From 47357e8bb618b10a8a5dde00c296f49610919088 Mon Sep 17 00:00:00 2001 From: Josue-T Date: Wed, 11 Oct 2017 21:30:57 +0200 Subject: [PATCH 1/7] Allow upgrade from synapse 0.23 --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 69d28d3..9054140 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -34,7 +34,7 @@ ynh_abort_if_errors if [[ -z $synapse_old_version ]] then # To be sure that the migration is sucessfull we check that the old synapse version is compatible with the synapse_port_db script. - if [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.22") != 1 ]] + if [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.23") != 1 ]] || [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.22") != 1 ]] then ynh_die "Update from this synapse version is not available now. You need to wait for the next update." fi From ca478666ba4ed45447ceb05f9efd6363cfa5637e Mon Sep 17 00:00:00 2001 From: Josue-T Date: Thu, 12 Oct 2017 14:52:05 +0200 Subject: [PATCH 2/7] Fix upgrade from old version condition --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 9054140..21f78f0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -34,7 +34,7 @@ ynh_abort_if_errors if [[ -z $synapse_old_version ]] then # To be sure that the migration is sucessfull we check that the old synapse version is compatible with the synapse_port_db script. - if [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.23") != 1 ]] || [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.22") != 1 ]] + if [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.23") != 1 ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.22") != 1 ]] then ynh_die "Update from this synapse version is not available now. You need to wait for the next update." fi From 15454074ad6ccdf38f80f0ef03f9ab057e054923 Mon Sep 17 00:00:00 2001 From: Josue-T Date: Thu, 12 Oct 2017 22:28:30 +0200 Subject: [PATCH 3/7] Install python cffi and ndg-httpsclient in virtualenv --- scripts/_common.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 86183a1..47562a9 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -10,8 +10,6 @@ synapse_version="0.22.0" install_dependances() { ynh_install_app_dependencies coturn build-essential python2.7-dev libffi-dev python-pip python-setuptools sqlite3 libssl-dev python-virtualenv libjpeg-dev libpq-dev postgresql pip install --upgrade pip - pip install --upgrade cffi - pip install --upgrade ndg-httpsclient pip install --upgrade virtualenv } @@ -28,6 +26,8 @@ install_from_source() { cp ../conf/virtualenv_activate $final_path/bin/activate source $final_path/bin/activate pip install --upgrade pip + pip install --upgrade cffi + pip install --upgrade ndg-httpsclient pip install --upgrade setuptools pip install https://github.com/matrix-org/synapse/tarball/master pip install psycopg2 From ff7ed0436f43b54709ea6091f6af81f75c3bba92 Mon Sep 17 00:00:00 2001 From: Josue-T Date: Fri, 13 Oct 2017 14:57:26 +0200 Subject: [PATCH 4/7] Add licence comment --- README.md | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 9271a3d..a98ae90 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,14 @@ Synapse for YunoHost -================== +==================== Yunohost chattroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) [Yunohost project](https://yunohost.org/#/) -## For ARM arch (or slow arch) +Setup +----- + +### Install for ARM arch (or slow arch) If you don't have a dh.pem file in `/etc/yunohost/certs/YOUR DOMAIN/dh.pem` you should built it befor to install the app because it could take a long time. You could built it by this cmd : `sudo openssl dhparam -out /etc/yunohost/certs/YOUR DOMAIN/dh.pem 2048 > /dev/null` @@ -13,15 +16,15 @@ After that you can install it without problem. The install use the python virtualenvironement. Everything is built on the install and some package a compiled so it could take a long time if the processor is slow. -## Package update package +### Package update package -sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh +`sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh` -## Web client +### Web client If you want a web client you can also install riot with this package : https://github.com/YunoHost-Apps/riot_ynh . But -## Access by federation +### Access by federation To be accessible by the federation you need to put this following line in the dns configuration : @@ -32,13 +35,7 @@ for example ``` _matrix._tcp.example.com. 3600 IN SRV 10 0 8448 synapse.example.com. ``` - -## About debian package - -It's important to know that this package use the debian backport repos. So this app will enable the debian backport repos it will install some package from this repos. If you remove this app you could keep some package form backport on your server. - -Important Security Note -======================= +### Important Security Note We do not recommend running Riot from the same domain name as your Matrix homeserver (synapse). The reason is the risk of XSS (cross-site-scripting) @@ -50,17 +47,20 @@ We have put some coarse mitigations into place to try to protect against this situation, but it's still not good practice to do it in the first place. See https://github.com/vector-im/riot-web/issues/1977 for more details. -## To do +License +------- + +Synapse is published under the Apache License : https://github.com/matrix-org/synapse/blob/master/LICENSE + +To do +----- - Doc (issue about domain) - Test arm - Riot doc - Test production -Todo for official App -====================== +### Todo for official App - Improve the upgrade from old version (all feedback is welcome) - Improve documentation - - From be17ebe766cbac34eacf2eb92c7c22f00e2069f4 Mon Sep 17 00:00:00 2001 From: Josue-T Date: Fri, 13 Oct 2017 15:12:54 +0200 Subject: [PATCH 5/7] Update Licence in manifest --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index caf5fba..ff65e82 100644 --- a/manifest.json +++ b/manifest.json @@ -11,7 +11,7 @@ }, "version": "0.23.0", "url": "http://matrix.org", - "license": "free", + "license": "Apache-2.0", "maintainer": { "name": "Josué Tille", "email": "josue@tille.ch" From 3784e64eca28df9233578a36d7e415fb08620a20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sun, 22 Oct 2017 21:33:18 +0200 Subject: [PATCH 6/7] Enable Preview and refactor source install --- conf/homeserver.yaml | 12 ++++++------ scripts/_common.sh | 14 +++++++------- scripts/install | 5 +++-- scripts/upgrade | 6 +----- 4 files changed, 17 insertions(+), 20 deletions(-) diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml index 922af14..ccc204f 100644 --- a/conf/homeserver.yaml +++ b/conf/homeserver.yaml @@ -197,7 +197,7 @@ thumbnail_sizes: # Is the preview URL API enabled? If enabled, you *must* specify # an explicit url_preview_ip_range_blacklist of IPs that the spider is # denied from accessing. -url_preview_enabled: False +url_preview_enabled: True # List of IP address CIDR ranges that the URL preview spider is denied # from accessing. There are no defaults: you must explicitly @@ -207,11 +207,11 @@ url_preview_enabled: False # synapse to issue arbitrary GET requests to your internal services, # causing serious security issues. # -# url_preview_ip_range_blacklist: -# - '127.0.0.0/8' -# - '10.0.0.0/8' -# - '172.16.0.0/12' -# - '192.168.0.0/16' +url_preview_ip_range_blacklist: +- '127.0.0.0/8' +- '10.0.0.0/8' +- '172.16.0.0/12' +- '192.168.0.0/16' # # List of IP address CIDR ranges that the URL preview spider is allowed # to access even if they are specified in url_preview_ip_range_blacklist. diff --git a/scripts/_common.sh b/scripts/_common.sh index 47562a9..12eb686 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -13,24 +13,24 @@ install_dependances() { pip install --upgrade virtualenv } -install_from_source() { +setup_dir() { # Create empty dir for synapse mkdir -p /var/lib/matrix-synapse mkdir -p /var/log/matrix-synapse mkdir -p /etc/matrix-synapse/conf.d mkdir -p $final_path +} +install_source() { # Install synapse in virtualenv virtualenv -p python2.7 $final_path PS1="" cp ../conf/virtualenv_activate $final_path/bin/activate source $final_path/bin/activate pip install --upgrade pip - pip install --upgrade cffi - pip install --upgrade ndg-httpsclient - pip install --upgrade setuptools - pip install https://github.com/matrix-org/synapse/tarball/master - pip install psycopg2 + pip install --upgrade cffi ndg-httpsclient setuptools + pip install --upgrade https://github.com/matrix-org/synapse/tarball/master + pip install --upgrade psycopg2 lxml # Set permission chown $synapse_user:root -R $final_path @@ -127,7 +127,7 @@ set_access() { # example : set_access USER FILE } -####### Solve issue +####### Solve issue https://dev.yunohost.org/issues/1006 # Install package(s) # diff --git a/scripts/install b/scripts/install index 9647656..768b8c1 100644 --- a/scripts/install +++ b/scripts/install @@ -60,8 +60,9 @@ ynh_psql_create_user $synapse_db_user $synapse_db_pwd ynh_psql_execute_as_root \ "CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;" -# Create directory Install synapse in virtualenv -install_from_source +# Create directory and Install synapse in virtualenv +setup_dir +install_source # Open access to server without a button the home cp ../conf/add_sso_conf.py $final_path diff --git a/scripts/upgrade b/scripts/upgrade index 21f78f0..8e310c8 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -127,11 +127,7 @@ set_certificat_access config_coturn # Upgrade manually Synapse -PS1="" -source $final_path/bin/activate -pip install --upgrade pip -pip install --upgrade setuptools -pip install --upgrade https://github.com/matrix-org/synapse/tarball/master +install_source # Set new settings ynh_app_setting_set $app synapse_version $synapse_version From 99bbcf2f47ec22b4ee22b36aa0a846603532141c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 25 Oct 2017 14:11:58 +0200 Subject: [PATCH 7/7] Update to 0.24.1 --- manifest.json | 2 +- scripts/_common.sh | 3 ++- scripts/upgrade | 14 +++++++++----- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/manifest.json b/manifest.json index ff65e82..e9902c5 100644 --- a/manifest.json +++ b/manifest.json @@ -9,7 +9,7 @@ "en": "Instant messaging server who use matrix", "fr": "Un serveur de messagerie instantané basé sur matrix" }, - "version": "0.23.0", + "version": "0.24.1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { diff --git a/scripts/_common.sh b/scripts/_common.sh index 12eb686..0c32a99 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -31,7 +31,8 @@ install_source() { pip install --upgrade cffi ndg-httpsclient setuptools pip install --upgrade https://github.com/matrix-org/synapse/tarball/master pip install --upgrade psycopg2 lxml - + deactivate + # Set permission chown $synapse_user:root -R $final_path chown $synapse_user:root -R /var/lib/matrix-synapse diff --git a/scripts/upgrade b/scripts/upgrade index 8e310c8..d99ecd2 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -36,6 +36,7 @@ then # To be sure that the migration is sucessfull we check that the old synapse version is compatible with the synapse_port_db script. if [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.23") != 1 ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.22") != 1 ]] then + systemctl start matrix-synapse.service ynh_die "Update from this synapse version is not available now. You need to wait for the next update." fi @@ -64,7 +65,8 @@ then install_dependances # Create directory Install synapse in virtualenv - install_from_source + setup_dir || true # If the dir aready exist, but to be sure that all dir exist. + install_source # Open access to server without a button the home cp ../conf/add_sso_conf.py $final_path @@ -109,11 +111,16 @@ then # We get the last version of the synapse_port_db script because an old version could be buggy. cp ../sources/synapse_port_db /opt/yunohost/matrix-synapse/bin/synapse_port_db - # Migrate database + # Migrate database (in virtualenv) + source $final_path/bin/activate /opt/yunohost/matrix-synapse/bin/synapse_port_db --sqlite-database /var/lib/matrix-synapse/homeserver.db \ --postgres-config /etc/matrix-synapse/homeserver.yaml + deactivate fi +# Upgrade manually Synapse +install_source + # Update nginx config config_nginx @@ -126,9 +133,6 @@ set_certificat_access # Configure Coturn config_coturn -# Upgrade manually Synapse -install_source - # Set new settings ynh_app_setting_set $app synapse_version $synapse_version