From adb96d2e4ab78612697ad1d452321cb85dc853b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sun, 2 Jun 2019 00:09:14 +0200 Subject: [PATCH] Add don't prind password in debug logs --- scripts/experimental_helper.sh | 1 + scripts/install | 18 +++++++++++++++--- scripts/restore | 14 +++++++++++--- scripts/upgrade | 23 +++++++++++++++++------ 4 files changed, 44 insertions(+), 12 deletions(-) diff --git a/scripts/experimental_helper.sh b/scripts/experimental_helper.sh index 06cff8c..14ff8a7 100644 --- a/scripts/experimental_helper.sh +++ b/scripts/experimental_helper.sh @@ -138,3 +138,4 @@ __PRE_TAG1__$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/service # Send the email to the recipients cat mail_to_send | $mail_bin -a "Content-Type: $content_type; charset=UTF-8" -s "$mail_subject" "$recipients" } + diff --git a/scripts/install b/scripts/install index e466f9e..1d63405 100644 --- a/scripts/install +++ b/scripts/install @@ -135,12 +135,16 @@ adduser turnserver ssl-cert #================================================= ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4 +ynh_print_OFF synapse_db_pwd=$(ynh_string_random --length=30) ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd +ynh_print_ON # Create postgresql database ynh_psql_test_if_first_run +ynh_print_OFF ynh_psql_create_user $synapse_db_user $synapse_db_pwd +ynh_print_ON ynh_psql_execute_as_root \ --sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;" @@ -200,12 +204,14 @@ python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-c deactivate # Get random values from config +ynh_print_OFF registration_shared_secret=$(egrep "^registration_shared_secret" homeserver.yml | cut -d'"' -f2) form_secret=$(egrep "^form_secret" homeserver.yml | cut -d'"' -f2) # store in yunohost settings ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret" ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret" +ynh_print_ON #================================================= # SETUP SYSTEMD @@ -232,8 +238,10 @@ ynh_add_nginx_config ynh_script_progression --message="Configuring synapse..." --weight=2 # Find password for turnserver and database +ynh_print_OFF turnserver_pwd=$(ynh_string_random --length=30) ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd +ynh_print_ON # Configure Synapse @@ -248,14 +256,16 @@ cp ../conf/log.yaml /etc/matrix-$app/log.yaml ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$homeserver_config_path" ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$homeserver_config_path" ynh_replace_string --match_string=__SYNAPSE_DB_USER__ --replace_string=$synapse_db_user --target_file="$homeserver_config_path" -ynh_replace_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path" ynh_replace_string --match_string=__PORT__ --replace_string=$port --target_file="$homeserver_config_path" ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$synapse_tls_port --target_file="$homeserver_config_path" ynh_replace_string --match_string=__TURNSERVER_TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$homeserver_config_path" +ynh_replace_string --match_string=__REPORT_STATS__ --replace_string="$report_stats" --target_file="$homeserver_config_path" +ynh_print_OFF +ynh_replace_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path" ynh_replace_special_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$homeserver_config_path" ynh_replace_special_string --match_string=__REGISTRATION_SECRET__ --replace_string="$registration_shared_secret" --target_file="$homeserver_config_path" ynh_replace_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path" -ynh_replace_string --match_string=__REPORT_STATS__ --replace_string="$report_stats" --target_file="$homeserver_config_path" +ynh_print_ON ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/etc/matrix-$app/log.yaml" @@ -282,11 +292,13 @@ coturn_config_path="/etc/matrix-$app/coturn.conf" cp ../conf/turnserver.conf "$coturn_config_path" ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path" -ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path" ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path" ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path" ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path" ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path" +ynh_print_OFF +ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path" +ynh_print_ON # Get public IP and set as external IP for coturn # note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 diff --git a/scripts/restore b/scripts/restore index 157959d..5b4b0d7 100644 --- a/scripts/restore +++ b/scripts/restore @@ -32,10 +32,12 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=special_domain) path_url=$(ynh_app_setting_get --app=$app --key=special_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) -synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) +ynh_print_OFF +synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) +ynh_print_ON #================================================= # SET ALL CONSTANT @@ -99,7 +101,9 @@ adduser turnserver ssl-cert ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13 ynh_psql_test_if_first_run +ynh_print_OFF ynh_psql_create_user $synapse_db_user $synapse_db_pwd +ynh_print_ON ynh_psql_execute_as_root \ --sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' @@ -151,8 +155,10 @@ ynh_script_progression --message="Reconfiguring coturn..." --weight=23 # Retrieve specific settings turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) -turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) +ynh_print_OFF +turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) +ynh_print_ON # WARNING : these commands are used in INSTALL, UPGRADE # For any update do it in all files @@ -162,11 +168,13 @@ coturn_config_path="/etc/matrix-$app/coturn.conf" cp ../settings/conf/turnserver.conf "$coturn_config_path" ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path" -ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path" ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path" ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path" ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path" ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path" +ynh_print_OFF +ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path" +ynh_print_ON # Get public IP and set as external IP for coturn # note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 diff --git a/scripts/upgrade b/scripts/upgrade index 7bf9077..2805db5 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -21,17 +21,19 @@ domain=$(ynh_app_setting_get --app=$app --key=special_domain) path_url=$(ynh_app_setting_get --app=$app --key=special_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version) -synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) is_public=$(ynh_app_setting_get --app=$app --key=is_public) port=$(ynh_app_setting_get --app=$app --key=synapse_port) synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) -turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) +report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) +ynh_print_OFF +synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) +turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) -report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) +ynh_print_ON #================================================= # SET ALL CONSTANT @@ -134,8 +136,10 @@ fi # MIGRATION 1 : GENERATE SYNAPSE SECRET #================================================= +ynh_print_OFF if [ -z "$registration_shared_secret" ] then + ynh_print_ON ynh_script_progression --message="Generating synapse secret..." --weight=1 # Go in virtualenvironnement @@ -149,13 +153,16 @@ then deactivate # Get random values from config + ynh_print_OFF registration_shared_secret=$(egrep "^registration_shared_secret" homeserver.yml | cut -d'"' -f2) form_secret=$(egrep "^form_secret" homeserver.yml | cut -d'"' -f1) # store in yunohost settings ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret" ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret" + ynh_print_ON fi +ynh_print_ON #================================================= # UPDATE SYNAPSE CONFIG @@ -176,14 +183,16 @@ cp ../conf/log.yaml /etc/matrix-$app/log.yaml ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$homeserver_config_path" ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$homeserver_config_path" ynh_replace_string --match_string=__SYNAPSE_DB_USER__ --replace_string=$synapse_db_user --target_file="$homeserver_config_path" -ynh_replace_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path" ynh_replace_string --match_string=__PORT__ --replace_string=$port --target_file="$homeserver_config_path" ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$synapse_tls_port --target_file="$homeserver_config_path" ynh_replace_string --match_string=__TURNSERVER_TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$homeserver_config_path" +ynh_replace_string --match_string=__REPORT_STATS__ --replace_string="$report_stats" --target_file="$homeserver_config_path" +ynh_print_OFF +ynh_replace_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path" ynh_replace_special_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$homeserver_config_path" ynh_replace_special_string --match_string=__REGISTRATION_SECRET__ --replace_string="$registration_shared_secret" --target_file="$homeserver_config_path" ynh_replace_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path" -ynh_replace_string --match_string=__REPORT_STATS__ --replace_string="$report_stats" --target_file="$homeserver_config_path" +ynh_print_ON ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/etc/matrix-$app/log.yaml" @@ -287,11 +296,13 @@ coturn_config_path="/etc/matrix-$app/coturn.conf" cp ../conf/turnserver.conf "$coturn_config_path" ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path" -ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path" ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path" ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path" ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path" ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path" +ynh_print_OFF +ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path" +ynh_print_ON # Get public IP and set as external IP for coturn # note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6