YunoHost-Apps/synapse_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00
Code Issues Activity Actions

Merge pull request #161 from YunoHost-Apps/testing

Browse source 
Testing
This commit is contained in:
Josue-T 2020-01-02 21:20:26 +01:00 committed by GitHub
commit 8693cf2d7e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 1456 additions and 486 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -14,7 +14,7 @@ Instant messaging server matrix network.
Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org)
**Shipped version:** 1.6.1
**Shipped version:** 1.7.2
## Configuration
@ -35,7 +35,7 @@ If you want a web client you can also install riot with this package: https://gi
If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
If not, you may need to put the following line in the dns configuration:
If not, you can add the following line in the dns configuration but you normally don't need it as a .well-known file is edited during the install to declare your server name and port to the federation.
```
_matrix._tcp.<server_name.tld> <ttl> IN SRV 10 0 <port> <domain-or-subdomain-of-synapse.tld>

47
actions.json
View file

@ -1,47 +0,0 @@
[{
"id": "update_turnserver_ip",
"name": "Update turnserver ip",
"command": "/opt/yunohost/matrix-$YNH_APP_INSTANCE_NAME/Coturn_config_rotate.sh",
"user": "root",
"accepted_return_codes": [0],
"description": {
"en": "Update the ip in the turnserver config"
}
},{
"id": "open_turnserver_firewall_ports",
"name": "Open ports for turnserver",
"command": "yunohost firewall allow Both 49153:49193",
"user": "root",
"accepted_return_codes": [0],
"description": {
"en": "Open the ports range 49153:49193 with TCP and UDP to be able to use correctly the turnserver."
}
},{
"id": "close_turnserver_firewall_ports",
"name": "Close ports for turnserver",
"command": "yunohost firewall disallow Both 49153:49193",
"user": "root",
"accepted_return_codes": [0],
"description": {
"en": "Close the ports range 49153:49193 with TCP and UDP. (Undo \"Open ports for turnserver\" action)"
}
},{
"id": "set_admin_user",
"name": "Set a user as admin",
"command": "[[ \"$(su --command=\"psql matrix_synapse\" postgres <<< \"UPDATE users SET admin = 1 WHERE name = '@$YNH_ACTION_USERNAME:$(yunohost app setting $YNH_APP_INSTANCE_NAME special_domain)'\")\" == 'UPDATE 1' ]]",
"user": "root",
"accepted_return_codes": [0],
"description": {
"en": "Set a synapse user as admin in the synapse server. It probably usefull only to manage the community function."
},
"arguments": [
{
"name": "username",
"type": "string",
"ask": {
"en": "username of the user to set as admin"
},
"example": "bob"
}
]
}]

33
actions.toml Normal file
View file

@ -0,0 +1,33 @@
[update_turnserver_ip]
name = "Update turnserver ip"
command = "/opt/yunohost/matrix-$YNH_APP_INSTANCE_NAME/Coturn_config_rotate.sh"
user = "root"
accepted_return_codes = [0]
description = "Update the ip in the turnserver config"
[open_turnserver_firewall_ports]
name = "Open ports for turnserver"
command = "yunohost firewall allow Both 49153:49193"
user = "root"
accepted_return_codes = [0]
description = "Open the ports range 49153:49193 with TCP and UDP to be able to use correctly the turnserver."
[close_turnserver_firewall_ports]
name = "Close ports for turnserver"
command = "yunohost firewall disallow Both 49153:49193"
user = "root"
accepted_return_codes = [0]
description = "Close the ports range 49153:49193 with TCP and UDP. (Undo \"Open ports for turnserver\" action)"
[set_admin_user]
name = "Set a user as admin"
command = "[[ \"$(su --command=\"psql matrix_synapse\" postgres <<< \"UPDATE users SET admin = 1 WHERE name = '@$YNH_ACTION_USERNAME:$(yunohost app setting $YNH_APP_INSTANCE_NAME special_domain)'\")\" == 'UPDATE 1' ]]"
user = "root"
accepted_return_codes = [0]
description = "Set a synapse user as admin in the synapse server. It probably usefull only to manage the community function."
[set_admin_user.arguments]
[set_admin_user.arguments.username]
type = "string"
ask = "username of the user to set as admin"
example = "bob"

1
check_process
View file

@ -3,6 +3,7 @@
domain="domain.tld" (DOMAIN)
path="/_matrix/static/" (PATH)
is_public=1 (PUBLIC|public=1|private=0)
server_name="domain2.tld" (DOMAIN)
; Checks
pkg_linter=1
setup_sub_dir=1

4
conf/armv7_stretch.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.6.1/matrix-synapse_1.6.1-stretch-bin1_armv7l.tar.gz
SOURCE_SUM=4836bd5fefdd9855a329b470875a7bc9f795755c72718670421009bc47826c35
SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.7.2/matrix-synapse_1.7.2-stretch-bin1_armv7l.tar.gz
SOURCE_SUM=0b7df5e31993a46aa28979d4e671e254b509749ae1991f9867feadd190b7e5aa
# (Optional) Program to check the integrity (sha256sum, md5sum...)
# default: sha256
SOURCE_SUM_PRG=sha256sum

1625
conf/homeserver.yaml
View file

File diff suppressed because it is too large Load diff

3
conf/matrix-synapse.service
View file

@ -11,6 +11,7 @@ ExecStartPre=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver -
ExecStart=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/
Restart=always
RestartSec=3
RuntimeDirectory=%i
[Install]
WantedBy=multi-user.target
WantedBy=multi-user.target

5
conf/server_name.conf Normal file
View file

@ -0,0 +1,5 @@
location /.well-known/matrix/ {
return 200 '{"m.server": "__DOMAIN__:__PORT__"}';
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin '*';
}

39
config_panel.json
View file

@ -1,39 +0,0 @@
{
"name": "Synapse configuration panel",
"version": "0.1",
"panel": [{
"name": "Synapse config",
"id": "synapse_config",
"sections": [{
"name": "Synapse server configuration",
"id": "server_config",
"options": [{
"name": "Server statistics",
"id": "server_statistics",
"type": "bool",
"help": "True to send anonymous statistics about synapse to improve the performances",
"default": false
},{
"name": "Server public",
"id": "is_public",
"type": "bool",
"help": "Is it a public server",
"default": false
}]
}]
},{
"name": "Package config",
"id": "package_config",
"sections": [{
"name": "Synapse server configuration",
"id": "package_config",
"options": [{
"name": "Backup before upgrade",
"id": "backup_before_upgrade",
"type": "bool",
"help": "True to do a backup before every upgrade",
"default": true
}]
}]
}]
}

39
config_panel.toml Normal file
View file

@ -0,0 +1,39 @@
version = "0.1"
name = "Synapse configuration panel"
[synapse_config]
name = "Synapse configuration"
[synapse_config.server_config]
name = "Synapse server configuration"
[synapse_config.server_config.server_statistics]
ask = "Server statistics"
type = "boolean"
default = false
help = "True to send anonymous statistics about synapse to improve the performances"
[synapse_config.server_config.is_public]
ask = "Server public"
type = "boolean"
default = false
help = "Is it a public server"
[synapse_config.server_config.allow_public_rooms]
ask = "Server public"
type = "boolean"
default = false
help = "If set to 'false', requires authentication to access the server's public rooms directory through the client API and forbids any other homeserver to fetch the server's public rooms directory via federation."
[package_config]
name = "Package configuration"
[package_config.package_config]
name = "Synapse server configuration"
[package_config.package_config.backup_before_upgrade]
ask = "Backup before upgrade"
type = "boolean"
default = true
help = "True to do a backup before every upgrade"

4
manifest.json
View file

@ -6,7 +6,7 @@
"en": "Instant messaging server who use matrix",
"fr": "Un serveur de messagerie instantané basé sur matrix"
},
"version": "1.6.1~ynh1",
"version": "1.7.2~ynh1",
"url": "http://matrix.org",
"license": "Apache-2.0",
"maintainer": {
@ -14,7 +14,7 @@
"email": "josue@tille.ch"
},
"requirements": {
"yunohost": ">= 3.5"
"yunohost": ">= 3.6"
},
"multi_instance": true,
"services": [

5
scripts/backup
View file

@ -25,6 +25,7 @@ ynh_script_progression --message="Loading installation settings..." --weight=2
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=special_domain)
server_name=$(ynh_app_setting_get --app=$app --key=server_name)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
@ -51,6 +52,10 @@ ynh_backup --src_path="$final_path"
ynh_script_progression --message="Backing up nginx web server configuration..." --weight=1
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
if yunohost --output-as plain domain list | grep -q "^$server_name$"
then
ynh_backup --src_path="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
fi
#=================================================
# BACKUP THE POSTGRESQL DATABASE

61
scripts/config
View file

@ -12,7 +12,6 @@ source /usr/share/yunohost/helpers
ynh_abort_if_errors
# Import common fonctions
source ./psql.sh
source ./experimental_helper.sh
source ./_common.sh
@ -21,6 +20,10 @@ source ./_common.sh
#=================================================
app=$YNH_APP_INSTANCE_NAME
report_stats=$(ynh_app_setting_get --app $app --key report_stats)
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
backup_before_upgrade=$(ynh_app_setting_get --app $app --key disable_backup_before_upgrade)
is_public=$(ynh_app_setting_get --app $app --key is_public)
#=================================================
# SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND
@ -28,22 +31,22 @@ app=$YNH_APP_INSTANCE_NAME
show_config() {
# here you are supposed to read some config file/database/other then print the values
# echo "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value"
echo "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS=$(ynh_app_setting_get --app $app --key report_stats)"
# ynh_return "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value"
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS=$report_stats"
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS=$allow_public_rooms"
backup_before_upgrade=$(ynh_app_setting_get --app $app --key disable_backup_before_upgrade)
if [[ ${backup_before_upgrade:-0} -eq 1 ]]
then
echo "YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE=False"
ynh_return "YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE=false"
else
echo "YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE=True"
ynh_return "YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE=true"
fi
is_public=$(ynh_app_setting_get --app $app --key is_public)
if [[ ${is_public} -eq 1 ]]
then
echo "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC=False"
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC=true"
else
echo "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC=True"
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC=false"
fi
}
@ -52,22 +55,21 @@ show_config() {
#=================================================
apply_config() {
ynh_app_setting_set --app $app --key report_stats --value $YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS
report_stats=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS:-$report_stats}
allow_public_rooms=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS:-$allow_public_rooms}
backup_before_upgrade=${YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE:-$backup_before_upgrade}
is_public=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC:-$is_public}
if ${YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE,,}
then
ynh_app_setting_set --app $app --key report_stats --value $report_stats
ynh_app_setting_set --app $app --key allow_public_rooms --value $allow_public_rooms
ynh_app_setting_set --app $app --key is_public --value $is_public
if [ $backup_before_upgrade == 1 ]; then
ynh_app_setting_set --app $app --key disable_backup_before_upgrade --value 0
else
ynh_app_setting_set --app $app --key disable_backup_before_upgrade --value 1
fi
if ${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC,,}
then
ynh_app_setting_set --app $app --key is_public --value 1
else
ynh_app_setting_set --app $app --key is_public --value 0
fi
domain=$(ynh_app_setting_get --app $app --key special_domain)
server_name=$(ynh_app_setting_get --app $app --key server_name)
synapse_db_pwd=$(ynh_app_setting_get --app $app --key synapse_db_pwd)
@ -78,7 +80,8 @@ apply_config() {
turnserver_pwd=$(ynh_app_setting_get --app $app --key turnserver_pwd)
registration_shared_secret=$(ynh_app_setting_get --app $app --key registration_shared_secret)
form_secret=$(ynh_app_setting_get --app $app --key form_secret)
report_stats=$(ynh_app_setting_get --app $app --key report_stats)
macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
@ -99,14 +102,24 @@ apply_config() {
ynh_replace_string --match_string __DOMAIN__ --replace_string $domain --target_file "$homeserver_config_path"
ynh_replace_string --match_string __SERVER_NAME__ --replace_string $server_name --target_file "$homeserver_config_path"
ynh_replace_string --match_string __SYNAPSE_DB_USER__ --replace_string $synapse_db_user --target_file "$homeserver_config_path"
ynh_replace_string --match_string __SYNAPSE_DB_PWD__ --replace_string $synapse_db_pwd --target_file "$homeserver_config_path"
ynh_replace_special_string --match_string __SYNAPSE_DB_PWD__ --replace_string $synapse_db_pwd --target_file "$homeserver_config_path"
ynh_replace_string --match_string __PORT__ --replace_string $port --target_file "$homeserver_config_path"
ynh_replace_string --match_string __TLS_PORT__ --replace_string $synapse_tls_port --target_file "$homeserver_config_path"
ynh_replace_string --match_string __TURNSERVER_TLS_PORT__ --replace_string $turnserver_tls_port --target_file "$homeserver_config_path"
ynh_replace_string --match_string __TURNPWD__ --replace_string $turnserver_pwd --target_file "$homeserver_config_path"
ynh_replace_string --match_string __REGISTRATION_SECRET__ --replace_string "$registration_shared_secret" --target_file "$homeserver_config_path"
ynh_replace_string --match_string __FORM_SECRET__ --replace_string "$form_secret" --target_file "$homeserver_config_path"
ynh_replace_special_string --match_string __TURNPWD__ --replace_string $turnserver_pwd --target_file "$homeserver_config_path"
ynh_replace_special_string --match_string __REGISTRATION_SECRET__ --replace_string "$registration_shared_secret" --target_file "$homeserver_config_path"
ynh_replace_special_string --match_string __FORM_SECRET__ --replace_string "$form_secret" --target_file "$homeserver_config_path"
ynh_replace_string --match_string __REPORT_STATS__ --replace_string "$report_stats" --target_file "$homeserver_config_path"
ynh_replace_string --match_string=__ALLOW_PUBLIC_ROOMS__ --replace_string="$allow_public_rooms" --target_file="$homeserver_config_path"
if [ -n $macaroon_secret_key ]; then
# Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice.
# The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !!
# So for the old install we just leave this as it is. And for the new install we use a real macaroon.
# For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
ynh_replace_string --match_string='macaroon_secret_key: "__MACAROON_SECRET_KEY__"' --replace_string='# macaroon_secret_key: "__MACAROON_SECRET_KEY__"' --target_file="$homeserver_config_path"
else
ynh_replace_special_string --match_string=__MACAROON_SECRET_KEY__ --replace_string="$macaroon_secret_key" --target_file="$homeserver_config_path"
fi
if [ "$is_public" = "0" ]
then

26
scripts/install
View file

@ -38,7 +38,8 @@ synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
report_stats="False"
report_stats="false"
allow_public_rooms="false"
default_domain_value="Same than the domain"
#=================================================
@ -82,6 +83,7 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
ynh_app_setting_set --app=$app --key=allow_public_rooms --value=$allow_public_rooms
#=================================================
# STANDARD MODIFICATIONS
@ -218,12 +220,14 @@ deactivate
# Get random values from config
ynh_print_OFF
registration_shared_secret=$(egrep "^registration_shared_secret" homeserver.yml | cut -d'"' -f2)
form_secret=$(egrep "^form_secret" homeserver.yml | cut -d'"' -f2)
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
macaroon_secret_key=$(egrep "^macaroon_secret_key:" homeserver.yml | cut -d'"' -f2)
# store in yunohost settings
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
ynh_app_setting_set --app=$app --key=macaroon_secret_key --value="$macaroon_secret_key"
ynh_print_ON
#=================================================
@ -274,11 +278,13 @@ ynh_replace_string --match_string=__PORT__ --replace_string=$port --target_file=
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$synapse_tls_port --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__TURNSERVER_TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__REPORT_STATS__ --replace_string="$report_stats" --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__ALLOW_PUBLIC_ROOMS__ --replace_string="$allow_public_rooms" --target_file="$homeserver_config_path"
ynh_print_OFF
ynh_replace_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path"
ynh_replace_special_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path"
ynh_replace_special_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$homeserver_config_path"
ynh_replace_special_string --match_string=__REGISTRATION_SECRET__ --replace_string="$registration_shared_secret" --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path"
ynh_replace_special_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path"
ynh_replace_special_string --match_string=__MACAROON_SECRET_KEY__ --replace_string="$macaroon_secret_key" --target_file="$homeserver_config_path"
ynh_print_ON
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/etc/matrix-$app/log.yaml"
@ -293,6 +299,16 @@ fi
ynh_store_file_checksum --file="$homeserver_config_path"
ynh_store_file_checksum --file="/etc/matrix-$app/log.yaml"
# Create .well-known redirection for access by federation
if yunohost --output-as plain domain list | grep -q "^$server_name$"
then
cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
ynh_replace_string --match_string=__PORT__ --replace_string=$synapse_tls_port --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
ynh_store_file_checksum --file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
fi
#=================================================
# SET COTURN CONFIG
#=================================================

2
scripts/remove
View file

@ -18,6 +18,7 @@ ynh_script_progression --message="Loading installation settings..." --weight=3
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=special_domain)
server_name=$(ynh_app_setting_get --app=$app --key=server_name)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
@ -91,6 +92,7 @@ ynh_secure_remove --file=/var/log/matrix-$app
ynh_secure_remove --file=/etc/matrix-$app
ynh_secure_remove --file=/etc/default/matrix-$app
ynh_secure_remove --file=/etc/default/coturn-$app
ynh_secure_remove --file=/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf
#=================================================
# REMOVE NGINX CONFIGURATION

44
scripts/upgrade
View file

@ -29,11 +29,13 @@ turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
ynh_print_OFF
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
ynh_print_ON
#=================================================
@ -142,7 +144,7 @@ fi
#=================================================
ynh_print_OFF
if [ -z "$registration_shared_secret" ]
if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ]
then
ynh_print_ON
ynh_script_progression --message="Generating synapse secret..." --weight=1
@ -159,8 +161,8 @@ then
# Get random values from config
ynh_print_OFF
registration_shared_secret=$(egrep "^registration_shared_secret" homeserver.yml | cut -d'"' -f2)
form_secret=$(egrep "^form_secret" homeserver.yml | cut -d'"' -f1)
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
# store in yunohost settings
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
@ -169,6 +171,18 @@ then
fi
ynh_print_ON
#=================================================
# MIGRATION 5 : DEFINE UNDEFINED SETTINGS
#=================================================
if [ -n $report_stats ]; then
report_stats="false"
fi
if [ -n $allow_public_rooms ]; then
allow_public_rooms="false"
fi
#=================================================
# UPDATE SYNAPSE CONFIG
#=================================================
@ -193,11 +207,21 @@ ynh_replace_string --match_string=__PORT__ --replace_string=$port --target_file=
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$synapse_tls_port --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__TURNSERVER_TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__REPORT_STATS__ --replace_string="$report_stats" --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__ALLOW_PUBLIC_ROOMS__ --replace_string="$allow_public_rooms" --target_file="$homeserver_config_path"
ynh_print_OFF
ynh_replace_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path"
ynh_replace_special_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path"
ynh_replace_special_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$homeserver_config_path"
ynh_replace_special_string --match_string=__REGISTRATION_SECRET__ --replace_string="$registration_shared_secret" --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path"
ynh_replace_special_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path"
if [ -n $macaroon_secret_key ]; then
# Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice.
# For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
# The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !!
# So for the old install we just leave this as it is. And for the new install we use a real macaroon.
ynh_replace_special_string --match_string='macaroon_secret_key: "__MACAROON_SECRET_KEY__"' --replace_string='# macaroon_secret_key: "__MACAROON_SECRET_KEY__"' --target_file="$homeserver_config_path"
else
ynh_replace_special_string --match_string=__MACAROON_SECRET_KEY__ --replace_string="$macaroon_secret_key" --target_file="$homeserver_config_path"
fi
ynh_print_ON
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/etc/matrix-$app/log.yaml"
@ -212,6 +236,16 @@ fi
ynh_store_file_checksum --file="$homeserver_config_path"
ynh_store_file_checksum --file="/etc/matrix-$app/log.yaml"
# Create .well-known redirection for access by federation if it doesn't exist
if yunohost --output-as plain domain list | grep -q "^$server_name$"
then
ynh_backup_if_checksum_is_different --file=/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf
cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
ynh_replace_string --match_string=__PORT__ --replace_string=$synapse_tls_port --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
ynh_store_file_checksum --file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
fi
#=================================================
# MIGRATION 2 : MULTINSTANCE SUPPORT
#=================================================