Merge branch 'testing' into matrix_v2

README.md

@@ -21,7 +21,7 @@ Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 
 
-**Shipped version:** 1.108.0~ynh1
+**Shipped version:** 1.109.0~ynh1
 ## Documentation and resources
 
 - Official app website: <https://matrix.org/>

README_es.md

@@ -21,7 +21,7 @@ Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 
 
-**Versión actual:** 1.108.0~ynh1
+**Versión actual:** 1.109.0~ynh1
 ## Documentaciones y recursos
 
 - Sitio web oficial: <https://matrix.org/>

README_eu.md

@@ -21,7 +21,7 @@ Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 
 
-**Paketatutako bertsioa:** 1.108.0~ynh1
+**Paketatutako bertsioa:** 1.109.0~ynh1
 ## Dokumentazioa eta baliabideak
 
 - Aplikazioaren webgune ofiziala: <https://matrix.org/>

README_fr.md

@@ -21,7 +21,7 @@ Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 
 
-**Version incluse :** 1.108.0~ynh1
+**Version incluse :** 1.109.0~ynh1
 ## Documentations et ressources
 
 - Site officiel de l’app : <https://matrix.org/>

README_gl.md

@@ -21,7 +21,7 @@ Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 
 
-**Versión proporcionada:** 1.108.0~ynh1
+**Versión proporcionada:** 1.109.0~ynh1
 ## Documentación e recursos
 
 - Web oficial da app: <https://matrix.org/>

README_zh_Hans.md

@@ -21,7 +21,7 @@ Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 
 
-**分发版本：** 1.108.0~ynh1
+**分发版本：** 1.109.0~ynh1
 ## 文档与资源
 
 - 官方应用网站： <https://matrix.org/>

auto_update/auto_update.sh

@@ -163,7 +163,7 @@ then
     else
         result="Failed"
     fi
-    msg="Build: $app_name version $app_version\n"
-    msg+="$(cat ${app_name}_build_temp.log)"
-    echo -e "$msg" | mail.mailutils -a "Content-Type: text/plain; charset=UTF-8" -s "Autoupgrade $app_name : $result" "$notify_email"
+    msg="Build: $app_name version $app_version"
+
+    echo "$msg" | mail.mailutils --content-type="text/plain; charset=UTF-8" -A "${app_name}_build_temp.log" -s "Autoupgrade $app_name : $result" "$notify_email"
 fi

conf/requirement_bookworm.txt

@@ -4,14 +4,14 @@ Automat==22.10.0
 bcrypt==4.1.3
 bleach==6.1.0
 canonicaljson==2.0.0
-certifi==2024.2.2
+certifi==2024.6.2
 cffi==1.16.0
 charset-normalizer==3.3.2
 constantly==23.10.4
-cryptography==42.0.7
+cryptography==42.0.8
 hyperlink==21.0.0
 idna==3.7
-ijson==3.2.3
+ijson==3.3.0
 immutabledict==4.2.0
 incremental==22.10.0
 Jinja2==3.1.4
@@ -21,27 +21,27 @@ ldap3==2.9.1
 lxml==5.2.2
 MarkupSafe==2.1.5
 matrix-common==1.3.0
-matrix-synapse==1.108.0
+matrix-synapse==1.109.0
 matrix-synapse-ldap3==0.3.0
 msgpack==1.0.8
 ndg-httpsclient==0.5.1
 netaddr==1.3.0
-packaging==24.0
-phonenumbers==8.13.37
+packaging==24.1
+phonenumbers==8.13.39
 pillow==10.3.0
 prometheus_client==0.20.0
 psycopg2==2.9.9
 pyasn1==0.6.0
 pyasn1_modules==0.4.0
 pycparser==2.22
-pydantic==2.7.2
-pydantic_core==2.18.3
+pydantic==2.7.4
+pydantic_core==2.18.4
 pymacaroons==0.13.0
 PyNaCl==1.5.0
 pyOpenSSL==24.1.0
 PyYAML==6.0.1
 referencing==0.35.1
-requests==2.32.2
+requests==2.32.3
 rpds-py==0.18.1
 semantic-version==2.10.0
 service-identity==24.1.0
@@ -51,8 +51,8 @@ six==1.16.0
 sortedcontainers==2.4.0
 treq==23.11.0
 Twisted==24.3.0
-typing_extensions==4.12.0
+typing_extensions==4.12.2
 unpaddedbase64==2.1.0
-urllib3==2.2.1
+urllib3==2.2.2
 webencodings==0.5.1
 zope.interface==6.4.post2

conf/requirement_bullseye.txt

@@ -4,14 +4,14 @@ Automat==22.10.0
 bcrypt==4.1.3
 bleach==6.1.0
 canonicaljson==2.0.0
-certifi==2024.2.2
+certifi==2024.6.2
 cffi==1.16.0
 charset-normalizer==3.3.2
 constantly==23.10.4
-cryptography==42.0.7
+cryptography==42.0.8
 hyperlink==21.0.0
 idna==3.7
-ijson==3.2.3
+ijson==3.3.0
 immutabledict==4.2.0
 incremental==22.10.0
 Jinja2==3.1.4
@@ -21,27 +21,27 @@ ldap3==2.9.1
 lxml==5.2.2
 MarkupSafe==2.1.5
 matrix-common==1.3.0
-matrix-synapse==1.108.0
+matrix-synapse==1.109.0
 matrix-synapse-ldap3==0.3.0
 msgpack==1.0.8
 ndg-httpsclient==0.5.1
 netaddr==1.3.0
-packaging==24.0
-phonenumbers==8.13.37
+packaging==24.1
+phonenumbers==8.13.39
 pillow==10.3.0
 prometheus_client==0.20.0
 psycopg2==2.9.9
 pyasn1==0.6.0
 pyasn1_modules==0.4.0
 pycparser==2.22
-pydantic==2.7.2
-pydantic_core==2.18.3
+pydantic==2.7.4
+pydantic_core==2.18.4
 pymacaroons==0.13.0
 PyNaCl==1.5.0
 pyOpenSSL==24.1.0
 PyYAML==6.0.1
 referencing==0.35.1
-requests==2.32.2
+requests==2.32.3
 rpds-py==0.18.1
 semantic-version==2.10.0
 service-identity==24.1.0
@@ -52,8 +52,8 @@ sortedcontainers==2.4.0
 tomli==2.0.1
 treq==23.11.0
 Twisted==24.3.0
-typing_extensions==4.12.0
+typing_extensions==4.12.2
 unpaddedbase64==2.1.0
-urllib3==2.2.1
+urllib3==2.2.2
 webencodings==0.5.1
 zope.interface==6.4.post2

conf/turnserver.conf

@@ -1,6 +1,6 @@
-lt-cred-mech
 use-auth-secret
 static-auth-secret={{ turnserver_pwd }}
+cli-password={{ turnserver_cli_pwd }}
 realm={{ domain }}
 
 tls-listening-port={{ port_turnserver_tls }}

config_panel.toml

@@ -150,7 +150,7 @@ services = ["__APP__"]
 
 [advanced]
 name = "Advanced Settings"
-services = ["matrix-__APP__"]
+services = ["__APP__"]
 
     # Disabled as it don't work any more on bookworm
     #
@@ -230,7 +230,7 @@ services = ["matrix-__APP__"]
     name = "Security"
 
             [advanced.security.enable_dtls_for_audio_video_turn_call]
-            ask = "Enable TLS/DTLS on Audio/Video coll"
+            ask = "Enable TLS/DTLS on Audio/Video call"
             type = "boolean"
             yes = "true"
             no = "false"

doc/PRE_INSTALL.md

@@ -1,3 +1,3 @@
-- Synapse consumes a significant amount of resources (both CPU and ARM), and therefore is not recommended for "small" setups such as small ARM boards
+- Synapse consumes a significant amount of resources (both CPU and RAM), and therefore is not recommended for "small" setups such as small ARM boards
 - During the install, the generation of Diffie-Hellman parameters may take a significant amount of time. You can speed things up by manually initializing them before running the install: `openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -dsaparam 2048`
 - The package uses a prebuilt python virtual environnement. The binary are taken from this repository: <https://github.com/YunoHost-Apps/synapse_python_build>. The script to build the binary is also available.

manifest.toml

@@ -5,7 +5,7 @@ name = "Synapse"
 description.en = "Instant messaging server which uses Matrix"
 description.fr = "Serveur de messagerie instantané basé sur Matrix"
 
-version = "1.108.0~ynh1"
+version = "1.109.0~ynh1"
 
 maintainers = ["Josué Tille"]
 
@@ -18,7 +18,7 @@ cpe = "cpe:2.3:a:matrix:synapse"
 fund = "https://matrix.org/support/#"
 
 [integration]
-yunohost = ">= 11.2.11"
+yunohost = ">= 11.2.13"
 architectures = ["amd64", "arm64"]
 multi_instance = true
 ldap = true
@@ -63,13 +63,13 @@ ram.runtime = "1G"
 [resources]
     [resources.sources.synapse_prebuilt_armv7_bookworm]
     prefetch = false
-    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.108.0/matrix-synapse_1.108.0-bookworm-bin1_armv7l.tar.gz"
-    armhf.sha256 = "ceff2b044fede6a7294c3d85619e6bbbb8d6371260c3492e9194a59f6f3a9e59"
+    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.109.0/matrix-synapse_1.109.0-bookworm-bin1_armv7l.tar.gz"
+    armhf.sha256 = "d80915247255433ddad2e8283361f9d4c13c4f10ac50bf0de4139231c4f8164b"
 
     [resources.sources.synapse_prebuilt_armv7_bullseye]
     prefetch = false
-    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.108.0/matrix-synapse_1.108.0-bullseye-bin1_armv7l.tar.gz"
-    armhf.sha256 = "658c4134927facc4c7d87e712388600c2759bc32f31951311bb0589d0c6da4e5"
+    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.109.0/matrix-synapse_1.109.0-bullseye-bin1_armv7l.tar.gz"
+    armhf.sha256 = "e1ff4c600fae6f9ccc7a7e758dbcefcf64e55e6f29eece75e903ea6b93f02e78"
 
     [resources.sources.sliding_proxy]
     prefetch = true

scripts/_common.sh

@@ -1,7 +1,7 @@
 readonly python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)"
 readonly code_dir="/opt/yunohost/matrix-$app"
 readonly domain_whitelist_client="$(yunohost --output-as json domain list  | jq -r '.domains | .[]')"
-readonly db_name_slidingproxy=${db_name}_slidingproxy
+readonly db_name_slidingproxy="${db_name}"_slidingproxy
 
 install_sources() {
     # Install/upgrade synapse in virtualenv
@@ -80,7 +80,7 @@ configure_coturn() {
     then
         turn_external_ip+="$public_ip6"
     fi
-    ynh_add_jinja_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
+    ynh_add_config --jinja --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
 }
 
 configure_nginx() {
@@ -117,6 +117,11 @@ ensure_vars_set() {
         ynh_app_setting_set --app="$app" --key=turnserver_pwd --value="$turnserver_pwd"
     fi
 
+    if [ -z "${turnserver_cli_pwd:-}" ]; then
+        turnserver_cli_pwd=$(ynh_string_random --length=30)
+        ynh_app_setting_set --app="$app" --key=turnserver_cli_pwd --value="$turnserver_cli_pwd"
+    fi
+
     if [ -z "${web_client_location:-}" ]
     then
         web_client_location="https://matrix.to/"
@@ -279,5 +284,6 @@ set_permissions() {
     chmod 600 /etc/matrix-"$app"/"$server_name".signing.key
 
     chown "$app":root -R /var/log/matrix-"$app"
+    chmod u=rwX,g=rX,o= -R /var/log/matrix-"$app"
     setfacl -R -m user:turnserver:rwX  /var/log/matrix-"$app"
 }

scripts/backup

@@ -72,7 +72,7 @@ ynh_backup --src_path="/etc/matrix-$app"
 
 ynh_backup --src_path="/etc/systemd/system/$app.service"
 ynh_backup --src_path="/etc/systemd/system/$app-coturn.service"
-ynh_backup --src_path=/etc/systemd/system/$app-sliding-proxy.service
+ynh_backup --src_path=/etc/systemd/system/"$app"-sliding-proxy.service
 
 #=================================================
 # BACKUP SYNAPSE DATA

scripts/change_url

@@ -32,7 +32,7 @@ ynh_script_progression --message="Updating Synapse config..." --weight=2
 # Force enable it because some client like Element X don't support CAS and so require to have password authentication enabled
 password_enabled=true
 
-ynh_add_jinja_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
+ynh_add_config --jinja --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
 ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
 
 #=================================================

scripts/config

@@ -31,7 +31,7 @@ ynh_app_config_apply() {
     # Force enable it because some client like Element X don't support CAS and so require to have password authentication enabled
     password_enabled=true
 
-    ynh_add_jinja_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
+    ynh_add_config --jinja --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
     ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
     set_permissions
 }

scripts/experimental_helper.sh

@@ -1,135 +0,0 @@
-# Create a dedicated config file from a jinja template
-#
-# usage: ynh_add_jinja_config --template="template" --destination="destination"
-# | arg: -t, --template=     - Template config file to use
-# | arg: -d, --destination=  - Destination of the config file
-# | arg: -i, --ignore_vars=  - List separated by space of script variables to ignore and don't pass in the jinja context.
-# |                            This could be useful mainly for special share which can't be retried by reference name (like the array).
-#
-# examples:
-#    ynh_add_jinja_config --template="app.conf" --destination="$install_dir/app.conf"
-#    ynh_add_jinja_config --template="app-env" --destination="$install_dir/app-env" --ignore_vars="complex_array yolo"
-#
-# The template can be by default the name of a file in the conf directory
-#
-# The helper will verify the checksum and backup the destination file
-# if it's different before applying the new template.
-#
-# And it will calculate and store the destination file checksum
-# into the app settings when configuration is done.
-#
-##
-## About the variables passed to the template:
-##
-#
-# All variable defined in the script are available into the template (as string) except someone described below.
-# If a variable make crash the helper for some reason (by example if the variable is of type array)
-# or you just want to don't pass a specific variable for some other reason you can add it in the '--ignore_vars=' parameter as described above.
-# Here are the list of ignored variable and so there won't never be available in the template:
-# - All system environment variable like (TERM, USER, PATH, LANG, etc).
-#   If you need someone you just need to declare an other variable with the same value.
-#   Note that all Yunohost variable whose name begins by 'YNH_' are available and can be used in the template.
-# - This following list:
-#        legacy_args args_array template destination ignore_vars template_path python_env_var ignore_var_regex
-#        progress_scale progress_string0 progress_string1 progress_string2
-#        old changed binds types file_hash formats
-#
-##
-## Usage in templates:
-##
-#
-# For a full documentation of the template you can refer to: https://jinja.palletsprojects.com/en/3.1.x/templates/
-# In Yunohost context there are no really some specificity except that all variable passed are of type string.
-# So here are some example of recommended usage:
-#
-# If you need a conditional block
-#
-# {% if should_my_block_be_shown == 'true' %}
-# ...
-# {% endif %}
-#
-# or
-#
-# {% if should_my_block_be_shown == '1' %}
-# ...
-# {% endif %}
-#
-# If you need to iterate with loop:
-#
-# {% for yolo in var_with_multiline_value.splitlines() %}
-# ...
-# {% endfor %}
-#
-# or
-#
-# {% for jail in my_var_with_coma.split(',') %}
-# ...
-# {% endfor %}
-#
-ynh_add_jinja_config() {
-    # Declare an array to define the options of this helper.
-    local legacy_args=tdi
-    local -A args_array=([t]=template= [d]=destination= [i]=ignore_vars= )
-    local template
-    local destination
-    local ignore_vars
-    # Manage arguments with getopts
-    ynh_handle_getopts_args "$@"
-    local template_path
-
-    #
-    ## List of all vars ignored and not passed to the template
-    # WARNING Update the list on the helper documentation at the top of the helper, if you change this list
-    #
-
-    # local vars used in the helper
-    ignore_vars+=" legacy_args args_array template destination ignore_vars template_path python_env_var ignore_var_regex"
-    # yunohost helpers
-    ignore_vars+=" progress_scale progress_string0 progress_string1 progress_string2"
-    # Arrays used in config panel
-    ignore_vars+=" old changed binds types file_hash formats"
-
-    if [ -f "$YNH_APP_BASEDIR/conf/$template" ]; then
-        template_path="$YNH_APP_BASEDIR/conf/$template"
-    elif [ -f "$template" ]; then
-        template_path=$template
-    else
-        ynh_die --message="The provided template $template doesn't exist"
-    fi
-
-    ynh_backup_if_checksum_is_different --file="$destination"
-
-    # Make sure to set the permissions before we copy the file
-    # This is to cover a case where an attacker could have
-    # created a file beforehand to have control over it
-    # (cp won't overwrite ownership / modes by default...)
-    touch "$destination"
-    chown root:root "$destination"
-    chmod 640 "$destination"
-
-    local python_env_var=''
-    local ignore_var_regex
-    ignore_var_regex="$(echo "$ignore_vars" | sed -E 's@^\s*(.*\w)\s*$@\1@g' | sed -E 's@(\s+)@|@g')"
-    while read -r one_var; do
-        # Blacklist of var to not pass to template
-        if { [[ "$one_var" =~ ^[A-Z0-9_]+$ ]] && [[ "$one_var" != YNH_* ]]; } \
-            || [[ "$one_var" =~ ^($ignore_var_regex)$ ]]; then
-            continue
-        fi
-        # Well python is very bad for the last character on raw string
-        # https://stackoverflow.com/questions/647769/why-cant-pythons-raw-string-literals-end-with-a-single-backslash
-        # So the solution here is to add one last char '-' so we know what it is
-        # and we are sure that it not \ or ' or something else which will be problematic with python
-        # And then we remove it while we are processing
-        python_env_var+="$one_var=r'''${!one_var}-'''[:-1],"
-    done <<< "$(compgen -v)"
-
-    _ynh_apply_default_permissions "$destination"
-    (
-        python3 -c 'import os, sys, jinja2; sys.stdout.write(
-                    jinja2.Template(source=sys.stdin.read(),
-                                    undefined=jinja2.StrictUndefined,
-                    ).render('"$python_env_var"'));' <"$template_path" >"$destination"
-    )
-    ynh_store_file_checksum --file="$destination"
-}

scripts/install

@@ -162,7 +162,7 @@ ynh_script_progression --message="Configuring Synapse..." --weight=2
 # Force enable it because some client like Element X don't support CAS and so require to have password authentication enabled
 password_enabled=true
 
-ynh_add_jinja_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
+ynh_add_config --jinja --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
 ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
 ynh_add_config --template=sliding_proxy.conf --destination=/etc/matrix-$app/sliding_proxy.conf
 
@@ -229,7 +229,7 @@ set_permissions data
 
 yunohost service add "$app" --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports "$port_synapse_tls" --description 'Main matrix server service.'
 yunohost service add "$app"-coturn --needs_exposed_ports "$port_turnserver_tls" --description 'Turn server for matrix server. Used for audio and video call.'
-yunohost service add $app-sliding-proxy --description 'Matrix v2 service for clients.'
+yunohost service add "$app"-sliding-proxy --description 'Matrix v2 service for clients.'
 
 #=================================================
 # RELOAD SERVICES
@@ -238,7 +238,7 @@ ynh_script_progression --message="Restarting Synapse services..." --weight=11
 
 ynh_systemd_action --service_name="$app"-coturn.service --action=restart
 ynh_systemd_action --service_name="$app".service --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
-ynh_systemd_action --service_name=$app-sliding-proxy.service --action=restart
+ynh_systemd_action --service_name="$app"-sliding-proxy.service --action=restart
 
 #=================================================
 # SETUP FAIL2BAN

scripts/remove

@@ -17,32 +17,27 @@ source /usr/share/yunohost/helpers
 #=================================================
 
 # Remove a service from the admin panel, added by `yunohost service add`
-yunohost service remove $app
-yunohost service remove $app-coturn
-yunohost service remove $app-sliding-proxy
+yunohost service remove "$app"
+yunohost service remove "$app"-coturn
+yunohost service remove "$app"-sliding-proxy
 
 #=================================================
 # STOP AND REMOVE SERVICE
 #=================================================
 ynh_script_progression --message="Stopping and removing the systemd service" --weight=2
 
-ynh_remove_systemd_config --service=$app
-ynh_remove_systemd_config --service=$app-coturn
-ynh_remove_systemd_config --service=$app-sliding-proxy
+ynh_remove_systemd_config --service="$app"
+ynh_remove_systemd_config --service="$app"-coturn
+ynh_remove_systemd_config --service="$app"-sliding-proxy
 
 #=================================================
 # REMOVE APP MAIN DIR
 #=================================================
 ynh_script_progression --message="Removing app main directory" --weight=2
 
-ynh_secure_remove --file=$code_dir
-ynh_secure_remove --file=/etc/matrix-$app
-ynh_secure_remove --file=/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf
-
-if [ "$YNH_APP_PURGE" -eq 1 ]; then
-    ynh_script_progression --message="Removing logs..."
-    ynh_secure_remove --file=/var/log/matrix-"$app"
-fi
+ynh_secure_remove --file="$code_dir"
+ynh_secure_remove --file=/etc/matrix-"$app"
+ynh_secure_remove --file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
 
 #=================================================
 # REMOVE DATABASE

scripts/upgrade

@@ -292,7 +292,7 @@ ynh_script_progression --message="Updating synapse config..." --weight=2
 # Force enable it because some client like Element X don't support CAS and so require to have password authentication enabled
 password_enabled=true
 
-ynh_add_jinja_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
+ynh_add_config --jinja --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
 ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
 ynh_add_config --template=sliding_proxy.conf --destination=/etc/matrix-$app/sliding_proxy.conf