list ; grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list.d/*.list)" ]]
then then
echo "deb $(grep -m 1 "^deb .* $debian_version .*main" /etc/apt/sources.list | cut -d ' ' -f2) $debian_version-backports main contrib non-free" | sudo tee -a "/etc/apt/sources.list" echo "deb $(grep -m 1 "^deb .* $debian_version .*main" /etc/apt/sources.list | cut -d ' ' -f2) $debian_version-backports main contrib non-free" | sudo tee -a "/etc/apt/sources.list"
fi fi
ynh_package_update ynh_package_update
} }
set_access() { # example : set_access USER FILE
user="$1"
file_to_set="$2"
while [[ 0 ]]
do
path_to_set=""
oldIFS="$IFS"
IFS="/"
for dirname in $file_to_set
do
if [[ -n "$dirname" ]]
then
sudo test -f "$path_to_set"/"$dirname" && sudo setfacl -m d:u:$user:r "$path_to_set"
path_to_set="$path_to_set/$dirname"
if $(sudo sudo -u $user test ! -r "$path_to_set")
then
sudo test -d "$path_to_set" && sudo setfacl -m user:$user:rx "$path_to_set"
sudo test -f "$path_to_set" && sudo setfacl -m user:$user:r "$path_to_set"
sudo test -L "$path_to_set" && sudo setfacl -m user:$user:r "$path_to_set"
fi
fi
done
IFS="$oldIFS"
if $(sudo test -L "$file_to_set")
then
if [[ -n "$(sudo readlink "$file_to_set" | grep -e "^/")" ]]
then
file_to_set=$(sudo readlink "$file_to_set") # If it is an absolute path
else
file_to_set=$(sudo realpath -s -m "$(echo "$file_to_set" | cut -d'/' -f-$(echo "$file_to_set" | grep -o '/' | wc -l))/$(sudo readlink "$file_to_set")") # If it is an relative path (we get with realpath the absolute path)
fi
else
break
fi
done
}
CHECK_VAR () { # Vérifie que la variable n'est pas vide. CHECK_VAR () { # Vérifie que la variable n'est pas vide.
# $1 = Variable à vérifier # $1 = Variable à vérifier
# $2 = Texte à afficher en cas d'erreur # $2 = Texte à afficher en cas d'erreur

View file

@ -99,13 +99,13 @@ sudo sed -i "s@__DOMAIN__@$domain@g" /etc/turnserver.conf
sudo sed -i "s@__TLS_PORT__@$turnserver_tls_port@g" /etc/turnserver.conf sudo sed -i "s@__TLS_PORT__@$turnserver_tls_port@g" /etc/turnserver.conf
# Configure access for certificates # Configure access for certificates
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/crt.pem set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/key.pem set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/dh.pem set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/crt.pem set_access turnserver /etc/yunohost/certs/$domain/crt.pem
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/key.pem set_access turnserver /etc/yunohost/certs/$domain/key.pem
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/dh.pem set_access turnserver /etc/yunohost/certs/$domain/dh.pem
# Configuration de logrotate # Configuration de logrotate
sed -i "s@__APP__@$app@g" ../conf/logrotate sed -i "s@__APP__@$app@g" ../conf/logrotate

View file

@ -66,6 +66,45 @@ enable_backport_repos() {
ynh_package_update ynh_package_update
} }
set_access() { # example : set_access USER FILE
user="$1"
file_to_set="$2"
while [[ 0 ]]
do
path_to_set=""
oldIFS="$IFS"
IFS="/"
for dirname in $file_to_set
do
if [[ -n "$dirname" ]]
then
sudo test -f "$path_to_set"/"$dirname" && sudo setfacl -m d:u:$user:r "$path_to_set"
path_to_set="$path_to_set/$dirname"
if $(sudo sudo -u $user test ! -r "$path_to_set")
then
sudo test -d "$path_to_set" && sudo setfacl -m user:$user:rx "$path_to_set"
sudo test -f "$path_to_set" && sudo setfacl -m user:$user:r "$path_to_set"
fi
fi
done
IFS="$oldIFS"
if $(sudo test -L "$file_to_set")
then
if [[ -n "$(sudo readlink "$file_to_set" | grep -e "^/")" ]]
then
file_to_set=$(sudo readlink "$file_to_set") # If it is an absolute path
else
file_to_set=$(sudo realpath -s -m "$(echo "$file_to_set" | cut -d'/' -f-$(echo "$file_to_set" | grep -o '/' | wc -l))/$(sudo readlink "$file_to_set")") # If it is an relative path (we get with realpath the absolute path)
fi
else
break
fi
done
}
CHECK_VAR () { # Vérifie que la variable n'est pas vide. CHECK_VAR () { # Vérifie que la variable n'est pas vide.
# $1 = Variable à vérifier # $1 = Variable à vérifier
# $2 = Texte à afficher en cas d'erreur # $2 = Texte à afficher en cas d'erreur
@ -201,13 +240,13 @@ sudo cp -a ./coturn_config_default "/etc/default/coturn"
sudo cp -a ./data/. "/var/lib/matrix-synapse/." sudo cp -a ./data/. "/var/lib/matrix-synapse/."
# Configure access for certificates # Configure access for certificates
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/crt.pem set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/key.pem set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/dh.pem set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/crt.pem set_access turnserver /etc/yunohost/certs/$domain/crt.pem
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/key.pem set_access turnserver /etc/yunohost/certs/$domain/key.pem
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/dh.pem set_access turnserver /etc/yunohost/certs/$domain/dh.pem
# Ouvre le port dans le firewall # Ouvre le port dans le firewall
sudo yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1 sudo yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1

View file

@ -37,6 +37,15 @@ sudo sed -i "s@__TLS_PORT__@$synapse_tls_port@g" /etc/matrix-synapse/homeserver.
sudo sed -i "s@__TURNSERVER_TLS_PORT__@$turnserver_tls_port@g" /etc/matrix-synapse/homeserver.yaml sudo sed -i "s@__TURNSERVER_TLS_PORT__@$turnserver_tls_port@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/matrix-synapse/homeserver.yaml sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/matrix-synapse/homeserver.yaml
# Configure access for certificates
set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem
set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem
set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem
set_access turnserver /etc/yunohost/certs/$domain/crt.pem
set_access turnserver /etc/yunohost/certs/$domain/key.pem
set_access turnserver /etc/yunohost/certs/$domain/dh.pem
if [ "$is_public" = "0" ] if [ "$is_public" = "0" ]
then then
sudo sed -i "s@__ALLOWED_ACCESS__@False@g" /etc/matrix-synapse/homeserver.yaml sudo sed -i "s@__ALLOWED_ACCESS__@False@g" /etc/matrix-synapse/homeserver.yaml