From 361122674d51e4038da6b894986f98c75e511614 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 19 Mar 2024 20:45:05 +0100 Subject: [PATCH 01/14] Rework/cleanup ADMIN, split part of it into a PRE_INSTALL.md --- doc/ADMIN.md | 122 +++++++++++++++++---------------------------- doc/PRE_INSTALL.md | 3 ++ 2 files changed, 48 insertions(+), 77 deletions(-) create mode 100644 doc/PRE_INSTALL.md diff --git a/doc/ADMIN.md b/doc/ADMIN.md index 7e2187d..c0d5747 100644 --- a/doc/ADMIN.md +++ b/doc/ADMIN.md @@ -1,17 +1,26 @@ -# Installation - -## Install for ARM arch (or slow arch) - -For all slow or arm architecture it's recommended to build the dh file before the install to have a quicker install. -You could build it by this cmd : `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null` -After that you can install it without problem. - -The package uses a prebuilt python virtual environnement. The binary are taken from this repository: https://github.com/YunoHost-Apps/synapse_python_build -The script to build the binary is also available. - ## Web client -If you want a web client you can also install Element with this package: https://github.com/YunoHost-Apps/element_ynh . +The most well-known Matrix web client is Element, which is available in the YunoHost app catalog: . + +### Important Security Note + +We do not recommend running Element from the same domain name as your Matrix homeserver (synapse). The reason is the risk of XSS (cross-site-scripting) vulnerabilities that could occur if someone caused Element to load and render malicious user generated content from a Matrix API which then had trusted access to Element (or other apps) due to sharing the same domain. + +We have put some coarse mitigations into place to try to protect against this situation, but it's still not a good practice to do it in the first place. See https://github.com/vector-im/element-web/issues/1977 for more details. + +## Admin UI + +You may be interested in the synapse-admin app, which provides an administration interface for synapse: . + +Then, to log in the API with your admin credentials (cf next section) + +### Set user as admin + +Currently, the client interface doesn't allow to grant admin rights. The workaround is to enable it manually in the database. The YunoHost app provides a small script to do so, which can be invoked: + +```bash +/opt/yunohost/matrix-__APP__/set_admin_user.sh '@user_to_be_admin:domain.tld' +``` ## Access by federation @@ -63,7 +72,7 @@ If you have a dynamic IP address, you also might need to update this config auto ## OpenVPN -In case of you have an OpenVPN server you might want than `synapse-coturn` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content: +If your server is behind a VPN, you may want `synapse-coturn` ti automatically restart when the VPN restarts. To do this, create a file named `/usr/local/bin/openvpn_up_script.sh` with this content: ```bash #!/bin/bash @@ -84,50 +93,31 @@ And add this line in your OpenVPN config file ipchange /usr/local/bin/openvpn_up_script.sh ``` -## Important Security Note +## Backup -We do not recommend running Element from the same domain name as your Matrix -homeserver (synapse). The reason is the risk of XSS (cross-site-scripting) -vulnerabilities that could occur if someone caused Element to load and render -malicious user generated content from a Matrix API which then had trusted -access to Element (or other apps) due to sharing the same domain. +Before any major maintenance action, it is recommended to backup the app. -We have put some coarse mitigations into place to try to protect against this -situation, but it's still not a good practice to do it in the first place. See -https://github.com/vector-im/element-web/issues/1977 for more details. +To ensure the integrity of the data, it is recommended to explictly stop the server during the backup: -## Limitations - -Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM. - -This app doesn't provide any real good web interface. So it's recommended to use Element client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/element_ynh) - -# Additional information - -## Administration - -**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** - -Before any manipulation it's recommended to do a backup by this following command : - -`sudo yunohost backup create --apps synapse` - -### Set user as admin - -Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database. - -The following command will grant admin privilege to the specified user: +- Stop synapse service with theses following command: ```bash -/opt/yunohost/matrix-/set_admin_user.sh '@user_to_be_admin:domain.tld' +systemctl stop synapse.service ``` -### Administration API +- Launch the backup of synapse with this following command: +```bash +yunohost backup create --app synapse +``` -There are an admiminstration application available if needed for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh). +- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/synapse`. +- Restart the synapse service with these command: +```bash +systemctl start synapse.service +``` -Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section). +## Changing the server URL -### Change url +**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** Synapse give the possibility to change the domain of the instance. Note that this will only change the domain on which the synapse server will run. **This won't change the domain name of the account which is an other thing.** @@ -141,16 +131,16 @@ The advantage of this is that you can put the app on a specific domain without i To do the change url of synapse you can do it by this following command or with the webadmin. ```bash -yunohost app change-url synapse +sudo yunohost app change-url synapse ``` -#### Avoid the need to reconnect all client after change-url operation +### Avoid the need to reconnect all client after change-url operation -In case of you have changed the url of synapse and you don't wan't to reconnect all client there are this workaround which should solve the issue. +If you did change the url of synapse and you don't wan't to reconnect all client, this workaround should solve the issue. The idea is to setup again a minimal configuration on the previous domain so the client configurated with the previous domain will still work correctly. -##### Nginx config +#### Nginx config Retrive the server port with this command: ```bash @@ -174,35 +164,13 @@ Then reload nginx config: systemctl reload nginx.service ``` -##### Add permanent rule on SSOWAT +#### Add permanent rule on SSOWAT - Edit the file `/etc/ssowat/conf.json.persistent` - Add `"/_matrix"` into the list in: `permissions` > `custom_skipped` > `uris` Now the configured client before the change-url should work again. -### Backup +## Removing the app -This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this: - -- Stop synapse service with theses following command: -```bash -systemctl stop synapse.service -``` - -- Launch the backup of synapse with this following command: -```bash -yunohost backup create --app synapse -``` - -- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/synapse`. -- Restart the synapse service with these command: -```bash -systemctl start synapse.service -``` - -### Remove - -Due of the backup core only feature the data directory in `/home/yunohost.app/synapse` **is not removed**. - -Use the `--purge` flag with the command, or remove it manually to purge app user data. +The YunoHost policy is to not remove the data when removing an app (stored in `/home/yunohost.app/synapse`). Use the `--purge` flag during the removal of the app to remove those, or just manually delete the folder after the app is deleted. diff --git a/doc/PRE_INSTALL.md b/doc/PRE_INSTALL.md new file mode 100644 index 0000000..3283688 --- /dev/null +++ b/doc/PRE_INSTALL.md @@ -0,0 +1,3 @@ +- Synapse consumes a significant amount of resources (both CPU and ARM), and therefore is not recommended for "small" setups such as small ARM boards +- During the install, the generation of Diffie-Hellman parameters may take a significant amount of time. You can speed things up by manually initializing them before running the install: `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null` +- The package uses a prebuilt python virtual environnement. The binary are taken from this repository: . The script to build the binary is also available. From 216d6ae03c2e24c44327466feba515bf5f8eb9bb Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 19 Mar 2024 19:45:19 +0000 Subject: [PATCH 02/14] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 729ab04..373402b 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ Please send your pull request to the [testing branch](https://github.com/YunoHos To try the testing branch, please proceed like that. -``` bash +```bash sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug or sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug diff --git a/README_fr.md b/README_fr.md index 88d15db..b48b4b2 100644 --- a/README_fr.md +++ b/README_fr.md @@ -35,7 +35,7 @@ Merci de faire vos pull request sur la [branche testing](https://github.com/Yuno Pour essayer la branche testing, procédez comme suit. -``` bash +```bash sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug ou sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug From a8ae96c5569dd8f105c943ec7e573d38bfeb64ea Mon Sep 17 00:00:00 2001 From: Josue-T Date: Tue, 19 Mar 2024 21:26:29 +0100 Subject: [PATCH 03/14] Update manifest.toml Co-authored-by: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com> --- manifest.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index 6cca2ee..afd63bc 100644 --- a/manifest.toml +++ b/manifest.toml @@ -24,8 +24,8 @@ multi_instance = true ldap = true sso = "not_relevant" disk = "250M" -ram.build = "20M" -ram.runtime = "200M" +ram.build = "500M" +ram.runtime = "1G" [install] [install.domain] From 9c1338ab5d33c141964eea1f2d6193b79e517f2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Mon, 11 Mar 2024 18:56:50 +0100 Subject: [PATCH 04/14] Update auto_update script --- auto_update/auto_update.sh | 50 ++++++++++++++++++++------------------ 1 file changed, 26 insertions(+), 24 deletions(-) diff --git a/auto_update/auto_update.sh b/auto_update/auto_update.sh index 5edf5a6..8b712da 100644 --- a/auto_update/auto_update.sh +++ b/auto_update/auto_update.sh @@ -2,6 +2,8 @@ set -eu +readonly app_name=synapse + source auto_update_config.sh readonly debian_version_name_1=bullseye @@ -21,20 +23,20 @@ EOL echo $result | jq -r "$1" } -check_synapse() { - synapse_remote_version=$(curl 'https://api.github.com/repos/element-hq/synapse/releases/latest' -H 'Host: api.github.com' --compressed | jq -r ".tag_name" | cut -dv -f2) +check_app_version() { + local app_remote_version=$(curl 'https://api.github.com/repos/element-hq/synapse/releases/latest' -H 'Host: api.github.com' --compressed | jq -r ".tag_name" | cut -dv -f2) ## Check if new build is needed - if [[ "$synapse_version" != "$synapse_remote_version" ]] + if [[ "$app_version" != "$app_remote_version" ]] then - synapse_version="$synapse_remote_version" + app_version="$app_remote_version" return 0 else return 1 fi } -upgrade_synapse() { +upgrade_app() { ( set -eu @@ -42,12 +44,12 @@ upgrade_synapse() { # arm build: ${result_prefix_name_deb_1}-bin1_armv7l.tar.gz # arm build checksum: ${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt # requirement.txt: ${result_prefix_name_deb_1}-build1_requirement.txt - readonly result_prefix_name_deb_1="matrix-synapse_${synapse_version}-$debian_version_name_1" - readonly result_prefix_name_deb_2="matrix-synapse_${synapse_version}-$debian_version_name_2" + readonly result_prefix_name_deb_1="matrix-synapse_${app_version}-$debian_version_name_1" + readonly result_prefix_name_deb_2="matrix-synapse_${app_version}-$debian_version_name_2" # Build armv7 build - build_cmd_deb_1 $synapse_version $result_prefix_name_deb_1 - build_cmd_deb_2 $synapse_version $result_prefix_name_deb_2 + build_cmd_deb_1 $app_version $result_prefix_name_deb_1 + build_cmd_deb_2 $app_version $result_prefix_name_deb_2 push_armv7_build # Update python requirement @@ -55,30 +57,30 @@ upgrade_synapse() { cp "$build_result_path_deb_2/${result_prefix_name_deb_2}"-build1_requirement.txt ../conf/requirement_"$debian_version_name_2".txt # Update manifest - sed -r -i 's|version = "[[:alnum:].]{4,8}~ynh1"|version = "'${synapse_version}'~ynh1"|' ../manifest.toml + sed -r -i 's|version = "[[:alnum:].]{4,8}~ynh1"|version = "'${app_version}'~ynh1"|' ../manifest.toml # Update this link - sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_1-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${synapse_version}/matrix-synapse_${synapse_version}-$debian_version_name_1-bin1_armv7l.tar.gz|" ../manifest.toml - sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_2-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${synapse_version}/matrix-synapse_${synapse_version}-$debian_version_name_2-bin1_armv7l.tar.gz|" ../manifest.toml + sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_1-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${app_version}/matrix-synapse_${app_version}-$debian_version_name_1-bin1_armv7l.tar.gz|" ../manifest.toml + sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_2-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${app_version}/matrix-synapse_${app_version}-$debian_version_name_2-bin1_armv7l.tar.gz|" ../manifest.toml # Update checksum sha256sum_arm_archive_deb_1=$(cat $build_result_path_deb_1/${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt) sha256sum_arm_archive_deb_2=$(cat $build_result_path_deb_2/${result_prefix_name_deb_2}-bin1_armv7l-sha256.txt) - prev_sha256sum_arm_archive_deb_1=$(get_from_manifest ".resources.sources.synapse_prebuilt_armv7_$debian_version_name_1.armhf.sha256") - prev_sha256sum_arm_archive_deb_2=$(get_from_manifest ".resources.sources.synapse_prebuilt_armv7_$debian_version_name_2.armhf.sha256") + prev_sha256sum_arm_archive_deb_1=$(get_from_manifest ".resources.sources.${app_name}_prebuilt_armv7_$debian_version_name_1.armhf.sha256") + prev_sha256sum_arm_archive_deb_2=$(get_from_manifest ".resources.sources.${app_name}_prebuilt_armv7_$debian_version_name_2.armhf.sha256") sed -r -i "s|$prev_sha256sum_arm_archive_deb_1|$sha256sum_arm_archive_deb_1|" ../manifest.toml sed -r -i "s|$prev_sha256sum_arm_archive_deb_2|$sha256sum_arm_archive_deb_2|" ../manifest.toml - git commit -a -m "Upgrade synapse to $synapse_version" + git commit -a -m "Upgrade $app_name to $app_version" git push gitea auto_update:auto_update - ) 2>&1 | tee "synapse_build_temp.log" + ) 2>&1 | tee "${app_name}_build_temp.log" return ${PIPESTATUS[0]} } push_armv7_build() { ## Make a draft release json with a markdown body - local release='"tag_name": "v'$synapse_version'", "target_commitish": "master", "name": "v'$synapse_version'", ' - local body="Synapse prebuilt bin for synapse_ynh\\n=========\\nPlease refer to upstream project for the change : https://github.com/element-hq/synapse/releases\\n\\nSha256sum for $debian_version_name_1 : $(cat $build_result_path_deb_1/${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt)\\nSha256sum for $debian_version_name_2 : $(cat $build_result_path_deb_2/${result_prefix_name_deb_2}-bin1_armv7l-sha256.txt)" + local release='"tag_name": "v'$app_version'", "target_commitish": "master", "name": "v'$app_version'", ' + local body="$app_name prebuilt bin for ${app_name}_ynh\\n=========\\nPlease refer to upstream project for the change : https://github.com/element-hq/synapse/releases\\n\\nSha256sum for $debian_version_name_1 : $(cat $build_result_path_deb_1/${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt)\\nSha256sum for $debian_version_name_2 : $(cat $build_result_path_deb_2/${result_prefix_name_deb_2}-bin1_armv7l-sha256.txt)" release+='"body": "'$body'",' release+='"draft": true, "prerelease": false' release='{'$release'}' @@ -148,12 +150,12 @@ push_armv7_build() { done } -synapse_version=$(get_from_manifest ".version" | cut -d'~' -f1) +app_version=$(get_from_manifest ".version" | cut -d'~' -f1) -if check_synapse +if check_app_version then set +eu - upgrade_synapse + upgrade_app res=$? set -eu if [ $res -eq 0 ]; then @@ -161,7 +163,7 @@ then else result="Failed" fi - msg="Build: synapse version $synapse_version\n" - msg+="$(cat synapse_build_temp.log)" - echo -e "$msg" | mail.mailutils -a "Content-Type: text/plain; charset=UTF-8" -s "Autoupgrade synapse : $result" "$notify_email" + msg="Build: $app_name version $app_version\n" + msg+="$(cat ${app_name}_build_temp.log)" + echo -e "$msg" | mail.mailutils -a "Content-Type: text/plain; charset=UTF-8" -s "Autoupgrade $app_name : $result" "$notify_email" fi From b516701865d51b6ec9143252077264f9aa8cd3e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Tue, 12 Mar 2024 12:13:17 +0100 Subject: [PATCH 05/14] Move patch to script dir as source are not available on restore --- scripts/_common.sh | 3 ++- .../patch}/ldap_auth_filter_anonymous_user.patch | 0 2 files changed, 2 insertions(+), 1 deletion(-) rename {sources => scripts/patch}/ldap_auth_filter_anonymous_user.patch (100%) diff --git a/scripts/_common.sh b/scripts/_common.sh index 32aabc2..0d07034 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -46,9 +46,10 @@ install_sources() { fi # Apply patch for LDAP auth if needed + # Note that we put patch into scripts dir because /source are not stored and can't be used on restore if ! grep -F -q '# LDAP Filter anonymous user Applied' $code_dir/lib/python$python_version/site-packages/ldap_auth_provider.py; then pushd $code_dir/lib/python$python_version/site-packages - patch < $YNH_APP_BASEDIR/sources/ldap_auth_filter_anonymous_user.patch + patch < $YNH_APP_BASEDIR/scripts/patch/ldap_auth_filter_anonymous_user.patch popd fi } diff --git a/sources/ldap_auth_filter_anonymous_user.patch b/scripts/patch/ldap_auth_filter_anonymous_user.patch similarity index 100% rename from sources/ldap_auth_filter_anonymous_user.patch rename to scripts/patch/ldap_auth_filter_anonymous_user.patch From 7add5975c12f86301b43d6c43619ac1ad349706e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Tue, 12 Mar 2024 22:36:54 +0100 Subject: [PATCH 06/14] Fix auto update --- auto_update/auto_update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auto_update/auto_update.sh b/auto_update/auto_update.sh index 8b712da..aa69497 100644 --- a/auto_update/auto_update.sh +++ b/auto_update/auto_update.sh @@ -57,7 +57,7 @@ upgrade_app() { cp "$build_result_path_deb_2/${result_prefix_name_deb_2}"-build1_requirement.txt ../conf/requirement_"$debian_version_name_2".txt # Update manifest - sed -r -i 's|version = "[[:alnum:].]{4,8}~ynh1"|version = "'${app_version}'~ynh1"|' ../manifest.toml + sed -r -i 's|version = "[[:alnum:].]{4,8}~ynh[[:alnum:].]{1,2}"|version = "'${app_version}'~ynh1"|' ../manifest.toml # Update this link sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_1-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${app_version}/matrix-synapse_${app_version}-$debian_version_name_1-bin1_armv7l.tar.gz|" ../manifest.toml From fbc1fec98918ed7f61a4e54e83cb18cd6120f347 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 13 Mar 2024 23:18:43 +0100 Subject: [PATCH 07/14] Put all config for synapse into /etc/matrix-synapse --- conf/synapse-coturn.service | 2 +- scripts/backup | 1 - scripts/install | 2 +- scripts/remove | 1 - scripts/upgrade | 5 ++++- 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/conf/synapse-coturn.service b/conf/synapse-coturn.service index d02409b..6b34a13 100644 --- a/conf/synapse-coturn.service +++ b/conf/synapse-coturn.service @@ -7,7 +7,7 @@ After=syslog.target network-online.target User=turnserver Group=turnserver Type=notify -EnvironmentFile=/etc/default/coturn-__APP__ +EnvironmentFile=/etc/matrix-__APP__/coturn_env ExecStart=/usr/bin/turnserver -c /etc/matrix-__APP__/coturn.conf $EXTRA_OPTIONS --pidfile= Restart=on-failure InaccessibleDirectories=/home diff --git a/scripts/backup b/scripts/backup index 4b419cb..63b9526 100644 --- a/scripts/backup +++ b/scripts/backup @@ -71,7 +71,6 @@ ynh_backup --src_path="/etc/matrix-$app" #================================================= ynh_backup --src_path="/etc/systemd/system/$app.service" -ynh_backup --src_path="/etc/default/coturn-$app" ynh_backup --src_path="/etc/systemd/system/$app-coturn.service" #================================================= diff --git a/scripts/install b/scripts/install index 8aa7a78..a403b12 100644 --- a/scripts/install +++ b/scripts/install @@ -193,7 +193,7 @@ ynh_script_progression --message="Configuring a systemd service..." --weight=2 # Create systemd service for synapse and turnserver ynh_add_systemd_config --service=$app --template=synapse.service -cp ../conf/default_coturn /etc/default/coturn-$app +cp ../conf/default_coturn /etc/matrix-$app/coturn_env ynh_add_systemd_config --service=$app-coturn --template=synapse-coturn.service #================================================= diff --git a/scripts/remove b/scripts/remove index 9ca72db..56f5c74 100755 --- a/scripts/remove +++ b/scripts/remove @@ -36,7 +36,6 @@ ynh_script_progression --message="Removing app main directory" --weight=2 ynh_secure_remove --file=$code_dir ynh_secure_remove --file=/var/log/matrix-$app ynh_secure_remove --file=/etc/matrix-$app -ynh_secure_remove --file=/etc/default/coturn-$app ynh_secure_remove --file=/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index ada47aa..adbee18 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -205,6 +205,9 @@ then ynh_app_setting_set --app=$app --key=enable_dtls_for_audio_video_turn_call --value=$enable_dtls_for_audio_video_turn_call fi +# remove legacy env file into /etc/default +ynh_secure_remove --file=/etc/default/coturn-$app + #================================================= # MIGRATION 7 : STANDARDIZE SYSTEMD UNIT #================================================= @@ -463,7 +466,7 @@ ynh_script_progression --message="Upgrading systemd configuration..." --weight=3 # Create systemd service for synapse and turnserver ynh_add_systemd_config --service=$app --template=synapse.service -cp ../conf/default_coturn /etc/default/coturn-$app +cp ../conf/default_coturn /etc/matrix-$app/coturn_env ynh_add_systemd_config --service=$app-coturn --template=synapse-coturn.service #================================================= From da2f13a2cc12e5d7e0cf3bc14779bd08623a173e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Tue, 19 Mar 2024 23:12:02 +0100 Subject: [PATCH 08/14] Fix service name in hook --- hooks/post_cert_update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hooks/post_cert_update b/hooks/post_cert_update index 91d776e..d495ebb 100644 --- a/hooks/post_cert_update +++ b/hooks/post_cert_update @@ -1,5 +1,5 @@ #!/bin/bash if [ $1 == __DOMAIN__ ]; then - systemctl restart matrix-__APP__ + systemctl restart __APP__.service fi From aeba4c40a70e699def60d21989144518b75d4f16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 21 Mar 2024 23:34:04 +0100 Subject: [PATCH 09/14] fix coturn rotate script --- sources/Coturn_config_rotate.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/Coturn_config_rotate.sh b/sources/Coturn_config_rotate.sh index 168e85b..10a274e 100644 --- a/sources/Coturn_config_rotate.sh +++ b/sources/Coturn_config_rotate.sh @@ -3,6 +3,7 @@ set -eu app=__APP__ +YNH_APP_BASEDIR=/etc/yunohost/apps/"$app" pushd /etc/yunohost/apps/$app/conf source /usr/share/yunohost/helpers @@ -13,6 +14,7 @@ port_cli=$(ynh_app_setting_get --app=$app --key=port_cli) turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) port_turnserver_tls=$(ynh_app_setting_get --app=$app --key=port_turnserver_tls) port_turnserver_alt_tls=$(ynh_app_setting_get --app=$app --key=port_turnserver_alt_tls) +enable_dtls_for_audio_video_turn_call=$(ynh_app_setting_get --app=$app --key=enable_dtls_for_audio_video_turn_call) previous_checksum=$(ynh_app_setting_get --app=$app --key=checksum__etc_matrix-synapse_coturn.conf) configure_coturn From f438049c07e27794ea8468331e798008eb9283a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 21 Mar 2024 23:34:13 +0100 Subject: [PATCH 10/14] fix auto update script --- auto_update/auto_update.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auto_update/auto_update.sh b/auto_update/auto_update.sh index aa69497..8b58ad6 100644 --- a/auto_update/auto_update.sh +++ b/auto_update/auto_update.sh @@ -60,8 +60,8 @@ upgrade_app() { sed -r -i 's|version = "[[:alnum:].]{4,8}~ynh[[:alnum:].]{1,2}"|version = "'${app_version}'~ynh1"|' ../manifest.toml # Update this link - sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_1-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${app_version}/matrix-synapse_${app_version}-$debian_version_name_1-bin1_armv7l.tar.gz|" ../manifest.toml - sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_2-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${app_version}/matrix-synapse_${app_version}-$debian_version_name_2-bin1_armv7l.tar.gz|" ../manifest.toml + sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,10}/matrix-synapse_[[:alnum:].]{4,10}-$debian_version_name_1-bin[[:digit:]]_armv7l.tar.gz|armhf.url =\1/releases/download/v${app_version}/matrix-synapse_${app_version}-$debian_version_name_1-bin1_armv7l.tar.gz|" ../manifest.toml + sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,10}/matrix-synapse_[[:alnum:].]{4,10}-$debian_version_name_2-bin[[:digit:]]_armv7l.tar.gz|armhf.url =\1/releases/download/v${app_version}/matrix-synapse_${app_version}-$debian_version_name_2-bin1_armv7l.tar.gz|" ../manifest.toml # Update checksum sha256sum_arm_archive_deb_1=$(cat $build_result_path_deb_1/${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt) From f58024e3a446ded62b17b02e7c40e1a0c1c29201 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 21 Mar 2024 13:51:39 +0100 Subject: [PATCH 11/14] Upgrade synapse to 1.103.0 --- conf/requirement_bookworm.txt | 14 +++++++------- conf/requirement_bullseye.txt | 14 +++++++------- manifest.toml | 10 +++++----- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/conf/requirement_bookworm.txt b/conf/requirement_bookworm.txt index c241eee..a880b37 100644 --- a/conf/requirement_bookworm.txt +++ b/conf/requirement_bookworm.txt @@ -12,7 +12,7 @@ cryptography==42.0.5 hyperlink==21.0.0 idna==3.6 ijson==3.2.3 -immutabledict==4.1.0 +immutabledict==4.2.0 incremental==22.10.0 Jinja2==3.1.3 jsonschema==4.21.1 @@ -21,26 +21,26 @@ ldap3==2.9.1 lxml==5.1.0 MarkupSafe==2.1.5 matrix-common==1.3.0 -matrix-synapse==1.102.0 +matrix-synapse==1.103.0 matrix-synapse-ldap3==0.3.0 msgpack==1.0.8 ndg-httpsclient==0.5.1 netaddr==1.2.1 -packaging==23.2 -phonenumbers==8.13.31 +packaging==24.0 +phonenumbers==8.13.32 pillow==10.2.0 prometheus_client==0.20.0 psycopg2==2.9.9 pyasn1==0.5.1 pyasn1-modules==0.3.0 pycparser==2.21 -pydantic==2.6.3 +pydantic==2.6.4 pydantic_core==2.16.3 pymacaroons==0.13.0 PyNaCl==1.5.0 -pyOpenSSL==24.0.0 +pyOpenSSL==24.1.0 PyYAML==6.0.1 -referencing==0.33.0 +referencing==0.34.0 requests==2.31.0 rpds-py==0.18.0 semantic-version==2.10.0 diff --git a/conf/requirement_bullseye.txt b/conf/requirement_bullseye.txt index 5e0f242..0c04ddf 100644 --- a/conf/requirement_bullseye.txt +++ b/conf/requirement_bullseye.txt @@ -12,7 +12,7 @@ cryptography==42.0.5 hyperlink==21.0.0 idna==3.6 ijson==3.2.3 -immutabledict==4.1.0 +immutabledict==4.2.0 incremental==22.10.0 Jinja2==3.1.3 jsonschema==4.21.1 @@ -21,26 +21,26 @@ ldap3==2.9.1 lxml==5.1.0 MarkupSafe==2.1.5 matrix-common==1.3.0 -matrix-synapse==1.102.0 +matrix-synapse==1.103.0 matrix-synapse-ldap3==0.3.0 msgpack==1.0.8 ndg-httpsclient==0.5.1 netaddr==1.2.1 -packaging==23.2 -phonenumbers==8.13.31 +packaging==24.0 +phonenumbers==8.13.32 pillow==10.2.0 prometheus_client==0.20.0 psycopg2==2.9.9 pyasn1==0.5.1 pyasn1-modules==0.3.0 pycparser==2.21 -pydantic==2.6.3 +pydantic==2.6.4 pydantic_core==2.16.3 pymacaroons==0.13.0 PyNaCl==1.5.0 -pyOpenSSL==24.0.0 +pyOpenSSL==24.1.0 PyYAML==6.0.1 -referencing==0.33.0 +referencing==0.34.0 requests==2.31.0 rpds-py==0.18.0 semantic-version==2.10.0 diff --git a/manifest.toml b/manifest.toml index afd63bc..a3b05b6 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Synapse" description.en = "Instant messaging server which uses Matrix" description.fr = "Serveur de messagerie instantané basé sur Matrix" -version = "1.102.0~ynh1" +version = "1.103.0~ynh1" maintainers = ["Josué Tille"] @@ -63,13 +63,13 @@ ram.runtime = "1G" [resources] [resources.sources.synapse_prebuilt_armv7_bookworm] prefetch = false - armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.102.0/matrix-synapse_1.102.0-bookworm-bin2_armv7l.tar.gz" - armhf.sha256 = "4027b8e41950aeec151dfa19eda2402e7974de56d33abb9eee3879e211227eef" + armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.103.0/matrix-synapse_1.103.0-bookworm-bin1_armv7l.tar.gz" + armhf.sha256 = "b5e11567d9f90067965a7b1a3eb3569b1eaaa68b261e7f38bc78a8618da09db9" [resources.sources.synapse_prebuilt_armv7_bullseye] prefetch = false - armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.102.0/matrix-synapse_1.102.0-bullseye-bin2_armv7l.tar.gz" - armhf.sha256 = "5fd5296d76675cd7a109115e1eb035758c16b095cd953a65fc8cc840fb449e40" + armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.103.0/matrix-synapse_1.103.0-bullseye-bin1_armv7l.tar.gz" + armhf.sha256 = "f3e22265cfba060401cec2770b54d16b559a574baff93b78add3f8acc31aa1d8" [resources.system_user] allow_email = true From 50158ed4a407d6829dd4f0a77cf6471bb94ae7bf Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 22 Mar 2024 11:03:17 +0000 Subject: [PATCH 12/14] Auto-update README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 373402b..144147c 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) -**Shipped version:** 1.102.0~ynh1 +**Shipped version:** 1.103.0~ynh1 ## Documentation and resources - Official app website: From 5d3916b6879f3eaf681bf4b7499d3e7b5f386c90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Mon, 11 Mar 2024 23:45:21 +0100 Subject: [PATCH 13/14] Fix undefined db_name on coturn rotate script --- sources/Coturn_config_rotate.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/Coturn_config_rotate.sh b/sources/Coturn_config_rotate.sh index 10a274e..707036e 100644 --- a/sources/Coturn_config_rotate.sh +++ b/sources/Coturn_config_rotate.sh @@ -9,6 +9,7 @@ pushd /etc/yunohost/apps/$app/conf source /usr/share/yunohost/helpers source ../scripts/_common.sh +db_name=$(ynh_app_setting_get --app=$app --key=db_name) domain=$(ynh_app_setting_get --app=$app --key=domain) port_cli=$(ynh_app_setting_get --app=$app --key=port_cli) turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) From 173228bfdb21fd7a1582a9e0072b8da1c024a7fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Tue, 12 Mar 2024 20:30:35 +0100 Subject: [PATCH 14/14] Fix again coturn rotate script --- sources/Coturn_config_rotate.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sources/Coturn_config_rotate.sh b/sources/Coturn_config_rotate.sh index 707036e..53743ae 100644 --- a/sources/Coturn_config_rotate.sh +++ b/sources/Coturn_config_rotate.sh @@ -6,10 +6,13 @@ app=__APP__ YNH_APP_BASEDIR=/etc/yunohost/apps/"$app" pushd /etc/yunohost/apps/$app/conf + source /usr/share/yunohost/helpers + +# Must load db_name var to load _common.sh +db_name=$(ynh_app_setting_get --app=$app --key=db_name) source ../scripts/_common.sh -db_name=$(ynh_app_setting_get --app=$app --key=db_name) domain=$(ynh_app_setting_get --app=$app --key=domain) port_cli=$(ynh_app_setting_get --app=$app --key=port_cli) turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)