diff --git a/actions.toml b/actions.toml index 343ca1c..42932d4 100644 --- a/actions.toml +++ b/actions.toml @@ -21,7 +21,7 @@ description = "Close the ports range 49153:49193 with TCP and UDP. (Undo \"Open [set_admin_user] name = "Set a user as admin" -command = "[[ \"$(su --command=\"psql matrix_synapse\" postgres <<< \"UPDATE users SET admin = 1 WHERE name = '@$YNH_ACTION_USERNAME:$(yunohost app setting $YNH_APP_INSTANCE_NAME special_domain)'\")\" == 'UPDATE 1' ]]" +command = "[[ \"$(su --command=\"psql matrix_synapse\" postgres <<< \"UPDATE users SET admin = 1 WHERE name = '@$YNH_ACTION_USERNAME:$(yunohost app setting $YNH_APP_INSTANCE_NAME domain)'\")\" == 'UPDATE 1' ]]" user = "root" accepted_return_codes = [0] description = "Set a synapse user as admin in the synapse server. It probably usefull only to manage the community function." diff --git a/check_process b/check_process index d232ff7..2c18177 100644 --- a/check_process +++ b/check_process @@ -13,7 +13,7 @@ setup_public=1 upgrade=1 upgrade=1 from_commit=db374d2bff981d2660ebdac52ee77c684383c00d - upgrade=1 from_commit=0b830d9e4eadefb907f1f30a02ffbb84778f91fc + upgrade=1 from_commit=0b8f2d4423bc48a1509dc0be4e231f02a0046eca backup_restore=1 multi_instance=1 incorrect_path=0 @@ -24,5 +24,5 @@ ;;; Upgrade options ; commit=db374d2bff981d2660ebdac52ee77c684383c00d name=Fix postgresql helper from old_version_for_CI_2 branch - ; commit=0b830d9e4eadefb907f1f30a02ffbb84778f91fc + ; commit=0b8f2d4423bc48a1509dc0be4e231f02a0046eca name=Migrate from self signed certificate to cert managed by Yunohost diff --git a/scripts/backup b/scripts/backup index 2f181ef..d63121e 100644 --- a/scripts/backup +++ b/scripts/backup @@ -24,7 +24,7 @@ ynh_script_progression --message="Loading installation settings..." --weight=2 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=special_domain) +domain=$(ynh_app_setting_get --app=$app --key=domain) server_name=$(ynh_app_setting_get --app=$app --key=server_name) final_path=$(ynh_app_setting_get --app=$app --key=final_path) diff --git a/scripts/change_url b/scripts/change_url new file mode 100644 index 0000000..59a44c5 --- /dev/null +++ b/scripts/change_url @@ -0,0 +1,148 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= + +# IMPORT GENERIC HELPERS +source /usr/share/yunohost/helpers + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +# Import common cmd +source ./experimental_helper.sh +source ./_common.sh + +ynh_script_progression --message="Loading installation settings..." + +# RETRIEVE ARGUMENTS +old_domain=$YNH_APP_OLD_DOMAIN +domain=$YNH_APP_NEW_DOMAIN +path_url=$(ynh_normalize_url_path --path_url $YNH_APP_NEW_PATH) +app=$YNH_APP_INSTANCE_NAME + +server_name=$(ynh_app_setting_get --app=$app --key=server_name) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version) +is_public=$(ynh_app_setting_get --app=$app --key=is_public) +port=$(ynh_app_setting_get --app=$app --key=synapse_port) +synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) +turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) +turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) +cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) +report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) +allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) +ynh_print_OFF +synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) +turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) +registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) +form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) +macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) +ynh_print_ON + +synapse_user="matrix-$app" +synapse_db_name="matrix_$app" +synapse_db_user="matrix_$app" +upstream_version=$(ynh_app_upstream_version) + +# Check if the new path stay /_matrix if not exit + +if [[ $path_url != "/_matrix" ]] +then + ynh_die --message "You can't use an other path than '/_matrix'. You can only change the domain." +fi + +# We stop the service before to set ynh_clean_setup +ynh_systemd_action --service_name=matrix-$app.service --action=stop + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# NGINX CONFIGURATION +#================================================= + +ynh_script_progression --message="Updating nginx configuration..." + +# MODIFY URL IN NGINX CONF +nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf + +# Change the domain for nginx +# Delete file checksum for the old conf file location +ynh_delete_file_checksum --file "$nginx_conf_path" +mv $nginx_conf_path /etc/nginx/conf.d/$domain.d/$app.conf +# Store file checksum for the new config file location +ynh_store_file_checksum --file "/etc/nginx/conf.d/$domain.d/$app.conf" + +# Create .well-known redirection for access by federation +if yunohost --output-as plain domain list | grep -q "^$server_name$" +then + cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf + ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" + ynh_replace_string --match_string=__PORT__ --replace_string=$synapse_tls_port --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" + ynh_store_file_checksum --file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" +fi + +#================================================= +# UPDATE SYNAPSE CONFIG +#================================================= + +ynh_script_progression --message="Updating synapse config..." --weight=2 + +# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times) +# For any update do it in all files + +homeserver_config_path="/etc/matrix-$app/homeserver.yaml" + +ynh_backup_if_checksum_is_different --file="$homeserver_config_path" +ynh_backup_if_checksum_is_different --file=/etc/matrix-$app/log.yaml + +cp ../conf/homeserver.yaml "$homeserver_config_path" +cp ../conf/log.yaml /etc/matrix-$app/log.yaml + +ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$homeserver_config_path" +ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$homeserver_config_path" +ynh_replace_string --match_string=__SERVER_NAME__ --replace_string=$server_name --target_file="$homeserver_config_path" +ynh_replace_string --match_string=__SYNAPSE_DB_USER__ --replace_string=$synapse_db_user --target_file="$homeserver_config_path" +ynh_replace_string --match_string=__PORT__ --replace_string=$port --target_file="$homeserver_config_path" +ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$synapse_tls_port --target_file="$homeserver_config_path" +ynh_replace_string --match_string=__TURNSERVER_TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$homeserver_config_path" +ynh_replace_string --match_string=__REPORT_STATS__ --replace_string="$report_stats" --target_file="$homeserver_config_path" +ynh_replace_string --match_string=__ALLOW_PUBLIC_ROOMS__ --replace_string="$allow_public_rooms" --target_file="$homeserver_config_path" +ynh_print_OFF +ynh_replace_special_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path" +ynh_replace_special_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$homeserver_config_path" +ynh_replace_special_string --match_string=__REGISTRATION_SECRET__ --replace_string="$registration_shared_secret" --target_file="$homeserver_config_path" +ynh_replace_special_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path" +if [ -n $macaroon_secret_key ]; then + # Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice. + # For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/ + # The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !! + # So for the old install we just leave this as it is. And for the new install we use a real macaroon. + ynh_replace_special_string --match_string='macaroon_secret_key: "__MACAROON_SECRET_KEY__"' --replace_string='# macaroon_secret_key: "__MACAROON_SECRET_KEY__"' --target_file="$homeserver_config_path" +else + ynh_replace_special_string --match_string=__MACAROON_SECRET_KEY__ --replace_string="$macaroon_secret_key" --target_file="$homeserver_config_path" +fi +ynh_print_ON + +ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/etc/matrix-$app/log.yaml" + +if [ "$is_public" = "0" ] +then + ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=False --target_file="$homeserver_config_path" +else + ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=True --target_file="$homeserver_config_path" +fi + +ynh_store_file_checksum --file="$homeserver_config_path" +ynh_store_file_checksum --file="/etc/matrix-$app/log.yaml" + +#================================================= +# RELOAD SERVICES +#================================================= +ynh_script_progression --message="Restarting synapse services..." --weight=5 + +ynh_systemd_action --service_name=coturn-$app.service --action=restart +ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 + +ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/config b/scripts/config index e50f3a2..582723a 100644 --- a/scripts/config +++ b/scripts/config @@ -70,7 +70,7 @@ apply_config() { ynh_app_setting_set --app $app --key disable_backup_before_upgrade --value 1 fi - domain=$(ynh_app_setting_get --app $app --key special_domain) + domain=$(ynh_app_setting_get --app $app --key domain) server_name=$(ynh_app_setting_get --app $app --key server_name) synapse_db_pwd=$(ynh_app_setting_get --app $app --key synapse_db_pwd) is_public=$(ynh_app_setting_get --app $app --key is_public) @@ -88,7 +88,7 @@ apply_config() { # Configure Synapse - # WARNING : theses command are used in INSTALL, UPGRADE, CONFIG (3 times) + # WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times) # For any update do it in all files homeserver_config_path="/etc/matrix-$app/homeserver.yaml" diff --git a/scripts/install b/scripts/install index 7144079..8856fe1 100644 --- a/scripts/install +++ b/scripts/install @@ -72,12 +72,9 @@ test ! -e "$final_path" || ynh_die --message="This path already contains a folde #================================================= ynh_script_progression --message="Storing installation settings..." --weight=1 -# For the domain and the path we can't use the standard keys "domain" and "path" with the standard function ynh_webpath_register because it create automatically a button on the user pannel. -# The idea is to create a custom key (specia_domain and special_path instead of domain and key). -# By this the ssowatconf fonction don't create a button on the pannel. -# This hack solve the issue : https://github.com/YunoHost-Apps/synapse_ynh/issues/14 -ynh_app_setting_set --app=$app --key=special_domain --value=$domain -ynh_app_setting_set --app=$app --key=special_path --value=$path_url +ynh_app_setting_set --app=$app --key=domain --value=$domain +ynh_app_setting_set --app=$app --key=path --value=$path_url +ynh_app_setting_set --app=$app --key=no_sso --value true ynh_app_setting_set --app=$app --key=server_name --value=$server_name ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version @@ -249,6 +246,15 @@ ynh_script_progression --message="Configuring nginx web server..." --weight=2 ynh_add_nginx_config +# Create .well-known redirection for access by federation +if yunohost --output-as plain domain list | grep -q "^$server_name$" +then + cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf + ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" + ynh_replace_string --match_string=__PORT__ --replace_string=$synapse_tls_port --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" + ynh_store_file_checksum --file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" +fi + #================================================= # SET SYNAPSE CONFIG #================================================= @@ -262,7 +268,7 @@ ynh_print_ON # Configure Synapse -# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG (3 times) +# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times) # For any update do it in all files homeserver_config_path="/etc/matrix-$app/homeserver.yaml" @@ -299,16 +305,6 @@ fi ynh_store_file_checksum --file="$homeserver_config_path" ynh_store_file_checksum --file="/etc/matrix-$app/log.yaml" - -# Create .well-known redirection for access by federation -if yunohost --output-as plain domain list | grep -q "^$server_name$" -then - cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf - ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" - ynh_replace_string --match_string=__PORT__ --replace_string=$synapse_tls_port --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" - ynh_store_file_checksum --file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" -fi - #================================================= # SET COTURN CONFIG #================================================= diff --git a/scripts/remove b/scripts/remove index a7d5f55..605838d 100755 --- a/scripts/remove +++ b/scripts/remove @@ -17,7 +17,7 @@ ynh_script_progression --message="Loading installation settings..." --weight=3 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=special_domain) +domain=$(ynh_app_setting_get --app=$app --key=domain) server_name=$(ynh_app_setting_get --app=$app --key=server_name) final_path=$(ynh_app_setting_get --app=$app --key=final_path) synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) diff --git a/scripts/restore b/scripts/restore index 7073f1c..0cf641f 100644 --- a/scripts/restore +++ b/scripts/restore @@ -29,9 +29,9 @@ ynh_script_progression --message="Loading settings..." app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=special_domain) +domain=$(ynh_app_setting_get --app=$app --key=domain) server_name=$(ynh_app_setting_get --app=$app --key=server_name) -path_url=$(ynh_app_setting_get --app=$app --key=special_path) +path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) diff --git a/scripts/upgrade b/scripts/upgrade index c134a1e..0552f01 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -17,9 +17,9 @@ ynh_script_progression --message="Loading installation settings..." --weight=3 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=special_domain) +domain=$(ynh_app_setting_get --app=$app --key=domain) server_name=$(ynh_app_setting_get --app=$app --key=server_name) -path_url=$(ynh_app_setting_get --app=$app --key=special_path) +path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version) is_public=$(ynh_app_setting_get --app=$app --key=is_public) @@ -64,10 +64,6 @@ then ynh_die --message="Update from this synapse version is not available. You need to remove this package and reinstall the new package version." fi -if [ -z $server_name ]; then - server_name=$domain - ynh_app_setting_set $app server_name $domain -fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -92,6 +88,27 @@ ynh_abort_if_errors #================================================= # STANDARD UPGRADE STEPS +#================================================= +# MIGRATION 5 : Manage old settings +#================================================= + +# Migrate from settings 'special_domain' to 'domain' and 'special_path' to 'path' +if [ -z $domain ]; then + domain=$(ynh_app_setting_get --app=$app --key=special_domain) + path_url=$(ynh_app_setting_get --app=$app --key=special_path) + ynh_app_setting_set --app=$app --key=domain --value=$domain + ynh_app_setting_set --app=$app --key=path --value=$path_url + ynh_app_setting_delete --app=$app --key=special_domain + ynh_app_setting_delete --app=$app --key=special_path + ynh_app_setting_set --app=$app --key=no_sso --value true +fi + +# Define $server_name if not already defined +if [ -z $server_name ]; then + server_name=$domain + ynh_app_setting_set $app server_name $domain +fi + #================================================= # INSTALL DEPENDENCIES #================================================= @@ -188,7 +205,7 @@ fi #================================================= ynh_script_progression --message="Updating synapse config..." --weight=2 -# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG +# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times) # For any update do it in all files homeserver_config_path="/etc/matrix-$app/homeserver.yaml" @@ -236,16 +253,6 @@ fi ynh_store_file_checksum --file="$homeserver_config_path" ynh_store_file_checksum --file="/etc/matrix-$app/log.yaml" -# Create .well-known redirection for access by federation if it doesn't exist -if yunohost --output-as plain domain list | grep -q "^$server_name$" -then - ynh_backup_if_checksum_is_different --file=/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf - cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf - ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" - ynh_replace_string --match_string=__PORT__ --replace_string=$synapse_tls_port --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" - ynh_store_file_checksum --file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" -fi - #================================================= # MIGRATION 2 : MULTINSTANCE SUPPORT #================================================= @@ -321,6 +328,15 @@ ynh_script_progression --message="Upgrading nginx web server configuration..." - # Create a dedicated nginx config ynh_add_nginx_config +# Create .well-known redirection for access by federation +if yunohost --output-as plain domain list | grep -q "^$server_name$" +then + cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf + ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" + ynh_replace_string --match_string=__PORT__ --replace_string=$synapse_tls_port --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" + ynh_store_file_checksum --file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" +fi + #================================================= # SPECIFIC UPGRADE #=================================================