Merge pull request #161 from YunoHost-Apps/testing

Testing
2024-09-03 20:26:38 +02:00 · 2020-01-02 21:20:26 +01:00 · 2020-01-02 21:20:26 +01:00 · 8693cf2d7e
commit 8693cf2d7e
parent d5e8b6510c 190f6b3b0f
16 changed files with 1456 additions and 486 deletions
--- a/README.md
+++ b/README.md
@ -14,7 +14,7 @@ Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org)
-**Shipped version:** 1.6.1
+**Shipped version:** 1.7.2
 ## Configuration
@ -35,7 +35,7 @@ If you want a web client you can also install riot with this package: https://gi
 If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
-If not, you may need to put the following line in the dns configuration:
+If not, you can add the following line in the dns configuration but you normally don't need it as a .well-known file is edited during the install to declare your server name and port to the federation.
 ```
 _matrix._tcp.<server_name.tld> <ttl> IN SRV 10 0 <port> <domain-or-subdomain-of-synapse.tld>
--- a/actions.json
+++ b/actions.json
@ -1,47 +0,0 @@
 [{
        "id": "update_turnserver_ip",
        "name": "Update turnserver ip",
        "command": "/opt/yunohost/matrix-$YNH_APP_INSTANCE_NAME/Coturn_config_rotate.sh",
        "user": "root",
        "accepted_return_codes": [0],
        "description": {
            "en": "Update the ip in the turnserver config"
        }
 },{
        "id": "open_turnserver_firewall_ports",
        "name": "Open ports for turnserver",
        "command": "yunohost firewall allow Both 49153:49193",
        "user": "root",
        "accepted_return_codes": [0],
        "description": {
            "en": "Open the ports range 49153:49193 with TCP and UDP to be able to use correctly the turnserver."
        }
 },{
        "id": "close_turnserver_firewall_ports",
        "name": "Close ports for turnserver",
        "command": "yunohost firewall disallow Both 49153:49193",
        "user": "root",
        "accepted_return_codes": [0],
        "description": {
            "en": "Close the ports range 49153:49193 with TCP and UDP. (Undo \"Open ports for turnserver\" action)"
        }
 },{
        "id": "set_admin_user",
        "name": "Set a user as admin",
        "command": "[[ \"$(su --command=\"psql matrix_synapse\" postgres <<< \"UPDATE users SET admin = 1 WHERE name = '@$YNH_ACTION_USERNAME:$(yunohost app setting $YNH_APP_INSTANCE_NAME special_domain)'\")\" == 'UPDATE 1' ]]",
        "user": "root",
        "accepted_return_codes": [0],
        "description": {
            "en": "Set a synapse user as admin in the synapse server. It probably usefull only to manage the community function."
        },
        "arguments": [
            {
                "name": "username",
                "type": "string",
                "ask": {
                    "en": "username of the user to set as admin"
                },
                "example": "bob"
            }
        ]
 }]
--- a/actions.toml
+++ b/actions.toml
@ -0,0 +1,33 @@
 [update_turnserver_ip]
 name = "Update turnserver ip"
 command = "/opt/yunohost/matrix-$YNH_APP_INSTANCE_NAME/Coturn_config_rotate.sh"
 user = "root"
 accepted_return_codes = [0]
 description = "Update the ip in the turnserver config"
 [open_turnserver_firewall_ports]
 name = "Open ports for turnserver"
 command = "yunohost firewall allow Both 49153:49193"
 user = "root"
 accepted_return_codes = [0]
 description = "Open the ports range 49153:49193 with TCP and UDP to be able to use correctly the turnserver."
 [close_turnserver_firewall_ports]
 name = "Close ports for turnserver"
 command = "yunohost firewall disallow Both 49153:49193"
 user = "root"
 accepted_return_codes = [0]
 description = "Close the ports range 49153:49193 with TCP and UDP. (Undo \"Open ports for turnserver\" action)"
 [set_admin_user]
 name = "Set a user as admin"
 command = "[[ \"$(su --command=\"psql matrix_synapse\" postgres <<< \"UPDATE users SET admin = 1 WHERE name = '@$YNH_ACTION_USERNAME:$(yunohost app setting $YNH_APP_INSTANCE_NAME special_domain)'\")\" == 'UPDATE 1' ]]"
 user = "root"
 accepted_return_codes = [0]
 description = "Set a synapse user as admin in the synapse server. It probably usefull only to manage the community function."
    [set_admin_user.arguments]
        [set_admin_user.arguments.username]
        type = "string"
        ask = "username of the user to set as admin"
        example = "bob"
--- a/1
+++ b/1
@ -3,6 +3,7 @@
        domain="domain.tld"    (DOMAIN)
        path="/_matrix/static/"	(PATH)
        is_public=1 (PUBLIC|public=1|private=0)
 	  server_name="domain2.tld"    (DOMAIN)
    ; Checks
        pkg_linter=1
        setup_sub_dir=1
--- a/conf/armv7_stretch.src
+++ b/conf/armv7_stretch.src
@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.6.1/matrix-synapse_1.6.1-stretch-bin1_armv7l.tar.gz
+SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.7.2/matrix-synapse_1.7.2-stretch-bin1_armv7l.tar.gz
-SOURCE_SUM=4836bd5fefdd9855a329b470875a7bc9f795755c72718670421009bc47826c35
+SOURCE_SUM=0b7df5e31993a46aa28979d4e671e254b509749ae1991f9867feadd190b7e5aa
 # (Optional) Program to check the integrity (sha256sum, md5sum...)
 # default: sha256
 SOURCE_SUM_PRG=sha256sum
--- a/conf/homeserver.yaml
+++ b/conf/homeserver.yaml
--- a/conf/matrix-synapse.service
+++ b/conf/matrix-synapse.service
@ -11,6 +11,7 @@ ExecStartPre=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver -
 ExecStart=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/
 Restart=always
 RestartSec=3
 RuntimeDirectory=%i
 [Install]
 WantedBy=multi-user.target
--- a/conf/server_name.conf
+++ b/conf/server_name.conf
@ -0,0 +1,5 @@
    location /.well-known/matrix/ {
        return 200 '{"m.server": "__DOMAIN__:__PORT__"}';
        add_header Content-Type application/json;
        add_header Access-Control-Allow-Origin '*';
 }
--- a/config_panel.json
+++ b/config_panel.json
@ -1,39 +0,0 @@
 {
    "name": "Synapse configuration panel",
    "version": "0.1",
    "panel": [{
        "name": "Synapse config",
        "id": "synapse_config",
        "sections": [{
            "name": "Synapse server configuration",
            "id": "server_config",
            "options": [{
                "name": "Server statistics",
                "id": "server_statistics",
                "type": "bool",
                "help": "True to send anonymous statistics about synapse to improve the performances",
                "default": false
            },{
                "name": "Server public",
                "id": "is_public",
                "type": "bool",
                "help": "Is it a public server",
                "default": false
            }]
        }]
    },{
        "name": "Package config",
        "id": "package_config",
        "sections": [{
            "name": "Synapse server configuration",
            "id": "package_config",
            "options": [{
                "name": "Backup before upgrade",
                "id": "backup_before_upgrade",
                "type": "bool",
                "help": "True to do a backup before every upgrade",
                "default": true
            }]
        }]
    }]
 }
--- a/config_panel.toml
+++ b/config_panel.toml
@ -0,0 +1,39 @@
 version = "0.1"
 name = "Synapse configuration panel"
 [synapse_config]
 name = "Synapse configuration"
    [synapse_config.server_config]
    name = "Synapse server configuration"
        [synapse_config.server_config.server_statistics]
        ask = "Server statistics"
        type = "boolean"
        default = false
        help = "True to send anonymous statistics about synapse to improve the performances"
        [synapse_config.server_config.is_public]
        ask = "Server public"
        type = "boolean"
        default = false
        help = "Is it a public server"
        [synapse_config.server_config.allow_public_rooms]
        ask = "Server public"
        type = "boolean"
        default = false
        help = "If set to 'false', requires authentication to access the server's public rooms directory through the client API and forbids any other homeserver to fetch the server's public rooms directory via federation."
 [package_config]
 name = "Package configuration"
    [package_config.package_config]
    name = "Synapse server configuration"
        [package_config.package_config.backup_before_upgrade]
        ask = "Backup before upgrade"
        type = "boolean"
        default = true
        help = "True to do a backup before every upgrade"
--- a/manifest.json
+++ b/manifest.json
@ -6,7 +6,7 @@
 		"en": "Instant messaging server who use matrix",
 		"fr": "Un serveur de messagerie instantané basé sur matrix"
 	},
-	"version": "1.6.1~ynh1",
+	"version": "1.7.2~ynh1",
 	"url": "http://matrix.org",
 	"license": "Apache-2.0",
 	"maintainer": {
@ -14,7 +14,7 @@
 		"email": "josue@tille.ch"
 	},
 	"requirements": {
-		"yunohost": ">= 3.5"
+		"yunohost": ">= 3.6"
 	},
 	"multi_instance": true,
 	"services": [
--- a/scripts/backup
+++ b/scripts/backup
@ -25,6 +25,7 @@ ynh_script_progression --message="Loading installation settings..." --weight=2
 app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=special_domain)
 server_name=$(ynh_app_setting_get --app=$app --key=server_name)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 #=================================================
@ -51,6 +52,10 @@ ynh_backup --src_path="$final_path"
 ynh_script_progression --message="Backing up nginx web server configuration..." --weight=1
 ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 if yunohost --output-as plain domain list | grep -q "^$server_name$"
 then
    ynh_backup --src_path="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
 fi
 #=================================================
 # BACKUP THE POSTGRESQL DATABASE
--- a/scripts/config
+++ b/scripts/config
@ -12,7 +12,6 @@ source /usr/share/yunohost/helpers
 ynh_abort_if_errors
 # Import common fonctions
 source ./psql.sh
 source ./experimental_helper.sh
 source ./_common.sh
@ -21,6 +20,10 @@ source ./_common.sh
 #=================================================
 app=$YNH_APP_INSTANCE_NAME
 report_stats=$(ynh_app_setting_get --app $app --key report_stats)
 allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
 backup_before_upgrade=$(ynh_app_setting_get --app $app --key disable_backup_before_upgrade)
 is_public=$(ynh_app_setting_get --app $app --key is_public)
 #=================================================
 # SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND
@ -28,22 +31,22 @@ app=$YNH_APP_INSTANCE_NAME
 show_config() {
    # here you are supposed to read some config file/database/other then print the values
-    # echo "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value"
+    # ynh_return "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value"
-    echo "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS=$(ynh_app_setting_get --app $app --key report_stats)"
+    ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS=$report_stats"
    ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS=$allow_public_rooms"
    backup_before_upgrade=$(ynh_app_setting_get --app $app --key disable_backup_before_upgrade)
    if [[ ${backup_before_upgrade:-0} -eq 1 ]]
    then
-        echo "YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE=False"
+        ynh_return "YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE=false"
    else
-        echo "YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE=True"
+        ynh_return "YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE=true"
    fi
-    is_public=$(ynh_app_setting_get --app $app --key is_public)
+
    if [[ ${is_public} -eq 1 ]]
    then
-        echo "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC=False"
+        ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC=true"
    else
-        echo "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC=True"
+        ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC=false"
    fi
 }
@ -52,22 +55,21 @@ show_config() {
 #=================================================
 apply_config() {
-    ynh_app_setting_set --app $app --key report_stats --value $YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS
+    report_stats=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS:-$report_stats}
    allow_public_rooms=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS:-$allow_public_rooms}
    backup_before_upgrade=${YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE:-$backup_before_upgrade}
    is_public=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC:-$is_public}
-    if ${YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE,,}
+    ynh_app_setting_set --app $app --key report_stats --value $report_stats
-    then
+    ynh_app_setting_set --app $app --key allow_public_rooms --value $allow_public_rooms
    ynh_app_setting_set --app $app --key is_public --value $is_public
    if [ $backup_before_upgrade == 1 ]; then
        ynh_app_setting_set --app $app --key disable_backup_before_upgrade --value 0
    else
        ynh_app_setting_set --app $app --key disable_backup_before_upgrade --value 1
    fi
    if ${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC,,}
    then
        ynh_app_setting_set --app $app --key is_public --value 1
    else
        ynh_app_setting_set --app $app --key is_public --value 0
    fi
    domain=$(ynh_app_setting_get --app $app --key special_domain)
    server_name=$(ynh_app_setting_get --app $app --key server_name)
    synapse_db_pwd=$(ynh_app_setting_get --app $app --key synapse_db_pwd)
@ -78,7 +80,8 @@ apply_config() {
    turnserver_pwd=$(ynh_app_setting_get --app $app --key turnserver_pwd)
    registration_shared_secret=$(ynh_app_setting_get --app $app --key registration_shared_secret)
    form_secret=$(ynh_app_setting_get --app $app --key form_secret)
-    report_stats=$(ynh_app_setting_get --app $app --key report_stats)
+    macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
    synapse_user="matrix-$app"
    synapse_db_name="matrix_$app"
    synapse_db_user="matrix_$app"
@ -99,14 +102,24 @@ apply_config() {
    ynh_replace_string --match_string __DOMAIN__ --replace_string $domain --target_file "$homeserver_config_path"
    ynh_replace_string --match_string __SERVER_NAME__ --replace_string $server_name --target_file "$homeserver_config_path"   
    ynh_replace_string --match_string __SYNAPSE_DB_USER__ --replace_string $synapse_db_user --target_file "$homeserver_config_path"
-    ynh_replace_string --match_string __SYNAPSE_DB_PWD__ --replace_string $synapse_db_pwd --target_file "$homeserver_config_path"
+    ynh_replace_special_string --match_string __SYNAPSE_DB_PWD__ --replace_string $synapse_db_pwd --target_file "$homeserver_config_path"
    ynh_replace_string --match_string __PORT__ --replace_string $port --target_file "$homeserver_config_path"
    ynh_replace_string --match_string __TLS_PORT__ --replace_string $synapse_tls_port --target_file "$homeserver_config_path"
    ynh_replace_string --match_string __TURNSERVER_TLS_PORT__ --replace_string $turnserver_tls_port --target_file "$homeserver_config_path"
-    ynh_replace_string --match_string __TURNPWD__ --replace_string $turnserver_pwd --target_file "$homeserver_config_path"
+    ynh_replace_special_string --match_string __TURNPWD__ --replace_string $turnserver_pwd --target_file "$homeserver_config_path"
-    ynh_replace_string --match_string __REGISTRATION_SECRET__ --replace_string "$registration_shared_secret" --target_file "$homeserver_config_path"
+    ynh_replace_special_string --match_string __REGISTRATION_SECRET__ --replace_string "$registration_shared_secret" --target_file "$homeserver_config_path"
-    ynh_replace_string --match_string __FORM_SECRET__ --replace_string "$form_secret" --target_file "$homeserver_config_path"
+    ynh_replace_special_string --match_string __FORM_SECRET__ --replace_string "$form_secret" --target_file "$homeserver_config_path"
    ynh_replace_string --match_string __REPORT_STATS__ --replace_string "$report_stats" --target_file "$homeserver_config_path"
    ynh_replace_string --match_string=__ALLOW_PUBLIC_ROOMS__ --replace_string="$allow_public_rooms" --target_file="$homeserver_config_path"
    if [ -n $macaroon_secret_key ]; then
        # Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice.
        # The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !!
        # So for the old install we just leave this as it is. And for the new install we use a real macaroon.
        # For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
        ynh_replace_string --match_string='macaroon_secret_key: "__MACAROON_SECRET_KEY__"' --replace_string='# macaroon_secret_key: "__MACAROON_SECRET_KEY__"' --target_file="$homeserver_config_path"
    else
        ynh_replace_special_string --match_string=__MACAROON_SECRET_KEY__ --replace_string="$macaroon_secret_key" --target_file="$homeserver_config_path"
    fi
    if [ "$is_public" = "0" ]
    then
--- a/scripts/install
+++ b/scripts/install
@ -38,7 +38,8 @@ synapse_user="matrix-$app"
 synapse_db_name="matrix_$app"
 synapse_db_user="matrix_$app"
 upstream_version=$(ynh_app_upstream_version)
-report_stats="False"
+report_stats="false"
 allow_public_rooms="false"
 default_domain_value="Same than the domain"
 #=================================================
@ -82,6 +83,7 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
 ynh_app_setting_set --app=$app --key=is_public --value=$is_public
 ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
 ynh_app_setting_set --app=$app --key=allow_public_rooms --value=$allow_public_rooms
 #=================================================
 # STANDARD MODIFICATIONS
@ -218,12 +220,14 @@ deactivate
 # Get random values from config
 ynh_print_OFF
-registration_shared_secret=$(egrep "^registration_shared_secret" homeserver.yml | cut -d'"' -f2)
+registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
-form_secret=$(egrep "^form_secret" homeserver.yml | cut -d'"' -f2)
+form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
 macaroon_secret_key=$(egrep "^macaroon_secret_key:" homeserver.yml | cut -d'"' -f2)
 # store in yunohost settings
 ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
 ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
 ynh_app_setting_set --app=$app --key=macaroon_secret_key --value="$macaroon_secret_key"
 ynh_print_ON
 #=================================================
@ -274,11 +278,13 @@ ynh_replace_string --match_string=__PORT__ --replace_string=$port --target_file=
 ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$synapse_tls_port --target_file="$homeserver_config_path"
 ynh_replace_string --match_string=__TURNSERVER_TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$homeserver_config_path"
 ynh_replace_string --match_string=__REPORT_STATS__ --replace_string="$report_stats" --target_file="$homeserver_config_path"
 ynh_replace_string --match_string=__ALLOW_PUBLIC_ROOMS__ --replace_string="$allow_public_rooms" --target_file="$homeserver_config_path"
 ynh_print_OFF
-ynh_replace_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path"
+ynh_replace_special_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path"
 ynh_replace_special_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$homeserver_config_path"
 ynh_replace_special_string --match_string=__REGISTRATION_SECRET__ --replace_string="$registration_shared_secret" --target_file="$homeserver_config_path"
-ynh_replace_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path"
+ynh_replace_special_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path"
 ynh_replace_special_string --match_string=__MACAROON_SECRET_KEY__ --replace_string="$macaroon_secret_key" --target_file="$homeserver_config_path"
 ynh_print_ON
 ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/etc/matrix-$app/log.yaml"
@ -293,6 +299,16 @@ fi
 ynh_store_file_checksum --file="$homeserver_config_path"
 ynh_store_file_checksum --file="/etc/matrix-$app/log.yaml"
 # Create .well-known redirection for access by federation
 if yunohost --output-as plain domain list | grep -q "^$server_name$"
 then
    cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf
    ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
   ynh_replace_string --match_string=__PORT__ --replace_string=$synapse_tls_port --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
    ynh_store_file_checksum --file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
 fi
 #=================================================
 # SET COTURN CONFIG
 #=================================================
--- a/scripts/remove
+++ b/scripts/remove
@ -18,6 +18,7 @@ ynh_script_progression --message="Loading installation settings..." --weight=3
 app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=special_domain)
 server_name=$(ynh_app_setting_get --app=$app --key=server_name)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
 turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
@ -91,6 +92,7 @@ ynh_secure_remove --file=/var/log/matrix-$app
 ynh_secure_remove --file=/etc/matrix-$app
 ynh_secure_remove --file=/etc/default/matrix-$app
 ynh_secure_remove --file=/etc/default/coturn-$app
 ynh_secure_remove --file=/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf
 #=================================================
 # REMOVE NGINX CONFIGURATION
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -29,11 +29,13 @@ turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
 turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
 cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
 report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
 allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
 ynh_print_OFF
 synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
 turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
 registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
 form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
 macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
 ynh_print_ON
 #=================================================
@ -142,7 +144,7 @@ fi
 #=================================================
 ynh_print_OFF
-if [ -z "$registration_shared_secret" ]
+if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ]
 then
    ynh_print_ON
    ynh_script_progression --message="Generating synapse secret..." --weight=1
@ -159,8 +161,8 @@ then
    # Get random values from config
    ynh_print_OFF
-    registration_shared_secret=$(egrep "^registration_shared_secret" homeserver.yml | cut -d'"' -f2)
+    registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
-    form_secret=$(egrep "^form_secret" homeserver.yml | cut -d'"' -f1)
+    form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
    # store in yunohost settings
    ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
@ -169,6 +171,18 @@ then
 fi
 ynh_print_ON
 #=================================================
 # MIGRATION 5 : DEFINE UNDEFINED SETTINGS
 #=================================================
 if [ -n $report_stats ]; then
    report_stats="false"
 fi
 if [ -n $allow_public_rooms ]; then
    allow_public_rooms="false"
 fi
 #=================================================
 # UPDATE SYNAPSE CONFIG
 #=================================================
@ -193,11 +207,21 @@ ynh_replace_string --match_string=__PORT__ --replace_string=$port --target_file=
 ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$synapse_tls_port --target_file="$homeserver_config_path"
 ynh_replace_string --match_string=__TURNSERVER_TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$homeserver_config_path"
 ynh_replace_string --match_string=__REPORT_STATS__ --replace_string="$report_stats" --target_file="$homeserver_config_path"
 ynh_replace_string --match_string=__ALLOW_PUBLIC_ROOMS__ --replace_string="$allow_public_rooms" --target_file="$homeserver_config_path"
 ynh_print_OFF
-ynh_replace_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path"
+ynh_replace_special_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path"
 ynh_replace_special_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$homeserver_config_path"
 ynh_replace_special_string --match_string=__REGISTRATION_SECRET__ --replace_string="$registration_shared_secret" --target_file="$homeserver_config_path"
-ynh_replace_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path"
+ynh_replace_special_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path"
 if [ -n $macaroon_secret_key ]; then
    # Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice.
    # For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
    # The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !!
    # So for the old install we just leave this as it is. And for the new install we use a real macaroon.
    ynh_replace_special_string --match_string='macaroon_secret_key: "__MACAROON_SECRET_KEY__"' --replace_string='# macaroon_secret_key: "__MACAROON_SECRET_KEY__"' --target_file="$homeserver_config_path"
 else
    ynh_replace_special_string --match_string=__MACAROON_SECRET_KEY__ --replace_string="$macaroon_secret_key" --target_file="$homeserver_config_path"
 fi
 ynh_print_ON
 ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/etc/matrix-$app/log.yaml"
@ -212,6 +236,16 @@ fi
 ynh_store_file_checksum --file="$homeserver_config_path"
 ynh_store_file_checksum --file="/etc/matrix-$app/log.yaml"
 # Create .well-known redirection for access by federation if it doesn't exist
 if yunohost --output-as plain domain list | grep -q "^$server_name$"
 then
    ynh_backup_if_checksum_is_different --file=/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf
    cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf
    ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
    ynh_replace_string --match_string=__PORT__ --replace_string=$synapse_tls_port --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
    ynh_store_file_checksum --file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
 fi
 #=================================================
 # MIGRATION 2 : MULTINSTANCE SUPPORT
 #=================================================