diff --git a/check_process b/check_process index d232ff7..36712d8 100644 --- a/check_process +++ b/check_process @@ -18,7 +18,7 @@ multi_instance=1 incorrect_path=0 port_already_use=1 (8448) - change_url=0 + change_url=1 ;;; Levels Level 5=auto ;;; Upgrade options diff --git a/scripts/change_url b/scripts/change_url new file mode 100644 index 0000000..59a44c5 --- /dev/null +++ b/scripts/change_url @@ -0,0 +1,148 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= + +# IMPORT GENERIC HELPERS +source /usr/share/yunohost/helpers + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +# Import common cmd +source ./experimental_helper.sh +source ./_common.sh + +ynh_script_progression --message="Loading installation settings..." + +# RETRIEVE ARGUMENTS +old_domain=$YNH_APP_OLD_DOMAIN +domain=$YNH_APP_NEW_DOMAIN +path_url=$(ynh_normalize_url_path --path_url $YNH_APP_NEW_PATH) +app=$YNH_APP_INSTANCE_NAME + +server_name=$(ynh_app_setting_get --app=$app --key=server_name) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version) +is_public=$(ynh_app_setting_get --app=$app --key=is_public) +port=$(ynh_app_setting_get --app=$app --key=synapse_port) +synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) +turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) +turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) +cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) +report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) +allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) +ynh_print_OFF +synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) +turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) +registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) +form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) +macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) +ynh_print_ON + +synapse_user="matrix-$app" +synapse_db_name="matrix_$app" +synapse_db_user="matrix_$app" +upstream_version=$(ynh_app_upstream_version) + +# Check if the new path stay /_matrix if not exit + +if [[ $path_url != "/_matrix" ]] +then + ynh_die --message "You can't use an other path than '/_matrix'. You can only change the domain." +fi + +# We stop the service before to set ynh_clean_setup +ynh_systemd_action --service_name=matrix-$app.service --action=stop + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# NGINX CONFIGURATION +#================================================= + +ynh_script_progression --message="Updating nginx configuration..." + +# MODIFY URL IN NGINX CONF +nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf + +# Change the domain for nginx +# Delete file checksum for the old conf file location +ynh_delete_file_checksum --file "$nginx_conf_path" +mv $nginx_conf_path /etc/nginx/conf.d/$domain.d/$app.conf +# Store file checksum for the new config file location +ynh_store_file_checksum --file "/etc/nginx/conf.d/$domain.d/$app.conf" + +# Create .well-known redirection for access by federation +if yunohost --output-as plain domain list | grep -q "^$server_name$" +then + cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf + ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" + ynh_replace_string --match_string=__PORT__ --replace_string=$synapse_tls_port --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" + ynh_store_file_checksum --file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" +fi + +#================================================= +# UPDATE SYNAPSE CONFIG +#================================================= + +ynh_script_progression --message="Updating synapse config..." --weight=2 + +# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times) +# For any update do it in all files + +homeserver_config_path="/etc/matrix-$app/homeserver.yaml" + +ynh_backup_if_checksum_is_different --file="$homeserver_config_path" +ynh_backup_if_checksum_is_different --file=/etc/matrix-$app/log.yaml + +cp ../conf/homeserver.yaml "$homeserver_config_path" +cp ../conf/log.yaml /etc/matrix-$app/log.yaml + +ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$homeserver_config_path" +ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$homeserver_config_path" +ynh_replace_string --match_string=__SERVER_NAME__ --replace_string=$server_name --target_file="$homeserver_config_path" +ynh_replace_string --match_string=__SYNAPSE_DB_USER__ --replace_string=$synapse_db_user --target_file="$homeserver_config_path" +ynh_replace_string --match_string=__PORT__ --replace_string=$port --target_file="$homeserver_config_path" +ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$synapse_tls_port --target_file="$homeserver_config_path" +ynh_replace_string --match_string=__TURNSERVER_TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$homeserver_config_path" +ynh_replace_string --match_string=__REPORT_STATS__ --replace_string="$report_stats" --target_file="$homeserver_config_path" +ynh_replace_string --match_string=__ALLOW_PUBLIC_ROOMS__ --replace_string="$allow_public_rooms" --target_file="$homeserver_config_path" +ynh_print_OFF +ynh_replace_special_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path" +ynh_replace_special_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$homeserver_config_path" +ynh_replace_special_string --match_string=__REGISTRATION_SECRET__ --replace_string="$registration_shared_secret" --target_file="$homeserver_config_path" +ynh_replace_special_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path" +if [ -n $macaroon_secret_key ]; then + # Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice. + # For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/ + # The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !! + # So for the old install we just leave this as it is. And for the new install we use a real macaroon. + ynh_replace_special_string --match_string='macaroon_secret_key: "__MACAROON_SECRET_KEY__"' --replace_string='# macaroon_secret_key: "__MACAROON_SECRET_KEY__"' --target_file="$homeserver_config_path" +else + ynh_replace_special_string --match_string=__MACAROON_SECRET_KEY__ --replace_string="$macaroon_secret_key" --target_file="$homeserver_config_path" +fi +ynh_print_ON + +ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/etc/matrix-$app/log.yaml" + +if [ "$is_public" = "0" ] +then + ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=False --target_file="$homeserver_config_path" +else + ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=True --target_file="$homeserver_config_path" +fi + +ynh_store_file_checksum --file="$homeserver_config_path" +ynh_store_file_checksum --file="/etc/matrix-$app/log.yaml" + +#================================================= +# RELOAD SERVICES +#================================================= +ynh_script_progression --message="Restarting synapse services..." --weight=5 + +ynh_systemd_action --service_name=coturn-$app.service --action=restart +ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 + +ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/config b/scripts/config index f7ceb4a..582723a 100644 --- a/scripts/config +++ b/scripts/config @@ -88,7 +88,7 @@ apply_config() { # Configure Synapse - # WARNING : theses command are used in INSTALL, UPGRADE, CONFIG (3 times) + # WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times) # For any update do it in all files homeserver_config_path="/etc/matrix-$app/homeserver.yaml" diff --git a/scripts/install b/scripts/install index 5fd48a2..8856fe1 100644 --- a/scripts/install +++ b/scripts/install @@ -268,7 +268,7 @@ ynh_print_ON # Configure Synapse -# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG (3 times) +# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times) # For any update do it in all files homeserver_config_path="/etc/matrix-$app/homeserver.yaml" diff --git a/scripts/upgrade b/scripts/upgrade index 6a8c0f0..1c5e7e6 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -203,7 +203,7 @@ fi #================================================= ynh_script_progression --message="Updating synapse config..." --weight=2 -# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG +# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times) # For any update do it in all files homeserver_config_path="/etc/matrix-$app/homeserver.yaml"