1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00

Merge branch 'testing' into update_pip

This commit is contained in:
Alexandre Aubin 2021-10-27 19:23:02 +02:00 committed by GitHub
commit 99d3c74ca7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 153 additions and 43 deletions

55
.github/ISSUE_TEMPLATE.md vendored Normal file
View file

@ -0,0 +1,55 @@
---
name: Bug report
about: When creating a bug report, please use the following template to provide all the relevant information and help debugging efficiently.
---
**How to post a meaningful bug report**
1. *Read this whole template first.*
2. *Determine if you are on the right place:*
- *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!*
- *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.*
- *When in doubt, post here and we will figure it out together.*
3. *Delete the italic comments as you write over them below, and remove this guide.*
---
### Describe the bug
*A clear and concise description of what the bug is.*
### Context
- Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...*
- YunoHost version: x.x.x
- I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...*
- Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: *no / yes*
- If yes, please explain:
- Using, or trying to install package version/branch:
- If upgrading, current package version: *can be found in the admin, or with `yunohost app info $app_id`*
### Steps to reproduce
- *If you performed a command from the CLI, the command itself is enough. For example:*
```sh
sudo yunohost app install the_app
```
- *If you used the webadmin, please perform the equivalent command from the CLI first.*
- *If the error occurs in your browser, explain what you did:*
1. *Go to '...'*
2. *Click on '...'*
3. *Scroll down to '...'*
4. *See error*
### Expected behavior
*A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.*
### Logs
*When an operation fails, YunoHost provides a simple way to share the logs.*
- *In the webadmin, the error message contains a link to the relevant log page. On that page, you will be able to 'Share with Yunopaste'. If you missed it, the logs of previous operations are also available under Tools > Logs.*
- *In command line, the command to share the logs is displayed at the end of the operation and looks like `yunohost log display [log name] --share`. If you missed it, you can find the log ID of a previous operation using `yunohost log list`.*
*After sharing the log, please copypaste directly the link provided by YunoHost (to help readability, no need to copypaste the entire content of the log here, just the link is enough...)*
*If applicable and useful, add screenshots to help explain your problem.*

16
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View file

@ -0,0 +1,16 @@
## Problem
- *Description of why you made this PR*
## Solution
- *And how do you fix that problem*
## PR Status
- [ ] Code finished and ready to be reviewed/tested
- [ ] The fix/enhancement were manually tested (if applicable)
## Automatic tests
Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ *after creating the PR*, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization)

View file

@ -14,7 +14,7 @@ Instant messaging server matrix network.
Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org)
**Shipped version:** 1.28.0 **Shipped version:** 1.45.1
## Configuration ## Configuration
@ -78,6 +78,29 @@ If you have a dynamic IP address, you also might need to update this config auto
*/15 * * * * root bash /opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh; */15 * * * * root bash /opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh;
``` ```
#### OpenVPN
In case of you have an OpenVPN server you might want than `coturn-synapse` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content:
```
#!/bin/bash
(
sleep 5
sudo systemctl restart coturn-synapse.service
) &
exit 0
```
Add this line in you sudo config file `/etc/sudoers`
```
openvpn ALL=(ALL) NOPASSWD: /bin/systemctl restart coturn-synapse.service
```
And add this line in your OpenVPN config file
```
ipchange /usr/local/bin/openvpn_up_script.sh
```
### Important Security Note ### Important Security Note
We do not recommend running Element from the same domain name as your Matrix We do not recommend running Element from the same domain name as your Matrix

View file

@ -12,19 +12,16 @@
setup_private=0 setup_private=0
setup_public=1 setup_public=1
upgrade=1 upgrade=1
upgrade=1 from_commit=0705f4ffb4f7538a1aa33a801f95766ee23367db
upgrade=1 from_commit=35774cc0eabb82b03230210689fa060d5f2b0bd8 upgrade=1 from_commit=35774cc0eabb82b03230210689fa060d5f2b0bd8
upgrade=1 from_commit=dbf0a2c9359ccd62b55132cace548b17e44af9bf upgrade=1 from_commit=dbf0a2c9359ccd62b55132cace548b17e44af9bf
backup_restore=1 backup_restore=1
multi_instance=1 multi_instance=0
incorrect_path=0 incorrect_path=0
port_already_use=1 (8448) port_already_use=1 (8448)
change_url=0 change_url=0
;;; Levels ;;; Levels
Level 5=auto Level 5=auto
;;; Upgrade options ;;; Upgrade options
; commit=0705f4ffb4f7538a1aa33a801f95766ee23367db
name=Fix postgresql helper from old_version_for_CI_2 branch
; commit=35774cc0eabb82b03230210689fa060d5f2b0bd8 ; commit=35774cc0eabb82b03230210689fa060d5f2b0bd8
name=Migrate from self signed certificate to cert managed by Yunohost from old_version_for_CI_3 branch name=Migrate from self signed certificate to cert managed by Yunohost from old_version_for_CI_3 branch
; commit=dbf0a2c9359ccd62b55132cace548b17e44af9bf ; commit=dbf0a2c9359ccd62b55132cace548b17e44af9bf

View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.28.0/matrix-synapse_1.28.0-stretch-bin1_armv7l.tar.gz SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.45.1/matrix-synapse_1.45.1-bullseye-bin1_armv7l.tar.gz
SOURCE_SUM=03078aa4a8a88609ab71e11f8503c83f5bbee8e4211f997318d7843438ac4db5 SOURCE_SUM=ba45673989c241874e3329824c47828385bdf6f7144d00452bdfcfbea9865d10
# (Optional) Program to check the integrity (sha256sum, md5sum...) # (Optional) Program to check the integrity (sha256sum, md5sum...)
# default: sha256 # default: sha256
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum

View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.28.0/matrix-synapse_1.28.0-buster-bin1_armv7l.tar.gz SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.45.1/matrix-synapse_1.45.1-buster-bin1_armv7l.tar.gz
SOURCE_SUM=9a3a0098953ee592f9c40fd98d1e54f0c5a369a27007667fbe4689cc0aa4bcc0 SOURCE_SUM=626a5d7c15ee3f64f5b97480b3e8396bfe6cb39e253a625456945f5335512f95
# (Optional) Program to check the integrity (sha256sum, md5sum...) # (Optional) Program to check the integrity (sha256sum, md5sum...)
# default: sha256 # default: sha256
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum

View file

@ -1,6 +1,8 @@
location __PATH__ { location __PATH__ {
proxy_pass http://localhost:__PORT__; proxy_pass http://localhost:__PORT__;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
client_max_body_size 100M; client_max_body_size 100M;

View file

@ -6,7 +6,7 @@
"en": "Instant messaging server which uses Matrix", "en": "Instant messaging server which uses Matrix",
"fr": "Un serveur de messagerie instantané basé sur Matrix" "fr": "Un serveur de messagerie instantané basé sur Matrix"
}, },
"version": "1.28.0~ynh2", "version": "1.45.1~ynh1",
"url": "http://matrix.org", "url": "http://matrix.org",
"license": "Apache-2.0", "license": "Apache-2.0",
"maintainer": { "maintainer": {

View file

@ -1,12 +0,0 @@
## Problem
- *Description of why you made this PR*
## Solution
- *And how you fix that*
## PR Status
- [ ] Code finished.
- [ ] Tested with Package_check.
- [ ] Fix or enhancement tested.
- [ ] Upgrade from last version tested.
- [ ] Can be reviewed and tested.

View file

@ -6,7 +6,12 @@ install_sources() {
# Clean venv is it was on python2.7 or python3 with old version in case major upgrade of debian # Clean venv is it was on python2.7 or python3 with old version in case major upgrade of debian
if [ ! -e $final_path/bin/python3 ] || [ ! -e $final_path/lib/python$python_version ]; then if [ ! -e $final_path/bin/python3 ] || [ ! -e $final_path/lib/python$python_version ]; then
ynh_secure_remove --file=$final_path ynh_secure_remove --file=$final_path/bin
ynh_secure_remove --file=$final_path/lib
ynh_secure_remove --file=$final_path/lib64
ynh_secure_remove --file=$final_path/include
ynh_secure_remove --file=$final_path/share
ynh_secure_remove --file=$final_path/pyvenv.cfg
fi fi
mkdir -p $final_path mkdir -p $final_path
@ -29,24 +34,31 @@ install_sources() {
fi fi
done done
else else
# Install virtualenv if it don't exist # Install virtualenv if it don't exist
test -e $final_path/bin/python3 || python3 -m venv $final_path test -e $final_path/bin/python3 || python3 -m venv $final_path
# Install synapse in virtualenv # Install synapse in virtualenv
# We set all necessary environement variable to create a python virtualenvironnement. # We set all necessary environement variable to create a python virtualenvironnement.
set +u; u_arg='u'
set +$u_arg;
source $final_path/bin/activate source $final_path/bin/activate
set -u; set -$u_arg;
pip3 install --upgrade setuptools wheel pip pip3 install --upgrade setuptools wheel pip
chown $synapse_user:root -R $final_path chown $synapse_user:root -R $final_path
sudo -u $synapse_user env PATH=$PATH pip3 install --upgrade 'cryptography>=3.3' sudo -u $synapse_user env PATH=$PATH pip3 install --upgrade 'cryptography>=3.4.7'
pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2 pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2
pip3 install --upgrade 'Twisted>=20.3.0' matrix-synapse==$upstream_version matrix-synapse-ldap3 # Fix issue https://github.com/YunoHost-Apps/synapse_ynh/issues/248
pip3 install --upgrade 'Twisted>=21' 'treq>=21.1.0' matrix-synapse==$upstream_version matrix-synapse-ldap3
# This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does # This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does
set +u; set +$u_arg;
deactivate deactivate
set -u; set -$u_arg;
# Remove Rust to reduce backup size
ynh_secure_remove --file=$final_path/.rustup
ynh_secure_remove --file=$final_path/.cargo
fi fi
} }

View file

@ -27,6 +27,7 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain) domain=$(ynh_app_setting_get --app=$app --key=domain)
server_name=$(ynh_app_setting_get --app=$app --key=server_name) server_name=$(ynh_app_setting_get --app=$app --key=server_name)
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
if [[ ! "$(systemctl status matrix-$app.service)" =~ "Active: inactive (dead)" ]]; then if [[ ! "$(systemctl status matrix-$app.service)" =~ "Active: inactive (dead)" ]]; then
ynh_print_warn --message="It's hightly recommended to make your backup when the service is stopped. Please stop $app service with this command before to run the backup 'systemctl stop matrix-$app.service'" ynh_print_warn --message="It's hightly recommended to make your backup when the service is stopped. Please stop $app service with this command before to run the backup 'systemctl stop matrix-$app.service'"
@ -60,7 +61,7 @@ ynh_backup --src_path="$final_www_path"
ynh_print_info --message="Backing up nginx web server configuration..." ynh_print_info --message="Backing up nginx web server configuration..."
# BACKUP THE PHP-FPM CONFIGURATION # BACKUP THE PHP-FPM CONFIGURATION
ynh_backup --src_path "/etc/php/7.0/fpm/pool.d/$app.conf" ynh_backup --src_path "/etc/php/$phpversion/fpm/pool.d/$app.conf"
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
if yunohost --output-as plain domain list | grep -q "^$server_name$" if yunohost --output-as plain domain list | grep -q "^$server_name$"
@ -114,7 +115,7 @@ ynh_backup --src_path="$data_path" --is_big=1
#================================================= #=================================================
ynh_print_info --message="Backing up synapse log..." ynh_print_info --message="Backing up synapse log..."
ynh_backup --src_path="/var/log/matrix-$app" ynh_backup --src_path="/var/log/matrix-$app" --is_big=1
#================================================= #=================================================
# BACKUP HOOKS # BACKUP HOOKS

View file

@ -301,8 +301,8 @@ ynh_script_progression --message="Configuring coturn..." --weight=1
# Get public IP and set as external IP for coturn # Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 # note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true public_ip4="$(curl -s ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true public_ip6="$(curl -s ipv6.yunohost.org)" || true
turn_external_ip="" turn_external_ip=""
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4" if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
@ -342,12 +342,17 @@ ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destin
ynh_script_progression --message="Configuring permissions..." --weight=1 ynh_script_progression --message="Configuring permissions..." --weight=1
ynh_permission_url --permission=main --url=$domain/_matrix/cas_server.php/login --auth_header=true ynh_permission_url --permission=main --url=$domain/_matrix/cas_server.php/login --auth_header=true
ynh_permission_update --permission=main --label="Synapse server SSO authentication" --show_tile=false --protected=true ynh_permission_update --permission=main --show_tile=false --protected=true
ynh_permission_create --permission=server_api --url=$domain/_matrix --additional_urls=$server_name/.well-known/matrix \ ynh_permission_create --permission=server_api --url=$domain/_matrix \
--label="Server access for client apps." --show_tile=false --allowed=visitors \ --label="Server access for client apps." --show_tile=false --allowed=visitors \
--auth_header=false --protected=true --auth_header=false --protected=true
if yunohost --output-as plain domain list | grep -q "^$server_name$"; then
ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \
--label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \
--auth_header=false --protected=true
fi
#================================================= #=================================================
# UPDATE HOOKS # UPDATE HOOKS
#================================================= #=================================================

View file

@ -174,8 +174,8 @@ ynh_print_ON
# Get public IP and set as external IP for coturn # Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 # note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true public_ip4="$(curl -s ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true public_ip6="$(curl -s ipv6.yunohost.org)" || true
turn_external_ip="" turn_external_ip=""
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4" if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"

View file

@ -337,8 +337,8 @@ ynh_script_progression --message="Updating coturn config..." --weight=1
# Get public IP and set as external IP for coturn # Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 # note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true public_ip4="$(curl -s ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true public_ip6="$(curl -s ipv6.yunohost.org)" || true
turn_external_ip="" turn_external_ip=""
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4" if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
@ -405,21 +405,32 @@ ynh_script_progression --message="Configuring permissions..." --weight=1
ynh_legacy_permissions_delete_all ynh_legacy_permissions_delete_all
ynh_permission_url --permission=main --url=$domain/_matrix/cas_server.php/login --auth_header=true ynh_permission_url --permission=main --url=$domain/_matrix/cas_server.php/login --auth_header=true
ynh_permission_update --permission=main --label="Synapse server SSO authentication" --show_tile=false --protected=true ynh_permission_update --permission=main --show_tile=false --protected=true
if ! ynh_permission_exists --permission=server_api; then if ! ynh_permission_exists --permission=server_api; then
ynh_permission_create --permission=server_api --url=$domain/_matrix --additional_urls=$server_name/.well-known/matrix \ ynh_permission_create --permission=server_api --url=$domain/_matrix \
--label="Server access for client apps." --show_tile=false --allowed=visitors \ --label="Server access for client apps." --show_tile=false --allowed=visitors \
--auth_header=false --protected=true --auth_header=false --protected=true
python3 remove_sso_conf_persistent.py $domain $server_name \ python3 remove_sso_conf_persistent.py $domain $server_name \
|| ynh_print_warn --message="Your file /etc/ssowat/""conf.json.persistent doesn't respect the json syntax. The config file wasn't cleaned. Please clean it manually." || ynh_print_warn --message="Your file /etc/ssowat/""conf.json.persistent doesn't respect the json syntax. The config file wasn't cleaned. Please clean it manually."
else else
ynh_permission_url --permission=server_api --url=$domain/_matrix --add_url=$server_name/.well-known/matrix \ ynh_permission_url --permission=server_api --url=$domain/_matrix --remove_url=$server_name/.well-known/matrix \
--auth_header=false --auth_header=false
ynh_permission_update --permission=server_api --label="Server access for client apps." --show_tile=false \ ynh_permission_update --permission=server_api --label="Server access for client apps." --show_tile=false \
--protected=true --protected=true
fi fi
if yunohost --output-as plain domain list | grep -q "^$server_name"'$' && ! ynh_permission_exists --permission=server_client_infos; then
ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \
--label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \
--auth_header=false --protected=true
elif yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then
ynh_permission_url --permission=server_client_infos --url=$server_name/.well-known/matrix \
--auth_header=false
ynh_permission_update --permission=server_client_infos --label="Server info for clients. (well-known)" --show_tile=false \
--protected=true
fi
#================================================= #=================================================
# SECURE FILES AND DIRECTORIES # SECURE FILES AND DIRECTORIES
#================================================= #=================================================